Language Selection

English French German Italian Portuguese Spanish


Even In 2019, A Long Road Still For Getting The VIA OpenChrome Driver In Linux

Filed under

It's been over a decade since VIA x86 hardware has been relevant and with that their Unichrome/Chrome integrated graphics chipsets, but the effort still isn't over for trying to get the OpenChrome DRM/KMS driver into the mainline Linux kernel for these vintage systems.

Read more

Chrome OS may soon let companies choose their own distro for Linux apps

Filed under

Midway through last year, Google launched one of my favorite features of Chrome OS, Linux app support. As it stands, this support works through a virtualized Linux, based on Debian. However, there’s many, many flavors of Linux out there, each with their own pros and cons. Google seems to be accounting for that with the ability for companies to choose their own Linux distro for Chrome OS’s Linux apps support.

Some companies are very particular about which operating systems their employees run company programs on, usually in an effort to keep their secrets safely in-house. Google is no exception to this, having their own “gLinux”, a modified Linux distro based on Debian, with Google-specific enhancements. Using this distro is a requirement for many work-related tasks Googlers need to accomplish on a daily basis.

With these tight restrictions in place, some enterprise users won’t be able to make the most of Chrome OS’s new Linux app support for their work needs. To that end, Google is creating a way for companies to provide an alternative Linux distro for managed Chrome OS devices, using device policy.

Read more

Also: Is System76 Hardware Reliable? My Lemur Laptop 3, Years Later

New LWN Kernel (Linux) Articles, Paywall Just Removed

Filed under
  • Some unreliable predictions for 2019

    Kernel development will become more formal. One of the things that has traditionally attracted a certain type of developer to kernel work is the fact that many of the normal rules don't apply. Kernel development often requires working with high levels of complexity, combined with the ups and downs of dealing with real-world hardware; in that setting, pulling together any sort of solution can be an accomplishment. The result is a sort of cowboy culture that emphasizes working solutions over formal designs.

    The increasing level of complexity in the kernel and in the hardware it drives has made that approach less tenable over the years. The kernel community has responded in a number of ways, including better documentation and better testing. One real harbinger of the future, though, may be the work that has been quietly happening to develop a formal memory-ordering model that makes it possible to reason about concurrency and ensure that kernel code is correct. If the kernel is going to continue to scale, this kind of approach will have to spread to other areas. There will be grumbling, since adding formality may slow the pace of development. But, with luck, it should also slow the issuance of urgent bug fixes and security updates.

    More kernel APIs will be created for BPF programs rather than exported as traditional system calls; we are heading toward a world where a significant amount of kernel functionality is only available via BPF. The result will be a significant increase in flexibility and efficiency, but some growing pains should also be expected. The BPF API sees even less review than other kernel interfaces, and the community's record with the latter is decidedly less than perfect. This may be the year when we realize that we haven't yet figured out how to provide such low-level access to the kernel in ways that can be supported indefinitely.

    Somebody will attempt to test the kernel community's code of conduct and its enforcement processes in the coming year. The community will handle that test without trouble, though, just as it has been handling the constant stream of trolling emails attempting to stir up strife. At the end of the year, the code of conduct will look pretty much the way it does now: a set of expectations that helps to improve behavior in the community, but not a big deal in general.

  • Some 4.20 development statistics

    This year's holiday gifts will include the 4.20 kernel; that can only mean that it is time for another look at where the code going into this release has come from. This development cycle was typically busy and brought a lot of new code into the kernel. There are some new faces showing up in the statistics this time around, but not a lot of surprises otherwise.
    As of this writing, 13,856 non-merge changesets have found their way into the mainline repository for the 4.20 release; they were contributed by 1,743 developers. That makes 4.20 the busiest cycle since 4.15, but only by a little bit; both numbers are essentially in line with recent release history. Of those 1,743 developers, 283 were first-time contributors this time around.

