Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 7 min 6 sec ago

Mozilla’s 2019 Internet Health Report

3 hours 40 min ago
The Mozilla Blog introduces Mozilla's 2019 Internet Health Report. "In the Report’s three spotlight articles, we unpack three big issues: One examines the need for better machine decision making — that is, asking questions like Who designs the algorithms? and What data do they feed on? and Who is being discriminated against? Another examines ways to rethink the ad economy, so surveillance and addiction are no longer design necessities. The third spotlight article examines the rise of smart cities, and how local governments can integrate tech in a way that serves the public good, not commercial interests."

[$] On technological liberty

3 hours 50 min ago

In his keynote at the 2019 Legal and Licensing Workshop (LLW), longtime workshop participant Andrew Wilson looked at the past, but he went much further back than, say, the history of free software—or even computers. His talk looked at technological liberty in the context of classical liberal philosophic thinking. He mapped some of that thinking to the world of free and open-source software (FOSS) and to some other areas where our liberties are under attack.

Security updates for Wednesday

6 hours 4 min ago
Security updates have been issued by Arch Linux (dovecot, flashplugin, ghostscript, and jenkins), Fedora (glpi, hostapd, python-urllib3, and znc), openSUSE (apache2, audiofile, libqt5-qtvirtualkeyboard, php5, and SDL2), Scientific Linux (kernel), SUSE (curl and dovecot23), and Ubuntu (advancecomp and freeradius).

[$] The sustainability of open source for the long term

Tuesday 23rd of April 2019 03:50:07 PM

The problem of "sustainability" for open-source software is a common topic of conversation in our community these days. We covered a talk by Bradley Kuhn on sustainability a month ago. Another longtime community member, Luis Villa, gave his take on the problem of making open-source projects sustainable at the 2019 Legal and Licensing Workshop (LLW) in Barcelona. Villa is one of the co-founders of Tidelift, which is a company dedicated to helping close the gap so that the maintainers of open-source projects get paid in order to continue their work.

Security updates for Tuesday

Tuesday 23rd of April 2019 03:01:39 PM
Security updates have been issued by CentOS (java-1.7.0-openjdk), Debian (ghostscript and wget), Gentoo (apache, glib, opendkim, and sqlite), Red Hat (kernel, kernel-alt, kernel-rt, ovmf, polkit, and python27-python), Scientific Linux (java-1.7.0-openjdk), and SUSE (php72).

[$] SGX: when 20 patch versions aren't enough

Tuesday 23rd of April 2019 03:00:01 PM
Intel's "Software Guard Extensions" (SGX) feature allows the creation of encrypted "enclaves" that cannot be accessed from the rest of the system. Normal code can call into an enclave, but only code running inside the enclave itself can access the data stored there. SGX is pitched as a way of protecting data from a hostile kernel; for example, an encryption key stored in an enclave should be secure even if the system as a whole is compromised. Support for SGX has been under development for over three years; LWN covered it in 2016. But, as can be seen from the response to the latest revision of the SGX patch set, all that work has still not answered an important question: what protects the kernel against a hostile enclave?

A year with Spectre: a V8 perspective

Tuesday 23rd of April 2019 01:29:04 PM
Here's an article on the V8 blog describing the work that was done to mitigate Spectre vulnerabilities in the V8 JavaScript engine. "Our research reached the conclusion that, in principle, untrusted code can read a process’s entire address space using Spectre and side channels. Software mitigations reduce the effectiveness of many potential gadgets, but are not efficient or comprehensive. The only effective mitigation is to move sensitive data out of the process’s address space."

A Goodbye to Joe Armstrong

Monday 22nd of April 2019 04:10:00 PM
The Erlang community mourns the loss of Joe Armstrong, known as the father of Erlang. "He was part of the Erlang landscape, always interested in what people had to say. His passion and enjoyment about the craft, even in his 60s, was still high up at levels I don't even know I ever had or will ever have, and I have to say I am envious of him for that. I don't know what it will be like to have this community without him around. He was humble. He was approachable. He was excited. He was creative. His legacy is not just in code, but in the communities in which he instantly became a central part. He will be missed."

