Language Selection

English French German Italian Portuguese Spanish

Graphics: Alpha of Wayland's Weston 9.0, Emulating Input Devices In Wayland, Raspberry Pi 4 "V3DV" Vulkan Driver and X.Org/X11 Security

Filed under
Graphics/Benchmarks

  • weston 8.0.91
    This is the alpha release for Weston 9.0.0. This release cycle has been
    pretty quiet, with just a few new features:
    
    
    
    
    - A new kiosk shell allows to display regular desktop apps in an
      always-fullscreen mode
    - Improved testing infrastructure: the test harness has been
      redesigned, DRM tests are now supported, DRM and OpenGL tests are now
      enabled in our CI
    - DRM panel orientation property support
    
    
    
    
    As always, a number of bug fixes are included as well.
    
    
    
    
    Thanks to all contributors!
    
    
    
    
    Full commit history below.
    
  •        

  • Wayland's Weston 9.0 Reaches Alpha

    Weston 9.0 release preparations are getting underway. At least compared to the original Weston 9.0 release plans, this Wayland compositor is running about a month behind those plans but in any case the release is now making its way to reality. 

    On Thursday shortly after the Weston kiosk/full-screen shell was merged, Weston 9.0 Alpha was tagged in getting the release process moving forward. Simor Ser is again serving as release manager. 

  • RFC: libei - emulated input in Wayland compositors
    I've been working on a new approach for allowing emulated input devices in
    Wayland. Or in short - how can we make xdotool and synergy work? And
    eventually replace them.
    
    
    
    
    The proposal I have is a library for Emulated Input, in short libei.
      https://gitlab.freedesktop.org/whot/libei/
    
    
    
    
    libei has two parts, the client side (libei) for applications and
    a server side (libeis) for the compositor. The two libraries communicate
    with each other (how? doesn't matter, it's an implementation detail) to
    negotiate input devices.
    
    
    
    
    The process is roughly:
    - the libei client connects and says "I am org.freedesktop.SomeApplication
      and I want a pointer and a keyboard device"
    - the libeis server says "ok, you can have a pointer device and a keyboard
      device"
    - the libei client says 'move the pointer by 1/1', etc. and the server does
      just that. or not, depending on context.
    
    
    
    
    There are more details, see the README in the repo and the libei.h and
    libeis.h header files that describe the API.
    
    
    
    
    The sticking point here is: emulated input comes via a separate channel.
    The server a) knows it's emulated input, b) knows who it is coming from and
    c) has complete control over the input.
    
    
    
    
    a) is interesting because you can differ between the events internally. The
    API right now is very similar to libinput's events so integrating it into a
    compositor should be trivial.
    
    
    
    
    b) is somewhat handwavy if an application runs outside a sandbox - any
    information will be unreliable. Flatpak gives you an app-id though and
    with that we can (eventually) do things like storing the allow/deny
    decisions of the user in the portal implementation.
    
    
    
    
    c) allows you to e.g. suspend the client when convenient or just ignore
    certain sequences altogether. The two made-up examples are: suspend EI
    during a password prompt, or allow EI from the software yubikey *only*
    during a password prompt.
    
    
    
    
    Now, the next question is: how do they *start* talking to each other?
    libei provides multiple backends for the initial connection negotiation. My
    goal is to have this work with flatpak portals so an application running
    within the sandbox can be restricted accordingly. Alternatives to this could
    be public DBus interfaces, simple fd passing or (as is implemented right
    now) a named unix socket.
    
    
    
    
    The aim is that a client can simply iterate through all of the options until
    finds a connection. Once that's found, the actual code for emulating input is
    always the same so it's trivial to implement a client that works on any
    compositor that supports some backend of libeis.
    The server part only needs to care about the negotiation mechanisms it
    allows, i.e. GNOME will only have dbus/portal, sway will only have... dunno,
    fd exchange maybe?
    
