LWN
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
Updated: 5 hours 57 min ago
[$] Getting along in the Python community
In a session with a title that used a common misquote of Rodney King ("can't we all just get along?"), several Python developers wanted to discuss an incident that had recently occurred on the python-dev mailing list. A rude posting to the list led to a thread that got somewhat out of control. Some short tempers among the members of the Python developer community likely escalated things unnecessarily. The incident in question was brought up as something of an object lesson; people should take some time to simmer down before firing off that quick, but perhaps needlessly confrontational, reply.
[$] PEP 572 and decision-making in Python
The "PEP 572 mess" was the topic of a 2018 Python Language Summit session led by benevolent dictator for life (BDFL) Guido van Rossum. PEP 572 seeks to add assignment expressions (or "inline assignments") to the language, but it has seen a prolonged discussion over multiple huge threads on the python-dev mailing list—even after multiple rounds on python-ideas. Those threads were often contentious and were clearly voluminous to the point where many probably just tuned them out. At the summit, Van Rossum gave an overview of the feature proposal, which he seems inclined toward accepting, but he also wanted to discuss how to avoid this kind of thread explosion in the future.
Welcome to Fedora CoreOS
Matthew Miller looks at how Red Hat's acquisition of CoreOS will affect the
Fedora project. "This isn’t the place for technical details — see
“what next?” at the bottom of this message for more. I expect that over the
next year or so, Fedora Atomic Host will be replaced by a new thing
combining the best from Container Linux and Project Atomic. This
new thing will be “Fedora CoreOS” and serve as the upstream to Red
Hat CoreOS."
Security updates for Wednesday
Security updates have been issued by Arch Linux (pass), Debian (xen), Fedora (chromium, cobbler, gnupg, kernel, LibRaw, mariadb, mingw-libtiff, nikto, and timidity++), Gentoo (chromium, curl, and transmission), Mageia (gnupg, gnupg2, librsvg, poppler, roundcubemail, and xdg-utils), Red Hat (ansible and glusterfs), Slackware (gnupg), SUSE (cobbler, dwr, java-1_8_0-ibm, kernel, microcode_ctl, pam-modules, salt, slf4j, and SMS3.1), and Ubuntu (libgcrypt11, libgcrypt11, libgcrypt20, and mozjs52).
Security updates for Tuesday
Security updates have been issued by Arch Linux (libgcrypt), Fedora (bouncycastle, nodejs, and perl-Archive-Tar), openSUSE (aubio), and Red Hat (chromium-browser, glibc, kernel, kernel-rt, libvirt, pcs, samba, samba4, sssd and ding-libs, and zsh).
[$] TCP small queues and WiFi aggregation — a war story
This article describes our findings that connected TCP small queues (TSQ) with the behavior of advanced WiFi protocols and, in the process, solved a throughput regression. The resulting patch is already in the mainline tree, so before continuing, please make sure your kernel is updated. Beyond the fix, it is delightful to travel through history to see how we discovered the problem, how it was tackled, and how it was patched.
Subscribers can read on for the full story by guest authors Carlo Grazia and Natale Patriciello.
Security updates for Monday
Security updates have been issued by CentOS (kernel), Debian (libgcrypt20, redis, and strongswan), Fedora (epiphany, freedink-dfarc, gnupg, LibRaw, nodejs-JSV, nodejs-uri-js, singularity, strongswan, and webkit2gtk3), Mageia (flash-player-plugin, freedink-dfarc, and imagemagick), openSUSE (enigmail, gpg2, java-1_7_0-openjdk, java-1_8_0-openjdk, poppler, postgresql96, python-python-gnupg, and samba), Oracle (kernel), SUSE (gpg2 and xen), and Ubuntu (gnupg and webkit2gtk).
[$] 4.18 Merge window, part 2
By the time that Linus Torvalds released 4.18-rc1 and closed the merge
window for this development cycle, 11,594 non-merge changesets had
found their way into the mainline kernel repository. Nearly 4,500 of those
were pulled after last week's summary was
written. Thus, in terms of commit traffic, 4.18 looks to be quite similar
to its predecessors. As usual, the entry of significant new features has
slowed toward the end of the merge window, but there are still some
important changes on the list.
Kernel prepatch 4.18-rc1
The first 4.18 prepatch is out, and the
merge window has closed for this development cycle. "You may think it's still
Saturday for me, and that I should give you one more day of merge window to
send in some last-minute pull requests, but I know better. I'm in Japan,
and it's Sunday here."
