LWN
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
Updated: 38 min 13 sec ago
[$] Containers as kernel objects
The kernel has, over the years, gained comprehensive support for
containers; that, in turn, has helped to drive the rapid growth of a number
of containerization systems. Interestingly, though, the kernel itself has
no concept of what a container is; it just provides a number of facilities
that can be used in the creation of containers in user space. David
Howells is trying to change that state of affairs with a patch set adding containers as a first-class
kernel object, but the idea is proving to be a hard sell in the kernel
community.
LibreOffice leverages Google’s OSS-Fuzz to improve quality of office suite
The Document Foundation looks at the progress made in improving the quality
and reliability of LibreOffice's source code by using Google's OSS-Fuzz.
"Developers have used the continuous and
automated fuzzing process, which often catches issues just hours after they
appear in the upstream code repository, to solve bugs - and potential
security issues - before the next binary release.
LibreOffice is the first free office suite in the marketplace to leverage
Google's OSS-Fuzz. The service, which is associated with other source code
scanning tools such as Coverity, has been integrated into LibreOffice's
security processes - under Red Hat's leadership - to significantly improve
the quality of the source code."
Security updates for Tuesday
Security updates have been issued by Arch Linux (lynis), CentOS (kdelibs, libtirpc, rpcbind, and samba), Debian (miniupnpc), Fedora (chromium, chromium-native_client, and kernel), Oracle (kdelibs and samba), Red Hat (libtirpc and rpcbind), and Scientific Linux (kdelibs, libtirpc, rpcbind, and samba).
Hughes: Updating Logitech Hardware on Linux
Richard Hughes describes
his work to address the MouseJack
vulnerability in Logitech (and other) receivers. This vulnerability allows an
attacker to pair new devices with the receiver with no user interaction or
awareness, and, thus, take over the machine. "This makes
sitting in a café quite a dangerous thing to do when any affected hardware
is inserted, which for the unifying dongle is quite likely as it’s
explicitly designed to remain in an empty USB socket."
Logitech has provided firmware updates, but not for "unsupported" platforms like Linux. Hughes has filled that gap by getting documentation and a fixed firmware image from Logitech and adding support for these devices to fwupd. He is now looking for testers to ensure that the whole thing works across all devices. This is important work that is well worth supporting.
GNU Guix & GuixSD 0.13.0 released
GNU Guix and GuixSD 0.13.0 have been released. GNU Guix is a transactional
package manager for the GNU system and the Guix System Distribution,
GuixSD, is an advanced distribution of the GNU system. A couple of
highlights in this version: Guix can now be used on aarch64 systems, and
GuixSD now supports Btrfs and adds the LXDE desktop as an option. See the
announcement for more information.
FreeBSD quarterly status report
FreeBSD has released
its status report for the first quarter of 2017. As usual there are
reports from the FreeBSD Core Team, the FreeBSD Foundation, the FreeBSD
Ports Collection, and the FreeBSD Release Engineering Team, followed by
more information about ongoing projects, and more.
Security updates for Monday
Security updates have been issued by Arch Linux (fop), Debian (dropbear, icu, and openjdk-7), Fedora (chicken, cinnamon-settings-daemon, jbig2dec, libtirpc, sane-backends, and smb4k), Mageia (flash-player-plugin, vlc, and webmin), Oracle (libtirpc and rpcbind), Red Hat (kdelibs, libtirpc, rpcbind, and samba), and SUSE (kernel).
The end of Parsix GNU/Linux
The Debian-based Parsix
distribution has announced
that it will be shutting down six months after the Debian "Stretch"
release. "Parsix GNU/Linux 8.15 (Nev) will be fully supported during
this time and users should be able to upgrade their installations to Debian
Stretch without any significant issues. We will make all necessary changes,
and updates to ensure a smooth transition to Debian Stretch."
Kernel prepatch 4.12-rc2
The 4.12-rc2 kernel prepatch is out.
"I'm back on the usual Sunday schedule, and everything else looks
fairly normal too. This rc2 is maybe a bit bigger than usual, but the
whole merge window was bigger than most, so maybe it's just that. And
it's not like it's huge".
