Home Blog Page 428

The Best Linux Distributions for 2018

By
Jack Wallen
-

It’s a new year and the landscape of possibility is limitless for Linux. Whereas 2017 brought about some big changes to a number of Linux distributions, I believe 2018 will bring serious stability and market share growth—for both the server and the desktop.

For those who might be looking to migrate to the open source platform (or those looking to switch it up), what are the best choices for the coming year? If you hop over to Distrowatch, you’ll find a dizzying array of possibilities, some of which are on the rise, and some that are seeing quite the opposite effect.

So, which Linux distributions will 2018 favor? I have my thoughts. In fact, I’m going to share them with you now.

Similar to what I did for last year’s list, I’m going to make this task easier and break down the list, as follows: sysadmin, lightweight distribution, desktop, distro with more to prove, IoT, and server. These categories should cover the needs of any type of Linux user.

With that said, let’s get to the list of best Linux distributions for 2018.

Best distribution for sysadmins

Debian isn’t often seen on “best of” lists. It should be. Why? If you consider that Debian is the foundation for Ubuntu (which is, in turn, the foundation for so many distributions), it’s pretty easy to understand why this distribution should find its way on many a list. But why for administrators? I’ve considered this for two very important reasons:

  • Ease of use

  • Extreme stability

Because Debian uses the dpkg and apt package managers, it makes for an incredibly easy to use environment. And because Debian offers one of the the most stable Linux platforms, it makes for an ideal environment for so many things: Desktops, servers, testing, development. Although Debian may not include the plethora of applications found in last years winner (for this category), Parrot Linux, it is very easy to add any/all the necessary applications you need to get the job done. And because Debian can be installed with your choice of desktop (Cinnamon, GNOME, KDE, LXDE, Mate, or Xfce), you can be sure the interface will meet your needs.

Figure 1: The GNOME desktop running on top of Debian 9.3.

At the moment, Debian is listed at #2 on Distrowatch. Download it, install it, and then make it serve a specific purpose. It may not be flashy, but Debian is a sysadmin dream come true.

Best lightweight distribution

Lightweight distribution serve a very specific purpose—giving new life to older, lesser-powered machines. But that doesn’t mean these particular distributions should only be considered for your older hardware. If speed is your ultimate need, you might want to see just how fast this category of distribution will run on your modern machine.

Topping the list of lightweight distributions for 2018 is Lubuntu. Although there are plenty of options in this category, few come even close to the next-to-zero learning curve found on this distribution. And although Lubuntu’s footprint isn’t quite as small as Puppy Linux, thanks to it being a member of the Ubuntu family, the ease of use gained with this distribution makes up for it. But fear not, Lubuntu won’t bog down your older hardware.The requirements are:

  • CPU: Pentium 4 or Pentium M or AMD K8

  • For local applications, Lubuntu can function with 512MB of RAM. For online usage (Youtube, Google+, Google Drive, and Facebook),  1GB of RAM is recommended.

Lubuntu makes use of the LXDE desktop (Figure 2), which means users new to Linux won’t have the slightest problem working with this distribution. The short list of included apps (such as Abiword, Gnumeric, and Firefox) are all lightning fast and user-friendly.

Figure 2: The Lubuntu LXDE desktop in action.

Lubntu can make short and easy work of breathing life into hardware that is up to ten years old.

Best desktop distribution

For the second year in a row, Elementary OS tops my list of best Desktop distribution. For many, the leader on the Desktop is Linux Mint (which is a very fine flavor). However, for my money, it’s hard to beat the ease of use and stability of Elementary OS. Case in point, I was certain the release of Ubuntu 17.10 would have me migrating back to Canonical’s distribution. Very soon after migrating to the new GNOME-Friendly Ubuntu, I found myself missing the look, feel, and reliability of Elementary OS (Figure 3). After two weeks with Ubuntu, I was back to Elementary OS.

Figure 3: The Pantheon desktop is a work of art as a desktop.

