fidzu : Linux

The programme may be new, but the process has been shaping for years: In March 2020, Mozilla officially launched a dedicated Environmental Sustainability Programme, and I am proud and excited to be stewarding our efforts.

29 May 2020 3:17am GMT

Plotly is a plotting ecosystem that allows you to make plots in Python, as well as JavaScript and R. In this series of articles, I[he]#039[/he]m focusing on plotting with Python libraries. Plotly has three different Python APIs, giving you a choice of how to drive it.

29 May 2020 2:16am GMT

Feral Interactive launched today The Warden & The Paunch DLC (Downloadable Content) for the acclaimed Total War: WARHAMMER II video game for Linux and macOS platforms.

29 May 2020 1:14am GMT

Scampering through spring fields, or a cautious dribble seeping under the bathroom door?After a lengthy gestation in the Insider Program, the Windows 10 May 2020 Update (aka 2004, aka 20H1) has arrived, replete with a Linux kernel in the form of the Windows Subsystem for Linux 2 (WSL).…

29 May 2020 12:13am GMT

Docker, the company, couldn[he]#039[/he]t make a go of it, but Docker Enterprise, under its new owner Mirantis, is moving forward.

28 May 2020 11:11pm GMT

Gaming on Linux got a thorough kickstart in 2013 when Valve announced that their own SteamOS would be written on top of Linux. Since then, Linux users could realistically expect to play high-grade games that, in the past, required the purchase of a Windows computer or gaming console. The experience got off to a modest start, with just a few brave companies like CD Projekt Red, Deep Silver, Valve itself, and others putting the Linux penguin icon in their compatibility list, but eventually, even Gearbox and Square Enix were releasing their biggest titles on Linux.read more

28 May 2020 10:10pm GMT

This tutorial allows you to run PHP, Python and Perl scripts using the cron job.

28 May 2020 9:08pm GMT

In this article, we're going to discuss how to use curl to interact with RESTful APIs. curl is a command-line utility for transferring data from or to a remote server. It is installed by default on macOS and most Linux distributions.

28 May 2020 7:59pm GMT

PyroCMS is a powerful modular CMS and development platform built with Laravel 5, which allows you to build better Laravel websites and applications faster.

28 May 2020 6:45pm GMT

With the launch of the 8GB Raspberry Pi 4 computer, the Raspberry Pi Foundation also unveiled today the renaming of their Debian-based Raspbian Linux operating system as Raspberry Pi OS.

28 May 2020 5:30pm GMT

Plotly is a plotting ecosystem that allows you to make plots in Python, as well as JavaScript and R. In this series of articles, I'm focusing on plotting with Python libraries.Plotly has three different Python APIs, giving you a choice of how to drive it:read more

28 May 2020 4:16pm GMT

Axiomtek's "MIRU130" SBC targets embedded vision applications with a Ryzen V1000 SoC, 4x USB 3.1 Gen2, HDMI and DP ports, cam triggers and lighting controls, 2x M.2, PCIe x16, and 4x GbE ports, 2x of which offer PoE. Axiomtek recently launched a CAPA13R, joineing Seco's similarly 3.5-inch SBC-C90 as the only SBCs we have seen […]

28 May 2020 3:02pm GMT

The Raspberry Pi Foundation announced today the availability of the latest Raspberry Pi 4 single-board computer with no less than 8GB RAM, which is on sale now for only $75 USD.

28 May 2020 1:47pm GMT

You may know that everything is a file on Linux, including a hard disk, graphics card, USB, etc. Linux uses color code to distinguish file types. This tutorial helps you learn about color coding of Linux files.

28 May 2020 12:33pm GMT

While setting up a Linux system recently, I wanted to know how to ensure that dependencies for services and other units were up and running before those dependent services and units start. Specifically, I needed more knowledge of how systemd manages the startup sequence, especially in determining the order services are started in what is essentially a parallel system.

28 May 2020 11:32am GMT

On May 26th, 2020, the Container Linux distribution by CoreOS has officially reached end of life, which means that it will no longer be supported or maintained.

28 May 2020 10:30am GMT

Previously: v5.4.

