Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 17 Jun 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Server: GNU/Linux Dominance in Supercomputers, Windows Dominance in Downtime

  • Five Supercomputers That Aren't Supercomputers
    A supercomputer, of course, isn't really a "computer." It's not one giant processor sitting atop an even larger motherboard. Instead, it's a network of thousands of computers tied together to form a single whole, dedicated to a singular set of tasks. They tend to be really fast, but according to the folks at the International Supercomputing Conference, speed is not a prerequisite for being a supercomputer. But speed does help them process tons of data quickly to help solve some of the world's most pressing problems. Summit, for example, is already booked for things such as cancer research; energy research, to model a fusion reactor and its magnetically confined plasma tohasten commercial development of fusion energy; and medical research using AI, centering around identifying patterns in the function and evolution of human proteins and cellular systems to increase understanding of Alzheimer’s, heart disease, or addiction, and to inform the drug discovery process.
  • Office 365 is suffering widespread borkage across Blighty
     

    Some users are complaining that O365 is "completely unusable" with others are reporting a noticeable slowdown, whinging that it's taking 30 minutes to send and receive emails.  

Google: VR180, Android and the Asus Chromebook Flip C101

Security Leftovers

  • Hackers May Have Already Defeated Apple’s USB Restricted Mode For iPhone
    Recently, the iPhone-maker announced a security feature to prevent unauthorized cracking of iPhones. When the device isn’t unlocked for an hour, the Lightning port can be used for nothing but charging. The feature is a part of the iOS 12 update, which is expected to launch later this month.
  • Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature
    Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone’s lightning cable port into a charge-only interface if someone hasn’t unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn’t be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible. That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet.
  • How Secure Are Wi-Fi Security Cameras?
  • Trump-Kim Meeting Was a Magnet For Russian Cyberattacks

KDE: Usability and Productivity initiative, Kraft and Konsole

  • This week in Usability & Productivity, part 23
    This has been a bit of a light week for KDE’s Usability and Productivity initiative, probably because everyone’s basking in the warm glow of a well-received release: KDE Plasma 5.13 came out on Tuesday and is getting great reviews!
  • Kraft Version 0.81 Released
    I am happy to announce the release of Kraft version 0.81. Kraft is a Qt based desktop application that helps you to handle documents like quotes and invoices in your small business. Version 0.81 is a bugfix release for the previous version 0.80, which was the first stable release based on Qt5 and KDE Frameworks5. Even though it came with way more new features than just the port, it’s first release has proven it’s stability in day-to-day business now for a few month.
  • Giving Konsole some love
    I started to hack in Konsole, and first I was afraid, I was petrified. You know, touching those hardcore apps that are the center of the KDE Software Collection. I started touching it mostly because some easy to fix bugs weren’t fixed, and as every cool user knows, this is free software. So I could pay for someone to fix my bugs, or I could download the source code and try to figure out what the hell was wrong with it. I choosed the second approach.

Events/Audiocasts/Shows: OpenBSD, Fynd, PostgresConf, Ubuntu Podcast, EzeeLinux Show

Filed under
OSS
  • Can you hack it? The importance of hackathons

    Back in the summer of 1999, 10 programmers from around the globe congregated in a room in Calgary, Alberta, to work on the obscure open source operating system known as OpenBSD. This was, in fact, the first ever recorded hackathon – a portmanteau of the words ‘hack’ and ‘marathon’ – anywhere in the world. Since…

  • Fynd Organizes Hackxagon, an Open Source Challenge for Its Engineers

    As an initiative to give back to the open source community, Fynd, the unique fashion e-commerce portal had launched gofynd.io, a few months ago. This project enabled the engineers of the fashion e-commerce portal to learn new technologies, improve the core infrastructure and enhance the Fynd platform. However, Fynd wanted to streamline the open sourcing process for which, the fashion e-commerce portal introduced Fynd Hackxagon—Open Source Challenge. The tech team open-sourced 13 projects in a day that were later made available in the Fynd GitHub public account.

  • South African Linux and Postgres conferences planned for October

    The South African open source, Linux, and Postgres community will be treated to two conferences in October – LinuxConf on 8 October and PostgresConf on 9 October.

    LinuxConf is a one-day conference in Johannesburg aimed at the Linux and open source community.

