Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 24 min 6 sec ago

Security updates for Wednesday

Wednesday 9th of September 2020 02:51:55 PM
Security updates have been issued by Debian (grunt), Fedora (ansible and geary), openSUSE (firefox, gettext-runtime, python-Flask-Cors, and thunderbird), Oracle (firefox and thunderbird), Red Hat (.NET Core 3.1), SUSE (kernel and libjpeg-turbo), and Ubuntu (gnutls28 and libx11).

Android 11 released

Tuesday 8th of September 2020 09:37:04 PM
Android 11 has been released with the source pushed to the Android Open Source Project (AOSP). "For developers, Android 11 has a ton of new capabilities. You’ll want to check out conversation notifications, device and media controls, one-time permissions, enhanced 5G support, IME transitions, and so much more. To help you work and develop faster, we also added new tools like compatibility toggles, ADB incremental installs, app exit reasons API, data access auditing API, Kotlin nullability annotations, and many others."

Rosenzweig: Fun and Games with Exposure Notifications

Tuesday 8th of September 2020 05:31:13 PM
Alyssa Rosenzweig looks at getting the Exposure Notifications System protocol, developed by Apple and Google for facilitating COVID-19 contact tracing on Android and iOS phones, running on GNU/Linux. "All in all, we end up with a Linux implementation of Exposure Notifications functional in Ontario, Canada. What’s next? Perhaps supporting contact tracing systems elsewhere in the world – patches welcome." The source code for liben is available "for any one who dares go near".

GStreamer 1.18.0 released

Tuesday 8th of September 2020 04:38:48 PM
The GStreamer team has announced a major feature release of GStreamer. "The 1.18 release series adds new features on top of the previous 1.16 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework." There is a lengthy list of highlights in the announcement and more details in the release notes.

[$] Conventions for extensible system calls

Tuesday 8th of September 2020 02:50:16 PM
The kernel does not have just one system call to rename a file; instead, there are three of them: rename(), renameat(), and renameat2(). Each was added when the previous one proved unable to support a new feature. A similar story has played out with a number of system calls: a feature is needed that doesn't fit into the existing interfaces, so a new one is created — again. At the 2020 Linux Plumbers Conference, Christian Brauner and Aleksa Sarai ran a pair of sessions focused on the creation of future-proof system calls that can be extended when the need for new features arises.

Security updates for Tuesday

Tuesday 8th of September 2020 02:43:21 PM
Security updates have been issued by Debian (imagemagick, lemonldap-ng, and zeromq3), Fedora (ark, cryptsetup, gnutls, kernel, kernel-headers, and kernel-tools), openSUSE (firefox, kernel, and thunderbird), Red Hat (cloud-init, go-toolset:rhel8, libcroco, librepo, php:7.3, postgresql:10, and thunderbird), SUSE (firefox and go1.14), and Ubuntu (linux, linux-aws, linux-aws-5.3, linux-aws-5.4, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke-4.15, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-hwe-5.4, linux-kvm, linux-oem, linux-oem-osp1, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-raspi2, linux-raspi2-5.3, linux-snapdragon and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).

[$] MagicMirror: a versatile home information hub

Monday 7th of September 2020 08:07:29 PM
Back in 2014, a Raspberry Pi enthusiast by the name of Michael Teeuw shared his build of a "magic mirror" with the world in a six-part series. The system consisted of a Raspberry Pi and monitor running a web browser in kiosk mode, with a web server that provided a dashboard interface — all stored in a custom-built case with a one-way mirror. Since his post, others around the world have built these devices for their home (including myself), forming both a community and an interesting open-source project. The recent release of MagicMirror2 (MM2) version 2.12.0 gives us an opportunity to learn more about where the project started and where it is today.

Security updates for Monday

Monday 7th of September 2020 02:28:32 PM
Security updates have been issued by Debian (ark, netty, netty-3.9, qemu, squid3, and xorg-server), Fedora (chromium), Gentoo (dovecot and gnutls), Mageia (ansible, postgresql, and python-rsa), openSUSE (curl, freerdp, libX11, php7, squid, and xorg-x11-server), Oracle (kernel), Red Hat (thunderbird), Slackware (gnutls), and SUSE (firefox, kernel, and thunderbird).

