Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 45 min ago

Kernel prepatch 5.2-rc6

Sunday 23rd of June 2019 01:10:04 PM
The 5.2-rc6 kernel prepatch has been released. Linus worries that the volume of changes has increased — but not too much. "With all that out of the way, I'm still reasonably optimistic that we're on track for a calm final part of the release, and I don't think there is anything particularly bad on the horizon." He also notes that, due to travel, he'll be releasing 5.2-rc7 later than usual.

Weekend stable kernel updates

Saturday 22nd of June 2019 03:12:19 PM
The 5.1.13, 4.19.54, 4.14.129, 4.9.183, and 4.4.183 stable kernels have all been released with another set of important fixes. A few milliseconds later, 5.1.14 and 4.19.55 came out with one more networking fix.

[$] FreeBSD turns 26

Friday 21st of June 2019 10:18:48 PM
The FreeBSD operating system is continuing to make progress, 26 years after it got its name. Among the areas where work is being done is on improved support for RISC-V, FUSE filesystem updates, C runtime changes, and security improvements. FreeBSD Day is celebrated on June 19, in recognition of the date in 1993 when the name FreeBSD was coined for a fork of the 386BSD project. The first official release of FreeBSD did not occur until November 1, 1993, however.

Ahead of FreeBSD Day, the project released its quarterly report for the first quarter of 2019, outlining some of its ongoing efforts. In addition to the quarterly report, the executive director of the FreeBSD Foundation provided LWN with some insights into the state of the project and the foundation that supports it.

[$] Statistics from the 5.2 kernel — and before

Friday 21st of June 2019 02:52:11 PM
As of this writing, just over 13,600 non-merge changesets have been pulled into the mainline repository for the 5.2 development cycle. The time has come, once again, for a look at where that work came from and who supported it. There are some unique aspects to 5.2 that have thrown off some of the usual numbers.

Huang: Open Source Could Be a Casualty of the Trade War

Friday 21st of June 2019 02:07:54 PM
Bunnie Huang writes about the escalating trade wars and how they could be harmful to the open-source community. "Because the administrative action so far against Huawei relies only upon export license restrictions, the Linux Foundation has been able to find shelter under a license exemption for open source software. However, should Huawei be designated as a 'foreign adversary' under EO13873, it greatly expands the scope of the ban because it prohibits transactions with entities under the direction or influence of foreign adversaries. The executive order also broadly includes any information technology including hardware and software with no exemption for open source."

Security updates for Friday

Friday 21st of June 2019 01:11:36 PM
Security updates have been issued by CentOS (libvirt and python), Debian (intel-microcode, php-horde-form, and znc), Fedora (firefox), Mageia (firefox, flash-player-plugin, git, graphicsmagick, kernel, kernel-linus, kernel-tmb, phpmyadmin, and thunderbird), Oracle (libssh2, libvirt, and python), Red Hat (libvirt and python), Scientific Linux (libvirt), Slackware (bind and mozilla), SUSE (enigmail), and Ubuntu (bind9, intel-microcode, mosquitto, postgresql-10, postgresql-11, and thunderbird).

[$] C, Fortran, and single-character strings

Thursday 20th of June 2019 03:16:53 PM
The calling interfaces between programming languages are, by their nature, ripe for misunderstandings; different languages can have subtly different ideas of how data should be passed around. Such misunderstandings often have the effect of making things break right away; these are quickly fixed. Others can persist for years or even decades before jumping out of the shadows and making things fail. A problem of the latter variety recently turned up in how some C programs are passing strings to Fortran subroutines, with unpleasant effects on widely used packages like LAPACK.

Kubernetes 1.15 released

Thursday 20th of June 2019 02:53:55 PM
The Kubernetes container orchestrator team has announced the release of Kubernetes 1.15; the main themes of this release are "extensibility and continuous improvement". One of the focus areas was on usability and lifecycle stability for clusters: "Work on making Kubernetes installation, upgrade and configuration even more robust has been a major focus for this cycle for SIG Cluster Lifecycle (see our last Community Update). Bug fixes across bare metal tooling and production-ready user stories, such as the high availability use cases have been given priority for 1.15. kubeadm, the cluster lifecycle building block, continues to receive features and stability work required for bootstrapping production clusters efficiently. kubeadm has promoted high availability (HA) capability to beta, allowing users to use the familiar kubeadm init and kubeadm join commands to configure and deploy an HA control plane. An entire new test suite has been created specifically for ensuring these features will stay stable over time." More information can be found in the release notes.