    
    
    
    Next: because we have a separate channel for emulated input we can hook up
    XTEST to use libei to talk to a compositor. I have a PoC implementation for
    weston and Xwayland:
      https://gitlab.freedesktop.org/whot/weston/-/commits/wip/eis
      https://gitlab.freedesktop.org/whot/xserver/-/commits/wip/xwayland-eis
    With that xdotool can move the pointer. Note this is truly the most minimal
    code just to illustrate the point but you can fill in the blanks and do
    things like the compositor preventing XTEST or not, etc.
    
    
    
    
    This is all in very early stages with very little error checking so things
    will probably crash or disconnect unexpectedly. I've tried to document the
    API to make the intentions clear but there are still some very handwavy
    bits.
    
    
    
    
    Do let me know if you have any questions or suggestions please though.
    
    
    
    
    Cheers,
      Peter
    
    
    
    
    
  • LIBEI Yields New Effort For Emulating Input Devices In Wayland

    Red Hat's input expert Peter Hutterer has started writing another library to help the Linux input ecosystem: LIBEI. This new library is focused on offering emulated input device support for Wayland in order to support use-cases like xdotool for automating input events. 

    The LIBEI library is working to support emulated input use-cases on Wayland to offer functionality akin to X11's xdotool automation software or the Synergy software for sharing keyboard/mouse setups between systems. LIBEI consists of a client library for applications and then a server-side library (LIBEIS) for the Wayland compositor integration. These two libraries communicate with each other for negotiating the emulated input events.

  • Alejandro Piñeiro: v3dv status update 2020-07-31

    Pipeline cache objects allow the result of pipeline construction to be reused. Usually (and specifically on our implementation) that means caching compiled shaders. Reuse can be achieved between pipelines creation during the same application run by passing the same pipeline cache object when creating multiple pipelines. Reuse across runs of an application is achieved by retrieving pipeline cache contents in one run of an application, saving the contents, and using them to preinitialize a pipeline cache on a subsequent run.

    Note that it can happens that a pipeline cache would not improve the performance of an application once that it starts to render. This is because application developers are encourage to create all the pipelines in advance, to avoid any hiccup during rendering. On that situation pipeline cache would help to reduce load times. In any case, that is not always avoidable. In that case the pipeline cache would allow to reduce the hiccup, as a cache hit is far faster than a shader recompilation.

    One specific detail about our implementation is that internally we keep a default pipeline cache, used if the user doesn’t provide a pipeline cache when creating a pipeline, and also to cache the custom shaders we use for internal operations. This allowed to simplify our code, discarding some custom caches that had alread implemented.

  • Raspberry Pi 4 "V3DV" Vulkan Driver Begins Tackling MSAA, Other Improvements

    This month the Raspberry Pi Foundation funded "V3DV" open-source Vulkan driver for the Raspberry Pi 4 began being able to run vkQuake. In ending out July, the developers at consulting firm Igalia who are working on this driver for the Raspberry Pi Foundation shared some of their latest driver activity. 

  •         

  • X.Org's Latest Security Woes Are Bugs In LibX11, Xserver

    The X.Org/X11 Server has been hit by many security vulnerabilities over the past decade as security researchers eye more open-source software. Some of these vulnerabilities date back to even the 80's and 90's given how X11 has built up over time. The X.Org Server security was previously characterized as being even worse than it looks while today the latest vulnerabilities have been made public. 

    CVE-2020-14344 is now public and covers multiple integer overflows and signed/unsigned comparison issues within the X Input Method implementation in the libX11 library. These issues can lead to heap corruption when handling malformed messages from an input method. 

