Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Saturday, 20 Jan 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Today in Techrights Roy Schestowitz 18/01/2018 - 1:27pm
Story Microsoft Against GNU/Linux in the Public Sector Roy Schestowitz 18/01/2018 - 1:15pm
Story Android Leftovers Rianne Schestowitz 18/01/2018 - 11:24am
Story How to create outlines in Linux with TreeLine Rianne Schestowitz 18/01/2018 - 11:16am
Story Debian and Ubuntu: gLinux, arm64, GNOME and Ubucon Europe Roy Schestowitz 18/01/2018 - 6:10am
Story Red Hat News Roy Schestowitz 18/01/2018 - 6:08am
Story More on Librem 5 Phone Update Roy Schestowitz 18/01/2018 - 4:20am
Story Fedora: Updated F27 Live ISOs, Synergy 2.0, Bodhi 3.2.0, Announcing Flapjack Roy Schestowitz 18/01/2018 - 3:25am
Story Security Leftovers Roy Schestowitz 18/01/2018 - 3:11am
Story Arch Linux vs. Antergos vs. Clear Linux vs. Ubuntu Benchmarks Roy Schestowitz 18/01/2018 - 2:43am

SUSE: GCC and GSoC in OpenSUSE/SLES

Filed under
Google
SUSE
  • SLES 12 Toolchain Update Brings new Developer Tools
  • SUSE Linux Enterprise Server 12 Updates Its Developer Toolchain to GCC 7

    SUSE's Andreas Jaeger writes in a blog post about the updated toolchain of the SUSE Linux Enterprise Server 12 operating system and the new developer tools it brings.

    The article notes the fact that with the release of GNU Compiler Collection 7, the GCC team brought numerous improvements for developers, including better diagnostics, DWARF 5 support, as well as support for the C++ 17 standard.

    GCC 7 also contains improved optimization passes and takes advantage of some of the features of modern processors, and now it is available to all SUSE Linux Enterprise Server 12 customers with an active subscription.

  • Become a Google Summer of Code Mentor for openSUSE

    The application period for organizations wanting to participate in the Google Summer of Code is now and the openSUSE project is once again looking for mentors who are willing to put forth projects to mentor GSoC students.

Security: Purism, Intel, Wi-Fi, iOS

Filed under
Security
  • Purism patches Meltdown and Spectre variant 2, both included in all new Librem laptops

    Purism has released a patch for Meltdown (CVE-2017-5754, aka variant 3) as part of PureOS, and includes this latest PureOS image as part of all new Librem laptop shipments. Purism is also providing a microcode update for Intel processors to address Spectre variant 2 (CVE-2017-5715).

  • Intel Fumbles Its Patch for Chip Flaw

    Intel is quietly advising some customers to hold off installing patches that address new security flaws affecting virtually all of its processors. It turns out the patches had bugs of their own.

  • Wi-Fi Alliance announces WPA3 to secure modern networks

    The Consumer Electronics Show (CES) is an odd place to announce an enterprise product, but the Wi-Fi Alliance used the massive trade show — which has more or less taken over where Comdex left off — to announce a major upgrade to Wi-Fi security.

    The alliance announced the Wi-Fi Protected Access 3 (WPA3), a new standard of Wi-Fi security that greatly increases the security capabilities of the wireless standard. WPA2, which is the current standard in wireless security, has been around for 14 years, so this is way overdue.

  • More iOS 11 Jailbreak Tweaks Could Be Released by the Weekend

    The Electra jailbreak tool is better than LiberiOS because it comes with Substitute. This is the alternative to Cydia substrate that was first developed by Comex. This would allow users to install and use jailbreak tweaks compatible to iOS 11.

Toughened up SODIMM-style COM taps i.MX8M

Filed under
Android
Linux
Hardware

CompuLab’s rugged, 68 x 42mm “CL-SOM-iMX8” computer-on-module runs Yocto or Android on NXP’s dual- or quad-core Cortex-A53 i.MX8M, with up to 4GB LPDDR4, up to 64GB eMMC, onboard wireless, and PCIe and HDMI 2.0 support.

CompuLab’s CL-SOM-iMX8 COM, which ships with an optional SBC-iMX8 Evaluation Kit, shares many features with Variscite’s recently announced DART-MX8M module, which similarly features NXP’s new i.MX8M SoC. The CL-SOM-iMX8 is slightly larger, at 68 x 42mm, and adds shock (50G/20ms) and vibration (20G/0-600Hz) resistance.

