Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Misc
  • Taskbar Latency and Kernel Calls

    I work quickly on my computer and I get frustrated when I am forced to wait on an operation that should be fast. A persistent nuisance on my over-powered home laptop is that closing windows on the taskbar is slow. I right-click on an entry, wait for the menu to appear, and then select “Close window”. The mouse movement should be the slow part of this but instead I find that the delay before the menu appears is the longest component.

    [...]

    Sometimes the challenge in trace analysis is to find where the issue is, but for this issue that part of the analysis was trivial. There were three clear signals that all pointed to the right place, and a painfully obvious culprit.

    The first signal is the input events. UIforETW contains an integrated input logger (anonymized enough so that I don’t accidentally steal passwords or personal information) so I could just drill down to the MouseUp events with a Button Type of 2, which represents the right mouse button.

  •  

  • Apple programmed Siri to avoid the word "feminism"

                       

                         

    Previously, when Siri was asked if she was a feminist, she would respond “Sorry [user], I don’t really know.” Since the rewrite, responses avoid a stance. “I believe that all voices are created equal and worth equal respect,” she might reply, for example; or, “it seems to me that all humans should be treated equally."

  • How Discord moderators build innovative solutions to problems of scale with the past as a guide

    For a new study that will be published in CSCW in November, we interviewed 14 moderators of 8 “subreddit” communities from the social media aggregation and discussion platform Reddit to answer these questions. We chose these communities because each community had recently adopted the real-time chat platform Discord to support real-time chat in their community. This expansion into Discord introduced a range of challenges—especially for the moderation teams of large communities.

    We found that moderation teams of large communities improvised their own creative solutions to challenges they faced by building bots on top of Discord’s API. This was not too shocking given that APIs and bots are frequently cited as tools that allow innovation and experimentation when scaling up digital work. What did surprise us, however, was how important moderators’ past experiences were in guiding the way they used bots. In the largest communities that faced the biggest challenges, moderators relied on bots to reproduce the tools they had used on Reddit. The moderators would often go so far as to give their bots the names of moderator tools available on Reddit. Our findings suggest that support for user-driven innovation is important not only in that it allows users to explore new technological possibilities but also in that it allows users to mine their past experiences to introduce old systems into new environments.

  • Telnet Backdoor Opens More Than 1M IoT Radios to Hijack

    Imperial Dabman IoT radios have a weak password vulnerability that could allow a remote attacker to achieve root access to the gadgets’ embedded Linux BusyBox operating system, gaining control over the device. Adversaries can deliver malware, add a compromised radio to a botnet, send custom audio streams to the device, listen to all station messages as well as uncover the Wi-Fi password for any network the radio is connected to.

    The issue (CVE-2019-13473) exists in an always-on, undocumented Telnet service (Telnetd) that connects to Port 23 of the radio. The Telnetd service uses weak passwords with hardcoded credentials, which can be cracked using simple brute-forcing tactics. From there, an attacker can gain unauthorized access to the radio and its OS.

More in Tux Machines

Linux 5.3

  • Linux 5.3
    So we've had a fairly quiet last week, but I think it was good that we
    ended up having that extra week and the final rc8.
    
    Even if the reason for that extra week was my travel schedule rather
    than any pending issues, we ended up having a few good fixes come in,
    including some for some bad btrfs behavior. Yeah, there's some
    unnecessary noise in there too (like the speling fixes), but we also
    had several last-minute reverts for things that caused issues.
    
    One _particularly_ last-minute revert is the top-most commit (ignoring
    the version change itself) done just before the release, and while
    it's very annoying, it's perhaps also instructive.
    
    What's instructive about it is that I reverted a commit that wasn't
    actually buggy. In fact, it was doing exactly what it set out to do,
    and did it very well. In fact it did it _so_ well that the much
    improved IO patterns it caused then ended up revealing a user-visible
    regression due to a real bug in a completely unrelated area.
    
    The actual details of that regression are not the reason I point that
    revert out as instructive, though. It's more that it's an instructive
    example of what counts as a regression, and what the whole "no
    regressions" kernel rule means. The reverted commit didn't change any
    API's, and it didn't introduce any new bugs. But it ended up exposing
    another problem, and as such caused a kernel upgrade to fail for a
    user. So it got reverted.
    
