Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 22 min 28 sec ago

[$] Notes from the LPC scheduler microconference

Monday 18th of September 2017 11:11:04 PM
The scheduler workloads microconference at the 2017 Linux Plumbers Conference covered several aspects of the kernel's CPU scheduler. While workloads were on the agenda, so were a rework of the realtime scheduler's push/pull mechanism, a distinctly different approach to multi-core scheduling, and the use of tracing for workload simulation and analysis. As the following summary shows, CPU scheduling has not yet reached a point where all of the important questions have been answered.

EME is now a W3C recommendation

Monday 18th of September 2017 09:04:13 PM
The World Wide Web Consortium has put out a press release trumpeting its publication of the "Encrypted Media Extensions" as an official recommendation and enshrining DRM into what was previously a standard for open communication. See the EFF's open letter for a less rosy view of this development. "Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. They give media companies the power to sue or intimidate away those who might re-purpose video for people with disabilities. They side against the archivists who are scrambling to preserve the public record of our era. The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they’ll be able to ensure no one ever subjects them to the same innovative pressures."

Robinson: The state of open source accelerated graphics on ARM devices

Monday 18th of September 2017 07:20:50 PM
Peter Robinson looks at the state of open source accelerated graphics on ARM devices. "Despite the two bad examples above there’s actually been a lot of good change in the last five years. We now have a number of options for fully accelerated 2D/3D graphics on ARM SoCs and I run GNOME Shell on Wayland, yes the full open source shiny, on a number of different devices regularly."

Security updates for Monday

Monday 18th of September 2017 03:36:04 PM
Security updates have been issued by Arch Linux (ffmpeg, lib32-libgcrypt, libgcrypt, linux-zen, and newsbeuter), Debian (emacs25, freexl, and tomcat8), Fedora (cyrus-imapd, FlightGear, freexl, gdm, kernel, LibRaw, ruby, and xen), Gentoo (binutils, chkrootkit, curl, gdk-pixbuf, gimps, git, kpathsea, mod_gnutls, perl, squirrelmail, subversion, supervisor, and webkit-gtk), Mageia (389-ds-base, kernel, kernel-linus, kernel-tmb, and mpg123), openSUSE (ffmpeg, ffmpeg2, qemu, and xen), Slackware (kernel), SUSE (xen), and Ubuntu (gdk-pixbuf).

[$] The rest of the 4.14 merge window

Sunday 17th of September 2017 10:36:43 PM
As is sometimes his way, Linus Torvalds released 4.14-rc1 and closed the merge window one day earlier than some might have expected. By the time, though, 11,556 non-merge changesets had found their way into the mainline repository, so there is no shortage of material for this release. Around 3,500 of those changes were pulled after the previous 4.14 merge-window summary; read on for an overview of what was in that last set.

Kernel prepatch 4.14-rc1

Sunday 17th of September 2017 04:23:28 PM
The 4.14-rc1 kernel prepatch is out, and the merge window is closed for this development cycle. "Yes, I realize this is a day early, and yes, I realize that if I had waited until tomorrow, I would also have hit the 26th anniversary of the Linux-0.01 release, but neither of those undeniable facts made me want to wait with closing the merge window." In the end, 11,556 non-merge changesets were pulled into the mainline for this release.

[$] Building an ARM64 laptop

Friday 15th of September 2017 11:19:52 PM
Processors based on the 64-bit ARM architecture have been finding their way into various types of systems, including mobile handsets and servers. There is a distinct gap in the middle of the range, though: there are no ARM64 laptops. Bernhard Rosenkränzer and a group of colleagues set out to change that situation by building such a laptop from available components. He showed up at the 2017 Open Source Summit North America to present the result.