Read more

Also: 5.25-inch SBCs offer Kaby Lake or Skylake in S- and H-series options

Browsers: Mozilla Firefox and Bromite

Filed under
Google
Moz/FF
Web
  • Firefox 60 Product Integrity Requests Report

    Late last year I was putting out weekly reports on the number of requests Mozilla’s Product Integrity group was receiving and how well we were tracking toward our self-imposed service-level agreement (respond to 90% within 48 hours).

    The initial system we set up was only ever intended to be minimally viable and has not scaled well, although that’s probably to be expected. There’s been quite a lot of growing pains so I’ve been tasked with taking it to the next level.

  • Tab Warming: How Firefox Will Improve Web Browsing Experience? How To Get It Now?

    Mozilla developer Mike Conley described the details about Tab Warming in a post on his personal blog. It will improve tab switching by pre-loading the contents of a tab before it gets displayed in front of the users.

  • Bromite Is the New NoChromo — Open Source Chrome Port with Ad Blocking

    A while back, we told you about NoChromo, a no-root ad-blocking browser based on Google Chrome's open source code base, Chromium. That browser was wildly successful, as it offered an identical interface to regular Chrome, but without any ads. Sadly, the developer abandoned NoChromo, but a new ad-blocking Chromium port called Bromite has been released to fill its void.

GNOME: GNOME Shell, Bug Tracking, GXml

Filed under
GNOME
  • How to Install GNOME Shell Extensions GUI / CLI

    GNOME Shell extensions are small and lightweight pieces of codes that enhance GNOME desktop’s functionality and improves the user experience. They are the equivalent of add-ons in your browser. For instance, you can have add-ons that download videos like IDM downloader or block annoying ads such as Adblocker.

    Similarly, GNOME extensions perform certain tasks e.g. Display weather and geolocation. One of the tools used to install and customize GNOME Shell extensions is the GNOME tweak tool. It comes pre-installed in the latest Linux distributions. This article we cover how to install GNOME Shell extensions from GUI and from the command line on various Linux distros.

  • Musings on bug trackers

    I love bugzilla, I really do. I’ve used it nearly my entire career in free software. I know it well, I like the command line tool integration. But I’ve never had a day in bugzilla where I managed to resolve/triage/close nearly 100 issues. I managed to do that today with our gitlab instance and I didn’t even mean to.

  • ABI stability for GXml

    I’m taking a deep travel across Vala code; trying to figure out how things work. With my resent work on abstract methods for compact classes, may I have an idea on how to provide ABI stability to GXml.

    GXml have lot of interfaces for DOM4, implemented in classes, like Gom* series. But they are a lot, so go for each and add annotations, like Gee did, to improve ABI, is a hard work.

More on Barcelona Moving to Free Software

Filed under
GNU
Linux
  • Barcelona Aims To Oust Microsoft In Open Source Drive

    The city of Barcelona has embarked on an ambitious open source effort aimed at reducing its dependence on large proprietary software vendors such as Microsoft, including the replacement of both applications and operating systems.

  • Barcelona to ditch Microsoft software for open source software

    Barcelona, one of the most popular cities in the Europe is now switching to open-source software by replacing Microsoft Windows, Office and Exchange with Linux, Libre Office and Open Xchange respectively. The city council is already piloting the use of Ubuntu Linux desktops along with Mozilla Firefox as the default browser. With this move, Barcelona city is planning to save money over the years by reducing software/service licensing fees. They are also planning to hire new developers to write open-source software. The open-source product will also be made available to other Spanish municipalities and public bodies further afield allowing them the opportunity to save money on software licences.

  • Barcelona to ditch Microsoft in favour of open source Linux software

    Catalan capital Barcelona is planning to ditch proprietary software products from Microsoft in favour of free, open source alternatives such as Open-Xchange email.

    That’s according to a report by Spain's national paper El Pais, which reports that Barcelona plans to invest 70% of its annual software budget in open source this year.

OSS Leftovers

Filed under
OSS
  • Open Source turns 20

    While open source software is ubiquitous, recognized across industries as a fundamental infrastructure component as well as a critical factor for driving innovation, the "open source" label was coined only 20 years ago.

    The concept of open source software - as opposed to free software or freeware - is credited to Netscape which, in January 1998, announced plans to release the source code of its proprietary browser, Navigator, under a license that would freely permit modification and redistribution. This code is today the basis for Mozilla Firefox and Thunderbird.

    The Open Source Initiative (OSI) regards that event as the point at which "software freedom extended its reach beyond the enthusiast community and began its ascent into the mainstream".

