Language Selection

English French German Italian Portuguese Spanish

Linux Foundation, Linux Kernel, FUD, and LWN Articles (Paywall Lapsed Today)

Filed under
Linux
  • EdgeX Foundry Hits Major Milestone with 5 Million+ Container Downloads and a New Release that Simplifies Deployment for AI, Data Analytics and Digital Transformation

    EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for IoT edge computing independent of connectivity protocol, hardware, operating system, applications or cloud, today announced a major milestone of hitting 5 million container downloads and the availability of its “Geneva” release. This release offers more robust security, optimized analytics, and secure connectivity for multiple devices.

    “EdgeX Foundry is committed to developing an open IoT platform for edge-related applications and shows no signs of slowing down the momentum,” said Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation. “As one of the Stage 3 projects under LF Edge, EdgeX Foundry is a clear example of how member collaboration and diversity are the keys to creating an interoperable open source framework across IoT, Enterprise, Cloud and Telco Edge.”

  • Check Point fixes a 20-year-old Linux security issue

    For around two decades now, hackers have exploited the design of the memory management system used by Linux programs in order to take control of a target's computer.

    Now though researchers at Check Point have introduced a new security mechanism for Linux users called 'safe-linking' which means attackers will need more than one vulnerability in order to take over the program.

  • Check Point released an open-source fix for common Linux memory corruption security hole
  • Intel Volleys New Sandy Bridge CPU Microcode

    For reasons currently unknown, Intel released new CPU microcode on Wednesday for their Sandy Bridge processors.

    Intel released the 20200520 CPU Microcode Update and it only consists of Sandy Bridge family updates. This is a bit strange with Sandy Bridge being nine years old and other Intel CPU families not seeing similar microcode updates this week.

  • Intel Sends Out Patches Bringing Up The "DG1" Graphics Card Under Linux

    For months now Intel's open-source driver developers have been working on the "Gen12" graphics support needed most notably for Tiger Lake and more recently is also confirmed for Rocket Lake. But Gen12 is also needed for the highly anticipated Xe Graphics with the discrete graphics offerings to come in the months ahead by Intel. Building off the existing Gen12 graphics driver code, Intel today published the first DG1 patches for enabling their first discrete graphics card under Linux.

  • Completing and merging core scheduling

    Core scheduling is a proposed modification to the kernel's CPU scheduler that allows system administrators to control which processes can be running simultaneously on the same processor core. It was originally proposed as a security mechanism, but other use cases have shown up over time as well. At the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), a group of some 50 developers gathered online to discuss the current state of the core-scheduling patches and what is needed to get them into the mainline kernel.

    [...]

    One open area, Pillai said, was in the area of load balancing, which doesn't currently work well with core scheduling. This could perhaps be improved by selecting a single run queue to hold the shared information needed for core scheduling. When a scheduling event happens, the highest-priority task would be chosen as usual. Then any sibling processors can be populated with matching tasks from across the system, should any exist.

    Core scheduling currently uses CPU control groups for grouping; there is a cpu.tag field that can be set to assign a "cookie" identifying the scheduling group a task belongs to. This was done for a quick and easy implementation, he said, and need not be how things will work in the end. There is a red-black tree in each run queue, ordered by cookie value, that is used to select tasks for sibling processors.

    The patch series is up to version 5, which includes some load-balancing improvements. Earlier versions did not understand load balancing at all, so if a task was migrated to a CPU running (incompatible) tagged tasks, it could end up being starved for CPU time. A sixth revision is coming soon, he said.

    One challenge that has to be dealt with is comparing the priority of tasks across siblings. Within a run queue, a task's vruntime value is used to determine whether it should run next. This value is a sort of virtual run time, indicating how much CPU time the task has received relative to others (though it is scaled by the process priority and adjusted in various other ways), but this value is specific to each run queue. A vruntime in one run queue cannot be directly compared to a vruntime in another queue.

  • O_MAYEXEC — explicitly opening files for execution

    Normally, when a kernel developer shows up with a proposed option that doesn't do anything, a skeptical response can be expected. But there are exceptions. Mickaël Salaün is proposing the addition of a new flag (O_MAYEXEC) for the openat2() system call that, by default, will change nothing. But it does open a path toward tighter security in some situations.

