Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 3 min ago

Security updates for Friday

Friday 31st of August 2018 02:47:54 PM
Security updates have been issued by Debian (389-ds-base, bind9, and squirrelmail), Fedora (dolphin-emu), openSUSE (libX11), SUSE (cobbler, GraphicsMagick, ImageMagick, liblouis, postgresql10, qemu, and spice), and Ubuntu (libx11).

The Tink crypto library

Friday 31st of August 2018 11:38:02 AM
Google has announced the existence of a new cryptographic library called "Tink". "Tink aims to provide cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Tink is built on top of existing libraries such as BoringSSL and Java Cryptography Architecture, but includes countermeasures to many weaknesses in these libraries, which were discovered by Project Wycheproof, another project from our team."

[$] Protecting files with fs-verity

Thursday 30th of August 2018 06:50:12 PM
The developers of the Android system have, among their many goals, the wish to better protect Android devices against persistent compromise. It is bad if a device is taken over by an attacker; it's worse if it remains compromised even after a reboot. Numerous mechanisms for ensuring the integrity of installed system files have been proposed and implemented over the years. But it seems there is always room for one more; to fill that space, the fs-verity mechanism is being proposed as a way to protect individual files from malicious modification.

Security updates for Thursday

Thursday 30th of August 2018 02:36:49 PM
Security updates have been issued by Debian (libx11), Fedora (bouncycastle, libxkbcommon, libzypp, nodejs, ntp, openssh, tomcat, xen, and zypper), Red Hat (ansible, kernel, and opendaylight), and SUSE (apache2, cobbler, ImageMagick, libtirpc, libzypp, zypper, and qemu).

[$] LWN.net Weekly Edition for August 30, 2018

Thursday 30th of August 2018 01:06:59 AM
The LWN.net Weekly Edition for August 30, 2018 is available.

[$] Measuring (and fixing) I/O-controller throughput loss

Wednesday 29th of August 2018 09:20:33 PM
Many services, from web hosting and video streaming to cloud storage, need to move data to and from storage. They also often require that each per-client I/O flow be guaranteed a non-zero amount of bandwidth and a bounded latency. An expensive way to provide these guarantees is to over-provision storage resources, keeping each resource underutilized, and thus have plenty of bandwidth available for the few I/O flows dispatched to each medium. Alternatively one can use an I/O controller. Linux provides two mechanisms designed to throttle some I/O streams to allow others to meet their bandwidth and latency requirements. These mechanisms work, but they come at a cost: a loss of as much as 80% of total available I/O bandwidth. I have run some tests to demonstrate this problem; some upcoming improvements to the bfq I/O scheduler promise to improve the situation considerably.

[$] C considered dangerous

Wednesday 29th of August 2018 09:11:29 PM

At the North America edition of the 2018 Linux Security Summit (LSS NA), which was held in late August in Vancouver, Canada, Kees Cook gave a presentation on some of the dangers that come with programs written in C. In particular, of course, the Linux kernel is mostly written in C, which means that the security of our systems rests on a somewhat dangerous foundation. But there are things that can be done to help firm things up by "Making C Less Dangerous" as the title of his talk suggested.

bison-3.1 released

Wednesday 29th of August 2018 04:35:54 PM
Version 3.1 of the Bison parser generator has been released. "It introduces new features such as typed midrule actions, brings improvements in the diagnostics, fixes several bugs and portability issues, improves the examples, and more".

Security updates for Wednesday

Wednesday 29th of August 2018 03:01:04 PM
Security updates have been issued by CentOS (bind and postgresql), Debian (linux-4.9 and tomcat8), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), Slackware (kernel), SUSE (kernel and openssl1), and Ubuntu (linux-azure, linux-oem, linux-gcp and poppler).

[$] An introduction to the Julia language, part 1

Tuesday 28th of August 2018 08:57:02 PM
Julia is a young computer language aimed at serving the needs of scientists, engineers, and other practitioners of numerically intensive programming. It was first publicly released in 2012. After an intense period of language development, version 1.0 was released on August 8. The 1.0 release promises years of language stability; users can be confident that developments in the 1.x series will not break their code. This is the first part of a two-part article introducing the world of Julia. This part will introduce enough of the language syntax and constructs to allow you to begin to write simple programs. The following installment will acquaint you with the additional pieces needed to create real projects, and to make use of Julia's ecosystem.

Reports from Netdev 0x12

Tuesday 28th of August 2018 04:56:16 PM
The Netdev 0x12 networking conference was held in mid-July. The conference team has provided a brief introduction. Participants at the event have put together a set of reports of the talks that were held during the conference; tutorials and workshops were held on Day 1, Day 2 includes eleven talks, including the keynote by Van Jacobson, while Day 3 covers another ten topics.

Two stable kernel updates

Tuesday 28th of August 2018 03:23:02 PM
Stable kernels 4.4.153 and 3.18.120 have been released. They both contain important fixes and users should upgrade.

Security updates for Tuesday

Tuesday 28th of August 2018 03:17:14 PM
Security updates have been issued by Debian (ruby2.1 and twitter-bootstrap3), Fedora (freeipa), openSUSE (libreoffice), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (graffana, kafka, logstash, monasca-installer and libreoffice), and Ubuntu (intel-microcode and libgd2).

