Minim Debuted the Minim Labs Free Router Security Platform, AWS Launched DocumentDB, Firefox CTO Eric Rescorla Awarded Levchin Prize, Red Hat Ansible Tower 3.4 Now Available and IoT DevCon 2019 Call for Papers

1 week 5 days ago

News briefs for January 10, 2019.

Minim debuted Minim Labs at CES this week. This free version of the Minim router security platform has an open-source Linux-based "Unum" agent for protecting home automation devices, and it runs on Raspbian and OpenWrt Linux devices. See this LinuxGizmos post and the Minim Labs website for more information.

AWS launched DocumentDB yesterday, a "fast, scalable, and highly available document database that is designed to be compatible with your existing MongoDB applications and tools". TechCrunch reports that AWS felt customers found MongoDB difficult to use, so the company built "its own document database, but made it compatible with theApache 2.0 open source MongoDB 3.6 API".

Firefox CTO Eric Rescorla was awarded the Levchin Prize for "significant contributions to solving global, real-world cryptography issues that make the internet safer at scale" yesterday, which was announced at the 2019 Real-World Crypto Conference. According to the Mozilla Blog, Rescorla was chosen for his "involvement in spearheading the latest version of Transport Layer Security (TLS). TLS 1.3 incorporates significant improvements in both security and speed, and was completed in August and already secures 10% of sites."

Red Hat yesterday announced the availability of Red Hat Ansible Tower 3.4. This new release features "workflow enhancements including nested workflows and workflow convergence, designed to simplify challenges inherent in managing complex hybrid cloud infrastructure". In addition this version boasts increased scalability and enhanced security. The press release quotes Vice President, Management at Red Hat, Joe Fitzgerald: "With the new features available in Red Hat Ansible Tower 3.4 organizations are able to increase the scale and scope of their automation activities together with increased control and visibility."

IoT DevCon 2019's call for papers is now open. If you're interested in presenting at the Internet of Things Developers Conference, submission of titles and abstracts deadline is February 28, 2019. The conference will "focus on technologies ranging from ultra-low power microcontrollers to multicore-enabled aggregation hubs and from software strategies to security solutions as well as techniques required to monitor and manage the enormous loads of device-generated data. We are looking for experts to address the audience of managers, developers, engineers and makers". The conference will be held in Santa Clara, California, June 5–6, 2019.

News Minim Labs Security IOT AWS MongoDB Firefox
Jill Franklin

Non-Child Process Exit Notification Support

1 week 5 days ago
by Zack Brown

Daniel Colascione submitted some code to support processes knowing when others have terminated. Normally a process can tell when its own child processes have ended, but not unrelated processes, or at least not trivially. Daniel's patch created a new file in the /proc directory entry for each process—a file called "exithand" that is readable by any other process. If the target process is still running, attempts to read() its exithand file will simply block, forcing the querying process to wait. When the target process ends, the read() operation will complete, and the querying process will thereby know that the target process has ended.

It may not be immediately obvious why such a thing would be useful. After all, non-child processes are by definition unrelated. Why would the kernel want to support them keeping tabs on each other? Daniel gave a concrete example, saying:

Android's lmkd kills processes in order to free memory in response to various memory pressure signals. It's desirable to wait until a killed process actually exits before moving on (if needed) to killing the next process. Since the processes that lmkd kills are not lmkd's children, lmkd currently lacks a way to wait for a process to actually die after being sent SIGKILL.

Daniel explained that on Android, the lmkd process currently would simply keep checking the proc directory for the existence of each process it tried to kill. By implementing this new interface, instead of continually polling the process, lmkd could simply wait until the read() operation completed, thus saving the CPU cycles needed for continuous polling.

And more generally, Daniel said in a later email:

I want to get polling loops out of the system. Polling loops are bad for wakeup attribution, bad for power, bad for priority inheritance, and bad for latency. There's no right answer to the question "How long should I wait before checking $CONDITION again?". If we can have an explicit waitqueue interface to something, we should. Besides, PID polling is vulnerable to PID reuse, whereas this mechanism (just like anything based on struct pid) is immune to it.

Joel Fernandes suggested, as an alternative, using ptrace() to get the process exit notifications, instead of creating a whole new file under /proc. Daniel explained:

Go to Full Article
Zack Brown

Where Linux Went in 2018 - and Where It's Going

1 week 5 days ago
For those who try to keep their finger on the Linux community's pulse, 2018 was a surprisingly eventful year. Spread over the last 12 months, we've seen various projects in the Linux ecosystem make great strides, as well as suffer their share of stumbles. All told, the year wrapped up leaving plenty to be optimistic about in the year to come, but there is much more on which we can only speculate.
Jonathan Terrasi