git://git.nikiroo.be / gofetch.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Phoronix: fix first comment is article copy
[gofetch.git] / test / expected / LWN / 0000763252
CommitLineData
1aaa6ba3
NR		 1 LWN.NET WEEKLY EDITION FOR AUGUST 30, 2018 \r
2\r
3 \r
4\r
5 o News link: https://lwn.net/Articles/763252/\r
6 o Source link: \r
7\r
8\r
9 [1]Welcome to the LWN.net Weekly Edition for August 30, 2018\r
10 This edition contains the following feature content:\r
11 \r
12 [2]An introduction to the Julia language, part 1 : Julia is a\r
13 language designed for intensive numerical calculations; this\r
14 article gives an overview of its core features.\r
15 \r
16 [3]C considered dangerous : a Linux Security Summit talk on\r
17 what is being done to make the use of C in the kernel safer.\r
18 \r
19 [4]The second half of the 4.19 merge window : the final\r
20 features merged (or not merged) before the merge window closed\r
21 for this cycle.\r
22 \r
23 [5]Measuring (and fixing) I/O-controller throughput loss : the\r
24 kernel's I/O controllers can provide useful bandwidth\r
25 guarantees, but at a significant cost in throughput.\r
26 \r
27 [6]KDE's onboarding initiative, one year later : what has gone\r
28 right in KDE's effort to make it easier for contributors to\r
29 join the project, and what remains to be done.\r
30 \r
31 [7]Sharing and archiving data sets with Dat : an innovative\r
32 approach to addressing and sharing data on the net.\r
33 \r
34 This week's edition also includes these inner pages:\r
35 \r
36 [8]Brief items : Brief news items from throughout the\r
37 community.\r
38 \r
39 [9]Announcements : Newsletters, conferences, security updates,\r
40 patches, and more.\r
41 \r
42 Please enjoy this week's edition, and, as always, thank you\r
43 for supporting LWN.net.\r
44 \r
45 [10]Comments (none posted)\r
46 \r
47 [11]An introduction to the Julia language, part 1\r
48 \r
49 August 28, 2018\r
50 \r
51 This article was contributed by Lee Phillips\r
52 \r
53 [12]Julia is a young computer language aimed at serving the\r
54 needs of scientists, engineers, and other practitioners of\r
55 numerically intensive programming. It was first publicly\r
56 released in 2012. After an intense period of language\r
57 development, version 1.0 was [13]released on August 8. The 1.0\r
58 release promises years of language stability; users can be\r
59 confident that developments in the 1.x series will not break\r
60 their code. This is the first part of a two-part article\r
61 introducing the world of Julia. This part will introduce\r
62 enough of the language syntax and constructs to allow you to\r
63 begin to write simple programs. The following installment will\r
64 acquaint you with the additional pieces needed to create real\r
65 projects, and to make use of Julia's ecosystem.\r
66 \r
67 Goals and history\r
68 \r
69 The Julia project has ambitious goals. It wants the language\r
70 to perform about as well as Fortran or C when running\r
71 numerical algorithms, while remaining as pleasant to program\r
72 in as Python. I believe the project has met these goals and is\r
73 poised to see increasing adoption by numerical researchers,\r
74 especially now that an official, stable release is available.\r
75 \r
76 The Julia project maintains a [14]micro-benchmark page that\r
77 compares its numerical performance against both statically\r
78 compiled languages (C, Fortran) and dynamically typed\r
79 languages (R, Python). While it's certainly possible to argue\r
80 about the relevance and fairness of particular benchmarks, the\r
81 data overall supports the Julia team's contention that Julia\r
82 has generally achieved parity with Fortran and C; the\r
83 benchmark source code is available.\r
84 \r
85 Julia began as research in computer science at MIT; its\r
86 creators are Alan Edelman, Stefan Karpinski, Jeff Bezanson,\r
87 and Viral Shah. These four remain active developers of the\r
88 language. They, along with Keno Fischer, co-founder and CTO of\r
89 [15]Julia Computing , were kind enough to share their thoughts\r
90 with us about the language. I'll be drawing on their comments\r
91 later on; for now, let's get a taste of what Julia code looks\r
92 like.\r
93 \r
94 Getting started\r
95 \r
96 To explore Julia initially, start up its standard\r
97 [16]read-eval-print loop (REPL) by typing julia at the\r
98 terminal, assuming that you have installed it. You will then\r
99 be able to interact with what will seem to be an interpreted\r
100 language — but, behind the scenes, those commands are being\r
101 compiled by a just-in-time (JIT) compiler that uses the\r
102 [17]LLVM compiler framework . This allows Julia to be\r
103 interactive, while turning the code into fast, native machine\r
104 instructions. However, the JIT compiler passes sometimes\r
105 introduce noticeable delays at the REPL, especially when using\r
106 a function for the first time.\r
107 \r
108 To run a Julia program non-interactively, execute a command\r
109 like: $ julia script.jl\r
110 \r
111 Julia has all the usual data structures: numbers of various\r
112 types (including complex and rational numbers),\r
113 multidimensional arrays, dictionaries, strings, and\r
114 characters. Functions are first-class: they can be passed as\r
115 arguments to other functions, can be members of arrays, and so\r
116 on.\r
117 \r
118 Julia embraces Unicode. Strings, which are enclosed in double\r
119 quotes, are arrays of Unicode characters, which are enclosed\r
120 in single quotes. The " * " operator is used for string and\r
121 character concatenation. Thus 'a' and 'β' are characters, and\r
122 'aβ' is a syntax error. "a" and "β" are strings, as are "aβ",\r
123 'a' * 'β', and "a" * "β" — all evaluate to the same string.\r
124 \r
125 Variable and function names can contain non-ASCII characters.\r
126 This, along with Julia's clever syntax that understands\r
127 numbers prepended to variables to mean multiplication, goes a\r
128 long way to allowing the numerical scientist to write code\r
129 that more closely resembles the compact mathematical notation\r
130 of the equations that usually lie behind it. julia ε₁ = 0.01\r
131 \r
132 0.01\r
133 \r
134 julia ε₂ = 0.02\r
135 \r
136 0.02\r
137 \r
138 julia 2ε₁ + 3ε₂\r
139 \r
140 0.08\r
141 \r
142 And where does Julia come down on the age-old debate of what\r
143 do about 1/2 ? In Fortran and Python 2, this will get you 0,\r
144 since 1 and 2 are integers, and the result is rounded down to\r
145 the integer 0. This was deemed inconsistent, and confusing to\r
146 some, so it was changed in Python 3 to return 0.5 — which is\r
147 what you get in Julia, too.\r
148 \r
149 While we're on the subject of fractions, Julia can handle\r
150 rational numbers, with a special syntax: 3//5 + 2//3 returns\r
151 19//15 , while 3/5 + 2/3 gets you the floating-point answer\r
152 1.2666666666666666. Internally, Julia thinks of a rational\r
153 number in its reduced form, so the expression 6//8 == 3//4\r
154 returns true , and numerator(6//8) returns 3 .\r
155 \r
156 Arrays\r
157 \r
158 Arrays are enclosed in square brackets and indexed with an\r
159 iterator that can contain a step value: julia a = [1, 2, 3,\r
160 4, 5, 6]\r
161 \r
162 6-element Array{Int64,1}:\r
163 \r
164 1\r
165 \r
166 2\r
167 \r
168 3\r
169 \r
170 4\r
171 \r
172 5\r
173 \r
174 6\r
175 \r
176 julia a[1:2:end]\r
177 \r
178 3-element Array{Int64,1}:\r
179 \r
180 1\r
181 \r
182 3\r
183 \r
184 5\r
185 \r
186 As you can see, indexing starts at one, and the useful end\r
187 index means the obvious thing. When you define a variable in\r
188 the REPL, Julia replies with the type and value of the\r
189 assigned data; you can suppress this output by ending your\r
190 input line with a semicolon.\r
191 \r
192 Since arrays are such a vital part of numerical computation,\r
193 and Julia makes them easy to work with, we'll spend a bit more\r
194 time with them than the other data structures.\r
195 \r
196 To illustrate the syntax, we can start with a couple of 2D\r
197 arrays, defined at the REPL: julia a = [1 2 3; 4 5 6]\r
198 \r
199 2×3 Array{Int64,2}:\r
200 \r
201 1 2 3\r
202 \r
203 4 5 6\r
204 \r
205 julia z = [-1 -2 -3; -4 -5 -6];\r
206 \r
207 Indexing is as expected: julia a[1, 2]\r
208 \r
209 2\r
210 \r
211 You can glue arrays together horizontally: julia [a z]\r
212 \r
213 2×6 Array{Int64,2}:\r
214 \r
215 1 2 3 -1 -2 -3\r
216 \r
217 4 5 6 -4 -5 -6\r
218 \r
219 And vertically: julia [a; z]\r
220 \r
221 4×3 Array{Int64,2}:\r
222 \r
223 1 2 3\r
224 \r
225 4 5 6\r
226 \r
227 -1 -2 -3\r
228 \r
229 -4 -5 -6\r
230 \r
231 Julia has all the usual operators for handling arrays, and\r
232 [18]linear algebra functions that work with matrices (2D\r
233 arrays). The linear algebra functions are part of Julia's\r
234 standard library, but need to be imported with a command like\r
235 " using LinearAlgebra ", which is a detail omitted from the\r
236 current documentation. The functions include such things as\r
237 determinants, matrix inverses, eigenvalues and eigenvectors,\r
238 many kinds of matrix factorizations, etc. Julia has not\r
239 reinvented the wheel here, but wisely uses the [19]LAPACK\r
240 Fortran library of battle-tested linear algebra routines.\r
241 \r
242 The extension of arithmetic operators to arrays is usually\r
243 intuitive: julia a + z\r
244 \r
245 2×3 Array{Int64,2}:\r
246 \r
247 0 0 0\r
248 \r
249 0 0 0\r
250 \r
251 And the numerical prepending syntax works with arrays, too:\r
252 julia 3a + 4z\r
253 \r
254 2×3 Array{Int64,2}:\r
255 \r
256 -1 -2 -3\r
257 \r
258 -4 -5 -6\r
259 \r
260 Putting a multiplication operator between two matrices gets\r
261 you matrix multiplication: julia a * transpose(a)\r
262 \r
263 2×2 Array{Int64,2}:\r
264 \r
265 14 32\r
266 \r
267 32 77\r
268 \r
269 You can "broadcast" numbers to cover all the elements in an\r
270 array by prepending the usual arithmetic operators with a dot:\r
271 julia 1 .+ a\r
272 \r
273 2×3 Array{Int64,2}:\r
274 \r
275 2 3 4\r
276 \r
277 5 6 7\r
278 \r
279 Note that the language only actually requires the dot for some\r
280 operators, but not for others, such as "*" and "/". The\r
281 reasons for this are arcane, and it probably makes sense to be\r
282 consistent and use the dot whenever you intend broadcasting.\r
283 Note also that the current version of the official\r
284 documentation is incorrect in claiming that you may omit the\r
285 dot from "+" and "-"; in fact, this now gives an error.\r
286 \r
287 You can use the dot notation to turn any function into one\r
288 that operates on each element of an array: julia\r
289 round.(sin.([0, π/2, π, 3π/2, 2π]))\r
290 \r
291 5-element Array{Float64,1}:\r
292 \r
293 0.0\r
294 \r
295 1.0\r
296 \r
297 0.0\r
298 \r
299 -1.0\r
300 \r
301 -0.0\r
302 \r
303 The example above illustrates chaining two dotted functions\r
304 together. The Julia compiler turns expressions like this into\r
305 "fused" operations: instead of applying each function in turn\r
306 to create a new array that is passed to the next function, the\r
307 compiler combines the functions into a single compound\r
308 function that is applied once over the array, creating a\r
