[$] The things nobody wants to pay for
The free-software community has managed to build a body of software that is
worth, by most estimates, many billions of dollars; all of this code is
freely available to anybody who wants to use or modify it. It is an
unparalleled example of independent actors working cooperatively on a
common resource. Free software is certainly a success story, but all is
not perfect. One of the community's greatest strengths — convincing
companies to contribute to this common resource — is also part of one of
its biggest weaknesses.
https://lwn.net/Articles/959069/
Security updates for Thursday
Security updates have been issued by Debian (chromium, firefox-esr, php-phpseclib, phpseclib, thunderbird, and zabbix), Fedora (dotnet7.0, firefox, fonttools, and python-jinja2), Mageia (avahi and chromium-browser-stable), Oracle (java-1.8.0-openjdk, java-11-openjdk, LibRaw, openssl, and python-pillow), Red Hat (gnutls, kpatch-patch, php:8.1, and squid:4), SUSE (apache-parent, apache-sshd, bluez, cacti, cacti-spine, erlang, firefox, java-11-openjdk, opera, python-Pillow, tomcat, tomcat10, and xwayland), and Ubuntu (paramiko and puma).
https://lwn.net/Articles/959455/
Security updates for Monday
Security updates have been issued by Debian (keystone and subunit), Fedora (dotnet6.0, golang, kernel, sos, and tigervnc), Mageia (erlang), Red Hat (openssl), SUSE (bluez, python-aiohttp, and seamonkey), and Ubuntu (postfix and xorg-server).
https://lwn.net/Articles/959006/
Security updates for Friday
Security updates have been issued by Fedora (chromium, golang-github-facebook-time, podman, and xorg-x11-server-Xwayland), Oracle (.NET 6.0, java-1.8.0-openjdk, java-11-openjdk, and python3.11-cryptography), Red Hat (java-11-openjdk, python-requests, and python-urllib3), SUSE (chromium, kernel, libcryptopp, libuev, perl-Spreadsheet-ParseExcel, suse-module-tools, and xwayland), and Ubuntu (filezilla and xerces-c).
https://lwn.net/Articles/958760/
Security updates for Thursday
Security updates have been issued by CentOS (ImageMagick), Debian (chromium), Fedora (golang-x-crypto, golang-x-mod, golang-x-net, golang-x-text, gtkwave, redis, and zbar), Mageia (tinyxml), Oracle (.NET 7.0, .NET 8.0, java-1.8.0-openjdk, java-11-openjdk, python3, and sqlite), Red Hat (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-21-openjdk), SUSE (kernel, libqt5-qtbase, libssh, pam, rear23a, and rear27a), and Ubuntu (pam and zookeeper).
https://lwn.net/Articles/958676/
Wine 9.0 released
<a href="https://gitlab.winehq.org/wine/wine/-/releases/wine-9.0" rel="nofollow">Version
9.0</a> of the Wine Windows-compatibility system has been released.
"This release represents a year of development effort and over 7,000
individual changes. It contains a large number of improvements that are
listed below. The main highlights are the new WoW64 architecture and the
experimental Wayland driver."
https://lwn.net/Articles/958443/
A glitch in the merge window
On January 13, Linus Torvalds <a href="https://lwn.net/ml/linux-kernel/CAHk-=wjMWpmXtKeiN__vnNO4TcttZR-8dVvd_oBq+hjeSsWUwg@mail.gmail.com/" rel="nofollow">let
it be known</a> that he had lost power due to the bad weather in the US
Pacific Northwest. As of this writing, he has not yet resurfaced, so the
6.8 merge window has ground to a halt.
