Articles in Linux Journal cover the range from desktop how-tos to kernel hacking, always balanced to give both newcomers and long-term Linux users maximum enjoyment. See our Web site for an author's guide and list of upcoming topics and deadlines: http://linuxjournal.com/author/index.
News briefs for June 18, 2019.
Slimbook, the Spanish Linux computer company, just unveiled a brand-new all-in-one Linux PC called the "Apollo". It has a 23.6 inch IPS LED display with a 1920x1080 resolution, and a choice between an Intel i5-8500 and i7-8700 processors. It comes with up to 32GB of RAM and integrated Intel UHD 630 4K graphics. Pricing starts at $799.
The first beta for service pack 5 of SUSE Linux Enterprise 12 is out and available. It contains updated drivers, a new version of the OpenJDK, support for Intel Optane memory and more.
NVIDIA binary drivers for Ubuntu have grown a bit stale, which is pushing developers to update the drivers for Ubuntu 19.10.
DragonFly BSD version 5.6 is officially released with improvements in the management of virtual memory, updates and bug fixes to both the DRM code and especially to the HAMMER2 filesystem and much more.
One of the jobs of the Linux kernel—and all operating system kernels—is to manage the resources available to the system. When those resources get used up, what should it do? If the resource is RAM, there's not much choice. It's not feasible to take over the behavior of any piece of user software, understand what that software does, and make it more memory-efficient. Instead, the kernel has very little choice but to try to identify the software that is most responsible for using up the system's RAM and kill that process.
The official kernel does this with its OOM (out-of-memory) killer. But, Linux descendants like Android want a little more—they want to perform a similar form of garbage collection, but while the system is still fully responsive. They want a low-memory killer that doesn't wait until the last possible moment to terminate an app. The unspoken assumption is that phone apps are not so likely to run crucial systems like heart-lung machines or nuclear fusion reactors, so one running process (more or less) doesn't really matter on an Android machine.
A low-memory killer did exist in the Linux source tree until recently. It was removed, partly because of the overlap with the existing OOM code, and partly because the same functionality could be provided by a userspace process. And, one element of Linux kernel development is that if something can be done just as well in userspace, it should be done there.
Sultan Alsawaf recently threw open his window, thrust his head out, and shouted, "I'm mad as hell, and I'm not gonna take this anymore!" And, he re-implemented a low-memory killer for the Android kernel. He felt the userspace version was terrible and needed to be ditched. Among other things, he said, it killed too many processes and was too slow. He felt that the technical justification of migrating to the userspace dæmon had not been made clear, and an in-kernel solution was really the way to go.
In Sultan's implementation, the algorithm was simple—if a memory request failed, then the process was killed—no fuss, no muss and no rough stuff.
There was a unified wall of opposition to this patch. So much so that it became clear that Sultan's main purpose was not to submit the patch successfully, but to light a fire under the asses of the people maintaining the userspace version, in hopes that they might implement some of the improvements he wanted.
Michal Hocko articulated his opposition to Sultan's patch very clearly—the Linux kernel would not have two separate OOM killers sitting side by side. The proper OOM killer would be implemented as well as could be, and any low-memory killers and other memory finaglers would have to exist in userspace for particular projects like Android.
FreeBSD 11.3-RC1 is now officially available with installation images for amd64, i386, aarch64, armv6 and more. This release contains mostly bug fixes.
If you are looking for a new laptop with Linux support out-of-box, the Lenovo ThinkPad P series will have Ubuntu 18.04 pre-installed. They will go on sale later this month in the US.
Speaking of laptops, the folks over at Zorin OS are teaming up with UK-based Star Labs to produce a beautiful computing experience. Starting on June 21st, Star Labs will be offering Zorin OS 15 as an option for pre-installed images on a variety of the their laptops.
Real-time remote monitoring and management software, Pulseway version 6.3.3 was released. Key updates include a large number of additional third party titles, the ability to export reports in CSV format, and remote desktop file transfer.
PCLinuxOS KDE Full Edition 2019.06 is now out boasting a Linux 5.1.10 kernel, KDE Applications 19.04.2, KDE Frameworks 5.59.0, KDE Plasma 5.16.0 and more.
With the released of the latest release candidate in the Linux kernel 5.2-rc5, Linus sees a light at the end of the tunnel: "But the good news is that we're getting to the later parts of the rc series, and things do seem to be calming down. I was hoping rc5 would end up smaller than rc4, and so it turned out." You can view a complete list of changes here.
What are these weird directories, and why are they there?
If you are new to the Linux command line, you may find yourself wondering why there are so many unusual directories, what they are there for, and why things are organized the way they are. In fact, if you aren't accustomed to how Linux organizes files, the directories can seem downright arbitrary with odd truncated names and, in many cases, redundant names. It turns out there's a method to this madness based on decades of UNIX convention, and in this article, I provide an introduction to the Linux directory structure.
Although each Linux distribution has its own quirks, the majority conform (for the most part) with the Filesystem Hierarchy Standard (FHS). The FHS project began in 1993, and the goal was to come to a consensus on how directories should be organized and which files should be stored where, so that distributions could have a single reference point from which to work. A lot of decisions about directory structure were based on traditional UNIX directory structures with a focus on servers and with an assumption that disk space was at a premium, so machines likely would have multiple hard drives.
The /bin and /sbin directories are intended for storing binary executable
files. Both directories store executables that are considered essential
for booting the system (such as the
mount command). The main difference
between these directories is that the /sbin directory is intended for
system binaries, or binaries that administrators will use to manage
This directory stores all the bootloader files (these days, this is typically GRUB), kernel files and initrd files. It's often treated as a separate, small partition, so that the bootloader can read it more easily. With /boot on a separate partition, your root filesystem can use more sophisticated features that require kernel support whether that's an exotic filesystem, disk encryption or logical volume management.
