Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 5 hours 36 min ago

[$] Fighting Spectre with cache flushes

Monday 15th of October 2018 11:23:44 PM
One of the more difficult aspects of the Spectre hardware vulnerability is finding all of the locations in the code that might be exploitable. There are many locations that look vulnerable that aren't, and others that are exploitable without being obvious. It has long been clear that finding all of the exploitable spots is a long-term task, and keeping new ones from being introduced will not be easy. But there may be a simple technique that can block a large subset of the possible exploits with a minimal cost.

Security updates for Monday

Monday 15th of October 2018 02:47:00 PM
Security updates have been issued by Arch Linux (wireshark-cli), Debian (imagemagick, otrs2, tomcat7, and wireshark), Fedora (ca-certificates, dislocker, dolphin-emu, kernel-headers, kernel-tools, libgit2, mbedtls, mingw-openjpeg2, nekovm, openjpeg2, patch, strongswan, and thunderbird), Mageia (firefox, git, nextcloud, and texlive), Oracle (kernel and openssl), Scientific Linux (spamassassin), SUSE (libtirpc), and Ubuntu (requests).

Kernel prepatch 4.19-rc8

Monday 15th of October 2018 01:48:36 PM
As expected, the 4.19 development cycle has gone to 4.19-rc8. "Please go and test and ensure that all works well for you. Hopefully this should be the last -rc release."

A pile of weekend stable kernel updates

Saturday 13th of October 2018 04:24:11 PM
The 4.18.14, 4.14.76, 4.9.133, 4.4.161, and 3.18.124 stable kernels have all been released; each contains another pile of important fixes and updates.

[$] I/O scheduling for single-queue devices

Friday 12th of October 2018 05:03:33 PM
Block I/O performance can be one of the determining factors for the performance of a system as a whole, especially on systems with slower drives. The need to optimize I/O patterns has led to the development of a long series of I/O schedulers over the years; one of the most recent of those is BFQ, which was merged during the 4.12 development cycle. BFQ incorporates an impressive set of heuristics designed to improve interactive performance, but it has, thus far, seen relatively little uptake in deployed systems. An attempt to make BFQ the default I/O scheduler for some types of storage devices has raised some interesting questions, though, on how such decisions should be made.

Security updates for Friday

Friday 12th of October 2018 02:48:17 PM
Security updates have been issued by Debian (net-snmp), Fedora (php-horde-nag), openSUSE (git, java-1_8_0-openjdk, libxml2, mgetty, moinmoin-wiki, postgresql10, and soundtouch), Oracle (spamassassin), Red Hat (spamassassin), SUSE (apache2, axis, kernel, libX11 and libxcb, and texlive), and Ubuntu (clamav, git, and texlive-bin).

[$] OpenPGP signature spoofing using HTML

Thursday 11th of October 2018 04:58:10 PM

Beyond just encrypting messages, and thus providing secrecy, the OpenPGP standard also enables digitally signing messages to authenticate the sender. Email applications and plugins usually verify these signatures automatically and will show whether an email contains a valid signature. However, with a surprisingly simple attack, it's often possible to fool users by faking — or spoofing — the indication of a valid signature using HTML email.

Tutanota, the First Encrypted Email Service with an App on F-Droid (Linux Journal)

Thursday 11th of October 2018 03:26:31 PM
Here's a Linux Journal article from one of the creators of the Tutanota encrypted email client. "That's why we decided to build Tutanota: a secure email service that is so easy to use, everyone can send confidential email, not only the tech-savvy. The entire encryption process runs locally on users' devices, and it's fully automated. The automatic encryption also enabled us to build fully encrypted email apps for Android and iOS. Finally, end-to-end encrypted email is starting to become the standard: 58% of all email sent from Tutanota already are end-to-end encrypted, and the percentage is constantly rising."

Security updates for Thursday

Thursday 11th of October 2018 02:44:06 PM
Security updates have been issued by Debian (dnsruby, gnulib, and jekyll), Fedora (calamares, fawkes, git, kernel-headers, librime, and pdns), openSUSE (ImageMagick), Oracle (kernel), Scientific Linux (glusterfs, kernel, and nss), Slackware (git), SUSE (ImageMagick), and Ubuntu (tomcat7, tomcat8).

[$] Weekly Edition for October 11, 2018

Thursday 11th of October 2018 12:18:23 AM
The Weekly Edition for October 11, 2018 is available.

