Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 17 min ago

Security updates for Monday

7 hours 17 min ago
Security updates have been issued by CentOS (firefox, gnupg2, kernel, python, and qemu-kvm), Debian (389-ds-base, cups, imagemagick, kernel, mailman, ruby2.1, sssd, thunderbird, and znc), Fedora (glpi, hadoop, kernel, rubygem-sprockets, singularity, thunderbird, wordpress, xapian-core, and xen), Mageia (cantata and flash-player-plugin), openSUSE (exiv2, libvorbis, nodejs6, nodejs8, openslp, singularity, slurm, and tiff), and SUSE (kernel-azure and openssl).

Kernel prepatch 4.18-rc5

Sunday 15th of July 2018 08:49:30 PM
The 4.18-rc5 kernel prepatch has been released. "For some reason this week actually felt very busy, but the rc5 numbers show otherwise. It's all small and calm, and things are progressing nicely."

[$] Tracking pressure-stall information

Friday 13th of July 2018 09:51:00 PM
All underutilized systems are essentially the same, but each overutilized system tends to be overloaded in its own way. If one's goal is to maximize the use of the available computing resources, overutilization tends not to be too far away, but when it happens, it can be hard to tell where the problem is. Sometimes, even the fact that there is a problem at all is not immediately apparent. The pressure-stall information patch set from Johannes Weiner may make life easier for system administrators by exposing more information about the real utilization state of the system.

Security updates for Friday

Friday 13th of July 2018 01:50:01 PM
Security updates have been issued by Debian (cinnamon), Fedora (docker, firefox, jetty, and knot-resolver), Oracle (gnupg2), Scientific Linux (gnupg2), SUSE (gdk-pixbuf, java-1_8_0-openjdk, libopenmpt, php7, and rsyslog), and Ubuntu (dns-root-data, dnsmasq, and thunderbird).

Guido van Rossum resigns as Python leader

Thursday 12th of July 2018 06:00:38 PM
Python creator and Benevolent Dictator for Life Guido van Rossum has decided, in the wake of the difficult PEP 572 discussion, to step down from his leadership of the project. "Now that PEP 572 is done, I don't ever want to have to fight so hard for a PEP and find that so many people despise my decisions. I would like to remove myself entirely from the decision process. I'll still be there for a while as an ordinary core dev, and I'll still be available to mentor people -- possibly more available. But I'm basically giving myself a permanent vacation from being BDFL, and you all will be on your own."

[$] Six (or seven) new system calls for filesystem mounting

Thursday 12th of July 2018 03:00:51 PM
Mounting filesystems is a complicated business. The kernel supports a wide variety of filesystem types, and each has its own, often extensive set of options. As a result, the mount() system call is complex, and the list of mount options is a rather long read. But even with all of that complexity, mount() does not do everything that users would like. For example, the options for a mount operation must all fit within a single 4096-byte page — the fact that this is a problem for some users is illustrative in its own right. The problems with mount() have come up at various meetings, including at the 2018 Linux Storage, Filesystem, and Memory-Management Summit. A set of patches implementing a new approach is getting closer to being ready, but it features some complexity of its own and there are some remaining concerns about the proposed system-call API.

Security updates for Thursday

Thursday 12th of July 2018 01:16:56 PM
Security updates have been issued by Arch Linux (qutebrowser), CentOS (firefox), Debian (ruby-sprockets), Fedora (botan2, git-annex, kernel, kernel-tools, and visualboyadvance-m), Mageia (chromium-browser-stable, graphviz, mailman, nikto, perl-Archive-Zip, redis, and w3m), openSUSE (nextcloud), Oracle (gnupg2), Red Hat (flash-plugin, gnupg2, and kernel), Slackware (bind and curl), SUSE (java-1_8_0-openjdk, php7, rsyslog, slurm, and ucode-intel), and Ubuntu (cups, libpng, and libpng, libpng1.6).

[$] LWN.net Weekly Edition for July 12, 2018

Thursday 12th of July 2018 12:51:39 AM
The LWN.net Weekly Edition for July 12, 2018 is available.

