Collabora Announces xrdesktop, Blender 2.8 Released, Arduino Selects Auth0 as Its Identity Management Platform of Choice, Microway Showcasing Its Data Science WhisperStation at PEARC19 and KDE Plasma Maintenance Update

News briefs for July 31, 2019.

Collabora yesterday announced xrdesktop. This new open-source project "enables interaction with traditional desktop environments, such as GNOME and KDE, in VR. Sponsored by Valve, xrdesktop makes window managers aware of VR and is able to use VR runtimes to render desktop windows in 3D space, with the ability of manipulating them with VR controllers and generating mouse and keyboard input from VR." See the wiki for instructions on how to install xrdesktop.

Blender 2.80 has been released. This new version "features a redesigned user interface that puts the focus on the artwork that you create. A new dark theme and modern icon set were introduced. Keyboard, mouse and tablet interaction got a refresh with left click select as the new default. Quick Favorites menus provide rapid access to often-used tools." See the Release Notes for details.

Auth0 announces Arduino has selected Auth0 as its identity management platform of choice. Auth0 will be replacing Arduino's own Single Sign On solution for all of its public-facing web properties. From the announcment: "Arduino discovered its homegrown authentication solution would not scale to meet the rapidly developing needs of its growing global community, and reached out to Auth0. In addition to Single Sign On, Arduino will take advantage of Auth0's new Universal Login, which enables developers to completely customise their branded authentication experiences quickly, and Device Flow for browserless or input-constrained devices."

Microway is showcasing its Data Science WhisperStation, a Unique Ultra-Quiet NVIDIA Data Science Workstation, at PEARC19 in Chicago this week (ending on August 1st). From the press release: "Up to 10 times faster than CPU solutions from data preparation to result, the Data Science WhisperStation helps data scientists, analysts, and engineers transform massive datasets into insights in less time." You can learn more about PEARC here, and more about the Data Science WhispterStation here.

KDE released the fourth maintenance update to the latest KDE Plasma 5.16 desktop environment. The release adds three weeks' worth of new translations and a few bug fixes, which are small but important. See the full changelog for details.

Continuous Integration/Continuous Development with FOSS Tools

Image from Brian Ho on Unsplash

Up your DevOps game! Get the fundamentals of CI/CD with FOSS tools now!

One of the hottest topics within the DevOps space is Continuous Integration and Continuous Deployment (CI/CD). This attention has drawn lots of investment dollars, and a vast array of proprietary Software As A Service (SaaS) tools have been created in the CI/CD space, which traditionally has been dominated by free open-source software (FOSS) tools. Is FOSS still the right choice with the low cost of many of these SaaS options?

It depends. In many cases, the cost of self-hosting these FOSS tools will be greater than the cost to use a non-FOSS SaaS option. However, even in today's cloud-centric and SaaS-saturated world, you may have good reasons to self-host FOSS. Whatever those reasons may be, just don't forget that "Free" isn't free when it comes to keeping a service running reliably 24/7/365. If you're looking at FOSS as a means to save money, make sure you account for those costs.

Even with those costs accounted for, FOSS still delivers a lot of value, especially to small and medium-sized organizations that are taking their first steps into DevOps and CI/CD. Starting with a commercialized FOSS product is a great middle ground. It gives a smooth growth path into the more advanced proprietary features, allowing you to pay for those only once you need them. Often called Open Core, this approach isn't universally loved, but when applied well, it has allowed for a lot of value to be created for everyone involved.

An Embarrassment of Riches

The DevOps concept exploded in the past several years. The term quickly saturated the mainstream technology industry. With this increased mindshare comes a corresponding increase in the number of tools available to accomplish DevOps-related tasks. That's a blessing and a curse as a DevOps practitioner. Thanks to the endless buffet of options, you're sure to find something that meets your needs, but to a newcomer, the multitude of choices is overwhelming. Combine that with the vast scope of tasks that fall under the DevOps umbrella and the competing claims of "best" from all sides, and you have a recipe for paralysis. A good place for finding tools and filtering by a variety of criteria is DevOpsBookmarks.com. The content is all open source, and the maintainers are diligent about merging contributions, but it hasn't seen a lot of updates lately. Despite that, it makes a great jumping off point. If you find something noteworthy that should be included, a pull request would be appreciated!

