Syndicate content
Your source for Linux and Open Source news, reviews, and howtos.
Updated: 10 weeks 2 days ago

Linux 4.15-rc7

Sun, 01/07/2018 - 23:27

Ok, we had an interesting week, and by now everybody knows why we were
merging all those odd x86 page table isolation patches without
following all of the normal release timing rules.

But rc7 itself is actually pretty calm. Yes, there were a few small
follow-up patches to the PTI code still, and yes, there's been a fair
amount of discussion about the exact details of the Spectre fixes, but
at least in general things have been nice and calm. And we're actually
back to "normal" in that most of the patches are drivers (mainly GPU,
some crypto, some random small things - input layer, platform drivers
etc). There are misc small filesystem and arch updates too.

The appended shortlog is small enough that it's easy to just scroll
down and get a feel for what happened.

Also: Linux Kernel 4.15 to Arrive in Two Weeks as Linus Torvalds Releases Seventh RC

Linux 4.15-rc7 Kernel Released

read more

Pros and cons of Linux

Sun, 01/07/2018 - 23:23

Obviously, as well as any other software or operating system, Linux has certain benefits and disadvantages. Most of them were already exposed. Linux might be rather disappointing for those who prefer playing games since not all of the are all available for this operating system's users. As well as for gamers, this system will be rather incomprehensible for newcomers due to a console that allows you to perform more complex operations, but demanding much more attention and skills to master it.

However, the major advantage for all the users is the security of this system. You may forget about viruses and antiviruses once and for all. Moreover, Linux is far less overloaded comparing with Windows, so it works much faster.

read more

Leftovers: Containers in Research, Opera, KDE Software, Thunderbolt 3, Android and Chrome OS

Sun, 01/07/2018 - 17:04
  • Containers in Research

    Last week, I attended the Docker Containers for Reproducible Research Workshop hosted by the Software Sustainability Institute. Many talks were addressing how containers can be used in a high performance computing (HPC) environment. Since running the Docker daemon requires root privileges, most administrators are reluctant to allow users running Docker containers in a HPC environment. This issue as been addressed by Singularity, which is an alternative conterization technology that does not require root privileges. The nice thing is that Singularity allows importing existing Docker images, which allows you creating a Singularity container from anything that is on Docker Hub. Although I only used Docker so far, Singularity sounds like a nice technology I would like to explore in the future.

  • Opera 50 Web Browser Features Cryptocurrency Mining Protection
  • Latte bug fix release v0.7.3 and some news...

    Latte Dock v0.7.3 has been released containing many important fixes and improvements! Soon at your distro repos or...

  • Discussing the future of Cantor

    It is common to use the new year date to start new projects or give new directions for old ones. The last one is the case for Cantor.

    Since when I got the maintainer status for Cantor, I was working to improve the community around the software. Because the great plugins systems of Qt, it is easy to write new backends for Cantor, and in fact in last years Cantor reached the number of 11 backends.

  • Fedora 28 Aiming For Secure Thunderbolt 3 Support

    If Fedora developers are successful, Fedora 28 will feature secure and properly supported Thunderbolt 3 device handling out-of-the-box.

    Long story short, Fedora 28 will hopefully be featuring Red Hat's Bolt project for dealing with modern Thunderbolt devices. With Thunderbolt allowing for direct access to the PCI Express bus, it opens the system up to DMA attacks and other vulnerabilities. But under Thunderbolt 3 is support for security levels by which devices can be restricted to only DisplayPort acess, user authorization of devices, and secure access. The Linux kernel changes for dealing with Thunderbolt 3 is in place but the user-space portion is not.

  • 8 Best Android Launchers To Enhance Looks And Performance Of Your Device in 2018

    Android’s dominance over other mobile operating systems is mainly due to the endless customization opportunities it provides to its user base. Launchers are one of the most customizable parts of Android. Android smartphones are inoperable without a launcher, which comprises of your home screen and the catalog of all the apps available on your device. So every device comes with a default launcher pre-installed.

