Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 1 hour 25 min ago

[$] Unexporting kallsyms_lookup_name()

Friday 28th of February 2020 05:58:15 PM
One of the basic rules of kernel-module development is that modules can only access symbols (functions and data structures) that have been explicitly exported. Even then, many symbols are restricted so that only modules with a GPL-compatible license can access them. It turns out, though, that there is a readily available workaround that makes it easy for a module to access any symbol it wants. That workaround seems likely to be removed soon despite some possible inconvenience for some out-of-tree users; the reason why that is happening turns out to be relatively interesting.

Security updates for Friday

Friday 28th of February 2020 02:51:54 PM
Security updates have been issued by CentOS (java-1.7.0-openjdk and ppp), Debian (libimobiledevice, libusbmuxd, and pure-ftpd), Fedora (caddy, firejail, golang-github-gorilla-websocket, golang-vitess, hugo, mingw-libpng, php, and proftpd), openSUSE (chromium, enigmail, ipmitool, libsolv, libzypp, zypper, weechat, and yast2-rmt), Oracle (java-1.7.0-openjdk and ppp), Red Hat (java-1.7.0-openjdk and ppp), Scientific Linux (java-1.7.0-openjdk and ppp), and SUSE (java-1_8_0-ibm, kernel, mariadb, mariadb-100, openssl, php5, python, rsyslog, and texlive-filesystem).

[$] An end to high memory?

Thursday 27th of February 2020 05:41:50 PM
This patch from Johannes Weiner seemed like a straightforward way to improve memory-reclaim performance; without it, the virtual filesystem layer throws away memory that the memory-management subsystem thinks is still worth keeping. But that patch quickly ran afoul of a feature (or "misfeature" depending on who one asks) from the distant past, one which goes by the name of "high memory". Now, more than 20 years after its addition, high memory may be brought down low, as developers consider whether it should be deprecated and eventually removed from the kernel altogether.

Security updates for Thursday

Thursday 27th of February 2020 02:44:17 PM
Security updates have been issued by CentOS (kernel, ksh, python-pillow, and thunderbird), Debian (opensmtpd, proftpd-dfsg, and rake), Fedora (NetworkManager-ssh), openSUSE (chromium), and SUSE (libexif, mariadb, ovmf, python3, and squid).

[$] Weekly Edition for February 27, 2020

Thursday 27th of February 2020 01:59:07 AM
The Weekly Edition for February 27, 2020 is available.

[$] Impedance matching for BPF and LSM

Wednesday 26th of February 2020 11:10:02 PM
The "kernel runtime security instrumentation" (KRSI) patch set has been making the rounds over the past few months; the idea is to use the Linux security module (LSM) hooks as a way to detect, and potentially deflect, active attacks against a running system. It does so by allowing BPF programs to be attached to the LSM hooks. That has caused some concern in the past about exposing the security hooks as external kernel APIs, which makes them potentially subject to the "don't break user space" edict. But there has been no real objection to the goals of KRSI. The fourth version of the patch set was posted by KP Singh on February 20; the concerns raised this time are about its impact on the LSM infrastructure.

Security updates for Wednesday

Wednesday 26th of February 2020 03:41:13 PM
Security updates have been issued by Debian (python-pysaml2), Mageia (clamav, graphicsmagick, opencontainers-runc, squid, and xmlsec1), Oracle (kernel, ksh, python-pillow, systemd, and thunderbird), Red Hat (rh-nodejs12-nodejs), Scientific Linux (ksh, python-pillow, and thunderbird), and SUSE (nodejs6, openssl, ppp, and squid).

[$] A look at "BPF Performance Tools"

Wednesday 26th of February 2020 01:47:25 PM
BPF has exploded within the Linux world over the last few years, growing from its networking roots into the go-to tool for running custom in-kernel programs. Its role seems to expand with every kernel release into diverse areas such as security and device control. But none of that is the focus of a relatively new book from Brendan Gregg, BPF Performance Tools; it looks, instead, at how BPF provides visibility into the guts of the kernel. Finding performance bottlenecks of various sorts on (generally large) production systems is an area where BPF and the tool set that has grown up around it can excel; Gregg's book describes that landscape in great depth.

