Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 1 hour 40 min ago

[$] Bye-bye bdflush()

Monday 5th of July 2021 03:09:39 PM
The addition of system calls to the Linux kernel is a routine affair; it happens during almost every merge window. The removal of system calls, instead, is much more uncommon. That appears likely to happen soon, though, as discussions proceed on the removal of bdflush(). Read on for a look at the purpose and history of this obscure system call and to learn whether you will miss it (you won't).

Security updates for Monday

Monday 5th of July 2021 03:03:41 PM
Security updates have been issued by Arch Linux (electron11, electron12, istio, jenkins, libtpms, mediawiki, mruby, opera, puppet, and python-fastapi), Debian (djvulibre and openexr), Fedora (dovecot, libtpms, nginx, and php-league-flysystem), Gentoo (corosync, freeimage, graphviz, and libqb), Mageia (busybox, file-roller, live, networkmanager, and php), openSUSE (clamav-database, lua53, and roundcubemail), Oracle (389-ds:1.4, kernel, libxml2, python38:3.8 and python38-devel:3.8, and ruby:2.5), and SUSE (crmsh, djvulibre, python-py, and python-rsa).

Darktable 3.6 released

Monday 5th of July 2021 01:32:47 PM
Version 3.6 of the Darktable raw photo editor has been released. "The darktable team is proud to announce our second summer feature release, darktable 3.6. Merry (summer) Christmas! This is the first of two releases this year and, from here on, we intend to issue two new feature releases each year, around the summer and winter solstices." The list of new features is long, including a new color-balance module, a "censorize" module for partial pixelization of images, a new demosaic algorithm, and more.

[$] The first half of the 5.14 merge window

Friday 2nd of July 2021 01:58:53 PM
As of this writing, just under 5,000 non-merge changesets have been pulled into the mainline repository for the 5.14 development cycle. That is less than half of the patches that have been queued up in linux-next, so it is fair to say that this merge window is getting off to a bit of a slow start. Nonetheless, a fair number of significant changes have been merged.

Security updates for Friday

Friday 2nd of July 2021 01:51:48 PM
Security updates have been issued by Fedora (ansible and seamonkey), openSUSE (go1.15 and opera), Oracle (kernel and microcode_ctl), and Red Hat (go-toolset-1.15 and go-toolset-1.15-golang).

Kuhn: It Matters Who Owns Your Copylefted Copyrights

Thursday 1st of July 2021 05:25:34 PM
Bradley Kuhn has posted a lengthy missive on the Software Freedom Conservancy blog about the hazards of distributed copyright ownership.

As a result, in debates about copyright ownership, discussions of what policy contributors want regarding the fruits of their labor is sadly moot. Without a clear, organized mitigation strategy to assure that FOSS contributors keep their own copyrights, a project (such as GCC or glibc) that switches from a standing “(nearly) all copyrights assigned to a charity” model to a plain Developer Certificate of Origin (DCO) or naked inbound=outbound contributor arrangement will, after a period of years, mostly likely to have copyrights that are primarily held by the employers of the most prolific contributors, rather than by the contributors themselves.

[$] Core scheduling lands in 5.14

Thursday 1st of July 2021 03:25:45 PM
The core scheduling feature has been under discussion for over three years. For those who need it, the wait is over at last; core scheduling was merged for the 5.14 kernel release. Now that this work has reached a (presumably) final form, a look at why this feature makes sense and how it works is warranted. Core scheduling is not for everybody, but it may prove to be quite useful for some user communities.

Security updates for Thursday

Thursday 1st of July 2021 12:16:46 PM
Security updates have been issued by Debian (htmldoc, ipmitool, and node-bl), Fedora (libgcrypt and libtpms), Mageia (dhcp, glibc, p7zip, sqlite3, systemd, and thunar), openSUSE (arpwatch, go1.15, and kernel), SUSE (curl, dbus-1, go1.15, and qemu), and Ubuntu (xorg-server).

[$] Weekly Edition for July 1, 2021

Thursday 1st of July 2021 01:00:47 AM
The Weekly Edition for July 1, 2021 is available.

[$] Mozilla Rally: trading privacy for the "public good"

Wednesday 30th of June 2021 10:35:38 PM
A new project from Mozilla, which is meant to help researchers collect browsing data, but only with the informed consent of the browser-user, is taking a lot of heat, perhaps in part because the company can never seem to do anything right, at least in the eyes of some. Mozilla Rally was announced on June 25 as joint venture between the company and researchers at Princeton University "to enable crowdsourced science for public good". The idea is that users can volunteer to give academic studies access to the same kinds of browser data that is being tracked in some browsers today. Whether the privacy safeguards are strong enough—and if there is sufficient reason for users to sign up—remains to be seen.

