Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 59 min 25 sec ago

Security updates for Monday

Monday 13th of August 2018 02:49:44 PM
Security updates have been issued by Debian (blender, openjdk-8, postgresql-9.6, and sam2p), Fedora (libmspack, mingw-glib2, mingw-glibmm24, and rsyslog), Mageia (blender, glpi, godot, kernel, lftp, libjpeg, libsndfile, libsoup, mariadb, mp3gain, openvpn, and soundtouch), openSUSE (cgit, libvirt, mailman, NetworkManager-vpnc, and sddm), Slackware (bind), and SUSE (ffmpeg, glibc, and libvirt).

The 4.18 kernel is out

Sunday 12th of August 2018 09:11:05 PM
Linus has released the 4.18 kernel. "It was a very calm week, and arguably I could just have released on schedule last week, but we did have some minor updates." Some of the significant features in this release include unprivileged filesystem mounts, restartable sequences, a new zero-copy TCP receive API, support for active state management for power domains, the AF_XDP mechanism for high-performance networking, the core bpfilter packet filter implementation, and more. See the KernelNewbies 4.18 page for more details.

[$] The mismatched mount mess

Friday 10th of August 2018 11:26:54 PM
"Mounting" a filesystem is the act of making it available somewhere in the system's directory hierarchy. But a mount operation doesn't just glue a device full of files into a specific spot in the tree; there is a whole set of parameters controlling how that filesystem is accessed that can be specified at mount time. The handling of these mount parameters is the latest obstacle to getting the proposed new mounting API into the mainline; should the new API reproduce what is arguably one of the biggest misfeatures of the current mount() system call?

Security updates for Friday

Friday 10th of August 2018 02:41:58 PM
Security updates have been issued by CentOS (java-1.7.0-openjdk, openslp, and yum-utils), Fedora (exiv2, kernel-headers, kernel-tools, libgit2, and thunderbird-enigmail), openSUSE (blueman, cups, gdk-pixbuf, libcdio, libraw, libsoup, libtirpc, mysql-community-server, polkit, python-mitmproxy, sssd, virtualbox, and webkit2gtk3), Oracle (kernel), Red Hat (cobbler), SUSE (ceph, firefox, NetworkManager-vpnc, openssh, and wireshark), and Ubuntu (openjdk-7 and openjdk-8).

bzip.org changes hands

Thursday 9th of August 2018 09:15:16 PM
The bzip2 compression algorithm has been slowly falling out of favor, but is still used heavily across the net. A search for "bzip2 source" returns bzip.org as the first three results. But it would seem that the owner of this domain has let it go, and it is now parked and running ads. So we no longer have an official home for bzip2. If a new repository or tarball does turn up at that domain, it should be looked at closely before being trusted. (Thanks to Jason Kushmaul).

Five new stable kernels

Thursday 9th of August 2018 02:20:30 PM
Greg Kroah-Hartman has released the 4.17.14, 4.14.62, 4.9.119, 4.4.147, and 3.18.118 stable kernels. There are important fixes in each and users should upgrade.

Security updates for Thursday

Thursday 9th of August 2018 01:54:46 PM
Security updates have been issued by Arch Linux (kernel, linux-hardened, linux-lts, and linux-zen), Debian (kamailio and wpa), Fedora (kernel-headers, kernel-tools, moodle, and vim-syntastic), and openSUSE (clamav, enigmail, and java-11-openjdk).

LWN.net Weekly Edition for August 9, 2018

Thursday 9th of August 2018 12:18:20 AM
The LWN.net Weekly Edition for August 9, 2018 is available.

[$] Reconsidering Speck

Wednesday 8th of August 2018 05:50:00 PM

The Speck cipher is geared toward good performance in software, which makes it attractive for smaller, often embedded, systems with underpowered CPUs that lack hardware crypto acceleration. But it also comes from the US National Security Agency (NSA), which worries lots of people outside the US—and, in truth, a fair number of US citizens as well. The NSA has earned a reputation for promulgating various types of cryptographic algorithms with dubious properties. While the technical arguments against Speck, which is a fairly simple and straightforward algorithm with little room for backdoors, have not been all that compelling, the political arguments are potent—to the point where it is being dropped by the main proponent for including it in the kernel.