    Executing a file on a Unix-like system requires that said file have an applicable execute-permission bit set. The file must also not reside on a filesystem that has been mounted with the noexec option. These checks can prevent the execution of unwanted code on a tightly controlled system, but there is a significant hole in this protection: interpreters that will happily read and execute code found in a file. If a file contains Perl code, for example, it cannot be executed by typing its name if it fails either of the above two tests. If an attacker is able to pass that file as a parameter to a perl -e command, though, its contents will still be executed.

    The new O_MAYEXEC flag is a way for language interpreters (or other programs, such as dynamic linkers, that execute code) to indicate to the kernel that a file is being opened with the intent of executing its contents. This flag is totally ignored by open() which, because it never checked for invalid flags, is difficult to extend in general. The newer openat2() system call, instead, does fail when unknown flags are passed to it; it has been extended to recognize O_MAYEXEC. But, by default, nothing will change if that flag is present.

  • Blocking userfaultfd() kernel-fault handling

    The userfaultfd() system call is a bit of a strange beast; it allows user space to take responsibility for the handling of page faults, which is normally a quintessential kernel task. It is thus perhaps not surprising that it has turned out to have some utility for those who would attack the kernel's security as well. A recent patch set from Daniel Colascione is small, but it makes a significant change that can help block at least one sort of attack using userfaultfd().
    A call to userfaultfd() returns a file descriptor that can be used for control over memory management. By making a set of ioctl() calls, a user-space process can take responsibility for handling page faults in specific ranges of its address space. Thereafter, a page fault within that range will generate an event that can be read from the file descriptor; the process can read the event and take whatever action is necessary to resolve the fault. It should then write a response describing that resolution to the same file descriptor, after which the faulting code will resume execution.

    This facility is normally intended to be used within a multi-threaded process, where one thread takes on the fault-handling task. There are a number of use cases for userfaultfd(); one of the original cases was handling live migration of a process from one machine to another. The process can be moved and restarted on the new system while leaving most of its memory behind; the pages it needs immediately can then be demand-faulted across the net, driven by userfaultfd() events. The result is less downtime while the process is being moved.

    Since the kernel waits for a response from the user-space handler to resolve a fault, page faults can cause an indefinite delay in the execution of the affected process. That is always the case, of course; for example, a process generating a fault on memory backed by a file somewhere else on the network will come to an immediate halt for an unknown period of time. There is a difference with userfaultfd(), though: the time it takes to resolve the fault is under the process's direct control.

  • Private loop devices with loopfs

    A loop device is a kernel abstraction that allows a file to be presented as if it were a physical block device. The typical use for a loop device is to mount a filesystem image stored in a file. Loop devices are global and shared between users, which causes a number of problems for container workloads where the instances are expected to be isolated from each other. Christian Brauner has been working on this problem; he has posted a patch set solving it by adding a small virtual filesystem called loopfs.

    Loop devices typically appear under /dev with names like /dev/loopN. The special /dev/loop-control file can be used to create and destroy loop devices or to find the first available loop device. Associating a file with a specific device, or setting other parameters like offsets or block sizes, is done with ioctl() calls on the device itself. The loop(4) man page has the details on how it all works.

EdgeX Foundry Hits 5 Million+ Container Downloads

  • EdgeX Foundry Hits 5 Million+ Container Downloads

    EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation, has announced a major milestone of hitting 5 million container downloads and the availability of its “Geneva” release.

    [...]

    Keith Steele, EdgeX Foundry Chair of the Technical Steering Committee, added: “With at least 50% of data being stored, processed and analyzed at the edge we need an open, cloud-native edge ecosystem enabled by EdgeX to minimize reinvention and facilitate building and deploying distributed, interoperable applications from the edge to the cloud. In 3 short years, EdgeX has achieved incredible global momentum and is now being designed into IOT systems and product roadmaps.”

