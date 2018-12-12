Language Selection

Linux
  • Bounded loops in BPF programs

    The BPF verifier is charged with ensuring that any given BPF program is safe for the kernel to load and run. Programs that fail to terminate are clearly unsafe, as they present an opportunity for denial-of-service attacks. In current kernels, the verifier uses a heavy-handed technique to block such programs: it disallows any program containing loops. This works, but at the cost of disallowing a wide range of useful programs; if the verifier could determine whether any given loop would terminate within a bounded time, this restriction could be lifted. John Fastabend presented a plan for doing so during the BPF microconference at the 2018 Linux Plumbers Conference.

    Fastabend started by noting that the lack of loops hurts; BPF developers are doing "crazy things" to work around their absence. He is working to enable the use of simple loops that can be modeled by the verifier. There is academic work on ways to verify more complex loops, but that is a problem for later. For now, the objective is to detect simple loops and verify that they will terminate; naturally, it's important that the verifier, too, is able to terminate in a reasonable amount of time.

  • Binary portability for BPF programs

    The BPF virtual machine is the same on all architectures where it is supported; architecture-specific code takes care of translating BPF to something the local processor can understand. So one might be tempted to think that BPF programs would be portable across architectures but, in many cases, that turns out not to be true. During the BPF microconference at the Linux Plumbers Conference, Alexei Starovoitov (assisted by Yonghong Song, who has done much of the work described) explained the problem and the work that has been done toward "compile once, run everywhere" BPF.

    Many BPF programs are indeed portable, in that they will load and execute properly on any type of processor. Packet-filtering programs, in particular, usually just work. But there is a significant class of exceptions in the form of tracing programs, which are one of the biggest growth areas for BPF. Most tracing tools have two components: a user-space program invoked by the user, and a BPF program that is loaded into the kernel to filter, acquire, and possibly boil down the needed data. Both programs are normally written in C.

  • Taming STIBP

    The Spectre class of hardware vulnerabilities was apparently so-named because it can be expected to haunt us for some time. One aspect of that haunting can be seen in the fact that, nearly one year after Spectre was disclosed, the kernel is still unable to prevent one user-space process from attacking another in some situations. An attempt to provide that protection using a new x86 microcode feature called STIBP has run into trouble once its performance impact was understood; now a more nuanced approach may succeed in providing protection where it is needed without slowing down everybody else.

    The Spectre variant 2 vulnerability works by polluting the CPU's branch-prediction buffer (BPB), which is used during speculative execution to make a guess about which branch(es) the code will take; see this article for a refresher on the Spectre vulnerabilities if needed. Closing this hole requires changes at a number of levels, but a fundamental part of the problem is preventing any code that may be targeted from running with a BPB that has been trained by an attacker.

  • The x32 subarchitecture may be removed

    The x32 subarchitecture is a software variant of x86-64; it runs the processor in the 64-bit mode, but uses 32-bit pointers and arithmetic. The idea is to get the advantages of x86-64 without the extra memory usage that goes along with it. It seems, though, that x32 is not much appreciated; few distributions support it and the number of users appears to be small.

Nvidia unveils cheaper 4GB version of its Jetson TX2 and begins shipping its next-gen Xavier module

Nvidia announced a lower-cost 4GB version of its Linux-driven Jetson TX2 module with half the RAM and eMMC and has begun shipping its next-gen Jetson AGX Xavier. Nvidia will soon have three variants of its hexa-core Arm Jetson TX2 module: the original Jetson TX2, the more embedded, industrial temperature Jetson TX2i , and now a new Jetson TX2 4GB model. The chip designer also announced availability of its next-gen, robotics focused Jetson AGX Xavier module (see farther below). Read more