There's apparently about 100k people without power, and I doubt our
neighborhood is the priority, so I expect to be without power for
some time still. I hope I'm wrong, but a few years ago it took more
than a week to restore power due to all the downed trees. It's
hopefully nowhere near that, but..
https://lwn.net/Articles/958424/
Security updates for Tuesday
Security updates have been issued by Gentoo (KTextEditor, libspf2, libuv, and Nettle), Mageia (hplip), Oracle (container-tools:4.0, gnutls, idm:DL1, squid, squid34, and virt:ol, virt-devel:rhel), Red Hat (.NET 6.0, krb5, python3, rsync, and sqlite), SUSE (chromium, perl-Spreadsheet-ParseXLSX, postgresql, postgresql15, postgresql16, and rubygem-actionpack-5_1), and Ubuntu (binutils, libspf2, libssh2, mysql-5.7, w3m, webkit2gtk, and xerces-c).
https://lwn.net/Articles/958416/
[$] The first half of the 6.8 merge window
The 6.8 merge window has gotten off to a relatively slow start; reasons for
that include a significant scheduler performance regression that Linus
Torvalds <a href="https://lwn.net/ml/linux-kernel/CAHk-=wgWcYX2oXKtgvNN2LLDXP7kXkbo-xTfumEjmPbjSer2RQ@mail.gmail.com/" rel="nofollow">stumbled
into</a> and has spent time tracking down. Even so, 4,282 non-merge
changesets have found their way into the mainline repository for the 6.8
release as of this writing. These commits have brought a number of
significant changes and new features.
https://lwn.net/Articles/957188/
Security updates for Friday
Security updates have been issued by Debian (kernel, linux-5.10, php-phpseclib, php-phpseclib3, and phpseclib), Fedora (openssh and tinyxml), Gentoo (FreeRDP and Prometheus SNMP Exporter), Mageia (packages), Red Hat (openssl), SUSE (gstreamer-plugins-rs and python-django-grappelli), and Ubuntu (dotnet6, dotnet7, dotnet8, openssh, and xerces-c).
https://lwn.net/Articles/958124/
OpenSSH announces DSA-removal timeline
For those of you still using DSA keys with SSH: the project has announced
its plans to remove support for that algorithm around the beginning of
2025.
The only remaining use of DSA at this point should be deeply legacy
devices. As such, we no longer consider the costs of maintaining
DSA in OpenSSH to be justified. Moreover, we hope that OpenSSH's
final removal of this insecure algorithm accelerates its
deprecation in other SSH implementations and allows maintainers of
cryptography libraries to remove it too.
https://lwn.net/Articles/958048/
[$] The kernel "closure" API
The data structure known as a "closure" first found its way into the
mainline kernel with the addition of https://bcache.evilpiepirate.org/
in the 3.10 development
cycle. With the advent of https://bcachefs.org/
in
6.7, though, it acquired a second user and was moved to the kernel's
lib directory, making it available to other kernel users as well.
The documentation of closures in the source is better than that of many
things in the kernel, but there is still room for a gentler introduction.
https://lwn.net/Articles/957187/
Stable kernel 4.14.336
The https://lwn.net/Articles/957350/
stable kernel update has been
released with a small handful of fixes; this is the end of the line for the
4.14 stable series:
This is the LAST 4.14.y kernel to be released. It is now
officially end-of-life. Do NOT use this kernel version anymore,
please move to a newer one, as shown on the kernel.org releases
page.
All users of the 4.14 kernel series must upgrade. But then, move
to a newer release. If you are stuck at this version due to a
vendor requiring it, go get support from that vendor for this
obsolete kernel tree, as that is what you are paying them for :)
https://lwn.net/Articles/957351/
[$] LWN's guide to 2024
The calendar has flipped over into 2024 — another year has begun. Here at
LWN, we do not have a better idea of what this year will bring than anybody
else does, but that doesn't keep us from going out on a shaky limb and
making predictions anyway. Here, for the curious, are a few things that we
think may be in store for 2024.
https://lwn.net/Articles/954544/
Security updates for Tuesday
Security updates have been issued by Red Hat (firefox and thunderbird), SUSE (gstreamer-plugins-bad, libssh2_org, and webkit2gtk3), and Ubuntu (firefox and thunderbird).
https://lwn.net/Articles/956568/
[$] The trouble with MAX_ORDER
One might not think that much could be said about a simple macro defining a
constant integer value. But the kernel is special, it seems. A change to
the definition of MAX_ORDER has had a number of follow-on effects,
and the task of cleaning up after this change is not done yet. So perhaps
a look at MAX_ORDER is in order.
https://lwn.net/Articles/956321/
Scribus 1.6.0 released
Version 1.6.0 of the <a href="https://www.scribus.net/" rel="nofollow">Scribus
desktop-publishing application</a> has been https://www.scribus.net/scribus-1-6-0-released/
. The
list of new features is rather long and includes a user interface overhaul,
improvements for HiDPI screens, new scripting commands, lots of
typographical improvements and features, a new picture browser for
graphical asset management, support for more gradient types, and much more.
