GNOME 47 released
https://release.gnome.org/47/
of the GNOME desktop
has been released. Changes include configurable accent colors, better
small-screen support, some performance improvements, new file open and save
dialogs, and more.
https://lwn.net/Articles/990788/
Three stable kernel updates for Wednesday
The https://lwn.net/Articles/990768/
stable kernel updates have all
been released. As usual, they contain important fixes throughout the
tree. Users of those kernels should upgrade.
https://lwn.net/Articles/990766/
[$] Kernel developers at Cauldron
A Linux system is made up of a large number of interdependent components,
all of which must support each other well. It can thus be surprising that,
it seems, the developers working on those components do not often speak
with each other. In the hope of improving that situation, efforts have
been made in recent years to attract toolchain developers to the
kernel-heavy Linux Plumbers Conference. This year, though, the opposite
happened as well: the <a href="https://gcc.gnu.org/wiki/cauldron2024" rel="nofollow">2024
GNU Tools Cauldron</a> hosted a discussion where kernel developers were
invited to discuss their needs.
https://lwn.net/Articles/990379/
Security updates for Wednesday
Security updates have been issued by AlmaLinux (pcs), Debian (expat, galera-4, libreoffice, mariadb-10.5, and php-twig), Fedora (chromium), Red Hat (ghostscript and git), SUSE (gstreamer-plugins-bad, gstreamer-plugins-bad, libvpl, python-dnspython, python3, and python36), and Ubuntu (expat, frr, libxmltok, linux-xilinx-zynqmp, openssl, and quagga).
https://lwn.net/Articles/990731/
[$] A discussion of Rust safety documentation
<a href="https://kangrejos.com/" rel="nofollow">
Kangrejos 2024</a> started off with a talk from Benno Lossin about his
https://lwn.net/Articles/982868/
to establish a standard for safety documentation in Rust kernel code. Lossin
began his talk by giving a brief review of what safety documentation is, and
why it's needed, before moving on to the current status of his work. Safety
documentation is easier to read and write when there's a shared vocabulary for
discussing common requirements; Lossin wants to establish that shared vocabulary
for Rust code in the Linux kernel.
https://lwn.net/Articles/990273/
Security proof for Linux's random number generator
Four researchers have https://eprint.iacr.org/2024/1421.pdf
a formal proof that Linux's new deterministic random bit generator (DRBG) is secure in a particular sense — specifically, that the number of queries that would need to be made to it to uncover its internal state depends on the quality of the entropy it can collect from different sources. As long as it can gather enough entropy, it produces secure random numbers.
Since the significant structural changes in Linux 4 and Linux 5.17, there has
been no research on the provable security of Linux-DRBG. For the first time (to
the best of our knowledge), we formally model the Linux-DRBG in Linux 6.4.8
and prove its security in the seedless robustness model
Thanks to Jason Donenfeld for bringing the paper to our attention.
https://lwn.net/Articles/990596/
[$] An update on BPF generation from GCC
The generation of binary code for the kernel's BPF virtual machine has been
limited to the Clang compiler since the beginning; even developers who
use GCC to build kernels must use Clang to compile to BPF. Work has
been underway for some years on adding a BPF backend to GCC as well; the
developers involved ran a session at the https://gcc.gnu.org/wiki/cauldron2024
to
provide an update on that project. It would seem that the BPF backend is
close to being ready for production use.
https://lwn.net/Articles/990343/
Security updates for Tuesday
Security updates have been issued by Debian (php-twig and pymongo), Fedora (linux-firmware, microcode_ctl, and python3.13), Mageia (clamav, microcode, postgresql13 and postgresql15, python3-webob, suricata, tcpreplay, tgt, and wireshark), Oracle (httpd, kernel, and linux-kernel), Red Hat (firefox, kernel, kernel-rt, pcs, and thunderbird), SUSE (389-ds, chromium, golang-github-prometheus-prometheus, htmldoc, kernel, SUSE Manager Client Tools, and wireshark), and Ubuntu (clamav, curl, dcmtk, dovecot, nginx, openssh, and python3.10, python3.12, python3.8).
https://lwn.net/Articles/990588/
[$] Fedora evicts WolfSSL
The <a href="https://docs.fedoraproject.org/en-US/fesco/" rel="nofollow">Fedora
Engineering Steering Committee</a> (FESCo) has voted to
immediately remove the https://www.wolfssl.com
package from all of Fedora's
repositories due to its maintainer failing to gain approval to package
a new cryptography library for Fedora. Its brief travels through
Fedora's package system highlights gaps in documentation, as well as
in the package‑review process. The good news is that this may stir
Fedora to improve its documentation and revive a formal security
team.