  • This is the new Acer Chromebook 11

    Many people diss Chromebooks because they simply don't understand them. No, Chrome OS -- the operating system that powers these laptops -- is not just a glorified web browser. Actually, the OS is a full Linux distribution that is both extremely secure and easy to use. True, they can be deficient for some tasks, such as video editing and hardcore gaming, but let's be honest -- not everyone has those needs. If everything you do is in a browser -- email, web surfing, social media, YouTube, Netflix, etc. -- there is no reason to run Windows and open yourself up to malware and other bad things. Hell, Chromebooks even have Microsoft Office support these days!

read more

Kernel and Graphics: LightNVM, Year 2038 and More

Sun, 01/07/2018 - 17:02
  • LightNVM 2.0 Support Being Prepped For Linux 4.16

    LightNVM is the abstraction layer within the Linux kernel for supporting open-channel NVM Express solid-state drives. LightNVM 2.0 is on the way.

    LightNVM 2.0 is on the way and is currently available as a public draft specification. This updated specification will be released soon for dealing with these SSDs that leave management up to the operating system rather than the drive itself.

  • Input Drivers Are Being Prepped For Year 2038 Safety

    While kernel developers are busy with Spectre and Meltdown bugs right now, 20 years from now is the big "Year 2038" problem. Kernel developers are still working through the massive codebase to allow it to function past this "Unix Millenium Bug."

    The Year 2038 problem is when on 19 January 2038 that Unix systems storing time as a 32-bit integer will wrap around. Developers for years have been working on Year 2038 fixes but the kernel isn't quite tidied up yet.

  • Radeon+Ryzen CPUFreq CPU Scaling Governor Benchmarks On Linux 4.15

    Taking a break from KPTI and Retpoline benchmarks, here are some tests recently conducted with Linux 4.15 when it comes to trying out the different CPUFreq scaling governors with this latest kernel and running various games with a Radeon RX 580 Polaris graphics card.

  • VK9, the project to get Direct3D 9 applications to run with Vulkan reached another milestone

    In late December last year, the developer of the VK9 project emailed us about hitting another milestone with their project to get Direct3D 9 applications to run with Vulkan.

read more

Games: Wine 3.0 RC5, Super Indie Kart and More

Sun, 01/07/2018 - 17:00

read more

OSS and Sharing

Sun, 01/07/2018 - 16:51
  • Computer History Museum will release Apple's Lisa Operating system for free as open source

    The Computer History Museum in California has planned to release Apple's legendary Lisa operating system (OS) for free as open source this year, the media reported.

  • Germany vs Elsevier: universities win temporary journal access after refusing to pay fees

    The Dutch publishing giant Elsevier has granted uninterrupted access to its paywalled journals for researchers at around 200 German universities and research institutes that had refused to renew their individual subscriptions at the end of 2017.

    The institutions had formed a consortium to negotiate a nationwide licence with the publisher. They sought a collective deal that would give most scientists in Germany full online access to about 2,500 journals at about half the price that individual libraries have paid in the past. But talks broke down and, by the end of 2017, no deal had been agreed. Elsevier now says that it will allow the country’s scientists to access its paywalled journals without a contract until a national agreement is hammered out.

  • Open Source Prosthetic Leg, with Elliott Rouse

    Elliott Rouse is an Assistant Professor in the Mechanical Engineering Department at the University of Michigan, where he directs the Neurobionics Lab. The vision of his group is to discover the fundamental science that underlies human joint dynamics during locomotion and incorporate these discoveries in a new class of wearable robotic technologies. The Lab uses technical tools from mechanical and biomedical engineering applied to the complex challenges of human augmentation, physical medicine, rehabilitation and neuroscience. Dr. Rouse and his research have been featured at TED, on the Discovery Channel, CNN, National Public Radio, Wired Magazine UK, Business Insider, and Odyssey Magazine.

  • Rust 1.23 Lowers Rustc Memory Usage

    For fans of Rust that didn't hear yet, Rust 1.23 was released this week as the newest stable version of this popular programming language focused on safety, speed, and concurrency.

