Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 20 Jan 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

KDE and GNOME Development: Discover, librsvg, GNOME Photos

Filed under
KDE
GNOME
  • This week in Discover

    I guess I’m becoming a Discover developer, since it’s where I seem to spend most of my time these days. It’s just so darn fun since the lead Developer Aleix Pol is super easy to work with, there’s a lot of low-hanging fruit, and with Kirigami, it’s very simple to make consequential changes even when you’re a novice programmer and not very familiar with the codebase. That said, Aleix is still making about 99% of the code changes, and I’m mostly doing UI tweaks, bug screening, promotion, strategy, and work with apps to get their houses in order.

  • Help needed for librsvg 2.42.1

    I have prepared a list of bugs which I'd like to be fixed in the 2.42.1 milestone. Two of them are assigned to myself, as I'm already working on them.

  • GNOME Photos: Happenings

Graphics: NVIDIA and Mesa

Filed under
Graphics/Benchmarks
  • NVIDIA 340.106 Legacy Driver Released For KPTI Compatibility

    For those using the 340 series legacy driver for NVIDIA GeForce 8 and GeForce 9 series GPU support, the 340.106 driver has been released.

  • Mesa 18.0.0 release plan

    As you've know the Mesa 18.0.0 release plan has been available for a while on the mesa3d.org website [1].

  • Mesa 18.0 Will Enter Its Feature Freeze Soon

    The Mesa 18.0 feature freeze and release candidate will be issued in the days ahead.

    Emil Velikov quietly updated the Mesa3D release schedule a while back though now he's announced it to the mailing list. The original plan was to do the branching / feature freeze and RC1 on 19 January, but given the short notice, that might be kicked out until next week.

AT&T in Open Network Automation Platform (ONAP)

Filed under
OSS

Librem 5 Phone Progress Report

Filed under
GNU
Linux
Hardware
  • Librem 5 Phone Progress Report – The First of Many More to Come!

    First, let me apologize for the silence. It was not because we went into hibernation for the winter, but because we were so busy in the initial preparation and planning of a totally new product while orienting an entirely new development team. Since we are more settled into place now, we want to change this pattern of silence and provide regular updates. Purism will be giving weekly news update posts every Tuesday, rotating between progress on phone development from a technology viewpoint (the hardware, kernel, OS, etc.) and an art of design viewpoint (UI/UX from GNOME/GTK to KDE/Plasma). To kickoff this new update process, this post will discus the technological progress of the Librem 5 since November of 2017.

  • Purism Eyeing The i.MX8M For The Librem 5 Smartphone, Issues First Status Update

    If you have been curious about the state of Purism's Librem 5 smartphone project since its successful crowdfunding last year and expedited plans to begin shipping this Linux smartphone in early 2019, the company has issued their first status update.

Benchmarking Retpoline-Enabled GCC 8 With -mindirect-branch=thunk

We have looked several times already at the performance impact of Retpoline support in the Linux kernel, but what about building user-space packages with -mindirect-branch=thunk? Here is the performance cost to building some performance tests in user-space with -mindirect-branch=thunk and -mindirect-branch=thunk-inline.

Read more

An introduction to Inkscape for absolute beginners

Filed under
OSS

Inkscape is a powerful, open source desktop application for creating two-dimensional scalable vector graphics. Although it's primarily an illustration tool, Inkscape is used for a wide range of computer graphic tasks.

The variety of what can be done with Inkscape is vast and sometimes surprising. It is used to make diagrams, logos, programmatic marketing materials, web graphics, and even for paper scrapbooking. People also draw game sprites, produce banners, posters, and brochures. Others use Inkscape to draft web design mockups, detail layouts for printed circuit boards, or produce outline files to send to laser cutting equipment.

