Language Selection

English French German Italian Portuguese Spanish

Software

Slack as a Snap

Filed under
Software
Ubuntu
  • In a Snap, Slack Comes to Linux. Here's How To Install It

    While binaries for Slack have been available for Ubuntu and Fedora, other Linux operating systems are not so lucky. To overcome this, Canonical has released Slack as a Snap, which allows Slack to be installed and used on a greater variety of Linux distributions.

    Snapcraft is a command line tool that allows you to install containerised applications called Snaps on many different Linux distribution. As these Snap containers contain all the required dependencies that a program needs to run, it makes it very easy to create and distribute a single container that works on a variety of Linux versions.

  • Linux Users Can Now Download Slack as a ‘Snap’

    Slack is one step closer to becoming the workplace staple for businesses across the globe. The software is now available for use on Linux environments, bundled as a Snap – an application package for opensource systems.

    Tens of millions of users across the world run Linux on their systems, opting for one among its many distribution avatars. In comparison, Slack reported that over 6 million active profiles used the app daily last year, 2 million of them with paid subscriptions. The new release could open Slack up to a whole new set of customers.

  • Slack has arrived on Linux thanks to Canonical Snap

    CANONICAL HAS made the wishes of its users come true again as it brings another major app to Linux users for the first time.

    This time it's popular team platform Slack. The secret sauce is Ubuntu's "Snap" packages, a form of containerisation which puts an app into a little bubble that makes it run in the Linux environment. At Christmas, the technique was used to bring a desktop Spotify to Linux for the first time.

    The important thing here is that Snaps, first launched in 2016, run on any Linux distro, not just Canonical's own Ubuntu. Named specifically were Linux Mint, Manjaro, Debian, ArchLinux, OpenSUSE and Solus. Not only that, they work across desktop, server, cloud and IoT.

Press Coverage About Wine 3.0

Filed under
Microsoft
Software
  • Windows apps on Linux: Wine 3.0 is out now with Direct3D 10, 11 support

    Wine 3.0 is now available to help you run Windows applications and games on Linux, macOS, and BSD systems.

    Wine -- or 'Wine is Not an Emulator' -- is a compatibility layer that implements the Windows API on top of Unix and Linux, to help you run Windows apps when needed.

    Currently, about 25,000 applications are compatible with Wine, with the most popular all being games, including Final Fantasy XI, Team Fortress 2, EVE, and StarCraft.

  • Wine 3.0 is here to run Windows software on your Linux box

    When people make the switch from Windows to Linux, they often experiment with Wine. If you aren’t familiar, it is a compatibility layer that can sometimes get Windows software to run on Linux and BSD. I say "sometimes" because it isn’t a flawless experience. In fact, it can be quite frustrating to use. I suggest using native Linux software as an alternative, but understandably, that isn’t always possible.

    If you depend on Wine, or want to start trying it out, I am happy to say that version 3.0 is finally available. It is quite the significant update too, as it features over 6,000 changes!

  • Have three WINEs this weekend, because WINE 3.0 has landed

    Version 3.0 of Wine Is Not an Emulator – aka WINE – has arrived, and offers all sorts of new emulation-on-Android possibilities.

    WINE lets users run Windows applications on Linux, MacOS, Solaris, and FreeBSD, plus other POSIX-compliant operating system. To do so it “translates Windows API calls into POSIX calls on-the-fly”, an arrangement its developers rate as more efficient than virtualization while “allowing you to cleanly integrate Windows applications into your desktop.”

  • Wine 3.0 Released To Run Windows Apps On Linux Efficiently — Download It Here

    Just recently, we told you that the support for Linux distros in VirtualBox is about to get a lot better with the release of Linux kernel 4.16. But, what if you wish to run Windows apps on your host Linux system? For that, Wine has got your back.

Wine 3.0

Filed under
Software
  • Wine 3.0 Released

    The Wine team is proud to announce that the stable release Wine 3.0 is now available.

