Apple's version of Meltdown and Spectre vulnerability

A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.
The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.

In the end Apple makes the same mistakes as their competitors which brings Apple's security onto the same level with the PC world. This is issue is not one of the "under specific circumstances, during full moon, on a 30 February...". No, this issue ist the ultimate stepping stone is pretty easy to exploit through trojans and other backdoor software. All intelligence services will miss it a lot when it gets fixed.

MIPS Becomes RISC-V - a new chance for this ARM alternative?

What a long, strange trip it’s been. MIPS Technologies no longer designs MIPS processors. Instead, it’s joined the RISC-V camp, abandoning its eponymous architecture for one that has strong historical and technical ties. The move apparently heralds the end of the road for MIPS as a CPU family, and a further (slight) diminution in the variety of processors available. It’s the final arc of an architecture.

A big advantage of the RISC architecture is that unlike ARM, RISC is free of loyalty & license fees.

FLoC makes 3rd-party cookies obsolete and separates tracking users from targeting users

The choice of what ads to show on a web page may typically be based on three broad categories of information: (1) First-party and contextual information (e.g., "put this ad on web pages about motorcycles"); (2) general information about the interests of the person who is going to see the ad (e.g., “show this ad to Classical Music Lovers”); and (3) specific previous actions the person has taken (e.g., "offer a discount on some shoes that you left in a shopping cart"). This document addresses category (2), ads targeting based on someone's general interests. For personalized advertising in category (3), please check out the TURTLEDOVE proposal. In today's web, people’s interests are typically inferred based on observing what sites or pages they visit, which relies on tracking techniques like third-party cookies or less-transparent mechanisms like device fingerprinting. It would be better for privacy if interest-based advertising could be accomplished without needing to collect a particular individual’s browsing history. We plan to explore ways in which a browser can group together people with similar browsing habits, so that ad tech companies can observe the habits of large groups instead of the activity of individuals. Ad targeting could then be partly based on what group the person falls into. Browsers would need a way to form clusters that are both useful and private: Useful by collecting people with similar enough interests and producing labels suitable for machine learning, and private by forming large clusters that don't reveal information that's too personal, when the clusters are created, or when they are used. A FLoC cohort is a short name that is shared by a large number (thousands) of people, derived by the browser from its user’s browsing history. The browser updates the cohort over time as its user traverses the web. The value is made available to websites via a new JavaScript API: The browser uses machine learning algorithms to develop a cohort based on the sites that an individual visits. The algorithms might be based on the URLs of the visited sites, on the content of those pages, or other factors. The central idea is that these input features to the algorithm, including the web history, are kept local on the browser and are not uploaded elsewhere — the browser only exposes the generated cohort. The browser ensures that cohorts are well distributed, so that each represents thousands of people. The browser may further leverage other anonymization methods, such as differential privacy. The number of cohorts should be small, to reinforce that they cannot carry detailed information — short cohort names ("43A7") can help make that clear.

A 2D API that uses the macOS Metal framework in Java 17

Motivation Two major factors motivate the introduction of a new Metal-based rendering pipeline on macOS: Apple deprecated the OpenGL rendering library in macOS 10.14, in September 2018. Java 2D on macOS is completely reliant on OpenGL for its internal rendering pipeline, so a new pipeline implementation is needed. Apple claims that the Metal framework, their replacement for OpenGL, has superior performance. For the Java 2D API, this is generally the case with some exceptions. Description Most graphical Java applications are written using the Swing UI toolkit, which renders via the Java 2D API. Internally, Java 2D can use software rendering plus a blit to the screen or it can use a platform-specific API, such as X11/Xrender on Linux, Direct3D on Windows, or OpenGL on macOS. These platform-specific APIs typically offer much better performance than software rendering, and generally off-load the CPU. Metal is the new macOS platform API for such rendering, replacing the deprecated OpenGL API. (The name has nothing to do with the Swing “Metal” Look and Feel; that is just a coincidence.)

