Language Selection

English French German Italian Portuguese Spanish

Ubuntu

Slack as a Snap

Filed under
Software
Ubuntu
  • In a Snap, Slack Comes to Linux. Here's How To Install It

    While binaries for Slack have been available for Ubuntu and Fedora, other Linux operating systems are not so lucky. To overcome this, Canonical has released Slack as a Snap, which allows Slack to be installed and used on a greater variety of Linux distributions.

    Snapcraft is a command line tool that allows you to install containerised applications called Snaps on many different Linux distribution. As these Snap containers contain all the required dependencies that a program needs to run, it makes it very easy to create and distribute a single container that works on a variety of Linux versions.

  • Linux Users Can Now Download Slack as a ‘Snap’

    Slack is one step closer to becoming the workplace staple for businesses across the globe. The software is now available for use on Linux environments, bundled as a Snap – an application package for opensource systems.

    Tens of millions of users across the world run Linux on their systems, opting for one among its many distribution avatars. In comparison, Slack reported that over 6 million active profiles used the app daily last year, 2 million of them with paid subscriptions. The new release could open Slack up to a whole new set of customers.

  • Slack has arrived on Linux thanks to Canonical Snap

    CANONICAL HAS made the wishes of its users come true again as it brings another major app to Linux users for the first time.

    This time it's popular team platform Slack. The secret sauce is Ubuntu's "Snap" packages, a form of containerisation which puts an app into a little bubble that makes it run in the Linux environment. At Christmas, the technique was used to bring a desktop Spotify to Linux for the first time.

    The important thing here is that Snaps, first launched in 2016, run on any Linux distro, not just Canonical's own Ubuntu. Named specifically were Linux Mint, Manjaro, Debian, ArchLinux, OpenSUSE and Solus. Not only that, they work across desktop, server, cloud and IoT.

Proprietary Slack as Canonical's Showcase of Snap

Filed under
Ubuntu
  • Slack comes to Linux as a snap

    Slack’s ambition to become the default, go-to place for employees chat to each other and link into hundreds of other applications to get work done is getting one more step up today by becoming available on a new platform. From today, Slack will be available as a Snap, an application package that’s available across a range of open-source-based Linux environments.

  • Slack now available as a Snap for Linux

    At the end of last year, the Linux desktop scored a huge win when Spotify became available as a Snap. If you aren't familiar with Snaps, please know that they are essentially software packages designed to run as a container on any Linux distro. Not only does it make installing software packages easier for users, but it makes things simpler for developers too. Ultimately, Snaps have the potential to solve the big fragmentation problem in the Linux desktop community.

  • Slack Is Now Available as a Snap for Ubuntu and Other Linux Distros

    Canonical and Slack announced today that the popular Slack team collaboration and communication platform is now available as a Snap for Ubuntu and other Snappy-enabled GNU/Linux distributions.

    With the promise of making your working life simpler, more productive and pleasant, Slack is used by numerous organizations and businesses to increase the productivity of their employees. It's an all-in-one platform that offers messaging, planning, calendaring, budgeting, code reviewing, and many other tools.

    "Slack brings team communication and collaboration into one place so you can get more work done, whether you belong to a large enterprise or a small business. Check off your to-do list and move your projects forward by bringing the right people, conversations, tools, and information you need together," reads project's page.

  • Canonical brings Slack to the snap ecosystem

    Canonical, the company behind Ubuntu, today announced the first iteration of Slack as a snap, bringing collaboration to open source users.

    Slack is an enterprise software platform that allows teams and businesses of all sizes to communicate effectively. Slack works seamlessly with other software tools within a single integrated environment, providing an accessible archive of an organisation’s communications, information and projects.

    In adopting the universal Linux app packaging format, Slack will open its digital workplace up to an-ever growing community of Linux users, including those using Linux Mint, Manjaro, Debian, ArchLinux, OpenSUSE, Solus, and Ubuntu.

  • Want to Install Slack on Ubuntu? It’s Now Easier Than Ever

    You can easily install Slack on Ubuntu as a Snap application from the Ubuntu Software app. The popular app lets people chat and collaborate in realtime.

Ubuntu Patches

Filed under
Ubuntu
  • Ubuntu Preparing Kernel Updates With IBRS/IBPB For Spectre Mitigation

    Canonical has rolled out Spectre Variant One and Spectre Variant Two mitigation to their proposed repository with updated kernels for Ubuntu 14.04 LTS / 16.04 LTS / 17.10. These kernels with IBRS and IBPB added in will be sent down as stable release updates next week.