    Topics covered at LinuxConf will include Linux Kernel and OS, Linux distributions, virtualisation, system administration, open source applications, networking, and development environments.

    PostgresConf is aimed at the database administration and developer community, where they will exchange ideas and learn about the features and upcoming trends within PostgreSQL.

  • Ubuntu Podcast from the UK LoCo: S11E14.5 – Fourteen and a Half Pound Budgie - Ubuntu Podcast

    This show was recorded in front of a live studio audience at FOSS Talk Live on Saturday 9th June 2018! We take you on a 40 year journey through our time trumpet and contribute to some open source projects for the first time and discuss the outcomes.

  • EzeeLinux Show 18.23 | Ubuntu is NOT Spying on You!

    We take a look at Ubuntu’s data collection and talk about how it effects you. I also comment on some goings on in the Linux YouTube community and look at the new EzeeLinux web server.

Graphics: Nouveau Benchmarks, H.264, Mesa and Libinput

Filed under
Graphics/Benchmarks
  • The NVIDIA vs. Open-Source Nouveau Linux Driver Benchmarks For Summer 2018

    It has been some months since last delivering any benchmarks of Nouveau, the open-source, community-driven for NVIDIA GPUs. The reason for not having any Nouveau benchmarks recently has largely been due to lack of major progress, at least on the GeForce desktop GPU side, while NVIDIA has continued to contribute on the Tegra side. For those wondering how the current performance is of this driver that started out more than a decade ago via reverse-engineering, here are some benchmarks of the latest open-source Nouveau and NVIDIA Linux graphics drivers on Ubuntu.

  • H.264 Decoding Tackled For Reverse-Engineered "Cedrus" Allwinner Video Decode Driver

    The Bootlin (formerly Free Electrons) developers working on the Cedrus open-source, reverse-engineered Allwinner video decode driver have posted their patches for enabling H.264 video decoding.

    Earlier versions of their Sunxi-Cedrus driver patches had just supported MPEG-2 with other codecs to be tackled, but hitting the kernel mailing list this week were their patches for enabling H.264 decoding on Allwinner hardware.

  • More Vega M Performance Numbers Surfacing, Linux State Looking Good

    The performance of the Intel Core i7-8809G "Kabylake G" processor with onboard Radeon "Vega M" graphics are looking quite good under Linux now that the support has been squared away.

  • Mesa RadeonSI Lands Possible Vega/Raven Performance Improvement

    Earlier this month AMD's Marek Olšák posted RadeonSI patches for a scissor workaround affecting GFX9/Vega GPUs including Raven Ridge, which were based upon a RADV driver workaround already merged that helped affected games by up to ~11%. A revised version of that patch is now in Mesa 18.2 Git.

  • libinput and its device quirks files

    This post does not describe a configuration system. If that's all you care about, read this post here and go be angry at someone else. Anyway, with that out of the way let's get started.

    For a long time, libinput has supported model quirks (first added in Apr 2015). These model quirks are bitflags applied to some devices so we can enable special behaviours in the code. Model flags can be very specific ("this is a Lenovo x230 Touchpad") or generic ("This is a trackball") and it just depends on what the specific behaviour is that we need. The x230 touchpad for example has a custom pointer acceleration but trackballs are marked so they get some config options mice don't have/need.

Games Leftovers: OneShot, War Thunder, Hand of Fate 2, Surviving Mars & Iconoclasts

Filed under
Gaming

openSUSE Leap 15 Linux OS Is Now Available for Raspberry Pi, Other ARM Devices

Filed under
SUSE

Released last month, openSUSE Leap 15 is based on the SUSE Linux Enterprise 15 operating system series and introduces numerous new features and improvements over the previous versions. These include a new disk partitioner in the installer, the ability to migrate OpenSuSE Leap 15 installations to SUSE Linux Enterprise (SLE) 15, and integration with the Kopano open-source groupware application suite.

openSUSE Leap 15 also ships with a Firewalld as the default firewall management tool, a brand-new look that's closely aligned with SUSE Linux Enterprise, new classic "transactional server" and "server" system roles providing read-only root filesystem and transactional updates, and much more. Now, openSUSE Leap 15 was launched officially for ARM64 (AArch64) and ARMv7 devices, such as Raspberry Pi, BeagleBoard, Arndale Board, CuBox-i, and OLinuXino.