I got a bit behind on this blog post series! Let's get caught up. Here are a bunch of security things I found interesting in the Linux kernel v5.5 release:

restrict perf_event_open() from LSM
Given the recurring flaws in the perf subsystem, there has been a strong desire to be able to entirely disable the interface. While the kernel.perf_event_paranoid sysctl knob has existed for a while, attempts to extend its control to "block all perf_event_open() calls" have failed in the past. Distribution kernels have carried the rejected sysctl patch for many years, but now Joel Fernandes has implemented a solution that was deemed acceptable: instead of extending the sysctl, add LSM hooks so that LSMs (e.g. SELinux, Apparmor, etc) can make these choices as part of their overall system policy.

generic fast full refcount_t
Will Deacon took the recent refcount_t hardening work for both x86 and arm64 and distilled the implementations into a single architecture-agnostic C version. The result was almost as fast as the x86 assembly version, but it covered more cases (e.g. increment-from-zero), and is now available by default for all architectures. (There is no longer any Kconfig associated with refcount_t; the use of the primitive provides full coverage.)

linker script cleanup for exception tables
When Rick Edgecombe presented his work on building Execute-Only memory under a hypervisor, he noted a region of memory that the kernel was attempting to read directly (instead of execute). He rearranged things for his x86-only patch series to work around the issue. Since I'd just been working in this area, I realized the root cause of this problem was the location of the exception table (which is strictly a lookup table and is never executed) and built a fix for the issue and applied it to all architectures, since it turns out the exception tables for almost all architectures are just a data table. Hopefully this will help clear the path for more Execute-Only memory work on all architectures. In the process of this, I also updated the section fill bytes on x86 to be a trap (0xCC, int3), instead of a NOP instruction so functions would need to be targeted more precisely by attacks.

KASLR for 32-bit PowerPC
Joining many other architectures, Jason Yan added kernel text base-address offset randomization (KASLR) to 32-bit PowerPC.

seccomp for RISC-V
After a bit of long road, David Abdurachmanov has added seccomp support to the RISC-V architecture. The series uncovered some more corner cases in the seccomp self tests code, which is always nice since then we get to make it more robust for the future!

seccomp USER_NOTIF continuation
When the seccomp SECCOMP_RET_USER_NOTIF interface was added, it seemed like it would only be used in very limited conditions, so the idea of needing to handle "normal" requests didn't seem very onerous. However, since then, it has become clear that the overhead of a monitor process needing to perform lots of "normal" open() calls on behalf of the monitored process started to look more and more slow and fragile. To deal with this, it became clear that there needed to be a way for the USER_NOTIF interface to indicate that seccomp should just continue as normal and allow the syscall without any special handling. Christian Brauner implemented SECCOMP_USER_NOTIF_FLAG_CONTINUE to get this done. It comes with a bit of a disclaimer due to the chance that monitors may use it in places where ToCToU is a risk, and for possible conflicts with SECCOMP_RET_TRACE. But overall, this is a net win for container monitoring tools.

EFI_RNG_PROTOCOL for x86
Some EFI systems provide a Random Number Generator interface, which is useful for gaining some entropy in the kernel during very early boot. The arm64 boot stub has been using this for a while now, but Dominik Brodowski has now added support for x86 to do the same. This entropy is useful for kernel subsystems performing very earlier initialization whre random numbers are needed (like randomizing aspects of the SLUB memory allocator).

FORTIFY_SOURCE for MIPS
As has been enabled on many other architectures, Dmitry Korotin got MIPS building with CONFIG_FORTIFY_SOURCE, so compile-time (and some run-time) buffer overflows during calls to the memcpy() and strcpy() families of functions will be detected.

limit copy_{to,from}_user() size to INT_MAX
As done for VFS, vsnprintf(), and strscpy(), I went ahead and limited the size of copy_to_user() and copy_from_user() calls to INT_MAX in order to catch any weird overflows in size calculations.

That's it for v5.5! Let me know if there's anything else that I should call out here. Next up: Linux v5.6.

© 2020, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

27 May 2020 8:04pm GMT

This content is password protected. To view it please enter your password below:

Password:

27 May 2020 12:49am GMT

This morning I saw two things that were Microsoft and Linux graphics related.

https://devblogs.microsoft.com/commandline/the-windows-subsystem-for-linux-build-2020-summary/

a) DirectX on Linux for compute workloads
b) Linux GUI apps on Windows

At first I thought these were related, but it appears at least presently these are quite orthogonal projects.

First up clarify for the people who jump to insane conclusions:

The DX on Linux is a WSL2 only thing. Microsoft are not any way bringing DX12 to Linux outside of the Windows environment. They are also in no way open sourcing any of the DX12 driver code. They are recompiling the DX12 userspace drivers (from GPU vendors) into Linux shared libraries, and running them on a kernel driver shim that transfers the kernel interface up to the closed source Windows kernel driver. This is in no way useful for having DX12 on Linux baremetal or anywhere other than in a WSL2 environment. It is not useful for Linux gaming.

