Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 58 min ago

[$] Persistent memory for transient data

8 hours 2 min ago
Arguably, the most notable characteristic of persistent memory is that it is persistent: it retains its contents over power cycles. One other important aspect of these persistent-memory arrays that, we are told, will soon be everywhere, is their sheer size and low cost; persistent memory is a relatively inexpensive way to attach large amounts of memory to a system. Large, cheap memory arrays seem likely to be attractive to users who may not care about persistence and who can live with slower access speeds. Supporting such users is the objective of a pair of patch sets that have been circulating in recent months.

Kernel prepatch 5.0-rc3

9 hours 2 min ago
The 5.0-rc3 kernel prepatch has been released. "This rc is a bit bigger than usual. Partly because I missed a networking pull request for rc2, and as a result rc3 now contains _two_ networking pull updates. But part of it may also just be that it took a while for people to find and then fix bugs after the holiday season."

Security updates for Monday

12 hours 2 min ago
Security updates have been issued by Fedora (gitolite3, gvfs, php, radare2, and syslog-ng), Mageia (libssh, php, python-django16, and rdesktop), openSUSE (podofo), and SUSE (libraw, openssh, PackageKit, and wireshark).

[$] A proposed API for full-memory encryption

Friday 18th of January 2019 04:30:41 PM
Hardware memory encryption is, or will soon be, available on multiple generic CPUs. In its absence, data is stored — and passes between the memory chips and the processor — in the clear. Attackers may be able to access it by using hardware probes or by directly accessing the chips, which is especially problematic with persistent memory. One new memory-encryption offering is Intel's Multi-Key Total Memory Encryption (MKTME) [PDF]; AMD's equivalent is called Secure Encrypted Virtualization (SEV). The implementation of support for this feature is in progress for the Linux kernel. Recently, Alison Schofield proposed a user-space API for MKTME, provoking a long discussion on how memory encryption should be exposed to the user, if at all.

Security updates for Friday

Friday 18th of January 2019 03:55:44 PM
Security updates have been issued by Debian (drupal7), Fedora (electrum and perl-Email-Address), Mageia (gthumb), openSUSE (gitolite, kernel, krb5, libunwind, LibVNCServer, live555, mutt, wget, and zeromq), SUSE (krb5, mariadb, nodejs4, nodejs8, soundtouch, and zeromq), and Ubuntu (irssi).

[$] Defending against page-cache attacks

Thursday 17th of January 2019 05:04:41 PM
The kernel's page cache works to improve performance by minimizing disk I/O and increasing the sharing of physical memory. But, like other performance-enhancing techniques that involve resources shared across security boundaries, the page cache can be abused as a way to extract information that should be kept secret. A recent paper [PDF] by Daniel Gruss and colleagues showed how the page cache can be targeted for a number of different attacks, leading to an abrupt change in how the mincore() system call works at the end of the 5.0 merge window. But subsequent discussion has made it clear that mincore() is just the tip of the iceberg; it is unclear what will really need to be done to protect a system against page-cache attacks or what the performance cost might be.

Stable kernel updates

Thursday 17th of January 2019 04:09:02 PM
Stable kernels 4.20.3, 4.19.16, 4.14.94, 4.9.151, and 4.4.171 have been released. They all contain important fixes and users should upgrade.

Security updates for Thursday

Thursday 17th of January 2019 04:01:46 PM
Security updates have been issued by CentOS (libvncserver), Debian (sssd), Fedora (kernel and kernel-headers), Red Hat (ansible, openvswitch, pyOpenSSL, python-django, and redis), and Ubuntu (policykit-1).

[$] LWN.net Weekly Edition for January 17, 2019

Thursday 17th of January 2019 02:32:39 AM
The LWN.net Weekly Edition for January 17, 2019 is available.

[$] Adiantum: encryption for the low end

Wednesday 16th of January 2019 08:59:56 PM
Low-end devices bound for developing countries, such as those running the Android Go edition, lack encryption support because the hardware doesn't provide any cryptographic acceleration. That means users in developing countries have no protection for the data on their phones. Google would like to change that situation. The company worked on adding the Speck cipher to the kernel, but decided against using it because of opposition due to Speck's origins at the US National Security Agency (NSA). As a replacement, the Adiantum encryption mode was developed; it has been merged for Linux 5.0.

Security updates for Wednesday

Wednesday 16th of January 2019 03:55:54 PM
Security updates have been issued by Debian (systemd and wireshark), Fedora (openssh, php-horde-Horde-Form, and unrtf), Mageia (aria2, libvncserver, x11vnc, and nss), Oracle (kernel and libvncserver), Scientific Linux (libvncserver), SUSE (kernel, soundtouch, webkit2gtk3, and wget), and Ubuntu (libcaca and policykit-1).

