Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 31 min ago

GNU Guix 1.2.0 released

10 hours 6 min ago
GNU Guix, a functional package manager and associated free software distribution, was introduced eight years ago. The 1.2.0 release celebrates the anniversary. "A major highlight in this release is the ability to authenticate channels, which probably makes Guix one of the safest ways to deliver complete operating systems today. This was the missing link in our “software supply chain” and we’re glad it’s now fixed. The end result is that guix pull and related commands now cryptographically authenticate channel code that they fetch; you cannot, for instance, retrieve unauthorized commits to the official Guix repository."

Huang: Evaluating Precursor’s Hardware Security

10 hours 22 min ago
For those who are interested in security at the hardware level, this blog post from Andrew 'bunnie' Huang is well worth a read. "Despite any claims you may have heard otherwise, tamper resistance is a largely unsolved problem. Any secrets committed to a non-volatile format are vulnerable to recovery by a sufficiently advanced adversary. The availability of near-atomic level microscopy, along with sophisticated photon and phonon based probing techniques, means that a lab equipped with a few million dollars worth of top-notch gear and well-trained technicians has a good chance of recovering secret key material out of virtually any non-volatile storage media. The hard part is figuring out where the secrets are located on the chip."

Security updates for Monday

12 hours 18 min ago
Security updates have been issued by Debian (cimg, golang-1.7, golang-1.8, krb5, mediawiki, mupdf, php-pear, samba, thunderbird, and zabbix), Fedora (chromium, krb5, microcode_ctl, pngcheck, and rpki-client), Mageia (librepo, postgresql, python-twisted, raptor2, tcpdump, and thunderbird), openSUSE (blueman, java-11-openjdk, moinmoin-wiki, python, rmt-server, SDL, and tcpdump), Red Hat (chromium-browser and thunderbird), SUSE (c-ares, ceph, dash, firefox, java-1_8_0-openjdk, postgresql10, postgresql12, postgresql96, u-boot, and ucode-intel), and Ubuntu (openldap).

Kernel prepatch 5.10-rc5

Monday 23rd of November 2020 12:24:21 AM
The 5.10-rc5 kernel prepatch is out. "The 5.10 release candidates stubbornly keeps staying fairly big, even though by rc5 we really should be seeing things starting to calm down and shrink. There's nothing in here that makes me particularly nervous, but in pure numbers of commits, this is the largest rc5 we've had in the 5.x series."

Some weekend stable kernel updates

Sunday 22nd of November 2020 05:20:46 PM
The 5.9.10, 5.4.79, 4.19.159, 4.14.208, 4.9.245, and 4.4.245 stable kernel updates are all available. Each contains another set of important fixes, as usual.

[$] epoll_pwait2(), close_range(), and encoded I/O

Friday 20th of November 2020 05:50:30 PM
The various system calls and other APIs that the kernel provides for access to files and filesystems has grown increasingly comprehensive over the years. That does not mean, though, that there is no need or room for improvement. Several relatively small additions to the kernel's filesystem-related API are under consideration in the development community; read on for a survey of some of this work.

Security updates for Friday

Friday 20th of November 2020 02:06:35 PM
Security updates have been issued by CentOS (firefox), Fedora (chromium, microcode_ctl, mingw-libxml2, seamonkey, and xen), openSUSE (slurm_18_08 and tor), Oracle (thunderbird), SUSE (buildah, firefox, go1.14, go1.15, krb5, microcode_ctl, perl-DBI, podman, postgresql12, thunderbird, ucode-intel, wireshark, wpa_supplicant, and xen), and Ubuntu (firefox and phpmyadmin).

Paalanen: Developing Wayland Color Management and High Dynamic Range

Friday 20th of November 2020 01:13:48 AM
Over on the Collabora blog, Pekka Paalanen writes about adding color management and high dynamic range (HDR) support to the Wayland display server protocol. X11 already has support for color management tools and workflow, but not HDR, and Wayland currently doesn't support either, but Paalanen and others are working to change that. "As color management is all about color spaces and gamuts, and high dynamic range (HDR) is also very much about color spaces and gamuts plus extended luminance range, Sebastian [Wick] and I decided that Wayland color management extension should cater for both from the beginning. Combining traditional color management and HDR is a fairly new thing as far as I know, and I'm not sure we have much prior art to base upon, so this is an interesting research journey as well. There is a lot of prior art on HDR and color management separately, but they tend to have fundamental differences that makes the combination not obvious."

