openSUSE Announces Three New Tumbleweed Snapshots for 2019, Malware in Google Play Using Motion Sensors to Avoid Detection, Leaked Android Q Features, deepen 5.9 Released and ZFS On Linux 0.8 Coming Soon

News briefs for January 18, 2019.

openSUSE announces three new Tumbleweed snapshots to start of 2019, which include updates for KDE Plasma, Vim, RE2, QEMU, curl and much, much more. The openSUSE blog post notes that, "all snapshots have either logged or are treading as moderately stable with a rating of 83 or above, according to the Tumbleweed snapshot reviewer. There are more than 300 packages in staging that will likely be released in several snapshots over the coming weeks."

Malware in Google Play used motion sensors in phones to hide itself, triggering only when the phones moved. According to Ars Technica, the malicious apps avoid detection by monitoring "the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers—and possibly Google employees screening apps submitted to Play—are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant." Trend Micro found the malware in two apps: BatterySaverMobi and Currency Converter.

XDA Developers got their hands on a Google Pixel 3 XL with a leaked version of Android Q, giving them a first look at what Google has been working on. First is a system-wide Dark Theme. In addition, it has a huge permissions revamp "in the Settings app that allows you to get an overview of permission access by apps and restrict certain permissions like location only while the app is in use". It also includes new Developer Options, accessibility settings and other miscellaneous changes.

deepin 5.9 has been released. This release fixes several bugs and "adds support for touchscreen gestures and onscreen keyboard, optimizes the using frequency algorithm for application sequence in Launcher mini mode, and introduces a new function - Smart Mirror Switch, hoping to bring users more stable and efficient experiences." You can download the ISO from here.

ZFS On Linux 0.8 is coming soon, and it's expected to be a huge release. Phoronix reports that this update will include "native encryption support, device removal, direct I/O, sequential scrub, pool checkpoints, and a lot of other new features for the first time with this Linux port of the Sun/Oracle ZFS file-system."

Some Thoughts on Open Core

FOSS

Why open core software is bad for the FOSS movement.

Nothing is inherently anti-business about Free and Open Source Software (FOSS). In fact, a number of different business models are built on top of FOSS. The best models are those that continue to further FOSS by internal code contributions and that advance the principles of Free Software in general. For instance, there's the support model, where a company develops free software but sells expert support for it.

Here, I'd like to talk a bit about one of the more problematic models out there, the open core model, because it's much more prevalent, and it creates some perverse incentives that run counter to Free Software principles.

If you haven't heard about it, the open core business model is one where a company develops free software (often a network service intended to be run on a server) and builds a base set of users and contributors of that free code base. Once there is a critical mass of features, the company then starts developing an "enterprise" version of the product that contains additional features aimed at corporate use. These enterprise features might include things like extra scalability, login features like LDAP/Active Directory support or Single Sign-On (SSO) or third-party integrations, or it might just be an overall improved version of the product with more code optimizations and speed.

Because such a company wants to charge customers to use the enterprise version, it creates a closed fork of the free software code base, or it might provide the additional proprietary features as modules so it has fewer problems with violating its free software license.

The first problem with the open core model is that on its face it doesn't further principles behind Free Software, because core developer time gets focused instead of writing and promoting proprietary software. Instead of promoting the importance of the freedoms that Free Software gives both users and developers, these companies often just use FOSS as a kind of freeware to get an initial base of users and as free crowdsourcing for software developers that develop the base product when the company is small and cash-strapped. As the company get more funding, it's then able to hire the most active community developers, so they then can stop working on the community edition and instead work full-time on the company's proprietary software.

Oracle Releases First Critical Patch Update of 2019, Red Hat Enterprise Linux and Fedora to Drop MongoDB, The Linux Foundation Announces Its 2019 Event Lineup, Firefox Closing Its Test Pilot Program and GoDaddy to Support AdoptOpenJDK

News briefs for January 17, 2019.

Oracle released its first Critical Patch Update of the year this week, which addresses 284 vulnerabilities. eWeek reports that "Thirty-three of the vulnerabilities are identified as being critical with a Common Vulnerabilities Scoring System (CVSS) score of 9.0 or higher."

Red Hat Enterprise Linux and Fedora are dropping MongoDB. ZDNet reports that the decision is due to MongoDB's new Server Side Public License (SSPL), which, according to Red Hat's Technical and Community Outreach Program Manager Tom Callaway, is "intentionally crafted to be aggressively discriminatory towards a specific class of users." ZDNet explains that "specific objection is that SSPL requires, if you offer services licensed under it, that you must open-source all programs that you use to make the software available as a service."