Microsoft have submitted to the upstream kernel the shim driver to support this. This driver exposes their D3DKMT kernel interface from Windows over virtual channels into a Linux driver that provides an ioctl interface. The kernel drivers are still all running on the Windows side.

Now I read the Linux GUI apps bit and assumed that these things were the same, well it turns out the DX12 stuff doesn't address presentation at all. It's currently only for compute/ML workloads using CUDA/DirectML. There isn't a way to put the results of DX12 rendering from the Linux guest applications onto the screen at all. The other project is a wayland/RDP integration server, that connects Linux apps via wayland to RDP client on Windows display, integrating that with DX12 will be a tricky project, and then integrating that upstream with the Linux stack another step completely.

Now I'm sure this will be resolved, but it has certain implications on how the driver architecture works and how much of the rest of the Linux graphics ecosystem you have to interact with, and that means that the current driver might not be a great fit in the long run and upstreaming it prematurely might be a bad idea.

From my point of view the kernel shim driver doesn't really bring anything to Linux, it's just a tunnel for some binary data between a host windows kernel binary and a guest linux userspace binary. It doesn't enhance the Linux graphics ecosystem in any useful direction, and as such I'm questioning why we'd want this upstream at all.

20 May 2020 12:01am GMT

We are pleased to announce that the Containers and Checkpoint/Restore Microconference has been accepted into the 2020 Linux Plumbers Conference!

After another successful Containers Microconference last year , there's still a lot more work to be done. Last year we discussed the intersection between the new mount api and containers, various new vfs features including a strong and fruitful discussion about id shifting, several new security hardening aspects, and improvements when restarting syscalls during checkpoint/restore. Last year's microconference topics led to quite a few patches that have since landed in the upstream kernel with others actively being discussed. This includes, various improvements to seccomp syscall interceptions, the implementation of a new process creation syscall, the implementation of pidfds, and the addition of time namespaces.

This year's topics include:

• Next steps for uid/gid shifting for mounts and namespaces
• pidfds and their use for containers
• Handling of new mount APIs and unprivileged containers
• Solutions to transition from CgroupV1 to CgroupV2
• Use and limitations of the time namespace
• Hardware assisted isolation of processes/containers

Come join us and participate in the discussion with what holds "The Cloud" together.

We hope to see you there!

Christian, Mike, Stéphane

19 May 2020 4:19pm GMT

As previously promised, we are announcing today that we have decided to hold the the Linux Plumbers Conference 2020 virtually instead of in person. We value the safety and health of our community and do not wish to expose anyone to unnecessary risks.

We do appreciate that it is the in-person aspect of plumbers (the hallway track) which attendees find the most valuable. An online Linux Plumbers Conference will clearly be different from past events. We are working hard to find ways to preserve as much of the LPC experience as we can while also taking advantage of any new opportunities that the online setting offers us. Since we no longer have many of the fixed expenses of an in-person conference, we are able to reduce the registration fee to $50. In addition we are pushing back the opening of registration to June 15 2020.

We'll provide more details as we figure them out, thanks for your patience and support.

Do not forget to send your contribution.

We do have great proposals and if you have submitted, thank you very much. Our microconference capacity is filling up quickly, if you want your microconference to be considered, act now! We are still looking for proposals for refereed talks as well.

CfP: https://www.linuxplumbersconf.org/event/7/abstracts/

The LPC 2020 Planning Committee

15 May 2020 4:08pm GMT

We are pleased to announce that we have reopened the call for both refereed talks and microconferences. Due to the current global situation with the Covid-19 pandemic we wanted to give everybody a longer time window to submit proposals.

Submit your proposals here: https://www.linuxplumbersconf.org/event/7/abstracts/

Stay tuned for further upcoming communications and updates about Linux Plumbers Conference 2020.

14 May 2020 7:15pm GMT

Recruitment spam, like conference spam, is a boring part of life. However, it raises an eyebrow sometimes.

A few days ago, a Facebook recruiter, JP Fenn, sent me a form e-mail to an address that I do not give to anyone. It is only visible as a contact for one of my domains, because the registrar does not believe in privacy. I was pondering if I should propose to give him a consideration in exchange for the explanation of just where he obtained the address. Purely out of curiosity.

Today, an Amazon recruiter, Jonte, sent a message to an appropriate address. But he did it with addresses in the To: header, not just the envelope. He used a hosted Exchange of all things, and there were 294 addresses in total. That should give you an idea just how hard these people work to spam and at what level of being disposable I am in their eyes.

