Language Selection

English French German Italian Portuguese Spanish

Latest LWN Articles About Linux (Paywall Has Just Expired)

Filed under
Linux
  • SPDX identifiers in the kernel

    Observers of the kernel's commit stream or mailing lists will have seen a certain amount of traffic referring to the addition of SPDX license identifiers to kernel source files. For many, this may be their first encounter with SPDX. But the SPDX effort has been going on for some years; this article describes SPDX, along with why and how the kernel community intends to use it.

    On its face, compliance with licenses like the GPL seems like a straightforward task. But it quickly becomes complicated for a company that is shipping a wide range of software, in various versions, in a whole set of different products. Compliance problems often come about not because a given company wants to flout a license, but instead because that company has lost track of which licenses it needs to comply with and for which versions of which software. SPDX has its roots in an effort that began in 2009 to help companies get a handle on what their compliance obligations actually are.

    It can be surprisingly hard to determine which licenses apply to a given repository full of software. The kernel's COPYING file states that it can be distributed under the terms of version 2 of the GNU General Public License. But many of the source files within the kernel tell a different story; some are BSD licensed, and many are dual-licensed. Some carry an exception to make it clear that user-space programs are not a derived product of the kernel. Occasionally, files with GPL-incompatible licenses have been found (and fixed).

  • 4.15 Merge window part 1

    When he released 4.14, Linus Torvalds warned that the 4.15 merge window might be shorter than usual due to the US Thanksgiving holiday. Subsystem maintainers would appear to have heard him; as of this writing, over 8,800 non-merge changesets have been pulled into the mainline since the opening of the 4.15 merge window. Read on for a summary of the most interesting changes found in that first set of patches.

  • 4.15 Merge window part 2

    Despite the warnings that the 4.15 merge window could be either longer or shorter than usual, the 4.15-rc1 prepatch came out right on schedule on November 26. Anybody who was expecting a quiet development cycle this time around is in for a surprise, though; 12,599 non-merge changesets were pulled into the mainline during the 4.15 merge window, 1,000 more than were seen in the 4.14 merge window. The first 8,800 of those changes were covered in this summary; what follows is a look at what came after.

  • BPF-based error injection for the kernel

    Diligent developers do their best to anticipate things that can go wrong and write appropriate error-handling code. Unfortunately, error-handling code is especially hard to test and, as a result, often goes untested; the code meant to deal with errors, in other words, is likely to contain errors itself. One way of finding those bugs is to inject errors into a running system and watching how it responds; the kernel may soon have a new mechanism for doing this sort of injection.

    As an example of error handling in the kernel, consider memory allocations. There are few tasks that can be performed in kernel space without allocating memory to work with. Memory allocation operations can fail (in theory, at least), so any code that contains a call to a function like kmalloc() must check the returned pointer and do the right thing if the requested memory was not actually allocated. But kmalloc() almost never fails in a running kernel, so testing the failure-handling paths is hard. It is probably fair to say that a large percentage of allocation-failure paths in the kernel have never been executed; some of those are certainly wrong.

  • Tools for porting drivers

    Out-of-tree drivers are a maintenance headache, since customers may want to use them in newer kernels. But even those drivers that get merged into the mainline may need to be backported at times. Coccinelle developer Julia Lawall introduced the audience at Open Source Summit Europe to some new tools that can help make both forward-porting and backporting drivers easier.

    She opened her talk by noting that she was presenting step one in her plans, she hoped to be able to report on step two next year some time. The problem she is trying to address is that the Linux kernel keeps moving on. A vendor might create a driver for the 4.4 kernel but, over the next six months, the kernel will have moved ahead by another two versions. There are lots of changes with each new kernel, including API changes that require driver changes to keep up.

    That means that vendors need to continually do maintenance on their drivers unless they get them upstream, where they will get forward-ported by the community. But the reverse problem is there as well: once a device becomes popular, customers may start asking for it to run with older kernels too. That means backporting.