Read more

Behind the scenes with Pop!_OS Linux

Filed under
GNU
Linux
Interviews
Ubuntu

In October, Linux PC maker System76 released its homegrown version of Linux, Pop!_OS, giving users the choice between its legacy Ubuntu operating system or the new Pop!_OS flavor of Linux. Recently Opensource.com gave away a System76 laptop with Pop!_OS installed, which made me curious about the company and this new version of Linux, so I spoke with Cassidy James Blaede, Pop!_OS's user experience (UX) designer.

Blaede joined System76 in 2014, fresh out of college at the University of Northern Iowa and marriage to his wife, Katie. While in college, he co-founded the elementary OS project and interned at UX consultancy Visual Logic, both of which influenced his work for System76. He started at System76 as a front-end developer and was later promoted to UX architect.

Read more

Also: Linux Journal 2.0 Progress Report

Programming/Development: HHVM 3.24, 'DevOps', RcppMsgPack

Filed under
Development
  • HHVM 3.24

    HHVM 3.24 is released! This release contains new features, bug fixes, performance improvements, and supporting work for future improvements. Packages have been published in the usual places.

  • HHVM 3.24 Released, The Final Supporting PHP5

    The Facebook crew responsible for the HHVM project as a speedy Hack/PHP language implementation is out with its 3.24 release.

    HHVM 3.24 is important as it's the project's last release focusing on PHP5 compatibility. Moving forward, PHP5 compatibility will no longer be a focus and components of it will likely be dropped. As well, Facebook will be focusing on their Hack language rather than PHP7. Now that PHP7 is much faster than PHP5 and all around in a much better state, Facebook developers are focusing on their Hack language rather than just being an alternative PHP implementation.

  • How to get into DevOps

    I've observed a sharp uptick of developers and systems administrators interested in "getting into DevOps" within the past year or so. This pattern makes sense: In an age in which a single developer can spin up a globally distributed infrastructure for an application with a few dollars and a few API calls, the gap between development and systems administration is closer than ever. Although I've seen plenty of blog posts and articles about cool DevOps tools and thoughts to think about, I've seen fewer content on pointers and suggestions for people looking to get into this work.

  • RcppMsgPack 0.2.1

    Am update of RcppMsgPack got onto CRAN today. It contains a number of enhancements Travers had been working on, as well as one thing CRAN asked us to do in making a suggested package optional.

    MessagePack itself is an efficient binary serialization format. It lets you exchange data among multiple languages like JSON. But it is faster and smaller. Small integers are encoded into a single byte, and typical short strings require only one extra byte in addition to the strings themselves. RcppMsgPack brings both the C++ headers of MessagePack as well as clever code (in both R and C++) Travers wrote to access MsgPack-encoded objects directly from R.

Software: Clay, Inkscape, VirtualBox, Thunderbird

Filed under
Software
  • New York magazine is making its CMS available open-source

    There’s a short history of publishers fancying themselves as technology companies and building a business selling their tech to other publishers. Publishers realized that building a whole new side business around licensing their tech is a headache and that they needed to focus on what they’re good at, and leave the tech to others.

    New York magazine is trying out a different approach. It built its own content management system (publishers like to give their homegrown CMSes cute names; this one is called Clay, for the magazine’s founder Clay Felker) in 2015 and then licensed the software to the online magazine Slate. Slate started using Clay a year ago and was set to fully migrate its site to Clay this week. But instead of New York charging Slate a licensing fee, Slate is paying New York in the form of code. The CMS is open-source, and developers from both titles contribute to it.

  • An introduction to Inkscape for absolute beginners

    Inkscape is a powerful, open source desktop application for creating two-dimensional scalable vector graphics. Although it's primarily an illustration tool, Inkscape is used for a wide range of computer graphic tasks.

    The variety of what can be done with Inkscape is vast and sometimes surprising. It is used to make diagrams, logos, programmatic marketing materials, web graphics, and even for paper scrapbooking. People also draw game sprites, produce banners, posters, and brochures. Others use Inkscape to draft web design mockups, detail layouts for printed circuit boards, or produce outline files to send to laser cutting equipment.

