20 Oct 2017

feedLXer Linux News

Kubuntu 17.10 Switches to VLC as Default Media Player, Uses KDE Plasma 5.10.5

Following on the footsteps of Ubuntu 17.10 and Xubuntu 17.10, the Kubuntu 17.10 operating system arrived today for those who like to use the KDE Plasma 5 desktop environment on their personal computers.

20 Oct 2017 2:36am GMT

The origin and evolution of FreeDOS

I grew up in the 1970s and 1980s. My parents wanted to expose my brother and me to computers from an early age, so they bought an Apple II clone called the Franklin Ace 1000. I'm sure the first thing we used it for was playing games. But it didn't take long before we asked, "How does it work?" Our parents bought us a book about how to program in Applesoft BASIC, and we taught ourselves.

20 Oct 2017 1:22am GMT

feedKernel Planet

James Morris: Security Session at the 2017 Kernel Summit

For folks attending Open Source Summit Europe next week in Prague, note that there is a security session planned as part of the co-located Kernel Summit technical track.

This year, the Kernel Summit is divided into two components:

  1. An invitation-only maintainer summit of 30 people total, and;
  2. An open kernel summit technical track which is open to all attendees of OSS Europe.

The security session is part of the latter. The preliminary agenda for the kernel summit technical track was announced by Ted Ts'o here:

There is also a preliminary agenda for the security session, here:

Currently, the agenda includes an update from Kees Cook on the Kernel Self Protection Project, and an update from Jarkko Sakkinen on TPM support. I'll provide a summary of the recent Linux Security Summit, depending on available time, perhaps focusing on security namespacing issues.

This agenda is subject to change and if you have any topics to propose, please send an email to the ksummit-discuss list.

20 Oct 2017 12:23am GMT

feedLXer Linux News

10 Reasons Why I Switched To Telegram Messenger

Whatsapp may be the best player in the game when it comes to instant messaging apps, but Telegram Messenger is the entire game itself. Because Telegram is not just an app, it is an entire communication platform. It is not bound by restrictions or limitations like other apps.

20 Oct 2017 12:07am GMT

19 Oct 2017

feedLXer Linux News

How to Install and Configure GitLab CE on CentOS 7

GitLab is an open source repository manager based on Rails developed by GitLab Inc. It is a web-based git repository manager that allows your team collaborate on coding, testing and deploying applications. In this tutorial, I will show you step by step how to install GitLab CE (Community Edition) on CentOS 7 Server.

19 Oct 2017 10:53pm GMT

BeagleBone based 3D printer focuses on ease of use

The "Voladd 3D Printer" features a Linux-driven BeagleBone that connects to a cloud-based sharing site, plus a unique cartridge and cooling system. San Sebastián, Spain based Voladd has won Kickstarter funding for a Voladd 3D printer that runs Debian Linux on a BeagleBone Black SBC. Like several other Linux-based printers we've seen (see farther below) […]

19 Oct 2017 9:39pm GMT

Update Tickets from the Command Line

I'm going to talk about a basic bash script I whipped up in a few minutes that can add a comment to a Jira ticket. Although my examples specifically are for use with the Jira ticketing system, you can adapt the same kind of idea to any ticketing system that allows you to interact with it via a web-based API.

19 Oct 2017 8:24pm GMT

Blockchains: How They Work and Why They’ll Change the World

eight years after the first blockchain was built, people are trying to apply it to procedures and processes beyond merely the moving of money with varying degrees of success. In effect, they're asking, What other agreements can a blockchain automate? What other middlemen can blockchain technology retire?

19 Oct 2017 7:10pm GMT

Crowdsourcing the way to a more flexible strategic plan

When I became CIO at the University of Alabama at Birmingham in 2015, I confronted the same mandate every new IT leader faces when assuming the role: outlining, developing, and executing a strategic plan. The pressure to do this swiftly and immediately can be immense-and I think many CIOs feel compelled to articulate and hand down fully formed plans on Day 1. After all, that's typically the quickest way to assert your position and vision as a leader.But I like to take a different approach. I don't dictate my team's initial goals. I open them up.read more

19 Oct 2017 5:56pm GMT

feedLinuxtoday.com

Getting started with Logstash

No longer a simple log-processing pipeline, Logstash has evolved into a powerful and versatile data processing tool. Here are basics to get you started.

19 Oct 2017 5:00pm GMT

feedLXer Linux News

Let's dig into how open source could KO the Silicon Valley chat silos

Open Xchange boss maps out IMAP schemeInterview There's never been a better opportunity for the world to start untangling itself from the giant Silicon Valley data harvesters than now. Last week, we revealed a plan to embed open-source chat into three quarters of the world's IMAP servers.…

19 Oct 2017 4:41pm GMT

feedLinuxtoday.com

How to run DOS programs in Linux

QEMU and FreeDOS make it easy to run old DOS programs under Linux.

19 Oct 2017 4:00pm GMT

feedLXer Linux News

How to install Node.js and npm on CentOS 7

n this guide, we will show you how to install Node.js and npm on a CentOS 7. Node.js is an open source JavaScript runtime built on Chrome's V8 JavaScript engine and can be used to build different types of server-side applications. npm is a package manager for JavaScript, with hundreds of thousands of packages it is the world's largest software registry.

19 Oct 2017 3:27pm GMT

feedLinuxtoday.com

Crowdsourcing the way to a more flexible strategic plan

My team recently gathered more than 100 action items from our community???then completed them all within a year. Here's how we did it.

