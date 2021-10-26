Kernel Articles From LWN (Just Released From Paywall)
The Linux random-number generator (RNG) seems to attract an outsized amount of attention (and work) for what is, or seemingly should be, a fairly small component of the kernel. In part that is because random numbers, and their quality, are extremely important to a number of security protections, from unpredictable IP-packet sequence numbers to cryptographic keys. A recent post of version 43 of the Linux Random Number Generator (LRNG) by Stephan Müller is not likely to go any further than its predecessors, but the discussion around it may lead to support for a feature that some distributions need.
The cover letter for the LRNG patch set is titled "/dev/random - a new approach", which is true, but also sure to elicit highly skeptical responses or cause the patches to be ignored entirely. As was reiterated in the discussion, kernel development generally does not proceed along the "wholesale replacement" path; features are added slowly, in bite-sized chunks, instead. But LRNG is meant to be a drop-in replacement for the existing kernel RNG, while adding a long list of additional features—some of which would likely be welcome if they were separated out.
Reference counts are a commonly used mechanism for tracking the life cycle of objects in a computing system. As long as every user of an object correctly maintains its references by incrementing and decrementing the reference count, that object will persist for as long as it is needed and will be properly destroyed once the last user is done. The "correctly" in that sentence is important, though; things do not work as well in the presence of reference-counting errors. Networking developer Eric Dumazet is working on a reference-count tracking system that could prove useful for finding these errors in the networking subsystem and, someday, throughout the kernel.
Bugs in reference-count manipulation can be hard to find because the references themselves are anonymous. It may become clear, for example, that some user of an object has failed to release a reference before forgetting about that object, but there is generally no way to know which user has done this. So the kernel ends up with an unused object that cannot be released, but there is no way to know where the reference-counting mechanism failed, or even which reference was lost. If there were a way to determine which of (say) several dozen references to an object was leaked, the task of finding the erroneous release path would be made considerably easier.
It is natural, when looking at the kernel development process, to focus on patches that find their way to acceptance and become a part of future kernels. But there can be value in looking at work that doesn't clear the bar; in failing, these patches often reveal things about the kernel and the community that creates it. Such is the case with the proof-of-concept namespacefs patch series recently posted by Yordan Karadzhov. One should not expect to see namespacefs in a future kernel but, in failing, this work showed a real use case and why it is hard to satisfy that use case in the kernel.
Namespacefs is, as one might expect, a virtual filesystem implemented by the kernel. Its job is to display the hierarchy of namespaces running on the system; this information reflects the hierarchy of containers that are running. By using namespacefs, administrators can more readily see what is happening on their systems; it is also meant to facilitate complicated use cases like tracing multiple containers and watching how they interact.
The initial implementation was limited to the PID and time namespaces. One can use it to traverse the hierarchy of PID namespaces (time namespaces are not hierarchical) and obtain the list of processes running in each. Other types of namespaces are not supported in this posting, but the intent was seemingly to add that support in a future version if namespacefs looked like the right solution to the problem.
Writing (correct) concurrent code that uses locking to avoid race conditions is difficult enough. When the objective is to use lockless algorithms, relying on memory barriers instead of locks to eliminate locking overhead, the problem becomes harder still. Bugs are easy to create and hard to find in this type of code. There may be some help on the way, though, in the form of this patch set from Marco Elver that enhances the Kernel Concurrency Sanitizer (KCSAN) with the ability to detect some types of missing memory barriers.
KCSAN works in a statistical manner by watching accesses to specific memory addresses and trying to detect racy patterns; the algorithm used is described in this article. In its current form, though, KCSAN can only catch certain types of race conditions, specifically those that arise from locking errors. Other types of races remain invisible to this tool, including a number that can arise in incorrect lockless code. KCSAN is, by design, blind to the kinds of problems that occur when CPUs and memory controllers reorder the visibility of memory writes.
today's leftovers
I have uploaded a set of new packages for Chromium 96.0.4664.110. The package updates for chromium-ungoogled will follow shortly, they are still compiling.
“With today’s vote, the European Parliament sends the clear signal that gatekeepers must not undermine merit-based competition. The EU Digital Markets Act (DMA) gives consumers and businesses more freedom to deploy and use a variety of non big-tech software that can shape our lives in pivotal ways. We stand ready to support EU lawmakers in getting this ambitious new regulatory standard over the line.
