Tag: linux

Porting Linux to the M1

interesting, very detailed bringup report.

The Asahi Linux project officially kicked off at the beginning of the year, but at that time we were all waiting for 1 crucial piece: support from Apple for booting alternate kernels on Apple Silicon systems. While the feature had been documented and mostly implemented, there was 1 final missing piece of the puzzle: support for the kmutil configure-boot command, which is what lets you install a non-Apple kernel. This didn’t stop us from making progress, however, as the first step to porting an OS to an undocumented platform is documenting it!

gVisor

Sandboxing and Workload Isolation

gVisor implements basically all of Linux in userland. Processes. Devices. Tasks. Address spaces and page tables. Filesystems. TCP/IP; the entire IP network stack, all reimplemented, in Go, backended by native Linux userland.

The pitch here is straightforward: you’re unlikely to have routine exploitable memory corruption flaws in Go code. You are sort of likely to have them in the C-language Linux kernel. Go is fast enough to credibly emulate Linux in userland. Why expose C code if you don’t have to?

Windows fuzzing

this library allows you to use powerful linux fuzzers to fuzz windows, where fuzzing appears to be stuck in the stone age:

library that allows native Linux programs to load and call functions from a Windows DLL. the library will process the relocations and imports, then provide a dlopen-like API. The code supports debugging with gdb (including symbols), basic block coverage collection, and runtime hooking and patching.

this library has found 3 windows defender critical vulnerabilities in 2 months

The Ubuntu embarassment

on the utter failure, on all levels, of ubuntu touch, a attempt to build a new mobile os.

I feel like the announcement of a new and independent mobile operating system platform was a good reason for the architects to say: “Yeah, let’s do this, but let’s do it The Right Way™ and be better than all the others”. Ubuntu wouldn’t just have a graphical user interface, it would have one that could work on all devices and adapt to all form factors. It wouldn’t just isolate applications against each other the way the Linux kernel or Android did, it would have full-blown confinement which also protected your data and privacy. It would magically prevent apps from draining the battery. And so on. Whatever the others did on the technical side, Ubuntu would do it better and in a more elegant way.

BBR

This commit implements a new TCP congestion control algorithm: BBR (Bottleneck Bandwidth and RTT). A detailed description of BBR will be published in ACM Queue, Vol. 14 No. 5, September-October 2016, as “BBR: Congestion-Based Congestion Control”. BBR has significantly increased throughput and reduced latency for connections on Google’s internal backbone networks and google.com and YouTube Web servers.

the biggest advance for tcp since congestion control was added.

Borg, Omega, and Kubernetes

Though widespread interest in software containers is a relatively recent phenomenon, at Google we have been managing Linux containers at scale for more than 10 years and built 3 different container-management systems in that time. Each system was heavily influenced by its predecessors, even though they were developed for different reasons

syzkaller

syzkaller is a linux kernel fuzzer, and it is finding TONS of bugs. the whole “given enough eyeballs, all bugs are shallow” is clearly total bs, since there aren’t many eyeballs at all. but with this, maybe there’s some hope to get a kernel that is substantially more secure and less crashy.