Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 49 min ago

[$] The proper use of EXPORT_SYMBOL_GPL()

Saturday 27th of October 2018 01:17:27 PM
The kernel, in theory, puts strict limits on which functions and data structures are available to loadable kernel modules; only those that have been explicitly exported with EXPORT_SYMBOL() or EXPORT_SYMBOL_GPL() are accessible. In the case of EXPORT_SYMBOL_GPL(), only modules that declare a GPL-compatible license will be able to see the symbol. There have been questions about when EXPORT_SYMBOL_GPL() should be used for almost as long as it has existed. The latest attempt to answer those questions was a session run by Greg Kroah-Hartman at the 2018 Kernel Maintainers Summit; that session offered little in the way of general guidance, but it did address one specific case.

[$] Removing support for old hardware from the kernel

Saturday 27th of October 2018 01:14:53 PM
The kernel supports a wide range of hardware. Or, at least, the kernel contains drivers for a lot of hardware, but the hardware for which many of those drivers was written is old and, perhaps, no longer in actual use. Some of those drivers would certainly no longer work even if the hardware could be found. These drivers provide no value, but they are still an ongoing maintenance burden; it would be better to simply remove them from the kernel. But identifying which drivers can go is not as easy as one might think. Arnd Bergmann led an inconclusive session on this topic at the 2018 Kernel Maintainers Summit.

[$] 4.20/5.0 Merge window part 1

Friday 26th of October 2018 06:50:41 PM
Linus Torvalds has returned as the keeper of the mainline kernel repository, and the merge window for the next release which, depending on his mood, could be called either 4.20 or 5.0, is well underway. As of this writing, 5,735 non-merge changesets have been pulled for this release; experience suggests that we are thus at roughly the halfway point.

Security updates for Friday

Friday 26th of October 2018 02:37:52 PM
Security updates have been issued by Arch Linux (firefox), CentOS (firefox), Debian (389-ds-base, openjdk-8, thunderbird, and xorg-server), Fedora (firefox), openSUSE (GraphicsMagick, jhead, mysql-community-server, ntp, postgresql96, python-cryptography, rust, tomcat, webkit2gtk3, and zziplib), Scientific Linux (firefox), and SUSE (clamav, firefox, ImageMagick, libgit2, net-snmp, smt, wpa_supplicant, and xorg-x11-server).

An X.Org security advisory

Friday 26th of October 2018 01:37:10 PM
It turn out that the X.org server, versions 1.19.0 and after, contain an easily exploitable privilege escalation vulnerability. Anybody who is running a system that has X installed setuid root, and which has untrusted users on it, will want to install the update. "X.Org recommends the use of a display manager to start X sessions, which does not require Xorg to be installed setuid."

[$] Improving the handling of embargoed hardware-security bugs

Thursday 25th of October 2018 05:27:38 PM
Jiri Kosina kicked off a session on hardware vulnerabilities at the 2018 Kernel Maintainers Summit by noting that there are few complaints about how the kernel community deals with security issues in general. That does not hold for Meltdown and Spectre which, he said, had been "completely mishandled". The subsequent handling of the L1TF vulnerability suggests that some lessons have been learned, but there is still plenty of room for improvement in how hardware vulnerabilities are handled in general.

Truta: Farewell, Glenn Randers-Pehrson

Thursday 25th of October 2018 04:05:39 PM
Cosmin Truta reports the death of Glenn Randers-Pehrson. "Glenn is one of the original designers of the PNG format, and a co-founder of the PNG Development Group, back in the mid-90's. He took good care of the PNG Specification, as a contributing author for PNG version 1.0, and as the main editor for all of the subsequent editions through PNG 1.1 and 1.2, until the current W3C/ISO/IEC standard PNG Specification, Second Edition. In addition, all of the related Specifications, i.e., the registered PNG extensions, and the companion MNG Specification version 1.0 and JNG Specification version 1.0, had Glenn at the front as the main editor and moderator-in-chief." (Thanks to Paul Wise)

Security updates for Thursday

Thursday 25th of October 2018 03:06:54 PM
Security updates have been issued by Debian (389-ds-base, clamav, firefox-esr, and mosquitto), openSUSE (Chromium and firefox), Oracle (firefox and kernel), Red Hat (chromium-browser, firefox, java-1.6.0-sun, java-1.7.0-oracle, and java-1.8.0-oracle), SUSE (dom4j, exempi, mercurial, ntp, python-cryptography, tiff, tomcat, and webkit2gtk3), and Ubuntu (audiofile and firefox).