A set of stable kernels

Wednesday 30th of June 2021 03:40:39 PM
Stable kernels 5.12.14, 5.10.47, 5.4.129, 4.19.196, 4.14.238, 4.9.274, and 4.4.274 have been released. They all contain important fixes and users should upgrade.

Security updates for Wednesday

Wednesday 30th of June 2021 03:30:44 PM
Security updates have been issued by Debian (fluidsynth), Fedora (libgcrypt and tpm2-tools), Mageia (nettle, nginx, openvpn, and re2c), openSUSE (kernel, roundcubemail, and tor), Oracle (edk2, lz4, and rpm), Red Hat (389-ds:1.4, edk2, fwupd, kernel, kernel-rt, libxml2, lz4, python38:3.8 and python38-devel:3.8, rpm, ruby:2.5, ruby:2.6, and ruby:2.7), and SUSE (kernel and lua53).

An EPYC escape: Case-study of a KVM breakout (Project Zero blog)

Wednesday 30th of June 2021 12:54:13 AM
Over at the Project Zero blog, Felix Wilhelm posted a lengthy account of a vulnerability he found in the Linux kernel's KVM (Kernel-based virtual machine) subsystem: In this blog post I describe a vulnerability in KVM’s AMD-specific code and discuss how this bug can be turned into a full virtual machine escape. To the best of my knowledge, this is the first public writeup of a KVM guest-to-host breakout that does not rely on bugs in user space components such as QEMU. The discussed bug was assigned CVE-2021-29657, affects kernel versions v5.10-rc1 to v5.12-rc6 and was patched at the end of March 2021. As the bug only became exploitable in v5.10 and was discovered roughly 5 months later, most real world deployments of KVM should not be affected. I still think the issue is an interesting case study in the work required to build a stable guest-to-host escape against KVM and hope that this writeup can strengthen the case that hypervisor compromises are not only theoretical issues.

[$] An unpleasant surprise for My Book Live owners

Tuesday 29th of June 2021 11:43:31 PM
Embedded devices need regular software updates in order to even be minimally safe on today's internet. Products that have reached their "end of life", thus are no longer being updated, are essentially ticking time bombs—it is only a matter of time before they are vulnerable to attack. That situation played out in June for owners of Western Digital (WD) My Book Live network-attached storage (NAS) devices; what was meant to be a disk for home users accessible via the internet turned into a black hole when a remote command-execution flaw was used to delete all of the data stored there. Or so it seemed at first.

Security updates for Tuesday

Tuesday 29th of June 2021 03:00:28 PM
Security updates have been issued by Debian (klibc and libjdom2-java), Mageia (bash, glibc, gnutls, java-openjdk, kernel, kernel-linus, leptonica, libgcrypt, openjpeg2, tor, and trousers), openSUSE (bouncycastle, chromium, go1.16, and kernel), Oracle (docker-engine docker-cli and qemu), Red Hat (kpatch-patch), and SUSE (arpwatch, go1.16, kernel, libsolv, microcode_ctl, and python-urllib3, python-requests).

The first ever KernelCI hackfest

Monday 28th of June 2021 10:30:07 PM
The KernelCI continuous-integration project held its first hackfest recently. Developers from the KernelCI team, Google, and Collabora worked to improve many different aspects of KernelCI testing capabilities. There are plans for more hackfests. The first-ever KernelCI hackfest was a success. It kicked off the work to enable kernel testing through Chromium OS, a product-specific userspace. Enabling full userspace images and real-world tests like video call simulations adds a lot of complexity to the testing process. However, the benefits are a clear win for the community. They allow a more thorough kernel testing and validation through real application use cases, which can exercise several different kernel areas at the same time in an organized manner. Generally, it is not simple for lower-level kernel test suites like kselftests or LTP to orchestrate a similar use case.

[$] Some 5.13 development statistics

Monday 28th of June 2021 06:13:57 PM
As expected, the 5.13 development cycle turned out to be a busy one, with 16,030 non-merge changesets being pulled into the mainline over a period of nine weeks. The 5.13 release happened on June 27, meaning that it must be time for our traditional look at the provenance of the code that was merged for this kernel.