Stable kernels 4.19.9, 4.14.88, 4.9.145, 4.4.167, and 3.18.129

Software: Vivaldi, QEMU and Manpages

  • Vivaldi 2.2 adds tweakable toolbars and Netflix for Linux
    UPSTART WEB BROWSER Vivaldi has released version 2.2, with a number of new features which continue its aim to differentiate itself from other Chromium browsers. The privacy passionate progeny of Opera co-founder Jon Von Tetzchner boasts improved tab management, support for pop-out video windows, configurable toolbars and updates to acccessibility. [...] "Customizing a browser as per your needs is not only a thing for pros and geeks. The key is to create something that works for you," says Vivaldi CEO Jon von Tetzchner. "Features are what draw people to Vivaldi and details are what keep them there. That's why we are always striving to fit every use case and giving our users different ways to browse."
  • QEMU 3.1 Released For Advancing The Linux Open-Source Virtualization Stack
    The QEMU emulator that is widely used by the open-source Linux virtualization stack is out with its version 3.1 feature release. This is the QEMU update that is adding multi-threaded Tiny Code Generator support, display improvements, adds the Cortex-A72 model and other ARM improvements, and various other enhancements.
  • What are Linux man pages?
    Have you ever sought help on a technical issue, only to be told RTFM? What is that acronym? In a safe-for-work translation, it means Read The Freaking Manual. That's all fine and good when you working with something that has a downloadable PDF file containing all the necessary information you need. But what about a Linux command? There are no manuals to be had. Or are there?

OSS Leftovers

  • JFrog Empowers Millions of Open Source Go Developers, Announces Community's First Public Go Repository
    JFrog, the Universal DevOps technology leader known for enabling liquid software via continuous software update flows, is announcing the coming availability of JFrog GoCenter, the first-ever central repository for software modules developed in the popular Go programming language. GoCenter is a free, open source and public service that will be provided for the broad Go community in early 2019, and is being showcased at KubeCon Seattle.
  • Open Sesame
    Although it’s free for users, people invest time in making the technology better or creating it in the first place. [...] When a project is open-source, it means that the software, hardware or data are open for users to use, access, change or distribute for free. An open-source project can also make it easier to bring a team together to develop a project, Davis says.
  • Fuchsia SDK and ‘device’ now included in Android Open Source Project
    Fuchsia, Google’s future OS project, is getting more connected to Android. The search giant has added two Fuchsia items to its Android Open Source Project (AOSP) code. A new commit posted to the AOSP Gerrit — an online code collaboration and management tool — added two Fuchsia ‘repos’ to the primary ‘manifest’ of AOSP. In other words, developers added two Fuchsia files to the instructions that tell Google’s download tool ‘Repo’ what to include when a user downloads AOSP. Further, for those unfamiliar with AOSP, it’s a compilation of Android made available for anyone to use.
  • Fuchsia SDK & Test Device Appear In Android Open Source Project
    Google has taken substantial new steps toward the release of its long-awaited new operating system Fuchsia, based on recently noticed changes to the Android Open Source Project (AOSP) codebase. Although AOSP is most often connected to Android OS and development on that platform, Fuchsia OS has now appeared as both an SDK and test device in the repository. According to comments on the commits, the OS's repositories being included in the Android master manifest equates to an added 760MB. The Gerrit UI also shows changes to approximately 977 files in total with the addition of the Fuchsia software development kit (SDK) and a related test device. Interestingly, the test device SDK seems to be based on or at least tested with the configuration for 'Walleye' -- Google's codename for one of the Pixel 2 handsets.
  • ‘This is not a big boys club’: FINOS seeks to open up open source
    Attend an event about open source development and collaboration in financial technology, and you will see developers and executives from Capital One, Barclays, JPMorgan Chase, BlackRock and perhaps a handful of other financial institutions, along with open-source-focused vendors like Red Hat (now part of IBM).
  • The Autoware Foundation - An Open Alliance for Autonomous Driving Technology
  • What is Open Source & Why Should You Care?
    The term ‘open source’ is used with excitement throughout multiple industries, yet folks are still asking a lot of questions, chief among them: What is open source & why should I care? Well, for industrial and process manufacturing, open source is rapidly becoming a fundamental for the digitalization of these industries. Industrial automation users, system integrators, machine builders, and automation suppliers that understand how to embrace and leverage open source are dramatically improving their odds of being effective competitors in their respective industries.
  • QLC Chain to open source WinQ server router, focuses on multi-sig smart contracts
    QLC Chain has released its bi-weekly report, which highlights development progress of the public blockchain and VPN routers, adjustment of QLC Chain’s development plan, and updates to WinQ 2.0. Recently, an incentive program was announced for VPN operators and active community members to test the platform.