[$] Signing and distributing Gentoo

Wednesday 11th of July 2018 06:55:44 PM

The compromise of the Gentoo's GitHub mirror was certainly embarrassing, but its overall impact on Gentoo users was likely fairly limited. Gentoo and GitHub responded quickly and forcefully to the breach, which greatly limited the damage that could be done; the fact that it was a mirror and not the master copy of Gentoo's repositories made it relatively straightforward to recover from. But the black eye that it gave the project has led some to consider ways to make it even harder for an attacker to add malicious content to Gentoo—even if the distribution's own infrastructure were to be compromised.

A set of stable kernel updates

Wednesday 11th of July 2018 04:44:31 PM
Greg Kroah-Hartman has released stable kernels 4.17.6, 4.14.55, 4.9.112, 4.4.140, and 3.18.115. As usual, they contain important fixes and users should upgrade.

[$] Emacs & TLS

Wednesday 11th of July 2018 03:35:58 PM

A recent query about the status of network security (TLS settings in particular) in Emacs led to a long thread in the emacs-devel mailing list. That thread touched on a number of different areas, including using OpenSSL (or other TLS libraries) rather than GnuTLS, what kinds of problems should lead to complaints out of the box, what settings should be the default, and when those settings could change for Emacs so as not to discombobulate users. The latter issue is one that lots of projects struggle with: what kinds of changes are appropriate for a bug-fix release versus a feature release. For Emacs, its lengthy development cycle, coupled with the perceived urgency of security changes, makes that question even more difficult.

Security updates for Wednesday

Wednesday 11th of July 2018 03:12:01 PM
Security updates have been issued by Debian (cups), Oracle (kernel and qemu-kvm), Red Hat (ansible, kernel, kernel-rt, and qemu-kvm), Scientific Linux (kernel and qemu-kvm), Slackware (thunderbird), and Ubuntu (curl, firefox, imagemagick, and xapian-core).

Malware found in the Arch Linux AUR repository

Tuesday 10th of July 2018 10:09:28 PM
Here's a report in Sensors Tech Forum on the discovery of a set of hostile packages in the Arch Linux AUR repository system. AUR contains user-contributed packages, of course; it's not a part of the Arch distribution itself. "The security investigation shows that shows that a malicious user with the nick name xeactor modified in June 7 an orphaned package (software without an active maintainer) called acroread. The changes included a curl script that downloads and runs a script from a remote site. This installs a persistent software that reconfigures systemd in order to start periodically. While it appears that they are not a serious threat to the security of the infected hosts, the scripts can be manipulated at any time to include arbitrary code. Two other packages were modified in the same manner." This thread in the aur-general list shows the timeline of the discovery and response.

[$] Spectre V1 defense in GCC

Tuesday 10th of July 2018 08:48:52 PM
In many ways, Spectre variant 1 (the bounds-check bypass vulnerability) is the ugliest of the Meltdown/Spectre set, despite being relatively difficult to exploit. Any given code base could be filled with V1 problems, but they are difficult to find and defend against. Static analysis can help, but the available tools are few, mostly proprietary, and prone to false positives. There is also a lack of efficient, architecture-independent ways of addressing Spectre V1 in user-space code. As a result, only a limited effort (at most) to find and fix Spectre V1 vulnerabilities has been made in most projects. An effort to add some defenses to GCC may help to make this situation better, but it comes at a cost of its own.

Security updates for Tuesday

Tuesday 10th of July 2018 03:07:50 PM
Security updates have been issued by Debian (ruby-sprockets), Red Hat (ansible and rh-git29-git), Scientific Linux (firefox), SUSE (ceph), and Ubuntu (libjpeg-turbo, ntp, and openslp-dfsg).

[$] IR decoding with BPF

Monday 9th of July 2018 03:46:19 PM
In the 4.18 kernel, a new feature was merged to allow infrared (IR) decoding to be done using BPF. Infrared remotes use many different encodings; if a decoder were to be written for each, we would end up with hundreds of decoders in the kernel. So, currently, the kernel only supports the most widely used protocols. Alternatively, the lirc daemon can be run to decode IR. Decoding IR can usually be expressed in a few lines of code, so a more lightweight solution without many kernel-to-userspace context switches would be preferable. This article will explain how IR messages are encoded, the structure of a BPF program, and how a BPF program can maintain state between invocations. It concludes with a look at the steps that are taken to end up with a button event, such as a volume-up key event.

Security updates for Monday

Monday 9th of July 2018 03:31:32 PM
Security updates have been issued by Debian (bouncycastle and ca-certificates), Fedora (cantata, cinnamon, php-symfony3, and transifex-client), openSUSE (ghostscript, openssl, openvpn, php7, rubygem-yard, thunderbird, ucode-intel, and unzip), and SUSE (libqt4, nodejs8, and openslp).

Kernel prepatch 4.18-rc4

Monday 9th of July 2018 11:06:32 AM
The 4.18-rc4 kernel prepatch has been released. "Things look pretty normal here, and size-wise this looks good too, so it's another of those 'solid progress to release' weeks. Boring is good."

A pair of stable kernel updates

Sunday 8th of July 2018 03:06:13 PM
The 4.17.5 and 4.14.54 stable kernels have been released with yet another set of important fixes.

An interview with Jonathan Corbet

Friday 6th of July 2018 08:17:01 PM
For those with a significant chunk of spare time and nothing better to do: Swapnil Bhartiya interviewed LWN editor Jonathan Corbet in February has now posted the resulting video on the Patreon site.