  • Wine 3.0 Officially Released with Android Driver, Direct3D 11 and 10 Support

    The Wine (Wine Is Not an Emulator) project has been updated today to version 3.0, a major release that ends 2017 in style for the open-source compatibility layer capable of running Windows apps and games on Linux-based and UNIX-like operating systems.

    Almost a year in the works, Wine 3.0 comes with amazing new features like an Android driver that lets users run Windows apps and games on Android-powered machines, Direct3D 11 support enabled by default for AMD Radeon and Intel GPUs, AES encryption support on macOS, Progman DDE support, and a task scheduler.

  • Wine 3.0 Released With Initial Direct3D 11 Support, D3D Command Stream

    The Wine camp has officially released Wine 3.0 as their annual feature update to this program for running Windows games/applications on Linux and other operating systems.

  • The big Wine 3.0 release is now officially available

    Good things come to those who wait, like a fine Wine. Today the Wine team has officially release the next stable version Wine 3.0 [Official Site].

    After around a year of development during the 2.x cycle, Wine 3.0 brings in some major changes towards better game and application support for those of you wanting to run Windows-only stuff on Linux. It's nowhere near perfect, but it's a massive advancement for the Wine project and provides a good base for them to continue onwards.

Software: MenuLibre, Speech Recognition, "Just TODO It", Slack

Filed under
Software
  • MenuLibre 2.1.4 Released

    The wait is over. MenuLibre 2.1.4 is now available for public testing and translations! With well over 100 commits, numerous bug fixes, and a lot of polish, the best menu editing solution for Linux is ready for primetime.

  • Speech Recognition For Linux Gets A Little Closer

    t has become commonplace to yell out commands to a little box and have it answer you. However, voice input for the desktop has never really gone mainstream. This is particularly slow for Linux users whose options are shockingly limited, although decent speech support is baked into recent versions of Windows and OS X Yosemite and beyond.

    There are four well-known open speech recognition engines: CMU Sphinx, Julius, Kaldi, and the recent release of Mozilla’s DeepSpeech (part of their Common Voice initiative). The trick for Linux users is successfully setting them up and using them in applications. [Michael Sheldon] aims to fix that — at least for DeepSpeech. He’s created an IBus plugin that lets DeepSpeech work with nearly any X application. He’s also provided PPAs that should make it easy to install for Ubuntu or related distributions.

  • Announcing "Just TODO It"

    Recently, I wished to use a trivially-simple TODO-list application whilst working on a project. I had a look through what was available to me in the "GNOME Software" application and was surprised to find nothing suitable. In particular I just wanted to capture a list of actions that I could tick off; I didn't want anything more sophisticated than that (and indeed, more sophistication would mean a learning curve I couldn't afford at the time). I then remembered that I'd written one myself, twelve years ago. So I found the old code, dusted it off, made some small adjustments so it would work on modern systems and published it.

  • Linux users can now get Slack as a snap package

    Canonical has announced the general availability of the collaboration platform Slack, as a snap package. The move will allow Linux users to get setup with the platform and begin collaborating on their work more easily. Any Linux distribution with snap support can head over to the snapcraft website, download the package, and begin using it.

Software: VirtualBox, Dillinger, FBReader, KDE Discover

Filed under
Software
  • Here’s Why Running Linux Distros In VirtualBox Is About To Get Much Better

    With the help of hypervisors like Oracle VirtualBox, one can run operating systems within another pre-installed host operating system and try out the features. When it comes to Linux, the beginners are often advised to try out user-friendly Linux distros in a virtual machine before making the brave jump.

  • Dillinger – A Cloud-Enabled HTML5 Markdown Editor

    Our post today is about another Markdown editor – one that has been termed “the last Markdown editor you will ever use“, presumably because of its full-featured Markdown support and free accessibility.

    We told you about StackEdit the last time so today, we introduce to you, Dillinger.