  • What's coming in the next kernel release (part 1)

    When the 4.20 kernel was released on December 23, Linus Torvalds indicated that he would try to keep to the normal merge window schedule despite the presence of the holidays in the middle of it. Thus far, he seems to be trying to live up to that; just over 8,700 changesets have been merged for the next release, which seems likely to be called 5.0. A number of long-awaited features are finally landing in the kernel with this release.

  • Live patching for CPU vulnerabilities

    The kernel's live-patching (KLP) mechanism can apply a wide variety of fixes to a running kernel but, at a first glance, the sort of highly intrusive changes needed to address vulnerabilities like Meltdown or L1TF would not seem like likely candidates for live patches. The most notable obstacles are the required modifications of global semantics on a running system, as well as the need for live patching the kernel's entry code. However, we at the SUSE live patching team started working on proof-of-concept live patches for these vulnerabilities as a fun project and have been able to overcome these hurdles. The techniques we developed are generic and might become handy again when fixing future vulnerabilities.
    For completeness, it should be noted that these two demo live patches have been implemented for kGraft, but kGraft is conceptually equivalent to KLP.

    At the heart of the Meltdown vulnerability is the CPU speculating past the access rights encoded in the page table entries (PTEs) and thereby enabling malicious user-space programs to extract data from any kernel mapping. The kernel page-table isolation (KPTI) mechanism blocks such attacks by switching to stripped-down "shadow" page tables whenever the kernel returns to user space. These mirror the mappings from the lower, user-space half of the address space, but lack almost anything from the kernel region except for the bare minimum needed to reenter the kernel and switch back to the fully populated page tables. The difficulty, from a live-patching perspective, is to keep the retroactively introduced shadow page tables consistent with their fully populated counterparts at all times. Furthermore, the entry code has to be made to switch back and forth between the full and shadow page table at kernel entries and exits, but that is outside of the scope of what is live patchable with KLP.

    For the L1TF vulnerability, recall that each PTE has a _PAGE_PRESENT bit that, when clear, causes page faults upon accesses to the corresponding virtual memory region. The PTE bits designated for storing a page's frame number are architecturally ignored in this case. The Linux kernel swapping implementation exploits this by marking the PTEs corresponding to swapped-out pages as non-present and reusing the physical address part to store the page's swap slot number. Unfortunately, CPUs vulnerable to L1TF do not always ignore the contents of these "swap PTEs", but can instead speculatively misinterpret the swap slot identifiers as physical addresses. These swap slot identifiers, being index-like in nature, tend to alias with valid physical page-frame numbers, so this speculation allows for extraction of the corresponding memory contents. The Linux kernel mitigation is to avoid this aliasing by bit-wise inverting certain parts of the swap PTEs. Unfortunately, this change of representation is again something which is not safely applicable to a running system with KLP's consistency guarantees alone.

  • Improving idle behavior in tickless systems

    Most processors spend a great deal of their time doing nothing, waiting for devices and timer interrupts. In these cases, they can switch to idle modes that shut down parts of their internal circuitry, especially stopping certain clocks. This lowers power consumption significantly and avoids draining device batteries. There are usually a number of idle modes available; the deeper the mode is, the less power the processor needs. The tradeoff is that the cost of switching to and from deeper modes is higher; it takes more time and the content of some caches is also lost. In the Linux kernel, the cpuidle subsystem has the task of predicting which choice will be the most appropriate. Recently, Rafael Wysocki proposed a new governor for systems with tickless operation enabled that is expected to be more accurate than the existing menu governor.

6 Myths That Scare Away New Linux Users

Filed under

This is one of the most popular myths about Linux which exists mostly because a lot of people don't even have to bother installing operating systems - they come preinstalled. However, you have to download Linux. There is, of curse, an option on the market for Linux as well but it's not as popular and it's only available if you want a new machine anyways.

