Agreguesi i feed

samleecole writes: Using a photograph to algorithmically generate a person's face and some 3D-rendered body parts, anyone can make a realistic avatar of someone who is walking around in real life. Import the avatar into another program, and you can have sex with them in virtual reality, without the real person ever giving consent. On forums like Reddit, marketplaces like Patreon, and on standalone websites, communities of anonymous users are making and selling computer-generated likenesses of celebrities and other real people. The 3D models that emerge from these communities can be articulated into any position, animated, modified, interacted with in real time, and manipulated in ways that defy the constraints of physical reality. Like deepfake videos traded online, the technology to create photorealistic 3D models of real people is rapidly approaching -- and it's getting easier for the average user to access those tools and programs. Rendering a realistic human is a process which historically required the specialized technical knowledge of teams of artists in game and special effects studios. Those studios, traditionally, have to obtain the rights to use someone's likeness before rendering them, but many hobbyists seemingly make avatars of anyone, with or without their consent.

Read more of this story at Slashdot.

Scott Stein, reviews Google Stadia cloud gaming service for CNET: Stadia's launch day was earlier this week... sort of. Really, consider this the start of Stadia's early-access beta period. Because Google's big promises haven't arrived, and at the price of the Stadia's Founder's Edition, I can't recommend anyone jump onboard at the moment. Google's experimental game streaming service, Stadia, launches without many of its promised features, and just a handful of games. It works, but there's not much incentive to buy in. We've heard about the promises of streaming games over the internet for a decade. Stadia really does work as a way to stream games. I've only played a couple of the 12 games Google promised by Tuesday's launch, though. That short list pales compared to what Microsoft already has on tap for its in-beta game-streaming service, xCloud. It's no match for what Nvidia's game streaming GeForce Now already has or what PlayStation Now offers. Prices of Stadia games at launch in the US are below. They're basically full retail game prices. This could get crazy expensive fast. [...] Stadia has so few games right now, and I'm trying them with no one else online. It isn't clear how things will work now that the service is going live, and what other features will kick in before year's end. I'm curious, but I might lose interest. Others might, too. I have plenty of other great games to play right now: on Apple Arcade, VR and consoles such as the Switch. Stadia isn't delivering new games yet, it's just trying to deliver a new way to play through streaming. One that you can already get from other providers. Until Google finds a way to loop in YouTube and develop truly unique competitive large-scale games, Stadia isn't worth your time yet. Yes, the future is possibly wild, and you can see hints of the streaming-only cloud-based playground Stadia wants to become. But we'll see what it shapes into over the next handful of months and check back in. Raymond Wong, writing for Input Mag looks at the amount of data playing a game on Stadia consumes and how the current state of things require a very fast internet connection to work: Like streaming video, streaming games is entirely dependent on your internet speed. Faster internet delivers smooth, lag-free visuals, and slower internet means seeing some glitches and dropped framerates. Google recommends a minimum of connection of 10Mbps for 1080p Full HD streaming at 30 fps with stereo sound and 35Mbps for 4K resolution streaming (in HDR if display is supported) at 60 fps with 5.1 surround sound. Reality didn't reflect Google's advertising, though. Despite having a Wi-Fi connection with 16-20Mbps downloads in a hotel room in LA, streaming Shadow of the Tomb Raider and Destiny 2 to my 13-inch MacBook Pro wasn't 100% stable. The visuals would glitch out for a second or two about every 10 minutes of playtime. [...] A fast internet connection isn't the only thing you need for Stadia to work right. You need a lot of bandwidth, too. One hour of playing Red Dead Redemption 2 at 1080p resolution on my 46-inch HDTV via a Chromecast Ultra ate up 5.3GB of data. This seemed insane until I saw an hour of Destiny 2 on a Pixel 3a XL with 6-inch, 1080p-resolution display gobbled up 9.3GB of data!

Read more of this story at Slashdot.