[$] Scheduler utilization clamping

Wednesday 8th of August 2018 03:31:56 PM
Once upon a time, the only way to control how the kernel's CPU scheduler treated any given process was to adjust that process's priority. Priorities are no longer enough to fully control CPU scheduling, though, especially when power-management concerns are taken into account. The utilization clamping patch set from Patrick Bellasi is the latest in a series of attempts to allow user space to tell the scheduler more about any specific process's needs.

Security updates for Wednesday

Wednesday 8th of August 2018 02:44:54 PM
Security updates have been issued by Debian (slurm-llnl), Fedora (libmspack), openSUSE (cups, kernel, kernel-firmware, libcgroup, and ovmf), Oracle (kernel), and SUSE (cups, enigmail, libcdio, and pidgin).

[$] Diverse technical topics from OSCON 2018

Tuesday 7th of August 2018 05:40:09 PM

The O'Reilly Open Source Conference (OSCON) returned to Portland, Oregon in July for its 20th meeting. Previously, we covered some retrospectives and community-management talks that were a big part of the conference. Of course, OSCON is also a technology conference, and there were lots of talks on various open-source software platforms and tools.

Subscribers can read on for the second part of an OSCON report by guest author Josh Berkus.

Security updates for Tuesday

Tuesday 7th of August 2018 03:11:19 PM
Security updates have been issued by Debian (kernel), Fedora (ceph, exiv2, myrepos, and seamonkey), openSUSE (libofx and znc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (clamav, kernel, and rubygem-sprockets-2_12), and Ubuntu (gnupg, lftp, libxcursor, linux-hwe, linux-azure, linux-gcp, linux-raspi2, and lxc).

[$] Using AI on patents

Tuesday 7th of August 2018 01:52:15 PM

Software patents account for more than half of all utility patents granted in the US over the past few years. Clearly, many companies see these patents as a way to fortune and growth, even while software patents are hated by many people working in the free and open-source movements. The field of patenting has now joined the onward march of artificial intelligence. This was the topic of a talk at OSCON 2018 by Van Lindberg, an intellectual-property lawyer, board member and general counsel for the Python Software Foundation, and author of the book Intellectual Property and Open Source. The disruption presented by deep learning ranges from modest enhancements that have already been exploited—making searches for prior art easier—to harbingers of automatic patent generation in the future.

[$] WireGuarding the mainline

Monday 6th of August 2018 11:37:48 PM
The WireGuard VPN tunnel has been under development — and attracting attention — for a few years now; LWN ran a review of it in March. While WireGuard can be found in a number of distribution repositories, it is not yet shipped with the mainline kernel because its author, Jason Donenfeld, hasn't gotten around to proposing it for upstreaming. That changed on on July 31, when Donenfeld posted WireGuard for review. Getting WireGuard itself into the mainline would probably not be all that hard; merging some of the support code it depends on could be another story, though.

Google finalizes Android P as Android 9 “Pie,” launching today (ars technica)

Monday 6th of August 2018 07:54:43 PM
Ars technica covers the release of Android 9 "Pie". "Android Pie is a major update for Android. Large chunks of the OS get a UI makeover in line with Google's updated Material Design guidelines. There is an all-new notification panel, a reworked recent-apps screen, new settings, and tons of system UI changes. There's support for devices with notched displays (like the iPhone X) and a gesture navigation system (also like the iPhone X). So far, battery life on the preview builds has been great, with improvements like the AI-powered adaptive battery system, a new auto-brightness algorithm, and changes to CPU background processing."

Thunderbird 60 released

Monday 6th of August 2018 07:47:13 PM
Version 60 of the Thunderbird email client has been released. "This version of Thunderbird is packed full of great new features, fixes, and changes that improve the user experience and make for a worthwhile upgrade." There are improvements in calendar management and the handling of attachments, among other things; see the release notes for details.