It really is pure spam. I think it's likely that JP bought or stole a spam database. He didn't write a Python script that scraped whois information.

I remember a viral story a few years ago how one guy got a message from Google recruiter that combined his LinkedIn interests in amusing ways. It went like "we like people whose strength is Talking Like A Pirate. As for Telling Strangers On The Internet They Were Wrong, that's one of my favorite pastimes as well." You know you made it when you receive that kind of attention. Maybe one day!

08 May 2020 9:22pm GMT

The Linux kernel lockdown patches were merged into the 5.4 kernel last year, which means they're now part of multiple distributions. For me this was a 7-year journey, which means it's easy to forget that others aren't as invested in the code as I am. Here's what these patches are intended to achieve, why they're implemented in the current form and what people should take into account when deploying the feature.

Root is a user - a privileged user, but nevertheless a user. Root is not identical to the kernel. Processes running as root still can't dereference addresses that belong to the kernel, are still subject to the whims of the scheduler and so on. But historically that boundary has been very porous. Various interfaces make it straightforward for root to modify kernel code (such as loading modules or using /dev/mem), while others make it less straightforward (being able to load new ACPI tables that can cause the ACPI interpreter to overwrite the kernel, for instance). In the past that wasn't seen as a significant issue, since there were no widely deployed mechanisms for verifying the integrity of the kernel in the first place. But once UEFI secure boot became widely deployed, this was a problem. If you verify your boot chain but allow root to modify that kernel, the benefits of the verified boot chain are significantly reduced. Even if root can't modify the on-disk kernel, root can just hot-patch the kernel and then make this persistent by dropping a binary that repeats the process on system boot.

Lockdown is intended as a mechanism to avoid that, by providing an optional policy that closes off interfaces that allow root to modify the kernel. This was the sole purpose of the original implementation, which maps to the "integrity" mode that's present in the current implementation. Kernels that boot in lockdown integrity mode prevent even root from using these interfaces, increasing assurances that the running kernel corresponds to the booted kernel. But lockdown's functionality has been extended since then. There are some use cases where preventing root from being able to modify the kernel isn't enough - the kernel may hold secret information that even root shouldn't be permitted to see (such as the EVM signing key that can be used to prevent offline file modification), and the integrity mode doesn't prevent that. This is where lockdown's confidentiality mode comes in. Confidentiality mode is a superset of integrity mode, with additional restrictions on root's ability to use features that would allow the inspection of any kernel memory that could contain secrets.

Unfortunately right now we don't have strong mechanisms for marking which bits of kernel memory contain secrets, so in order to achieve that we end up blocking access to all kernel memory. Unsurprisingly, this compromises people's ability to inspect the kernel for entirely legitimate reasons, such as using the various mechanisms that allow tracing and probing of the kernel.

How can we solve this? There's a few ways:

1. Introduce a mechanism to tag memory containing secrets, and only restrict accesses to this. I've tried to do something similar for userland and it turns out to be hard, but this is probably the best long-term solution.
   
2. Add support for privileged applications with an appropriate signature that implement policy on the userland side. This is actually possible already, though not straightforward. Lockdown is implemented in the LSM layer, which means the policy can be imposed using any other existing LSM. As an example, we could use SELinux to impose the confidentiality restrictions on most processes but permit processes with a specific SELinux context to use them, and then use EVM to ensure that any process running in that context has a legitimate signature. This is quite a few hoops for a general purpose distribution to jump through.
   
3. Don't use confidentiality mode in general purpose distributions. The attacks it protects against are mostly against special-purpose use cases, and they can enable it themselves.

My recommendation is for (3), and I'd encourage general purpose distributions that enable lockdown to do so only in integrity mode rather than confidentiality mode. The cost of confidentiality mode is just too high compared to the benefits it provides. People who need confidentiality mode probably already know that they do, and should be in a position to enable it themselves and handle the consequences.

comments

21 Apr 2020 8:21pm GMT

Back in 2015, I wrote about Seagate Kinetic and its relation to shingles in Seagate product. Unfortunately, even if Kinetic were a success, it would only support a fraction of workloads. But the rest of Seagate customers demanded density increases. So, to nobody's surprise, Seagate started including shingles into their general purpose disk drives, perhaps only for a part of the surface, or coupled with a flash cache. The company was an enthusiastic early adopter of hybrid drives, as a vendor. Journalists are trying to make a story out of it, because caches are only caches, and once you started spilling, the drive slows down to the shingle speed. But naturally, Seagate neglected to mention in their documentation just how exactly their drive worked. Sacre bleu!

