Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 20 Sep 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Debian Etch: Solid, Crufty, Some Assembly Required srlinuxx
Story This months Cosmo srlinuxx 06/02/2005 - 4:03am
Story 50 gmail invites? srlinuxx 1 06/02/2005 - 4:10am
Story Moooore Spam! srlinuxx 1 06/02/2005 - 4:12am
Story Vin Diesel going soft on us? srlinuxx 2 06/02/2005 - 4:25pm
Poll How's the new site? srlinuxx 2 06/02/2005 - 9:01pm
Story Hackers homing in on Cellular Phones srlinuxx 5 07/02/2005 - 2:20pm
Story M$ Claims Safer than Linux srlinuxx 1 11/02/2005 - 5:34am
Story This Week At the Movies: Boogeyman & Alone in the Dark & Hide and Seek srlinuxx 1 11/02/2005 - 5:41am
Story Forbes Wants to Know srlinuxx 2 11/02/2005 - 6:13am

LWN's Latest (Today Outside Paywall) Articles About the Kernel, Linux

Filed under
Linux
  • Toward better handling of hardware vulnerabilities

    From the kernel development community's point of view, hardware vulnerabilities are not much different from the software variety: either way, there is a bug that must be fixed in software. But hardware vendors tend to take a different view of things. This divergence has been reflected in the response to vulnerabilities like Meltdown and Spectre which was seen by many as being severely mismanaged. A recent discussion on the Kernel Summit discussion list has shed some more light on how things went wrong, and what the development community would like to see happen when the next hardware vulnerability comes around.

    The definitive story of the response to Meltdown and Spectre has not yet been written, but a fair amount of information has shown up in bits and pieces. Intel was first notified of the problem in July 2017, but didn't get around to telling anybody in the the Linux community about it until the end of October. When that disclosure happened, Intel did not allow the community to work together to fix it; instead each distributor (or other vendor) was mostly left on its own and not allowed to talk to the others. Only at the end of December, right before the disclosure (and the year-end holidays), were members of the community allowed to talk to each other.

    The results of this approach were many, and few were good. The developers charged with responding to these problems were isolated and under heavy stress for two months; they still have not been adequately thanked for the effort they put in. Many important stakeholders, including distributions like Debian and the "tier-two" cloud providers, were not informed at all prior to the general disclosure and found themselves scrambling. Different distributors shipped different fixes, many of which had to be massively revised before entry into the mainline kernel. When the dust settled, there was a lot of anger left simmering in its wake.

  • Writing network flow dissectors in BPF

    Network packet headers contain a great deal of information, but the kernel often only needs a subset of that information to be able to perform filtering or associate any given packet with a flow. The piece of code that follows the different layers of packet encapsulation to find the important data is called a flow dissector. In current Linux kernels, the flow dissector is written in C. A patch set has been proposed recently to implement it in BPF with the clear goal of improving security, flexibility, and maybe even performance.

  • Coscheduling: simultaneous scheduling in control groups

    The kernel's CPU scheduler must, as its primary task, determine which process should be executing in each of a system's processors at any given time. Making an optimal decision involves juggling a number of factors, including the priority (and scheduling classes) of the runnable processes, NUMA locality, cache locality, latency minimization, control-group policies, power management, overall fairness, and more. One might think that throwing another variable into the mix — and a complex one at that — would not be something anybody would want to attempt. The recent coscheduling patch set from Jan Schönherr does exactly that, though, by introducing the concept of processes that should be run simultaneously.

    The core idea behind coscheduling is the marking of one or more control groups as containing processes that should be run together. If one process in a coscheduled group is running on a specific set of CPUs (more on that below), only processes from that group will be allowed to run on those CPUs. This rule holds even to the point of forcing some of the CPUs to go idle if the given control group lacks runnable processes, regardless of whether processes outside the group are runnable.

    Why might one want to do such a thing? Schönherr lists four motivations for this work, the first of which is virtualization. That may indeed be the primary motivation, given that Schönherr is posting from an Amazon address, and Amazon is rumored to be running a virtualized workload or two. A virtual machine usually contains multiple processes that interact with each other; these machines will run more efficiently (and with lower latencies) if those processes can run simultaneously. Coscheduling would ensure that all of a virtual machine's processes are run together, maximizing locality and minimizing the latencies of the interactions between them.