  • Coreboot 4.7 Released With 47 More Motherboards Supported, AMD Stoney Ridge

    Coreboot 4.7 is now available as the latest release of this free and open-source BIOS/UEFI replacement.

    Coreboot 4.7 is the latest tagged release for this project developed via Git. This release has initial support for AMD Stoney Ridge platforms, Intel ICH10 Southbridge support, Intel Denverton/Denverton-NS platform support, and initial work on supporting next-gen Intel Cannonlake platforms.

  • Thank you CUSEC!

    Last week, I spoke at CUSEC (Canadian Undergraduate Software Engineering Conference) in Montreal.   I really enjoy speaking with students and learning what they are working on.  They are the future of our industry!  I was so impressed by the level of organization and the kindness and thoughtfulness of the CUSEC organizing committee who were all students from various universities across Canada. I hope that you all are enjoying some much needed rest after your tremendous work in the months approaching the conference and last week.

  • Percona Announces Sneak Peek of Conference Breakout Sessions for Seventh Annual Percona Live Open Source Database Conference
  • The Universal Donor

    A few people reacted negatively to my article on why Public Domain software is broadly unsuitable for inclusion in a community open source project. Most argued that because public domain gave them the rights they need where they live (mostly the USA), I should not say it was wrong to use it.

    That demonstrates either parochialism or a misunderstanding of what public domain really means. It should not be used for the same reason code known to be subject to software patents should not be used — namely that only code that, to the best efforts possible, can be used by anyone, anywhere without the need to ask permission (e.g. by buying a patent license) or check it it’s needed (e.g. is that PD code PD here?) can be used in an open source project. Public domain fails the test for multiple reasons: global differences in copyright term, copyright as an unalienable moral rather than as a property right, and more.

    Yes, public domain may give you the rights you need. But in an open source project, it’s not enough for you to determine you personally have the rights you need. In order to function, every user and contributor of the project needs prior confidence they can use, improve and share the code, regardless of their location or the use to which they put it. That confidence also has to extend to their colleagues, customers and community as well.

Ubuntu: Ubuntu Core, Ubuntu Free Culture Showcase for 18.04, Lubuntu 17.04 EoL

Filed under
Ubuntu
  • Ubuntu Core: A secure open source OS for IoT

    Canonical's Ubuntu Core, a tiny, transactional version of the Ubuntu Linux OS for IoT devices, runs highly secure Linux application packages, known as "snaps," that can be upgraded remotely.

  • Introducing the Ubuntu Free Culture Showcase for 18.04

    Ubuntu’s changed a lot in the last year, and everything is leading up to a really exciting event: the release of 18.04 LTS! This next version of Ubuntu will once again offer a stable foundation for countless humans who use computers for work, play, art, relaxation, and creation. Among the various visual refreshes of Ubuntu, it’s also time to go to the community and ask for the best wallpapers. And it’s also time to look for a new video and music file that will be waiting for Ubuntu users on the install media’s Examples folder, to reassure them that their video and sound drivers are quite operational.

    Long-term support releases like Ubuntu 18.04 LTS are very important, because they are downloaded and installed ten times more often than every single interim release combined. That means that the wallpapers, video, and music that are shipped will be seen ten times more than in other releases. So artists, select your best works. Ubuntu enthusiasts, spread the word about the contest as far and wide as you can. Everyone can help make this next LTS version of Ubuntu an amazing success.

  • Lubuntu 17.04 has reached End of Life

    The Lubuntu Team announces that as a non-LTS release, 17.04 has a 9-month support cycle and, as such, reached end of life on Saturday, January 13, 2018. Lubuntu will no longer provide bug fixes or security updates for 17.04, and we strongly recommend that you update to 17.10, which continues to be actively supported with security updates and select high-impact bug fixes.

KDE: Compositor Switcher, digiKam, Season Of KDE

Filed under
KDE
  • This App Automatically Disables Compositing in KDE When Opening Steam

    Compositor Switcher for KDE is a small utility that can disable compositing on the KDE Plasma desktop when running a specific gaming client.

  • digiKam 5.8 Open-Source Image Manipulator Adds UPnP/DLNA Export, Improvements

    The digiKam 5.8.0 open-source cross-platform image editor, viewer, and organizer tool has been released over the weekend with numerous improvements and some new features.

