Language Selection

English French German Italian Portuguese Spanish

Linux

Intel Resurrecting FSGSBASE Support For Linux, SVT-HEVC 1.4.1 Released

Filed under
Linux
Hardware
  • Intel Resurrecting FSGSBASE Support For Linux To Help With Performance

    Going on for months had been work by Intel Linux developers on supporting the FSGSBASE instruction for helping Intel CPU performance going back to Ivybridge where this instruction set extension was first introduced. The FSGSBASE support was queued for the Linux 5.3 kernel but was reverted due to "serious bugs" in the implementation. Intel has now published a revised version of this support.

  • Intel's H.265 Encoder SVT-HEVC 1.4.1 Released With Optimizations & More

    While not quite as exciting as the big performance boost found with SVT-VP9 for AVX2 CPUs a few days ago, Intel's Scalable Video Technology team has released SVT-HEVC 1.4.1 as their newest feature release to this open-source H.265/HEVC video encoder.

    SVT-HEVC 1.4.1 now allows setting an arbitrary thread count for the program, there is a new tile group for better tile parallelism to help with performance, support for building both shared and static libraries, fixed motion vector out-of-bounds issues, and other fixes resolved.

TPC-71W next-generation Arm-Based Industrial Panel PC for IoT applications

Filed under
GNU
Linux
Hardware

Advantech Industrial IoT Group, announced TPC-71W – the new generation of its industrial panel PCs aimed at machine automation and web-terminal applications. TPC-71W is a cost-efficient, Arm-based industrial panel PC that features a 7” true-flat display with P-CAP multi-touch control, high resolution and an NXP Arm Cortex -A9 i.MX 6 dual/quad-core processor to deliver high-performance computing. The system also features a serial port with a 120Ω termination resistor that supports the CAN 2.0B protocol and offers a programmable bit rate of up to 1 Mb/sec. Equipped with the Google Chromium embedded web browser and support for various operating systems, including Android, Linux Yocto, and Linux Ubuntu with QT GUI toolkits, TPC-71W allows system integrators to easily develop and deploy a wide range of industrial applications.

Read more

Also: Raspberry Pi CM3+ based EagleEye Smart Camera Works with OpenCV and LabVIEW NI Vision

Linux 5.4 and Beyond

Filed under
Linux
  • Kernel Lockdown Feature Will Try To Land For Linux 5.4

    After going through 40+ rounds of revisions and review, the Linux kernel "LOCKDOWN" feature might finally make it into the Linux 5.4 mainline kernel.

    While not yet acted upon by Linus Torvalds with the Linux 5.4 merge window not opening until next week, James Morris has submitted a pull request introducing the kernel lockdown mode for Linux 5.4.

  • Linux 5.4 Pull Requests Begin With AMD EPYC Rome EDAC Support, 64-Bit ARM Updates

    Linux 5.3 isn't being released until this weekend after being delayed by one week, but already there have been a few early pull requests submitted for the to-be-opened Linux 5.4 merge window.

    The early Linux 5.4 material submitted so far includes:

    ARM64 updates come in with a growing number of contributors to this 64-bit ARM architecture code. This time around there is support for 52-bit virtual addressing, early random number generator (RNG) seeding by the bootloader, improved robustness of SMP booting, support for the NXP i.MX8 DDR PMU, and various other fixes and improvements.

  • Linux 5.4 Bringing Support For Lenovo's "PrivacyGuard" On Newer ThinkPads

    Newer high-end Lenovo ThinkPad laptops feature an option called "PrivacyGuard" for restricting the usable vertical and horizontal viewing angles of the LCD display, similar to what has been achievable previously using film covers and the like. With Linux 5.4 this feature will be supported by the kernel if concerned about others looking over your shoulders at your screen, etc.

    Lenovo PrivacyGuard allows restricting the usable vertical/horizontal angles of the laptop's LCD panel so that ideally no one else but the user can view the screen contents. Unlike film covers or other practices, PrivacyGuard can be easily enabled/disabled depending upon your location. PrivacyGuard hasn't worked under Linux up to this point but is coming now with Linux 5.4.