GCompris releases version 1.0 to celebrate 20 years

Friday 20th of November 2020 12:16:59 AM

The GCompris project, which provides a "high quality educational software suite, including a large number of activities for children aged 2 to 10", has announced its 1.0 release, which celebrates the 20th anniversary of the project. It includes more than 100 activities, a new Dataset selection in the Activity Settings menu for more than 50 activities, and four new activities, including an Analog Electricity activity to simulate and learn about circuits. KDE.news covered the release: "We have built the activities to follow the principles of 'nothing succeeds like success' and that children, when learning, should be challenged, but not made to feel threatened. Thus, GCompris congratulates, but does not reprimand; all the characters the child interacts with are friendly and supportive; activities are brightly colored, contain encouraging voices and play upbeat, but soothing music. The hardware requirements for running GCompris are extremely low and it will run fine on older computers or low-powered machines, like the Raspberry Pi. This saves you and your school from having to invest in new and expensive equipment and it is also eco-friendly, as it reduces the amount of technological waste that is produced when you have to renew computers to adapt to more and more power-hungry software. GCompris works on Windows, Android and GNU/Linux computers, and on desktop machines, laptops, tablets and phones."

[$] ID mapping for mounted filesystems

Thursday 19th of November 2020 06:03:10 PM
Almost every filesystem (excepting relics like VFAT) implements the concept of the owner and group of each file; the higher levels of the operating system then use that information to control access to those files. For decades, it has usually sufficed to track a single owner and group for each file, but there is an increasing number of use cases wanting to make that ownership relative to the environment any given process is running in. Developers have been working for a few years to find solutions to this problem; the latest attempt is the ID-mapped mounts patch set from Christian Brauner.

Six new stable kernels

Thursday 19th of November 2020 03:47:57 PM
Greg Kroah-Hartman has released the 5.9.9, 5.4.78, 4.19.158, 4.14.207, 4.9.244, and 4.4.244 stable kernels. They all contain important fixes throughout the kernel tree; users of those series should upgrade.

Rust 1.48.0 released

Thursday 19th of November 2020 03:17:01 PM
Version 1.48.0 of the Rust language has been released. The biggest change appears to be improvements to the documentation system, but there's more: "The most significant API change is kind of a mouthful: [T; N]: TryFrom<Vec<T>> is now stable. What does this mean? Well, you can use this to try and turn a vector into an array of a given length".

Security updates for Thursday

Thursday 19th of November 2020 02:15:22 PM
Security updates have been issued by Arch Linux (chromium and firefox), CentOS (bind, curl, fence-agents, kernel, librepo, libvirt, microcode_ctl, python, python3, qt and qt5-qtbase, resource-agents, and tomcat), Debian (drupal7, firefox-esr, jupyter-notebook, packer, python3.5, and rclone), Fedora (firefox), Mageia (firefox, nss), openSUSE (gdm, kernel-firmware, and moinmoin-wiki), Oracle (net-snmp), SUSE (libzypp, zypper), and Ubuntu (c-ares).

[$] LWN.net Weekly Edition for November 19, 2020

Thursday 19th of November 2020 01:23:10 AM
The LWN.net Weekly Edition for November 19, 2020 is available.

[$] OpenWrt and self-signed certificates

Wednesday 18th of November 2020 09:58:49 PM
The move to secure most or all of web traffic using HTTPS is generally a good thing; lots of personal information is exchanged via web browsers, after all. Using HTTPS requires web sites to have TLS certificates, however, which has sometimes been an impediment, though Let's Encrypt has generally solved that problem for many. But there are systems out there that may need the HTTPS protection before their owners even have a chance to procure a certificate, IoT devices and home routers, for example. An October discussion among OpenWrt developers explored this problem a bit.

Security updates for Wednesday

Wednesday 18th of November 2020 04:05:25 PM
Security updates have been issued by openSUSE (opera and raptor), Oracle (bind, bluez, firefox, microcode_ctl, and thunderbird), Red Hat (firefox, net-snmp, and thunderbird), SUSE (java-11-openjdk and tcpdump), and Ubuntu (firefox, krb5, and libvncserver, vino).