19 Oct 2017 3:00pm GMT

feedLXer Linux News

How to run DOS programs in Linux

The classic DOS operating system supported a lot of great applications: word processors, spreadsheets, games, and other programs. Just because an application is old doesn't mean it's no longer useful.read more

19 Oct 2017 2:13pm GMT

feedLinuxtoday.com

Now You Can Play Rubik's Cube Puzzle In Terminal

Feel bored at work? Solve the Rubik's Cube puzzle from command-line.

19 Oct 2017 2:00pm GMT

feedLXer Linux News

How to: Upgrade Ubuntu 17.04 to Ubuntu 17.10

Ubuntu 17.10 (Artful Aardvark) was released today as Ubuntu's latest and greatest release, but it's coming with a different desktop environment by default, so we've prepared a quick and straightforward tutorial on how to upgrade from Ubuntu 17.04.

19 Oct 2017 12:58pm GMT

feedLinuxtoday.com

How To Install Sublime Text 3 Stable In Linux

Sublime text offers features like macros, recognition of a wide variety of languages, split view etc.

19 Oct 2017 12:00pm GMT

Linux Desktop Recorder App Green Recorder 3.0 Released

A new version of the Linux screen recorder, Green Recorder has been released.

19 Oct 2017 11:00am GMT

feedLXer Linux News

Rugged, Linux-driven HMI touch panel has built-in 4G

MYIR has launched a $239, HMI touch panel with a 7-inch resistive screen that runs Linux on a TI AM335x, and offers -10 to 70°C support and a 4G LTE module. MYIR's Linux-based "MY-EVC5100S-HMI" touch-panel computer is designed for HMI systems in industrial control, manufacturing, vending, food and beverage, automation, and utilities applications. MYIR has […]

19 Oct 2017 10:48am GMT

Beelink S1 Mini PC and Linux – Comedy Gold

The Beelink S1 is a small, silent mini PC released in August 2017 retailing for around 300 dollars (250 euros). It's produced by Shenzhen AZW Technology Co Ltd, a Chinese company that focuses on Android smart TV boxes, Intel mini PCs, and home cloud TV boxes.

19 Oct 2017 9:33am GMT

Docker on Docker at DockerCon EU 17

COPENHAGEN - Docker Inc. the company behind the open-source Docker container technology doesn't just build docker, it also uses the same technology to power its own services.

19 Oct 2017 8:19am GMT

Skylake embedded computer has a thin 1U profile

Advantech has expanded its line of fanless, barebone EPC computers with a 43mm high "EPC-T1232" system based on a Skylake U-series thin Mini-ITX board. In August, Advantech launched its Linux-ready AIMB-232 thin Mini-ITX SBC featuring 6th Gen "Skylake" U-Series CPUs. Now it has followed up with an EPC-T1232 barebone computer based on the SBC, or […]

19 Oct 2017 7:05am GMT

feedLinuxtoday.com

What Are the Hidden Files in my Linux Home Directory For?

MakeTechEasier: Do you know that your Home directory in your Linux system contains a lot of hidden files and folders?

19 Oct 2017 6:00am GMT

Ubuntu Drops Unity for GNOME in Artful Aardvark Release

eWEEK: fter years of building its own desktop, Ubuntu Artful Aardvark now uses GNOME

19 Oct 2017 2:00am GMT

18 Oct 2017

feedLinuxtoday.com

How to Install Linux Mint

Datamation: A step-by-step guide to installing Linux Mint, with pictures to aid your install.

18 Oct 2017 10:00pm GMT

16 Oct 2017

feedKernel Planet

Greg Kroah-Hartman: Linux Kernel Community Enforcement Statement FAQ

Based on the recent Linux Kernel Community Enforcement Statement and the article describing the background and what it means , here are some Questions/Answers to help clear things up. These are based on questions that came up when the statement was discussed among the initial round of over 200 different kernel developers.

Q: Is this changing the license of the kernel?

A: No.

Q: Seriously? It really looks like a change to the license.

A: No, the license of the kernel is still GPLv2, as before. The kernel developers are providing certain additional promises that they encourage users and adopters to rely on. And by having a specific acking process it is clear that those who ack are making commitments personally (and perhaps, if authorized, on behalf of the companies that employ them). There is nothing that says those commitments are somehow binding on anyone else. This is exactly what we have done in the past when some but not all kernel developers signed off on the driver statement.

Q: Ok, but why have this "additional permissions" document?

A: In order to help address problems caused by current and potential future copyright "trolls" aka monetizers.

Q: Ok, but how will this help address the "troll" problem?

A: "Copyright trolls" use the GPL-2.0's immediate termination and the threat of an immediate injunction to turn an alleged compliance concern into a contract claim that gives the troll an automatic claim for money damages. The article by Heather Meeker describes this quite well, please refer to that for more details. If even a short delay is inserted for coming into compliance, that delay disrupts this expedited legal process.

By simply saying, "We think you should have 30 days to come into compliance", we undermine that "immediacy" which supports the request to the court for an immediate injunction. The threat of an immediate junction was used to get the companies to sign contracts. Then the troll goes back after the same company for another known violation shortly after and claims they're owed the financial penalty for breaking the contract. Signing contracts to pay damages to financially enrich one individual is completely at odds with our community's enforcement goals.

We are showing that the community is not out for financial gain when it comes to license issues - though we do care about the company coming into compliance. All we want is the modifications to our code to be released back to the public, and for the developers who created that code to become part of our community so that we can continue to create the best software that works well for everyone.

This is all still entirely focused on bringing the users into compliance. The 30 days can be used productively to determine exactly what is wrong, and how to resolve it.

Q: Ok, but why are we referencing GPL-3.0?

