Language Selection

English French German Italian Portuguese Spanish

September 2019

Linux 5.4-rc1

Filed under
Linux

I didn't really extend the merge window by a day here, but I gave
myself an extra day to merge my pending queue. Thus the Monday date
for the rc1 rather than the usual Sunday afternoon.

And it wasn't all _that_ big or painful a merge window, for some
reason I just didn't get to the end of the queue until fairly late in
the second week, and continued to get a few more pull requests even
then. Part of it was just other discussions too happening, so I didn't
do _just_ merges all the time. But part of it was just that I also
spent some of Sunday away from the computer, doing some welding
instead.

Anyway, what I'm saying is that the Monday rc1 isn't really a sign of
any real trouble or more issues than usual. More just random timing.

Size-wise, 5.4 looks to shape up very regular. It's almost exactly the
same size as 5.3 was at the same stage, both in commits and in lines
added (honestly in advertising: 5.3 had more lines removed mainly due
to some isdn removal). Nothing major stands out, the most notable may
be the long-pending lockdown patches that weren't all that big, but
that now finally aren't tied to just EFI secure boot, so you can test
them out other ways too.

Read more

Also: The 5.4-rc1 kernel is out

Linux 5.4-rc1 Kernel Steps Forward With Next-Gen GPU Bits, Arm Laptop Support & exFAT

Manjaro Linux makes two bold moves

Filed under
Linux

Manjaro has had one heck of a ride lately. Recently, the Arch-based Linux distribution went from being just that (an Arch-based Linux distribution) to a full-blown company: Manjaro GmbH & Co. KG. The move was to shift the distribution from being a hobby project to something that should (and will) be taken seriously.

In fact, Philip Müller said he'd been researching "ways to secure the project in its current form and how to allow for activities which can't be undertaken as a 'hobby project.'" What this boils down to is that the Manjaro developers could now focus on the desktop Linux distribution full time, all the while getting paid for their efforts.

Read more

Raspberry Pi OS Raspbian Improves Raspberry Pi 4 Support, Adds Many Improvements

Filed under
Linux

Raspbian 2019-09-26 images are now available to download and they include the rpi-eeprom tool, which will automatically update the SPI EEPROM on the new Raspberry Pi 4 computer to the latest stable version. Furthermore, it adds overscan support added for FKMS driver, and improves Bluetooth connection with audio devices by adding the latest changes to the Bluez ALSA interface.

Furthermore, the Audio Settings tool has been modified to integrate more closely with the Volume plugin, which now lets users switch audio input devices, as well as the audio output between two HDMI devices. Support for more audio devices has been added as well in Raspbian 2019-09-26 by implementing "plug" values in the ALSA configuration file (.asoundrc).

Read more

Android Leftovers

Filed under
Android

The Xeon vs. EPYC Performance With Intel's oneAPI Embree & OSPray Render Projects

With Intel seemingly ramping up work on their open-source OSPray portable ray-tracing engine now that they have pulled it under their oneAPI umbrella as part of a forthcoming rendering tool-kit, I figured it would be the latest interesting candidate for benchmarking of AMD EPYC 7742 vs. Intel Xeon Platinum 8280 performance. In addition, the Embree ray-tracing kernels are also being benchmarked as part of this performance comparison.

Intel's oneAPI is expected to see a beta release next quarter and among the libraries making up the oneAPI Rendering Toolkit will be OSPray and Embree. The OSPRay ray-tracing engine is geared for scientific visualizations and supports a wide range of features all while being open-source under the Apache 2.0 license. OSPray also builds off Embree itself as well as the Intel SPMD Program Compiler (ISPC). The SPMD Program Compiler is for Intel's C-derived language optimized for SIMD on their modern architectures.

Read more

Security in Linux 5.4

Filed under
Linux
Security

Security Updates

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by CentOS (dovecot, kernel, and qemu-kvm), Debian (cimg, cups, e2fsprogs, exim4, file-roller, golang-1.11, httpie, and wpa), Fedora (curl, ghostscript, ibus, krb5, mod_md, and nbdkit), Mageia (chromium-browser-stable, libheif, and nghttp2), openSUSE (djvulibre, expat, libopenmpt, mosquitto, phpMyAdmin, and webkit2gtk3), Red Hat (nodejs:10), SUSE (gpg2), and Ubuntu (e2fsprogs and exim4).

  • Exim 4.92.3 security release

    Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-based buffer overflow in string_vformat that could lead to remote code execution. "The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist."

  • pam-python: local root escalation (CVE-2019-16729)

    Last week the openSUSE Security Team spent some time to check and review the PAM module from the pam-python project. Main reason for that – to make sure that the source code of the project is secure enough and bug free of course. Badly implemented PAM modules may cause user authentication to always succeed or otherwise badly influence security.

Exaile Music Player Got Its First Release in 4 Years, And I Didn’t Even Notice!

Filed under
Software

It turns out that this long-forgotten music library-come-player quietly squeaked back into life in the summer with the release of Exaile 4.0.0.

Exaile, for those who don’t know about it, is a GTK-based music player that was (arguably) most popular during the “halcyon” days of omg! in 2009-2012, aka the era of apps like CoverGloobus, Docky, eMeSeNe, Songbird, et al.

But the player (like other great apps of its time) soon faded from earshot as the music player scene solidified around apps like Banshee and Clementine and music streaming services like Spotify, Pandora and Deezer.