Scribus 1.6.0 is the long awaited release in the next stable series,
replacing 1.4.8 and development versions in the 1.5.x series. This version
has been in development for some years and contains thousands of
enhancements and fixes across all areas of the program. It has more
features, is faster, and is more stable.
https://lwn.net/Articles/956522/
Julia 1.10 released
The https://julialang.org/
. It is mainly a performance release, with only two new language features mentioned in the release notes: "JuliaSyntax.jl is now used as the default parser, providing better diagnostics and faster parsing." and the addition of two Unicode symbols for use as binary operators: "⥺ (U+297A, \leftarrowsubset) and ⥷ (U+2977, \leftarrowless)". Package-loading time has been improved further and the mark phase of garbage collection has been parallelized, among other improvements.
https://lwn.net/Articles/956456/
Gnuplot 6.0 released
Version 6.0 of the Gnuplot plotting system
has been released.
Gnuplot has been supported and under active development since 1986.
This is the first new major version of gnuplot since the release of
version 5 in January 2015. It introduces extensions to the gnuplot
command language, an expanded collection of special and
complex-valued functions, additional 2D and 3D plotting styles, and
support for new output protocols.
See <a href="https://gnuplot.sourceforge.net/ReleaseNotes_6_0_0.html" rel="nofollow">the
release notes</a> for details.
https://lwn.net/Articles/956454/
Security updates for Thursday
Security updates have been issued by Debian (haproxy, libssh, and nodejs), Fedora (filezilla and minizip-ng), Gentoo (Git, libssh, and OpenSSH), and SUSE (gstreamer, postfix, webkit2gtk3, and zabbix).
https://lwn.net/Articles/956257/
Ruby 3.3.0 Released
As is the tradition for the https://www.ruby-lang.org/en/
(Yet another Ruby JIT) just-in-time compiler. Ruby 3.3 adds a new Ruby-based JIT, RJIT, that targets x86_64, which is available for experimental purposes. There are lots of other improvements and new features described in the announcement.
https://lwn.net/Articles/956115/
Kernel prepatch 6.7-rc7
The https://lwn.net/Articles/956091/
kernel prepatch is out for
testing.
Anyway, rc7 itself looks fairly normal. It's actually a bit bigger
than rc6 was, but not hugely so, and nothing in here looks at all
strange. Please do give it a whirl if you have the time and the
energy, but let's face it, I expect things to be very quiet and
this to be one of those "nothing happens" weeks. Because even if
you aren't celebrating this time of year, you might take advantage
of the peace and quiet.
https://lwn.net/Articles/956092/
Stable kernel 5.15.145
The https://lwn.net/Articles/956081/
stable kernel has been
released. It consists mostly of fixes to the ksmbd subsystem, which has
been marked as broken due to (until now) a lack of support for the 5.15.x
kernels.
https://lwn.net/Articles/956082/
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr), Fedora (kernel), Mageia (bluez), Oracle (fence-agents, gstreamer1-plugins-bad-free, opensc, openssl, postgresql:10, and postgresql:12), Red Hat (postgresql:15 and tigervnc), Slackware (proftpd), and SUSE (docker, rootlesskit, firefox, go1.20-openssl, go1.21-openssl, gstreamer-plugins-bad, libreoffice, libssh2_org, poppler, putty, rabbitmq-server, wireshark, xen, xorg-x11-server, and xwayland).
https://lwn.net/Articles/955914/
LSFMM+BPF 2024 call for proposals
The 2024 Linux Storage, Filesystem, Memory-Management, and BPF Summit will
be held May 13 to 15 in Salt Lake City, Utah, USA. The <a href="https://lwn.net/ml/linux-mm/4343d07b-b1b2-d43b-c201-a48e89145e5c@iogearbox.net/" rel="nofollow">call
for proposals</a> has already gone out, with a deadline of March 1.