    Dillinger is an AngularJS powered online HTML5 Markdown editor that is mobile ready, cloud-enabled, supports live preview and offline document storage.

  • FBReader – A Lightweight & Multi-Platform Ebook Reader

    FBReader is an open source multi-platform ebook reader with a minimalist UI and support for a wide range of ebook formats including etf, mobi, ePub, plain text, and HTML, among others.

    It is lightweight and customizable with options for users to choose their preferred fonts, dictionaries, bookmarks, page-turning animations, colors, etc.

    FBReader users have automatic access to a network of book libraries from which they can download and sync both free and paid ebooks to their devices. If you are in need of a modern, lightweight, and ever-improving ebook application for your Linux, Windows, Mac, or smartphone, we recommend you try out FBReader.

  • KDE's Discover Snap Support Is Maturing Too

    While KDE Discover's Flatpak support was declared "production ready", that isn't the only app sandboxing tech they are working on: their Ubuntu Snap support is also coming together nicely.

  • A Fistful of Ports Updates

    Here’s a list of KDE-related stuff (mostly official FreeBSD ports) the KDE-FreeBSD team handled recently. You could call it “a week in the life of some packagers”, packagers who are also otherwise busy with $work-work.

  •  

Software: Clay, Inkscape, VirtualBox, Thunderbird

Filed under
Software
  • New York magazine is making its CMS available open-source

    There’s a short history of publishers fancying themselves as technology companies and building a business selling their tech to other publishers. Publishers realized that building a whole new side business around licensing their tech is a headache and that they needed to focus on what they’re good at, and leave the tech to others.

    New York magazine is trying out a different approach. It built its own content management system (publishers like to give their homegrown CMSes cute names; this one is called Clay, for the magazine’s founder Clay Felker) in 2015 and then licensed the software to the online magazine Slate. Slate started using Clay a year ago and was set to fully migrate its site to Clay this week. But instead of New York charging Slate a licensing fee, Slate is paying New York in the form of code. The CMS is open-source, and developers from both titles contribute to it.

  • An introduction to Inkscape for absolute beginners

    Inkscape is a powerful, open source desktop application for creating two-dimensional scalable vector graphics. Although it's primarily an illustration tool, Inkscape is used for a wide range of computer graphic tasks.

    The variety of what can be done with Inkscape is vast and sometimes surprising. It is used to make diagrams, logos, programmatic marketing materials, web graphics, and even for paper scrapbooking. People also draw game sprites, produce banners, posters, and brochures. Others use Inkscape to draft web design mockups, detail layouts for printed circuit boards, or produce outline files to send to laser cutting equipment.

  • Linux Support in VirtualBox is about to get a LOT Better

    VirtualBox makes it easy to try Linux distros without replacing your current operating system or engaging in a game of reboot leap frog.

    But things are about to get even easier. Soon you won’t need to install the VirtualBox Guest Additions package to get a fully integrated Linux experience with your host OS.

  • Have You Taken the Thunderbird Redesign Survey?

    Monterail and Thunderbird are now working on the same team.

    Yes, that Monterail, the Poland-based development company whose stunning Thunderbird mock-up went viral last year, before becoming a real, working Thunderbird theme.

    “We got in touch with […] the Thunderbird core team to discuss possibilities. We wanted to establish how to enhance user retention and make Thunderbird more user-friendly for potential and current users. We also learned how Thunderbird is built which helped with planning iterations,” Monterail’s Krystian Polański explains in a new blog post on the company’s website.

Leftovers: Proprietary Software, HowTos, and GXml

Filed under
Software
OSS
HowTos

Applications: GIMP, Partclone, Samba, Tidal

Filed under
Software
  • 6 Cheap Alternatives to Adobe Photoshop

    Adobe Photoshop is easily the industry standard when it comes to graphic and photo editing. We don’t just edit a photo these days, but we ‘photoshop’ it—but ‘shopping things with the real deal isn’t cheap.

