Bonum Certa Men Certa

Links 22/06/2023: Red Hat Obstructing RHEL Code Access

  • GNU/Linux

    • Kernel Space

      • LWNLinux 6.3.9
        I'm announcing the release of the 6.3.9 kernel.
        
        

        All users of the 6.3 kernel series must upgrade.

        The updated 6.3.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.3.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

        thanks,

        greg k-h
      • LWNLinux 6.1.35
      • LWNLinux 5.15.118
      • LWNLinux 5.10.185
      • LWNLinux 5.4.248
      • LWNLinux 4.19.287
      • LWNLinux 4.14.319
      • LWNAddressing priority inversion with proxy execution

        Priority inversion comes about when a low-priority task holds a resource that is needed by a higher-priority task, with the result that the wrong task is the only one that can run. This problem is arguably most acute in realtime settings, but it can happen in just about any system that has multiple tasks running. The variety of scheduling classes provided by the Linux kernel make handling priority inversion a difficult problem; the latest version of the proxy execution patch series points toward a possible solution.

        To understand priority inversion, imagine that a low-priority, background task acquires a mutex. If a realtime task happens to need that same mutex, it will find itself blocked, waiting for the low-priority task to let go of it. Should yet another task, with medium priority, come along, it may prevent the low-priority task from executing at all, meaning that the mutex will not be released and the realtime task will be blocked indefinitely. That is exactly the sort of outcome that the priority mechanism is intended to prevent.

        A classic solution to priority inversion is priority inheritance. If a high-priority task finds itself blocked on a resource held by another, it lends its priority to the owning task, allowing that task to complete its work and release the resource. The Linux kernel has supported priority inheritance for a long time, but that is not a complete solution to the problem. Deadline scheduling complicates the situation, in that it is not priority based. Since a task running in the deadline class has no priority, it cannot lend that priority to another task. So priority inheritance will not work with tasks using deadline scheduling.

      • LWNYet another memory allocator for executable code

        The kernel is an increasingly dynamic body of code, where new executable text can show up at any time. Currently, the task of allocating memory for new kernel code falls on the subsystem that first brought the ability to load code into a running kernel: the module loader. This patch set from Mike Rapoport looks to move the responsibility for these allocations to a new "JIT allocator", addressing a number of rough edges in the process.

        In order to support the ability to load modules at run time, the kernel had to gain the ability to allocate memory to hold those modules. Early on, that was just a matter of calling vmalloc() to obtain the requisite number of pages and enabling execute permission for the resulting pages. Over time, though, things have grown more complicated — as they so often seem to do.

      • LWNDeadline servers as a realtime throttling replacement

        The CPU scheduler's one job at any given time is to run the task that has the strongest claim to the CPU. There are many factors that complicate that job, not the least of which is that the "strongest claim" is sometimes a bit of a fuzzy concept. Realtime throttling, a mechanism designed to keep a runaway realtime task from monopolizing the CPU, is one case where developers have concluded that the task with, ostensibly, the highest priority should not actually be the one that runs. But realtime throttling has rarely pleased anybody; the deadline-server infrastructure patches posted by Daniel Bristot de Oliveira are the latest attempt to find a better solution.

        The POSIX realtime scheduling classes are conceptually simple; at any given time, the task with the highest priority runs to the exclusion of anything else. In the real world, though, the rule enables a runaway realtime task to take over the system to the point that the only way to recover it may be to pull the plug. Power failures, as it turns out, have an even higher priority than realtime tasks.

      • LWNTwo VFS topics

        Two different topics concerning the virtual filesystem (VFS) layer were the subject of a session led by VFS co-maintainer Christian Brauner at the 2023 Linux Storage, Filesystem, Memory-Management and BPF Summit. As might be guessed, it was a filesystem-track session; Brauner had three separate items he planned on bringing up, but the discussion on the first two consumed the whole half-hour—and then some. A mechanism to avoid media-change races when mounting loop (or loopback) and other devices was disposed of fairly quickly, but the discussion around the mount-beneath feature went on at length.

      • LWNMounting images inside a user namespace

        There has long been a desire to enable users to mount filesystem images without requiring privileges, but the security implications of allowing it are seriously concerning. Few, if any, kernel filesystems are hardened against maliciously crafted images, after all. Lennart Poettering led a filesystem session at the 2023 Linux Storage, Filesystem, Memory-Management and BPF Summit where he presented a possible path forward.

