About 18 months ago I started a project which had to develop directly against containerd with a full Linux system.
This presented a problem which I’d not really encountered before - Docker and Kubernetes on my Mac were no longer enough, I needed a full Linux environment, and so did the community.
This is how it went and what we learned along the way.
This post to the BusyBox mailing list from back in 2010 was a fun read to get the backstory on bin, sbin, usr/bin, and usr/sbin.
You know how Ken Thompson and Dennis Ritchie created Unix on a PDP-7 in 1969?
Well around 1971 they upgraded to a PDP-11 with a pair of RK05 disk packs (1.5
megabytes each) for storage.When the operating system grew too big to fit on the first RK05 disk pack (their
root filesystem) they let it leak into the second one, which is where all the
user home directories lived (which is why the mount was called /usr). They
replicated all the OS directories under there (/bin, /sbin, /lib, /tmp…) and
wrote files to those new directories because their original disk was out of
space. When they got a third disk, they mounted it on /home and relocated all
the user directories to there so the OS could consume all the space on both
disks and grow to THREE WHOLE MEGABYTES (ooooh!).
Around the same time I started using Ubuntu I found Tomboy and it was a note-taking system unlike anything else I’d ever used. To me it was the great differentiator for the Linux desktop for a bit. It is a desktop-wiki that provides some incredibly interesting concept. I thought it had quietly passed away but it turns out it has been ported to a new stack and lives a good life with support for Mac and Windows under the Tomboy NG name.
Kevin Backhouse:
I am a fan of Ubuntu, so I would like to help make it as secure as possible. I have recently spent quite a bit of time looking for security vulnerabilities in Ubuntu’s system services, and it has mostly been an exercise in frustration…
This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu. With a few simple commands in the terminal, and a few mouse clicks, a standard user can create an administrator account for themselves. I have made a short demo video, to show how easy it is.
This particular vulnerability is regarding the GUI, so your Ubuntu servers are unaffected. Still, 👀
Hayden Barnes explains how Windows and Linux exist in a “cosmic duality” and whether or not Microsoft will ever “shift the core of the Windows operating system to the Linux kernel.”
I have a unique perspective on Microsoft’s Linux involvement. I help deliver Ubuntu on Windows Subsystem for Linux in my job at Canonical. … I have become somewhat of an intermediary between the Microsoft and Linux communities. It is something I am glad to do. There are creative, kind, and fascinating people in both communities. Interesting things happen when the lines between them blur. Fostering cross-pollination will make computing better for everyone.
Darling is a lot like Wine only for macOS.
It implements a complete Darwin environment, runs macOS software directly without requiring a hardware emulator, and aims to integrate apps into the Linux desktop experience.
The only downside is they haven’t quite gotten GUI apps working yet:
This took us a lot of time and effort, but we finally have basic experimental support for running simple graphical applications. It requires some special setup for now though, so do not expect it to work out of the box just yet. We’re working on this; stay tuned!
A WSL alternative for users who prefer an MS-DOS environment. DOS Subsystem for Linux integrates a real Linux environment into MS-DOS systems, allowing users to make use of both DOS and Linux applications from the DOS command prompt
Is it time to migrate away from cron?
Like cron jobs, systemd timers can trigger events—shell scripts and programs—at specified time intervals, such as once a day, on a specific day of the month (perhaps only if it is a Monday), or every 15 minutes during business hours from 8am to 6pm. Timers can also do some things that cron jobs cannot. For example, a timer can trigger a script or program to run a specific amount of time after an event such as boot, startup, completion of a previous task, or even the previous completion of the service unit called by the timer.
To say KISS isn’t for everybody would be a massive understatement. After all, it only targets x86-64 architecture and the English language. To say KISS is the first unique take on Linux I’ve seen in a long time would be 💯 on target.
Here are a few of my favorites from its “feature” list:
- Every installation of the distribution contains the full sources (of the distribution) with git history attached.
- Is simple and small enough to be maintainable in its entirety by a single person with little effort.
- There is no “backend”. This distribution is merely a few git repositories.
And it looks rad too.
Dmitri Popov:
digiKam is the cornerstone of my photographic workflow. This powerful and versatile photo management application has all the tools and features necessary for transferring, organizing, processing, and managing photos, RAW files, and videos. But even though digiKam can handle practically any photographic task you throw at it, there is still room for optimizing and improving parts of the Linux-based photographic workflow.
Themeable and has a game-inspired menu system 🔥
Instead of blocking ads & trackers at the device level, Pi-hole is a DNS sinkhole that gets the job done at the network level. One benefit of this (in addition to ease of use) is that it can block content in non-browser locations like mobile apps and the like.
