Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 42 min ago

Ekstrand: Plumbing explicit synchronization through the Linux ecosystem

Wednesday 11th of March 2020 07:33:05 PM
For those who are interested in the details of graphics synchronization: Jason Ekstrand describes in detail the value of explicit synchronization, the reason why we can't have it now, and a proposal for eventually making it possible to go explicit. "Explicit synchronization is the future of graphics and media. At least, that seems to be the consensus among all the graphics people I've talked to. I had a chat with one of the lead Android graphics engineers recently who told me that doing explicit sync from the start was one of the best engineering decisions Android ever made. It's also the direction being taken by more modern APIs such as Vulkan."

Security updates for Wednesday

Wednesday 11th of March 2020 02:44:43 PM
Security updates have been issued by CentOS (qemu-kvm and sudo), Debian (chromium), Mageia (gpac, libseccomp, and tomcat), openSUSE (gd and postgresql10), Oracle (qemu-kvm), Red Hat (chromium-browser), Scientific Linux (qemu-kvm), Slackware (firefox), and SUSE (ipmitool, java-1_7_0-openjdk, librsvg, and tomcat).

[$] The Let's Encrypt certificate revocation scare

Tuesday 10th of March 2020 05:20:13 PM
The Let's Encrypt project has made real strides in helping to ensure that every web site can use the encrypted HTTPS protocol; it has provided TLS certificates at no charge that are accepted by most or all web browsers. Free certificates accepted by the browsers are something that was difficult to find prior to the advent of the project in 2014; as of the end of February, the project has issued over a billion certificates. But a bug that was recently found in the handling of Certificate Authority Authorization (CAA) by the project put roughly 2.6% of the active certificates—roughly three million—at risk of immediate revocation. As might be expected, that caused a bit of panic in some quarters, but it turned out that the worst outcome was largely averted.

Firefox 74.0

Tuesday 10th of March 2020 03:01:01 PM
The latest release of Firefox features some login management improvements, the ability to add custom sites to the Facebook Container, better privacy for web voice and video calls, and better add-on management. See the release notes for more information.

Security updates for Tuesday

Tuesday 10th of March 2020 02:32:42 PM
Security updates have been issued by Debian (libvpx and network-manager-ssh), Fedora (cacti, cacti-spine, and podman), openSUSE (chromium and python-bleach), Oracle (curl), Red Hat (ansible and qemu-kvm), SUSE (gd, ipmitool, and php7), and Ubuntu (runc and sqlite3).

[$] The short and long-term future of community conferences

Tuesday 10th of March 2020 12:53:49 AM
The Linux development community is spread out over the planet and interacts primarily through email and online systems. It is widely felt, though, that there is great value in getting people together in person occasionally to talk about current issues and get to know each other as people. This year, though, the coronavirus pandemic is disrupting the conference schedule to an extent that won't be known for some time. But there are longer-term concerns as well, to the point that the head organizer for one of the kernel community's most successful events is questioning whether it should continue to exist.

LibrePlanet 2020: In-person component canceled

Monday 9th of March 2020 11:38:11 PM
LibrePlanet was scheduled for March 14-15 but it has been canceled. "However, just because we won't be holding a conference in person this year doesn't mean that we've given up our fight to "free the future." Instead, LibrePlanet will be a fully free (as in freedom) virtual conference and livestream. We had an extremely exciting program planned, and we're going to try and maintain as much of that schedule as possible with all of the speakers who are willing and able to participate remotely. The resulting livestream will be run on and entirely accessible via free software, so that you can enjoy these amazing talks from the comfort of your home."

Chemnitzer Linux-Tage canceled

Monday 9th of March 2020 08:39:22 PM
The Chemnitzer Linux-Tage that was to take place March 14-15 has been canceled. "Whether we meet later this year or first in March 2021, we will discuss within the organization team in the next few days."

openSUSE Summit Dublin and SUSECON canceled

Monday 9th of March 2020 08:34:53 PM
The openSUSE Summit in Dublin, Ireland was scheduled for March 27-28. The event has been canceled due to travel bans. SUSECON is still scheduled for March 23-27, however it will be a digital event. The in-person meeting in Dublin has been canceled.