309 significant optimization.\r
310 \r
311 You can use this dot notation with any function, including\r
312 your own, to turn it into a version that operates element-wise\r
313 over arrays.\r
314 \r
315 Dictionaries (associative arrays) can be defined with several\r
316 syntaxes. Here's one: julia d1 = Dict("A"=1, "B"=2)\r
317 \r
318 Dict{String,Int64} with 2 entries:\r
319 \r
320 "B" = 2\r
321 \r
322 "A" = 1\r
323 \r
324 You may have noticed that the code snippets so far have not\r
325 included any type declarations. Every value in Julia has a\r
326 type, but the compiler will infer types if they are not\r
327 specified. It is generally not necessary to declare types for\r
328 performance, but type declarations sometimes serve other\r
329 purposes, that we'll return to later. Julia has a deep and\r
330 sophisticated type system, including user-defined types and\r
331 C-like structs. Types can have behaviors associated with them,\r
332 and can inherit behaviors from other types. The best thing\r
333 about Julia's type system is that you can ignore it entirely,\r
334 use just a few pieces of it, or spend weeks studying its\r
335 design.\r
336 \r
337 Control flow\r
338 \r
339 Julia code is organized in blocks, which can indicate control\r
340 flow, function definitions, and other code units. Blocks are\r
341 terminated with the end keyword, and indentation is not\r
342 significant. Statements are separated either with newlines or\r
343 semicolons.\r
344 \r
345 Julia has the typical control flow constructs; here is a while\r
346 block: julia i = 1;\r
347 \r
348 julia while i 5\r
349 \r
350 print(i)\r
351 \r
352 global i = i + 1\r
353 \r
354 end\r
355 \r
356 1234\r
357 \r
358 Notice the global keyword. Most blocks in Julia introduce a\r
359 local scope for variables; without this keyword here, we would\r
360 get an error about an undefined variable.\r
361 \r
362 Julia has the usual if statements and for loops that use the\r
363 same iterators that we introduced above for array indexing. We\r
364 can also iterate over collections: julia for i ∈ ['a', 'b',\r
365 'c']\r
366 \r
367 println(i)\r
368 \r
369 end\r
370 \r
371 a\r
372 \r
373 b\r
374 \r
375 c\r
376 \r
377 In place of the fancy math symbol in this for loop, we can use\r
378 " = " or " in ". If you want to use the math symbol but have\r
379 no convenient way to type it, the REPL will help you: type "\r
380 \in " and the TAB key, and the symbol appears; you can type\r
381 many [20]LaTeX expressions into the REPL in this way.\r
382 \r
383 Development of Julia\r
384 \r
385 The language is developed on GitHub, with over 700\r
386 contributors. The Julia team mentioned in their email to us\r
387 that the decision to use GitHub has been particularly good for\r
388 Julia, as it streamlined the process for many of their\r
389 contributors, who are scientists or domain experts in various\r
390 fields, rather than professional software developers.\r
391 \r
392 The creators of Julia have [21]published [PDF] a detailed\r
393 “mission statement” for the language, describing their aims\r
394 and motivations. A key issue that they wanted their language\r
395 to solve is what they called the "two-language problem." This\r
396 situation is familiar to anyone who has used Python or another\r
397 dynamic language on a demanding numerical problem. To get good\r
398 performance, you will wind up rewriting the numerically\r
399 intensive parts of the program in C or Fortran, dealing with\r
400 the interface between the two languages, and may still be\r
401 disappointed in the overhead presented by calling the foreign\r
402 routines from your original code.\r
403 \r
404 For Python, [22]NumPy and SciPy wrap many numerical routines,\r
405 written in Fortran or C, for efficient use from that language,\r
406 but you can only take advantage of this if your calculation\r
407 fits the pattern of an available routine; in more general\r
408 cases, where you will have to write a loop over your data, you\r
409 are stuck with Python's native performance, which is orders of\r
410 magnitude slower. If you switch to an alternative, faster\r
411 implementation of Python, such as [23]PyPy , the numerical\r
412 libraries may not be compatible; NumPy became available for\r
413 PyPy only within about the past year.\r
414 \r
415 Julia solves the two-language problem by being as expressive\r
416 and simple to program in as a dynamic scripting language,\r
417 while having the native performance of a static, compiled\r
418 language. There is no need to write numerical libraries in a\r
419 second language, but C or Fortran library routines can be\r
420 called using a facility that Julia has built-in. Other\r
421 languages, such as [24]Python or [25]R , can also interoperate\r
422 easily with Julia using external packages.\r
423 \r
424 Documentation\r
425 \r
426 There are many resources to turn to to learn the language.\r
427 There is an extensive and detailed [26]manual at Julia\r
428 headquarters, and this may be a good place to start. However,\r
429 although the first few chapters provide a gentle introduction,\r
430 the material soon becomes dense and, at times, hard to follow,\r
431 with references to concepts that are not explained until later\r
432 chapters. Fortunately, there is a [27]"learning" link at the\r
433 top of the Julia home page, which takes you to a long list of\r
434 videos, tutorials, books, articles, and classes both about\r
435 Julia and that use Julia in teaching subjects such a numerical\r
436 analysis. There is also a fairly good [28]cheat-sheet [PDF] ,\r
437 which was just updated for v. 1.0.\r
438 \r
439 If you're coming from Python, [29]this list of noteworthy\r
440 differences between Python and Julia syntax will probably be\r
441 useful.\r
442 \r
443 Some of the linked tutorials are in the form of [30]Jupyter\r
444 notebooks — indeed, the name "Jupyter" is formed from "Julia",\r
445 "Python", and "R", which are the three original languages\r
446 supported by the interface. The [31]Julia kernel for Jupyter\r
447 was recently upgraded to support v. 1.0. Judicious sampling of\r
448 a variety of documentation sources, combined with liberal\r
449 experimentation, may be the best way of learning the language.\r
450 Jupyter makes this experimentation more inviting for those who\r
451 enjoy the web-based interface, but the REPL that comes with\r
452 Julia helps a great deal in this regard by providing, for\r
453 instance, TAB completion and an extensive help system invoked\r
454 by simply pressing the "?" key.\r
455 \r
456 Stay tuned\r
457 \r
458 The [32]next installment in this two-part series will explain\r
459 how Julia is organized around the concept of "multiple\r
460 dispatch". You will learn how to create functions and make\r
461 elementary use of Julia's type system. We'll see how to\r
462 install packages and use modules, and how to make graphs.\r
463 Finally, Part 2 will briefly survey the important topics of\r
464 macros and distributed computing.\r
465 \r
466 [33]Comments (80 posted)\r
467 \r
468 [34]C considered dangerous\r
469 \r
470 By Jake Edge\r
471 \r
472 August 29, 2018\r
473 \r
474 [35]LSS NA\r
475 \r
476 At the North America edition of the [36]2018 Linux Security\r
477 Summit (LSS NA), which was held in late August in Vancouver,\r
478 Canada, Kees Cook gave a presentation on some of the dangers\r
479 that come with programs written in C. In particular, of\r
480 course, the Linux kernel is mostly written in C, which means\r
481 that the security of our systems rests on a somewhat dangerous\r
482 foundation. But there are things that can be done to help firm\r
483 things up by " Making C Less Dangerous " as the title of his\r
484 talk suggested.\r
485 \r
486 He began with a brief summary of the work that he and others\r
487 are doing as part of the [37]Kernel Self Protection Project\r
488 (KSPP). The goal of the project is to get kernel protections\r
489 merged into the mainline. These protections are not targeted\r
490 at protecting user-space processes from other (possibly rogue)\r
491 processes, but are, instead, focused on protecting the kernel\r
492 from user-space code. There are around 12 organizations and\r
493 ten individuals working on roughly 20 different technologies\r
494 as part of the KSPP, he said. The progress has been "slow and\r
495 steady", he said, which is how he thinks it should go. [38]\r
496 \r
497 One of the main problems is that C is treated mostly like a\r
498 fancy assembler. The kernel developers do this because they\r
499 want the kernel to be as fast and as small as possible. There\r
500 are other reasons, too, such as the need to do\r
501 architecture-specific tasks that lack a C API (e.g. setting up\r
502 page tables, switching to 64-bit mode).\r
503 \r
504 But there is lots of undefined behavior in C. This\r
505 "operational baggage" can lead to various problems. In\r
506 addition, C has a weak standard library with multiple utility\r
507 functions that have various pitfalls. In C, the content of\r
508 uninitialized automatic variables is undefined, but in the\r
509 machine code that it gets translated to, the value is whatever\r
510 happened to be in that memory location before. In C, a\r
511 function pointer can be called even if the type of the pointer\r
512 does not match the type of the function being called—assembly\r
513 doesn't care, it just jumps to a location, he said.\r
514 \r
515 The APIs in the standard library are also bad in many cases.\r
516 He asked: why is there no argument to memcpy() to specify the\r
517 maximum destination length? He noted a recent [39]blog post\r
518 from Raph Levien entitled "With Undefined Behavior, Anything\r
519 is Possible". That obviously resonated with Cook, as he\r
520 pointed out his T-shirt—with the title and artwork from the\r
521 post.\r
522 \r
523 Less danger\r
524 \r
525 He then moved on to some things that kernel developers can do\r
526 (and are doing) to get away from some of the dangers of C. He\r
527 began with variable-length arrays (VLAs), which can be used to\r
528 overflow the stack to access data outside of its region. Even\r
529 if the stack has a guard page, VLAs can be used to jump past\r
530 it to write into other memory, which can then be used by some\r
531 other kind of attack. The C language is "perfectly fine with\r
532 this". It is easy to find uses of VLAs with the -Wvla flag,\r
533 however.\r
534 \r
535 But it turns out that VLAs are [40]not just bad from a\r
536 security perspective , they are also slow. In a\r
537 micro-benchmark associated with a [41]patch removing a VLA , a\r
538 13% performance boost came from using a fixed-size array. He\r
539 dug in a bit further and found that much more code is being\r
540 generated to handle a VLA, which explains the speed increase.\r
541 Since Linus Torvalds has [42]declared that VLAs should be\r
542 removed from the kernel because they cause security problems\r
543 and also slow the kernel down; Cook said "don't use VLAs".\r
544 \r
545 Another problem area is switch statements, in particular where\r
546 there is no break for a case . That could mean that the\r