Is it embarrassing for adults to like superheroes? According to Alan Moore -- creator of the Watchmen series and widely considered one of the greatest comic book writers -- it is. From a report: He says superheroes are perfectly fine for 12 or 13-year-olds but adults should think again. "I think the impact of superheroes on popular culture is both tremendously embarrassing and not a little worrying," he says. Alan wrote Watchmen in 1986. The series depicts an alternate history where superheroes emerged in the 1940s and 1960s and their presence changed the course of history. He believes the characters are "perfectly suited" to the imaginations of a younger audience - but now, they serve a "different function, and are fulfilling different needs." The writer claims adults enjoy superhero films because they don't wish to leave their "relatively reassuring childhoods" behind, or move into the 21st century.

Read more of this story at Slashdot.

The trend of people throwing or threatening to throw out their Fitbit devices comes as Google faces a perception problem that has spanned everyday users and regulators alike. From a report: The company has paid data privacy fines in the EU and made recent strides into the stringently regulated healthcare industry, which has caused the public to re-think seemingly harmless tools. Privacy groups this week began pushing regulators to block the Fitbit acquisition, which the company originally hoped to close in early 2020. Google didn't respond to requests for comment. "I only recently got it and now I'm thinking I don't need Google watching literally my every step or my every heart beat," said Dan Kleinman, who said he is getting rid of his Fitbit Versa. Some people cited Google's 2014 acquisition of Nest Labs, which, at the time consisted of smart home thermostats. Since then, the company has tied Nest's technology, branding and device accounts to its digital assistant and smart speakers. Twitter users have been tweeting about their plans to get rid of their devices upon hearing of the acquisition.

Read more of this story at Slashdot.

The Indian government said on Tuesday that it is "empowered" to intercept, monitor, or decrypt any digital communication "generated, transmitted, received, or stored" on a citizen's device in the country in the interest of national security or to maintain friendly relations with foreign states. From a report: Citing section 69 of the Information Technology Act, 2000, and section 5 of the Telegraph Act, 1885, Minister of State for Home Affairs G. Kishan Reddy said local law empowers federal and state government to "intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource in the interest of the sovereignty or integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence." Reddy's remarks were in response to the parliament, where a lawmaker had asked if the government had snooped on citizens' WhatsApp, Messenger, Viber, and Google calls and messages.

Read more of this story at Slashdot.

Microsoft Teams now has more than 20 million daily active users, a 50% spike in four months that puts the tool well ahead of its chief rival Slack. From a report: Microsoft revealed the number of Teams users for the first time in July, about a year after it first started offering a free version of the service. Teams has the advantage of being part of the Microsoft 365 ecosystem with a pool of millions of users to pull from, setting it up for rapid growth. Last month, Slack said it had more than 12 million daily users, a 37 percent increase over the prior year. Despite trailing Microsoft in the number of users, Slack has said its high level engagement -- the average paid customer spends 9 hours a day on Slack and more than 90 minutes actively using it -- gives it an advantage in shaping the future of work. The two companies are in the midst of a fierce, multi-year rivalry for dominance of the competitive market for chat-based collaboration tools, which also includes tech giants Google and Facebook. Microsoft and Slack have been aggressive in making splashy announcements this year to showcase the growth of their platforms.

Read more of this story at Slashdot.

Sweden has dropped an investigation into a rape allegation made against Julian Assange. From a report: The deputy chief prosecutor, Eva-Marie Persson, told a news conference: "I want to inform about my decision to discontinue the preliminary investigation." The decision on Tuesday follows a ruling in June by a Swedish court that Assange, who denies the accusation, should not be detained. Two months earlier, the WikiLeaks founder was evicted from the Ecuadorian embassy in London, where he had been living since 2012.

Read more of this story at Slashdot.

