Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 8 min ago

[$] Python 3 at Facebook

Wednesday 27th of June 2018 04:56:04 PM

Python 3 adoption has clearly picked up over the last few years, though there is still a long way to go. Big Python-using companies tend to have a whole lot of Python 2.7 code running on their infrastructure and Facebook is no exception. But Jason Fried came to PyCon 2018 to describe what has happened at the company over the last four years or so—it has gone from using almost no Python 3 to it becoming the dominant version of Python in the company. He was instrumental in helping to make that happen and his talk [YouTube video] may provide other organizations with some ideas on how to tackle their migration.

Security updates for Wednesday

Wednesday 27th of June 2018 02:37:49 PM
Security updates have been issued by Arch Linux (cantata and qutebrowser), Debian (imagemagick, php5, and redis), Fedora (cri-o and libgxps), Oracle (glibc, kernel, libvirt, samba, samba4, sssd and ding-libs, and zsh), Red Hat (ansible, dpdk, kernel, kernel-alt, kernel-rt, libvirt, pki-core, podman, qemu-kvm, and qemu-kvm-rhev), Scientific Linux (kernel, libvirt, pki-core, and qemu-kvm), SUSE (firefox, gcc43, and kernel), and Ubuntu (openssl).

[$] Repealing the poll() tax

Wednesday 27th of June 2018 12:55:55 AM
One of the new features merged for the 4.18 kernel is a new polling interface using the asynchronous I/O mechanism. As part of this work, the internal implementation of how the various polling-related system calls (poll(), select(), and epoll_wait()) work was significantly changed. The reporting of a significant performance regression has now put all of that work into doubt, though. While it could be reverted, the more likely outcome would appear to be another set of changes to how polling works in the kernel.

Firefox 61

Tuesday 26th of June 2018 07:36:02 PM
Mozilla has announced the release of Firefox 61. Key highlights include the ability to easily add custom search engines, speedier response times when switching between tabs, retained display lists, an accessibility Tools Inspector, and WebExtension Tab Management. See the release notes for additional information.

[$] Teaching Python to kids

Tuesday 26th of June 2018 03:22:47 PM

The combination of an "unsuspecting library employee" and a bunch of bored children has created a popular program using the Raspberry Pi and other tools to teach coding to kids. Qumisha Goss is a librarian at the Parkman branch of the Detroit Public Library; she started the "Parkman Coders" program and came to PyCon 2018 in Cleveland, Ohio to tell the assembled Pythonistas all about it. She also had some thoughts on ways to make the Python community a more diverse place, along with some concerns for her students that are much bigger than the diversity topic.

Security updates for Tuesday

Tuesday 26th of June 2018 02:03:38 PM
Security updates have been issued by Slackware (firefox), SUSE (gpg2 and zlib), and Ubuntu (openssl, openssl1.0).

Another set of stable kernel updates

Tuesday 26th of June 2018 02:27:41 AM
The latest set of stable kernel updates consists of 4.17.3, 4.16.18, 4.14.52, and 4.9.110. Each contains a fair number of important updates. Note that 4.16.18 is the end of the line for the 4.16 series.

[$] Kernel support for control-flow enforcement

Monday 25th of June 2018 11:36:40 PM
As attackers have lost the easy ability to execute code stored in writable memory, they have increasingly turned to return-oriented programming (ROP) and related techniques to compromise vulnerable systems. ROP attacks use the code that is present in the program under attack and are hard to defend against in software. In response, hardware vendors are developing ways to defeat ROP-like techniques at a lower level. One of the results is Intel's Control-Flow Enforcement Technology (CET) [PDF], which adds two mechanisms (shadow stacks and indirect-branch tracking) that are intended to resist these attacks. Yu-cheng Yu recently posted a set of patches showing how this technology is to be used to defend Linux systems.

SUSE Linux Enterprise 15

Monday 25th of June 2018 11:13:36 PM
SUSE has announced the release of SUSE Linux Enterprise 15, SUSE Manager 3.2, and SUSE Linux Enterprise High Performance Computing 15. "SUSE Linux Enterprise 15 is a modern, modular operating system that helps simplify multimodal IT, makes traditional IT infrastructure more efficient and provides an engaging platform for developers. As a result, customers can easily deploy and transition business-critical workloads across on-premise and public cloud environments."

Security updates for Monday

Monday 25th of June 2018 03:10:17 PM
Security updates have been issued by CentOS (git), Debian (bouncycastle and lava-server), Fedora (ansible, epiphany, kernel, kernel-tools, matrix-synapse, mingw-podofo, pass, podofo, python-prometheus_client, redis, rubygem-sinatra, and thunderbird-enigmail), Gentoo (file and pnp4nagios), Mageia (file, glibc, kernel, librsvg, and libvorbis), openSUSE (go1.9, mariadb, phpMyAdmin, and redis), and SUSE (firefox, kernel modules packages, and python).

Systemd v239 released

Monday 25th of June 2018 12:08:23 AM
Systemd v239 has been released with a long list of changes; click below for the full set. "A new system.conf setting NoNewPrivileges= is now available which may be used to turn off acquisition of new privileges system-wide (i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also for all its children). Note that turning this option on means setuid binaries and file system capabilities lose their special powers. While turning on this option is a big step towards a more secure system, doing so is likely to break numerous pre-existing UNIX tools, in particular su and sudo."

Perl 5.28.0 released

Sunday 24th of June 2018 11:57:10 PM
Version 5.28.0 of the Perl language has been released. "Perl 5.28.0 represents approximately 13 months of development since Perl 5.26.0 and contains approximately 730,000 lines of changes across 2,200 files from 77 authors". The full list of changes can be found over here; some highlights include Unicode 10.0 support, string- and number-specific bitwise operators, a change to more secure hash functions, and safer in-place editing.

Kernel prepatch 4.18-rc2

Sunday 24th of June 2018 06:14:31 PM
The second 4.18 kernel prepatch is out for testing. "Anyway, it's early in the rc series yet, but things look fairly normal."

LKML archives on lore.kernel.org

Friday 22nd of June 2018 07:34:38 PM
A new archive of linux-kernel mailing list (LKML) posts going back to 1998 is now available at lore.kernel.org. It is based on public-inbox (which we looked at back in February. Among other things, public-inbox allows retrieving the entire archive via Git: "Git clone URLs are provided at the bottom of each page. Note, that due to its volume, the LKML archive is sharded into multiple repositories, each roughly 1GB in size. In addition to cloning from lore.kernel.org, you may also access these repositories on git.kernel.org." The full announcement, which includes information about a new Patchwork instance as well as ways to link into the new archive, can be found on kernel.org.

Security updates for Friday

Friday 22nd of June 2018 01:41:10 PM
Security updates have been issued by Debian (php-horde-image), openSUSE (kernel), Scientific Linux (git), SUSE (bluez, kernel, mariadb, and mariadb, mariadb-connector-c, xtrabackup), and Ubuntu (openjdk-7).

Bottomley: Containers and Cloud Security

Thursday 21st of June 2018 06:49:57 PM
On his blog, James Bottomley looks at the value proposition for various types of cloud deployments. In particular, he compares the vertical and horizontal attack profile (VAP and HAP) of four different models: separate servers, separate logins on a single server, virtual machines, and containers. He finds the container story to be compelling: "The total VAP here is identical to that of physical infrastructure. However, the Tenant component is much smaller (the kernel accounting for around 50% of all vulnerabilities). It is this reduction in the Tenant VAP that makes containers so appealing: the CSP [cloud service provider] is now responsible for monitoring and remediating about half of the physical system VAP which is a great improvement for the Tenant. Plus when the CSP remediates on the host, every container benefits at once, which is much better than having to crack open every virtual machine image to do it. Best of all, the Tenant images don’t have to be modified to benefit from these fixes, simply running on an updated CSP host is enough. However, the cost for this is that the HAP is the entire linux kernel syscall interface meaning the HAP is much larger than then hypervisor virtual infrastructure case because the latter benefits from interface narrowing to only the hypercalls (qualitatively, assuming the hypercall interface is ~30 calls and the syscall interface is ~300 calls, then the HAP is 10x larger in the container case than the hypervisor case); however, thanks to protections from the kernel namespace code, the HAP is less than the shared login server case. Best of all, from the Tenant point of view, this entire HAP cost is borne by the CSP, which makes this an incredible deal: not only does the Tenant get a significant reduction in their VAP but the CSP is hugely motivated to keep on top of all vulnerabilities in their part of the VAP and remediate very fast because of the business implications of a successful horizontal attack."

More in Tux Machines

Stable kernel 4.4.142

I'm announcing the release of the 4.4.142 kernel. It's not an "essencial" upgrade, but a number of build problems with perf are now resolved, and an x86 issue that some people might have hit is now handled properly. If those were problems for you, please upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... Read more

today's leftovers

  • Ditching Windows: 2 Weeks With Ubuntu Linux On The Dell XPS 13 [Ed: sadly it's behind a malicious spywall]
  • What Serverless Architecture Actually Means, and Where Servers Enter the Picture
  • What are ‘mature’ stateful applications?
    BlueK8s is a new open source Kubernetes initiative from ‘big data workloads’ company BlueData — the project’s direction leads us to learn a little about which direction containerised cloud-centric applications are growing. Kubernetes is a portable and extensible open source platform for managing containerised workloads and services (essentially it is a container ‘orchestration’ system) that facilitates both declarative configuration and automation. The first open project in the BlueK8s initiative is Kubernetes Director (aka KubeDirector), for deploying and managing distributed ‘stateful applications’ with Kubernetes.
  • Winds – Machine Learning Powered RSS and Podcast App
    There are numerous RSS reader apps available in Linux universe, some of them are best and some of them are your native Linux apps. Not all of them are having ability to support podcast though. Winds is very beautiful RSS and podcast app based on stream API and it comes with him nice user interface and loaded with features.
  • Reaper audio editing software gets a native Linux installer
    Reaper is a powerful, versatile digital audio workstation for editing music, podcasts, or other audio projects. I’ve used it to edit and mix every single episode of the LPX podcast and Loving Project podcast. The software is also cross-platform. There 32-bit and 64-bit builds available for Windows and macOS, and there’s been an experimental Linux version for a few years.
  • Common Vision Blox 2018 with Enhanced 3D and Linux Functionality
    CVB Image Manager is the core component of Common Vision Blox and offers unrivalled functionality in image acquisition, image handling, image display and image processing. It is also included with the free CameraSuite SDK licence which is supplied with all GigE Vision or USB3 Vision cameras purchased from Stemmer Imaging. CVB 2018 Image Manager features core 3D functionality to handle point clouds and pre-existing calibrations as well as the display of 3D data. A new tool called Match 3D, which operates in both Windows and Linux, has been added. This allows a point cloud to be compared to a template point cloud, returning the 3D transformation between the two. It can be useful for 3D positioning systems and also for calculating the differences for quality control applications. The new features in CVB 2018 Image Manager have also been extended to Linux (on Intel and ARM platforms), making it even more suitable for developing solutions in embedded and OEM applications.
  • Oldest swinger in town, Slackware, notches up a quarter of a century
    Slackware, the oldest Linux distribution still being maintained, has turned 25 this week, making many an enthusiast wonder where all those years went. Mention Slackware, and the odds are that the FOSS fan before you will go a bit misty-eyed and mumble something about dependency resolution as they recall their first entry into the world of Linux. Released by Patrick Volkerding on 17 July 1993, Slackware aimed to be the most “UNIX-like” Linux distribution available and purports to be designed “with the twin goals of ease of use and stability as top priorities”. Enthusiasts downloading the distro for the first time might take issue with the former goal – the lack of a cuddly graphical installer can be jarring.
  • SDR meets AI in a mash-up of Jetson TX2, Artix-7, and 2×2 MIMO
    Deepwave Digital has launched an Ubuntu-driven, $5K “AIR-T” Mini-ITX board for AI-infused SDR, equipped with an Nvidia Jetson TX2, a Xilinx Artix-7 FPGA, and an AD9371 2×2 MIMO transceiver.
  • 8BitDo’s DIY Kit Can Turn Your Fave Retro Gamepad into a Wireless Steam Controller
    The “8BitDo Mod Kit” is a DIY package that gives you everything you need to convert an existing wired game pad for the NES, SNES, or Sega Mega Drive/Genesis systems into a fully-fledged wireless controller. A wireless controller you could then use with Ubuntu. No soldering is required. You just unscrew the case of an existing controller and the PCB inside and replace it with the one included in the mod kit. Screw it all back up and, hey presto, wireless gaming on a classic controller. Modded controllers are compatible with Steam on Windows and macOS (one assumes Linux too), as well the Nintendo Switch, and the Raspberry Pi — that’s a versatility classic game pads rarely had!
  • Are These a Risky Play with big payoff? PayPal Holdings, Inc. (PYPL) and Red Hat, Inc. (RHT)
  • How These Stocks Are Currently Valued TechnipFMC plc (FTI), Red Hat, Inc. (RHT)?
  • Form 4 RED HAT INC For: Jul 16 Filed by: Kelly Michael A
  • Form 4 RED HAT INC For: Jul 16 Filed by: KAISER WILLIAM S

Kernel: Linux 4.19 and LWN Coverage Unleashed From Paywall

  • Linux 4.19 To Feature Support For HDMI CEC With DP/USB-C To HDMI Adapters
    Adding to the big batch of feature additions and improvements queuing in DRM-Next for the upcoming Linux 4.19 kernel merge window is another round of drm-misc-next improvements. While the drm-misc-next material consists of the random DRM core and small driver changes not big enough to otherwise warrant their own individual pull requests to DRM-Next, for Linux 4.19 this "misc" material has been fairly exciting. Last week's drm-misc-next pull request introduced the Virtual KMS (VKMS) driver that offers exciting potential. With this week's drm-misc-next pull are further improvements to the VKMS code for frame-buffer and plane helpers, among other additions.
  • Nouveau Changes Queue Ahead Of Linux 4.19
    Linux 4.19 is going to be another exciting kernel on the Direct Rendering Manager (DRM) front with a lot of good stuff included while hours ago we finally got a look at what's in store for the open-source NVIDIA "Nouveau" driver. Nouveau DRM maintainer Ben Skeggs of Red Hat has updated the Nouveau DRM tree of the latest batch of patches ahead of sending in the pull request to DRM-Next. As has been the trend in recent times, the Nouveau DRM work mostly boils down to bug/regression fixes.
  • IR decoding with BPF
    In the 4.18 kernel, a new feature was merged to allow infrared (IR) decoding to be done using BPF. Infrared remotes use many different encodings; if a decoder were to be written for each, we would end up with hundreds of decoders in the kernel. So, currently, the kernel only supports the most widely used protocols. Alternatively, the lirc daemon can be run to decode IR. Decoding IR can usually be expressed in a few lines of code, so a more lightweight solution without many kernel-to-userspace context switches would be preferable. This article will explain how IR messages are encoded, the structure of a BPF program, and how a BPF program can maintain state between invocations. It concludes with a look at the steps that are taken to end up with a button event, such as a volume-up key event. Infrared remote controls emit IR light using a simple LED. The LED is turned on and off for shorter or longer periods, which is interpreted somewhat akin to morse code. When infrared light has been detected for a period, the result is called a "pulse". The time between pulses when no infrared light is detected is called a "space".
  • The block I/O latency controller
    Large data centers routinely use control groups to balance the use of the available computing resources among competing users. Block I/O bandwidth can be one of the most important resources for certain types of workloads, but the kernel's I/O controller is not a complete solution to the problem. The upcoming block I/O latency controller looks set to fill that gap in the near future, at least for some classes of users. Modern block devices are fast, especially when solid-state storage devices are in use. But some workloads can be even faster when it comes to the generation of block I/O requests. If a device fails to keep up, the length of the request queue(s) will increase, as will the time it takes for any specific request to complete. The slowdown is unwelcome in almost any setting, but the corresponding increase in latency can be especially problematic for latency-sensitive workloads.

Microsoft's Lobbying Campaign for Android Antitrust Woes

  • Google Hints A Future Where Android Might NOT Be Free
  • Android has created more choice, not less
  • Google Fined Record $5 Billion by EU, Given 90 Days to Stop ‘Illegal Practices’

    EU regulators rejected arguments that Apple Inc. competes with Android, saying Apple’s phone software can’t be licensed by handset makers and that Apple phones are often priced outside many Android users’ purchasing power.

  • EU: Google illegally used Android to dominate search, must pay $5B fine

    Thirdly, Google allegedly ran afoul of EU rules by deterring manufacturers from using Android forks. Google "has prevented manufacturers wishing to pre-install Google apps from selling even a single smart mobile device running on alternative versions of Android that were not approved by Google," the commission said.

  • EU hits Google with US$5b fine over alleged Android misuse

    The European Union has hit Google with a second fine in as many years, demanding that the search behemoth pay €4.34 billion (US$5.05 billion, A$6.82 billion) for breaching anti-trust rules over its Android mobile operating system.

    Announcing the fine on Wednesday in Brussels, the EU said Google must end such conduct within 90 days or pay a penalty of up to 5% of the average daily turnover of its parent company, Alphabet.

    The company has said it will appeal against the fine.

  • iPhone users buy half as many apps as Android users, but spend twice as much

    Apple's app store is still yielding twice the revenue of Google Play, and yet is only recording half the number of downloads.

    The figures for Q1&2 of the year suggest Apple owners spent $22.6bn on apps, whilst Android users only spent $11.8bn.

  • The EU fining Google over Android is too little, too late, say experts

    The Play Store is free to use under licence from Google, but comes with a set of conditions smartphone manufacturers must meet. The most important of these, and the one the EC has a problem with, is the requirement to set Google as the default search engine and the pre-installation of certain apps, including Google Chrome, YouTube and the Google search app. Google also dictates that some of the pre-installed apps be placed on the homescreen.

  • Don’t Expect Big Changes from Europe’s Record Google Fine

    The decision by the European Commission, the EU’s regulatory arm, found that Google manages Android, which runs roughly 80 percent of the world’s smartphones, in ways that illegally harm competition. The ruling focused on three practices: the bundling of Google's Chrome web browser and its search app as a condition for licensing the Google Play store; payments Google makes to phone manufacturers and telecom companies to exclusively preinstall the Google search app on their devices; and Google's practice of prohibiting device makers from running Google apps on Android “forks,” or alternative versions of the software unapproved by Google. In its ruling, the commission ordered Google to stop all of those practices.