Linux Ending Support for the Floppy Drive, Unity 2019.2 Launches Today, Purism Unveils Final Librem 5 Smartphone Specs, First Kernel Security Update for Debian 10 “Buster” Is Out, and Twitter Is Switching from Mesos to Kubernetes

News briefs for July 30, 2019

Linux won't support the floppy drive much longer. ZDNet reports that Linus Torvalds has "declared the floppy drive project 'orphaned'". The article quotes Linus: "Actual working physical floppy hardware is getting hard to find, and while Willy was able to test this, I think the driver can be considered pretty much dead from an actual hardware standpoint. The hardware that is still sold seems to be mainly USB-based, which doesn't use this legacy driver at all."

Unity 2019.2 launches today. From the Unity blog: "We have over 1000 developers dedicated to extending and improving Unity for you. In this release, you get more than 170 new features and enhancements for artists, designers, and programmers. We've updated ProBuilder, Shader Graph, 2D Animation, Burst Compiler, UI Elements, and many more." See this video for more details on all the new features, and go here to download.

Purism has unveiled the final specs for the Librem 5 Smartphone, which should begin shipping in Q3 2019 (Display: 5.7" IPS TFT screen @ 720x1440; Processor: i.MX8M Quad Core max. 1.5GHz; Memory: 3GB; Storage: 32GB eMMC internal storage—see the post for the rest). If you pre-order before July 31st, you'll get the early-bird discount price of $649.

The first kernel security update for Debian GNU/Linux 10 "Buster" is now available. According to Softpedia News, the update addresses security flaw CVE-2019-13272. Jann Horn of Google Project Zero "discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios". The issue affects older versions of Debian as well, so all users should update now.

Twitter is switching from Mesos to Kubernetes. Zhang Lei, Senior Technical Expert on Alibaba Cloud Container Platform and Co-maintainer of Kubernetes Project, writes "with the popularity of cloud computing and the rise of cloud-based containerized infrastructure projects like Kubernetes, this traditional Internet infrastructure starts to show its age—being a much less efficient solution compared with that of Kubernetes". See Zhang's post for some background history and more details on the move.

Bash Shell Games: Let’s Play Go Fish!

How to begin developing a computer version of the popular card game.

Between the previous 163 columns I've written here in Linux Journal and the dozens of games I programmed and explored during the creation of my Wicked Cool Shell Scripts book, I've written a lot of Bash shell games. The challenge is to find one that's simple enough where a shell script will work, but isn't so simple that it ends up being only a half-dozen lines.

Magic 8-Ball is a perfect example. It turns out that the entire "predict the future" gizmo was really just a 20-sided die floating in dark purple fluid. So an array of 20 possible values and a random number selector and boom—you've got a magic 8-ball script:


#!/bin/sh

# magic 8 ball. Yup. Pick a random number, output message

# messages harvested from the Wikipedia entry

answers=("It is certain." "It is decidedly so."
  "Without a doubt." "Yes - definitely."
  "You may rely on it." "As I see it, yes." "Most likely."
  "Outlook good." "Yes." "Signs point to yes."
  "Reply hazy, try again." "Ask again later."
  "Better not tell you now." "Cannot predict now."
  "Concentrate and ask again." "Don't count on it."
  "My reply is no." "My sources say no."
  "Outlook not so good." "Very doubtful.")

echo "Oh! Magic 8 Ball, Please Tell Me True..." ; echo ""
/bin/echo -n "What is your question? "
read question

answer=$(( $RANDOM % 20 ))

echo ""
echo "I have looked into the future and I say: "
echo "     ${answers[$answer]}" ; echo ""

exit 0

Let's do a quick run to see if I'm the most popular LJ writer:


$ sh magic8.sh
Oh! Magic 8 Ball, Please Tell Me True...

What is your question? Am I the most popular LJ writer?

I have looked into the future and I say:
     My reply is no.

Ouch, that's harsh. I write the darn divination program, and it just drops a brick on my foot. Yeesh.

More seriously, Magic 8 Ball is too simple to make an interesting shell script. By contrast, Call of Duty is way too complex, even if I did a version with text output instead of gorgeously rendered 3D graphics.

Card Game Function Library

That's why card games prove to be good as programming challenges or exercises: the core mechanism of a 52-card random deck is pretty straightforward, so it's all about the actual cardplay.