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Trim Video Clips on Linux Fast with This New GTK App

I won’t pretend that it’s difficult to trim video on Linux because, honestly, it isn’t; a plethora of ace apps designed to make basic cuts and simple edits exist (with Qt-based VidCutter and the best known). But if you’re a GNOME user you might be on the hunt for something that feels and functions a bit more like the rest of your apps. If so, then there’s a new option worth looking in to. The succinctly titled ‘Video Trimmer’ is a new(ish) addition to the roster of video trimming apps for Linux and it’s incredibly simple to use. Read more

ScreenKey Shows Keyboard Presses on Screen in Ubuntu

Mac and Windows screencasters have access to a wide array of apps designed specifically to display key presses on screen as they are typed with macOS tool Screenflick perhaps the best known. But for Ubuntu? You’ll want to try Screenkey. Screenkey is a free, open-source alternative to Screenflick designed for use on Linux desktops, like Ubuntu. When run the app shows each key press on screen as it’s pressed (and while you record, perhaps using the hidden GNOME Shell screen recorder). The majority of Ubuntu users won’t have much use for this tool. But for the 0.25% making video tutorials, explanatory gifs, or other how-to related content? For them Screenkey will be invaluable. Put simply: if you need to illustrate actions associated with a specific keyboard shortcut or command in a screenshot or video clip there is nothing easier to use than this. Screenkey features multi-monitor support, lets you customise font size, font style, and font colour, and offers a crop of advanced settings to control position, timing, opacity, specific character key presses, and more. You can also choose what shortcut activates the app, and decide whether multimedia keys (e.g., volume, pause, brightness, etc) are supported or not. ScreenKey Shows Keyboard Presses on Screen in Ubuntu Read more Also: Ubuntu Weekly Newsletter Issue 638

Mozilla: Accessibility, Net Neutrality, AMP and Rust

  • Mozilla Accessibility: Broadening Our Impact

    Last year, the accessibility team worked to identify and fix gaps in our screen reader support, as well as on some new areas of focus, like improving Firefox for users with low vision. As a result, we shipped some great features. In addition, we’ve begun building awareness across Mozilla and putting in place processes to help ensure delightful accessibility going forward, including a Firefox wide triage process. With a solid foundation for delightful accessibility well underway, we’re looking at the next step in broadening our impact: expanding our engagement with our passionate, global community. It’s our hope that we can get to a place where a broad community of interested people become active participants in the planning, design, development and testing of Firefox accessibility. To get there, the first step is open communication about what we’re doing and where we’re headed.

  • Mozilla Open Policy & Advocacy Blog: Next Steps for Net Neutrality

    Two years ago we first brought Mozilla v. FCC in federal court, in an effort to save the net neutrality rules protecting American consumers. Mozilla has long fought for net neutrality because we believe that the internet works best when people control their own online experiences. Today is the deadline to petition the Supreme Court for review of the D.C. Circuit decision in Mozilla v. FCC. After careful consideration, Mozilla—as well as its partners in this litigation—are not seeking Supreme Court review of the D.C. Circuit decision. Even though we did not achieve all that we hoped for in the lower court, the court recognized the flaws of the FCC’s action and sent parts of it back to the agency for reconsideration. And the court cleared a path for net neutrality to move forward at the state level. We believe the fight is best pursued there, as well as on other fronts including Congress or a future FCC. Net neutrality is more than a legal construct. It is a reflection of the fundamental belief that ISPs have tremendous power over our online experiences and that power should not be further concentrated in actors that have often demonstrated a disregard for consumers and their digital rights. The global pandemic has moved even more of our daily lives—our work, school, conversations with friends and family—online. Internet videos and social media debates are fueling an essential conversation about systemic racism in America. At this moment, net neutrality protections ensuring equal treatment of online traffic are critical. Recent moves by ISPs to favor their own content channels or impose data caps and usage-based pricing make concerns about the need for protections all the more real.

  • Frédéric Wang: Contributions to Web Platform Interoperability (First Half of 2020)

    Web developers continue to face challenges with web interoperability issues and a lack of implementation of important features. As an open-source project, the AMP Project can help represent developers and aid in addressing these challenges. In the last few years, we have partnered with Igalia to collaborate on helping advance predictability and interoperability among browsers. Standards and the degree of interoperability that we want can be a long process. New features frequently require experimentation to get things rolling, course corrections along the way and then, ultimately as more implementations and users begin exploring the space, doing really interesting things and finding issues at the edges we continue to advance interoperability. Both AMP and Igalia are very pleased to have been able to play important roles at all stages of this process and help drive things forward. During the first half of this year, here’s what we’ve been up to…

  • Community crossover, Rust at CNCF, and more industry trends

    The impact: The Rust community has a reputation of welcoming loveliness; increased overlap in the Rust and CNCF Venn diagrams is a harbinger of good things for both communities.

Videos: Software Freedom, OpenSUSE 15.2, "Rolling Rhino" and Linux Headlines