LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Updated: 2 days 5 min ago
Monday 18th of September 2023 03:10:51 PM
Processes in a Linux system run within their own virtual address spaces.
Their virtual addresses map to physical pages provided by the hardware, but
the kernel takes pains to hide the physical addresses of those pages;
processes normally have no way of knowing (and no need to know) where their
memory is located in physical memory. As a result, the system calls for
memory management also deal in virtual addresses. Gregory Price is
currently trying to create an exception to this rule with
a
proposal for a new system call that would operate on memory using physical
addresses.
Monday 18th of September 2023 07:14:01 AM
Security updates have been issued by Debian (firefox-esr, libwebp, and thunderbird), Fedora (chromium, curl, flac, libtommath, libwebp, matrix-synapse, python-matrix-common, redis, and rust-pythonize), Gentoo (binwalk, ghostscript, python-requests, rar, samba, and wireshark), Oracle (.NET 6.0, kernel, and kernel-container), Slackware (python3), and SUSE (firefox).
Monday 18th of September 2023 05:43:15 AM
The
6.6-rc2 kernel prepatch is out for
testing.
I think the most notable thing about 6.6-rc2 is simply that it's
exactly 32 years to the day since the 0.01 release. And that's a round
number if you are a computer person.
Because other than the random date, I don't see anything that really
stands out here.
Friday 15th of September 2023 10:50:17 PM
The Debian project is
mourning Abraham Raji, who died in an accident on September 13.
Abraham was a popular and respected Debian Developer as well a prominent free software champion in his home state of Kerala, India. He was a talented graphic designer and led design and branding work for DebConf23 and several other local events in recent years. Abraham gave his time selflessly when mentoring new contributors to the Debian project, and he was instrumental in creating and maintaining the Debian India website.
The Debian Project honors his good work and strong dedication to Debian and Free Software. Abraham’s contributions will not be forgotten, and the high standards of his work will continue to serve as an inspiration to others.
Friday 15th of September 2023 02:51:21 PM
Much of the kernel's performance is dependent on caching — keeping useful
information around for future use to avoid the cost of looking it up again.
The kernel aggressively caches pages of file data, directory entries,
inodes, slab objects, and much more. Without active measures, though,
caches will tend to grow without bounds, leading to memory exhaustion. The
kernel's "shrinker" mechanism exists to be that active measure, but
shrinkers have some performance difficulties of their own.
This
patch series from Qi Zheng seeks to address one of the worst of those
by removing some locking overhead.
Friday 15th of September 2023 02:45:13 PM
Security updates have been issued by Debian (c-ares and samba), Fedora (borgbackup, firefox, and libwebp), Oracle (.NET 6.0 and kernel), Slackware (libwebp), SUSE (chromium and firefox), and Ubuntu (atftp, dbus, gawk, libssh2, libwebp, modsecurity-apache, and mutt).
Thursday 14th of September 2023 08:58:03 PM
Version 16
of the PostgreSQL database manager has been released.
PostgreSQL 16 contains many new features and enhancements, including:
- Allow parallelization of FULL and internal right OUTER hash joins
- Allow logical replication from standby servers
- Allow logical replication subscribers to apply large transactions in parallel
- Allow monitoring of I/O statistics using the new pg_stat_io view
- Add SQL/JSON constructors and identity functions
- Improve performance of vacuum freezing
- Add support for regular expression matching of user and database
names in pg_hba.conf, and user names in pg_ident.conf
Thursday 14th of September 2023 04:59:41 PM
The
Software Freedom Conservancy
(SFC) has
announced
the availability of
videos from the
first-ever
Free and Open Source Yearly
(FOSSY) conference, which was held in July in Portland, Oregon in the US.
During the four days of the conference, there were a wide variety of talks
from speakers with a range of experience and backgrounds, and amazing
community focused discussions. Featuring wide ranging topics such as a
panel
discussion about software coops,
what
is life like without a smartphone (where the picture on the right is
from), and
thinking
about FOSS from a systems theory perspective. Our track organizers
brought together communities from all over, and led by example choosing
speakers, topics and setting up panels for important conversations. There
is definitely a talk that will interest you, whether you are interested
in
nonprofit
board structure,
an
introduction to
Reproducible
Builds or maybe you are looking to have more
nature
adventures with free software.
Thursday 14th of September 2023 04:29:36 PM
The
fstat()
system call retrieves some of the metadata — owner, size, protections,
timestamps, and so on — associated with an open file descriptor. One might
not think of it as a performance-critical system call, but there are
workloads that make a lot of fstat() calls; it is not something
that should be slowed unnecessarily. As it turns out, though, the GNU C
Library (glibc) has been doing exactly that, but a fix is in the works.
Thursday 14th of September 2023 02:05:15 PM
Security updates have been issued by Debian (firefox-esr, libwebp, ruby-loofah, and ruby-rails-html-sanitizer), Fedora (open-vm-tools and salt), Oracle (.NET 7.0, dmidecode, flac, gcc, httpd:2.4, keylime, libcap, librsvg2, and qemu-kvm), Red Hat (.NET 6.0 and .NET 7.0), Slackware (libarchive and mozilla), SUSE (chromium and kernel), and Ubuntu (curl, firefox, ghostscript, open-vm-tools, postgresql-9.5, and thunderbird).
Thursday 14th of September 2023 12:59:40 AM
The LWN.net Weekly Edition for September 14, 2023 is available.
Wednesday 13th of September 2023 08:46:31 PM
The "
Common Vulnerabilities and
Exposures" (CVE) system was launched late
in the previous century (September 1999) to track vulnerabilities in
software. Over the years since, it has had a
somewhat checkered
reputation, along with some
some attempts to
replace it, but CVE numbers are still the only effective way to track
vulnerabilities. While that can certainly be useful, the
CVE-assignment (and severity scoring) process is not without its problems.
The prominence of CVE numbers, and the consequent increase in
"reputation" for a reporter, have combined to create a system that can
be—and is—actively gamed. Meanwhile, the organizations that oversee the
system are ultimately not doing a particularly stellar job.
Wednesday 13th of September 2023 11:33:35 AM
The
6.5.3,
6.4.16, and
6.1.53
stable kernel updates have been released; each contains a large number of
important fixes. Note that the 6.4.x line ends with 6.4.16.
Wednesday 13th of September 2023 11:30:51 AM
Security updates have been issued by Debian (e2guardian), Fedora (libeconf), Red Hat (dmidecode, kernel, kernel-rt, keylime, kpatch-patch, libcap, librsvg2, linux-firmware, and qemu-kvm), Slackware (mozilla), SUSE (chromium and shadow), and Ubuntu (cups, dotnet6, dotnet7, file, flac, and ruby-redcloth).
Tuesday 12th of September 2023 09:18:11 PM
The GCC stack-protector feature detects stack-based buffer overruns by
putting a canary value on the stack and noticing if that value is changed.
It
turns out, though, that dynamically allocated local variables (such as
variable-length arrays and space obtained with alloca()) are
placed beyond the canary, so overflows of those variables will not be
detected. As a result, arm64 binaries built with vulnerable versions of
GCC are not as protected as they should be and need to be rebuilt.
Dynamic allocations are just as susceptible to overflows as other
locals. In fact, they're arguably more susceptible because they're
almost always arrays, whereas fixed locals are often integers,
pointers, or other types to which variable-length data is never
written. GCC's own heuristics for when to use a stack guard reflect
this.
Kees Cook, meanwhile, has pointed out that
the kernel no longer uses variable-length arrays, so kernel builds should
not be affected by this vulnerability.
Tuesday 12th of September 2023 08:27:49 PM
Arduino has emerged as one of the
prime success stories of the open-hardware movement. In recent years, the
company has shifted its focus toward Internet of Things (IoT)
applications. As part of this transformation, it has completely redesigned
its open-source integrated development environment (IDE), adding a more
professional feature set for its hobbyist target audience. If you have
experimented with Arduino in the past, but have lost track of its
progress, now might be a good time to give it another try.
Tuesday 12th of September 2023 08:26:30 PM
Ars Technica
reports on a credential-stealing Trojan horse that would infect only some of those who installed the "Free Download Manager". The article is based on a
Kaspersky report that details the malicious payload offered up at that site from 2020 to 2022.
The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.
Tuesday 12th of September 2023 12:23:00 PM
Security updates have been issued by Debian (node-cookiejar and orthanc), Oracle (firefox, kernel, and kernel-container), Red Hat (flac and httpd:2.4), Slackware (vim), SUSE (python-Django, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and Ubuntu (c-ares, curl, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15,
linux-raspi, and linux-ibm, linux-ibm-5.4).
Monday 11th of September 2023 02:24:45 PM
Linus Torvalds
released
6.6-rc1 and closed the 6.6 merge window on September 10. At that
point, 12,230 non-merge changesets had been pulled into the mainline
repository, which is exactly 500 more than were pulled for 6.5 at this stage
in the cycle. Over 7,000 of those changes were pulled after
our first-half summary was written; they
brought a fair amount of new functionality with them. Read on for an
overview of those changes.
Monday 11th of September 2023 01:56:30 PM
Security updates have been issued by Debian (frr, kernel, libraw, mutt, and open-vm-tools), Fedora (cjose, pypy, vim, wireshark, and xrdp), Gentoo (apache), Mageia (chromium-browser-stable, clamav, ghostscript, librsvg, libtiff, openssl, poppler, postgresql, python-pypdf2, and unrar), Red Hat (flac), SUSE (firefox, geoipupdate, icu73_2, libssh2_org, rekor, skopeo, and webkit2gtk3), and Ubuntu (linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-gcp, linux-gcp-6.2, linux-ibm, linux-oracle, linux-starfive, linux-gcp-5.15, linux-gkeop-5.15, and opendmarc).
Recent comments
1 year 12 weeks ago
1 year 12 weeks ago
1 year 12 weeks ago
1 year 12 weeks ago
1 year 12 weeks ago
1 year 12 weeks ago
1 year 12 weeks ago
1 year 12 weeks ago
1 year 12 weeks ago
1 year 12 weeks ago