Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 56 min ago

FSFE: REUSE Booster helps Free Software projects with licensing and copyright

3 hours 4 min ago
The Free Software Foundation Europe introduces REUSE Booster. REUSE is a set of best practices to make Free Software licensing easier. "With REUSE Booster, we go one step further. We invite Free Software projects to register for getting help by the FSFE's legal experts. As the name suggests, this will boost the process of adopting the best practices as well as general understanding of licensing and copyright." The registration deadline is July 8.

linux.dev mailboxes for kernel developers

5 hours 17 min ago
Konstantin Ryabitsev has announced a new service providing @linux.dev mailboxes for people to use with kernel development. The documentation page has more information. "This is a BETA offering. Currently, it is only available to people listed in the MAINTAINERS file. We hope to be able to offer it to everyone else who can demonstrate an ongoing history of contributions to the Linux kernel (patches, git commits, mailing list discussions, etc)."

Security updates for Tuesday

7 hours 4 min ago
Security updates have been issued by CentOS (389-ds-base, dhcp, firefox, glib2, hivex, kernel, postgresql, qemu-kvm, qt5-qtimageformats, samba, and xorg-x11-server), Fedora (kernel and kernel-tools), Oracle (kernel and postgresql), Red Hat (dhcp and gupnp), Scientific Linux (gupnp and postgresql), SUSE (postgresql10 and xterm), and Ubuntu (imagemagick).

A possible copyright-policy change for glibc

7 hours 52 min ago
The GNU C Library developers are asking for comments on a proposal to stop requiring developers to assign their copyrights to the Free Software Foundation. This mirrors the recent change by GCC, except that the community is being consulted first. "The changes to accept patches with or without FSF copyright assignment would be effective on August 2nd, and would apply to all open branches. The glibc stewards, like the GCC SC, continue to affirm the principles of Free Software, and that will never change."

Aya: writing BPF in Rust

8 hours 45 min ago
The first release of the Aya BPF library has been announced; this project allows the writing of BPF programs in the Rust language. "Over the last year I've talked with many folks interested in using eBPF in the Rust community. My goal is to get as many of you involved in the project as possible! Now that the rustc target has been merged, it's time to build a solid foundation so that we can enable developers to write great eBPF enabled apps".

[$] quotactl_path() becomes quotactl_fd()

Monday 14th of June 2021 10:45:43 PM
The quotactl() system call is used to manipulate disk quotas on a filesystem; it can be used to turn quota enforcement on or off, change quotas, retrieve current usage information, and more. The 5.13 merge window brought in a new variant of that system call that was subsequently disabled due to API concerns; its replacement is now taking form.

Google's fully homomorphic encryption package

Monday 14th of June 2021 05:34:59 PM
The Google Developers Blog has this announcement describing the release of a fully homomorphic encryption project under the Apache license. "With FHE, encrypted data can travel across the Internet to a server, where it can be processed without being decrypted. Google’s transpiler will enable developers to write code for any type of basic computation such as simple string processing or math, and run it on encrypted data. The transpiler will transform that code into a version that can run on encrypted data. This then allows developers to create new programming applications that don’t need unencrypted data." See this white paper for more details on how it all works.

Security updates for Monday

Monday 14th of June 2021 03:36:00 PM
Security updates have been issued by Arch Linux (apache, gitlab, inetutils, isync, kube-apiserver, nettle, polkit, python-urllib3, python-websockets, thunderbird, and wireshark-cli), Debian (squid3), Fedora (glibc, libxml2, mingw-openjpeg2, and openjpeg2), Mageia (djvulibre, docker-containerd, exif, gnuchess, irssi, jasper, kernel, kernel-linus, microcode, python-lxml, python-pygments, rust, slurm, and wpa_supplicant, hostapd), openSUSE (389-ds and pam_radius), Oracle (.NET Core 3.1, container-tools:3.0, container-tools:ol8, krb5, microcode_ctl, postgresql:12, postgresql:13, and runc), Red Hat (dhcp, postgresql, postgresql:10, postgresql:12, postgresql:9.6, rh-postgresql10-postgresql, rh-postgresql12-postgresql, and rh-postgresql13-postgresql), Scientific Linux (dhcp and microcode_ctl), SUSE (ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone, crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store, freeradius-server, libjpeg-turbo, spice, and squid), and Ubuntu (rpcbind).

