Using the Best CPU Available on Asymmetric Systems

Dietmar Eggemann posted a patch from Quentin
Perret
to take advantage of
energy-efficient CPUs on asymmetric multiprocessor
(AMP) systems. AMP is
distinguished from SMP (symmetric multiprocessor) systems in that an SMP
system uses several instances of only one type of CPU, while an AMP system
might use CPUs of differing speeds, feature-sets and so on.

Quentin’s patch was an effort to take advantage of differences in power
consumption between the CPUs on an AMP system. It attempted to identify the
most efficient CPU that was not already saturated with processes and assign
newly awakened processes to it. If no CPUs fit the bill, standard SMP-type
methods of processor assignment would be used instead.

Dietmar explained, “The selection of the most energy-efficient CPU for a task
is achieved by estimating the impact on system-level active energy resulting
from the placement of the task on each candidate CPU. The best CPU
energy-wise is then selected if it saves a large enough amount of energy with
respect to prev_cpu.”

He acknowledged that this algorithm was a brute-force approach that could
work well only on systems with a relatively small number of CPUs. He said,
“This patch is an attempt to do something useful, as writing a fast heuristic
that performs reasonably well on a broad spectrum of architectures isn’t an
easy task.”

Patrick Bellasi and Joel Fernandes had no serious objections to the patch
and offered some technical suggestions. The discussion delved into various
technical issues and specific ways of addressing them, with no one raising
any controversial issues.

This is the type of situation with a patch where it might look like a lack of
opposition could let it sail into the kernel tree, but really, it just hasn’t
been thoroughly examined by Linux bigwigs yet. Once the various contributors
have gotten the patch as good as they can get it without deeper feedback,
they’ll probably send it up the ladder for inclusion in the main source tree.
At that point, the security folks will jump all over it, looking for ways
that a malicious user might force processes all onto only one particular CPU
(essentially mounting a denial-of-service attack) or some such thing. Even if
the patch survives that scrutiny, one of the other big-time kernel people, or
even Linus Torvalds, could reject the patch on the grounds that it should
represent a solution for large-scale systems as well as small.

Source: Linux Journal

System76’s New Manufacturing Facility, Ubuntu 17.10 Reaches End of Life, Google Cloud Platform Marketplace, Stranded Deep Now Available for Linux and Cutelyst New Release

News briefs for July 19, 2018.

System76 has moved into its new manufacturing facility in Denver, Colorado. The
company will begin making computers in the US, rather than just assembling
them. See the System76
blog post
for photos of the new digs.

Ubuntu 17.10 “Artful Aardvark” has reached end of life today, so there will be no more security updates
for that version. If you’re running Ubuntu 17.10, you need to upgrade to 18.04 now. See
the post on It’s FOSS for
more information and instructions on how to upgrade.

Google has rebranded its Cloud Launcher platform, and it now will be called the
Google Cloud Platform
Marketplace
(or GCP Marketplace). LinuxInsider reports that
“it will offer production-ready commercial Kubernetes apps, promising simplified
deployment, billing and third-party licensing.”

Single-player survival game Stranded Deep is now available for
Linux, GamingOnLinux
reports
, although users were reporting a few issues earlier this week.
Stranded Deep is available on
Steam
.

Cutelyst, a C++ web framework based on Qt, has a new release. The update
includes several bug fixes and some build issues with buildroot. See Dantti’s
Blog
for all the details. Cutelyst is available on
GitHub
.

Source: Linux Journal

Google Fined by EU for Antitrust Violations, Qt Creator 4.7.0 Now Available, New ownCloud Version 10.0.9, pfSense Gold to Be Free with the 2.4.4 Release, Kobol Relaunches Helios4

News briefs for July 18, 2018.

Google is being fined $5 billion USD for Android antitrust violations, The
Verge reports
. The EU Commission claims Google has abused Android dominance in three
ways: “Google has been bundling its search engine and Chrome apps into the operating
system. Google has also allegedly blocked phone makers from creating devices that run
forked versions of Android, and ‘made payments to certain large manufacturers and
mobile network operators’ to exclusively bundle the Google Search app on handsets.” It
has 90 days to bring its “illegal conduct to an end in an effective manner”. Google
plans to appeal this decision.

