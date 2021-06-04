We are happy to announce the publication of our policy brief on "How to issue a privacy-preserving central bank digital currency" by The European Money and Finance Forum. Many central banks are currently investigating Central Bank Digital Currency (CBDC) and possible designs. A recent survey conducted by the European Central Bank has found that both citizens and professionals consider privacy the most important feature of a CBDC. We show how a central bank could issue a CBDC that would be easily scalable and allow the preservation of a key feature of physical cash: transaction privacy. At the same time the proposed design would meet regulatory requirements and thus offer an appropriate balance between privacy and legal compliance.

As movement toward memory-safe languages, and Rust in particular, continues to grow, it is worth looking at one of the larger scale efforts to port C code that has existed for decades to Rust. The uutils project aims to rewrite all of the individual utilities included in the GNU Coreutils project in Rust. Originally created by Jordi Boggiano in 2013, the project aims to provide drop-in replacements for the Coreutils programs, adding the data-race protection and memory safety that Rust provides. Many readers will be familiar with the Coreutils project. It includes the basic file, process, and text manipulation programs that are expected to exist on every GNU-based operating system. The Coreutils project was created to consolidate three sets of tools that were previously offered separately, Fileutils, Textutils, and Shellutils, along with some other miscellaneous utilities. Many of the programs that are included in the project, such as rm, du, ls, and cat, have been around for multiple decades and, though other implementations exist, these utilities are not available for platforms like Windows in their original form. Collectively, the Coreutils programs are seen as low-hanging fruit where a working Rust-based version can be produced in a reasonable amount of time. The requirements for each utility are clear and many of the them are conceptually straightforward, although that's not to suggest that the work is easy. While a lot of progress has been made to get uutils into a usable state, it will take some time for it to reach the stability and maturity of Coreutils. The use of Rust for this project will help to speed this process along since a huge swathe of possible memory errors and other undefined behavior is eliminated entirely. It also opens the door to the use of efficient, race-free multithreading which has the potential to speed up some of the programs under certain conditions. The uutils rewrite also provides an opportunity to not just reimplement Coreutils but to also enhance the functionality of some of the utilities to yield a better user experience, while maintaining compatibility with the GNU versions. For example, feature requests that have long been rejected in the Coreutils project, like adding a progress bar option for utilities like mv and cp, are currently being entertained in this Rust rewrite.

Kernel: LWN and Phoronix Article (Without Paywall and New, Respectively) Auditing io_uring The io_uring subsystem, first introduced in 2019, has quickly become the leading way to perform high-bandwidth, asynchronous I/O. It has drawn the attention of many developers, including, more recently, those who are focused more on security than performance. Now some members of the security community are lamenting a perceived lack of thought about security support in io_uring, and are trying to remedy that shortcoming by adding audit and Linux security module support there. That process is proving difficult, and has raised the prospect of an unpleasant fallback solution. The Linux audit mechanism allows the monitoring and logging of all significant activity on the system. If somebody wants to know, for example, who looked at a specific file, an audit-enabled system can provide answers. This capability is required to obtain any of a number of security certifications which, in turn, are crucial if one wants to deploy Linux in certain types of security-conscious settings. It is probably fair to say that a relatively small percentage of Linux systems have auditing turned on, but distributors, almost without exception, enable auditing in their kernels. The audit mechanism relies, in turn, on a large array of hooks sprinkled throughout the kernel source. Whenever an event that may be of interest occurs, it is reported via the appropriate hook to the audit code. There, a set of rules loaded from user space controls which events are reported to user space. When io_uring was being developed (which is still happening now, of course), the developers involved were deeply concerned about performance and functionality. Supporting security features like auditing was not at the top of their list, so they duly neglected to add the needed hooks — or to think about how auditing could be supported in a way consistent with the performance goals. Now that io_uring is showing up in more distributor kernels (and, in particular, the sorts of kernels where auditing is relatively likely to be enabled), security-oriented developers are starting to worry about it. Having io_uring serve as a way to circumvent the otherwise all-seeing audit eye does not seem like a good way to maintain those security certifications.

The runtime verification subsystem The realtime project has been the source of many of the innovations that have found their way into the core kernel in the last fifteen years or so. There is more to it than that, though; the wider realtime community is also doing interesting work in a number of areas that go beyond ensuring deterministic response. One example is Daniel Bristot de Oliveira's runtime verification patch set, which can monitor the kernel to ensure that it is behaving the way one thinks it should. Realtime development in the kernel community is a pragmatic effort to add determinism to a production system, but there is also an active academic community focused on realtime work. Academic developers often struggle to collaborate effectively with projects like the kernel, where concerns about performance, regressions, and maintainability have been the downfall of many a bright idea. As a result, there is a lot of good academic work that takes a long time to make it into a production system, if it ever does. Imagine, for a moment, a project to create a realtime system that absolutely cannot be allowed to fail; examples might include a controller for a nuclear reactor, a jetliner's flight-control system, or the image processor in a television set showing that important football game. In such a setting, it is nice to know that the system will always respond to events within the budgeted time. Simply observing that it seems to do so tends to be considered inadequate for these systems. One way to get to a higher level of assurance is to create a formal model of the system, prove mathematically that the model produces the desired results, then run that model with every scenario that can be imagined. This approach can work, but it has its difficulties: ensuring that the model properly matches the real system is a challenge in its own right and, even if the model is perfect, it is almost certain to be far too slow for any sort of exhaustive testing. The complexity of real-world systems makes this approach impractical, at best.

It's Good But Maybe Bad: LVFS Skyrockets With More Than 100k Firmware Updates In One Day - Phoronix The Linux Vendor Firmware Service (LVFS) with Fwupd has been serving on average around 40k~50k firmware updates per daay to Linux users relying on this cross-vendor, open-source firmware distribution service with FWUPD for applying firmware updates under Linux. But yesterday its usage just skyrocketed with more than 100,000 firmware updates in a single day... That's great for adoption but the motivation for the mass firmware updates may be something rough on the horizon.

Intel Speed Select Driver Issue Was Hurting Performance In Some HPC Benchmarks - Phoronix Intel's Speed Select Technology introduced since Cascade Lake for providing more granular power/performance controls was done in the name of performance but it turns out an ISST Linux driver inefficiency could lead to a 10%+ performance hit for some HPC benchmarks. Public details are scarce on this latest Intel Speed Select Technology Linux driver change but when making use of this ISST code on select systems and for unspecified HPC workloads it could lead to reported 10%+ performance penalties for some high performance computing benchmarks. The issue stems from the CPU to PCI device mapping carrying out a linear search of PCI devices on systems and in particular for massive servers this could prove to be very expensive.

AMDGPU For Linux 5.14 To Report Throttler Status, Many Fixes Sent Out - Phoronix Last week marked the end of feature work for the AMDGPU driver (and other DRM drivers) for the upcoming Linux 5.14 cycle. Sent out today though were the first set of AMDGPU fixes targeting Linux 5.14 that does include a recently talked about throttler status feature. Prior feature pull requests to DRM-Next for the AMD Radeon kernel graphics driver for Linux 5.14 included the introduction of Beige Goby and Yellow Carp GPU support, HMM SVM, more Aldebaran accelerator work, PCI Express ASPM being enabled by default, GPU hot unplug support, AMD Smart Shift support for laptops, 16 bpc support, and various other changes. Linux 5.14 will be another exciting cycle for AMD Radeon open-source driver users particularly if running newer GPUs.