https://lwn.net/Articles/989687/
Valkey 8.0.0 released
https://valkey.io/blog/valkey-8-ga/
of
the https://valkey.io
open-source in-memory data
store is now available. This is the first major release of Valkey
since the project https://lwn.net/Articles/966631/
in March of this year:
While this is a major version, Valkey takes command set compatibility
seriously: Valkey 8.0.0 makes no backwards incompatible changes to the
existing command syntax or their responses. Your existing tools and
custom software will be able to immediately take advantage of Valkey
8.0.0. Since Valkey 8.0.0 does make some small changes to previously
undefined behaviors, it's wise to <a href="https://github.com/valkey-io/valkey/blob/8.0.0/00-RELEASENOTES" rel="nofollow">read
the release notes</a>. Additionally, because this version makes changes in how the
software uses threading, you may want to re-evaluate your cluster's
infrastructure to achieve the highest performance.
https://lwn.net/Articles/990490/
GNOME Foundation opens search for new Executive Director
The https://foundation.gnome.org
that it is looking for a new Executive Director following the https://lwn.net/Articles/981850/
of Holly Million
in July:
As the cornerstone of our leadership team, the Executive Director will
play a critical role in shaping the strategic direction of the
Foundation, working closely with staff, community members, and
partners to expand our reach and impact. The ideal candidate will have
professional experience working with nonprofits, a strong passion for
open-source software, a deep commitment to our community values, and
the vision to drive the next phase of GNOME's growth and development.
The window of opportunity for the job is closing quickly,
applications are due by September 20.
https://lwn.net/Articles/990270/
Sovereign Tech Fund (STF) to invest in Samba improvements
Germany's <a href="https://www.sovereigntechfund.de/" rel="nofollow">Sovereign
Tech Fund</a> (STF) has agreed to https://www.sovereigntechfund.de/tech/samba
to improve the security, stability, and functionality of https://www.samba.org/
. The investment will take
place over three years and will be managed by https://samba.plus/about-sernet
, a company that
employs several Samba core developers and offers support for
Samba. According to its https://samba.plus/blog/detail/sernet-secures-funding-for-samba-project-from-sovereign-tech-fund
,
work has already begun and is expected to complete in 2026:
The project's focus is on areas like transparent failover, SMB3 UNIX
extensions, and modern security protocols such as SMB over QUIC. These
improvements are designed to ensure that Samba remains a robust and
secure solution for organizations that rely on a sovereign IT
infrastructure that is as independent as possible of proprietary
software regimes, but including optimal interoperability.
https://lwn.net/Articles/990264/
Security updates for Wednesday
Security updates have been issued by AlmaLinux (389-ds:1.4, dovecot, emacs, and glib2), Fedora (bluez, iwd, libell, linux-firmware, seamonkey, vim, and wireshark), Mageia (apr, libtiff, Nginx, openssl, orc, unbound, webmin, and zziplib), Red Hat (389-ds:1.4), and SUSE (containerd, curl, go1.22, go1.23, gstreamer-plugins-bad, kernel, ntpd-rs, python-Django, and python311).
https://lwn.net/Articles/989772/
[$] The trouble with iowait
CPU scheduling is a challenging job; since it inherently requires making
guesses about what the demands on the system will be in the future, it
remains reliant on heuristics, despite ongoing efforts to remove them.
Some of those heuristics take special note of tasks that are (or appear to
be) waiting for fast I/O operations. There is some unhappiness, though,
with how this factor is used, leading to a couple of patches taking rather
different approaches to improve the situation.
https://lwn.net/Articles/989272/
Radicle 1.0 released
https://radicle.xyz/2024/09/10/radicle-1.0.html
of the Radicle development platform has been released.
Radicle 1.0 represents the culmination of years of experimentation
and hard work from our team and community, where we set out to
ensure that free and open source software ecosystems can flourish
without having to rely on the whims of Big Tech. We designed
Radicle with a first-principles approach, as a natural extension to
Git, expanding it to work in a collaborative, local-first,
peer-to-peer setting.