More in Tux Machines

Software and howtos

New: NuTyX 9.93 and Linux Mint 18.3

  • NuTyX 9.93 available with cards 2.3.105
    The NuTyX team is please to annonce the 9.93 release of NuTyX. NuTyX 9.92 comes with kernel LTS 4.14.6, glibc 2.26, gcc 7.2.0, binutils 2.29.1, python 3.6.0, xorg-server 1.19.5, qt 5.10.0, KDE plasma 5.11.3, KDE Framework 5.41.0, KDE Applications 17.12.0, mate 1.18.2, xfce4 4.12.4, firefox 57.0.2 Quantum, etc...
  • Linux Mint 18.3 'Sylvia' Xfce and KDE editions are available for download
    Linux Mint is killing the KDE version of its operaring system -- a move some people applaud. That's what makes the new 18.3 version -- named "Sylvia" -- so frustrating. It's bizarre to release a new version of an operating system that essentially has no future. But oh well, here we are. After a short beta period, the KDE distro is now available for download -- if you still care. I recommend that KDE loyalists just switch to Kubuntu or Netrunner, but I digress. Despite being the final version of Linux Mint KDE, it is still a great alternative to the consistently disappointing Windows 10. After all, it has been discovered that Microsoft is bundling a bug-ridden password-manager with its operating system without user consent! How can you trust such an OS?! Sigh.
  • Linux Mint 18.3 "Sylvia" KDE and Xfce Editions Officially Released, Download Now
    The Linux Mint team released the final Linux Mint 18.3 "Sylvia" Xfce and Linux Mint 18.3 "Sylvia" KDE editions to download, as well as an upgrade for existing Linux Mint 18.2 "Sonya" users. Previously in beta, the Linux Mint 18.3 "Sylvia" KDE and Xfce editions are now officially released and ready for production use. Just like the Cinnamon and MATE flavors, they are based on Canonical's long-term supported Ubuntu 16.04 LTS (Xenial Xerus) operating system and use the Linux 4.10 kernel by default for new installations.

GNU: Glibc, GIMP, GCC

  • Glibc 2.27 Lands Yet More Performance Optimizations
    Earlier this month I wrote how Intel engineers have been busy with continuing to tune glibc's performance with FMA and AVX optimizations. That work has continued but also other architectures continue tuning their GNU C Library performance ahead of the expected v2.27 update. There has been a ton of optimization work this cycle, particularly on the Intel/x86_64 front. For those with newer Intel 64-bit processors, this next glibc release is shaping up to be a speedy update.
  • GIMP PIcks Up Support For The New Flatpak/FreeDesktop.org Screenshot API
    Hot off the release of the new GIMP 2.9.8 and ahead of the expected GIMP 2.10 release candidates that are expected to begin, a new addition to GIMP is a plug-in supporting the new FreeDesktop.org/Flatpak screenshot API. The org.freedesktop.portal.Screenshot specification aims to be a screenshot API that will work not only cross-desktop (e.g. KDE, GNOME, etc) but also work for sandboxed applications (i.e. Flatpak) and also work regardless of whether you are using Wayland or X11.
  • GCC Prepares For Fortran 2018 Support
    The Fortran committee decided last month to rename the upcoming Fortran 2015 programming language update to Fortran 2018. GCC support is being prepped. With this updated programming language technical specification not expected to be published until mid-2018, the committee behind this long-standing programming language decided to rename Fortran 2015 to Fortran 2018. Fortran 2018 should further improve interoperability with C code, improve its parallel programming capabilities, support hexadecimal inputs/outputs, and other improvements over Fortran 2008.

Security: Hackers, Back Doors, Microsoft Scam and Bots

  • Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
    News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers. From conducting penetration tests and identifying vulnerabilities in software to providing companies with guidance about emerging threats, white hat hackers bring considerable value to organizations and play an instrumental role in helping them defend against today's advanced threats. White hats are highly coveted not only for their knowledge but also for their unique mindsets and ability to change corporate culture.
  • We need to talk about mathematical backdoors in encryption algorithms
    Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued. Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of data and communications. Backdooring encryption algorithms is considered as the best way to enforce cryptographic control. In defence of cryptography, researchers have set out to validate technology that underpins the secure exchange of information and e-commerce. Eric Filiol,  head of research at ESIEA, the operational cryptology and virology lab, argued that only implementation backdoors (at the protocol/implementation/management level) are generally considered. Not enough effort is being put into looking for mathematical backdoors or by-design backdoors, he maintains.
  • How a Dorm Room Minecraft Scam Brought Down the Internet
     

    Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.

  • Microsoft's Edge browser is in serious trouble
     

    Analytics firm Net Applications revised its methodology to cull bots from its browser share numbers and found that as much as half of the traffic to Edge on Windows 10 was artificially inflated.