Read more

Microsoft Loves Linux Needs More Work Argues Open Source Leader

Filed under
GNU
Microsoft

Microsoft has increasingly embraced Linux in recent years, enough for Redmond to run under the mantra, “Microsoft Loves Linux”. Of course, the reason for the sea change from hating open source to embracing it is simply good economic movement.

Despite its new-found love for Linux, one expert believes Microsoft has a long way to go to atone for past problems. Specifically, free-software leader Richard Stallman says Microsoft’s top execs previously targeted open source in the past.

Most famous of the Linux attacks was former Microsoft CEO Steve Ballmer, who described the platform as a “cancer”. Former Windows chief Jim Allchin said the open source idea was both un-American and a killer of intellectual property.

Read more

More in Tux Machines

Darktable 3.2 Open-Source RAW Image Editor Released with Major New Features

Darktable 3.2.1 is now available and it’s the first major update to the application since the introduction of the 3.0 series. If you’re asking, there wasn’t a 3.2.0 release, nor a 3.1 release. The development team jumped straight to the 3.2.1 version number from version 3.0.2, which you’re probably using right now on your GNU/Linux distribution, because of a last minute bug in the 3.2.0 release. But don’t let the version number fool you, because Darktable 3.2.1 is a massive update with lots of goodies for amateur and professional photographers alike. Highlights include support for up to 8K screen resolutions thanks to the complete rewrite of the Lighttable View and the revamped Filmstrip. Read more

Kernel: EULA, Linux 5.8 and Linux 5.9

  • A "Large Hardware Vendor" Wants A EULA Displayed For Firmware Updates On Linux

    The open-source Fwupd firmware updating utility paired with LVFS as the Linux Vendor Firmware Service has seen explosive growth for vastly improving the BIOS/firmware updating experience on Linux. Many major hardware vendors distribute their firmware updates on LVFS for consumption by Fwupd and more than 17 million firmware files have been served. Now though there is a new "large hardware vendor" willing to distribute their firmware updates this way but they want a end-user license agreement (EULA) added.  Fwupd/LVFS lead developer Richard Hughes of Red Hat noted today that "A large hardware vendor wants to join the LVFS, but only on the agreement that every user has to agree to a English-only EULA text when deploying their firmware updates. This is the first vendor that's required this condition, and breaks all kinds of automated deployment." 

  •         
  • Linux 5.8 released: Bootlin contributions

    Linux 5.8 was released recently. See our usual resources for a good coverage of the highlights of this new release: KernelNewbies page, LWN.net article on the first part of the merge window, LWN.net article on the second part of the merge window. On our side, we contributed a total of 155 commits to Linux 5.8, which makes Bootlin the 19th contributing company by number of commits according to Linux Kernel Patch Statistic. 

  • SD Times news digest: New Relic and Grafana Lab on open instrumentation, Atlassian TEAM Anywhere, and Linux 5.8 rc-1 released [Ed: No, Linux 5.8 rc-1 released ages ago]

    The Linux working group stated that 5.8 looks to be one of the project’s biggest releases of all time, including a lot of fundamental core work and cleanups, as well as filesystem work and driver updates.  Within the 5.8 merge window, about 20% of all the files in the kernel source repository have been modified.  In total, the release includes over 14k non-merge commits (over 15k counting merges), 800k new lines, and over 14 thousand files changed.

  •         
  • Linux 5.9 HID Has Improvement For Faster Probe/Boot Time

    The HID changes for Linux 5.9 aren't too many but there are a few worth mentioning for improving input device support on Linux. 

  • XFS Is Packing Many Improvements With Linux 5.9

    The XFS file-system has many improvements ready for the Linux 5.9 kernel.  The main XFS feature pull was sent in on Friday for Linux 5.9 and includes a wealth of improvements for this mature file-system...

Beaker Browser – A P2P Browser for Web Hackers.

Beaker is a free and open-source web browser built to enable users to publish websites and web apps themselves directly from the browser without having to set up a separate web server or hosting their content with a 3rd party. To quote one of the project devs, it has been built to “to give users more control over the Web”. We’ve covered several projects based on similar technology (e.g. PeerTube) but this one has a little more icing on the cake. [...] The Dat protocol is favoured over HTTP for Beaker for 5 main reasons. It can sync archives from multiple sources; the URLs remain the same even when the archives can change hosts. All updates have checksums; changes are written to an append-only version log, and any archive can be hosted on any device. Although it uses Dat by default, Beaker supports connecting to traditional servers with HTTP so you can equally visit typical websites. Read more

Beaker Browser – A P2P Browser for Web Hackers.

Beaker is a free and open-source web browser built to enable users to publish websites and web apps themselves directly from the browser without having to set up a separate web server or hosting their content with a 3rd party. To quote one of the project devs, it has been built to “to give users more control over the Web”. We’ve covered several projects based on similar technology (e.g. PeerTube) but this one has a little more icing on the cake. [...] The Dat protocol is favoured over HTTP for Beaker for 5 main reasons. It can sync archives from multiple sources; the URLs remain the same even when the archives can change hosts. All updates have checksums; changes are written to an append-only version log, and any archive can be hosted on any device. Although it uses Dat by default, Beaker supports connecting to traditional servers with HTTP so you can equally visit typical websites. Read more