        He started with an overview of the problem, noting that "everybody wants to be able to mount disk images that contain arbitrary filesystems" in user space, without needing to be root. Since malicious images could crash the kernel—or worse—the only way to do that is to establish some trust in the image before it gets mounted. He talked about some components that the systemd developers want to add that would allow container managers and other unprivileged user-space programs to accomplish this.

      • LWNHardening magic links

        There are some "magic links" in kernel pseudo-filesystems, like procfs, that can be—have been—(ab)used to cause security problems, such as a container-confinement breach in 2019. Aleksa Sarai has long been working on ways to blunt the impact of these magic links. He led a filesystem session at the 2023 Linux Storage, Filesystem, Memory-Management and BPF Summit to discuss the status of those efforts.

        Sarai said that he worked on hardening for these links as part of adding the openat2() system call, but he removed some of that work before it was merged because the semantics were unclear. So, he wanted to have a discussion on those pieces to try to ensure that they make sense to everyone, that attendees are happy with them, and to avoid "having things thrown at me when I post them to the list".

      • LWNRetrieving mount and filesystem information in user space

        In something of a follow-on from the mount-operation monitoring session the previous day, Christian Brauner led another discussion about providing user space with a mechanism to get current mount information on day two of the 2023 Linux Storage, Filesystem, Memory-Management and BPF Summit. The session also continued on from one at last year's summit—and likely others before that. There are two separate proposals for ways to retrieve this kind of information, one from Miklos Szeredi and another from David Howells, both of whom were present this year; Brauner's intent was to try to reach some kind of agreement on the way forward in the session.

      • LWNReports from OSPM 2023, part 1

        The fifth conference on Power Management and Scheduling in the Linux Kernel (abbreviated "OSPM") was held on April 17 to 19 in Ancona, Italy. LWN was not there, unfortunately, but the attendees of the event have gotten together to write up summaries of the discussions that took place and LWN has the privilege of being able to publish them. Reports from the first day of the event appear below.

        Reports from day 2 are also available.

    • Applications

    • Instructionals/Technical

      • FOSSLinux15 must-do steps after installing Kali Linux

        Kali Linux is a widely-used operating system among ethical hackers and cybersecurity enthusiasts due to its numerous penetration testing tools. If you've just installed Kali Linux on your system, you might be wondering what to do next.

      • Get Rid of Ubuntu Pro Advertisement when Updating Apt

        Getting rid of terminal ads on Ubuntu. The Problem $ sudo apt upgrade [...] Get more security updates through Ubuntu Pro with 'esm-apps' enabled: [...] The Solution By the looks of it, the advertisement message is coming from the following file /etc/apt/apt.conf.d/20apt-esm-hook.conf: $ sudo strace apt upgrade [...] openat(AT_FDCWD, "/etc/apt/apt.conf.d/20apt-esm-hook.conf" [...]

      • TecAdminLet’s Encrypt: Renew Wildcard Certificate With DNS Validation

        As the trend toward secure web traffic continues to increase, more sites than ever are using SSL/TLS certificates to ensure secure communication between servers and clients.

      • TechTargetWhen should you use K3s vs. MicroK8s?

        Looking for an efficient, user-friendly alternative to traditional Kubernetes? Compare the popular lightweight distributions K3s and MicroK8s to decide which is best for you.

      • ZDNet How to share a printer on Linux with CUPS and Samba

        You might have read about my recent spate of distro hopping, where I landed with Ubuntu Budgie as my primary operating system. A few days after installing the OS, I realized I'd forgotten that I always share my Public folder to my internal network, so I can easily share files between machines (without having to email them or bounce them between machines and any given cloud service).

        I quickly realized that Ubuntu Budgie not only didn't have a simple means of sharing folders to a network, it also didn't include a GUI method for sharing printers. Given my wife is always printing out knitting patterns, return labels, and other bits of information (and the only printer in the house is attached to my desktop), I had to get that printer shared before I was inundated with things to print for her.

      • ZDNet How to install Steam on any Ubuntu-based Linux distro so you can play a world of games

        Steam is one of the best things to come along for gaming on Linux. Here's how you can easily install the Steam application on any Ubuntu or Debian-based distribution.

      • BeebomHow to Use Sudo Command in Linux (with Examples)

        Ever tried to execute a command on your Linux system and received a “Permission Denied” error? The simplest solution to counter this error is using the “sudo” command. In this article, we will delve deep into the world of sudo and explore its functionality to overcome the notorious “Permission Denied” error in Linux. We will learn how to use the sudo command in Linux along with some examples here.