Kernel prepatch 5.9-rc4

Monday 7th of September 2020 12:45:13 AM
The 5.9-rc4 kernel prepatch is out for testing. "So I certainly can't claim that things have calmed down, but hopefully this was pretty much it. Knock wood."

A pair of weekend stable kernels

Saturday 5th of September 2020 10:53:44 PM
The 5.8.7 and 5.4.63 stable kernels are out with a relatively small number of important fixes.

FSF: Free Software Award nominations sought

Friday 4th of September 2020 09:23:33 PM
The Free Software Foundation (FSF) has announced that nominations are open, until October 28, for the Free Software Awards. Winners will be announced at the annual LibrePlanet conference. "You might know of a contributor or organization who has done significant and user-empowering work on free software. We invite you to take a moment to show them (and tell us) that you care, by nominating them for an award in one of three categories: the Award for the Advancement of Free Software, the Award for Projects of Social Benefit, or the Award for Outstanding New Free Software Contributor. Don't assume that someone else will nominate them -- too often, everyone assuming someone else will express the appreciation means that it never happens. As taking initiative and speaking up for the community are important parts of free software, why not take the time yourself to make sure your voice is heard?"

Linux from Scratch version 10.0 released

Friday 4th of September 2020 08:00:35 PM
On September 1, the Linux From Scratch (LFS) project announced the release of version 10.0 of LFS along with Beyond Linux From Scratch (BLFS). LFS is "a project that provides you with step-by-step instructions for building your own customized Linux system entirely from source"; BLFS picks up where LFS leaves off. Both books are available online either with or without systemd: LFS System V, LFS systemd, BLFS System V, and BLFS systemd. "The LFS release includes updates to glibc-2.31, and binutils-2.34. A total of 35 packages have been updated. A new package, zstd-1.4.4, has also been added. Changes to text have been made throughout the book. The Linux kernel has also been updated to version 5.5.3. The BLFS version includes approximately 1000 packages beyond the base Linux From Scratch Version 9.1 book. This release has over 840 updates from the previous version in addition to numerous text and formatting changes."

[$] Notes from an online free-software conference

Friday 4th of September 2020 02:07:26 PM
The 2020 Linux Plumbers Conference (LPC) was meant to be held in Halifax, Nova Scotia, Canada at the end of August. As it happens, your editor was on the organizing committee for that event and thus got a close view of what happens when one's hopes for discussing memory-management changes on the Canadian eastern seaboard become one of the many casualties of an ongoing pandemic. Transforming LPC into a successful online experience was a lot of work, but the results more than justified the effort. Read on for some notes and thoughts from the experience of making LPC happen in 2020.

Security updates for Friday

Friday 4th of September 2020 01:45:42 PM
Security updates have been issued by Fedora (curl, dovecot, geary, httpd, lua, mysql-connector-java, and squid), Mageia (lua and lua5.3, sane, and squid), Oracle (dovecot), Scientific Linux (dovecot), SUSE (java-1_7_1-ibm, kernel, php5, and xorg-x11-server), and Ubuntu (firefox).

Bottomley: Lessons from the GNOME Patent Troll Incident

Thursday 3rd of September 2020 06:55:51 PM
James Bottomley got a copy of the patent-suit settlement between the GNOME Foundation and Leigh Rothschild and has posted an analysis. "Although the agreement achieves its aim, to rid all of Open Source of the Rothschild menace, it also contains several clauses which are suboptimal, but which had to be included to get a speedy resolution. In particular, Clause 10 forbids the GNOME foundation or its affiliates from publishing the agreement, which has caused much angst in open source circles about how watertight the agreement actually was. Secondly Clause 11 prohibits GNOME or its affiliates from pursuing any further invalidity challenges to any Rothschild patents leaving Rothschild free to pursue any non open source targets. Fortunately the effect of clause 10 is now mitigated by me publishing the agreement and the effect of clause 11 by the fact that the Open Invention Network is now pursuing IPR invalidity actions against the Rothschild patents."