A: By using the terms from the GPLv3 for this, we use a very well-vetted and understood procedure for granting the opportunity to come fix the failure and come into compliance. We benefit from many months of work to reach agreement on a termination provision that worked in legal systems all around the world and was entirely consistent with Free Software principles.

Q: But what is the point of the "non-defensive assertion of rights" disclaimer?

A: If a copyright holder is attacked, we don't want or need to require that copyright holder to give the party suing them an opportunity to cure. The "non-defensive assertion of rights" is just a way to leave everything unchanged for a copyright holder that gets sued. This is no different a position than what they had before this statement.

Q: So you are ok with using Linux as a defensive copyright method?

A: There is a current copyright troll problem that is undermining confidence in our community - where a "bad actor" is attacking companies in a way to achieve personal gain. We are addressing that issue. No one has asked us to make changes to address other litigation.

Q: Ok, this document sounds like it was written by a bunch of big companies, who is behind the drafting of it and how did it all happen?

A: Grant Likely, the chairman at the time of the Linux Foundation's Technical Advisory Board (TAB), wrote the first draft of this document when the first copyright troll issue happened a few years ago. He did this as numerous companies and developers approached the TAB asking that the Linux kernel community do something about this new attack on our community. He showed the document to a lot of kernel developers and a few company representatives in order to get feedback on how it should be worded. After the troll seemed to go away, this work got put on the back-burner. When the copyright troll showed back up, along with a few other "copycat" like individuals, the work on the document was started back up by Chris Mason, the current chairman of the TAB. He worked with the TAB members, other kernel developers, lawyers who have been trying to defend these claims in Germany, and the TAB members' Linux Foundation's lawyers, in order to rework the document so that it would actually achieve the intended benefits and be useful in stopping these new attacks. The document was then reviewed and revised with input from Linus Torvalds and finally a document that the TAB agreed would be sufficient was finished. That document was then sent to over 200 of the most active kernel developers for the past year by Greg Kroah-Hartman to see if they, or their company, wished to support the document. That produced the initial "signatures" on the document, and the acks of the patch that added it to the Linux kernel source tree.

Q: How do I add my name to the document?

A: If you are a developer of the Linux kernel, simply send Greg a patch adding your name to the proper location in the document (sorting the names by last name), and he will be glad to accept it.

Q: How can my company show its support of this document?

A: If you are a developer working for a company that wishes to show that they also agree with this document, have the developer put the company name in '(' ')' after the developer's name. This shows that both the developer, and the company behind the developer are in agreement with this statement.

Q: How can a company or individual that is not part of the Linux kernel community show its support of the document?

A: Become part of our community! Send us patches, surely there is something that you want to see changed in the kernel. If not, wonderful, post something on your company web site, or personal blog in support of this statement, we don't mind that at all.

Q: I've been approached by a copyright troll for Netfilter. What should I do?

A: Please see the Netfilter FAQ here for how to handle this

Q: I have another question, how do I ask it?

A: Email Greg or the TAB, and they will be glad to help answer them.

16 Oct 2017 9:05am GMT

Greg Kroah-Hartman: Linux Kernel Community Enforcement Statement

By Greg Kroah-Hartman, Chris Mason, Rik van Riel, Shuah Khan, and Grant Likely

The Linux kernel ecosystem of developers, companies and users has been wildly successful by any measure over the last couple decades. Even today, 26 years after the initial creation of the Linux kernel, the kernel developer community continues to grow, with more than 500 different companies and over 4,000 different developers getting changes merged into the tree during the past year. As Greg always says every year, the kernel continues to change faster this year than the last, this year we were running around 8.5 changes an hour, with 10,000 lines of code added, 2,000 modified, and 2,500 lines removed every hour of every day.

The stunning growth and widespread adoption of Linux, however, also requires ever evolving methods of achieving compliance with the terms of our community's chosen license, the GPL-2.0. At this point, there is no lack of clarity on the base compliance expectations of our community. Our goals as an ecosystem are to make sure new participants are made aware of those expectations and the materials available to assist them, and to help them grow into our community. Some of us spend a lot of time traveling to different companies all around the world doing this, and lots of other people and groups have been working tirelessly to create practical guides for everyone to learn how to use Linux in a way that is compliant with the license. Some of these activities include:

Unfortunately the same processes that we use to assure fulfillment of license obligations and availability of source code can also be used unjustly in trolling activities to extract personal monetary rewards. In particular, issues have arisen as a developer from the Netfilter community, Patrick McHardy, has sought to enforce his copyright claims in secret and for large sums of money by threatening or engaging in litigation. Some of his compliance claims are issues that should and could easily be resolved. However, he has also made claims based on ambiguities in the GPL-2.0 that no one in our community has ever considered part of compliance.

Examples of these claims have been distributing over-the-air firmware, requiring a cell phone maker to deliver a paper copy of source code offer letter; claiming the source code server must be setup with a download speed as fast as the binary server based on the "equivalent access" language of Section 3; requiring the GPL-2.0 to be delivered in a local language; and many others.

How he goes about this activity was recently documented very well by Heather Meeker.

Numerous active contributors to the kernel community have tried to reach out to Patrick to have a discussion about his activities, to no response. Further, the Netfilter community suspended Patrick from contributing for violations of their principles of enforcement. The Netfilter community also published their own FAQ on this matter.

While the kernel community has always supported enforcement efforts to bring companies into compliance, we have never even considered enforcement for the purpose of extracting monetary gain. It is not possible to know an exact figure due to the secrecy of Patrick's actions, but we are aware of activity that has resulted in payments of at least a few million Euros. We are also aware that these actions, which have continued for at least four years, have threatened the confidence in our ecosystem.