  • Linux Support in VirtualBox is about to get a LOT Better

    VirtualBox makes it easy to try Linux distros without replacing your current operating system or engaging in a game of reboot leap frog.

    But things are about to get even easier. Soon you won’t need to install the VirtualBox Guest Additions package to get a fully integrated Linux experience with your host OS.

  • Have You Taken the Thunderbird Redesign Survey?

    Monterail and Thunderbird are now working on the same team.

    Yes, that Monterail, the Poland-based development company whose stunning Thunderbird mock-up went viral last year, before becoming a real, working Thunderbird theme.

    “We got in touch with […] the Thunderbird core team to discuss possibilities. We wanted to establish how to enhance user retention and make Thunderbird more user-friendly for potential and current users. We also learned how Thunderbird is built which helped with planning iterations,” Monterail’s Krystian Polański explains in a new blog post on the company’s website.

No More Ubuntu! Debian is the New Choice For Google’s In-house Linux Distribution

For years Google used Goobuntu, an in-house, Ubuntu-based operating system. Goobuntu is now being replaced by gLinux, which is based on Debian Testing.
Read more

Games: InnerSpace, BATTLETECH, Civilization VI, SteamOS, Unreal Engine

Filed under
Gaming
  • InnerSpace from PolyKnight Games & Aspyr Media launches with day-1 Linux support, some thoughts

    InnerSpace [Steam], an exploration flying game set in the Inverse, a world of inside-out planets without horizons is now available for Linux.

    Disclosure: Key provided by Aspyr Media.

    In InnerSpace, you are an autonomous drone named Cartographer, which was created by the Archaeologist from information left over by the Ancients. The Archaeologist requires your help to reach areas of the Inverse where they cannot go and so your journey begins.

    I will start off by recommending a gamepad for InnerSpace. While it does work with Keyboard, it doesn’t feel good at all, you will have a much better experience with a gamepad in your hands.

  • BATTLETECH will only be coming to Linux post-launch, along with other features

    The turn-based mech strategy game developed by Harebrained Schemes won’t be on Linux at launch later this year. Other features have also been cut or altered and will be making into the game post-release.

  • Civilization VI: Rise and Fall shows off overview of new features

    The upcoming expansion for Civilization VI [Official Site] will be introducing quite a few interesting changes to the game. You can see how exactly you’ll be spending just one more turn in this overview video.

  • SteamOS Beta Switches To Linux 4.14.13 For KPTI To Mitigate Meltdown

    Valve has pushed out a new SteamOS Beta build for the Debian Jessie-based "Brewmaster" series.

    SteamOS Beta 2.145 is out with its main focus on transitioning to the Linux 4.14 (v4.14.13) stable kernel.

  • Unreal Engine 4.19 Preview Rolls Out With Renderer Enhancements

    Epic Games has rolled out their public preview build of the upcoming Unreal Engine 4.19 game engine update.

    Unreal Engine 4.19 features renderer improvements, new animation and physics capabilities, VR improvements, initial support for the HTC Vive Pro, Steam Audio Beta 10 integration, Live Link plug-in improvements, and a plethora of other work.

  • Unreal Engine 4.19 Preview 1 Now Available

    Unreal Engine 4.19 will be available soon and it'll include many new exciting features and fixes. The first Preview build is now available on the Epic Games launcher for you to download. You can explore a number of new animation and physics updates, including improvements to the Live Link plugin and Sequencer performance, and signficant changes to VR resolution settings. There are also a number of quality-of-life improvements.

Servers: Containers, MapR, 'Serverless', Bonitasoft

Filed under
Server
  • Containers versus Operating Systems

    The most popular docker base container image is either busybox, or scratch. This is driven by a movement that is equal parts puritanical and pragmatic. The puritan asks “Why do I need to run init(1) just to run my process?” The pragmatist asks “Why do I need a 700 meg base image to deploy my application?” And both, seeking immutable deployment units ask “Is it a good idea that I can ssh into my container?” But let’s step back for a second and look at the history of how we got to the point where questions like this are even a thing.