  • Support Is Being Worked On For Root File-System Support Over SMB Protocol

    More details on this work can be found via this patch series including the first patch with more documentation on this support for root file-systems via Samba shares.

    These patches aren't in the current CIFS for-next branch so it doesn't look like this functionality will be making it for Linux 5.4.

Archman Linux: Pure Arch With Extra Flair

Filed under
Linux
Reviews

The distro's origin is Turkey. That by itself is not an issue, but the reach of the Archman community's language localization seems a bit short.

In numerous documentation and website displays, the use of English is a bit awkward. The flawed English does not seem to be a factor within the operating system itself though. Still, if you are struggling to deal with Arch idiosyncrasies, side-stepping some of the phraseology can add to the frustration.

Distros based on Arch Linux usually are not a good starting choice for newcomers to the Linux operating system. Users need a better handle on how Linux works to use Arch-based distros successfully. Considerable background reading is necessary for things to make sense with minimal frustration.

Arch Linux distros in general are not ideal operating systems for users with little Linux experience. Developers of distros such as Archman Linux are trying to change that reputation. Archman Linux can be a good second OS to use as a tool for learning more about how Linux works.

Read more

3rd gen kit for embedded linux self-training is Raspberry Pi B-based

Filed under
Linux

The 3rd generation Embedded Linux Learning Kit from Intellimetrix includes a Raspberry Pi 3B board, a Pi HAT with peripherals, power supply, cables and Linux software. It also features a manual tailored specifically for self-teaching yourself embedded Linux.

Intellimetrix has announced the immediate availability of the third generation of its Embedded Linux Learning Kit (E.L.L.K.). The firm touts it as a complete, hands-on way to get started using embedded Linux. Intellimetrix is a consulting firm specializing in real-time and embedded training and software development.

Read more

Catfish 1.4.10 Released

Filed under
GNU
Linux

The best Linux graphical file search utility keeps getting better! The latest release features a new preferences dialog, a polished user interface, and significantly improved search results and performance.

Read more

Qualcomm IPQ4019-based SOM and dev board run OpenWrt Linux

Filed under
Linux

The “Habanero” module from 8devices runs OpenWrt on Qualcomm’s IPQ4019 SoC. The $55 open spec board supports dual-band, MU-MIMO 802.11ac (Wave2). A development kit for with module adds 5 Ethernet ports and USB.

8devices has added the Habanero as a new member to its line of dual-band system-on-modules (SOMs). The SOM is available in two versions. The Habanero based on Qualcomm’s IPQ4019 SoC is open for pre-orders for $55. And the Habanero-I, based on Qualcomm’s IPQ4029 SoC can be bought on pre-order for $69. A $119 development kit, the Habanero DVK provides the IPQ4019 SoC along with Ethernet, USB and other I/O.

8devices provides a number of modules that run OpenWrt-Linux, the most recent of which was its Komikan SOM based on a MIPS24k-based Realtek SoC. The Habanero appears to be the company’s 2nd module based on a Qualcomm SoC, following its IPQ4018 SoC-based Jalapeno board.

Read more

LWN on Linux: Trust, Security, Tags, exFAT and CHAOSS

Filed under
Linux
  • Maintaining the kernel's web of trust

    A typical kernel development cycle involves pulling patches from over 100 repositories into the mainline. Any of those pulls could conceivably bring with it malicious code, leaving the kernel (and its users) open to compromise. The kernel's web of trust helps maintainers to ensure that pull requests are legitimate, but that web has become difficult to maintain in the wake of the recent attacks on key servers and other problems. So now the kernel community is taking management of its web of trust into its own hands.

    Some history

    As recently as 2011, there was no mechanism in place to verify the provenance of pull requests sent to kernel maintainers. If an emailed request looked legitimate, and the proposed code changes appeared to make sense, then the requested pull would generally be performed. That degree of openness makes for a low-friction development experience, but it also leaves the project open to at least a couple types of attacks. Email is easy to forge; an attacker could easily create an email that appeared to be from a known maintainer, but which requested a pull from a malicious repository.

