Language Selection

English French German Italian Portuguese Spanish

Linux Foundation, Linux Kernel, FUD, and LWN Articles (Paywall Lapsed Today)

Filed under
  • EdgeX Foundry Hits Major Milestone with 5 Million+ Container Downloads and a New Release that Simplifies Deployment for AI, Data Analytics and Digital Transformation

    EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for IoT edge computing independent of connectivity protocol, hardware, operating system, applications or cloud, today announced a major milestone of hitting 5 million container downloads and the availability of its “Geneva” release. This release offers more robust security, optimized analytics, and secure connectivity for multiple devices.

    “EdgeX Foundry is committed to developing an open IoT platform for edge-related applications and shows no signs of slowing down the momentum,” said Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation. “As one of the Stage 3 projects under LF Edge, EdgeX Foundry is a clear example of how member collaboration and diversity are the keys to creating an interoperable open source framework across IoT, Enterprise, Cloud and Telco Edge.”

  • Check Point fixes a 20-year-old Linux security issue

    For around two decades now, hackers have exploited the design of the memory management system used by Linux programs in order to take control of a target's computer.

    Now though researchers at Check Point have introduced a new security mechanism for Linux users called 'safe-linking' which means attackers will need more than one vulnerability in order to take over the program.

  • Check Point released an open-source fix for common Linux memory corruption security hole
  • Intel Volleys New Sandy Bridge CPU Microcode

    For reasons currently unknown, Intel released new CPU microcode on Wednesday for their Sandy Bridge processors.

    Intel released the 20200520 CPU Microcode Update and it only consists of Sandy Bridge family updates. This is a bit strange with Sandy Bridge being nine years old and other Intel CPU families not seeing similar microcode updates this week.

  • Intel Sends Out Patches Bringing Up The "DG1" Graphics Card Under Linux

    For months now Intel's open-source driver developers have been working on the "Gen12" graphics support needed most notably for Tiger Lake and more recently is also confirmed for Rocket Lake. But Gen12 is also needed for the highly anticipated Xe Graphics with the discrete graphics offerings to come in the months ahead by Intel. Building off the existing Gen12 graphics driver code, Intel today published the first DG1 patches for enabling their first discrete graphics card under Linux.

  • Completing and merging core scheduling

    Core scheduling is a proposed modification to the kernel's CPU scheduler that allows system administrators to control which processes can be running simultaneously on the same processor core. It was originally proposed as a security mechanism, but other use cases have shown up over time as well. At the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), a group of some 50 developers gathered online to discuss the current state of the core-scheduling patches and what is needed to get them into the mainline kernel.


    One open area, Pillai said, was in the area of load balancing, which doesn't currently work well with core scheduling. This could perhaps be improved by selecting a single run queue to hold the shared information needed for core scheduling. When a scheduling event happens, the highest-priority task would be chosen as usual. Then any sibling processors can be populated with matching tasks from across the system, should any exist.

    Core scheduling currently uses CPU control groups for grouping; there is a cpu.tag field that can be set to assign a "cookie" identifying the scheduling group a task belongs to. This was done for a quick and easy implementation, he said, and need not be how things will work in the end. There is a red-black tree in each run queue, ordered by cookie value, that is used to select tasks for sibling processors.

    The patch series is up to version 5, which includes some load-balancing improvements. Earlier versions did not understand load balancing at all, so if a task was migrated to a CPU running (incompatible) tagged tasks, it could end up being starved for CPU time. A sixth revision is coming soon, he said.

    One challenge that has to be dealt with is comparing the priority of tasks across siblings. Within a run queue, a task's vruntime value is used to determine whether it should run next. This value is a sort of virtual run time, indicating how much CPU time the task has received relative to others (though it is scaled by the process priority and adjusted in various other ways), but this value is specific to each run queue. A vruntime in one run queue cannot be directly compared to a vruntime in another queue.

  • O_MAYEXEC — explicitly opening files for execution

    Normally, when a kernel developer shows up with a proposed option that doesn't do anything, a skeptical response can be expected. But there are exceptions. Mickaël Salaün is proposing the addition of a new flag (O_MAYEXEC) for the openat2() system call that, by default, will change nothing. But it does open a path toward tighter security in some situations.

