Bug Hunting Inlined Code

The Linux kernel has various debugging tools. One is the kernel function tracer, which traces function calls, looking for bad memory allocations and other problems.

Changbin Du from Intel recently posted some code to increase the range of the function tracer by increasing the number of function calls that were actually compiled into the kernel. Not all function calls are ever actually compiled—some are "inlined", a C feature that allows the function code to be copied to the location that calls it, thus letting it run faster. The downside is that the compiled binary grows by the number of copies of that function it has to store.

But, not all inlined functions are specifically intended by the developers. The GNU C Compiler (GCC) also will use its own algorithms to decide to inline a wide array of functions. Whenever it does this in the Linux kernel, the function tracer has nothing to trace.

Changbin's code still would allow functions to be inlined, but only if they explicitly used the inline keyword of the C language. All other inlining done by GCC itself would be prevented. This would produce less efficient code, so Changbin's code never would be used in production kernel builds. But on the other hand, it would produce code that could be far more thoroughly examined by the function tracer, so Changbin's code would be quite useful for kernel developers.

As soon as he posted the patches, bug reports popped up all over the kernel in functions that GCC had been silently inlining. As a result, absolutely nobody had any objections to this particular patch.

There were, however, some odd false positives produced by the function tracer, claiming that it had found bugs that didn't actually exist. This gave a few kernel developers a slight pause, and they briefly debated how to eliminate those false positives, until they realized it didn't really matter. They reasoned that the false positives probably indicated a problem with GCC, so the GCC people would want to be able to see those false positives rather than have them hidden away behind workarounds.

That particular question—what is a kernel issue versus a GCC issue—is potentially explosive. It didn't lead anywhere this time, but in the past, it has led to bitter warfare between the kernel people and the GCC people. One such war was over GCC's failure to support Pentium processors and led to a group of developers forking GCC development into a competing project, called egcs. The fork was very successful, and it began to be used in mainstream Linux distributions instead of GCC. Ultimately, the conflict between the two branches was resolved only after the egcs code was merged into the GCC main branch, and future GCC development was handed over to the egcs team of developers in 1999.

The Gaming Issue of Linux Journal is Here!

gaming issue

Games for Linux are booming like never before. The revolution comes courtesy of cross-platform dev tools, passionate programmers and community support. Join us this month as we take a Deep Dive in to gaming.

Deep Dive features:

Also featured in this issue:

  • ModSecurity and nginx

  • Clearing Out /boot

  • VCs Are Investing Big into a New Cryptocurrency: Introducing Handshake

  • Edit PDFs with Xournal

  • FOSS Project Spotlight: Nitrux, a Linux Distribution with a Focus on AppImages and Atomic Upgrades

  • Stop Killing Your Cattle: Server Infrastructure Advice

Regular columns include:

  • Kyle Rankin's Hack and /: Two Portable DIY Retro Gaming Consoles
  • Shawn Powers' The Open-Source Classroom: Globbing and Regex
  • Reuven M. Lerner's At the Forge: Bytes, Characters and Python 2
  • Dave Taylor's Work the Shell: Creating the Concentration Game PAIRS with Bash, Part II
  • Zack Brown's diff -u: What's New in Kernel Development
  • Glyn Moody's Open Sauce: What Is the Point of Mozilla?

Subscribers, you can download your September issue now.

Not a subscriber? It’s not too late. Subscribe today and receive instant access to this and ALL back issues since 1994!

Nitrux 1.0.15 Released, Speck Code to Be Dropped from 4.19 Kernel, Wireshark Security Vulnerabilities, Fedora 29 Test Week and GUADEC Videos Now Available

News briefs for September 4, 2018.

Nitrux 1.0.15 is now available. The new version provides software updates, bug fixes and performance improvements, as well as patches for security vulnerabilities. This version includes kernel version 4.18.5; Plasma 5 (5.13.4); KDE Apps (18.08); KF5 (5.50.0) and Qt 5 (5.11.1); Mesa (18.1.5) drivers for Vulkan, VDPAU and support for VP-API; and much more. You can download it from here, and see also the September 2018 issue of Linux Journal (which will be out today) for a FOSS Project Spotlight on this distribution.

The Speck encryption code will be dropped from the Linux 4.19 kernel. Phoronix reports that Google (who initially introduced Speck to the kernel for filesystem encryption for low-end Android devices) is instead working on a new HPolyC algorithm for those devices, "due to concerns over Speck potentially being back-doored by the US National Security Agency".

Wireshark discovered a number of security vulnerabilities that could be used to cause a system crash and denial-of-service (DOS) state. See ZDNet for details on the security flaws, and if you use Wireshark, update your software builds to versions 2.6.3, 2.4.9, 2.2.17 or later.