More on the X.Org Issue

  • X.org security fixes address potential ASLR bypass, heap corruption

    The X.Org project has announced two security advisories that impact Xserver and libX11. The first advisory for X server is regarding uninitialized memory in AllocatePixmap() that could lead to address space layout randomization bypass. The second, impacting libX11, is a heap corruption caused by integer overflows and signed/unsigned comparisons.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

KDE Frameworks 5.73 Released with Many Changes to Breeze Icons, Kirigami and KNewStuff

KDE Frameworks 5.73 is a monthly update to the open-source software suite, but it packs a lot of interesting changes. For example, the Kirigami UI builder received a new FlexColumn component and now supports action visibility in the GlobalDrawer, along with optimizations to the mobile layout and to the accessibility of the Kirigami input fields. The Breeze icon theme saw a lot of changes too during the development cycle of KDE Frameworks 5.73, and it now comes with a bunch of new icons for Kontrast, kirigami-gallery, snap-angle, document-replace, SMART status, task-recurring, appointment-recurring, Overwrite action/button, and applications/pkcs12 mime type. Read more

Redo Rescue Backup and Recovery Live System Gets NFS Share Support, SSH Server

For those not in the know, Redo Rescue is a great, free and easy to use live Linux system based on Debian GNU/Linux that can help you whenever your computer is broken by letting you backup and restore an entire system in just a few minutes. For example, if your computer no longer boots after installing the recent BootHole patches for the GRUB2 bootloader, you can use Redo Rescue to repair the boot. Of course, there are a few other tools that can do the same, but Redo Rescue can also do bare metal restores by replacing the MBR and partition table, re-map original data to a different target partition and even verify the integrity of an existing backup image. Read more

Pocket P.C. design files released as open source (handheld Linux computer)

The Popcorn Computers Pocket P.C. is designed to be a handheld Linux computer with a 4.95 inch full HD display, a built-in keyboard, and a ARM Cortex-A53 quad-core processor. First unveiled in November 2019, the Pocket P.C. hasn’t shipped yet. It’s still up for pre-order for $199 and up. But the developers have already open sourced the hardware by releasing the latest design files. You can find the at the project’s GitHub page. Read more

today's leftovers

  • Linux Plumbers Conference: Toolchain Microconference Accepted into 2020 Linux Plumbers Conference

    We are pleased to announce that the Toolchain Microconference has been accepted into the 2020 Linux Plumbers Conference! The GNU toolchain has direct impact on the development of the Linux kernel and it is imperative that the developers of both ecosystems have an understanding of each other’s needs. Linux Plumbers is the perfect venue for the two communities to interact, and the GNU Toolchain microconference’s purpose is to facilitate that happening. Last year’s meetup at Linux Plumbers proved that it is critical that the two communities communicate with each other. As a result of last year’s microconference, the GNU toolchain has completed adding support for BPF, in a more flexible and usable way and system call wrappers in glibc were improved. There have been security features derived from the discussions, such as zeroing of registers when entering a function and implicit initialization of atomics.

  • Noodlings | Hardware is for the Terminal

    18 is such an adult number. Perhaps I am truly becoming a grown up podcast here. [...] This is another gift to future me from present me. I made the mistake of not properly writing this down before so I had to search for the answer. The problem is, sometimes, it seems as though Plasma is not shutting off my external screens consistently. I can’t say why but I have a suspicion that it is due to a specific communication application as I can almost guarantee that it is preventing my screens from turning off. I don’t have definitive proof of this so I am not going to put it in writing.

  • IWB (the man who brought GNU/Linux to IBM): Are We Becoming a Decadent, Stagnating Society?

    Earlier this year I read a very interesting essay, “The Age of Decadence”, by NY Times columnist Ross Douthat. The essay is adapted from his recently published book The Decadent Society - How We Became the Victims of Our Own Success. This long essay covers a lot of ground, from technology and innovation to politics and religion. The essay was published in early February, before Covid-19 spread across the US. I’ll discuss the original essay, but I do wonder how it would have been modified to reflect the impact of the pandemic. “The real story of the West in the 21st century is one of stalemate and stagnation,” wrote Douthat. “Everyone knows that we live in a time of constant acceleration, of vertiginous change, of transformation or looming disaster everywhere you look. Partisans are girding for civil war, robots are coming for our jobs, and the news feels like a multicar pileup every time you fire up Twitter. Our pessimists see crises everywhere; our optimists insist that we’re just anxious because the world is changing faster than our primitive ape-brains can process.” “But what if the feeling of acceleration is an illusion, conjured by our expectations of perpetual progress and exaggerated by the distorting filter of the internet?,” he asked. What if we really inhabit an era in which repetition is more the norm than invention; in which new developments in science and technology consistently undercover; in which we’re comfortably aging, “no longer optimistic about the future… [while] growing old unhappily together.” What if “Our civilization has entered into decadence.”