The /etc directory is intended for storing system configuration files. If you need to configure a service on a Linux system, or change networking or other core settings, this is the first place to look. This is also a small and easy-to-back-up directory that contains most of the customizations you might make to your computer at the system level.
The /home directory is the location on Linux systems where users are given directories for storing their own files. Each directory under /home is named after a particular user's user name and is owned by that user. On a server, these directories might store users' email, their SSH keys, or sometimes even local services users are running on high ports.
In this webinar, Twistlock's James Jones and Linux Journal's Katherine Druckman discuss hardening your DevOps environments and processes. Topics covered:
Register to watch this webinar on-demand:
Yesterday, Canonical, the company behind Ubuntu announced the availability of Manifold 2, a high-performance embedded computer offered by leading enterprise drone manufacturer, DJI. This availability will allow developers access to containerized software packages (e.g. Snaps), allowing for infinite evolution and functionality changes.
It looks as if Ubuntu is transitioning the Chromium Debian package to a Snap one. The community behind this effort is asking for assistance in testing the Snap package.
The first alpha release of PHP version 7.4.0 is now available. And while it contains a large list of bug fixes and feature enhancements, remember, it is an unstable build and should not be used in production.
PyCharm 2019.2 EAP3 is officially released with support for Python Positional-Only Parameters (PEP-570), Restart Kernel Action and more.
There are talks but at the same time, there are not talks to port over Microsoft's Chromium-based Edge browser to Linux. Its developers say that it may happen in the near future but they are too busy to do it today.
In the modern era, messaging applications are a constant target for attackers, exposing vulnerabilities, disclosing sensitive information of nation states and insider-employee inappropriate behaviors or practices. There is a constant need to prioritize one's cybersecurity and upgrade one's infrastructure to the latest and greatest of defensive technologies. However, the messaging tools that these same organizations tend to rely on often are the last to be secured, if at all. This is where Wickr comes in. Wickr is an instant-messaging application and platform offering end-to-end encryption and content-expiring messages. Its parent company of the same name takes security seriously and has built a product to showcase that. I was able chat with co-founder and CTO, Chris Howell, who was gracious enough to provide me with more information on what Wickr can achieve, how it works and who would benefit from it.
Petros Koutoupis: Please introduce yourself and tell us about your role at Wickr.
Chris Howell: I'm co-founder/CTO and responsible for technical strategy, security and product design. You can read my full bio here.
Petros: What do you see as a weak point in today's messaging apps?
Chris: By far, at least when it comes to security, the weak point of virtually all messaging apps to date (and all other apps and services, really) is that they're built with the assumption that users will have to trust the service. The problem with that way of thinking is can we really trust the service? That's not to say there are bad people running them, necessarily, but how many breaches (for example, Equifax 2017) or abuses (for example, Snapchat 2019) do we need to see to answer that question? Once the service is built that way, messaging users generally suffer in two ways. First, at some key point on their way to the recipient, messages are readable by some number of folks beyond the recipient. Now, the service typically will point to various security certifications and processes to make us feel okay about that, but in most cases where there are humans involved, what can happen will happen, and whatever controls are put in place to limit access to user data amount to little more than a pinky promise—which when broken, of course, leaves the user with a loss of privacy and security. Second, having been so trusted, the service typically prioritizes "virility" and its own growth over the users' need to control their own data, leading to behavior like scanning message content for marketing purposes, retaining messages longer than necessary, and abusing contacts to aid the growth of the service.
Petros: How does Wickr help address that?
Atari has officially opened up pre-orders to the VCS retro gaming console for $250. New orders are expected to be fulfilled by March 2020.
Gimp version 2.10.12 has officially been released and it mostly contains bug fixes, most of which were introduced in the large release of version 2.10.10. There are also some noteworthy improvements which include an improved Curves tool, layers support for TIFF exporting and more.
While the Snap format is intended to run on many other Linux distributions, the Snapcraft team is creating a more inviting and improved experience [for non-Ubuntu users] by launching distro-specific store pages for Snap apps.
The preview for the built-in Linux kernel for Windows 10 is officially available in the new Windows Subsystem for Linux 2 (WSL 2). WSL 2 was announced back in May during the Microsoft's Build developer conference and is based on version 4.19 of the Linux kernel.
A new version of the fs-verity module MAY eventually find its way merged into the mainline kernel. The purpose of this module is to make individual files read-only and enable the kernel to detect modifications made on or offline. The new patch set was posted on May 23 and the story behind it can be found here.
OpenNebula recently released its latest version, 5.8 "Edge", which now offers pivotal capabilities to allow users to extend their cloud infrastructure to the Edge easily and effectively.
For anyone looking for an open-source, enterprise solution to orchestrate data-center virtualization and cloud management with ease and flexibility, OpenNebula is a fine candidate that includes:
And, it's lightweight, easy to install, infrastructure-agnostic and thoroughly extensible.
Figure 1. High-Level Features
Check here for a more detailed look at OpenNebula features.
With the current conversation shifting away from centralized cloud infrastructure and refocusing toward bringing the computing power closer to the users in a concerted effort to reduce latency, OpenNebula's 5.8 "Edge" release is a direct response to the evolving computing and infrastructure needs, and it offers fresh capabilities to extend one's cloud functionality to the edge. Gaming companies, among others, who have been using OpenNebula were of the first to push for these features (yet they don't have the be the only ones to benefit from them).
LXD Container Support
In addition to supporting KVM hypervisors, as well as offering a cloud management platform for VMware vCenter server components, OpenNebula now provides native support for LXD containers as well. The virtues offered by LXD container support allow users and organizations to benefit from:
From a compatibility perspective, OpenNebula 5.8 and LXD provide the following: