Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 12 min ago

Stable kernels 5.7.12, 5.4.55, 4.19.136, 4.14.191, 4.9.232, and 4.4.232

Friday 31st of July 2020 06:21:48 PM
Greg Kroah-Hartman has released the 5.7.12, 5.4.55, 4.19.136, 4.14.191, 4.9.232, and 4.4.232 stable kernels. As usual, these contain lots of important fixes throughout the tree; users should upgrade.

X.org security fixes address potential ASLR bypass, heap corruption

Friday 31st of July 2020 05:38:41 PM
The X.Org project has announced two security advisories that impact Xserver and libX11. The first advisory for X server is regarding uninitialized memory in AllocatePixmap() that could lead to address space layout randomization bypass. The second, impacting libX11, is a heap corruption caused by integer overflows and signed/unsigned comparisons.

Security updates for Friday

Friday 31st of July 2020 04:32:31 PM
Security updates have been issued by Debian (grub2 and mercurial), Fedora (chromium, firefox, and freerdp), Oracle (firefox and kernel), Red Hat (firefox), Scientific Linux (firefox, grub2, and kernel), and SUSE (ghostscript and targetcli-fb).

systemd 246 released

Friday 31st of July 2020 02:41:13 PM
Systemd 246 has been released. There is an incredibly long list of new features, many of which have to do with support for encrypted and signed disk volumes. "Various command line parameters and configuration file settings that configure key or certificate files now optionally take paths to AF_UNIX sockets in the file system. If configured that way a stream connection is made to the socket and the required data read from it. This is a simple and natural extension to the existing regular file logic, and permits other software to provide keys or certificates via simple IPC services, for example when unencrypted storage on disk is not desired."

[$] Go filesystems and file embedding

Thursday 30th of July 2020 04:52:32 PM
The Go team has recently published several draft designs that propose changes to the language, standard library, and tooling: we covered the one on generics back in June. Last week, the Go team published two draft designs related to files: one for a new read-only filesystem interface, which specifies a minimal interface for filesystems, and a second design that proposes a standard way to embed files into Go binaries (by building on the filesystem interface). Embedding files into Go binaries is intended to simplify deployments by including all of a program's resources in a single binary; the filesystem interface design was drafted primarily as a building block for that. There has been a lot of discussion on the draft designs, which has been generally positive, but there are some significant concerns.

Security updates for Thursday

Thursday 30th of July 2020 04:45:21 PM
Security updates have been issued by Arch Linux (webkit2gtk), CentOS (GNOME, grub2, and kernel), Debian (firefox-esr, grub2, json-c, kdepim-runtime, libapache2-mod-auth-openidc, net-snmp, and xrdp), Gentoo (chromium and firefox), Mageia (podofo), openSUSE (knot and tomcat), Oracle (grub2, kernel, postgresql-jdbc, and python-pillow), Red Hat (firefox, grub2, kernel, and kernel-rt), SUSE (grub2), and Ubuntu (firefox, grub2, grub2-signed, and librsvg).

Grub2 updates for Red Hat systems are making some unbootable

Thursday 30th of July 2020 04:44:23 PM
As reported in the comments on the Grub2 secure-boot vulnerabilities report, the updates for grub2 for RHEL 8 and CentOS 8 are making some systems unbootable. The boot problems are seemingly unrelated to whether the system has secure boot enabled. It may be worth waiting a bit for that to shake out.

[$] LWN.net Weekly Edition for July 30, 2020

Thursday 30th of July 2020 12:23:48 AM
The LWN.net Weekly Edition for July 30, 2020 is available.

[$] Open-source CNCing

Wednesday 29th of July 2020 06:50:09 PM
Last year Sienci Labs finished its Kickstarter campaign for the open-source LongMill Benchtop CNC Router — its second successful open-source CNC machine Kickstarter campaign. CNC routers allow users to mill things (like parts) from raw materials (like a block of aluminum) based on a 3D-model. The LongMill is a significant improvement over the original sold-out Mill One and makes professional-quality machining based entirely on open-source technology a reality. As an owner of a LongMill, I will walk through the various open-source technologies that make this tool a cornerstone of my home workshop.

A long list of GRUB2 secure-boot holes

Wednesday 29th of July 2020 06:47:47 PM
Several vulnerabilities have been disclosed in the GRUB2 bootloader; they enable the circumvention of the UEFI secure boot mechanism and the persistent installation of hostile software. Fixing the problem is not just a matter of getting a new GRUB2 installation, unfortunately. "It is important to note that updating the exploitable binaries does not in fact mitigate the CVE, since an attacker could bring an old, exploitable, signed copy of a grub binary onto a system with whatever kernel they wished to load. In order to mitigate, the UEFI Revocation List (dbx) must be updated on a system. Once the UEFI Revocation List is updated on a system, it will no longer boot binaries that pre-date these fixes. This includes old install media."

Four stable kernels

Wednesday 29th of July 2020 03:17:58 PM
Stable kernels 5.7.11, 5.4.54, 4.19.135, and 4.14.190 have been released. They all contain important fixes and users should upgrade.

[$] A look at Dart

Wednesday 29th of July 2020 03:14:41 PM
Dart is a BSD-licensed programming language from Google with a mature open-source community supporting the project. It works with multiple architectures, is capable of producing native machine-code binaries, and can also produce JavaScript versions of its applications. Dart version 1.0 was released in 2013, with the most recent version, 2.8, released on June 3 (2.9 is currently in public beta). Among the open-source projects using Dart is the cross-device user-interface (UI) toolkit Flutter. We recently covered the Canonical investment in Flutter to help drive more applications to the Linux desktop, and Dart is central to that story.

Security updates for Wednesday

Wednesday 29th of July 2020 02:58:51 PM
Security updates have been issued by Debian (curl, firefox-esr, luajit, and salt), Fedora (clamav, java-1.8.0-openjdk, and java-11-openjdk), Gentoo (claws-mail, dropbear, ffmpeg, libetpan, mujs, mutt, and rsync), openSUSE (qemu), Red Hat (openstack-tripleo-heat-templates), SUSE (freerdp, ldb, rubygem-puma, samba, and webkit2gtk3), and Ubuntu (mysql-5.7, mysql-8.0 and sympa).

GNU nano 5.0 released

Wednesday 29th of July 2020 02:25:12 PM
Version 5.0 of the GNU nano text editor is out; it contains a number of improvements to the editing experience. "With --indicator (or -q or 'set indicator') nano will show a kind of scrollbar on the righthand side of the screen to indicate where in the buffer the viewport is located and how much it covers."

[$] Lockless algorithms for mere mortals

Tuesday 28th of July 2020 07:34:08 PM
Time, as some have said, is nature's way of keeping everything from happening at once. In today's highly concurrent computers, though, time turns out not to be enough to keep events in order; that task falls to an extensive set of locking primitives and, below those, the formalized view of memory known as the Linux kernel memory model. It takes a special kind of mind to really understand the memory model, though; kernel developers lacking that particular superpower are likely to make mistakes when working in areas where the memory model comes into play. Working at that level is increasingly necessary for performance purposes, though; a recent conversation points out ways in which the kernel could make that kind of work easier for ordinary kernel developers.

Firefox 79.0

Tuesday 28th of July 2020 03:51:54 PM
Firefox 79.0 has been released. This version has improved accessibility for people using screen readers. See the release notes for more details.

[$] TLS gets a boost from Arduino for IoT devices

Tuesday 28th of July 2020 03:18:03 PM
Arduino devices are a favorite among do-it-yourself (DIY) enthusiasts to create, among other things, Internet of Things (IoT) devices. We have previously covered the Espressif ESP8266 family of devices that can be programmed using the Arduino SDK, but the Arduino project itself also provides WiFi-enabled devices such as the Arduino MKR WiFi 1010 board. Recently, the Arduino Security Team raised the problem of security shortcomings of IoT devices in a post, and how the Arduino project is working to make improvements. We will take the opportunity to share some interesting things from that, and also look at the overall state of TLS support in the Arduino and Espressif SDK projects.

Historical programming-language groups disappearing from Google

Tuesday 28th of July 2020 03:04:34 PM
As Alex McDonald notes in this support request, Google has recently banned the old Usenet groups comp.lang.forth and comp.lang.lisp from the Google Groups system. "Of specific concern is the archive. These are some of the oldest groups on Usenet, and the depth & breadth of the historical material that has just disappeared from the internet, on two seminal programming languages, is huge and highly damaging. These are the history and collective memories of two communities that are being expunged, and it's not great, since there is no other comprehensive archive after Google's purchase of Dejanews around 20 years ago." Perhaps Google can be convinced to restore the content, but it also seems that some of this material could benefit from a more stable archive.

Security updates for Tuesday

Tuesday 28th of July 2020 02:58:34 PM
Security updates have been issued by openSUSE (cacti, cacti-spine, go1.13, SUSE Manager Client Tools, and tomcat), Red Hat (postgresql-jdbc and python-pillow), Slackware (mozilla), SUSE (python-Django and python-Pillow), and Ubuntu (clamav, librsvg, libslirp, linux-gke-5.0, linux-oem-osp1, linux-hwe, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, and sqlite3).

Git v2.28.0

Monday 27th of July 2020 05:29:37 PM
Version 2.28.0 of the git version control system has been released. "It is smaller than the releases in our recent past, mostly due to the development cycle was near the shorter end of the spectrum (our cycles last 8-12 weeks and this was a rare 8-week cycle)."

See this GitHub Blog post for details on the new features in this release.

More in Tux Machines

Optimised authentication methods for Ubuntu Desktop

Still counting on passwords to protect your workstation? When set up properly, alternatives to passwords provide a streamlined user experience while significantly improving security. These alternative authentication methods can also easily be combined to create a custom and adaptive authentication profile. This whitepaper introduces three popular authentication methods that provide a solid alternative to passwords. Perhaps you’d like to configure your laptop for login using a YubiKey hardware token connected to a dock. Another option could be to login with a Duo push notification when not connected to the dock, but use a Google Authenticator one-time password when no network is available. Maybe you need a separate hardware token just for ssh authentication, and you always need to keep a long, complex password for emergency authentication should all other methods fail. All of these scenarios can be easily configured within Ubuntu. Read more

Open Hardware: Arduino, RISC-V and 96Boards

  • Arduino-controlled robot arm is ready to play you in a game of chess

    If you’re tired of playing chess on a screen, then perhaps you could create a robotic opponent like Instructables user Michalsky. The augmented board runs micro-Max source code, enabling chess logic to be executed on an Arduino Mega with room for control functions for a 6DOF robotic arm. The setup uses magnetic pieces, allowing it to pick up human moves via an array of 64 reed switches underneath, along with a couple shift registers. The Mega powers the robot arm accordingly, lifting the appropriate piece and placing it on the correct square.

  • New RISC-V CTO On Open Source Chip Architecture’s Global Data Center Momentum

    With more big international players on board, the foundation's new head of technology sees signs of "state of the art moving forward."

  • Snapdragon 410 based 96Boards CE SBC gets an upgrade

    Geniatech has launched a Linux-ready, $109 “Developer Board 4 V3” compliant with 96Boards CE that offers a Snapdragon 410E, GbE, 3x USB, 802.11ac, GPS, and-25 to 70°C support. Geniatech has released a V3 edition of its 96Boards CE form-factor Developer Board 4 SBC, the third update of the Development Board IV we covered back in 2016. Starting at $109, the Developer Board 4 V3 still runs Linux, Android, and Windows 10 IoT Core on Qualcomm’s 1.2GHz, quad -A53 Snapdragon 410m, although it has been upgraded to the 10-year availability Snapdragon 410E. Geniatech also sells a line of Rockchip based SBCs, among other embedded products.

Audiocasts/Shows: Linux in the Ham Shack and Linux Headlines

  • LHS Episode #360: Zapped

    Welcome to the 360th episode of Linux in the Ham Shack. In this short-topic show, the hosts discuss 1.2GHz distance records, a hybrid antenna for geosynchronous satellite operation, data mode identification for your smart phone, being pwned, Ubuntu 20.04.1, LibreOffice, HamClock and much more. Thanks for listening and hope you have a great week.

  • LHS Episode #361: The Weekender LIV

    It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

  • 2020-08-14 | Linux Headlines

    Google could be extending its Firefox search royalty deal, PyPy leaves the Software Freedom Conservancy, Ubuntu puts out a call for testing, Linspire removes snapd support, Microsoft showcases its open source contributions, and Facebook joins The Linux Foundation.

Python Programming

  • Django Weblog: DjangoCon Australia 2020: Schedule live and tickets on sale

    The 8th DjangoCon AU was scheduled to be run in Adelaide, South Australia this year. It's been moved to an online event and will take place on September 4th. DjangoCon AU is organized as a specialist track as part of PyConline AU. The schedule — though shorter than in previous years — is packed with talks about best practices, communities, contributions, and the present and future of Django. Since the event was due to run in Adelaide, the event is running in Australian Central Standard Time, UTC+9:30, and DjangoCon AU will start at 3:45pm ACST. This link shows when the DjangoCon AU Opening address starts for all the DjangoCon timezones..

  • Return how many times each letter shows up in the string by using an asterisk (*)

    Hello people, in this article we will solve the below python problem. You receive the name of a city as a string, and you need to return a string that shows how many times each letter shows up in the string by using an asterisk (*).

  • The Real Python Podcast – Episode #22: Create Cross-Platform Python GUI Apps With BeeWare

    Do you want to distribute your Python applications to other users who don't have or even use Python? Maybe you're interested in seeing your Python application run on iOS or Android mobile devices. This week on the show we have Russell Keith-Magee, the founder and maintainer of the BeeWare project. Russell talks about Briefcase, a tool that converts a Python application into native installers on macOS, Windows, Linux, and mobile devices.

  • Python vs R: Which is Good for Machine Learning?

    If you want to build a machine learning project and are stuck between choosing the right programming language to build it, you know you have come to the right place. This blog will not only help you understand the difference between the two languages namely: Python and R; but also help you know which language has an edge over one another in multiple aspects. So without wasting a single moment, let’s dive into it!

  • Freezegun - Real Joy for Fake Dates in Python

    If you've ever tested code involving dates and times in Python you've probably had to mock the datetime module. And if you've mocked the datetime module, at some point it probably mocked you back when your tests failed.

  • Mastering the SQLite Database in Python

    In this tutorial, we shall see some advanced tasks associated with the SQLite database from Python. We shall see topics such as inserting images, Listing the tables, Backup a database, Dumping Rollback in SQLite, Deleting records from a table, Dropping a table, SQLite database exceptions, and more.

  • PSF GSoC students blogs: Week 6 Blog Post
  • Top 10 Important Uses cases of Python in the Real World

    These top 10 Python uses cases in the real world prove how effective the programming language is. Read the real life uses of Python and implement it in your organization.