Fedora 29 developers are working on major improvements to Internationalization (i18n) support, including better font support, and improvements to the iBus input method. The team is holding a test week this week and invites the community to try out these new features. Visit the wiki page for more information on how to help out and test.

All the videos from GNOME's GUADEC Conference 2018—which brought together free software enthusiasts from around the world and was held in Almería Spain this past July—are now available at http://videos.guadec.org/2018.

Join the Linux Journal Crusade

Kyle and Mark

Linux Journal has been reporting on Linux every month since version 1.0 in April 1994.

Through the nearly 25 years that have passed since then, Linux has come to support approximately everything an operating system can, while Linux Journal has maintained its status as the leading magazine covering Linux and all Linux does (or at least as much as we can fit into more pages than ever).

Here is where Linux currently stands among the world's operating systems (stats via the Linux Foundation):

  • #1 Internet client (Android).
  • 82% of the smartphone market share (Android again).
  • 100% share of the supercomputer market.
  • 90% share of mainframe customers.
  • 90% of the public cloud workload.
  • 62% of the embedded systems market.
  • #2 to Windows in enterprise.

Linux is also at the base of countless open-source software stacks, which in turn support vast sums of productivity and economic benefit to countless verticals. Telecom, retail, automotive, energy, transportation, medicine, networking, entertainment and pharma are just a few of the big familiar ones.

Linux Journal's coverage has ranged just as widely, but we've also kept faith with the serious developers who made Linux a success in the first place and are still our core readership.

Our monthly issues are big. Where in print we were limited to less than 100 pages per issue, now we tend to run around 160–170 pages. Each issue also features a Deep Dive section, devoted to one topic in-depth, which is like a new ebook within each issue. And although we used to charge for our extensive archive (again, going back to 1994), we now provide access to all paying subscribers. The same subscribers also will get a free topical ebook with each renewal. (Currently it's SysAdmin 101 by our own Kyle Rankin, but we change it regularly.)

After we were acquired (by the parent company of Private Internet Access) early this year, we completely overhauled the LinuxJournal.com website, taking it from Drupal 6 to 8 and redesigning it to maximize simplicity and responsiveness. Our constant aim with the website is to make all our editorial matter (which we won't demean by calling it mere "content") easy and enjoyable to read on all devices. This may be one reason our subscriber base has grown nearly 20% so far this year.

Enter to Win: Daily Giveaways All Week!

Enter to Win

Fun is to be had at Linux Journal this week! Linode is sponsoring Daily Giveaways all week long! 

Monday's giveaway is an ODROID-GO Game Kit. One randomly drawn winner will be chosen from all Monday entrants received before 11:59pm PDT / 6:59am GMT. The winner will be announced tomorrow. Come back Tuesday, Wednesday, Thursday, and so forth for more fun giveaways!

The ODROID-GO Game Kit includes a special ODROID anniversary board with all the parts to put together your own game kit and see the workings behind such a device. It is not only a fun assembly project but also an educational tool to learn about all the hardware and software that goes into building such a device. Editor Kyle Rankin compares Adafruit's PiGRRL Zero vs. Hardkernel's ODROID-GO in this month's issue of Linux Journal -- make sure to check it out!

A special thanks to Linode who offers high performance SSD Linux servers for all of your infrastructure needs. We use Linode cloud hosting ourselves and so do many of our developer friends. Consider supporting Linode the way they support our Linux Journal community. Thanks again friends at Linode!

Linux Mint Debian Edition “Cindy” Released, MyCrypto Inc. Raises $4 Million Series A, John McAffee’s Unhackable Crypto Wallet Hacked, The Linux Foundation Works to Improve Security of Open-Source Code and openSUSE 2019 Registration and Call for Papers

Linux Mint Debian Edition "Cindy" is now available. LDME's goal is to be as similar as possible to Linux Mint, but with a Debian base instead of Ubuntu. See the release notes for more information.

MyCrypto Inc., "an open-source interface for storing, sending, and receiving digital assets", has raised $4 million Series A, CrunchBase reports. The start-up plans to build "the first mass consumer friendly gateway for cryptocurrency users."

In somewhat related news, John McAfee's $120 Android-based unhackable cryptocurrency wallet was hacked again. TechCrunch reports that "Security researchers have now developed a second attack, which they say can obtain all the stored funds from an unmodified Bitfi wallet" and that with this cold-boot attack, "it's possible to steal funds even when a Bitfi wallet is switched off."

The Linux Foundation plans to expand its Core Infrastructure Initiative (CII) to improve the security of open-source code. eWeek notes that CII is "further trying to identify which projects matter to the security of the internet as a whole, rather than taking a broader approach of looking at every single open-source project".

