Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 min 45 sec ago

[$] Possible changes to Debian's decision-making processes

6 hours 29 min ago
The name Debian brings to mind a Linux distribution, but the Debian project is far more than that; it is an ongoing experiment in democratic project governance. Debian's processes can result in a lot of public squabbling; one should not lose track, though, of the fact that those processes have enabled a large community to maintain and grow a complex distribution for decades without the benefit of an overseeing corporate overlord. Processes can be improved, though; a recent proposal from Russ Allbery gives an interesting picture of where the pain points are and what can be made better.

Security updates for Friday

6 hours 50 min ago
Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).

Ubuntu 21.10 (Impish Indri) released

Thursday 14th of October 2021 05:32:52 PM
The latest release of the Ubuntu Linux distribution is out: Ubuntu 21.10, code named "Impish Indri". The release notes fills in all of the details for the new features in this version, but the announcement lists some as well: Ubuntu Desktop 21.10 makes wayland sessions available while using the Nvidia proprietary driver. PulseAudio 15 introduces support for Bluetooth LDAC and AptX codecs, as well as HFP Bluetooth profiles providing better audio quality. The recovery key feature at installation time has been improved, with the recovery key now optional, stronger and editable. Ubuntu Desktop 21.10 includes GNOME version 40, with a new and improved Activities Overview design. Workspaces are now arranged horizontally, and the overview and app grid are accessed vertically. Each direction has accompanying keyboard shortcuts, touchpad gestures and mouse actions.

Ubuntu Server 21.10 integrates recent innovations from key open infrastructure projects like OpenStack Xena, QEMU 6.0, PHP8, libvirt 7.6, Kubernetes, and Ceph with advanced life-cycle management tools for multi-cloud and on-prem operations from bare metal, VMWare and OpenStack, to every major public cloud.

Devuan 4.0 (Chimaera) released

Thursday 14th of October 2021 04:20:49 PM
Version 4.0 of the Devuan distribution has been released; it is code-named Chimaera. This release is based on Debian Bullseye, has improved desktop support, and benefits from more accessibility work. See the release notes for details.

[$] A viable solution for Python concurrency

Thursday 14th of October 2021 02:31:12 PM
Concerns over the performance of programs written in Python are often overstated — for some use cases, at least. But there is no getting around the problem imposed by the infamous global interpreter lock (GIL), which severely limits the concurrency of multi-threaded Python code. Various efforts to remove the GIL have been made over the years, but none have come anywhere near the point where they would be considered for inclusion into the CPython interpreter. Now, though, Sam Gross has entered the arena with a proof-of-concept implementation that may solve the problem for real.

Plasma 25th Anniversary Edition released

Thursday 14th of October 2021 02:03:38 PM
The KDE project is celebrating its 25th anniversary with a special release of the Plasma desktop.

This time around, Plasma renews its looks and, not only do you get a new wallpaper, but also a gust of fresh air from an updated theme: Breeze - Blue Ocean. The new Breeze theme makes KDE apps and tools not only more attractive, but also easier to use both on the desktop and your phone and tablet.

Of course, looks are not the only you can expect from Plasma 25AE: extra speed, increased reliability and new features have also found their way into the app launcher, the software manager, the Wayland implementation, and most other Plasma tools and utilities.

Lots of details can be found in the changelog.

Security updates for Thursday

Thursday 14th of October 2021 01:48:18 PM
Security updates have been issued by Mageia (golang, grilo, mediawiki, plib, python-flask-restx, python-mpmath, thunderbird, and xstream/xmlpull/mxparser), Oracle (389-ds-base, grafana, httpd:2.4, kernel, libxml2, and openssl), Red Hat (httpd), and SUSE (kernel).

[$] LWN.net Weekly Edition for October 14, 2021

Thursday 14th of October 2021 12:50:58 AM
The LWN.net Weekly Edition for October 14, 2021 is available.

[$] Scrutinizing bugs found by syzbot

Wednesday 13th of October 2021 09:22:06 PM
The syzbot kernel-fuzzing system finds an enormous number of bugs, but, since many of them may seem to be of a relatively low severity, they have a lower priority when contending for the attention of developers. A talk at the recent Linux Security Summit North America reported on some research that dug further into the bugs that syzbot has found; the results are rather worrisome. Rather than a pile of difficult- or impossible-to-exploit bugs, there are numerous, more serious problems lurking within.