    Coming four months after the previous release, digiKam 5.8.0 is here with another set of enhancements for fans of the applications. For starters, the new version introduces a new tool that allows users to export their image collections to UPnP/DLNA-compatible devices. It can be accessed in all of digiKam's views through the Tools menu.

    "In September 2017, the digiKam team has been invited to take part in the Randa Meetings," reads the release announcement. "We have focused the reunion on including the new media server dedicated to sharing collection contents on local networks with compatible DLNA devices or applications, such as tablets, cellulars, TV, etc."

  • Season Of KDE

    After contributing for several months at GCompris, I applied for SoK 2018 and finally my proposal got selected among top 10 participants. I am very happy with the results I have got.

  • SoK Project – Week 1 & 2

    With all the happiness after being selected for SoK 2018, I was looking forward to start working on my project with whole dedication. My project aims to complete port of a brain-boosting memory activity called “Railroad” (in which kids have to observe the given train and memorize it within given time and then try to rebuild it) from Gtk+ to Qt version. It is a part of project GCompris(a high-quality educational software suite, including a large number of activities for children aged 2 to 10). My mentors are Timothée Giet and Rudra Nil Basu, along with them I’d like to thank a lot to Johnny Jazeix and Divyam Madaan for helping me with my project. My SoK proposal can be found here –> SoK Proposal. And my progress can be tracked at –> Railroad branch.

Kernel: Retpoline, VirtualBox, Linux 4.15 Next Weekend, and Linux Storage, Filesystem, and Memory-Management Summit

Filed under
Linux
  • Retpoline Is Still Being Improved Upon For Intel Skylake/Kabylake

    While initial support for Retpoline was merged into the Linux 4.15 Git kernel last week and is now being backported to some supported Linux kernel series, there is still additional work ongoing for properly mitigating Spectre v2 on Intel Skylake CPUs and newer.

    It turns out Skylake CPUs and newer require additional patches to fully mitigate against the Spectre Variant Two vulnerability. These newer CPUs can fallback to a potentially poisoned indirect branch predictor when a return buffer underflows. Andi Kleen of Intel has sent out a new patch series dubbed "RETPOLINE_UNDERFLOW" that gets enabled by default for Skylake CPUs and newer.

  • VirtualBox Guest Driver Being Mainlined With Linux 4.16

    The upcoming Linux 4.16 kernel cycle will be mainlining the VirtualBox Guest "vboxguest" kernel driver.

    As part of an effort led by Red Hat, the VirtualBox guest drivers are finally working towards mainline in the Linux kernel and with 4.16 there is the vboxguest driver as a notable step following the VirtualBox DRM/KMS driver in Linux 4.13.

  • Linus Torvalds Is Hopeful for a January 21 Release of the Linux 4.15 Kernel

    The eighth and probably the last RC (Release Candidate) of the upcoming Linux 4.15 kernel series has been announced by Linus Torvalds over the weekend and it's now ready for public testing.

    Coming a week after the seventh RC, Linux kernel 4.15 Release Candidate 8 is here with more patches against the Meltdown and Spectre security vulnerabilities publicly disclosed earlier this month. Most specifically, it brings x86 "retpoline" support, a solution developed by Google and other security researchers to not allow speculation on the CPU.

  • LSFMM 2018 call for proposals

    The 2018 Linux Storage, Filesystem, and Memory-Management Summit will be held April 23-25 in Park City, Utah. The call for proposals has just gone out with a tight deadline: they need to be received by January 31.

Red Hat and Fedora

Filed under
Red Hat

Security: Updates, Secure Contexts, RubyMiner, ZAP, Transmission, AMD

Filed under
Security
  • Security updates for Monday
  • Secure Contexts Everywhere

    Since Let’s Encrypt launched, the Secure Contexts specification has become much more mature. We have witnessed the successful restriction of existing, as well as new features to secure contexts. The W3C TAG is about to drastically raise the bar to ship features on insecure contexts. All the building blocks are now in place to quicken the adoption of HTTPS and secure contexts, and follow through on our intent to deprecate non-secure HTTP.

  • Linux and Windows Servers Targeted with RubyMiner Malware

    Security researchers have spotted a new strain of malware being deployed online. Named RubyMiner, this malware is a cryptocurrency miner spotted going after outdated web servers.

    According to research published by Check Point and Certego, and information received by Bleeping Computer from Ixia, attacks started on January 9-10, last week.

