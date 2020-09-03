Linux/Kernel Leftovers
Intel IWD 1.9 Released With New Capabilities
Intel's iNet Wireless Daemon (IWD) is out with a new feature release with this daemon continuing to see new usage and possibly on Ubuntu moving forward.
With IWD 1.9 there has been work most notably on sorting out the APIs around WiFi Display support this is around the WFD / Miracast standards. Included with IWD 1.9 is a sample/test app using GStreamer with a WiFI Display device making use of the new IWD interface.
Cache Coloring: Interference-free Real-time Virtualization
At this year’s Xen Developer and Design Summit, Stefano Stabellini from Xilinx gave a talk on Cache Coloring, a new feature for Xen that helps better support real-time workloads.
Many embedded deployments require deterministic IRQ latency, which can be difficult to pull off as even small spikes lead to failure. No matter the activity in other VMs, the latency-sensitive app has to continue unaffected.
Xen can fully dedicate physical CPUs to VMs to minimize latency and interference, however, real-time deadlines can still be missed due to the presence of a shared L2 cache across the ARM cores. One app on one CPU core can affect the performance of another app in a different VM by causing cache interference.
Rethinking fsinfo()
The proposed fsinfo() system call, which returns extended information about mounted filesystems, was first covered here just over one year ago. The form of fsinfo() has not changed much in that year, but the debate over merging it continues. To some, fsinfo() is needed to efficiently obtain information about filesystems; to others, it is an unnecessary and over-engineered mechanism. Changes will probably be necessary if this feature is ever to make it into the mainline kernel.
Linux has long supported the statfs() system call (usually seen from user space as statvfs()) as a way of obtaining information about mounted filesystems. As has happened so often, though, the designers of statfs() made a list of all the filesystem attributes they thought might be interesting and limited the call to those attributes; there is no way to extend it with new attributes. Filesystem designers, though, have stubbornly refused to stop designing new features in the decades since statfs() was set in stone, so there is now a lot of relevant information that cannot be obtained from statfs(). Such details include mount options, timestamp granularity, associated labels and UUIDs, and whether the filesystem supports features like extended attributes, access-control lists, and case-insensitive lookups.
As it happens, the kernel does make much of that information available now by way of the /proc/mounts virtual file. The problem with /proc/mounts, beyond the fact that some information is still missing, is that it is inefficient to access. Reading the contents of that file requires the kernel to query every mounted filesystem for the relevant information; on systems with a lot of mounted filesystems, that can get expensive. Systems running containerized workloads, in particular, can have vast numbers of mounts — thousands in some cases — so reading /proc/mounts can be painful indeed. For extra fun, the only way to know about newly mounted filesystems with current kernels is to poll /proc/mounts and look for new entries.
David Howells proposes to solve the polling problem with a new notification mechanism, but that mechanism, in turn, relies on fsinfo(), the 21st revision of which was posted on August 3. Howells requested that both notifications and fsinfo() be pulled during the 5.9 merge window, but that did not happen. Instead, the request resulted in yet another discussion about whether fsinfo() makes sense in its current form.
Linux 5.8 Kernel: Biggest Release In Years
"So I didn't really expect this, but 5.8 looks to be one of our biggest releases of all time," said Linux headmaster Linus Torvalds on the Linux Kernel Mailing List when he made the announcement of the Linux Kernel 5.8 rc1 on June 14, 2020.
Later in his announcement, Torvalds went on to describe just how big of a release the 5.8 kernel was, by the numbers: over 14,000 non-merge commits (over 15,000 if you count merges), 800,000 new lines of code, and over 14,000 files changed.
[...]
Closer to home, Texstar has already started working on making the new Linux kernel available to PCLinuxOS users. As of the time of the writing of this article, the new kernel is in the testing section of the PCLinuxOS repository. Most likely, it will be moved from testing to the regular repository by the time you read this.
Meanwhile, Linus Torvalds has already released Linux Kernel 5.9 (rc1) on August 16, 2020, just two weeks after releasing the 5.8 kernel to the masses. Not resting on his laurels or accomplishments, work is continuing where work on 5.8 left off.
Faster Reading From /dev/zero With Linux 5.10
Queued up in char-misc-next ahead of the Linux 5.10 cycle is a speed-up for reading from /dev/zero...
The patch adds a non-iov_iter version of reads for the /dev/zero interface. The write performance is unchanged as it already had a non-iov_iter implementation.
Short Topix: Use Secure Linux Kernels To Thwart Russian Hackers
Are you considering using a "smart lock" to secure your house, shed, gate, etc.? You might want to reconsider, according to 73 percent of 549 responding security experts. In an article published by Forbes, their answer was clear: "Get in the sea!"
The PCLinuxOS Magazine reported in the May 2020 Short Topix article about how insecure a "smart lock" was that relied on fingerprints. It has to do, mostly, with only a bare minimum of data points being employed when comparing the "unlocking" fingerprint to the one(s) stored in the device memory. So, when only checking five data points within a complex fingerprint, versus, say, comparing 10 or 20 data points, it becomes a trivial task to fool the fingerprint reader. Of course, when you increase the data points in the pattern, you make the lock more persnickety about granting access.