GnuPG 2.2.23 released, fixing a critical security flaw

Thursday 3rd of September 2020 05:05:31 PM
GNU Privacy Guard (GnuPG or GPG) has released version 2.2.23 to fix a critical security bug affecting GnuPG 2.2.21 and 2.2.22, as well as Gpg4win 3.1.12. "Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour. Importing an arbitrary key can often easily be triggered by an attacker and thus triggering this bug. Exploiting the bug aside from crashes is not trivial but likely possible for a dedicated attacker. The major hurdle for an attacker is that only every second byte is under their control with every first byte having a fixed value of 0x04. Software distribution verification should not be affected by this bug because such a system uses a curated list of keys."

[$] Profile-guided optimization for the kernel

Thursday 3rd of September 2020 02:34:24 PM
One of the many unfortunate consequences of the Covid-19 pandemic was the cancellation of the 2020 GNU Tools Cauldron. That loss turned out to be a gain for the Linux Plumbers Conference, which was able to add a GNU Tools track to host many of the discussions that would have otherwise occurred at Cauldron. In that track, Ian Bearman presented his group's work using profile-guided optimization with the Linux kernel. This technique, which he often referred to as "pogo", is not straightforward to apply to the kernel, but the benefits would appear to justify the effort.

A new crop of stable kernels

Thursday 3rd of September 2020 02:22:18 PM
Greg Kroah-Hartman has released six new stable kernels: 5.8.6, 5.4.62, 4.19.143, 4.14.196, 4.9.235, and 4.4.235. As usual, they contain fixes throughout the tree and users should upgrade.

Cook: Security things in Linux v5.6

Thursday 3rd of September 2020 02:20:20 PM
Kees Cook catches up with the security-relevant changes in the 5.6 kernel release. "With my 'attack surface reduction' hat on, I remain personally suspicious of the io_uring() family of APIs, but I can’t deny their utility for certain kinds of workloads. Being able to pipeline reads and writes without the overhead of actually making syscalls is pretty great for performance. Jens Axboe has added the IORING_OP_OPENAT command so that existing io_urings can open files to be added on the fly to the mapping of available read/write targets of a given io_uring. While LSMs are still happily able to intercept these actions, I remain wary of the growing 'syscall multiplexer' that io_uring is becoming."

Security updates for Thursday

Thursday 3rd of September 2020 01:26:17 PM
Security updates have been issued by Debian (asyncpg and uwsgi), Mageia (cairo), openSUSE (chromium, kernel, and postgresql10), Red Hat (dovecot and squid:4), SUSE (curl, java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, kernel, libX11, php7, squid, and xorg-x11-server), and Ubuntu (apport, libx11, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).

More in Tux Machines

Assign Actions To Touchpad Gestures On Linux With Touchegg

The application runs in the background, transforming the multi-touch gestures you make on your touchpad into various desktop actions. For example, you can minimize a window by swiping down using 3 fingers, pinch in using 2 fingers to zoom in, etc. This is a demo video recorded by the Touchegg developer (image above credits also go to the dev). Read more

Meet DevTerm: An Open Source Portable Linux Terminal For Developers

You may be familiar with Clockwork company, which earlier launched an open-source Linux-powered portable game console called GameShell for gamers. Now, they’re back with another new portable and modular device called DevTerm for developers, which you can easily carry along wherever you go. Read more

Android Leftovers

today's leftovers

  • GPUOpen Software Updated For The Radeon RX 6000 Series - Phoronix

    AMD has updated their collection of software offered under their "GPUOpen" umbrella for Radeon RX 6000 series / RDNA 2 compatibility. The Radeon GPU Profiler, Radeon Memory Visualizer, and other software packages offered via GPUOpen have been updated with "Big Navi" RDNA2 support.

  • OctopusWAF: A Customizable Open-Source WAF for High Performance Applications

    Mainstream web application firewalls (WAFs) can be very difficult to understand, with thousands of lines of code and obscure plugins. This complexity makes it challenging for developers to modify code to block specific anomalies and secure their applications. But OctopusWAF is different - the open-source WAF is customizable, user-friendly and optimized for a large number of parallel connections - making it ideal for high performance Asynchronous JavaScript and XML (AJAX) applications.