  • Machine learning and stable kernels

    There are ways to get fixes into the stable kernel trees, but they require humans to identify which patches should go there. Sasha Levin and Julia Lawall have taken a different approach: use machine learning to distinguish patches that fix bugs from others. That way, all bug-fix patches could potentially make their way into the stable kernels. Levin and Lawall gave a talk describing their work at the 2018 Open Source Summit North America in Vancouver, Canada.

    Levin began with a quick introduction to the stable tree and how patches get into it. When a developer fixes a bug in a patch they can add a "stable tag" to the commit or send a mail to the stable mailing list; Greg Kroah-Hartman will then pick up the fix, evaluate it, and add it to the stable tree. But that means that the stable tree is only getting the fixes that are pointed out to the stable maintainers. No one has time to check all of the commits to the kernel for bug fixes but, in an ideal world, all of the bug fixes would go into the stable kernels. Missing out on some fixes means that the stable trees will have more security vulnerabilities because the fixes often close those holes—even if the fixer doesn't realize it.

  • Trying to get STACKLEAK into the kernel

    The STACKLEAK kernel security feature has been in the works for quite some time now, but has not, as yet, made its way into the mainline. That is not for lack of trying, as Alexander Popov has posted 15 separate versions of the patch set since May 2017. He described STACKLEAK and its tortuous path toward the mainline in a talk [YouTube video] at the 2018 Linux Security Summit.

    STACKLEAK is "an awesome security feature" that was originally developed by The PaX Team as part of the PaX/grsecurity patches. The last public version of the patch set was released in April 2017 for the 4.9 kernel. Popov set himself on the goal of getting STACKLEAK into the kernel shortly after that; he thanked both his employer (Positive Technologies) and his family for giving him working and free time to push STACKLEAK.

    The first step was to extract STACKLEAK from the more than 200K lines of code in the grsecurity/PaX patch set. He then "carefully learned" about the patch and what it does "bit by bit". He followed the usual path: post the patch, get feedback, update the patch based on the feedback, and then post it again. He has posted 15 versions and "it is still in progress", he said.

PostgreSQL 11: something for everyone

Filed under
Server
OSS

PostgreSQL 11 had its third beta release on August 9; a fourth beta (or possibly a release candidate) is scheduled for mid-September. While the final release of the relational database-management system (currently slated for late September) will have something new for many users, its development cycle was notable for being a period when the community hit its stride in two strategic areas: partitioning and parallelism.

Partitioning and parallelism are touchstones for major relational database systems. Proprietary database vendors manage to extract a premium from a minority of users by upselling features in these areas. While PostgreSQL has had some of these "high-tier" items for many years (e.g., CREATE INDEX CONCURRENTLY, advanced replication functionality), the upcoming release expands the number considerably. I may be biased as a PostgreSQL major contributor and committer, but it seems to me that the belief that community-run database system projects are not competitive with their proprietary cousins when it comes to scaling enterprise workloads has become just about untenable.

Read more

today's howtos and software leftovers

Filed under
Software
HowTos

Solving the storage dilemma with open source storage

Filed under
OSS

Business IT is facing storage growth that’s exceeding even the highest estimates, and there’s no sign of it slowing down anytime soon. Unstructured data in the form of audio, video, digital images and sensor data now makes up an increasingly large majority of business data and presents a new set of challenges that calls for a different approach to storage.

For CIOs, storage systems that are able to provide greater flexibility and choice, as well as the capability to better identify unstructured data in order to categorise, utilise and automate the management of it throughout its lifecycle are seen as the ideal solution.

One answer to solving the storage issue is software defined storage (SDS) which separates the physical storage hardware (data plane) from the data storage management logic or ‘intelligence’ (control plane). Needing no proprietary hardware components, SDS is the perfect cost-effective solution for enterprises as IT can use off-the-shelf, low-cost commodity hardware which is robust and flexible.

Read more

Also: New Open Source Library Nyoka Aids AI, Data Science

WireGuard Picks Up A Simpler Kconfig, Zinc Crypto Performance Fix

Filed under
Linux
Security

WireGuard lead developer Jason Donenfeld sent out the fifth revision of the WireGuard and Zinc crypto library patches this week. They've been coming in frequently with a lot of changes with it looking like this "secure VPN tunnel" could reach the Linux 4.20~5.0 kernel.

