Industry News

Say Hi to Subutai

Alex Karasulu — Thu, 05 Oct 2017 10:42:47 +0000

I learned about Subutai from Philip Sheldrake of the Digital Life Collective (and much else) and thought it deserved attention here at Linux Journal, so I offered this space for that. Alex Karasulu did most of the writing, but it was a team effort with help from Jon 'maddog' Hall, Philip Sheldrake and Steve Taylor.—Doc Searls

What Is Subutai?

Subutai is an open-source project and platform that lets anyone share, barter or rent computer resources to create clouds from the edge rather than centralized locations. Available devices can attach to these clouds hovering on the edge. We started calling it Social Cloud Computing, but technically, Subutai is a dynamic p2p multi-cloud made possible thanks to Lightweight Linux Containers and software-defined networking. Think Amazon's Virtual Private Cloud, but running on your computers and the computers of social contacts who share their computer resources with you. Or, think AirBnB on computers for the people's cloud.

Subutai partners with the Digital Life Collective, a member co-operative that researches, develops, funds and supports what we call "tech we trust"—those technologies that put the individual's autonomy, privacy and dignity first, or that support those technologies that do. Our tech, not their tech.

We work together so Subutai can help prevent our privacy from being compromised and our every action from being analyzed. That means not being tied to large cloud providers and giving us the option to use resources we have on hand.

How Does It Work?

You set how much of your computers' resources you're willing to share with others. Rules and quotas are used to share with contacts from your social-media accounts. Once your network of friends, family and colleagues share with you, the stage is set to create clouds across shared computer resources.

When someone creates a cloud, peer computers authorized to share resources with the cloud's owner swarm together (like bees) to form an n-way virtual private network (VPN). A peer is a group of computers with resources that can be shared with others. A peer can be a rack of computers or a single virtual machine running on your laptop.

Peers contribute resources into the VPN as Linux container hosts. Whatever the underlying hardware, operating system or virtualization technology, resources are presented canonically to environments as containers. The VPN provides secure connectivity between these containers across the internet.

Go to Full Article

Getting Sticky with It

Shawn Powers — Wed, 19 Jul 2017 13:33:09 +0000

by Shawn Powers

Although they might not be so good for credit cards or floppy disks, magnets are one of those things that always have fascinated me. For the past few years, I've wanted to get a set of the round Zen Magnets to play with—they're sort of like an extra science-y version of LEGOs. Unfortunately, before I was able to purchase any, the US government banned their sale!

Recently, the folks at Zen Magnets won their long legal battle and are able to sell tiny, strong magnets again. The regular-size Zen Magnets aren't available yet, but thankfully, production once again can begin. In the meantime, I was able to order "micromagnets" from the same company. They work just like Zen Magnets, but are tinier. I decided to order a couple sets, because I'm impatient and also to support the company who fought the battle allowing magnets to be sold in the US once again.

These are what I made last night with my new micromagnets. I can hardly wait for the full-size ones!

To read about the legal battle, check out the blog here. And while you're there, feel free to pre-order some Zen Magnets. I sure did!

Go to Full Article

FreeDOS Is 23 Years Old, and Counting

Jim Hall — Fri, 30 Jun 2017 20:49:57 +0000

by Jim Hall

The FreeDOS Project has just reached its 23rd birthday! This is a major milestone for any free software or open-source software project.

If you don't know about FreeDOS, it's a small project that replaces MS-DOS, which was the mainstay operating system for most personal computers in the 1980s and 1990s. During that era, I was a huge MS-DOS fan. I used DOS for everything and considered myself a DOS "power-user". I even wrote my own utilities and tools to expand the MS-DOS command-line environment and make DOS more useful.

I was aware of other operating systems, of course. In the early 1990s, my university installed Windows in the PC computer labs. But if you remember Windows 3.1 at the time, it was a pretty rough environment. I didn't like that you could interact with Windows only via a mouse; there was no command line. I preferred working at the command line.

