Fedora CoreOS is a container-focused (mostly) immutable Linux distribution designed to be lightweight and secure. It features Ignition as an early-boot-provisioning systems that alleviates all post-boot configuration, OSTree as an atomic-update mechanism, and podman as a secure and daemon-less container runtime.
If you’ve ever asked yourself WHY you need to SSH in to configure a system, why your cloud server OS comes with inkjet printer packages, or how you can get out of the burden of critical but uninspired kernel updates… then check out Fedora CoreOS!
Dan Guido mentioned this might be a thing on our Algo VPN episode. Turns out he was right (once version 5.6 of the Linux kernel hits package mirrors for download).
“Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art,”
Little Snitch is cool because it surfaces network connection attempts and lets you decide whether or not to allow them. OpenSnitch is cool because it is open source and built with Python and Go. Buyer beware:
THIS SOFTWARE IS WORK IN PROGRESS, DO NOT EXPECT IT TO BE BUG FREE AND DO NOT RELY ON IT FOR ANY TYPE OF SECURITY
If you’ve been following along in the open source news cycle lately, you’ve probably heard that Red Hat has dropped the docker container runtime engine from both its Red Hat Enterprise Linux (RHEL) and CentOS Linux distributions.
I must not be following along, because that’s news to me.
That being the case, what do you do when you need to deploy containers? Fortunately, they’ve created a near drop-in replacement for docker, called Podman.
Podman is a rename from kpod, sorta. The new thing is actually called libpod, and Podman exists as the CLI for that library. It’s all a bit confusing, but what’s cool is none of this requires a daemon like the Docker Engine.
If you’d like to give it a go, this walk-through by The New Stack will get you started.
George Hilliard is an embedded system engineer who has designed a cheap business card that runs Linux and has a USB port. In this blog, he talks about the logistics and design of the card.
The Xfce desktop has a specific, self-stated goal: to be fast on a system with low resources while being visually appealing and user-friendly. It’s been the de facto choice for lightweight Linux distributions (or remixes) for years and is often cited by its fans as a desktop that provides just enough to be useful, but never so much as to be a burden.
I’ve never used Xfce myself, but I’ve heard plenty of my fellow devs sings its praises over the years.
I probably understood ~60% of the data
htop exposes. After reading this extremely thorough post, I understand a lot more. The section on load average is pure gold.
If you are a system administrator, or just a regular Linux user, there is a very high chance that you worked with Syslog, at least one time. On your Linux system, pretty much everything related to system logging is linked to the Syslog protocol. Designed in the early 80’s by Eric Allman (from Berkeley University), the syslog protocol is a specification that defines a standard for message logging on any system.
This is pitched as “everything that you need to know about Syslog.” From what I can tell, it might just live up to that pitch. It’s high quality and thorough.
It’s great to read RMS and other GNU developer’s perspective on how we got past the UNIX days. I’m particularly interested in a conversation around this statement from the author:
Open source discourse typically encourages certain practices for the sake of practical advantages, not as a moral imperative.
I’m fascinated by the different perspectives. There’s one where F/OSS is a human right, and another where it’s a business opportunity. They’re not mutually exclusive, but which is more prevalent these days?
My thought is that we wouldn’t be where we are today if the former didn’t dominate in the ‘90s, but we’re significantly more capitalistic with our OSS these days.
What’s your take on it?
If you’d like to follow along with someone who “has no idea what they’re doing” to learn how to take a base Docker image made with a single line Dockerfile
FROM debian:latest and convert it to something launch-able, then read on…
…messing about with things like this is the only way to gain extra knowledge of any system internals. We are going to speak Docker and Linux here. What if we want to take a base Docker image, I mean really base, just an image made with a single line Dockerfile like
FROM debian:latest, and convert it to something launchable on a real or virtual machine? In other words, can we create a disk image having exactly the same Linux userland a running container has and then boot from it?
Instantbox spins up a temporary Linux system with instant webshell access from any browser. Great for presentations, demos at schools and user groups, testing out random ideas, and more.
Distros supported include Ubuntu, CentOS, Arch Linux, Debian, Fedora, and Alpine.
This write up is a mindbending and informative view of the “everything is a file” philosophy of Linux. Alison does an exceptional job of making filesystem internals feel approachable. It’s a must read for those who love to understand how things work.
- Security: reduce your attack surface by practicing the Principle of Least Privilege (PoLP) and enforcing mutual TLS (mTLS).
- Predictability: remove needless variables and reduce unknown factors from your environment using immutable infrastructure.
- Evolvability: simplify and increase your ability to easily accommodate future changes to your architecture.
Hit up the README if you’re curious about the name, why there’s no shell/ssh access, or how it’s different than CoreOS/RancherOS/Linuxkit
Everyone’s favorite package manager for macOS released version 2.0 with official support for Linux and Windows 10 (with Windows Subsystem Linux). Cross-platform setup scripts just got a whole lot easier.
This is an excellent summation of the state of the world of Linux distros from a development perspective.
If I were to start all over again today, I’d probably go with Arch because it speaks to a lot of my sensibilities. However, I’ve been in Debian/Ubuntu land for far too long to make any major changes now. Also, if it ain’t broke…
Gaming in Linux has evolved a lot in the past few years. Now, you have dozens of distros pre-optimized for gaming and gamers. We tested all of them and hand-picked the best.
This is a well-done roundup, replete with features and minimum hardware requirements for each distro. 👌
I did not see this coming. Linus Torvalds, writing to the Linux Kernel mailing list:
I need to change some of my
behavior, and I want to apologize to the people that my personal
behavior hurt and possibly drove away from kernel development
I am going to take time off and get some assistance on how to
understand people’s emotions and respond appropriately.
Introspection is hard, especially when you don’t like what you see after staring yourself in the mirror. Cheers to him for owning up to mistreating others and attempting to change. Here’s hoping he follows through. 🤞
This repository contains a step-by-step guide that teaches how to create a simple operating system (OS) kernel from scratch. I call this OS Raspberry Pi OS or just RPi OS. The RPi OS source code is largely based on Linux kernel, but the OS has very limited functionality and supports only Raspberry PI 3.
6 lessons available with 5 more on the roadmap.
I use the
history command all the time, but I’ve never really dug in to it to see what all is possible. If you’re in a similar spot, this article by Steve Morris is a good primer. 👌
Graphpath is a shining example of the Unix philosophy’s virtues.
it’s just a shell script using standards tools (route, arp and ifconfig on *BSD and ip on Linux)
The results? Super useful.
For those coming off the heels of The Changelog #292 where we talked with Philipp Krenn about Elasticsearch, you’re gonna wanna play around with full text searching your man pages with Elasticsearch.
This post covers:
- Setup an Elasticsearch instance locally
- Create an index for the data
- Feed the index with the man pages of the OS
- Create a search method for full text searching
- Full text search the man pages
Cockpit makes Linux discoverable, allowing sysadmins to easily perform tasks such as starting containers, storage administration, network configuration, inspecting logs and so on.