Language Selection

English French German Italian Portuguese Spanish

Kernel: Linux Plumbers Conference Talk, 5.6 Development Cycle and Cavium OCTEON Driver Support For Linux

Filed under
Linux
  • Accelerating netfilter with hardware offload, part 2

    As network interfaces get faster, the amount of CPU time available to process each packet becomes correspondingly smaller. The good news is that many tasks, including packet filtering, can be offloaded to the hardware itself. The bad news is that the Linux kernel required quite a bit of work to be able to take advantage of that capability. The first article in this series provided an overview of how hardware-based packet filtering can work and the support for this feature that already existed in the kernel. This series now concludes with a detailed look at how offloaded packet filtering works in the netfilter subsystem and how administrators can make use of it.

    The offload capability was added by a patch set from Pablo Neira Ayuso, merged in the kernel 5.3 release and updated thereafter. The goal of the patch set was to add support for offloading a subset of the netfilter rules in a typical configuration, thus bypassing the kernel's generic packet-handling code for packets filtered by the offloaded rules. It is not currently possible to offload all of the rules, as that would require additional support from the underlying hardware and in the netfilter code. The use case and some of the internals are mentioned in Neira's slides [PDF] from the 2019 Linux Plumbers Conference.

  • The 5.6 merge window opens

    As of this writing, 4,726 non-merge changesets have been pulled into the mainline repository for the 5.6 development cycle. That is a relatively slow start by contemporary kernel standards, but it still is enough to bring a number of new features, some of which have been pending for years, into the mainline. Read on for a summary of the changes pulled in the early part of the 5.6 merge window.

  • Cavium OCTEON Driver Support For Linux Is Coming Back From The Dead

    It looks like the Cavium/Marvell OCTEON MIPS-based processor support is being restored for Linux systems after some of its drivers were briefly removed.

    For the current Linux 5.6 cycle, some OCTEON drivers were dropped. Those drivers had been living in the kernel's staging area but fell into disrepair and with no one at the time taking over the maintenance burden, they were removed for Linux 5.6 as part of cleaning up the staging area.

More in Tux Machines

Web Standards

  • Inrupt, Tim Berners-Lee's Solid, and Me

    All of this is a long-winded way of saying that I have joined a company called Inrupt that is working to bring Tim Berners-Lee's distributed data ownership model that is Solid into the mainstream. (I think of Inrupt basically as the Red Hat of Solid.) I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now.

    The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things -- your computer, your phone, your IoT whatever -- is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It's yours. If you want your insurance company to have access to your fitness data, you grant it through your pod. If you want your friends to have access to your vacation photos, you grant it through your pod. If you want your thermostat to share data with your air conditioner, you give both of them access through your pod.

  • World wide web founder scales up efforts to reshape internet
  • Sir Tim Berners-Lee's Inrupt is Redesigning the way the web is to Work and Apple is working with them on their Data Transfer Project

    Inrupt, the start-up company founded by Sir Tim Berners-Lee to redesign the way the web works, is expanding its operational team and launching pilot projects in its quest to develop a "massively scalable, production-quality technology platform."

  • Inconsistent user-experiences with native lazy-loading images

    The specification for web browser native support for lazy-loading images landed in the HTML Living Standard a week ago. This new feature lets web developers tell the browser to defer loading an image until it is scrolled into view, or it’s about to be scrolled into view. Images account for 49 % of the median webpage’s byte size, according to the HTTP Archive. Lazy image loading can help reduce these images’ impact on page load performance. It can also help lower data costs by clients that never scroll down to images far down on a page. Historically, lazy-loading was implemented by responding to changes in the scroll position and tracking the image element’s offset from the top of the page. This could degrade page-scrolling performance. Comparatively, the new native lazy loading for images is easier to implement and doesn’t degrade scrolling performance.

Security and Scare for Sale

  • Malware Attack Takes ISS World's Systems Offline

    Founded in 1901, the Copenhagen, Denmark-based company provides cleaning, support, property, catering, security, and facility management services for offices, factories, airports, hospitals, and other locations all around the world.

    At the moment, the company’s employees don’t have access to corporate systems, as they were taken offline following a malware attack earlier this week.