    In the very beginnings, there were no operating systems. Programs ran one at a time with the whole machine at their disposal. While efficient, this created a problem for the keepers of these large and expensive machines. To maximise their investment, the time between one program finishing and another starting must be kept to an absolute minimum; hence monitor programs and batch processing was born.

  • MapR: How Next-Gen Applications Will Change the Way We Look at Data

    MapR is a Silicon Valley-based big data company. Its founders realized that data was going to become ever increasingly important, and existing technologies, including open source Apache Hadoop, fell short of being able to support things like real-time transactional operational applications. So they spent years building out core technologies that resulted in the MapR products, including the flagship Converged Data Platform, platform-agnostic software that’s designed for the multicloud environment. It can even run on embedded Edge devices.

  • 7 Open-Source Serverless Frameworks Providing Functions as a Service

    With virtualization, organizations began to realize greater utilization of physical hardware. That trend continued with the cloud, as organizations began to get their machines into a pay-as-you-go service. Cloud computing further evolved when Amazon Web Services (AWS) launched its Lambda service in 2014, introducing a new paradigm in cloud computing that has become commonly referred to as serverless computing. In the serverless model, organizations pay for functions as a service without the need to pay for an always-on stateful, virtual machine.

  • Bonitasoft Offers Open Source, Low-Code Platform on AWS Cloud

    Bonitasoft, a specialist in open source business process management and digital transformation software, is partnering with the Amazon Web Services Inc. (AWS) cloud to broaden the reach of its low-code development platform.

    That platform, just released in a new version called Bonita 7.6, comes in an open source version and a subscription version with professional support and advanced features.

Mozilla: VR, Ford Money, WebRender, Firefox Extensions Discovery, Firefox 58

Filed under
Moz/FF
  • Mozilla and Sundance Film Festival Present: VR the People

    On Monday January 22, Mozilla is bringing together a panel of the top VR industry insiders in the world to the Sundance Film Festival in Park City, Utah, to explain how VR storytelling is revolutionizing the film and entertainment industry.

    “We want the storyteller’s vision to exceed the capacity of existing technology, to push boundaries, because then the technologist is inspired to engineer new mechanisms that enable things initially thought impossible” says Kamal Sinclair, Director of New Frontier Lab Programs at Sundance Institute. “However, this is not about creating something that appeals to people simply because of its novel technical achievements; rather it is something that has real meaning, and where that meaning can be realized by engineering the technologies to deliver the best experience possible.”

  • Host an Open Internet Activist [Ed: Mozilla now in the pockets of the Ford Foundation, just like the ‘Guardian’]

    Today, we’re launching the Ford-Mozilla Open Web Fellowship call for host organizations. If your organization is devoted to a healthy internet for all users, we encourage you to apply.

  • WebRender newsletter #12
  • The User Journey for Firefox Extensions Discovery

    The ability to customize and extend Firefox are an essential part of Firefox’s value to users. Extensions are small tools that allow developers and users who install the extensions to modify, customize, and extend the functionality of Firefox. For example, during our workflows research in 2016, we interviewed a participant who was a graduate student in Milwaukee, Wisconsin. While she used Safari as her primary browser for common browsing, she used Firefox specifically for her academic work because of the extension Zotero was the best choice for keeping track of her academic work and citations.

    Popular categories of extensions include ad blockers, password managers, and video downloaders. Given the variety of extensions and the benefits to customization they offer, why is it that only 40% of Firefox users have installed at least one extension? Certainly, some portion of Firefox users may be aware of extensions but have no need or desire to install one. However, some users could find value in some extensions but simply may not be aware of the existence of extensions in the first place.

    Why not? How can Mozilla facilitate the extension discovery process?