Manjaro 19.0 released

Wednesday 26th of February 2020 11:16:32 AM
Version 19 of the Arch-based Manjaro distribution is out. "The Xfce edition remains our flagship offering and has received the attention it deserves. Only a few can claim to offer such a polished, integrated and leading-edge Xfce experience. With this release we ship Xfce 4.14 and have mostly focused on polishing the user experience with the desktop and window manager. Also we have switched to a new theme called Matcha. A new feature Display-Profiles allows you to store one or more profiles for your preferred display configuration. We also have implemented auto-application of profiles when new displays are connected."

FSF to launch code hosting

Tuesday 25th of February 2020 09:03:13 PM
The Free Software Foundation has announced that it is planning to launch a public code hosting and collaboration platform later this year. "We plan on contributing improvements upstream for the new forge software we choose, to boost its score on [GNU ethical repository] criteria. Our tech team is small for the size of the network we maintain, and we don't have any full-time developers who work for the FSF, so we are limited in the amount of time we can spend on the software we choose. We'll communicate with the upstream developers to request improvements and help clarify any questions related to the ethical repository criteria."

Security updates for Tuesday

Tuesday 25th of February 2020 03:49:41 PM
Security updates have been issued by Debian (curl and otrs2), Fedora (NetworkManager-ssh and python-psutil), Mageia (ipmitool, libgd, libxml2_2, nextcloud, radare2, and upx), openSUSE (inn and sudo), Oracle (kernel, ksh, python-pillow, and thunderbird), Red Hat (curl, kernel, nodejs:10, nodejs:12, procps-ng, rh-nodejs10-nodejs, ruby, and systemd), SUSE (dpdk, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libexif, libvpx, nodejs10, nodejs8, openssl1, pdsh, slurm_18_08, python-azure-agent, python3, and webkit2gtk3), and Ubuntu (libapache2-mod-auth-mellon, libpam-radius-auth, and rsync).

[$] watch_mount(), watch_sb(), and fsinfo() (again)

Monday 24th of February 2020 10:21:11 PM
Filesystems, by design, hide a lot of complexity from users. At times, though, those users need to be able to look inside the black box and extract information about what is going on within a filesystem. Answering this need is David Howells, the creator of a number of filesystem-oriented system calls; in this patch set he tries to add three more, one of which we have seen before and two of which are new.

Kernel prepatch 5.6-rc3

Monday 24th of February 2020 04:47:21 PM
The 5.6-rc3 kernel prepatch is out for testing. Linus says: "Fairly normal rc3 as far as I can tell. We've seen bigger, but we've seen smaller ones too. Maybe this is slightly on the low side of average at this time, which would make sense since this was a smaller merge window. Anyway, too much noise in the signal to be sure either way."

Stable kernel updates

Monday 24th of February 2020 03:47:51 PM
Stable kernels 5.5.6, 5.4.22, and 4.19.106 have been released. They all have a large set of important fixes.

Security updates for Monday

Monday 24th of February 2020 03:39:52 PM
Security updates have been issued by Debian (libpam-radius-auth, pillow, ppp, proftpd-dfsg, and python-pysaml2), Fedora (firefox, glib2, hiredis, http-parser, libuv, mingw-openjpeg2, nghttp2, nodejs, openjpeg2, python-pillow, skopeo, and webkit2gtk3), Mageia (patch, postgresql, and systemd), Red Hat (ksh, nodejs:10, openjpeg2, python-pillow, systemd, and thunderbird), and SUSE (java-1_7_1-ibm, libsolv, libzypp, zypper, pdsh, slurm_18_08, and php53).

[$] CAP_PERFMON — and new capabilities in general

Friday 21st of February 2020 05:37:58 PM
The perf_event_open() system call is a complicated beast, requiring a fair amount of study to master. This call also has some interesting security implications: it can be used to obtain a lot of information about the running system, and the complexity of the underlying implementation has made it more than usually prone to unpleasant bugs. In current kernels, the security controls around perf_event_open() are simple, though: if you have the CAP_SYS_ADMIN capability, perf_event_open() is available to you (though the system administrator can make it available without any privilege at all). Some current work to create a new capability for the perf events subsystem would seem to make sense, raising the question of why adding new capabilities isn't done more often.