An anonymous reader shares an excerpt from a report via the BBC: According to a 2015 survey of the most annoying office noises by Avanta Serviced Office Group, conversations were rated the most vexing, closely followed by coughing, sneezing and sniffing, loud phone voices, ringing phones and whistling. Why do we find it so hard to be around these everyday noises? What is it about them that allows them to lodge in our brains and make it impossible to think? [...] Back in 2011, researchers from University College London and the University of London decided to find out. First of all, the researchers asked 118 female secondary school students to complete a questionnaire, which revealed how extroverted or introverted each was -- essentially, whether they thrive on socializing and being immersed in the outside world or if they find these experiences exhausting. Next the students were subjected to a battery of cognitive challenges -- and to add extra difficulty, they were asked to complete them while listening to British garage music, or the clamor of a classroom. A control group completed them in silence. As the researchers suspected, all the students performed better in silence. But they also found that, in general -- with the exception of one test -- the more extroverted they were, the less they were affected by noise. A person's level of extroversion is thought to be a key aspect of their personality -- one of the so-called 'Big Five' factors that determines who we are, along with things like how open we are to new experiences. According to one prominent theory, extroverts are inherently "understimulated," so they tend to seek out situations which increase their level of arousal -- like noisy environments. Meanwhile, introverts have the opposite problem; as the famous poet, novelist and introvert Charles Bukowski put it: "People empty me. I have to get away to refill." With this in mind, it makes sense that more introverted workers would be more affected by the background noise, since anything that increases their level of arousal, like music or the chatter of colleagues, could be overwhelming.

Read more of this story at Slashdot.

Yesterday I wrote a blog about what hardware vendors need to provide so I can write them a fwupd plugin. A few people contacted me telling me that I should make it more generic, as I shouldn’t be the central point of failure in this whole ecosystem. The sensible thing, of course, is growing the “community” instead, and building up a set of (paid) consultants that can help the OEMs and ODMs, only getting me involved to review pull requests or for general advice. This would certainly reduce my current feeling of working at 100% and trying to avoid burnout.

As a first step, I’ve created an official page that will list any consulting companies that I feel are suitable to recommend for help with fwupd and the LVFS. The hardware vendors would love to throw money at this stuff, so they don’t have to care about upstream project release schedules and dealing with a gumpy maintainer like me. I’ve pinged the usual awesome people like Igalia, and hopefully more companies will be added to this list during the next few days.

If you do want your open-source consultancy to be added, please email me a two paragraph corporate-friendly blurb I can include on that new page, also with a link I can use for the “more details” button. If you’re someone I’ve not worked with before, you should be in a position to explain the difference between a capsule update and a DFU update, and be able to tell me what a version format is. I don’t want to be listing companies that don’t understand what fwupd actually is :)

Researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have devised a system that can predict what different cars will do by determining how selfish or selfless a driver is. From a report: Specifically, they used something called social value orientation (SVO), which represents the degree to which someone is selfish ("egoistic") versus altruistic or cooperative ("prosocial"). The system then estimates drivers' SVOs to create real-time driving trajectories for self-driving cars. Testing their algorithm on the tasks of merging lanes and making unprotected left turns, the team showed that they could better predict the behavior of other cars by a factor of 25 percent. For example, in the left-turn simulations their car knew to wait when the approaching car had a more egoistic driver, and to then make the turn when the other car was more prosocial. To try to expand the car's social awareness, the CSAIL team combined methods from social psychology with game theory, a theoretical framework for conceiving social situations among competing players. The team modeled road scenarios where each driver tried to maximize their own utility and analyzed their "best responses" given the decisions of all other agents. Based on that small snippet of motion from other cars, the team's algorithm could then predict the surrounding cars' behavior as cooperative, altruistic, or egoistic -- grouping the first two as "prosocial." People's scores for these qualities rest on a continuum with respect to how much a person demonstrates care for themselves versus care for others. Here are some potential use cases of such a system: "Say you're a human driving along and a car suddenly enters your blind spot -- the system could give you a warning in the rear-view mirror that the car has an aggressive driver, allowing you to adjust accordingly. It could also allow self-driving cars to actually learn to exhibit more human-like behavior that will be easier for human drivers to understand." The team is planning to apply their system to pedestrians, bicycles, and other agents in driving environments. "In addition, they will be investigating other robotic systems acting among humans, such as household robots, and integrating SVO into their prediction and decision-making algorithms," the report says.

Read more of this story at Slashdot.