[$] Sharing and archiving data sets with Dat

Monday 27th of August 2018 11:25:58 PM

Dat is a new peer-to-peer protocol that uses some of the concepts of BitTorrent and Git. Dat primarily targets researchers and open-data activists as it is a great tool for sharing, archiving, and cataloging large data sets. But it can also be used to implement decentralized web applications in a novel way.

Subscribers can read on for more on Dat by guest author Antoine Beaupré.

Security updates for Monday

Monday 27th of August 2018 02:50:52 PM
Security updates have been issued by Debian (dropbear, libextractor, and libgit2), Fedora (chromium, obs-build, and osc), openSUSE (GraphicsMagick, ImageMagick, kbuild, virtualbox, libgit2, nextcloud, and phpMyAdmin), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, rh-postgresql10-postgresql, and rh-postgresql96-postgresql), and SUSE (gdm, openssh, openssl, python, and xen).

[$] The second half of the 4.19 merge window

Sunday 26th of August 2018 10:56:47 PM
By the time Linus Torvalds released 4.19-rc1 and closed the merge window for this development cycle, 12,317 non-merge changesets had found their way into the mainline; about 4,800 of those landed after last week's summary was written. As tends to be the case late in the merge window, many of those changes were fixes for the bigger patches that went in early, but there were also a number of new features added.

Kernel prepatch 4.19-rc1

Sunday 26th of August 2018 10:52:32 PM
Linus has released 4.19-rc1 and closed the merge window for this development cycle. "This was a fairly frustrating merge window, partly because 4.19 looks to be a pretty big release (no single reason), and partly just due to random noise. We had the L1TF hw vulnerability disclosure early in the merge window, which just added the usual frustration due to having patches that weren't public. That just shows just how good all our infrastructure for linux-next and various automated testing systems have become, in how painful it is when it's lacking."

More in Tux Machines

Android Leftovers

Elementary OS Juno Beta 2 Released

Elementary OS June beta 2 is now available to download. This second beta build of the Ubuntu-based Linux distribution touts a number of changes over the elementary OS june beta released back in July. Due to the shifting sands on which Juno is built the elementary team advise those planning on testing the release to do so by making a fresh install rather than doing an upgrade from beta 1 or (worse) an older version of elementary OS. Read more

today's howtos

Linux - The beginning of the end

You should never swear at people under you - I use the word under in the hierarchical sense. Colleagues? Well, probably not, although you should never hold back on your opinion. Those above you in the food chain? It's fair game. You risk it to biscuit it. I say, Linus shouldn't have used the language he did in about 55-65% of the cases. In those 55-65% of the cases, he swore at people when he should have focused on swearing at the technical solution. The thing is, people can make bad products but that does not make them bad people. It is important to distinguish this. People often forget this. And yes, sometimes, there is genuine malice. My experience shows that malice usually comes with a smile and lots of sloganeering. The typical corporate setup is an excellent breeding ground for the aspiring ladder climber. Speaking of Linus, it is also vital to remember that the choice of language does not always define people, especially when there are cultural differences - it's their actions. In the remainder of the cases where "bad" language was used (if we judge it based on the approved corporate lingo vocab), the exchange was completely impersonal - or personal from the start on all sides - in which case, it's a different game. The problem is, it's the whole package. You don't selective get to pick a person's attributes. Genius comes with its flaws. If Linus was an extroverted stage speaker who liked to gushy-mushy chitchat and phrase work problems in empty statements full of "inspiring" and "quotable" one-liners, he probably wouldn't be the developer that he is, and we wouldn't have Linux. So was he wrong in some of those cases? Yes. Should he have apologized? Yes, privately, because it's a private matter. Definitely not the way it was done. Not a corporate-approved kangaroo court. The outcome of this story is disturbing. A public, humiliating apology is just as bad. It's part of the wider corporate show, where you say how sorry you are on screen (the actual remorse is irrelevant). Linus might actually be sorry, and he might actually be seeking to improve his communication style - empathy won't be part of that equation, I guarantee that. But this case - and a few similar ones - set a precedence. People will realize, if someone like Linus gets snubbed for voicing his opinion - and that's what it is after all, an opinion, regardless of the choice of words and expletives - how will they be judged if they do something similar. But not just judged. Placed in the (social) media spotlight and asked to dance to a tune of fake humility in order to satisfy the public thirst for theatrics. You are not expected to just feel remorse. You need to do a whole stage grovel. And once the seed of doubt creeps in, people start normalizing. It's a paradox that it's the liberal, democratic societies that are putting so much strain on the freedom of communication and speech. People forget the harsh lessons of the past and the bloody struggles their nations went through to ensure people could freely express themselves. Now, we're seeing a partial reversal. But it's happening. The basket of "not allowed" words is getting bigger by the day. This affects how people talk, how they frame their issues, how they express themselves. This directly affects their work. There is less and less distinction between professional disagreement and personal slight. In fact, people deliberately blur the lines so they can present their business ineptitude as some sort of Dreyfuss witchhunt against their glorious selves. As an ordinary person slaving in an office so you can pay your bills and raise your mediocre children, you may actually not want to say something that may be construed as "offensive" even though it could be a legitimate complaint, related to your actual work. This leads to self-censored, mind-numbing normalization. People just swallow their pride, suppress their problems, focus on the paycheck, and just play the life-draining corporate game. Or they have an early stroke. Read more Also: Google Keeps Pushing ChromeOS and Android Closer Together