Registration and calls for papers open for openSUSE 2019, which will be held in Nuremberg, Germany, May 24–26, 2019. Submission for calls for papers is open until February 3, 2019, and you can register for the conference up to the day of. Tracks for the conference include, openSUSE, open-source software, cloud and containers, embedded systems, and desktop and applications. Visit https://events.opensuse.org for more information and to register.

Two Portable DIY Retro Gaming Consoles

A look at Adafruit's PiGRRL Zero vs. Hardkernel's ODROID-GO.

If you enjoy retro gaming, there are so many options, it can be tough to know what to get. The choices range from officially sanctioned systems from Nintendo all the way to homemade RetroPie projects like I've covered in Linux Journal in the past. Of course, those systems are designed to be permanently attached to a TV.

But, what if you want to play retro games on the road? Although it's true that you could just connect a gamepad to a laptop and use an emulator, there's something to be said for a console that fits in your pocket like the original Nintendo Game Boy. In this article, I describe two different portable DIY retro gaming projects I've built and compare and contrast their features.

Adafruit PiGRRL Zero

The RetroPie project spawned an incredible number of DIY retro consoles due to how easy and cheap the project made it to build a console out of the widely available and popular Raspberry Pi. Although most of the projects were aimed at home consoles, Adafruit took things a step further and created the PiGRRL project series that combines Raspberry Pis with LCD screens, buttons, batteries and other electronics into a portable RetroPie system that has a similar form factor to the original Game Boy. You buy the kit, print the case and buttons yourself with a 3D printer, and after some soldering, you have a portable console.

The original PiGRRL was based off the Raspberry Pi and was similar in size and shape to the original Game Boy. In the original kit, you also took apart an SNES gamepad, cut the electronics and used it for gamepad electronics. Although you got the benefit of a real SNES gamepad's button feedback, due to that Game Boy form factor, there were no L and R shoulder buttons, and only A and B buttons on the front, so it was aimed at NES and Game Boy games.

The PiGRRL 2 took the original PiGRRL and offered a number of upgrades. First, it was based on the faster Raspberry Pi 2, which could emulate newer systems like the SNES. It also incorporated its own custom gamepad electronics, so you could get A, B, X and Y buttons in the front, plus L and R buttons in the back, while still maintaining the similar Game Boy form factor.

Figure 1. PiGRRL 2

Firefox to Block Tracking by Default, ZeroPhone Project Coming Soon, Google Code-in 2018, OpenStack Releases Version 18 “Rocky” and Greg Kroah-Hartman on Meltdown and Spectre Vulnerabilities

News briefs for August 31, 2018.

Mozilla yesterday announced a different approach to anti-tracking on the internet. Mozilla's new approach means that "in the near future, Firefox will—by default—protect users by blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites." In order to accomplish this, Mozilla has three key initiatives: improve page load performance, remove cross-site tracking and mitigate harmful practices.

ZeroPhone, an "open-source Linux-powered $50 smartphone, is being launched on Crowd Supply. The project is coming soon, and according to its description, "It has no carrier locks, bloated apps, or data mining, and it doesn't depend on big companies." In addition, it's based on Raspberry Pi Zero, ESP8266 and Arduino.

Google announces its Google Code-in (GCI) 2018 contest. The contest begins October 23, 2018 and ends December 12, 2018, and "students ages 13–17 from around the world can learn about open source development by working on real open source projects, with mentorship from active developers." See the Google Code-in 2018 site for information for both students and mentoring organizations.

OpenStack released Rocky, version 18, of the open-source cloud infrastructure software yesterday. According to the release statement, the two main new features are "refinements to Ironic (the bare metal provisioning service) and fast forward upgrades". In addition, version 18 addresses "new user requirements for hardware accelerators, high availability configurations, serverless capabilities, and edge and internet of things (IoT) use cases".

Greg Kroah-Hartman warned attendees at the Open Source Summit North America about the "the severe impact the Meltdown and Spectre CPU vulnerabilities could have on them, as well as detailed how Linux kernel developers are dealing with the flaws", eWeek reports. He also strongly criticized the way Intel initially handled the disclosure.

Firefox to Block Tracking by Default, ZeroPhone Project Coming Soon, Google Code-in 2018, OpenStack Releases Version 18 “Rocky” and Greg Kroah-Hartman on Meltdown and Spectre Vulnerabilities

News briefs for August 31, 2018.

Mozilla yesterday announced a different approach to anti-tracking on the internet. Mozilla's new approach means that "in the near future, Firefox will—by default—protect users by blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites." In order to accomplish this, Mozilla has three key initiatives: improve page load performance, remove cross-site tracking and mitigate harmful practices.