Version:next-20191119 (linux-next) Released:2019-11-19

Last year, China set a goal of 35 orbital launches and ended up with 39 launch attempts. "This year, China is set to pace the world again," reports Ars Technica. "Through Sunday, the country has launched 27 orbital missions, followed by Russia (19), and the United States (16). Although nearly a month and a half remain in this year, a maximum of six additional orbital launches are likely from the United States in 2019." From the report: To be fair, China's space launch program has not been without hiccups. The country's space program is still trying to bring its large Long March 5 vehicle back into service after a catastrophic failure during just its second mission, in July 2017. And the country had three failures in 2018 and 2019, compared to just one in the United States and Russia combined. The United States has taken a step back this year in part due to decreased activity by SpaceX. The company launched a record 21 missions last year but has so far launched 11 rockets in 2019. A flurry of missions remains possible in the next six weeks for the company, including a space station resupply mission in early December, a commercial satellite launch, and additional Starlink flights. Another big factor has been a slow year for United Launch Alliance. The Colorado-based company has launched just two Delta IV-Medium rockets this year, one Delta IV-Heavy, and a single Atlas V mission. The company may launch Boeing's Starliner spacecraft before the end of 2019, giving the Atlas V rocket a second launch. It is possible that Rocket Lab, which has flown its Electron rocket from New Zealand five times in 2019 and is planning at least one more mission before the end of the year, will have more launches than United Launch Alliance for the first time. Sometime next year, Rocket Lab should also begin to add to the US tally for orbital launches as it opens a new facility at Wallops Island, Virginia.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TorrentFreak: A YouTuber who used a royalty-free track supplied by YouTube itself has had all of his videos copyright claimed by companies including SonyATV and Warner Chappell. According to the music outfits, Matt Lownes' use the use of the track 'Dreams' by Joakim Karud means that they are now entitled to all of his revenue. [...] Worryingly, searches online show that not only are other people affected by similar mass complaints, but there may -- may -- be an explanation for what is going on here. "SonyATV & Warner Chappell have claimed 24 of my videos because the royalty free song Dreams by Joakim Karud (from the OFFICIAL YOUTUBE AUDIO LIBRARY BTW) uses a sample from Kenny Burrell Quartet's 'Weaver of Dream,'" a Twitter user wrote on Saturday. Sure enough, if one turns to the WhoSampled archive, Dreams is listed as having sampled Weaver of Dreams, a track from 1956 to which Sony/ATV Music Publishing LLC and Warner/Chappell Music, Inc. own the copyrights. If the trend of claims against 'Dreams' continues, there is potential for huge upheaval on YouTube and elsewhere. Countless thousands of videos use the track and as a result it has become very well-known. Sadly, people trying to claim it as their own is nothing new but fingers crossed, common sense will sort out the present issues.

Read more of this story at Slashdot.

AmiMoJo writes: A woman is suing a London NHS trust for not revealing her father had been diagnosed with Huntington's disease before she had her own child. She only discovered he carried the gene for the degenerative, incurable brain disorder after her daughter was born. The woman then found out she too carried the faulty gene, meaning her daughter has a 50% chance of having it. The story is tragic. In 2007 her father murdered her mother and was found to have Huntington's, which often results in confusion and violent behavior. She was already pregnant at the time and her father asked that she not be told as he feared she would abort the pregnancy. Doctors were in a bind, with doctor-patient confidentiality on one hand and a duty of care on the other. The woman is arguing that in cases of serious inherited diseases children should have a right to know. She says if she had known she would not have had a child, who has a 50:50 chance of also having Huntington's and will one day have to look after her confused and possibly violent mother.

Read more of this story at Slashdot.

