Twitter
Home Blog Page 358

Open-Source Security: Zip Slip Critical Flaw Hits Thousands of Projects. Update Now

By
ZDNet
-

Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle, LinkedIn, Twitter and others.

As Snyk explains, some ecosystems, such as Java, don’t provide a central software library for fully unpacking archive files, leading developers to write their own code snippets to enable that functionality.

Snyk has published a list on GitHub of affected archive processing libraries for Java, .NET, Oracle, Apache, Ruby, and Go software.

Read more at ZDNet

Samsung’s Chromebook Plus Now Supports Linux Apps

By
The Verge
-

Google began bringing Linux app support to Chrome OS almost exactly one month ago, but it only started with a single device, the very expensive Pixelbook. Now, that’s changing: Linux support is becoming available for Samsung’s Chromebook Plus as well, as spotted by users on Reddit.

This still isn’t a widely available feature or something that most Chromebook users will want to check out. You’ll have to opt-in to the developer-only build of Chrome OS, enable things labeled as beta and experimental, and then use the Terminal to install Linux apps.

Read more at The Verge

GPU Virtualization Update

By
Mark Filion
-

A few months ago, Robert Foss wrote a blog post about virtualizing GPU Access. In his post, Robert explained the architecture of the GPU virtualization stack and, how to build and run a VM with hardware acceleration. In this post, Elie looks at the major improvements which landed upstream during these pasts 3 months.

By Elie Tournier, Software Engineer at Collabora.

tl;dr:

  • QEMU can now use OpenGL ES acceleration.
  • Virglrenderer is close to be OpenGL ES 2.0 compliant.
  • We are still working on OpenGL ES 3.0.

For each component of the stack, I will explain the added modifications and our plan for the future.

Virglrenderer

At Collabora, we have been working as part of the upstream community to add new features and improve the code base.

Most of our work consisted in adding more caps to support OpenGL ES 3.0 on OpenGL ES and to find some workarounds for the missing OpenGL ES features. For example, OpenGL ES does not support 1D texture so we have to use a 2D texture with one of the component set to 0.5.

On my system, KabyLake with Mesa 18.0, I obtained the following results:

  • Android OpenGL ES 2.0 CTS on OpenGL backend: 4 failures
  • Android OpenGL ES 2.0 CTS on OpenGL ES backend: 4 failures
  • Android OpenGL ES 3.0 CTS on OpenGL backend: 40 failures
  • Android OpenGL ES 3.0 CTS on OpenGL ES backend: ~2400 failures

The OpenGL ES 2.0 CTS failures seems to be driver related. The tests fail on my system but pass on r600.

The difference between OpenGL ES 3.0 results might seem scary but a single fix should take care of it. These failures are due to the fact that we don’t support reading back results from integer (as opposed to floating-point) rendering, so all the tests for integer formats fall.

QEMU

Status

We can, since 4867e47, create an OpenGL ES context. Thanks to this, we can now run QEMU on a system that only supports OpenGL ES.

Running QEMU on an OpenGL ES backend.

If you want to try it out, you can follow the guide from Robert’s blog. The only difference is the command line to run the WM, you just need to replace -sdl,gl=on by -sdl,gl=es.

So it will become:

qemu-system-x86_64 
    -enable-kvm -M q35 -smp 2 -m 4G 
    -hda ubuntu.qcow2 
    -net nic,model=virtio 
    -net user,hostfwd=tcp::2222-:22 
    -vga virtio 
    -display sdl,gl=es

Others flags are also available:
-sdl,gl=core Force to create an OpenGL context.
-sdl,gl=on Try to create an OpenGL context and if it fails, we fallback and try to create an OpenGL ES context.
-sdl,gl=off Disable the hw acceleration.

Continue reading on Collabora’s blog.

Community-Created Apps Help Ease Kubernetes Administration

By
Sam Dean
-

It didn’t take long at all for Kubernetes to become a star in the open source arena, emerging as the standard way to containerize applications at scale. Kubernetes is ushering in “operations transformation” and helping organizations make the transition to cloud-native computing, said Craig McLuckie, co-founder and CEO of Heptio and a co-founder of Kubernetes at Google, in a recent  free webinar.  