  • Virtual currency miners target web servers with malware
  • ZAP provides automated security tests in continuous integration pipelines

    Commonly, a mixture of open source and expensive proprietary tools are shoehorned into a pipeline to perform tests on nightly as well as ad hoc builds. However, anyone who has used such tests soon realizes that the maturity of a smaller number of time-honored tests is sometimes much more valuable than the extra detail you get by shoehorning too many tests into the pipe then waiting three hours for a nightly build to complete. The maturity of your battle-hardened tests is key.

  • BitTorrent users beware: Flaw lets hackers control your computer

    There's a critical weakness in the widely used Transmission BitTorrent app that allows websites to execute malicious code on some users' computers. That's according to a researcher with Google's Project Zero vulnerability reporting team, who also warns that other BitTorrent clients are likely similarly susceptible.

    [...]

    Among the things an attacker can do is change the Torrent download directory to the user's home directory. The attacker could then command Transmission to download a Torrent called ".bashrc" which would automatically be executed the next time the user opened a bash shell. Attackers could also remotely reconfigure Transmission to run any command of their choosing after a download has completed. Ormandy said the exploit is of "relatively low complexity, which is why I'm eager to make sure everyone is patched."

  • AMD Releases Linux and Windows Patches for Two Variants of Spectre Vulnerability

    AMD has published a press announcement on Thursday to inform its customers that it released patches for two variants of the Spectre security vulnerability disclosed to the public earlier this month.

  • 'Shift Left': Codifying Intuition into Secure DevOps

    Continuous delivery (CD) is becoming the cornerstone of modern software development, enabling organizations to ship — in small increments — new features and functionality to customers faster to meet market demands. CD is achieved by applying DevOps practices and principles (continuous integration and continuous deployment) from development to operations. There is no continuous delivery without implementing DevOps practices and principles. By that, I mean strong communication and collaboration across teams, and automation across testing, build, and deployment pipelines. But often achieving continuous delivery to meet market demands presents numerous challenges for security.

Applications: GIMP, Partclone, Samba, Tidal

Filed under
Software
  • 6 Cheap Alternatives to Adobe Photoshop

    Adobe Photoshop is easily the industry standard when it comes to graphic and photo editing. We don’t just edit a photo these days, but we ‘photoshop’ it—but ‘shopping things with the real deal isn’t cheap.

    Working on a subscription plan basis, it’ll cost you from $9.99 a month, depending on the package you select. Crucially, you’re renting the product—you’ll never actually own a Photoshop license.

    [...]

    For many years, GIMP has been touted as the ideal free alternative to Photoshop. There’s a good reason for that—it offers very similar functionality to Adobe’s behemoth.

    Providing many professional level features, it includes layers, customizable brushes, filters, and automatic image enhancement tools for those short on time. It further expands its potential through a huge number of plugins, thanks to its very active community. Effectively, it’s in constant development. New features are commonplace, while bugs are few and far between.

    The downside? There’s no native support for RAW files—a key component in photo editing—you have to install an additional plugin straight away for such functionality. Also, GIMP’s highly customizable interface can be intimidating for novice users. While Photoshop is instantly accessible, GIMP requires a little tweaking and manipulation to get things how you like them to look, although recent updates have made it look more like its main competition.

    It’s worth sticking with, of course, given it’s entirely free to use, but for the novice user, it might take a little time to gel.

  • Partclone – A Versatile Free Software for Partition Imaging and Cloning

    Partclone is a free and open-source tool for creating and cloning partition images brought to you by the developers of Clonezilla. In fact, Partclone is one of the tools that Clonezilla is based on.

    It provides users with the tools required to backup and restores used partition blocks along with high compatibility with several file systems thanks to its ability to use existing libraries like e2fslibs to read and write partitions e.g. ext2.

  • Samba 4.8 RC1 Released, Samba 4.9 In Development On Git

    The first release candidate of Samba 4.8 is now available for this popular open-source project implementing the SMB/CIFS protocols.

  • Listen to Tidal Music from the Command Line

    Tidal subscribers have a new way to listen to the high-fidelity music streaming service while using the Linux desktop. The Spotify rival touts better sound quality and bigger royalty cheques for artists, but it doesn’t provide a desktop Tidal music app for Linux.

Security: Patching of GNU/Linux Distros

Filed under
GNU
Linux
Security

16-Way GPU Comparison With NVIDIA GPUs Going Back To Kepler

Filed under
Graphics/Benchmarks

Last week I provided a fresh look at the NVIDIA GeForce vs. AMD Radeon Linux gaming performance using the latest drivers at the start of 2018. That testing included the latest NVIDIA and AMD GPUs, but for those curious how these numbers compare for older NVIDIA GPUs, here's a look with the Kepler and Maxwell graphics cards added to the comparison.