MojoKid writes: Intel has unveiled its first discrete GPU solution that will hit the market in 2020, code name Ponte Vecchio. Based on 7nm silicon manufacturing and stack chiplet design with Intel's Foveros tech, Ponte Vecchio will target HPC markets for supercomputers and AI training in the datacenter. According to HotHardware, Ponte Vecchio will employ a combination of both its Foveros 3D packaging and EMIB (Embedded Multi-die Interconnect Bridge) technologies, along with High Bandwidth Memory (HBM) and Compute Express Link (CXL), which will operate over the newly ratified PCIe 5.0 interface and serve as Ponte Vecchio's high-speed switch fabric connecting all GPU resources. Intel is billing Ponte Vecchio as its first exascale GPU, proving its meddle in the U.S. Department of Energy's (DOE) Aurora supercomputer. Aurora will employ a topology of six Ponte Vecchio GPUs and two Intel Xeon Scalable processors based on Intel's next generation Sapphire Rapids architecture, along with Optane DC Persistent Memory on a single blade. The new supercomputer is schedule to arrive sometime in 2021.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: On Sunday, Motherboard reported that the hacker or hackers known as Phineas Fisher targeted a bank, stole money and documents, and is offering other hackers $100,000 to carry out politically motivated hacks. Now, the bank Phineas Fisher targeted, Cayman National Bank from the Isle of Man, confirmed it has suffered a data breach. "It is known that Cayman National Bank (Isle of Man) Limited was amongst a number of banks targeted and subject to the same hacking activity," Cayman National told Motherboard in a statement issued Monday. "A criminal investigation is ongoing and Cayman National is co-operating with the relevant law enforcement authorities to identify the perpetrators of the data theft. Cayman National takes any breach of data security very seriously and a specialist IT forensic investigation is underway, with appropriate actions being taken to ensure that the clients of Cayman National's Isle of Man bank and trust companies are protected," the statement added. The statement doesn't name Phineas Fisher explicitly, but instead says the bank was the victim of a "criminal hacking group." "I robbed a bank and gave the money away," Phineas Fisher wrote in their most recent manifesto, adding that they breached the bank in 2016. "Computer hacking is a powerful tool to fight economic inequality." In its statement, Cayman National claimed it had found no evidence of financial loss either to its customers or Cayman National itself. Twitter account Distributed Denial of Secrets (DDoSecrets) posted a link to the copies of the servers of Cayman National Bank and Trust. "To make certain files easier to access, the two Athol servers were combined into a single archive. The raw Athol servers will be released next week, along with the launch of the Hunter Memorial Library which will make over 600,000 of the bank's emails searchable online," reads a follow-up tweet. The total size of data is about 2 terabytes.

Read more of this story at Slashdot.

140Mandak262Jamuna writes: Battery electric vehicle (BEV) fans are all excited about the introduction of an all-electric SUV by Ford. Specs and pricing are very similar to Tesla. Interior also is very similar with a large touchscreen. Elon Musk congratulated Ford on Twitter and Ford returned the compliments. Die-hard Tesla fans are saying Tesla is still better. Other BEV fans are welcoming Ford. I, for one, welcome the more affordable all-electric, non-compliance BEV (Ford's words, not mine). Ford's Mustang Mach-E is expected to achieve between 210 miles and at least 300 miles of range on a full charge, depending on the model. Top performance models will achieve 0 to 60 mph in the mid-three-second range with an estimated 459 horsepower and 612 lb.-ft. of torque. Unlike Tesla's Model 3 or upcoming Model Y, the Mach-E qualifies for federal tax incentives of up to $7,500. It will range from $43,895 for the base "Select" model to roughly $60,500 for the GT model.

Read more of this story at Slashdot.

I’ve been told by several sources (but not by Google directly, heh) that from Christmas onwards the “Designed for ChromeBook” sticker requires hardware vendors to use fwupd rather than random non-free binaries. This does make a lot of sense for Google, as all the firmware flash tools I’ve seen the source for are often decades old, contain layer-on-layers of abstractions, have dubious input sanitisation and are quite horrible to use. Many are setuid, which doesn’t make me sleep well at night, and I suspect the security team at Google also. Most vendor binaries are built for the specific ODM hardware device, and all of them but one doesn’t use any kind of source control or formal review process.