  • Canonical Invites Ubuntu Users to Test Kernel Patches for Spectre Security Flaw

    Canonical has released preliminary kernel updates to mitigate both variants of the Spectre security vulnerability in all supported Ubuntu Linux operating systems, including all official flavors.

    The company promised last week that it would release new kernel updates on Monday, January 15, 2018, for all supported Ubuntu releases. But it didn't happen as they needed more time to thoroughly test and prepare the patches that would presumably address variant 1 and 2 of the Spectre exploit, which is harder to fix than Meltdown, so that it won't cause any issues.

  • Purism Progress Report, Spectre Mitigation for Ubuntu, Malicious Chrome Extensions and More

    Canonical has made Spectre Variant One and Spectre Variant Two mitigation availble in Ubuntu Proposed with updated kernels for Ubuntu 14.04 LTS, 16.04 LTS and 17.10. Those kernels will be in the stable release updates starting January 22, 2018. See ubuntu insights for more information.

Canonical Wants to Stick to Older Nautilus for Desktop Icons in Ubuntu 18.04 LTS

Filed under
Ubuntu

As you may be aware, upstream GNOME team decided to remove the handling of desktop icons from the Nautilus file manager, moving it to the GNOME Shell user interface through an extension. The change will take effect with the upcoming GNOME 3.28 desktop environment, due for release on March 14, 2018.

Now that Ubuntu switched to GNOME as default desktop environment, the change will affect all upcoming releases of the operating system, starting with Ubuntu 18.04 LTS (Bionic Beaver), which is currently under heavy development.

Read more

Debian and Ubuntu: gLinux, arm64, GNOME and Ubucon Europe

Filed under
Debian
Ubuntu
  • Google Developing New Debian-Based Linux For Internal Use

    Web giant Google announced at the DebConf17 Linux conference that it will be changing over to a Debian-based distribution of GNU/Linux internally, known as gLinux. One of the key developers involved with Google’s internal specialized Linux distribution efforts took the stage to make the announcement. It’s worth noting that this team member formerly worked for Canonical, the team behind the popular Ubuntu distribution. That is because Google is dumping Ubuntu as its base and moving to Debian, the distribution that Ubuntu is forked from. The move will be gradual; some of Google’s most mission-critical computers, including desktops, laptops, and servers, currently run on Goobuntu, and it will take time to develop gLinux and deploy it across Google’s internal Linux fleet.

  • Google Replaces Its Ubuntu-Based Goobuntu Linux OS with Debian-Based gLinux

    After more than five years of using its in-house built Ubuntu-based Goobuntu Linux distribution internally for various things, Google has decided to replace it with a gLinux, based on Debian Testing.

    It's no secret that Google users Linux a lot. It's Android and Chrome OS operating systems are powered by Linux, so they need to use a GNU/Linux distro to work on its other OSes for laptops and mobile phones. Until now, the company used Goobuntu Linux, which was based on Canonical's very popular Ubuntu Linux operating system.

  • First steps with arm64

    As it was Christmas time recently, I wanted to allow oneself something special. So I ordered a Macchiatobin from SolidRun. Unfortunately they don’t exaggerate with their delivery times and I had to wait about two months for my device. I couldn’t celebrate Christmas time with it, but fortunately New Year.

    Anyway, first I tried to use the included U-Boot to start the Debian installer on an USB stick. Oh boy, that was a bad idea and in retrospect just a waste of time. But there is debian-arm@l.d.o and Steve McIntyre was so kind to help me out of my vale of tears.

  • Why Ubuntu 18.04 LTS Will Use an Older Version of Nautilus

    Ubuntu devs have decided to release Ubuntu 18.04 LTS with Nautilus 3.26 installed so that users are able to put icons on the desktop.

    GNOME removed the option to put icons on the desktop earlier this month. The next release of the file manager, the app which has hitherto handled the job of drawing and managing the ‘desktop’ space, will no longer support this feature.

  • Ubucon Europe: 100 Days to go!

Behind the scenes with Pop!_OS Linux

Filed under
GNU
Linux
Interviews
Ubuntu

In October, Linux PC maker System76 released its homegrown version of Linux, Pop!_OS, giving users the choice between its legacy Ubuntu operating system or the new Pop!_OS flavor of Linux. Recently Opensource.com gave away a System76 laptop with Pop!_OS installed, which made me curious about the company and this new version of Linux, so I spoke with Cassidy James Blaede, Pop!_OS's user experience (UX) designer.