But if you already have a machine and all you need is an operating system, the best thing to do would be to test which distribution you are interested in and see it through Live CD or Live USB. Once you like one of them, you can install it in a way that would allow both Windows or Linux to your laptop or you can replace WIndows completely.

No matter what you choose, the fact is that the download process is simple and especially for Ubuntu, Fedora, Linux Mint and openSUSE. Most of them also include a step-by-step install wizard and dimple graphical tools. Full installation shouldn't take longer than half an hour, apps included.

Read more

Linux Foundation for Large Corporations and New Buzzwords

Filed under
  • Industry-Scale Collaboration at The Linux Foundation

    Linux and open source have changed the computer industry (among many others) forever. Today, there are tens of millions of open source projects. A valid question is “Why?” How can it possibly make sense to hire developers that work on code that is given away for free to anyone who cares to take it? I know of many answers to this question, but for the communities that I work in, I’ve come to recognize the following as the common thread.

  • Roles and Responsibilities of Cloud Native DevOps Engineers

    Cloud Native DevOps is a relatively new collection of old concepts and ideas that coalesced out of a need to address inadequacies in the “old” way of building applications. To understand what Cloud Native DevOps engineers do on a daily basis, one needs to understand that the objective of the Cloud Native model is to build apps that take advantage of the adaptability and resiliency that are so easy to achieve using cloud tools. There are four main concepts that serve as the basis of cloud native computing: Microservices, Containers, CI/CD, and DevOps.

    Cloud Native DevOps is a relatively new collection of old concepts and ideas that coalesced out of a need to address inadequacies in the “old” way of building applications. To understand what Cloud Native DevOps engineers do on a daily basis, one needs to understand that the objective of the Cloud Native model is to build apps that take advantage of the adaptability and resiliency that are so easy to achieve using cloud tools. There are four main concepts that serve as the basis of cloud native computing: Microservices, Containers, CI/CD, and DevOps.

Free IoT security platform runs on OpenWrt routers and the Raspberry Pi

Filed under

Minim unveiled a free version of its router security platform called Minim Labs with an open source, Linux-based, “Unum” agent designed to protect home automation devices. The software is available for the Raspberry Pi and the Gli.Net B1300 router.

At the Consumer Electronics Show (CES) in Las Vegas, Minim announced a free spin-off of Minim, its cloud-managed WiFi and security Software as a Service (SaaS) platform. Minim Labs is designed to work with a new open source software agent called Unum that runs on Raspbian and OpenWrt Linux devices. Optimized images are available for the OpenWrt-based Gli.Net GL-B1300 router and Raspberry Pi. The first 50 sign-ups will get the B1300 router for free (see below).

Read more

Also: Security updates for Wednesday

Where Linux Went in 2018 - and Where It's Going

Filed under

Another major development in desktop Linux computing was Steam Play's August announcement of beta testing support for running Windows games on Linux. Steam evidently has been playing the long game (no pun intended) in backing work on the Windows compatibility program Wine, as well as the DirectX translation apparatus Vulkan, over the past couple of years.

This past summer, we saw these efforts coalesce. In a framework called "Proton," Steam has bundled these two initiatives natively in the Steam Play client. This enables anyone running a Linux installation of Steam Play (who is enrolled in the beta test) to simply download and play a number of Windows games with no further configuration necessary.

A marked lack of access to top-tier games long has been a sticking point for Linux-curious Windows users considering a switch, so Steam's ambitious embarkation on this project may prove to be the last encouragement this crowd needs to take the penguin plunge.

Steam has been exercising patience, as it has been maintaining a periodically updated list of the number and degree of Linux-compatible Windows games in its library of titles. It hasn't been afraid to acknowledge that a number of Windows games still need work, another sign of sober expectations on the part of Valve.

Taken together, these steps suggest that Steam is in this for the long haul, rather than throwing together a quick fix to increase revenue from Linux-bound customers. If that weren't proof enough, Steam even has gone so far as to post the code for Proton on GitHub, which is as good a sign as any that it is invested in the Linux community.