      • Make Use OfEverything You Need to Know About Setting X Resources in Linux

        These days, most Linux graphical programs use menus or configuration files in your home directory to store settings (many programs use both), but there is an older format for configurations that you should be aware of.

        Some programs use an unusual format, known as X resources. It might sound intimidating, but it's easy to set up.

      • BeebomHow to Open a Port in Linux

        Every application and service which needs network connectivity to function requires specific endpoints to connect and communicate with other services. There are 65,536 such endpoints in any Linux system known as “Ports.” In this article, we will discuss different methods to open a port in Linux.

  • Distributions and Operating Systems

    • CollaboraA roadmap for VirtIO Video on Chrome OS, part 1

      Powered by Rust, the video codec stack on ARCVM is now bringing faster and more reliable video decoding on Chrome OS. Here's how Collabora has been helping shape video virtualization for Chromebooks, and what it means for end users.

    • SUSE/OpenSUSE

      • Web Pro NewsSUSE Linux Enterprise Embraces Confidential Computing [Ed: Well, "confidential computing" is NOT about confidentiality, it's about trusting companies that spy on you. Truly "confidential computing" is computing that's owned and controlled by you. SUSE is pandering to NSA, BND etc.]

        SUSE has released SUSE Linux Enterprise 15 Service Pack 5 (SLE 15 SP5), touting it as the first Linux distro to embrace confidential computing.

      • SUSE's Corporate BlogNew Releases for Business Critical Linux With Enhanced Security and Advanced Function

        Today, SUSE announces the general availability of the latest releases in our Business Critical Linux (BCL) family – the SLE family of products (including SUSE Linux Enterprise Server 15 SP5 and SLES for SAP Applications 15 SP5) and SUSE Manager 4.3.6. These releases are optimized to host workloads across the widest range of environments.€ 

      • IT WireSUSE unveils new security enhancements in enterprise offerings

        The company said customers would now be able to run fully encrypted virtual machines in all environments: AMD, Arm, IBM and Intel.

        The changes announced on Tuesday also include additions for SAP infrastructure, such as automatic discovery and full observability of servers, cloud instances, SAP HANA databases, SAP S/4HANA, NetWeaver applications and clusters.

        There is now support for 15 other Linux distributions inclusive of SUSE's own offerings, with the company making particular mention of RHEL 9 variations such as Rocky Linux, Alma Linux and RHEL 9. RHEL is produced by Red Hat, SUSE's much=bigger competitor in the business space.

        Additionally, Rancher now supports security-focused product updates that include optimized storage, support for hardened VMs, and improved vulnerability and compliance management.

        Rancher Prime’s AI Assistant, which will soon be available via the Rancher Prime customer Slack channel, is claimed to provide automated, accurate, and real-time assistance to customers.

    • Fedora Family / IBM

      • LWNRed Hat cutting back RHEL source availability [Ed: See the comments in particular]

        Red Hat has announced that public source releases will be restricted to CentOS Stream going forward:

        As the CentOS Stream community grows and the enterprise software world tackles new dynamics, we want to sharpen our focus on CentOS Stream as the backbone of enterprise Linux innovation. We are continuing our investment in and increasing our commitment to CentOS Stream. CentOS Stream will now be the sole repository for public RHEL-related source code releases. For Red Hat customers and partners, source code will remain available via the Red Hat Customer Portal.

      • Red HatWhat's new in Red Hat build of Cryostat 2.3

        Modernizing€ Java workloads bare-metal to€ containers running on the cloud is becoming critical for organizations. Cryostat is a container-native Java Virtual Machine (JVM) that helps you analyze the performance of these modernized workloads running as containers to offer your users a better experience.€ 

    • Hardware/Modding

      • CNX Software8K 50MP camera module targets NVIDIA Jetson, Raspberry Pi, and RK3588 boards (Crowdfunding)

        RBTS.co's C50M camera module is equipped with the same 8K 50MP Samsung ISOCELL GN2 image sensor found in the upcoming Google Pixel 8 Pro smartphone but targets the maker market with support for NVIDIA Jetson, Raspberry Pi, and Rockchip RK3588 boards. With high-resolution and quick focusing ability, this camera sensor is designed for drones, machine vision, and industrial automation applications such as automated optical inspection and preventive maintenance, and the large 1.4μm pixels of the Samsung ISOCELL GN2 sensor are said to make the camera work well in low-light conditions.