  • A Brief History of sed
  • tint 0.0.5

    A maintenance release of the tint package arrived on CRAN earlier this week. Its name expands from tint is not tufte as the package offers a fresher take on the Tufte-style for html and pdf presentations.

read more

Security: CPU Bugs, Western Digital Back Doors

Sun, 01/07/2018 - 16:46
  • There will always be hardware bugs

    By now everyone has seen the latest exploit, meltdown and spectre, complete with logos and full academic paper. The gist of this is that side channel attacks on CPUs are now actually plausible instead of mostly theoretical. LWN (subscribe!) has a good collection of posts about actual technical details and mitigations. Because this involves hardware and not just software, fixes get more complicated.

  • What are Meltdown and Spectre? Here’s what you need to know.
  • Intel faces class action lawsuits regarding Meltdown and Spectre

    The three lawsuits—filed in California, Indiana, and Oregon (PDF)—cite not just the security vulnerabilities and their potential impact, but also Intel's response time to them. Researchers notified Intel about the flaws in June. Now, Intel faces a big headache. The vast majority of its CPUs in use today are impacted, and more class action complaints may be filed beyond these three.

  • Western Digital My Cloud drives have a built-in backdoor

    Western Digital's network attached storage solutions have a newfound vulnerability allowing for unrestricted root access.
    James Bercegay disclosed the vulnerability to Western Digital in mid-2017. After allowing six months to pass, the full details and proof-of-concept exploit have been published. No fix has been issued to date.
    More troubling is the existence of a hard coded backdoor with credentials that cannot be changed. Logging in to Western Digital My Cloud services can be done by anybody using "mydlinkBRionyg" as the administrator username and "abc12345cba" as the password. Once logged in, shell access is readily available followed with plenty of opportunity for injection of commands.

read more

Ubuntu 17.10 Will Be Re-Released on January 11, Will No Longer Brick Laptops

Sun, 01/07/2018 - 15:24

Lenovo laptops were among those most affected by the ‘bug’, though reports were also filed by users of devices from other computer vendors, including Acer and Dell.

The bug could corrupt the BIOS of an affected laptop, leaving the user unable to save settings or make changes. In extreme cases the bug left users unable to boot their laptop at all.

read more

Linux 4.16 To Feature More BFQ Optimizations

Sun, 01/07/2018 - 13:30

For fans of the BFQ I/O scheduler, more improvements for it are coming with Linux 4.16.

Linaro's Paolo Valente had his latest feature updates for the Budget Fair Queueing (BFQ) I/O scheduler pulled in to the block subsystem's "-next" tree, a few weeks ahead of the Linux 4.16 merge window.

read more

Chrome and Mozilla (Robert O'Callahan Unlocks Secrets)

Sun, 01/07/2018 - 07:56
  • Robert O'Callahan: Ancient Browser-Wars History: MD5-Hashed Posts Declassified

    Another lesson: in 2007-2008 I was overly focused on toppling IE (and Flash and WPF), and thought having all the open-source browsers sharing a single engine implementation wouldn't be a big problem for the Web. I've changed my mind completely; the more code engines share, the more de facto standardization of bugs we would see, so having genuinely separate implementations is very important.

    I'm very grateful to Brendan and others for disregarding my opinions and not letting me lead Mozilla down the wrong path. It would have been a disaster for everyone.

    To let off steam, and leave a paper trail for the future, I wrote four blog posts during 2007-2008 describing some of my thoughts, and published their MD5 hashes. The aftermath of the successful Firefox 57 release seems like an appropriate time to harmlessly declassify those posts. Please keep in mind that my opinions have changed.

  • On Keeping Secrets

    Once upon a time I was at a dinner at a computer science conference. At that time the existence of Chrome was a deeply guarded secret; I knew of it, but I was sworn to secrecy. Out of the blue, one of my dinner companions turned to me and asked "is Google working on a browser?"


    One thing I really enjoyed about working at Mozilla was that we didn't have many secrets to keep. Most of the secrets I had to protect were about other companies. Minimizing one's secrecy burden generally seems like a good idea, although I can't eliminate it because it's often helpful to other people for them to be able to share secrets with me in confidence.