"LSF/MM/BPF is an invitation-only technical workshop to map out
improvements to the Linux storage, filesystem, BPF, and memory management
subsystems that will make their way into the mainline kernel within the
coming years."
https://lwn.net/Articles/955827/
Firefox 121.0 released
<a href="https://www.mozilla.org/en-US/firefox/121.0/releasenotes/" rel="nofollow">Version
121.0</a> of the Firefox browser is out. Along with the usual pile of
security fixes, this release add the ability to force links to be rendered
with underlines and use of Wayland by default if it is available: "This
brings support for touchpad & touchscreen gestures, swipe-to-nav,
per-monitor DPI settings, better graphics performance, and more."
https://lwn.net/Articles/955679/
Security updates for Tuesday
Security updates have been issued by Debian (webkit2gtk), Fedora (rdiff-backup and xorg-x11-server-Xwayland), Mageia (cjose and ghostscript), Oracle (avahi), Red Hat (postgresql:10), and SUSE (avahi, freerdp, libsass, and ncurses).
https://lwn.net/Articles/955678/
[$] Ext4 data corruption hits the stable kernels
The kernel's stable-update process is intended to produce kernels that are,
well, stable; when that promise is lived up to, users can update to newer
stable updates without fear. By any account, a bug that corrupts data on
ext4 filesystems constitutes a failure to hold to that promise. As is so
often the case, this problem is the result of a chain of failures in a
system that works well most of the time.
https://lwn.net/Articles/954770/
Kernel prepatch 6.7-rc5
The https://lwn.net/Articles/954468/
kernel prepatch is out for
testing.
Nothing looks particularly scary, which is good, because if it had
been, I wouldn't have had the capacity to deal with it last week.
Let's hope it stays that way even as I am getting better. Because the
holidays are almost upon us, and I'm woefully underprepared.
https://lwn.net/Articles/954469/
GDB 14.1 released
Version 14.1 of the GDB debugger is out. Changes include initial support
for the <a href="https://microsoft.github.io/debug-adapter-protocol//" rel="nofollow">debugger
adapter protocol</a>, NO_COLOR support, the ability to work with
integer types larger than 64 bits, a number of enhancements to the
Python API, and more.
https://lwn.net/Articles/953732/
Bueso: LPC 2023: CXL Microconference
Davidlohr Bueso has posted <a href="https://blog.stgolabs.net/2023/12/lpc-2023-cxl-microconference.html" rel="nofollow">a
summary of the CXL microconference</a> at the recently concluded Linux
Plumbers Conference. "The goals for the track were to openly discuss
current on-going development efforts around the core driver, as well as
experimental memory management topics which lead to accommodating kernel
infrastructure for new technology and use cases."
https://lwn.net/Articles/953706/
Security updates for Monday
Security updates have been issued by Debian (amanda, ncurses, nghttp2, opendkim, rabbitmq-server, and roundcube), Fedora (golang-github-openprinting-ipp-usb, kernel, kernel-headers, kernel-tools, and samba), Mageia (audiofile, galera, libvpx, and virtualbox), Oracle (kernel and postgresql:13), SUSE (openssl-3, optipng, and python-Pillow), and Ubuntu (firefox).
https://lwn.net/Articles/953702/
[$] Reducing kernel-maintainer burnout
Overstressed maintainers are a constant topic of conversation throughout
the open-source community. Kernel maintainers have been complaining more
loudly than usual recently about overwork and stress. The problems that
maintainers are facing are clear; what to do about them is rather less so.