Four stable kernels

Wednesday 13th of October 2021 02:57:37 PM
Stable kernels 5.14.12, 5.10.73, 5.4.153, and 4.19.211 have been released with important fixes. Users of those series should upgrade.

[$] Digging into Julia's package system

Wednesday 13th of October 2021 02:55:19 PM
We recently looked at some of the changes and new features arriving with the upcoming version 1.7 release of the Julia programming language. The package system provided by the language makes it easier to explore new language versions, while still preserving multiple versions of various parts of the ecosystem. This flexible system takes care of dependency management, both for writing exploratory code in the REPL and for developing projects or libraries.

Security updates for Wednesday

Wednesday 13th of October 2021 02:50:37 PM
Security updates have been issued by Debian (flatpak and ruby2.3), Fedora (flatpak, httpd, mediawiki, redis, and xstream), openSUSE (kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), Red Hat (.NET 5.0, 389-ds-base, httpd:2.4, kernel, kernel-rt, libxml2, openssl, and thunderbird), Scientific Linux (389-ds-base, kernel, libxml2, and openssl), SUSE (apache2-mod_auth_openidc, curl, glibc, kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), and Ubuntu (squashfs-tools).

[$] A QEMU case study in grappling with software complexity

Tuesday 12th of October 2021 06:34:10 PM
There are many barriers to producing software that is reliable and maintainable over the long term. One of those is software complexity. At the recently concluded 2021 KVM Forum, Paolo Bonzini explored this topic, using QEMU, the open source emulator and virtualizer, as a case study. Drawing on his experience as a maintainer of several QEMU subsystems, he made some concrete suggestions on how to defend against undesirable complexity. Bonzini used QEMU as a running example throughout the talk, hoping to make it easier for future contributors to modify QEMU. However, the lessons he shared are equally applicable to many other projects.

Security updates for Tuesday

Tuesday 12th of October 2021 03:21:13 PM
Security updates have been issued by Debian (firefox-esr, hiredis, and icu), Fedora (kernel), Mageia (libreoffice), openSUSE (chromium, firefox, git, go1.16, kernel, mbedtls, mupdf, and nodejs8), Oracle (firefox and kernel), Red Hat (firefox, grafana, kernel, kpatch-patch, and rh-mysql80-mysql), and SUSE (apache2, containerd, docker, runc, curl, firefox, kernel, libqt5-qtsvg, and squid).

A study of data collection by Android devices

Tuesday 12th of October 2021 02:00:14 PM
A group of researchers at Trinity College in Dublin has released the results of a study into the data collected by a number of Android variants. There are few surprises here, but the picture is still discouraging.

We find that the Samsung, Xiaomi, Huawei and Realme Android variants all transmit a substantial volume of data to the OS developer (i.e. Samsung etc) and to third-party parties that have pre-installed system apps (including Google, Microsoft, Heytap, LinkedIn, Facebook). LineageOS sends similar volumes of data to Google as these proprietary Android variants, but we do not observe the LineageOS developers themselves collecting data nor pre-installed system apps other than those of Google. Notably, /e/OS sends no information to Google or other third parties and sends essentially no information to the /e/OS developers.

[$] The intersection of modules, GKI, and rocket science

Monday 11th of October 2021 03:24:50 PM
One does not normally expect a lot of controversy around a patch series that makes changes to platform-specific configurations and drivers. The furor over some work on the Samsung Exynos platform may thus be surprising. When one looks into the discussion, things become more clear; it mostly has to do with disagreements over the best ways to get hardware vendors to cooperate with the kernel development community.

Security updates for Monday

Monday 11th of October 2021 03:00:57 PM
Security updates have been issued by Debian (apache2, mediawiki, neutron, and tiff), Fedora (chromium, dr_libs, firefox, and grafana), Mageia (apache), openSUSE (chromium and rabbitmq-server), Oracle (kernel), Red Hat (firefox and httpd24-httpd), SUSE (rabbitmq-server), and Ubuntu (libntlm).

Jörg Schilling is gone

Monday 11th of October 2021 02:28:00 PM
Jörg Schilling, a longtime free-software developer, has passed on. Most people will remember him from his work on cdrtools and the seemingly endless drama that surrounded that work. He was a difficult character to deal with, but he also contributed some important code that, for a period, almost all of us depended on. Rest well, Jörg.

Kernel prepatch 5.15-rc5

Monday 11th of October 2021 12:25:26 AM
The 5.15-rc5 kernel prepatch is out for testing. "So things continue to look quite normal, and it looks like the rough patch (hah!) we had early in the release is all behind us. Knock wood."