  • The rise and rise of ransomware [iophk: Windows TCO]
  • Security flaws belatedly fixed in open source SuiteCRM software

    According to Romano, a second-order PHP object injection vulnerability (CVE-2020-8800) in SuiteCRM could be “exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks, such as executing arbitrary PHP code”. SuiteCRM versions 7.11.11 and below are said to be vulnerable. [...] “We have put a notice on our open source community channels and advice via social media. We have a dedicated community that works around the clock to spot vulnerabilities and produce suitable fixes, which is one of the key benefits for a business when choosing to use open source software.”

  • With the rise of third-party code, zero-trust is key

    The surface area of website and web application attacks keeps growing. One reason for this is the prevalence of third-party code. When businesses build web apps, they use code from many sources, including both commercial and open-source projects, often created and maintained by both professional and amateur developers. Web application creators take advantage of third-party code because it allows them to build their websites and apps quickly. For example, companies are likely to add a third-party chat widget to their site, instead of building one from scratch. But third-party code can leave websites vulnerable. Consider the July 2018 Magecart attack on Ticketmaster. In this data breach, hackers were able to gain access to sensitive customer information on Ticketmaster's website by compromising a third-party script used to provide chatbot functionality. The challenge is that this third-party functionality runs directly on the customer's browser, and the browser is built to simply render the code sent down from a web server. It assumes that all code, whether first-party or third-party, is good.

  • New company BluBracket takes on software supply chain code security
  • BluBracket scores $6.5M seed to help secure code in distributed environments

    BluBracket, a new security startup from the folks who brought you Vera, came out of stealth today and announced a $6.5 million seed investment. Unusual Ventures led the round with participation by Point72 Ventures, SignalFire and Firebolt Ventures.

Openwashing and the Latest Microsoft Fakes

Devices: RasPi, MoveIt/ROS, Neuroscience Hardware Hack Chat and More

  • [Available now] Raspberry Pi Zero based open source checkra1n jailbreak dongle (Ra1nbox) with screen is in works

    Do you have an iPhone? Did you migrate from Android? In case you did, you can probably reminisce the first few weeks. It might have been difficult for you to get along with the whole ecosystem with limited customisation options. Setting the price aside, the main advantage of having an Android device is numerous options to change the default features. In order to gain an elated level of privilege, you can even go through a few steps to root the phone.

  • MoveIt, the Popular Open Source Platform For Robotic Arms, Releases ROS 2 Version

    PickNik Robotics is pleased to announce today the release of a much anticipated new version of MoveIt for use with the industry-advocated ROS 2. PickNik Robotics and its partners Intel, Amazon, Open Robotics, and many worldwide contributors to MoveIt, are excited to see this big step forward in providing next generation open source robotics. MoveIt 2 will enable many compelling advantages over its predecessor, namely faster, more reactive planning through realtime control of robot arms. The new platform version will enable more reliable robot behaviors, based on industry feedback.

  • Open-Source Neuroscience Hardware Hack Chat

    Join us for the Open-Source Neuroscience Hardware Hack Chat this week where we’ll discuss the exploration of the real final frontier, and find out what it takes to invent the tools before you get to use them.

  • Glasgow Interface Explorer open source multitool for digital electronics

    A new project soon to launch via Crowd Supplied is the Glasgow Interface Explorer, offering a highly capable and extremely flexible open source multitool for digital electronics. Created for embedded developers, reverse engineers, digital archivists, electronics hobbyists, and anyone else who wants to communicate with a wide selection of digital devices. The Glasgow Interface Explorer development board has been designed for “maximum reliability and minimum hassle” science creators and can be attached to most devices without the need for additional active or passive components.

  • ADLINK Industrial-Pi (I-Pi) SMARC Development Kit Features Rockchip PX30 SoC

    ADLINK Technology has just announced the Industrial-Pi (I-Pi) SMARC Development Kit to help engineers quickly design prototypes for industrial applications using peripherals and sensors.

  • Bluetera II open source development board created for motion-based IoT applications

    Bluetera II is an open hardware IoT solution powered by 9-axis motion sensors, an MCU with support for BLE 5.0, and an SDK based on Google’s Protocol Buffer technology. The small development board will be soon available to purchase via the Crowd Supply website. Offering a full stack development board using protocol buffers for motion-based IoT applications and has been created to fill the gap for an open source platform that satisfies the following requirements :