Blaede joined System76 in 2014, fresh out of college at the University of Northern Iowa and marriage to his wife, Katie. While in college, he co-founded the elementary OS project and interned at UX consultancy Visual Logic, both of which influenced his work for System76. He started at System76 as a front-end developer and was later promoted to UX architect.

Read more

Also: Linux Journal 2.0 Progress Report

Ubuntu: Ubuntu Core, Ubuntu Free Culture Showcase for 18.04, Lubuntu 17.04 EoL

Filed under
Ubuntu
  • Ubuntu Core: A secure open source OS for IoT

    Canonical's Ubuntu Core, a tiny, transactional version of the Ubuntu Linux OS for IoT devices, runs highly secure Linux application packages, known as "snaps," that can be upgraded remotely.

  • Introducing the Ubuntu Free Culture Showcase for 18.04

    Ubuntu’s changed a lot in the last year, and everything is leading up to a really exciting event: the release of 18.04 LTS! This next version of Ubuntu will once again offer a stable foundation for countless humans who use computers for work, play, art, relaxation, and creation. Among the various visual refreshes of Ubuntu, it’s also time to go to the community and ask for the best wallpapers. And it’s also time to look for a new video and music file that will be waiting for Ubuntu users on the install media’s Examples folder, to reassure them that their video and sound drivers are quite operational.

    Long-term support releases like Ubuntu 18.04 LTS are very important, because they are downloaded and installed ten times more often than every single interim release combined. That means that the wallpapers, video, and music that are shipped will be seen ten times more than in other releases. So artists, select your best works. Ubuntu enthusiasts, spread the word about the contest as far and wide as you can. Everyone can help make this next LTS version of Ubuntu an amazing success.

  • Lubuntu 17.04 has reached End of Life

    The Lubuntu Team announces that as a non-LTS release, 17.04 has a 9-month support cycle and, as such, reached end of life on Saturday, January 13, 2018. Lubuntu will no longer provide bug fixes or security updates for 17.04, and we strongly recommend that you update to 17.10, which continues to be actively supported with security updates and select high-impact bug fixes.

Ubuntu 18.04 LTS Wallpaper Contest Welcomes Talented Photographers and Artists

Filed under
Ubuntu

Announced today by Ubuntu member Nathan Haines, Ubuntu Free Culture Showcase for Ubuntu 18.04 LTS is now officially open for submissions, and since Ubuntu 18.04 it's an LTS (Long-Term Support) version, which Canonical will support for the next five years with software and security updates, it's more than a wallpaper contest.

Well, of course, it's not a contest, because you won't win any prize besides the fact that your work will be showcased to millions of Ubuntu users worldwide. This time, besides wallpapers, Ubuntu Free Culture Showcase also looks for new video and music files that will be available in the Examples folder of Ubuntu 18.04 LTS' live installation medium.

Read more

Benchmarking Ubuntu's Low-Latency Kernel & Liquorix Post-Meltdown

Filed under
Graphics/Benchmarks
Security
Ubuntu

The Ubuntu low-latency kernel is designed for, well, low-latency workloads like audio processing/recording. The lowlatency kernel compared to the generic Linux x86_64 kernel enables IRQ_FORCED_THREADING_DEFAULT, disables TREE_RCU in favor of PREEMPT_RCU, disables OPTPROBES, enables UNINLINE_SPIN_UNLOCK while disables the INLINE_*_UNLOCK tunables, enables PREEMPT support, changes to 1000Hz tick from 250Hz, and enables LATENCYTOP support.

The Liquorix kernel continues to be a bit more unique and among its alterations compared to a generic kernel is Zen interactive tuning, making use of the MuQSS process scheduler, hard kernel preemption, BFQ I/O scheduler by default, network optimizations, and more as outlined at Liquorix.net. Liquorix also defaults to CPUFreq on Intel CPUs and uses the ondemand governor rather than the other tested kernels defaulting to P_State powersave.