    A fundamental assumption about the extension discovery process is that users will learn about extensions through the browser, through word of mouth, or through searching to solve a specific problem. We were interested in setting aside this assumption and to observe the steps participants take and the decisions they make in their journey toward possibly discovering extensions. To this end, the Firefox user research team ran two small qualitative studies to understand better how participants solved a particular problem in the browser that could be solved by installing an extension. Our study helped us understand how participants do — or do not — discover a specific category of extension.

  • Firefox Release, Xen, KDE's Plasma and More

    Set your calendars for January 23, 2018, to download the latest Firefox 58 release packed with performance/bottleneck and bug fixes, an even better site source code debugger and more.

Linux Microsoft Office Alternatives

Filed under
GNU
Linux
Microsoft

Despite what you may have been led to believe, there are in fact a number of solid Linux alternatives for Microsoft Office available. In fact, there are even options available with varied levels of docx support, if that is something relevant to your business.

This article will explore my recommended Microsoft Office alternatives for Linux. Some of them you've likely heard of, others may be cloud/server based options that you might not have thought much about until now.

Read more

Also: The best open source video editors 2018: free to download, edit, use and share

Security: Updates, WordPress, Hardware Patches, and Open Source Security Podcast

Filed under
Security
  • Security updates for Tuesday
  • WordPress 4.9.2 Security and Maintenance Release

    WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

    An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

  • Debian-Based SolydXK Linux OS Receives Patch for Meltdown Security Vulnerability

    The Debian-based SolydXK Linux operating system has been updated today with patches for the Meltdown security vulnerability, as well as various other new features and improvements.

    To mitigate the Meltdown security exploit that allows a locally installed program to access the memory, including the kernel memory, and steal sensitive information like passwords and encryption keys, the SolydXK 201801 ISO images are now powered by the latest kernel release with patches against this vulnerability.

  • Chakra GNU/Linux Now Patched Against Meltdown & Spectre Security Vulnerabilities

    It's time for users of the Chakra GNU/Linux operating system to patch their systems against the Meltdown and Spectre security vulnerabilities as new kernel updates landed today in the repos.

    Publicly disclosed earlier this month, the Meltdown and Spectre security vulnerabilities are affecting us all, but OS vendors and OEMs are trying their best to mitigate them so that no user can be the victim of attacks where their sensitive data is at risk of getting in the hands of the wrong person.

  • Open Source Security Podcast: Episode 78 - Risk lessons from Hawaii

GNOME Devs to Users: Desktop Icons Are Moving to GNOME Shell with GNOME 3.28

Filed under
GNOME

There appears to be a lot of fuss lately about the removal of an option from the GNOME desktop environment that allows users to display icons on their desktops.

Long story short, last month, near the Christmas holidays, GNOME developer Carlos Soriano shared his plans on removing a so-called "the desktop" feature from the Nautilus file manager starting with the upcoming GNOME 3.28 release of the desktop environment, proposing its integration into the GNOME Shell component.

The feature is there to handle application icons on the user's workspace, but it shouldn't have been implemented in Nautilus in the first place, according to the developer. So for the GNOME devs to be able to add new features to the Nautilus file manager, they need to remove its ability to handle desktop icons and place the code somewhere else.

Read more

Red Hat News and Posts

Filed under
Red Hat

Yocto-on-i.MX6UL gateway serves up I2C and SPI on a DB9 port

Filed under
Linux
Hardware

Axiomtek’s compact “IFB125” DIN-rail IoT gateway runs Yocto Linux on an i.MX6 UL SoC with dual LANs, mini-PCIe expansion, extended temperature and vibration resistance, COM and USB ports, and a DB9 port that supports both SPI and I2C.

Axiomtek has released a minor variation on its IFB122 IoT gateway. Like the IDB122, the new IFB125 runs Yocto Project code with Linux 3.14.52 on NXP’s 528MHz Cortex-A7 based i.MX6 UltraLight (UL) SoC. The headless gateway is designed for remote control and remote monitoring management applications such as unmanned control room, industrial automation, automatic parking lot, and traffic cabinets.