With the WireGuard v5 patches there are various low-level code improvements, a "saner" and simpler Kconfig build-time configuration options, a performance regression for tcrypt within the Zinc crypto code has been fixed and is now even faster than before, and there is also now a nosimd module parameter to disable the use of SIMD instructions.

Read more

Microsoft Demonstrates Why Proprietary Software Cannot be Trusted

Filed under
Microsoft
  • This Windows file may be secretly hoarding your passwords and emails

    If you're one of the people who own a stylus or touchscreen-capable Windows PC, then there's a high chance there's a file on your computer that has slowly collected sensitive data for the past months or even years.

    [...]

    The handwriting feature is there since Windows 8 which means the vulnerability has been there for many years. However, if you don’t store valuable information like passwords or email on your PC, you aren’t much likely to get affected much.

  • This Windows File Might Be Secretly Collecting Sensitive Data Since Windows 8

    There is a Windows file named WaitList.dat that covertly collects your passwords and email information, with the help of Windows Search Indexer service.

    Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs first discovered the information about the file back in 2016 but wasn’t paid much attention. However, in after a new and exclusive interview with ZDNet – it appears that the file, in fact, is reasonably dangerous.

The best editor for PHP developers who work in Linux OS

Filed under
Development
Software

Every programmer knows that coding is fun! Don't you agree with me? However, to be an absolutely professional PHP developer, we have to know a lot about all the specific details of coding.

Selecting the editor you are going to use to happily code is not an easy decision and must be taken unhurriedly.

If you are a beginner, you may try a great code editor with a rich functionality and very flexible customization which is known as Atom Editor, the editor of the XXI century. You may say that we have many pretty alternatives available. Read the explanation below, and the introduced information will knock you off!

Read more

Variscite’s latest DART module taps headless i.MX6 ULZ

Filed under
Linux

Variscite is prepping a headless version of its Linux-friendly DART-6UL module with NXP’s new i.MX6 ULZ SoC, a cheaper version of the i.MX6 UL without display or Ethernet features.

Variscite is spinning out yet another pin-compatible version of its 50 x 25mm DART-6UL computer-on-module, this time loaded with NXP’s headless new i.MX6 ULZ variant of the single Cortex-A7 core i.MX6 UL. Due for a Q4 launch, the unnamed module lacks display or LAN support. It’s billed as “a native solution for headless Linux-based embedded products such as IoT devices and smart home sensors requiring low power, low size, and rich connectivity options.”

Read more

Stable kernels 4.18.9, 4.14.71, 4.9.128 and 4.4.157

Filed under
Linux

Openwashing: Zenko (Dual), Kong (Mere API) and Blackboard (Proprietary and Malicious)

Filed under
OSS

Games: Descenders, War Thunder’s “The Valkyries”

Filed under
Gaming

Kernel: Virtme, 2018 Linux Audio Miniconference and Linux Foundation Articles

Filed under
Linux
  • Virtme: The kernel developers' best friend

    When working on the Linux Kernel, testing via QEMU is pretty common. Many virtual drivers have been recently merged, useful either to test the kernel core code, or your application. These virtual drivers make QEMU even more attractive.

  • 2018 Linux Audio Miniconference

    As in previous years we’re trying to organize an audio miniconference so we can get together and talk through issues, especially design decisons, face to face. This year’s event will be held on Sunday October 21st in Edinburgh, the day before ELC Europe starts there.

  • How Writing Can Expand Your Skills and Grow Your Career [Ed: Linux Foundation article]

    At the recent Open Source Summit in Vancouver, I participated in a panel discussion called How Writing can Change Your Career for the Better (Even if You don't Identify as a Writer. The panel was moderated by Rikki Endsley, Community Manager and Editor for Opensource.com, and it included VM (Vicky) Brasseur, Open Source Strategy Consultant; Alex Williams, Founder, Editor in Chief, The New Stack; and Dawn Foster, Consultant, The Scale Factory.