547 programmer expects and wants to fall through to the next case\r
548 or it could be that the break was simply forgotten. There is a\r
549 way to get a warning from the compiler for fall-throughs, but\r
550 there needs to be a way to mark those that are truly meant to\r
551 be that way. A special fall-through "statement" in the form of\r
552 a comment is what has been agreed on within the\r
553 static-analysis community. He and others have been going\r
554 through each of the places where there is no break to add\r
555 these comments (or a break ); they have "found a lot of bugs\r
556 this way", he said.\r
557 \r
558 Uninitialized local variables will generate a warning, but not\r
559 if the variable is passed in by reference. There are some GCC\r
560 plugins that will automatically initialize these variables,\r
561 but there are also patches for both GCC and Clang to provide a\r
562 compiler option to do so. Neither of those is upstream yet,\r
563 but Torvalds has praised the effort so the kernel would likely\r
564 use the option. An interesting side effect that came about\r
565 while investigating this was a warning he got about\r
566 unreachable code when he enabled the auto-initialization.\r
567 There were two variables declared just after a switch (and\r
568 outside of any case ), where they would never be reached.\r
569 \r
570 Arithmetic overflow is another undefined behavior in C that\r
571 can cause various problems. GCC can check for signed overflow,\r
572 which performs well (the overhead is in the noise, he said),\r
573 but adding warning messages for it does grow the kernel by 6%;\r
574 making the overflow abort, instead, only adds 0.1%. Clang can\r
575 check for both signed and unsigned overflow; signed overflow\r
576 is undefined, while unsigned overflow is defined, but often\r
577 unexpected. Marking places where unsigned overflow is expected\r
578 is needed; it would be nice to get those annotations put into\r
579 the kernel, Cook said.\r
580 \r
581 Explicit bounds checking is expensive. Doing it for\r
582 copy_{to,from}_user() is a less than 1% performance hit, but\r
583 adding it to the strcpy() and memcpy() families are around a\r
584 2% hit. Pre-Meltdown that would have been a totally impossible\r
585 performance regression for security, he said; post-Meltdown,\r
586 since it is less than 5%, maybe there is a chance to add this\r
587 checking.\r
588 \r
589 Better APIs would help as well. He pointed to the evolution of\r
590 strcpy() , through str n cpy() and str l cpy() (each with\r
591 their own bounds flaws) to str s cpy() , which seems to be "OK\r
592 so far". He also mentioned memcpy() again as a poor API with\r
593 respect to bounds checking.\r
594 \r
595 Hardware support for bounds checking is available in the\r
596 application data integrity (ADI) feature for SPARC and is\r
597 coming for Arm; it may also be available for Intel processors\r
598 at some point. These all use a form of "memory tagging", where\r
599 allocations get a tag that is stored in the high-order byte of\r
600 the address. An offset from the address can be checked by the\r
601 hardware to see if it still falls within the allocated region\r
602 based on the tag.\r
603 \r
604 Control-flow integrity (CFI) has become more of an issue\r
605 lately because much of what attackers had used in the past has\r
606 been marked as "no execute" so they are turning to using\r
607 existing code "gadgets" already present in the kernel by\r
608 hijacking existing indirect function calls. In C, you can just\r
609 call pointers without regard to the type as it just treats\r
610 them as an address to jump to. Clang has a CFI-sanitize\r
611 feature that enforces the function prototype to restrict the\r
612 calls that can be made. It is done at runtime and is not\r
613 perfect, in part because there are lots of functions in the\r
614 kernel that take one unsigned long parameter and return an\r
615 unsigned long.\r
616 \r
617 Attacks on CFI have both a "forward edge", which is what CFI\r
618 sanitize tries to handle, and a "backward edge" that comes\r
619 from manipulating the stack values, the return address in\r
620 particular. Clang has two methods available to prevent the\r
621 stack manipulation. The first is the "safe stack", which puts\r
622 various important items (e.g. "safe" variables, register\r
623 spills, and the return address) on a separate stack.\r
624 Alternatively, the "shadow stack" feature creates a separate\r
625 stack just for return addresses.\r
626 \r
627 One problem with these other stacks is that they are still\r
628 writable, so if an attacker can find them in memory, they can\r
629 still perform their attacks. Hardware-based protections, like\r
630 Intel's Control-Flow Enforcement Technology (CET),\r
631 [43]provides a read-only shadow call stack for return\r
632 addresses. Another hardware protection is [44]pointer\r
633 authentication for Arm, which adds a kind of encrypted tag to\r
634 the return address that can be verified before it is used.\r
635 \r
636 Status and challenges\r
637 \r
638 Cook then went through the current status of handling these\r
639 different problems in the kernel. VLAs are almost completely\r
640 gone, he said, just a few remain in the crypto subsystem; he\r
641 hopes those VLAs will be gone by 4.20 (or whatever the number\r
642 of the next kernel release turns out to be). Once that\r
643 happens, he plans to turn on -Wvla for the kernel build so\r
644 that none creep back in.\r
645 \r
646 There has been steady progress made on marking fall-through\r
647 cases in switch statements. Only 745 remain to be handled of\r
648 the 2311 that existed when this work started; each one\r
649 requires scrutiny to determine what the author's intent is.\r
650 Auto-initialized local variables can be done using compiler\r
651 plugins, but that is "not quite what we want", he said. More\r
652 compiler support would be helpful there. For arithmetic\r
653 overflow, it would be nice to see GCC get support for the\r
654 unsigned case, but memory allocations are now doing explicit\r
655 overflow checking at this point.\r
656 \r
657 Bounds checking has seen some "crying about performance hits",\r
658 so we are waiting impatiently for hardware support, he said.\r
659 CFI forward-edge protection needs [45]link-time optimization\r
660 (LTO) support for Clang in the kernel, but it is currently\r
661 working on Android. For backward-edge mitigation, the Clang\r
662 shadow call stack is working on Android, but we are\r
663 impatiently waiting for hardware support for that too.\r
664 \r
665 There are a number of challenges in doing security development\r
666 for the kernel, Cook said. There are cultural boundaries due\r
667 to conservatism within the kernel community; that requires\r
668 patiently working and reworking features in order to get them\r
669 upstream. There are, of course, technical challenges because\r
670 of the complexity of security changes; those kinds of problems\r
671 can be solved. There are also resource limitations in terms of\r
672 developers, testers, reviewers, and so on. KSPP and the other\r
673 kernel security developers are still making that "slow but\r
674 steady" progress.\r
675 \r
676 Cook's [46]slides [PDF] are available for interested readers;\r
677 before long, there should be a video available of the talk as\r
678 well.\r
679 \r
680 [I would like to thank LWN's travel sponsor, the Linux\r
681 Foundation, for travel assistance to attend the Linux Security\r
682 Summit in Vancouver.]\r
683 \r
684 [47]Comments (70 posted)\r
685 \r
686 [48]The second half of the 4.19 merge window\r
687 \r
688 By Jonathan Corbet\r
689 \r
690 August 26, 2018 By the time Linus Torvalds [49]released\r
691 4.19-rc1 and closed the merge window for this development\r
692 cycle, 12,317 non-merge changesets had found their way into\r
693 the mainline; about 4,800 of those landed after [50]last\r
694 week's summary was written. As tends to be the case late in\r
695 the merge window, many of those changes were fixes for the\r
696 bigger patches that went in early, but there were also a\r
697 number of new features added. Some of the more significant\r
698 changes include:\r
699 \r
700 Core kernel\r
701 \r
702 The full set of patches adding [51]control-group awareness to\r
703 the out-of-memory killer has not been merged due to ongoing\r
704 disagreements, but one piece of it has: there is a new\r
705 memory.oom.group control knob that will cause all processes\r
706 within a control group to be killed in an out-of-memory\r
707 situation.\r
708 \r
709 A new set of protections has been added to prevent an attacker\r
710 from fooling a program into writing to an existing file or\r
711 FIFO. An open with the O_CREAT flag to a file or FIFO in a\r
712 world-writable, sticky directory (e.g. /tmp ) will fail if the\r
713 owner of the opening process is not the owner of either the\r
714 target file or the containing directory. This behavior,\r
715 disabled by default, is controlled by the new\r
716 protected_regular and protected_fifos sysctl knobs.\r
717 \r
718 Filesystems and block layer\r
719 \r
720 The dm-integrity device-mapper target can now use a separate\r
721 device for metadata storage.\r
722 \r
723 EROFS, the "enhanced read-only filesystem", has been added to\r
724 the staging tree. It is " a lightweight read-only file system\r
725 with modern designs (eg. page-sized blocks, inline\r
726 xattrs/data, etc.) for scenarios which need high-performance\r
727 read-only requirements, eg. firmwares in mobile phone or\r
728 LIVECDs "\r
729 \r
730 The new "metadata copy-up" feature in overlayfs will avoid\r
731 copying a file's contents to the upper layer on a\r
732 metadata-only change. See [52]this commit for details.\r
733 \r
734 Hardware support\r
735 \r
736 Graphics : Qualcomm Adreno A6xx GPUs.\r
737 \r
738 Industrial I/O : Spreadtrum SC27xx series PMIC\r
739 analog-to-digital converters, Analog Devices AD5758\r
740 digital-to-analog converters, Intersil ISL29501 time-of-flight\r
741 sensors, Silicon Labs SI1133 UV index/ambient light sensor\r
742 chips, and Bosch Sensortec BME680 sensors.\r
743 \r
744 Miscellaneous : Generic ADC-based resistive touchscreens,\r
745 Generic ASIC devices via the Google [53]Gasket framework ,\r
746 Analog Devices ADGS1408/ADGS1409 multiplexers, Actions Semi\r
747 Owl SoCs DMA controllers, MEN 16Z069 watchdog timers, Rohm\r
748 BU21029 touchscreen controllers, Cirrus Logic CS47L35,\r
749 CS47L85, CS47L90, and CS47L91 codecs, Cougar 500k gaming\r
750 keyboards, Qualcomm GENI-based I2C controllers, Actions\r
751 Semiconductor Owl I2C controllers, ChromeOS EC-based USBPD\r
752 chargers, and Analog Devices ADP5061 battery chargers.\r
753 \r
754 USB : Nuvoton NPCM7XX on-chip EHCI USB controllers, Broadcom\r
755 Stingray PCIe PHYs, and Renesas R-Car generation 3 PCIe PHYs.\r
756 \r
757 There is also a new subsystem for the abstraction of GNSS\r
758 (global navigation satellite systems — GPS, for example)\r
759 receivers in the kernel. To date, such devices have been\r
760 handled with an abundance of user-space drivers; the hope is\r