[$] Ringing in a new asynchronous I/O API

Tuesday 15th of January 2019 11:09:37 PM
While the kernel has had support for asynchronous I/O (AIO) since the 2.5 development cycle, it has also had people complaining about AIO for about that long. The current interface is seen as difficult to use and inefficient; additionally, some types of I/O are better supported than others. That situation may be about to change with the introduction of a proposed new interface from Jens Axboe called "io_uring". As might be expected from the name, io_uring introduces just what the kernel needed more than anything else: yet another ring buffer.

Google Summer of Code mentor projects sought

Tuesday 15th of January 2019 11:07:32 PM
It is that time of year again: Google is looking for mentor projects for the 2019 Summer of Code. "GSoC is a global program that draws university student developers from around the world to contribute to open source. Each student spends three months working on a coding project, with the support of volunteer mentors, for participating open source organizations from late May to August. Last year 1,264 students worked with 206 open source organizations." The application deadline is February 6.

[$] Fedora, UUIDs, and user tracking

Tuesday 15th of January 2019 05:23:38 PM

"User tracking" is generally contentious in free-software communities—even if the "tracking" is not really intended to do so. It is often distributions that have the most interest in counting their users, but Linux users tend to be more privacy conscious than users of more mainstream desktop operating systems. The Fedora project recently discussed how to count its users and ways to preserve their privacy while doing so.

Security updates for Tuesday

Tuesday 15th of January 2019 04:17:50 PM
Security updates have been issued by Arch Linux (irssi and systemd), CentOS (systemd), Debian (xen and zeromq3), Fedora (gnutls, kernel, kernel-headers, kernel-tools, and nbdkit), Oracle (libvncserver and systemd), Red Hat (libvncserver), and Ubuntu (haproxy, libarchive, and php-pear).

An ancient OpenSSH vulnerability

Tuesday 15th of January 2019 03:35:31 PM
An advisory from Harry Sintonen describes several vulnerabilities in the scp clients shipped with OpenSSH, PuTTY, and others. "Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output." The outcome is that a hostile (or compromised) server can overwrite arbitrary files on the client side. There do not yet appear to be patches available to address these problems.

Security updates for Monday

Monday 14th of January 2019 04:43:24 PM
Security updates have been issued by Arch Linux (python-django and python2-django), Debian (sqlite3, systemd, and vlc), Fedora (mingw-nettle and polkit), Mageia (graphicsmagick, python-django, spice-vdagent, and to), openSUSE (aria2, discount, gpg2, GraphicsMagick, gthumb, haproxy, irssi, java-1_7_0-openjdk, java-1_8_0-openjdk, libgit2, LibVNCServer, and sssd), Red Hat (systemd), Scientific Linux (systemd), Slackware (irssi and zsh), SUSE (LibVNCServer and sssd), and Ubuntu (gnome-bluetooth and systemd).

Kernel prepatch 5.0-rc2

Monday 14th of January 2019 12:00:21 AM
The second 5.0 prepatch is out for testing. "So the merge window had somewhat unusual timing with the holidays, and I was afraid that would affect stragglers in rc2, but honestly, that doesn't seem to have happened much. rc2 looks pretty normal."

Neary: How Should I Run My Community Elections?

Tuesday 8th of January 2019 12:50:10 AM
On the Red Hat community blog, Dave Neary writes about community governance and, in particular, how to choose who gets a vote, who can run, and how to decide a winner when electing a leader or council. He summarizes a number of different options that he has encountered with an eye toward avoiding the deep rat-hole conversations that picking a way to run elections can engender. "Defining the activity metric and minimum bar for what qualifies as participation can become contentious, mainly because where you draw the line will be arbitrary, and will omit people who you want to include, or include people who you want to omit. For example, if you set the bar at the minimum contribution level of one commit to the project, you omit all whose contributions are significant but not code related. The typical fear is ballot stuffing or cohort effects — where large companies will dominate the representative bodies by having a large voting bloc, or where friends of candidates (or people with a certain agenda) will pass the low bar to become voters just to vote for their candidate."

[$] The rest of the 5.0 merge window

Monday 7th of January 2019 09:28:13 PM
Linus Torvalds released 5.0-rc1 on January 6, closing the merge window for this development cycle and confirming that the next release will indeed be called "5.0". At that point, 10,843 non-merge change sets had been pulled into the mainline, about 2,100 since last week's summary was written. Those 2,100 patches included a number of significant changes, though, including some new system-call semantics that may yet prove to create problems for existing user-space code.