Security updates for Thursday

Thursday 20th of June 2019 01:06:39 PM
Security updates have been issued by Debian (firefox-esr, gvfs, intel-microcode, and python-urllib3), Fedora (advancecomp, firefox, freeradius, kubernetes, pam-u2f, and rubygem-jquery-ui-rails), openSUSE (elfutils and sssd), Red Hat (chromium-browser), SUSE (doxygen and samba), and Ubuntu (evince, firefox, Gunicorn, libvirt, and sqlite3).

[$] LWN.net Weekly Edition for June 20, 2019

Thursday 20th of June 2019 12:00:56 AM
The LWN.net Weekly Edition for June 20, 2019 is available.

[$] The TCP SACK panic

Wednesday 19th of June 2019 09:24:28 PM
Selective acknowledgment (SACK) is a technique used by TCP to help alleviate congestion that can arise due to the retransmission of dropped packets. It allows the endpoints to describe which pieces of the data they have received, so that only the missing pieces need to be retransmitted. However, a bug was recently found in the Linux implementation of SACK that allows remote attackers to panic the system by sending crafted SACK information.

Ubuntu dropping i386 support

Wednesday 19th of June 2019 09:14:59 PM
Starting with the upcoming "Eoan Ermine" (a.k.a. 19.10) release, the Ubuntu distribution will not support 32-bit x86 systems. "The Ubuntu engineering team has reviewed the facts before us and concluded that we should not continue to carry i386 forward as an architecture. Consequently, i386 will not be included as an architecture for the 19.10 release, and we will shortly begin the process of disabling it for the eoan series across Ubuntu infrastructure."

Alpine Linux 3.10.0 released

Wednesday 19th of June 2019 09:12:18 PM
Version 3.10.0 of the Alpine Linux distribution is out. It includes a switch to the iwd WiFi management daemon, support for the ceph filesystem, the lightdm display manager, and more.

[$] More frequent Python releases?

Wednesday 19th of June 2019 05:10:46 PM
Python has followed an 18-month release cycle for many years now; each new 3.x release comes at that frequency. It has worked well, overall, but there is interest in having a shorter cycle, which would mean that new features get into users' hands more quickly. But changing that longstanding cycle has implications in many different places, some of which have come up as part of a discussion on switching to a cycle of a different length.

Stable kernel updates

Wednesday 19th of June 2019 02:42:50 PM
Stable kernels 5.1.12, 4.19.53, and 4.14.128 have been released. They all contain important fixes and users should upgrade.

Security updates for Wednesday

Wednesday 19th of June 2019 02:33:05 PM
Security updates have been issued by Arch Linux (dbus, firefox, kernel, linux-lts, linux-zen, and python), CentOS (bind and kernel), Debian (firefox-esr, glib2.0, and vim), Fedora (dbus, kernel, kernel-headers, mingw-libxslt, poppler, and python-gnupg), openSUSE (gnome-shell, kernel, libcroco, php7, postgresql10, python, sssd, and thunderbird), Oracle (kernel and libvirt), Red Hat (go-toolset:rhel8, gvfs, java-11-openjdk, pki-deps:10.6, systemd, and WALinuxAgent), SUSE (docker, kernel, libvirt, openssl, openssl1, and python-Jinja2), and Ubuntu (samba).

[$] Rebasing and merging in kernel repositories

Tuesday 18th of June 2019 02:48:31 PM
Maintaining a subsystem, as a general rule, requires a familiarity with the Git source-code management system. Git is a powerful tool with a lot of features; as is often the case with such tools, there are right and wrong ways to use those features. This document looks in particular at the use of rebasing and merging. Maintainers often get in trouble when they use those tools incorrectly, but avoiding problems is not actually all that hard.