LWN https://lwn.net/Articles/966869/
in March.
https://lwn.net/Articles/989605/
Security updates for Tuesday
Security updates have been issued by Debian (cacti), Fedora (aardvark-dns, expat, and firefox), Mageia (ffmpeg, ntfs-3g, and vim), Oracle (emacs, glib2, java-11-openjdk, and qt5-qtbase), Red Hat (emacs, python-setuptools, python3.11, python3.11-setuptools, python3.12-setuptools, python3.9, and python39:3.9), Slackware (netatalk), SUSE (buildah, expat, java-1_8_0-ibm, kanidm, kernel, and postgresql16), and Ubuntu (netty, php7.0, php7.2, tiff, and webkit2gtk).
https://lwn.net/Articles/989602/
[$] Attracting and retaining Debian contributors
Many projects struggle with attracting and retaining contributors; Debian
is no different in that regard. At https://debconf24.debconf.org/
, Carlos Henrique Lima
Melara and Lucas Kanashiro gave a presentation about efforts that the
Brazilian Debian community has made to increase participation. Their ideas
and the lessons
learned can be applied more widely, both for other Debian communities and
for other projects.
https://lwn.net/Articles/987548/
Adams: Linux's bedtime routine
Jacob Adams <a href="https://tookmund.com/2024/09/hibernation-preparation" rel="nofollow">wanders into
the kernel's hibernation code</a>:
How does Linux move from an awake machine to a hibernating one? How
does it then manage to restore all state? These questions led me to
read way too much C in trying to figure out how this particular
hardware/software boundary is navigated.
https://lwn.net/Articles/989489/
Security updates for Monday
Security updates have been issued by Debian (amanda, aom, bluez, python-jwcrypto, and thunderbird), Fedora (chromium, firefox, and thunderbird), Red Hat (bubblewrap and flatpak, containernetworking-plugins, flatpak, and runc), Slackware (python3), SUSE (apache2, bubblewrap and flatpak, postgresql16, and wireshark), and Ubuntu (thunderbird).
https://lwn.net/Articles/989488/
Kernel prepatch 6.11-rc7
Linus has released https://lwn.net/Articles/989425/
for testing.
And I wish I could say that things have calmed down, but I can't
really say that. In fact, rc7 is slightly bigger than both rc6 and
rc5 were, both in number of commits, and in actual diff
size. That's not really how it should work out.
That said, there's nothing *scary* in here.
He is apparently "still waffling" about whether to release 6.11 next
weekend, which would cause the 6.12 merge window to land on top of the
Maintainers Summit, Linux Plumbers Conference, and Open Source Summit.
https://lwn.net/Articles/989426/
[$] Testing AI-enhanced reviews for Linux patches
Code review is in high demand, and short supply, for most open-source projects.
Reviewer time is precious, so any tool that can lighten the load is worth exploring.
That is why Jesse Brandeburg and Kamel Ayari decided to test whether
tools like ChatGPT could review patches to provide quick feedback to
contributors about common problems. In <a href="https://netdevconf.info/0x18/sessions/talk/ai-enhanced-reviews-for-linux-networking.html" rel="nofollow">a
talk</a> at the <a href="https://netdevconf.info/0x18/" rel="nofollow">Netdev
0x18</a> conference this July, Brandeburg provided an overview of an
experiment using machine learning to review emails containing patches
sent to the https://www.kernel.org/doc/html/v5.6/networking/netdev-FAQ.html
mailing list. Large-language models (LLMs) will not be replacing human reviewers anytime
soon, but they may be a useful addition to help humans focus on deeper
reviews instead of simple rule violations.
https://lwn.net/Articles/987319/
Man pages maintenance suspended
Alejandro Colomar, who has been maintaining the Linux man pages for the
last four years, has https://lwn.net/ml/all/4d7tq6a7febsoru3wjium4ekttuw2ouocv6jstdkthnacmzr6x@f2zfbe5hs7h5
that he will have to stop that work.
I've been doing it in my free time, and no company has sponsored
that work at all. At the moment, I cannot sustain this work
economically any more, and will temporarily and indefinitely stop
working on this project. If any company has interests in the
future of the project, I'd welcome an offer to sponsor my work
here; if so, please let me know.
https://lwn.net/Articles/989215/
The realtime preemption end game — for real this time
Work on realtime preemption for the Linux kernel https://lwn.net/Articles/106010/
almost exactly 20 years ago
(though it had its roots in earlier work, of course). It is fair to say
that finishing that job has taken a bit longer than anybody involved would
have expected. Now, though, Sebastian Andrzej Siewior has <a href="https://lwn.net/ml/all/20240906111841.562402-1-bigeasy@linutronix.de" rel="nofollow">posted a brief
patch series</a> making it possible to enable realtime preemption in the
mainline kernel on three architectures.
With the printk bits merged, PREEMPT_RT could be enabled on X86,
ARM64 and Risc-V. These three architectures merged required changes
over the years leaving me in a position where I have no essential
changes in the queue that would affect them.