ZeroPhone, an "open-source Linux-powered $50 smartphone, is being launched on Crowd Supply. The project is coming soon, and according to its description, "It has no carrier locks, bloated apps, or data mining, and it doesn't depend on big companies." In addition, it's based on Raspberry Pi Zero, ESP8266 and Arduino.

Google announces its Google Code-in (GCI) 2018 contest. The contest begins October 23, 2018 and ends December 12, 2018, and "students ages 13–17 from around the world can learn about open source development by working on real open source projects, with mentorship from active developers." See the Google Code-in 2018 site for information for both students and mentoring organizations.

OpenStack released Rocky, version 18, of the open-source cloud infrastructure software yesterday. According to the release statement, the two main new features are "refinements to Ironic (the bare metal provisioning service) and fast forward upgrades". In addition, version 18 addresses "new user requirements for hardware accelerators, high availability configurations, serverless capabilities, and edge and internet of things (IoT) use cases".

Greg Kroah-Hartman warned attendees at the Open Source Summit North America about the "the severe impact the Meltdown and Spectre CPU vulnerabilities could have on them, as well as detailed how Linux kernel developers are dealing with the flaws", eWeek reports. He also strongly criticized the way Intel initially handled the disclosure.

FOSS Project Spotlight: Run Remote Tasks on Linux and Windows with Puppet Bolt

puppet bolt icon

Puppet, the company that makes automation software for managing systems and delivering software, has introduced Puppet Bolt, an open-source, agentless multiplatform tool for running commands, scripts, tasks and orchestrated workflows on remote Linux and Windows systems.

The tool, which is freely available as a Linux package, Ruby gem and macOS or Windows installer, is ideal for sysadmins and others who want to perform a wide range of automation tasks on remote bare-metal servers, VMs or cloud instances without the need for any prerequisites. Puppet Bolt doesn't require any previous Puppet know-how. Nor does it require a Puppet agent or Puppet master. It uses only SSH and WinRM (or can piggyback Puppet transports) to communicate and execute tasks on remote nodes.

Despite its simplicity, Puppet Bolt can execute all your existing scripts written in Bash, PowerShell, Python or any other language, stop and start Linux or Windows services, gather information about packages and system facts, or deploy procedural orchestrated workflows, otherwise known as plans. You can do all this right from your workstation or laptop.

For those already using open-source Puppet or Puppet Enterprise, Puppet Bolt enables you to take advantage of the more than 5,700 modules available in the Puppet Forge for everything from deploying database servers to setting up Docker or Kubernetes. You also can query PuppetDB directly with Puppet Bolt.

Install Puppet Bolt and Run Some Tasks

You also can install Puppet Bolt with apt or yum once you add the Puppet repositories:


$ sudo apt install puppet-bolt

You can install Puppet Bolt on Windows with the available .msi, or if you're running Bash on Windows 10, by using the Linux instructions for the flavor you installed. Follow the link in the Resources section to see detailed installation instructions for your favorite platform.

If you're running Ruby (and have gcc and make on your workstation), you can get Puppet Bolt up and running in moments with the simple command:


$ gem install bolt

In just a few minutes, you're now ready to start running one-off commands, tasks, scripts or plans. Puppet Bolt is perfect for troubleshooting or deploying quick changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment. See the built-in Puppet Bolt commands by running:


$ bolt help

Figure 1. Built-in Puppet Bolt Commands

A typical Puppet Bolt command looks like this:

FOSS Project Spotlight: Run Remote Tasks on Linux and Windows with Puppet Bolt

puppet bolt icon

Puppet, the company that makes automation software for managing systems and delivering software, has introduced Puppet Bolt, an open-source, agentless multiplatform tool for running commands, scripts, tasks and orchestrated workflows on remote Linux and Windows systems.

The tool, which is freely available as a Linux package, Ruby gem and macOS or Windows installer, is ideal for sysadmins and others who want to perform a wide range of automation tasks on remote bare-metal servers, VMs or cloud instances without the need for any prerequisites. Puppet Bolt doesn't require any previous Puppet know-how. Nor does it require a Puppet agent or Puppet master. It uses only SSH and WinRM (or can piggyback Puppet transports) to communicate and execute tasks on remote nodes.

Despite its simplicity, Puppet Bolt can execute all your existing scripts written in Bash, PowerShell, Python or any other language, stop and start Linux or Windows services, gather information about packages and system facts, or deploy procedural orchestrated workflows, otherwise known as plans. You can do all this right from your workstation or laptop.

For those already using open-source Puppet or Puppet Enterprise, Puppet Bolt enables you to take advantage of the more than 5,700 modules available in the Puppet Forge for everything from deploying database servers to setting up Docker or Kubernetes. You also can query PuppetDB directly with Puppet Bolt.