[$] LWN.net Weekly Edition for October 25, 2018

Thursday 25th of October 2018 12:22:32 AM
The LWN.net Weekly Edition for October 25, 2018 is available.

[$] Picking a governance model for Python

Wednesday 24th of October 2018 06:19:57 PM

The Python language project has been officially "leaderless" since the mid-July announcement that Guido van Rossum was stepping down. He is, of course, the founder of the language and had served for more than two decades as its Benevolent Dictator for Life (BDFL). But he did not appoint a successor and left it up to the project's core developers to come up with a new governance structure. In the three months since, a great deal of work has gone into that effort, which has to bootstrap itself since there was not even any mechanism to choose how to select a new governance model.

[$] Replacement of deprecated kernel APIs

Wednesday 24th of October 2018 05:22:26 PM
The kernel community tries to never change the user-space API in ways that will break applications, but it explicitly allows any internal API to be changed at any time if a solid technical reason to do so exists. But that doesn't mean that such changes are easy to do. At the 2018 Kernel Maintainers Summit, Kees Cook led a discussion on the challenges he has encountered when trying to effect large-scale API changes and what might be done to make such changes go more smoothly.

Security updates for Wednesday

Wednesday 24th of October 2018 02:41:10 PM
Security updates have been issued by Fedora (hesiod, lighttpd, and opencc), openSUSE (apache-pdfbox, net-snmp, pam_pkcs11, rpm, tiff, udisks2, and wireshark), SUSE (dhcp, ghostscript-library, ImageMagick, libraw, net-snmp, ntp, postgresql96, rust, tiff, xen, and zziplib), and Ubuntu (mysql-5.5, mysql-5.7).

[$] Making stable kernels more stable

Wednesday 24th of October 2018 12:37:44 AM
Improving the quality of stable kernel releases is a perennial subject at the Kernel and Maintainers Summit events, and this year was no exception. This session, led by Fedora kernel maintainer Laura Abbott, discussed a range of ideas but found no silver bullets. There is, it seems, not much that can be done to create better stable kernels except to perform more and better testing.

Firefox 63 blocks tracking cookies, offers a VPN when you need one (Ars Technica)

Tuesday 23rd of October 2018 06:26:23 PM
Ars technica takes a look at the Enhanced Tracking Protection (ETP) feature in Firefox 63. "Firefox has long had the ability to block all third-party cookies, but this is a crude solution, and many sites will break if all third-party cookies are prohibited. The new EPT option works as a more selective block on tracking cookies; third-party cookies still work in general, but those that are known to belong to tracking companies are blocked. For the most part, sites will retain their full functionality, just without undermining privacy at the same time. At least for now, however, Mozilla is defaulting this feature to off, so the company can get a better idea of the impact it has on the Web. In testing, the company has found the occasional site that breaks when tracking cookies are blocked. Over the next few months, Firefox developers will get a better picture of just how much breaks, and, if it's not too severe, the plan is to block trackers by default starting in early 2019." The article also mentions a second privacy-related feature; the offer of a subscription to the ProtonVPN service.

The Firefox 63 release notes contain other details.

Security updates for Tuesday

Tuesday 23rd of October 2018 03:09:54 PM
Security updates have been issued by CentOS (java-1.8.0-openjdk), Fedora (mosquitto), openSUSE (binutils, clamav, exiv2, fuse, haproxy, singularity, and zziplib), Slackware (firefox), SUSE (apache-pdfbox, net-snmp, pam_pkcs11, postgresql94, rpm, tiff, and wireshark), and Ubuntu (kernel, libssh, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, net-snmp, paramiko, requests, and texlive-bin).

Linux Foundation Technical Advisory Board election call for nominations

Tuesday 23rd of October 2018 10:22:07 AM
The Linux Foundation's Technical Advisory Board is chosen by a vote at the Kernel Summit each year; this year, that will happen during the Linux Plumbers Conference in November. The call for nominations to the board has gone out; it remains open until the voting happens. "The TAB advises the Foundation on kernel-related matters, helps member companies learn to work with the community, and works to resolve community-related problems before they get out of hand. We're also working with kernel maintainers to help refine the new code of conduct, and serving as the initial point of contact for code of conduct issues."

[$] The code of conduct at the Maintainers Summit

Tuesday 23rd of October 2018 07:57:50 AM
The 2018 Kernel Maintainers Summit convened in Edinburgh, UK on October 22 with a number of things to discuss, but the top subject on most minds was the recently (and hastily) adopted code of conduct. Linus Torvalds made his reentry into the kernel community with a discussion of how we got to the current state of affairs, and the assembled maintainers had a relatively good-natured discussion on how this situation came about and where things can be expected to go from here.