Because of this, and to help clarify what the majority of Linux kernel community members feel is the correct way to enforce our license, the Technical Advisory Board of the Linux Foundation has worked together with lawyers in our community, individual developers, and many companies that participate in the development of, and rely on Linux, to draft a Kernel Enforcement Statement to help address both this specific issue we are facing today, and to help prevent any future issues like this from happening again.

A key goal of all enforcement of the GPL-2.0 license has and continues to be bringing companies into compliance with the terms of the license. The Kernel Enforcement Statement is designed to do just that. It adopts the same termination provisions we are all familiar with from GPL-3.0 as an Additional Permission giving companies confidence that they will have time to come into compliance if a failure is identified. Their ability to rely on this Additional Permission will hopefully re-establish user confidence and help direct enforcement activity back to the original purpose we have all sought over the years - actual compliance.

Kernel developers in our ecosystem may put their own acknowledgement to the Statement by sending a patch to Greg adding their name to the Statement, like any other kernel patch submission, and it will be gladly merged. Those authorized to 'ack' on behalf of their company may add their company name in (parenthesis) after their name as well.

Note, a number of questions did come up when this was discussed with the kernel developer community. Please see Greg's FAQ post answering the most common ones if you have further questions about this topic.

16 Oct 2017 9:00am GMT

Pavel Machek: Help time travelers!

Ok, so I have various machines here. It seems only about half of them has working RTC. That are the boring ones.

And even the boring ones have pretty imprecise RTCs... For example Nokia N9. I only power it up from time to time, I believe it drifts something like minute per month... For normal use with SIM card, it can probably correct from GSM network if you happen to have a cell phone signal, but...

More interesting machines... Old thinkpad is running without CMOS battery. ARM OLPC has _three_ RTCs, but not a single working one. N900 has working RTC but no or dead backup battery. On these, RTC driver probably knows time is not valid, but feeds the garbage into the system time, anyway. Ouch. Neither Sharp Zaurus SL-5500 nor C-3000 had battery backup on RTC...

Even in new end-user machines, time quality varies a lot. "First boot, please enter time" is only accurate to seconds, if the user is careful. RTC is usually not very accurate, either... and noone uses adjtime these days. GSM time and ntpdate are probably accurate to miliseconds, GPS can provide time down to picoseconds... And broken systems are so common "swclock" is available in init system to store time in file, so it at least does not go backwards.

https (and other crypto) depends on time... so it is important to know approximate month we are in.

Is it time we handle it better?

Could we return both time and log2(expected error) from system calls?

That way we could hide the clock in GUI if time is not available or not precise to minutes, ignore certificate dates when time is not precise to months, and you would not have to send me a "Pavel, are you time traveling, again?" message next time my mailer sends email dated to 1970.

16 Oct 2017 7:38am GMT

14 Oct 2017

feedKernel Planet

James Bottomley: Using Elliptic Curve Cryptography with TPM2

One of the most significant advances going from TPM1.2 to TPM2 was the addition of algorithm agility: The ability of TPM2 to work with arbitrary symmetric and asymmetric encryption schemes. In practice, in spite of this much vaunted agile encryption capability, most actual TPM2 chips I've seen only support a small number of asymmetric encryption schemes, usually RSA2048 and a couple of Elliptic Curves. However, the ability to support any Elliptic Curve at all is a step up from TPM1.2. This blog post will detail how elliptic curve schemes can be integrated into existing cryptographic systems using TPM2. However, before we start on the practice, we need at least a tiny swing through the theory of Elliptic Curves.

What is an Elliptic Curve?

An Elliptic Curve (EC) is simply the set of points that lie on the curve in the two dimensional plane (x,y) defined by the equation

x3 = y3 + ax + b

which means that every elliptic curve can be parametrised by two constants a and b. The set of all points lying on the curve plus a point at infinity is combined with an addition operation to produce an abelian (commutative) group. The addition property is defined by drawing straight lines between two points and seeing where they intersect the curve (or picking the infinity point if they don't intersect). Wikipedia has a nice diagrammatic description of this here. The infinity point acts as the identity of the addition rule and the whole group is denoted E.

The utility for cryptography is that you can define an integer multiplier operation which is simply the element added to itself n times, so for P ∈ E, you can always find Q ∈ E such that

Q = P + P + P … = n × P

And, since it's a simple multiplication like operation, it's very easy to compute Q. However, given P and Q it is computationally very difficult to get back to n. In fact, it can be demonstrated mathematically that trying to compute n is equivalent to the discrete logarithm problem which is the mathematical basis for the cryptographic security of RSA. This also means that EC keys suffer the same (actually more so) problems as RSA keys: they're not Quantum Computing secure (vulnerable to the Quantum Shor's algorithm) and they would be instantly compromised if the discrete logarithm problem were ever solved.

Therefore, for any elliptic curve, E, you can choose a known point G ∈ E, select a large integer d and you can compute a point P = d × G. You can then publish (P, G, E) as your public key knowing it's computationally infeasible for anyone to derive your private key d.

For instance, Diffie-Hellman key exchange can be done by agreeing (E, G) and getting Alice and Bob to select private keys dA, dB. Then knowing Bob's public key PB, Alice can select a random integer r, which she publishes, and compute a key agreement as a secret point on the Elliptic Curve (r dA) × PB. Bob can derive the same Elliptic Curve point because

(r dA) × PB = (r dA)dB × G = (r dB) dA × G = (r dB) × PA

The agreement is a point on the curve, but you can use an agreed hashing or other mechanism to get from the point to a symmetric key.