For these tests were benchmarks of 4.13.0-25-generic (the current default Ubuntu 17.10 kernel with KPTI patched), 4.14.13-041413-generic as the latest upstream stable kernel from the Ubuntu Mainline Kernel PPA, 4.14.13-041413-lowlatency as the equivalent low-latency Ubuntu kernel, and then 4.14.0-13.1-liquorix as the latest Liquorix kernel via its Launchpad PPA. All of these kernels had KPTI protection present and enabled, none of them currently have the (currently out-of-tree) Retpoline support.

Read more

Also: Ubuntu 17.10.1 ISOs available with corrupting BIOS fix

Tweaking Ubuntu 17.10 To Try To Run Like Clear Linux

Filed under
Ubuntu

Even with the overhead of having both KPTI and Retpoline kernel support in place, our recent Linux distribution benchmarks have shown Intel's Clear Linux generally outperforming the more popular distributions. But if applying some basic performance tweaks, can Ubuntu 17.10 perform like Clear Linux? Here are some benchmarks looking at a few factors.

In our forums there were recently some users attributing the Clear performance benefit to their CFLAGS and the distribution defaulting to the P-State "performance" governor rather than the "powersave" governor. It's true those are two of the ways this Intel open-source platform tries to deliver better out-of-the-box performance, but that is not all. Explained at ClearLinux.org, they also apply automatic feedback-driven optimizations (GCC FDO), function multi-versioning (FMV) to deliver optimized functions selected at run-time based upon the CPU micro-architecture being used, and various other approaches for trying to deliver the best out-of-the-box Linux performance that does include backporting various patches, etc. And, yes, hopefully this article can provide some motivation for Ubuntu and other distributions to become a bit more aggressive with their defaults to deliver a more optimized experience on installation.

Read more

Also: Ubuntu Unity Remix Day 3: Unity Tweak Tool

Syndicate content

More in Tux Machines

KDE: Linux and Qt in Automotive, KDE Discover, Plasma5 18.01 in Slackware

  • Linux and Qt in Automotive? Let’s meet up!
    For anyone around the Gothenburg area on Feb 1st, you are most welcome to the Automotive MeetUp held at the Pelagicore and Luxoft offices. There will be talks about Qt/QML, our embedded Linux platform PELUX and some ramblings about open source in automotive by yours truly ;-)
  • What about AppImage?
    I see a lot of people asking about state of AppImage support in Discover. It’s non-existent, because AppImage does not require centralized software management interfaces like Discover and GNOME Software (or a command-line package manager). AppImage bundles are totally self-contained, and come straight from the developer with zero middlemen, and can be managed on the filesystem using your file manager This should sound awfully familiar to former Mac users (like myself), because Mac App bundles are totally self-contained, come straight from the developer with zero middlemen, and are managed using the Finder file manager.
  • What’s new for January? Plasma5 18.01, and more
    When I sat down to write a new post I noticed that I had not written a single post since the previous Plasma 5 announcement. Well, I guess the past month was a busy one. Also I bought a new e-reader (the Kobo Aura H2O 2nd edition) to replace my ageing Sony PRS-T1. That made me spend a lot of time just reading books and enjoying a proper back-lit E-ink screen. What I read? The War of the Flowers by Tad Williams, A Shadow all of Light by Fred Chappell, Persepolis Rising and several of the short stories (Drive, The Butcher of Anderson Station, The Churn and Strange Dogs) by James SA Corey and finally Red Sister by Mark Lawrence. All very much worth your time.

GNU/Linux: Live Patching, Gravity of Kubernetes, Welcome to 2018

  • How Live Patching Has Improved Xen Virtualization
    The open-source Xen virtualization hypervisor is widely deployed by enterprises and cloud providers alike, which benefit from the continuous innovation that the project delivers. In a video interview with ServerWatch, Lars Kurth, Chairman of the Xen Project Advisory Board and Director, Open Source Solutions at Citrix, details some of the recent additions to Xen and how they are helping move the project forward.
  • The Gravity of Kubernetes
    Most new internet businesses started in the foreseeable future will leverage Kubernetes (whether they realize it or not). Many old applications are migrating to Kubernetes too. Before Kubernetes, there was no standardization around a specific distributed systems platform. Just like Linux became the standard server-side operating system for a single node, Kubernetes has become the standard way to orchestrate all of the nodes in your application. With Kubernetes, distributed systems tools can have network effects. Every time someone builds a new tool for Kubernetes, it makes all the other tools better. And it further cements Kubernetes as the standard.
  • Welcome to 2018
    The image of the technology industry as a whole suffered in 2017, and that process is likely to continue this year as well. That should lead to an increased level of introspection that will certainly affect the free-software community. Many of us got into free software to, among other things, make the world a better place. It is not at all clear that all of our activities are doing that, or what we should do to change that situation. Expect a lively conversation on how our projects should be run and what they should be trying to achieve. Some of that introspection will certainly carry into projects related to machine learning and similar topics. There will be more interesting AI-related free software in 2018, but it may not all be beneficial. How well will the world be served, for example, by a highly capable, free facial-recognition system and associated global database? Our community will be no more effective than anybody else at limiting progress of potentially freedom-reducing technologies, but we should try harder to ensure that our technologies promote and support freedom to the greatest extent possible. Our 2017 predictions missed the fact that an increasing number of security problems are being found at the hardware level. We'll not make the same mistake in 2018. Much of what we think of as "hardware" has a great deal of software built into it — highly proprietary software that runs at the highest privilege levels and which is not subject to third-party review. Of course that software has bugs and security issues of its own; it couldn't really be any other way. We will see more of those issues in 2018, and many of them are likely to prove difficult to fix.