However, Kubernetes, which was created at Google and donated to the Cloud Native Computing Foundation, is known to be complex and can create many maintenance and deployment challenges. To address that, new classes of community-created complementary and helper applications are helping to tame Kubernetes.

At the Helm

The Helm project is a case in point. The Cloud Native Computing Foundation recently voted to accept Helm as an incubation-level hosted project. Helm is a package manager that provides an easy way to find, share, and use software built for Kubernetes. It removes complexity from configuration and deployment, and enables greater developer productivity.

“Helm addresses a common user need of deploying applications to Kubernetes by making their configurations reusable,” said Brian Grant, Principal Engineer at Google, and Kubernetes SIG Architecture co-chair and Steering Committee member. “Both the Helm and Kubernetes projects have grown substantially. As Kubernetes shifts its focus to its own core in order to better manage this growth, CNCF is a great home for Helm to continue making it easier for developers and operators to streamline Kubernetes deployments.”

According to a recent Kubernetes Application Survey, 64 percent of the application developers, application operators, and ecosystem tool developers who answered the survey reported using Helm to manage apps on Kubernetes.

Ease of management

But Helm is hardly the only open tool helping to ease the burden of managing Kubernetes. Microsoft has open sourced Draft, a tool that streamlines application development and deployment into any Kubernetes cluster. “Using two simple commands, developers can now begin hacking on container-based applications without requiring Docker or even installing Kubernetes themselves,” notes Gabe Monroy, PM Lead for Containers at Microsoft. “You can customize Draft to streamline the development of any application or service that can run on Kubernetes.” See this process in action here.

Are you aware that your iOS or Android smartphone can play a role in demystifying and operating Kubernetes? Cabin lets Kubernetes administrators leverage a dashboard from their phones. It drives many of the processes and features that you’ll find in the complete Kubernetes dashboard, ranging from reading pod logs to working with web-based apps that Kubernetes hosts, to accessing Helm charts.

Red Hat, too, has been helping users streamline their Kubernetes implementations. Through its acquisition of San Francisco-based startup Codenvy, Red Hat is giving developers options for building out cloud-based integrated development environments, including working with Kubernetes and containers. Codenvy is built on the open source project Eclipse Che, which offers a cloud-based Integrated Developer Environment (IDE) and development environment. The OpenShift.io cloud-based container development service from Red Hat already integrates Codenvy’s Eclipse Che implementation.

Dashboards are proven as good tools for simplifying administration of many kinds of processes, and although Kubernetes has a basic dashboard, efficient community-created dashboards are emerging. Kube-ops-view is a popular one. It gives you optics across multiple Kubernetes clusters, with graphical representations across the board that allow you to monitor memory and CPU usage, and more.

Writing and maintaining application definitions is one of the more complex aspects of running Kubernetes, and Kedge is a popular open tool that offers a simplified approach. With Kedge, you can supply a Kubernetes definition in simple form and Kedge expands into a full and correct application definition. It basically lets you work with shortcuts.

The move toward containers shifts many types of dependencies pertaining to applications, and it shifts how applications are created. Kubernetes has proven to be an essential orchestration tool as these changes take place, and it is good to see open tools that can help streamline Kubernetes itself and make developing applications easier.

To learn more about Kubernetes, check out the sample course materials for Kubernetes Fundamentals (LFS258), an online, self-paced course developed by The Linux Foundation Training that gives a high-level overview of what Kubernetes is and the challenges it solves. Download a free sample chapter now.

Shedding Old Architectures and Compilers in the Kernel

By
LWN
-

The kernel development process tends to be focused on addition: each new release supports more drivers, more features, and often new processor architectures. As a result, almost every kernel release has been larger than its predecessor. But occasionally even the kernel needs to slim down a bit. Upcoming kernel releases are likely to see the removal of support for a number of unloved architectures and, in an unrelated move, the removal of support for some older compilers.