Install Puppet Bolt and Run Some Tasks

You also can install Puppet Bolt with apt or yum once you add the Puppet repositories:


$ sudo apt install puppet-bolt

You can install Puppet Bolt on Windows with the available .msi, or if you're running Bash on Windows 10, by using the Linux instructions for the flavor you installed. Follow the link in the Resources section to see detailed installation instructions for your favorite platform.

If you're running Ruby (and have gcc and make on your workstation), you can get Puppet Bolt up and running in moments with the simple command:


$ gem install bolt

In just a few minutes, you're now ready to start running one-off commands, tasks, scripts or plans. Puppet Bolt is perfect for troubleshooting or deploying quick changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment. See the built-in Puppet Bolt commands by running:


$ bolt help

Figure 1. Built-in Puppet Bolt Commands

A typical Puppet Bolt command looks like this:

Google Hands Off Kubernetes to the Cloud Native Computing Foundation, Kinetica Joins Automotive Grade Linux, NordVPN Releases NordVPN Linux App, Storj Labs Announces The Open Source Partner Program and Update on Librem 5 Phone

News briefs for August 30, 2018.

Google is handing over control of the Kubernetes project to the Cloud Native Computing Foundation. According to the TechCrunch post, Google is providing the foundation $9 million in Google Cloud credits to help cover the costs of building, testing and distributing the software.

Kinetica, "the insight engine for the Extreme Data Economy", is "taking steps to bring advanced analytics, artificial intelligence and its GPU engine to the global automotive industry" and becoming a silver member of The Linux Foundation and a bronze member of Automotive Grade Linux. Kinetica also has announced it is releasing Mapbox, its location data platform for mobile and web applications, to the Open Source community.

NordVPN recently released the NordVPN Linux app. This dedicated app for Linux makes it even easier to install the VPN on your machine. For more information and to download, visit the NordVPN for Linux download page.

Storj Labs, a decentralized cloud storage company, has announced The Open Source Partner Program, "a partnership that will enable open-source projects to generate revenue when their users store data in the cloud". According to ZDNet, Storj's executive chairman Ben Golub calls Storj Labs' decentralized storage technology "AirBnB for hard drives", and says that "the Storj network, unlike conventional cloud storage, will provide a sustaining revenue stream to open-source projects using the Storj network." It plans to give 60% of its gross revenue to the storage farmers and split the remaining 40% with open-source developers.

Purism yesterday provided an update on the development of its Chatty chat application for the Librem 5 phone. According to the post, "At the moment Chatty can perform some basic (and arguably most difficult task of) send and receive operations with SMS via ModemManager and a SIMCOM modem, as well as with XMPP/OMEMO messages via libpurple and the lurch plugin."

Google Hands Off Kubernetes to the Cloud Native Computing Foundation, Kinetica Joins Automotive Grade Linux, NordVPN Releases NordVPN Linux App, Storj Labs Announces The Open Source Partner Program and Update on Librem 5 Phone

News briefs for August 30, 2018.

Google is handing over control of the Kubernetes project to the Cloud Native Computing Foundation. According to the TechCrunch post, Google is providing the foundation $9 million in Google Cloud credits to help cover the costs of building, testing and distributing the software.

Kinetica, "the insight engine for the Extreme Data Economy", is "taking steps to bring advanced analytics, artificial intelligence and its GPU engine to the global automotive industry" and becoming a silver member of The Linux Foundation and a bronze member of Automotive Grade Linux. Kinetica also has announced it is releasing Mapbox, its location data platform for mobile and web applications, to the Open Source community.

NordVPN recently released the NordVPN Linux app. This dedicated app for Linux makes it even easier to install the VPN on your machine. For more information and to download, visit the NordVPN for Linux download page.

Storj Labs, a decentralized cloud storage company, has announced The Open Source Partner Program, "a partnership that will enable open-source projects to generate revenue when their users store data in the cloud". According to ZDNet, Storj's executive chairman Ben Golub calls Storj Labs' decentralized storage technology "AirBnB for hard drives", and says that "the Storj network, unlike conventional cloud storage, will provide a sustaining revenue stream to open-source projects using the Storj network." It plans to give 60% of its gross revenue to the storage farmers and split the remaining 40% with open-source developers.

Purism yesterday provided an update on the development of its Chatty chat application for the Librem 5 phone. According to the post, "At the moment Chatty can perform some basic (and arguably most difficult task of) send and receive operations with SMS via ModemManager and a SIMCOM modem, as well as with XMPP/OMEMO messages via libpurple and the lurch plugin."