So I was understandably distressed in 1994 when I read via various tech magazines that Microsoft planned to eliminate MS-DOS with the next version of Windows. I decided that if the next evolution of Windows was going to be anything like Windows 3.1, I wanted nothing to do with it.

But what to do? If Microsoft killed MS-DOS, what would be left for those of us who preferred typing at the DOS command line? Sure, there was Linux, but Linux couldn't run MS-DOS applications—and there were a lot of great DOS applications.

I decided to create my own version of DOS. And on June 29, 1994, I posted an announcement to a discussion group, which said in part:

A few months ago, I posted articles relating to starting a public domain version of DOS. The general support for this at the time was strong, and many people agreed with the statement, "start writing!" So, I have...

Announcing the first effort to produce a PD-DOS. I have written up a "manifest" describing the goals of such a project and an outline of the work, as well as a "task list" that shows exactly what needs to be written. I'll post those here, and let discussion follow.

Our "PD-DOS" project (for "Public Domain DOS") quickly grew into FreeDOS. And 23 years later, FreeDOS is still going strong!

Today, many people around the world install FreeDOS to play classic DOS games, run legacy business software or develop embedded systems. These days, I think that still represents most of the usage of FreeDOS. Although I'll admit most people probably run FreeDOS to play DOS games, and that's okay with me. Just because it's an old game doesn't mean it's boring—and DOS had a lot of great games.

Go to Full Article

From vs. to + for Microsoft and Linux

Doc Searls — Tue, 07 Feb 2017 10:51:34 +0000

by Doc Searls

In November 2016, Microsoft became a platinum member of the Linux Foundation, the primary sponsor of top-drawer Linux talent (including Linus), as well as a leading organizer of Linux conferences and source of Linux news.

Does it matter that Microsoft has a long history of fighting Linux with patent claims? Seems it should. Run a Google search for "microsoft linux patents", and you'll get almost a half-million results, most of which raise questions. Is Microsoft now ready to settle or drop claims? Is this about keeping your friends close and your enemies closer? Is it just a seat at a table it can't hurt Microsoft to sit at?

Maybe it will help to look at patents in general, rather than any of the ones you'll find in contention (or potential contention) at that last link.

The history of patents, at least in the US, is thick with ironies, such as the one we see here, starting with Thomas Jefferson's famous letter to Isaac McPherson in 1813. Here's the relevant excerpt:

Stable ownership is the gift of social law, and is given late in the progress of society. It would be curious then, if an idea, the fugitive fermentation of an individual brain, could, of natural right, be claimed in exclusive and stable property. If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me. That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation. Inventions then cannot, in nature, be a subject of property. Society may give an exclusive right to the profits arising from them, as an encouragement to men to pursue ideas which may produce utility, but this may or may not be done, according to the will and convenience of the society, without claim or complaint from anybody.

Go to Full Article

Steven Ovadia's Learn Linux in a Month of Lunches (Manning Publications Co.)

James Gray — Wed, 05 Oct 2016 13:45:00 +0000

by James Gray

Yes, Steven Ovadia's new book for Linux "noobs" is titled Learn Linux in a Month of Lunches, but readers may need two-hour lunches and weekends to attain the ambitious goal implied in the title. No matter though, because this "study while dining" series of books from Manning Publications offers a fine approach to learning the essentials of our beloved OS, from installation to networking, installing software and securing a system.

Readers just curious about Linux or needing to get up and running for their jobs will appreciate how this book concentrates on need-to-know tasks. By digesting targeted, easy-to-follow, compact lessons, readers learn how to use the command line, customize a desktop, print, choose the right application for their needs and more. Readers who make it to the end of the book are treated to topics like filesystems, GitLab and using Linux professionally—for example, certifications. Although new Linux users may be overwhelmed at first, Ovadia's book illustrates how learning Linux doesn't have to be hard, and the payoff is great.