Congratulations are due to the many developers who have worked on this
project for the last two decades.
https://lwn.net/Articles/989212/
[$] Application monitoring with OpenSnitch
https://github.com/evilsocket/opensnitch
is an
"interactive application firewall". Like other firewalls, it uses a
series of rules to decide what network traffic should be permitted. Unlike
many other firewalls, though, OpenSnitch does not ask the user to create a list of rules
ahead of time. Instead, the list of rules can be built up
incrementally as applications make connections — and the user can peruse both
the rules that have built up over time, and statistics on the connections that
have been attempted.
https://lwn.net/Articles/988401/
Samba 4.21.0 released
Version 4.21.0 of the Samba Windows interoperability suite has been
released. Changes include some authentication hardening, a number of LDAP
improvements, per-user and per-group veto and hide files, group-managed
service accounts, and quite a bit more.
https://lwn.net/Articles/989047/
Call for candidates for the 2024 Linux Foundation TAB election
The https://lwn.net/ml/all/87zforv3zc.fsf@trenco.lwn.net
has gone out for the 2024 election of members of the Linux Foundation
Technical Advisory Board:
The TAB exists to provide advice from the kernel community to the
Linux Foundation and holds a seat on the LF's board of directors;
it also serves to facilitate interactions both within the community
and with outside entities. Over the last year, the TAB has
overseen the organization of the Linux Plumbers Conference, advised
on the setup of the kernel CVE numbering authority, worked behind
the scenes to help resolve a number of contentious community
discussions, worked with the Linux Foundation on community
conference planning, and more.
Nominations are due by September 20.
https://lwn.net/Articles/988862/
Tellico 4.0 released
https://tellico-project.org/tellico-4-0-released/
collection management
software has been released. This is the first release to use the
KDE Frameworks 6 and Qt6 libraries, with a fallback
available for Frameworks 5 and Qt5. Other notable changes in 4.0
include importing video collections from file metadata and correctly
importing multi-disc album data from https://www.discogs.com/
. Users
of prior versions are advised to make a backup of their data before upgrading.
https://lwn.net/Articles/988837/
[$] Whither the Apple AGX graphics driver?
Much of the early Rust code for the kernel has taken the form of
reimplementations of existing drivers as a proof of concept. One project,
though, is entirely new: the driver for Apple GPUs written by Asahi Lina.
This driver has shipped with <a href="https://asahilinux.org/" rel="nofollow">Asahi
Linux</a> for some time and, by many accounts, is stable, usable, and a
shining example of how Rust can be used in a complex kernel subsystem.
That driver remains outside of the mainline kernel, though, and merging
currently looks like a distant prospect. The reasons for that state of
affairs highlight some of the difficulties inherent in integrating a new
language (and its associated development style) into the Linux kernel.
https://lwn.net/Articles/988438/
Seven stable kernel updates for Wednesday
The https://lwn.net/Articles/988748/
stable kernel updates have all
been released. As usual, they contain important fixes throughout the
tree. Users of those kernels should upgrade.
https://lwn.net/Articles/988747/
Security updates for Wednesday
Security updates have been issued by AlmaLinux (buildah, gvisor-tap-vsock, nodejs:18, python-urllib3, and skopeo), Debian (firefox-esr and openssl), Fedora (apr and seamonkey), Red Hat (podman), Slackware (mozilla and seamonkey), SUSE (bubblewrap and flatpak, buildah, docker, dovecot23, ffmpeg, frr, go1.21-openssl, graphviz, java-1_8_0-openj9, kubernetes1.26, kubernetes1.27, kubernetes1.28, openssl-1_0_0, openssl-3, perl-DBI, python-aiohttp, python-Django, python-WebOb, thunderbird, tiff, ucode-intel, unbound, webkit2gtk3, and xen), and Ubuntu (drupal7 and twisted).
https://lwn.net/Articles/988746/
[$] Transcribing audio with AI using Speech Note
One of the joys of writing about technology is the opportunity to
cover interesting talks on open‑source and free‑software topics. One
of the pains is creating transcriptions of said talks, or continually
referring back to a recording, to be able to write about
them. https://github.com/mkiol/dsnote
is an
open-source application that uses machine-learning models, running locally, to
translate speech to text and take the pain out of transcription. It
also handles text to speech, and language translations. While not
perfect, its transcriptions are better than one might expect, even when
handling jargon, accents, and less-than-perfect audio.
https://lwn.net/Articles/987315/
[$] Advances in font technology and GTK text rendering
At this year's https://events.gnome.org/event/209/
in Denver, Colorado, Behdad Esfahbod and Matthias Clasen
presented a https://events.gnome.org/event/209/contributions/749/
on a topic that's deeply important to desktop
environments: fonts. Esfahbod covered advances in font
technology that are making their way to becoming standards, and Clasen briefly
discussed improvements in GTK text rendering. The talk presented some
fascinating insights into the problems around accurately rendering
writing systems on the desktop, and where font technologies may be
going in the near future.
https://lwn.net/Articles/987176/
Security updates for Monday
Security updates have been issued by AlmaLinux (postgresql:16), Debian (dovecot, pymatgen, ruby2.7, systemd, and webkit2gtk), Fedora (microcode_ctl, python3.11, vim, and xen), Oracle (kernel, postgresql:12, postgresql:13, postgresql:15, and python39:3.9 and python39-devel:3.9), Slackware (libpcap), SUSE (cacti, cacti-spine, python-Django, and trivy), and Ubuntu (dovecot).
https://lwn.net/Articles/988364/
Kernel prepatch 6.11-rc6
Linus has released https://lwn.net/Articles/988183/
for testing.
