Noticias

Apple M1 Linux GPU DRM Driver Now Running GNOME, Various Apps

Slashdot -

Developer Asahi Lina with the Asahi Linux project was successfully able to get GNOME running on the Apple M1, including "Firefox with YouTube video playback, the game Neverball, various KDE applications, and more," reports Phoronix. From the report: This is some great progress especially with the driver being written in Rust -- the first within the Direct Rendering Manager subsystem -- and lots of work there with the Rust infrastructure in early form. It won't be until at least Linux 6.2 before this driver could be mainlined while we'll see how quickly it tries to go mainline before it can commit to a stable user-space interface. At the moment there is also a significant driver "hack" involved but will hopefully be sorted out soon. Over in user-space, the AGX Gallium3D driver continues being worked on for OpenGL support with hopes of having OpenGL 2.1 completed by year's end. Obviously it will be longer before seeing the Apple graphics suitable for modern gaming with Vulkan, etc but progress is being made across the board in reverse-engineered, open-source Apple Silicon support under Linux. You can watch a video of the driver working here.

Read more of this story at Slashdot.

A 20 Year Old Chipset Workaround Has Been Hurting Modern AMD Linux Systems

Slashdot -

AMD engineer K Prateek Nayak recently uncovered that a 20 year old chipset workaround in the Linux kernel still being applied to modern AMD systems is responsible in some cases for hurting performance on modern Zen hardware. Fortunately, a fix is on the way for limiting that workaround to old systems and in turn helping with performance for modern systems. Phoronix reports: Last week was a patch posted for the ACPI processor idle code to avoid an old chipset workaround on modern AMD Zen systems. Since ACPI support was added to the Linux kernel in 2002, there has been a "dummy wait op" to deal with some chipsets where STPCLK# doesn't get asserted in time. The dummy I/O read delays further instruction processing until the CPU is fully stopped. This was a problem with at least some AMD Athlon era systems with a VIA chipset... But not a problem with newer chipsets of roughly the past two decades. With this workaround still being applied to even modern AMD systems, K Prateek Nayak discovered: "Sampling certain workloads with IBS on AMD Zen3 system shows that a significant amount of time is spent in the dummy op, which incorrectly gets accounted as C-State residency. A large C-State residency value can prime the cpuidle governor to recommend a deeper C-State during the subsequent idle instances, starting a vicious cycle, leading to performance degradation on workloads that rapidly switch between busy and idle phases. One such workload is tbench where a massive performance degradation can be observed during certain runs." At least for Tbench, this long-time, unconditional workaround in the Linux kernel has been hurting AMD Ryzen / Threadripper / EPYC performance in select workloads. This workaround hasn't affected modern Intel systems since those newer Intel platforms use the alternative MWAIT-based intel_idle driver code path instead. The AMD patch evolved into this patch by Intel Linux engineer Dave Hansen. That patch to limit the "dummy wait" workaround to old systems is already queued into TIP's x86/urgent branch. With it going the route of "x86/urgent" and for fixing a overzealous workaround that isn't needed on modern hardware, it's likely this patch will be submitted this week still for the Linux 6.0 kernel rather than needing to wait until the next (v6.1) merge window.

Read more of this story at Slashdot.

Linus Torvalds: Rust Will Go Into Linux 6.1

Slashdot -

slack_justyb writes: As previously indicated on Slashdot, Rust was slated to be coming to the Linux Kernel sometime in the 6.x version. Well wonder no longer on which version of kernel 6.x will have the first bits of Rust officially in the kernel, as Linus has confirmed that 6.1 will be the first with the new NVMe kernel drivers being in Rust. The first version non-production ready code for the NVMe Rust based kernel drivers were already producing performance comparable to C code. So the final drivers to hit 6.1 are already looking promising. It also helped Rust's case that, thanks to the ground-breaking work of Linux kernel and Rust developer Miguel Ojeda, Rust on Linux has gotten much more mature. Kernel maintainers were convinced it is time to move forward with Rust in Linux. In short, they agreed that Rust on Linux was ready for work.

Read more of this story at Slashdot.

