Language Selection

English French German Italian Portuguese Spanish

Login

Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Linux and Linux Foundation: Rust, Windows, SystemD and More

  • Linux Developers May Discuss Allowing Rust Code Within The Kernel

    A Google engineer is looking to discuss at this year's Linux Plumbers Conference the possibility of allowing in-tree Rust language support. Nick Desaulniers of Google, who is known for his work on LLVM Clang'ing the Linux kernel and related efforts, is wanting to bring up the matter of in-tree Rust support for the kernel. The extent though of allowing Rust within the kernel isn't clear yet but would likely be very limited.

  • Emulating Windows system calls in Linux

    The idea of handling system calls differently depending on the origin of each call in the process's address space is not entirely new. OpenBSD, for example, disallows system calls entirely if they are not made from the system's C library as a security-enhancing mechanism. At the end of May, Gabriel Krisman Bertazi proposed a similar mechanism for Linux, but the objective was not security at all; instead, he is working to make Windows games run better under Wine. That involves detecting and emulating Windows system calls; this can be done through origin-based filtering, but that may not be the solution that is merged in the end. To run with any speed at all, Wine must run Windows code directly on the CPU to the greatest extent possible. That must end, though, once the Windows program makes a system call; trapping into the Linux kernel with the intent of making a Windows system call is highly unlikely to lead to good results. Traditionally, Wine has handled this by supplying its own version of the user-space Windows API that implemented the required functionality using Linux system calls. As explained in the patch posting, though, Windows applications are increasingly executing system calls directly rather than going through the API; that makes Wine unable to intercept them. The good news is that Linux provides the ability to intercept system calls in the form of seccomp(). The bad news is that this mechanism, as found in current kernels, is not suited to the task of intercepting only system calls made from Windows code running within a larger process. Intercepting every system call would slow things down considerably, an effect that tends to make gamers particularly cranky. Tracking which parts of a process's address space make Linux system calls and which make Windows calls within the (classic) BPF programs used by seccomp() would be awkward at best and, once again, would be slow. So it seems that a new mechanism is called for. The patch set adds a new memory-protection bit for mmap() called PROT_NOSYSCALL which, by default, does not change the kernel's behavior. If, however, a given process has turned on the new SECCOMP_MODE_MMAP mode in seccomp(), any system calls made from memory regions marked with PROT_NOSYSCALL will be trapped; the handler code can then emulate the attempted system call.

  • systemd 246-RC1 Released

    With this being the first systemd release since March, there is a lot in store for the v246 milestone. There are many systemd 246 features including new unit settings, the service manager has support for the cgroup v2 freezer, the CPU affinity setting now supports a NUMA value, systemd.hostname= can be used for setting the hostname from the kernel command line during early boot, hardware database updates, systemd-journald now supports Zstd compression, numerous networkd additions, systemd-cryptsetup now supports activating Microsoft BitLocker volumes during boot, systemd-homed improvements, the new systemd-xdg-autostart-generator, and much more. Just yesterday was one of the latest additions of exposing host OS information to containers.

  • Intel Gen12/Xe Graphics Have AV1 Accelerated Decode - Linux Support Lands

    On top of Intel Gen12/Xe Graphics bringing other media engine improvements and much better 3D graphics support, another exciting element of the next-generation Intel graphics is now confirmed: GPU-accelerated AV1 video decoding! There has been talk of Gen12/Xe supporting AV1 at least on the decode side but a lack of hard information to date. But landing this week in Intel's Media Driver for Linux is indeed AV1 decode wired up for Gen12. This is nice to see happen and a bit of a surprise as so far the Intel Media Driver support matrix has lacked any references to AV1.