  • Matrix encrypted chat rolls out across Germany, Project ACRN's new IoT release, and more open source news

    In this week’s edition of our open source news roundup, an open source microfluidics pump, Germany rolls out an encrypted messaging platform based on Matrix, and more open source news.

  • Fedora program update: 2020-32

    Here’s your report of what has happened in Fedora this week. Nest With Fedora is happening now! Fedora 33 branch day is Tuesday.

  • Thorsten Alteholz: My Debian Activities in July 2020

    This month I accepted 434 packages and rejected 54. The overall number of packages that got accepted was 475.

  • Improvements to Merge Proposals by the Janitor

    The Debian Janitor is an automated system that commits fixes for (minor) issues in Debian packages that can be fixed by software. It gradually started proposing merges in early December. The first set of changes sent out ran lintian-brush on sid packages maintained in Git. This post is part of a series about the progress of the Janitor. Since the original post, merge proposals created by the janitor now include the debdiff between a build with and without the changes (showing the impact to the binary packages), in addition to the merge proposal diff (which shows the impact to the source package).

  • 10 Best Free Neovim GUIs

    Vim is a highly configurable, powerful, console-based, open source text editor. It’s efficient, letting users edit files with a minimum of keystrokes. Vim offers word completion, undo, shortcuts, abbreviations, keyboard customization, macros, and scripts. You can turn this into your editor for your environment. [...] To use Neovim, you can use the program in a terminal emulator. Alternatively, there’s the option of using a third party GUI designed for Neovim. Neither Vim nor Neovim were built for beauty. However, many users prefer a graphical interface combined with the power of Neo(vim). One interesting aspect of Neovim’s RPC support is that developers can create new front-ends for Neovim that are outside of the terminal. This article seems to highlight the best free and open source front-ends for Neovim. Here’s our recommendations. The vast majority of the software featured in this article is cross-platform.

  • Dirk Eddelbuettel: RVowpalWabbit 0.0.15: Some More CRAN Build Issues

    Another maintenance RVowpalWabbit package update brought us to version 0.0.15 earlier today. We attempted to fix one compilation error on Solaris, and addressed a few SAN/UBSAN issues with the gcc build. As noted before, there is a newer package rvw based on the excellent GSoC 2018 and beyond work by Ivan Pavlov (mentored by James and myself) so if you are into Vowpal Wabbit from R go check it out.

  • GSoC'20 progress : Phase II

    And just like that, the second phase of my project for Google Summer of Code is done. The evaluation results have arrived and I have passed successfully. I am thankful to my mentors for providing help and guidance throughout this project.

  • [LibreOffice] Week 9 Report

    The last week was the 9th week of coding weeks in GSoC program. I almost finished my final exams period I will start to work again with the regular rate.

  • Simulating a Turing Machine with Python and executing programs on it

    In this article, we shall implement a basic version of a Turing Machine in python and write a few simple programs to execute them on the Turing machine. This article is inspired by the edX / MITx course Paradox and Infinity and few of the programs to be executed on the (simulated) Turing machine are taken from the course. Also, some programs are from this Cambridge tutorial.