Security updates for Monday

Monday 22nd of April 2019 02:54:30 PM
Security updates have been issued by CentOS (java-1.8.0-openjdk and java-11-openjdk), Debian (clamav, debian-security-support, and drupal7), Fedora (egl-wayland, elementary-camera, elementary-code, elementary-terminal, ephemeral, geocode-glib, gnome-characters, gnome-shell-extension-gsconnect, group-service, libmodulemd, libxmlb, mate-user-admin, mesa, meson, mpris-scrobbler, reportd, switchboard-plug-display, switchboard-plug-pantheon-shell, wingpanel, and wireshark), openSUSE (blueman and glibc), and Red Hat (java-1.7.0-openjdk).

The end of Scientific Linux

Monday 22nd of April 2019 01:49:01 PM
Fermilab has maintained Scientific Linux, a derivative of Red Hat Enterprise Linux, for many years. That era is coming to an end, though: "Toward that end, we will deploy CentOS 8 in our scientific computing environments rather than develop Scientific Linux 8. We will collaborate with CERN and other labs to help make CentOS an even better platform for high-energy physics computing." Maintenance of the SL6 and SL7 distributions will continue as scheduled.

Debian project leader election 2019 results

Monday 22nd of April 2019 01:46:26 PM
The election for the Debian project leader has concluded; the leader for the next year will be Sam Hartman. See this page for the details of the vote.

Kernel prepatch 5.1-rc6

Sunday 21st of April 2019 11:41:41 PM
The 5.1-rc6 kernel prepatch is out for testing. "It's Easter Sunday here, but I don't let little things like random major religious holidays interrupt my kernel development workflow. The occasional scuba trip? Sure. But everybody sitting around eating traditional foods? No. You have to have priorities."

Weekend stable kernel updates

Saturday 20th of April 2019 02:50:37 PM
The 5.0.9, 4.19.36, 4.14.113, and 4.9.170 stable kernel updates have all been released. These moderately large updates contain yet another set of important fixes.

[$] Implementing fully immutable files

Friday 19th of April 2019 02:57:19 PM
Like all Unix-like systems, Linux implements the traditional protection bits controlling who can access files in a filesystem (and what access they have). Fewer users, perhaps, are aware of a set of additional permission bits hidden away behind the chattr and lsattr commands. Among other things, these bits can make a file append-only, mark a file to be excluded from backups, cause a file's data to be automatically overwritten on deletion, or make a file immutable. The implementation of many of these features is incomplete at best, so perhaps it's not surprising that immutable files can still be changed in certain limited circumstances. Darrick Wong has posted a patch set changing this behavior, implementing a user-visible behavioral change that he describes as "an extraordinary way to destroy everything".

Security updates for Friday

Friday 19th of April 2019 12:45:45 PM
Security updates have been issued by Fedora (atomic-reactor and osbs-client), openSUSE (libqt5-qtbase, lxc, tar, wget, and xmltooling), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (php5), and Ubuntu (znc).

[$] Tracking pages from get_user_pages()

Thursday 18th of April 2019 04:01:49 PM
As has been recently discussed here, developers for the filesystem and memory-management subsystems have been grappling for years with the problems posed by the get_user_pages() mechanism. This function maps memory into the kernel's address space for direct access by the kernel or peripheral devices, but that kind of access can create confusion in the filesystem layers, which may not be expecting that memory to be written to at any given time. A new patch set from Jérôme Glisse tries to chip away at a piece of the problem, but a complete solution is not yet in view.

Ubuntu 19.04 (Disco Dingo) released

Thursday 18th of April 2019 01:34:58 PM
Ubuntu 19.04, code named "Disco Dingo", has been released, along with the following flavors: Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu. "The Ubuntu kernel has been updated to the 5.0 based Linux kernel, our default toolchain has moved to gcc 8.3 with glibc 2.29, and we've also updated to openssl 1.1.1b and gnutls 3.6.5 with TLS1.3 support. Ubuntu Desktop 19.04 introduces GNOME 3.32 with increased performance, smoother startup animations, quicker icon load times and reduced CPU+GPU load. Fractional scaling for HiDPI screens is now available in Xorg and Wayland. Ubuntu Server 19.04 integrates recent innovations from key open infrastructure projects like OpenStack Stein, Kubernetes, and Ceph with advanced life-cycle management for multi-cloud and on-prem operations, from bare metal, VMware and OpenStack to every major public cloud." More information can be found in the release notes.

