Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 26 min ago

[$] 4.15 Merge window part 1

Friday 17th of November 2017 04:07:28 PM
When he released 4.14, Linus Torvalds warned that the 4.15 merge window might be shorter than usual due to the US Thanksgiving holiday. Subsystem maintainers would appear to have heard him; as of this writing, over 8,800 non-merge changesets have been pulled into the mainline since the opening of the 4.15 merge window. Read on for a summary of the most interesting changes found in that first set of patches.

Security updates for Friday

Friday 17th of November 2017 03:57:57 PM
Security updates have been issued by Arch Linux (couchdb), Debian (opensaml2 and shibboleth-sp2), Fedora (knot and knot-resolver), openSUSE (firefox), Slackware (libplist and mozilla), and Ubuntu (firefox and ipsec-tools).

Introducing container-diff, a tool for quickly comparing container images (Google Open Source Blog)

Friday 17th of November 2017 12:03:10 AM
Google has announced that it has released its container-diff tool under the Apache v2 license. "container-diff helps users investigate image changes by computing semantic diffs between images. What this means is that container-diff figures out on a low-level what data changed, and then combines this with an understanding of package manager information to output this information in a format that’s actually readable to users. The tool can find differences in system packages, language-level packages, and files in a container image. Users can specify images in several formats - from local Docker daemon (using the prefix `daemon://` on the image path), a remote registry (using the prefix `remote://`), or a file in the .tar in the format exported by "docker save" command. You can also combine these formats to compute the diff between a local version of an image and a remote version."

[$] SPDX identifiers in the kernel

Thursday 16th of November 2017 05:28:02 PM
Observers of the kernel's commit stream or mailing lists will have seen a certain amount of traffic referring to the addition of SPDX license identifiers to kernel source files. For many, this may be their first encounter with SPDX. But the SPDX effort has been going on for some years; this article describes SPDX, along with why and how the kernel community intends to use it.

Security updates for Thursday

Thursday 16th of November 2017 02:55:02 PM
Security updates have been issued by Arch Linux (firefox, flashplugin, lib32-flashplugin, and mediawiki), CentOS (kernel and php), Debian (firefox-esr, jackson-databind, and mediawiki), Fedora (apr, apr-util, chromium, compat-openssl10, firefox, ghostscript, hostapd, icu, ImageMagick, jackson-databind, krb5, lame, liblouis, nagios, nodejs, perl-Catalyst-Plugin-Static-Simple, php, php-PHPMailer, poppler, poppler-data, rubygem-ox, systemd, webkitgtk4, wget, wordpress, and xen), Mageia (flash-player-plugin, icu, jackson-databind, php, and roundcubemail), Oracle (kernel and php), Red Hat (openstack-aodh), SUSE (wget and xen), and Ubuntu (apport and webkit2gtk).

[$] LWN.net Weekly Edition for November 16, 2017

Thursday 16th of November 2017 01:37:59 AM
The LWN.net Weekly Edition for November 16, 2017 is available.

NumPy will drop Python 2 support

Wednesday 15th of November 2017 05:48:44 PM
The NumPy project is phasing out support for Python 2. "The Python core team plans to stop supporting Python 2 in 2020. The NumPy project has supported both Python 2 and Python 3 in parallel since 2010, and has found that supporting Python 2 is an increasing burden on our limited resources; thus, we plan to eventually drop Python 2 support as well. Now that we're entering the final years of community-supported Python 2, the NumPy project wants to clarify our plans, with the goal of to helping our downstream ecosystem make plans and accomplish the transition with as little disruption as possible." NumPy releases will fully support both Python 2 and Python 3 until December 31, 2018. New feature releases will support only Python 3 as of January 1, 2019. (Thanks to Nathaniel Smith)

[$] SciPy reaches 1.0

Wednesday 15th of November 2017 05:29:58 PM

After 16 years of evolution, the SciPy project has reached version 1.0. SciPy, a free-software project, has become one of the most popular computational toolkits for scientists from a wide range of disciplines, and is largely responsible for the ascendancy of Python in many areas of scientific research. While the 1.0 release is significant, much of the underlying software has been stable for some time; the "1.0" version number reflects that the project as a whole is on solid footing.

Stable kernel updates

Wednesday 15th of November 2017 05:10:52 PM
Stable kernels 4.13.13, 4.9.62, 4.4.98, and 3.18.81 have been released. They all contain important fixes and users should upgrade.

Security updates for Wednesday

Wednesday 15th of November 2017 05:05:07 PM
Security updates have been issued by Debian (libxml-libxml-perl and varnish), openSUSE (GraphicsMagick, mongodb, shadowsocks-libev, and snack), Red Hat (flash-plugin, kernel, php, and redis), Scientific Linux (kernel and php), and Ubuntu (shadow).