Read more

Piventory: LJ Tech Editor's Personal Stash of Raspberry Pis and Other Single-Board Computers

Filed under
Linux

I'm a big fan of DIY projects and think that there is a lot of value in doing something yourself instead of relying on some third party. I mow my own lawn, change my own oil and do most of my own home repairs, and because of my background in system administration, you'll find all sorts of DIY servers at my house too. In the old days, geeks like me would have stacks of loud power-hungry desktop computers around and use them to learn about Linux and networking, but these days, VMs and cloud services have taken their place for most people. I still like running my own servers though, and thanks to the advent of these tiny, cheap computers like the Raspberry Pi series, I've been able to replace all of my home services with a lot of different small, cheap, low-power computers.

Read more

Server: Containers and 'Enterprise' GNU/Linux

Filed under
Red Hat
Server
  • Container and Kubernetes Security: It's Complicated

    Container technology is being increasingly used by organizations as a way to deploy applications and micro-services. The promise of containers is improved agility and portability, while potentially also reducing the attack surface. Though container technology can be helpful for security, it can also have its own set of risks.

    In a panel session at the recent Kubecon + CloudNativeCon EU event titled "Modern App Security Requires Containers" -- moderated by eSecurity Planet -- security experts from Cloud Native Computing Foundation (CNCF) project and Google debated what's wrong and what's right with container security.

  • Docker Defines Itself as the Open Choice for Containers at DockerCon 18

    Docker CEO Steve Singh kicked off his company's DockerCon 18 conference here today, offering the assembled crowd of container enthusiasts a clear vision of where Docker is going.

    For Docker Inc, the company behind the eponymous container system, a lot is at stake. This is the first DockerCon where the founder of the company, Solomon Hykes is not present. Hykes left Docker in March, as the company direction has increasingly focused on enterprise adoption and commercial market growth.

  • How to select the right enterprise Linux

    The decision to use any modern edition of that operating system, generally spoken as RHEL with a silent H, is usually based on a need for component stability, paid technical support, and long-term version support, said Red Hat's Ron Pacheco, director of global product management.

  • CentOS 7.4 & kernel 4.x - Worth the risk?

    The reasons why we have gathered here are many. A few weeks ago, my CentOS distro went dead. With the new kernel containing Spectre patches, it refused to load the Realtek Wireless drivers into memory. Moreover, patches also prevent manual compilation. This makes the distro useless, as it has no network connection. Then, in my CentOS 7.4 upgrade article - which was flawless, including the network piece, go figure - I wondered about the use of new, modern 4.x kernels in CentOS. Sounds like we have a real incentive here.

    In this tutorial, I will attempt to install and use the latest mainline kernel (4.16 when I typed this). The benefits should be many. I've seen improved performance, responsiveness and battery life in newer kernels compared to the 3.x branch. The Realtek Wireless woes of the disconnect kind (like a Spielberg movie) were also fixed in kernel 4.8.7 onwards, so that's another thing. Lastly, this would make CentOS a lean, mean and modern beast. Bravely onwards!

    [...]

    Now, I can breathe with relief, as I've delivered on my promise, and I gave you a full solution to the CentOS 7.4 Realtek issues post upgrade. I do not like to end articles on a cliffhanger, and definitely not carry the solution over to a follow-up article, but in this rare case, it was necessary. The mainline kernel upgrade is a topic of its own.

    The kernel installation worked fine, and thereafter, we seem to have gained on many fronts. The network issues are fully resolved, we can compile again, the performance seems improved despite worse figures in the system monitor, battery life and stability are not impaired in any way, and the CentOS box has fresh new life, wrapped in modern features and latest software. And none of this was meant to be in the first place, because CentOS is a server distro. Well, I hope you are happy. The one outstanding mission - Plasma 5. Once we have that, we can proudly claim to have created the ultimate Linux distro hybrid monster. Take care.

HP Chromebook X2 is the first Detachable Chromebook with Linux app support

Filed under
GNU
Linux
Google
  • HP Chromebook X2 is the first Detachable Chromebook with Linux app support

    We first heard of Chrome OS gaining Linux app support back in February. Google officially confirmed during Google I/O 2018 that the Pixelbook would be the first Chromebook with Linux app support, but since then the Samsung Chromebook Plus has joined in on the fun. Tonight, a device that we expected to eventually gain Linux app support finally got support for it: the HP Chromebook X2.