  • Congress To Consider National Right To Repair Law For First Time

    About five years ago, frustration at John Deere's draconian tractor DRM culminated in a grassroots "right to repair" movement. The company's crackdown on "unauthorized repairs" turned countless ordinary citizens into technology policy activists, after DRM and the company's EULA prohibited the lion's share of repair or modification of tractors customers thought they owned. These restrictions only worked to drive up costs for owners, who faced either paying significantly more money for "authorized" repair, or toying around with pirated firmware just to ensure the products they owned actually worked.

  • Victory! EFF Defends Public’s Right to Access Court Records About Patent Ownership

    The public’s right of access to court proceedings is well-established as a legal principle, but it needs constant defending. In part, that’s because private parties keep asking publicly-funded courts to resolve their disputes in secret. As we and others have written before, this problem is especially great in patent cases, where parties on opposite sides of a case often agree with each other to keep as much of the litigation as possible hidden from view. That deprives the public of material it has every right to see that could affect its rights to engage, like documents establishing (or undermining) a patent owner’s right to bring suit on the basis of a patent which they claim to own.

    Although this problem is pervasive, when we looked at a lawsuit filed by Uniloc—one of the most litigious patent trolls in the world—the amount of secrecy the parties agreed to was shocking. In Uniloc v. Apple, important, dispositive motion papers were filed with entire pages of text redacted, including information that could not possibly qualify as confidential, like case law citations. And what were those papers about? Whether Uniloc had the right to sue anyone, including Apple, for infringing the patents in the case. Because Uniloc is a prolific patent litigant—filing more than 170 patent infringement lawsuits in 2018 alone—questions about its right to sue have powerful ramifications on the public, including makers and users of a wide array of technology products.

  • The US declared war on TikTok because it can’t handle the truth

    TikTok does gather a lot of personal data, but it’s no more than what Facebook and other social networks also gather. The difference between TikTok and Facebook is that we have a great deal of transparency into the process by which Facebook gives your information to various governments. And specifically, Facebook does not release data to the Chinese government.

  • Trump’s WeChat ban could touch everything from Spotify to League of Legends

    Tencent is one of the largest tech companies in the world, and it’s spent the last few years buying stakes in video game studios, music companies, and social media apps. It’s bigger than ByteDance, and with significant ownership stakes in Snap, Blizzard, Spotify, and others, it’s far more embedded in the global tech industry. Yesterday’s order made those connections much more dangerous, even if they fall outside the narrow legal consequences of the order. As Tencent responds and its business partners are forced to choose sides, the consequences could be far broader than the White House realizes — and far more damaging to the average consumer.

  • Trump ban of Tencent Holdings could affect Fortnite, League of Legends and other games

    The crux of both orders lies within Section 1 (a), whose language differs only in the named company. “The following actions shall be prohibited beginning 45 days after the date of this order, to the extent permitted under applicable law: any transaction that is related to WeChat by any person, or with respect to any property, subject to the jurisdiction of the United States, with Tencent Holdings Ltd. (a.k.a. Téngxùn Kònggǔ Yǒuxiàn Gōngsī), Shenzhen, China, or any subsidiary of that entity, as identified by the Secretary of Commerce (Secretary) under section 1(c) of this order.”

    In the case of Tencent, that would mean customers in the United States would be banned from engaging with Tencent-owned games or subsidiaries. What's not clear is whether those users would also be prohibited from engaging with companies in which Tencent has an interest.

  • TikTok and WeChat: Chinese apps dogged by security fears

    Tencent surpassed Facebook's net worth after it became the first Asian firm to be valued at more than $500 billion in 2017.

    The Hong Kong-listed company now has a market capitalisation of HK$5.32 trillion ($686 billion), compared with Facebook's $756 billion.

  • Have I Been Pwned Set to Go Open-Source

    “I need to choose the right parts of the project to open up in the right way at the right time,” he said. “The transition from completely closed to completely open will happen incrementally, bit-by-bit and in a fashion that’s both manageable and responsible.”

    He added, “I want to get to a point where everything possible is open. I want the infrastructure configuration to be open too and I want the whole thing to be self-sustaining by the community.”