Kernel prepatch 5.13-rc6

Sunday 13th of June 2021 11:27:16 PM
The 5.13-rc6 kernel prepatch is out for testing. "Nothing particularly special to say about this - rc6 is certainly smaller than rc5 was, so we're moving in the right direction".

[$] Code humor and inclusiveness

Friday 11th of June 2021 10:41:14 PM
Free-software development is meant to be fun, at least some of the time. Even developers of database-management systems seem to think that it is fun; there is no accounting for taste, it seems. Part of having fun is certainly allowing the occasional exercise of one's sense of humor while working on the code. But, as some recent "fix" attempts show, humor does not always carry through to developers all over the planet. Balancing humor and inclusiveness is always going to be a challenge for our community.

Privacy analysis of FLoC (Mozilla blog)

Friday 11th of June 2021 10:40:46 PM
Over on the Mozilla blog, Eric Rescorla looks into some of the privacy implications of the Federated Learning of Cohorts (FLoC), which is a Google effort to replace third-party cookies with a different type of identifier that is less trackable. But less tracking does not equal no tracking. "People's interests aren't constant and neither are their FLoC IDs. Currently, FLoC IDs seem to be recomputed every week or so. This means that if a tracker is able to use other information to link up user visits over time, they can use the combination of FLoC IDs in week 1, week 2, etc. to distinguish individual users. This is a particular concern because it works even with modern anti-tracking mechanisms such as Firefox's Total Cookie Protection (TCP). TCP is intended to prevent trackers from correlating visits across sites but not multiple visits to one site. FLoC restores cross-site tracking even if users have TCP enabled."

Poettering: The Wondrous World of Discoverable GPT Disk Images

Friday 11th of June 2021 10:08:05 PM
In a lengthy blog post, Lennart Poettering describes the advantages of using the unique IDs (UUIDs) and flags from the discoverable partitions specification to label the entries in a GUID Partition Table (GPT). That information can be used to tag disk images in a self-descriptive way, so that external configuration files (such as /etc/fstab) are not needed to assemble the filesystems for the running system. Systemd can use this information in a variety of ways, including for running the image in a container: "If a disk image follows the Discoverable Partition Specification then systemd-nspawn has all it needs to just boot it up. Specifically, if you have a GPT disk image in a file foobar.raw and you want to boot it up in a container, just run systemd-nspawn -i foobar.raw -b, and that's it (you can specify a block device like /dev/sdb too if you like). It becomes easy and natural to prepare disk images that can be booted either on a physical machine, inside a virtual machine manager or inside such a container manager: the necessary meta-information is included in the image, easily accessible before actually looking into its file systems."

Security updates for Friday

Friday 11th of June 2021 02:02:52 PM
Security updates have been issued by Debian (libwebp), Fedora (firefox, lasso, mod_auth_openidc, nginx, redis, and squid), Oracle (.NET 5.0, container-tools:2.0, dhcp, gupnp, hivex, kernel, krb5, libwebp, nginx:1.16, postgresql:10, and postgresql:9.6), SUSE (containerd, docker, runc, csync2, and salt), and Ubuntu (libimage-exiftool-perl, libwebp, and rpcbind).

[$] Implementing eBPF for Windows

Thursday 10th of June 2021 10:19:11 PM
Extended BPF (eBPF), the general-purpose execution engine inside of the Linux kernel, has proved helpful for tracing and monitoring the system, for processing network packets, or generally for extending the behavior of the kernel. So helpful, in fact, that developers working on other operating systems have been watching it. Dave Thaler and Poorna Gaddehosur, on behalf of Microsoft, recently published an implementation of eBPF for Windows. A Linux feature making its way to Windows, in itself, deserves attention. Even more so when that feature has brought new degrees of programmability to the Linux kernel over the last few years. This makes it especially interesting to look at what the new project can do, and to ponder how the current ecosystem might evolve as eBPF begins its journey toward Windows.

Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug (GitHub blog)

Thursday 10th of June 2021 10:01:51 PM
On the GitHub blog, Kevin Backhouse writes about a privilege escalation vulnerability in polkit, which "enables an unprivileged local user to get a root shell on the system" CVE-2021-3560 "is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request. [...] Why does killing the dbus-send command cause an authentication bypass? The vulnerability is in step four of the sequence of events listed above. What happens if polkit asks dbus-daemon for the UID of connection :1.96, but connection :1.96 no longer exists? dbus-daemon handles that situation correctly and returns an error. But it turns out that polkit does not handle that error correctly. In fact, polkit mishandles the error in a particularly unfortunate way: rather than rejecting the request, it treats the request as though it came from a process with UID 0. In other words, it immediately authorizes the request because it thinks the request has come from a root process."

Another batch of stable kernels

Thursday 10th of June 2021 04:06:13 PM
The 5.12.10, 5.10.43, 5.4.125, 4.19.194, 4.14.236, 4.9.272, and 4.4.272 stable kernels have been released. As usual, they contain fixes all over the kernel tree and users of those series should upgrade.

Security updates for Thursday

Thursday 10th of June 2021 02:08:24 PM
Security updates have been issued by Debian (htmldoc, lasso, and rails), Fedora (exiv2, firefox, and microcode_ctl), openSUSE (python-HyperKitty), Oracle (389-ds-base, qemu-kvm, qt5-qtimageformats, and samba), Red Hat (container-tools:3.0, container-tools:rhel8, postgresql:12, and postgresql:13), Scientific Linux (389-ds-base, hivex, libwebp, qemu-kvm, qt5-qtimageformats, samba, and thunderbird), SUSE (caribou, djvulibre, firefox, gstreamer-plugins-bad, kernel, libopenmpt, libxml2, python-Pillow, qemu, spice, spice-gtk, and ucode-intel), and Ubuntu (rpcbind).

[$] LWN.net Weekly Edition for June 10, 2021

Thursday 10th of June 2021 12:00:51 AM
The LWN.net Weekly Edition for June 10, 2021 is available.

[$] When and how to evaluate Python annotations

Wednesday 9th of June 2021 04:57:04 PM
Annotations in Python came late to the party; they were introduced in Python 3 as a way to attach information to functions describing their arguments and return values. While that mechanism had obvious applications for adding type information to Python functions, standardized interpretations for the annotations came later with type hints. But evaluating the annotations at function-definition time caused some difficulties, especially with respect to forward references to type names, so a Python Enhancement Proposal (PEP) was created to postpone their evaluation until they were needed. The PEP-described behavior was set to become the default in the upcoming Python 3.10 release, but that is not to be; the postponement of evaluation by default has itself been postponed in the hopes of unwinding things.

Security updates for Wednesday

Wednesday 9th of June 2021 03:36:47 PM
Security updates have been issued by Debian (eterm, mrxvt, and rxvt), Mageia (cgal, curl, exiv2, polkit, squid, thunderbird, and upx), openSUSE (firefox and libX11), Oracle (libwebp, nginx:1.18, and thunderbird), Red Hat (.NET 5.0, .NET Core 3.1, 389-ds-base, dhcp, gupnp, hivex, kernel, kernel-rt, libldb, libwebp, microcode_ctl, nettle, postgresql:10, postgresql:9.6, qemu-kvm, qt5-qtimageformats, rh-dotnet50-dotnet, and samba), SUSE (apache2-mod_auth_openidc, firefox, gstreamer-plugins-bad, kernel, libX11, pam_radius, qemu, runc, spice, and spice-gtk), and Ubuntu (intel-microcode and rpcbind).