Good to see the investment of many Java developers to stay fruitful, even after more than a decade as Swing started. Do not try it with any JavaScript framework!

KDE's Plasma 5.21 Release brings a lot of progress for Wayland integration

KWin and Wayland KDE is pushing to have first class support for Wayland, and Plasma 5.21 makes massive progress towards reaching that goal. We have extensively refactored the compositing code in KWin and the changes should reduce latency throughout all compositing operations. We have also added a control in the compositing settings so you can choose whether you prefer lower latency or smoother animations. In addition, we have also added support for mixed-refresh-rate display setups on Wayland, e.g. you can have one screen refreshing at 144Hz and another at 60Hz, which is ideal for improving work-stations with multiple monitors. Preliminary support for multiple GPUs was also added on Wayland. The virtual keyboard in Wayland has been improved and now supports GTK applications using the text-input-v3 protocol. The support for graphical tablets has also been improved and now includes all the controls that were missing in the previous version, such as pad ring and pad buttons. Apart from the numerous improvements in stability, there are quite a few Plasma components that are getting much better support in Wayland. KRunner, for example, is now able to list all open windows in Wayland, a new component in the panel’s system tray informs you of the keyboard layout, and we now support features required for GTK 4, so all GTK 4 applications will now work.

Many improvements around the KDE's KWin Wayland integration are on their way.

AlmaLinux & Rocky Linux - two alternative to the upstreamed CentOS

Rocky Linux is a community enterprise operating system designed to be 100% bug-for-bug compatible with America's top enterprise Linux distribution now that its downstream partner has shifted direction. It is under intensive development by the community. Rocky Linux is led by Gregory Kurtzer, founder of the CentOS project. There is no ETA for a release. Contributors are asked to reach out using the communication options offered on this site.

vs

In December 2020, the community lost one of its most important resources. Red Hat announced that CentOS would no longer be issued as a stable release, instead replaced by the continuously updated CentOS Stream. At CloudLinux we quickly realized the vast implications of Red Hat’s announcement, so we stepped in to commit to a CentOS replacement: a 1:1 binary compatible fork of RHEL® that is free to use, and open source. We gave it the code name Project Lenix. Now, we are announcing the results of Project Lenix: AlmaLinux. Due to be released in Q1 2021, the new Linux distribution enables CentOS users to easily switch to a CentOS replacement that enjoys ongoing support. Switching requires minimal effort: because AlmaLinux is a binary compatible fork of RHEL, the base for CentOS, switching from CentOS to AlmaLinux is extremely simple.

RedHat turned CentOS from being a downstream version and receiving updates after they have been released (and tested) on RedHat Enterprise Linux (RHEL). A few weeks ago RedHat turned CentOS into an upstream version, receiving updated before they will be release to RHEL and thus serving as a testing ground for all updates that are going to be released to RHEL.

No free bug fix release for Qt 5.15 LTS anymore

As part of their fundamental shift to restrict Qt LTS point releases to commercial customers, The Qt Company is closing the Qt 5.15 branch to the public tomorrow with future Qt 5.15 LTS point releases to be restricted to paying licensees. The notice was sent out today that beginning tomorrow (5 January) will start the commercial-only LTS phase of Qt 5.15. The existing Qt 5.15 branches will be publicly visible but will not see any new patches. The public branches are closed to new commits with the exception of Qt WebEngine and the deprecated Qt Script due to third-party LGPL dependencies. Only active, commercial license holders will be able to access the private repository that will have the code that comprises the future Qt 5.15 LTS point releases. The first commercial-only Qt 5.15 LTS tagged release is expected to happen in February.

On the one hand this is the only reasonable way to provide paying customers probably with the only reasons to continue paying license fees, so Qt remains commercially viable. On the other hand projects like KDE who should be able to rely on Qt's LTS version will no longer be able to receive an free security patches.