Malicious software libraries found in PyPI

Friday 15th of September 2017 10:04:58 PM
An advisory from the National Security Authority of Slovakia warns that they have found fake packages in PyPI, posing as well known libraries. "Copies of several well known Python packages were published under slightly modified names in the official Python package repository PyPI (prominent example includes urllib vs. urrlib3, bzip vs. bzip2, etc.). These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code." The administrators of PyPI were informed and the fake packages are gone now, however they were available from June 2017 to September 2017. (Thanks to Paul Wise)

Security updates for Friday

Friday 15th of September 2017 02:50:39 PM
Security updates have been issued by Arch Linux (flashplugin, kernel, lib32-flashplugin, and linux-lts), CentOS (postgresql), Debian (tcpdump and wordpress-shibboleth), Fedora (lightdm, python-django, and tomcat), Mageia (flash-player-plugin and libsndfile), openSUSE (chromium, cvs, kernel, and libreoffice), Oracle (postgresql), and Ubuntu (libgcrypt20 and thunderbird).

Purism and KDE to work together on free smartphone

Thursday 14th of September 2017 04:55:50 PM
Purism and KDE are working together to adapt Plasma Mobile to Purism's Librem 5 smartphone. "The shared vision of freedom, openness and personal control for end users has brought KDE and Purism together in a common venture. Both organisations agree that cooperating will help bring a truly free and open source smartphone to the market. KDE and Purism will work together to make this happen."

A pile of stable kernel updates

Thursday 14th of September 2017 04:22:42 PM
The stable-kernel update train continues with the release of 4.13.2, 4.12.13, 4.9.50, 4.4.88, and 3.18.71. Among other things, these updates contain the fix for the recently disclosed Bluetooth vulnerability.

Security updates for Thursday

Thursday 14th of September 2017 03:24:25 PM
Security updates have been issued by Arch Linux (tcpdump), CentOS (bluez and kernel), Debian (wordpress-shibboleth), Fedora (augeas, bluez, emacs, and libwmf), Oracle (kernel), Red Hat (instack-undercloud, kernel, openvswitch, and postgresql), Scientific Linux (postgresql), SUSE (kernel and xen), and Ubuntu (tcpdump).

Verified cryptography for Firefox 57

Thursday 14th of September 2017 02:03:57 PM
The Mozilla Security Blog announces that Firefox 57 will benefit from the addition of a formally verified crypto package. "The first result of this collaboration, an implementation of the Curve25519 key establishment algorithm (RFC7748), has just landed in Firefox Nightly. Curve25519 is widely used for key-exchange in TLS, and was recently standardized by the IETF. As an additional bonus, besides being formally verified, the HACL* Curve25519 implementation is also almost 20% faster on 64 bit platforms than the existing NSS implementation (19500 scalar multiplications per second instead of 15100) which represents an improvement in both security and performance to our users."

[$] LWN.net Weekly Edition for September 14, 2017

Thursday 14th of September 2017 01:06:00 AM
The LWN.net Weekly Edition for September 14, 2017 is available.

[$] Antipatterns in IoT security

Wednesday 13th of September 2017 11:12:04 PM

Security for Internet of Things (IoT) devices is something of a hot topic over the last year or more. Marti Bolivar presented an overview of some of the antipatterns that are leading to the lack of security for these devices at a session at the 2017 Open Source Summit North America in Los Angeles. He also had some specific recommendations for IoT developers on how to think about these problems and where to turn for help in making security a part of the normal development process.

FSFE: Public Money? Public Code!

Wednesday 13th of September 2017 08:36:59 PM
The Free Software Foundation Europe has joined several organizations in publishing an open letter urging lawmakers to advance legislation requiring publicly financed software developed for the public sector be made available under a Free and Open Source Software license. "The initial signatories include CCC, EDRi, Free Software Foundation Europe, KDE, Open Knowledge Foundation Germany, openSUSE, Open Source Business Alliance, Open Source Initiative, The Document Foundation, Wikimedia Deutschland, as well as several others; they ask individuals and other organisation to sign the open letter. The open letter will be sent to candidates for the German Parliament election and, during the coming months, until the 2019 EU parliament elections, to other representatives of the EU and EU member states."