Seems simple, but the problem for computing is that we really want to use integers and right at the moment the elliptic curve is defined over all the real numbers, meaning E is of infinite size and involves floating point computations (of rather large precision).

Elliptic Curves over Finite Fields

Fortunately there is a mathematical theory of finite fields, called Galois Theory, which allows us to take the Galois Field over prime number p, which is denoted GF(p), and compute Elliptic Curve points over this field. This derivation, which is mathematically rather complicated, is denoted E(GF(p)), where every point (x,y) is represented by a pair of integers between 0 and p-1. There is another theory that says the number of elements in E(GF(p))

n = |E(GF(p))|

is roughly the same size as p, meaning if you choose a 32 bit prime p, you likely have a field over roughly 2^32 elements. For every point P in E(GF(p)) it is also mathematically proveable that n × P = 0. where 0 is the zero point (which was the infinity point in the real elliptic curve).

This means that you can take any point, G, in E(GF(p)) and compute a subgroup based on it:

EG = { ∀m ∈ Zn : m × G }

If you're lucky |EG| = |E(GF(p))| and G is the generator of the entire group. However, G may only generate a subgroup and you will find |EG| = h|E(GF(p))| where integer h is called the cofactor. In general you want the cofactor to be small (preferably less than four) for EG to be cryptographically useful.

For a computer's purposes, EG is the elliptic curve group used for integer arithmetic in the cryptographic algorithms. The Curve and Generator is then defined by (p, a, b, Gx, Gy, n, h) which are the published parameters of the key (Gx, Gy represent the x and y elements of point G). You select a random number d as your private key and your public key P = d × G exactly as above, except now P is easy to compute with integer operations.

Problems with Elliptic Curves

Although I stated above that solving P = d × G is equivalent in difficulty to the discrete logarithm problem, that's not generally true. If the discrete logarithm problem were solved, then we'd easily be able to compute d for every generator and curve, but it is possible to pick curves for which d can be easily computed without solving the discrete logarithm problem. This is the reason why you should never pick your own curve parameters (even if you think you know what you're doing) because it's very easy to choose a compromised curve. As a demonstration of the difficulty of the problem: each of the major nation state actors, Russia, China and the US, publishes their own curve parameters for use in their own cryptographic EC implementations and each of them thinks the parameters published by the others is compromised in a way that allows the respective national security agencies to derive private keys. So if nation state actors can't tell if a curve is compromised or not, you surely won't be able to either.

Therefore, to be secure in EC cryptography, you pick and existing curve which has been vetted and select some random Generator Point on it. Of course, if you're paranoid, that means you won't be using any of the nation state supplied curves …

Using the TPM2 with Elliptic Curves in Cryptosystems

The initial target for this work was the openssl cryptosystem whose libraries are widely used for deriving other uses (like https in apache or openssh). Originally, when I did the initial TPM2 enabling of openssl as described in this blog post, I added TPM2 as a patch to the existing TPM 1.2 openssl_tpm_engine. Unfortunately, openssl_tpm_engine seems to be pretty much defunct at this point, so I started my own openssl_tpm2_engine as a separate git tree to begin experimenting with Elliptic Curve keys (if you don't use git, you can download the tar file here). One of the benefits to running my own source tree is that I can now add a testing infrastructure that makes use of the IBM TPM emulator to make sure that the basic cryptographic operations all work which means that make check functions even when a TPM2 isn't available. The current key creation and import algorithms use secured connections to the TPM (to avoid eavesdropping) which means it's only really possible to construct them using the IBM TSS. To make all of this easier, I've set up an openSUSE Build Service repository which is building for all major architectures and the openSUSE and Fedora distributions (ignore the failures, they're currently induced because the TPM emulator only currently works on 64 bit little endian systems, so make check is failing, but the TPM people at IBM are working on this, so eventually the builds should be complete).

TPM2 itself also has some annoying restrictions. The biggest of which is that it doesn't allow you to pass in arbitrary elliptic curve parameters; you may only use elliptic curves which the TPM itself knows. This will be annoying if you have an existing EC key you're trying to import because the TPM may reject it as an unknown algorithm. For instance, openssl can actually compute with arbitrary EC parameters, but has 39 current elliptic curves parametrised by name. By contrast, my Nuvoton TPM2 inside my Dell XPS 13 knows precisely two curves:

jejb@jarvis:~> create_tpm2_key --list-curves
prime256v1
bnp256

However, assuming you've picked a compatible curve for your EC private key (and you've defined a parent key for the storage hierarchy) you can simply import it to a TPM bound key:

create_tpm2_key -p 81000001 -w key.priv key.tpm

The tool will report an error if it can't convert the curve parameters to a named elliptic curve known to the TPM

jejb@jarvis:~> openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:brainpoolP256r1 > key.priv
jejb@jarvis:~> create_tpm2_key -p 81000001 -w key.priv key.tpm
TPM does not support the curve in this EC key
openssl_to_tpm_public failed with 166
TPM_RC_CURVE - curve not supported Handle number unspecified

You can also create TPM resident private keys simply by specifying the algorithm

create_tpm2_key -p 81000001 --ecc bnp256 key.tpm

Once you have your TPM based EC keys, you can use them to create public keys and certificates. For instance, you create a self-signed X509 certificate based on the tpm key by

openssl req -new -x509 -sha256  -key key.tpm -engine tpm2 -keyform engine -out my.crt