"Things look pretty normal, although we have perhaps unusually many
filesystem fixes here, spread out over smb, xfs, bcachefs and netfs."
https://lwn.net/Articles/988184/
Understanding the Postgres Hackers Mailing List Language
Reading an established open-source project's developer mailing list
may leave new contributors wishing they had a decoder ring. Greg
Sabino Mullane has written up a valuable https://www.crunchydata.com/blog/understanding-the-postgres-hackers-mailing-list
for those new to the PostgreSQL hackers (https://www.postgresql.org/list/pgsql-hackers/
)
mailing list that may also be useful for decoding other lists as well:
The mailing lists are full of acronyms and jargon that might not be
familiar to younger people who did not grow up on email (although text
messages have inherited many of the abbreviations). If you are a
non-native English speaker, or under the age of 30, or not steeped in
the world of tech, I offer some solutions below.
To do this, I downloaded the last year's worth of hackers email,
wrote a program to strip out all the non-human stuff (headers, code
blocks, attachments, etc.), and then did some data analysis on the
results.
https://lwn.net/Articles/987892/
[$] A SpamAssassin surprise
Here is a piece of advice for anybody wanting an easy and frustration-free
life: do not run your own email system. While there numerous advantages to
keeping some control over your communications, there is also a long list of
things that can go wrong. A recent failure of spam filtering on the LWN
email system illustrated one of those ways, as well as shining a light on
how even a seemingly independent email system is tied to other services
across the net.
https://lwn.net/Articles/987566/
ElasticSearch and Kibana become free software (again)
Back in 2021, the ElasticSearch search engine and Kibana visualization
platform https://lwn.net/Articles/843274/
under the non-free
Server Side Public License (SSPL). Now, Elastic (the company owning those
projects) has https://www.elastic.co/blog/elasticsearch-is-open-source-again
that those projects will also be distributable under the Affero GPL license.
We never stopped believing and behaving like an open source
community after we changed the license. But being able to use the
term Open Source, by using AGPL, an OSI approved license, removes
any questions, or fud, people might have.
https://lwn.net/Articles/987850/
Airlie: On Rust, Linux, developers, maintainers
Dave Airlie <a href="https://airlied.blogspot.com/2024/08/on-rust-linux-developers-maintainers.html" rel="nofollow">makes
an analogy</a> between the stages of road building and those of adding Rust
to the Linux kernel.
For the wayfinders the process of interacting with maintainers is
frustrating and slow, and they don't enjoy it as much as
wayfinding, and because they still only care about the hotel at the
end, when a maintainer gets into the details of their particular
intersection they don't want to do anything but go stay in their
hotel.
The road will get built, it will get traffic on it. There will be
tunnels where we should have intersections, there will be bridges
that need to be built from both sides, but I do think it will get
built.
https://lwn.net/Articles/987849/
Security updates for Friday
Security updates have been issued by AlmaLinux (libvpx, postgresql, postgresql:12, postgresql:13, postgresql:15, and python39:3.9 and python39-devel:3.9), Debian (chromium and ghostscript), Fedora (python3.13), and SUSE (chromium and podman).
https://lwn.net/Articles/987836/
GNU Screen v.5.0.0 is released
Version 5.0.0 of https://www.gnu.org/software/screen/
has
been released. Notable changes in this release include
new commands for authentication, input into multiple windows at the
same time, and to turn on/off truecolor support.
https://lwn.net/Articles/987700/
[$] Plasma Mobile for highly configurable Linux phones
https://plasma-mobile.org
is an open-source
user interface for mobile devices, developed by the KDE community. It's
built on the same foundations as https://kde.org/plasma-desktop/
window
manager. Much like its desktop counterpart, Plasma Mobile caters to
advanced users by offering extensive customizability. It is offered as an
option on phones with <a href="https://plasma-mobile.org/get/" rel="nofollow">various mobile Linux
distributions</a>.