No more Flash support in Firefox

Wednesday 18th of November 2020 03:45:15 PM
Mozilla has announced that the Adobe Flash era is coming to an end. "Firefox version 84 will be the final version to support Flash. On January 26, 2021 when we release Firefox version 85, it will ship without Flash support, improving our performance and security." One suspects that few people will miss this support.

[$] Changed-block tracking and differential backups in QEMU

Tuesday 17th of November 2020 04:33:00 PM
The block layer of QEMU, the open-source machine emulator and virtualizer, forms the backbone of many storage virtualization features: the QEMU Copy-On-Write (QCOW2) disk-image file format, disk image chains, point-in-time snapshots, backups, and more. At the recently concluded 2020 KVM Forum virtual event, Eric Blake gave a talk on the current work in QEMU and libvirt to make differential backups more powerful. As the name implies, "differential backups" address the efficiency problems of full disk backups: space usage and speed of backup creation.

Security updates for Tuesday

Tuesday 17th of November 2020 04:00:37 PM
Security updates have been issued by Debian (libdatetime-timezone-perl, openldap, pacemaker, and restic), Fedora (libmediainfo, mediainfo, mingw-python3, and seamonkey), Gentoo (libexif), openSUSE (raptor), Oracle (kernel and microcode_ctl), Scientific Linux (firefox), SUSE (kernel-firmware, postgresql, postgresql96, postgresql10 and postgresql12, and raptor), and Ubuntu (openldap and postgresql-10, postgresql-12, postgresql-9.5).

Firefox 83.0 released

Tuesday 17th of November 2020 03:36:32 PM
Version 83.0 of the Firefox browser is out. Headline features include a new HTTPS-only mode, JavaScript performance improvements, and more; see the release notes for details.

More in Tux Machines

today's howtos

  • How to install MySQL server on CentOS 8 Linux - nixCraft

    How do I install MySQL server 8.0 on CentOS 8 Linux server running on Linode and AWS cloud? How do I add and set up a new MySQL user and database account on the newly created CentOS server? Oracle MySQL server version 8.0 is a free and open-source free database server. It is one of the most popular database system used in web apps and websites on the Internet. Typically MySQL is part of the LAMP (Linux, Apache/Nginx, MySQL, Perl/Python/PHP) stack. Popular open-source software such as WordPress, MediaWiki, and others profoundly used by MySQL as a database storage engine. Let us see how to install MySQL server version 8.x on CentOS 8 Linux server.

  • Linux Fu: VPN For Free With SSH | Hackaday

    If you see a lot of banner ads on certain websites, you know that without a Virtual Private Network (VPN), hackers will quickly ravage your computer and burn down your house. Well, that seems to be what they imply. In reality, though, there are two main reasons you might want a VPN connection. You can pay for a service, of course, but if you have ssh access to a computer somewhere on the public Internet, you can set up your own VPN service for no additional cost. The basic idea is that you connect to a remote computer on another network and it makes it look like all your network traffic is local to that network. The first case for this is to sidestep or enhance security. For example, you might want to print to a network printer without exposing that printer to the public Internet. While you are at the coffee shop you can VPN to your network and print just like you were a meter away from the printer at your desk. Your traffic on the shop’s WiFi will also be encrypted.

  • YANUB: yet another (nearly) useless blog: QSoas tips and tricks: using meta-data, first level

    By essence, QSoas works with \(y = f(x)\) datasets. However, in practice, when working with experimental data (or data generated from simulations), one has often more than one experimental parameter (\(x\)). For instance, one could record series of spectra (\(A = f(\lambda)\)) for different pH values, so that the absorbance is in fact a function of both the pH and \(\lambda\). QSoas has different ways to deal with such situations, and we'll describe one today, using meta-data. [...] QSoas is a powerful open source data analysis program that focuses on flexibility and powerful fitting capacities. It is released under the GNU General Public License. It is described in Fourmond, Anal. Chem., 2016, 88 (10), pp 5050–5052. Current version is 2.2. You can download its source code there (or clone from the GitHub repository) and compile it yourself, or buy precompiled versions for MacOS and Windows there.

  • Many ways to sort file content on Linux

    The Linux sort command can arrange command output or file content in a lot more ways than you might realize--alphabetically, numerically, by month and randomly are only some of the more interesting choices. In this post, we take a look at some of the more useful sorting options and explain how they differ.