Why you should use EC keys with the TPM

The initial attraction is the same as for RSA keys: making it impossible to extract your private key from the system. However, the mathematical calculations for EC keys are much simpler than for RSA keys and don't involve finding strong primes, so it's much simpler for the TPM (being a fairly weak calculation machine) to derive private and public EC keys. For instance the times taken to derive a RSA key from the primary seed and an EC key differ dramatically

jejb@jarvis:~> time tsscreateprimary -hi o -ecc bnp256 -st
Handle 80ffffff

real 0m0.111s
user 0m0.000s
sys 0m0.014s

jejb@jarvis:~> time tsscreateprimary -hi o -rsa -st
Handle 80ffffff

real 0m20.473s
user 0m0.015s
sys 0m0.084s

so for a slow system like the TPM, using EC keys is a significant speed advantage. Additionally, there are other advantages. The standard EC Key signature algorithm is a modification of the NIST Digital Signature Algorithm called ECDSA. However DSA and ECDSA require a cryptographically strong (and secret) random number as Sony found out to their cost in the EC Key compromise of Playstation 3. The TPM is a good source of cryptographically strong random numbers and if it generates the signature internally, you can be absolutely sure of keeping the input random number secret.

Why you might want to avoid EC keys altogether

In spite of the many advantages described above, EC keys suffer one additional disadvantage over RSA keys in that Elliptic Curves in general are very hot fields of mathematical research so even if the curve you use today is genuinely not compromised, it's not impossible that a mathematical advance tomorrow will make the curve you chose (and thus all the private keys you generated) vulnerable. Of course, the same goes for RSA if anyone ever cracks the discrete logarithm problem, but solving that problem would likely be fully published to world acclaim and recognition as a significant contribution to the advancement of number theory. Discovering an attack on a currently used elliptic curve on the other hand might be better remunerated by offering to sell it privately to one of the national security agencies …

14 Oct 2017 10:52pm GMT

11 Oct 2017

feedKernel Planet

Paul E. Mc Kenney: Stupid RCU Tricks: In the audience for a pair of RCU talks!

I had the privilege of attending CPPCON last month. Michael Wong, Maged Michael, and I presented a parallel-programming overview, in which I presented the "Hardware and its Habits" chapter of Is Parallel Programming Hard, And, If So, What Can You Do About It?.

But the highlight for me was actually sitting in the audience for a pair of talks by people who had implemented RCU in C++.

Ansel Sermersheim presented a two-part talk entitled Multithreading is the answer. What is the question?. The second part of this talk covered lockless containers, and used a variant of RCU to implement a low-overhead libGuarded facility in order to more easily avoid deadlocks. The implementation is similar to the Linux-kernel real-time RCU implementation by Jim Houston and Joe Korty in that the counterpart to rcu_read_unlock() actively registers a quiescent state. Ansel's implementation goes further by also driving callback invocation from rcu_read_unlock(). Now I don't recommend this for a general-purpose RCU implementation due to the possibility of deadlock should a resource need to be held across rcu_read_unlock() and acquired within the callback. However, this approach should work just fine in the case where the callbacks just free memory and the memory allocator does not contain too many RCU read-side critical sections.

Fedor Pikus presented a talk entitled Read, Copy, Update, then what? RCU for non-kernel programmers, in which he gave a quite-decent introduction to use of RCU. This introduction included an improved version of my long-standing where-to-use-RCU diagram, which I fully intend to incorporate. I had a number of but-you-could moments, including the usual "put the size in with the array" advice, ways of updating things already exposed to readers, and the fact that RCU really can tolerate multiple writers, along with some concerns about counter overflow. Nevertheless, an impressive amount of great information in a one-hour talk!

It is very good to see more people making use of RCU!

11 Oct 2017 9:47pm GMT

04 Oct 2017

feedKernel Planet

Dave Airlie (blogspot): radv: a conformant Vulkan driver (with caveats)

If you take a look at the conformant vulkan list, you might see entry 220.

Software in the Public Interest, Inc. 2017-10-04 Vulkan_1_0 220
AMD Radeon R9 285 Intel i5-4460 x86_64 Linux 4.13 X.org DRI3.

This is radv, and this is the first conformance submission done under the X.org (SPI) membership of the Khronos adopter program.

This submission was a bit of a trial run for radv developers, but Mesa 17.2 + llvm 5.0 on Bas's R9 285 card.

We can extend this submission to cover all VI GPUs.

In practice we pass all the same tests on CIK and Polaris GPUs, but we will have to do complete submission runs on those when we get a chance.

But major milestone/rubberstamp reached, radv is now a conformant Vulkan driver. Thanks go to Bas and all the other contributors and people who's code we've leveraged!

04 Oct 2017 7:49pm GMT

02 Oct 2017

feedKernel Planet

James Morris: Linux Security Summit 2017 Roundup

The 2017 Linux Security Summit (LSS) was held last month in Los Angeles over the 14th and 15th of September. It was co-located with Open Source Summit North America (OSSNA) and the Linux Plumbers Conference (LPC).

LSS 2017 sign at conference

LSS 2017

Once again we were fortunate to have general logistics managed by the Linux Foundation, allowing the program committee to focus on organizing technical content. We had a record number of submissions this year and accepted approximately one third of them. Attendance was very strong, with ~160 attendees - another record for the event.

LSS 2017 Attendees

LSS 2017 Attendees

On the day prior to LSS, attendees were able to access a day of LPC, which featured two tracks with a security focus:

Many thanks to the LPC organizers for arranging the schedule this way and allowing LSS folk to attend the day!