Security updates for Monday

Monday 28th of June 2021 03:10:57 PM
Security updates have been issued by Debian (bluez, intel-microcode, tiff, and xmlbeans), Fedora (openssh and php-phpmailer6), openSUSE (freeradius-server, java-1_8_0-openjdk, live555, openexr, roundcubemail, tor, and tpm2.0-tools), SUSE (bouncycastle and zziplib), and Ubuntu (linux-kvm and thunderbird).

The 5.13 kernel has been released

Sunday 27th of June 2021 10:52:38 PM
Linus has released the 5.13 kernel.

Of course, if the last week was small and calm, 5.13 overall is actually fairly large. In fact, it's one of the bigger 5.x releases, with over 16k commits (over 17k if you count merges), from over 2k developers. But it's a 'big all over' kind of thing, not something particular that stands out as particularly unusual.

Headline features in this release include the "misc" group controller, multiple sources for trusted keys, kernel stack randomization on every system call, support for Clang control-flow integrity enforcement, the ability to call kernel functions directly from BPF programs, minor-fault handling for userfaultfd(), the removal of /dev/kmem, the Landlock security module, and, of course, thousands of cleanups and fixes.

Take control over your data with Rally, a novel privacy-first data sharing platform (Mozilla blog)

Friday 25th of June 2021 06:02:07 PM
Over on the Mozilla blog, the company has announced a new platform, Mozilla Rally, that "puts users in control of their data and empowers them to contribute their browsing data to crowdfund projects for a better Internet and a better society". Rally comes out of work that Mozilla did with Professor Jonathan Mayer's research group at Princeton University . Your data is valuable. But for too long, online services have pilfered, swapped, and exploited your data without your awareness. Privacy violations and filter bubbles are all consequences of a surveillance data economy. But what if, instead of companies taking your data without giving you a say, you could select who gets access to your data and put it to work for public good?

[...] By leveraging the scale of web browsers – a piece of software used by billions of people around the world – Rally has the potential to help address societal problems we could not solve before. Our goal is to demonstrate that there is a case for an equitable market for data, one where every party is treated fairly, and we welcome mission-aligned organizations that want to join us on this journey.

More in Tux Machines

Programming Leftovers

  • ThreatMapper: Open source platform for scanning runtime environments - Help Net Security

    Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments.

  • Josef Strzibny: Organizing business logic in Rails with contexts

    Rails programmers have almost always tried to figure out the golden approach to business logic in their applications. From getting better at object-oriented design, to service objects, all the way to entirely new ideas like Trailblazer or leaving Active Record altogether. Here’s one more design approach that’s clean yet railsy.

  • Status update, October 2021

    On this dreary morning here in Amsterdam, I’ve made my cup of coffee and snuggled my cat, and so I’m pleased to share some FOSS news with you. Some cool news today! We’re preparing for a new core product launch at, cool updates for our secret programming language, plus news for visurf. Simon Ser has been hard at work on expanding his soju and gamja projects for the purpose of creating a new core sourcehut product: We’re rolling this out in a private beta at first, to seek a fuller understanding of the system’s performance characteristics, to make sure everything is well-tested and reliable, and to make plans for scaling, maintenance, and general availability. In short, is a hosted IRC bouncer which is being made available to all paid users, and a kind of webchat gateway which will be offered to unpaid and anonymous users. I’m pretty excited about it, and looking forward to posting a more detailed announcement in a couple of weeks. In other sourcehut news, work on GraphQL continues, with landing and’s writable API in progress. Our programming langauge project grew some interesting features this month as well, the most notable of which is probably reflection. I wrote an earlier blog post which goes over this in some detail. There’s also ongoing work to develop the standard library’s time and date support, riscv64 support is essentially done, and we’ve overhauled the grammar for switch and match statements to reduce a level of indentation for typical code. In the coming weeks, I hope to see date/time support and reflection fleshed out much more, and to see some more development on the self-hosted compiler. [...] The goal of this project is to provide a conservative CSS toolkit which allows you to build web interfaces which are compatible with marginalized browsers like Netsurf and Lynx.

  • Monthly Report - September

    The month of September is very special to me personaly. Why? Well, I got married in the very same month 18 years ago. The best part is, I choose the day 11 to get married. I have never missed my wedding anniversary, thanks to all the TV news channel.