    Executing a file on a Unix-like system requires that said file have an applicable execute-permission bit set. The file must also not reside on a filesystem that has been mounted with the noexec option. These checks can prevent the execution of unwanted code on a tightly controlled system, but there is a significant hole in this protection: interpreters that will happily read and execute code found in a file. If a file contains Perl code, for example, it cannot be executed by typing its name if it fails either of the above two tests. If an attacker is able to pass that file as a parameter to a perl -e command, though, its contents will still be executed.

    The new O_MAYEXEC flag is a way for language interpreters (or other programs, such as dynamic linkers, that execute code) to indicate to the kernel that a file is being opened with the intent of executing its contents. This flag is totally ignored by open() which, because it never checked for invalid flags, is difficult to extend in general. The newer openat2() system call, instead, does fail when unknown flags are passed to it; it has been extended to recognize O_MAYEXEC. But, by default, nothing will change if that flag is present.

  • Blocking userfaultfd() kernel-fault handling

    The userfaultfd() system call is a bit of a strange beast; it allows user space to take responsibility for the handling of page faults, which is normally a quintessential kernel task. It is thus perhaps not surprising that it has turned out to have some utility for those who would attack the kernel's security as well. A recent patch set from Daniel Colascione is small, but it makes a significant change that can help block at least one sort of attack using userfaultfd().
    A call to userfaultfd() returns a file descriptor that can be used for control over memory management. By making a set of ioctl() calls, a user-space process can take responsibility for handling page faults in specific ranges of its address space. Thereafter, a page fault within that range will generate an event that can be read from the file descriptor; the process can read the event and take whatever action is necessary to resolve the fault. It should then write a response describing that resolution to the same file descriptor, after which the faulting code will resume execution.

    This facility is normally intended to be used within a multi-threaded process, where one thread takes on the fault-handling task. There are a number of use cases for userfaultfd(); one of the original cases was handling live migration of a process from one machine to another. The process can be moved and restarted on the new system while leaving most of its memory behind; the pages it needs immediately can then be demand-faulted across the net, driven by userfaultfd() events. The result is less downtime while the process is being moved.

    Since the kernel waits for a response from the user-space handler to resolve a fault, page faults can cause an indefinite delay in the execution of the affected process. That is always the case, of course; for example, a process generating a fault on memory backed by a file somewhere else on the network will come to an immediate halt for an unknown period of time. There is a difference with userfaultfd(), though: the time it takes to resolve the fault is under the process's direct control.

  • Private loop devices with loopfs

    A loop device is a kernel abstraction that allows a file to be presented as if it were a physical block device. The typical use for a loop device is to mount a filesystem image stored in a file. Loop devices are global and shared between users, which causes a number of problems for container workloads where the instances are expected to be isolated from each other. Christian Brauner has been working on this problem; he has posted a patch set solving it by adding a small virtual filesystem called loopfs.

    Loop devices typically appear under /dev with names like /dev/loopN. The special /dev/loop-control file can be used to create and destroy loop devices or to find the first available loop device. Associating a file with a specific device, or setting other parameters like offsets or block sizes, is done with ioctl() calls on the device itself. The loop(4) man page has the details on how it all works.

EdgeX Foundry Hits 5 Million+ Container Downloads

  • EdgeX Foundry Hits 5 Million+ Container Downloads

    EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation, has announced a major milestone of hitting 5 million container downloads and the availability of its “Geneva” release.


    Keith Steele, EdgeX Foundry Chair of the Technical Steering Committee, added: “With at least 50% of data being stored, processed and analyzed at the edge we need an open, cloud-native edge ecosystem enabled by EdgeX to minimize reinvention and facilitate building and deploying distributed, interoperable applications from the edge to the cloud. In 3 short years, EdgeX has achieved incredible global momentum and is now being designed into IOT systems and product roadmaps.”

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Programming Leftovers

  • This Week in Rust 340
  • Simplify data visualization in Python with Plotly

    Plotly is a plotting ecosystem that allows you to make plots in Python, as well as JavaScript and R. In this series of articles, I'm focusing on plotting with Python libraries.

  • Perl Hacks, Perl School, and the future of Perl publishing

    Dave Cross, long-time Perl user, trainer, and author, recently released The Best of Perl Hacks, a curated collection of his best posts from his Perl Hacks blog. His imprint, Perl School, has published six e-books, including two that I wrote. There’s an unrelated book, Perl Hacks: Tips & Tools For Programming, Debugging, And Surviving, by chromatic, Damian Conway, and Curtis “Ovid” Poe. It’s also very good, but completely separate from Dave’s.