A session at the 2023 Maintainers Summit took up the topic yet again with
the hope of finding some solutions; there may be answers, perhaps even
within the kernel community, but a general solution still seems distant.
https://lwn.net/Articles/952034/
Happy Thanksgiving
November 23 is the US Thanksgiving holiday; as is our tradition, we will
not be publishing an LWN Weekly Edition this week as we will be far too
busy eating. We wish a good holiday to all of our readers (whether they
celebrate it or not); the weekly edition will return on November 30.
https://lwn.net/Articles/952354/
[$] Committing to Rust for kernel code
Rust has been a prominent topic at the Kernel Maintainers Summit for the
last couple of years, and the 2023 meeting continued that tradition. As
Rust-for-Linux developer Miguel Ojeda noted at the beginning of the session
dedicated to the topic, the level of interest in using Rust for kernel
development has increased significantly over the last year. But Rust was
explicitly added to Linux as an experiment; is the kernel community now
ready to say that the experiment has succeeded?
https://lwn.net/Articles/952029/
Kernel prepatch 6.7-rc2
The https://lwn.net/Articles/951906/
is out for
testing. "The most noticeable thing is probably the turbostat tool
update, which actually came in during the merge window, but was delayed by
just waiting for getting the pull request properly signed."
https://lwn.net/Articles/951907/
[$] Preventing atomic-context violations in Rust code with klint
One of the core constraints when programming in the kernel is the need to
avoid sleeping when running in atomic context. For the most part, the
responsibility for adherence to this rule is placed on the developer's
shoulders; Rust developers, though, want the compiler to ensure that code
is safe whenever possible. At the <a href="https://lpc.events/" rel="nofollow">2023 Linux
Plumbers Conference</a>, Gary Guo presented (via a remote link) the klint
tool, which can find
and flag many atomic-context violations before they turn into
user-affecting bugs.
https://lwn.net/Articles/951550/
Security updates for Friday
Security updates have been issued by Debian (webkit2gtk), Fedora (microcode_ctl, pack, and tigervnc), Slackware (gimp), SUSE (frr, gcc13, go1.20, go1.20-openssl, go1.21, go1.21-openssl, libnbd, libxml2, python-Pillow, python-urllib3, and xen), and Ubuntu (intel-microcode and openvpn).
https://lwn.net/Articles/951801/
[$] The real realtime preemption end game
The addition of realtime support to Linux is a long story; it first
https://lwn.net/Articles/106010/
in 2004. For much of that
time, it has seemed like only a little more work was needed to get across
the finish line; thus we ran headlines like <a href="https://lwn.net/Articles/345076/" rel="nofollow">the
realtime preemption endgame</a> — in 2009. At the https://lpc.events/
, Thomas
Gleixner informed the group that, now, the end truly is near. There is
really only one big problem left to be solved before all of that work can
land in the mainline.
https://lwn.net/Articles/951337/
Security updates for Thursday
Security updates have been issued by Debian (chromium and openvpn), Oracle (kernel, microcode_ctl, plexus-archiver, and python), Red Hat (.NET 6.0, dotnet6.0, dotnet7.0, dotnet8.0, kernel, linux-firmware, and open-vm-tools), SUSE (apache2, chromium, jhead, postgresql12, postgresql13, and qemu), and Ubuntu (dotnet6, dotnet7, dotnet8, frr, python-pip, quagga, and tidy-html5).
https://lwn.net/Articles/951681/
A GNU COBOL status update
For the COBOL users out there, James K. Lowden has <a href="https://lwn.net/ml/gcc/20231113163647.ddbda1708295a0a5e41f9875@schemamania.org/" rel="nofollow">posted
an update</a> on the current status of the GNU COBOL compiler.
When in November we turn back our clocks, then naturally do
programmers' thoughts turn to Cobol, its promise, and future.
