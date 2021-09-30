DRM, Proprietary Software, and Security
Each year, the Free Software Foundation (FSF) stages the International Day Against DRM (IDAD), and this year, we want to work with the community more closely than ever before and bridge the gap between anti-DRM activists, those involved with the software freedom movement, and everyday individuals. Together, we'll stand up against DRM on December 10th.
As one of the most memorable parts of last year's Day Against DRM was our informal advocacy strategy session held over BigBlueButton, we want to begin our public planning of the event with a similar meeting. We're inviting you to collaborate with us in the preparation for this year's IDAD, sharing suggestions and anti-DRM activism methods, as well as organizing online satellite events.
Longtime Ars readers probably remember some of the many cases in which overly onerous DRM prevented game owners from playing their legitimate purchases. We're seeing that situation play out again today, this time thanks to how some DRM systems interact with the unique features of Intel's 12th-generation "Alder Lake" CPUs.
Intel’s Alder Lake big.little CPU design, tested: It’s a barn burner
We've already covered how Alder Lake's hybrid "big.little" design splits the CPU's workload into high-powered "performance" (P) cores and low-powered "efficiency" (E) cores. But after hinting at the potential issue in a developer FAQ last month, Intel is now confirming that some games contain DRM that Intel says "may incorrectly recognize 12th Generation Intel Core Processors efficient-cores (E-cores) as another system." That issue can lead to games that "may crash during launch or gameplay or unexpectedly shut down," Intel says.
PC Mag's Chris Stobing explained that the issue arises from the DRM middleware treating the two different types of cores as two distinct systems. "Once it detects that some portion of the load has been split between the P- and E-cores, it sees the new cores as a new license holder (a separate system) and force-quits the game to prevent what it believes is two PCs trying to play one game on the same key,” he said.
Millions of Windows users could lose access to their online cloud storage within weeks as Microsoft looks to encourage upgrading to the latest software.
The tech giant has warned that the OneDrive app will stop syncing with Windows 7, 8 and 8.1 on March 1, 2022, meaning users only have a few weeks to upgrade to a newer version or possibly lose access to their files.
Security updates have been issued by Arch Linux (firefox, grafana, jenkins, opera, and thunderbird), Debian (botan1.10 and ckeditor), openSUSE (chromium, kernel, qemu, and rubygem-activerecord-5_1), SUSE (qemu and rubygem-activerecord-5_1), and Ubuntu (docker.io, kernel, linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, and linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon).
Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find a full-fledged shell, a DHCP client/server, and small utilities such as cp, ls, grep, and others. You're likely to find many OT and IoT devices running BusyBox, including popular programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs)-many of which now run on Linux.
Programming Leftovers
This question has been a source of disagreement among people who start or manage online communities for decades. Requiring accounts makes some sense since users contributing without accounts are a common source of vandalism, harassment, and low quality content. In theory, creating an account can deter these kinds of attacks while still making it pretty quick and easy for newcomers to join. Also, an account requirement seems unlikely to affect contributors who already have accounts and are typically the source of most valuable contributions. Creating accounts might even help community members build deeper relationships and commitments to the group in ways that lead them to stick around longer and contribute more.
In earlier editions (part 1, part 2) we looked at typesetting a full book to a PDF file. This is fun and all, but until you actually hold a physical copy in your hands you don't really know how good the end result is. Puddings, eatings and all that.
So I decided to examine how would you go about printing and binding an entire book. For text I used P. G. Wodehouse's The Inimitable Jeeves. It has roughly 220 pages which is a good amount for perfect binding. Typesetting it in LibreOffice only took a few hours. To make things even simpler I used only one font, the Palatino lookalike P052 that comes packaged with Ghostscript. As the Jeeves stories take place in the 1920s something like Century would have been more period accurate but we'll have to work with what we got.
The only printer I had access to was an A4 laser printer that could only print on one side of the page. Thus to keep things as simple as possible the page size became A5, which is easy to obtain by folding A4 paper in half. None of the printer dialogs seemed to do the imposition I needed (single page saddle fold, basically) so I had to convert the A5 originals to A4 printable sheets with a custom Python script (using PyPDF2)
After announcing ARMv9 earlier this year and the likes of the Cortex-X2, the open-source code compilers has been preparing for this evolutionary advancement over ARMv8.