  • Chrome is turning into the new Internet Explorer 6


    Chrome, in other words, is being used in the same way that Internet Explorer 6 was back in the day — with web developers primarily optimizing for Chrome and tweaking for rivals later. To understand how we even got to this stage, here’s a little (a lot) of browser history. If you want to know why saying "Chrome is the new Internet Explorer 6" is so damning, you have to know why IE6 was a damnable problem in the early ‘00s.

read more

Security: Meltdown & Spectre, Critical CSRF Security Vulnerability, OpenVPN and More

Sun, 01/07/2018 - 05:02
  • Meltdown & Spectre
  • Meltdown and Spectre Linux Kernel Status

    By now, everyone knows that something “big” just got announced regarding computer security. Heck, when the Daily Mail does a report on it , you know something is bad…

    Anyway, I’m not going to go into the details about the problems being reported, other than to point you at the wonderfully written Project Zero paper on the issues involved here. They should just give out the 2018 Pwnie award right now, it’s that amazingly good.

    If you do want technical details for how we are resolving those issues in the kernel, see the always awesome lwn.net writeup for the details.

    Also, here’s a good summary of lots of other postings that includes announcements from various vendors.

  • Spectre and Meltdown: What you need to know going forward

    As you've likely heard by now, there are some problems with Intel, AMD, and ARM processors. Called Meltdown and Spectre, the discovered attack possibilities are rather severe, as they impact pretty much every technical device on the network or in your house (PCs, laptops, tablets, phones, etc.).

    Here's a breakdown of all the things you need to know. As things change, or new information becomes available, this article will be updated.

    The key thing to remember is not to panic, as the sky isn't about to come crashing down. The situation is one that centers on information disclosure, not code execution (a far more damning issue to deal with).

  • Open Source Leaders: Take Intel to Task

    I do not know Linus Torvalds or Theo de Raadt. I have never met either of them and have read very little about them. What I do know, gleaned from email archives, is when it comes to bum hardware: they both have pretty strong opinions. Both Linus and Theo can be a bit rough around the edges when it comes to giving their thoughts about hardware design flaws: but at least they have a voice. Also, Linus and Theo have often been at odds whether it be about how to approach OS design, licensing etc but I suspect, or I at least have to believe, the latest incident from intel (the Spectre and Meltdown flaws) is one area they agree on.

    Linus and Theo cannot possibly be the only Open Source leaders out there who are frustrated and tired of being jerked around by intel. What I hope comes out of this is not many different voices saying the same thing here and there but instead, perhaps, our various leaders could get together and take intel to task on this issue. Intel not only created a horrible design flaw they lied by omission about it for several months. During those months the Intel CEO quietly dumped his stock. What a hero.

  • Docker Performance With KPTI Page Table Isolation Patches

    Overall most of our benchmarks this week of the new Linux Kernel Page Table Isolation (KPTI) patches coming as a result of the Meltdown vulnerability have showed minimal impact overall on system performance. The exceptions have obviously been with workloads having high kernel interactions like demanding I/O cases and in terms of real-world impact, databases. But when testing VMs there's been some minor impact more broadly than bare metal testing and also Wine performance has been impacted. The latest having been benchmarked is seeing if the Docker performance has been impacted by the KPTI patches to see if it's any significant impact since overall the patched system overhead certainly isn't anything close to how it was initially hyped by some other media outlets.

  • Can We Replace Intel x86 With an Open Source Chip?
  • Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched

    A "cross site request forgery" vulnerability in a popular tool for administrating MySQL and MariaDB databases that could lead to data loss has been patched.

  • 8 reasons to replace your VPN client with OpenVPN

    OpenVPN could be the answer. It's an ultra-configurable open source VPN client which works with just about any VPN provider that supports the OpenVPN protocol. It gives you new ways to automate, optimize, control and troubleshoot your connections, and you can use it alongside your existing client, or maybe replace it entirely – it's your call.

  • I’m harvesting credit card numbers and passwords from your site. Here’s how.

read more

Solaris 11.4 To Move From GNOME 2 Desktop To GNOME Shell

Sun, 01/07/2018 - 01:46

For those happening to use Oracle Solaris on desktops/workstations, Solaris 11.4 will finally be making the transition from GNOME 2 to the GNOME 3.24 Shell.

