nixCraft – Linux Tips, Hacks, Tutorials, And Ideas In Blog

Increase your Linux server Internet speed with TCP BBR congestion control

July 21, 2017July 22, 2017in Cloud Computing last updated July 22, 2017

I recently read that TCP BBR has significantly increased throughput and reduced latency for connections on Google’s internal backbone networks and google.com and YouTube Web servers throughput by 4 percent on average globally – and by more than 14 percent in some countries. The TCP BBR patch needs to be applied to the Linux kernel. The first public release of BBR was here, in September 2016. The patch is available to any one to download and install. Another option is using Google Cloud Platform (GCP). GCP by default turned on to use a cutting-edge new congestion control algorithm named TCP BBR.

Download of The Day: Fedora Linux 26

July 11, 2017July 11, 2017in Linux News last updated July 11, 2017

Fedora 26 with KDE Fedora Linux version 26.0 has been released ( jump to download ) after many months of constant development and available for download in various media format. Fedora 26 is a free and open source operating system includes various new features such as GCC 7, Golang 1.8, Python 3.6, DNF 2.0, OpenSSL 1.1.0 and more. Fedora 26 runs on both ARM servers and desktop boards too.

How to fix IPMI KVM JAVA BMCMD5withRSA and is treated as unsigned error

July 8, 2017July 8, 2017in Datacenter, Hardware last updated July 8, 2017

Like any good sysadmin, I kept my servers and desktop side up to date and patched all the time. However, recent Java updates have broken my IPMI KVM Java Applets on Dell, IBM, HP, Supermicro and FreeNAS mini servers. You will get an error that read as follows:

Unsigned application requesting unrestricted access to system. The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned.

Why port 80 (HTTP) reported as open by nmap when it is closed?

July 2, 2017in Security last updated July 2, 2017

I recently setup a small server which is running Debian 9. The purpose of this machine is to run OpenVPN server on port 443 to bypass censorship. It runs the following services and nothing else:

Squid on private IP belongs to VPN pool (10.8.0.1:3128)
SSH on private IP belongs to VPN pool (10.8.0.1:22)
DNS resolver on private IP belongs to VPN pool (10.8.0.1:53)
OpneVPN on public IP port 443 (server_public_ip_address:443)

Download of The Day: Debian Linux 9 ( Stretch )

June 18, 2017June 18, 2017in Linux News last updated June 18, 2017

Debian GNU/Linux version 9.0 stretch has been released ( jump to download ) after many months of constant development and available for download in various media format. Debian 9.0 is a free operating system includes various new features such as support for mips64el architecture, GNOME 3.22, KDE Plasma 5.8, LXDE, LXQt 0.11, MATE 1.16, Xfce 4.12, Linux kernel 4.9 and more. Debian 9 is dedicated to the project’s founder Ian Murdock, who passed away on 28 December 2015.

Linux security alert: Bug in sudo’s get_process_ttyname() [ CVE-2017-1000367 ]

May 30, 2017May 31, 2017in Security last updated May 31, 2017

CVE-2017-1000367
There is a serious vulnerability in sudo command that grants root access to anyone with a shell account. It works on SELinux enabled systems such as CentOS/RHEL and others too. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. Patch your system as soon as possible.

Libreboot T400: A GNU+Linux laptop that respects your freedom

May 28, 2017May 28, 2017in Open Source last updated May 28, 2017

The Libreboot T400 is certified by the Free Software Foundation, under their Respects Your Freedom hardware certification program. It is now available at a reduced price without any binary blobs or backdoors in BIOS. The Libreboot T400 comes without the Intel Management Engine.

Alpine Linux 3.6.0 has been released

May 26, 2017May 27, 2017in Linux News last updated May 27, 2017

Alpine Linux 3.6.0 released
Alpine Linux version 3.6 has been released. Alpine Linux is built around musl libc and busybox. This makes it smaller and more resource efficient than traditional GNU/Linux distributions. A container requires no more than 8 MB, and a minimal installation to disk requires around 130 MB of storage. Not only do you get a fully-fledged Linux environment but a large selection of packages from the repository. Alpine Linux was designed with security in mind. The kernel is patched with an unofficial port of grsecurity/PaX, and all userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection. These proactive security features prevent exploitation of entire classes of zero-day and other vulnerabilities.

7 Awesome ChatOps Open Source Software For Conversation-driven Development and Management

May 24, 2017in Open Source last updated May 24, 2017

A software bot is nothing but a set of scripts or an independent program that connects to web services or chat services as a client to perform automated functions. Often, bots are deployed from a server. It runs in background and performer various activities such as giving out information, providing an answer to common questions, deleting spam and much more. Here is a list of 7 of them that you must know.
Continue reading “7 Awesome ChatOps Open Source Software For Conversation-driven Development and Management”

Intel Euclid: Ideal platform for Robotics and Ubuntu Linux powers it

May 23, 2017in Hardware last updated May 23, 2017

Intel announced Euclid development kit for robotics. It is Ubuntu Linux 16.04 based system. One can run, monitor and manage their robotics apps with the web interface. The software works with any ROS-based (Robotics Operating System) robot such as Arduino to build sensing capabilities in your project. You can use sensors and cameras to control a robot.