Category: Open Source Infrastructure

  • January 26, 2018 - Cedric Bail

    How to Securely Encrypt A Linux Home Directory

    These days our computer enables access to a lot of personal information that we don’t want random strangers to access, things like financial login information comes to mind. The problem is that it’s hard to make sure this information isn’t leaked somewhere in your home directory like the cache file for your web browser. Obviously, in the event your computer gets stolen you want your data at rest to be secure; for this reason you should encrypt your hard drive. Sometimes this is not a good solution as you may want to share your device with someone who you might not want to give your encryption password to. In this case, you can  encrypt only the home directory for your specific account. Note: This article focuses on security for data at rest after that information is forever out of your reach, there are other threat models that may require different […]

    Read More
  • IoTivity 1.3.1 has been released, and with it comes some important new changes. First, you can rebuild packages from sources, with or without my hotfixes patches, as explained recently in this blog post. For ARM users (of ARTIK7), the fastest option is to download precompiled packages as .RPM for fedora-24 from my personal repository, or check ongoing works for other OS. Copy and paste this snippet to install latest IoTivity from my personal repo:

    I also want to thank JFrog for proposing bintray service to free and open source software developers. Standalone Apps In a previous blog post, I explained how to run examples that are shipped with the release candidate. You can also try with other existing examples (rpm -ql iotivity-test), but some don’t work properly. In those cases, try the 1.3-rel branch, and if you’re still having problems please report a bug. At this point, you should know […]

    Read More
  • SPDX

    December 1, 2017 - Mauro Carvalho Chehab

    Linux Kernel License Practices Revisited with SPDX®

    The licensing text in the Linux kernel source files is inconsistent in verbiage and format. Typically, in each of its ~100k files there is a license text that describes which license applies to each specific file. While all licenses are GPLv2 compatible, properly identifying the licenses that are applicable to a specific file is very hard. To address this problem, a group of developers recently embarked on a mission to use SPDX® to research and map these inconsistencies in the licensing text. As a result of this 10 month long effort, the Linux 4.14 release includes changes to make the licensing text consistent across the kernel source files and modules. Linux Kernel License As stated on its COPYING file, the Linux kernel’s default license is GPLv2, with an exception that grants additional rights to the kernel users:

    The kernel’s COPYING file produces two practical effects: User-space applications can use non-GPL […]

    Read More
  • When debugging kernel problems that aren’t obvious, it’s necessary to understand the history of changes to the source files. For example, a race condition that results in a lockdep warning might have tentacles into multiple code paths. This requires us to examine and understand not only the changes made, but also why they were made. Individual patch commit logs are the best source of the information on why a change was made. So how do we find this information? My goto tool set for such endeavors has been a combination of git gui and git log. Recently I started using cregit. I will go over these options in this blog. git log Running git log on a source file will show all the commits for that file, then you can find the corresponding code change by generating the patch. Using git log can be tedious, but useful for targeted commit […]

    Read More
  • The X.org Foundation is a non-profit governance entity charged with overseeing core components of the open source graphics community. X.org had been structured as a legal (non-profit) corporate entity registered in the state of Delaware for some years, which provided tax deduction on donations and other such benefits. Unfortunately, being a non-profit is not cheap and entails various administrative tasks – filing annual reports, maintaining a bank account, dealing with donations and expenses, and so on – so the overhead of being an independent non-profit was deemed not worth the benefits, and in 2016 the members voted to join Software in the Public Interest (SPI). Joining SPI made a lot of sense; primarily, it would relieve X.org of administrative burdens while preserving the benefits of non-profit status. The costs of being in SPI are offset by the savings of not having to pay the various fees required to upkeep the […]

    Read More
  • After my previous blog post, you should now be using SSH and Tor all the more often, but things are probably slow when you are trying to setup a secure connection with this method. This may well be due to your computer lacking a proper source of entropy to create secure cryptographic keys. You can check the entropy of your system with the following command.

    This will return a number, hopefully it’s above 3,000 because that’s what is likely needed to keep up with your needs. So what do you do if it’s not high enough? This article will cover two tips to improve your computer’s entropy. All examples in this guide are for Linux distributions that use systemd. rngd rngd is a tool designed to feed the system with more entropy from various sources. It is part of the rng-tools package. After installing it, the rngd service needs to […]

    Read More
  • A V4L2 staging driver for the Raspberry Pi (RPi) was recently merged into the Linux kernel 4.11. While this driver is currently under development, I wanted to test it and to provide help with V4L2-related issues. So, I took some time to build an upstream kernel for the Raspberry Pi 3 with V4L2 enabled. This isn’t a complex process, but it requires some tricks for it to work; this article describes the process. Prepare an Upstream Kernel The first step is to prepare an upstream kernel by cloning a git tree from the kernel repositories. Since the Broadcom 2835 camera driver (bcm2835-v4l2) is currently under staging, it’s best to clone the staging tree because it contains the staging/vc04_services directory with both ALSA and V4L2 drivers:

    There’s an extra patch that it is required for DT to work with the bcm2835-v4l2 driver:

    You need to apply this to the git tree, in order for the vciq […]

    Read More
  • January 24, 2017 - Cedric Bail

    Improving the Security of Your SSH Configuration

    Most developers make use of SSH servers on a regular basis and it’s quite common to be a bit lazy when it comes to the admin of some of them. However, this can create significant problems because SSH is usually served over a port that’s remotely accessible. I always spend time securing my own SSH servers according to some best practices, and you should review the steps in this article yourself.  This blog post will expand upon these best practices by offering some improvements. Setup SSH Server Configuration The first step is to make the SSH service accessible via only the local network and Tor. Tor brings a few benefits for an SSH server: Nobody knows where users are connecting to the SSH server from. Remote scans need to know the hidden service address Tor uses, which reduces the risk of automated scan attacks on known login/password and bugs in the ssh server. It’s always […]

    Read More
  • October 28, 2016 - Mauro Carvalho Chehab

    Improving Linux Kernel Development Process Documentation

    This article will cover how the Linux kernel community handled the conversion of documentation related to the kernel development process; it’s part of a series on improvements being made to Linux kernel documentation. Introduction It’s not an easy task to properly describe the Linux development process. The kernel community moves at a very fast pace and produces about 6 versions per year. Thousands of people, distributed worldwide, contribute to this collective work; the development process is a live being that constantly adjusts to what best fits the people involved in the process. Additionally, since kernel development is managed per subsystems, each maintainer has their own criteria for what works best for the subsystem they take care of. To address this, the documentation provides a common ground for understanding the best practices all kernel developers should follow. The Documentation/Development-Process Book There are several files inside the kernel that describes the development […]

    Read More
  • October 13, 2016 - Mauro Carvalho Chehab

    Finishing the Conversion of Linux Media Documentation to ReST

    This article is part of a series on improvements to Linux Kernel documentation; this article will describe the effort to convert the remaining Linux Media subsystem documentation. The Linux Media Subsystem Documentation Before Kernel 4.8, the Linux Media documentation was splt into the Linux Media Infrastructure userspace API (uAPI), which described the system calls and sysfs devices the media subsystem uses. The conversion of this book was already explained in a previous article from this series, the Media subsystem kernel internal API (kAPI), which described the functions and data structures a media driver should use to implement drivers, some text files describing how to use the kAPI, these are spread inside the Documentation/ directory at the Kernel tree, a set of files that document some V4L drivers under Documentation/video4linux, and a set of files that document some DVB drivers, under Documentation/dvb. Converting the kAPI Book The kAPI book is actually […]

    Read More