GNOME Shell has been the default GNOME user interface since 2011 while with the upcoming Solaris 11.4 update is when Oracle is finally making the plunge from GNOME 2.x to GNOME 3.24. Longtime Sun/Solaris developer Alan Coopersmith confirmed, "Gnome Shell is coming in Solaris 11.4, which upgrades GNOME to version 3.24."

read more

4MLinux 23.2 released.

Sun, 01/07/2018 - 01:24

This is a minor (point) release in the 4MLinux STABLE channel, which comes with the Linux kernel 4.9.75 (*). The 4MLinux Server now includes Apache 2.4.29, MariaDB 10.2.11, and PHP 7.0.26 (see this post for more details). Additionally, some popular programs (Audacity, Chromium, VLC) have been updated, too. 4MLinux 23.2 includes bugfixes for VLC (which now plays the "https" network streams correctly) and Chromium (restored good sound quality).

You can update your 4MLinux by executing the "zk update" command in your terminal (fully automatic process).

read more

Security: Currencies, Marcus Hutchins, and Hardware Bugs

Sat, 01/06/2018 - 17:21
  • Hot New Cryptocurrency Trend: Mining Malware That Could Fry Your Phone
  • PyCryptoMiner Attacks Linux Machines And Turns Them Into Monero-mining Bots
  • Marcus Hutchins' lawyers seek information around arrest

    Lawyers acting for British security researcher Marcus Hutchins have filed a motion seeking additional information on a number of aspects surrounding his arrest in order to prepare for a trial that is expected to take place this year.

  • AMD Did NOT Disable Branch Prediction With A Zen Microcode Update

    With the plethora of software security updates coming out over the past few days in the wake of the Meltdown and Spectre disclosure, released by SUSE was a Family 17h "Zen" CPU microcode update that we have yet to see elsewhere... It claims to disables branch prediction, but I've confirmed with AMD that is not actually the case.

    AMD did post a processor security notice where they noted their hardware was not vulnerable to variant threee / rogue data cache load, for the "branch target injection" variant that there was "near zero risk" for exploiting, and with the bounds check bypass it would be resolved by software/OS updates.

  • Spectre and Meltdown Attacks Against Microprocessors

    "Throw it away and buy a new one" is ridiculous security advice, but it's what US-CERT recommends. It is also unworkable. The problem is that there isn't anything to buy that isn't vulnerable. Pretty much every major processor made in the past 20 years is vulnerable to some flavor of these vulnerabilities. Patching against Meltdown can degrade performance by almost a third. And there's no patch for Spectre; the microprocessors have to be redesigned to prevent the attack, and that will take years. (Here's a running list of who's patched what.)

  • OpenBSD & FreeBSD Are Still Formulating Kernel Plans To Address Meltdown+Spectre

    On Friday DragonFlyBSD's Matthew Dillon already landed his DragonFly kernel fixes for the Meltdown vulnerability affecting Intel CPUs. But what about the other BSDs?

    As outlined in that article yesterday, DragonFlyBSD founder Matthew Dillon quickly worked through better kernel/user separation with their code to address the Intel CPU bug. Similar to Linux, the DragonFlyBSD fix should cause minimal to small CPU performance impact for most workloads while system call heavy / interrupt-heavy workloads (like I/O and databases) could see more significant drops.

  • Retpoline v5 Published For Fending Off Spectre Branch Target Injection

    David Woodhouse of Amazon has sent out the latest quickly-revising patches for introducing the "Retpoline" functionality to the Linux kernel for mitigating the Spectre "variant 2" attack.

    Retpoline v5 is the latest as of Saturday morning as the ongoing effort for avoiding speculative indirect calls within the Linux kernel for preventing a branch target injection style attack. These 200+ lines of kernel code paired with the GCC Retpoline patches are able to address vulnerable indirect branches in the Linux kernel.

    The Retpoline approach is said to only have up to a ~1.5% performance hit when patched... I hope this weekend to get around to trying these kernel and GCC patches on some of my systems for looking at the performance impact in our commonly benchmarked workloads. The Retpoline work is separate from the KPTI page table isolation work for addressing the Intel CPU Meltdown issue.

