UpFront

diff -u: What's New in Kernel Development

Zack Brown

Issue #247, November 2014

Hardware errors are tough to code for. In some cases, they're impossible to code for. A particular brand of hardware error is the Machine-Check Exception (MCE), which means a CPU has a problem. On Windows systems, it's one of the causes of the Blue Screen of Death.

Everyone wants to handle hardware errors well, because it can mean the difference between getting a little indication of what actually went wrong and getting no information at all.

Andy Lutomirski recently suggested some code to clean up non-maskable interrupts (NMIs), which also typically indicate some sort of hardware failure. But over the course of discussion, folks raised questions about how to handle various cases—for example, when an MCE came immediately after an NMI. Typically NMIs are not interruptable by any other code, but should an exception be made for MCEs? If the OS detects a CPU error while already processing another hardware error, should it defer to the more pressing CPU issue or not?

There was a bit of debate, but ultimately Linus Torvalds said that an MCE meant that the system was dead. Any attempt to handle that in software, he said, was just in order to crash as gracefully as possible. But he felt that the kernel should not make any complicated effort in that case, since the end result would just be the same crash. Deadlocks, race conditions and other issues that normally would be important, simply weren't in this case. Make a best effort to log the event, he said, and forget the rest.

Elsewhere, he elaborated more vociferously, saying, “MCE is frankly misdesigned. It's a piece of shit, and any of the hardware designers that claim that what they do is for system stability are out to lunch. This is a prime example of what not to do, and how you can actually spread what was potentially a localized and recoverable error, and make it global and unrecoverable.” And he added:

Synchronous MCEs are fine for synchronous errors, but then trying to turn them “synchronous” for other CPUs (where they weren't synchronous errors) is a major mistake. External errors punching through irq context is wrong, punching through NMI is just inexcusable.

If the OS then decides to take down the whole machine, the OS—not the hardware—can choose to do something that will punch through other CPUs' NMI blocking (notably, init/reset), but the hardware doing this on its own is just broken if true.

Tony Luck pointed out that Intel actually was planning to fix this in future machines, although he acknowledged that turn-around time for chips was likely to be very long. However, as Borislav Petkov pointed out, even after the fix went in, Linux still would need to support the bad hardware.

The tightrope-walk of container security has some controversy. One group believes that containers should be able to do whatever an independent system could do. Another group believes that certain abilities render the container inherently insecure. The first group says that without these features, the container isn't truly offering a complete environment. The second group says that's how the cookie crumbles.

Seth Forshee recently posted some patches to allow containerized systems to see hot-plugged devices, just the way a non-containerized system could. But this, apparently, was a bridge too far. Greg Kroah-Hartman said he had long since expressed a clear policy against adding namespaces to devices. And, that was exactly how Seth's code made the hot-plugged devices visible to the containerized system.

It turns out that there are valid use-cases for wanting a containerized system to be able to see hot-plugged devices. Michael H. Warfield described one such. And, Seth described his own—he needed hot-plug support in order to implement loopback devices within the container.

Greg said loopback support in a container was a very bad idea, since it provided all sorts of opportunities to leak data out of the container and into the host system—a security violation.

He said this was not a “normal” use-case for containers. To which Serge Hallyn replied that any feature used by a non-containerized system was a “normal” use case for containerized systems.

Serge argued that these features inevitably would go into containers. There was no way to keep them out. As long as containers excluded features that were included in non-containerized systems, there would be people with an incentive to bridge the gap. Why not bridge it now and fix the bugs as they showed up?

But Richard said, “There are so many things that can hurt you badly. With user namespaces, we expose a really big attack surface to regular users. [...] I agree that user namespaces are the way to go, all the papering with LSM over security issues is much worse. But we have to make sure that we don't add too many features too fast.”

And, Greg added that Seth's code was too hacky, implementing just what Seth needed, rather than addressing the overarching issue of how to handle namespaces properly within a container.

Greg also said he supported loopback devices within containers, but he and James Bottomley said that the security issues were real, and the implementation had to take account of them. It wasn't enough simply to implement the feature and then fix bugs. The feature needed a proper design that addressed these concerns.

Android Candy: Party Like It's 1994!

Shawn Powers

Issue #247, November 2014

I really stink at video games. I write about gaming occasionally, but the truth of the matter is, I'm just not very good. If we play Quake, you'll frag me just about as often as I respawn. I don't have great reflexes, and my coordination is horrible. But if you give me an RPG, a 12-pack of Coke, and a three-day weekend, I'll be a level 96 blood elf by dawn of the second day.

Yes, in my youth I was a bit of a nerd. I stayed home weekends playing Chrono-trigger, The Secret of Mana, Zelda, Dragon Warrior and, of course, Final Fantasy. I was happy to discover the other day that those same Final Fantasy games I loved as a youngster are available in all their remade glory on the Android platform! They are unfortunately a little pricey, with each installment weighing in at $15.99, but they've been re-created specifically for the touch screen, and they are really fun!