    Working on a subscription plan basis, it’ll cost you from $9.99 a month, depending on the package you select. Crucially, you’re renting the product—you’ll never actually own a Photoshop license.

    [...]

    For many years, GIMP has been touted as the ideal free alternative to Photoshop. There’s a good reason for that—it offers very similar functionality to Adobe’s behemoth.

    Providing many professional level features, it includes layers, customizable brushes, filters, and automatic image enhancement tools for those short on time. It further expands its potential through a huge number of plugins, thanks to its very active community. Effectively, it’s in constant development. New features are commonplace, while bugs are few and far between.

    The downside? There’s no native support for RAW files—a key component in photo editing—you have to install an additional plugin straight away for such functionality. Also, GIMP’s highly customizable interface can be intimidating for novice users. While Photoshop is instantly accessible, GIMP requires a little tweaking and manipulation to get things how you like them to look, although recent updates have made it look more like its main competition.

    It’s worth sticking with, of course, given it’s entirely free to use, but for the novice user, it might take a little time to gel.

  • Partclone – A Versatile Free Software for Partition Imaging and Cloning

    Partclone is a free and open-source tool for creating and cloning partition images brought to you by the developers of Clonezilla. In fact, Partclone is one of the tools that Clonezilla is based on.

    It provides users with the tools required to backup and restores used partition blocks along with high compatibility with several file systems thanks to its ability to use existing libraries like e2fslibs to read and write partitions e.g. ext2.

  • Samba 4.8 RC1 Released, Samba 4.9 In Development On Git

    The first release candidate of Samba 4.8 is now available for this popular open-source project implementing the SMB/CIFS protocols.

  • Listen to Tidal Music from the Command Line

    Tidal subscribers have a new way to listen to the high-fidelity music streaming service while using the Linux desktop. The Spotify rival touts better sound quality and bigger royalty cheques for artists, but it doesn’t provide a desktop Tidal music app for Linux.

Software: uGet, GNU/Linux Media Players, Opera 51

Filed under
Software
  • uGet 2.2.0 and uGet for Android 1.4.8 Now Available!

    After almost a year of development, we are excited to announce the immediate availability of the latest stable version of uGet, version 2.2.0 and the latest version of uGet for Android, version 1.4.8. These releases include a LOT of improvements such as bug fixes, maintenance improvements and many highly requested features like support for Downloading from YouTube.

  • 7 Best Open Source Linux Media Players You Need To Try In 2018

    Honestly speaking, I have started using media player software less often. That’s probably because of the online streaming boom in the last couple of years. It’s hard to remember the last time I slid a DVD into my computer. Most of the time, I find myself binge-watching TV shows on Prime Video (it even has a free trial in India), or some random stuff on YouTube.

  • Opera 51 Browser Enters Beta with Support for AppleScript and Many New Features

    The upcoming Opera 51 web browser was promoted on Thursday to the beta channel, giving users a more in-depth look at what to expect from the final release, which will be available next month.

Wine 3.0 RC6

Filed under
Software
  • Wine Announcement

    The Wine development release 3.0-rc6 is now available.

  • Wine continues to mature with Wine 3.0 RC6

    The big Wine 3.0 is inching ever closer with the release of the sixth release candidate today with bug fixes.

    Since Wine is currently in a code-freeze, no new features are being pulled in so they can make the 3.0 release as stable as possible, which means it's not too exciting. Still, every software needs to go through a period of stability to ensure a solid foundation to continue improving features.

  • Wine 3.0-RC6 Released While Wine 3.0.0 Should Be Near

    The sixth weekly release candidate of the upcoming Wine 3.0 is now available for testing.

    Being into the code freeze since the beginning of December, Wine 3.0-RC6 just continues the bug-fixing train. Wine 3.0-RC6 has a total of 14 known fixes ranging from Valgrind memory fixes to a Powerpoint 2017/2010 slideshow problem.