The requirement from Google has caused mild panic among silicon suppliers and ODMs, as they’re having to actually interact with an open source upstream project and a slightly grumpy maintainer that wants to know lots of details about hardware that doesn’t implement one of the dozens of existing protocols that fwupd supports. These are companies that have never had to deal with working with “outside” people to develop software, and it probably comes as quite a shock to the system. To avoid repeating myself these are my basic rules when adding support for a device with a custom protocol in fwupd:

• I can give you advice on how to write the plugin if you give me the specifications without signing an NDA, and/or the existing code under a LGPLv2+ license. From experience, we’ll probably not end up using any of your old code in fwupd but the error defines and function names might be similar, and I don’t anyone to get “tainted” from looking at non-free code, so it’s safest all round if we have some reference code marked with the right license that actually compiles on Fedora 31. Yes, I know asking the legal team about releasing previously-nonfree code with a GPLish licence is difficult.
• If you are running Linux, and want our help to debug or test your new plugin, you need to be running Fedora 30 or 31. If you run Ubuntu you’ll need to use the snap version of fwupd, and I can’t help you with random Ubuntu questions or interactions between the snap version and the distro version. I know your customer might be running Debian Stable or Ubuntu LTS, but that’s not what I’m paid to support. If you do use Fedora 29+ or RHEL 7+ you can also use the nice COPR I provide with git snapshots of master.
• Please reflect the topology of your device. If writes have to go through another interface, passthru or IC, please give us access to documentation about that device too. I’m fed up having to reverse engineer protocols from looking at the “wrong side” of the client source code. If the passthru is implemented by different vendor, they’ll need to work on the same terms as this.
• If you want to design and write all of the plugin yourself, that’s awesome, but please follow the existing style and don’t try to wrap your existing code base with the fwupd plugin API. If your device has three logical children with different version numbers or firmware formats, we want to see three devices in fwupdmgr. If you want to restrict the child devices to a parent vendor, that’s fine, we now support that in fwupd and on the LVFS. If you’re adding custom InstanceIDs, these have to be documented in the README.md file.
• If you’re using an nonstandard firmware format (as in, not DFU, Intel HEX or Motorola SREC) then you’ll need to write a firmware parser that’s going to be valgrind’ed and fuzzed. We will need all the header/footer documentation so we can verify the parser and add some small redistributable fuzz targets. If the blob is being passed to the hardware without parsing, you still might need to know the format of the header so that the plugin can do a sanity check that the firmware is suitable for the hardware, and that any internal CRC is actually correct. All the firmware parsers have to be paranoid and written defensively, because it’s me that looks bad on LWN if CVEs get issued.
• If you want me to help with the plugin, I’m probably going to ask for test hardware, and two different versions of the firmware that can actually be flashed to the hardware you sent. A bare PCB is fine, but if you send me something please let me know so I can give you my personal address rather than have to collect it from a Red Hat office. If you send me hardware, ensure you also include a power supply that’s going to work in the UK, e.g. 240V. If you want it back, you’ll also need to provide me with UPS/DHL collection sticker.
• You do need to think how to present your device version number. e.g. is 0x12345678 meant to be presented as “12.34.5678” or “18.52.86.120” – the LVFS really cares if this is correct, and users want to see the “same” version numbers as on the OEM web-page.
• You also need to know if the device is fully functional during the update, or if it operates in a degraded or bootloader mode. We also need to know what happens if flashing fails, e.g. is the device a brick, or is there some kind of A/B partition that makes a flash failure harmless? If the device is a brick, how can it be recovered without an RMA?
• After the update is complete fwupd need to “restart” the device so that the new firmware version can be verified, so there needs to be some kind of command the device understands – we can ask the user to reboot or re-plug the device if this is the only way to do this, although in 2019 we can really do better than that.
• If you’re sharing a huge LGPLv2+ lump of code, we need access to someone who actually understands it, preferably the person that wrote it in the first place. Typically the code is uncommented and a recipe for a headache so being able to ask a human questions is invaluable. For this, either IRC, email or even just communicating via a shared Google doc (more common than you would believe…) is fine. I can’t discuss this stuff on Telegram, Hangouts or WhatsApp, sorry.
• Once a plugin exists in fwupd and is upstream, we will expect pull requests to add either more VID/PIDs, #defines or to add variations to the protocol for new versions of the hardware. I’m going to be grumpy if I just get sent a random email with demands about backporting all the VID/PIDs to Debian stable. I have zero control on when Debian backports anything, and very little influence on when Ubuntu does a SRU. I have a lot of influence on when various Fedora releases get a new fwupd, and when RHEL gets backports for new hardware support.

