LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Updated: 4 hours 35 min ago
Stable kernel 3.18.50
has been released
with many important fixes. Users should upgrade.
Security updates have been issued by Arch Linux (firefox and weechat), Debian (chicken, firefox-esr, libcroco, libreoffice, and tiff), Fedora (backintime, bind, firefox, libarchive, libnl3, pcre2, php-pear-CAS, and python-django), Mageia (icu and proftpd), openSUSE (mozilla-nss and wireshark), Red Hat (java-1.6.0-sun, java-1.7.0-oracle, and java-1.8.0-oracle), Scientific Linux (firefox and java-1.8.0-openjdk), Slackware (mozilla, ntp, and proftpd), and Ubuntu (firefox).
The openSUSE project has announced that the release following openSUSE Leap
42 will be called openSUSE Leap 15. "SUSE have decided that their next version of SLE will be 15, not 13.
Upon learning of SUSE's plans the Board and Leap release team have
been considering our options.
This included ignoring the changes to SLE and releasing Leap 43 as
planned, at the cost of the link between SLE versions and Leap
45 was also considered, as were some frankly hilarious ideas that made
me worry about my own sanity and that of my fellow contributors.
After considering the pros and cons of all the options however, the
decision has been that Leap 15 will be our next version."
Linus has released 4.11-rc8
instead of the
expected 4.11 final. "So originally I was just planning on releasing the final 4.11 today,
but while we didn't have a *lot* of changes the last week, we had a
couple of really annoying ones, so I'm doing another rc release
instead. I did get fixes for the issues that popped up, so I could
have released 4.11 as-is, but it just doesn't feel right."
Over at Opensource.com, Rich Bowen looks
at some of the new features in OpenStack Ocata, which was released
back in February.
"First, it's important to remember that the Ocata cycle was very short. We usually do a release every six months, but with the rescheduling of the OpenStack Summit and OpenStack PTG (Project Team Gathering) events, Ocata was squeezed into 4 months to realign the releases with these events. So, while some projects squeezed a surprising amount of work into that time, most projects spent the time on smaller features and finishing up tasks leftover from the previous release.
At a high level, the Ocata release was all about upgrades and containers, themes that I heard from almost every team I interviewed
. Developers spoke of how we can make upgrades smoother, and how we can deploy bits of the infrastructure in containers. These two things are closely related, and there seems to be more cross-project collaboration this time around than I've noticed in the past."
, and 4.4.63
stable kernels have been released.
Users of those series should upgrade.
Security updates have been issued by CentOS (bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Debian (icedove), Fedora (jenkins-xstream and xstream), Mageia (chromium-browser-stable, flash-player-plugin, gimp, and wireshark), openSUSE (gstreamer-0_10-plugins-base), Oracle (bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Red Hat (firefox and java-1.8.0-openjdk), Scientific Linux (bind, firefox, nss and nss-util, and nss-util), SUSE (xen), and Ubuntu (bind9, curl, freetype, and qemu).
describing how the Python global interpreter
lock works and some nuances of writing threaded Python code.
"Although the GIL does not excuse us from the need for locks, it does
mean there is no need for fine-grained locking. In a free-threaded language
like Java, programmers make an effort to lock shared data for the shortest
time possible, to reduce thread contention and allow maximum
parallelism. Because threads cannot run Python in parallel, however,
there's no advantage to fine-grained locking. So long as no thread holds a
lock while it sleeps, does I/O, or some other GIL-dropping operation, you
should use the coarsest, simplest locks possible."
The scheduler is a topic of keen interest for the desktop user;
the scheduling algorithm partially determines the responsiveness of
the Linux desktop as a whole. Con Kolivas maintains a series of scheduler patch sets
that he has tuned considerably over the years for his own use, focusing
primarily on latency reduction for a better desktop experience. In
early October 2016
, Kolivas updated the design of his popular desktop
scheduler patch set, which he renamed MuQSS. It is an update (and a name
change) from his previous scheduler, BFS, and it is designed to address
scalability concerns that BFS had with an increasing number of CPUs.