Anyone that has given Elementary OS a go immediately feels right at home. The Pantheon desktop is a perfect combination of slickness and user-friendliness. And with each update, it only gets better.

Although Elementary OS stands at #6 on the Distrowatch page hit ranking, I predict it will find itself climbing to at least the third spot by the end of 2018. The Elementary developers are very much in tune with what users want. They listen and they evolve. However, the current state of this distribution is so good, it seems all they could do to better it is a bit of polish here and there. Anyone looking for a desktop that offers a unified look and feel throughout the UI, Elementary OS is hard to beat. If you need a desktop that offers an outstanding ratio of reliability and ease of use, Elementary OS is your distribution.

Best distro for those with something to prove

For the longest time Gentoo sat on top of the “show us your skills” distribution list. However, I think it’s time Gentoo took a backseat to the true leader of “something to prove”: Linux From Scratch. You may not think this fair, as LFS isn’t actually a distribution, but a project that helps users create their own Linux distribution. But, seriously, if you want to go a very long way to proving your Linux knowledge, what better way than to create your own distribution? From the LFS project, you can build a custom Linux system, from the ground up… entirely from source code. So, if you really have something to prove, download the Linux From Scratch Book and start building.

Best distribution for IoT

For the second year in a row Ubuntu Core wins, hands down. Ubuntu Core is a tiny, transactional version of Ubuntu, built specifically for embedded and IoT devices. What makes Ubuntu Core so perfect for IoT is that it places the focus on snap packages—universal packages that can be installed onto a platform, without interfering with the base system. These snap packages contain everything they need to run (including dependencies), so there is no worry the installation will break the operating system (or any other installed software). Also, snaps are very easy to upgrade and run in an isolated sandbox, making them a great solution for IoT.

Another area of security built into Ubuntu Core is the login mechanism. Ubuntu Core works with Ubuntu One ssh keys, such that the only way to log into the system is via uploaded ssh keys to a Ubuntu One account (Figure 4). This makes for a heightened security for your IoT devices.

Figure 4:The Ubuntu Core screen indicating a remote access enabled via Ubuntu One user.

Best server distribution

This where things get a bit confusing. The primary reason is support. If you need commercial support your best choice might be, at first blush, Red Hat Enterprise Linux. Red Hat has proved itself, year after year, to not only be one of the strongest enterprise server platforms on the planet, but the single most profitable open source businesses (with over $2 billion in annual revenue).

However, Red Hat isn’t far and away the only server distribution. In fact, Red Hat doesn’t even dominate every aspect of Enterprise server computing. If you look at cloud statistics on Amazon’s Elastic Compute Cloud alone, Ubuntu blows away Red Hat Enterprise Linux. According to The Cloud Market, EC2 statistics show RHEL at under 100k deployments, whereas Ubuntu is over 200k deployments. That’s significant.

The end result is that Ubuntu has pretty much taken over as the leader in the cloud. And if you combine that with Ubuntu’s ease of working with and managing containers, it starts to become clear that Ubuntu Server is the clear winner for the Server category. And, if you need commercial support, Canonical has you covered, with Ubuntu Advantage.

The one caveat to Ubuntu Server is that it defaults to a text-only interface (Figure 5). You can install a GUI, if needed, but working with the Ubuntu Server command line is pretty straightforward (and something every Linux administrator should know).

Figure 5: The Ubuntu server login, informing of updates.

The choice is yours

As I said before, these choices are all very subjective … but if you’re looking for a great place to start, give these distributions a try. Each one can serve a very specific purpose and do it better than most. Although you may not agree with my particular picks, chances are you’ll agree that Linux offers amazing possibilities on every front. And, stay tuned for more “best distro” picks next week.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

This Week in Open Source News: Snow Science Benefits From Open Source, Linus Torvalds Weighs in on Linux-Intel Fix & More

By
The Linux Foundation
-

This week in Linux and open source news, let it snow! Open source software is improving snow science, Linus Torvalds answers questions about the fix for Intel’s security vulnerability, and more! Read on to stay in the know. 