Read more

Also: Display-oriented eNUC SBC runs on Apollo Lake

Syndicate content

More in Tux Machines

KDE: Linux and Qt in Automotive, KDE Discover, Plasma5 18.01 in Slackware

  • Linux and Qt in Automotive? Let’s meet up!
    For anyone around the Gothenburg area on Feb 1st, you are most welcome to the Automotive MeetUp held at the Pelagicore and Luxoft offices. There will be talks about Qt/QML, our embedded Linux platform PELUX and some ramblings about open source in automotive by yours truly ;-)
  • What about AppImage?
    I see a lot of people asking about state of AppImage support in Discover. It’s non-existent, because AppImage does not require centralized software management interfaces like Discover and GNOME Software (or a command-line package manager). AppImage bundles are totally self-contained, and come straight from the developer with zero middlemen, and can be managed on the filesystem using your file manager This should sound awfully familiar to former Mac users (like myself), because Mac App bundles are totally self-contained, come straight from the developer with zero middlemen, and are managed using the Finder file manager.
  • What’s new for January? Plasma5 18.01, and more
    When I sat down to write a new post I noticed that I had not written a single post since the previous Plasma 5 announcement. Well, I guess the past month was a busy one. Also I bought a new e-reader (the Kobo Aura H2O 2nd edition) to replace my ageing Sony PRS-T1. That made me spend a lot of time just reading books and enjoying a proper back-lit E-ink screen. What I read? The War of the Flowers by Tad Williams, A Shadow all of Light by Fred Chappell, Persepolis Rising and several of the short stories (Drive, The Butcher of Anderson Station, The Churn and Strange Dogs) by James SA Corey and finally Red Sister by Mark Lawrence. All very much worth your time.

GNU/Linux: Live Patching, Gravity of Kubernetes, Welcome to 2018

  • How Live Patching Has Improved Xen Virtualization
    The open-source Xen virtualization hypervisor is widely deployed by enterprises and cloud providers alike, which benefit from the continuous innovation that the project delivers. In a video interview with ServerWatch, Lars Kurth, Chairman of the Xen Project Advisory Board and Director, Open Source Solutions at Citrix, details some of the recent additions to Xen and how they are helping move the project forward.
  • The Gravity of Kubernetes
    Most new internet businesses started in the foreseeable future will leverage Kubernetes (whether they realize it or not). Many old applications are migrating to Kubernetes too. Before Kubernetes, there was no standardization around a specific distributed systems platform. Just like Linux became the standard server-side operating system for a single node, Kubernetes has become the standard way to orchestrate all of the nodes in your application. With Kubernetes, distributed systems tools can have network effects. Every time someone builds a new tool for Kubernetes, it makes all the other tools better. And it further cements Kubernetes as the standard.
  • Welcome to 2018
    The image of the technology industry as a whole suffered in 2017, and that process is likely to continue this year as well. That should lead to an increased level of introspection that will certainly affect the free-software community. Many of us got into free software to, among other things, make the world a better place. It is not at all clear that all of our activities are doing that, or what we should do to change that situation. Expect a lively conversation on how our projects should be run and what they should be trying to achieve. Some of that introspection will certainly carry into projects related to machine learning and similar topics. There will be more interesting AI-related free software in 2018, but it may not all be beneficial. How well will the world be served, for example, by a highly capable, free facial-recognition system and associated global database? Our community will be no more effective than anybody else at limiting progress of potentially freedom-reducing technologies, but we should try harder to ensure that our technologies promote and support freedom to the greatest extent possible. Our 2017 predictions missed the fact that an increasing number of security problems are being found at the hardware level. We'll not make the same mistake in 2018. Much of what we think of as "hardware" has a great deal of software built into it — highly proprietary software that runs at the highest privilege levels and which is not subject to third-party review. Of course that software has bugs and security issues of its own; it couldn't really be any other way. We will see more of those issues in 2018, and many of them are likely to prove difficult to fix.