761 to bring some order in this area. Support for u-blox and\r
762 SiRFstar receivers has been added as well.\r
763 \r
764 Kernel internal\r
765 \r
766 The __deprecated marker, used to mark interfaces that should\r
767 no longer be used, has been deprecated and removed from the\r
768 kernel entirely. [54]Torvalds said : " They are not useful.\r
769 They annoy everybody, and nobody ever does anything about\r
770 them, because it's always 'somebody elses problem'. And when\r
771 people start thinking that warnings are normal, they stop\r
772 looking at them, and the real warnings that mean something go\r
773 unnoticed. "\r
774 \r
775 The minimum version of GCC required by the kernel has been\r
776 moved up to 4.6.\r
777 \r
778 There are a couple of significant changes that failed to get\r
779 in this time around, including the [55]XArray data structure.\r
780 The patches are thought to be ready, but they had the bad luck\r
781 to be based on a tree that failed to be merged for other\r
782 reasons, so Torvalds [56]didn't even look at them . That, in\r
783 turn, blocks another set of patches intended to enable\r
784 migration of slab-allocated objects.\r
785 \r
786 The other big deferral is the [57]new system-call API for\r
787 filesystem mounting . Despite ongoing [58]concerns about what\r
788 happens when the same low-level device is mounted multiple\r
789 times with conflicting options, Al Viro sent [59]a pull\r
790 request to send this work upstream. The ensuing discussion\r
791 made it clear that there is still not a consensus in this\r
792 area, though, so it seems that this work has to wait for\r
793 another cycle.\r
794 \r
795 Assuming all goes well, the kernel will stabilize over the\r
796 coming weeks and the final 4.19 release will happen in\r
797 mid-October.\r
798 \r
799 [60]Comments (1 posted)\r
800 \r
801 [61]Measuring (and fixing) I/O-controller throughput loss\r
802 \r
803 August 29, 2018\r
804 \r
805 This article was contributed by Paolo Valente\r
806 \r
807 Many services, from web hosting and video streaming to cloud\r
808 storage, need to move data to and from storage. They also\r
809 often require that each per-client I/O flow be guaranteed a\r
810 non-zero amount of bandwidth and a bounded latency. An\r
811 expensive way to provide these guarantees is to over-provision\r
812 storage resources, keeping each resource underutilized, and\r
813 thus have plenty of bandwidth available for the few I/O flows\r
814 dispatched to each medium. Alternatively one can use an I/O\r
815 controller. Linux provides two mechanisms designed to throttle\r
816 some I/O streams to allow others to meet their bandwidth and\r
817 latency requirements. These mechanisms work, but they come at\r
818 a cost: a loss of as much as 80% of total available I/O\r
819 bandwidth. I have run some tests to demonstrate this problem;\r
820 some upcoming improvements to the [62]bfq I/O scheduler\r
821 promise to improve the situation considerably.\r
822 \r
823 Throttling does guarantee control, even on drives that happen\r
824 to be highly utilized but, as will be seen, it has a hard time\r
825 actually ensuring that drives are highly utilized. Even with\r
826 greedy I/O flows, throttling easily ends up utilizing as\r
827 little as 20% of the available speed of a flash-based drive.\r
828 Such a speed loss may be particularly problematic with\r
829 lower-end storage. On the opposite end, it is also\r
830 disappointing with high-end hardware, as the Linux block I/O\r
831 stack itself has been [63]redesigned from the ground up to\r
832 fully utilize the high speed of modern, fast storage. In\r
833 addition, throttling fails to guarantee the expected\r
834 bandwidths if I/O contains both reads and writes, or is\r
835 sporadic in nature.\r
836 \r
837 On the bright side, there now seems to be an effective\r
838 alternative for controlling I/O: the proportional-share policy\r
839 provided by the bfq I/O scheduler. It enables nearly 100%\r
840 storage bandwidth utilization, at least with some of the\r
841 workloads that are problematic for throttling. An upcoming\r
842 version of bfq may be able to achieve this result with almost\r
843 all workloads. Finally, bfq guarantees bandwidths with all\r
844 workloads. The current limitation of bfq is that its execution\r
845 overhead becomes significant at speeds above 400,000 I/O\r
846 operations per second on commodity CPUs.\r
847 \r
848 Using the bfq I/O scheduler, Linux can now guarantee low\r
849 latency to lightweight flows containing sporadic, short I/O.\r
850 No throughput issues arise, and no configuration is required.\r
851 This capability benefits important, time-sensitive tasks, such\r
852 as video or audio streaming, as well as executing commands or\r
853 starting applications. Although benchmarks are not available\r
854 yet, these guarantees might also be provided by the newly\r
855 proposed [64]I/O latency controller . It allows administrators\r
856 to set target latencies for I/O requests originating from each\r
857 group of processes, and favors the groups with the lowest\r
858 target latency.\r
859 \r
860 The testbed\r
861 \r
862 I ran the tests with an ext4 filesystem mounted on a PLEXTOR\r
863 PX-256M5S SSD, which features a peak rate of ~160MB/s with\r
864 random I/O, and of ~500MB/s with sequential I/O. I used\r
865 blk-mq, in Linux 4.18. The system was equipped with a 2.4GHz\r
866 Intel Core i7-2760QM CPU and 1.3GHz DDR3 DRAM. In such a\r
867 system, a single thread doing synchronous reads reaches a\r
868 throughput of 23MB/s.\r
869 \r
870 For the purposes of these tests, each process is considered to\r
871 be in one of two groups, termed "target" and "interferers". A\r
872 target is a single-process, I/O-bound group whose I/O is\r
873 focused on. In particular, I measure the I/O throughput\r
874 enjoyed by this group to get the minimum bandwidth delivered\r
875 to the group. An interferer is single-process group whose role\r
876 is to generate additional I/O that interferes with the I/O of\r
877 the target. The tested workloads contain one target and\r
878 multiple interferers.\r
879 \r
880 The single process in each group either reads or writes,\r
881 through asynchronous (buffered) operations, to one file —\r
882 different from the file read or written by any other process —\r
883 after invalidating the buffer cache for the file. I define a\r
884 reader or writer process as either "random" or "sequential",\r
885 depending on whether it reads or writes its file at random\r
886 positions or sequentially. Finally, an interferer is defined\r
887 as being either "active" or "inactive" depending on whether it\r
888 performs I/O during the test. When an interferer is mentioned,\r
889 it is assumed that the interferer is active.\r
890 \r
891 Workloads are defined so as to try to cover the combinations\r
892 that, I believe, most influence the performance of the storage\r
893 device and of the I/O policies. For brevity, in this article I\r
894 show results for only two groups of workloads:\r
895 \r
896 Static sequential : four synchronous sequential readers or\r
897 four asynchronous sequential writers, plus five inactive\r
898 interferers.\r
899 \r
900 Static random : four synchronous random readers, all with a\r
901 block size equal to 4k, plus five inactive interferers.\r
902 \r
903 To create each workload, I considered, for each mix of\r
904 interferers in the group, two possibilities for the target: it\r
905 could be either a random or a sequential synchronous reader.\r
906 In [65]a longer version of this article [PDF] , you will also\r
907 find results for workloads with varying degrees of I/O\r
908 randomness, and for dynamic workloads (containing sporadic I/O\r
909 sources). These extra results confirm the losses of throughput\r
910 and I/O control for throttling that are shown here.\r
911 \r
912 I/O policies\r
913 \r
914 Linux provides two I/O-control mechanisms for guaranteeing (a\r
915 minimum) bandwidth, or at least fairness, to long-lived flows:\r
916 the throttling and proportional-share I/O policies. With\r
917 throttling, one can set a maximum bandwidth limit — "max\r
918 limit" for brevity — for the I/O of each group. Max limits can\r
919 be used, in an indirect way, to provide the service guarantee\r
920 at the focus of this article. For example, to guarantee\r
921 minimum bandwidths to I/O flows, a group can be guaranteed a\r
922 minimum bandwidth by limiting the maximum bandwidth of all the\r
923 other groups.\r
924 \r
925 Unfortunately, max limits have two drawbacks in terms of\r
926 throughput. First, if some groups do not use their allocated\r
927 bandwidth, that bandwidth cannot be reclaimed by other active\r
928 groups. Second, limits must comply with the worst-case speed\r
929 of the device, namely, its random-I/O peak rate. Such limits\r
930 will clearly leave a lot of throughput unused with workloads\r
931 that otherwise would drive the device to higher throughput\r
932 levels. Maximizing throughput is simply not a goal of max\r
933 limits. So, for brevity, test results with max limits are not\r
934 shown here. You can find these results, plus a more detailed\r
935 description of the above drawbacks, in the long version of\r
936 this article.\r
937 \r
938 Because of these drawbacks, a new, still experimental, low\r
939 limit has been added to the throttling policy. If a group is\r
940 assigned a low limit, then the throttling policy automatically\r
941 limits the I/O of the other groups in such a way to guarantee\r
942 to the group a minimum bandwidth equal to its assigned low\r
943 limit. This new throttling mechanism throttles no group as\r
944 long as every group is getting at least its assigned minimum\r
945 bandwidth. I tested this mechanism, but did not consider the\r
946 interesting problem of guaranteeing minimum bandwidths while,\r
947 at the same time, enforcing maximum bandwidths.\r
948 \r
949 The other I/O policy available in Linux, proportional share,\r
950 provides weighted fairness. Each group is assigned a weight,\r
951 and should receive a portion of the total throughput\r
952 proportional to its weight. This scheme guarantees minimum\r
953 bandwidths in the same way that low limits do in throttling.\r
954 In particular, it guarantees to each group a minimum bandwidth\r
955 equal to the ratio between the weight of the group, and the\r
956 sum of the weights of all the groups that may be active at the\r
957 same time.\r
958 \r
959 The actual implementation of the proportional-share policy, on\r
960 a given drive, depends on what flavor of the block layer is in\r
961 use for that drive. If the drive is using the legacy block\r
962 interface, the policy is implemented by the cfq I/O scheduler.\r
963 Unfortunately, cfq fails to control bandwidths with\r
964 flash-based storage, especially on drives featuring command\r
965 queueing. This case is not considered in these tests. With\r
966 drives using the multiqueue interface, proportional share is\r
967 implemented by bfq. This is the combination considered in the\r
968 tests.\r
969 \r