Supporting the NDS32 Architecture

Green Hu posted a patch to support the NDS32 architecture. He described the current status as, "It is able to boot to shell and passes most LTP-2017 testsuites in nds32 AE3XX platform."

Arnd Bergmann approved the patch, but Linus Torvalds wanted a little more of a description—an overview of the "uses, quirks, reasons for existing" for this chip, to include in the changelog.

Arnd replied:

The non-marketing description is that this is a fairly conventional (in a good way) low-end RISC architecture that is usually integrated into custom microcontroller and SoC designs, competing with the similar ARM32, ARC, MIPS32, RISC-V, Xtensa and (currently under review) C-Sky architectures that occupy the same space. The most interesting bit from my perspective is that Andestech are already selling a new generation of CPU cores that are based on 32-bit and 64-bit RISC-V, but are still supporting enough customers on the existing cores to invest in both.

And Green also said:

Andes nds32 architecture supports Linux for Andes's N10, D10, N13, N15, D15 processor cores.

Based on the patented 16/32-bit AndeStar RISC-like architecture, we designed the configurable AndesCore series of embedded processor families. AndesCores range from highly performance-efficient small-footprint cores for microcontrollers and deeply-embedded applications to 1GHz+ cores running Linux, covering general-purpose N-series cores for a wide range of computing needs; DSP-capable D-series cores for digital signal control; instruction-extensible E-series cores for application-specific acceleration; and secure S-series cores for best protection of the most valuable.

Our customers together have shipped over 2.5 billion SoCs with Andes processors embedded (including non-MMU IP cores). It will help our customers to get better Linux support if we are merged into mainline.

It looks like there's no controversy over this port, and it should fly into the main tree. One reason for the easy adoption is that it doesn't touch any other part of the kernel—if the patch breaks anything, it'll break only that one architecture, so there's very little risk in letting Green make his own choices about what to include and what to leave out. Linus's main threshold will probably be, does it compile? If yes, then it's okay to go in.

Supporting the NDS32 Architecture

Green Hu posted a patch to support the NDS32 architecture. He described the current status as, "It is able to boot to shell and passes most LTP-2017 testsuites in nds32 AE3XX platform."

Arnd Bergmann approved the patch, but Linus Torvalds wanted a little more of a description—an overview of the "uses, quirks, reasons for existing" for this chip, to include in the changelog.

Arnd replied:

The non-marketing description is that this is a fairly conventional (in a good way) low-end RISC architecture that is usually integrated into custom microcontroller and SoC designs, competing with the similar ARM32, ARC, MIPS32, RISC-V, Xtensa and (currently under review) C-Sky architectures that occupy the same space. The most interesting bit from my perspective is that Andestech are already selling a new generation of CPU cores that are based on 32-bit and 64-bit RISC-V, but are still supporting enough customers on the existing cores to invest in both.

And Green also said:

Andes nds32 architecture supports Linux for Andes's N10, D10, N13, N15, D15 processor cores.

Based on the patented 16/32-bit AndeStar RISC-like architecture, we designed the configurable AndesCore series of embedded processor families. AndesCores range from highly performance-efficient small-footprint cores for microcontrollers and deeply-embedded applications to 1GHz+ cores running Linux, covering general-purpose N-series cores for a wide range of computing needs; DSP-capable D-series cores for digital signal control; instruction-extensible E-series cores for application-specific acceleration; and secure S-series cores for best protection of the most valuable.

Our customers together have shipped over 2.5 billion SoCs with Andes processors embedded (including non-MMU IP cores). It will help our customers to get better Linux support if we are merged into mainline.

It looks like there's no controversy over this port, and it should fly into the main tree. One reason for the easy adoption is that it doesn't touch any other part of the kernel—if the patch breaks anything, it'll break only that one architecture, so there's very little risk in letting Green make his own choices about what to include and what to leave out. Linus's main threshold will probably be, does it compile? If yes, then it's okay to go in.

Mozilla’s Firefox Nightly Experiment Results, EFF’s Back to School Tips, HHVM 3.28 Released, Oracle Solaris 11.4 Now Available and Dropbox Vulnerability Discovered

News briefs for August 29, 2018.

Mozilla posted the results of its planned Firefox nightly experiment involving secure DNS via the DNS over HTTPS (DoH) protocol. The experiment focused on two questions: "Does the use of a cloud DNS service perform well enough to replace traditional DNS?" and "Does the use of a cloud DNS service create additional connection errors?" See the Mozilla Blog for details.

The EFF yesterday posted its Back to School Essentials for Security—great tips whether or not you're currently a student.

HHVM 3.28 was released yesterday. This new release of the open-source virtual machine for executing programs written in Hack and PHP "contains new language features, bugfixes, performance improvements, and improvements to the debugger and editor/IDE support."