Security updates for Tuesday

Tuesday 18th of June 2019 02:20:28 PM
Security updates have been issued by Arch Linux (linux-hardened), Debian (kdepim, kernel, linux-4.9, and phpmyadmin), Fedora (ansible and glib2), openSUSE (kernel and vim), Oracle (bind and kernel), Red Hat (kernel and kernel-rt), Scientific Linux (bind and kernel), SUSE (dbus-1, ImageMagick, kernel, netpbm, openssh, and sqlite3), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon and linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial).

Stable kernel updates

Monday 17th of June 2019 08:19:00 PM
Stable kernels 5.1.11, 4.19.52, 4.14.127, 4.9.182, and 4.4.182 have been released. They all contain a relatively small set of important fixes; users should upgrade.

[$] CNCF outlines its technical oversight goals

Monday 17th of June 2019 08:16:44 PM
At KubeCon + CloudNativeCon Europe 2019 there was a public meeting of the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC); its members outlined the current state of the CNCF and where things are headed. What emerged was a picture of how the CNCF's governance is evolving as it brings in more projects, launches a new special interest group mechanism, and contemplates what to do with projects that go dormant.

More in Tux Machines

One Mix Yoga 3 mini laptop demostrated running Ubuntu

If you are in interested in seeing how the Ubuntu Linux operating system runs on the new One Mix Yoga 3 mini laptop. You are sure to be interested in the new video created by Brad Linder over at Liliputing. “ I posted some notes about what happened when I took Ubuntu 19.04 for a spin on the One Mix 3 Yoga in my first-look article, but plenty of folks who watched my first look video on YouTube asked for a video… so I made one of those too.” The creators of the One Mix Yoga 3 have made it fairly easy to boot an alternative operating system simply by plugging in a bootable flash drive or USB storage device. As the mini laptop is powering up simply hit the delete key and you will be presented by the BIOS/UEFI menu. Simply change the boot priority order so that the computer will boot from a USB device and you are in business. Read more

Security: Curl, Fedora, Windows and More

  • Daniel Stenberg: openssl engine code injection in curl

    This flaw is known as CVE-2019-5443. If you downloaded and installed a curl executable for Windows from the curl project before June 21st 2019, go get an updated one. Now.

  • Fedora's GRUB2 EFI Build To Offer Greater Security Options

    In addition to disabling root password-based SSH log-ins by default, another change being made to Fedora 31 in the name of greater security is adding some additional GRUB2 boot-loader modules to be built-in for their EFI boot-loader. GRUB2 security modules for verification, Cryptodisk, and LUKS will now be part of the default GRUB2 EFI build. They are being built-in now since those using the likes of UEFI SecureBoot aren't able to dynamically load these modules due to restrictions in place under SecureBoot. So until now using SecureBoot hasn't allowed users to enjoy encryption of the boot partition and the "verify" module with ensuring better integrity of the early boot-loader code.

  • Fedora 31 Will Finally Disable OpenSSH Root Password-Based Logins By Default

    Fedora 31 will harden up its default configuration by finally disabling password-based OpenSSH root log-ins, matching the upstream default of the past four years and behavior generally enforced by other Linux distributions. The default OpenSSH daemon configuration file will now respect upstream's default of prohibiting passwords for root log-ins. Those wishing to restore the old behavior of allowing root log-ins with a password can adjust their SSHD configuration file with the PermitRootLogin option, but users are encouraged to instead use a public-key for root log-ins that is more secure and will be permitted still by default.

  • Warning Issued For Millions Of Microsoft Windows 10 Users

    Picked up by Gizmodo, acclaimed Californian security company SafeBreach has revealed that software pre-installed on PCs has left “millions” of users exposed to hackers. Moreover, that estimate is conservative with the number realistically set to be hundreds of millions. The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them. What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer. What makes it so dangerous is PC-makers give Toolbox high-permission level access to all your computer’s hardware and software so it can be monitored. The software can even give itself new, higher permission levels as it deems necessary. So once malicious code is injected via Toolbox, it can do just about anything to your PC.