Security updates have been issued by Arch Linux (chromium and nss), CentOS (bind and qemu-kvm), Debian (firefox-esr, ghostscript, hunspell-en-us, and uzbek-wordlist), Fedora (php-onelogin-php-saml), openSUSE (bind, gstreamer-plugins-good, and xen), Red Hat (bind, firefox, nss, nss and nss-util, and nss-util), and SUSE (ruby2.1).
The LWN.net Weekly Edition for April 20, 2017 is available.
Linux usage in networking hardware has been on the rise for some
time. During the latest Netdev
held in Montreal this April, people talked seriously about
Linux running on high end, "top of rack" (TOR) networking equipment. Those
devices have long been the realm of proprietary hardware and software
companies like Cisco or Juniper, but Linux seems to be making some
significant headway into the domain. Are we really seeing
the rise of Linux in high-end networking hardware?
Mozilla has released Firefox 53.0. From the release
: "Today's Firefox release makes Firefox faster and more
stable with a separate process for graphics compositing (the Quantum
Compositor). Compact themes and tabs save screen real estate, and the
redesigned permissions notification improves usability. Learn more on the Mozilla Blog
Linus Torvalds recently let it be known
that the 4.11-rc7 kernel prepatch had a good chance of being the last for
this development series. So the time has come to look at this development
cycle and the contributors who made it happen.
Security updates have been issued by CentOS (libreoffice), Debian (icedove, icu, and imagemagick), Fedora (bind, bind99, ghostscript, libxml2, ming, ntp, proftpd, and qemu), Oracle (bind and libreoffice), Red Hat (bind, qemu-kvm, and qemu-kvm-rhev), Scientific Linux (bind, libreoffice, and qemu-kvm), Slackware (minicom), and SUSE (xen).
Every conference venue has problems with the mix of room sizes, but
I don't recall ever going to a talk that so badly needed to be in a
bigger room as Jessie Frazelle and Alex Mohr's talk
at CloudNativeCon/KubeCon Europe 2017
on securing Kubernetes.
The cause of the enthusiasm
was the opportunity to get "best practice" information on securing
Kubernetes, and how Kubernetes might be evolving to assist with this,
directly from the source.
The xda-developers blog looks
Project Halium. "This open-source project is trying to pool
developers from Ubuntu Touch ports, Sailfish OS community developers, the
open webOS Lune OS project, and KDE Plasma Mobile contributors, among other
developers (Jolla, we suspect) to put an end to the fragmentation seen in
their respective project’s lower-level base. Currently, Ubuntu Touch,
Sailfish OS/Mer, Plasma Mobile, and others use different Android source
trees and methods for differently-built stacks. This leads to a lot of
fragmentation among the most popular non-Android, GNU/Linux-based mobile OS
projects in their use of the Android source tree, how the Android init is
started, and how images are flashed to the device. Many of these projects
essentially do the same job, but in a different way." The goal of
Halium is to work towards a common Linux base, which can be used by
all of these different projects.
The Docker blog introduces
the Moby Project, which aims to advance the software containerization
movement. "It provides a “Lego set” of dozens of components, a framework for assembling them into custom container-based systems, and a place for all container enthusiasts to experiment and exchange ideas. Think of Moby as the “Lego Club” of container systems."
Security updates have been issued by Debian (feh, freetype, and radare2), Fedora (kernel and libsndfile), openSUSE (audiofile, dracut, gstreamer, gstreamer-plugins-bad, jasper, libpng15, proftpd, and tigervnc), Oracle (qemu-kvm), Red Hat (kernel, libreoffice, and qemu-kvm-rhev), and SUSE (bind and tiff).
stable kernel updates are
available. For those who are surprised to see a 3.18 update after that
series was declared end-of-life, Greg Kroah-Hartman explains it this way
"3.18? Wasn't that kernel dead and forgotten and left to
rot on the side of the road? Yes, it was, but unfortunately, there's a
few million or so devices out there in the wild that still rely on this
kernel. Now, some of their manufacturers and SoC vendors might not be
keeping their kernels up to date very well, but some do actually care
about security and their users, so this release is for them. If you
happen to have a vendor that does not care about their users, go
complain, as odds are, your device is very insecure right now..."