A set of stable kernels

Sunday 10th of October 2021 11:40:41 PM
The 5.14.11, 5.10.72, 5.4.152, 4.19.210, 4.14.250, 4.9.286, and 4.4.288 stable kernel updates have all been released; each contains another set of important fixes.

More in Tux Machines

Today in Techrights

Programming Leftovers

  • ThreatMapper: Open source platform for scanning runtime environments - Help Net Security

    Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments.

  • Josef Strzibny: Organizing business logic in Rails with contexts

    Rails programmers have almost always tried to figure out the golden approach to business logic in their applications. From getting better at object-oriented design, to service objects, all the way to entirely new ideas like Trailblazer or leaving Active Record altogether. Here’s one more design approach that’s clean yet railsy.

  • Status update, October 2021

    On this dreary morning here in Amsterdam, I’ve made my cup of coffee and snuggled my cat, and so I’m pleased to share some FOSS news with you. Some cool news today! We’re preparing for a new core product launch at sr.ht, cool updates for our secret programming language, plus news for visurf. Simon Ser has been hard at work on expanding his soju and gamja projects for the purpose of creating a new core sourcehut product: chat.sr.ht. We’re rolling this out in a private beta at first, to seek a fuller understanding of the system’s performance characteristics, to make sure everything is well-tested and reliable, and to make plans for scaling, maintenance, and general availability. In short, chat.sr.ht is a hosted IRC bouncer which is being made available to all paid sr.ht users, and a kind of webchat gateway which will be offered to unpaid and anonymous users. I’m pretty excited about it, and looking forward to posting a more detailed announcement in a couple of weeks. In other sourcehut news, work on GraphQL continues, with paste.sr.ht landing and todo.sr.ht’s writable API in progress. Our programming langauge project grew some interesting features this month as well, the most notable of which is probably reflection. I wrote an earlier blog post which goes over this in some detail. There’s also ongoing work to develop the standard library’s time and date support, riscv64 support is essentially done, and we’ve overhauled the grammar for switch and match statements to reduce a level of indentation for typical code. In the coming weeks, I hope to see date/time support and reflection fleshed out much more, and to see some more development on the self-hosted compiler. [...] The goal of this project is to provide a conservative CSS toolkit which allows you to build web interfaces which are compatible with marginalized browsers like Netsurf and Lynx.

  • Monthly Report - September

    The month of September is very special to me personaly. Why? Well, I got married in the very same month 18 years ago. The best part is, I choose the day 11 to get married. I have never missed my wedding anniversary, thanks to all the TV news channel.

  • My Favorite Warnings: uninitialized | Tom Wyant [blogs.perl.org]

    This warning was touched on in A Belated Introduction, but I thought it deserved its own entry. When a Perl scalar comes into being, be it an actual scalar variable or an array or hash entry, its value is undef. Now, the results of operating on an undef value are perfectly well-defined: in a nuneric context it is 0, in a string context it is '', and in a Boolean context it is false. The thing is, if you actually operate on such a value, did you mean to do it, or did you forget to initialize something, or initialize the wrong thing, or operate on the wrong thing? Because of the latter possibilities Perl will warn about such operations if the uninitialized warning is enabled.

today's leftovers

  • CutefishOS Built on Ubuntu Run Through - Invidious

    In this video, we are looking at CutefishOS Built on Ubuntu.

  • CutefishOS Built on Ubuntu

    Today we are looking at CutefishOS Built on Ubuntu. It comes with Linux Kernel 5.11, based on Ubuntu 21.10, and uses about 900MB of ram when idling. Enjoy!

  • Google adds VM support to Anthos, admits not everyone is ready for containerised everything [Ed: Kubernetes becoming increasingly just an openwashing shim for proprietary software with back doors]

    Google has added support for workloads running in virtual machines to its Anthos hybrid Kubernetes platform. "While we have seen many customers make the leap to containerization, some are not quite ready to move completely off of virtual machines," wrote Google Application Modernization Platform vice-presidents Jeff Reed and Chen Goldberg. "They want a unified development platform where developers can build, modify, and deploy applications residing in both containers and VMs in a common, shared environment," the pair added.