At last post, nine months ago, we were working our way through the
NIST CCVS/85 test suite. I am pleased to report that process is
complete. As far as NIST is concerned, gcobol is a Cobol compiler.
https://lwn.net/Articles/951498/
Security updates for Tuesday
Security updates have been issued by Debian (postgresql-11, postgresql-13, and postgresql-15), Fedora (chromium, optipng, and radare2), Scientific Linux (plexus-archiver and python), Slackware (tigervnc), SUSE (apache2, containerized-data-importer, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, postgresql, postgresql15, postgresql16, postgresql12, postgresql13, python-Django1, squashfs, and xterm), and Ubuntu (firefox and memcached).
https://lwn.net/Articles/951311/
[$] The rest of the 6.7 merge window
By the time that the 6.7 merge window closed on November 12, 15,418
non-merge changesets had been pulled into the mainline kernel. That makes
this one of the busiest merge windows ever; if one discounts the lengthy
bcachefs development history (some 2,800 commits), though, then the patch
volume is roughly in line with other recent kernels. Over 5,000 of those
commits were merged after <a href="https://lwn.net/Articles/949294/" rel="nofollow">our first-half
merge-window summary</a> was written.
https://lwn.net/Articles/949957/
Security updates for Monday
Security updates have been issued by Debian (audiofile and ffmpeg), Fedora (keylime, python-pillow, and tigervnc), Mageia (quictls and vorbis-tools), Oracle (grub2), Red Hat (galera, mariadb, plexus-archiver, python, squid, and squid34), and SUSE (clamav, kernel, mupdf, postgresql14, tomcat, tor, and vlc).
https://lwn.net/Articles/951237/
Security updates for Friday
Security updates have been issued by Fedora (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), Mageia (squid and vim), Oracle (dnsmasq, python3, squid, squid:4, and xorg-x11-server), Red Hat (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), Scientific Linux (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), SUSE (go1.21), and Ubuntu (linux-gke and linux-iot).
https://lwn.net/Articles/951066/
The end of the Red Hat security-announcements list
Red Hat has https://listman.redhat.com/archives/rhsa-announce/2023-October/012854.html
that its longstanding "rhsa-announce" mailing list will be shut down on
October 10. That is the list that receives security advisories for
Red Hat Enterprise Linux and a whole slew of related products. Anybody who
was counting on that list for Red Hat security advisories will need to find
an alternative; a few options are listed in the announcement.
https://lwn.net/Articles/946851/
Security updates for Friday
Security updates have been issued by Debian (grub2, libvpx, libx11, libxpm, and qemu), Fedora (firefox, matrix-synapse, tacacs, thunderbird, and xrdp), Oracle (glibc), Red Hat (bind, bind9.16, firefox, frr, ghostscript, glibc, ImageMagick, libeconf, python3.11, python3.9, and thunderbird), Scientific Linux (ImageMagick), SUSE (kernel, libX11, and tomcat), and Ubuntu (linux-hwe-5.15, linux-oracle-5.15).
https://lwn.net/Articles/946848/
Ferrocene released as open source
Ferrous Systems has https://ferrous-systems.com/blog/ferrocene-open-source/
that its Ferrocene Rust compiler will be released under the Apache-2.0 and
MIT licenses.
Ferrocene is the main Rust compiler - rustc - but quality managed
and qualified for use in automotive and industrial environments
(currently by ISO 26262 and IEC 61508) by Ferrous Systems. It
operates as a downstream to the Rust project, further increasing
its testing and quality on specific platforms.
The license is free, but this is not being run as an open-source project;
specifically, contributions from the "general public" are not accepted.
https://lwn.net/Articles/946732/
[$] GCC features to help harden the kernel
Hardening the Linux kernel is an endless task, with work required on
multiple fronts. Sometimes, that work is not done in the kernel itself;
other tools, including compilers, can have a significant role to play.