970 To benchmark both throttling (low limits) and proportional\r
971 share, I tested, for each workload, the combinations of I/O\r
972 policies and I/O schedulers reported in the table below. In\r
973 the end, there are three test cases for each workload. In\r
974 addition, for some workloads, I considered two versions of bfq\r
975 for the proportional-share policy.\r
976 \r
977 Name\r
978 \r
979 I/O policy\r
980 \r
981 Scheduler\r
982 \r
983 Parameter for target\r
984 \r
985 Parameter for each of the four active interferers\r
986 \r
987 Parameter for each of the five inactive interferers\r
988 \r
989 Sum of parameters\r
990 \r
991 low-none\r
992 \r
993 Throttling with low limits\r
994 \r
995 none\r
996 \r
997 10MB/s\r
998 \r
999 10MB/s (tot: 40)\r
1000 \r
1001 20MB/s (tot: 100)\r
1002 \r
1003 150MB/s\r
1004 \r
1005 prop-bfq\r
1006 \r
1007 Proportional share\r
1008 \r
1009 bfq\r
1010 \r
1011 300\r
1012 \r
1013 100 (tot: 400)\r
1014 \r
1015 200 (tot: 1000)\r
1016 \r
1017 1700\r
1018 \r
1019 For low limits, I report results with only none as the I/O\r
1020 scheduler, because the results are the same with kyber and\r
1021 mq-deadline.\r
1022 \r
1023 The capabilities of the storage medium and of low limits drove\r
1024 the policy configurations. In particular:\r
1025 \r
1026 The configuration of the target and of the active interferers\r
1027 for low-none is the one for which low-none provides its best\r
1028 possible minimum-bandwidth guarantee to the target: 10MB/s,\r
1029 guaranteed if all interferers are readers. Results remain the\r
1030 same regardless of the values used for target latency and idle\r
1031 time; I set them to 100µs and 1000µs, respectively, for every\r
1032 group.\r
1033 \r
1034 Low limits for inactive interferers are set to twice the\r
1035 limits for active interferers, to pose greater difficulties to\r
1036 the policy.\r
1037 \r
1038 I chose weights for prop-bfq so as to guarantee about the same\r
1039 minimum bandwidth as low-none to the target, in the same\r
1040 only-reader worst case as for low-none and to preserve,\r
1041 between the weights of active and inactive interferers, the\r
1042 same ratio as between the low limits of active and inactive\r
1043 interferers.\r
1044 \r
1045 Full details on configurations can be found in the long\r
1046 version of this article.\r
1047 \r
1048 Each workload was run ten times for each policy, plus ten\r
1049 times without any I/O control, i.e., with none as I/O\r
1050 scheduler and no I/O policy in use. For each run, I measured\r
1051 the I/O throughput of the target (which reveals the bandwidth\r
1052 provided to the target), the cumulative I/O throughput of the\r
1053 interferers, and the total I/O throughput. These quantities\r
1054 fluctuated very little during each run, as well as across\r
1055 different runs. Thus in the graphs I report only averages over\r
1056 per-run average throughputs. In particular, for the case of no\r
1057 I/O control, I report only the total I/O throughput, to give\r
1058 an idea of the throughput that can be reached without imposing\r
1059 any control.\r
1060 \r
1061 Results\r
1062 \r
1063 This plot shows throughput results for the simplest group of\r
1064 workloads: the static-sequential set.\r
1065 \r
1066 With a random reader as the target against sequential readers\r
1067 as interferers, low-none does guarantee the configured low\r
1068 limit to the target. Yet it reaches only a low total\r
1069 throughput. The throughput of the random reader evidently\r
1070 oscillates around 10MB/s during the test. This implies that it\r
1071 is at least slightly below 10MB/s for a significant percentage\r
1072 of the time. But when this happens, the low-limit mechanism\r
1073 limits the maximum bandwidth of every active group to the low\r
1074 limit set for the group, i.e., to just 10MB/s. The end result\r
1075 is a total throughput lower than 10% of the throughput reached\r
1076 without I/O control.\r
1077 \r
1078 That said, the high throughput achieved without I/O control is\r
1079 obtained by choking the random I/O of the target in favor of\r
1080 the sequential I/O of the interferers. Thus, it is probably\r
1081 more interesting to compare low-none throughput with the\r
1082 throughput reachable while actually guaranteeing 10MB/s to the\r
1083 target. The target is a single, synchronous, random reader,\r
1084 which reaches 23MB/s while active. So, to guarantee 10MB/s to\r
1085 the target, it is enough to serve it for about half of the\r
1086 time, and the interferers for the other half. Since the device\r
1087 reaches ~500MB/s with the sequential I/O of the interferers,\r
1088 the resulting throughput with this service scheme would be\r
1089 (500+23)/2, or about 260MB/s. low-none thus reaches less than\r
1090 20% of the total throughput that could be reached while still\r
1091 preserving the target bandwidth.\r
1092 \r
1093 prop-bfq provides the target with a slightly higher throughput\r
1094 than low-none. This makes it harder for prop-bfq to reach a\r
1095 high total throughput, because prop-bfq serves more random I/O\r
1096 (from the target) than low-none. Nevertheless, prop-bfq gets a\r
1097 much higher total throughput than low-none. According to the\r
1098 above estimate, this throughput is about 90% of the maximum\r
1099 throughput that could be reached, for this workload, without\r
1100 violating service guarantees. The reason for this good result\r
1101 is that bfq provides an effective implementation of the\r
1102 proportional-share service policy. At any time, each active\r
1103 group is granted a fraction of the current total throughput,\r
1104 and the sum of these fractions is equal to one; so group\r
1105 bandwidths naturally saturate the available total throughput\r
1106 at all times.\r
1107 \r
1108 Things change with the second workload: a random reader\r
1109 against sequential writers. Now low-none reaches a much higher\r
1110 total throughput than prop-bfq. low-none serves much more\r
1111 sequential (write) I/O than prop-bfq because writes somehow\r
1112 break the low-limit mechanisms and prevail over the reads of\r
1113 the target. Conceivably, this happens because writes tend to\r
1114 both starve reads in the OS (mainly by eating all available\r
1115 I/O tags) and to cheat on their completion time in the drive.\r
1116 In contrast, bfq is intentionally configured to privilege\r
1117 reads, to counter these issues.\r
1118 \r
1119 In particular, low-none gets an even higher throughput than no\r
1120 I/O control at all because it penalizes the random I/O of the\r
1121 target even more than the no-controller configuration.\r
1122 \r
1123 Finally, with the last two workloads, prop-bfq reaches even\r
1124 higher total throughput than with the first two. It happens\r
1125 because the target also does sequential I/O, and serving\r
1126 sequential I/O is much more beneficial for throughput than\r
1127 serving random I/O. With these two workloads, the total\r
1128 throughput is, respectively, close to or much higher than that\r
1129 reached without I/O control. For the last workload, the total\r
1130 throughput is much higher because, differently from none, bfq\r
1131 privileges reads over asynchronous writes, and reads yield a\r
1132 higher throughput than writes. In contrast, low-none still\r
1133 gets lower or much lower throughput than prop-bfq, because of\r
1134 the same issues that hinder low-none throughput with the first\r
1135 two workloads.\r
1136 \r
1137 As for bandwidth guarantees, with readers as interferers\r
1138 (third workload), prop-bfq, as expected, gives the target a\r
1139 fraction of the total throughput proportional to its weight.\r
1140 bfq approximates perfect proportional-share bandwidth\r
1141 distribution among groups doing I/O of the same type (reads or\r
1142 writes) and with the same locality (sequential or random).\r
1143 With the last workload, prop-bfq gives much more throughput to\r
1144 the reader than to all the interferers, because interferers\r
1145 are asynchronous writers, and bfq privileges reads.\r
1146 \r
1147 The second group of workloads (static random), is the one,\r
1148 among all the workloads considered, for which prop-bfq\r
1149 performs worst. Results are shown below:\r
1150 \r
1151 This chart reports results not only for mainline bfq, but also\r
1152 for an improved version of bfq which is currently under public\r
1153 testing. As can be seen, with only random readers, prop-bfq\r
1154 reaches a much lower total throughput than low-none. This\r
1155 happens because of the Achilles heel of the bfq I/O scheduler.\r
1156 If the process in service does synchronous I/O and has a\r
1157 higher weight than some other process, then, to give strong\r
1158 bandwidth guarantees to that process, bfq plugs I/O\r
1159 dispatching every time the process temporarily stops issuing\r
1160 I/O requests. In this respect, processes actually have\r
1161 differentiated weights and do synchronous I/O in the workloads\r
1162 tested. So bfq systematically performs I/O plugging for them.\r
1163 Unfortunately, this plugging empties the internal queues of\r
1164 the drive, which kills throughput with random I/O. And the I/O\r
1165 of all processes in these workloads is also random.\r
1166 \r
1167 The situation reverses with a sequential reader as target.\r
1168 Yet, the most interesting results come from the new version of\r
1169 bfq, containing small changes to counter exactly the above\r
1170 weakness. This version recovers most of the throughput loss\r
1171 with the workload made of only random I/O and more; with the\r
1172 second workload, where the target is a sequential reader, it\r
1173 reaches about 3.7 times the total throughput of low-none.\r
1174 \r
1175 When the main concern is the latency of flows containing short\r
1176 I/O, Linux seems now rather high performing, thanks to the bfq\r
1177 I/O scheduler and the I/O latency controller. But if the\r
1178 requirement is to provide explicit bandwidth guarantees (or\r
1179 just fairness) to I/O flows, then one must be ready to give up\r
1180 much or most of the speed of the storage media. bfq helps with\r
1181 some workloads, but loses most of the throughput with\r
1182 workloads consisting of mostly random I/O. Fortunately, there\r
1183 is apparently hope for much better performance since an\r
1184 improvement, still under development, seems to enable bfq to\r
1185 reach a high throughput with all workloads tested so far.\r
1186 \r
1187 [ I wish to thank Vivek Goyal for enabling me to make this\r
1188 article much more fair and sound.]\r
1189 \r
1190 [66]Comments (4 posted)\r
1191 \r
1192 [67]KDE's onboarding initiative, one year later\r
1193 \r
1194 August 24, 2018\r
1195 \r
1196 This article was contributed by Marta Rybczyńska\r
1197 \r
1198 [68]Akademy\r
1199 \r
1200 In 2017, the KDE community decided on [69]three goals to\r
1201 concentrate on for the next few years. One of them was\r
1202 [70]streamlining the onboarding of new contributors (the\r
1203 others were [71]improving usability and [72]privacy ). During\r
1204 [73]Akademy , the yearly KDE conference that was held in\r