People deserve a variety of products that are personalised to their preferences and localised to their communities. When it comes to software products, people should have the ability to simply and easily try new apps, delete unwanted apps, switch between apps, change app defaults, and expect similar functionality and use. The same is true of operating systems and online marketplaces—developers and merchants should be empowered to offer their products to consumers on an even footing with gatekeepers. This means gatekeepers must respect consumer choice and make space for competitors. A software war is still taking place and tech giants control the space. We look forward to European authorities enforcing these rules – with strength.” – Mozilla
Embedded objects in Writer consist of a native data part and a preview part. Until now, there was no way to force the update of the preview part in case it was empty.
Now the Tools → Update → Update all menu item updates such previews as well. This is especially useful if you manipulate the ZIP/XML document directly to insert native data, then load it into Writer to generate a preview.
TDF Membership Committee announces the PRELIMINARY results of the elections for the next Board of Directors at The Document Foundation.
The number of TDF Members who voted is 120, from a total amount of 211 eligible voters. This means that 91 TDF Members did not vote. The Membership Committee would like to thanks all the voters, as the elections are the most significant time of the year for TDF Members, because they can decide about the project’s governance.
A couple of weeks ago, the Software Freedom Conservancy (SFC) filed suit against television maker Vizio, alleging that Vizio took advantage of open source software without playing by open source rules. It’s a shame that SFC had to take this step, but I think it’s a milestone moment that underscores the value of open source software to our society and how we must vigilantly and proactively protect the rights of the both the user/consumer and those who have contributed code in good faith. Please read my blog that explains the lawsuit and its constructive benefits, and let me know your thoughts.
Flexera, the company that helps organizations maximize business value from their technology investments, today announces that it has achieved the status of FinOps Certified Platform by the FinOps Foundation. FinOps Certified Platform (FCP) is a pre-qualified tier of vetted technology providers that offer software solutions which enable their customers to successfully adopt cloud financial management practices.
“The FinOps practice has experienced rapid growth within the industry,” said Brian Adler, Senior Director, Cloud Market Strategy. “Earning this certification from the FinOps Foundation increases Flexera’s leadership position in helping companies save money through providing insights into optimizing their cloud spend. Ultimately, this helps us better serve our customers.”
Copyright and licensing can be difficult, especially when reusing software from different projects that are released under various, different licenses. REUSE was started by the Free Software Foundation Europe (FSFE) to provide a set of recommendations to make licensing your Free Software projects easier. Not only do these recommendations make it easier for you to declare the licenses under which your works are released, but they also make it easier for a computer to understand how your project is licensed.
After many iterations and amendments, the European Parliament adopted the Digital Markets Act by 642 votes in favour, 8 votes against, and 46 abstentions. With this vote the principle of Device Neutrality is introduced. At the same time, the Parliament missed the chance to introduce strong requirements for interoperability based on Open Standards.
"We strongly believe the digital markets will benefit by facilitating access to Free Software in devices. Device Neutrality translates in the DMA as stricter consent rules for pre-installed apps, safeguards against vendor lock-in, and real-time data portability. Interoperability of services was also introduced, but not with the requirement to be based on Open Standards. This is a lost chance to leverage competition with accessible and non-discriminatory technical specifications. Open Standards are an important element for innovation by allowing market actors to innovate on top of technical specification standards and build their own services.", says Lucas Lasota, the FSFE's Deputy Legal Coordinator.
[...]
The FSFE has been working for two decades empowering people to control technology in their devices.
State of the Word 2021, the annual keynote from WordPress co-founder Matt Mullenweg, happened on December 14. The hybrid event took place in New York City with a small audience (proof of vaccination required). As Matt said, “we had people join by plane, train, and automobile.” Those who didn’t make the trek to the live event watched the livestream from wherever they call home, all around the world.
It was an exciting moment for the WordPress community which also celebrated its first in-person WordCamp in Sevilla, Spain, after a lengthy hiatus for in-person events.
You can view the full recording, complete with captions and transcripts on WordPress.tv.
It was thrilling to see so many meetup organizers host watch parties worldwide. Twenty-six watch parties were held across 11 countries, with more than 300 RSVPs.