Linux Kernel Development

  • New Sound Drivers Coming In Linux 4.16 Kernel
    Due to longtime SUSE developer Takashi Iwai going on holiday the next few weeks, he has already sent in the sound driver feature updates targeting the upcoming Linux 4.16 kernel cycle. The sound subsystem in Linux 4.16 sees continued changes to the ASoC code, clean-ups to the existing drivers, and a number of new drivers.
  • Varlink: a protocol for IPC
    One of the motivations behind projects like kdbus and bus1, both of which have fallen short of mainline inclusion, is to have an interprocess communication (IPC) mechanism available early in the boot process. The D-Bus IPC mechanism has a daemon that cannot be started until filesystems are mounted and the like, but what if the early boot process wants to perform IPC? A new project, varlink, was recently announced; it aims to provide IPC from early boot onward, though it does not really address the longtime D-Bus performance complaints that also served as motivation for kdbus and bus1. The announcement came from Harald Hoyer, but he credited Kay Sievers and Lars Karlitski with much of the work. At its core, varlink is simply a JSON-based protocol that can be used to exchange messages over any connection-oriented transport. No kernel "special sauce" (such as kdbus or bus1) is needed to support it as TCP or Unix-domain sockets will provide the necessary functionality. The messages can be used as a kind of remote procedure call (RPC) using an API defined in an interface file.
  • Statistics for the 4.15 kernel
    The 4.15 kernel is likely to require a relatively long development cycle as a result of the post-rc5 merge of the kernel page-table isolation patches. That said, it should be in something close to its final form, modulo some inevitable bug fixes. The development statistics for this kernel release look fairly normal, but they do reveal an unexpectedly busy cycle overall. This development cycle was supposed to be relatively calm after the anticipated rush to get work into the 4.14 long-term-support release. But, while 4.14 ended up with 13,452 non-merge changesets at release, 4.15-rc6 already has 14,226, making it one of the busiest releases in the kernel project's history. Only 4.9 (16,214 changesets) and 4.12 (14,570) brought in more work, and 4.15 may exceed 4.12 by the time it is finished. So far, 1,707 developers have contributed to this kernel; they added 725,000 lines of code while removing 407,000, for a net growth of 318,000 lines of code.
  • A new kernel polling interface
    Polling a set of file descriptors to see which ones can perform I/O without blocking is a useful thing to do — so useful that the kernel provides three different system calls (select(), poll(), and epoll_wait() — plus some variants) to perform it. But sometimes three is not enough; there is now a proposal circulating for a fourth kernel polling interface. As is usually the case, the motivation for this change is performance. On January 4, Christoph Hellwig posted a new polling API based on the asynchronous I/O (AIO) mechanism. This may come as a surprise to some, since AIO is not the most loved of kernel interfaces and it tends not to get a lot of attention. AIO allows for the submission of I/O operations without waiting for their completion; that waiting can be done at some other time if need be. The kernel has had AIO support since the 2.5 days, but it has always been somewhat incomplete. Direct file I/O (the original use case) works well, as does network I/O. Many other types of I/O are not supported for asynchronous use, though; attempts to use the AIO interface with them will yield synchronous behavior. In a sense, polling is a natural addition to AIO; the whole point of polling is usually to avoid waiting for operations to complete.