  • The Dell Inspiron 15 3501 supports Linux

    With the Inspiron 15 3501, Dell has a 15.6-inch office laptop in its lineup with its technology housed in a slim, matte-black plastic case. The chassis lacks stability: The lid and the base unit in particular can be twisted a bit too much. The matte display (Full HD, IPS) offers stable viewing angles, good contrast, and decent color reproduction. However, the brightness and color-space coverage are too low. The built-in combination of the Core i7-1165G7 processor, 16 GB of RAM (dual-channel mode), and a 512 GB NVMe SSD (M.2 2230) equips the laptop for office and Internet applications. If the storage space isn't enough, an additional 2.5-inch storage drive can be installed. You can also replace or expand the RAM.

  • Linux Foundation raises USD 10 mln to secure software supply chain
  • ISO establishes SBOM standard for open source development with SPDX

    You’re not getting attention because of your choice of text editor or the number of spaces you use to indent code blocks. However motivating those preferences are for you and me, the non-technical world sees them as private choices. You find your code in the headlines for a different and unpleasant reason: open source dependency management.

  • Printed Piano Mechanism Sure Is Grand | Hackaday

    Do you know how a piano works? Sure, you press a key and a hammer strikes a string, but what are the finer points of this operation? The intricacy of the ingenious mechanism is laid bare in [Mechanistic]’s 3D-printed scale model of a small section of the grand piano keyboard. The ‘grand’ distinction here is piano length-agnostic and simply refers to any non-upright. Those operate the same way, but are laid out differently in order to save space.

  • FPGA Boards Add VGA And HMDI Interfaces To The Original Game Boy | Hackaday

    The classic Game Boy remains a firm favorite in the realm of retrocomputing. Revolutionary as it was at the time, by today’s standards its display is rather primitive, with no backlight and a usable area measuring only 47 mm x 44 mm. [Martoni] figured out a way to solve this, by developing GbVGA and GbHdmi, two projects that enable the Game Boy to connect to an external monitor. This way, you can play Super Mario Land without straining your eyes, and we can also image potential uses for those who stream their gameplay online.

  • Art Project Fast And Fouriously Transforms Audio Into Eye Candy | Hackaday

    The overall build is relatively simple. Audio is acquired via a line-in jack or a microphone, and then piped into an ESP32. The ESP32 runs the audio through the FFT routine, sampling, slicing, and dicing the audio into 16 individual bands. The visual output is displayed on a 16 x 16 WS2812 Led Matrix. [mircemk] wrote several routines for displaying the incoming audio, with a waterfall, a graph, and other visualizations that are quit aesthetically pleasing. Some of them are downright mesmerizing! You can see the results in the video below the break.

IBM/Red Hat Leftovers

  • Reach your open source community with content marketing [Ed: IBM has totally lost direction; this is how they think of Free software...]

    Both startups and more established firms are increasingly turning to content marketing as a way of reaching prospective customers. However, corporate marketers often consider the open source software (OSS) community a challenge to reach. This article features ways your technology and content marketing teams can work together to target and reach the community around an OSS project your organization supports.

  • Why digital transformation demands a change in leadership mindset

    Recently a key retail executive forecast that their industry will change more in the next five years than it has in the past fifty. Another executive believes society will change more in the next fifty years than it has in the last three hundred. A recent headline declared that, “We are approaching the fastest, deepest, most consequential technological disruption in history”, and Ray Kurzweil, Google’s Director of Engineering and co-Founder of Singularity University, has said that there will be fourteen internet size revolutions in the next decade. Whichever way you look at it, things are shifting… fast. When you speak with the visionaries and entrepreneurs actually building the solutions of tomorrow, from on-demand retail to vertical farms, and ask how far into this new era we are, almost universally the reply is: “only one percent”. Imagine then, where we will be ten years from now? How about 50? Major industries, from medicine to energy to travel to entertainment, are radically transforming, putting pressure on others such as manufacturing, construction, transportation, finance, education…frankly, all of it. What an extraordinary opportunity this presents.

  • DevSecOps lessons learned during a pandemic | The Enterprisers Project

    As we’ve seen over the past year and a half, the pandemic has accelerated digital transformation and forever changed workplace culture. Increased reliance on digital tools has elevated the value of DevSecOps, as enterprises of all sizes and across all industries realize the importance of automating and integrating security at every phase of the software development lifecycle – from initial design through integration, testing, deployment, and product delivery. My engineering team was no exception to this shift – we had to quickly prepare to build a new Virtana SaaS platform and deliver several new modules, all while working remotely. Here I’ll share some observations, pain points, and lessons learned to help others intelligently embrace DevSecOps best practices within their teams.