Oracle Solaris 11.4 has been released. Scott Lynn, Director of Product Management, Oracle Linux and Oracle Solaris, writes "There have been 175 development builds to get us to Oracle Solaris 11.4. We've tested Oracle Solaris 11.4 for more than 30 million machine hours. Over 50 customers have already put Oracle Solaris 11.4 into production and it already has more than 3000 applications certified to run on it. Oracle Solaris 11.4 is the first and, currently, the only operating system that has completed UNIX V7 certification."

A vulnerability in Microsoft's cloud storage solution Dropbox was discovered recently. According to Appuals, this DLL hijacking and code execution vulnerability affects Dropbox's version 54.5.90, and "a user whose device is undergoing this exploit won't realize it until the process has been exploited to inject malware into the system. The DLL injection and execution runs in the background without requiring any user input to run its arbitrary code."

Mozilla’s Firefox Nightly Experiment Results, EFF’s Back to School Tips, HHVM 3.28 Released, Oracle Solaris 11.4 Now Available and Dropbox Vulnerability Discovered

News briefs for August 29, 2018.

Mozilla posted the results of its planned Firefox nightly experiment involving secure DNS via the DNS over HTTPS (DoH) protocol. The experiment focused on two questions: "Does the use of a cloud DNS service perform well enough to replace traditional DNS?" and "Does the use of a cloud DNS service create additional connection errors?" See the Mozilla Blog for details.

The EFF yesterday posted its Back to School Essentials for Security—great tips whether or not you're currently a student.

HHVM 3.28 was released yesterday. This new release of the open-source virtual machine for executing programs written in Hack and PHP "contains new language features, bugfixes, performance improvements, and improvements to the debugger and editor/IDE support."

Oracle Solaris 11.4 has been released. Scott Lynn, Director of Product Management, Oracle Linux and Oracle Solaris, writes "There have been 175 development builds to get us to Oracle Solaris 11.4. We've tested Oracle Solaris 11.4 for more than 30 million machine hours. Over 50 customers have already put Oracle Solaris 11.4 into production and it already has more than 3000 applications certified to run on it. Oracle Solaris 11.4 is the first and, currently, the only operating system that has completed UNIX V7 certification."

A vulnerability in Microsoft's cloud storage solution Dropbox was discovered recently. According to Appuals, this DLL hijacking and code execution vulnerability affects Dropbox's version 54.5.90, and "a user whose device is undergoing this exploit won't realize it until the process has been exploited to inject malware into the system. The DLL injection and execution runs in the background without requiring any user input to run its arbitrary code."

Creating the Concentration Game PAIRS with Bash

bash

Exploring the nuances of writing a pair-matching memory game and one-dimensional arrays in Bash.

I've always been a fan of Rudyard Kipling. He wrote some great novels and stories, mostly about British colonial-era India. Politically correct in our modern times? Not so much, but still, his books are good fun for readers and still are considered great literature of its time. His works include The Jungle Book, Captains Courageous, The Just So Stories and The Man Who Would Be King, among many others.

He also wrote a great spy novel about a young English boy who is raised as an Indian native and thence recruited by the British government as a spy. The boy's name is the title of the book: Kim. In the story, Kim is trained to have an eidetic memory with a memory game that involves being shown a tray of stones of various shapes, sizes and colors. Then it's hidden, and he has to recite as many patterns as he can recall.

For some reason, that scene has always stuck with me, and I've even tried to teach my children to be situationally aware through similar games like "Close your eyes. Now, what color was the car that just passed us?" Since most of us are terrible observers (see, for example, how conflicting eyewitness accident reports can be), it's undoubtedly good practice for general observations about life.

Although it's tempting to try to duplicate this memory game as a program, the reality is that with just a shell script, it would be difficult. Perhaps you display a random pattern of letters and digits in a grid, then clear the screen, then ask the user to enter patterns, but that's really much more of a game for a screen-oriented, graphical application—not shell scripts.

But, there's a simplified version of this that you can play with a deck of cards: Concentration. You've probably played it yourself at some point in your life. You place the cards face down in a grid and then flip up two at a time to try to find pairs. At the beginning, it's just random guessing, but as the game proceeds, it becomes more about your spatial memory, and by the end, good players know what just about every unflipped card is at the beginning of their turn.

Designing PAIRS

That, of course, you can duplicate as a shell script, and since it is going to be a shell script, you also can make the number of pairs variable. Let's call this game PAIRS.

As a minimum, let's go with four pairs, which should make debugging easy. Since there's no real benefit to duplicating playing card values, it's just as easy to use letters, which means a max of 26 pairs, or 52 slots. Not every value is going to produce a proper spread or grid, but if you aim for 13 per line, players then can play with anywhere from 1–4 lines of possibilities.