  • How to install Luminance HDR

    Luminance HDR is an open-source GUI tool that provides an easy to use toolkit for HDR imaging. It is available on all major Linux operating systems and is excellent for photographers. In this guide, we will go over how to install Luminance HDR on Linux.

  • How to add a WordPress user sign up - Anto Online

    Adding an external user sign up page on a website allows users to register for different roles. Once registered, they can perform tasks such as adding new articles, new comments, and even performing other actions such as designing. Allowing a user to sign up is a common thing for bloggers and companies that accept guest posts. However, this feature can also be used to offer premium content for your members. But, this may require more custom fields and branding. The default WordPress sign up page contains fixed fields and a WordPress logo.

  • How to install Lyrebird on a Chromebook - a Discord Voice Changer

    Today we are looking at how to install Lyrebird, a voice changer for Discord on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • How to play Brawlhalla on Linux

    Brawlhalla is a free-to-play 2D fighting game. It was developed by Blue Mammoth Games, published by Ubisoft, and released on Nintendo Switch, Xbox One, PS4, and PC. In this guide, we’ll show you how to play it on Linux.

Games: RetroArch, PulseAudio, Anarch

  • You can now try the RetroArch Playtest on Steam for Linux | GamingOnLinux

    With the awesome RetroArch application for running emulators and all sorts coming to Steam, they now have a Playtest available you can opt into to try it out. Using the new dedicated Steam Playtest feature announced by Valve in early November, developers can have a banner on their Steam store page letting users request access. So the Libretro team have put this up, and as of today it also has Linux builds available for testing.

  • PulseAudio 14.0 Released With Better USB Gaming Headset Support - Phoronix

    While in 2021 we might begin to see PipeWire replacing PulseAudio by default at least on bleeding-edge distributions like Fedora, for now PulseAudio still is the dominant sound server used by desktop Linux distributions. Rolling out today is PulseAudio 14.0. PulseAudio 14.0 comes with many changes compared to PulseAudio 13.0 that shipped all the way back in September of 2019.

  • "Anarch", a new, public-domain Doom-like game coded from scratch in <256K

    I've argued that the video-game "Doom" is a sort of cultural version of Turing Completeness. Given that we're jamming computers and screens into just about any device these days, inevitably (and delightfully) someone gets it to run Doom: Watches, digital cameras, ATMs, pregnancy sticks. But you know what's even cooler? Creating your own new, original game in the exactly style of Doom, and making it so wildly resource-efficient that it fits in under 256K and will run on just about any computational device around. That's what the programmer Miloslav Číž has done, with his new game "Anarch". You can play it in your browser here or download it here; I just blasted away in it for a while, and it's a hoot — he neatly channels the mechanics and twitchy low-rez aesthetics of the original. Gameplay trailer is here; he put it in the public domain, and the code is all here on Gitlab.

Announcing Istio 1.6.14

This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.6.13 and Istio 1.6.14 Read more More:

  • ISTIO-SECURITY-2020-011
  • Support for Istio 1.6 has ended

    As previously announced, support for Istio 1.6 has now officially ended. At this point we will no longer back-port fixes for security issues and critical bugs to 1.6, so we heartily encourage you to upgrade to the latest version of Istio (1.8) if you haven’t already.

Moving into the future with the FSF tech team

The FSF is well-known for spearheading the advocacy and support of free software, not just by recommending it in the face of pervasive proprietary options, but also by condemning nonfree software altogether. Following this recommendation is hard, even for us, because of the ever-increasing dependency on software and computer networks that we are all subject to. To follow through with our commitment, our tech team maintains a large list of services that many other offices our size would have long ago been wrongly pressured into transferring to one of the handful of gigantic corporations that monopolize those services. Your work email account is most likely implemented through Gmail or Outlook; your office's software is likely to be served by Amazon Web Services, along with all the data backups; your company's customer service is likely to be managed through Salesforce or SAP, and so on. Make no mistake, this is true for your local government and school networks, too! In contrast, at the FSF, we never jumped on the outsourcing wagon, and we don't use any Service as a Software Substitute (SaaSS) in our operations. We run our own email servers, telephony and fax service, print shop, full server stack, backups, networking, systems monitoring, accounting, customer relationship management (CRM) software, and a long list of other tasks and software development projects, with a team of just four extremely dedicated technicians. And we implement this on hardware that has been carefully evaluated to meet very high ethical standards, criteria that we push for vendors to achieve through our "Respects Your Freedom" certification program. Read more