More in Tux Machines

OSS: Apache Cassandra, Jib,WSO2 and More

  • Apache Cassandra at 10: Making a community believe in NoSQL
    Ten years ago this month, when Lehman Brothers was still just about in business and the term NoSQL wasn't even widely known, let alone an irritant, Facebook engineers open-sourced a distributed database system named Cassandra. Back then, the idea that huge numbers of companies would need a scalable database was almost laughable – and that grip of traditional relational database systems is reflected in the mythical moniker given to what would become one of the first of many databases designed to run on a cluster of machines. Named after the Greek figure who was cursed to utter the truth but was never believed, Cassandra might seem an odd choice for a system whose raison d'être is believability – but it delivered a nice dig at the stalwarts of the RDBMS world… and their trust in a false Oracle.
  • Google Launches Jib, Automated Container Packaging for Java Apps
    Google has released software that could automate the packaging of a Java program so that it can be run in the cloud-native environment. Jib is an open-source Java “containerizer,” one that handles all the steps of packaging your application into a container image, according to Appu Goundan and Qingyang Chen, two Google engineers who co-wrote a blog post announcing the new technology. Created over two decades ago at Sun Microsystems, Java was introduced as a “write once, run anywhere” programming language, where all the code would be packaged in a JAR file, and run by a Java Virtual Machine on any platform. The requirements for running code anywhere have expanded with the introduction of containerization, however. Few shops are Java-only these days, and many are turning to containerization for true application portability,
  • WSO2 Summer 2018 Release Brings Agility to Secure Microservices Integration
  • New Operations in Mexico Extend WSO2’s Reach Across Latin America
  • How Open Source Became The Default Business Model For Software
  • 10 Best Kodi Addons You Should Install In 2018 | Legal Addons
    Kodi is one of the most popular media player software which enables you to access videos, music, and pictures via the internet or local storage on a host of platforms. Managed by XBMC foundation, Kodi is an open source software. However, its reputation has been soiled by labeling it as a piracy bearer, and that is why many ask “Is Kodi legal?” You can read more about Kodi and whether it is legal or not here.
  • Summer of Code: Plan for the grand finale
    To get that done, I have to polish up my smack-openpgp branch which has grown to a size of 7000 loc. There are still some minor quirks, but Florian recommended to focus on the big picture instead of spending too much time on small details and edge cases. I also have to release pgpainless to maven central and establish some kind of release cycle. It will be a future challenge for me personally to synchronize the releases of smack-openpgp and pgpainless.
  • Collaborative World Shaping: Why Open-Source Tech Matters in a For-Impact Future
    How many lives could be saved if there was a way to vastly cut down inefficiency and through bureaucracy, by problem solving at a global scale? Could technology help us reach more individuals in need more meaningfully, substantially helping people affected by disasters – in less time? The technology is already out there – but not enough people know about it. In 2017, Hurricane Irma—the strongest hurricane ever recorded in the Atlantic Ocean—made landfall; with widespread, “catastrophic” damage, disaster relief organizations were overwhelmed. “A lot of traditional means of crisis response are very top down, and they didn’t really kick in — we saw headlines about how the Red Cross didn’t show up to shelters,” said Greg Bloom, a community organizer and civic hacker who knew he had to step in to assist.
  • The First Open-Source Smart Contract Platform to be Started by Rootstock
    RSK Labs, formerly known as Rootstock, an Argentinian startup building the first open-source smart contract platform with a 2-way peg to Bitcoin.RSK Labs CEO Diego Gutiérrez Zaldívar on Bitcoin Smart Contracts Sidechain and Crypto Industry Challenges. Even though at this point of time the 2-way peg security of the RSK blockchain is still relying on a group of third parties called ‘Federation’, in the future the developers promise to bring a “trustless” automatic peg. How fast this happens to some degree depends on the overall miners support. The company says its goal is to add value and functionality to the Bitcoin ecosystem by enabling Ethereum-like smart-contracts, near instant payments and higher-scalability, and this past January after almost two years of development its mainnet dubbed Bamboo was finally launched.
  • Creality’s Ender 3 3D Printer is Now Fully Open Source
    Creality3D, founded in 2014, is a 3D printer manufacturer based in China, offering more than 20 products. Their popular Ender 3 was recently voted “Best 3D Printer Under $200” by All3DP (review here). Now, the company is making their most popular 3D printer, the Ender 3, completely open source. This makes it the first Open Source Hardware Association certified 3D printer in China. This means not just a few files have been shared, but all hardware, CAD files, board schematics and firmware files are available. You can find the updated versions on the company’s GitHub page.
  • Charité's researchers integrate open-source platform into the 'Human Brain Project'
    Universitätsmedizin Berlin and the Berlin Institute of Health (BIH) are pleased to announce that 'The Virtual Brain' neuroinformatics platform has joined the EU's Flagship 'Human Brain Project'. With financial support from the EU's Horizon 2020 research and innovation program, Charité's researchers are now integrating their open-source platform into the 'Human Brain Project'. This will provide participating researchers with a research infrastructure that promotes efficiency and reproducibility. The researchers will focus on refining the theoretical underpinnings of the computer models used, developing efficient simulation technology, and working on neuroinformatics solutions that enhance the reproducibility of studies.