Now, if all this makes me sound like a grumpy upstream maintainer then I apologize. I’m currently working with about half a dozen silicon suppliers who all failed some or all of the above bullets. I’m multiplexing myself with about a dozen companies right now, and supporting fwupd isn’t actually my entire job at Red Hat. I’m certainly not going to agree to “signing off a timetable” for each vendor as none of the vendors actually pay me to do anything…

Given interest in fwupd has exploded in the last year or so, I wanted to post something like this rather than have a 10-email back and forth about my expectations with each vendor. Some OEMs and even ODMs are now hiring developers with Linux experience, and I’m happy to work with them as fwupd becomes more important. I’ve already helped quite a few developers at random vendors get up to speed with fwupd and would be happy to help more. As the importance of fwupd and the LVFS grows more and more, vendors will need to hire developers who can build, extend and support their hardware. As fwupd grows, I’ll be asking vendors to do more of the work, as “get upstream to do it” doesn’t scale.

I'm still playing with my X210, a device that just keeps coming up with new ways to teach me things. I'm now running Coreboot full time, so the majority of the runtime platform firmware is free software. Unfortunately, the firmware that's running on the embedded controller (a separate chip that's awake even when the rest of the system is asleep and which handles stuff like fan control, battery charging, transitioning into different power states and so on) is proprietary and the manufacturer of the chip won't release data sheets for it. This was disappointing, because the stock EC firmware is kind of annoying (there's no hysteresis on the fan control, so it hits a threshold, speeds up, drops below the threshold, turns off, and repeats every few seconds - also, a bunch of the Thinkpad hotkeys don't do anything) and it would be nice to be able to improve it.

A few months ago someone posted a bunch of fixes, a Ghidra project and a kernel patch that lets you overwrite the EC's code at runtime for purposes of experimentation. This seemed promising. Some amount of playing later and I'd produced a patch that generated keyboard scancodes for all the missing hotkeys, and I could then use udev to map those scancodes to the keycodes that the thinkpad_acpi driver would generate. I finally had a hotkey to tell me how much battery I had left.

But something else included in that post was a list of the GPIO mappings on the EC. A whole bunch of hardware on the board is connected to the EC in ways that allow it to control them, including things like disabling the backlight or switching the wifi card to airplane mode. Unfortunately the ACPI spec doesn't cover how to control GPIO lines attached to the embedded controller - the only real way we have to communicate is via a set of registers that the EC firmware interprets and does stuff with.

One of those registers in the vendor firmware for the X210 looked promising, with individual bits that looked like radio control. Unfortunately writing to them does nothing - the EC firmware simply stashes that write in an address and returns it on read without parsing the bits in any way. Doing anything more with them was going to involve modifying the embedded controller code.

Thankfully the EC has 64K of firmware and is only using about 40K of that, so there's plenty of room to add new code. The problem was generating the code in the first place and then getting it called. The EC is based on the CR16C architecture, which binutils supported until 10 days ago. To be fair it didn't appear to actually work, and binutils still has support for the more generic version of the CR16 family, so I built a cross assembler, wrote some assembly and came up with something that Ghidra was willing to parse except for one thing.

As mentioned previously, the existing firmware code responded to writes to this register by saving it to its RAM. My plan was to stick my new code in unused space at the end of the firmware, including code that duplicated the firmware's existing functionality. I could then replace the existing code that stored the register value with code that branched to my code, did whatever I wanted and then branched back to the original code. I hacked together some assembly that did the right thing in the most brute force way possible, but while Ghidra was happy with most of the code it wasn't happy with the instruction that branched from the original code to the new code, or the instruction at the end that returned to the original code. The branch instruction differs from a jump instruction in that it gives a relative offset rather than an absolute address, which means that branching to nearby code can be encoded in fewer bytes than going further. I was specifying the longest jump encoding possible in my assembly (that's what the :l means), but the linker was rewriting that to a shorter one. Ghidra was interpreting the shorter branch as a negative offset, and it wasn't clear to me whether this was a binutils bug or a Ghidra bug. I ended up just hacking that code out of binutils so it generated code that Ghidra was happy with and got on with life.