Architectures

The Meta architecture was added to the 3.9 kernel as “metag” in 2013; it is a 32-bit architecture developed by Imagination Technologies. Unfortunately, at about the same time as the code was merged, Imagination Technologies bought MIPS Technologies and shifted its attention to the MIPS architecture. Since then, the kernel’s support for Meta has languished, and it can only be built with the GCC 4.2.4 release, which is unsupported. On February 21, James Hogan, the developer who originally added the Meta port to the kernel, proposed that it be removed, calling it “essentially dead with no users.”

The very next day, Arnd Bergmann, working entirely independently, also proposed removing Meta. Bergmann, however, as is his way, took a rather wider view of things: he proposed that the removal of five architectures should be seriously considered.

Read more at LWN

You Don’t Know Bash: An Introduction to Bash Arrays

By
OpenSource.com
-

Although software engineers regularly use the command line for many aspects of development, arrays are likely one of the more obscure features of the command line (although not as obscure as the regex operator =~). But obscurity and questionable syntax aside, Bash arrays can be very powerful.

Wait, but why?

Writing about Bash is challenging because it’s remarkably easy for an article to devolve into a manual that focuses on syntax oddities. Rest assured, however, the intent of this article is to avoid having you RTFM.

A real (actually useful) example

To that end, let’s consider a real-world scenario and how Bash can help: You are leading a new effort at your company to evaluate and optimize the runtime of your internal data pipeline. As a first step, you want to do a parameter sweep to evaluate how well the pipeline makes use of threads. For the sake of simplicity, we’ll treat the pipeline as a compiled C++ black box where the only parameter we can tweak is the number of threads reserved for data processing: ./pipeline --threads 4.

Read more at OpenSource.com

All Things Enterprise Cloud Native at Red Hat

By
The New Stack
-

At KubeCon + CloudNativeCon in Copenhagen in early May, we caught up with Red Hat‘s Brandon Philips, to discuss the state of CoreOS and containers as a whole. Philips was previously with CoreOS, which was acquired by Red Hat back in January, and the pairing has focused a good amount of Linux thought leadership on the Kubernetes project. In Copenhagen, he and Diane Mueller, director of community development at Red Hat, sat down to talk about what it’s been like merging the CoreOS and Red Hat teams.

The CoreOS team, and Red Hat overall has been working closely with the CNCFto expand the capabilities of Kubernetes for enterprise users. One big part of this effort has been the Kubernetes Operators Project, said Philips.

Read more at The New Stack

​The Killer Chromebook: Google’s i7 Pixelbook

By
ZDNet
-

Want the best of all Chromebooks? Then get Google’s Pixelbook.

Now, I’ve liked Chromebooks since the experimental Cr-48rolled out in late 2010. And, when Google released its first high-end Chromebook, 2013’s Pixel, I was sold. I slowly but surely put away my Linux-powered Lenovo ThinkPads and started replacing them with Google’s high-end Chromebooks. Why? Because they’re better than any other laptop out there.

Besides, as my tech buddy Mike Elgan points out, today’s high-end Chromebooks “run more apps without dual- or multi-booting than any other computing platform. Chromebooks can run apps from Android, Linux, and Windows concurrently in the same session.”

Read more at ZDNet

GitLab’s High-End Plans Are Now Free for Open Source Projects and Schools

By
TechCrunch
-

The fact that Microsoft is buying GitHub has left a lot of developers with a deep feeling of unease and a lot of them are now looking for alternatives. One of those is GitLab and that company has decided to strike the iron while it’s hot. To attract even more developers to its platform, GitLab today announced that its premium self-hosted GitLab Ultimate plan and its hosted Gold plan are now available for free to open source projects and educational institutions.

“Most education and open source projects don’t have access to enhanced security or performance management tools for their software projects,” GitLab CEO Sid Sijbrandij told me. “At GitLab, we are happy to have achieved a level of success that allows us to extend the full set of features to these important communities by offering GitLab Ultimate & GitLab Gold plans for free.”