More in Tux Machines

Debian: Raphaël Hertzog (LTS Work), Jonathan Dowland (IkiWiki), and Ben Hutchings (Also LTS)

  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, May 2021

    In May, we again put aside 2100 EUR to fund Debian projects. There was no proposals for new projects received, thus we’re looking forward to receive more projects from various Debian teams! Please do not hesitate to submit a proposal, if there is a project that could benefit from the funding! We’re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article.

  • Jonathan Dowland: Opinionated IkiWiki v1

    It's been more than a year since I wrote about Opinionated IkiWiki, a pre-configured, containerized deployment of Ikiwiki with opinions. My intention was to make something that is easy to get up and running if you are more experienced with containers than IkiWiki.

  • Ben Hutchings: Debian LTS work, May 2021

    In May I was assigned 13.5 hours of work by Freexian's Debian LTS initiative and carried over 4.5 hours from earlier months. I worked 16 hours and will carry over the remainder. I finished reviewing the futex code in the PREEMPT_RT patchset for Linux 4.9, and identified several places where it had been mis-merged with the recent futex security fixes. I sent a patch for these upstream, which was accepted and applied in v4.9.268-rt180.

IBM/Red Hat/Fedora Leftovers

  • Javier Martinez Canillas: The curious case of the ghostly modalias

    I was finishing my morning coffee at the Fedora ARM mystery department when a user report came into my attention: the tpm_tis_spi driver was not working on a board that had a TPM device connected through SPI. There was no /dev/tpm0 character device present in the system, even when the driver was built as a module and the Device Tree (DT) passed to the kernel had a node with a "infineon,slb9670" compatible string.

  • What you need to know about WebSphere Hybrid Edition – IBM Developer

    IBM WebSphere Hybrid Edition is a bundle of IBM runtimes for enterprise and cloud-native Java workloads. WebSphere Hybrid Edition enables developers to flexibly deploy both WebSphere traditional runtimes and Liberty runtimes (including the open-source Open Liberty framework), depending on their needs while optimizing the use of WebSphere Network Deployment, WebSphere Application Server, and Liberty Core license entitlements. WebSphere Application Server traditional is a trusted application server for Java EE applications. Liberty is a fast, lightweight, and modular framework for cloud-native Java applications and microservices that are optimized for cloud and Kubernetes and supporting a wide spectrum of Java APIs, including the latest Eclipse MicroProfile and Jakarta EE API. With WebSphere Hybrid Edition, you can continue to run workloads on WebSphere Application Server traditional reliably, build new services on Liberty and deploy them to cloud, and modernize and refactor your legacy applications whenever you’re ready at your own pace. The choices are yours.

  • Understanding the CentOS 7 filesystem hierarchy - Linux Concept

    We can compare a filesystem to a refrigerator, or any other storage with multiple shelves that is used for storing different items. These shelves or compartments help us to organize grocery items in our refrigerator by certain characteristics, such as shape, size, type, and so on. The same analogy is applicable to a filesystem, which is the epitome of storing and organizing collections of data and files in human-usable form.

  • File encryption and decryption made easy with GPG | Enable Sysadmin

    GPG is a popular Linux encrypting tool. Find out how to use its power to keep private files private.

  • Molly de Blanc: Welcome Red Hat as a GUADEC Sponsor [Ed: IBM ('Red Hat') rewarding, financially, those who attacked Richard Stallman and the FSF with hate and defamation]

    “As one of the many active contributors within the vibrant GNOME community, Red Hat is very pleased to also be among the sponsors of this year’s GUADAC event,” said a representative from Red Hat. “Community is about connections, and as we move into a world that is waking up from decreased social contact, those connections are more important than ever. GNOME remains an incredible part of the open source ecosystem, and the conversations made at GUADEC amongst users and contributors are a big reason why GNOME continues to be successful! We are thrilled to be a part of these conversations and look forward to participating in the GUADEC 2021 online event.” Kristi Progri, lead organizer of GUADEC, says “On behalf of everyone at GUADEC organizing team, I would like to express our sincere gratitude for the generous sponsorship to GUADEC, We’re happy they’re joining us again at GUADEC to help build GNOME and show the community what they are working on.”