  • At the Crossroads of Open Source and Open Standards [Ed: Another Linux Foundation article]

    A new crop of high-value open source software projects stands ready to make a big impact in enterprise production, but structural issues like governance, IPR, and long-term maintenance plague OSS communities at every turn. Meanwhile, facing significant pressures from open source software and the industry groups that support them, standards development organizations are fighting harder than ever to retain members and publish innovative standards. What can these two vastly different philosophies learn from each other, and can they do it in time to ensure they remain relevant for the next 10 years?

Red Hat: PodCTL, Security Embargos at Red Hat and Energy Sector

Filed under
Red Hat
  • [Podcast] PodCTL #50 – Listener Mailbag Questions

    As the community around PodCTL has grown (~8000 weekly listeners) we’ve constantly asked them to give us feedback on topics to discuss and areas where they want to learn. This week we discussed and answered a number of questions about big data and analytics, application deployments, routing security, and storage deployment models.

  • Security Embargos at Red Hat

    The software security industry uses the term Embargo to describe the period of time that a security flaw is known privately, prior to a deadline, after which time the details become known to the public. There are no concrete rules for handling embargoed security flaws, but Red Hat uses some industry standard guidelines on how we handle them.

    When an issue is under embargo, Red Hat cannot share information about that issue prior to it becoming public after an agreed upon deadline. It is likely that any software project will have to deal with an embargoed security flaw at some point, and this is often the case for Red Hat.

  • Transforming oil & gas: Exploration and production will reap the rewards

    Through advanced technologies based on open standards, Red Hat deliver solutions that can support oil and gas companies as they modernize their IT infrastructures and build a framework to meet market and technology challenges. Taking advantage of modern, open architectures can help oil and gas providers attract new customers and provide entry into markets where these kinds of services were technologically impossible a decade ago.

BlackArch Linux Ethical Hacking OS Now Has More Than 2000 Hacking Tools

Filed under
GNU
Linux
Security

The BlackArch Linux penetration testing and ethical hacking computer operating system now has more than 2000 tools in its repositories, announced the project's developers recently.

Used by thousands of hundreds of hackers and security researchers all over the world, BlackArch Linux is one of the most acclaimed Linux-based operating systems for hacking and other security-related tasks. It has its own software repositories that contain thousands of tools.

The OS is based on the famous Arch Linux operating system and follows a rolling release model, where users install once and receive updates forever, or at least until they do something that can't be repaired and need to reinstall.

Read more

Debian Patches for Intel's Defects, Canonical to Fix Ubuntu Security Flaws for a Fee

Filed under
Security
Debian
Ubuntu
  • Debian Outs Updated Intel Microcode to Mitigate Spectre V4 and V3a on More CPUs

    The Debian Project released an updated Intel microcode firmware for users of the Debian GNU/Linux 9 "Stretch" operating system series to mitigate two of the latest Spectre vulnerabilities on more Intel CPUs.

    Last month, on August 16, Debian's Moritz Muehlenhoff announced the availability of an Intel microcode update that provided Speculative Store Bypass Disable (SSBD) support needed to address both the Spectre Variant 4 and Spectre Variant 3a security vulnerabilities.

    However, the Intel microcode update released last month was available only for some types of Intel CPUs, so now the Debian Project released an updated version that implements SSBD support for additional Intel CPU models to mitigate both Spectre V4 and V3a on Debian GNU/Linux 9 "Stretch" systems.

  • Announcing Extended Security Maintenance for Ubuntu 14.04 LTS – “Trusty Tahr” [Ed: Canonical looking to profit from security flaws in Ubuntu like Microsoft does in Windows.]

    Ubuntu is the basis for the majority of cloud-based workloads today. With over 450 million public cloud instances launched since the release of Ubuntu 16.04 LTS, a number that keeps accelerating on a day-per-day basis since, many of the largest web-scale deployments are using Ubuntu. This includes financial, big data, media, and many other workloads and use cases, which rely on the stability and continuity of the underlying operating system to provide the mission-critical service their customers rely on.

    Extended Security Maintenance (ESM) was introduced for Ubuntu 12.04 LTS as a way to extend the availability of critical and important security patches beyond the nominal End of Life date of Ubuntu 12.04. Organisations use ESM to address security compliance concerns while they manage the upgrade process to newer versions of Ubuntu under full support. The ability to plan application upgrades in a failsafe environment continues to be cited as the main value for adoption of ESM. With the End of Life of Ubuntu 14.04 LTS in April 2019, and to support the planning efforts of developers worldwide, Canonical is announcing the availability of ESM for Ubuntu 14.04.