Realtime notes were made of these microconfs via etherpad:

I was particularly interested in the topic of better integrating LSM with containers, as there is an increasingly common requirement for nesting of security policies, where each container may run its own apparently independent security policy, and also a potentially independent security model. I proposed the approach of introducing a security namespace, where all security interfaces within the kernel are namespaced, including LSM. It would potentially solve the container use-cases, and also the full LSM stacking case championed by Casey Schaufler (which would allow entirely arbitrary stacking of security modules).

This would be a very challenging project, to say the least, and one which is further complicated by containers not being a first class citizen of the kernel. This leads to security policy boundaries clashing with semantic functional boundaries e.g. what does it mean from a security policy POV when you have namespaced filesystems but not networking?

Discussion turned to the idea that it is up to the vendor/user to configure containers in a way which makes sense for them, and similarly, they would also need to ensure that they configure security policy in a manner appropriate to that configuration. I would say this means that semantic responsibility is pushed to the user with the kernel largely remaining a set of composable mechanisms, in relation to containers and security policy. This provides a great deal of flexibility, but requires those building systems to take a great deal of care in their design.

There are still many issues to resolve, both upstream and at the distro/user level, and I expect this to be an active area of Linux security development for some time. There were some excellent followup discussions in this area, including an approach which constrains the problem space. (Stay tuned)!

A highlight of the TPMs session was an update on the TPM 2.0 software stack, by Philip Tricca and Jarkko Sakkinen. The slides may be downloaded here. We should see a vastly improved experience over TPM 1.x with v2.0 hardware capabilities, and the new software stack. I suppose the next challenge will be TPMs in the post-quantum era?

There were further technical discussions on TPMs and container security during subsequent days at LSS. Bringing the two conference groups together here made for a very productive event overall.

TPMs microconf at LPC with Philip Tricca presenting on the 2.0 software stack.

This year, due to the overlap with LPC, we unfortunately did not have any LWN coverage. There are, however, excellent writeups available from attendees:

There were many awesome talks.

The CII Best Practices Badge presentation by David Wheeler was an unexpected highlight for me. CII refers to the Linux Foundation's Core Infrastructure Initiative , a preemptive security effort for Open Source. The Best Practices Badge Program is a secure development maturity model designed to allow open source projects to improve their security in an evolving and measurable manner. There's been very impressive engagement with the project from across open source, and I believe this is a critically important effort for security.

CII Bade Project adoption (from David Wheeler's slides).

During Dan Cashman's talk on SELinux policy modularization in Android O, an interesting data point came up:

Interesting data from the talk: 44% of Android kernel vulns blocked by SELinux due to attack surface reduction. https://t.co/FnU544B3XP

- James Morris (@xjamesmorris) September 15, 2017

We of course expect to see application vulnerability mitigations arising from Mandatory Access Control (MAC) policies (SELinux, Smack, and AppArmor), but if you look closely this refers to kernel vulnerabilities. So what is happening here? It turns out that a side effect of MAC policies, particularly those implemented in tightly-defined environments such as Android, is a reduction in kernel attack surface. It is generally more difficult to reach such kernel vulnerabilities when you have MAC security policies. This is a side-effect of MAC, not a primary design goal, but nevertheless appears to be very effective in practice!

Another highlight for me was the update on the Kernel Self Protection Project lead by Kees, which is now approaching its 2nd anniversary, and continues the important work of hardening the mainline Linux kernel itself against attack. I would like to also acknowledge the essential and original research performed in this area by grsecurity/PaX, from which this mainline work draws.

From a new development point of view, I'm thrilled to see the progress being made by Mickaël Salaün, on Landlock LSM, which provides unprivileged sandboxing via seccomp and LSM. This is a novel approach which will allow applications to define and propagate their own sandbox policies. Similar concepts are available in other OSs such as OSX (seatbelt) and BSD (pledge). The great thing about Landlock is its consolidation of two existing Linux kernel security interfaces: LSM and Seccomp. This ensures re-use of existing mechanisms, and aids usability by utilizing already familiar concepts for Linux users.

Mickaël Salaün from ANSSI talking about his Landlock LSM work at #linuxsecuritysummit 2017 pic.twitter.com/wYpbHuLgm2

- LinuxSecuritySummit (@LinuxSecSummit) September 14, 2017

Overall I found it to be an incredibly productive event, with many new and interesting ideas arising and lots of great collaboration in the hallway, lunch, and dinner tracks.

Slides from LSS may be found linked to the schedule abstracts.

We did not have a video sponsor for the event this year, and we'll work on that again for next year's summit. We have discussed holding LSS again next year in conjunction with OSSNA, which is expected to be in Vancouver in August.

We are also investigating a European LSS in addition to the main summit for 2018 and beyond, as a way to help engage more widely with Linux security folk. Stay tuned for official announcements on these!

Thanks once again to the awesome event staff at LF, especially Jillian Hall, who ensured everything ran smoothly. Thanks also to the program committee who review, discuss, and vote on every proposal, ensuring that we have the best content for the event, and who work on technical planning for many months prior to the event. And of course thanks to the presenters and attendees, without whom there would literally and figuratively be no event :)

See you in 2018!

02 Oct 2017 1:52am GMT

25 Sep 2017

feedKernel Planet

Pavel Machek: Colorful LEDs

RGB LEDs do not exist according to Linux LED subsystem. They are modeled as three separate LEDs, red, green and blue; that matches the hardware.

Unfortunately, it has problems. Lets begin with inconsistent naming: some drivers use :r suffix, some use :red. There's no explicit grouping of LEDs for one light -- there's no place to store parameters common for the light. (LEDs could be grouped by name.)