NymphCast is a software solution which turns your choice of Linux-capable hardware into an audio and video source for a television or powered speakers. It enables the streaming of audio and video over the network from a wide range of client devices, as well as the streaming of internet media to a NymphCast server, controlled by a client device.
In addition, it supports powerful apps (NymphCast apps) written in AngelScript to extend the functionality of NymphCast with a variety of online services.
Fedora CoreOS is a container-focused (mostly) immutable Linux distribution designed to be lightweight and secure. It features Ignition as an early-boot-provisioning systems that alleviates all post-boot configuration, OSTree as an atomic-update mechanism, and podman as a secure and daemon-less container runtime.
If you’ve ever asked yourself WHY you need to SSH in to configure a system, why your cloud server OS comes with inkjet printer packages, or how you can get out of the burden of critical but uninspired kernel updates… then check out Fedora CoreOS!
Dan Guido mentioned this might be a thing on our Algo VPN episode. Turns out he was right (once version 5.6 of the Linux kernel hits package mirrors for download).
Linus had this to say about WireGuard:
“Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art,”
Little Snitch is cool because it surfaces network connection attempts and lets you decide whether or not to allow them. OpenSnitch is cool because it is open source and built with Python and Go. Buyer beware:
THIS SOFTWARE IS WORK IN PROGRESS, DO NOT EXPECT IT TO BE BUG FREE AND DO NOT RELY ON IT FOR ANY TYPE OF SECURITY
If you’ve been following along in the open source news cycle lately, you’ve probably heard that Red Hat has dropped the docker container runtime engine from both its Red Hat Enterprise Linux (RHEL) and CentOS Linux distributions.
I must not be following along, because that’s news to me.
That being the case, what do you do when you need to deploy containers? Fortunately, they’ve created a near drop-in replacement for docker, called Podman.
Podman is a rename from kpod, sorta. The new thing is actually called libpod, and Podman exists as the CLI for that library. It’s all a bit confusing, but what’s cool is none of this requires a daemon like the Docker Engine.
If you’d like to give it a go, this walk-through by The New Stack will get you started.
George Hilliard is an embedded system engineer who has designed a cheap business card that runs Linux and has a USB port. In this blog, he talks about the logistics and design of the card.
The Xfce desktop has a specific, self-stated goal: to be fast on a system with low resources while being visually appealing and user-friendly. It’s been the de facto choice for lightweight Linux distributions (or remixes) for years and is often cited by its fans as a desktop that provides just enough to be useful, but never so much as to be a burden.
I’ve never used Xfce myself, but I’ve heard plenty of my fellow devs sings its praises over the years.
I probably understood ~60% of the data htop exposes. After reading this extremely thorough post, I understand a lot more. The section on load average is pure gold.
If you are a system administrator, or just a regular Linux user, there is a very high chance that you worked with Syslog, at least one time. On your Linux system, pretty much everything related to system logging is linked to the Syslog protocol. Designed in the early 80’s by Eric Allman (from Berkeley University), the syslog protocol is a specification that defines a standard for message logging on any system.
This is pitched as “everything that you need to know about Syslog.” From what I can tell, it might just live up to that pitch. It’s high quality and thorough.
It’s great to read RMS and other GNU developer’s perspective on how we got past the UNIX days. I’m particularly interested in a conversation around this statement from the author:
Open source discourse typically encourages certain practices for the sake of practical advantages, not as a moral imperative.
I’m fascinated by the different perspectives. There’s one where F/OSS is a human right, and another where it’s a business opportunity. They’re not mutually exclusive, but which is more prevalent these days?
My thought is that we wouldn’t be where we are today if the former didn’t dominate in the ‘90s, but we’re significantly more capitalistic with our OSS these days.
What’s your take on it?
If you’d like to follow along with someone who “has no idea what they’re doing” to learn how to take a base Docker image made with a single line Dockerfile FROM debian:latest and convert it to something launch-able, then read on…
…messing about with things like this is the only way to gain extra knowledge of any system internals. We are going to speak Docker and Linux here. What if we want to take a base Docker image, I mean really base, just an image made with a single line Dockerfile like
FROM debian:latest, and convert it to something launchable on a real or virtual machine? In other words, can we create a disk image having exactly the same Linux userland a running container has and then boot from it?
Instantbox spins up a temporary Linux system with instant webshell access from any browser. Great for presentations, demos at schools and user groups, testing out random ideas, and more.
Distros supported include Ubuntu, CentOS, Arch Linux, Debian, Fedora, and Alpine.
This write up is a mindbending and informative view of the “everything is a file” philosophy of Linux. Alison does an exceptional job of making filesystem internals feel approachable. It’s a must read for those who love to understand how things work.