    The risk grows greater if an attacker somehow finds a way to modify a maintainer's repository (on kernel.org or elsewhere); then the malicious code would be coming from a trusted location. The chances of a forged pull request from a legitimate (but compromised) repository being acted on are discouragingly high.

    The compromise of kernel.org in 2011 focused minds on this problem. By all accounts, the attackers had no idea of the importance of the machine they had taken over, so they did not even try to tamper with any of the repositories kept there. But they could have done such a thing. Git can help developers detect and recover from such attacks, but only to an extent. What the community really needs is a way to know that a specific branch or tag proposed for pulling was actually created by the maintainer for the relevant subsystem.

    One action that was taken was to transform kernel.org from a machine managed by a small number of kernel developers in their spare time into a carefully thought-out system run by full-time administrators supported by the Linux Foundation. The provision of shell accounts to hundreds of kernel developers was belatedly understood to be something other than the best of ideas, so that is no longer done. No system is immune, but kernel.org has become a much harder target than before, so repositories stored there should be relatively safe.

  • Kernel runtime security instrumentation

    Finding ways to make it easier and faster to mitigate an ongoing attack against a Linux system at runtime is part of the motivation behind the kernel runtime security instrumentation (KRSI) project. Its developer, KP Singh, gave a presentation about the project at the 2019 Linux Security Summit North America (LSS-NA), which was held in late August in San Diego. A prototype of KRSI is implemented as a Linux security module (LSM) that allows eBPF programs to be attached to the kernel's security hooks.

    Singh began by laying out the motivation for KRSI. When looking at the security of a system, there are two sides to the coin: signals and mitigations. The signals are events that might, but do not always, indicate some kind of malicious activity is taking place; the mitigations are what is done to thwart the malicious activity once it has been detected. The two "go hand in hand", he said.

    For example, the audit subsystem can provide signals of activity that might be malicious. If you have a program that determines that the activity actually is problematic, then you might want it to update the policy for an LSM to restrict or prevent that behavior. Audit may also need to be configured to log the events in question. He would like to see a unified mechanism for specifying both the signals and mitigations so that the two work better together. That is what KRSI is meant to provide.

    He gave a few examples of different types of signals. For one, a process that executes and then deletes its executable might well be malicious. A kernel module that loads and then hides itself is also suspect. A process that executes with suspicious environment variables (e.g. LD_PRELOAD) might indicate something has gone awry as well.

    On the mitigation side, an administrator might want to prevent mounting USB drives on a server, perhaps after a certain point during the startup. There could be dynamic whitelists or blacklists of various sorts, for kernel modules that can be loaded, for instance, to prevent known vulnerable binaries from executing, or stopping binaries from loading a core library that is vulnerable to ensure that updates are done. Adding any of these signals or mitigations requires reconfiguration of various parts of the kernel, which takes time and/or operator intervention. He wondered if there was a way to make it easy to add them in a unified way.

  • Change IDs for kernel patches

    For all its faults, email has long proved to be an effective communication mechanism for kernel development. Similarly, Git is an effective tool for source-code management. But there is no real connection between the two, meaning that there is no straightforward way to connect a Git commit with the email discussions that led to its acceptance. Once a patch enters a repository, it transitions into a new form of existence and leaves its past life behind. Doug Anderson recently went to the ksummit-discuss list with a proposal to add Gerrit-style change IDs as a way of connecting the two lives of a kernel patch; the end result may not be quite what he was asking for.

    [...]

    Creation of this tag is relatively easy; it can be entirely automated at the point where a patch is applied to a Git repository. But it doesn't solve the entire problem; it can associate a commit with the final posting of a patch on a mailing list, but it cannot help to find previous versions of a patch. Generally, the discussion of the last version of a patch is boring since there is usually a consensus at that point that it should be applied. It's the discussion of the previous versions that will have caused changes to be made and which can explain some of the decisions that were made. But kernel developers are remarkably and inexplicably poor at placing the message ID of the final version of a patch into the previous versions.

    The most commonly suggested solution to that problem is not fully automatic. Developers like Thomas Gleixner and Christian Brauner argued in favor of adding a link to previous versions of a patch when posting an updated version. Gleixner called for a link to the cover letter of the prior version, while Brauner puts links to all previous versions. Either way, an interested developer can follow the links backward to see how a patch series has changed, along with the discussions that led to those changes.