Go to Full Article

Senet IoT Foundry

James Gray — Tue, 04 Oct 2016 11:30:00 +0000

by James Gray

Startup companies and even large enterprises may not be able to harness the full range of skills required to deliver vertically complete IoT solutions to their customers. To assist these companies in getting to market and solving their customers' problems, Senet introduces Senet IoT Foundry, a suite of development services—training, development tools, a network sandbox and technical consulting services—that help IoT solution developers create and launch LoRa-compliant IoT products and applications.

Senet calls itself the first and only North American provider of public, LoRa-based, low-power, wide-area networks (LPWANs) for Internet of Things (IoT) applications, putting it in a strong position to support companies in their commercialization of LoRa-based LPWAN products and solutions.

Senet is a contributing member of the LoRa Alliance and was the first in North America to gain FCC certification on LoRa-based sensors and gateways. As a result, the company claims to possess a treasure chest of high-level designs, best practices and development tools that can benefit other ecosystem partners. Users of Senet IoT Foundry services can opt to follow the Foundry's four-step development program, or pick and choose the services they need most.

Go to Full Article

Updates from LinuxCon and ContainerCon, Toronto, August 2016

John S. Tonello — Tue, 23 Aug 2016 13:00:00 +0000

by John S. Tonello

The Future of Linux: Continuing to Inspire Innovation and Openness

The first 25 years of Linux has transformed the world, not just computing, and the next 25 years will continue to see more growth in the Open Source movement, The Linux Foundation Executive Director Jim Zemlin said during the opening keynote of LinuxCon/ContainerCon in Toronto on Monday, August 22, 2016.

"Linux is the most successful software project in history", Zemlin said, noting that the humble operating sytem created by Linus Torvalds 25 years ago this week is behind much of today's software and devices.

But the message of Linux is far more than software, Zemlin said. It's about the open exchange of ideas that's world-changing and inspiring. The concept of sharing has changed how the world thinks about technology and how it's made, he said.

"We've learned that you can better yourself while bettering others at the same time", he said. "We're building the greatest shared technology asset in the history of computing."

In the coming years, Zemlin predicts an even more rapid shift to open source, particularly in a world that now makes it nearly impossible to deploy software without collaborating and taking advantage of open resources.

The Linux Foundation itself seeks to build on the work of the past 25 years by working to create and support standards for security and open-source rights, and increasing the diversity of the Open Source movement, Zemlin said.

Vendor Spotlight: Anchore—Container Management with an Eye to Deployment

When it comes to deploying containers, it's still a bit of the Wild West—particularly if you're hosting a shared cluster. What's really inside each container? Is the OS current? Is the security sufficient? Are there unpatched bugs?

Anchore, one of the container-related sponsors at LinuxCon 2016 and ContainerCon being held this week in Toronto, seeks to change that. The company offers a product (now in beta) that aims to provide container image management and analytics. According to CTO and co-founder Daniel Nurmi, the Anchore tools allow you to create a set of standards and test your containers against those standards before you deploy them to production. If you have a shared environment, the tools can give you insight into the often opaque nature of containers. Learn more here.

Go to Full Article

Contrast Security's Contrast Enterprise

James Gray — Thu, 02 Jun 2016 21:27:39 +0000

by James Gray

With more and more businesses running on the Node.js server-side JavaScript runtime environment, application vulnerabilities are a growing threat to entire organizations. The antidote to this problem, says Contrast Security, is the new Contrast Enterprise, which is marketed as the only application security product that enables the discovery and remediation of Node.js security vulnerabilities in real time. Contrast Enterprise achieves this without disrupting software development processes or involving application security experts.

Product features include high levels of accuracy so that developers don't burn cycles chasing false alarms; continuous operation throughout the Agile development process—that is, no security scans or waiting for results; and deep security instrumentation for identifying vulnerabilities across Node.js deployments, such as APIs, microservices, containers and libraries.

Go to Full Article

diff -u: What's New in Kernel Development

Zack Brown — Tue, 13 Oct 2015 17:25:32 +0000

by Zack Brown

Over time, memory can become more and more fragmented on a system, making it difficult to find contiguous blocks of RAM to satisfy ongoing allocation requests. At certain times the running system may compact regions of memory together to free up larger blocks, but Vlastimil Babka recently pointed out that this wasn't done regularly enough to avoid latency problems for code that made larger memory requests.