15 Apr 2020 7:18pm GMT

Intel's Dynamic Platform and Thermal Framework (DPTF) is a feature that's becoming increasingly common on highly portable Intel-based devices. The adaptive policy it implements is based around the idea that thermal management of a system is becoming increasingly complicated - the appropriate set of cooling constraints to place on a system may differ based on a whole bunch of criteria (eg, if a tablet is being held vertically rather than lying on a table, it's probably going to be able to dissipate heat more effectively, so you should impose different constraints). One way of providing these criteria to the OS is to embed them in the system firmware, allowing an OS-level agent to read that and then incorporate OS-level knowledge into a final policy decision.

Unfortunately, while Intel have released some amount of support for DPTF on Linux, they haven't included support for the adaptive policy. And even more annoyingly, many modern laptops run in a heavily conservative thermal state if the OS doesn't support the adaptive policy, meaning that the CPU throttles down extremely quickly and the laptop runs excessively slowly.

It's been a while since I really got stuck into a laptop reverse engineering project, and I don't have much else to do right now, so I've been working on this. It's been a combination of examining what source Intel have released, reverse engineering the Windows code and staring hard at hex dumps until they made some sort of sense. Here's where I am.

There's two main components to the adaptive policy - the adaptive conditions table (APCT) and the adaptive actions table (APAT). The adaptive conditions table contains a set of condition sets, with up to 10 conditions in each condition set. A condition is something like "is the battery above a certain charge", "is this temperature sensor below a certain value", "is the lid open or closed", "is the machine upright or horizontal" and so on. Each condition set is evaluated in turn - if all the conditions evaluate to true, the condition set's target is implemented. If not, we move onto the next condition set. There will typically be a fallback condition set to catch the case where none of the other condition sets evaluate to true.

The action table contains sets of actions associated with a specific target. Once we've picked a target by evaluating the conditions, we execute the actions that have a corresponding target. Actions are things like "Set the CPU power limit to this value" or "Load a passive policy table". Passive policy tables are simply tables associating sensors with devices and an associated temperature limit. If the limit is exceeded, the associated device should be asked to reduce its heat output until the situation is resolved.

There's a couple of twists. The first is the OEM conditions. These are conditions that refer to values that are exposed by the firmware and are otherwise entirely opaque - the firmware knows what these mean, but we don't, so conditions that rely on these values are magical. They could be temperature, they could be power consumption, they could be SKU variations. We just don't know. The other is that older versions of the APCT table didn't include a reference to a device - ie, if you specified a condition based on a temperature, you had no way to express which temperature sensor to use. So, instead, you specified a condition that's greater than 0x10000, which tells the agent to look at the APPC table to extract the device and the appropriate actual condition.

Intel already have a Linux app called Thermal Daemon that implements a subset of this - you're supposed to run the binary-only dptfxtract against your firmware to parse a few bits of the DPTF tables, and it writes out an XML file that Thermal Daemon makes use of. Unfortunately it doesn't handle most of the more interesting bits of the adaptive performance policy, so I've spent the past couple of days extending it to do so and to remove the proprietary dependency.

My current work is here - it requires a couple of kernel patches (that are in the patches directory), and it only supports a very small subset of the possible conditions. It's also entirely possible that it'll do something inappropriate and cause your computer to melt - none of this is publicly documented, I don't have access to the spec and you're relying on my best guesses in a lot of places. But it seems to behave roughly as expected on the one test machine I have here, so time to get some wider testing?

comments

13 Apr 2020 12:28am GMT

I've released man-pages-5.06. The release tarball is available on kernel.org. The browsable online pages can be found on man7.org. The Git repository for man-pages is available on kernel.org.

This release resulted from patches, bug reports, reviews, and comments from 39 contributors. The release includes more than 250 commits that change more than 120 pages. Three new pages were added in this release.

The most notable of the changes in man-pages-5.06 are the following:

• A new openat2(2) manual page, written by Aleksa Sarai, documents the system call of the same name that was added in Linux 5.6.
• A new pidfd_getfd(2) page, written by me, documents the system call of the same name that was added in Linux 5.6.
• A new time_namespaces(7) page, written by me, documents time namespaces, which were added in Linux 5.6.
• Many details were added and improved in the clock_getres(2) page.
• I have substantially revised the select(2) and select_tut(2). In the process, much information that was duplicated across both pages has been consolidated into the select(2) page. Existing text in select(2) was also substantially rewritten and restructured.
• I have revised and trimmed the sysvipc(7) to be just a summary of the System V IPC APIs. Various details that formerly were in this page have been moved to relevant pages in section 2.
• I've added example programs to several pages: clock_getres(2), poll(2), semget(2), shmop(2), shm_open(3), and strcmp(3).