Qt Creator version 4.7.0 is now available. The release
announcement
notes that with this release, the Clang code model now is on by
default to keep up with developments in C++. In addition, “the Clang code model provides much
better information about issues in code without going through the edit-compile-analyze
cycle explicitly.” You can download the open-source version here.

ownCloud’s new version 10.0.9 includes improved password policy, S3 Object
Storage integration and pending shares feature. According to the ownCloud press release,
this new version increases security as “password policies can now be defined for
all users, and a password history prevents previously used passwords from being set
and the ability to accept or reject pending shares of received files provides additional
control and security.” You can download ownCloud here and
its corresponding apps here.

Netgate announces
that pfSense Gold will be free with the 2.4.4 release
, including all
services previously offered under the pfSense Gold subscription, such as the
pfSense Book and monthly online Hangouts (video conferences). In addition,
AutoConfigBackup (ACB) also will be free and will conform to GDPR best
practices. The 2.4.4 release is planned for September 2018.

Kobol is relaunching Helios4 via its own funding campaign. The open-spec NAS SBC and fanned system “runs
Debian on a Marvell Armada 388 SoC with 2GB ECC RAM and offers 1x GbE, 2x USB
3.0, and 4x SATA 3.0 ports for up to 48TB”. According to the Linux Gizmos
post
, “So far, the Full Kit is half funded while the Basic Kit has drawn
little interest. Kobol says that it will refund the money if the campaign
doesn’t reach its 500-unit goal by Aug. 5. Shipments are due in October.”

Source: Linux Journal

At Rest Encryption

Learn why at rest encryption doesn’t mean encryption when your laptop
is asleep.

There are many steps you can take to harden a computer, and a common
recommendation you’ll see in hardening guides is to enable disk encryption.
Disk encryption also often is referred to as “at rest encryption”, especially
in security compliance guides, and many compliance regimes, such as PCI, mandate
the use of at rest encryption. This term refers to the fact that data is
encrypted “at rest” or when the disk is unmounted and not in use. At rest
encryption can be an important part of system-hardening, yet many
administrators who enable it, whether on workstations or servers, may end up
with a false sense of security if they don’t understand not only what disk
encryption protects you from, but also, and more important, what it doesn’t.

What Disk Encryption Does

In the context of Linux servers and workstations, disk encryption generally
means you are using a system such as LUKS to encrypt either the entire root
partition or only a particularly sensitive mountpoint. For instance, some
Linux distributions offer the option of leaving the root partition
unencrypted, and they encrypt each user’s /home directories independently, to
be unlocked when the user logs in. In the case of servers, you might leave
root unencrypted and add encryption only to specific disks that contain
sensitive data (like database files).

In a workstation, you notice when a system is encrypted at rest because it
will prompt you for a passphrase to unlock the disk at boot time. Servers
typically are a bit trickier, because usually administrators prefer that a server
come back up after a reboot without manual intervention. Although some servers
may provide a console-based prompt to unlock the disk at boot time,
administrators are more likely to have configured LUKS so that the key resides
on a separate unencrypted partition. Or, the server may retrieve the
key from the network using their configuration management or a centralized
secrets management tool like Vault, so there is less of a risk of the key
being stolen by an attacker with access to the filesystem.

The main thing that at rest encryption protects you from is data loss due to
theft or improper decommissioning of hard drives. If someone steals your
laptop while it’s powered off, your data will be protected. If someone goes
into a data center and physically removes drives from a server with at rest
encryption in place, the drives will spin down, and the data on them will be
encrypted. The same goes for disks in a server that has been retired.
Administrators are supposed to perform secure wiping or full disk destruction
procedures to remove sensitive data from drives before disposal, but if
the administrator was lazy, disk encryption can help ensure that the data is still
protected if it gets into the wrong hands.