The Linux Foundation has announced its event schedule for 2019. New events for this year include include Cephalocon and gRPC Conf. See the full lineup here.

Firefox is closing its Test Pilot program and moving to a new model. From the announcement: "Migrating to a new model doesn't mean we're doing fewer experiments. In fact, we'll be doing even more! The innovation processes that led to products like Firefox Monitor are no longer the responsibility of a handful of individuals but rather the entire organization. Everyone is responsible for maintaining the Culture of Experimentation Firefox has developed through this process. These techniques and tools have become a part of our very DNA and identity. That is something to celebrate. As such, we won't be uninstalling any experiments you're using today, in fact, many of the Test Pilot experiments and features will find their way to Addons.Mozilla.Org, while others like Send and Lockbox will continue to take in more input from you as they evolve into stand alone products."

GoDaddy recently announced support for AdoptOpenJDK, which provides prebuilt open-source OpenJDK binaries. Charles Beadnall, GoDaddy CTO, says "GoDaddy supports an open access Internet because our 18 million customers depend on the open and equal nature of the Internet to compete with enterprises and corporations with more resources. With this sponsorship, we're proud to provide further support for open-source software and our community of entrepreneur customers."

Ditching Out-of-Date Documentation Infrastructure

Long ago, the Linux kernel started using 00-Index files to list the contents of each documentation directory. This was intended to explain what each of those files documented. Henrik Austad recently pointed out that those files have been out of date for a very long time and were probably not used by anyone anymore. This is nothing new. Henrik said in his post that this had been discussed already for years, "and they have since then grown further out of date, so perhaps it is time to just throw them out."

He counted hundreds of instances where the 00-index file was out of date or not present when it should have been. He posted a patch to rip them all unceremoniously out of the kernel.

Joe Perches was very pleased with this. He pointed out that .rst files (the kernel's native documentation format) had largely taken over the original purpose of those 00-index files. He said the oo-index files were even misleading by now.

Jonathan Corbet was more reserved. He felt Henrik should distribute the patch among a wider audience and see if it got any resistance. He added:

I've not yet decided whether I think this is a good idea or not. We certainly don't need those files for stuff that's in the RST doctree, that's what the index.rst files are for. But I suspect some people might complain about losing them for the rest of the content. I do get patches from people updating them, so some folks do indeed look at them.

Henrik told Jonathan he was happy to update the 00-index files if that would be preferable. But he didn't want to do that if the right answer was just to get rid of them.

Meanwhile, Josh Triplett saw no reason to keep the 00-index files around at all. He remarked, "I was *briefly* tempted, reading through the files, to suggest ensuring that the one-line descriptions from the 00-INDEX files end up in the documents themselves, but the more I think about it, I don't think even that is worth anyone's time to do."

Paul Moore also voiced his support for removing the 00-index files, at least the ones for NetLabel, which was his area of interest.

The discussion ended there. It's nice that even for apparently obvious patches, the developers still take the time to consider various perspectives and try to retain any value from the old thing to the new. It's especially nice to see this sort of attention given to documentation patches, which tend to get left out in the cold when it comes to coding projects.

Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to ljeditor@linuxjournal.com.

Keep Smart Assistants from Spying on You with Alias, Security Advisory for Old scp Clients, Major Metasploit Framework Release, Mozilla Working on a New Browser for Android and VirtualBox 6.0.2 Is Out

News briefs for January 16, 2019.

A new open-source hardware project called Alias will keep Amazon and Google smart assistants from spying on you. According to the project's GitHub page, "Alias is a teachable 'parasite' that is designed to give users more control over their smart assistants, both when it comes to customisation and privacy. Through a simple app the user can train Alias to react on a custom wake-word/sound, and once trained, Alias can take control over your home assistant by activating it for you."

A security advisory from Harry Sintonen was issued this week concerning the scp clients in OpenSSH, PuTTY and more. LWN quotes the advisory: "Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output."

A new major release of the open-source Metasploit Framework is now available. According to the Rapid7 blog post, version 5.0 of the penetration-testing tool is the first milestone update since version 4.0 came out in 2011. Along with a new release cadence, "Metasploit's new database and automation APIs, evasion modules and libraries, expanded language support, improved performance, and ease-of-use lay the groundwork for better teamwork capabilities, tool integration, and exploitation at scale."