How to do Samba: Nicely

Monday 22nd of October 2018 07:46:39 PM
The Samba team has announced a set of guidelines for the project. "Please note this is not a "Code of Conduct" as such, but a set of advisory guidelines we'd like people to follow, with a way for people (privately if they prefer) to raise issues if they see them. I hope everyone will find this document acceptable as a way for us to agree on how we want our community to be a welcoming one for all members."

Announcing the GNU Kind Communication Guidelines

Monday 22nd of October 2018 05:08:04 PM
Richard Stallman has released an initial version of the GNU Kind Communications Guidelines, and asks all GNU contributors to make their best efforts to follow these guidelines in GNU Project discussions. "The idea of the GNU Kind Communication Guidelines is to start guiding people towards kinder communication at a point well before one would even think of saying, "You are breaking the rules." The way we do this, rather than ordering people to be kind or else, is try to help people learn to make their communication more kind. I hope that kind communication guidelines will provide a kinder and less strict way of leading a project's discussions to be calmer, more welcoming to all participants of good will, and more effective."

Security updates for Monday

Monday 22nd of October 2018 03:27:07 PM
Security updates have been issued by Arch Linux (thunderbird), Debian (drupal7, exiv2, and ghostscript), Fedora (apache-commons-compress, git, libssh, and patch), Mageia (389-ds-base, calibre, clamav, docker, ghostscript, glib2.0, libtiff, mgetty, php-smarty, rust, tcpflow, and vlc), openSUSE (Chromium, icinga, and libssh), and SUSE (clamav, fuse, GraphicsMagick, haproxy, libssh, thunderbird, tomcat, udisks2, and Xerces-c).

More in Tux Machines

Debian Packages To Eliminate Vendor-Specific Patches, Affecting Downstreams Like Ubuntu

Debian packages have supported the concept of vendor-specific patches whereby when DPKG unpacks a source package on different operating systems / distributions (such as Debian vs. Ubuntu), different patches could be selectively applied. Ubuntu is one of the main benefactors of this feature while effective immediately these vendor-specific patches to source packages will be treated as a bug and will be unpermitted following the Debian 10 "Buster" release. This vendor-specific patch behavior for DPKG is mainly to help downstreams of Debian such as Ubuntu (not to be confused with vendor-specific hardware patches, etc). This vendor-specific patching has been used where say Ubuntu wishes to make some customizations to a Debian package that are minor in nature or basic alterations, they could land the changes in upstream Debian as a vendor-specific patch that would then be applied to the source package when building on Ubuntu... But keeping the package unpatched on Debian, or vice-versa. It reduces the maintenance burden for those wanting to selectively make basic changes to a package without having to maintain multiple largely redundant packages. Read more

Ubuntu Founder Mark Shuttleworth Has No Plans Of Selling Canonical

A couple of weeks ago IBM announced its plan to buy Red Hat for $34 billion. Following that, experts started speculating that rival companies like Canonical and Suse would sell as well. However, Canonical’s founder, Mark Shuttleworth, doesn’t seem to have any plans of selling the company — at least not in the near future. In an encounter with TechCrunch, he said, “I value my independence.” One of the reasons behind this decision is that he doesn’t really need the money. But another big reason for not selling is his vision for Canonical and Ubuntu, which he would like to see through personally. Read more

A Journey on Budgie Desktop #2: Raven

Raven, the Super+A menu, is the special right panel on Budgie Desktop Environment. It's represented by a white door icon with a left arrow on it beside the power icon on the top panel. It's interesting as it's fun to show/hide in end-user's perspective. It's unique, compared to same right-side panel concepts on BlankOn and deepin, it has own name Raven while being very minimal yet usable. See more below. This is the continuation after the first part talked about the Top Panel. Enjoy and please wait the next part about Applets! Read more

Ubuntu 19.04 Development Starts Off With Python 3.7, Merged Usr Directories

Ubuntu 19.04 "Disco Dingo" development is now officially underway. Following the initial sync from Debian unstable, Ubuntu developer Matthias Klose announced this morning that "Disco Dingo is now open for development." The initial prominent changes in the archive include landing Python 3.7 as the default Python3 version after Ubuntu 18.10 shipped with Python 3.6, removal of OpenSSL 1.0 with intending to only ship OpenSSL 1.1.1 LTS, and upgrading to Perl 5.28. Read more