  • Intel hit with three class-action lawsuits over chip flaws
  • Meltdown, aka "Dear Intel, you suck"

    We have received *no* non-public information. I've seen posts elsewhere by other *BSD people implying that they receive little or no prior warning, so I have no reason to believe this was specific to OpenBSD and/or our philosophy. Personally, I do find it....amusing? that public announcements were moved up after the issue was deduced from development discussions and commits to a different open source OS project. Aren't we all glad that this was under embargo and strongly believe in the future value of embargoes?

  • Hack-proof Quantum Data Encryption

read more

Standards/Graphics: Alliance for Open Media (AOM), Vulkan 1.0.67, Mega/RadeonSI

Sat, 01/06/2018 - 17:19
  • Apple joins Alliance for Open Media to support online video compression

    Iphone flogger Apple has quietly joined the Alliance for Open Media (AOM), a consortium focused on developing next-generation media formats, codecs and technologies

  • Vulkan 1.0.67 Released With Conservative Rasterization Extension

    The Khronos Group has released their first Vulkan graphics/compute programming specification update of 2018.

    Vulkan 1.0.67 is the newest specification for this nearly two-year-old standard. It's been over one month since the Vulkan 1.0.66 update but now there's finally v1.0.67 to ring in the new year. While there's been a lot of time, this update mostly consists of documentation fixes and only one new extension.

  • Marek Working On 32-bit GPU Pointers For RadeonSI

    Well known open-source AMD 3D driver developer Marek Olšák has published a set of new patches featuring his latest optimization work: 32-bit GPU pointers.

    15 patches sent out this Saturday plumb into RadeonSI/Gallium3D support for 32-bit heaps, a 32-bit virtual memory allocator in the Radeon Winsys, and other changes for supporting 32-bit GPU pointers. These Mesa patches also depend upon two yet-to-be-merged LLVM patches in their AMDGPU back-end.

read more

Latest of LWN (Paywall Expired)

Sat, 01/06/2018 - 17:17
  • Python 3, ASCII, and UTF-8

    The dreaded UnicodeDecodeError exception is one of the signature "features" of Python 3. It is raised when the language encounters a byte sequence that it cannot decode into a string; strictly treating strings differently from arrays of byte values was something that came with Python 3. Two Python Enhancement Proposals (PEPs) bound for Python 3.7 look toward reducing those errors (and the related UnicodeEncodeError) for environments where they are prevalent—and often unexpected.

    Two related problems are being addressed by PEP 538 ("Coercing the legacy C locale to a UTF-8 based locale") and PEP 540 ("Add a new UTF-8 Mode"). The problems stem from the fact that locales are often incorrectly specified and that the default locale (the "POSIX" or "C" locale) specifies an ASCII encoding, which is often not what users actually want. Over time, more and more programs and developers are using UTF-8 and are expecting things to "just work".

  • Shrinking the kernel with link-time garbage collection

    One of the keys to fitting the Linux kernel into a small system is to remove any code that is not needed. The kernel's configuration system allows that to be done on a large scale, but it still results in the building of a kernel containing many smaller chunks of unused code and data. With a bit of work, though, the compiler and linker can be made to work together to garbage-collect much of that unused code and recover the wasted space for more important uses.
    This is the first article of a series discussing various methods of reducing the si

  • The current state of kernel page-table isolation

    At the end of October, the KAISER patch set was unveiled; this work separates the page tables used by the kernel from those belonging to user space in an attempt to address x86 processor bugs that can disclose the layout of the kernel to an attacker. Those patches have seen significant work in the weeks since their debut, but they appear to be approaching a final state. It seems like an appropriate time for another look.
    This work has since been renamed to "kernel page-table isolation" or KPTI, but the objective remains the same: split the page tables, which are currently shared between user and kernel space, into two sets of tables, one for each side. This is a fundamental change to how the kernel's memory management works and is the sort of thing that one would ordinarily expect to see debated for years, especially given its associated performance impact. KPTI remains on the fast track, though. A set of preparatory patches was merged into the mainline after the 4.15-rc4 release — when only important fixes would ordinarily be allowed — and the rest seems destined for the 4.16 merge window. Many of the core kernel developers have clearly put a lot of time into this work, and Linus Torvalds is expecting it to be backported to the long-term stable kernels.