  • Qt for Automation changed to Qt M2M Protocols

    Qt M2M Protocols is now automatically included for free to every new Qt Device Creation subscription. The additional distribution license price has been removed as well. Qt Application Development license holders can buy Qt M2M Protocols separately.

  • Using Visual Studio Code for Qt Applications – Part Two

    In the last blog post we saw an essential, C++ oriented, Visual Studio Code setup. That was enough to get going right away, but we can still definitely do more and better. Here I’ll show you how to get a complete setup for your qmake and CMake projects, all this while also wearing a Qt hat (on top of my C++ hat) and having a deeper look at the Qt side. Build qmake Qt projects Qmake is not integrated with Visual Studio Code the way CMake is, so setting up a qmake project for build is slightly more convoluted than doing the same with CMake. This means we’ll have to define our own build tasks. We’re going to do this in two stages: build steps definition and build steps combination, leveraging the fact that Visual Studio Code implements task dependencies and ordered sequential execution of dependencies.

  • Where Did Software Go Wrong?

    Computers were supposed to be “a bicycle for our minds”, machines that operated faster than the speed of thought. And if the computer was a bicycle for the mind, then the plural form of computer, Internet, was a “new home of Mind.” The Internet was a fantastic assemblage of all the world’s knowledge, and it was a bastion of freedom that would make time, space, and geopolitics irrelevant. Ignorance, authoritarianism, and scarcity would be relics of the meatspace past.

    Things didn’t quite turn out that way. The magic disappeared and our optimism has since faded. Our websites are slow and insecure; our startups are creepy and unprofitable; our president Tweets hate speech; we don’t trust our social media apps, webcams, or voting machines. And in the era of coronavirus quarantining, we’re realizing just how inadequate the Internet turned out to be as a home of Mind. Where did it all go wrong?

  • good idea bad implementation crosstalk

    Unfortunately products like the latter seem quite common. Most things in my house are still rather dumb because regrettably few products are actually the same thing, but smarter. Instead smart devices are inevitably some inscrutable machine intelligence physically manifested in my house. So no thanks. Battle lines drawn, everybody pick a side, good idea or bad implementation, and fight!

Android Leftovers

Ryzen 9 3900X/3950X vs. Core i9 10900K In 380+ Benchmarks

Following our initial Core i5 10600K and Core i9 10900K Linux benchmarks last week, here is a much larger comparison I have been working on since then in looking specifically at the Ryzen 9 3900X and 3950X against the Core i9 10900K. It's the largest to date with nearly 400 benchmarks being tested, most of them real-world test cases. The past number of days I have been running this Core i9 10900K vs. Ryzen 9 3900X vs. Ryzen 9 3950X comparison with 381 benchmarks out of 138 distinct applications/workloads on both systems. With this round of benchmarking the Gigabyte Z490 AORUS MASTER and ASUS ROG CROSSHAIR VIII HERO were at play with 2 x 8GB DDR4-3600 Corsair memory, Samsung 970 EVO NVMe SSD, and Radeon RX 5700 XT graphics. Benchmarking was run off Ubuntu 20.04 LTS while upgrading to the Linux 5.7 Git kernel for the very latest kernel bits. All other Ubuntu 20.04 packages were at their respective defaults. Read more

Compact 8K video encoder runs Linux on Kaby Lake

Advantech has launched a “VEGA-8300E 8K Broadcast Video Encoder” and streaming appliance for 8Kp60, 10-bit 4:2:2 HEVC real-time encoding. The system runs Ubuntu on a 7th Gen Kaby Lake CPU and offers 2x hot-swappable SATA bays. We realize that most of you are not in the market for an 8K video encoder, but we occasionally like to check in on the high-end video world where Linux is steadily making inroads. Normally Advantech’s VEGA-8300E 8K Broadcast Video Encoder would have been showcased at the NAB Show, which has been cancelled due to the pandemic. (Some NAB content is available on the online NAB Show Express.) We heard about the VEGA-8300E from an Advantech announcement on Businesswire that revealed the product has won a 2020 Best of Show Special Edition Award presented by TV Technology. Read more