  • Examining exFAT

    inux kernel developers like to get support for new features — such as filesystem types — merged quickly. In the case of the exFAT filesystem, that didn't happen; exFAT was created by Microsoft in 2006 for use in larger flash-storage cards, but there has never been support in the kernel for this filesystem. Microsoft's recent announcement that it wanted to get exFAT support into the mainline kernel would appear to have removed the largest obstacle to Linux exFAT support. But, as is so often the case, it seems that some challenges remain.
    For years, the Linux community mostly ignored exFAT; it was a proprietary format overshadowed by an unpleasant patent cloud. A Linux driver existed, though, and was shipped as a proprietary module on various Android devices. In 2013, the code for this driver escaped into the wild and was posted to a GitHub repository. But that code was never actually released under a free license and the patent issues remained, so no serious effort to upstream it into the mainline kernel was ever made.

    The situation stayed this way for some years. Even Microsoft's decision to join the Open Invention Network (OIN) in 2018 did not change the situation; exFAT, being outside the OIN Linux System Definition, was not covered by any new patent grants. Some people pointed this out at the time, but it didn't raise a lot of concern. Most people, it seemed, had simply forgotten about exFAT, which has a relatively limited deployment overall.

  • CHAOSS project bringing order to open-source metrics

    Providing meaningful metrics for open-source projects has long been a challenge, as simply measuring downloads, commits, or GitHub stars typically doesn't say much about the health or diversity of a project. It's a challenge the Linux Foundation's Community Health Analytics Open Source Software (CHAOSS) project is looking to help solve. At the 2019 Open Source Summit North America (OSSNA), Matt Germonprez, one of the founding members of CHAOSS, outlined what the group is currently doing and why its initial efforts didn't work out as expected.

    Germonprez is an Associate Professor at the University of Nebraska at Omaha and helped to start CHAOSS, which was first announced at the 2017 OSSNA held in Los Angeles. When CHAOSS got started, he said, there was no bar as to what the project was interested in. "We developed a long list of metrics, they were really unfiltered and uncategorized, so it wasn't doing a lot of good for people," Germonprez admitted.

Top 20 Funny Steam Games For Kids To Play Right Now [on Linux]

Filed under
GNU
Linux
Gaming

There are ample of funny steam games for kids available on the store for the Linux system. A couple of years back, gaming on the Linux was almost impossible. Nevertheless, a vast range of games are now available in different Linux distros, thanks to steam. Moreover, playing games on Linux is no more difficult. However, many games even available for free. Additionally, there are different genres of games, such as indie, action, adventure, casual, strategy, simulation, RPG, Early Access, single-player, violent, and sports. Linux users can play all these genres of games on steam for absolutely free or spending a little buck.

Read more

Working on Linux's nuts and bolts at Linux Plumbers

Filed under
Linux

Linux is built on the Linux Kernel Mailing List (LKML) and numerous other more specialized development mailing lists. But email and Internet Relay Chat (IRC) can only get you so far. Sometimes, to get things done, top Linux programmers really need to talk face-to-face with each other. That's where the Kernel Maintainers Summit and Linux Plumbers comes in.

The Kernel Maintainers Summit, Linux ceator Linus Torvalds told me, is an invitation-only gathering of the top Linux kernel developers. But, while you might think it's about planning on the Linux kernel's future, that's not the case. "The maintainer summit is really different because it doesn't even talk about technical issues." Instead, "It's all about the process of creating and maintaining the Linux kernel."