Read more

Linux 4.20.1, 4.19.14, 4.14.92, and 4.9.149

Filed under

Arch Linux Kicks Off 2019 with First Snapshot Powered by Linux Kernel 4.20

Filed under

Arch Linux 2019.01.01 is now available and it is the first snapshot of the popular Linux-based operating system in 2019, shipping with a new Linux kernel and all the package updates released during December 2018, since the release of the Arch Linux 2018.12.01, which was powered by Linux kernel 4.19.4.

Considering the fact that Linux kernel 4.20 was just released a couple of weeks ago, near the Christmas holidays, this would be a record for the Arch Linux developers to ship the new ISO snapshot with the most recent Linux kernel series, which can only mean that it successfully passed all tests.

Read more

Also: Linux Kernel 4.20 Gets First Point Release, It's Now Ready for Mass Deployments

LVFS Nets Phoenix

Filed under
Red Hat
  • Phoenix joins the LVFS

    Just like AMI, Phoenix is a huge firmware vendor, providing the firmware for millions of machines. If you’re using a ThinkPad right now, you’re most probably using Phoenix code in your mainboard firmware. Phoenix have been working with Lenovo and their ODMs on LVFS support for a while, fixing all the niggles that was stopping the capsule from working with the loader used by Linux. Phoenix can help customers build deliverables for the LVFS that use UX capsule support to make flashing beautiful, although it’s up to the OEM if that’s used or not.

  • Firmware Vendor Phoenix Tech Joins The LVFS For Linux Firmware Updates

    Last month firmware vendor AMI joined the Linux Vendor Firmware Service (LVFS) while today the other big firmware vendor, Phoenix Technologies, is also backing LVFS for their OEM/ODM partners that want to distribute firmware update capsules on this RedHat-based service.

    Phoenix provides the basic firmware implementation for the likes of Lenovo ThinkPads, Tuxedo Computers, and plenty of other OEM/ODM partners for motherboards. Phoenix has already been helping their partners with UEFI firmware updates on LVFS and now they will continue doing so as an official member. But it will still be up to their actual customers to want to engage with LVFS support for their products.

Syndicate content

More in Tux Machines

Games: Zombie Panic! Source, Dicey Dungeon, NVIDIA RTX, Steam Play, Battle Motion, Ravva and the Cyclops Curse, Feudal Alloy

  • The Beta of Zombie Panic! Source was updated recently, should work better on Linux
    Zombie Panic! Source is currently going through an overhaul, as part of this it's coming to Linux with a version now in beta and the latest update should make it a better experience. [...] I personally haven't been able to make any of the events yet, so I have no real thoughts on the game. Once it's out of beta and all servers are updated, I will be taking a proper look as it looks fun. No idea when this version will leave beta, might be a while yet.
  • Dicey Dungeons, the new unique roguelike from Terry Cavanagh and co introduces quests
    We have a lot of roguelikes available on Linux (seriously, we do) yet Dicey Dungeons from Terry Cavanagh, Marlowe Dobbe, and Chipzel still remains fresh due to the rather unique game mechanics. I still can't get over how fun the dice mechanic is, as you slot dice into cards to perform actions. It's different, clever and works really well.
  • Quake 2 now has real-time path tracing with Vulkan
    If you have one of the more recent NVIDIA RTX graphics cards, here's an interesting project for you to try. Q2VKPT from developer Christoph Schied implements some really quite advanced techniques.
  • Steam Play versus Linux Version, a little performance comparison and more thoughts
    Now that Steam has the ability officially to override a Linux game and run it through Steam Play instead, let's take a quick look at some differences in performance. Before I begin, let's make something clear. I absolutely value the effort developers put into Linux games, I do think cross-platform development is incredibly important so we don't end up with more lock-in. However, let's be realistic for a moment. Technology moves on and it's not financially worth it to keep updating old games, they just don't sell as well as newer games (with exceptions of course). As the years go on, there will be more ways to run older games better and better, of that I've no doubt.
  • Battle Motion, a really silly massive fantasy battle game will have Linux support
    Sometimes when looking around for new games I come across something that really catches my eye, Battle Motion is one such game as it looks completely silly.
  • Ravva and the Cyclops Curse looks like a rather nice NES-inspired platformer
    Another lovely looking retro-inspired platformer! Ravva and the Cyclops Curse from developer Galope just released this week with Linux support.
  • Become a fish inside a robot in Feudal Alloy, out now with Linux support
    We've seen plenty of robots and we've seen a fair amount of fish, but have you seen a fish controlling a robot with a sword? Say hello to Feudal Alloy.