Security: OpenSSL, IoT, and LWN Coverage of 'Intelpocalypse'

  • Another Face to Face: Email Changes and Crypto Policy
    The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended. One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
  • Some Basic Rules for Securing Your IoT Stuff

    Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked [sic] IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

  • A look at the handling of Meltdown and Spectre
    The Meltdown/Spectre debacle has, deservedly, reached the mainstream press and, likely, most of the public that has even a remote interest in computers and security. It only took a day or so from the accelerated disclosure date of January 3—it was originally scheduled for January 9—before the bugs were making big headlines. But Spectre has been known for at least six months and Meltdown for nearly as long—at least to some in the industry. Others that were affected were completely blindsided by the announcements and have joined the scramble to mitigate these hardware bugs before they bite users. Whatever else can be said about Meltdown and Spectre, the handling (or, in truth, mishandling) of this whole incident has been a horrific failure. For those just tuning in, Meltdown and Spectre are two types of hardware bugs that affect most modern CPUs. They allow attackers to cause the CPU to do speculative execution of code, while timing memory accesses to deduce what has or has not been cached, to disclose the contents of memory. These disclosures can span various security boundaries such as between user space and the kernel or between guest operating systems running in virtual machines. For more information, see the LWN article on the flaws and the blog post by Raspberry Pi founder Eben Upton that well describes modern CPU architectures and speculative execution to explain why the Raspberry Pi is not affected.
  • Addressing Meltdown and Spectre in the kernel
    When the Meltdown and Spectre vulnerabilities were disclosed on January 3, attention quickly turned to mitigations. There was already a clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but the defenses against the two Spectre variants had not been developed in public and still do not exist in the mainline kernel. Initial versions of proposed defenses have now been disclosed. The resulting picture shows what has been done to fend off Spectre-based attacks in the near future, but the situation remains chaotic, to put it lightly. First, a couple of notes with regard to Meltdown. KPTI has been merged for the 4.15 release, followed by a steady trickle of fixes that is undoubtedly not yet finished. The X86_BUG_CPU_INSECURE processor bit is being renamed to X86_BUG_CPU_MELTDOWN now that the details are public; there will be bug flags for the other two variants added in the near future. 4.9.75 and 4.4.110 have been released with their own KPTI variants. The older kernels do not have mainline KPTI, though; instead, they have a backport of the older KAISER patches that more closely matches what distributors shipped. Those backports have not fully stabilized yet either. KPTI patches for ARM are circulating, but have not yet been merged.
  • Is it time for open processors?
    The disclosure of the Meltdown and Spectre vulnerabilities has brought a new level of attention to the security bugs that can lurk at the hardware level. Massive amounts of work have gone into improving the (still poor) security of our software, but all of that is in vain if the hardware gives away the game. The CPUs that we run in our systems are highly proprietary and have been shown to contain unpleasant surprises (the Intel management engine, for example). It is thus natural to wonder whether it is time to make a move to open-source hardware, much like we have done with our software. Such a move may well be possible, and it would certainly offer some benefits, but it would be no panacea. Given the complexity of modern CPUs and the fierceness of the market in which they are sold, it might be surprising to think that they could be developed in an open manner. But there are serious initiatives working in this area; the idea of an open CPU design is not pure fantasy. A quick look around turns up several efforts; the following list is necessarily incomplete.
  • Notes from the Intelpocalypse
    Rumors of an undisclosed CPU security issue have been circulating since before LWN first covered the kernel page-table isolation patch set in November 2017. Now, finally, the information is out — and the problem is even worse than had been expected. Read on for a summary of these issues and what has to be done to respond to them in the kernel. All three disclosed vulnerabilities take advantage of the CPU's speculative execution mechanism. In a simple view, a CPU is a deterministic machine executing a set of instructions in sequence in a predictable manner. Real-world CPUs are more complex, and that complexity has opened the door to some unpleasant attacks. A CPU is typically working on the execution of multiple instructions at once, for performance reasons. Executing instructions in parallel allows the processor to keep more of its subunits busy at once, which speeds things up. But parallel execution is also driven by the slowness of access to main memory. A cache miss requiring a fetch from RAM can stall the execution of an instruction for hundreds of processor cycles, with a clear impact on performance. To minimize the amount of time it spends waiting for data, the CPU will, to the extent it can, execute instructions after the stalled one, essentially reordering the code in the program. That reordering is often invisible, but it occasionally leads to the sort of fun that caused Documentation/memory-barriers.txt to be written.