  • HP Chromebook X2 Receives Linux App Support In Canary

    Following Google’s addition of Linux app support for Chrome OS and its own Pixelbook shortly after this year’s Google I/O conference which took place last month, the same Linux treatment has now been given to the new HP Chromebook X2. The aforementioned device was released in April as the first Chrome OS notebook to be wrapped in a 2-in-1 format, boasting stylus support and a metal unibody design. The recent implementation of Linux apps is primarily aimed at developers and presently it can only be acquired by switching to the Canary channel.

  • HP Chromebook X2 Gets Official Linux App Support

    Google recently announced that Chrome OS devices will soon get support for Linux apps starting with the company’s own Pixelbook, after which Chromebooks from other manufacturers will also get the same treatment. Samsung’s Chromebook Plus was the first device from another manufacturer to get support for Linux apps, and now, HP’s Chromebook X2 has joined the league.

Microsoft loves Linux so much its R Open install script rm'd /bin/sh

Filed under
Microsoft
Debian

Microsoft had to emit a hasty update for its R Open analysis tool after developers found the open-source package was not playing nice with some Linux systems.

The issue was brought to light earlier this week by developer Norbert Preining, who found that the Debian GNU/Linux version of Open R – Microsoft's open-source implementation of the R statistics and data science tool – was causing headaches when it was installed on some systems.

Read more

Also: Microsoft Fixes Faulty Debian Package That Messed With Users' Settings

Security: Windows Ransomware, Cortana Holes, Google Play Protect and More

Filed under
Security
  • The worst types of ransomware attacks
  • Patched Cortana Bug Let Hackers Change Your Password From the Lock Screen
  • What is Google Play Protect and How Does it Keep Android Secure?
  • ​Another day, another Intel CPU security hole: Lazy State

    Once upon a time, when we worried about security, we worried about our software. These days, it's our hardware, our CPUs, with problems like Meltdown and Spectre, which are out to get us. The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system.

    Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "It allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

  • Eric S. Raymond on Keeping the Bazaar Secure and Functional
  • Purple testing and chaos engineering in security experimentation

    The way we use technology to construct products and services is constantly evolving, at a rate that is difficult to comprehend. Regrettably, the predominant approach used to secure design methodology is preventative, which means we are designing stateful security in a stateless world. The way we design, implement, and instrument security has not kept pace with modern product engineering techniques such as continuous delivery and complex distributed systems. We typically design security controls for Day Zero of a production release, failing to evolve the state of our controls from Day 1 to Day (N).

    This problem is also rooted in the lack of feedback loops between modern software-based architectures and security controls. Iterative build practices constantly push product updates, creating immutable environments and applying complex blue-green deployments and dependencies on ever-changing third-party microservices. As a result, modern products and services are changing every day, even as security drifts into the unknown.

Games, Emulators and Wine

Filed under
Gaming
  • Run your own Battle Royale in 'Battle Royale Tycoon' coming later this year

    It seems Endless Loop Studios is jumping on the Battle Royale hype train, although they're going about it in their own way with Battle Royale Tycoon. Yes—it's even infecting tycoon style games now.

  • Sweet puzzle game 'Hexologic' now supports Linux

    Hexologic is a new puzzle game that claims to have a new fun spin on Sudoku-like rules, it just recently added Linux support too. While the initial release at the end of last month was only for Windows, they quickly worked to bring it to Linux with the latest update.

  • Nouveau NV50 Gets Patches To Help Dolphin Emulator By As Much As ~50%

    If you are using the Nouveau Gallium3D driver there is now the possibility of having much better performance with the Dolphin emulator.

    Some Nouveau Gallium3D patches were posted today for benefiting the Dolphin video game console emulator that targets the Nintendo GameCube and Wii. These patches improve the performance of integer multiplication for this aging open-source NVIDIA driver and can help out the Dolphin emulator in areas of fragment-heavy scenes by as much as 50%.

  • Notepad++ on Linux is a Reality Thanks to This Snap Application

    The problem with Notepad++ is that it is exclusive to Windows platform and the developer has repeatedly refused to develop it for Linux. This is why Linux users had to settle for Notepad++ alternatives.