OpenSSH 8.0 released

Thursday 18th of April 2019 01:11:27 PM
OpenSSH 8.0 has been released with a bunch of new features and some bug fixes, including one for a security problem: "This release contains mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111): when copying files from a remote system to a local directory, scp(1) did not verify that the filenames that the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files with attacker-controlled content. This release adds client-side checking that the filenames sent from the server match the command-line request, The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead."

Security updates for Thursday

Thursday 18th of April 2019 12:58:58 PM
Security updates have been issued by CentOS (polkit), Gentoo (dovecot, libseccomp, and patch), openSUSE (aubio, blktrace, flac, lxc, lxcfs, pspp, SDL, sqlite3, and xen), Red Hat (java-1.8.0-openjdk, java-11-openjdk, and rh-maven35-jackson-databind), Scientific Linux (java-1.8.0-openjdk), Slackware (libpng), SUSE (python, python3, sqlite3, and xerces-c), and Ubuntu (ntfs-3g).

[$] LWN.net Weekly Edition for April 18, 2019

Thursday 18th of April 2019 01:09:43 AM
The LWN.net Weekly Edition for April 18, 2019 is available.

More in Tux Machines

OpenBSD 6.5 Released With RETGUARD, OpenRSYNC

OpenBSD 6.5 was released today, about one week ahead of schedule for this security-minded BSD operating system. OpenBSD 6.5 is bringing several prominent new features including RETGUARD as its new stack protector and OpenRSYNC as its ISC-licensed in-progress replacement to rsync. OpenBSD 6.5's new RETGUARD functionality aims to be a better stack protector on x86_64 and AArch64 with instrumenting every function return with better security properties than their traditional stack protector. Read more Also: OpenBSD 6.5

Development kit showcases Cortex-A76 based Snapdragon 855

Intrinsyc has launched a 96Boards CE form-factor “Snapdragon 855 Mobile HDK” that runs Android 9 on a 7nm, octa-core Snapdragon 855 with GNSS, WiFi/BT, and optional touchscreens and cameras. Intrinsyc’s Qualcomm Snapdragon 855 Mobile Hardware Development Kit is now available for $1,149, offering a development window into Qualcomm’s powerful Snapdragon 855 SoC. The new HDK runs the latest Android 9.0 Pie release. Read more

Sad News! Scientific Linux is Being Discontinued

Scientific Linux, a distributions focused on scientists in high energy physics field, will not be developed anymore. It’s creator, Fermilab, is replacing it by CentOS in its labs. Read more

today's leftovers

  • Announcing Akademy 2019 in Milan, Italy (September 7th - 13th)
    Akademy 2019 will be held at the University of Milano-Bicocca in Milan, Italy, from Saturday the 7th to Friday the 13th of September. The conference is expected to draw hundreds of attendees from the global KDE community to discuss and plan the future of the community and its technology. Many participants from the broad Free and Open Source software community, local organizations and software companies will also attend. KDE e.V. is organizing Akademy 2019 with unixMiB — the Linux User Group of the University of Milano-Bicocca. unixMiB aims to spread Open Source philosophy among students.
  • Checking out Crunchbang++
  • Intel Iris Gallium3D Picks Up Conservative Rasterization Support
    On top of Intel's new open-source OpenGL driver seeing some hefty performance optimizations, the Iris Gallium3D driver has picked up another OpenGL extension ahead of the Mesa 19.1 branching.  Iris Gallium3D now supports INTEL_conservative_rasterization alongside the existing support in the i965 driver. INTEL_conservative_rasterization is the several year old Intel extension for seeing if all fragments are at least partially covered by a polygon rather than the default rasterization mode of including fragments with at least one sample covered by a polygon.