Mozilla is working on a new Android browser called Fenix. According to ZDNet, this "new non-Firefox browser for Android is apparently targeted at younger people, with Mozilla developers on GitHub tagging the description, 'Fenix is not your parents' Android browser'." In addition, mockups suggest that Fenix developers are "currently toying with the idea of putting the URL bar and home button down at the bottom of user interface."

VirtualBox 6.0.2 was released yesterday, the first maintenance release of the 6.0 series. This release fixed a conflict between Debian and oracle build desktop files, fixed building drivers on SLES 12.4, fixed building shared folder driver with older kernels and much more. See the changelog for all the details.

Where There’s No Distance or Gravity

The more digital we become, the less human we remain.

I had been in Los Angeles only a few times in my life before the October day in 1987 when I drove down from our home in the Bay Area with my teenage son to visit family. The air was unusually clear as we started our drive back north, and soon the San Gabriel Mountains—Los Angeles' own Alps (you can ski there!)—loomed over the region like a crenelated battlement, as if protecting its inhabitants from cultures and climates that might invade from the north. So, on impulse, I decided to drive up to Mount Wilson, the only crest in the range with a paved road to the top.

I could see from the maps I had already studied that the drive was an easy one. Our destination also was easily spotted from below: a long, almost flat ridge topped by the white domes of Mount Wilson Observatory (where Hubble observed the universe expanding) and a bristle of towers radiating nearly all the area's FM and TV signals. The site was legendary among broadcast engineering geeks, and I had longed to visit it ever since I was a ham radio operator as a boy in New Jersey.

After checking out the observatory and the towers, my son and I stood on a promontory next to a parking lot and surveyed the vast spread of civilization below. Soon four visiting golfers from New York came over and started asking me questions about what was where.

I answered like a veteran docent, pointing out the Rose Bowl, Palos Verdes Peninsula, Santa Catalina and other Channel Islands, the Hollywood Hills, the San Fernando Valley, the Jet Propulsion Laboratory, Santa Anita Park and more. When they asked where the Whittier Narrows earthquake had happened a few days before, I pointed at the Puente Hills, off to the southeast, and filled them in on what I knew about the geology there as well.

After a few minutes of this, they asked me how long I had lived there. I said all this stuff was almost as new to me as it was to them. "Then how do you know so much about it?", they asked. I told them I had studied maps of the area and refreshed my knowledge over lunch just before driving up there. They were flabbergasted. "Really?", one guy said. "You study maps?"

Indeed, I did. I had maps of all kinds and sizes at home, and the door pockets of my car bulged with AAA maps of everywhere I might drive in California. I also added local and regional Southern California maps to my mobile inventory before driving down.

Participate in Fedora Test Day Today, Netrunner Announces Netrunner 19.01 Blackbird, Security Patch for GNOME Bluetooth Tools in Ubuntu 18.04, New Giant Board SBC from Groboard and Linspire Posts Development Roadmap for 2019-2020

News briefs for January 15, 2019.

Today is Fedora Test Day for kernel 4.20. To participate, you just need to be able to download the test materials (which include some large files) and read and follow directions. See the wiki page for more information on how to participate.

Netrunner yesterday announced the release of Netrunner 19.01 Blackbird. This desktop distro is based on Debian Testing, and updates with this version include KDE Plasma 5.14.3, KDE Frameworks 5.51, KDE Applications 18.08, Qt 5.11.3 and many more. It also sports a new look and feel called "Netrunner Black" among other changes. You can get the Netrunner 19.01 ISO from here.

Canonical yesterday released a security patch for the GNOME Bluetooth tools to address a security vulnerability with Ubuntu 18.04. Softpedia News reports that security researcher Chris Marchesi discovered the vulnerability in the BlueZ Linux Bluetooth stack, "which made it incorrectly handle disabling Bluetooth visibility, allowing a remote attacker to possibly pair to Bluetooth devices." All Ubuntu 18.04 LTS users should update immediately to the gnome-bluetooth 3.28.0-2ubuntu0.1 and libgnome-bluetooth13 3.28.0-2ubuntu0.1 packages from the official repos. See the wiki for detailed instructions.