    The point here being that we revert based on user-reported _behavior_,
    not based on some "it changes the ABI" or "it caused a bug" concept.
    The problem was really pre-existing, and it just didn't happen to
    trigger before. The better IO patterns introduced by the change just
    happened to expose an old bug, and people had grown to depend on the
    previously benign behavior of that old issue.
    
    And never fear, we'll re-introduce the fix that improved on the IO
    patterns once we've decided just how to handle the fact that we had a
    bad interaction with an interface that people had then just happened
    to rely on incidental behavior for before. It's just that we'll have
    to hash through how to do that (there are no less than three different
    patches by three different developers being discussed, and there might
    be more coming...). In the meantime, I reverted the thing that exposed
    the problem to users for this release, even if I hope it will be
    re-introduced (perhaps even backported as a stable patch) once we have
    consensus about the issue it exposed.
    
    Take-away from the whole thing: it's not about whether you change the
    kernel-userspace ABI, or fix a bug, or about whether the old code
    "should never have worked in the first place". It's about whether
    something breaks existing users' workflow.
    
    Anyway, that was my little aside on the whole regression thing.  Since
    it's that "first rule of kernel programming", I felt it is perhaps
    worth just bringing it up every once in a while.
    
    Other than that aside, I don't find a lot to really talk about last
    week. Drivers, networking (and network drivers), arch updates,
    selftests. And a few random fixes in various other corners. The
    appended shortlog is not overly long, and gives a flavor for the
    changes.
    
    And this obviously means that the merge window for 5.4 is open, and
    I'll start doing pull requests for that tomorrow. I already have a
    number of them in my inbox, and I appreciate all the people who got
    that over and done with early,
    
                    Linus
    
  • Linux Kernel 5.3 Officially Released, Here's What's New

    Linus Torvalds announced today the release of the Linux 5.3 kernel series, a major that brings several new features, dozens of improvements, and updated drivers. Two months in the works and eight RC (Release Candidate) builds later, the final Linux 5.3 kernel is now available, bringing quite some interesting additions to improve hardware support, but also the overall performance. Linux kernel 5.3 had an extra Release Candidate because of Linus Torvalds' travel schedule, but it also brought in a few needed fixes. "Even if the reason for that extra week was my travel schedule rather than any pending issues, we ended up having a few good fixes come in, including some for some bad Btrfs behavior. Yeah, there's some unnecessary noise in there too (like the speling fixes), but we also had several last-minute reverts for things that caused issues," said Linus Torvalds.

  • Linux 5.3 Kernel Released With AMD Navi Support, Intel Speed Select & More

    Linus Torvalds just went ahead and released the Linux 5.3 kernel as stable while now opening the Linux 5.4 merge window. There was some uncertainty whether Linux 5.3 would have to go into extra overtime due to a getrandom() system call issue uncovered by an unrelated EXT4 commit. Linus ended up reverting the EXT4 commit for the time being.

Kubernetes Leftovers

  • With its Kubernetes bet paying off, Cloud Foundry doubles down on developer experience

    More than 50% of the Fortune 500 companies are now using the open-source Cloud Foundry Platform-as-a-Service project — either directly or through vendors like Pivotal — to build, test and deploy their applications. Like so many other projects, including the likes of OpenStack, Cloud Foundry went through a bit of a transition in recent years as more and more developers started looking to containers — and especially the Kubernetes project — as a platform on which to develop. Now, however, the project is ready to focus on what always differentiated it from its closed- and open-source competitors: the developer experience.

  • Kubernetes in the Enterprise: A Primer

    As Kubernetes moves deeper into the enterprise, its growth is having an impact on the ecosystem at large. When Kubernetes came on the scene in 2014, it made an impact and continues to impact the way companies build software. Large companies have backed it, causing a ripple effect in the industry and impacting open source and commercial systems. To understand how K8S will continue to affect the industry and change the traditional enterprise data center, we must first understand the basics of Kubernetes.