[$] KAISER: hiding the kernel from user space

Wednesday 15th of November 2017 01:16:56 AM
Since the beginning, Linux has mapped the kernel's memory into the address space of every running process. There are solid performance reasons for doing this, and the processor's memory-management unit can ordinarily be trusted to prevent user space from accessing that memory. More recently, though, some more subtle security issues related to this mapping have come to light, leading to the rapid development of a new patch set that ends this longstanding practice for the x86 architecture.

Firefox 57

Tuesday 14th of November 2017 04:36:09 PM
Firefox 57 has been released. From the release notes: "Brace yourself for an all-new Firefox. It’s fast. Really fast. It’s over twice as fast as Firefox from 6 months ago, built on a completely overhauled core engine with brand new technology from our advanced research group, and graced with a clean, modern interface. Today is the first of several releases we’re calling Firefox Quantum, all designed to get to the things you love and the stuff you need faster than ever before. Experience the difference on desktops running Windows, macOS, and Linux; on Android, speed improvements are landing as well, and both Android and iOS have a new look and feel. To learn more about Firefox Quantum, visit the Mozilla Blog."

[$] ROCA: Return Of the Coppersmith Attack

Tuesday 14th of November 2017 04:33:11 PM

On October 30, 2017, a group of Czech researchers from Masaryk University presented the ROCA paper at the ACM CCS Conference, which earned the Real-World Impact Award. We briefly mentioned ROCA when it was first reported but haven't dug into details of the vulnerability yet. Because of its far-ranging impact, it seems important to review the vulnerability in light of the new results published recently.

Security updates for Tuesday

Tuesday 14th of November 2017 04:29:20 PM
Security updates have been issued by Arch Linux (konversation), Debian (graphicsmagick and konversation), Fedora (git-annex, ImageMagick, kernel, and libgcrypt), Oracle (kernel), Red Hat (httpd), SUSE (firefox, nss), and Ubuntu (perl and postgresql-9.3, postgresql-9.5, postgresql-9.6).

Fedora 27 released

Tuesday 14th of November 2017 02:15:11 PM
The Fedora 27 release is now available. "The Workstation edition of Fedora 27 features GNOME 3.26. In the new release, both the Display and Network configuration panels have been updated, along with the overall Settings panel appearance improvement. The system search now shows more results at once, including the system actions. GNOME 3.26 also features color emoji support, folder sharing in Boxes, and numerous improvements in the Builder IDE tool."

Reports from Netconf and Netdev

Monday 13th of November 2017 11:03:46 PM
The Netconf 2017, Part 2 and Netdev 2.2 conferences were recently held in Seoul, South Korea. Netconf is an invitation-only gathering of kernel networking developers, while Netdev is an open conference for the Linux networking community. Attendees have put together reports from all five days (two for Netconf and three for Netdev) that LWN is happy to publish for them.

Red Hat Enterprise Linux for ARM64

Monday 13th of November 2017 06:49:21 PM
Red Hat has announced a version of its RHEL 7.4 distribution for the ARM64 architecture. "Red Hat took a pragmatic approach to Arm servers by helping to drive open standards and develop communities of customers, partners and a broad ecosystem. Our goal was to develop a single operating platform across multiple 64-bit ARMv8-A server-class SoCs from various suppliers while using the same sources to build user functionality and consistent feature set that enables customers to deploy across a range of server implementations while maintaining application compatibility." More information about what works at this point can be found in the release notes.

Security updates for Monday

Monday 13th of November 2017 04:38:47 PM
Security updates have been issued by Debian (graphicsmagick, imagemagick, mupdf, postgresql-common, ruby2.3, and wordpress), Fedora (tomcat), Gentoo (cacti, chromium, eGroupWare, hostapd, imagemagick, libXfont2, lxc, mariadb, vde, wget, and xorg-server), Mageia (flash-player-plugin and libjpeg), openSUSE (ansible, ImageMagick, java-1_8_0-openjdk, krb5, redis, shadow, virtualbox, and webkit2gtk3), Red Hat (rh-eclipse46-jackson-databind and rh-eclipse47-jackson-databind), SUSE (java-1_8_0-openjdk, mysql, openssl, and storm, storm-kit), and Ubuntu (perl).

The 4.14 kernel has been released

Sunday 12th of November 2017 08:11:23 PM
The 4.14 kernel has been released after a ten-week development cycle. Some of the most prominent features in this release include the ORC unwinder for more reliable tracebacks and live patching, the long-awaited thread mode for control groups, support for AMD's secure memory encryption, five-level page table support, a new zero-copy networking feature, the heterogeneous memory management subsystem, and more. See the Kernel Newbies 4.14 page for more information. In the end, nearly 13,500 changesets were merged for 4.14, which is slated to be the next long-term-support kernel.

For the maintainers out there, it's worth noting Linus's warning that the 4.15 merge window might be rather shorter than usual due to the US Thanksgiving Holiday.