Groboards has launched a new "tiny, Adafruit Feather form-factor 'Giant Board' SBC that runs Linux on Microchip's SiP implementation of its Cortex-A5-based SAMA5D SoC and offers 128MB RAM, micro-USB, microSD and I/O including ADC and PWM", Linux Gizmos reports. There's no pricing or availability information yet, but see the OSH Park blog and the Groboards site for specs and more info.

Linspire recently posted its development roadmap for Linspire and Freespire releases for 2019 and 2020. The Linspire CE 8.0 Office 365 Edition is planned for February 21, 2019, with Linspire Server on April 14, 2019. Freespire 4.5 is planned for May 5, 2019 and Freespire 5.0 is scheduled for November 15, 2019.

Purism Announces Version 4 of Its Laptops, KDE Frameworks 5.54.0 Now Available, Debian 10 Default Theme Chosen, Linux Kernel 5.0-rc2 Is Out and Mozilla to Disable Flash in Firefox 69

News briefs for January 14, 2019.

Purism announced the fourth version of its Librem laptops today. The Librem 13 and 15 will be "now be upgraded with a 7th Gen Intel Core i7-7500U Processor with integrated HD Graphics that still works with coreboot. In addition, the Librem 15 display will be upgraded to 4K resolution. Upgraded models are available now for purchase whether you pick Librem 13: the road warrior or Librem 15: the desktop replacement." Note that the base cost will remain the same despite these updates (the Librem 15 is $1599, and the Librem 13 is $1399).

KDE announced the release of KDE Frameworks 5.54.0. This release is part of a series of planned releases for the 80 addon libraries for Qt that make up KDE Frameworks. See the announcement for the full list of changes/fixes and download links.

The Debian team announced that "futurePrototype" by Alex Makas will be the default theme for Debian 10 "Buster". The theme was selected via survey from 11 submitted themes; 3,646 people participated in the voting.

Linux kernel 5.0-rc2 is out. Linus wrote, "Were there some missing commits that missed the merge window? Yes. But no more than usual. Things look pretty normal." For the full message, see the LKML.

Mozilla plans to disable Adobe Flash Player in Firefox 69, which should launch in September 2019. According to Softpedia, "The next step for Mozilla is then to remove support for Flash Player entirely, so starting with early 2020, consumer versions of Firefox would no longer work with Adobe's plugin."

Python Testing with pytest: Fixtures and Coverage

Python

Improve your Python testing even more.

In my last two articles, I introduced pytest, a library for testing Python code (see "Testing Your Code with Python's pytest" Part I and Part II). pytest has become quite popular, in no small part because it's so easy to write tests and integrate those tests into your software development process. I've become a big fan, mostly because after years of saying I should get better about testing my software, pytest finally has made it possible.

So in this article, I review two features of pytest that I haven't had a chance to cover yet: fixtures and code coverage, which will (I hope) convince you that pytest is worth exploring and incorporating into your work.

Fixtures

When you're writing tests, you're rarely going to write just one or two. Rather, you're going to write an entire "test suite", with each test aiming to check a different path through your code. In many cases, this means you'll have a few tests with similar characteristics, something that pytest handles with "parametrized tests".

But in other cases, things are a bit more complex. You'll want to have some objects available to all of your tests. Those objects might contain data you want to share across tests, or they might involve the network or filesystem. These are often known as "fixtures" in the testing world, and they take a variety of different forms.

In pytest, you define fixtures using a combination of the pytest.fixture decorator, along with a function definition. For example, say you have a file that returns a list of lines from a file, in which each line is reversed:


def reverse_lines(f):
   return [one_line.rstrip()[::-1] + '\n'
           for one_line in f]

Note that in order to avoid the newline character from being placed at the start of the line, you remove it from the string before reversing and then add a '\n' in each returned string. Also note that although it probably would be a good idea to use a generator expression rather than a list comprehension, I'm trying to keep things relatively simple here.

If you're going to test this function, you'll need to pass it a file-like object. In my last article, I showed how you could use a StringIO object for such a thing, and that remains the case. But rather than defining global variables in your test file, you can create a fixture that'll provide your test with the appropriate object at the right time.

Here's how that looks in pytest:

Keeping Your Episodic Contributors to Open-Source Projects Happy

open source

Community managers have long been advised to nurture top contributors, but it is also important to consider infrequent and casual (episodic) contributors. There are more potential episodic contributors than habitual ones, and getting the most out of your episodic contributors can require reconsidering your strategies for retaining and incorporating contributors.