Stable kernel updates

Monday 6th of August 2018 03:21:25 PM
Greg Kroah-Hartman has released stable kernels 4.17.13, 4.14.61, 4.9.118, and 4.4.146. They all contain important fixes and users of those series should upgrade.

Security updates for Monday

Monday 6th of August 2018 03:14:33 PM
Security updates have been issued by Arch Linux (cgit, python-django, and python2-django), Debian (ant, cgit, libmspack, python-django, symfony, vim-syntastic, and xml-security-c), Fedora (kernel-headers, libao, libvorbis, mingw-gdal, mingw-xerces-c, and python-XStatic-jquery-ui), openSUSE (bouncycastle, java-10-openjdk, libgcrypt, libsndfile, mutt, nautilus, ovmf, python-dulwich, rpm, util-linux, wireshark, and xen), Oracle (kernel), Red Hat (kernel, openslp, rhvm-setup-plugins, and xmlrpc), and SUSE (glibc, kernel-firmware, libsoup, openssl, and yast2-ftp-server).

Hughes: Please welcome Lenovo to the LVFS

Monday 6th of August 2018 01:23:38 PM
Richard Hughes announces that the Linux Vendor Firmware Service will start distributing firmware updates for Lenovo systems. "Obviously, this is a big deal. Tens of thousands of people are likely to be offered a firmware update in the next few weeks, and hundreds of thousands over the next few months."

More in Tux Machines

Steam and Wine in Steam Play

  • Steam for Linux now lets you play (some) Windows games on Linux
    Valve’s Steam game platform supports Windows, Mac, and Linux. But up until recently it was up to developers to decide which operating systems to support… and the vast majority are Windows-only, followed by a smaller number of apps that support macOS and around 3 thousand that support Linux. But now the number of Steam games available to Linux users is a little longer… not because developers have ported their games to support the operating system, but because Valve has launched a new version of Steam Play that makes is possible to play some Windows games on Linux computers.
  • Steam Can Now Run Some Major VR Apps Without Microsoft Windows
    Valve released an update for Steam on Linux that should allow some of the most popular VR games to run on VR-ready computers without Microsoft Windows installed. The new feature could hold enormous potential for Valve to support next generation standalone VR headsets based on Linux or SteamOS. In the near-term, the feature could also lower the cost for some early adopters who want to enjoy top tier games like Doom VFR, Google Earth VR and Beat Saber but don’t feel like shelling out the cost for a Windows 10 license alongside their shiny new VR-ready PC. It might also have an effect on VR arcades which could bypass the cost of Microsoft’s operating system. The new feature is described as follows: “Windows games with no Linux version currently available can now be installed and run directly from the Linux Steam client, complete with native Steamworks and OpenVR support.”
  • Valve makes Windows games playable on Linux with Steam Play update
    Heads up developers, if your players have been asking for a Linux-compatable version of your game, Valve's announced that delivering that version should be much easier going forward. In a post on the Steam community forums, Valve representative Pierre-Loup Griffais announced that Valve is releasing a new version of Steam play that includes a new feature for Linux users. Using an improved version of the compatibility software Wine known as Proton, Griffais states that Linux users can now play games on Steam that are meant to run on Windows.
  • Steam gets built-in tools to let you run Windows games on Linux – now available in beta
    Valve’s name for its cross-platform initiative – is getting a major update, with built-in tools allowing you to run Windows games on Linux. We saw the first hints of the feature last week, and today Valve has confirmed it. It’s available right now in beta, so if you want to test the compatibility features on your own Linux install you don’t have to wait.
  • Steam adds Proton, making Windows games playable on Linux (at least in theory)
    Last week we wrote about Valve potentially folding support for a WINE-style compatibility wrapper into Steam, allowing Linux machines to play Windows games with minimal hiccups. Now it’s a reality. Valve’s Pierre-Loup Griffais made the announcement on the “Steam for Linux” group today. The forum post is long and very detailed, and if you’re personally invested in Linux gaming it’s probably worth a read.
  • Steam Play beta lets Linux gamers play some Windows-only titles
    There were whispers about it just last week but now it’s totally official. Steam Play, which was originally intended as a single-purchase system for buying games that run on Windows, Mac, and Linux, is taking cross-platform compatibility to the next level. Yes, Valve is now testing running Windows games on Steam on Linux. And, much to the satisfaction of Linux and open source advocates, it’s doing it the right way by building on and supporting initiatives that will benefit not just Steam but the entire Linux ecosystem as well.

