LWN
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
Updated: 6 hours 2 min ago
[$] A last-minute MMU notifier change
One does not normally expect to see significant changes to an important
internal memory-management mechanism in the time between the ‑rc7 prepatch
and the final release for a development cycle, but that is exactly what
happened just before 4.13 was released. A regression involving the
memory-management unit (MMU) notifier mechanism briefly threatened to
delay this release, but a last-minute scramble kept 4.13 on
schedule and also resulted in a cleanup of that mechanism.
This seems like a good time to look at a mechanism that Linus
Torvalds called "a badly designed mistake" and how it was made
to be a bit less mistaken.
PulseAudio 11.0 released
Version 11.0 of the PulseAudio sound system has been released. New
features include more hardware support, a priority change so that external
sound devices are preferred over internal devices, support for operating as
a Bluetooth headset device, and the long awaited GNU Hurd port. See the
release notes for details.
Security updates for Tuesday
Security updates have been issued by Debian (asterisk and irssi), Fedora (glibc), Gentoo (mcollective), openSUSE (pspp and wireshark), Red Hat (389-ds-base, docker-distribution, kernel-rt, and qemu-kvm-rhev), Scientific Linux (389-ds-base), SUSE (kernel, libzypp, zypper, and xen), and Ubuntu (fontforge and liblouis).
[$] CPU frequency governors and remote callbacks
The kernel's CPU-frequency ("cpufreq") governors are charged with picking
an operating frequency for each processor that minimizes power use while
maintaining an adequate level of performance as determined by the current
policy. These governors normally run locally, with each CPU handling its
own frequency management. The 4.14 kernel release, though, will enable the
CPU-frequency governors to control the frequency of any CPU in the
system if the architecture permits, a change that should improve the
performance of the system overall.
Security updates for Monday
Security updates have been issued by Debian (enigmail, gnupg, libgd2, libidn, libidn2-0, mercurial, and strongswan), Fedora (gd, libidn2, mbedtls, mingw-openjpeg2, openjpeg2, and xen), Mageia (apache-commons-email, botan, iceape, poppler, rt/perl-Encode, samba, and wireshark), and openSUSE (expat, freerdp, git, libzypp, and php7).
The 4.13 kernel is out
Linus has released the 4.13 kernel, right on schedule.
Headline features in this release include
kernel hardening via structure layout
randomization,
native TLS protocol support,
better huge-page swapping,
improved handling of writeback errors,
better asynchronous I/O support,
better power management via next-interrupt
prediction,
the elimination of the DocBook toolchain for formatted documentation,
and more. There is one other change that is called out explicitly in the
announcement: "The change in question is simply changing the default cifs behavior:
instead of defaulting to SMB 1.0 (which you really should not use:
just google for 'stop using SMB1' or similar), the default cifs mount
now defaults to a rather more modern SMB 3.0."
Summary of the DebConf 2038 BoF
Steve McIntyre reports from a BoF session on the year-2038 problem at
DebConf 17. "It's important that we work on fixing issues *now* to stop people
building broken things that will bite us. We all expect that our own
computer systems will be fine by 2038; Debian systems will be fixed
and working! We'll have rebuilt the world with new interfaces and
found the issues. The issues are going to be in the IoT, with systems
that we won't be able to simply rebuild/verify/test - they'll fail. We
need to get the underlying systems right ASAP for those systems."
100 days of postmarketOS
The postmarketOS distribution looks
back at its first 100 days. "One of our previously stated goals
is using the mainline Linux kernel on as many mobile devices as
possible. This is not as easy as it might sound, since many Linux-based
smartphones (Android) require binary drivers which depend on very specific
kernel versions. It's a tremendous task to rewrite these drivers to work
with the current kernel APIs. Nevertheless, some people have been doing
that since long before postmarketOS existed. In the case of the Nokia N900
this has been going on for some number of years and almost all components
are now supported in the mainline kernel. This has allowed us to use the
mainline kernel as the default kernel for the N900, jumping from Maemo's
2.6.x to mainline 4.12!"
[$] Spam filtering with Rspamd
Running one's own mail system on the Internet has become an increasingly
difficult thing to do, to the point that many people don't bother, even if
they have the necessary skills. Among the challenges is spam; without
effective spam filtering, an email account will quickly drown under a
deluge of vile offers, phishing attempts, malware, and alternative facts. Many of
us turn to SpamAssassin for
this task, but it's not the only alternative; Rspamd is increasingly worth considering in
this role. Your editor gave Rspamd a spin to get a sense for whether
switching would be a good thing to do.