Not only that, but as I've written before about card games as shell scripts, I already have a handy set of functions to create, shuffle and display cards out of a deck. If you want to rummage in the archives, I've tackled Acey-Deucey, Baccarat and some bits and pieces of Cribbage.

In order to jump right into the new game that I'm going to describe how to build, Go Fish!, let's steal the following functions from my earlier scripts:

Kernel 5.3-rc2 Is Out, Latte Doc v0.9 Officially Available, GitHub Blocking Developers from Certain Countries, the Khronos Group Announces the Public Release of OpenXR 1.0, and Netflix Joins the Academy Software Foundation

News briefs for July 29, 2019.

Linux kernel 5.3-rc2 is out. Linus Torvalds writes, "There are fixes all over, I don't think there's much of a pattern here. The three areas that do stand out are Documentation (more rst conversions), arch updates (mainly because of the netx arm platform removal) and misc driver fixes (gpu, iommu, net, nvdimm, sound ..). But there's a smattering of fixes all over (core kernel, netfilter, filesystems, you name it). I don't think anything stands out as particularly damning."

Latte Dock v0.9 stable is now officially available after a full year of development. This version includes many improvements and enhancements, such as new colors painting, new indicators, multiple layouts, flexible settings and more. You can get Latte Dock from download.kde.org or from store.kde.org.

GitHub confirms that it has blocked developers from certain countries in compliance with US export law. TechCrunch reports that "GitHub, the world's largest host of source code, is preventing users in Iran, Syria, Crimea and potentially other sanctioned nations from accessing portions of the service, chief executive of the Microsoft-owned firm said." The article also quotes a tweet from Nat Friedman over the weekend: "It is painful for me to hear how trade restrictions have hurt people. We have gone to great lengths to do no more than what is required by the law, but of course people are still affected. GitHub is subject to US trade law, just like any company that does business in the US."

The Khronos Group today announced "the ratification and public release of the OpenXR 1.0 specification together with publicly available implementations and substantial ecosystem momentum. OpenXR is a unifying, royalty-free, open standard that provides high-performance, cross-platform access to virtual reality (VR) and augmented reality (AR)—collectively known as XR—platforms and devices." You can get the specification at Khronos.org or via GitHub.

Netflix has joined the Academy Software Foundation. According to the press release, Netflix has joined the ASWF—"a neutral forum for open source software development in the motion picture and media industries"—as a member. In addition, OpenTimelineIO has been accepted as a hosted project, and it's one of the first projects Netflix will contribute to. From the press release: "OpenTimelineIO (OTIO) is an Open Source API and interchange format that facilitates collaboration and communication of editorial data and timeline information between a studio's Story, Editorial, and Production departments all the way through Post-Production."

Python’s Mypy: Callables and Generators

Python

Learn how Mypy's type checking works with functions and generators.

In my last two articles I've described some of the ways Mypy, a type checker for Python, can help identify potential problems with your code. [See "Introducing Mypy, an Experimental Optional Static Type Checker for Python" and "Python's Mypy—Advanced Usage".] For people (like me) who have enjoyed dynamic languages for a long time, Mypy might seem like a step backward. But given the many mission-critical projects being written in Python, often by large teams with limited communication and Python experience, some kind of type checking is an increasingly necessary evil.

It's important to remember that Python, the language, isn't changing, and it isn't becoming statically typed. Mypy is a separate program, running outside Python, typically as part of a continuous integration (CI) system or invoked as part of a Git commit hook. The idea is that Mypy runs before you put your code into production, identifying where the data doesn't match the annotations you've made to your variables and function parameters.

I'm going to focus on a few of Mypy's advanced features here. You might not encounter them very often, but even if you don't, it'll give you a better picture of the complexities associated with type checking, and how deeply the Mypy team is thinking about their work, and what tests need to be done. It'll also help you understand more about the ways people do type checking, and how to balance the beauty, flexibility and expressiveness of dynamic typing with the strictness and fewer errors of static typing.

Callable Types

When I tell participants in my Python classes that everything in Python is an object, they nod their heads, clearly thinking, "I've heard this before about other languages." But then I show them that functions and classes are both objects, and they realize that Python's notion of "everything" is a bit more expansive than theirs. (And yes, Python's definition of "everything" isn't as wide as Smalltalk's.)

When you define a function, you're creating a new object, one of type "function":


>>> def foo():
...     return "I'm foo!"