      • CNX SoftwareEspressif ESP Thread Border Router board combines ESP32-H2 & ESP32-S3 wireless chips

        Espressif Systems has launched the ESP Thread Border Router/Zigbee Gateway board based on ESP32-H2 (802.15.4) and ESP32-S3 (WiFi + BLE) modules following the contention of the Thread Interoperability Certificate V1.3 for the board and associated ESP Thread Boarder Router SDK built on top of the ESP-IDF framework and the open-source OpenThread protocol stack.

      • CNX SoftwareFudan Micro JFM7K325T is a clone of AMD Embedded Kintex 7 325T FPGA

        Shanghai Fudan Microelectronics Group, also known as FMSH, has designed a clone of the AMD Embedded (previously Xilinx) Kintex 7 325T FPGA found in some boards and modules in mainland China.

      • CNX SoftwareWLKATA Robotics Haro380 is a high precision industrial 6-Axis mini robotic arm (Crowdfunding)

        WLKATA Robotics’ Haro380 is a high-precision industrial 6-axis mini robotic arm that can carry a payload of up to 500 grams and designed for education, engineering projects, and light manufacturing. We’ve covered some desktop robotic arms in the past such as the myCobot 280 Pi, but the HARO380 goes a step further with 0.05mm repeatability, a 6-axis harmonic reducer, and zero backlash.

      • ASRock Industrial’s iEP-5000G Now Certified on Ubuntu 22.04 LTS to Guarantee Dependable AIoT Performance and Reliability

        ASRock Industrial, a leading manufacturer of Edge AIoT solutions, is excited to announce that its iEP-5000G has received certification for Ubuntu 22.04 LTS. Powered by Intel€® Atom x6000E Processors (Elkhart Lake), the iEP-5000G provides enhanced computing power within a compact and rugged design. The certified iEP-5000G has undergone rigorous testing at Canonical’s lab to ensure seamless operation with the latest security updates. Customers can now choose to have Ubuntu 22.04 LTS pre-installed on the iEP-5000G at the time of purchase, allowing more time to focus on software development and applications. This certification ensures customers have a secure and reliable operating system optimized for the iEP-5000G, offering assurance in their edge computing deployments.

  • Free, Libre, and Open Source Software

    • Web Browsers/Web Servers

      • Mozilla

        • Firefox Nightly: Brief and Blissful – These Weeks in Firefox: Issue 140
        • MozillaElevating local stories with Pocket and the American Journalism Project

          The importance of local journalism cannot be overstated. Critical to a functioning democracy, it empowers communities and shines a light on the real repercussions of issues debated on the national stage. Yet, as American Journalism Project (AJP)’s Chief Advancement Officer Patty Slutsky says, “There has been a market failure in ensuring everyone has access to the information they need, despite the pressing need for a healthy and robust local news system.” The U.S. lost more than 360 newspapers between late 2019 and May 2022, according to a Northwestern University report, leaving an information void in many communities.

    • Programming/Development

      • Shell/Bash/Zsh/Ksh

        • TecAdminBash Script to Print Fibonacci Sequence

          The Fibonacci sequence is an interesting mathematical concept, used in various aspects of computer science, from algorithms to database systems. In this article, we will look at how you can create a Bash script to generate the Fibonacci sequence.

  • Leftovers



Recent Techrights' Posts

Technology: rights or responsibilities? - Part VIII
By Dr. Andy Farnell
GNU/Linux Reaches All-Time High in Europe (at 6%)
many in Europe chose to explore something else, something freedom-respecting
Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 24, 2024
IRC logs for Sunday, November 24, 2024
Gemini Links 25/11/2024: Purity and Cory Doctorow's Ulysses Pact, Smolnet Portal and SGI
Links for the day
Patents Against Energy Sources That Reduce Pollution
this EV space (not just charging) is a patent mine field and it has long been that way
DARPA’s Information Innovation Office, Howard Shrobe, Values Compartmentalisation But Loses the Opportunity to Promote GNU/Linux and BSDs
All in all, he misses an opportunity
Wayland is an Alternative to X
the alternative to X (as in Twitter) isn't social control media but something like IRC
BetaNews, Desperate for Clicks, is Pushing Donald Trump Spam Created by LLMs (Slop)
Big clap to Brian Fagioli for stuffing a "tech" site with Trump spam (not the first time he uses LLMs to do this)
[Meme] Social Control Media Bliss
"My tree is bigger than yours"
Links 24/11/2024: More IMF Bailouts and Net Client Freedom
Links for the day
Gemini Links 24/11/2024: Being a Student and Digital Downsizing
Links for the day
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day