12 Apr 2020 7:25am GMT

I've released man-pages-5.04. The release tarball is available on kernel.org. The browsable online pages can be found on man7.org. The Git repository for man-pages is available on kernel.org.

This release resulted from patches, bug reports, reviews, and comments from 15 contributors. The release includes approximately 80 commits that change just under 30 pages.

The most notable of the changes in man-pages-5.04 are the following:

• With some help from Christian Brauner, I've added documentation of the clone3() system call (new in Linux 5.3) to the clone(2) manual page. In addition, several other parts of the clone(2) manual page were cleaned up and reworked.
• I've refreshed the the bpf-helpers(7) page against the latest kernel sources; as a result, the page has grown size by about 25%.

10 Apr 2020 9:10am GMT

We're still planning to hold Plumbers, but adopting a wait and see attitude to the in-person component. As people have noticed, the global prospect for being able to travel to Halifax in August seems to be getting worse, so we're posting this to give more transparency to what the Plumbers Conference decision points and options are.

Our first consideration is a go/no-go decision point for the in-person conference. Currently, the date we were planning to put the first batch of tickets on-sale (15 May) represents the ideal date for this because it gives time (another 6 weeks) for more clarity to emerge on the situation, while avoiding people doing early purchases only to be disappointed if the event has to be cancelled at a later date.

Our second consideration is planning now for how we might do a fully on-line version of Plumbers. The primary consideration people should note is that our Internet and AV contracts with the hotel in Halifax don't give us sufficient bandwidth to do the conference partly in-person and partly on-line because we'd have to do the hosting at the hotel rather than in some high bandwidth cloud location, so our decision will be either fully in-person or fully on-line. Other conferences have already done fully on-line versions, which we're in the process of evaluating. Over the next few weeks we'll report back (lwn.net too is doing a helpful series of articles on on-line meeting technologies which will be worth a read).

A final thing people should note is that if we do decide to go for the fully on-line version, our scheduling constraints become less severe (not having a time limited physical location) and we could spread the tracks out rather than try to run a three day, six track event. This would allow us both to lower the bandwidth requirements for the hosting (which should reduce latency and communication issues) as well
as hold the MCs at a time most convenient to the distributed time-zones of all the participants.

06 Apr 2020 11:51pm GMT

Seen in e-mail today:

From: Mark Kirkwood

There are a number of considerations (disclaimer we run Ceph block and Swift object storage):

Purely on a level of simplicity, Swift is easier to set up.

However, if you are already using Ceph for block storage then it makes sense to keep using it for object too (since you are likely to be expert at Ceph at this point).

On the other hand, if you have multiple Ceph clusters and want a geo replicated object storage solution, then doing this with Swift is much easier than with Ceph (geo replicated RGW still looks to be real complex to set up - a long page of archane commands).

Finally (this is my 'big deal point'). I'd like my block and object storage to be completely independent - suppose a situation nukes my block storage (Ceph) - if my object storage is Swift then people's backups etc are still viable and when the Ceph cluster is rebuilt we can restore and continue. On the other hand If your object storage is Ceph too then....

regards

Mark

Mark's perspective is largely founded in the fault tolerance and administrative overhead. However, let's a look at "keep using [Ceph] for object too".

Indeed the integration of block, POSIX, and object storage is Ceph's strength, although I should note for the record that Ceph has a large gap: all 3 APIs live in separate namespaces. So, do not expect to be able to copy a disk snapshot through CephFS or RGW. Objects in each namespace are completely invisible to two others, and the only uniform access layer is RADOS. This is why, for instance, RGW-over-NFS exists. That's right, not CephFS, but NFS. You can mount RGW.

All attempts at this sort of integration that I know in Swift always start with a uniform access first. It the opposite of Ceph in a way. Because of that, these integrations typically access from the edge inside, like making a pool that a daemon fills/spills with Swift, and mounting that. SwiftStacks's ProxyFS is a little more native to Swift, but it starts off with a shared namespace too.

Previously: Swift is faster than any competitor, says an emploee of SwiftStack.

06 Apr 2020 6:19pm GMT

Complete draining of my smartphone's battery was commonplace while working from home. After all, given laptops and browsers, to say nothing of full-sized keyboards, I rarely used it. So I started doing my daily web browsing on my smartphone at breakfast, thus forcing a daily battery-level check.