There are several reasons you should care about episodic contributors, other than just numbers. Getting more people involved can help more people learn about a project, and new people also bring new ideas. Furthermore, many tasks can be done effectively by episodic contributors, freeing habitual contributors to perform other work. Smaller communities might benefit from contributions to documentation or translations, while communities of all sizes can use extra temporary help when running an event.

Greater benefits are realized when the contributors know something about the community and the work because of their previous engagement, and thus require less time to understand their role. An upcoming scientific study looked at what factors are associated with episodic contributors continuing to return to a community to participate (the article will be available starting in February 2019; see the Resources section at the end of this article). This article describes the key findings of the research.

The Design

Five factors were expected to positively influence an episodic contributor's intention to continue participating, as shown in Figure 1.

Figure 1. Proposed Model of Factors Associated with Retention

Contributor Benefit Motivations

Contributor benefit motivations describes contributor motives that benefit the contributor, such as learning new skills, having fun and improving job prospects. In free and open-source software, these motivations are generally linked to retention.

Social Norms

Social norms describes how the people the participant interacts with on a daily basis—friends, family, co-workers and neighbors—view contributing to free software and open-source software projects. Earlier work found this factor to be relevant for people volunteering for a number of non-profit organizations.

Psychological Sense of Community

Psychological sense of community describes the motivation stemming from the affinity a person experiences when meeting and engaging with a group. Previous research has shown that this factor is relevant for both habitual and episodic participants.

Satisfaction

Systemd Security Holes Discovered, GNOME 3.31.4 Released, Mozilla Launches Flexbox Inspector, Timesys Announces New Version of TimeStorm IDE and Clonezilla Live (2.6.0-37) Now Available

News briefs for January 11, 2019.

Three new security holes recently were discovered in Systemd by the Qualys security company. From ZDNet: "With any of these a local user can gain root privileges. Worse still, Qualys reports that 'To the best of our knowledge, all systemd-based Linux distributions are vulnerable.' Actually, that's not quite true, even Qualys admits. 'SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC's -fstack-clash-protection.'" Red Hat has already released patches for 16864 and 16865.

GNOME 3.31.4 was released this week. This release marks the first development release of 2019, so folks are encouraged to try it and test it. You can get the official BuildStream snapshot here and the source packages here. For the list of updates and changes, go here.

Mozilla announces the launch of Flexbox Inspector: "The new Flexbox Inspector, created by Firefox DevTools, helps developers understand the sizing, positioning, and nesting of Flexbox elements. You can try it out now in Firefox DevEdition or join us for its official launch in Firefox 65 on January 29th."

Timesys Corporation recently announced a new release of TimeStorm Integrated Development Environment. Timesys TimeStorm 5.3.2 IDE "is designed to streamline, simplify, and accelerate the creation of secure Internet of Things (IoT) and embedded Linux applications." According to the announcement, the new IDE also features "support for Windows 10 and a Timesys-built Windows installer. The Eclipse-based TimeStorm IDE provides Windows 10 OS users with an already familiar development environment, making it easy to create embedded Linux products within a Windows environment."

Clonezilla live (2.6.0-37) is now available. This new release for the partition and disk imaging/cloning program features major enhancements and bug fixes. The underlying GNU/Linux OS is now updated and based on Debian Sid and the kernel updated to 4.19.13-1. See the announcement for details.

Minim Debuted the Minim Labs Free Router Security Platform, AWS Launched DocumentDB, Firefox CTO Eric Rescorla Awarded Levchin Prize, Red Hat Ansible Tower 3.4 Now Available and IoT DevCon 2019 Call for Papers

News briefs for January 10, 2019.

Minim debuted Minim Labs at CES this week. This free version of the Minim router security platform has an open-source Linux-based "Unum" agent for protecting home automation devices, and it runs on Raspbian and OpenWrt Linux devices. See this LinuxGizmos post and the Minim Labs website for more information.

AWS launched DocumentDB yesterday, a "fast, scalable, and highly available document database that is designed to be compatible with your existing MongoDB applications and tools". TechCrunch reports that AWS felt customers found MongoDB difficult to use, so the company built "its own document database, but made it compatible with theApache 2.0 open source MongoDB 3.6 API".

Firefox CTO Eric Rescorla was awarded the Levchin Prize for "significant contributions to solving global, real-world cryptography issues that make the internet safer at scale" yesterday, which was announced at the 2019 Real-World Crypto Conference. According to the Mozilla Blog, Rescorla was chosen for his "involvement in spearheading the latest version of Transport Layer Security (TLS). TLS 1.3 incorporates significant improvements in both security and speed, and was completed in August and already secures 10% of sites."