Source: Linux Journal

Open Source at 20

Open source software has been around for a long time. But calling it open source only began in 1998. Here’s some history:

Christine Peterson came up with the term “open source software” in 1997 and (as she reports at that link) a collection of like-minded geeks decided on February 3, 1998 to get behind it in a big way. Eric S. Raymond became the lead evangelist when he published Goodbye, “free software”; hello, “open source” on February 8th. Bruce Perens led creating the Open Source Initiative later that month. Here at Linux Journal, we were all over it from the start as well. (Here’s one example.)

“Open source” took off so rapidly that O’Reilly started OSCON the next year, making this year’s OSCON, happening now, the 19th one. (FWIW, at the 2005 OSCON, O’Reilly and Google together gave me an award for “Best Communicator” on the topic. I was at least among the most enthusiastic.)

Google’s Ngram Viewer, which searches through all scanned books from 1800 to 2008, shows (see above) that use of “open source” hockey-sticked quickly. Today on Google, “open source” gets 116 million results.

But interest has been trailing off, as we see from Google Trends, which follows “interest over time.” Here’s how that looks since 2004:

Source: Linux Journal

IBM’s New Security-First Nabla Container, Humble Bundle’s “Linux Geek Bundle”, Updates on the Upcoming Atari VCS Console, Redesigned Files App for Chromebooks and Catfish 1.4.6 Released

News briefs for July 17, 2018.

IBM has a new container called Nabla designed for security first, ZDNet
reports
. IBM claims it’s “more secure than Docker or other containers by cutting operating system
calls to the bare minimum and thereby reducing its attack surface as small as
possible”. See also this article for more
information on Nabla and this
article
on how to get started running the containers.

Humble Bundle is offering a “Linux Geek Bundle” of ebooks from No Starch Press
for $1 (or more—your choice) right now, in connection with It’s FOSS. The Linux
Geek bundle’s books are worth $571 and are available in PDF, ePUB and MOBI
format, and are DRM-free. Part of the purchase price will be donated to the
EFF. See the It’s FOSS post for
the list of titles and more info.

More information on the upcoming Atari VCS console due to launch next year
has been released in a Q&A
on Medium
with Rob Wyatt, System Architect for the Atari VCS project. Rob
provides more details on the hardware specs: “The VCS hardware will be
powered by an AMD Bristol Ridge family APU with Radeon R7 graphics and is now
going to get 8 gigabytes of unified memory. This is a huge upgrade from what
was originally specified and unlike other consoles it’s all available, we
won’t reserve 25% of hardware resources for system use.” In addition, the
Q&A covers the Atari VCS “open platform” and “Sandbox”, compatible
controllers and more.

Google’s Chrome OS team is working on redesigning its Files app for
Chromebooks “with a new ‘My Files’ section that promises to help you better
organize your local files, including those from any Android and Linux apps
you might have installed.” See the Softpedia
News post
for more information on this redesigned app for Android and
Linux files and how to test it via the Chrome OS Canary
experimental channel.

Catfish
1.4.6 has been released
, and it has now officially joined the Xfce
family. According to the announcement, it’s “lightweight, fast, and a perfect
companion to the Thunar file manager. With the transition from Launchpad to
Xfce, things have moved around a bit. Update your bookmarks accordingly!”
Other new features include an improved thumbnailer, translation updates and several bug fixes. New
releases of Catfish now can be found at the Xfce release archive.

Source: Linux Journal

A Look at Google’s Project Fi

Google’s Project Fi is a great cell-phone service, but the data-only SIMs
make it incredible for network projects!

I have a lot of cell phones. I have iPhones (old and new), Android phones
(old, new, very old and funny-shaped), and I have a few legacy phones that
aren’t either Android or iPhone. Remember Maemo? Yeah, and I still have one of those old
Nokia phones somewhere too. Admittedly, part of the reason I have such
a collection is that I tend to hoard nostalgic technology, but part of
it is practical too.