Security updates for Monday

Monday 9th of March 2020 02:45:51 PM
Security updates have been issued by Fedora (seamonkey), Mageia (apache-mod_auth_openidc, binutils, chromium-browser-stable, dojo, firejail, gcc, glib2.0, glibc, http-parser, ilmbase, libarchive, libgd, libsolv, mbedtls, pcre, pdfresurrect, php, proftpd, pure-ftpd, python-bleach, ruby-rake, transfig, weechat, and xen), openSUSE (chromium, ovmf, python-bleach, and yast2-rmt), Oracle (curl, http-parser, kernel, sudo, and xerces-c), Red Hat (chromium-browser and kernel-alt), Scientific Linux (sudo), and SUSE (gimp, kernel, and librsvg).

Kernel prepatch 5.6-rc5

Monday 9th of March 2020 01:42:04 PM
Linus has put out a high-altitude 5.6-rc5 prepatch release. "That said, everything looks mostly fine. I say 'mostly', because while nothing in particular looks worrisome, this rc5 is bigger than I'd have liked. In fact, it's not only bigger than rc4 was, but it's bigger than we historically are at this point."

systemd 245 released

Friday 6th of March 2020 04:02:17 PM
Systemd 245 is out. As usual, the list of new features is long; perhaps the one that has gained the most attention is systemd-homed:

A small new service systemd-homed.service has been added, that may be used to securely manage home directories with built-in encryption. The complete user record data is unified with the home directory, thus making home directories naturally migratable.

There is also a new database for holding user and group data and a systemd-repart tool for the management of partitions on storage-devices at boot time.

Announcing the start of DNF 5 development

Friday 6th of March 2020 03:49:25 PM
DNF, the Fedora package manager, is going to be significantly rewritten; it seems it is truly "development not finished" for now. "We've managed to drop a lot of redundant code across the whole DNF stack in the past years, but we have reached a point when it's nearly impossible to consolidate the code any further without breaking the API/ABI. Especially with PackageKit being dead, we can't move with the old 'libhif' API in libdnf, because making any bigger changes to PackageKit is clearly out of scope."

[$] Two new ways to read a file quickly

Friday 6th of March 2020 03:42:37 PM
System calls on Linux are relatively cheap, though the mitigations for speculative-execution vulnerabilities have made them more expensive than they once were. But even cheap system calls add up if one has to make a large number of them. Thus, developers have been working on ways to avoid system calls for a long time. Currently under discussion is a pair of ways to reduce the number of system calls required to read a file's contents, one of which is rather simpler than the other.

Security updates for Friday

Friday 6th of March 2020 02:03:18 PM
Security updates have been issued by Arch Linux (chromium, opensc, opensmtpd, and weechat), Debian (jackson-databind and pdfresurrect), Fedora (sudo), openSUSE (openfortivpn and squid), Red Hat (virt:8.1 and virt-devel:8.1), Scientific Linux (http-parser and xerces-c), and SUSE (gd, kernel, postgresql10, and tomcat).

Bouzas: PipeWire, the media service transforming the Linux multimedia landscape

Thursday 5th of March 2020 11:54:33 PM
Over on the Collabora blog, Julian Bouzas writes about PipeWire, which is a relatively new multimedia server for the Linux desktop and beyond. "PipeWire was originally created to only handle access to video resources and co-exist with PulseAudio. Earlier versions have already been shipping in Fedora for a while, allowing Flatpak applications to access video cameras and to implement screen sharing on Wayland. Eventually, PipeWire has ended up handling any kind of media, to the point of planning to completely replace PulseAudio in the future. The new 0.3 version is marked as a preview for audio support. But why replace PulseAudio? Although PulseAudio already provides a working intermediate layer to access audio devices, PipeWire has to offer more features that PulseAudio was not designed to deliver, starting with a better security model, which allows isolation between applications and secure access from within containers. Another interesting feature of PipeWire is that it unifies the two audio systems used on the desktop, JACK for low-latency professional audio and PulseAudio for normal desktop use-cases. PipeWire was designed to be able to accommodate both use cases, delivering very low latency, while at the same time not wasting CPU resources. This design also makes PipeWire a much more efficient solution than PulseAudio in general, making it a perfect fit for embedded use cases too."