Red Hat yesterday announced the availability of Red Hat Ansible Tower 3.4. This new release features "workflow enhancements including nested workflows and workflow convergence, designed to simplify challenges inherent in managing complex hybrid cloud infrastructure". In addition this version boasts increased scalability and enhanced security. The press release quotes Vice President, Management at Red Hat, Joe Fitzgerald: "With the new features available in Red Hat Ansible Tower 3.4 organizations are able to increase the scale and scope of their automation activities together with increased control and visibility."

IoT DevCon 2019's call for papers is now open. If you're interested in presenting at the Internet of Things Developers Conference, submission of titles and abstracts deadline is February 28, 2019. The conference will "focus on technologies ranging from ultra-low power microcontrollers to multicore-enabled aggregation hubs and from software strategies to security solutions as well as techniques required to monitor and manage the enormous loads of device-generated data. We are looking for experts to address the audience of managers, developers, engineers and makers". The conference will be held in Santa Clara, California, June 5–6, 2019.

Minim Debuted the Minim Labs Free Router Security Platform, AWS Launched DocumentDB, Firefox CTO Eric Rescorla Awarded Levchin Prize, Red Hat Ansible Tower 3.4 Now Available and IoT DevCon 2019 Call for Papers

News briefs for January 10, 2019.

Minim debuted Minim Labs at CES this week. This free version of the Minim router security platform has an open-source Linux-based "Unum" agent for protecting home automation devices, and it runs on Raspbian and OpenWrt Linux devices. See this LinuxGizmos post and the Minim Labs website for more information.

AWS launched DocumentDB yesterday, a "fast, scalable, and highly available document database that is designed to be compatible with your existing MongoDB applications and tools". TechCrunch reports that AWS felt customers found MongoDB difficult to use, so the company built "its own document database, but made it compatible with theApache 2.0 open source MongoDB 3.6 API".

Firefox CTO Eric Rescorla was awarded the Levchin Prize for "significant contributions to solving global, real-world cryptography issues that make the internet safer at scale" yesterday, which was announced at the 2019 Real-World Crypto Conference. According to the Mozilla Blog, Rescorla was chosen for his "involvement in spearheading the latest version of Transport Layer Security (TLS). TLS 1.3 incorporates significant improvements in both security and speed, and was completed in August and already secures 10% of sites."

Red Hat yesterday announced the availability of Red Hat Ansible Tower 3.4. This new release features "workflow enhancements including nested workflows and workflow convergence, designed to simplify challenges inherent in managing complex hybrid cloud infrastructure". In addition this version boasts increased scalability and enhanced security. The press release quotes Vice President, Management at Red Hat, Joe Fitzgerald: "With the new features available in Red Hat Ansible Tower 3.4 organizations are able to increase the scale and scope of their automation activities together with increased control and visibility."

IoT DevCon 2019's call for papers is now open. If you're interested in presenting at the Internet of Things Developers Conference, submission of titles and abstracts deadline is February 28, 2019. The conference will "focus on technologies ranging from ultra-low power microcontrollers to multicore-enabled aggregation hubs and from software strategies to security solutions as well as techniques required to monitor and manage the enormous loads of device-generated data. We are looking for experts to address the audience of managers, developers, engineers and makers". The conference will be held in Santa Clara, California, June 5–6, 2019.

Non-Child Process Exit Notification Support

Daniel Colascione submitted some code to support processes knowing when others have terminated. Normally a process can tell when its own child processes have ended, but not unrelated processes, or at least not trivially. Daniel's patch created a new file in the /proc directory entry for each process—a file called "exithand" that is readable by any other process. If the target process is still running, attempts to read() its exithand file will simply block, forcing the querying process to wait. When the target process ends, the read() operation will complete, and the querying process will thereby know that the target process has ended.

It may not be immediately obvious why such a thing would be useful. After all, non-child processes are by definition unrelated. Why would the kernel want to support them keeping tabs on each other? Daniel gave a concrete example, saying:

Android's lmkd kills processes in order to free memory in response to various memory pressure signals. It's desirable to wait until a killed process actually exits before moving on (if needed) to killing the next process. Since the processes that lmkd kills are not lmkd's children, lmkd currently lacks a way to wait for a process to actually die after being sent SIGKILL.