Locks that use fingerprints aren't the only kind that exhibit vulnerabilities. Other "smart locks" rely on wifi or Bluetooth to lock or unlock. But what happens when your network goes down? What happens in the event of a prolonged power outage? What happens when the network you depend on is a victim of malware or ransomware? What if your "smart lock" depends on a connected smartphone app to work ... and you lose your smartphone? In any/all of these cases, you are effectively locked out of your own house, shed, gate, belongings, etc. In the latter case, your smartphone in the hands of someone who may have taken it, also affords entry to areas you would prefer to keep secure.
Recently, one security expert discovered a vulnerability in a "smart lock" from U-Tec that allowed a hacker to gain access using a smartphone (which many, many people possess) and hacking the MAC address. U-Tec fixed the vulnerability as soon as they were informed, but the incident illustrates just how vulnerable a "smart lock" is.
Of course, there's the other side of the equation, too. Most "dumb locks" (that is, those using a key and tumbler approach) aren't necessarily the most secure things in the world, either. They are vulnerable to "lock bumping," where a special key is used to "bump" the tumblers in a lock into yielding and unlocking. Some locks can easily be bypassed with just an aluminum pop can and a pair of scissors. Don't believe me? Just look on YouTube, where there are TONS of videos showing and explaining the technique. And don't think that lock picks are only available to locksmiths. In less than a minute, I can find over a thousand places on the internet to buy my own set of lock picks, and where they are more than happy and willing to sell me a set.
[...]
So, see? As a PCLinuxOS user, you are most assuredly safe and secure. It's EXTREMELY unlikely that you are using a kernel that was retired over seven years ago. However, you know that in some dark, closeted server room somewhere in the world, sits a long forgotten Linux server that just happily keeps chugging along, day after day, year after year, without any updates being performed in years. Many server operators are reluctant to take a server down or offline that is performing its desired/assigned function for a kernel update. It's more of a "if it ain't broke, don't fix it" approach.
So, this "threat" represents the importance of two things for PCLinuxOS users. First, use the most recent kernel that functions with all of your hardware. Newer kernels resolve security vulnerabilities that might have gone unnoticed for quite some time (such as with DrovoRub). Second, keep your system as up-to-date as you possibly can, since many software updates close or resolve security vulnerabilities that are discovered after (sometimes long after) the release of the software. Do you still think it isn't a big deal? See here for all of the vulnerabilities discovered in the Linux Kernel.
The "takeaway" is quite simple. Keep. Your. Computer. Updated. Only by staying one (or a few) steps ahead of the hackers will you guarantee that your data and OS are safe.
Intel Sends Out Linux Patches For FPGA Security Manager
Patches were posted on Friday for introducing the Intel Security Manager class driver to the Linux kernel.
This open-source "Intel Security Manager" class driver is intended for managing secure updates to Intel FPGA hardware.
Mike Blumenkrantz: More Map Gains
Optimizing transfer_map is one of the first issues I created, and it’s definitely one of the most important, at least as it pertains to unit tests. So many unit tests perform reads on buffers that it’s crucial to ensure no unnecessary flushing or stalling is happening here.
What would you like to see most in minix?
I’m working on a couple of presentations and I wanted to share this nugget of joy with anyone who hasn’t actually read it.
Mozilla's Rust and Encryption (for Passwords) Primer
Proprietary Software and Monopolies
C++20 Draft Approved As Major Update To C++ Programming Language
On Saturday the ISO/IEC 14882:2020 standards draft was approved as the latest major update to the C++ programming language. The C++20 approval was unanimous and is a very significant update over C++17, coming a few months later than originally anticipated. C++20 adds to the language concepts, modules, the "spaceship operator" for three-way comparisons, coroutines, designated initializers, new standard attributes, and much more. The C++20 library standard also adds ranges, feature test macros, bit operations, and more. C++20 changes in full can be found via the likes of cppreference.com, open-std.org, Wikipedia.
Ben Armstrong: Dronefly relicensed under copyleft licenses
To ensure Dronefly always remains free, the Dronefly project has been relicensed under two copyleft licenses. Read the license change and learn more about copyleft at these links. I was prompted to make this change after a recent incident in the Red DiscordBot development community that made me reconsider my prior position that the liberal MIT license was best for our project. While on the face of it, making your license as liberal as possible might seem like the most generous and hassle-free way to license any project, I was shocked into the realization that its liberality was also its fatal flaw: all is well and good so long as everyone is being cooperative, but it does not afford any protection to developers or users should things suddenly go sideways in how a project is run. A copyleft license is the best way to avoid such issues. In this incident – a sad story of conflict between developers I respect on both sides of the rift, and owe a debt to for what they’ve taught me – three cogs we had come to depend on suddenly stopped being viable for us to use due to changes to the license & the code. Effectively, those cogs became unsupported and unsupportable. To avoid any such future disaster with the Dronefly project, I started shopping for a new license that would protect developers and users alike from similarly losing support, or losing control of their contributions. I am grateful to one particular team member who is skilled in licensing issues and went with their choices. We ran the new licenses by each contributor and arrived at this consensus: the AGPL is best suited for our server-based code, and CC-BY-SA is best suited for our documentation. The relicensing was made official this morning.