Citus Con: An Event for Postgres is free, virtual, and global developer event happening Apr 12-13, 2022.
IBM/Red Hat Leftovers
We made it through another year of mostly virtual meetings. The virtual fatigue was real, but so were the achievements in open source in 2021.
In April and June, we staged our 22nd overall and second fully virtual Red Hat Summit. While we missed gathering in person, 43,712* session views from around the globe prove that virtual conferences can provide greater reach and easier access—and that's a win for everyone involved.
In August, open source enthusiasts celebrated 30 years of the Linux kernel and the second version of the GNU General Public License (GPLv2). Without GPLv2’s tenets, it’s unlikely Linux would have made it all the way to Mars.
Back on planet Earth, climate change was a hot topic in 2021 (pun very much intended). In September, Red Hat joined OS-Climate, an open source project that aims to build the tech and data platforms needed to better assess climate risk and opportunity as elements of financial decision-making.
October brought another all-virtual conference in AnsibleFest, which included the general availability of Red Hat Ansible Automation Platform 2. And while we’re on the subject of product announcements, Red Hat Enterprise Linux 8.5 made its debut in November.
While POWER CPUs have generally been well received by the free software community for being open-source friendly especially with the OpenPOWER Foundation, IBM's latest-generation POWER10 processors are continuing to be an upset.
In particular, not all of the POWER10 firmware is open-source and there are no indications of that changing in the near-term. There are firmware blobs still necessary for POWER10 when it comes to the DDR memory support and PCI Express, which obviously are crucial with today's systems.
Red Hat has announced updates throughout its portfolio of application services to deliver a more seamless and unified experience for application development, delivery, integration, and automation across hybrid cloud environments.
The modularity of the Red Hat Application Services portfolio contributes to a unified environment for application development, delivery, integration, and automation. The combination of the Quarkus platform with the connectivity capabilities of Apache Camel, the intelligent decisioning of Kogito, API management with Red Hat 3scale API Management, and the power of Red Hat OpenShift enables Java developers to fully embrace cloud-and Kubernetes-native development.
Programming Leftovers
Intel's CM Compiler for their "C for Metal" programming language has been updated for various new GPU targets, including not only Xe HPC "Ponte Vecchio" but also a Ponte Vecchio XT variant.
Intel on Tuesday released CM Compiler 1.0.119 as their LLVM-based open-source compiler implementing their C for Metal programming language. The CM Compiler goes back to their HD graphics days for offering a new GPU kernel programming language. If the C For Metal compiler doesn't ring a bell for you among all the different GPU computing efforts these days even within Intel alone, the former 01.org project page describes it as "a programming language that allows for creation of high-performance compute and media kernels for Intel® GPUs using explicit SIMD programming model. CM is based on restricted C++ specification, with extensions to support new SIMD constructs and data types, inline assembly, and access to architecture-specific hardware features."
Programming can be a frustrating endeavor. Certainly we’ve all had moments, such as forgetting punctuation in C or messing up whitespace in Python. Even worse, an altogether familiar experience is making a single change to a program that should have resulted in a small improvement but instead breaks the program. Now, though, there’s a programming language that can put these frustrations directly into the code itself into a cathartic, frustration-relieving syntax. The language is called AHHH and it’s quite a scream.
While it may not look like it on the surface, the language is Turing complete and can be used just like any other programming language. The only difference is that there are only 16 commands in this language which are all variants of strings of four capital- or lower-case-H characters. The character “A” in the command “AHHH” starts the program, and from there virtually anything can be coded as a long, seemingly unending scream. The programming language is loosely related to COW which uses various “moos” to create programs instead of screams, and of course is also distantly related to brainfuck which was an esoteric programming language created in order to have the smallest possible compiler.
Another (minor) nanotime release, now at version 0.3.5, just arrived at CRAN. It follows the updates RDieHarder 0.2.3 and RcppCCTZ 0.2.10 earlier today in bringing a patch kindly prepared by Tomas Kalibera for the upcoming (and very useful) ‘UCRT’ changes for Windows involving small build changes for the updated Windows toolchain.
nanotime relies on the RcppCCTZ package for (efficient) high(er) resolution time parsing and formatting up to nanosecond resolution, and the bit64 package for the actual integer64 arithmetic. Initially implemented using the S3 system, it has benefitted greatly from a rigorous refactoring by Leonardo who not only rejigged nanotime internals in S4 but also added new S4 types for periods, intervals and durations.