Security updates for Friday

Friday 21st of February 2020 02:03:03 PM
Security updates have been issued by CentOS (openjpeg2), Debian (cloud-init, jackson-databind, and python-reportlab), Red Hat (ksh, python-pillow, systemd, and thunderbird), Slackware (proftpd), SUSE (java-1_7_0-ibm, nodejs10, and nodejs12), and Ubuntu (ppp and squid, squid3).

[$] Memory-management optimization with DAMON

Thursday 20th of February 2020 03:09:52 PM
To a great extent, memory management is based on making predictions: which pages of memory will a given process need in the near future? Unfortunately, it turns out that predictions are hard, especially when they are about future events. In the absence of useful information sent back from the future, memory-management subsystems are forced to rely on observations of recent behavior and an assumption that said behavior is likely to continue. The kernel's memory-management decisions are opaque to user space, though, and often result in less-than-optimal performance. A pair of patch sets from SeongJae Park tries to make memory-usage patterns visible to user space, and to let user space change memory-management decisions in response.

Security updates for Thursday

Thursday 20th of February 2020 02:13:45 PM
Security updates have been issued by Debian (netty and netty-3.9), Fedora (ceph, dovecot, poppler, and webkit2gtk3), openSUSE (inn and rmt-server), Oracle (openjpeg2), Red Hat (rabbitmq-server), Scientific Linux (openjpeg2), SUSE (dnsmasq, rsyslog, and slurm), and Ubuntu (php7.0).

[$] Weekly Edition for February 20, 2020

Thursday 20th of February 2020 01:04:41 AM
The Weekly Edition for February 20, 2020 is available.

More in Tux Machines

Security and FUD: Updates, Keeper, WireGuard and Concerns About 2038

  • Security updates for Friday

    Security updates have been issued by CentOS (java-1.7.0-openjdk and ppp), Debian (libimobiledevice, libusbmuxd, and pure-ftpd), Fedora (caddy, firejail, golang-github-gorilla-websocket, golang-vitess, hugo, mingw-libpng, php, and proftpd), openSUSE (chromium, enigmail, ipmitool, libsolv, libzypp, zypper, weechat, and yast2-rmt), Oracle (java-1.7.0-openjdk and ppp), Red Hat (java-1.7.0-openjdk and ppp), Scientific Linux (java-1.7.0-openjdk and ppp), and SUSE (java-1_8_0-ibm, kernel, mariadb, mariadb-100, openssl, php5, python, rsyslog, and texlive-filesystem). 

  • Keeper – A Robust, Security-Centric Password Manager [Ed: This 'article' from FOSSmint (not FOSS) is referral SPAM. Proprietary software promoted for a fee. This -- yes, this -- is what kills journalism.]

    We’ve covered several password managers over the years with popular names like RememBear, Buttercup, Pass, and Enpass, and I am happy about the positive feedback from readers over the years. Today, I would like to introduce you to a strong password generator and security-centric manager application and it goes by the convenient name of Keeper. Keeper is a top-rated freemium password manager designed to provide personal users, families, students, and businesses with a reliable application for generating strong passwords as well as storing them while ensuring protection from cyberthreats and password-related data breaches.

  • WireGuard – A Fast, Modern and Secure VPN Tunnel for Linux

    WireGuard is a modern, secure, cross-platform and general-purpose VPN implementation that uses state-of-the-art cryptography. It aims to be speedy, simpler, leaner and more functional than IPsec and it intends to be more performant than OpenVPN. It is designed for use in various circumstances and can be deployed on embedded interfaces, fully loaded backbone routers, and supercomputers alike; and runs on Linux, Windows, macOS, BSD, iOS, and Android operating systems. It presents an extremely basic yet powerful interface that aims to be simple, as easy to configure and deploy as SSH. Its key features include a simple network interface, crypto key routing, built-in roaming and container support. Note that at the time of writing, it is under heavy development: some of its parts are working toward a stable 1.0 release, while others are already there (working fine).