Kernel and Graphics: PDS, VKMS and Nouveau

  • PDS 0.98s release
    PDS 0.98s is released with the following changes 1. Fix compilation issue on raspberry pi. 2. Minor rework and optimization on balance code path. 3. Fix wrong nr_max_tries in migrate_pending_tasks. This is mainly a bug fix and minor optimization release for 4.17. The rework of balance code doesn't go well, it actually make more overhead than current implement. Another rework which based on current implement is still on going, hopefully be included in next release.
  • PDS-MQ CPU Scheduler Revised For The Linux 4.17 Kernel With Minor Optimizations
    Alfred Chen announced this week the release of PDS-mq 0.98s, his latest patch-set of this CPU scheduler against the Linux 4.17 upstream code-base and includes minor optimization work and bug fixes. The PDS scheduler stands for the "Priority and Deadline based Skiplist multiple queue scheduler" that is derived from Con Kolivas' former BFS scheduler with Variable Run Queue (VRQ) support. PDS design principles are to be a simple CPU process scheduler yet efficient and scalable. PDS-mq differs from Con Kolivas' current MuQSS scheduler.
  • Add infrastructure for Vblank and page flip events in vkms simulated by hrtimer
    Since the beginning of May 2018, I have been diving into the DRM subsystem. In the beginning, nothing made sense to me, and I had to fight hard to understand how things work. Fortunately, I was not alone, and I had great support from Gustavo Padovan, Daniel Vetter, Haneen Mohammed, and the entire community. Recently, I finally delivered a new feature for VKMS: the infrastructure for Vblank and page flip events. At this moment, VKMS have regular Vblank events simulated through hrtimers (see drm-misc-next), which is a feature required by VKMS to mimic real hardware [6]. The development approach was entirely driven by the tests provided by IGT, more specifically the kms_flip. I modified IGT to read a module name via command line and force the use of it, instead of using only the modules defined in the code (patch submitted to IGT, see [1]). With this modification in the IGT, my development process to add a Vblank infrastructure to VKMS had three main steps as Figure 1 describes.
  • The State Of The VKMS Driver, Preparations For vBlank & Page Flip Events
    One of the exciting additions to look forward to with the upcoming Linux 4.19 kernel cycle is the virtual "VKMS" kernel mode-setting driver. The driver is still a work-in-progress, but multiple developers are working on it.
  • NIR Continues To Be Prepped For OpenCL Support
    Longtime Nouveau contributor Karol Herbst who joined Red Hat several months ago has been working on Nouveau NIR support as stepping towards SPIR-V/compute support and this summer the work very much remains an active target.
  • Nouveau Gallium3D Moves Closer Towards OpenGL 4.5 Compliance
    While the RadeonSI and Intel i965 Mesa drivers have been at OpenGL 4.5 compliance for a while now, the Nouveau "NVC0" Gallium3D driver has been bound to OpenGL 4.3 officially. This Nouveau Gallium3D driver for NVIDIA "Fermi" graphics hardware and newer has effectively supported all of the OpenGL 4.4/4.5 extensions, but not officially. Originally the NVC0 problem for OpenGL 4.4 and newer was the requirement of passing the OpenGL Conformance Test Suite (CTS), which at first wasn't open-source. But now The Khronos Group has made it available to everyone as open-source. Additionally, the proper legal wrangling is in place so the Nouveau driver could become a conforming Khronos adopter under the X.Org Foundation without any associated costs/fees with Nouveau being purely open-source and primarily considered a community driver.

DistroWatch The Best Website For Distro Hoppers

The DistroWatch features release announcements of new versions of hundreds of Linux and other distributions. It does host reviews of distros, podcasts, and newsletters. DistroWatch first published by Ladislav Bodnar, the founder, and maintainer, on May 31, 2001. DistroWatch initially focused on Linux distributions. But later based on user requests, it went on adding different flavors of operating systems like BSD family, Android x86, Oracle Solaris, MINIX, and Haiku etc. The DistroWatch presents detailed information at one place in a very convenient manner. At the time of writing this article, the DistroWatch hosted information of more than 300 active distributions (referring the list of distros populated under drop-down feature on the first page of the DistroWatch) and more than hundred in queue. It is said that the DistroWatch lives out of advertising and donation. LinuxCD.org is the first to advertise on the DistroWatch site. Read more

Ubuntu 18.04 LTS and 16.04 LTS Amazon Linux AMIs Now Support Amazon's SSM Agent

As of July 2018, Amazon's Linux AMIs (Amazon Machine Images) that are based on either the Ubuntu 16.04 LTS (Xenial Xerus) or Ubuntu 18.04 LTS (Bionic Beaver) operating systems now come pre-installed with the AWS Systems Manager Agent (SSM Agent), an Amazon software designed to run on hybrid or Amazon EC2 instances in public and private clouds on AWS (Amazon Web Services). "With this new feature release, AWS Systems Manager Agent is installed by default on all instances launched or built from Ubuntu 16.04 LTS (2018.07 and later) and 18.04 LTS (all versions) AMIs," said Amazon. "By having the agent pre-installed, you can quickly start using AWS Systems Manager features such as Run Command, State Manager, Inventory and Patch Manager." Read more