    Good news is that Notepad++ is now (unofficially) available as a Snap package for Linux user. Though this Notepad++ Linux application is not natively developed for Linux platform and is actually runs on Wine, it’s now a command (or click) away for you.

Linux 4.18 Addition Helps Dell + Thunderbolt Systems

Filed under
Linux

In addition to the secondary power management updates sent in on Wednesday for the Linux 4.18 kernel merge window, a set of ACPI updates were also submitted.

With this ACPI update that was already merged there is updates to the ACPICA code, debugger updates, and other routine work. Arguably the most user-facing change though is allowing Linux respond to the "Windows 2017.2" _OSI string. That Windows 2017.2 operating system interface string is what's used by Windows 10 Version 1709 in the latest buids of Windows.

Read more

Also: When and Why was Linux Created?

KDE: Mission Survey, Qt Quick , Krita

Filed under
KDE
  • Retrospective: The KDE Mission Survey

    It might sound a bit weird that I’m now talking about something that took place two years ago, but I just realized that while the call to participate in the survey for the KDE Mission was published on the Dot, the results have so far not received their own article.

    People who have participated in the survey but don’t read the Community list might have missed the results, which would be a pity. Therefore, I’d like to offer a bit of a retrospective on how the survey came to be and what came out of it.

  • Google Summer of Code, Porting Keyboard KCM to Qt Quick — Part 2

    Hi! It’s been quite a while since the first blog post. I’ve been working on the new redesign of the Keyboard KCM, and in this post I’m going to show you the progress I’ve made so far.

    Since last time, I’ve been mainly focusing on working improving the infrastructure. One of the goals of this project was to make configuring the input methods (like fcitx, ibus, …) in the System Settings easier. I decided to start with fcitx, since we know the developer of it (Xuetian Weng), and thus easier to ask when there is a question/problem.

  • Krita 4.0.4 Painting Software Has Been Released | Install On Ubuntu 18.04 LTS (Bionic Beaver)

    Krita is a free and open source advanced painting software for cross platform. The development team has just announced a new maintenance release Krita 4.0.4. It brings several bug fixes and stability improvements. Here are the major improvements of Krita 4.0.4.

  • GSoC: Krita AVX mask optimizations, setting up the environment.

    Hi! GSoC student here :]. This first weeks coding for Krita have been so busy I forgot to write about them. So I’ll start to sum everything up in short posts about each step of the project implementation process.

The Easiest PDO Tutorial (Basics)

Filed under
HowTos

Approximately 80% of the web is powered by PHP. And similarly, high number goes for SQL as well. Up until PHP version 5.5, we had the mysql_ commands for accessing mysql databases but they were eventually deprecated due to insufficient security.

Read<br />
more

Top Android Casual Games You Must Try

Filed under
Linux

Who needs serious hours of game-play when you could spend your minutes waiting for the bus playing something casual. No commitments to make, No stories to follow. Just start the game and have some fun. Here we have made a list of the top Arcade Games that you must try.

Read<br />
more

Programming With Python (LWN)

Filed under
Development
  • Unplugging old batteries

    Python is famous for being a "batteries included" language—its standard library provides a versatile set of modules with the language—but there may be times when some of those batteries have reached their end of life. At the 2018 Python Language Summit, Christian Heimes wanted to suggest a few batteries that may have outlived their usefulness and to discuss how the process of retiring standard library modules should work.

    The "batteries included" phrase for Python came from the now-withdrawn PEP 206 in 2006. That PEP argued that having a rich standard library was an advantage for the language since users did not need to download lots of other modules to get real work done. That argument still holds, but there are some modules that are showing their age and should, perhaps, be unplugged and retired from the standard library.

  • Advanced computing with IPython

    If you use Python, there's a good chance you have heard of IPython, which provides an enhanced read-eval-print loop (REPL) for Python. But there is more to IPython than just a more convenient REPL. Today's IPython comes with integrated libraries that turn it into an assistant for several advanced computing tasks. We will look at two of those tasks, using multiple languages and distributed computing, in this article.

    IPython offers convenient access to documentation, integration with matplotlib, persistent history, and many other features that greatly ease interactive work with Python. IPython also comes with a collection of "magic" commands that alter the effect of single lines or blocks of code; for example, you can time your code simply by typing %%time at the prompt before entering your Python statements. All of these features also work when using the Jupyter notebook with the IPython kernel, so you can freely switch between the terminal and the browser-based interface while using the same commands.