Developers, cybersecurity specialists and other skilled tech professionals are proving particularly elusive for hiring managers, largely as a result of the ramped-up demand for software and IT solutions prompted by the pandemic.
The latest Tech Jobs Report by recruitment agency Dice sheds light on exactly where this demand lies in the latter part of 2021. In Q3, job listings in the tech industry suggest that organizations are on the lookout for technology professionals "who understand the core concepts of software development and project management" and possess technical skills in Linux, as well as programming languages Java, Python and SQL.
-
None of The Qt Company products are affected by the Apache Log4j vulnerability (CVE-2021-44228).
We are happy to announce the release of Qt Design Studio 2.3.
Another day, another small addition to KDToolBox, KDAB’s collection of miscellaneous useful C++ classes and stuff.
In this post, we’re going to talk about KDFunctionalSortFilterProxyModel, which is a convenience subclass of QSortFilterProxyModel.
Greetings! It has been a cold and wet month here in Amsterdam, much like the rest of them, as another period of FOSS progress rolls on by. I have been taking it a little bit easier this month, and may continue to take some time off in the coming weeks, so I can have a bit of a rest for the holidays. However, I do have some progress to report, so let’s get to it.
In programming language progress, we’ve continued to see improvement in cryptography, with more AES cipher modes and initial work on AES-NI support for Intel processors, as well as support for HMAC and blake2b.
Version 1.0 of the mold linker has been released.
Glibc 2.35 is introducing the new tunable glibc.malloc.hugetlb that can help with improving system performance for some workloads making use of this tunable, depending upon your kernel's hugepages configuration.
The GNU C Library has landed huge pages support on Linux for mmap and arenas code that can be enabled with a new glibc tunable. That same tunable also allows enabling madvise support for transparent huge pages (THP).
Santa didn’t know if he should be worried or angry, and that made him angry.
Unbeknown to the world he had been outsourcing a lot of the production of Christmas gifts to low cost countries like China. The elves had not liked it. They had threatened to unionize and bring the whole operation to a halt. At a non-specified future date. December 24th was explicitly not mentioned, but one of the senior elves had said «ho, ho ho» in a menacing tone of voice. The memory made Santa shudder.
But the elves were not the problem. He had bought them off with fancy titles. CTO (Chief Transportation Officer) was easy. The next hundred or so, not so bad. But the rest of them had been a struggle. He was not particularly proud of D1C (Dispatch team 1 Coffee maker). But as they say, somebody has to make the coffee.
The problem was shipping. The pandemic had caused problems for everybody, and the shipping companies answered “Force Majeure” when asked what they intended to do about the inevitable delays. The problem was the sheer amount of goods. Whereas normal companies measured the goods in terms of containers, he measured them in terms of whole ships.
This is a perfect case where we could showcase the use of grammars in Raku. However, we have a much simpler solution: the EVAL routine will evaluate (i.e. compile and execute) an input string as a piece of Raku code and return the result. So we will use here this simpler solution (but will provide below an example of implementation with a grammar).
Azul, a provider of OpenJDK (Java runtime) builds, has introduced a "Cloud Native Compiler" which offers remote compilation of Java to native code, claiming it can reduce compute resources by up to 50 per cent.
When a Java application runs, a JIT (Just-in-time) compiler, usually the OpenJDK JIT called HotSpot, compiles the Java bytecode to native machine code to optimise performance. It is a highly optimised process – but Azul reckons it can improve it further by removing that responsibility from the VM or container where the application is running.
"The problem with [local compilation] is that you're constrained by local machine resources," Azul CEO and co-founder Scott Sellers tells The Register. "There is no sharing of information between one instance of the Java runtime and the next. So everything is very siloed and rigid. The Cloud Native Compiler is about offloading the compilation process, taking it out of the JVM [Java Virtual Machine] and instead putting that into a cloud service."
Is it really efficient to have a Java application send its bytecode over the network to another service that compiles and sends back the results to be executed?
