Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 35 min ago

[$] Theoretical vs. practical cryptography in the kernel

Thursday 13th of August 2020 04:43:22 PM
Shortly before the release of the 5.8 kernel, a brief patch to a pseudo-random-number generator (PRNG) used by the networking stack was quietly applied to the kernel. As is the norm for such things, the changelog gave no indication that a security vulnerability had been fixed, but that turns out indeed to be the case. The resulting controversy had little to do with the original vulnerability, though, and everything to do with how cryptographic security is managed in the kernel. Figuring prominently in the discussion was the question of whether theoretical security can undermine security in the real world.

Holdgraf: Announcing the new Jupyter Book

Thursday 13th of August 2020 03:19:40 PM
On the Jupyter blog, Chris Holdgraf announces a rewrite of the Jupyter Book project. LWN looked at Jupyter and its interactive notebooks for Python and other languages back in 2018; Jupyter Book extends the notebook idea. "Jupyter Book is an open source project for building beautiful, publication-quality books, websites, and documents from source material that contains computational content. With this post, we’re happy to announce that Jupyter Book has been re-written from the ground up, making it easier to install, faster to use, and able to create more complex publishing content in your books. It is now supported by the Executable Book Project, an open community that builds open source tools for interactive and executable documents in the Jupyter ecosystem and beyond."

Walleij: How the ARM32 Linux kernel decompresses

Thursday 13th of August 2020 02:00:47 PM
For those who are into the details: here is a step-by-step guide through the process of decompressing an Arm kernel and getting ready to boot from Linus Walleij. "Next the decompression code sets up a page table, if it is possible to fit one over the whole uncompressed+compressed kernel image. The page table is not for virtual memory, but for enabling cache, which is then turned on. The decompression will for natural reasons be much faster if we can use cache."

QEMU 5.1.0 released

Thursday 13th of August 2020 01:57:19 PM
Version 5.1.0 of the QEMU processor emulator is out. "This release contains 2500+ commits from 235 authors." Enhancements consist mostly of additional hardware emulation, of course, but it doesn't stop there; see the changelog for lots of details.

Security updates for Thursday

Thursday 13th of August 2020 12:49:53 PM
Security updates have been issued by Debian (linux-4.19, linux-latest-4.19, and openjdk-8) and Fedora (ark and hylafax+).

[$] LWN.net Weekly Edition for August 13, 2020

Thursday 13th of August 2020 12:29:51 AM
The LWN.net Weekly Edition for August 13, 2020 is available.

[$] Building a Flutter application (part 1)

Wednesday 12th of August 2020 04:59:00 PM
In this two-part series, we will be implementing a simple RSS reader for LWN using the UI toolkit Flutter. The project recently announced version 1.20 of the toolkit on August 5. Flutter is a BSD-licensed UI development platform written in Dart that is backed by Canonical as a new way to develop desktop applications targeting Linux. Part one will cover some of the basics of the project and Flutter, with part two building on that work to focus on building a full interactive UI for the application.

Security updates for Wednesday

Wednesday 12th of August 2020 04:26:04 PM
Security updates have been issued by Debian (dovecot and roundcube), Fedora (python36), Gentoo (chromium), openSUSE (ark, firefox, go1.13, java-11-openjdk, libX11, wireshark, and xen), Red Hat (bind and kernel), SUSE (libreoffice and python36), and Ubuntu (dovecot and software-properties).

[$] Local locks in the kernel

Tuesday 11th of August 2020 09:10:50 PM
The Linux kernel has never lacked for synchronization primitives and locking mechanisms, so one might justifiably wonder why there might be a need to add another one. The addition of local locks to 5.8 provides an answer to that question. These locks, which have their origin in the realtime (PREEMPT_RT) tree, were created to solve some realtime-specific problems, but they also bring some much-needed structure to a common locking pattern used in non-realtime kernels as well.

Baker: Changing World, Changing Mozilla

Tuesday 11th of August 2020 06:54:51 PM
Mitchell Baker writes about changes at Mozilla, headlined by the laying-off of 250 people. "Recognizing that the old model where everything was free has consequences, means we must explore a range of different business opportunities and alternate value exchanges. How can we lead towards business models that honor and protect people while creating opportunities for our business to thrive? How can we, or others who want a better internet, or those who feel like a different balance should exist between social and public benefit and private profit offer an alternative?"

Security updates for Tuesday

Tuesday 11th of August 2020 05:43:41 PM
Security updates have been issued by Debian (firmware-nonfree, golang-github-seccomp-libseccomp-golang, and ruby-kramdown), Fedora (kernel, libmetalink, and nodejs), openSUSE (go1.13, perl-XML-Twig, and thunderbird), Oracle (kernel, libvncserver, and thunderbird), Red Hat (kernel-rt and python-paunch and openstack-tripleo-heat-templates), SUSE (dpdk, google-compute-engine, libX11, webkit2gtk3, xen, and xorg-x11-libX11), and Ubuntu (nss and samba).