At the <a href="https://gcc.gnu.org/wiki/cauldron2023" rel="nofollow">2023 GNU Tools
Cauldron</a>, Qing Zhao covered some of the work that has been done in the
GCC compiler to help with the hardening of the kernel — along with work
that still needs to be done.
https://lwn.net/Articles/946041/
[$] Linux ecosystem contributions from SteamOS
The https://store.steampowered.com/steamos
Linux
distribution is focused on gaming, naturally, but the effort to build it
has resulted
in contributions to multiple areas in the Linux ecosystem. Alberto Garcia
has been working on SteamOS and came to Bilbao, Spain to describe some of those
contributions at Open Source Summit Europe 2023. There are some obvious
areas where a gaming-focused OS might contribute upstream, such as
graphics, but the talk showed contributions in several other areas as well.
https://lwn.net/Articles/946188/
Security updates for Tuesday
Security updates have been issued by Debian (exim4), Fedora (firecracker, rust-aes-gcm, rust-axum, rust-tokio-tungstenite, rust-tungstenite, and rust-warp), Gentoo (nvidia-drivers), Mageia (chromium-browser-stable, glibc, and libwebp), Red Hat (kernel), SUSE (ghostscript and python3), and Ubuntu (firefox, libtommath, libvpx, and thunderbird).
https://lwn.net/Articles/946313/
Notes from the Git Contributor's Summit
For those who are curious about the recently concluded Git Contributor's
Summit, Taylor Blau has posted https://lwn.net/ml/git/ZRregi3JJXFs4Msb@nand.local/
from the event. Topics include next-generation backends, libification,
backward compatibility, project management, and more.
https://lwn.net/Articles/946208/
Kernel prepatch 6.6-rc4
Linus has released https://lwn.net/Articles/946092/
for testing.
"There's nothing particularly odd in here, if you don't count a week of
no networking pull as being odd. That does result in rc4 being fairly
small, but I suspect we'll just see a bigger rc5 to compensate."
https://lwn.net/Articles/946093/
[$] Impressions from the GNU Project's 40th anniversary celebration
On September 27, 1983, Richard Stallman <a href="https://www.gnu.org/gnu/initial-announcement.en.html" rel="nofollow">announced the
founding of the GNU project</a>. His goal, which seemed wildly optimistic
and unattainable at the time, was to write a complete Unix-like operating
system from the beginning
and make it freely available. Exactly 40 years later, the GNU project
celebrated with https://www.gnu.org/gnu40
in
Switzerland. Your editor had the good fortune to be able to attend.
https://lwn.net/Articles/945912/
Security updates for Friday
Security updates have been issued by Debian (firefox-esr, jetty9, and vim), Gentoo (Fish, GMP, libarchive, libsndfile, Pacemaker, and sudo), Oracle (nodejs:16 and nodejs:18), Red Hat (virt:av and virt-devel:av), Slackware (mozilla), SUSE (chromium, firefox, Golang Prometheus, iperf, libqb, and xen), and Ubuntu (linux-raspi).
https://lwn.net/Articles/945965/
[$] Security policies for GNU toolchain projects
While the CVE process was created in response to real problems, it's https://lwn.net/Articles/944209/
that CVE numbers are
creating problems of their own. At the https://gcc.gnu.org/wiki/cauldron2023
,
Siddhesh Poyarekar expressed the frustration that toolchain developers have
felt as the result of arguing with security researchers about CVE-number
assignments. In response, the GNU toolchain community is trying to better
characterize what is — and is not — considered to be a security-relevant
bug in its software.
https://lwn.net/Articles/945536/
[$] Moving the kernel to large block sizes
Using larger block sizes in the kernel for I/O is a recurring topic in
storage and
block-layer circles. The topic came up in https://lwn.net/Articles/933437/
at the Linux Storage, Filesystem, Memory-Management and BPF Summit (LSFMM)
back in
May. One of the participants in those discussions, Hannes Reinecke, gave
a talk at Open Source Summit Europe 2023 with an overview of the reasons
behind using larger blocks for I/O, the current status of that work, and
where it all might lead from here.
https://lwn.net/Articles/945646/
[$] AI from a legal perspective
The AI boom is clearly upon us, but there are still plenty of questions
swirling around this technology. Some of those questions are legal ones
and there have been lawsuits filed to try to get clarification—and perhaps
monetary damages. Van Lindberg is a lawyer who is well-known in the
open-source world; he came to <a href="https://events.linuxfoundation.org/open-source-summit-europe/" rel="nofollow">Open
Source Summit Europe</a> 2023 in Bilbao, Spain to try to put the current
work in AI into its legal context.