1205 Vienna in August, Neofytos Kolokotronis shared the status of\r
1206 the onboarding goal, the work done during the last year, and\r
1207 further plans. While it is a complicated process in a project\r
1208 as big and diverse as KDE, numerous improvements have been\r
1209 already made.\r
1210 \r
1211 Two of the three KDE community goals were proposed by relative\r
1212 newcomers. Kolokotronis was one of those, having joined the\r
1213 [74]KDE Promo team not long before proposing the focus on\r
1214 onboarding. He had previously been involved with [75]Chakra\r
1215 Linux , a distribution based on KDE software. The fact that\r
1216 new members of the community proposed strategic goals was also\r
1217 noted in the [76]Sunday keynote by Claudia Garad .\r
1218 \r
1219 Proper onboarding adds excitement to the contribution process\r
1220 and increases retention, he explained. When we look at [77]the\r
1221 definition of onboarding , it is a process in which the new\r
1222 contributors acquire knowledge, skills, and behaviors so that\r
1223 they can contribute effectively. Kolokotronis proposed to see\r
1224 it also as socialization: integration into the project's\r
1225 relationships, culture, structure, and procedures.\r
1226 \r
1227 The gains from proper onboarding are many. The project can\r
1228 grow by attracting new blood with new perspectives and\r
1229 solutions. The community maintains its health and stays\r
1230 vibrant. Another important advantage of efficient onboarding\r
1231 is that replacing current contributors becomes easier when\r
1232 they change interests, jobs, or leave the project for whatever\r
1233 reason. Finally, successful onboarding adds new advocates to\r
1234 the project.\r
1235 \r
1236 Achievements so far and future plans\r
1237 \r
1238 The team started with ideas for a centralized onboarding\r
1239 process for the whole of KDE. They found out quickly that this\r
1240 would not work because KDE is "very decentralized", so it is\r
1241 hard to provide tools and procedures that are going to work\r
1242 for the whole project. According to Kolokotronis, other\r
1243 characteristics of KDE that impact onboarding are high\r
1244 diversity, remote and online teams, and hundreds of\r
1245 contributors in dozens of projects and teams. In addition, new\r
1246 contributors already know in which area they want to take part\r
1247 and they prefer specific information that will be directly\r
1248 useful for them.\r
1249 \r
1250 So the team changed its approach; several changes have since\r
1251 been proposed and implemented. The [78]Get Involved page,\r
1252 which is expected to be one of the resources new contributors\r
1253 read first, has been rewritten. For the [79]Junior Jobs page ,\r
1254 the team is [80] [81]discussing what the generic content for\r
1255 KDE as a whole should be. The team simplified [82]Phabricator\r
1256 registration , which resulted in documenting the process\r
1257 better. Another part of the work includes the [83]KDE Bugzilla\r
1258 ; it includes, for example initiatives to limit the number of\r
1259 states of a ticket or remove obsolete products.\r
1260 \r
1261 The [84]Plasma Mobile team is heavily involved in the\r
1262 onboarding goal. The Plasma Mobile developers have simplified\r
1263 their development environment setup and created an\r
1264 [85]interactive "Get Involved" page. In addition, the Plasma\r
1265 team changed the way task descriptions are written; they now\r
1266 contain more detail, so that it is easier to get involved. The\r
1267 basic description should be short and clear, and it should\r
1268 include details of the problem and possible solutions. The\r
1269 developers try to share the list of skills necessary to\r
1270 fulfill the tasks and include clear links to the technical\r
1271 resources needed.\r
1272 \r
1273 Kolokotronis and team also identified a new potential source\r
1274 of contributors for KDE: distributions using KDE. They have\r
1275 the advantage of already knowing and using the software. The\r
1276 next idea the team is working on is to make sure that setting\r
1277 up a development environment is easy. The team plans to work\r
1278 on this during a dedicated sprint this autumn.\r
1279 \r
1280 Searching for new contributors\r
1281 \r
1282 Kolokotronis plans to search for new contributors at the\r
1283 periphery of the project, among the "skilled enthusiasts":\r
1284 loyal users who actually care about the project. They "can\r
1285 make wonders", he said. Those individuals may be also less\r
1286 confident or shy, have troubles making the first step, and\r
1287 need guidance. The project leaders should take that into\r
1288 account.\r
1289 \r
1290 In addition, newcomers are all different. Kolokotronis\r
1291 provided a long list of how contributors differ, including\r
1292 skills and knowledge, motives and interests, and time and\r
1293 dedication. His advice is to "try to find their superpower",\r
1294 the skills they have that are missing in the team. Those\r
1295 "superpowers" can then be used for the benefit of the project.\r
1296 \r
1297 If a project does nothing else, he said, it can start with its\r
1298 documentation. However, this does not only mean code\r
1299 documentation. Writing down the procedures or information\r
1300 about the internal work of the project, like who is working on\r
1301 what, is an important part of a project's documentation and\r
1302 helps newcomers. There should be also guidelines on how to\r
1303 start, especially setting up the development environment.\r
1304 \r
1305 The first thing the project leaders should do, according to\r
1306 Kolokotronis, is to spend time on introducing newcomers to the\r
1307 project. Ideally every new contributor should be assigned\r
1308 mentors — more experienced members who can help them when\r
1309 needed. The mentors and project leaders should find tasks that\r
1310 are interesting for each person. Answering an audience\r
1311 question on suggestions for shy new contributors, he\r
1312 recommended even more mentoring. It is also very helpful to\r
1313 make sure that newcomers have enough to read, but "avoid\r
1314 RTFM", he highlighted. It is also easy for a new contributor\r
1315 "to fly away", he said. The solution is to keep requesting\r
1316 things and be proactive.\r
1317 \r
1318 What the project can do?\r
1319 \r
1320 Kolokotronis suggested a number of actions for a project when\r
1321 it wants to improve its onboarding. The first step is\r
1322 preparation: the project leaders should know the team's and\r
1323 the project's needs. Long-term planning is important, too. It\r
1324 is not enough to wait for contributors to come — the project\r
1325 should be proactive, which means reaching out to candidates,\r
1326 suggesting appropriate tasks and, finally, making people\r
1327 available for the newcomers if they need help.\r
1328 \r
1329 This leads to next step: to be a mentor. Kolokotronis suggests\r
1330 being a "great host", but also trying to phase out the\r
1331 dependency on the mentor rapidly. "We have been all\r
1332 newcomers", he said. It can be intimidating to join an\r
1333 existing group. Onboarding creates a sense of belonging which,\r
1334 in turn, increases retention.\r
1335 \r
1336 The last step proposed was to be strategic. This includes\r
1337 thinking about the emotions you want newcomers to feel.\r
1338 Kolokotronis explained the strategic part with an example. The\r
1339 overall goal is (surprise!) improve onboarding of new\r
1340 contributors. An intermediate objective might be to keep the\r
1341 newcomers after they have made their first commit. If your\r
1342 strategy is to keep them confident and proud, you can use\r
1343 different tactics like praise and acknowledgment of the work\r
1344 in public. Another useful tactic may be assigning simple\r
1345 tasks, according to the skill of the contributor.\r
1346 \r
1347 To summarize, the most important thing, according to\r
1348 Kolokotronis, is to respond quickly and spend time with new\r
1349 contributors. This time should be used to explain procedures,\r
1350 and to introduce the people and culture. It is also essential\r
1351 to guide first contributions and praise contributor's skill\r
1352 and effort. Increase the difficulty of tasks over time to keep\r
1353 contributors motivated and challenged. And finally, he said,\r
1354 "turn them into mentors".\r
1355 \r
1356 Kolokotronis acknowledges that onboarding "takes time" and\r
1357 "everyone complains" about it. However, he is convinced that\r
1358 it is beneficial in the long term and that it decreases\r
1359 developer turnover.\r
1360 \r
1361 Advice to newcomers\r
1362 \r
1363 Kolokotronis concluded with some suggestions for newcomers to\r
1364 a project. They should try to be persistent and to not get\r
1365 discouraged when something goes wrong. Building connections\r
1366 from the very beginning is helpful. He suggests asking\r
1367 questions as if you were already a member "and things will be\r
1368 fine". However, accept criticism if it happens.\r
1369 \r
1370 One of the next actions of the onboarding team will be to\r
1371 collect feedback from newcomers and experienced contributors\r
1372 to see if they agree on the ideas and processes introduced so\r
1373 far.\r
1374 \r
1375 [86]Comments (none posted)\r
1376 \r
1377 [87]Sharing and archiving data sets with Dat\r
1378 \r
1379 August 27, 2018\r
1380 \r
1381 This article was contributed by Antoine Beaupré\r
1382 \r
1383 [88]Dat is a new peer-to-peer protocol that uses some of the\r
1384 concepts of [89]BitTorrent and Git. Dat primarily targets\r
1385 researchers and open-data activists as it is a great tool for\r
1386 sharing, archiving, and cataloging large data sets. But it can\r
1387 also be used to implement decentralized web applications in a\r
1388 novel way.\r
1389 \r
1390 Dat quick primer\r
1391 \r
1392 Dat is written in JavaScript, so it can be installed with npm\r
1393 , but there are [90]standalone binary builds and a [91]desktop\r
1394 application (as an AppImage). An [92]online viewer can be used\r
1395 to inspect data for those who do not want to install arbitrary\r
1396 binaries on their computers.\r
1397 \r
1398 The command-line application allows basic operations like\r
1399 downloading existing data sets and sharing your own. Dat uses\r
1400 a 32-byte hex string that is an [93]ed25519 public key , which\r
1401 is is used to discover and find content on the net. For\r
1402 example, this will download some sample data: $ dat clone \\r
1403 \r
1404 dat://778f8d955175c92e4ced5e4f5563f69bfec0c86cc6f670352c457943-\r
1405 666fe639 \\r
1406 \r
1407 ~/Downloads/dat-demo\r
1408 \r
1409 Similarly, the share command is used to share content. It\r
1410 indexes the files in a given directory and creates a new\r
1411 unique address like the one above. The share command starts a\r
1412 server that uses multiple discovery mechanisms (currently, the\r
1413 [94]Mainline Distributed Hash Table (DHT), a [95]custom DNS\r
1414 server , and multicast DNS) to announce the content to its\r
1415 peers. This is how another user, armed with that public key,\r