If you wonder which game to buy (and you don't plan to buy them all, like some of us did), I highly recommend Final Fantasy VI. It was the best game on the Super Nintendo, and I think it's the best game on Android as well. Of course, if you're okay with slightly more awkward gameplay, the old titles are easy to find in ROM format in the questionable corners of the Internet. There are several really good SNES emulators for Android that will allow you to play those original ROM files completely free. Honestly, however, if you can afford the $15.99, the remakes are far more enjoyable to play.

Check them out on the Google Play Store: https://play.google.com/store/apps/developer?id=SQUARE%20ENIX%20Co.%2CLtd.&hl=en.

Non-Linux FOSS

Shawn Powers

Issue #247, November 2014

One of my career iterations put me in charge of a Windows server that had Apache and PHP installed on it to serve as a Web server for the corporate intranet. Although I was happy to see Apache used as the Web server dæmon, the installation on the Windows server was the most confusing and horrifying mess I've ever seen. To this day, I'm not sure which of the three Apache instances was actually serving files, and there were at least six PHP folders in various places on the hard drive, each with a different version number.

If you're in a situation where you're required to use Windows, but don't want to worry about the nightmare of installing Apache and PHP (much less MySQL) on your machine, I urge you to check out XAMMP. It's not a new program, but that's one of its greatest features. It's basically just a single installer for Windows, OS X or Linux that installs Apache with PHP and MySQL. Its maturity means that even on a Windows system, it should install and work like you'd expect open-source software to work.

Although XAMMP can be used to serve files to the actual Internet, it was designed for individuals to install on their own workstations to test their code. And in that situation, it works really well. If you have a server connected to the Internet, I still recommend using a Linux server with a proper Apache/PHP installation, but if you're stuck using a Windows workstation, XAMMP can give you a stable, open-source Web server platform that you can rely on. Grab a copy at www.apachefriends.org.

Drafting on Linux

Joey Bernard

Issue #247, November 2014

One common scientific task is designing new hardware to help make measurements. A powerful tool to help with this design work is a Computer Aided Design system, or CAD software. Several tools are available on Linux for doing CAD work. In this article, I take a look at LibreCAD (www.librecad.org).

LibreCAD started as an extension of QCad. For a short while, it was called CADuntu, before finally being named LibreCAD. It should be available as a package in most distributions.

In Debian-based distributions, you can install it with the command:

sudo apt-get install librecad

And, you always can install it from source if you want the latest and greatest features.

Once LibreCAD is installed, you can launch it from the application launcher for your desktop, or you can run the librecad command from a terminal. The first time you start LibreCAD, you will be greeted with a welcome window (Figure 1).

Figure 1. When you start LibreCAD the first time, you need to set some initial options.

Here, you will be presented with the ability to set options for the default unit, the GUI language and the command language. Once you set those options, you will see a blank canvas where you can start your new project (Figure 2). The main window is the actual drawing canvas where you can set up your design. On the left-hand side, you should see a palette of drawing tools. On the right-hand side, you will see two smaller windows containing the layer list and the block list for your design.

Figure 2. LibreCAD starts up with a blank canvas, ready for your new project.

If you already have done some design work, you can import that work into LibreCAD. You can insert an image to your design by clicking the menu item File→Import→Insert Image. LibreCAD can handle most common file formats. If you had been working with another CAD program and have a DXF file of that work, you can import it by clicking on the menu item File→Import→Block (Figure 3). This option also handles CXF files, in case you were using those.

Figure 3. You can import DXF files from lots of places.

You may have a text file with raw point data for the object you are trying to draw. If so, you can click on the menu item File→Import→Read ascii points. This will pop up an option window where you can define what the points represent and how to treat them. You even can import GIS data from a shape file with the menu item File→Import→shape file.

Now you should be ready to start designing your project. Clicking the icons in the palette on the left-hand side opens a new palette with multiple options for each of the categories. For example, if you click on the circle icon, you will see a new palette giving you the option to draw circles with either two points on the circumference, a point at the center and one at the circumference or a circle that fits within a triangle, among many other options.

The other icons in the drawing palette also provide tools for drawing many other components, such as lines, arcs and splines. All of these items are drawn on the default layer that you get with a new project. You can add a new layer by clicking the plus icon in the top pane on the right-hand side. This will pop up a new option window where you can set things like the layer name and the drawing color for the new layer (Figure 4).

Figure 4. You can set options for new layers added to your project.

You can toggle visibility of the various layers by clicking the eye icon to the right in the layer list. When you have a layer set the way you want it, you can make it uneditable by clicking on the lock icon for that layer. That way, you won't accidentally change it while you work on other layers.

If you need to add labels explaining parts of your design, you can click on the multi-line text option in the tool palette. This will pop up a window where you can enter the text and set options like font and color (Figure 5).