Linux kernel coverage at LWN (now outside the paywall)

Filed under
Linux
  • Flash storage topics

    At the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM), Jaegeuk Kim described some current issues for flash storage, especially with regard to Android. Kim is the F2FS developer and maintainer, and the filesystem-track session was ostensibly about that filesystem. In the end, though, the talk did not focus on F2FS and instead ranged over a number of problem areas for Android flash storage.

    He started by noting that Universal Flash Storage (UFS) devices have high read/write speeds, but can also have high latency for some operations. For example, ext4 will issue a discard command but a UFS device might take ten seconds to process it. That leads the user to think that Android is broken, he said.

  • The ZUFS zero-copy filesystem

    At the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM), Boaz Harrosh presented his zero-copy user-mode filesystem (ZUFS). It is both a filesystem in its own right and a framework similar to FUSE for implementing filesystems in user space. It is geared toward extremely low latency and high performance, particularly for systems using persistent memory.

    Harrosh began by saying that the idea behind his talk is to hopefully entice others into helping out with ZUFS. There are lots of "big iron machines" these days, some with extremely fast I/O paths (e.g. NVMe over fabrics with throughput higher than memory). "For some reason" there may be a need to run a filesystem in user space but the current interface is slow because "everyone is copy happy", he said.

  • A filesystem "change journal" and other topics

    At the 2017 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM), Amir Goldstein presented his work on adding a superblock watch mechanism to provide a scalable way to notify applications of changes in a filesystem. At the 2018 edition of LSFMM, he was back to discuss adding NTFS-like change journals to the kernel in support of backup solutions of various sorts. As a second topic for the session, he also wanted to discuss doing more performance-regression testing for filesystems.

    Goldstein said he is working on getting the superblock watch feature merged. It works well and is used in production by his employer, CTERA Networks, but there is a need to get information about filesystem changes even after a crash. Jan Kara suggested that what was wanted was an indication of which files had changed since the last time the filesystem changes were queried; Goldstein agreed.

  • Will staging lose its Lustre?

    The kernel's staging tree is meant to be a path by which substandard code can attract increased developer attention, be improved, and eventually find its way into the mainline kernel. Not every module graduates from staging; some are simply removed after it becomes clear that nobody cares about them. It is rare, though, for a project that is actively developed and widely used to be removed from the staging tree, but that may be about to happen with the Lustre filesystem.

    The staging tree was created almost exactly ten years ago as a response to the ongoing problem of out-of-tree drivers that had many users but which lacked the code quality to get into the kernel. By giving such code a toehold, it was hoped, the staging tree would help it to mature more quickly; in the process, it would also provide a relatively safe place for aspiring kernel developers to get their hands dirty fixing up the code. By some measures, staging has been a great success: it has seen nearly 50,000 commits contributed by a large community of developers, and a number of drivers have, indeed, shaped up and moved into the mainline. The "ccree" TrustZone CryptoCell driver graduated from staging in 4.17, for example, and the visorbus driver moved to the mainline in 4.16.

  • Statistics from the 4.17 kernel development cycle

    The 4.17 kernel appears to be on track for a June 3 release, barring an unlikely last-minute surprise. So the time has come for the usual look at some development statistics for this cycle. While 4.17 is a normal cycle for the most part, it does have one characteristic of note: it is the third kernel release ever to be smaller (in terms of lines of code) than its predecessor.

    The 4.17 kernel, as of just after 4.17-rc7, has brought in 13,453 non-merge changesets from 1,696 developers. Of those developers, 256 made their first contribution to the kernel in this cycle; that is the smallest number of first-time developers since 4.8 (which had 237). The changeset count is nearly equal to 4.16 (which had 13,630), but the developer count is down from the 1,774 seen in the previous cycle.

  • Deferring seccomp decisions to user space

    There has been a lot of work in recent years to use BPF to push policy decisions into the kernel. But sometimes, it seems, what is really wanted is a way for a BPF program to punt a decision back to user space. That is the objective behind this patch set giving the secure computing (seccomp) mechanism a way to pass complex decisions to a user-space helper program.