1) “Snow science recently took an about-face, thanks to the open-source software [project] known as SnowPilot.”

Open Source Software Improves Snow Research– Explore Big Sky

2) Steven J. Vaughan-Nichols talks with Linus Torvalds about the Intel vulnerability fix.

Major Linux Redesign in the Works to Deal With Intel Security Flaw– ZDNet

3) “The cable industry is turning to OpenStack for the development of virtualized network functions, and it’s hoping to learn a lesson or two from earlier telco forays.”

Cable’s Open Source Flirtation Heats Up– LightReading

4) Amazon releases Linux software that runs on corporate servers.

Amazon Has Quietly Released a Game Changer For Its Cloud– Business Insider

5) “Toyota will showcase its Linux-based infotainment platform [at CES] that will be included in the 2018 Camry.”

CES Preview: Back to the Future– Automotive News

Intel Deploying Updates for Spectre and Meltdown Exploits

By
insideHPC
-

Intel reports that company has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from “Spectre” and “Meltdown” exploits reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates.

Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time.

Read more at insideHPC

Enterprise Roles in Open Source Compliance

By
The Linux Foundation
-

No individual, no matter how adept, can successfully implement open source compliance across an entire organization. Keeping track of where and how open source code is used, approved, and shipped must be a cross-functional team effort.

From core engineering and product teams, to legal counsel and upper management, compliance involves individuals in many roles from various departments throughout the company.

In this article, highlighting a chapter of The Linux Foundation ebook Open Source Compliance in the Enterprise by Ibrahim Haddad, we’ll give an overview of the roles and responsibilities that any open source compliance program should include. Together, these are the individuals who will make sure your company stays current and compliant with the open source licenses in the code you use and ship.

Read more at The Linux Foundation

Get Started with Spinnaker on Kubernetes

By
The New Stack
-

In this tutorial, I will walk you through how to setup and configure Spinnaker on Minikube. Once it is up and running, we will deploy and scale a containerized application running in Kubernetes.

Spinnaker is usually installed in a VM running Ubuntu 14.04 LTS. Thanks to the Helm community, it is now available as a Chart to install with just one command.

Install and Configure Minikube

Spinnaker is architected as a cloud-native, microservices application. It comes with a set of containers that are resource intensive. Typical Minikube installation doesn’t provide enough power for Spinnaker to run locally. We will customize Minikube configuration to make it powerful enough to host Spinnaker.

Read more at The New Stack

Know When to Implement Serverless vs. Containers

By
Tech Target
-

Serverless computing is either the perfect answer to an application deployment problem or an expensive disaster waiting to happen.

VMs, containers and serverless architecture all have distinct pros and cons, but serverless might break everything if the applications aren’t suited for that deployment architecture. To prevent an implosion in IT, give developers an educated assessment of serverless vs. containers for new deployments.

To determine the suitability of containers or serverless, contrast what each architecture type does, the user base for the application it will host and what is required for successful deployment.

Read more at TechTarget

How to Change Your Linux Console Fonts

By
Carla Schroder
-

I try to be a peaceful soul, but some things make that difficult, like tiny console fonts. Mark my words, friends, someday your eyes will be decrepit and you won’t be able to read those tiny fonts you coded into everything, and then you’ll be sorry, and I will laugh.

Fortunately, Linux fans, you can change your console fonts. As always, the ever-changing Linux landscape makes this less than straightforward, and font management on Linux is non-existent, so we’ll muddle along as best we can. In this article, I’ll show what I’ve found to be the easiest approach.

What is the Linux Console?

Let us first clarify what we’re talking about. When I say Linux console, I mean TTY1-6, the virtual terminals that you access from your graphical desktop with Ctrl+Alt+F1 through F6. To get back to your graphical environment, press Alt+F7. (This is no longer universal, however, and your Linux distribution may have it mapped differently. You may have more or fewer TTYs, and your graphical session may not be at F7. For example, Fedora puts the default graphical session at F2, and an extra one at F1.) I think it is amazingly cool that we can have both X and console sessions running at the same time.