  • Update Your Dell Laptop Now to Fix a Critical Security Flaw in Pre-Installed Software

    SafeBreach Labs said it targeted SupportAssist, software pre-installed on most Dell PCs designed to check the health of the system’s hardware, based on the assumption that “such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation.” What the researchers found is that the application loads DLL files from a folder accessible to users, meaning the files can be replaced and used to load and execute a malicious payload. There are concerns the flaw may affect non-Dell PCs, as well. The affected module within SupportAssist is a version of PC-Doctor Toolbox found in a number of other applications, including: Corsair ONE Diagnostics, Corsair Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool, and Tobii Dynavox Diagnostic Tool. The most effective way to prevent DLL hijacking is to quickly apply patches from the vendor. To fix this bug, either allow automatic updates to do its job, or download the latest version of Dell SupportAssist for Business PCs (x86 or x64) or Home PCs (here). You can read a full version of the SafeBreach Labs report here.

  • TCP SACK PANIC Kernel Vulnerabilities Reported by Netflix Researchers

    On June 17th, Researchers at Netflix have identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

  • DNS Security - Getting it Right

    This paper addresses the privacy implications of two new Domain Name System (DNS) encryption protocols: DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). Each of these protocols provides a means to secure the transfer of data during Internet domain name lookup, and they prevent monitoring and abuse of user data in this process. DoT and DoH provide valuable new protection for users online. They add protection to one of the last remaining unencrypted ‘core’ technologies of the modern Internet, strengthen resistance to censorship and can be coupled with additional protections to provide full user anonymity. Whilst DoT and DoH appear to be a win for Internet users, however, they raise issues for network operators concerned with Internet security and operational efficiency. DoH in particular makes it extremely difficult for network operators to implement domain-specific filters or blocks, which may have a negative impact on UK government strategies for the Internet which rely on these. We hope that a shift to encrypted DNS will lead to decreased reliance on network-level filtering for censorship.

Drawpile 2.1.11 release

Version 2.1.11 is now out. In addition to bug fixes, this release adds one long awaited feature: the ability to detach the chat box into a separate window. Another important change is to the server. IP bans now only apply to guest users. When a user with a registered account is banned, the ban is applied to the account only. This is to combat false positives caused by many unrelated people sharing the same IP address because of NAT. Read more Also: Drawpile 2.1.11 Released! Allow to Detach Chat Box into Separate

Audiocasts/Shows: Going Linux, Linux Action News, TechSNAP, GNU World Order, Linux in the Ham Shack, Python Podcast

  • Going Linux #371 · Listener Feedback

    Bill continues his distro hopping. We discuss the history of Linux and a wall-mountable timeline. Troy gives feedback on Grub. Grubb give feedback on finding the right distribution. Highlander talks communication security and hidden files. Ro's Alienware computer won't boot. David provides liks to articles.

  • Linux Action News 111

    Ubuntu sets the Internet on fire, new Linux and FreeBSD vulnerabilities raise concern, while Mattermost raises $50M to compete with Slack. Plus we react to Facebook’s Libra confirmation and the end of Google tablets.
  • SACK Attack | TechSNAP 406

    A new vulnerability may be the next ‘Ping of Death’; we explore the details of SACK Panic and break down what you need to know. Plus Firefox zero days targeting Coinbase, the latest update on Rowhammer, and a few more reasons it’s a great time to be a ZFS user.

  • GNU World Order 13x26
  • LHS Episode #289: Linux Deep Dive

    Hello and welcome to Episode #289 of Linux in the Ham Shack. In this episode, LHS gets a visit from Jon "maddog" Hall, a legend in the open source and Linux communities. He discusses--well--Linux. Everything you ever wanted to know about Linux from its early macro computing roots all the way up to the present. If there's something you didn't know about Linux, you're going to find it here. Make sure to listen to the outtake after the outro for 30 more minutes on Linux you problem didn't know anything about. Thanks to Jon for an illuminating and fascinating episode.

  • Podcast.__init__: Behind The Scenes At The Python Software Foundation

    One of the secrets of the success of Python the language is the tireless efforts of the people who work with and for the Python Software Foundation. They have made it their mission to ensure the continued growth and success of the language and its community. In this episode Ewa Jodlowska, the executive director of the PSF, discusses the history of the foundation, the services and support that they provide to the community and language, and how you can help them succeed in their mission.