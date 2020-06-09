Xubuntu is a Linux distribution variant of Ubuntu. This makes some applications in Ubuntu may not be installed by default on Xubuntu. An example is a file search utility. On Xubuntu which uses the Xfce4 desktop environment, we can search for files using Catfish. Catfish is a useful application for finding files quickly. However, this application has the disadvantage of not being able to move multiple files at once. For example, when we search for images with .jpg format. To move it we need to go into the folder and move one by one. I don't know if the next version of Catfish will provide this feature or not.

Modern computing systems can feature multiple types of memory that differ in their performance characteristics. The most common example is NUMA architectures, where memory attached to the local node is faster to access than memory on other nodes. Recently, persistent memory has started appearing in deployed systems as well; this type of memory is byte-addressable like DRAM, but it is available in larger sizes and is slower to access, especially for writes. This new memory type makes memory allocation even more complicated for the kernel, driving the need for a method to better manage multiple types of memory in one system. NUMA architectures contain some memory that is close to the current CPU, and some that is further away; remote memory is typically attached to different NUMA nodes. There is a difference in access performance between local and remote memory, so the kernel has gained support for NUMA topologies over the years. To maximize NUMA performance, the kernel tries to keep pages close to the CPU where they are used, but also allows the distribution of virtual memory areas across the NUMA nodes for deterministic global performance. The kernel documentation describes ways that tasks may influence memory placement on NUMA systems. The NUMA mechanism can be extended to handle persistent memory as well, but it was not really designed for that case. The future may bring even more types of memory, such as High Bandwidth Memory (HBM), which stacks DRAM silicon dies and provides a larger memory bus. Sooner or later, it seems that a different approach will be needed. Recently, kernel developers have been discussing a possible solution to the problem of different memory types: adding the notion of memory tiers. The proposed code extends the NUMA mode to include features like migrating infrequently used pages to slow memory, migrating hot pages back to fast memory, and a proposal for a control mechanism for this feature. The changes to the memory-management subsystem to support different tiers are complex; the developers are discussing three related patch sets, each building on those that came before.

The seccomp() mechanism allows a process to load a BPF program to restrict its future use of system calls; it is a simple but flexible sandboxing mechanism that is widely used. Those filter programs, though, run on the "classic" BPF virtual machine, rather than the extended BPF (eBPF) machine used elsewhere in the kernel. Moving seccomp() to eBPF has been an often-requested change, but security concerns have prevented that from happening. The latest attempt to enable eBPF is this patch set from YiFei Zhu; whether it will succeed where others have failed remains to be seen. The purpose of a BPF program under seccomp() is to make a decision about whether a given system call should be allowed; to that end, these programs have limited access to the system-call arguments. There is also a notification mechanism by which decisions can be punted to a user-space daemon if needed. By using a filter program, tools like browsers or container-management systems can place limits on what they or their subprocesses can do. There are a number of reasons for wanting to use eBPF to write these programs — essentially, all of the motivations that led to the creation of eBPF in the first place. Switching to eBPF would make a number of new features available to seccomp() filter programs, including maps, helper functions, per-task storage, a more expressive instruction set, and more. Programs for eBPF can be written in C, which is not possible for classic-BPF programs — a problem that has led to the creation of special languages like easyseccomp. There is a whole ecosystem of tools for eBPF that developers using seccomp() would like to use. Given all of that, one might think that using eBPF with seccomp() would be uncontroversial; the roadblock in this case is security worries. The current mechanism is relatively simple and easy to verify; eBPF brings a whole new level of complexity to worry about. Applying a filter program with seccomp() is an unprivileged operation, and it would need to stay that way, but the BPF developers have given up on the idea of making eBPF safe for unprivileged use. Nobody is interested in turning seccomp() into a security problem in its own right.

When kernel developers want to communicate something about the state of a running kernel, they tend to use printk(); that results in a log entry that is intended — with varying success — to be human-readable. As it happens, though, the consumers of that information are often not human; the kernel's log output is also read by automated monitoring systems that are looking for problems. The result is an impedance mismatch that often ends with the monitoring system missing important messages. The printk() format indexing patch set is the latest of many attempts to improve this situation. Monitoring systems are installed by administrators who want to know when there is a problem with the systems they manage. So, for example, if the CPU bursts into flames, and the administrator doesn't happen to be in the room to witness the event, they would at least like to receive an alert telling them to call their hardware vendor and the fire department, probably in that order. To produce this alert, the monitoring system will be watching the kernel log for the "CPU on fire" message printed by the relevant code in the kernel. If all goes well, the message will escape before the CPU melts and the replacement system can be ordered in a timely manner.

today's leftovers How Red Hat and Capgemini helped Deutsche Telekom enable greater connectivity As one of the world’s leading integrated telecommunications companies, Deutsche Telekom has an overarching goal: to enable connectivity in society. And providing fast, reliable internet to as many people as possible is one way it’s achieving that goal. Deutsche Telekom is currently replacing copper cables with fiber-optic lines, including a rapid mass rollout to almost 40 million homes across Germany. Red Hat and our partner Capgemini, a global systems integrator (GSI), are providing the expertise and technology Deutsche Telekom needs to make this initiative possible.

KDE Gear 21.08 releases schedule finalized Dependency freeze is in four weeks (July 8) and Feature Freeze a week after that, make sure you start finishing your stuff!