I’ve used phones as IP cameras for BirdTopia (my recorded and streamed
bird-feeder collection). I’ve created WiFi-only audiobook devices that
I use when I’m out and about. I’ve used old phones as SONOS remotes,
Plex players, Chromecast initiators and countless other tasks that tiny
little computers are perfect for doing. One of the frustrating things about
using old cell phones for projects like that though is they only have WiFi
access, because adding multiple devices to a cell plan becomes expensive
quickly. That’s not the case anymore, however, thanks to Google’s Project Fi.

Most people love Project Fi because of the tower-hopping features
or because of the fair pricing. I like those features too, but the real bonus
for me is the “data only” SIM option. Like most people, I rarely make
phone calls anymore, and there are so many chat apps, texting isn’t very
important either. With most cell-phone plans, there’s an “access” fee per
line. With Project Fi, additional devices don’t cost anything more! (But,
more about that later.) The Project Fi experience is worth investigating.

What’s the Deal?

Project Fi is a play on the term “WiFi” and is pronounced “Project Fye”,
as opposed to “Project Fee”, which is what I called it at first.
Several features set Project Fi apart from other cell-phone plans.

First, Project Fi uses towers from three carriers: T-Mobile, US Cellular
and Sprint. When using supported hardware, Project Fi constantly
monitors signal strength and seamlessly transitions between the various
towers. Depending on where you live, this can mean constant access to the
fastest network or a better chance of having any coverage at all. (I’m
in the latter group, as I live in a rural area.)

The second standout feature of Project Fi is the pricing model. Every
phone pays a $20/month fee for unlimited calls and texts. On top of that,
all phones and devices share a data pool that costs $10/GB. The data
cost isn’t remarkably low, but Google handles it very well. I recently
discovered that it’s not billed in full $10 increments (Figure 1).
If you use 10.01GB of data, you pay $10.01, not $20.

Source: Linux Journal

Debian “stretch” 9.5 Update Now Available, Red Hat Announces New Adopters of the GPL Cooperation Commitment, Linux Audio Conference 2018 Videos Now Available, Latte Dock v0.8 Released and More

News briefs for July 16, 2018.

Debian “stretch” has a new update, 9.5, the fifth update of the Debian 9 stable
release. This version addresses several security issues and other problems.
You can upgrade your current installation from one of Debian’s HTTP mirrors.

Red Hat announced
that 14 additional companies
have adopted the GPL Cooperation Commitment, which
means that “more than 39 percent of corporate contributions to the Linux
kernel, including six of the top 10 contributors” are now represented.
According to the Red Hat press release, these commitments “reflect the belief
that responsible compliance in open source licensing is important and that
license enforcement in the open source ecosystem operates by different
norms.” Companies joining the growing movement include Amazon, Arm,
Canonical, GitLab, Intel Corporation, Liferay, Linaro, MariaDB, NEC, Pivotal,
Royal Philips, SAS, Toyota and VMware.

The Linux Audio Conference announced that all videos from the 2018
conference
in Berlin are now available. You can find the links here.

Latte
Dock v0.8 is now available
. New features include multiple layouts
simultaneously, smart dynamic background, unify global shortcuts for applets
and tasks, and much more. Latte v0.8 is compatible with Plasma >= 5.12, KDE
Frameworks >= 5.38, Qt >= 5.9. You can download it from here.

Ubuntu has improved the user interface of its Snap Store website. It’s FOSS reports that the updates
make
“it more useful for the users by adding developer verification, categories,
improved search”.

Source: Linux Journal

Opinion: GitHub vs GitLab

gitlab logo

Free software deserves free tools, not Microsoft-owned GitHub.

So, Microsoft bought GitHub, and many people are confused or
worried. It’s not a new phenomenon when any large company buys any
smaller company, and people are right to be worried, although I argue
that their timing is wrong. Like Microsoft, GitHub has made some
useful contributions to free and open-source software, but let’s not
forget that GitHub’s main product is proprietary software. And, it’s not
just some innocuous web service either; GitHub makes and sells a
proprietary software package you can download and run on your own
server called GitHub Enterprise (GHE).