Syndicate content

More in Tux Machines

KDE: Linux and Qt in Automotive, KDE Discover, Plasma5 18.01 in Slackware

  • Linux and Qt in Automotive? Let’s meet up!
    For anyone around the Gothenburg area on Feb 1st, you are most welcome to the Automotive MeetUp held at the Pelagicore and Luxoft offices. There will be talks about Qt/QML, our embedded Linux platform PELUX and some ramblings about open source in automotive by yours truly ;-)
  • What about AppImage?
    I see a lot of people asking about state of AppImage support in Discover. It’s non-existent, because AppImage does not require centralized software management interfaces like Discover and GNOME Software (or a command-line package manager). AppImage bundles are totally self-contained, and come straight from the developer with zero middlemen, and can be managed on the filesystem using your file manager This should sound awfully familiar to former Mac users (like myself), because Mac App bundles are totally self-contained, come straight from the developer with zero middlemen, and are managed using the Finder file manager.
  • What’s new for January? Plasma5 18.01, and more
    When I sat down to write a new post I noticed that I had not written a single post since the previous Plasma 5 announcement. Well, I guess the past month was a busy one. Also I bought a new e-reader (the Kobo Aura H2O 2nd edition) to replace my ageing Sony PRS-T1. That made me spend a lot of time just reading books and enjoying a proper back-lit E-ink screen. What I read? The War of the Flowers by Tad Williams, A Shadow all of Light by Fred Chappell, Persepolis Rising and several of the short stories (Drive, The Butcher of Anderson Station, The Churn and Strange Dogs) by James SA Corey and finally Red Sister by Mark Lawrence. All very much worth your time.

GNU/Linux: Live Patching, Gravity of Kubernetes, Welcome to 2018

  • How Live Patching Has Improved Xen Virtualization
    The open-source Xen virtualization hypervisor is widely deployed by enterprises and cloud providers alike, which benefit from the continuous innovation that the project delivers. In a video interview with ServerWatch, Lars Kurth, Chairman of the Xen Project Advisory Board and Director, Open Source Solutions at Citrix, details some of the recent additions to Xen and how they are helping move the project forward.
  • The Gravity of Kubernetes
    Most new internet businesses started in the foreseeable future will leverage Kubernetes (whether they realize it or not). Many old applications are migrating to Kubernetes too. Before Kubernetes, there was no standardization around a specific distributed systems platform. Just like Linux became the standard server-side operating system for a single node, Kubernetes has become the standard way to orchestrate all of the nodes in your application. With Kubernetes, distributed systems tools can have network effects. Every time someone builds a new tool for Kubernetes, it makes all the other tools better. And it further cements Kubernetes as the standard.
  • Welcome to 2018
    The image of the technology industry as a whole suffered in 2017, and that process is likely to continue this year as well. That should lead to an increased level of introspection that will certainly affect the free-software community. Many of us got into free software to, among other things, make the world a better place. It is not at all clear that all of our activities are doing that, or what we should do to change that situation. Expect a lively conversation on how our projects should be run and what they should be trying to achieve. Some of that introspection will certainly carry into projects related to machine learning and similar topics. There will be more interesting AI-related free software in 2018, but it may not all be beneficial. How well will the world be served, for example, by a highly capable, free facial-recognition system and associated global database? Our community will be no more effective than anybody else at limiting progress of potentially freedom-reducing technologies, but we should try harder to ensure that our technologies promote and support freedom to the greatest extent possible. Our 2017 predictions missed the fact that an increasing number of security problems are being found at the hardware level. We'll not make the same mistake in 2018. Much of what we think of as "hardware" has a great deal of software built into it — highly proprietary software that runs at the highest privilege levels and which is not subject to third-party review. Of course that software has bugs and security issues of its own; it couldn't really be any other way. We will see more of those issues in 2018, and many of them are likely to prove difficult to fix.