Daniel explained that on Android, the lmkd process currently would simply keep checking the proc directory for the existence of each process it tried to kill. By implementing this new interface, instead of continually polling the process, lmkd could simply wait until the read() operation completed, thus saving the CPU cycles needed for continuous polling.

And more generally, Daniel said in a later email:

I want to get polling loops out of the system. Polling loops are bad for wakeup attribution, bad for power, bad for priority inheritance, and bad for latency. There's no right answer to the question "How long should I wait before checking $CONDITION again?". If we can have an explicit waitqueue interface to something, we should. Besides, PID polling is vulnerable to PID reuse, whereas this mechanism (just like anything based on struct pid) is immune to it.

Joel Fernandes suggested, as an alternative, using ptrace() to get the process exit notifications, instead of creating a whole new file under /proc. Daniel explained:

Non-Child Process Exit Notification Support

Daniel Colascione submitted some code to support processes knowing when others have terminated. Normally a process can tell when its own child processes have ended, but not unrelated processes, or at least not trivially. Daniel's patch created a new file in the /proc directory entry for each process—a file called "exithand" that is readable by any other process. If the target process is still running, attempts to read() its exithand file will simply block, forcing the querying process to wait. When the target process ends, the read() operation will complete, and the querying process will thereby know that the target process has ended.

It may not be immediately obvious why such a thing would be useful. After all, non-child processes are by definition unrelated. Why would the kernel want to support them keeping tabs on each other? Daniel gave a concrete example, saying:

Android's lmkd kills processes in order to free memory in response to various memory pressure signals. It's desirable to wait until a killed process actually exits before moving on (if needed) to killing the next process. Since the processes that lmkd kills are not lmkd's children, lmkd currently lacks a way to wait for a process to actually die after being sent SIGKILL.

Daniel explained that on Android, the lmkd process currently would simply keep checking the proc directory for the existence of each process it tried to kill. By implementing this new interface, instead of continually polling the process, lmkd could simply wait until the read() operation completed, thus saving the CPU cycles needed for continuous polling.

And more generally, Daniel said in a later email:

I want to get polling loops out of the system. Polling loops are bad for wakeup attribution, bad for power, bad for priority inheritance, and bad for latency. There's no right answer to the question "How long should I wait before checking $CONDITION again?". If we can have an explicit waitqueue interface to something, we should. Besides, PID polling is vulnerable to PID reuse, whereas this mechanism (just like anything based on struct pid) is immune to it.

Joel Fernandes suggested, as an alternative, using ptrace() to get the process exit notifications, instead of creating a whole new file under /proc. Daniel explained:

Qubes OS 4.0.1 Released, Plasma 5.14.15 Is Out, Software Freedom Conservancy Fundraiser, ClearCube Launches C3xPi Thin Client for RPi 3 Model B+ and Ubuntu Touch Announces OTA-7

News briefs for January 9, 2019.

Qubes OS 4.0.1 was released today, marking the first stable point release in the 4.0 series. Updates include all 4.0 dom0 updates, Fedora 29 TemplateVM, Debian 9 Template VM, Whonix 14 Gateway and Workstation TemplateVMs, and Linux kernel 4.14. You can get Qubes 4.0.1 from the Downloads Page.

KDE yesterday announced Plasma 5.14.5, the fifth and final point release to the Plasma 5.14 desktop environment series. According to Softpedia News, besides some small but important bug fixes, this release "contains a total of 61 changes across various components like Plasma Workspace, Plasma NetworkManager, Breeze GTK, Plasma Discover, and Plasma Desktop". Plasma 5.15, the start of the next major series, is scheduled to be released on February 12, 2019.

The Software Freedom Conservancy has six more days to collect the remaining $13,369 of the fundraiser that will be matched by Private Internet Access and a group of generous donors. Go here to become an official supporter.

ClearCube recently launched a C3xPi Thin Client for the Raspberry Pi 3 Model B+, LinuxGizmos reports. The C3xPi is $179.95, and ClearCube says it's the "only low-cost, virus-proof, single-case dual monitor thin client in the market". Go to the product page for all the details.

Ubuntu Touch announced its OTA-7 release yesterday. With this release, users now can change the keyboard color scheme; a keyboard layout for Lithuanian was added; the Morph browser received many improvements; and more. See the post for the full changelog and instructions on how to get OTA-7.