Technology journalist Gareth Halfacree is running the AB Open Community Round-Up series, offering a fortnightly glimpse at what’s happening in and around open source hardware and software, wireless and related topics.
It’s been a great start to the year for the open-source processor architecture RISC-V starting with the release of a publicly-accessible web-hosted development board by OnChip, based around its Open-V microcontroller-centric RISC-V implementation.
In order to allow people to play around with a microcontroller built on the RISC-V architecture without having to have actual hardware or FPGA implementations to hand, OnChip has wired up one of its crowd-funded development boards to a webcam and a web-based IDE. Visitors can write programs in RISC-V assembly, C/C++, or two variants of the drag-and-drop Blockly language. Once compiled, the resulting program is executed in a browser-based simulation as well as a real development board positioned under a live-streaming webcam.
For those looking to develop for microprocessor-centric RISC-V implementations the news that work is underway to upstream a port of the GNU Compiler Collection (GCC) toolchain will be welcomed, though there is still work to be done before the GCC maintainers will accept and merge the port.
Announced in a post to the gcc-patches mailing list earlier this week, the port is complete enough to compile the full Linux kernel and around 2,000 Fedora packages for 32-bit and 64-bit RISC-V ISAs. In a follow-up posting it was noted that some work will need to be completed on documentation and testing before the port will be officially added to upstream GCC.
Fabrice Bellard’s 128-bit RISCVEMU emulator, released late last year, has received a major update designed to increase compatibility and make it easier to use via networked disk images.
In his update post to the RISC-V SW Dev mailing list, Fabrice announced that the latest release of the software – which supports running in 32-bit, 64-bit, and 128-bit modes – now includes a network filesystem capable of working with network-hosted disk images without needing to download them locally first. Additional improvements include a VirtIO console, networking, block device support, and the 9P filesystem. As always, the emulator can be downloaded or tested in-browser at bellard.org/riscvemu.
The Harvey OS project, which is creating an operating system based on the classic Bell Labs Plan 9, has announced support for RISC-V processors – the first time it has been available for non-AMD64 architectures.
Described by its creators as a “direct descendant of Plan 9 from Bell Labs,” the same division of the telecoms pioneer that would birth Unix and the C language, Harvey has previously been exclusively available for AMD64 (x86-64) machines. While the team behind it has been working on ARM64 support, it’s RISC-V which has become the first non-x86 architecture to receive an official port of the OS.
For those developing internet-connected embedded projects, a post by Mender.io’s Eystein Stenberg on approaches for over-the-air (OTA) updates in-the-field is well worth reading.
Eystein’s post covers the importance of having a secure OTA channel while also discussing the advantages and disadvantages of the two main approaches to OTA updates: distributing flashable images (preferred by nearly half of the developers Eystein surveyed for the piece) and distributing individual packages. With malware strains increasingly targeting embedded devices like routers and cameras, it’s a topic worthy of serious consideration regardless of how far along in the development process you may be.
More security considerations are to be found in Mentor Graphics’ latest white paper, which discusses considerations for improving the robustness of internet-connected wearables such as fitness monitors and healthcare devices.
In the paper, Mentor discusses the key security technologies with a particular focus on designs based around ARM processors. Coverage of topics include boot-time and code authentication, how to establish a chain of trust, the importance of process separation, considerations surrounding officially safety-certified operating systems, and using ARM’s TrustZone platform for increased protection.
Anyone hosting projects on publicly-accessible Git repositories is advised to check out Truffle Hog, an open-source tool which searches for strings of high-entropy random data of the sort associated with private keys which can be easily included in commits by mistake.
The private key associated with an API is, as the name suggests, private, but when working on a project it’s all to easy to forget to wipe it from configuration files before making a commit to a Git repository. Truffle Hog works by scanning through commit histories for strings longer than 20 characters then evaluating their Shannon entropy; once found each string is printed to the screen, a high-entropy string of that length being more than likely a private key that should not have been included in the commit.
Finally, the open source movement is now making inroads in the arena of quantum computing with the news that industry pioneer D-Wave Systems is to release its qbsolv tool under a permissive licence.
“Just as a software ecosystem helped to create the immense computing industry that exists today, building a quantum computing industry will require software accessible to the developer community,” claimed Bo Ewald, D-Wave president, of his company’s release. “D-Wave is building a set of software tools that will allow developers to use their subject-matter expertise to build tools and applications that are relevant to their business or mission. By making our tools open source, we expand the community of people working to solve meaningful problems using quantum computers.”
An early non-public release of qbsolv has already assisted researchers in solving computationally-difficult problems in a significantly reduced timescale, the company has claimed. While the tool’s split output is primarily designed for execution on one of D-Wave’s high-priced quantum computers, the company claims it can also be run through a tabu search system on a traditional computer.
The source for qbsolv, licensed under the Apache Licence 2.0, can be found on the D-Wave GitHub repository.