Let’s remember how we got here. BitMover made a tool called BitKeeper,
a proprietary version control system that allowed free-of-charge
licenses to free software projects. In 2002, the Linux kernel switched
to using BitKeeper for its version control, although some notable
developers made the noble choice to refuse to use the proprietary
program. Many others did not, and for a number of years, kernel development
was hampered by BitKeeper’s restrictive noncommercial licenses.

In 2005, Andrew Tridgell, working at OSDL, developed a client
that bypassed this restriction, and as a result, BitMover removed
licenses to BitKeeper from all OSDL employees—including Linus
Torvalds. Eventually, all non-commercial licenses were stopped, and new
licenses included clauses preventing the development of alternative
version control systems. As a result of this, two new projects were
born: Mercurial and Git. Created in a few short weeks in 2005, Git
quickly became the version control system for Linux development.

Proprietary version control tools aren’t common in free software
development, but proprietary collaboration websites have been around
for some time. One of the earliest collaboration websites still around
today is Sourceforge. Sourceforge was created in the late 1990s by VA
Software, and the code behind the project was released in
2000.

Quickly this situation changed, and the project was shuttered
and then became Sourceforge Enterprise
Edition
, a
proprietary software package. The code that ran Sourceforge was forked
into GNU Savannah (later Savane) and GForge, and it’s still use today by
both the GNU Project and CERN. When I last wrote about this
problem
, almost exactly
ten years ago, Canonical’s ambitious Launchpad service still
was proprietary, something later remedied in 2009. Gitorious was created
in 2010 and was for a number of years the Git hosting platform for the
discerning free software developer, as the code for Gitorious was
fully public and licensed under favorable terms for the new wave of
AGPL-licensed projects that followed the FSF’s Franklin Street
Statement. Gitorious, also, is sadly no longer with us.

Source: Linux Journal

Python and Its Community Enter a New Phase

On Python’s BDFL Guido van Rossum, his dedication to the Python community, PEP 572 and hope for a healthy outcome for the language, open source and the computing world in general.

Python is an amazing programming language, there’s no doubt about it.
From humble beginnings in 1991, it’s now just about
everywhere. Whether you’re doing web development, system
administration, test automation, devops or data science, odds are
good that Python is playing a role in your work.

Even if you’re not using Python directly, odds are good that it
is being used behind the scenes. Using OpenStack? Python plays an
integral role in its development and configuration. Using Dropbox on
your computer? Then you’ve got a copy of Python running on your
computer. Using Linux? When I purchased Red Hat Linux back in 1995,
the configuration was a breeze—thanks to visual tools developed in
Python.

And, of course, there are numerous schools and educational programs
that are now teaching Python. MIT’s intro computer science course switched
several years ago from Scheme to Python, and thousands of universities
all over the world made a similar switch in its wake. My 15-year-old daughter
participates in a program for technology and entrepreneurship—and
she’s learning Python.

There currently is an almost insatiable demand for Python
developers. Indeed, Stack Overflow reported last year that Python is
not only the most popular language on its site, but it’s also the
fastest-growing language. I can attest to this popularity in my own
job as a freelance Python trainer. Some of the largest computer
companies in the world are now using Python on a regular basis, and
their use of the language is growing, not shrinking.

Normally, a technology with this much impact would require a large and
active marketing department. But Python is (of course) open-source
software, and its success is the result of a large number of
contributors—to the core language, to its documentation, to
libraries and to the numerous blogs, tutorials, articles and videos
available online. I often remind my students that people often think
of “open source” as a synonym for “free of charge”, but that they
should instead think of it as a synonym for “powered by the
community”—and there’s no doubt that the Python community is strong.

Such a strong community doesn’t come from nowhere. And there’s no
doubt that Guido van Rossum, who created Python and has led its
development ever since, has been a supremely effective community
organizer and leader.

Source: Linux Journal