Figure 5. You can set several options when you add a multi-line text object.

Once you have the basic objects drawn on your project, you can use the many modification tools available to fine-tune your drawing or to generate more complex objects based on some modification of one of the basic types. These modifications are available under the Modify menu item. You can do things like scaling, mirroring, rotating and moving.

Using these tools, however, isn't very intuitive. Say you want to scale an element of your drawing. The first thing you will want to do is to click on the Modify→Scale menu item. You next will notice that the command-line box at the bottom of the window has changed, asking you to “Select to scale”. You then need to click on the element you want to scale, say a line element, and press the Enter key. The command-line window then will change to saying “Specify reference point”. LibreCAD scales based on a reference point to act as a point of perspective, so go ahead and click on a point. This will pop up an option window where you can set things like the scaling factor and whether it is isotropic (Figure 6). When you click OK, LibreCAD will apply the modification and refresh the drawing.

Figure 6. You can set several options for scaling an element of your drawing.

You also can change the properties of the different elements, which may be needed to clarify parts of special interest. To do this, you need to click on the Modify→Properties menu item, and then click on the element in question. This will pop up a dialog box where you can edit properties that apply for that element type (Figure 7).

Figure 7. You can change both the display properties of your circle as well as the physical properties.

When you have finished your design, you will want to share it with others. The default file format is the Drawing Exchange Format (.dxf). LibreCAD supports versions 2007, 2004, 2000, R14 and R12. If you need to, you also can save it as an LFF Font file (.lff), a QCad file (.cxf) or a Jww Drawing file (.jww). If you just want a simplified output, you can click on the File→Export menu item and save it in one of a large number of image file formats. With these options, you should be able to share your design with most people.

Hopefully, this article has shown you enough to help you decide whether LibreCAD might be a good fit for your next design project. If so, you can find even more information on the LibreCAD Wiki and forum. A great deal of examples are available on the Internet that will show you just what is possible with a good CAD system. And, because these examples are available in DXF files, you can load them in LibreCAD and play with the possibilities.

The Awesome Program You Never Should Use

Shawn Powers

Issue #247, November 2014

I've been hesitating for a couple months about whether to mention sshpass. Conceptually, it's a horrible, horrible program. It basically allows you to enter an SSH user name and password on the command line, so you can create a connection without any interaction. A far better way to accomplish that is with public/private keypairs. But it's still something I find useful from time to time, and I'd rather mention it with all the warnings in the world than to pretend it doesn't exist.

So, sshpass—it's a simple tool, but in a pinch, it can be incredibly helpful. You use it with the user name and password as command-line arguments (with some variations, see the help screen in the screenshot), and it injects them into your ssh (or scp) command.

Again, this is a horribly insecure method for entering passwords. However, I find it particularly useful for setting up new machines, especially computers or devices in a closed environment. I've also used it to send files via scp to hundreds of machines in my local network that I'll never need to connect to again. It's a dangerous tool, but can be a lifesaver if you need it. Search your distribution's repositories, as it's available for most systems. And remember, don't ever use it!

They Said It

Everything that is really great and inspiring is created by the individual who can labor in freedom.

—Albert Einstein

Any government is potentially the worst client in the world you could ever possibly want to have.

—Thomas Heatherwick

When you give each other everything, it becomes an even trade. Each wins all.

—Lois McMaster Bujold

Enjoyment is not a goal, it is a feeling that accompanies important ongoing activity.

—Paul Goodman

I must create a system, or be enslaved by another man's.

—William Blake

Tomahawk, the World Is Your Music Collection

Shawn Powers

Issue #247, November 2014

I don't listen to music very often, but when I do, my tastes tend to be across the board. That's one of the reasons I really like Pandora, because the music selection is incredible (in fact, I can't recommend the Pithos client for Pandora enough—I've written about it in past issues). Unfortunately, with Pandora, you don't get to pick specific songs. That's usually okay for me, but sometimes I want to hear a particular song by a particular artist. Even worse, sometimes I want to hear a particular version of a song. I've purchased 3–4 different versions of a song, only to discover none of them were what I wanted.

Enter Tomahawk. It behaves much like a traditional music application, and it will play music from your hard drive or network shares. Its real strength, however, is its ability to connect to on-line resources to find songs. When it finds those songs, it treats them just like a local file. You can create playlists with a mix of local and remote media, and search across an entire array of on-line services. Tomahawk will connect to Spotify, last.fm, Jamendo, Beets, Subsonic and tons of other sources. Of particular note, I love that there is a YouTube plugin that will search YouTube for songs! (The YouTube plugin isn't included by default, but it's free to install.)

Due to its ability to blur the lines between local and streaming media, while functioning as a traditional desktop music app, Tomahawk earns this month's Editors' Choice award. If you have fickle music tastes, or just want to listen to your various music collections in a central place, I urge you to give Tomahawk a try: www.tomahawk-player.org.