'Linux IP Stacks Commentary' Book Tries Free Online Updates

Slashdot -

Recently the authors of Elements of Publishing shared an update. "After ten years in print, our publisher decided against further printings and has reverted the rights to us. We are publishing Elements of Programming in two forms: a free PDF and a no-markup paperback." And that's not the only old book that's getting a new life on the web... 22 years ago, long-time Slashdot reader Stephen T. Satchell (satch89450) co-authored Linux IP Stacks Commentary, a book commenting the TCP/IP code in Linux kernel 2.0.34. ("Old-timers will remember the Lion's Unix Commentary, the book published by University xerographic copies on the sly. Same sort of thing.") But the print edition struggled to update as frequently as the Linux kernel itself, and Satchell wrote a Slashdot post exploring ways to fund a possible update. At the time Slashdot's editors noted that "One of the largest complaints about Linux is that there is a lack of high-profile documentation. It would be sad if this publication were not made simply because of the lack of funds (which some people would see as a lack of interest) necessary to complete it." But that's how things seemed to end up — until Satchell suddenly reappeared to share this update from 2022: When I was released from my last job, I tried retirement. Wasn't for me. I started going crazy with nothing significant to do. So, going through old hard drives (that's another story), I found the original manuscript files, plus the page proof files, for that two-decade-old book. Aha! Maybe it's time for an update. But how to keep it fresh, as Torvalds continues to release new updates of the Linux kernel? Publish it on the Web. Carefully. After four months (and three job interviews) I have the beginnings of the second edition up and available for reading. At the moment it's an updated, corrected, and expanded version of the "gray matter", the exposition portions of the first edition.... The URL for the alpha-beta version of this Web book is satchell.net/ipstacks for your reading pleasure. The companion e-mail address is up and running for you to provide feedback. There is no paywall. But there's also an ingenious solution to the problem of updating the text as the code of the kernel keeps changing: Thanks to the work of Professor Donald Knuth (thank you!) on his WEB and CWEB programming languages, I have made modifications, to devise a method for integrating code from the GIT repository of the Linux kernel without making any modifications (let alone submissions) to said kernel code. The proposed method is described in the About section of the Web book. I have scaffolded the process and it works. But that's not the hard part. The hard part is to write the commentary itself, and crib some kind of Markup language to make the commentary publishing quality. The programs I write will integrate the kernel code with the commentary verbiage into a set of Web pages. Or two slightly different sets of web pages, if I want to support a mobile-friendly version of the commentary. Another reason for making it a web book is that I can write it and publish it as it comes out of my virtual typewriter. No hard deadlines. No waiting for the printers. And while this can save trees, that's not my intent. The back-of-the-napkin schedule calls for me to to finish the expository text in September, start the Python coding for generating commentary pages at the same time, and start the writing the commentary on the Internet Control Message Protocol in October. By then, Linus should have version 6.0.0 of the Linux kernel released. I really, really, really don't want to charge readers to view the web book. Especially as it's still in the virtual typewriter. There isn't any commentary (yet). One thing I have done is to make it as mobile-friendly as I can, because I suspect the target audience will want to read this on a smartphone or tablet, and not be forced to resort to a large-screen laptop or desktop. Also, the graphics are lightweight to minimize the cost for people who pay by the kilopacket. (Does anywhere in the world still do this? Inquiring minds want to know.) I host this web site on a Protectli appliance in my apartment, so I don't have that continuing expense. The power draw is around 20 watts. My network connection is AT&T fiber — and if it becomes popular I can always upgrade the upstream speed. The thing is, the cat needs his kibble. I still want to know if there is a source of funding available. Also, is it worthwhile to make the pages available in a zip file? Then a reader could download a snapshot of the book, and read it off-line.

Read more of this story at Slashdot.

Linux Foundation Announces the OpenWallet Foundation To Develop Interoperable Digital Wallets

Slashdot -

The Linux Foundation has announced plans for a new collaborative initiative designed to support interoperability across digital wallets, built on an open source bedrock. From a report: The OpenWallet Foundation (OWF), as the new effort is called, is the brainchild of Daniel Goldscheider, CEO of open banking startup Yes.com, though today's announcement reveals a broad gamut of buy-ins from multiple industry players including Okta, Ping Identity, Accenture, CVS Health, OpenID Foundation, among several other public and private bodies. With the Linux Foundation serving as the project's host, this gives OWF sizeable clout as it strives to enable what Goldscheider calls a "plurarity of wallets based on a common core," according to a press release. The news also comes as regulatory bodies across the globe are moving to support competition through enforcing interoperability across systems, including Europe which is currently trying to make messaging interoperability a thing.