  • My Favorite Warnings: uninitialized | Tom Wyant []

    This warning was touched on in A Belated Introduction, but I thought it deserved its own entry. When a Perl scalar comes into being, be it an actual scalar variable or an array or hash entry, its value is undef. Now, the results of operating on an undef value are perfectly well-defined: in a nuneric context it is 0, in a string context it is '', and in a Boolean context it is false. The thing is, if you actually operate on such a value, did you mean to do it, or did you forget to initialize something, or initialize the wrong thing, or operate on the wrong thing? Because of the latter possibilities Perl will warn about such operations if the uninitialized warning is enabled.

today's leftovers

  • CutefishOS Built on Ubuntu Run Through - Invidious

    In this video, we are looking at CutefishOS Built on Ubuntu.

  • CutefishOS Built on Ubuntu

    Today we are looking at CutefishOS Built on Ubuntu. It comes with Linux Kernel 5.11, based on Ubuntu 21.10, and uses about 900MB of ram when idling. Enjoy!

  • Google adds VM support to Anthos, admits not everyone is ready for containerised everything [Ed: Kubernetes becoming increasingly just an openwashing shim for proprietary software with back doors]

    Google has added support for workloads running in virtual machines to its Anthos hybrid Kubernetes platform. "While we have seen many customers make the leap to containerization, some are not quite ready to move completely off of virtual machines," wrote Google Application Modernization Platform vice-presidents Jeff Reed and Chen Goldberg. "They want a unified development platform where developers can build, modify, and deploy applications residing in both containers and VMs in a common, shared environment," the pair added.

  • The Dell Inspiron 15 3501 supports Linux

    With the Inspiron 15 3501, Dell has a 15.6-inch office laptop in its lineup with its technology housed in a slim, matte-black plastic case. The chassis lacks stability: The lid and the base unit in particular can be twisted a bit too much. The matte display (Full HD, IPS) offers stable viewing angles, good contrast, and decent color reproduction. However, the brightness and color-space coverage are too low. The built-in combination of the Core i7-1165G7 processor, 16 GB of RAM (dual-channel mode), and a 512 GB NVMe SSD (M.2 2230) equips the laptop for office and Internet applications. If the storage space isn't enough, an additional 2.5-inch storage drive can be installed. You can also replace or expand the RAM.

  • Linux Foundation raises USD 10 mln to secure software supply chain
  • ISO establishes SBOM standard for open source development with SPDX

    You’re not getting attention because of your choice of text editor or the number of spaces you use to indent code blocks. However motivating those preferences are for you and me, the non-technical world sees them as private choices. You find your code in the headlines for a different and unpleasant reason: open source dependency management.

  • Printed Piano Mechanism Sure Is Grand | Hackaday

    Do you know how a piano works? Sure, you press a key and a hammer strikes a string, but what are the finer points of this operation? The intricacy of the ingenious mechanism is laid bare in [Mechanistic]’s 3D-printed scale model of a small section of the grand piano keyboard. The ‘grand’ distinction here is piano length-agnostic and simply refers to any non-upright. Those operate the same way, but are laid out differently in order to save space.

  • FPGA Boards Add VGA And HMDI Interfaces To The Original Game Boy | Hackaday

    The classic Game Boy remains a firm favorite in the realm of retrocomputing. Revolutionary as it was at the time, by today’s standards its display is rather primitive, with no backlight and a usable area measuring only 47 mm x 44 mm. [Martoni] figured out a way to solve this, by developing GbVGA and GbHdmi, two projects that enable the Game Boy to connect to an external monitor. This way, you can play Super Mario Land without straining your eyes, and we can also image potential uses for those who stream their gameplay online.

  • Art Project Fast And Fouriously Transforms Audio Into Eye Candy | Hackaday

    The overall build is relatively simple. Audio is acquired via a line-in jack or a microphone, and then piped into an ESP32. The ESP32 runs the audio through the FFT routine, sampling, slicing, and dicing the audio into 16 individual bands. The visual output is displayed on a 16 x 16 WS2812 Led Matrix. [mircemk] wrote several routines for displaying the incoming audio, with a waterfall, a graph, and other visualizations that are quit aesthetically pleasing. Some of them are downright mesmerizing! You can see the results in the video below the break.

IBM/Red Hat Leftovers

  • Reach your open source community with content marketing [Ed: IBM has totally lost direction; this is how they think of Free software...]

    Both startups and more established firms are increasingly turning to content marketing as a way of reaching prospective customers. However, corporate marketers often consider the open source software (OSS) community a challenge to reach. This article features ways your technology and content marketing teams can work together to target and reach the community around an OSS project your organization supports.