Control Flow Integrity in the Android kernel (Android Developers)

Wednesday 10th of October 2018 09:28:29 PM
The Android Developers Blog describes the control-flow integrity work that is shipping on the Pixel 3 handset. "LLVM's CFI implementation adds a check before each indirect branch to confirm that the target address points to a valid function with a correct signature. This prevents an indirect branch from jumping to an arbitrary code location and even limits the functions that can be called. As C compilers do not enforce similar restrictions on indirect branches, there were several CFI violations due to function type declaration mismatches even in the core kernel that we have addressed in our CFI patch sets for kernels 4.9 and 4.14."

[$] A status update for virgl

Wednesday 10th of October 2018 09:28:21 PM

At the 2018 X.Org Developers Conference, Elie Tournier gave an update on the state of the Virgil (or virgl) virtual 3D GPU for QEMU. He looked at the project's history along with what has happened with it over the last year or so. As is usual in a status update talk, he finished with some thoughts about future plans for virgl. For the last year, Tournier has been working on virgl for Collabora.

Microsoft joins Open Invention Network

Wednesday 10th of October 2018 03:53:20 PM
Microsoft has announced that it has joined the Open Invention Network (OIN). "We know Microsoft’s decision to join OIN may be viewed as surprising to some, as it is no secret that there has been friction in the past between Microsoft and the open source community over the issue of patents. For others who have followed our evolution as a company, we hope this will be viewed as the next logical step for a company that is listening to its customers and is firmly committed to Linux and other open source programs."

Stable kernel updates

Wednesday 10th of October 2018 02:52:23 PM
Stable kernels 4.18.13, 4.14.75, 4.9.132, and 4.4.160 have been released. They all contain important fixes throughout the tree and users should upgrade.

Security updates for Wednesday

Wednesday 10th of October 2018 02:45:06 PM
Security updates have been issued by Arch Linux (patch), CentOS (firefox, glusterfs, kernel, and nss), Debian (net-snmp), Oracle (firefox, glusterfs, kernel, and nss), Red Hat (glusterfs, kernel, and nss), Scientific Linux (firefox), SUSE (kernel), and Ubuntu (webkit2gtk).

[$] Advances in Mesa continuous integration

Tuesday 9th of October 2018 05:55:30 PM

Continuous integration (CI) has become increasingly prevalent in open-source projects over the last few years. Intel has been active in building CI systems for graphics, both for the kernel side and for the Mesa-based user-space side of the equation. Mark Janes and Clayton Craft gave a presentation on Intel's Mesa CI system at the 2018 X.Org Developers Conference (XDC), which was held in A Coruña, Spain in late September. The Mesa CI system is one of the earliest successful CI initiatives in open source that he knows of, Janes said. It is a core component of Mesa development, especially at Intel.

Gregg: bpftrace (DTrace 2.0) for Linux 2018

Tuesday 9th of October 2018 03:41:31 PM
Brendan Gregg introduces the bpftrace tracing tool. "bpftrace was created as an even higher-level front end for custom ad-hoc tracing, and can serve a similar role as DTrace. We've been adding bpftrace features as we need them, not just because DTrace had them. I can think of over a dozen things that DTrace can do that bpftrace currently cannot, including custom aggregation printing, shell arguments, translators, sizeof(), speculative tracing, and forced panics."

Security updates for Tuesday

Tuesday 9th of October 2018 02:43:03 PM
Security updates have been issued by Arch Linux (git), Debian (kernel, samba, and tinc), Fedora (kernel-headers), Oracle (firefox), Red Hat (firefox and qemu-kvm-rhev), Scientific Linux (firefox), SUSE (java-1_8_0-ibm, kubernetes-salt, velum, libxml2, and postgresql10), and Ubuntu (libxkbcommon).

[$] The modernization of PCIe hotplug in Linux

Monday 8th of October 2018 10:52:57 PM
PCI Express hotplug has been supported in Linux for fourteen years. The code, which is aging, is currently undergoing a transformation to fit the needs of contemporary applications such as hot-swappable flash drives in data centers and power-manageable Thunderbolt controllers in laptops. Time for a roundup.

Amit: How new-lines affect the Linux kernel performance

Monday 8th of October 2018 04:53:01 PM
Nadav Amit decided to dig into why some small kernel functions were not being inlined by GCC; the result is a detailed investigation into how these things can go wrong. "Ignoring the assembly shenanigans that this code uses, we can see that in practice it generates a single ud2 instruction. However, the compiler considers this code to be 'big' and consequently oftentimes does not inline functions that use WARN() or similar functions. The reason turns to be the newline characters (marked as '\n' above). The kernel compiler, GCC, is unaware to the code size that will be generated by the inline assembly. It therefore tries to estimate its size based on newline characters and statement separators (';' on x86)."