[$] Revisiting "too small to fail"
Back in 2014, the revelation that the
kernel's
memory-management subsystem would not allow relatively small allocation
requests to fail created a bit of a stir. The discussion has settled down
since then, but the "too small to fail" rule still clearly creates a
certain amount of confusion in the kernel community, as is evidenced by a
recent discussion inspired by the 4.12 merge window. It would appear that
the rule remains in effect, but developers are asked to act as if it did not.
zetcd: running ZooKeeper apps without ZooKeeper
The CoreOS Blog introduces the first
beta release, v0.0.1, of zetcd. "Distributed systems commonly rely
on a distributed consensus to coordinate work. Usually the systems
providing distributed consensus guarantee information is delivered in order
and never suffer split-brain conflicts. The usefulness, but rich design
space, of such systems is evident by the proliferation of implementations;
projects such as chubby, ZooKeeper, etcd, and consul, despite differing in philosophy
and protocol, all focus on serving similar basic key-value primitives for
distributed consensus. As part of making etcd the most appealing foundation
for distributed systems, the etcd team developed a new proxy, zetcd, to
serve ZooKeeper requests with an unmodified etcd cluster."
Security updates for Friday
Security updates have been issued by Debian (deluge, jbig2dec, mysql-connector-java, and nss), Fedora (jasper), Mageia (mhonarc and radicale), openSUSE (smb4k), SUSE (kdelibs4 and rpcbind), and Ubuntu (jasper and openjdk-7).
[$] The trouble with SMC-R
Among the many features merged for the 4.11
kernel was the "shared memory communications over RDMA" (SMC-R)
protocol from IBM. SMC-R is a
high-speed data-center communications protocol that is claimed to be much
more efficient than basic TCP sockets. As it turns
out, though, the merging of this code was a surprise — and an unpleasant
one at that — to a relevant segment of the kernel development community.
This issue and the difficulties in resolving it are an indicator of how the
increasingly fast-paced kernel development community can go off track.
Security updates for Thursday
Security updates have been issued by Debian (shadow), Fedora (rpcbind), Gentoo (gst-plugins-bad and tomcat), Red Hat (ansible and openshift-ansible, openstack-heat, and Red Hat OpenStack Platform director), and Ubuntu (bash, FreeType, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, and linux-lts-xenial).
[$] LWN.net Weekly Edition for May 18, 2017
The LWN.net Weekly Edition for May 18, 2017 is available.
What’s New in Android: O Developer Preview 2
The Android Developers blog looks
at the latest Android O Developer Preview, which is now in public
beta. The developer preview also contains an early version of a project
called Android Go which is built specifically for Android devices that have
1GB or less of memory.
[$] Restricting pathname resolution with AT_NO_JUMPS
On April 29, Al Viro posted a
patch on the linux-api mailing list adding a new flag to be used in
conjunction with the ...at() family of system calls. The flag is for
containing pathname resolution to the same filesystem and subtree as
the given starting point. This is a useful feature to have for
implementing file I/O in programs that accept pathnames as untrusted user
input. The ensuing discussion made it clear that there were multiple use
cases for such a feature, especially if the granularity of its restrictions
could be increased.
[$] IPv6 segment routing
In November 2016, a new networking feature, IPv6 segment routing (also known as "IPv6 SR" or "SRv6"), was merged into net-next and subsequently included in Linux 4.10. In this article, we explain this new feature, describe key elements of its implementation, and present a few performance measurements.
[$] Vulnerability hoarding and Wcry
A virulent ransomware worm attacked a wide swath of Windows
machines worldwide in mid-May. The malware, known as Wcry, Wanna, or
WannaCry, infected a number of systems at high-profile organizations as
well as striking at critical pieces of the infrastructure—like hospitals, banks,
and train stations. While the threat seems to have largely abated—for
now—the origin of some of its code, which is apparently the US National Security
Agency (NSA), should give one pause.
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Android Leftovers
| today's howtos
|
LinuxAndUbuntu Distro Review Of The Week - Deepin OS
Depth/Deepin OS is not just another Linux Distro, but one with something new to show. Deepin OS is simply speaking, just beautiful. Deepin OS, formerly known as Deepin, Linux Deepin, and Hiweed GNU/Linux is a Linux distro with an identity crisis. Seriously, this distro has undergone name changes you always have to check twice if the name is still the same. And that is all the negative you are going to say about this distro. Honestly speaking, Deepin OS is surely going to blow you away. I have been keeping an eye on this distro since 2013 and it still manages to impress me.
| KDE Leftovers: digikam, KDevelop, Kate, GSoC, and Akademy
|
Content (where original) is available under CC-BY-SA, copyrighted by original author/s.
Recent comments
1 week 5 days ago
1 week 6 days ago
3 weeks 4 hours ago
3 weeks 1 day ago
3 weeks 1 day ago
6 weeks 5 days ago
6 weeks 5 days ago
9 weeks 19 hours ago
9 weeks 3 days ago
10 weeks 6 days ago