Vlastimil wanted to create a new per-CPU dæmon, called kcompactd, that would do memory compaction as an ongoing system activity.

The basic objection, voiced by David Rientjes, was that creating a whole new thread on all CPUs carried its own overhead issues. He suggested having one of the other per-CPU threads simply take on the additional memory compaction responsibilities. He identified the khugepaged dæmon as the best candidate.

Vlastimil actually had identified khugepaged as a candidate and rejected it, on the grounds that khugepage dealt only with THP (Transparent HugePages) memory use cases. These are an abstraction layer above regular memory allocation, so it wouldn't cover all possible cases, only user code that dealt with THPs.

David argued that THP allocations were where most compaction problems occurred, and that other allocation systems, like the SLUB allocator (used for highly efficient kernel allocations), were not part of the problem.

Eventually, it came out that David actually envisioned two forms of memory compaction. The first would be a periodic compaction effort that would happen regardless of the state of RAM. The second would be a compaction effort that would be triggered when particular regions of RAM were detected as being overly fragmented. By splitting these two forms of memory compaction from each other, David felt it would be possible to piggy-back various pieces of functionality onto different existing threads and avoid having to create a new per-CPU thread in the kernel.

A final design did not get hashed out during the discussion, but no one seemed to be saying that memory compaction itself was a bad goal. The question always was how to implement it. Mel Gorman even suggested that a fair bit of the work could be done from user space, via the SysFS interface. But, that idea wasn't explored during the discussion, so it seems that only technical obstacles could get in the way of some background memory compaction going into the kernel.

One problem with enabling the CONFIG_TRACING option in the kernel, as Tal Shorer recently pointed out, is that it would enable absolutely every tracepoint, causing a significant performance penalty. It made more sense, he felt, to allow users to enable tracepoints on just the subsystems they were interested in testing.

Go to Full Article

diff -u: What's New in Kernel Development

Zack Brown — Wed, 17 Jun 2015 20:15:35 +0000

by Zack Brown

When you run a program as setuid, it runs with all the permissions of that user. And if the program spawns new processes, they inherit the same permissions. Not so with filesystem capabilities. When you run a program with a set of capabilities, the processes it spawns do not have those capabilities by default; they must be given explicitly.

This seemed unintuitive to Christoph Lameter, who posted a patch to change capability inheritance to match the behavior of setuid inheritance. This turned out to inspire some controversy.

For one thing, filesystem capabilities never were defined fully in the POSIX standard and appear only in a draft version of POSIX that later was withdrawn, so there can't really be any discussion of whether one form of capabilities is "more compliant" than another.

There are other problems, such as the need to make sure that any changes to capabilities don't break existing code and the need to make sure that any ultimate solution remains secure.

One problem with Christoph's idea was that it tied capability inheritance to the file itself, but as Serge Hallyn pointed out, capabilities were tied to both the file and the user executing the file. Ultimately, Christoph decided to adapt his code to that constraint, introducing a new capability that would list the inheritable capabilities available for the user to apply to a given file.

Yalin Wang recently made an abortive effort to have /proc/stat list all CPUs on a given system, not just the on-line ones. This would be a very useful feature, because many modern systems bring CPUs on- and off-line at a rapid pace. Often the number of CPUs actually in use is less important than the number available to be used.

He posted a patch to change /proc/stat accordingly, and David Rientjes pointed out that the /sys/devices/cpu file would be a better location for this. Andrew Morton also pointed out that /proc/cpuinfo would be a good location for this kind of data as well. So, there definitely was some support for Yalin's idea.

Unfortunately, it turned out that some existing code in the Android kernel relied on the current behavior of those files—specifically desiring the number of on-line CPUs as opposed to the total number of CPUs on the system. With an existing user dependent on the existing behavior, it became a much harder sell to get the change into the kernel. Yalin would have to show a real need as opposed to just a sensible convenience, so his patch went nowhere.

Go to Full Article