Creating the Concentration Game PAIRS with Bash

bash

Exploring the nuances of writing a pair-matching memory game and one-dimensional arrays in Bash.

I've always been a fan of Rudyard Kipling. He wrote some great novels and stories, mostly about British colonial-era India. Politically correct in our modern times? Not so much, but still, his books are good fun for readers and still are considered great literature of its time. His works include The Jungle Book, Captains Courageous, The Just So Stories and The Man Who Would Be King, among many others.

He also wrote a great spy novel about a young English boy who is raised as an Indian native and thence recruited by the British government as a spy. The boy's name is the title of the book: Kim. In the story, Kim is trained to have an eidetic memory with a memory game that involves being shown a tray of stones of various shapes, sizes and colors. Then it's hidden, and he has to recite as many patterns as he can recall.

For some reason, that scene has always stuck with me, and I've even tried to teach my children to be situationally aware through similar games like "Close your eyes. Now, what color was the car that just passed us?" Since most of us are terrible observers (see, for example, how conflicting eyewitness accident reports can be), it's undoubtedly good practice for general observations about life.

Although it's tempting to try to duplicate this memory game as a program, the reality is that with just a shell script, it would be difficult. Perhaps you display a random pattern of letters and digits in a grid, then clear the screen, then ask the user to enter patterns, but that's really much more of a game for a screen-oriented, graphical application—not shell scripts.

But, there's a simplified version of this that you can play with a deck of cards: Concentration. You've probably played it yourself at some point in your life. You place the cards face down in a grid and then flip up two at a time to try to find pairs. At the beginning, it's just random guessing, but as the game proceeds, it becomes more about your spatial memory, and by the end, good players know what just about every unflipped card is at the beginning of their turn.

Designing PAIRS

That, of course, you can duplicate as a shell script, and since it is going to be a shell script, you also can make the number of pairs variable. Let's call this game PAIRS.

As a minimum, let's go with four pairs, which should make debugging easy. Since there's no real benefit to duplicating playing card values, it's just as easy to use letters, which means a max of 26 pairs, or 52 slots. Not every value is going to produce a proper spread or grid, but if you aim for 13 per line, players then can play with anywhere from 1–4 lines of possibilities.

3D-Printed Firearms Are Blowing Up

What's the practical risk with 3D-printed firearms today? In this opinion piece, Kyle explores the current state of the art.

If you follow 3D printing at all, and even if you don't, you've likely seen some of the recent controversy surrounding Defense Distributed and its 3D-printed firearm designs. If you haven't, here's a brief summary: Defense Distributed has created 3D firearm models and initially published them for free on its DEFCAD website a number of years ago. Some of those 3D models were designed to be printed with a traditional home hobbyist 3D printer (at least in theory), and other designs were for Defense Distributed's "Ghost Gunner"—a computer-controlled CNC mill aimed at milling firearm parts out of metal stock. The controversy that ensued was tied up in the general public debate about firearms, but in particular, a few models got the most attention: a model of an AR-15 lower receiver (the part of the rifle that carries the serial number) and "the Liberator", which was a fully 3D-printed handgun designed to fire a single bullet. The end result was that the DEFCAD site was forced to go offline (but as with all website take-downs, it was mirrored a million times first), and Defense Distributed has since been fighting the order in court.

The political issues raised in this debate are complicated, controversial and have very little to do with Linux outside the "information wants to be free" ethos in the community, so I leave those debates for the many other articles on this issue that already have been published. Instead, in this article, I want to use my background as a hobbyist 3D printer and combine it with my background in security to build a basic risk assessment that cuts through a lot of the hype and political arguments on all sides. I want to consider the real, practical risks with the 3D models and the current Ghost Gunner CNC mill that Defense Distributed provides today. I focus my risk assessment on three main items: the 3D-printed AR-15 lower receiver, the Liberator 3D-printed handgun and the Ghost Gunner CNC mill.

3D-Printed AR-15 Lower Receiver

This 3D model was one of the first items Defense Distributed shared on DEFCAD. In case you aren't familiar with the AR-15, its modular design is one of the reasons for its popularity. Essentially every major part of the rifle has numerous choices available that are designed to integrate with the rest of the rifle, and you can find almost all of the parts you need to assemble this rifle online, order them independently, and then build your own—that is, except for the lower receiver. That part of the rifle is what the federal government considers "the rifle", as it is the part that's stamped with the serial number that uniquely identifies and registers one particular rifle versus all of the others out there in the world. This part has restrictions like you would find with a regular rifle, revolver or other firearm.