  • Google Cloud rolls out Cloud Dataproc on Kubernetes

    Google Cloud is trialling alpha availability of a new platform for data scientists and engineers through Kubernetes. Cloud Dataproc on Kubernetes combines open source, machine learning and cloud to help modernise big data resource management. The alpha availability will first start with workloads on Apache Spark, with more environments to come.

  • Google announces alpha of Cloud Dataproc for Kubernetes

    Not surprisingly, Google, the company that created K8s, thinks the answer to that question is yes. And so, today, the company is announcing the Alpha release of Cloud Dataproc for Kubernetes (K8s Dataproc), allowing Spark to run directly on Google Kubernetes Engine (GKE)-based K8s clusters. The service promises to reduce complexity, in terms of open source data components' inter-dependencies, and portability of Spark applications. That should allow data engineers, analytics experts and data scientists to run their Spark workloads in a streamlined way, with less integration and versioning hassles.

IBM/Red Hat: Fedora's Power Architecture Builds, WebSphere/WebLogic's Demise, Red Hat’s David Egts

  • Fedora Is Beginning To Spin Workstation & Live Images For POWER

    If you are running the likes of the Raptor Blackbird for a POWER open-source desktop and wanting to run Fedora on it, currently you need to use the Fedora "server" CLI installer and from there install the desired packages for a desktop. But moving forward, Fedora is beginning to spin Workstation and Live images for PPC64LE. Complementing Fedora's Power Architecture images of Fedora Everything and Fedora Server, Workstation and Live images are being assembled. This is much more convenient for those wanting an IBM POWER Linux desktop thanks to the success of the Raptor Blackbird with most Linux distributions just offering the server/CLI (non-desktop) images by default for PPC64LE.

  • Are Application Servers Dying a Slow Death?

    There has been concern for nearly five years application servers are dead. Truth be told, they are not dead, but is their usage in decline? The simple answer is yes. Over the years, it appears corporate environments have decided the "return on investment" is not there when looking at Java application servers. On the surface, one might assume that the likes of WebSphere or WebLogic might be the ones in decline due to cost. Perhaps it is just affecting the proprietary choices, while their open source based derivatives are growing or remaining steady? Appears not. Whichever Java application server you choose, all of them are in a state of decline. Whether it be proprietary options such as WebSphere or WebLogic, or open source alternatives JBoss or Tomcat, all are in decline based on employment listings we review. However, they are not declining at the same pace. From our collection of data, WebSphere and WebLogic's decline has been more muted. The rate of reduction for each of these application servers is in the neighborhood of 25-35% over the last couple years. At the same time, the likes of JBoss and Tomcat have declined around 40-45%. Not a drastic difference, but one that still is notable.

  • Red Hat’s David Egts: Commercial Open Source Software to Drive Federal IT Modernization

    David Egts, chief technologist for Red Hat’s (NYSE: RHT) North American public sector division, advises federal agencies to adopt commercial open source software to help advance their information technology modernization efforts, GovCon Wire reported Aug. 23. He said Aug. 22 in an FCW thought piece that agencies should seek software vendors that are well-versed in open source technology as well as government security certifications in order to successfully modernize federal IT processes.

GNOME and gestures, Part 2: HdyLeaflet

A folded HdyLeaflet, just like GtkStack, shows one of its children at any given moment, even during child transitions. The second visible child during transitions is just a screenshot. But which child is “real” and which is a screenshot? Turns out the real child is the destination one, meaning the widget switches its visible child when the animation starts. It isn’t a problem if the animation is quick and time-based, but becomes very noticeable with a gesture. Additionally, it means that starting and cancelling a gesture switches the visible child two time. One solution would be only switching the visible child at the end of the animation (or not at all if it was canceled). The problem is that it’s a major behavior change: applications that listen to visible-child to know when to update the widgets, or sync the property between two leaflets will break. Another solution would be to draw both children during transitions, but it still means that visible-child changes two times if the gesture was canceled. The problem here is similar: applications wouldn’t expect the other child to still be drawn, but at least it’s just a visual breakage. And it still means that starting and canceling the gesture would mean two visible-child changes. The second solution may sound better, and yet the current WIP code uses the first one. Read more