    Seccomp, in its most flexible mode, allows user space to load a BPF program (still "classic" BPF, not the newer "extended" BPF) that has the opportunity to review every system call made by the controlled process. This program can choose to allow a call to proceed, or it can intervene by forcing a failure return or the immediate death of the process. These seccomp filters are known to be challenging to write for a number of reasons, even when the desired policy is simple.

    Tycho Andersen, the author of the "seccomp trap to user space" patch set, sees a number of situations where the current mechanism falls short. His scenarios include allowing a container to load modules, create device nodes, or mount filesystems — with rigid controls applied. For example, creation of a /dev/null device would be allowed, but new block devices (or almost anything else) would not. Policies to allow this kind of action can be complex and site-specific; they are not something that would be easily implemented in a BPF program. But it might be possible to write something in user space that could handle decisions like these.

How to select the right enterprise Linux

Filed under
Linux

Red Hat Enterprise Linux is widely thought of as the first choice in operating systems for important servers, but it may not be the right choice for all applications.

The decision to use any modern edition of that operating system, generally spoken as RHEL with a silent H, is usually based on a need for component stability, paid technical support, and long-term version support, said Red Hat's Ron Pacheco, director of global product management.

Customers have other options for data center operating systems. RHEL wouldn't always be appropriate for edge devices, functions-as-a-service, and highly specialized applications, Pacheco noted.

Read more

Syndicate content

More in Tux Machines

Server: GNU/Linux Dominance in Supercomputers, Windows Dominance in Downtime

  • Five Supercomputers That Aren't Supercomputers
    A supercomputer, of course, isn't really a "computer." It's not one giant processor sitting atop an even larger motherboard. Instead, it's a network of thousands of computers tied together to form a single whole, dedicated to a singular set of tasks. They tend to be really fast, but according to the folks at the International Supercomputing Conference, speed is not a prerequisite for being a supercomputer. But speed does help them process tons of data quickly to help solve some of the world's most pressing problems. Summit, for example, is already booked for things such as cancer research; energy research, to model a fusion reactor and its magnetically confined plasma tohasten commercial development of fusion energy; and medical research using AI, centering around identifying patterns in the function and evolution of human proteins and cellular systems to increase understanding of Alzheimer’s, heart disease, or addiction, and to inform the drug discovery process.
  • Office 365 is suffering widespread borkage across Blighty
     

    Some users are complaining that O365 is "completely unusable" with others are reporting a noticeable slowdown, whinging that it's taking 30 minutes to send and receive emails.  

Google: VR180, Android and the Asus Chromebook Flip C101

Security Leftovers

  • Hackers May Have Already Defeated Apple’s USB Restricted Mode For iPhone
    Recently, the iPhone-maker announced a security feature to prevent unauthorized cracking of iPhones. When the device isn’t unlocked for an hour, the Lightning port can be used for nothing but charging. The feature is a part of the iOS 12 update, which is expected to launch later this month.
  • Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature
    Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone’s lightning cable port into a charge-only interface if someone hasn’t unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn’t be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible. That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet.
  • How Secure Are Wi-Fi Security Cameras?
  • Trump-Kim Meeting Was a Magnet For Russian Cyberattacks

KDE: Usability and Productivity initiative, Kraft and Konsole

  • This week in Usability & Productivity, part 23
    This has been a bit of a light week for KDE’s Usability and Productivity initiative, probably because everyone’s basking in the warm glow of a well-received release: KDE Plasma 5.13 came out on Tuesday and is getting great reviews!
  • Kraft Version 0.81 Released
    I am happy to announce the release of Kraft version 0.81. Kraft is a Qt based desktop application that helps you to handle documents like quotes and invoices in your small business. Version 0.81 is a bugfix release for the previous version 0.80, which was the first stable release based on Qt5 and KDE Frameworks5. Even though it came with way more new features than just the port, it’s first release has proven it’s stability in day-to-day business now for a few month.
  • Giving Konsole some love
    I started to hack in Konsole, and first I was afraid, I was petrified. You know, touching those hardcore apps that are the center of the KDE Software Collection. I started touching it mostly because some easy to fix bugs weren’t fixed, and as every cool user knows, this is free software. So I could pay for someone to fix my bugs, or I could download the source code and try to figure out what the hell was wrong with it. I choosed the second approach.