[$] The inherent fragility of seccomp()

Friday 10th of November 2017 08:36:57 PM
Kernel developers have worried for years that tracepoints could lead to applications depending on obscure implementation details; the consequent need to preserve existing behavior to avoid causing regressions could end up impeding future development. A recent report shows that the seccomp() system call is also more prone to regressions than users may expect — but kernel developers are unlikely to cause these regressions and, indeed, have little ability to prevent them. Programs using seccomp() will have an inherently higher risk of breaking when software is updated.

More in Tux Machines

Raspberry Pi arrives on PC/104… sort of

Crowd Supply is hosting a “Pi/104” carrier for the RPi Compute Module 3 featuring PC/104 OneBank expansion, a 40-pin RPi header, and -25 to 80°C support. Here’s something we haven’t seen before. Developer Adam Parker has launched a stackable PC/104 form factor carrier board on Crowd Supply designed to work with the Linux-driven Raspberry Pi Compute Module 3. The industrial-targeted carrier provides -25 to 80°C support and an 8-36V input with screw terminal connector. Read more

Today in Techrights

today's leftovers

  • Blockchain Moves Beyond its 'Moonshot' Phase
  • Some reading
    I've complained previously about disliking benchmarking. More generally, I'm not really a fan of performance analysis. I always feel like I get stuck at coming up with an approach to "it's going slower, why" beyond the basics. I watched a video of Brendan Gregg's talk from kernel recipes, and ended up going down the black hole1 of reading his well written blog. He does a fantastic job of explaining performance analysis concepts as well as the practical tools to do the analysis. He wrote a book several years ago and I happily ordered it. The book explains how to apply the USE method to performance problems across the system. This was helpful to me because it provides a way to generate a list of things to check and how to check them. It addresses the "stuck" feeling I get when dealing with performance problems. The book also provides a good high level overview of operating systems concepts. I'm always looking for references for people who are interested in kernels but don't know where to start and I think this book could fill a certain niche. Even if this book has been out for several years now, I was very excited to discover it.
  • Introducing container-diff, a tool for quickly comparing container images
    The Google Container Tools team originally built container-diff, a new project to help uncover differences between container images, to aid our own development with containers. We think it can be useful for anyone building containerized software, so we’re excited to release it as open source to the development community.
  • NATTT – A Modern Multi-Platform Time Conscious Tracker App
    It’s not that there aren’t already a lot of time tracker apps but my conscience wouldn’t let me sleep if I didn’t tell you about NATTT. So grab your cup of whatever you’re probably drinking as we delve into this app a little. NATTT is an acronym for “Not Another Time Tracking Tool”; a free and multi-platform app with which you can keep track of your work and how much you have spent at it.
  • Running Bitcoin node and ElectrumX server
  • todo.txt done
  • GNOME's Calendar & TODO Applications Are Looking Better For v3.28
    Adding to the growing list of changes for GNOME 3.28 are improvements to the Calendar and To Do applications by Georges Stavracas. Stavracas has been reworking the month view of GNOME Calendar and it's looking much better, some applications for Calendar via libdazzle, and more.
  • Compact DAQ systems offer a choice of 12- or 16-bit I/Os
    Advantech’s Linux-ready “MIC-1810” and “MIC-1816” DAQ computers offer 12- and 16-bit analog I/O, respectively, plus 24x DIOs, Intel CPUs, and 4x USB ports. Advantech’s MIC-1810 and MIC-1816 are digital acquisition computers that run Linux or Windows 7/8/10 on Intel 3rd Gen “Ivy Bridge” processors. If the aging CPU is a turn-off, keep in mind that many DAQ applications don’t require that much processing power, and perhaps Advantech’s “entry-level” label for the systems extends to the price, as well. The 165 x 130 x 59mm, DIN-rail mountable systems should also prove useful for environments with limited space.

Security: New Release of HardenedBSD, Windows Leaks Details of Windows Back Doors

  • Stable release: HardenedBSD-stable 11-STABLE v1100054
  • Kaspersky blames NSA hack on infected Microsoft software
    Embattled computer security firm Kaspersky Lab said Thursday that malware-infected Microsoft Office software and not its own was to blame for the hacking theft of top-secret US intelligence materials. Adding tantalizing new details to the cyber-espionage mystery that has rocked the US intelligence community, Kaspersky also said there was a China link to the hack.
  • Investigation Report for the September 2014 Equation malware detection incident in the US
    In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
  • Kaspersky: Clumsy NSA leak snoop's PC was packed with malware
    Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets. Last month, anonymous sources alleged that in 2015, an NSA engineer took home a big bunch of the agency's cyber-weapons to work on them on his home Windows PC, which was running the Russian biz's antimalware software – kind of a compliment when you think about it. The classified exploit code and associated documents on the personal system were then slurped by Kremlin spies via his copy of Kaspersky antivirus, it was claimed.