Security updates for Friday
Security updates have been issued by CentOS (openssh, poppler, and thunderbird), Debian (graphicsmagick and openexr), Fedora (cacti, dnsdist, exim, groovy18, kernel, libsndfile, mingw-libzip, and taglib), Oracle (openssh), Red Hat (openssh), Scientific Linux (openssh), and SUSE (git and xen).
Day: Status Icons and GNOME
Allan Day shares
some welcome news about the GNOME status icon tray.
"GNOME 3 currently shows status icons in the bottom-left corner of
the screen, in a tray that slides in and out. We know that this isn’t a
good solution. The tray gets in the way and it generally feels quite
awkward. There’s a general consensus that we don’t want to continue with
this UI for the upcoming version of GNOME 3."
Security updates for Thursday
Security updates have been issued by Debian (connman, faad2, gnupg, imagemagick, libdbd-mysql-perl, mercurial, and php5), openSUSE (postgresql93 and samba and resource-agents), Oracle (poppler), Scientific Linux (poppler), SUSE (firefox and php7), and Ubuntu (pyjwt).
Hardening the Kernel in Android Oreo (Android Developers Blog)
The Android Developers Blog has an
overview of the security features added to the kernel in the Android
"Oreo" release. "Usercopy functions are used by the kernel to
transfer data from user space to kernel space memory and back again. Since
2014, missing or invalid bounds checking has caused about 45% of Android's
kernel vulnerabilities. Hardened usercopy adds bounds checking to usercopy
functions, which helps developers spot misuse and fix bugs in their
code. Also, if obscure driver bugs slip through, hardening these functions
prevents the exploitation of such bugs."
[$] LWN.net Weekly Edition for August 31, 2017
The LWN.net Weekly Edition for August 31, 2017 is available.
[$] printk() and KERN_CONT
A nearly year-old "fix" to the main logging function used in the kernel, printk(), changed the appearance of some log messages in an unexpected way, at least for some. Messages that had appeared on a single line will now be spread over multiple lines as each call to printk() begins a new line in the output unless the KERN_CONT flag is used. That is how a comment in the kernel code says it should work, but the change was made by Linus Torvalds without any discussion or fanfare, so it took some by surprise.
[$] Fedora's Boltron preview
In many ways, distributions shackle their users to particular versions of tools, libraries, and frameworks. Distributions do not do that to be cruel, of course, but to try to ensure a consistent and well-functioning experience across all of the software they ship. But users have often chafed at these restrictions, especially for the fast-moving environments surrounding various web frameworks and their dependencies. Fedora has been making an effort to make it easier for a single system to support these kinds of environments with its Modularity initiative. In late July, Fedora announced a preview release of the server side of the Modularity equation, Boltron, which is a version of the distribution that supports the initiative.
Security updates for Wednesday
Security updates have been issued by Debian (libgcrypt20, poppler, and wordpress), Fedora (cvs, java-1.8.0-openjdk-aarch32, and postgresql), Mageia (gstreamer0.10-plugins-base, gstreamer1.0-plugins-base and libgit2), openSUSE (exim), Red Hat (instack-undercloud, openvswitch, and poppler), Scientific Linux (poppler), SUSE (kernel and quagga), and Ubuntu (linux-lts-trusty).
[$] Remote imports for Python?
Importing a module into a Python program is a pretty invasive operation; it directly runs code in the current process that has access to anything the process can reach. So it is not wildly surprising that a suggestion to add a way to directly import modules from remote sites was met with considerable doubt—if not something approaching hostility. It turns out that the person suggesting the change was not unaware of the security implications of the idea, but thought it had other redeeming qualities; others in the discussion were less sanguine.
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Desktop: AKiTiO Node, Ubuntu Podcast, Vivaldi, Chromium and HUION PenTablet
| OSS: Meteoric Rise of Open Source, Document Foundation, Facebook U-Turn, Collaborative Knowledge Foundation, Slovenia Open Data
|
End of Debian-Administration.org and 32-bit Support in Manjaro Linux
| Android Leftovers
|
Content (where original) is available under CC-BY-SA, copyrighted by original author/s.
Recent comments
2 days 19 hours ago
4 days 15 hours ago
6 days 3 hours ago
1 week 3 days ago
1 week 4 days ago
2 weeks 4 days ago
2 weeks 5 days ago
2 weeks 5 days ago
2 weeks 5 days ago
4 weeks 1 day ago