>>> type(foo)


Similarly, when you create a new class, you're adding a new object type to Python:


>>> class Foo():
...     pass

>>> type(Foo)


It's a pretty common paradigm in Python to write a function that, when it runs, defines and runs an inner function. This is also known as a "closure", and it has a few different uses. For example, you can write:

Icinga 2 Version 2.11 Release Candidate Announced, Pinebook Pro Available for Pre-Order, Sailfish OS 3.1 Seitseminen Released, VirtualBox 6.0.10 Is Out, and It’s National Sysadmin Day

News briefs for July 26, 2019.

The Icinga team announces a release candidate for Icinga 2 version 2.11. Main improvements in Icinga 2.11 include a rewritten network stack, improved cluster sync, self-healing and debugging docs, and much more. See the Icinga blog for more details.

The Pinebook Pro is now available for pre-order. It's FOSS reports that "The new Pinebook Pro is capable of playing 4K videos and performs as a decent low-end desktop computer like Raspberry Pi 4." It comes with Debian as the default OS, and Chromium OS and Android 9 also are available. It costs $199.99, and you can pre-order from here. Pine64 notes that "When fulfilling the purchase, please bear in mind that we are offering the Pinebook Pro at this price as a community service to PINE64, Linux and BSD communities. We make no profit from selling these units."

Sailfish OS Seitseminen is now available. Sailfish OS 3.1 is the biggest update since the launch of Sailfish 3 a year ago, and it's named after Seitseminen National Park. This version "brings redesigns to core apps such as People, Phone, Messages and Clock. Other areas that have been improved include; Document viewers, Email, Calendar, Dual SIM Card viewer information and Gallery gestures which have been improved." Security improvements include filesystem encryption support, "fingerprint authentication support for XA2 devices, updates to VPN to increase the security of your traffic from the first moment you use your phone and added protection to many system APIs and functionalities."

VirtualBox 6.0.10 was released recently. According to Softpedia News, this version fixes various issues and includes "some notable changes for Linux-based operating systems, especially Ubuntu and Debian GNU/Linux hosts, which received support for UEFI Secure Boot driver signing. Additionally, Linux hosts got better support for various kernels on Debian GNU/Linux and Fedora systems." Go here to download.

Last but not least, Happy SysAdmin Day!

Simplifying Function Tracing for the Modern GCC

Steven Rostedt wanted to do a little housekeeping, specifically with the function tracing code used in debugging the kernel. Up until then, the kernel could enable function tracing using either GCC's -pg flag or a combination of -pg and -mfentry. In each case, GCC would create a special routine that would execute at the start of each function, so the kernel could track calls to all functions. With just -pg, GCC would create a call to mcount() in all C functions, although with -pg coupled with -mfentry, it would create a call to fentry().

Steven pointed out that using -mfentry was generally regarded as superior, so much so that the kernel build system always would choose it over the mcount() alternative by testing GCC at compile time to see if it actually supported that command-line argument.

This is all very normal. Since any user might have any version of a given piece of software in the toolchain, or a variety of different CPUs and so on, each with different capabilities, the kernel build system runs many tests to identify the best available features that the kernel will be able to rely on.

But in this case, Steven noticed that for Linux version 4.19, Linus Torvalds had agreed to bump the minimum supported GCC version to 4.6. Coincidentally, as Steven now pointed out, GCC version 4.6 was the first to support the -mfentry argument. And, this was his point—all supported versions of GCC now supported the better function tracing option, and so there was no need for the kernel build system to cling to the mcount() implementation at all.

Steven posted a patch to rip it out by the roots.

Peter Zijlstra gave his support for this plan, as did Jiri Kosina. And, Jiri in particular spat upon the face of the mcount() solution.

Linus also liked Steven's patch, and he pointed out that with mcount() out of the picture, there were several more areas in the kernel that had existed simply to help choose between mcount() and fentry(), and that those now also could be removed. But Steven replied that, although yes this should be done, he still wanted to do split it up into a separate patch, for cleanliness' sake.

PHP 7.4.0beta1 Released, HypriotOS 1.11.0 Now Available, ALA Asks LinkedIn Learning to Change Terms of Service that Jeopardize Privacy Rights, Red Hat Announces RHEL 8.1 Beta and The Forbidden Arts Coming to Linux

News briefs for July 25, 2019.

PHP 7.4.0beta1 has been released, marking the first beta of PHP 7.4. Go here to see the list of changes, and go here to download. Note that this is an early test version and not intended for use in production. The next release, Beta 2, is scheduled for August 8th.