Stable kernels 5.8.1, 5.7.15, 5.4.58, and 4.19.139

Tuesday 11th of August 2020 05:35:46 PM
Greg Kroah-Hartman has released the 5.8.1, 5.7.15, 5.4.58, and 4.19.139 stable kernels. As usual, these contain lots of important fixes throughout the tree; users should upgrade.

Emacs 27.1 released

Tuesday 11th of August 2020 03:29:39 PM
Version 27.1 of the Emacs editor is out. New features include support for arbitrary-sized integers, HarfBuzz support, improved drawing with Cairo, and the obligatory new JSON parser.

[$] End-to-end network programmability

Monday 10th of August 2020 10:20:51 PM
Nick McKeown kicked off the virtual Netdev 0x14 conference with a talk on extending the programmability of networking equipment well beyond where it is today. His vision is of an end-to-end system with programmable pieces at every level. Getting there will require collaboration between the developers of the networking stacks on endpoint operating systems as well as those of switches, routers, and other backbone equipment. The keynote was held on July 28, a little over two weeks before the seven days of talks, workshops, and tutorials for Netdev, which begins on August 13.

Security updates for Monday

Monday 10th of August 2020 04:12:41 PM
Security updates have been issued by Debian (pillow, ruby-kramdown, wpa, and xrdp), Fedora (ark and rpki-client), Gentoo (apache, ark, global, gthumb, and iproute2), openSUSE (chromium, grub2, java-11-openjdk, libX11, and opera), Red Hat (bind, chromium-browser, java-1.7.1-ibm, java-1.8.0-ibm, and libvncserver), SUSE (LibVNCServer, perl-XML-Twig, thunderbird, and xen), and Ubuntu (samba).

On Perl 7 and the Perl Steering Committee

Saturday 8th of August 2020 04:53:53 PM
For those who are wondering about the state of the proposed Perl 7 fork and the role of the newly formed Perl Steering Committee, Ricardo Signes has put together a detailed explanation that is worth a read. "You should not expect to see a stream of unjustified dictates issuing forth from some secret body on high. You should expect to see perl5-porters operating as it generally did: with proposals coming to the list, getting discussion, and then being thumbed up or down by the project manager. This is what has been happening for years, already. Some proposals were already discussed by the project manager and some were not. If you eliminated any named mailing list for doing this, it would still happen. The PSC is a means to say that there is a default group for such discussions. If you were wondering, its initial membership was formed from 'the people who came to or were invited to the Perl Core Summit' over the last few years."

[$] 5.9 Merge window, part 1

Friday 7th of August 2020 08:21:44 PM
As of this writing, just over 3,900 non-merge changesets have been pulled into the mainline repository for the 5.9 kernel development cycle. While this merge window has just begun, there is already a significant set of new features to point out.

Knauth elected Free Software Foundation president; Bénassy joins board

Friday 7th of August 2020 06:17:48 PM
The Free Software Foundation (FSF) has announced that Geoffrey Knauth has been elected president, and free software activist and developer Odile Bénassy has been appointed to the board of directors. Knauth is replacing Richard Stallman who resigned last year. In Knauth's statement, he said: "The FSF board chose me at this moment as a servant leader to help the community focus on our shared dedication to protect and grow software that respects our freedoms. It is also important to protect and grow the diverse membership of the community."

Security updates for Friday

Friday 7th of August 2020 04:14:50 PM
Security updates have been issued by CentOS (firefox, java-1.8.0-openjdk, java-11-openjdk, libvncserver, postgresql-jdbc, and thunderbird), Debian (firejail and gupnp), Fedora (cutter-re, postgresql-jdbc, radare2, and webkit2gtk3), openSUSE (chromium, firefox, kernel, and python-rtslib-fb), Oracle (container-tools:ol8, kernel, and nss and nspr), Scientific Linux (thunderbird), and SUSE (firefox, kernel, postgresql10 and postgresql12, python-ipaddress, and xen).

Stable kernels 5.7.14, 5.4.57, 4.19.138, and 4.14.193

Friday 7th of August 2020 03:38:24 PM
Greg Kroah-Hartman has released the 5.7.14, 5.4.57, 4.19.138, and 4.14.193 stable kernels. As usual, these contain lots of important fixes throughout the tree; users should upgrade.