  • Why digital transformation demands a change in leadership mindset

    Recently a key retail executive forecast that their industry will change more in the next five years than it has in the past fifty. Another executive believes society will change more in the next fifty years than it has in the last three hundred. A recent headline declared that, “We are approaching the fastest, deepest, most consequential technological disruption in history”, and Ray Kurzweil, Google’s Director of Engineering and co-Founder of Singularity University, has said that there will be fourteen internet size revolutions in the next decade. Whichever way you look at it, things are shifting… fast. When you speak with the visionaries and entrepreneurs actually building the solutions of tomorrow, from on-demand retail to vertical farms, and ask how far into this new era we are, almost universally the reply is: “only one percent”. Imagine then, where we will be ten years from now? How about 50? Major industries, from medicine to energy to travel to entertainment, are radically transforming, putting pressure on others such as manufacturing, construction, transportation, finance, education…frankly, all of it. What an extraordinary opportunity this presents.

  • DevSecOps lessons learned during a pandemic | The Enterprisers Project

    As we’ve seen over the past year and a half, the pandemic has accelerated digital transformation and forever changed workplace culture. Increased reliance on digital tools has elevated the value of DevSecOps, as enterprises of all sizes and across all industries realize the importance of automating and integrating security at every phase of the software development lifecycle – from initial design through integration, testing, deployment, and product delivery. My engineering team was no exception to this shift – we had to quickly prepare to build a new Virtana SaaS platform and deliver several new modules, all while working remotely. Here I’ll share some observations, pain points, and lessons learned to help others intelligently embrace DevSecOps best practices within their teams.

Security Leftovers

  • White House ransomware summit calls for virtual asset crackdown, without mentioning cryptocurrency [Ed: They need to crack down on Microsoft Windows, instead; they use their NSA back doors as a ruse to protect big banks. Microsoft has infiltrated think tanks about ransomware, so now instead of tackling the security breaches themselves (which can lead to sabotage or worse) they treat it like a financial transaction issue.]

    The 30-nation gabfest convened under the auspices of the US National Security Council’s Counter-Ransomware Initiative has ended with agreement that increased regulation of virtual assets is required to curb the digital coins' allure to criminals. A joint statement issued after the event's conclusion opens with anodyne observations about the need for good infosec, international collaboration, and the benefits of private sector engagement. The first mention of concrete action comes in a section of the statement entitled "Countering Illicit Finance" – and while the document never mentions cryptocurrencies, it's plain they're a target. "Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks posed by all value transfer systems, including virtual assets, the primary instrument criminals use for ransomware payments and subsequent money laundering."

  • Thingiverse suffers breach of 228,000 email addresses • The Register

    Thingiverse, a site that hosts free-to-use 3D printer designs, has suffered a data breach – and at least 228,000 unlucky users' email addresses have been circulating on black-hat crime forums. News of the breach came from Have I Been Pwned (HIBP), whose maintainer Troy Hunt uploaded the 228,000 breached email addresses to the site after being tipped off to their circulation on the forums. Hunt claimed on Twitter that in excess of two million addresses were in the breach. He qualified that by saying the majority were email addresses that appeared to be generated by Thingiverse itself, judging from their format: webdev+$username@makerbot[.]com. HIBP's maintainer also claimed that some of the data included poorly encrypted passwords: one he highlighted was an unsalted SHA-1 hash which resolved to the password "test123".

  • Thingiverse Data Leaked — Check Your Passwords | Hackaday

    Every week seems to bring another set of high-profile data leaks, and this time it’s the turn of a service that should be of concern to many in our community. A database backup from the popular 3D model sharing website Thingiverse has leaked online, containing 228,000 email addresses, full names, addresses, and passwords stored as unsalted SHA-1 or bcrypt hashes. If you have an account with Thingiverse it is probably worth your while to head over to Have I Been Pwned to search on your email address, and just to be sure you should also change your password on the site. Our informal testing suggests that not all accounts appear to be contained in the leak, which appears to relate to comments left on the site.

  • New PureBoot Feature: Scanning Root for Tampering – Purism
    With the latest PureBoot R19 pre-release we have added a number of new changes including improved GUI workflows and new security features and published a ROM image so the wider community can test it before it turns into the next stable release. To test it, existing PureBoot users can download the R19-pre1 .rom file that corresponds to their Librem computer and flash it like any other PureBoot release. In this post I want to highlight a new experimental security feature we added in this release that will extend the tamper detection PureBoot already does with the boot firmware and the /boot directory into the main root file system. This will allow you to detect attacks that modify system binaries (like /bin/bash) with backdoored versions. I also want to give some background on this feature and my thought process behind it so people understand where I’m coming from and why I made the design decisions I did.