https://lwn.net/Articles/986899/
Security updates for Thursday
Security updates have been issued by AlmaLinux (bind and bind-dyndb-ldap and postgresql:16), Fedora (less and python3.6), Mageia (nodejs & yarnpkg), Oracle (libvpx and postgresql:16), Red Hat (edk2, git, kernel, openldap, postgresql:15, postgresql:16, python3, and python39:3.9 and python39-devel:3.9), SUSE (apache2, python-setuptools, and python3-setuptools), and Ubuntu (linux-oracle).
https://lwn.net/Articles/987664/
Rust-for-Linux Wedson Almeida Filho drops out
Wedson Almeida Filho, one of the key developers driving the https://rust-for-linux.com/
, has <a href="https://lwn.net/ml/all/20240828211117.9422-1-wedsonaf@gmail.com" rel="nofollow">retired from the
project</a>.
After almost 4 years, I find myself lacking the energy and
enthusiasm I once had to respond to some of the nontechnical
nonsense, so it's best to leave it up to those who still have it
in them.
As an example of the sort of "nonsense" he referred to, he provided https://youtu.be/WiPp9YEBV0Q?t=1529
from the
https://lwn.net/Articles/978738/
at the 2024
Linux Storage, Filesystem, Memory-Management, and BPF Summit. His work was
fundamental to getting the project as far as it has come; he will be missed.
https://lwn.net/Articles/987635/
Judge dismisses majority of GitHub Copilot copyright claims (Developer)
Developer https://www.developer-tech.com/news/judge-dismisses-majority-github-copilot-copyright-claims/
that most (but not all) of the claims in the GitHub Copilot lawsuit have
been dismissed with prejudice by the judge.
Judge Jon Tigar's ruling, unsealed last week, leaves only two
claims standing: one accusing the companies of an open-source
license violation and another alleging breach of contract. This
decision marks a substantial setback for the developers who argued
that GitHub Copilot, which uses OpenAI's technology and is owned by
Microsoft, unlawfully trained on their work.
https://lwn.net/Articles/987524/
Security updates for Wednesday
Security updates have been issued by Fedora (calibre, dotnet8.0, dovecot, webkit2gtk4.0, and webkitgtk), Oracle (nodejs:20), Red Hat (bind, bind and bind-dyndb-ldap, postgresql:16, and squid), Slackware (kcron and plasma), SUSE (keepalived and webkit2gtk3), and Ubuntu (drupal7).
https://lwn.net/Articles/987519/
WineHQ to take over Mono
The Mono project was started in 2001 to develop a .NET environment for
Linux systems. Microsoft has owned that project since 2016, but has not
made a major release since 2019. The company has now https://www.mono-project.com/
that Mono is being
handed over to the WineHQ organization, which will maintain https://gitlab.winehq.org/wine-mono/mono
going
forward. Microsoft, meanwhile, is steering users toward its "modern
fork" that it continues to maintain.
https://lwn.net/Articles/987465/
[$] NIST finalizes post-quantum encryption standards
On August 13, the US National Institute of Standards and Technology (NIST)
<a href="https://csrc.nist.gov/news/2024/postquantum-cryptography-fips-approved" rel="nofollow">
published</a> the final form of its new post-quantum cryptographic standards. One
key-exchange mechanism and two digital-signature schemes are now officially
sanctioned by the institute. Adopting the new standards should be fairly
painless for most developers, but the overhead added by the schemes could pose
challenges for some applications.
https://lwn.net/Articles/973231/
Security updates for Tuesday
Security updates have been issued by AlmaLinux (nodejs:20), Debian (python3.11), Fedora (dotnet8.0), Red Hat (bind, krb5, libreoffice, linux-firmware, orc, orc:0.4.28, and orc:0.4.31), SUSE (mariadb and openssl-3), and Ubuntu (linux-aws-5.4).
https://lwn.net/Articles/987393/
[$] A new version of modversions
The genksyms tool has long been buried deeply within the kernel's
build system; it is one of the two C-code parsers shipped with the kernel
(the other being <a href="https://elixir.bootlin.com/linux/v6.11-rc4/source/scripts/kernel-doc" rel="nofollow">the
horrifying kernel-doc script</a>). It is a key part of how the
kernel's module-loading infrastructure works. While genksyms has
quietly done its job for decades, that period may soon be coming to an end.
It would seem that genksyms is not up to the task of handling Rust
code, so Sami Tolvanen is <a href="https://lwn.net/ml/all/20240815173903.4172139-21-samitolvanen@google.com/" rel="nofollow">proposing
a new tool</a> to handle this task going forward.
https://lwn.net/Articles/986892/
[$] The history, status, and plans for reproducible builds
On the second day of https://debconf24.debconf.org/
in Busan, South Korea, Holger Levsen provided a history lesson on the
"first 11 years" of the https://reproducible-builds.org/
.