Read more

Ubuntu 18.04 LTS Wallpaper Contest Welcomes Talented Photographers and Artists

Filed under
Ubuntu

Announced today by Ubuntu member Nathan Haines, Ubuntu Free Culture Showcase for Ubuntu 18.04 LTS is now officially open for submissions, and since Ubuntu 18.04 it's an LTS (Long-Term Support) version, which Canonical will support for the next five years with software and security updates, it's more than a wallpaper contest.

Well, of course, it's not a contest, because you won't win any prize besides the fact that your work will be showcased to millions of Ubuntu users worldwide. This time, besides wallpapers, Ubuntu Free Culture Showcase also looks for new video and music files that will be available in the Examples folder of Ubuntu 18.04 LTS' live installation medium.

Read more

KDE Plasma 5.12 LTS Enters Beta, Brings Unified Look and Phone Integration

Filed under
KDE

Designed as the next long-term support (LTS) version of the popular desktop environment, replacing the KDE Plasma 5.8 LTS on users' computers when it will be out early next month, KDE Plasma 5.12 is an important milestone that introduces numerous stability and reliability improvements, along with a bunch of new and long-anticipated features.

One of the most important changes in KDE Plasma 5.12 LTS is the greatly improved support for the next-generation Wayland display server, with a long-term support promise as the KDE Project will continue to patch bugs and other issues until the end of life of the desktop environment next year.

Read more

Also: KDE Plasma 5.12 Reaches Beta With Faster Start-Up Time, Better Wayland Support

How To Create Or Increase Swap Space In Linux

Filed under
Linux

The operating system makes use of swap space when its available physical memory (RAM) is running out due to ever demanding applications. In this situation, the operating system moves the inactive pages in physical memory to swap space.

Read<br />
more

Syndicate content

More in Tux Machines

KDE: Linux and Qt in Automotive, KDE Discover, Plasma5 18.01 in Slackware

  • Linux and Qt in Automotive? Let’s meet up!
    For anyone around the Gothenburg area on Feb 1st, you are most welcome to the Automotive MeetUp held at the Pelagicore and Luxoft offices. There will be talks about Qt/QML, our embedded Linux platform PELUX and some ramblings about open source in automotive by yours truly ;-)
  • What about AppImage?
    I see a lot of people asking about state of AppImage support in Discover. It’s non-existent, because AppImage does not require centralized software management interfaces like Discover and GNOME Software (or a command-line package manager). AppImage bundles are totally self-contained, and come straight from the developer with zero middlemen, and can be managed on the filesystem using your file manager This should sound awfully familiar to former Mac users (like myself), because Mac App bundles are totally self-contained, come straight from the developer with zero middlemen, and are managed using the Finder file manager.
  • What’s new for January? Plasma5 18.01, and more
    When I sat down to write a new post I noticed that I had not written a single post since the previous Plasma 5 announcement. Well, I guess the past month was a busy one. Also I bought a new e-reader (the Kobo Aura H2O 2nd edition) to replace my ageing Sony PRS-T1. That made me spend a lot of time just reading books and enjoying a proper back-lit E-ink screen. What I read? The War of the Flowers by Tad Williams, A Shadow all of Light by Fred Chappell, Persepolis Rising and several of the short stories (Drive, The Butcher of Anderson Station, The Churn and Strange Dogs) by James SA Corey and finally Red Sister by Mark Lawrence. All very much worth your time.