GNOME 3.26 released

Wednesday 13th of September 2017 04:44:38 PM
The GNOME Project has announced the release of GNOME 3.26 "Manchester". "This release brings refinements to the system search, animations for maximizing and unmaximizing windows and support for color Emoji. Improvements to core GNOME applications include a redesigned Settings application, a new display settings panel, Firefox sync in the Web browser, and many more." There are openSUSE nightly live images that include GNOME 3.26.

[$] Signing programs for Linux

Wednesday 13th of September 2017 04:05:35 PM

At his 2017 Open Source Summit North America talk, Matthew Garrett looked at the state of cryptographic signing and verification of programs for Linux. Allowing policies that would restrict Linux from executing programs that are not signed would provide a measure of security for those systems, but there is work to be done to get there. Garrett started by talking about "binaries", but programs come in other forms (e.g. scripts) so any solution must look beyond simply binary executables.

Security updates for Wednesday

Wednesday 13th of September 2017 03:52:52 PM
Security updates have been issued by Arch Linux (bluez and linux-hardened), CentOS (bluez and kernel), Debian (bluez, emacs24, tcpdump, and xen), Fedora (kernel and mimedefang), Oracle (bluez and kernel), Red Hat (bluez, flash-plugin, instack-undercloud, kernel, kernel-rt, and openvswitch), Scientific Linux (bluez and kernel), Slackware (emacs and libzip), SUSE (xen), and Ubuntu (bluez and qemu).

[$] Running Android on a mainline graphics stack

Tuesday 12th of September 2017 09:45:28 PM
The Android system may be based on the Linux kernel, but its developers have famously gone their own way for many other parts of the system. That includes the graphics subsystem, which avoids user-space components like X or Wayland and has special (often binary-only) kernel drivers as well. But that picture may be about to change. As Robert Foss described in his Open Source Summit North America presentation, running Android on the mainline graphics subsystem is becoming possible and brings a number of potential benefits.

More in Tux Machines

Packet radio lives on through open source software

Packet radio is an amateur radio technology from the early 1980s that sends data between computers. Linux has natively supported the packet radio protocol, more formally known as AX.25, since 1993. Despite its age, amateur radio operators continue to use and develop packet radio today. A Linux packet station can be used for mail, chat, and TCP/IP. It also has some unique capabilities, such as tracking the positions of nearby stations or sending short messages via the International Space Station (ISS). Read more

Linux 4.14-rc2

I'm back to my usual Sunday release schedule, and rc2 is out there in all the normal places. This was a fairly usual rc2, with a very quiet beginning of the week, and then most changes came in on Friday afternoon and Saturday (with the last few ones showing up Sunday morning). Normally I tend to dislike how that pushes most of my work into the weekend, but this time I took advantage of it, spending the quiet part of last week diving instead. Anyway, the only unusual thing worth noting here is that the security subsystem pull request that came in during the merge window got rejected due to problems, and so rc2 ends up with most of that security pull having been merged in independent pieces instead. Read more Also: Linux 4.14-rc2 Kernel Released

Manjaro Linux Phasing out i686 (32bit) Support

In a not very surprising move by the Manjaro Linux developers, a blog post was made by Philip, the Lead Developer of the popular distribution based off Arch Linux, On Sept. 23 that reveals that 32-bit support will be phased out. In his announcement, Philip says, “Due to the decreasing popularity of i686 among the developers and the community, we have decided to phase out the support of this architecture. The decision means that v17.0.3 ISO will be the last that allows to install 32 bit Manjaro Linux. September and October will be our deprecation period, during which i686 will be still receiving upgraded packages. Starting from November 2017, packaging will no longer require that from maintainers, effectively making i686 unsupported.” Read more

Korora 26 'Bloat' Fedora-based Linux distro available for download -- now 64-bit only

Fedora is my favorite Linux distribution, but I don't always use it. Sometimes I opt for an operating system that is based on it depending on my needs at the moment. Called "Korora," it adds tweaks, repositories, codecs, and packages that aren't found in the normal Fedora operating system. As a result, Korora deviates from Red Hat's strict FOSS focus -- one of the most endearing things about Fedora. While you can add all of these things to Fedora manually, Korora can save you time by doing the work for you. Read more