Octeon TX2 based module powers new ClearFog networking boards SolidRun’s tiny “CN9130 Mini SoM” runs Linux on Marvell’s 2.2GHz, quad -A72 Octeon TX2 CN9130 and powers new ClearFog CN9130 Base and Pro SBCs with up to 5x switched GbE, SFP+, M.2, 2x mini-PCIe, and optional enclosures. Over the years, SolidRun’s ClearFog line of networking modules, boards, and appliances have showcased various Marvell networking SoCs such as the quad -A72 Armada A8040 that powers the ClearFog GT 8K. SolidRun has now followed Marvell onto its Octeon TX2 line of processors, as seen in a new CN9130 Mini SoM module. The module is available on new ClearFog CN9130 Base ($226 and up) and higher end ClearFog CN9130 Pro ($253 and up) carriers. Available with optional enclosures, the boards can be used for prototyping or deployed as SBCs (see farther below).

From Fab to Table: Librem 5 USA Supply Chain Security There are a number of different reasons why someone might be excited about the Made in USA electronics in the Librem 5 USA ranging from the patriotic to the environmental to the security-minded. The Librem 5 USA has a more secure supply chain for reasons beyond that the electronics are made in one country instead of another. In this post I will explain why it’s so important that the Librem 5 USA is made where it is and why that makes it a more secure product than the Librem 5. Even if you aren’t from the US or don’t find the US a more trustworthy manufacturing location than anywhere else, by the end of my post you will hopefully agree with me.

p6steve: Can Raku replace HTML? In my last post, I listed three recent posts that got me thinking about Raku and HTML. I wondered if two of these could be used together to streamline the composition of web sites. [...] This post illustrates how Raku can combine detailed syntax control to smoothly embed HTML within code logic. This helps to refactor awkward syntax islands so that the underlying problem-solution logic can be encapsulated and clearly expressed, It demonstrated the practical combination of the Cro template language with innate Raku power-of-expression to drive more comprehensible, consistent and maintainable code.

Opera 77 is available for Windows, MacOS and Linux Norwegian browser maker Opera has announced the availability of the standard version 77 of Opera for Windows, MacOS and Linux.

Security updates for Wednesday Security updates have been issued by Debian (eterm, mrxvt, and rxvt), Mageia (cgal, curl, exiv2, polkit, squid, thunderbird, and upx), openSUSE (firefox and libX11), Oracle (libwebp, nginx:1.18, and thunderbird), Red Hat (.NET 5.0, .NET Core 3.1, 389-ds-base, dhcp, gupnp, hivex, kernel, kernel-rt, libldb, libwebp, microcode_ctl, nettle, postgresql:10, postgresql:9.6, qemu-kvm, qt5-qtimageformats, rh-dotnet50-dotnet, and samba), SUSE (apache2-mod_auth_openidc, firefox, gstreamer-plugins-bad, kernel, libX11, pam_radius, qemu, runc, spice, and spice-gtk), and Ubuntu (intel-microcode and rpcbind).

Why Ransomware Attacks Are Becoming A National Security Risk : NPR [Ed: NPR is funded by Microsoft and Bill Gates, so they won't name the culprit. Ryan: "No mention of Windows."]

Weekly Musings 115 – On the Follow Button No matter what people say, pulling the plug on Google Reader didn’t kill RSS. It didn’t hurt RSS. RSS might have been knocked around a bit by Reader’s disappearance, but it’s far from dead. [...] The narrative about the death, or ill health, of RSS persists. A headline at Techcrunch, for example, proclaims that Google revives RSS. But Google’s second go around won’t save RSS, if only because RSS doesn’t need saving. It won’t revitalize or revive RSS (sorry, TechCrunch), if only because RSS isn’t struggling. RSS isn’t fading away. It doesn’t require any tender ministrations Unlike some of the doomsayers, I don’t believe that the Follow button will kill RSS, either. The Follow button in Chrome has little or anything to do with RSS. In some ways, it seems to be an attempt by Google to replace or supplant RSS rather than being a direct existential threat to RSS. The Follow button and what it does are more of a Frankenstein-like mash-up than anything else. It’s an information delivery chimera that’s a little bit RSS reader, a little bit read-it-later tool, and a little bit Google News. I’m not sure the Follow button will catch on. At least, not in the way some people think it will. The Follow button might just be another of Google’s countless public experiments, an experiment designed to see if an idea sticks. And what if it does stick? Just as Slack, Teams, and their cousins didn’t put an end to email, I don’t believe that little button will be an RSS killer. No. The Follow button will more than likely exist side by side with RSS readers. Some people will prefer to tap it rather than using an RSS reader. Some will stick with their feed readers of choice. That’s not to say that the Follow button is innocuous. It has the potential to be very dangerous. As I mentioned at the top of this musing, when you tap the button, an algorithm is also making suggestions. That can quickly build a filter bubble around you, pushing misinformation and the like your way. Whether you want it to or not. Worse, you don’t have any control over what’s pushed your way unlike the control that you have with RSS. [...] RSS will die only if we let it die. Nothing Big Tech can do will change that. You can keep RSS alive and well by using it. Not with the software handed to you by some firm more interested in raking in your data and cornering a market, but by embracing more artisan software crafted by smaller developers. Developers who care about an open web. That’s your choice. Make it wisely.