HypriotOS 1.11.0, "the fastest way to get Docker up and running on any Raspberry Pi", is now available. This release features the latest Docker 19.03.0 Community Edition, is up to date with Raspbian Lite Buster and includes support for the entire Raspberry Pi family and more. See the release notes for further details.

The American Library Association urges LinkedIn Learning to change terms of service that impact user privacy rights. From the press release: "LinkedIn Learning—formerly Lynda.com, a platform used by libraries to provide online learning opportunities to library users—plans to make substantial changes to its terms of service that would significantly impair library users' privacy rights. Under LinkedIn Learning's new terms of service, a library cardholder will need to create a LinkedIn profile in order to access LinkedIn Learning. In addition to providing their library card number and PIN, users will have to disclose their full name and email address to create a new LinkedIn profile or connect to their existing profile. New users will have their LinkedIn profile set to public by default, allowing their full name to be searched on Google and LinkedIn."

Red Hat announces the availability of Red Hat Enterprise 8.1 beta. This release "improves manageability, adds new security enhancements and enables greater developer productivity. This release also includes updated drivers that deliver new features and bug fixes for supported hardware platforms."

The Forbidden Arts an action adventure platformer is coming to Linux. GamingOnLinux reports that the game is in Early Access on Steam with a release planned for Windows next month. The estimated release date for Linux is Q4 2019. The GamingOnLinux post notes that this game is interesting in that it combines 2D and 3D gameplay in one game: "As you explore dungeons you get the 2D platforming, while the world map has you run around in a 3D world."

Job Control: the Bash Feature You Only Think You Don’t Need

There are basically three types of people in the world: those who know little or nothing about bash job control, those who know enough to believe that it's nothing that they would ever use, and those who can just skim the rest of this post. Now, don't get me wrong, I'm not saying that bash's job control is going to change your world, but there are a couple simple everyday scenarios where job control can be useful, and often, it even can eliminate an "oh crap" moment.

FTC Announces $5 Billion Settlement with Facebook, First Preview Release of Fedora CoreOS Now Available, Red Hat Certificate System Achieves Common Criteria Certification, GNOME 3.33.4 Released and Summer Update on /e/

News briefs for July 24, 2019.

The Federal Trade Commission announces a $5 billion settlement with Facebook. CNN reports the deal resolves "a sweeping investigation by regulators into how the company lost control over massive troves of personal data and mishandled its communications with users. It is the largest fine in FTC history—and yet still only about a month's worth of revenue for Facebook."

The Fedora CoreOS team announces the first preview release of Fedora CoreOS, "a new Fedora edition built specifically for running containerized workloads securely and at scale". From the announcement: "It's designed specifically for running containerized workloads without regular maintenance, automatically updating itself with the latest OS improvements, bug fixes, and security updates. It provisions itself with Ignition, runs containers with Podman and Moby, and updates itself atomically and automatically with rpm-ostree." Note that only the testing stream is available at this time. You can download the Fedora CoreOS preview release here.

Red Hat Certificate System has achieved Common Criteria certification. This means that "Red Hat Certificate System has demonstrated conformance to an internationally recognized set of security and functionality standards. Certifying against these standards attests that Red Hat Certificate System, the operating system running it, and the underlying hardware platform, can meet the highly-regulated and security-conscious needs of governments and commercial organizations around the globe."

GNOME 3.33.4 was released today. Go here for the full list of updated modules and changes. Note that this release is a snapshot of development code and is primarily intended for testing purposes.

Gaël Duval has posted a summer update on /e/. Read the post to learn more about the status of the "unGoogled mobile OS" that's currently supported on 80 different smartphone models and the smartphones available for purchase with /e/OS preloaded that customers have just started receiving (in Europe only at this point).

Extending the Kernel with Built-in Kernel Headers

Note: this article is a followup to Zack Brown's "Android Low Memory Killer—In or Out?"

Linux kernel headers are the unstable, constantly-changing, internal API of the kernel. This includes internal kernel structures (for example, task_struct) as well as helper macros and functions. Unlike the UAPI headers used to build userspace programs that are stable and backward-compatible, the internal kernel headers can change at any time and any release. While this allows the kernel unlimited flexibility to evolve and change, it presents some difficulties for code that needs to be loaded into the kernel at runtime and executed in kernel context.