More in Tux Machines

OpenSUSE/SUSE: SLES for SAP and Christian Boltz Introduced

  • SUSE Linux Enterprise Server for SAP Applications support update
    SUSE has announced effective December 1, 2018, two changes to its SUSE Linux Enterprise Server (SLES) for SAP Applications product. SLES for SAP Applications now includes support for a given service pack for 4.5 years with the regular subscription while the basic codestream is general available and itself fully maintained. This change reflects the request from clients to align OS upgrades with hardware life cycles. To explain this a bit further, this change affects SLES for SAP Applications 12 and 15 code streams. SLES for SAP Applications 11 is at the end of the general availability already, therefore SLES for SAP Applications 11 SP4 is the last service pack. If clients choose to stay on SLES for SAP Applications 11, then they will need to purchase LTSS to ensure ongoing support. This is especially true for clients that run SAP HANA 1 workloads on IBM Power Systems servers in Big Endian mode.
  • 2018-2019 openSUSE Board Elections: Meet incumbent Christian Boltz
    With two weeks to go until the ballots open on Monday, February 4, 2019, openSUSE News and the Elections Committee are running a “meet your candidates” series. Questions were sent out to the seven Candidates. The questions and answers will appear in the News, one Candidate each day, in alphabetical order.

ArchLabs Refresh Release, 2019.01.20

Gidday ArchLabbers, Happy New Year. With the new year comes an ISO refresh. All changes are listed at the change-log. If you encounter any issues, please post them at the forum. Also, ArchLabs related bugs need to be raised at BitBucket. Read more

Programming: Homebrew 1.9, JBoss EAP, Python, Qt and Inclusion

  • Homebrew 1.9 Adds Linux Support, Auto-Cleanup, and More
    The latest release of popular macOS package manager Homebrew includes support for Linux, optional automatic package cleanup, and extended binary package support. Linux support, merged from the Linuxbrew project, is still in beta and will become stable in version 2.0. It also enables the use of Homebrew on Windows 10 systems with the Windows Subsystem for Linux installed. Auto-cleanup is meant to optimize disk space occupation by removing all intermediate data that Homebrew generates when installing packages. This can be a significant amount when Homebrew actually builds the packages from sources instead of just installing binaries. Auto-cleanup is opt-in by setting the HOMEBREW_INSTALL_CLEANUP. This behaviour will become opt-out in version 2.0, where you will be able to set the HOMEBREW_NO_INSTALL_CLEANUP environment variable to disable auto-cleanup.
  • Streamline your JBoss EAP dev environment with Red Hat CodeReady Workspaces: Part 1
  • Counteracting Code Complexity With Wily - Episode 195
    As we build software projects, complexity and technical debt are bound to creep into our code. To counteract these tendencies it is necessary to calculate and track metrics that highlight areas of improvement so that they can be acted on. To aid in identifying areas of your application that are breeding grounds for incidental complexity Anthony Shaw created Wily. In this episode he explains how Wily traverses the history of your repository and computes code complexity metrics over time and how you can use that information to guide your refactoring efforts.
  • Qt Visual Studio Tools 2.3.1 Released
    The Qt VS Tools version 2.3.1 has now been released to the Visual Studio Marketplace.
  • Ben Cotton: Inclusion is a necessary part of good coding
    Too often I see comments like “some people would rather focus on inclusion than write good code.” Not only is that a false dichotomy, but it completely misrepresents the relationship between the two. Inclusion doesn’t come at the cost of good code, it’s a necessary part of good code. We don’t write code for the sake of writing code. We write code for people to use it in some way. This means that the code needs to work for the people. In order to do that, the people designing and implementing the technology need to consider different experiences. The best way to do that is to have people with different experiences be on the team. As my 7th grade algebra teacher was fond of reminding us: garbage in, garbage out.

Graphics: Vega, Radeon, Wayland on BSD

  • Vega 10 & Newer Getting More Fine-Grained PowerPlay Controls On Linux
    With the upcoming Linux 5.1 kernel cycle, discrete Radeon graphics cards based on Vega 10 and newer will have fine-grained controls over what PowerPlay power management features are enabled and the ability to toggle them at run-time. Queued into the work-in-progress AMDGPU code for the eventual Linux 5.1 kernel cycle is now a ppfeatures for sysfs. This new "ppfeatures" file on sysfs will allow for querying the PowerPlay features state and toggling them individually. This includes features like GFXOFF (the ability to turn off the graphics engine when idling), automatic fan control, LED display for GPU activity, the dynamic power management state for the various blocks, and other features. Up to now the PowerPlay features couldn't be toggled individually but just a blanket enable/disable.
  • AMD Radeon 7 Will Have Day One Linux Support
    Linux gamers shouldn't see a repeat performance of the Radeon RX 590 situation.
  • Wayland Support On The BSDs Continuing To Improve
    While Wayland was designed on and for Linux systems, the BSD support for Wayland and the various compositors has continued improving particularly over the past year or so but it's still a lengthy journey. In a little more than one year, the FreeBSD Wayland support has been on a steady rise. It's looking like this year could even mark the KDE Wayland session for FreeBSD potentially getting squared away. Besides KDE, the GNOME Wayland work for FreeBSD has advanced a bit and is available in some FreeBSD Ports but there has been some complications around libinput and its Linux'isms. Details on the current state of Wayland-related components in FreeBSD is drafted at the FreeBSD Wiki.