https://lwn.net/Articles/945504/
Firefox 118.0 released
<a href="https://www.mozilla.org/en-US/firefox/118.0/releasenotes/" rel="nofollow">Version
118.0</a> of the Firefox browser has been released. Changes include
improved fingerprinting prevention and automated translation: "Automated
translation of web content is now available to Firefox users! Unlike
cloud-based alternatives, translation is done locally in Firefox, so that
the text being translated does not leave your machine."
https://lwn.net/Articles/945608/
Security updates for Tuesday
Security updates have been issued by Debian (exempi, glib2.0, lldpd, and netatalk), Fedora (curl, libppd, and linux-firmware), Oracle (kernel), and SUSE (Cadence, frr, modsecurity, python-CairoSVG, python-GitPython, and tcpreplay).
https://lwn.net/Articles/945559/
LibrePCB 1.0.0 Released
The https://librepcb.org/blog/2023-09-24_release_1.0.0/
"free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards".
As noted in a https://librepcb.org/blog/2023-05-15_roadmap_1.0/
, a grant has helped spur development of the tool.
The focus for the release has been in adding features that were needed so that "there should be no show stopper anymore which prevents you from using LibrePCB for more complex PCB [printed circuit board] designs".
New features include a 3D viewer and export format for working with designs in a mechanical computer aided design (CAD) tool, support for manufacturer part number (MFN) management, and lots of board editor features such as
thermal relief pads in planes, blind & buried vias,
keepout zones, and more. [Thanks to Alphonse Ogulla.]
https://lwn.net/Articles/945519/
[$] The European Cyber Resilience Act
The security of digital products has become a topic of regulation
in recent years. Currently, the European Union is moving forward
with another new law, which, if it comes into effect in a form
close to the current draft, will affect software developers worldwide.
This new proposal, called the "Cyber
Resilience Act" (CRA), brings mandatory security requirements on all
digital products, both software
and hardware, that are available in Europe. While it aims at a worthy goal, the
proposal is causing a stir among open-source communities.
https://lwn.net/Articles/944300/
The Debian Project mourns the loss of Abraham Raji
The Debian project is https://www.debian.org/News/2023/20230914
, who was killed in an accident on September 13.
Abraham was a popular and respected Debian Developer as well a prominent free software champion in his home state of Kerala, India. He was a talented graphic designer and led design and branding work for DebConf23 and several other local events in recent years. Abraham gave his time selflessly when mentoring new contributors to the Debian project, and he was instrumental in creating and maintaining the Debian India website.
The Debian Project honors his good work and strong dedication to Debian and Free Software. Abraham’s contributions will not be forgotten, and the high standards of his work will continue to serve as an inspiration to others.
https://lwn.net/Articles/944596/
[$] Shrinking shrinker locking overhead
Much of the kernel's performance is dependent on caching — keeping useful
information around for future use to avoid the cost of looking it up again.
The kernel aggressively caches pages of file data, directory entries,
inodes, slab objects, and much more. Without active measures, though,
caches will tend to grow without bounds, leading to memory exhaustion. The
kernel's "shrinker" mechanism exists to be that active measure, but
shrinkers have some performance difficulties of their own. <a href="https://lwn.net/ml/linux-mm/20230911094444.68966-1-zhengqi.arch@bytedance.com/" rel="nofollow">This
patch series</a> from Qi Zheng seeks to address one of the worst of those
by removing some locking overhead.
https://lwn.net/Articles/944199/
[$] Why glibc's fstat() is slow
The https://man7.org/linux/man-pages/man2/stat.2.html
system call retrieves some of the metadata — owner, size, protections,
timestamps, and so on — associated with an open file descriptor. One might
not think of it as a performance-critical system call, but there are
workloads that make a lot of fstat() calls; it is not something
that should be slowed unnecessarily. As it turns out, though, the GNU C
Library (glibc) has been doing exactly that, but a fix is in the works.
https://lwn.net/Articles/944214/
Oddbean new post about login | logout
Notes by LWN.net (RSS Feed) | export