Intel x86 Root of Trust: loss of trust

Thursday 5th of March 2020 11:02:03 PM
The Positive Technologies blog is reporting on an unfixable flaw the company has found in Intel x86 hardware that has the potential to subvert the hardware root of trust for a variety of processors. "The EPID [Enhanced Privacy ID] issue is not too bad for the time being because the Chipset Key is stored inside the platform in the One-Time Programmable (OTP) Memory, and is encrypted. To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS). However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time. When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted." Intel has said that it is aware of the problem (CVE-2019-0090), but since it cannot be fixed in the ROM, Intel is "trying to block all possible exploitation vectors"; the fix for CVE-2019-0090 only blocks one such vector, according to the blog post.

Stable kernels 5.5.8, 5.4.24, and 4.19.108

Thursday 5th of March 2020 09:27:05 PM
Greg Kroah-Hartman has announced the release of the 5.5.8, 5.4.24, and 4.19.108 stable kernels. There are fixes throughout the tree, as usual; users should upgrade.

[$] openSUSE's board turmoil

Thursday 5th of March 2020 04:05:09 PM
Like many larger free-software projects, openSUSE has an elected board that is charged with handling various non-technical tasks: organizing events, dealing with conduct issues, managing the project's money, etc. Sitting on such a board is usually a relatively low-profile activity; development communities tend to pay more attention to technical contributions than other types of service. Every now and then, though, board-related issues burst into prominence; that is the case now in the openSUSE project, which will be holding a special election after the abrupt resignation of one-third of its board.

KubeCon EU postponed; KubeCon China canceled

Thursday 5th of March 2020 02:54:16 PM
KubeCon + CloudNativeCon Europe 2020, which was originally scheduled for March 30-April 2 in Amsterdam, has been postponed until July or August due to COVID-19 concerns. In addition, KubeCon + CloudNativeCon China 2020, scheduled for July in Shanghai, has been canceled "due to the uncertainty around travel to China and our ability to assemble the speakers, sponsors, and attendees necessary for a successful event". It seems likely that these are not the last conferences that will be affected in our communities.

More in Tux Machines

Canonical Doubles Down on Raspberry Pi Support, Promises New Tools and Services

After publishing their roadmap last year in November and making it easier to download Ubuntu for Raspberry Pi in early February 2020, Canonical keeps on its promise to fully support Raspberry Pi devices for its Ubuntu Linux operating system with a plethora of upcoming goodies. First and foremost, the company behind Ubuntu added support for the latest Ubuntu 19.10 (Eoan Ermine) release for 32-bit Raspberry Pi 2, 3 and 4 models, as well as Compute Modules, and 64-bit Raspberry Pi 3 and 4 models. Read more

Telegram Desktop 2.0 Release Adds Chat Folders, New Animated Emoji

Telegram Desktop 2.0 arrives five months after the 1.9 series and more than three years after the 1.0 milestone. As expected, this is major update and introduces several new features. One of the biggest new feature of the Telegram Desktop 2.0 release include the ability to organize your chats into so-called “Chat Folders” whenever you think you have too many chats opened. Another interesting feature is support for creating custom folders with flexible settings. In addition, the client now also lets users use default recommendations when creating custom folders. Read more

Android Leftovers

Critical Linux Kernel Vulnerability Patched in Ubuntu 19.10 and 18.04.4 LTS

Discovered by Manfred Paul, the security vulnerability (CVE-2020-8835) was found in Linux kernel’s BPF (Berkeley Packet Filter) verifier, which incorrectly calculated register bounds for certain operations. This could allow a local attacker to either expose sensitive information (kernel memory) or gain administrative privileges and run programs as root user. The security issue affects all Ubuntu 19.10 (Eoan Ermine) and Ubuntu 18.04.4 LTS (Bionic Beaver) releases running Linux kernel 5.3 on 64-bit, Raspberry Pi, KVM, as well as cloud environments like AWS, Azure, GCP, GKE, and Oracle Cloud. Read more