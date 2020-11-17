CVE-2020-4788 is now public and it's not good for IBM and their POWER9 processors... This new vulnerability means these IBM processors need to be flushing their L1 data cache between privilege boundaries, similar to other recent CPU nightmares. While IBM POWER9 allows speculatively operating on completely validated data in the L1 cache, when it comes to incompletely validated data that bad things can happen. Paired with other side channels, local users could improperly obtain data from the L1 cache. CVE-2020-4788 was made public this morning and is now causing all stable Linux kernel series to receive the mitigation that amounts to hundreds of lines of new code. The mitigation is flushing the L1 data cache for IBM POWER9 CPUs across privilege boundaries -- both upon entering the kernel and on user accesses.

Each year we proclaim it’s time to learn how to hack. But why? Jonni always gets angry at the subversion of the term ‘hacking’ and I can understand why. Hacking is fun, as is finding out how systems work and how to get them to do things they were never meant to do. With open source and the Linux ecosystem there’s an abundance of hacking fun to be had, and it’s no wonder all the key tools for learning how to hack – and actually hack – are developed and run out of Linux systems. For this year’s look at the world of hacking Jonni’s introducing you to the metasploit framework. This is a playground where you can learn, explore and develop hacking skills. It’s usually paired with Kali Linux, and we’re putting these on the Linux Format DVD, which makes a welcome return.

The JLA was also an example of synergy with the SPDX project of the Linux Foundation. The JLA adopted the SPDX license identifier as a standard and is linked with the license full text that is provided from the SPDX data base.

“As a developer, it’s exciting and challenging to stay up to speed with the latest trends in technology. Every day, new languages, frameworks and devices capture our attention and spur conversations in meetups, forums and chats. However, our developer community is made of people, not tools, and it’s fascinating to explore its sociopolitical aspects. We are always beginners at some things and experts at others. Along the way from beginner to expert, we ask a lot of questions, but it can be intimidating to ask for help.” This is how Sonia Singla, Cloud Native Computing Foundation intern and mentee, kicked off her talk at this year’s Kubecon+CloudNativeCon North America. Fresh off her CNCF internship with Thanos and Outreachy placement at Mozilla, Singla took the lessons she’s learned over the last two years in both toxic and welcoming environments to offer advice for both how to give and receive technical help in open source communities.

DataStax is creating a new way for users to get the open source Cassandra database running on the Kubernetes cloud-native platform, with the K8ssandra project released on Nov. 18. The release comes during the same week as the KubeCon + CloudNativeCon North America 2020 virtual event, which is hosted by the Cloud Native Computing Foundation to highlight the latest innovations across the Kubernetes landscape. Kubernetes is a container orchestration platform that has become increasingly popular as it helps to enables multi-cloud deployment for applications. Like many other database vendors, DataStax has been using what is known as a Kubernetes Operator to help users get the Cassandra database running on Kubernetes.

It is no secret that the FSFE's activities are only possible with the priceless help of our contributors and supporters around Europe. In return we support local engagement with our expertise, information material, networks or even financially. To help formalize this process, we run our second call for FSFE community projects. From international campaigns to local information booths, our successful spreading of software freedom is based on many shoulders from active members within our community. This is why ever since the FSFE e.V. has been keen on supporting initiatives and activities from local FSFE groups to single supporters. We happily support you with our expertise, our information material, our networks or even financially.

Kernel: Linux Security and Graphics Why eBPF is the Future of Linux and Cloud Native Networking For decades, IPtables has been the cornerstone of Linux networking, but that's no longer the case. Over the last few years, extended Berkeley Packet Filter (eBPF) has emerged as a better option for Linux whether it's running on-premises, or more likely than not, in the cloud. What eBPF provides is a low-level interface to enable data packet transmission and control. On its own it has tremendous potential for networking. While there is lots of open source eBPF code now in the Linux kernel, on its own, it can be quite complex, which is where the open source Cilium project has been making inroads in the last few years. I first wrote on Cilium in 2017, when the project first got started and the company behind it - Isovlanet - was still shrouded in stealth. Cilium and Isovalent are led by CEO and co-founder Dan Wendlandt, who helped to create the OpenStack Quantum networking project and was a pioneer in the Software Defined Networking (SDN) industry at VMware. Last week, Isovalent emerged from stealth, along with $29 million in funding led by Andreessen Horowitz. Wendlandt and Andreessen Horowitz are hardly strangers; after he left VMware in 2016 he went to work as a partner at the venture capital firm, alongside fellow SDN pioneer and VMware alum Martin Casado.

[Mesa-dev] Intent to retire ancient driver support Sending this on to the list for visibility, since not everyone follows everything on gitlab. In this merge request: https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7660 I retire support for DRI drivers older than Mesa 8.0, which was February 2012. In particular this retires the ability for libGL to even load DRI1 drivers, which last existed in Mesa 7.11. We are not aware of any currently supported distros trying to ship both DRI1 drivers and anything newer. In fact the only distro I'm aware of that ever _tried_ was RHEL 6, which goes into extended-life support at the end of the month, and which is currently shipping Mesa 11.0.7 and is thus _way_ behind the times in terms of hardware enablement. Eric Anholt suggested that glvnd is the better way to retain DRI1 support at this point, and to that end there is also: https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7674 Which allows us to override the glvnd vendor name. xserver could then select a different name for DRI1 screens, and now you get parallel-installable Mesa packages, which could be nice for a bunch of reasons. If you still care about DRI1 support, I am very sorry, but hopefully !7674 (backported to 20.x) and a bit of polish to xserver should keep things working for you, and your feedback/testing would be greatly appreciated.

Mesa To Drop Support For Ancient Drivers - Phoronix The fallout should be minimal and hopefully not impact any Phoronix readers, but as Mesa rolls into 2021 it is looking to drop support for loading DRI1 graphics drivers. Back in 2011 the classic Radeon drivers were removed Adam Jackson of Red Hat is planning to remove the ability for Mesa's current libGL to be able to load DRI1 drivers. This is basically about trying to load old DRI1 drivers from Mesa pre-8.0 onto a system with the current Mesa libGL loader. Mesa has retained this ability for being able to load these classic DRI1 drivers but nearly nine years after old driver code was dropped from Mesa, phasing out this ability to load DRI1 drivers is now planned.

Arcturus No Longer Experimental - AMD Instinct MI100 Linux Support Is Ready - Phoronix Being sent in as a "fix" this week to the Linux 5.10 kernel is removing the experimental flag for the Arcturus GPU, days after AMD announced the MI100 accelerator at SC20. Going back to the summer of 2019 there have been Linux graphics driver patches for "Arcturus" as an evolution of GFX9/Vega but with not a lot being known about it. Much work was poured into this open-source driver code for Arcturus and the Linux support all squared away over the past year. This week it finally entered the limelight in the form of the AMD Instinct MI100 accelerator.

NVIDIA Is Working On Vulkan Support With RDMA Memory - Phoronix Well this will be interesting to see what NVIDIA use-case pans out... NVIDIA engineers are working on a Vulkan extension for making use of RDMA memory. Remote Direct Memory Access (RDMA) for zero-copy networking with high throughput and low latency is very common for cluster computing and other enterprise scenarios to allow direct memory access from one computer to another without the intervention of the CPU. NVIDIA now though is preparing to support RDMA memory usage in the Vulkan context.