He has been involved in the project for most of that time and has been a
Debian user since the mid-1990s, contributor since 2001, and a Debian
member since 2007; "I love Debian". Meanwhile, his aim is to make all free
software be reproducible, so that anyone can check that a binary program
comes from the source code it purports to.
https://lwn.net/Articles/985739/
Forgejo changes license to GPLv3+
The
<a href="https://forgejo.org/" rel="nofollow">
Forgejo</a> project has https://forgejo.org/2024-08-gpl/
that, starting from version 9.0, Forgejo will be released under the GPLv3 license (or a later version). Older versions of the software forge remain MIT-licensed.
A copyleft license makes reusing other copyleft software easier. Recently, we discovered that
<a href="https://forgejo.org/2024-07-non-free-dependency-found/" rel="nofollow">
some of the dependencies we used were incompatible with the license Forgejo was distributed with</a>, and they had to be removed for now. Choosing copyleft licenses enables us to reuse more work, and saves us precious time to focus on improving Forgejo itself.
https://lwn.net/Articles/986998/
Security updates for Friday
Security updates have been issued by Fedora (community-mysql, iaito, and radare2), Oracle (python3.12-setuptools and tomcat), Red Hat (krb5 and podman), Slackware (ffmpeg), SUSE (apache2, expat, firefox, webkit2gtk3, and xen), and Ubuntu (imagemagick and libxstream-java).
https://lwn.net/Articles/986997/
LibreOffice 24.8 released
<a href="https://blog.documentfoundation.org/blog/2024/08/22/libreoffice-248/" rel="nofollow">Version
24.8</a> of the LibreOffice office suite has been released. Changes
include the ability to filter identifying information from exported files,
easier creation of cross reference, better control over hyphenation, a
number of new spreadsheet functions, accessibility improvements, and more.
https://lwn.net/Articles/986906/
[$] A review of file descriptor memory safety in the kernel
On July 30, Al Viro sent
<a href="https://lwn.net/ml/all/20240730050927.GC5334@ZenIV/" rel="nofollow">
a patch set</a> to the linux-fsdevel mailing list with a
comprehensive cover letter explaining his
recent work on ensuring that the kernel's internal representation of
file descriptors are used correctly in the kernel.
File descriptors are ubiquitous; many system calls
need to handle them. Viro's review
identified a few existing bugs, and may prevent more in the future. He also had
suggestions for ways to keep uses consistent throughout the kernel.
https://lwn.net/Articles/985853/
Garrett: What is an SBAT and why does everyone suddenly care
Matthew Garrett <a href="https://mjg59.dreamwidth.org/70348.html" rel="nofollow">describes
the role of the Secure Boot Advanced Targeting mechanism</a> and how it
played into the recent Windows upgrade problems.
So why is this suddenly relevant? SBAT was developed
collaboratively between the Linux community and Microsoft, and
Microsoft chose to push a Windows update that told systems not to
trust versions of grub with a security generation below a certain
level. This was because those versions of grub had genuine security
vulnerabilities that would allow an attacker to compromise the
Windows secure boot chain, and we've seen real world examples of
malware wanting to do that.
https://lwn.net/Articles/986844/
“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update (ars technica)
Ars technica https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/
a recent https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-2601
that is causing problems for users with systems that dual-boot Windows
and Linux.
"Note that Windows says this update won't apply to systems that
dual-boot Windows and Linux," one frustrated person wrote. "This
obviously isn't true, and likely depends on your system configuration
and the distribution being run. It appears to have made some linux efi
shim bootloaders incompatible with microcrap efi bootloaders (that's
why shifting from MS efi to 'other OS' in efi setup works). It appears
that Mint has a shim version that MS SBAT doesn't recognize."
The reports indicate that multiple distributions, including Debian,
Ubuntu, Linux Mint, Zorin OS, and Puppy Linux, are all
affected. Microsoft has yet to acknowledge the error publicly, explain
how it wasn't detected during testing, or provide technical guidance
to those affected. Company representatives didn't respond to an email
seeking answers.
https://lwn.net/Articles/986659/
Górny: Gentoo: profiles and keywords rather than releases
Gentoo developer Michał Górny has written a lengthy <a href="https://blogs.gentoo.org/mgorny/2024/08/20/gentoo-profiles-and-keywords-rather-than-releases/" rel="nofollow">blog
post</a> that explains how Gentoo approaches releases:
Gentoo is something of a hybrid, as it combines the best of both
worlds. It is a rolling release distribution with a single shared
repository that is available to all users. However, within this
repository we use a keywording system to provide a choice between
stable and testing packages, to facilitate both production and
development systems (with some extra flexibility), and versioned
profiles to tackle major lock-step upgrades.