Read more of this story at Slashdot.

Retbleed Fix Slugs Linux VM Performance By Up To 70 Percent

Slashdot -

VMware engineers have tested the Linux kernel's fix for the Retbleed speculative execution bug, and report it can impact compute performance by a whopping 70 percent. The Register reports: In a post to the Linux Kernel Mailing List titled "Performance Regression in Linux Kernel 5.19", VMware performance engineering staffer Manikandan Jagatheesan reports the virtualization giant's internal testing found that running Linux VMs on the ESXi hypervisor using version 5.19 of the Linux kernel saw compute performance dip by up to 70 percent when using single vCPU, networking fall by 30 percent and storage performance dip by up to 13 percent. Jagatheesan said VMware's testers turned off the Retbleed remediation in version 5.19 of the kernel and ESXi performance returned to levels experienced under version 5.18. Because speculative execution exists to speed processing, it is no surprise that disabling it impacts performance. A 70 percent decrease in computing performance will, however, have a major impact on application performance that could lead to unacceptable delays for some business processes. VMware's tests were run on Intel Skylake CPUs -- silicon released between 2015 and 2017 that will still be present in many server fleets. Subsequent CPUs addressed the underlying issues that allowed Retbleed and other Spectre-like attacks.

Read more of this story at Slashdot.

Exploring GNOME-Based UIs For Mobile Linux Devices

Slashdot -

"The GNOME desktop environment is one of the most popular user interfaces and suites of apps available for desktop Linux distributions," writes Liliputing. "Now a team of developers have been working to bring GNOME to mobile devices running Linux-based operating systems." GNOME Shell for mobile provides a touch-friendly user interface optimized for smartphones and tablets. And while it looks a bit like Android or iOS at first glance, there are a few key differences. The GNOME team have outlined some of them in an article about recent updates to GNOME Shell on mobile. Like other modern mobile user interfaces, you interact with GNOME shell using taps, swipes, and other gesture-based navigation. What's different is that Android has three different views for navigation: a home screen, app drawer, and multitasking view. iOS has two: home screen and multitasking. But GNOME Shell has a single screen that allows you to view and launch apps and switch between running apps using gestures. There's no need to wait for a new screen to load. In a nutshell, you can swipe up from the bottom of the any screen to view a list of installed apps, thumbnail images showing all currently running apps, and a search box. You can tap an app icon to launch a new app, enter a term in the search box to find an app, or swipe between running apps to switch which app runs in the foreground. You can also keep swiping upward to shrink the multitasking thumbnails and provide more room for app icons. And you can flick thumbnail previews upward to remove an app from the multitasking section. Typing in the search box will bring up relevant results including apps and settings. "One interesting new feature here is that notifications can be swiped away horizontally to close, and notification bubbles can be swiped up to hide them..." the developers point out. "While the current version is definitely still work in progress, it's quite usable overall, so we feel it would make sense to start having experimental GNOME OS Nightly images with it." But Liliputing also notes that it's not the only GNOME-based UI for mobile devices. There's also Purism's Phosh UI — the default UI for the PureOS on its Librem 5 smartphone (and available for other mobile Linux distros including Debian). And Purism recently bragged that its smartphone is now also "the first mobile computer with a truly convergent OS" — meaning it can run on multiple hardware platforms, with apps adapting to their hardware. The Librem 5 [smartphone] uses the same convergent PureOS as our Librem 14 laptop and Mini PCs, with the same adaptive applications that make the Librem 5 more than merely a phone, it's a mobile computer in your pocket that can shape shift into a laptop, tablet, desktop, or even a server.... Scale your Librem 5 up to be a full laptop by attaching the Nexdock. Because our core apps are adaptive, they are ready to run on whatever screen you have.... With phosh-mobile-settings installed, you can flip the nexdock around and use the big screen just like a tablet.... Don't have a laptop dock? The Librem 5 can also act like a desktop computer when connected to a screen, keyboard, and mouse using our USB-C dock. Using the beta phom virtual mouse app, you can turn your Librem 5 into a touchpad mouse while it's connected to the big screen. With the Librem 5, you can keep your desktop computer in your pocket and connect to a bigger screen at home or at the office and use the same apps on the bigger screen without restarting.... With the Librem 5 phone, you're getting much more than smartphone to run mobile-only apps; you're getting a laptop, tablet, desktop, all running software that respects your privacy and freedom.