GNU/Linux: Live Patching, Gravity of Kubernetes, Welcome to 2018

  • How Live Patching Has Improved Xen Virtualization
    The open-source Xen virtualization hypervisor is widely deployed by enterprises and cloud providers alike, which benefit from the continuous innovation that the project delivers. In a video interview with ServerWatch, Lars Kurth, Chairman of the Xen Project Advisory Board and Director, Open Source Solutions at Citrix, details some of the recent additions to Xen and how they are helping move the project forward.
  • The Gravity of Kubernetes
    Most new internet businesses started in the foreseeable future will leverage Kubernetes (whether they realize it or not). Many old applications are migrating to Kubernetes too. Before Kubernetes, there was no standardization around a specific distributed systems platform. Just like Linux became the standard server-side operating system for a single node, Kubernetes has become the standard way to orchestrate all of the nodes in your application. With Kubernetes, distributed systems tools can have network effects. Every time someone builds a new tool for Kubernetes, it makes all the other tools better. And it further cements Kubernetes as the standard.
  • Welcome to 2018
    The image of the technology industry as a whole suffered in 2017, and that process is likely to continue this year as well. That should lead to an increased level of introspection that will certainly affect the free-software community. Many of us got into free software to, among other things, make the world a better place. It is not at all clear that all of our activities are doing that, or what we should do to change that situation. Expect a lively conversation on how our projects should be run and what they should be trying to achieve. Some of that introspection will certainly carry into projects related to machine learning and similar topics. There will be more interesting AI-related free software in 2018, but it may not all be beneficial. How well will the world be served, for example, by a highly capable, free facial-recognition system and associated global database? Our community will be no more effective than anybody else at limiting progress of potentially freedom-reducing technologies, but we should try harder to ensure that our technologies promote and support freedom to the greatest extent possible. Our 2017 predictions missed the fact that an increasing number of security problems are being found at the hardware level. We'll not make the same mistake in 2018. Much of what we think of as "hardware" has a great deal of software built into it — highly proprietary software that runs at the highest privilege levels and which is not subject to third-party review. Of course that software has bugs and security issues of its own; it couldn't really be any other way. We will see more of those issues in 2018, and many of them are likely to prove difficult to fix.

Linux Kernel Development

  • New Sound Drivers Coming In Linux 4.16 Kernel
    Due to longtime SUSE developer Takashi Iwai going on holiday the next few weeks, he has already sent in the sound driver feature updates targeting the upcoming Linux 4.16 kernel cycle. The sound subsystem in Linux 4.16 sees continued changes to the ASoC code, clean-ups to the existing drivers, and a number of new drivers.
  • Varlink: a protocol for IPC
    One of the motivations behind projects like kdbus and bus1, both of which have fallen short of mainline inclusion, is to have an interprocess communication (IPC) mechanism available early in the boot process. The D-Bus IPC mechanism has a daemon that cannot be started until filesystems are mounted and the like, but what if the early boot process wants to perform IPC? A new project, varlink, was recently announced; it aims to provide IPC from early boot onward, though it does not really address the longtime D-Bus performance complaints that also served as motivation for kdbus and bus1. The announcement came from Harald Hoyer, but he credited Kay Sievers and Lars Karlitski with much of the work. At its core, varlink is simply a JSON-based protocol that can be used to exchange messages over any connection-oriented transport. No kernel "special sauce" (such as kdbus or bus1) is needed to support it as TCP or Unix-domain sockets will provide the necessary functionality. The messages can be used as a kind of remote procedure call (RPC) using an API defined in an interface file.
  • Statistics for the 4.15 kernel
    The 4.15 kernel is likely to require a relatively long development cycle as a result of the post-rc5 merge of the kernel page-table isolation patches. That said, it should be in something close to its final form, modulo some inevitable bug fixes. The development statistics for this kernel release look fairly normal, but they do reveal an unexpectedly busy cycle overall. This development cycle was supposed to be relatively calm after the anticipated rush to get work into the 4.14 long-term-support release. But, while 4.14 ended up with 13,452 non-merge changesets at release, 4.15-rc6 already has 14,226, making it one of the busiest releases in the kernel project's history. Only 4.9 (16,214 changesets) and 4.12 (14,570) brought in more work, and 4.15 may exceed 4.12 by the time it is finished. So far, 1,707 developers have contributed to this kernel; they added 725,000 lines of code while removing 407,000, for a net growth of 318,000 lines of code.
  • A new kernel polling interface
    Polling a set of file descriptors to see which ones can perform I/O without blocking is a useful thing to do — so useful that the kernel provides three different system calls (select(), poll(), and epoll_wait() — plus some variants) to perform it. But sometimes three is not enough; there is now a proposal circulating for a fourth kernel polling interface. As is usually the case, the motivation for this change is performance. On January 4, Christoph Hellwig posted a new polling API based on the asynchronous I/O (AIO) mechanism. This may come as a surprise to some, since AIO is not the most loved of kernel interfaces and it tends not to get a lot of attention. AIO allows for the submission of I/O operations without waiting for their completion; that waiting can be done at some other time if need be. The kernel has had AIO support since the 2.5 days, but it has always been somewhat incomplete. Direct file I/O (the original use case) works well, as does network I/O. Many other types of I/O are not supported for asynchronous use, though; attempts to use the AIO interface with them will yield synchronous behavior. In a sense, polling is a natural addition to AIO; the whole point of polling is usually to avoid waiting for operations to complete.