  • Canonical Announces Ubuntu 14.04 LTS (Trusty Tahr) Extended Security Maintenance

    Canonical announced today that it would extend its commercial Extended Security Maintenance (ESM) offering to the Ubuntu 14.04 LTS (Trusty Tahr) operating system series starting May 2019.

    Last year on April 28, 2017, when the Ubuntu 12.04 LTS (Precise Pangolin) operating system series reached end of life, Canonical announced a new way for corporate users and enterprises to receive security updates if they wanted to keep their current Ubuntu 12.04 LTS installations and had no plans to upgrade to a newer LTS (Long Term Support) release. The offering was called Extended Security Maintenance (ESM) and had a great success among businesses.

Graphics: NVIDIA and AMD

Filed under
Graphics/Benchmarks
  • Initial NVIDIA GeForce RTX 2080 Ti Linux Benchmarks

    This article is going to be short and sweet as just receiving the GeForce RTX 2080 Ti yesterday and then not receiving the Linux driver build until earlier today... The GeForce RTX 2080 Ti has been busy now for a few hours with the Phoronix Test Suite on the Core i7 8086K system running Ubuntu 18.04 LTS with the latest drivers.

  • NVIDIA Introduces A Number Of New OpenGL Extensions For Turing

    As part of the GeForce RTX 2080 series launching with the new GPU architecture, NVIDIA has published a number of new OpenGL extensions for making use of some of Turing's new capabilities.

  • Vulkan 1.1.85 Released With Raytracing, Mesh Shaders & Other New NVIDIA Extensions

    Leading up to the Turing launch we weren't sure if NVIDIA was going to deliver same-day Vulkan support for RTX/ray-tracing with the GeForce RTX graphics cards or if it was going to be left up to Direct3D 12 on Windows for a while... Fortunately, as already reported, their new driver has Vulkan RTX support. Additionally, the NVX_raytracing extension and other NVIDIA updates made it into today's Vulkan 1.1.85 release.

  • Radeon/GPUOpen OCAT 1.2 Released But No Linux Support Yet

    A new feature release is out for the Radeon/GPUOpen "OCAT" open-source capture and analytics tool.

    OCAT 1.2 is their first release of the year and includes VR head-mounted display (HMD) support, new visualization tools, system information detection, new settings, and other enhancements.

Security: Updates, US Demand for Back Doors, and Microsoft's Collusion with the NSA Keeps Serving Crackers

Filed under
Security
  • Security updates for Wednesday
  • State Department Still Sucks At Basic Cybersecurity And Senators Want To Know Why

    The senators are hoping the State Department will have answers to a handful of cybersecurity-related questions by October 12th, but given the agency's progress to compliance with a law that's been on the book for two years at this point, I wouldn't expect responses to be delivered in a timelier fashion.

    The agency's track record on security isn't great and these recent developments only further cement its reputation as a government ripe for exploitation. The agency's asset-tracking program only tracks Windows devices, its employees are routinely careless with their handling of classified info, and, lest we forget, its former boss ran her own email server, rather than use the agency's. Of course, given this long list of security failures, there's a good possibility an off-site server had more baked-in security than the agency's homebrew.

  • EternalBlue Vulnerability Puts Pirated Windows Systems at Malware Risk [Ed: Microsoft's collusion with the NSA (for US-controlled back doors) continues to cost billions... paid by people who foolishly chose or accepted PCs with Windows.]

    A particular vulnerability that has been codenamed EternalBlue is to be blamed for this misfortune. The malware risk especially affects computers which use pirated Windows versions. This gap in security has its traces back in the legacies of US secret service NSA. Even after several years, many systems continue to be vulnerable. For more than three years, US intelligence was using it for performing hidden attacks on all kinds of targets. The agency finally had to leak the vulnerability to Microsoft due to the danger of hacking by a famous hacker group, Shadow Brokers. Microsoft then consequently had to abandon a patch day for the very first time in the company’s history for filling in the gap as quickly as possible.

Syndicate content