LLVM/Clang has been working on Armv9-A enablement and the GNU toolchain from Binutils to the GNU Compiler Collection have also been preparing their new code. As of today GCC 12 hit the stage of being able to target -march=armv9-a as of this commit. Using "-march=armv9-a" is used for targeting the ARMv9-A ISA and enabling the new instructions available. Tuning is currently based on the existing ARMv8 Cortex-A53. This is an important step for supporting the next-gen Arm architecture.
mrcal is my big toolkit for geometric computer vision: making models (camera calibration) and using models (mapping, ranging, etc).
Since the release of mrcal 1.0 back in February I've been busy using the tools in the field, fixing things and improving things. Today I'm happy to finally be able to announce the release of mrcal 2.0.
A big part of this release is maintenance and cleanup that resulted from me heavily using the tools over the course of this past year, and improving whatever was bugging me. The most notable result of that effort, is that splined models are no longer "experimental". They work well and they're awesome. Go try them.
And there're a number of new features, most notably nice dense stereo support and nice sparse triangulation support (with uncertainty propagation!) These are awesome. Go try them.
I was recently called upon by Origyn to audit the source code of some of their Internet Computer canisters (“canisters” are services or smart contracts on the Internet Computer), which were written in the Motoko programming language. Both the application model of the Internet Computer as well as Motoko bring with them their own particular pitfalls and possible sources for bugs. So given that I was involved in the creation of both, they reached out to me.
In the course of that audit work I collected a list of things to watch out for, and general advice around them. Origyn generously allowed me to share that list here, in the hope that it will be helpful to the wider community.
You've spent weeks perfecting your code. You've tested it and sent it to some close developer friends for quality assurance. You've posted all the source code on your personal Git server, and you've received helpful bug reports from a few brave early adopters. And now you're ready to make your Python code available to the world.
I really like AWK. It allows me to do simple, effective, ad hoc processing of data files, as this post will demonstrate. If AWK was a football club I'd be an ardent supporter: "Carn the mighty AWK!"
Server: Ubuntu, SUSE and Containers/Kubernetes
CIS Benchmarks are best practices for the secure configuration of a target system. The Center for Internet Security, Inc. (CIS®) is the authority backing CIS Benchmarks. Ubuntu Pro is entitled to be CIS compliant and packaged with CIS toolings from Canonical.
Extend enterprise storage capabilities to SUSE Rancher, RKE2, RKE and K3S Kubernetes for cloud-native stateful applications with Dell Container Storage Modules (CSM). Dell CSMs enable simple and consistent integration and automation experiences. It reduces management complexity so developers can independently consume enterprise storage with ease and automate daily operations such as provisioning, snapshotting, replication, observability, authorization and, resiliency. The CSI Drivers by Dell EMC implement an interface between CSI (CSI spec v1.3) enabled Container Orchestrator (CO) and Dell EMC Storage Arrays (Dell PowerStore, PowerScale, PowerFlex, PowerMax and Unity). It is a plug-in that is installed into Kubernetes to provide persistent storage using Dell storage system.
The Cloud Native Computing Foundation’s Kubernetes project announced the election of four members to the Kubernetes Steering Committee which oversees the governance of the Kubernetes project. The announcement was made in a blog by Kaslin Fields, a CNCF ambassador and a developer advocate at Google.
Kubernetes is considered to be the de facto standard for managing containers, and is widely used in enterprise cloud native infrastructures.
The user/group ID related security settings in Pod's securityContext trigger a problem when users want to deploy containers that use accelerator devices (via Kubernetes Device Plugins) on Linux. In this blog post I talk about the problem and describe the work done so far to address it. It's not meant to be a long story about getting the k/k issue fixed.
Instead, this post aims to raise awareness of the issue and to highlight important device use-cases too. This is needed as Kubernetes works on new related features such as support for user namespaces.
AMD EPYC 7003 Series Performance Across Autumn 2021 Linux Distributions
These five Linux distributions were benchmarked on the same EPYC server comprised of two AMD EPYC 75F3 processors for a combined 64 cores / 128 threads, an ASRockRack ROME2D16-2T motherboard, 16 x 8GB DDR4-3200 memory, and a 1TB WD_BLACK SN850 NVMe solid-state drive.
The five Linux distributions under test was Alma Linux 8.4 (RHEL 8.4 alternative), CentOS Stream for tracking the latest upstream work ahead of RHEL 9, Clear Linux 35150 for Intel's latest optimized Linux distribution, Fedora Server 35, and then Ubuntu 21.10. Each of the five Linux distributions were cleanly installed on this server and benchmarking them in their out-of-the-box / default configuration for seeing how these latest Linux distributions compete on the current-generation AMD server platform.