RGB colorspace is pretty well defined, and people expect to set specific colors. Unfortunately.... that does not work well with LEDs. First, LEDs are usually not balanced according to human perception system, so full power to the LEDs (255, 255, 255) may not
result in white. Second, monitors normally use gamma correction before displaying color, so (128, 128, 128) does not correspond to 50% of light being produced. But LEDs normally use PWM, so (128, 128, 128) does correspond to 50% light. Result is that colors are completely off.

I tested HSV colorspace for the LEDs. That would have advantage of old triggers being able to use selected colors... Unfortunately, on N900, white color is something like 15% blue, which would result in significantly reducing number of white intensities we can display.

25 Sep 2017 8:30am GMT

19 Sep 2017

feedKernel Planet

Pavel Machek: Unicsy phone

For a long time, I wanted a phone that runs Unix. And I got that, first Android, second Maemo on Nokia N900. With Android I realized that running Linux kernel is not enough. Android is really far away from normal Unix machine, and I'd argue away from anything usable, too. Maemo was slightly closer, and probably could be fixed if it was open-source.

But I realized Linux kernel is not really the most important part. There's more to Unix: compatibility with old apps, small programs where each one does one thing well, data in text formats so you can put them in git. Maemo got some parts right, at least you could run old apps in a useful way; but most important data on the phone (contacts, calendar) were still locked away in sqlite.

And that is something I'd like to change: phone that is ssh-friendly, text-editor-friendly and git-friendly. I call it "Unicsy phone". No, I don't want to do phone `cat addressbook | grep Friend | cut -f 1`... graphical utilities are okay. But console tools still should be there, and file formats should be reasonable.

So there is tui project, and recently postmarketos project appeared. Nokia N900 is mostly supported by mainline kernel (with exceptions of bluetooth and camera, everything works). There's work to be done, but it looks doable.

More is missing in the userspace. Phone parts need work, as expected. What is more surprising... there's emacs org mode, with great calendar capabilities, but I could not find matching application to display data nicely and provide alerts. Situation is even worse for contacts; emacs org can help there, too, but there does not seem to be agreement that this is the way to go. (And again, graphical applications would be nice).

19 Sep 2017 10:17pm GMT

16 Sep 2017

feedKernel Planet

Pavel Machek: FlightGear fun

How to die in Boeing 707, quick and easy. Take off, realize that you should set up fuel heating, select Help|, aim for checklists.. and hit auto startup/shutdown. Instantly lose all the engines. Fortunately, you are at 6000', so you start looking for the airport. Then you
realize "hmm, perhaps I can do the startup thing now", and hit the menu item once again. But instead of running engines, you get fire warnings on all the engines. That does not look good. Confirm fire, extinguish all four engines, and resume looking for airport in range. Trim for best glide. Then number 3 comes up. Then number 4. Number one and you know it will be easy. Number two as you fly over the runway... go around and do normal approach.

16 Sep 2017 11:41am GMT

15 Sep 2017

feedKernel Planet

Michael Kerrisk (manpages): man-pages-4.13 is released

I've released man-pages-4.13. The release tarball is available on kernel.org. The browsable online pages can be found on man7.org. The Git repository for man-pages is available on kernel.org.

This release resulted from patches, bug reports, reviews, and comments from around 40 contributors. The release is rather larger than average. (The context diff runs to more than 90k lines.) The release includes more than 350 commits and contains some fairly wide-ranging formatting fix-ups that meant that all 1028 existing manual pages saw some change(s). In addition, 5 new manual pages were added.

Among the more significant changes in man-pages-4.13 are the following:

A special thanks to Eugene Syromyatnikov, who contributed 30 patches to this release!

15 Sep 2017 1:37pm GMT

Linux Plumbers Conference: Linux Plumbers Conference Unconference Schedule Announced

Since we only have six proposals, we can schedule them in the unconference session without any need for actual voting at breakfast. On a purely random basis, the schedule will be:

Unconference I:

09:30 Test driven development (TDD) in the kernel - Knut Omang
11:00 Support for adding DT based thermal zones at runtime - Moritz Fischer
11:50 Restartable Sequences interaction with debugger single-stepping - Mathieu Desnoyers

Unconference II:

14:00 Automated testing of LKML patches with Clang - Nick Desaulniers
14:50 ktask: multithread cpu-intensive kernel work - Daniel Jordan
16:00 Soft Affinity for Workloads - Rohit Jain

I'll add these to the plumbers schedule (if the author doesn't already have an account, I'll show up as the speaker, but please take the above list as definitive for actual speaker).

Looking forward to seeing you all at this exciting new event for Plumbers,

15 Sep 2017 4:57am GMT

14 Sep 2017

feedKernel Planet

Grant Likely: Arcade Panel Construction Time-Lapse Video

14 Sep 2017 5:56pm GMT

Grant Likely: NeoPixel Arcade Buttons

14 Sep 2017 5:54pm GMT

13 Sep 2017

feedKernel Planet

Grant Likely: Custom Arcade Control Panels

I've started building custom arcade controls for using with classic arcade game emulators. All Open Source and Open Hardware of course, with the source code up on GitHub.

OpenSCAD:Arcade is an arcade panel modeling too written in OpenSCAD. It designs the arcade panel layout and produces lasercutter output and frame dimensions.

STM32F3-Discovery-Arcade is a prototype USB HID device for arcade controls. It currently supports GPIO joysticks and buttons, quadrature trackballs/spinners, and will drive up to 4 channels of NeoPixel RGB LED strings. The project has both custom STM32 firmware and a custom adaptor PCB designed with KiCad.

Please go take a look.

13 Sep 2017 11:39pm GMT