This approach has been working, except that it is quite painful to print out articles my wife might be interested in. My current approach is to email the URL to myself, which in a surprisingly ornate process:

1. 
   
2. Copy the URL.
   
3. Start an email.
   
4. Click on the triple dot at the upper right-hand side of the keyboard.
   
5. Select the text-box icon at the right.
   
6. Select "paste" from the resulting menu, then hit "send".
   
7. Read email on a laptop, open the URL, and print it.
   

The addition of a control key to the virtual keyboard might be useful to those of us otherwise wondering "How on earth do I type control-V???" Or I could take the time required to figure out how to print directly from my smartphone. But I would not recommend holding your breath waiting.

What with COVID-19 I and the associate lockdowns, I have not used my smartphone's location services much, helpful though it was in the pre-COVID-19 days. For example, prior to a business trip to Prague, my wife let me know that she wanted additional copies of a particular local craft item that I had brought back on a prior trip almost ten years ago. Unfortunately, I could not remember the name of the shop, nor were the usual search engines any help at all.

Fortunately, some passers-by mentioned Wenceslas Square, which triggered a vague memory. So I used my smartphone to go to Wenceslas Square, and from there used the old-school approach of wandering randomly. Suddenly, I knew where I was, and sure enough, when I turned to my right, there was the shop! And the craft item was even in the same place within the shop that it had been on my earlier visit!

Of course, the minute I completed my purchase, my smartphone and laptops were full of advertisements for that craft item, including listing any number of additional shops offering it for sale. Therefore, although it is quite clear that the "A" in "AI" stands for "artificial", I am forced to dispute the usual interpretation of the "I".

My smartphone also took the liberty of autocomposing its first-ever reply to an email, quite likely because I failed to power it off before lying it down on its screen on a not-quite-flat surface. The resulting email was heavy on the letter "b" and contained lots of emo and angst, perhaps because the word "bad" occurred quite frequently. This draft also included an instance of the name "Bob Dylan". I will leave any discussion of the morals and immorals of this particular AI choice to the great man's many fans and detractors.

I can only be thankful that the phone left its composition in draft mode, as opposed to actually sending it. In fact, I was so shocked by the possibility that it could well have sent it that I immediately deleted it. Of course, now I wish that I had kept it so I could show it off. As they say, haste makes waste!

However, I did find the following prior effort in my "Drafts" folder. This effort is nowhere near as entertaining as the one I so hastily deleted, but it does give some of the flavor of my smartphone's approach to email autocomposition:

But there is no doubt about the way the bldg will do it in this smartphone a while now that the company is still in its position as the world's most profitable competitor to its android smartphone and its android phone in its own right and will continue its search to make its way through its mobile app market and its customers will have to pay attention for their products to the web and other apps for their customers by clicking the button and using a new app BBC to help you get your phone back in your browser and your browser based phone number and the number one you can click to see you in your browser or the other apps that are compatible or the app you use for your browser or a computer and both have or Google and you will have a lot more to say than the one that is not the only way you could not be in a good mood to get the most of your life and the rest you are in for the next two days and the rest is not a bad for you are you in a good place and the best thing you could be doing to help your family and your friends will have a sense that they can help them get their jobs done in a way that's what you are going through with your work in a good place to work and make them work better and better for their job than you can in a long term way and you are a better parent and you are not going through the process and the process is going through a good job of thinking that you're not a teacher and a teacher who believes that the best thing to be is that your browser will have the number and access of the app you can get to the web and the app is available to users for a while to be sure you can use the internet for a while you are still in a position where I have a few more questions to ask you about being able and the app you have on your computer will have to do not use it as an app you have for a

And so I have one small request. Could those of you wishing for digital assistants please consider the option of being more careful what you wish for?

My smartphone also came in handy during a power outage: The cell towers apparently had backup generators, and my smartphone's battery, though low, was not completely drained. I posted noting my situation and battery state online, which in turn prompted a proud Tesla owner to call attention to the several hundred kilowatt-hours of electrical energy stored in his driveway. Unfortunately for me, his driveway was located the better part of a thousand miles away. However, it did remind me of the single kilowatt hour stored in my conventional automobile's lead-acid battery. But fortunately, the power outage lasted only a few hours, so my smartphone's much smaller battery was sufficient to the cause.

As you would expect, I checked my smartphone's specifications when I first received it and learned that it has eight CPUs, which is not unusual for today's smartphones.