Writing values directly to that EC register showed that it worked, which meant I could add an ACPI device that exposed the functionality to the OS. My goal here is to produce a standard Coreboot radio control device that other Coreboot platforms can implement, and then just write a single driver that exposes it. I wrote one for Linux that seems to work.

In summary: closed-source code is more annoying to improve, but that doesn't mean it's impossible. Also, strange Russians on forums make everything easier.

comments

Thanks to the sponsorship of GNOME, I was able to attend the Linux App Summit 2019 held in Barcelona. This conference was hosted by two free desktop communities such as GNOME and KDE. Usually the technologies used to create applications are GTK and QT, and the objective of this conference was to present ongoing application projects that run in many Linux platforms and beyond on both, desktops and on mobiles. The ecosystem involved, the commercial part and the U project manager perspective were also presented in three core days. I had the chance to hear some talks as pictured: Adrien Plazas, Jordan and Tobias, Florian are pictured in the first place. The keynote was in charge of Mirko Boehm with the title “The Economics of FOSSâ€�, Valentin and Adam Jones from Freedesktop SDK and Nick Richards where he pointed out the “write” strategy. You might see more details on Twitter.

Women’s presence was very noticeable in this conference. As it is shown in the following picture, a UX designer such as Robin presented a communication approach to understand what the users want, the developer Heather Ellsworth explained also her work at Ubuntu making GNOME Snap apps, the enthusiastic Aniss from OpenStreetMap community also did a lightning talk about her experiences to make a FOSS community stronger. At the bottom of the picture we see the point of view of the database admin: Shola, the KDE developer: Hannah, and the closing ceremony presented by Muriel (local team organizer).

On Friday, some BoFs were set. The engagement Bof leading by Nuritzi is pictured first, followed by the KDE team. The Snap Packaging Workshop happened in the meeting room.

Lighting talks were part also of this event at the end of the day, every day. Nuritzi was prized for her effort to run the event. Thanks Julian & Tobias for joining to see Park Güell.Social events were also arranged, we started a tour from the Casa Batlló and we walked towards the Gothic quarter. The tours happened at nigth after the talks, and lasted 1.5 h.Food expenses were covered by GNOME in my case as well as for other members. Thanks!

My participation was basically done a talk in the unconference part, I organized the GNOME games with Jorge (a local organizer) and I wrote a GTK code in C with Matthias.The games started with the “Glotones” where we used flans to eat quickly, the “wise man” where lots of Linux questions were asked, and the “Sing or die” game where the participants changed the lyrics of sticky songs using the words GNOME, KDE and LinuxAppSummit. Some of the moments were pictured as follows:The imagination of the teams were fantastic, they sang and created “geek” choreographies as we requested:One of the games that lasted until the very end was “Guessing the word”. The words depicted in the photo:LAS, root, and GPL played by Nuritzi, Neil, and Jordan, respectively.It was lovely to see again several-years GNOME’s members as Florian, who is always supporting my ideas for the GNOME games the generous, intelligent and funny Javier Jardon, and the famous GNOME developer Zeeshan who also loves Rust and airplanes.

It was also delightful to meet new people. I met GNOME people such as Ismael, and Daniel who helped me to debug my mini GTK code. I also met KDE people such as Albert and Muriel. In the last photo, we are in the photo with the “wise man” and the “flan man”

Special Thanks to the local organizers Jorge and Aleix, Ismael for supporting me for almost the whole conference with my flu, and Nuritzi for the sweet chocolates she gave me.The photo group was a success, and generally, I liked the event LAS 2019 in Barcelona.

Barcelona is a place with novel architectures and I enjoyed the walking time there…

Thanks again GNOME, I will finish my reconstruction image GTK code I started in this event to make it also in parallel using HPC machines in the near future.