Linux Kernel Development

  • New Sound Drivers Coming In Linux 4.16 Kernel
    Due to longtime SUSE developer Takashi Iwai going on holiday the next few weeks, he has already sent in the sound driver feature updates targeting the upcoming Linux 4.16 kernel cycle. The sound subsystem in Linux 4.16 sees continued changes to the ASoC code, clean-ups to the existing drivers, and a number of new drivers.
  • Varlink: a protocol for IPC
    One of the motivations behind projects like kdbus and bus1, both of which have fallen short of mainline inclusion, is to have an interprocess communication (IPC) mechanism available early in the boot process. The D-Bus IPC mechanism has a daemon that cannot be started until filesystems are mounted and the like, but what if the early boot process wants to perform IPC? A new project, varlink, was recently announced; it aims to provide IPC from early boot onward, though it does not really address the longtime D-Bus performance complaints that also served as motivation for kdbus and bus1. The announcement came from Harald Hoyer, but he credited Kay Sievers and Lars Karlitski with much of the work. At its core, varlink is simply a JSON-based protocol that can be used to exchange messages over any connection-oriented transport. No kernel "special sauce" (such as kdbus or bus1) is needed to support it as TCP or Unix-domain sockets will provide the necessary functionality. The messages can be used as a kind of remote procedure call (RPC) using an API defined in an interface file.
  • Statistics for the 4.15 kernel
    The 4.15 kernel is likely to require a relatively long development cycle as a result of the post-rc5 merge of the kernel page-table isolation patches. That said, it should be in something close to its final form, modulo some inevitable bug fixes. The development statistics for this kernel release look fairly normal, but they do reveal an unexpectedly busy cycle overall. This development cycle was supposed to be relatively calm after the anticipated rush to get work into the 4.14 long-term-support release. But, while 4.14 ended up with 13,452 non-merge changesets at release, 4.15-rc6 already has 14,226, making it one of the busiest releases in the kernel project's history. Only 4.9 (16,214 changesets) and 4.12 (14,570) brought in more work, and 4.15 may exceed 4.12 by the time it is finished. So far, 1,707 developers have contributed to this kernel; they added 725,000 lines of code while removing 407,000, for a net growth of 318,000 lines of code.
  • A new kernel polling interface
    Polling a set of file descriptors to see which ones can perform I/O without blocking is a useful thing to do — so useful that the kernel provides three different system calls (select(), poll(), and epoll_wait() — plus some variants) to perform it. But sometimes three is not enough; there is now a proposal circulating for a fourth kernel polling interface. As is usually the case, the motivation for this change is performance. On January 4, Christoph Hellwig posted a new polling API based on the asynchronous I/O (AIO) mechanism. This may come as a surprise to some, since AIO is not the most loved of kernel interfaces and it tends not to get a lot of attention. AIO allows for the submission of I/O operations without waiting for their completion; that waiting can be done at some other time if need be. The kernel has had AIO support since the 2.5 days, but it has always been somewhat incomplete. Direct file I/O (the original use case) works well, as does network I/O. Many other types of I/O are not supported for asynchronous use, though; attempts to use the AIO interface with them will yield synchronous behavior. In a sense, polling is a natural addition to AIO; the whole point of polling is usually to avoid waiting for operations to complete.