Read more of this story at Slashdot.

Powerful New Linux Malware Shikitega Uses Unusual Multi-Stage Stealth

Slashdot -

Here's a warning from the threat intelligence unit of AT&T Cybersecurity, AT&T Alien Labs: With a rise of nearly 650% in malware and ransomware for Linux this year, reaching an all-time high in the first half year of 2022, threat actors find servers, endpoints and IoT devices based on Linux operating systems more and more valuable and find new ways to deliver their malicious payloads. New malwares like BotenaGo and EnemyBot are examples of how malware writers rapidly incorporate recently discovered vulnerabilities to find new victims and increase their reach. But they've discovered a new malware targetting Linux endpoints and IoT devices, stealthily "delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist." The Register summarizes their report: The malware was dubbed "Shikitega" for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to "mutate" its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T said each deliver multiple attacks, beginning with an ELF file that's just 370 bytes... AT&T didn't say how the initial infection occurs, but it did say Shikitega exploits two Linux vulnerabilities disclosed in 2021 to achieve its ultimate objective, which AT&T said appears to be the installation and execution of the XMRig cryptocurrency miner. The final stage also establishes persistence, which Shikitega does by downloading and executing five shell scripts that configure a pair of cron jobs for the current user and a pair for the root user using crontab, which it can also install if not available. Shikitega also uses cloud hosting solutions to store parts of its payload, which it further uses to obfuscate itself by contacting via IP address instead of domain name....> > Bottom line: Shikitega is a nasty piece of code. AT&T recommends Linux endpoint and IoT device managers keep security patches installed, keep EDR software up to date and make regular backups of essential systems. Ars Technica reports: The ultimate objective of the malware isn't clear. It drops the XMRig software for mining the Monero cryptocurrency, so stealthy cryptojacking is one possibility. But Shikitega also downloads and executes a powerful Metasploit package known as Mettle, which bundles capabilities including webcam control, credential stealing, and multiple reverse shells into a package that runs on everything from "the smallest embedded Linux targets to big iron." Mettle's inclusion leaves open the potential that surreptitious Monero mining isn't the sole function.... Given the work the unknown threat actors responsible devoted to the malware's stealth, it wouldn't be surprising if the malware is lurking undetected on some systems.

Read more of this story at Slashdot.

Attacks on Linux Servers Rose 75% Over Last Year, Warn Security Researchers

Slashdot -

"There's been a big rise in ransomware attacks targeting Linux," reports ZDNet, "as cyber criminals look to expand their options and exploit an operating system that is often overlooked when businesses think about security." According to analysis by cybersecurity researchers at Trend Micro, Linux servers are "increasingly coming under fire" from ransomware attacks, with detections up by 75% over the course of the last year as cyber criminals look to expand their attacks beyond Windows operating systems. Linux powers important enterprise IT infrastructure including servers, which makes it an attractive target for ransomware gangs — particularly when a perceived lack of threat to Linux systems compared with Windows means that cybersecurity teams might choose to focus on defending Windows networks against cybercrime. Researchers note that ransomware groups are increasingly tailoring their attacks to focus specifically on Linux systems. For example, LockBit is one of the most prolific and successful ransomware operations of recent times and now offers the option of a Linux-based variant that is designed to target Linux systems and has been used to conduct attacks in the wild.... And it isn't just ransomware groups that are increasingly turning their attentions towards Linux — according to Trend Micro, there's been a 145% increase in Linux-based cryptocurrency-mining malware attacks, where cyber criminals secretly exploit the power of infected computers and servers to mine for cryptocurrency for themselves. One of the ways cyber criminals are compromising Linux systems is by exploiting unpatched vulnerabilities. According to the report, these flaws include CVE-2022-0847 — also known as Dirty Pipe — a bug that affects the Linux kernel from versions 5.8 and up, which attackers can use to escalate their privileges and run code. Researchers warn that this bug is "relatively easy to exploit". The article recommends installing all security patches as soon as they're available — and implementing multi-factor authentication across your organization. And yes, it's the real ZDNet. They've just re-designed their web site...

Read more of this story at Slashdot.

Subscribe to EcuaLUG agregador: Noticias