Kernel modules are a prime example of such code code. They execute in kernel context and depend on this same unstable API that can change at any time. A module has to be built for the kernel it is running on and may not load on another because of an internal API change could break it. Another example is eBPF tracing programs. These programs are dynamically compiled from C to eBPF, loaded into the kernel and execute in kernel space in an in-kernel BPF virtual machine. Since these programs trace the kernel, they need to use the in kernel API at times, and they have the same challenges as kernel modules as far as internal API changes go. They may need to understand what data structures in the kernel look like or call kernel helper functions.

Kernel headers are usually unavailable on the target where these BPF tracing programs need to be dynamically compiled and run. That is certainly the case with Android, which runs on billions of devices. It is not practical to ship custom kernel headers for every device. My solution to the problem is to embed the kernel headers within the kernel image itself and make it available through the sysfs virtual filesystem (usually mounted at /sys) as a compressed archive file (/sys/kernel/kheaders.tar.xz). This archive can be uncompressed as needed to a temporary directory. This simple change guarantees that the headers are always shipped with the running kernel.

Several kernel developers disagreed with the solution; however, kernel maintainer Greg Kroah-Hartman was supportive of the solution as were many others. Greg argued that the solution is simple and just works as did other kernel developers. Linus pulled the patches in v5.2 of the kernel release.

To enable the embedded kernel headers, build your kernel with CONFIG_KHEADERS=y kernel option, or =m if you want to save some memory.

The rest of this article looks at challenges with kernel headers, solutions and the limitations.

Challenges with Kernel Headers

Filesystem or Archive?

Feral Interactive Announces Commanders Update for Company of Heroes 2 for Linux, Participate in Fedora Test Week for Kernel 5.2, coreboot 4.10 Released, GNU Parallel 20190722 Released and EST Launches File Security for Linux v 7.0

News briefs for July 23, 2019.

Feral Interactive yesterday announced Company of Heroes 2 for macOS and Linux: Commanders update is now available. This update of the WWII strategy game has five new commanders. See the game's official blog for more details. If you already have Company of Heroes 2, you can update for free; otherwise, you can purchase it from the Feral Store for $19.99.

Participate in a Fedora test week for kernel 5.2. This kernel version was recently released with several security fixes and will be coming soon to Fedora. The test week runs from now through July 29. See the wiki page for links to the test images and more details on how to test.

coreboot 4.10 has been released This release comes eight months following the 4.9 release, and includes 2538 commit changes from 198 authors. From the announcement: "Most of the changes were to mainboards, and on the chipset side, lots of activity concentrated on x86. However compared to previous releases activity (and therefore interest, probably) increased in vboot and in non-x86 architectures. However it's harder this time to give this release a single topic like the last: This release accumulates some of everything."

GNU Parallel 20190722 ("Ryugu") has been released. You can download the shell tool for executing jobs in parallel here, and go here to read more about GNU Parallel.

ESET launches version 7 of its File Security for Linux product, which Help Net Security says "provides advanced protection to organisations' general servers, network file storage and multipurpose servers". The article notes that ESET File Security for Linux is "powered by the latest ESET LiveGrid technology and eliminates all types of threats, including viruses, rootkits, worms and spyware. Version 7.0 offers a host of advanced features, including real-time file system protection, tighter security and a real-time web graphical user interface (GUI)."

What Does It Take to Make a Kernel?

The kernel this. The kernel that. People often refer to one operating system's kernel or another without truly knowing what it does or how it works or what it takes to make one. What does it take to write a custom (and non-Linux) kernel?

So, what am I going to do here? In June 2018, I wrote a guide to build a complete Linux distribution from source packages, and in January 2019, I expanded on that guide by adding more packages to the original guide. Now it's time to dive deeper into the custom operating system topic. This article describes how to write your very own kernel from scratch and then boot up into it. Sounds pretty straightforward, right? Now, don't get too excited here. This kernel won't do much of anything. It'll print a few messages onto the screen and then halt the CPU. Sure, you can build on top of it and create something more, but that is not the purpose of this article. My main goal is to provide you, the reader, with a deep understanding of how a kernel is written.

Once upon a time, in an era long ago, embedded Linux was not really a thing. I kno that sounds a bit crazy, but it's true! If you worked with a microcontroller, you were given (from the vendor) a specification, a design sheet, a manual of all its registers and nothing more. Translation: you had to write your own operating system (kernel included) from scratch. Although this guide assumes the standard generic 32-bit x86 architecture, a lot of it reflects what had to be done back in the day.