But it only recently occurred to me that the early 1990s DYNIX/ptx system on which I developed RCU had only four CPUs.

Go figure!!!

29 Mar 2020 11:29pm GMT

Updated May 11th - Changed dates information.

Submissions close: (TBD - open now)
Speakers notified: (TBD)
Slides due: (TBD)

Note: We are still hoping to hold the conference as scheduled, but we are continually monitoring the pandemic situation. For current Covid-19 updates, please see our website
https://www.linuxplumbersconf.org/#covid-19

We are pleased to announce the Call for Refereed-Track Proposals for the 2020 edition of the Linux Plumbers Conference, which will be held in Halifax, Nova Scotia, Canada on August 25-27 in conjunction with the Kernel Summit and Linux Maintainers Summit, which takes place on August 28th.

Refereed track presentations are 50 minutes in length (which includes time for questions and discussion) and should focus on a specific aspect of the "plumbing" in the Linux system. Examples of Linux plumbing include core kernel subsystems, toolchains, container runtimes, core libraries, windowing systems, management tools, device support, media creation/playback, accelerators, hardware interaction, and so on. The best presentations are not about finished work, but rather problems, proposals, or proof-of-concept solutions that require face-to-face discussions and debate.

As was the case in 2019, and because Plumbers is not co-located with Open Source Summit this year, we are scheduling the refereed-track talks across all three days. This allows attendees to choose between microconferences and refereed-track talks in all time-slots and also provides a conflict-free schedule for the refereed-track talks.

Linux Plumbers Conference Program Committee members will be reviewing all submitted sessions. High-quality submission that cannot be accepted due to the limited number of slots will be forwarded to the Microconference leads for further consideration. We also encourage submitters to consider BoF sessions.

To submit a refereed track talk proposal follow the instructions at this website:
https://www.linuxplumbersconf.org/event/7/abstracts/

Submissions were due on or before Wednesday May 7, 2020 at 11:59PM Pacific Time however the Call for Refereed-Track Proposals is remaining opened for the time being. Each successful submission gets a free registration, but for only one speaker per presentation.

25 Mar 2020 7:15pm GMT

Datamation: Geeks must realize that non-geeks simply don't understand some very basics things.

11 Nov 2011 11:00pm GMT

AddictiveTip: Ubuntu 11.10 does not come with a default screen saver, and even Gnome 3 provides nothing but a black screen when your system is idle.

11 Nov 2011 10:00pm GMT

MakeUseOf: As far as Linux goes, customization is king

11 Nov 2011 9:00pm GMT

Red Hat: The Fedora Scholarship is awarded to one student each year to assist with the recipient's college or university education.

11 Nov 2011 8:00pm GMT

Datamation: New report from Dept. of Commerce shows that the 'have nots' - continue to have not when it comes to Internet.

11 Nov 2011 7:00pm GMT

The Register: Thunar rather than later...

11 Nov 2011 6:00pm GMT

Between the Lines: "It's a bold statement, but it's the ethos that Mullenweg admirably stuck to, pointing out that sites like Wikipedia replaced Encyclopedia Britannica, and how far Android has gone for mobile."

11 Nov 2011 5:02pm GMT

LXer: "Before I had a cell phone I did not realize that I needed one. As of one week ago, I did not realize that I needed a tablet either but I can sense that it might be a similar experience."

11 Nov 2011 4:01pm GMT

IT World: "IP attorney Edward J. Naughton is repeating his arguments that Google's use of Linux kernel header files within Android may be in violation of the GNU General Public License (GPLv2), and tries to discredit Linus Torvalds' thoughts on the matter along the way."

11 Nov 2011 3:04pm GMT

Softpedia: "When asked why there's no uTorrent client version of Linux users out, BitTorrent Inc. said that the company has other priorities at the moment."

11 Nov 2011 2:01pm GMT

Linux Magazine: "There are quite a few server monitoring solutions out there, but most of them are overkill for keeping an eye on a single personal server."

11 Nov 2011 1:03pm GMT

InternetNews: From the 'Date and Time' files:

11 Nov 2011 12:00pm GMT

Editors' Note: You can't make this stuff up...

11 Nov 2011 10:00am GMT

LinuxPlanet: There are many things to explore on the Linux Planet. This week, a new Fedora release provides plenty of items to examine. The new Fedora release isn't the only new open source release this week, as the Linux Planet welcomes new KDE and Firefox releases as well.

11 Nov 2011 9:00am GMT

Planet Orion: Firefox 8 now includes the Orion code editor in its scratchpad feature.

11 Nov 2011 6:00am GMT