Linux Kernel Development

  • New Sound Drivers Coming In Linux 4.16 Kernel
    Due to longtime SUSE developer Takashi Iwai going on holiday the next few weeks, he has already sent in the sound driver feature updates targeting the upcoming Linux 4.16 kernel cycle. The sound subsystem in Linux 4.16 sees continued changes to the ASoC code, clean-ups to the existing drivers, and a number of new drivers.
  • Varlink: a protocol for IPC
    One of the motivations behind projects like kdbus and bus1, both of which have fallen short of mainline inclusion, is to have an interprocess communication (IPC) mechanism available early in the boot process. The D-Bus IPC mechanism has a daemon that cannot be started until filesystems are mounted and the like, but what if the early boot process wants to perform IPC? A new project, varlink, was recently announced; it aims to provide IPC from early boot onward, though it does not really address the longtime D-Bus performance complaints that also served as motivation for kdbus and bus1. The announcement came from Harald Hoyer, but he credited Kay Sievers and Lars Karlitski with much of the work. At its core, varlink is simply a JSON-based protocol that can be used to exchange messages over any connection-oriented transport. No kernel "special sauce" (such as kdbus or bus1) is needed to support it as TCP or Unix-domain sockets will provide the necessary functionality. The messages can be used as a kind of remote procedure call (RPC) using an API defined in an interface file.
  • Statistics for the 4.15 kernel
    The 4.15 kernel is likely to require a relatively long development cycle as a result of the post-rc5 merge of the kernel page-table isolation patches. That said, it should be in something close to its final form, modulo some inevitable bug fixes. The development statistics for this kernel release look fairly normal, but they do reveal an unexpectedly busy cycle overall. This development cycle was supposed to be relatively calm after the anticipated rush to get work into the 4.14 long-term-support release. But, while 4.14 ended up with 13,452 non-merge changesets at release, 4.15-rc6 already has 14,226, making it one of the busiest releases in the kernel project's history. Only 4.9 (16,214 changesets) and 4.12 (14,570) brought in more work, and 4.15 may exceed 4.12 by the time it is finished. So far, 1,707 developers have contributed to this kernel; they added 725,000 lines of code while removing 407,000, for a net growth of 318,000 lines of code.
  • A new kernel polling interface
    Polling a set of file descriptors to see which ones can perform I/O without blocking is a useful thing to do — so useful that the kernel provides three different system calls (select(), poll(), and epoll_wait() — plus some variants) to perform it. But sometimes three is not enough; there is now a proposal circulating for a fourth kernel polling interface. As is usually the case, the motivation for this change is performance. On January 4, Christoph Hellwig posted a new polling API based on the asynchronous I/O (AIO) mechanism. This may come as a surprise to some, since AIO is not the most loved of kernel interfaces and it tends not to get a lot of attention. AIO allows for the submission of I/O operations without waiting for their completion; that waiting can be done at some other time if need be. The kernel has had AIO support since the 2.5 days, but it has always been somewhat incomplete. Direct file I/O (the original use case) works well, as does network I/O. Many other types of I/O are not supported for asynchronous use, though; attempts to use the AIO interface with them will yield synchronous behavior. In a sense, polling is a natural addition to AIO; the whole point of polling is usually to avoid waiting for operations to complete.

Security: OpenSSL, IoT, and LWN Coverage of 'Intelpocalypse'

  • Another Face to Face: Email Changes and Crypto Policy
    The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended. One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
  • Some Basic Rules for Securing Your IoT Stuff

    Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked [sic] IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