More in Tux Machines

[email protected] ARM64 Linux Beta Release for COVID-19 Vaccine Research

A few months ago, we reported that [email protected] supported 64-bit Arm SBC’s and Servers in the Fight against COVID-19. But [email protected] did not support Arm hardware just yet, but thanks to work from Nercotix, Linaro, Arm, miniNodes, and Packet.com, we now get support for [email protected] on ARM64 meaning you can help researchers studying SARS-CoV-2 virus and help them develop a COVID-19 vaccine with Raspberry Pi 3/4 boards, or other 64-bit Arm SBC’s and servers. The solution relies on Neocortix Cloud Services Platform allowing the unused capacity of large numbers of individual mobile phones or other connected nodes to be harnessed into a single, unified computational engine. The very first application that made use of the platform was Neocortix PhonePaycheck were users get paid to let businesses perform calculations on their phones at night while charging and connected to WiFi. That way users of premium phones like Galaxy S10 or S20 can make around $80 a year when used for 8 hours a day, or $240 per year with a spare phone running 24/7. Read more

Security Leftovers

  • An Average IT Org

    Supply chain attacks are a known issue, and also lately there was a discussion around the relevance of reproducible builds. Looking in comparison at an average IT org doing something with the internet, I believe the pressing problem is neither supply chain attacks nor a lack of reproducible builds. The real problem is the amount of prefabricated binaries supplied by someone else, created in an unknown build environment with unknown tools, the average IT org requires to do anything. [...] Yes some of that is even non-free and might contain spyw^telemetry. [...] In the end the binary supply is like a drug for the user, and somehow the Debian project is also just another dealer / middle man in this setup. There are probably a lot of open questions to think about in that context. Are we the better dealer because we care about signed sources we retrieve from upstream and because we engage in reproducible build projects? Are our own means of distributing binaries any better than a binary download from github via https with a manual checksum verification, or the Debian repo at download.docker.com? Is the approach of the BSD/Gentoo ports, where you have to compile at least some software from source, the better one? Do I really want to know how some of the software is actually build?

  • NSA and FBI warn that new Linux malware threatens national security
  • Critical vulnerabilities in Quiz And Survey Master WordPress Plugin

    Quiz and Survey Master is a WordPress plugin for creating quizzes and surveys easily on WordPress sites. It is installed on over 30,000+ websites. Recently WordFence‘s Chloe Chamberland discovered two critical vulnerabilities in Quiz and Survey Master plugin version 7.0.

  • Pros & Cons of WordPress Plugins Auto-updates

    WordPress has released a major update yesterday with some big changes. One of the features is the ability to apply all the plugins and themes updates automatically. Earlier plugins updates could be automatically applied with the help of additional plugins. One popular plugin is Jetpack that can apply available updates automatically. Now WordPress 5.5 core supports auto-updates out of the box. In this article, we will discuss the auto-update feature of WordPress. For many websites, this feature can be a lifesaver but for some, there may involve some risks.

howtos and learning

Open Hardware: Folding@Home ARM64 Linux Beta , Jetson, Arduino

  • Folding@Home ARM64 Linux Beta Release for COVID-19 Vaccine Research

    A few months ago, we reported that Rosetta@Home supported 64-bit Arm SBC’s and Servers in the Fight against COVID-19. But Folding@home did not support Arm hardware just yet, but thanks to work from Nercotix, Linaro, Arm, miniNodes, and Packet.com, we now get support for Foldering@home on ARM64 meaning you can help researchers studying SARS-CoV-2 virus and help them develop a COVID-19 vaccine with Raspberry Pi 3/4 boards, or other 64-bit Arm SBC’s and servers. The solution relies on Neocortix Cloud Services Platform allowing the unused capacity of large numbers of individual mobile phones or other connected nodes to be harnessed into a single, unified computational engine.

  • Xavier NX and Nano carriers include six-cam board and a dual Jetson system

    Auvidea has launched several carrier boards and systems for the Jetson Xavier NX and Nano: a JN34 with 6x FPD-Link III CSI-2 interfaces, JNX22 and JNX30 boards with PoE support, and a ES-JNX80/ES-J180 system for dual, mix-and-match Jetson modules. Back in February, we covered Auvidea’s JN30A and JN30B carriers for Nvidia’s Jetson TX1, TX2, and AGX Xavier along with some Jetson-powered boards from other vendors. Then in April, we posted a roundup of new Jetson Xavier NX carriers from D3, Diamond, and ConnectTech, Inc. In that story we mentioned some upcoming Auvidea Jetson carriers in passing. Auvidea has informed us that these and other boards are now available for order.

  • DIY Solar Powered LoRa Repeater (with Arduino)

    In today's video I be built a solar powered LoRa signal repeater to extend the range of my LoRa network. This can easily be used as the basis for a LoRa mesh network with a bit of extra code and additional repeaters. Even if you're not into LoRa networks all of the solar power hardware in this video can be used for any off-the-grid electronics projects or IoT nodes!

  •        
  • Keep your pool under control with ARDUPOOL

    Having a pool can be a great way to relax during the summer, but keeping the water crystal clear and safe to swim in can be a challenge. To help, engineer Diego Gomez has developed the Arduino Mega-powered ARDUPOOL, which is now crowdfunding on Kickstarter. This modular, open source device is capable of controlling up to four peristaltic pumps for dosing chlorine and other chemicals, as well as the filtration system. Programming is done via a simple LCD screen on the front, along with three buttons.