Security: OpenSSL, IoT, and LWN Coverage of 'Intelpocalypse'

  • Another Face to Face: Email Changes and Crypto Policy
    The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended. One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
  • Some Basic Rules for Securing Your IoT Stuff

    Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked [sic] IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

  • A look at the handling of Meltdown and Spectre
    The Meltdown/Spectre debacle has, deservedly, reached the mainstream press and, likely, most of the public that has even a remote interest in computers and security. It only took a day or so from the accelerated disclosure date of January 3—it was originally scheduled for January 9—before the bugs were making big headlines. But Spectre has been known for at least six months and Meltdown for nearly as long—at least to some in the industry. Others that were affected were completely blindsided by the announcements and have joined the scramble to mitigate these hardware bugs before they bite users. Whatever else can be said about Meltdown and Spectre, the handling (or, in truth, mishandling) of this whole incident has been a horrific failure. For those just tuning in, Meltdown and Spectre are two types of hardware bugs that affect most modern CPUs. They allow attackers to cause the CPU to do speculative execution of code, while timing memory accesses to deduce what has or has not been cached, to disclose the contents of memory. These disclosures can span various security boundaries such as between user space and the kernel or between guest operating systems running in virtual machines. For more information, see the LWN article on the flaws and the blog post by Raspberry Pi founder Eben Upton that well describes modern CPU architectures and speculative execution to explain why the Raspberry Pi is not affected.
  • Addressing Meltdown and Spectre in the kernel
    When the Meltdown and Spectre vulnerabilities were disclosed on January 3, attention quickly turned to mitigations. There was already a clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but the defenses against the two Spectre variants had not been developed in public and still do not exist in the mainline kernel. Initial versions of proposed defenses have now been disclosed. The resulting picture shows what has been done to fend off Spectre-based attacks in the near future, but the situation remains chaotic, to put it lightly. First, a couple of notes with regard to Meltdown. KPTI has been merged for the 4.15 release, followed by a steady trickle of fixes that is undoubtedly not yet finished. The X86_BUG_CPU_INSECURE processor bit is being renamed to X86_BUG_CPU_MELTDOWN now that the details are public; there will be bug flags for the other two variants added in the near future. 4.9.75 and 4.4.110 have been released with their own KPTI variants. The older kernels do not have mainline KPTI, though; instead, they have a backport of the older KAISER patches that more closely matches what distributors shipped. Those backports have not fully stabilized yet either. KPTI patches for ARM are circulating, but have not yet been merged.
  • Is it time for open processors?
    The disclosure of the Meltdown and Spectre vulnerabilities has brought a new level of attention to the security bugs that can lurk at the hardware level. Massive amounts of work have gone into improving the (still poor) security of our software, but all of that is in vain if the hardware gives away the game. The CPUs that we run in our systems are highly proprietary and have been shown to contain unpleasant surprises (the Intel management engine, for example). It is thus natural to wonder whether it is time to make a move to open-source hardware, much like we have done with our software. Such a move may well be possible, and it would certainly offer some benefits, but it would be no panacea. Given the complexity of modern CPUs and the fierceness of the market in which they are sold, it might be surprising to think that they could be developed in an open manner. But there are serious initiatives working in this area; the idea of an open CPU design is not pure fantasy. A quick look around turns up several efforts; the following list is necessarily incomplete.
  • Notes from the Intelpocalypse
    Rumors of an undisclosed CPU security issue have been circulating since before LWN first covered the kernel page-table isolation patch set in November 2017. Now, finally, the information is out — and the problem is even worse than had been expected. Read on for a summary of these issues and what has to be done to respond to them in the kernel. All three disclosed vulnerabilities take advantage of the CPU's speculative execution mechanism. In a simple view, a CPU is a deterministic machine executing a set of instructions in sequence in a predictable manner. Real-world CPUs are more complex, and that complexity has opened the door to some unpleasant attacks. A CPU is typically working on the execution of multiple instructions at once, for performance reasons. Executing instructions in parallel allows the processor to keep more of its subunits busy at once, which speeds things up. But parallel execution is also driven by the slowness of access to main memory. A cache miss requiring a fetch from RAM can stall the execution of an instruction for hundreds of processor cycles, with a clear impact on performance. To minimize the amount of time it spends waiting for data, the CPU will, to the extent it can, execute instructions after the stalled one, essentially reordering the code in the program. That reordering is often invisible, but it occasionally leads to the sort of fun that caused Documentation/memory-barriers.txt to be written.