  • Modern Computers Might Stop Working on January 19, 2038

    Nearly every computer in the history of computers keep time using a 32-bit integer, counting forward from 00:00:00 UTC on the 1st of January 1970, referred to as the epoch. This instant of time was set as the standard for modern computing systems, but there's a major problem. Seven seconds after 3:14 am UTC on the 19th of January 2038, the 32-bit integer storing this time data will run out of positions. The problem is similar to the Y2K issue where a 2-digit value could no longer be used to encode the years 2000 or later, but different in that this 32-bit bug is related to Unix-like systems and the Unix time format. These similarities to the Y2K bug have widely lead to the 2038 problem being known as the Unix Millennium Bug. [...] Embedded systems like those in cars and appliances are designed to last the lifecycle of the device without a software update. Connected electronics can be quickly fixed with a software update when the time comes, but these embedded systems will likely wreak the most havoc in 2038 since most won't be updated. One option is to change the data storage system of the 32-bit integer to an unsigned 32-bit integer. This would theoretically allow for date storage all the way to 2106, but any system that used a date prior to 1970 would run into issues accessing this data. If we increased the data storage to 64-bit, we would run into compatibility storage issues between older systems that only use 32-bit data storage. There's no current universal solution to the problem and even the most widely accepted fixes still have bugs in certain usage areas. There is positive news at the end of this.

The Chrome Cast 50: Linux on Chromebooks and the future of Chrome OS tablets

This week on The Chrome Cast, we’re exploring a couple seemingly-unconnected ideas that actually tie into one another quite well. First up is the heightened interest in Linux apps on Chrome OS. While we’ve been tracking along with the development of Crostini since before it was actually a thing, it’s been a while since we’ve really dug into what Chromebooks are capable of with Linux. As part of that renewed effort, we’ve launched Command Line, where we are focusing more on what users can do and get done with Linux apps on their Chromebook. Read more Another new show:

  • 2020-02-28 | Linux Headlines

    The Open Source Initiative kicks a co-founder from its mailing lists, OBS faces backlash for receiving support from Facebook Gaming, and Collabora launches its version of LibreOffice for mobile.

Linux-powered module charges up the RISC-V PolarFire SoC

Aries’ “M100PFS” module runs Linux on Microchip’s RISC-V based PolarFire SoC with FPGAs up to 265K LE. Features include up to 8GB LPDDR4, up to 64GB eMMC, and support for up to 16x SERDES lanes. Aries Embedded announced one of the first compute modules equipped with the PolarFire SoC, a Linux-powered, FPGA-enabled RISC-V SoC from Microchip’s Microsemi unit (see farther below). The M100PFS has the same 74 x 42mm footprint as Aries’ similar M100PF module, which is equipped with the PolarFire FPGA without the Linux-ready RISC-V cores. Read more

Android as a Desktop

  • Android-x86 project lets you run Android 9 Pie on a desktop, laptop, or table

    The team at the Android-x86 project Abba released their latest version of an Android based desktop operating system, offering an open source platform that can run Android 9 Pie on a desktop, laptop, or tablet with an Intel or AMD processor. Today the team announced the public release of Android-x86 9.0, the first stable release for Android-x86 9.0 (pie-x86). The prebuilt images are now available to download from Foss Hub and OSDN, check out the links below. The latest release includes support for 32-bit and 64-bit x86 processors, hardware-accelerated graphics with support for OpenGL ES 3.x on Intel, AMD, and NVIDIA GPUs, as well as experimental Vulkan graphics support, together with an optional Taskbar launcher, although you can also use the default Android-style launcher if you prefer. Other supported areas within the Android desktop operating system include WiFi, Bluetooth, Ethernet, camera, audio, and multitouch input.

  • Android-x86 9.0 Offering Android Pie Experience on Computer Released
  • Android is NOT Linux

    Android is NOT Linux Let's go over why Android is nothing like Linux. While it may use a Linux Kernel it is a completely different beast altogether.