More in Tux Machines

Ubuntu: Eurotech, LogMeIn Snap and Ubuntu Weekly Newsletter Issue 549

  • Canonical collaborates with Eurotech on edge computing solutions
    Coinciding with IoT World Solutions Congress in Barcelona this week, Canonical is pleased to announce a dual-pronged technological partnership with Eurotech to help organisations advance their internet of things enablement. Eurotech is a long time leader in embedded computing hardware as well as providing software solutions to aid enterprises to deliver their IoT projects either end to end or by providing intervening building blocks. As part of the partnership, Canonical has published a Snap for the Eclipse Kura project – the popular, open-source Java-based IoT edge framework. Having Kura available as a Snap – the universal Linux application packaging format – will enable a wider availability of Linux users across multiple distributions to take advantage of the framework and ensure it is supported on more hardware. Snap support will also extend on Eurotech’s commercially supported version; the Everywhere Software Framework (ESF). By installing Kura as a Snap on a device, users will benefit with automatic updates to ensure they are always working from the latest version while with the reassurance of a secure, confined environment.
  • Self-containing dependencies LogMeIn to publish their first Snap
  • Ubuntu Weekly Newsletter Issue 549
    Welcome to the Ubuntu Weekly Newsletter, Issue 549 for the week of October 7 – 13, 2018.

today's howtos

Fedora: Flock, Flatpaks, Fedora/RISC-V and More

  • CommOps takeaways from Flock 2018
    The annual Fedora contributor conference, Flock, took place from August 8-11, 2018. Several members of the Community Operations (CommOps) team were present for the conference. We also held a half-day team sprint for team members and interested people to participate and share feedback with the team.
  • Flatpaks, sandboxes and security
    Last week the Flatpak community woke to the “news” that we are making the world a less secure place and we need to rethink what we’re doing. Personally, I’m not sure this is a fair assessment of the situation. The “tl;dr” summary is: Flatpak confers many benefits besides the sandboxing, and even looking just at the sandboxing, improving app security is a huge problem space and so is a work in progress across multiple upstream projects. Much of what has been achieved so far already delivers incremental improvements in security, and we’re making solid progress on the wider app distribution and portability problem space. Sandboxing, like security in general, isn’t a binary thing – you can’t just say because you have a sandbox, you have 100% security. Like having two locks on your front door, two front doors, or locks on your windows too, sensible security is about defense in depth. Each barrier that you implement precludes some invalid or possibly malicious behaviour. You hope that in total, all of these barriers would prevent anything bad, but you can never really guarantee this – it’s about multiplying together probabilities to get a smaller number. A computer which is switched off, in a locked faraday cage, with no connectivity, is perfectly secure – but it’s also perfectly useless because you cannot actually use it. Sandboxing is very much the same – whilst you could easily take systemd-nspawn, Docker or any other container technology of choice and 100% lock down a desktop app, you wouldn’t be able to interact with it at all.
  • Fedora/RISC-V now mirrored as a Fedora “alternative” architecture
  • PSA: System update fails when trying to remove rtkit-0.11-19.fc29

GNU Guile and FSF Forum

  • GNU Guile 2.9.1 beta released JIT native code generation to speed up all Guile programs
    GNU released Guile 2.9.1 beta of the extension language for the GNU project. It is the first pre-release leading up to the 3.0 release series. In comparison to the current stable series, 2.2.x, Guile 2.9.1 brings support for just-in-time native code generation to speed up all Guile programs.
  • [FSF] Introducing our new associate member forum!
    I'm excited to share that we've launched a new forum for our associate members. We hope that you find this forum to be a great place to share your experiences and perspectives surrounding free software and to forge new bonds with the free software community. If you're a member of the FSF, head on over to to get started. You'll be able to log in using the Central Authentication Service (CAS) account that you used to create your membership. (Until we get WebLabels working for the site, you'll have to whitelist its JavaScript in order to log in and use it, but rest assured that all of the JavaScript is free software, and a link to all source code can be found in the footer of the site.) Participation in this forum is just one of many benefits of being an FSF member – if you're not a member yet, we encourage you to join today, for as little as $10 per month, or $5 per month for students. The purpose of this member forum is to provide a space where members can meet, communicate, and collaborate with each other about free software, using free software. While there are other places on the Internet to talk about free software, this forum is unique in that it is focused on the common interests of FSF members, who care very much about using, promoting, and creating free software. The forum software we chose to use is Discourse.