[$] Toward a fully reproducible Debian
It's been a little over one year since we last covered Debian's reproducible builds
project. The effort has not stopped in the interim; progress continues
to be made, the message has sharpened up, and word is spreading. Chris
Lamb, speaking about this at FLOSS UK in a talk called "You may think
you're not a target: a tale of three
developers", hinted that the end may be starting to come into sight.
Security updates for Friday
Security updates have been issued by CentOS (plexus-archiver), Fedora (chromium, kernel, and plexus-archiver), Mageia (firefox, gifsicle, jasper, leptonica, patch, perl-DBD-mysql, qt3, and scummvm), openSUSE (opencv), Oracle (kernel), Red Hat (kernel), Scientific Linux (kernel), SUSE (gpg2, nautilus, and postgresql96), and Ubuntu (gnupg2 and linux-raspi2).
Cook: security things in Linux v4.17
Kees Cook describes
the security-oriented changes included in the 4.17 kernel release.
"It was possible that old memory contents would live in a new
process’s kernel stack. While normally not visible, “uninitialized” memory
read flaws or read overflows could expose these contents (especially stuff
“deeper” in the stack that may never get overwritten for the life of the
process). To avoid this, I made sure that new stacks were always
zeroed. Oddly, this “priming” of the cache appeared to actually improve
performance, though it was mostly in the noise."
Backdoored images downloaded 5 million times finally removed from Docker Hub (ars technica)
Ars technica has the
story of a set of Docker images containing cryptocurrency miners that
persisted on Docker Hub for the better part of a year — after being
discovered. "Neither the
Docker Hub account nor the malicious images it submitted were taken
down. Over the coming months, the account went on to submit 14 more
malicious images. The submissions were publicly called out two more times,
once in January by security firm Sysdig and again in May by security
company Fortinet. Eight days after last month's report, Docker Hub finally
removed the images."
Security updates for Thursday
Security updates have been issued by Arch Linux (chromium and gnupg), Debian (spip), Fedora (pdns-recursor), Gentoo (adobe-flash, burp, quassel, and wget), openSUSE (bouncycastle and taglib), Oracle (kernel), SUSE (java-1_7_0-openjdk, java-1_8_0-openjdk, poppler, and samba), and Ubuntu (file, perl, and ruby1.9.1, ruby2.0, ruby2.3).
[$] LWN.net Weekly Edition for June 14, 2018
The LWN.net Weekly Edition for June 14, 2018 is available.
[$] Python virtual environments
In a short session at the 2018 Python Language Summit, Steve Dower brought up the shortcomings of Python virtual environments, which are meant to create isolated installations of the language and its modules. He said his presentation was "co-written with Twitter" and, indeed, most of his slides were of tweets. At the end, he also slipped in an announcement of his plans for hosting a core development sprint in September.
[$] XArray and the mainline
The XArray data structure was the topic of the final filesystem track session at the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM). XArray is a new API for the kernel's radix-tree data structure; the session was led by Matthew Wilcox, who created XArray. When asked by Dave Chinner if the session was intended to be a live review of the patches, Wilcox admitted with a grin that it might be "the only way to get a review on this damn patch set".
[$] Filesystem test suites
While the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM) filesystem track session was advertised as being a filesystem test suite "bakeoff", it actually focused on how to make the existing test suites more accessible. Kent Overstreet said that he has learned over the years that various filesystem developers have their own scripts for testing using QEMU and other tools. He and Ted Ts'o put the session together to try to share some of that information (and code) more widely.
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
GNOME Desktop: Flatpak and Random Wallpaper Gnome Extension
| today's howtos
|
KDE: QtPad, Celebrating 10 Years with KDE, GSoC 2018
| Open Hardware: Good for Your Brand, Good for Your Bottom Line
Chip makers are starting to catch on to the advantages of open, however. SiFive has released an entirely open RISC-V development board. Its campaign on the Crowd Supply crowd-funding website very quickly raised more than $140,000 USD. The board itself is hailed as a game-changer in the world of hardware. Developments like these will ensure that it won't be long before the hardware equivalent of LEGO's bricks will soon be as open as the designs built using them.
|
Content (where original) is available under CC-BY-SA, copyrighted by original author/s.
Recent comments
3 days 5 hours ago
3 days 7 hours ago
6 days 13 hours ago
6 days 14 hours ago
1 week 49 min ago
1 week 13 hours ago
1 week 1 day ago
1 week 1 day ago
1 week 4 days ago
1 week 4 days ago