  • Four years of Zephyr

    The Zephyr project is an effort to provide an open-source realtime operating system (RTOS) that is designed to bridge the gap between full-featured operating systems like Linux and bare-metal development environments. It's been over four years since Zephyr was publicly announced and discussed here (apparently to a bit of puzzlement). In this article, we give an update on the project and its community as of its v2.3.0 release in June 2020; we also make some guesses about its near future. The authors are both Zephyr developers working for Nordic Semiconductor; Cufí was the release manager for the v2.3.0 release. [...] The Zephyr kernel supports multiple architectures and scheduling algorithms. There are cooperative and preemptive threads, along with facilities for reducing interrupt latencies and guaranteeing the execution of key threads. An optional user mode can use the Memory Protection Units (MPUs) typically present in microcontrollers to isolate and sandbox threads or groups of threads from one another and the kernel. Zephyr supports six major architectures (x86, Arm, ARC, NIOS II, Xtensa, and RISC-V) and also runs in emulation. Both 32- and 64-bit processor support exists for some architectures. Within the Arm architecture, the emphasis has been on the usual 32-bit Cortex-M cores, but experimental support for Cortex-R and Cortex-A (including 64-bit Cortex-A) exists and continues to improve. Beyond "real hardware," Zephyr runs on QEMU, and as an ELF executable. It supports a simulated radio, which can save time and expense when testing and debugging radio frequency (RF) issues. In all, there are upstream support files for over 200 "boards". Zephyr has logging and shell subsystems. These have configurable transports, including traditional serial ports (for both) and over the network (for logging). Logging is optionally asynchronous; in this case, a separate thread actually sends log messages. The logging calls themselves post compact messages to a queue, which can be done quickly, so logging can be done even from within interrupt context. Hardware-specific APIs are built around a lightweight device driver model that is tightly integrated with the kernel. It supports a wide range of peripherals and sensors under this common model. Multiple storage options are available. These range from basic key-value storage optimized for NOR flash to filesystems.

Mozilla Leftovers and Firefox Development

  • Browser Wish List - Tab Splitting for Contextual Reading

    On Desktop, I'm very often in a situation where I want to read a long article in a browser tab with a certain number of hypertext links. The number of actions I have to do to properly read the text is tedious. It's prone to errors, requires a bit of preparation and has a lot of manual actions.

  • Mozilla Privacy Blog: Laws designed to protect online security should not undermine it

    Mozilla, Atlassian, and Shopify yesterday filed a friend-of-the-court brief in Van Buren v. U.S. asking the U.S. Supreme Court to consider implications of the Computer Fraud and Abuse Act for online security and privacy. Mozilla’s involvement in this case comes from our interest in making sure that the law doesn’t stand in the way of effective online security. The Computer Fraud and Abuse Act (CFAA) was passed as a tool to combat online hacking through civil and criminal liability. However, over the years various federal circuit courts have interpreted the law so broadly as to threaten important practices for managing computer security used by Mozilla and many others. Contrary to the purpose of the statute, the lower court’s decision in this case would take a law meant to increase security and interpret it in a way that undermines that goal.

  • Changes to storage.sync in Firefox 79

    Firefox 79, which will be released on July 28, includes changes to the storage.sync area. Items that extensions store in this area are automatically synced to all devices signed in to the same Firefox Account, similar to how Firefox Sync handles bookmarks and passwords. The storage.sync area has been ported to a new Rust-based implementation, allowing extension storage to share the same infrastructure and backend used by Firefox Sync. Extension data that had been stored locally in existing profiles will automatically migrate the first time an installed extension tries to access storage.sync data in Firefox 79. After the migration, the data will be stored locally in a new storage-sync2.sqlite file in the profile directory.

  • SpiderMonkey Newsletter 5 (Firefox 78-79)

    SpiderMonkey is the JavaScript engine used in Mozilla Firefox. This newsletter gives an overview of the JavaScript and WebAssembly work we’ve done as part of the Firefox 78 and 79 Nightly release cycles. If you like these newsletters, you may also enjoy Yulia’s weekly Compiler Compiler live stream, a guided tour of what it is like to work on SpiderMonkey and improve spec compliance.