The Linux console is part of the kernel, and does not run in an X session. This is the same console you use on headless servers that have no graphical environments. I call the terminals in a graphical session X terminals, and terminal emulators is my catch-all name for both console and X terminals.

But that’s not all. The Linux console has come a long way from the early ANSI days, and thanks to the Linux framebuffer, it has Unicode and limited graphics support. There are also a number of console multimedia applications that we will talk about in a future article.

Console Screenshots

The easy way to get console screenshots is from inside a virtual machine. Then you can use your favorite graphical screen capture program from the host system. You may also make screen captures from your console with fbcat or fbgrab. fbcat creates a portable pixmap format (PPM) image; this is a highly portable uncompressed image format that should be readable on any operating system, and of course you can convert it to whatever format you want. fbgrab is a wrapper script to fbcat that creates a PNG file. There are multiple versions of fbgrab written by different people floating around. Both have limited options and make only a full-screen capture.

fbcat needs root permissions, and must redirect to a file. Do not specify a file extension, but only the filename:

$ sudo fbcat > Pictures/myfile

After cropping in GIMP, I get Figure 1.

Figure 1: View after cropping.

It would be nice to have a little padding on the left margin, so if any of you excellent readers know how to do this, please tell us in the comments.

fbgrab has a few more options that you can read about in man fbgrab, such as capturing a different console, and time delay. This example makes a screen grab just like fbcat, except you don’t have to explicitly redirect:

$ sudo fbgrab Pictures/myOtherfile

Finding Fonts

As far as I know, there is no way to list your installed kernel fonts other than looking in the directories they are stored in: /usr/share/consolefonts/ (Debian/etc.), /lib/kbd/consolefonts/ (Fedora), /usr/share/kbd/consolefonts (openSUSE)…you get the idea.

Changing Fonts

Readable fonts are not a new concept. Embrace the old! Readability matters. And so does configurability, which sometimes gets lost in the rush to the new-shiny.

On Debian/Ubuntu/etc. systems you can run sudo dpkg-reconfigure console-setup to set your console font, then run the setupcon command in your console to activate the changes. setupcon is part of the console-setup package. If your Linux distribution doesn’t include it, there might be a package for you at openSUSE.

You can also edit /etc/default/console-setup directly. This example sets the Terminus Bold font at 32 points, which is my favorite, and restricts the width to 80 columns.

ACTIVE_CONSOLES="/dev/tty[1-6]"
CHARMAP="UTF-8"
CODESET="guess"
FONTFACE="TerminusBold"
FONTSIZE="16x32"
SCREEN_WIDTH="80"

The FONTFACE and FONTSIZE values come from the font’s filename, TerminusBold32x16.psf.gz. Yes, you have to know to reverse the order for FONTSIZE. Computers are so much fun. Run setupcon to apply the new configuration. You can see the whole character set for your active font with showconsolefont. Refer to man console-setup for complete options.

Systemd

Systemd is different from console-setup, and you don’t need to install anything, except maybe some extra font packages. All you do is edit /etc/vconsole.conf and then reboot. On my Fedora and openSUSE systems I had to install some extra Terminus packages to get the larger sizes as the installed fonts only went up to 16 points, and I wanted 32. This is the contents of /etc/vconsole.conf on both systems:

KEYMAP="us"
FONT="ter-v32b"

Come back next week to learn some more cool console hacks, and some multimedia console applications.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Top 21 Conferences for DevOps and Sysadmins in 2018

By
HPE Blog
-

Things move fast in the realm of DevOps and containers, and serious system administrators need to keep up. The best way to do so may be to attend a conference or other tech event. This list helps you decide which ones are worth your time and money.

One way or the other, the world of enterprise software is changing and evolving. If you’re an IT professional, that means you need to keep a careful eye on trends, techniques, and technologies that can either help or hinder your career.