Addressing Icons Themes (Again)

I wrote some time ago on how platforms have a responsibility to respect the identity of applications, but now there’s some rumblings that Ubuntu’s community-built Yaru icon set (which is a derivative of the Suru icon set I maintain) intends to ignore this and infringe upon applications’ brands by modifying their icons... [...] For instance, the entire point of the GNOME icon refresh initiative is to address visual mismatches between third-party app icons and GNOME icons and we been have reaching out to developers to see about updating their icons to new design—this is the appropriate approach for a platform visual overhaul, by the way—which could always use more help on. Now I don’t see this ever happening, but I have hopes that someday Ubuntu will fully embrace GNOME and promote it as its desktop solution—especially given the desktop is out of the scope of the Ubuntu business these days. Read more

Wine 4.0 RC7

  • Wine Announcement
    The Wine development release 4.0-rc7 is now available.The Wine development release 4.0-rc7 is now available.
  • Juicy like the good stuff, Wine 4.0 RC7 is out with a delightful aroma
    No need to worry about a sour aftertaste here, we're of course talking about the wonderful software and not the tasty liquid. As usual, they're in bug-fix mode while they attempt to make the best version of Wine they can and so no super huge features made it in.
  • Wine 4.0-RC7 Released With Fixes For Video Player Crashes, Game Performance Issues
    Wine 4.0 should be officially out soon, but this weekend the latest test release of it is Release Candidate 7 that brings more than one dozen fixes. Wine 4.0 remains in a feature freeze until its release, which will likely be within the next two weeks or so. Since last Friday's Wine 4.0-RC6, the RC7 release has 13 known bug fixes. Catching our interest are some game performance regressions being resolved, including for Hot Pursuit, Project CARS, Gas Guzzlers, and others. There are also video player crash fixes when opening audio or video files.

Wikipedia cofounder: How and why I transitioned to Linux—how you can, too

My first introduction to the command line was in the 80s when I first started learning about computers and, like many geeky kids of the time, wrote my first BASIC computer programs. But it wasn’t until my job starting Nupedia (and then Wikipedia) that I spent much time on the Bash command line. (Let me explain. “Bash” means “Bourne-again shell,” a rewrite of the class Unix shell “sh.” A “shell” is a program for interacting with the computer by processing terse commands to do basic stuff like find and manipulate files; a terminal, or terminal emulator, is a program that runs a shell. The terminal is what shows you that command line, where you type your commands like “move this file there” and “download that file from this web address” and “inject this virus into that database”. The default terminal used by Linux Ubuntu, for example, is called Gnome Terminal–which runs Bash, the standard Linux shell.) Even then (and in the following years when I got into programming again), I didn’t learn much beyond things like cd (switch directory) and ls (list directory contents). It was then, around 2002, that I first decided to install Linux. Back then, maybe the biggest “distro” (flavor of Linux) was Red Hat Linux, so that’s what I installed. I remember making a partition (dividing the hard disk into parts, basically) and dual-booting (installing and making it possible to use both) Linux and Windows. It was OK, but it was also rather clunky and much rougher and much less user-friendly than the Windows of the day. So I didn’t use it much. Read more