The exercises below require that you install a few packages in your preferred Linux distribution. For instance, on an Ubuntu machine, you will need the following:

  • binutils
  • gcc
  • grub-common
  • make
  • nasm
  • xorriso

An Extreme Crash Course into the Assembly Language

Note: I'm going to simplify things by pretending to work with a not-so-complex 8-bit microprocessor. This doesn't reflect the modern (and possibly past) designs of any commercial processor.

Kernel 5.3-rc1 Released; VLC Security Flaw Discovered; Melissa Di Donato Appointed CEO of SUSE; Dropbox Brings Back Support for ZFS, XFS, Btrfs and eCryptFS; and YugaByte Is Now 100% Open Source

News briefs for July 22, 2019.

Linux kernel 5.3-rc1 has been released. Linus Torvalds writes, "This is a pretty big release, judging by the commit count. Not the biggest ever (that honor still goes to 4.9-rc1, which was exceptionally big), and we've had a couple of comparable ones (4.12, 4.15 and 4.19 were also big merge windows), but it's definitely up there." He also notes that "...there's a lot to like in 5.3."

German cybersecurity watchdog CERT-Bund recently discovered a security flaw in the VLC media player 3.0.7.1. Softpedia News reports that "a successful exploit of the vulnerability allows for unauthorized disclosure of information, unauthorized modification of files, and disruption of service." See CVE-2019-13615 for specifics. A patch is in the works.

Melissa Di Donato has been appointed CEO of SUSE. From the press release: "Accomplished technology executive and former SAP leader, Melissa Di Donato, has been named chief executive officer of SUSE in a move that will herald the next phase of growth and momentum for the world's largest independent open source software company....Di Donato is highly regarded for her forward-thinking leadership style and is a passionate advocate for workplace diversity. This includes her role as Technology Group chair of the 30% Club—an organization with the goal of achieving 30 percent female directors on S&P 100 boards by 2020. She also holds prominent positions in other organizations, including Notion Capital, and is a trustee for charity Founders4Schools."

Dropbox brings back support for ZFS, XFS, Btrfs and eCryptFS. According to Linux Uprising, "it appears that this change has made it into the stable Dropbox client for Linux. This isn't directly mentioned on the Dropbox website, but after a fresh Dropbox installation that I performed on Ubuntu, the reported version is 77.4.131, which is a higher version number than the Dropbox beta version for which it was reported that it now supports ZFS and XFS on 64-bit Linux systems, and eCryptFS and Btrfs on all Linux systems. I also gave it a try on a Btrfs filesystem and folder syncing ran without running into any issues."

YugaByte is now 100% open source. dbta.com reports that "YugaByte, a provider of open source distributed SQL databases, announced that YugaByte DB is now 100% open source under the Apache 2.0 license, bringing previously commercial features into the open source core."

Oracle Linux on Btrfs for the Raspberry Pi

Raspberry Pi 3 B+

Enterprise comes to the micro server.

Oracle Linux 7 has been released for the Raspberry Pi 3. The release packages Btrfs as the root filesystem on the UEK-branded Linux 4.14 Long Term Support (LTS) kernel. A bootable disk image with a minimal install is provided along with a standard ISO installer.

CentOS appears to support only the "Mustang" Applied Micro X-Gene for AArch64, and it provides the older AArch32 environment for all models of the Raspberry Pi. Oracle Linux is a compelling option among RPM distributions in supporting AArch64 for the Pi Model 3.

This is not to say that Oracle AArch64 Linux is without flaw, as Oracle warns that this is "a preview release and for development purposes only; Oracle suggests these not be used in production." The non-functional WiFi device is missing firmware and documentation, which Oracle admits was overlooked. No X11 graphics are included in the image, although you can install them. The eponymous database client (and server) are absent. Oracle has provided a previous example of orphaned software with its Linux for SPARC project, which was abandoned after two minor releases. There's no guarantee that this ARM version will not suffer the same fate, although Oracle has responded that "our eventual target is server class platforms". One possible hardware target is the Fujitsu A64FX, a new server processor that bundles 48 addressable AArch64 cores and 32GB of RAM on one die, asserted to be the "fastest server processor" that exists.