1416 can download that content with dat clone or mirror the files\r
1417 continuously with dat sync .\r
1418 \r
1419 So far, this looks a lot like BitTorrent [96]magnet links\r
1420 updated with 21st century cryptography. But Dat adds revisions\r
1421 on top of that, so modifications are automatically shared\r
1422 through the swarm. That is important for public data sets as\r
1423 those are often dynamic in nature. Revisions also make it\r
1424 possible to use [97]Dat as a backup system by saving the data\r
1425 incrementally using an [98]archiver .\r
1426 \r
1427 While Dat is designed to work on larger data sets, processing\r
1428 them for sharing may take a while. For example, sharing the\r
1429 Linux kernel source code required about five minutes as Dat\r
1430 worked on indexing all of the files. This is comparable to the\r
1431 performance offered by [99]IPFS and BitTorrent. Data sets with\r
1432 more or larger files may take quite a bit more time.\r
1433 \r
1434 One advantage that Dat has over IPFS is that it doesn't\r
1435 duplicate the data. When IPFS imports new data, it duplicates\r
1436 the files into ~/.ipfs . For collections of small files like\r
1437 the kernel, this is not a huge problem, but for larger files\r
1438 like videos or music, it's a significant limitation. IPFS\r
1439 eventually implemented a solution to this [100]problem in the\r
1440 form of the experimental [101]filestore feature , but it's not\r
1441 enabled by default. Even with that feature enabled, though,\r
1442 changes to data sets are not automatically tracked. In\r
1443 comparison, Dat operation on dynamic data feels much lighter.\r
1444 The downside is that each set needs its own dat share process.\r
1445 \r
1446 Like any peer-to-peer system, Dat needs at least one peer to\r
1447 stay online to offer the content, which is impractical for\r
1448 mobile devices. Hosting providers like [102]Hashbase (which is\r
1449 a [103]pinning service in Dat jargon) can help users keep\r
1450 content online without running their own [104]server . The\r
1451 closest parallel in the traditional web ecosystem would\r
1452 probably be content distribution networks (CDN) although\r
1453 pinning services are not necessarily geographically\r
1454 distributed and a CDN does not necessarily retain a complete\r
1455 copy of a website. [105]\r
1456 \r
1457 A web browser called [106]Beaker , based on the [107]Electron\r
1458 framework, can access Dat content natively without going\r
1459 through a pinning service. Furthermore, Beaker is essential to\r
1460 get any of the [108]Dat applications working, as they\r
1461 fundamentally rely on dat:// URLs to do their magic. This\r
1462 means that Dat applications won't work for most users unless\r
1463 they install that special web browser. There is a [109]Firefox\r
1464 extension called " [110]dat-fox " for people who don't want to\r
1465 install yet another browser, but it requires installing a\r
1466 [111]helper program . The extension will be able to load\r
1467 dat:// URLs but many applications will still not work. For\r
1468 example, the [112]photo gallery application completely fails\r
1469 with dat-fox.\r
1470 \r
1471 Dat-based applications look promising from a privacy point of\r
1472 view. Because of its peer-to-peer nature, users regain control\r
1473 over where their data is stored: either on their own computer,\r
1474 an online server, or by a trusted third party. But considering\r
1475 the protocol is not well established in current web browsers,\r
1476 I foresee difficulties in adoption of that aspect of the Dat\r
1477 ecosystem. Beyond that, it is rather disappointing that Dat\r
1478 applications cannot run natively in a web browser given that\r
1479 JavaScript is designed exactly for that.\r
1480 \r
1481 Dat privacy\r
1482 \r
1483 An advantage Dat has over other peer-to-peer protocols like\r
1484 BitTorrent is end-to-end encryption. I was originally\r
1485 concerned by the encryption design when reading the\r
1486 [113]academic paper [PDF] :\r
1487 \r
1488 It is up to client programs to make design decisions around\r
1489 which discovery networks they trust. For example if a Dat\r
1490 client decides to use the BitTorrent DHT to discover peers,\r
1491 and they are searching for a publicly shared Dat key (e.g. a\r
1492 key cited publicly in a published scientific paper) with known\r
1493 contents, then because of the privacy design of the BitTorrent\r
1494 DHT it becomes public knowledge what key that client is\r
1495 searching for.\r
1496 \r
1497 So in other words, to share a secret file with another user,\r
1498 the public key is transmitted over a secure side-channel, only\r
1499 to then leak during the discovery process. Fortunately, the\r
1500 public Dat key is not directly used during discovery as it is\r
1501 [114]hashed with BLAKE2B . Still, the security model of Dat\r
1502 assumes the public key is private, which is a rather\r
1503 counterintuitive concept that might upset cryptographers and\r
1504 confuse users who are frequently encouraged to type such\r
1505 strings in address bars and search engines as part of the Dat\r
1506 experience. There is a [115]security & privacy FAQ in the Dat\r
1507 documentation warning about this problem:\r
1508 \r
1509 One of the key elements of Dat privacy is that the public key\r
1510 is never used in any discovery network. The public key is\r
1511 hashed, creating the discovery key. Whenever peers attempt to\r
1512 connect to each other, they use the discovery key.\r
1513 \r
1514 Data is encrypted using the public key, so it is important\r
1515 that this key stays secure.\r
1516 \r
1517 There are other privacy issues outlined in the document; it\r
1518 states that " Dat faces similar privacy risks as BitTorrent ":\r
1519 \r
1520 When you download a dataset, your IP address is exposed to the\r
1521 users sharing that dataset. This may lead to honeypot servers\r
1522 collecting IP addresses, as we've seen in Bittorrent. However,\r
1523 with dataset sharing we can create a web of trust model where\r
1524 specific institutions are trusted as primary sources for\r
1525 datasets, diminishing the sharing of IP addresses.\r
1526 \r
1527 A Dat blog post refers to this issue as [116]reader privacy\r
1528 and it is, indeed, a sensitive issue in peer-to-peer networks.\r
1529 It is how BitTorrent users are discovered and served scary\r
1530 verbiage from lawyers, after all. But Dat makes this a little\r
1531 better because, to join a swarm, you must know what you are\r
1532 looking for already, which means peers who can look at swarm\r
1533 activity only include users who know the secret public key.\r
1534 This works well for secret content, but for larger, public\r
1535 data sets, it is a real problem; it is why the Dat project has\r
1536 [117]avoided creating a Wikipedia mirror so far.\r
1537 \r
1538 I found another privacy issue that is not documented in the\r
1539 security FAQ during my review of the protocol. As mentioned\r
1540 earlier, the [118]Dat discovery protocol routinely phones home\r
1541 to DNS servers operated by the Dat project. This implies that\r
1542 the default discovery servers (and an attacker watching over\r
1543 their traffic) know who is publishing or seeking content, in\r
1544 essence discovering the "social network" behind Dat. This\r
1545 discovery mechanism can be disabled in clients, but a similar\r
1546 privacy issue applies to the DHT as well, although that is\r
1547 distributed so it doesn't require trust of the Dat project\r
1548 itself.\r
1549 \r
1550 Considering those aspects of the protocol, privacy-conscious\r
1551 users will probably want to use Tor or other anonymization\r
1552 techniques to work around those concerns.\r
1553 \r
1554 The future of Dat\r
1555 \r
1556 [119]Dat 2.0 was released in June 2017 with performance\r
1557 improvements and protocol changes. [120]Dat Enhancement\r
1558 Proposals (DEPs) guide the project's future development; most\r
1559 work is currently geared toward implementing the draft "\r
1560 [121]multi-writer proposal " in [122]HyperDB . Without\r
1561 multi-writer support, only the original publisher of a Dat can\r
1562 modify it. According to Joe Hand, co-executive-director of\r
1563 [123]Code for Science & Society (CSS) and Dat core developer,\r
1564 in an IRC chat, "supporting multiwriter is a big requirement\r
1565 for lots of folks". For example, while Dat might allow Alice\r
1566 to share her research results with Bob, he cannot modify or\r
1567 contribute back to those results. The multi-writer extension\r
1568 allows for Alice to assign trust to Bob so he can have write\r
1569 access to the data.\r
1570 \r
1571 Unfortunately, the current proposal doesn't solve the " hard\r
1572 problems " of " conflict merges and secure key distribution ".\r
1573 The former will be worked out through user interface tweaks,\r
1574 but the latter is a classic problem that security projects\r
1575 have typically trouble finding solutions for—Dat is no\r
1576 exception. How will Alice securely trust Bob? The OpenPGP web\r
1577 of trust? Hexadecimal fingerprints read over the phone? Dat\r
1578 doesn't provide a magic solution to this problem.\r
1579 \r
1580 Another thing limiting adoption is that Dat is not packaged in\r
1581 any distribution that I could find (although I [124]requested\r
1582 it in Debian ) and, considering the speed of change of the\r
1583 JavaScript ecosystem, this is unlikely to change any time\r
1584 soon. A [125]Rust implementation of the Dat protocol has\r
1585 started, however, which might be easier to package than the\r
1586 multitude of [126]Node.js modules. In terms of mobile device\r
1587 support, there is an experimental Android web browser with Dat\r
1588 support called [127]Bunsen , which somehow doesn't run on my\r
1589 phone. Some adventurous users have successfully run Dat in\r
1590 [128]Termux . I haven't found an app running on iOS at this\r
1591 point.\r
1592 \r
1593 Even beyond platform support, distributed protocols like Dat\r
1594 have a tough slope to climb against the virtual monopoly of\r
1595 more centralized protocols, so it remains to be seen how\r
1596 popular those tools will be. Hand says Dat is supported by\r
1597 multiple non-profit organizations. Beyond CSS, [129]Blue Link\r
1598 Labs is working on the Beaker Browser as a self-funded startup\r
1599 and a grass-roots organization, [130]Digital Democracy , has\r
1600 contributed to the project. The [131]Internet Archive has\r
1601 [132]announced a collaboration between itself, CSS, and the\r
1602 California Digital Library to launch a pilot project to see "\r
1603 how members of a cooperative, decentralized network can\r
1604 leverage shared services to ensure data preservation while\r
1605 reducing storage costs and increasing replication counts ".\r
1606 \r
1607 Hand said adoption in academia has been "slow but steady" and\r
1608 that the [133]Dat in the Lab project has helped identify areas\r
1609 that could help researchers adopt the project. Unfortunately,\r
1610 as is the case with many free-software projects, he said that\r