  • ZLUDA: Drop-In Open-Source CUDA Support For Intel Xe / UHD Graphics

    An interesting solution built off Intel's oneAPI Level Zero is the open-source "ZLUDA" that is providing a "Level Zero CUDA" implementation for being able to run programs geared for NVIDIA CUDA atop Intel UHD / Xe Graphics hardware. ZLUDA is a project independent of NVIDIA and Intel but one of the most interesting external projects we have seen so far targeting Intel's Level Zero interface. ZLUDA allows for unmodified CUDA applications to run on Intel GPUs with "near native" performance through this alternative libcuda running with Skylake / Gen9 graphics and newer.

  • Portwell and Congatec spin Elkhart Lake modules in multiple form factors

    Portwell unveiled a “PQ7-M109” Qseven module with Intel’s Atom x-6000. Congatec recently announced x6000 modules in Qseven (Conga-QA7), SMARC, (Conga-SA7), Mini Type 10 (Conga-MA7), and Compact Type 6 (Conga-TCA7) form factors. Portwell has announced the PQ7-M109, its first product based on Intel’s 10nm fabricated Elkhart Lake family of low-power system-on-chips, which includes several Atom x-6000, Celeron, and Pentium models. In September, in reporting on Congatec’s Elkhart Lake based Conga-PA7 Pico-ITX SBC, we promised to cover Congatec’s four Elkhart Lake compute modules in a separate report. Well, better late than ever: We briefly summarize Congatec’s Conga-QA7 (Qseven), Conga-SA7 (SMARC), and Conga-MA7 (COM Express Mini Type 10) and Conga-TCA7 (Compact Type-6) modules farther below.

  • Kubernetes and SUSE Enterprise Storage 7 - SUSE Communities

    Rook is a CNCF – the Cloud Native Compute Foundation (CNCF) hosts Kubernetes and related open source projects – graduated project which automates the installation, deployment and upgrade of Ceph. It takes care to launch and configure all Ceph components correctly, setup Ceph on storage devices and allows Kubernetes applications to use Ceph as storage – for block, file, and object storage. Deployment with Rook is like many other Kubernetes installation, you install Rook using a helm chart that you can configure, and then Kubernetes will do all the necessary steps to setup Ceph. You can also connect to the Ceph dashboard and see how your applications use storage. Once Rook is up, your containerized applications can use Ceph as persistent storage using the usual Kubernetes APIs like PersistentVolumeClaims (PVCs). Running Ceph with Rook on Kubernetes means that you have a smaller footprint overall instead of setting up a separate Ceph cluster and a Kubernetes cluster. Kubernetes will run applications and storage together in the same infrastructure. This is not advised for very large storage installations but a great option for a Kubernetes cluster that needs a smaller storage configuration. Depending on your use-cases and requirements, you can use dedicated storage nodes in your single cluster – and have dedicated application nodes – or use all your nodes for storage and applications.

  • Digest of YaST Development Sprint 113 | YaST

    Time flies and it has been already two weeks since our previous development report. On these special days, we keep being the YaST + Cockpit Team and we have news on both fronts. So let’s do a quick recap. Cockpit Modules Our Cockpit module to manage wicked keeps improving. Apart from several small enhancements, the module has now better error reporting and correctly manages those asynchronous operations that wicked takes some time to perform. In addition, we have improved the integration with a default Cockpit installation, ensuring the new module replaces the default network one (which relies on Network Manager) if both are installed. In the following days we will release RPM packages and a separate blog post to definitely present Cockpit Wicked to the world. On the other hand, we also have news about our Cockpit module to manage transactional updates. We are creating some early functional prototypes of the user interface to be used as a base for future development and discussions. You can check the details and several screenshots at the following pull requests: request#3, request#5.

  • Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies [Ed: They say almost nothing about the fact that you actually need to sabotage your GNU/Linux setup and have malware installed on it for this to become a risk. Microsoft propaganda at ZDNet set off this "Linux" FUD.]

    According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor tracked as Stantinko.