Google Finally Begins Their Open-Source Dance Around Linux User-Space Threading Way back in 2013 there was a presentation at the Linux Plumbers Conference around Google's work on user-level threads and how they were working on new kernel functionality for using regular threads in a cooperative fashion and building various features off that. Fast forward to today, that functionality has been in use internally at Google for a range of services for latency-sensitive services and greater control over user-space scheduling while now finally in 2020 they are working towards open-sourcing that work. [...] While FUTEX_SWAP could be honored for the Linux 5.9 cycle, this is just the start and will likely be a few more cycles before all of this Google work is finally open-source and mainlined.

Operations restrictions for io_uring The io_uring subsystem is not much over one year old, having been merged for the 5.1 kernel in May 2019. It was initially added as a better way to perform asynchronous I/O from user space; over time it has gained numerous features and support for functionality beyond just moving bits around. What it has not yet gained is any sort of security mechanism beyond what the kernel already provides for the underlying system calls. That may be about to change, though, as the result of this patch set from Stefano Garzarella adding a set of user-configurable restrictions to io_uring. As one might expect from its name, io_uring is based around a ring buffer shared between the kernel and user space that allows user space to submit operations to the kernel. There is a second ring that is filled with the results of those operations. Each operation can be thought of as a way of expressing a system call; operations may read or write buffers, open files, send network messages, or request any of a number of other actions. Operations can be made contingent on the successful completion of previous operations. In short, the operation stream feeding into the kernel is a sort of language expressing a program that the kernel should execute asynchronously. Operations executed by io_uring result in calls to the code within the kernel that implements the corresponding system calls; an IORING_OP_READV operation, for example, ends up in the same place as a readv() system call. That code will perform the usual privilege checks, using the credentials of the process that created the ring in the first place. So, in the absence of bugs, a process can do nothing with io_uring that it would not be allowed to do with direct system calls — with the exception that seccomp() filters do not apply to io_uring. This model has worked well for io_uring so far, but it turns out that there is a use case that could use a bit more control. In particular, what happens if a process wants to create a ring and hand it over to another, less-trusted process? For example, I/O from within virtualized guests could perhaps be accelerated considerably if it used io_uring. This I/O, which often goes through the Virtio mechanism now, involves a certain amount of data copying and context shifting that could be avoided this way. The hypervisor could create whatever file descriptors the client would need, which would correspond to specific devices or open network connections, then let the guest handle things directly through the ring from there. The problem with this idea is that the guest could then perform any operation that io_uring supports. Remember that the ring retains the credentials of the creator, which would be the hypervisor in this case; giving such a ring to a client would open the door to actions like accessing other file descriptors opened by the hypervisor or opening new files with the hypervisor's credentials. This is likely to prove extremely disappointing to anybody counting on virtualization as a security barrier.

RenderDoc 1.9 Released - The Open-Source Graphics Debugging Tool Gets Even Better RenderDoc as the open-source, cross-platform, cross graphics API debugger tool for profiling and analyzing issues across Vulkan / Direct3D / OpenGL / GLES continues getting even better with its advanced tool set. RenderDoc 1.9 was released on Wednesday and comes with support for pixel history and shader debugging along with various other enhancements and fixes. The Vulkan shader debugging with RenderDoc 1.9 covers SPIR-V shaders at vertex, fragment and compute shader stages. Meanwhile Google engineers contributed support for RenderDoc's Vulkan support to fetch pixel history.

LLVMpipe Gallium3D Driver Now Exposes OpenGL 4.3 It was just at the start of July that the LLVMpipe software driver gained OpenGL 4.0 support at long last. Days after that milestone OpenGL 4.2 support was reached for this driver that offers OpenGL acceleration atop CPUs either for fallback purposes or a vendor-neutral debug path. Now just days before the Mesa 20.2 branching, OpenGL 4.3 support has been cleared! With Mesa 20.2 coming out around the end of August, that now takes this Gallium3D software rasterizer from OpenGL 3.3 to OpenGL 4.3 (or possibly even GL 4.4)! Red Hat's David Airlie who has been leading the charge on LLVMpipe added the remaining bits today for being able to expose OpenGL 4.3 with LLVMpipe. Those bits included the OpenGL robust buffer access and also enabling OpenGL ES 3.2.

Traditionally, Linux was a reserve for developers, system administrators, and Enterprise users for hosting websites and other applications. There was a time when Linux posed a great deal of complexity to beginners and simply discouraged them from embracing it. Over time, the vibrant Open source community has made enormous efforts in bringing Linux closer to the ordinary Windows and mac users by making it more user-friendly and easy to use. Read Also: Top Linux Distributions To Look Forward To In 2020 This guide covers the best Linux distributions for beginners in 2020.

In response to these problems, members of the LibreOffice community have been working on a five-year marketing plan, the core of which can be seen in the slides linked above. The intent is to create differentiated versions of LibreOffice while avoiding open-core or proprietary business models. Part of that involves getting a better handle on the LibreOffice brand. The plan starts by creating the concept of the "LibreOffice Engine", which is a term to describe the core LibreOffice code. It is meant to be a way to enable products selling under their own brand to associate themselves with LibreOffice while maintaining their own identity. "LibreOffice Engine" is described in the plan as a sort of equivalent to the highly successful "Intel Inside" branding effort. Presumably this term would be trademarked by the Document Foundation; the plan does not get into what constraints would be put on who could use the trademark (and how). Then, there is the Personal Edition, which would be "forever free" and only available from the Document Foundation. This release would be tagged, according to the plan, "volunteer supported, not suggested for production environments or strategic documents". The alternative would be "LibreOffice Enterprise", which would only be available from "ecosystem members". This version would come with commercial support and a corresponding price tag. LibreOffice Online seems to be a place where a lot of tension resides, perhaps unsurprisingly, since that is where the bulk of the money is being made with LibreOffice now. Companies would like to keep parts of LibreOffice Online to themselves, but that threatens to disrupt the volunteer part of the development community. The plan involves the same split between "personal" and "enterprise" offerings, but adds a little note: "There will be an X month gap between the release of the two versions: LibreOffice Online Enterprise and LibreOffice Online Personal". The hope is that this plan will give the true "ecosystem members" something attractive to sell and, to an extent, free them from the difficult challenge of competing with the free LibreOffice offering. It is, in many ways, reminiscent of the path Red Hat took years ago to differentiate its Enterprise Linux offering, complete with insinuations that the free version might not be fully trustworthy. That approach has clearly worked well for Red Hat; it would be hard to argue that it has not worked well for the wider Linux community too. Free software is an inherently challenging base upon which to try to build a company. Many in the free-software community are happily indifferent to the fate of companies working with the code, but without successful companies we would not have much of the code that we depend on every day. As Meeks pointed out, LibreOffice without companies would look a lot like the cobweb-strewn OpenOffice project; it is hard to see that as a win for anybody. So one can only wish LibreOffice and the Document Foundation luck as they seek a way to solve this problem while remaining true to the free-software principles that sparked the project's launch in the first place. Ten years of LibreOffice is nowhere near enough.