  • A look at the handling of Meltdown and Spectre
    The Meltdown/Spectre debacle has, deservedly, reached the mainstream press and, likely, most of the public that has even a remote interest in computers and security. It only took a day or so from the accelerated disclosure date of January 3—it was originally scheduled for January 9—before the bugs were making big headlines. But Spectre has been known for at least six months and Meltdown for nearly as long—at least to some in the industry. Others that were affected were completely blindsided by the announcements and have joined the scramble to mitigate these hardware bugs before they bite users. Whatever else can be said about Meltdown and Spectre, the handling (or, in truth, mishandling) of this whole incident has been a horrific failure. For those just tuning in, Meltdown and Spectre are two types of hardware bugs that affect most modern CPUs. They allow attackers to cause the CPU to do speculative execution of code, while timing memory accesses to deduce what has or has not been cached, to disclose the contents of memory. These disclosures can span various security boundaries such as between user space and the kernel or between guest operating systems running in virtual machines. For more information, see the LWN article on the flaws and the blog post by Raspberry Pi founder Eben Upton that well describes modern CPU architectures and speculative execution to explain why the Raspberry Pi is not affected.
  • Addressing Meltdown and Spectre in the kernel
    When the Meltdown and Spectre vulnerabilities were disclosed on January 3, attention quickly turned to mitigations. There was already a clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but the defenses against the two Spectre variants had not been developed in public and still do not exist in the mainline kernel. Initial versions of proposed defenses have now been disclosed. The resulting picture shows what has been done to fend off Spectre-based attacks in the near future, but the situation remains chaotic, to put it lightly. First, a couple of notes with regard to Meltdown. KPTI has been merged for the 4.15 release, followed by a steady trickle of fixes that is undoubtedly not yet finished. The X86_BUG_CPU_INSECURE processor bit is being renamed to X86_BUG_CPU_MELTDOWN now that the details are public; there will be bug flags for the other two variants added in the near future. 4.9.75 and 4.4.110 have been released with their own KPTI variants. The older kernels do not have mainline KPTI, though; instead, they have a backport of the older KAISER patches that more closely matches what distributors shipped. Those backports have not fully stabilized yet either. KPTI patches for ARM are circulating, but have not yet been merged.
  • Is it time for open processors?
    The disclosure of the Meltdown and Spectre vulnerabilities has brought a new level of attention to the security bugs that can lurk at the hardware level. Massive amounts of work have gone into improving the (still poor) security of our software, but all of that is in vain if the hardware gives away the game. The CPUs that we run in our systems are highly proprietary and have been shown to contain unpleasant surprises (the Intel management engine, for example). It is thus natural to wonder whether it is time to make a move to open-source hardware, much like we have done with our software. Such a move may well be possible, and it would certainly offer some benefits, but it would be no panacea. Given the complexity of modern CPUs and the fierceness of the market in which they are sold, it might be surprising to think that they could be developed in an open manner. But there are serious initiatives working in this area; the idea of an open CPU design is not pure fantasy. A quick look around turns up several efforts; the following list is necessarily incomplete.
  • Notes from the Intelpocalypse
    Rumors of an undisclosed CPU security issue have been circulating since before LWN first covered the kernel page-table isolation patch set in November 2017. Now, finally, the information is out — and the problem is even worse than had been expected. Read on for a summary of these issues and what has to be done to respond to them in the kernel. All three disclosed vulnerabilities take advantage of the CPU's speculative execution mechanism. In a simple view, a CPU is a deterministic machine executing a set of instructions in sequence in a predictable manner. Real-world CPUs are more complex, and that complexity has opened the door to some unpleasant attacks. A CPU is typically working on the execution of multiple instructions at once, for performance reasons. Executing instructions in parallel allows the processor to keep more of its subunits busy at once, which speeds things up. But parallel execution is also driven by the slowness of access to main memory. A cache miss requiring a fetch from RAM can stall the execution of an instruction for hundreds of processor cycles, with a clear impact on performance. To minimize the amount of time it spends waiting for data, the CPU will, to the extent it can, execute instructions after the stalled one, essentially reordering the code in the program. That reordering is often invisible, but it occasionally leads to the sort of fun that caused Documentation/memory-barriers.txt to be written.