AArch64 on the Pi

You'll need a Raspberry Pi Model 3 to run Oracle Linux. The 3B+ is the best available device, and you should choose that over the predecessor Model 3B and all other previous models. Both Model 3 boards retain the (constraining) 1GB of RAM—a SODIMM socket would be far more practical. The newer board has a CPU that is 200MHz faster and a Gigabit-compatible Ethernet port (that is limited to 300Mbit due to the USB2 linkage that connects it). A Model A also exists, but it lacks many of the ports on the 3B. More important, the Model 3 platform introduces a 64-bit CPU.

Oracle Linux 8 Released, Microsoft Offering Free Open-Source Software to Help Secure Voting Machines, Linux Mint 19.2 “Tina” Cinnamon Beta Is Out, First Beta of Latte Dock for v0.9 Now Available and Ubuntu 18.10 Cosmic Cuttlefish Reaches End of Life

News briefs for July 19, 2019.

Oracle yesterday announced the release of Oracle Linux 8. New features include Application Streams, a "Dandified Yum", RPM improvements and much more. From the announcement: "With Oracle Linux 8, the core operating environment and associated packages for a typical Oracle Linux 8 server are distributed through a combination of BaseOS and Applications Streams. BaseOS gives you a running user space for the operating environment. Application Streams provides a range of applications that were previously distributed in Software Collections, as well as other products and programs, that can run within the user space."

Microsoft this week announced it was giving away software to help secure American voting machines. According to NBC News, "The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to 'enable a new era of secure, verifiable voting.' The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post."

Linux Mint 19.2 "Tina" Cinnamon beta was released this week. Some highlights in version 19.2 include improved kernel support in the update manager, improved software manager and a new look and layout for system reports. Go here to read about all the new features, and read the release notes here.

The first beta of Latte Dock for v0.9 (v0.8.97) has been released. New features include a new colors mechanism, online indicator, shared layouts and more. v0.9 is scheduled for release at the end of the month. The Psifidotos blog notes that you can help by finding bugs or with translations.

Ubuntu 18.10 (Cosmic Cuttlefish) officially reaches end of life today. Package updates will no longer be accepted to 18.10, and security notices will no longer include information or package updates for 18.10. To upgrade, visit https://help.ubuntu.com/community/DiscoUpgrades.

Data in a Flash, Part IV: the Future of Memory Technologies

I have spent the first three parts of this series describing the evolution and current state of Flash storage. I also described how to configure an NVMe over Fabric (NVMeoF) storage network to export NVMe volumes across RDMA over Converged Ethernet (RoCE) and again over native TCP. [See Petros' "Data in a Flash, Part I: the Evolution of Disk Storage and an Introduction to NVMe", "Data in a Flash, Part II: Using NVMe Drives and Creating an NVMe over Fabrics Network" and "Data in a Flash, Part III: NVMe over Fabrics Using TCP".]

But what does the future of memory technologies look like? With traditional Flash technologies that are enabled via NVMe, you should continue to expect higher capacities. For instance, what comes after QLC or Quad-Level Cells NAND technology? Only time will tell. The next-generation NVMe specification will introduce a protocol standard operating across more PCI Express lanes and at a higher bandwidth. As memory technologies continue to evolve, the method in which you plug that technology into your computers will evolve with it.

Remember, the ultimate goal is to move closer to the CPU and reduce access times (that is, latencies).

Figure 1. The Data Performance Gap as You Move Further Away from the CPU

Storage Class Memory

For years, vendors have been developing a technology in which you are able to plug persistent memory into traditional DIMM slots. Yes, these are the very same slots that volatile DRAM also uses. Storage Class Memory (SCM) is a newer hybrid storage tier. It's not exactly memory, and it's also not exactly storage. It lives closer to the CPU and comes in two forms: 1) traditional DRAM backed by a large capacitor to preserve data to a local NAND chip (for example, NVDIMM-N) and 2) a complete NAND module (NVDIMM-F). In the first case, you retain DRAM speeds, but you don't get the capacity. Typically, a DRAM-based NVDIMM is behind the latest traditional DRAM sizes. Vendors such as Viking Technology and Netlist are the main producers of DRAM-based NVDIMM products.

The second, however, will give you the larger capacity sizes, but it's not nearly as fast as DRAM speeds. Here, you will find your standard NAND—the very same as found in modern Solid State Drives (SSDs) fixed onto your traditional DIMM modules.