When companies pursue an own agenda: Intel vs ECC RAM

Linus argues that error-correcting code (ECC) memory "absolutely matters" but that "Intel has been instrumental in killing the whole ECC industry with it's horribly bad market segmentation... Intel has been detrimental to the whole industry and to users because of their bad and misguided policies wrt ECC. Seriously...The arguments against ECC were always complete and utter garbage... Now even the memory manufacturers are starting do do ECC internally because they finally owned up to the fact that they absolutely have to. And the memory manufacturers claim it's because of economics and lower power. And they are lying bastards - let me once again point to row-hammer about how those problems have existed for several generations already, but these f*ckers happily sold broken hardware to consumers and claimed it was an "attack", when it always was "we're cutting corners"." Torvalds went on his lengthy post to say, "The "modern DRAM is so reliable that it doesn't need ECC" was always a bedtime story for children that had been dropped on their heads a bit too many times. Yes, I'm pissed off about it. You can find me complaining about this literally for decades now. I don't want to say "I was right". I want this fixed, and I want ECC. And AMD did it. Intel didn't."

There is nothing wrong when companies pursue their own agenda. This is natural and it would be strange if they would not do that. The problem starts when there is a monopoly that can dictate industry standards that are not in the interest of competition nor in the interest of the most customers.

Java ZGC garbage collection keeps improving

The ZGC garbage collector (GC) aims to make GC pauses and scalability issues in HotSpot a thing of the past. We have, so far, moved all GC operations that scale with the size of the heap and the size of metaspace out of safepoint operations and into concurrent phases. Those include marking, relocation, reference processing, class unloading, and most root processing. The only activities still done in GC safepoints are a subset of root processing and a time-bounded marking termination operation. The roots include Java thread stacks and various other thread roots. These roots are problematic, since they scale with the number of threads. With many threads on large machine, root processing becomes a problem.

With all these advancements it looks like garbage collected languages can fulfill the requirements of non-GC languages, i.e. zero-pause garbage collection. It should not be forgotten that GC languages on the other hand are much easier to handle than non-GC languages as the memory de-allocation process is not handled by the programmer but a transparent system in the background.

Fedora outperforms Clear Linux and Ubuntu

Out of 110 tests ran across the four distributions, Fedora Workstation 33 was winning half of them followed by Clear Linux leading in 30% of the tests and then Ubuntu 20.10 and Manjaro 20.2 each picking up wins 10% of the time.

Although many think so, performance is by far not the decisive factor for a strategic OS choice as OS governance, usability, and the general philosophy are what make an OS a long-term bet. Ultimately RedHat is the driver behind Fedora and if you are fine about its implications then Fedora is a great OS.

Windows AArch64 Port Brings Java to ARM CPUs

We have ported the JDK to Windows/AArch64, by extending the work previously done for the Linux/AArch64 port (JEP 237). This port includes the template interpreter, the C1 and C2 JIT compilers, and garbage collectors (serial, parallel, G1, Z and Shenandoah). It supports both the Windows 10 and Windows Server 2016 operating systems. The focus of this JEP is not the porting effort itself, which is mostly complete, but rather the integration of the port into the JDK main-line repository.

Yet another example how Windows held up the innovation. The Linux port of OpenJDK is out for years already.

Run Web Code Anywhere, Incl. Desktop & Server

It's looking like Wasmer 1.0 will be released early in the new year as the open-source WebAssembly run-time for desktops or to run WASM code anywhere as a "universal runtime" in contexts outside of the web browser. Wasmer has been making much progress over the past year and closing in on their version 1.0 milestone. Following the beta earlier this month that added Apple Silicon (Apple M1) support and other improvements, this WebAssembly macOS / Windows / Linux run-time is now to the release candidate phase with plenty of fixes.

In a nutshell, Wasmer is something like a safer version of a cross-platform Java (JRE) that is not owned by any major corporation – at least not from a legal perspective.

Rust, Kotlin, Python