1611 "our team is definitely a bit limited on bandwidth to push for\r
1612 bigger adoption". Hand said that the project received a grant\r
1613 from [134]Mozilla Open Source Support to improve its\r
1614 documentation, which will be a big help.\r
1615 \r
1616 Ultimately, Dat suffers from a problem common to all\r
1617 peer-to-peer applications, which is naming. Dat addresses are\r
1618 not exactly intuitive: humans do not remember strings of 64\r
1619 hexadecimal characters well. For this, Dat took a [135]similar\r
1620 approach to IPFS by using DNS TXT records and /.well-known URL\r
1621 paths to bridge existing, human-readable names with Dat\r
1622 hashes. So this sacrifices a part of the decentralized nature\r
1623 of the project in favor of usability.\r
1624 \r
1625 I have tested a lot of distributed protocols like Dat in the\r
1626 past and I am not sure Dat is a clear winner. It certainly has\r
1627 advantages over IPFS in terms of usability and resource usage,\r
1628 but the lack of packages on most platforms is a big limit to\r
1629 adoption for most people. This means it will be difficult to\r
1630 share content with my friends and family with Dat anytime\r
1631 soon, which would probably be my primary use case for the\r
1632 project. Until the protocol reaches the wider adoption that\r
1633 BitTorrent has seen in terms of platform support, I will\r
1634 probably wait before switching everything over to this\r
1635 promising project.\r
1636 \r
1637 [136]Comments (11 posted)\r
1638 \r
1639 Page editor : Jonathan Corbet\r
1640 \r
1641 Inside this week's LWN.net Weekly Edition\r
1642 \r
1643 [137]Briefs : OpenSSH 7.8; 4.19-rc1; Which stable?; Netdev\r
1644 0x12; Bison 3.1; Quotes; ...\r
1645 \r
1646 [138]Announcements : Newsletters; events; security updates;\r
1647 kernel patches; ... Next page : [139]Brief items>>\r
1648 \r
1649 \r
1650 \r
1651 [1] https://lwn.net/Articles/763743/\r
1652 \r
1653 [2] https://lwn.net/Articles/763626/\r
1654 \r
1655 [3] https://lwn.net/Articles/763641/\r
1656 \r
1657 [4] https://lwn.net/Articles/763106/\r
1658 \r
1659 [5] https://lwn.net/Articles/763603/\r
1660 \r
1661 [6] https://lwn.net/Articles/763175/\r
1662 \r
1663 [7] https://lwn.net/Articles/763492/\r
1664 \r
1665 [8] https://lwn.net/Articles/763254/\r
1666 \r
1667 [9] https://lwn.net/Articles/763255/\r
1668 \r
1669 [10] https://lwn.net/Articles/763743/#Comments\r
1670 \r
1671 [11] https://lwn.net/Articles/763626/\r
1672 \r
1673 [12] http://julialang.org/\r
1674 \r
1675 [13] https://julialang.org/blog/2018/08/one-point-zero\r
1676 \r
1677 [14] https://julialang.org/benchmarks/\r
1678 \r
1679 [15] https://juliacomputing.com/\r
1680 \r
1681 [16] https://en.wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93p-\r
1682 rint_loop\r
1683 \r
1684 [17] http://llvm.org/\r
1685 \r
1686 [18] http://www.3blue1brown.com/essence-of-linear-algebra-page/\r
1687 \r
1688 [19] http://www.netlib.org/lapack/\r
1689 \r
1690 [20] https://lwn.net/Articles/657157/\r
1691 \r
1692 [21] https://julialang.org/publications/julia-fresh-approach-B-\r
1693 EKS.pdf\r
1694 \r
1695 [22] https://lwn.net/Articles/738915/\r
1696 \r
1697 [23] https://pypy.org/\r
1698 \r
1699 [24] https://github.com/JuliaPy/PyCall.jl\r
1700 \r
1701 [25] https://github.com/JuliaInterop/RCall.jl\r
1702 \r
1703 [26] https://docs.julialang.org/en/stable/\r
1704 \r
1705 [27] https://julialang.org/learning/\r
1706 \r
1707 [28] http://bogumilkaminski.pl/files/julia_express.pdf\r
1708 \r
1709 [29] https://docs.julialang.org/en/stable/manual/noteworthy-di-\r
1710 fferences/#Noteworthy-differences-from-Python-1\r
1711 \r
1712 [30] https://lwn.net/Articles/746386/\r
1713 \r
1714 [31] https://github.com/JuliaLang/IJulia.jl\r
1715 \r
1716 [32] https://lwn.net/Articles/764001/\r
1717 \r
1718 [33] https://lwn.net/Articles/763626/#Comments\r
1719 \r
1720 [34] https://lwn.net/Articles/763641/\r
1721 \r
1722 [35] https://lwn.net/Archives/ConferenceByYear/#2018-Linux_Sec-\r
1723 urity_Summit_NA\r
1724 \r
1725 [36] https://events.linuxfoundation.org/events/linux-security-\r
1726 summit-north-america-2018/\r
1727 \r
1728 [37] https://kernsec.org/wiki/index.php/Kernel_Self_Protection-\r
1729 _Project\r
1730 \r
1731 [38] https://lwn.net/Articles/763644/\r
1732 \r
1733 [39] https://raphlinus.github.io/programming/rust/2018/08/17/u-\r
1734 ndefined-behavior.html\r
1735 \r
1736 [40] https://lwn.net/Articles/749064/\r
1737 \r
1738 [41] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/-\r
1739 linux.git/commit/?id=02361bc77888\r
1740 \r
1741 [42] https://lore.kernel.org/lkml/CA+55aFzCG-zNmZwX4A2FQpadafL-\r
1742 fEzK6CC=qPXydAacU1RqZWA@mail.gmail.com/T/#u\r
1743 \r
1744 [43] https://lwn.net/Articles/758245/\r
1745 \r
1746 [44] https://lwn.net/Articles/718888/\r
1747 \r
1748 [45] https://lwn.net/Articles/744507/\r
1749 \r
1750 [46] https://outflux.net/slides/2018/lss/danger.pdf\r
1751 \r
1752 [47] https://lwn.net/Articles/763641/#Comments\r
1753 \r
1754 [48] https://lwn.net/Articles/763106/\r
1755 \r
1756 [49] https://lwn.net/Articles/763497/\r
1757 \r
1758 [50] https://lwn.net/Articles/762566/\r
1759 \r
1760 [51] https://lwn.net/Articles/761118/\r
1761 \r
1762 [52] https://git.kernel.org/linus/d5791044d2e5749ef4de84161cec-\r
1763 5532e2111540\r
1764 \r
1765 [53] https://lwn.net/ml/linux-kernel/20180630000253.70103-1-sq-\r
1766 ue@chromium.org/\r
1767 \r
1768 [54] https://git.kernel.org/linus/771c035372a036f83353eef46dbb-\r
1769 829780330234\r
1770 \r
1771 [55] https://lwn.net/Articles/745073/\r
1772 \r
1773 [56] https://lwn.net/ml/linux-kernel/CA+55aFxFjAmrFpwQmEHCthHO-\r
1774 zgidCKnod+cNDEE+3Spu9o1s3w@mail.gmail.com/\r
1775 \r
1776 [57] https://lwn.net/Articles/759499/\r
1777 \r
1778 [58] https://lwn.net/Articles/762355/\r
1779 \r
1780 [59] https://lwn.net/ml/linux-fsdevel/20180823223145.GK6515@Ze-\r
1781 nIV.linux.org.uk/\r
1782 \r
1783 [60] https://lwn.net/Articles/763106/#Comments\r
1784 \r
1785 [61] https://lwn.net/Articles/763603/\r
1786 \r
1787 [62] https://lwn.net/Articles/601799/\r
1788 \r
1789 [63] https://lwn.net/Articles/552904\r
1790 \r
1791 [64] https://lwn.net/Articles/758963/\r
1792 \r
1793 [65] http://algogroup.unimore.it/people/paolo/pub-docs/extende-\r
1794 d-lat-bw-throughput.pdf\r
1795 \r
1796 [66] https://lwn.net/Articles/763603/#Comments\r
1797 \r
1798 [67] https://lwn.net/Articles/763175/\r
1799 \r
1800 [68] https://lwn.net/Archives/ConferenceByYear/#2018-Akademy\r
1801 \r
1802 [69] https://dot.kde.org/2017/11/30/kdes-goals-2018-and-beyond\r
1803 \r
1804 [70] https://phabricator.kde.org/T7116\r
1805 \r
1806 [71] https://phabricator.kde.org/T6831\r
1807 \r
1808 [72] https://phabricator.kde.org/T7050\r
1809 \r
1810 [73] https://akademy.kde.org/\r
1811 \r
1812 [74] https://community.kde.org/Promo\r
1813 \r
1814 [75] https://www.chakralinux.org/\r
1815 \r
1816 [76] https://conf.kde.org/en/Akademy2018/public/events/79\r
1817 \r
1818 [77] https://en.wikipedia.org/wiki/Onboarding\r
1819 \r
1820 [78] https://community.kde.org/Get_Involved\r
1821 \r
1822 [79] https://community.kde.org/KDE/Junior_Jobs\r
1823 \r
1824 [80] https://lwn.net/Articles/763189/\r
1825 \r
1826 [81] https://phabricator.kde.org/T8686\r
1827 \r
1828 [82] https://phabricator.kde.org/T7646\r
1829 \r
1830 [83] https://bugs.kde.org/\r
1831 \r
1832 [84] https://www.plasma-mobile.org/index.html\r
1833 \r
1834 [85] https://www.plasma-mobile.org/findyourway\r
1835 \r
1836 [86] https://lwn.net/Articles/763175/#Comments\r
1837 \r
1838 [87] https://lwn.net/Articles/763492/\r
1839 \r
1840 [88] https://datproject.org\r
1841 \r
1842 [89] https://www.bittorrent.com/\r
1843 \r
1844 [90] https://github.com/datproject/dat/releases\r
1845 \r
1846 [91] https://docs.datproject.org/install\r
1847 \r
1848 [92] https://datbase.org/\r
1849 \r
1850 [93] https://ed25519.cr.yp.to/\r
1851 \r
1852 [94] https://en.wikipedia.org/wiki/Mainline_DHT\r
1853 \r
1854 [95] https://github.com/mafintosh/dns-discovery\r
1855 \r
1856 [96] https://en.wikipedia.org/wiki/Magnet_URI_scheme\r
1857 \r
1858 [97] https://blog.datproject.org/2017/10/13/using-dat-for-auto-\r
1859 matic-file-backups/\r
1860 \r
1861 [98] https://github.com/mafintosh/hypercore-archiver\r
1862 \r
1863 [99] https://ipfs.io/\r
1864 \r
1865 [100] https://github.com/ipfs/go-ipfs/issues/875\r
1866 \r
1867 [101] https://github.com/ipfs/go-ipfs/blob/master/docs/experim-\r
1868 ental-features.md#ipfs-filestore\r
1869 \r
1870 [102] https://hashbase.io/\r
1871 \r
1872 [103] https://github.com/datprotocol/DEPs/blob/master/proposal-\r
1873 s/0003-http-pinning-service-api.md\r
1874 \r
1875 [104] https://docs.datproject.org/server\r
1876 \r
1877 [105] https://lwn.net/Articles/763544/\r
1878 \r
1879 [106] https://beakerbrowser.com/\r
1880 \r
1881 [107] https://electronjs.org/\r
1882 \r
1883 [108] https://github.com/beakerbrowser/explore\r
1884 \r
1885 [109] https://addons.mozilla.org/en-US/firefox/addon/dat-p2p-p-\r
1886 rotocol/\r
1887 \r
1888 [110] https://github.com/sammacbeth/dat-fox\r
1889 \r
1890 [111] https://github.com/sammacbeth/dat-fox-helper\r
1891 \r
1892 [112] https://github.com/beakerbrowser/dat-photos-app\r
1893 \r
1894 [113] https://github.com/datproject/docs/raw/master/papers/dat-\r
1895 paper.pdf\r
1896 \r
1897 [114] https://github.com/datprotocol/DEPs/blob/653e0cf40233b5d-\r
1898 474cddc04235577d9d55b2934/proposals/0000-peer-discovery.md#dis-\r
1899 covery-keys\r
1900 \r
1901 [115] https://docs.datproject.org/security\r
1902 \r
1903 [116] https://blog.datproject.org/2016/12/12/reader-privacy-on-\r
1904 the-p2p-web/\r
1905 \r
1906 [117] https://blog.datproject.org/2017/12/10/dont-ship/\r
1907 \r
1908 [118] https://github.com/datprotocol/DEPs/pull/7\r
1909 \r
1910 [119] https://blog.datproject.org/2017/06/01/dat-sleep-release/\r
1911 \r
1912 [120] https://github.com/datprotocol/DEPs\r
1913 \r
1914 [121] https://github.com/datprotocol/DEPs/blob/master/proposal-\r
1915 s/0008-multiwriter.md\r
1916 \r
1917 [122] https://github.com/mafintosh/hyperdb\r
1918 \r
1919 [123] https://codeforscience.org/\r
1920 \r
1921 [124] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890565\r
1922 \r
1923 [125] https://github.com/datrs\r
1924 \r
1925 [126] https://nodejs.org/en/\r
1926 \r
1927 [127] https://bunsenbrowser.github.io/#!index.md\r
1928 \r
1929 [128] https://termux.com/\r
1930 \r
1931 [129] https://bluelinklabs.com/\r
1932 \r
1933 [130] https://www.digital-democracy.org/\r
1934 \r
1935 [131] https://archive.org\r
1936 \r
1937 [132] https://blog.archive.org/2018/06/05/internet-archive-cod-\r
1938 e-for-science-and-society-and-california-digital-library-to-pa-\r
1939 rtner-on-a-data-sharing-and-preservation-pilot-project/\r
1940 \r
1941 [133] https://github.com/codeforscience/Dat-in-the-Lab\r
1942 \r
1943 [134] https://www.mozilla.org/en-US/moss/\r
1944 \r
1945 [135] https://github.com/datprotocol/DEPs/blob/master/proposal-\r
1946 s/0005-dns.md\r
1947 \r
1948 [136] https://lwn.net/Articles/763492/#Comments\r
1949 \r
1950 [137] https://lwn.net/Articles/763254/\r
1951 \r
1952 [138] https://lwn.net/Articles/763255/\r
1953 \r
1954 [139] https://lwn.net/Articles/763254/\r
1955\r
1956\r
1957\r
Gopher news scrapper