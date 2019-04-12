Linux not Windows: Why Munich is shifting back from Microsoft to open source – again

A number of smaller German towns and municipalities – Leonberg in the state of Baden-Württemberg and Treuchtlingen in Bavaria are notable examples – have also forged ahead in this area although admittedly it's easier to migrate 40 desktops than around 15,000, as Munich did. Sander notes that at their party conference in November last year, even Angela Merkel's normally conservative Christian Democratic (CDU) party set their sights on free software. For future digital projects, "procurement and support will be bound by the principles of open source and open standards. Publicly financed software should serve all citizens," the party's statement said, echoing the Free Software Foundation's own campaign. Of course, that's only a statement of political intent, the Foundation's Sander notes. But if the CDU remains in power, that could eventually become the official position of the whole German government. One current ministry, the Federal Ministry of the Interior, has already taken a similar line. It commissioned consultancy PwC to look into how Germany could achieve more digital sovereignty and become less dependent on vendors like Microsoft. One of the August 2019 study's recommendations was investing in more open-source software. While outlining various challenges, the analysts also said, "Ultimately, this option may conceivably lead to permanent independence from major vendors." It's worth noting that the politician in charge of that ministry is Horst Seehofer, a member of the same political party, the conservative Christian Social Union, as the former deputy mayor of Munich is, who is often perceived as one of the prime movers against the LiMux project there. So far, it's more words than deeds, the Fraunhofer Institute's Thapa concedes. As yet, none of the big players appears to have lost significant business to the free software movement in Germany. But it seems likely that commercial vendors will have a tougher time here in the near future. "I find it very exciting that Munich is back," Thapa concludes. "The door of opportunity is open again and maybe this time they will go all the way through."

LWN Kernel Articles: Popcorn, Authenticated Btrfs and XFS

Popcorn Linux pops up on linux-kernel The end of April saw the posting of a complex patch set called "Popcorn Linux distributed thread execution". It is the first appearance on the kernel mailing lists of an academic project (naturally called Popcorn Linux) that has been underway since 2013 or so. This project has, among other goals, the objective of turning a tightly networked set of computers into something that looks like a single system — a sort of NUMA machine with even larger than usual inter-node costs. The posted code, which is a portion of the larger project, is focused on process migration and memory sharing across machines. It is an interesting proof of concept, but one should not expect to see it merged in anything close to its current form. Each node in a Popcorn system is a separate Linux host sitting on the network. Popcorn itself is started by loading a kernel module that is charged with connecting the larger system together. The module reads a list of IP addresses (IPv4 only) directly from a file (/etc/popcorn/nodes by default). Each machine will make a TCP connection to every node listed ahead of itself in this file, then wait for an incoming connection from every node listed afterward. Thereafter, each node is known by an integer ID which is simply its position in the nodes file. There is a hard-coded maximum of 62 nodes. No sort of authentication is done for incoming node connections, which might seem like a bit of a security issue; indeed, the patch set warns against running Popcorn on machines connected to the Internet. There does not seem to be any provision for nodes going up or down or being absent entirely. Comments in the patch set say that the TCP-based communication system "is intended for Popcorn testing and development purposes only", suggesting that, someday, somebody will get around to implementing something better.

Authenticated Btrfs Developers who are concerned about system integrity often put a fair amount of effort into ensuring that data stored on disk cannot be tampered with without being detected. Technologies like dm-verity and fs-verity are attempts to solve this problem, as is the recently covered integrity policy enforcement security module. More Recently, Johannes Thumshirn has posted a patch series adding filesystem-level authentication to Btrfs; it promises to provide integrity with a surprisingly small amount of code. Integrity-verification code at the filesystem or storage level generally works by calculating (and storing) checksums of each block of data. When it comes time to read that data, the checksum is calculated anew and compared to the stored value; if the two match, one can be confident that the data has not been modified (or corrupted by the hardware) since the checksum was calculated. If there is reason to believe that the stored checksum is what the creator of the data intended, then the data, too, should be as intended. Solutions like dm-verity and fs-verity work by storing checksums apart from the data; fs-verity, for example, places the checksum data in a hidden area past the end of the file. The developers of more modern filesystems, though, have generally taken the idea that storage devices are untrustworthy (if not downright malicious) to heart; as a result, they design the ability to calculate, store, and compare checksums into the filesystem from the beginning. Btrfs is one such filesystem; as can be seen from the on-disk format documentation, most structures on disk have a checksum built into them. Checksums for file data is stored in a separate tree. So much of the needed infrastructure is already there. Checksums in Btrfs, though, were primarily intended to catch corruption caused by storage hardware. The thing about hardware is that, while it can be creative indeed in finding new ways to mangle data, it's generally not clever enough to adjust checksums to match. Attackers tend to be a bit more thorough. So the fact that a block of data stored in a Btrfs filesystem matches the stored checksum does not, by itself, give much assurance that the data has not been messed with in a deliberate way. To gain that assurance, Btrfs needs to use a checksum that cannot readily be altered by an attacker. Btrfs already supports a number of checksum algorithms, but none of them have that property. So the key to adding the needed sort of authentication to Btrfs is to add another checksum algorithm with the needed assurance. Thumshirn chose to add an HMAC checksum based on SHA-256.

Atomic extent swapping for XFS Normally, files exist in a filesystem to keep data contained within them separated; seeing data exchanged directly between files is often a sign of filesystem corruption. There are, however, use cases where it is desirable to be able to perform a controlled swap of data between a pair of files. Darrick Wong has recently posted a patch set implementing this feature for the XFS filesystem, but also making it available in a general way. As it happens, XFS has had a data-swapping capability for some time: the rigorously undocumented XFS_IOC_SWAPEXT ioctl() command will exchange extents of data in two files. This feature exists for one purpose in particular: defragmentation of filesystems. The xfs_fsr utility does its job by scanning a filesystem for the most highly fragmented files — those that are split up into the largest number of extents. It then creates a new file with a single extent large enough to hold one of the fragmented files and copies the data over. The final step is an XFS_IOC_SWAPEXT operation to atomically replace the old file's data blocks with the new, defragmented version. It seems, however, that there are other interested users out there. Application developers would like a way to replace some or all of the contents of a file in an atomic and safe way — one which preferably does not leave the file corrupted if the system goes down partway through. Currently such tasks must be handled by creating a temporary file, populating it, and renaming it over the original; this works, but it is a multi-step affair that is hard to get right.

Finnix 120 released... wait, what?

That’s right: after a 5 year hiatus, Finnix — the LiveCD for system administrators and the oldest LiveCD in production — is back to celebrate its 20 year anniversary in 2020 with Finnix 120. Finnix 120 is a complete overhaul, with a number of major changes (as well as too many minor changes to enumerate).