Read more

Syndicate content

More in Tux Machines

Android Leftovers

When Diverse Network ASICs Meet A Unifying Operating System

And it has also been a decade since switch upstart Arista Networks launched its Extensible Operating System, or EOS, which is derived from Linux. [...] The cross-platform nature of ArcOS, coupled with its ability to run in any function on the network, could turn out to be the key differentiator. A lot of these other NOSes were point solutions that could only be deployed in certain parts of the network, and that just creates animosity with the incumbent vendors that dominate the rest of the networking stack. Given the mission-critical nature of networking in the modern datacenter, it costs a great deal to qualify a new network operating system, and it can take a lot of time. If ArcOS can run across more platforms, qualify faster, and do more jobs in the network, then, says Garg, it has a good chance of shaking up switching and routing. “That totally changes the business conversation and the TCO advantages that we can bring to a customer across the entirety of their network.” Read more

Server: Kubernetes/OpenShift, OpenStack, and Red Hat's Ansible

  • 9 steps to awesome with Kubernetes/OpenShift presented by Burr Sutter

    Burr Sutter gave a terrific talk in India in July, where he laid out the terms, systems and processes needed to setup Kubernetes for developers. This is an introductory presentation, which may be useful for your larger community of Kubernetes users once you’ve already setup User Provisioned Infrastructure (UPI) in Red Hat OpenShift for them, though it does go into the deeper details of actually running the a cluster. To follow along, Burr created an accompanying GitHub repository, so you too can learn how to setup an awesome Kubernetes cluster in just 9 steps.

  • Weaveworks Named a Top Kubernetes Contributor

    But anyone who knows the history of Weaveworks might not be too surprised by this. Weaveworks has been a major champion of Kubernetes since the very beginning. It might not be too much of a coincidence that Weaveworks was incorporated only a few weeks after Kubernetes was open sourced, five years ago. In addition to this, the very first elected chair of the CNCF’s Technical Oversight Committee, responsible for technical leadership to the Cloud Native Foundation was also headed up by our CEO, Alexis Richardson(@monadic) (soon to be replaced by the awesome Liz Rice (@lizrice) of Aqua Security).

  • Improving trust in the cloud with OpenStack and AMD SEV

    This post contains an exciting announcement, but first I need to provide some context! Ever heard that joke “the cloud is just someone else’s computer”? Of course it’s a gross over-simplification, but there’s more than a grain of truth in it. And that raises the question: if your applications are running in someone else’s data-centre, how can you trust that they’re not being snooped upon, or worse, invasively tampered with?

  • Red Hat OpenStack Platform 15 Enhances Infrastructure Security and Cloud-Native Integration Across the Open Hybrid Cloud

    Red Hat, Inc., the world's leading provider of open source solutions, today announced the general availability of Red Hat OpenStack Platform 15, the latest version of its highly scalable and agile cloud Infrastructure-as-a-Service (IaaS) solution. Based on the OpenStack community’s "Stein" release, Red Hat OpenStack Platform 15 adds performance and cloud security enhancements and expands the platform’s ecosystem of supported hardware, helping IT organizations to more quickly and more securely support demanding production workloads. Given the role of Linux as the foundation for hybrid cloud, customers can also benefit from a more secure, flexible and intelligent Linux operating system underpinning their private cloud deployments with Red Hat Enterprise Linux 8.

  • Red Hat Ansible Automation Accelerates Past Major Adoption Milestone, Now Manages More Than Four Million Customer Systems Worldwide

    Red Hat, Inc., the world's leading provider of open source solutions, today announced that more than four million customer systems worldwide are now automated by Red Hat Ansible Automation. Customers, including Energy Market Company, Microsoft, Reserve Bank of New Zealand and Surescripts all use Red Hat Ansible Automation to automate and orchestrate their IT operations, helping to expand automation across IT stacks. According to a blog post by Chris Gardner with Forrester Research, who was the author of The Forrester Wave™: Infrastructure Automation Platforms, Q3 2019, "Infrastructure automation isn’t just on-premises or the cloud. It’s at the edge and everywhere in between."1 Since its launch in 2013, Red Hat Ansible Automation has provided a single tool to help organizations automate across IT operations and development, including infrastructure, networks, cloud, security and beyond.

Top 15+ Best Script Writing Software for Linux in 2019

Script writing software is designed to play a vital role for writers from different writing sectors. As a newbie, it may not be simple to use. But, after a certain period, it comes handy for creating scripts for films, novels, and television programs. Linux has to offer a bunch of tools for script writing for both beginners and professionals. There is a wide range of applications that are open source and free. Moreover, if you want to get some extra bit of advanced features, you may need to spend some bucks. Read more