    KPTI, in other words, has all the markings of a security patch being readied under pressure from a deadline. Just in case there are any smug ARM-based readers out there, it's worth noting that there is an equivalent patch set for arm64 in the works.

  • Containers without Docker at Red Hat

    The Docker (now Moby) project has done a lot to popularize containers in recent years. Along the way, though, it has generated concerns about its concentration of functionality into a single, monolithic system under the control of a single daemon running with root privileges: dockerd. Those concerns were reflected in a talk by Dan Walsh, head of the container team at Red Hat, at KubeCon + CloudNativeCon. Walsh spoke about the work the container team is doing to replace Docker with a set of smaller, interoperable components. His rallying cry is "no big fat daemons" as he finds them to be contrary to the venerated Unix philosophy.

  • Demystifying container runtimes

    As we briefly mentioned in our overview article about KubeCon + CloudNativeCon, there are multiple container "runtimes", which are programs that can create and execute containers that are typically fetched from online images. That space is slowly reaching maturity both in terms of standards and implementation: Docker's containerd 1.0 was released during KubeCon, CRI-O 1.0 was released a few months ago, and rkt is also still in the game. With all of those runtimes, it may be a confusing time for those looking at deploying their own container-based system or Kubernetes cluster from scratch. This article will try to explain what container runtimes are, what they do, how they compare with each other, and how to choose the right one. It also provides a primer on container specifications and standards.

  • HarfBuzz brings professional typography to the desktop

    By their nature, low-level libraries go mostly unnoticed by users and even some programmers. Usually, they are only noticed when something goes wrong. However, HarfBuzz deserves to be an exception. Not only does the adoption of HarfBuzz mean that free software's ability to convert Unicode characters to a font's specific glyphs is as advanced as any proprietary equivalent, but its increasing use means that professional typography can now be done from the Linux desktop as easily as at a print shop.

    "HarfBuzz" is a transliteration of the Persian for "open type." Partly, the name reflects that it is designed for use with OpenType, the dominant format for font files. Equally, though, it reflects the fact that the library's beginnings lie in the wish of Behdad Esfahbod, HarfBuzz's lead developer, to render Persian texts correctly on a computer.

    "I grew up in a print shop," Esfahbod explained during a telephone interview. "My father was a printer, and his father was a printer. When I was nine, they got a PC, so my brother and I started learning programming on it." In university, Esfahbod tried to add support for Unicode, the industry standard for encoding text, to Microsoft Explorer 5. "We wanted to support Persian on the web," he said. "But the rendering was so bad, and we couldn't fix that, so we started hacking on Mozilla, which back then was Netscape."

    Esfahbod's early interest in rendering Persian was the start of a fifteen-year effort to bring professional typography to every Unicode-supported script (writing system). It was an effort that led through working on the GNOME desktop for Red Hat to working on Firefox development at Mozilla and Chrome development at Google, with Esfahbod always moving on amiably to wherever he could devote the most time to perfecting HarfBuzz. The first general release was reached in 2015, and Esfahbod continues to work on related font technologies to this day.

read more

A quick update: eelo is getting some momentum

Sat, 01/06/2018 - 17:16

Honestly, when I started eelo a few weeks ago, I thought that maybe it would catch the attention of a few hundreds people in my personal network, and be a cool “side-project” project for me. Nothing more…

But the Kickstarter campaign seems to actually catch a lot of attention. It completed its initial goal in 6 days and did 200% in 15 days. We’re getting more and more articles about eelo in the press, and more than 2600 people have registered at eelo.io.

What’s more interesting is that the incoming web traffic at eelo.io is coming from all over the world. So either eelo is addressing a “global niche”, or it really has the potential to become a game changer. And as concerns about data privacy are really growing, my bet is that we could actually become a game changer.

read more