  • Red Hat Migration Toolkit for Virtualization Now Available

    Red Hat has announced the general availability of Red Hat’s migration toolkit for virtualization to help organizations accelerate open hybrid cloud strategies by making it easier to migrate existing workloads to modern infrastructure in a streamlined, wholesale manner. By bringing applications based on virtual machines (VMs) to Red Hat OpenShift, IT organizations can experience a smoother, more scalable modernization experience while mitigating potential risks and downtime.

  • Move virtual machines to OpenShift at-scale with Red Hat’s migration toolkit for virtualization

    Red Hat OpenShift, the industry’s leading enterprise Kubernetes platform, is used by enterprises across the globe that are looking to bring applications to market faster. The benefits of OpenShift can be extended to virtualized workloads through OpenShift Virtualization, OpenShift’s capability for Kubernetes-native virtualization, but first comes the hard part: How do you actually move your workloads to Kubernetes in the first place?

  • How open source is lowering barriers to higher education

    Stepping into the college experience is a whirlwind. For many people, it’s your first time away from home and one of the first times that you are tasked with managing your life on your own. There are a lot of details you need to figure out. Are you going to live on campus or off? What meal plan do you want to use? What do you want to choose as your major? What classes do you want to take? And likely most pressing, how are you going to afford everything you need? When talking about the cost of education, there is one thing that is an issue for every student: the cost of textbooks. Textbooks for a college course can cost upwards of $100 apiece and, depending on how many courses you are taking in a semester, that can add up very quickly. In fact, the College Board found that the average university student spends more than $1,200 on books each year. For students it can be hard to justify the steep costs of books, especially when it comes to courses outside your field of study.

  • Fedora Community Blog: Heroes of Fedora (HoF) – F34 Final

    Hello fellow testers, welcome to the Fedora Linux 34 Final installation of Heroes of Fedora! In this post, we’ll look at the stats concerning the testing of Fedora Linux 34 Final. The purpose of Heroes of Fedora is to provide a summation of testing activity on each milestone release of Fedora. Without community support, Fedora would not exist, so thank you to all who contributed to this release! Without further ado, let’s get started!

Sovereignty on a Federated System: problems we faced on GNOME’s Matrix instance

This post follows an introduction to Matrix with e-mails, where I explain that Matrix is a federated system. Federation can be either public or private. A public server can communicate with any other server, except the ones which are explicitely avoided. Meanwhile, a private server can only communicate with a selected list of other servers. Private federation is often deployed between entities that can trust each other, for example between universites. There often are processes to take back control of things when they derail on a server you don’t manage, because people on the remote server are contractually bound with you. But many organisations, and especially open source projets, deploy their instance in public federation. This means strangers from the Internet can interact with your server. Public federation comes with its own set of non-technical risks. In this post I’m going to guide you through the problems we faced on our GNOME Matrix instance. For each problem I’ll bring a solution. They will be consolidated at the end of the post in the form of a target we want to reach eventually, along with the acknowledgement of the limits of what we can do. Please note that these problems have more to do with careful planning and deployment than with the Matrix protocol itself. Read more

Security-Oriented Alpine Linux 3.14 Released with KDE Plasma 5.22, QEMU 6.0, and More

Five months in the works, Alpine Linux 3.14 is here as another big update for this security-oriented distribution, featuring the latest and greatest KDE Plasma 5.22 desktop environment series, along with the KDE Gear 21.04.2 software suite, for those who want to install the KDE Plasma desktop. But, Alpine Linux is a Linux distribution designed for servers, firewalls, routers, VPNs, etc., so it comes with major updates for packages needed for these type of setups. These include Lua 5.4.3, HAProxy 2.4.0, nginx 1.20.0, njs 0.5.3, Node.js 14.17.0, PostgreSQL 13.3, Python 3.9.5, QEMU 6.0.0, R 4.1.0, and Zabbix 5.4.1. Read more