To help you stay in front of the looming tidal wave of changes sweeping across our industry, we compiled this list of conferences, summits, and events dedicated to DevOps and other critical elements of the rapidly transforming enterprise IT landscape.

Read more at HPE

Today’s CPU Vulnerability: What You Need to Know

By
Google Security
-



Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.



The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.



These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.

Read more at Google Security Blog

Splice Hooking for Unix-Like Systems

By
Dennis Turpitka
-

Hooking is a powerful programming technique for monitoring software behavior or extending functionality without altering the original code. The idea is to intercept certain events or system calls and use them to initiate your own custom code.

Hook splicing for Unix-like systems.

At Apriorit, we use hooking all the time when creating solutions for our clients, particularly in the areas of cybersecurity, data acquisition, and systems control. As part of our development efforts for Unix-like systems, we’ve created a custom solution for hooking based on the Linux splice technique (you can find decent description and splice Linux example here). We want to share it with you in this brief article.

Custom splice hooking technique for Unix-like systems

Our custom hooking technique for Unix-like systems was inspired by the popular Mhook library, the source code for which can be found on GitHub. This library is powerful for hooking, but supports only Windows platforms and includes surplus modules that aren’t acceptable for *nix.

To implement hooking in Unix, we took ideas from Mhook and modified them, increasing the flexibility and functionality of our tool in the process.

Splicing algorithm for *nix kernel

The general splicing hooking algorithm for *nix kernel hooks can be described as follows:

  • Store the memory from the required function pointer to the memory buffer (the size of stored memory should be equal to or greater than the jump instruction size). To get the identifier for a specific function in Linux, for example, you can use kprobes internals.

  • Rewrite the required function pointer with a jump instruction that contains a pointer to the hook function (“hook call” in Figure 1).

This stored buffer will be used for the original call, allowing to restore original call on the module removal or pause.

Executing an original call

Typically, we use the original function’s wrapping when replacing a function with a hook. But if an original call needs to be executed inside the hook or anywhere else, the algorithm’s approach should be modified to handle a larger buffer size.

  • After the original function pointer, analyze the memory via the disassembler. As a result of this analysis, you should retrieve the aligned instructions offset (the offset should be greater than the size of the jump instruction).

  • The memory buffer must have an executable flag (PAGE_KERNEL_EXEC). The size of the memory buffer should be calculated based on two parts: the calculated offset and the size of the jump back instruction to the memory from the original call, which stays after the inserted jump (“original call” in Figure 1).

  • Finally, the original function can be called by casting the stored buffer to the function’s signature and executing it.

This algorithm is visualized in Figure 1 for an x64 platform.

 

Advantages of this technique

Compared to existing solutions, this approach provides several advantages in terms of functionality:

  • Allows hooking of all available symbols in the kernel – this is especially useful if the kernel module in question works with internal kernel functions

  • Less noticeable to malware detectors – hooking can be used to create malware, and thus many Windows, macOS and Linux rootkit detection solutions often flag them as harmful, even if they are used legitimately. Since it’s impossible to test your hooks with all anti-malware software on the market, hooking techniques that don’t prompt false positives are all the more valuable.

Disadvantages of this technique

When we talk about disadvantages of this approach, we’re not talking about any flaws or limitations in terms of functionality, but rather about difficulties that arise in actual implementation. In this regard, there are two main disadvantages:

  • This technique requires a reliable disassembler, since libraries aren’t acceptable for *nix kernels.

  • This technique is architecture dependent, since each architecture has its own jump instructions.

Conclusion

We actively use the Unix splice hooking approach described above in projects we create for our clients here at Apriorit, particularly in the area of cybersecurity. We’ve implemented this hook type for a variety of architectures and kernel versions, including x86_64, x86, and ARM in Linux 2.6.32 to 4.10.

We hope that you find this approach useful and that you’ll be able to use some of the ideas presented in this article for your own hooking needs.

1...427428429...10,743Page 428 of 10,743