GNU/Linux on Desktop/Phone: System76, DeX, Librem

• Pop!_OS Is Finally Here — System76’s Ubuntu-based Operating System For Developers

  The first ever stable release of Pop!_OS is finally here. You can go ahead and download it from this link. Don’t forget to share your feedback. Earlier this year in June, we reported that System76 is creating its own Linux distro called Pop!_OS.

• Samsung DeX Promises to Bring the Linux PC Experience to Your Mobile Device

  After unveiling its next-generation Bixby 2.0 intelligent assistant, Samsung today announced that it plans to bring the Linux PC experience to the Samsung DeX ecosystem.

• Steps toward a privacy-preserving phone

  What kind of cell phone would emerge from a concerted effort to design privacy in from the beginning, using free software as much as possible? Some answers are provided by a crowdfunding campaign launched in August by Purism SPC, which has used two such campaigns successfully in the past to build a business around secure laptops. The Librem 5, with a five-inch screen and radio chip for communicating with cell phone companies, represents Purism's hope to bring the same privacy-enhancing vision to the mobile space, which is much more demanding in its threats, technology components, and user experience. The abuse of mobile phone data has become a matter of worldwide concern. The capture and sale of personal data by apps is so notorious that it has been covered in USA Today; concerns over snooping contribute to the appeal of WhatsApp (which has topped 1.3 billion users) and other encrypted and privacy-conscious apps. But apps are only one attack vector. I got in touch with Todd Weaver, founder and CEO of Purism, to find out what the company is doing to plug the leaks in mobile devices.

Servers: DockerCon Coverage, MongoDB IPO

• DockerCon EU 17 Panel Debates Docker Container Security

  There are many different security capabilities that are part of the Docker container platform, and there are a number of vendors providing container security offerings. At the DockerCon EU 17 conference in Copenhagen, Denmark, eWEEK moderated a panel of leading vendors—Docker, Hewlett Packard Enterprise, Aqua Security, Twistlock and StackRox—to discuss the state of the market. To date, there have been no publicly disclosed data breaches attributed to container usage or flaws. However, that doesn't mean that organizations using containers have not been attacked. In fact, Wei Lien Dang, product manager at StackRox, said one of his firm's financial services customers did have a container-related security incident.

• DockerCon EU: Tips and Tools for Running Container Workloads on AWS

  Amazon Web Services wants to be a welcome home for developers and organizations looking to deploy containers. At the DockerCon EU conference here, a pair of AWS technical evangelists shared their wisdom on the best ways to benefit from container deployments. The terms microservices and containers are often used interchangeably by people. Abby Fuller, technical evangelist at AWS, provided the definition of microservices coined by Adrian Crockford, VP of Cloud Architecture at AWS and formerly the cloud architect at Netflix.

• Docker CEO: Embracing Kubernetes Removes Conflict

  Steve Singh has ambitious plans for Docker Inc. that are nothing less than transforming the world of legacy applications into a modern cloud-native approach. Singh was named CEO of Docker on May 2 and hosted his first DockerCon event here Oct. 16-19. The highlight of DockerCon EU was the surprise announcement that Docker is going to support the rival open-source Kubernetes container orchestration system. In a video interview with eWEEK, Singh explained the rationale behind the Kubernetes support and provided insight into his vision for the company he now leads.

• MongoDB's IPO Beats the Market Out of the Gate

  The folks at MongoDB raised a whole lot of money today in their debut on NASDAQ. Yesterday the open source company announced it was going to be asking $24 a share for the 8 million Class A shares it was letting loose in its IPO, which had some Wall Street investors scratching their heads and wondering if the brains at Mongo were suffering from some kind of undiagnosed damage. Analysts had been estimating an opening price of between $20-22 per share, and on October 6 the company had estimated an opening price in the range of $18-20.

LWN on Linux: LTS, API, Pointer Leaks and Linux Plumbers Conference (LPC)

• Cramming features into LTS kernel releases

  While the 4.14 development cycle has not been the busiest ever (12,500 changesets merged as of this writing, slightly more than 4.13 at this stage of the cycle), it has been seen as a rougher experience than its predecessors. There are all kinds of reasons why one cycle might be smoother than another, but it is not unreasonable to wonder whether the fact that 4.14 is a long-term support (LTS) release has affected how this cycle has gone. Indeed, when he released 4.14-rc3, Linus Torvalds complained that this cycle was more painful than most, and suggested that the long-term support status may be a part of the problem. A couple of recent pulls into the mainline highlight the pressures that, increasingly, apply to LTS releases. As was discussed in this article, the 4.14 kernel will include some changes to the kernel timer API aimed at making it more efficient, more like contemporary in-kernel APIs, and easier to harden. While API changes are normally confined to the merge window, this change was pulled into the mainline for the 4.14-rc3 release. The late merge has led to a small amount of grumbling in the community.

• Improving the kernel timers API

  The kernel's timer interface has been around for a long time, and its API shows it. Beyond a lack of conformance with current in-kernel interface patterns, the timer API is not as efficient as it could be and stands in the way of ongoing kernel-hardening efforts. A late addition to the 4.14 kernel paves the way toward a wholesale change of this API to address these problems.

• What's the best way to prevent kernel pointer leaks?

  An attacker who seeks to compromise a running kernel by overwriting kernel data structures or forcing a jump to specific kernel code must, in either case, have some idea of where the target objects are in memory. Techniques like kernel address-space layout randomization have been created in the hope of denying that knowledge, but that effort is wasted if the kernel leaks information about where it has been placed in memory. Developers have been plugging pointer leaks for years but, as a recent discussion shows, there is still some disagreement over the best way to prevent attackers from learning about the kernel's address-space layout. There are a number of ways for a kernel pointer value to find its way out to user space, but the most common path by far is the printk() function. There are on the order of 50,000 printk() calls in the kernel, any of which might include the value of a kernel pointer. Other places in the kernel use the underlying vsprintf() mechanism to format data for virtual files; they, too, often leak pointer values. A blanket ban on printing pointer values could solve this problem — if it could be properly enforced — but it would also prevent printing such values when they are really needed. Debugging kernel problems is one obvious use case for printing pointers, but there are others.

• Continuous-integration testing for Intel graphics

  Two separate talks, at two different venues, give us a look into the kinds of testing that the Intel graphics team is doing. Daniel Vetter had a short presentation as part of the Testing and Fuzzing microconference at the Linux Plumbers Conference (LPC). His colleague, Martin Peres, gave a somewhat longer talk, complete with demos, at the X.Org Developers Conference (XDC). The picture they paint is a pleasing one: there is lots of testing going on there. But there are problems as well; that amount of testing runs afoul of bugs elsewhere in the kernel, which makes the job harder. Developing for upstream requires good testing, Peres said. If the development team is not doing that, features that land in the upstream kernel will be broken, which is not desirable. Using continuous-integration (CI) along with pre-merge testing allows the person making a change to make sure they did not break anything else in the process of landing their feature. That scales better as the number of developers grows and it allows developers to concentrate on feature development, rather than bug fixing when someone else finds the problem. It also promotes a better understanding of the code base; developers learn more "by breaking stuff", which lets them see the connections and dependencies between different parts of the code.

Tux Machines is proud to be hosted by