  • Testing Firefox more efficiently with machine learning

    At Mozilla we have around 50,000 unique test files. Each contain many test functions. These tests need to run on all our supported platforms (Windows, Mac, Linux, Android) against a variety of build configurations (PGO, debug, ASan, etc.), with a range of runtime parameters (site isolation, WebRender, multi-process, etc.). While we don’t test against every possible combination of the above, there are still over 90 unique configurations that we do test against. In other words, for each change that developers push to the repository, we could potentially run all 50k tests 90 different times. On an average work day we see nearly 300 pushes (including our testing branch). If we simply ran every test on every configuration on every push, we’d run approximately 1.35 billion test files per day! While we do throw money at this problem to some extent, as an independent non-profit organization, our budget is finite. So how do we keep our CI load manageable? First, we recognize that some of those ninety unique configurations are more important than others. Many of the less important ones only run a small subset of the tests, or only run on a handful of pushes per day, or both. Second, in the case of our testing branch, we rely on our developers to specify which configurations and tests are most relevant to their changes. Third, we use an integration branch. [...] The early results of this project have been very promising. Compared to our previous solution, we’ve reduced the number of test tasks on our integration branch by 70%! Compared to a CI system with no test selection, by almost 99%! We’ve also seen pretty fast adoption of our mach try auto tool, suggesting a usability improvement (since developers no longer need to think about what to select). But there is still a long way to go! We need to improve the model’s ability to select configurations and default to that. Our regression detection heuristics and the quality of our dataset needs to improve. We have yet to implement usability and stability fixes to mach try auto. And while we can’t make any promises, we’d love to package the model and service up in a way that is useful to organizations outside of Mozilla. Currently, this effort is part of a larger project that contains other machine learning infrastructure originally created to help manage Mozilla’s Bugzilla instance.

  • Async Interview #8: Stjepan Glavina

    Several months ago, on May 1st, I spoke to Stjepan Glavina about his (at the time) new crate, smol. Stjepan is, or ought to be, a pretty well-known figure in the Rust universe. He is one of the primary authors of the various crossbeam crates, which provide core parallel building blocks that are both efficient and very ergonomic to use. He was one of the initial designers for the async-std runtime.

  • Missing structure in technical discussions

    People are amazing creatures. When discussing a complex issue, they are able to keep multiple independent arguments in their heads, the pieces of supporting and disproving evidence, and can collapse this system into a concrete solution.

  • Thank you, Julie Hanna

    Over the last three plus years, Julie Hanna has brought extensive experience on innovation processes, global business operations, and mission-driven organizations to her role as a board member of Mozilla Corporation. We have deeply appreciated her contributions to Mozilla throughout this period, and thank her for her time and her work with the board. [...] We look forward to continuing to see her play a key role in shaping and evolving purpose-driven technology companies across industries.

Why Windows Power Users Break Linux

As more people come to Linux, those of us who help the Windows refugees make the switch will need to be very patient with them. The more someone knows about Windows, the more likely it is that they will break Linux. Handing them a Linux laptop and saying, “Here ya go…” is not enough if they are going to succeed. You’re going to have to hold their hand for a while and telling them to “RTFM” will just drive them back to Windows. Understanding why they struggle as much as they do will help you to help them avoid some of the common pitfalls. I specialize in helping people get started with Linux. I’ve helped hundreds of people over the last few years and I can pretty much spot the ones who are going to do well and those who are going to be frustrated. If a client approaches me and they start the conversation with “I’ve been using Windows for 20 years…” I know it’s going to be a bumpy ride. The pattern is always the same: I walk them through an install and all is well for about two weeks and then I get a frustrated message from them about how Linux is stupid and doesn’t work. I know without asking that they’ve broken something major or borked up the whole system. I usually can fix the problem and make a good lesson out of it for them. I have gone so far as to walk them through a second installation from scratch. If the system is totally hosed, that’s the best way to go. Give them a clean slate to work with and hope they learned something. On the other hand, if a client tells me that they know nothing about computers but they need one to get things done like writing documents, spreadsheets, web surfing and email then they usually have zero issues. I get them setup and I don’t hear from them again. I usually contact then after a month or two and they invariably tell me everything is working perfectly. I got a call from a gentleman I hadn’t heard from in a year and a half recently. He said everything was working nicely but he wanted some advice about upgrading his Linux Mint from 17.3 to 18.1 and could I help him get it right. No problem. Wonderful to hear that all is well! Read more