Security: X.Org Server, USBHarpoon, Kubernetes Penetration Testing

  • Three New Security Advisories Hit X.Org's X11 Library
    It's been a while since last having any big security bulletins for the X.Org Server even though some of the code-base dates back decades and security researchers have said the security is even worse than it looks and numerous advisories have come up in recent years. But it's not because X11 is bug-free as today three more security bulletins were made public affecting libX11. Today's security advisory pertains to three different functions in libX11 that are affected by different issues. The security issues come down to off-by-one writes, a potential out of boundary write, and a crash on invalid reply.
  • USBHarpoon: How “Innocent” USB Cables Can Be Manipulated To Inject Malware
    Back in 2014 Black Hat Conference, crypto specialists Karsten Nohl and Jakob Lell introduced the concept of BadUSB — a USB security flaw which allows attackers to turn a USB into a keyboard which can be used to type in commands. Now, a researcher from SYON Security has managed to build a modified USB charging cable that will enable hackers to transfer malware on your PC without you even noticing it. Behind the hood is the BadUSB vulnerability. [...] While BadUSB is gradually climbing the ladder towards the mainstream cyber attacks, people are also coming up with the corresponding firewalls to tackle the new age attacks.
  • Open Source 'Kube-Hunter' Does Kubernetes Penetration Testing
    Aqua Security released the open source kube-hunter tool for penetration testing of Kubernetes clusters, used for container orchestration. "You give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues -- it's like automated penetration testing," the company said in an Aug. 15 blog post. The tool -- with source code available on GitHub -- is also packaged by the company in a containerized version, which works with the company's kube-hunter Web site where test results can be seen and shared.

Linux-Friendly Hardware From Tranquil PC and Aaeon

  • Rugged, Linux-ready mini-PC showcases Ryzen V1000
    Tranquil PC open pre-orders on a fanless, barebones “Mini Multi Display PC” mini-PC with AMD’s Ryzen Embedded V1000 SoC, 4x simultaneous 4K DisplayPort displays, 2x GbE, and up to 32GB DDR4 and 1TB storage. Manchester, UK based Tranquil PC has launched the first mini-PC based on the AMD Ryzen Embedded V1000. The Mini Multi Display PC is named for the Ryzen V1000’s ability to simultaneously drive four 4K displays, a feature supported here with 4x DisplayPorts. The NUC-like, aluminum frame system is moderately rugged, with 0 to 40°C support and IP50 protection.
  • Apollo Lake Pico-ITX SBC has dual GbE ports and plenty of options
    Aaeon’s Apollo Lake powered “PICO-APL4” SBC offers a pair each of GbE, USB 3.0, and M.2 connections plus HDMI, SATA III, and up to 64GB eMMC. Aaeon has spun another Pico-ITX form-factor SBC featuring Intel Apollo Lake processors, following the PICO-APL3 and earlier PICO-APL1. Unlike those SBCs, the new PICO-APL4 has dual Gigabit Ethernet ports, among other minor changes.

State Certifies LA County’s New Open-Source Vote Tally System

Los Angeles County’s open-source vote tally system was certified by the secretary of state Tuesday, clearing the way for redesigned vote-by-mail ballots to be used in the November election. “With security on the minds of elections officials and the public, open-source technology has the potential to further modernize election administration, security and transparency,” Secretary of State Alex Padilla said. “Los Angeles County’s VSAP vote tally system is now California’s first certified election system to use open-source technology. This publicly-owned technology represents a significant step in the future of elections in California and across the country.” The system — dubbed Voting Solutions for All People (VSAP) Tally Version 1.0 — went through rigorous security testing by staffers working with the secretary of state as well as an independent test lab, according to county and state officials. Read more