Security: OpenSSL, IoT, and LWN Coverage of 'Intelpocalypse'

  • Another Face to Face: Email Changes and Crypto Policy
    The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended. One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
  • Some Basic Rules for Securing Your IoT Stuff

    Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked [sic] IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

  • A look at the handling of Meltdown and Spectre
    The Meltdown/Spectre debacle has, deservedly, reached the mainstream press and, likely, most of the public that has even a remote interest in computers and security. It only took a day or so from the accelerated disclosure date of January 3—it was originally scheduled for January 9—before the bugs were making big headlines. But Spectre has been known for at least six months and Meltdown for nearly as long—at least to some in the industry. Others that were affected were completely blindsided by the announcements and have joined the scramble to mitigate these hardware bugs before they bite users. Whatever else can be said about Meltdown and Spectre, the handling (or, in truth, mishandling) of this whole incident has been a horrific failure. For those just tuning in, Meltdown and Spectre are two types of hardware bugs that affect most modern CPUs. They allow attackers to cause the CPU to do speculative execution of code, while timing memory accesses to deduce what has or has not been cached, to disclose the contents of memory. These disclosures can span various security boundaries such as between user space and the kernel or between guest operating systems running in virtual machines. For more information, see the LWN article on the flaws and the blog post by Raspberry Pi founder Eben Upton that well describes modern CPU architectures and speculative execution to explain why the Raspberry Pi is not affected.
  • Addressing Meltdown and Spectre in the kernel
    When the Meltdown and Spectre vulnerabilities were disclosed on January 3, attention quickly turned to mitigations. There was already a clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but the defenses against the two Spectre variants had not been developed in public and still do not exist in the mainline kernel. Initial versions of proposed defenses have now been disclosed. The resulting picture shows what has been done to fend off Spectre-based attacks in the near future, but the situation remains chaotic, to put it lightly. First, a couple of notes with regard to Meltdown. KPTI has been merged for the 4.15 release, followed by a steady trickle of fixes that is undoubtedly not yet finished. The X86_BUG_CPU_INSECURE processor bit is being renamed to X86_BUG_CPU_MELTDOWN now that the details are public; there will be bug flags for the other two variants added in the near future. 4.9.75 and 4.4.110 have been released with their own KPTI variants. The older kernels do not have mainline KPTI, though; instead, they have a backport of the older KAISER patches that more closely matches what distributors shipped. Those backports have not fully stabilized yet either. KPTI patches for ARM are circulating, but have not yet been merged.
  • Is it time for open processors?
    The disclosure of the Meltdown and Spectre vulnerabilities has brought a new level of attention to the security bugs that can lurk at the hardware level. Massive amounts of work have gone into improving the (still poor) security of our software, but all of that is in vain if the hardware gives away the game. The CPUs that we run in our systems are highly proprietary and have been shown to contain unpleasant surprises (the Intel management engine, for example). It is thus natural to wonder whether it is time to make a move to open-source hardware, much like we have done with our software. Such a move may well be possible, and it would certainly offer some benefits, but it would be no panacea. Given the complexity of modern CPUs and the fierceness of the market in which they are sold, it might be surprising to think that they could be developed in an open manner. But there are serious initiatives working in this area; the idea of an open CPU design is not pure fantasy. A quick look around turns up several efforts; the following list is necessarily incomplete.
  • Notes from the Intelpocalypse
    Rumors of an undisclosed CPU security issue have been circulating since before LWN first covered the kernel page-table isolation patch set in November 2017. Now, finally, the information is out — and the problem is even worse than had been expected. Read on for a summary of these issues and what has to be done to respond to them in the kernel. All three disclosed vulnerabilities take advantage of the CPU's speculative execution mechanism. In a simple view, a CPU is a deterministic machine executing a set of instructions in sequence in a predictable manner. Real-world CPUs are more complex, and that complexity has opened the door to some unpleasant attacks. A CPU is typically working on the execution of multiple instructions at once, for performance reasons. Executing instructions in parallel allows the processor to keep more of its subunits busy at once, which speeds things up. But parallel execution is also driven by the slowness of access to main memory. A cache miss requiring a fetch from RAM can stall the execution of an instruction for hundreds of processor cycles, with a clear impact on performance. To minimize the amount of time it spends waiting for data, the CPU will, to the extent it can, execute instructions after the stalled one, essentially reordering the code in the program. That reordering is often invisible, but it occasionally leads to the sort of fun that caused Documentation/memory-barriers.txt to be written.