IBM/Red Hat/Fedora Leftovers

  • Making compliance scalable in a container world

    Software is increasingly being distributed as container images. Container images include the many software components needed to support the featured software in the container. Thus, distribution of a container image involves distribution of many software components, which typically include GPL-licensed components. We can't expect every company that distributes container images to become an open source compliance expert, so we need to build compliance into container technology. [...] Package maintainers and package management tools have played an underappreciated role in source availability for over two decades. The focused nature of a package, the role of a package maintainer, and the tooling that has been built to support package management systems results in the expectation that someone (the package maintainer) will take responsibility for seeing that the sources are available. Tools that build binaries also collect the corresponding sources into an archive that can be delivered alongside the binaries. The result is that most people don't need to think about source code availability. The sources are available in the same unit as the delivery of the executable software and via the same distribution mechanism; for software delivered as an RPM, the corresponding source is available in a source RPM. In contrast, there is no convention for providing the source code that corresponds to a container image. The many software components in a container image often include GPL-licensed software. Companies that may not have much experience with distribution of FOSS software may begin distributing GPL-licensed software when they start offering their software in the form of container images. Let's make it straightforward for everyone, including companies who may be new to FOSS, to provide source code in a consistent way.

  • Relive summer of OSCON: Fight COVID-19 with Node-RED and Call for Code

    The first round of the Summer of OSCON may be over, but you can still answer the Call for Code and explore how you can use Node-RED and other open source technologies to create solutions that fight COVID-19. Join IBMer John Walicki in a replay of his OSCON live-coding session. He shows you how to use Node-RED and APIs from the Weather Channel related to Covid-19 to quickly build out a tracking application.

  • Behavior is easy, state is hard: Tame inconsistent state in your Java code

    DevNation Tech Talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions plus code and sample projects to help you get started. In this talk, you’ll learn the root cause of common inconsistent state-related bugs in your production Java code—and how to solve them—from Edson Yanaga and Burr Sutter. NullPointerException on a field that was never supposed to be null? A negative value on an “always positive” field? Ever wondered why these bugs happen? You’re not alone. Watch this session to learn the root cause of these common bugs in production Java code, and how to solve them by applying some interesting techniques in your business code.

  • Culture of Innovation: Using AI to Solve Problems at Red Hat

    Red Hat is continually innovating and part of that innovation includes researching and striving to solve the problems our customers face. That innovation is driven in part through the Office of the CTO and includes Red Hat OpenShift, Red Hat OpenShift Container Storage and use cases such as the Open Hybrid Cloud, Artificial Intelligence and Machine Learning. We recently interviewed Michael Clifford, Data Scientist in the office of the CTO, here at Red Hat about these very topics.

  • Fedora documentation is now multilingual

    The Fedora project documentation website provides a lot of end-users content. All of this content is now translateable, providing a powerful tool for our multilingual communication. Writers will continue to work as usual. The publishing tools automatically convert content and push it to the translation platform. Then, translated content is automatically published.

  • PHP version 7.2.32, 7.3.20 and 7.4.8

    RPMs of PHP version 7.4.8 are available in remi repository for Fedora 32 and remi-php74 repository for Fedora 30-31 and Enterprise Linux ≥ 7 (RHEL, CentOS). RPMs of PHP version 7.3.20 are available in remi repository for Fedora 30-31 and remi-php73 repository for Enterprise Linux ≥ 6 (RHEL, CentOS). RPMs of PHP version 7.2.32 are available in remi-php72 repository for Enterprise Linux ≥ 6 (RHEL, CentOS).

  • Stirring things up for Fedora 33

    The next release of the Fedora distribution — Fedora 33 — is currently scheduled for the end of October. Fedora's nature as a fast-moving distribution ensures that each release will contain a number of attention-getting changes, but Fedora 33 is starting to look like it may be a bit more volatile than its immediate predecessors. Several relatively controversial changes are currently under discussion on the project's mailing lists; read on for a summary.