Read more at TechCrunch

Linux Kernel 4.17, “Merciless Moray,” Offers Improved Performance and Security

By
Paul Brown
-

Linus Torvalds released version 4.17 of the Linux Kernel on Sunday, nine weeks after the prior version. Although Linus says he is running out “of fingers and toes to keep track of minor releases,” he has decided not to call this release “5.0” because he is saving that for 4.20.

As with the 4.16 cycle, 4.17 has been a relatively smooth, save a few hiccups due to those pesky chip issues. It turns out the shadow of the Spectre vulnerability is still long, and the last two weeks before the release were a busy ones, with patches designed to counteract the effects of Spectre v4 making up a significant portion of all the code submitted. That said, and even though Linus does not like large amounts of changes so late in the release cycle, he skipped an rc8 and released the final version of 4.17 anyway.

Be as it may, 4.17 also comes with plenty of other improvements. There is the set of changes that will improve the power consumption on most machines, for example. These changes affect what is called the “idle loop” of the kernel. Even if your machine is apparently not doing anything, as long as it is powered up, the kernel is working. The new code optimizes the “downtime” processes and, according to its author Rafael Wysocki, power consumption could go down “10% or more.” This means battery charges will last longer on laptops, clusters will be more efficient, and machines will be more eco-friendly across the board.

Something that is not often mentioned in these reports are the various curios — the leftovers from times gone by that still have developers working on them — such as the case of the Macintosh PowerBook 100 series, a laptop series manufactured by Apple in the early 1990s which used a Motorola processor. These things are still being maintained, and 4.17 comes with several improvements for the devices. I wonder if it is too late to get the support for the Commodore 64 in there.

Although the PowerBook 100 is still being supported, on a more pragmatic note, other architectures have been dropped. Such is the case of eight obsolete CPUs, including the Unicore32, Blackfin, and Hexagon, among others. All of these processors are very niche and are being superseded by other more modern alternatives. Support for POWER4 and POWER4+ processors is also being removed. Considering IBM is now on the ninth generation of POWER, it was probably about time. Dropping these architectures has had the side effect of making 4.17 one of the lightest releases in recent years, where the number of lines removed is larger than the number of lines added. All told, getting rid of code for obsolete architectures eliminates about half a million lines from the kernel.

Other stuff to look forward to in kernel 4.17

  • Kernel 4.17 also comes with HDCP, or High-bandwidth Digital Content Protection. This is the technology that “protects” proprietary content by making perfectly functional, but uncertified hardware underperform or directly useless. This may seem counterintuitive, and it is. No buts. The idea is that, to protect music and videos, manufacturers must certify their video cards, monitors, and HDMI cables (and pay up considerable amounts of money) so that HDCP-protected content will play on the devices. If making software act as an obstacle on perfectly adequate hardware sounds like a bonkers idea, that’s because it is. But that’s the state of the protection of copyrighted material nowadays. At least in theory, the inclusion of HDCP is a step towards allowing user to be able to play protected content.

  • Fortunately, most code in this release improves performance on the users’ machines. Changes in the realm of drivers/controllers and AMD video cards received a big boost this time around. In 4.17, AMDGPU DC is enabled by default, for example, and is now in the mainline kernel. This means you won’t need to install an external DKMS driver for your Radeon card at full capacity, and you will have HDMI/DP audio out of the box. Another improvement is that AMDKFD is now also part of the mainline kernel. This is important for using AMD GPUs in high performance computing, where GPUs are used to carry out complex and consuming calculations.

  • Speaking of performance enhancements, work has begun on code that allows users to tweak the power management of their cards and the first changes have also been incorporated into 4.17: On other platforms, Radeon WattMan allows users to control the voltage, fan speed, engine clock and so on of their cards, and that is what developers are starting to work into the Linux kernel.

  • Support for the RISC-V, the open source processor architecture, is also chugging along nicely. Developers have added dynamic ftrace on RISC-V, cleaned up the atomic and locking routines, as well as the module loading support. The latter is now enabled by default.

As always, to find out more, you can check out Kernel Newbies (when it becomes available) and Phoronix.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

1...357358359...10,742Page 358 of 10,742