https://lwn.net/Articles/986655/
[$] Python subinterpreters and free-threading
At
https://us.pycon.org/2024/
in Pittsburgh,
Pennsylvania, Anthony Shaw looked at the various kinds of parallelism
available to Python programs. There have been two major developments on
the parallel-execution front over the last few years, with the effort to
provide https://lwn.net/Articles/820424/
, each with its own
global interpreter lock (GIL), along with the work to https://lwn.net/Articles/940780/
. In the talk, he
explored the two approaches to try to give attendees a sense of how to make
the right choice for their applications.
https://lwn.net/Articles/985041/
[$] Per-call-site slab caches for heap-spraying protection
One tactic often used by attackers set on compromising a system is https://en.wikipedia.org/wiki/Heap_spraying
; in
short, the attacker fills as much of the heap as possible with crafted data
in the hope of getting the target system to use that data in a bad way. If
heap spraying can be blocked, attackers will lose an important tool. The
kernel has some heap-spraying defenses now, including the https://lwn.net/Articles/965837/
merged for the
upcoming 6.11 release, but its author, Kees Cook, thinks that more can be
done.
https://lwn.net/Articles/986174/
[$] FreeBSD considers Rust in the base system
The https://www.freebsd.org/
is, for the second
time this year, engaging in a long-running discussion about the
possibility of including Rust in its <a href="https://www.over-yonder.net/~fullermd/rants/bsd4linux/03" rel="nofollow">base
system</a>. The sequel to the first discussion included some work by
Alan Somers to show what it might look like to use Rust code in the
base tree. Support for Rust code does not appear much closer to being
included in FreeBSD's base system, but the conversation has been
enlightening.
https://lwn.net/Articles/985210/
Kernel prepatch 6.11-rc4
The https://lwn.net/Articles/986162/
is out for
testing. According to Linus:
But it all looks fairly normal. rc4 is bigger than either rc2 or
rc3 were, but not hugely so, and it's actually a normal pattern,
where it takes a while before people find some issues. So nothing
feels all that odd.
https://lwn.net/Articles/986163/
[$] Custom string formatters in Python
Python has had
https://lwn.net/Articles/656898/
(f-strings), a syntactic shorthand for building
strings, since 2015. Recently, Jim Baker, Guido van Rossum, and Paul Everitt have
proposed
<a href="https://peps.python.org/pep-0750/" rel="nofollow">
PEP 750</a> ("Tag Strings For Writing Domain-Specific Languages") which would
generalize and expand that mechanism to provide Python library writers with additional
flexibility. Reactions to the proposed change were somewhat positive, although
there was a good deal of discussion of (and opposition to)
the PEP's inclusion of lazy evaluation of template parameters.
https://lwn.net/Articles/985346/
[$] Memory-management: tiered memory, huge pages, and EROFS
The kernel's memory-management developers have been busy in recent times;
it can be hard to keep up with all that has been happening in this core
area. In an attempt to catch up, here is a look at recent work
affecting tiered-memory systems, underutilized huge pages, and duplicated
file data in the Enhanced Read-Only Filesystem (EROFS).
https://lwn.net/Articles/984839/
Security updates for Thursday
Security updates have been issued by AlmaLinux (container-tools:rhel8), Debian (flatpak), Fedora (389-ds-base, dotnet8.0, and roundcubemail), Red Hat (bind9.16, firefox, python-setuptools, and thunderbird), Slackware (dovecot), SUSE (389-ds, curl, kernel, kernel-firmware, kubernetes1.25, openssl-1_1, openssl-3, python-Pillow, and zziplib), and Ubuntu (busybox, linux-azure, and ruby-rmagick).
https://lwn.net/Articles/985845/
[$] Standards for use of unsafe Rust in the kernel
Rust is intended to let programmers write safer code.
But compilers are
not omniscient, and writing Rust code that interfaces with hardware (or that
works with memory outside of Rust's lifetime paradigm) requires, at
some point, the programmer's assurance that some operations are permissible. Benno Lossin
<a href="https://lwn.net/ml/all/20240717221133.459589-1-benno.lossin@proton.me/" rel="nofollow">
suggested adding
some more documentation</a> to
<a href="https://rust-for-linux.com/" rel="nofollow">
the Rust-for-Linux project</a> clarifying the
standards for commenting uses of unsafe in kernel code. There's general
agreement that such standards are necessary, but less agreement on exactly when
it is appropriate to use unsafe.
https://lwn.net/Articles/982868/
Notes by LWN.net (RSS Feed) | export