Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 27 min ago

Stable kernels 5.2.16, 4.19.74, and 4.14.145

Thursday 19th of September 2019 02:39:50 PM
Greg Kroah-Hartman has announced the release of the 5.2.16, 4.19.74, and 4.14.145 stable kernels. Important fixes are contained within; users should upgrade.

Security updates for Thursday

Thursday 19th of September 2019 01:45:14 PM
Security updates have been issued by CentOS (exiv2, firefox, ghostscript, http-parser, httpd, kdelibs and kde-settings, kernel, pango, qemu-kvm, and thunderbird), Debian (ibus), Fedora (kernel, kernel-headers, python34, qbittorrent, and samba), openSUSE (chromium), Oracle (go-toolset:ol8), Red Hat (kernel, nginx:1.14, patch, ruby, skydive, systemd, and thunderbird), Scientific Linux (thunderbird), SUSE (libreoffice, openssl-1_1, python-urllib3, and python-Werkzeug), and Ubuntu (tomcat9 and wpa, wpasupplicant).

[$] LWN.net Weekly Edition for September 19, 2019

Thursday 19th of September 2019 12:25:42 AM
The LWN.net Weekly Edition for September 19, 2019 is available.

[$] Deep argument inspection for seccomp

Wednesday 18th of September 2019 08:07:58 PM
In the Kernel Summit track at the 2019 Linux Plumbers Conference, Christian Brauner and Kees Cook led a discussion on finding a way to do deep argument inspection for seccomp filtering. Currently, seccomp filters can only look at the top-level arguments to a system call, which means that there are use cases that cannot be supported. There was a lively discussion in the session, but no definitive conclusion was reached; various ideas were considered, but none seemed to quite fit the bill.

Security updates for Wednesday

Wednesday 18th of September 2019 02:47:39 PM
Security updates have been issued by CentOS (firefox and kernel), Debian (thunderbird), Fedora (curl), openSUSE (curl and python-Werkzeug), Oracle (kernel and thunderbird), Red Hat (rh-nginx114-nginx), SUSE (curl, ibus, MozillaFirefox, firefox-glib2, firefox-gtk3, openldap2, openssl, openssl1, python-urllib3, and util-linux and shadow), and Ubuntu (linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-oracle, linux-raspi2, linux-snapdragon, and wpa).

Moving Firefox to a faster 4-week release cycle

Tuesday 17th of September 2019 09:07:32 PM
The Mozilla blog has an announcement that Firefox will be moving to 4-week release cycle, starting in 2020. "Shorter release cycles provide greater flexibility to support product planning and priority changes due to business or market requirements. With four-week cycles, we can be more agile and ship features faster, while applying the same rigor and due diligence needed for a high-quality and stable release. Also, we put new features and implementation of new Web APIs into the hands of developers more quickly." The Firefox ESR (Extended Support Release) release cadence will remain the same.

[$] The properties of secure IoT devices

Tuesday 17th of September 2019 09:03:13 PM
At Open Source Summit North America 2019, David Tarditi from Microsoft gave a talk on seven different properties for highly secure Internet of Things (IoT) devices. The properties are based on a Microsoft Research white paper [PDF] from 2017. His high-level summary of the talk was that if you are creating a device that will be connecting to the internet and you don't want it to get "owned", you should pay attention to the properties he would be describing. Overall, it was an interesting talk, with good analysis of the areas where effort needs to be focused to produce secure IoT devices, but it was somewhat marred by an advertisement for a proprietary product (which, naturally, checked all the boxes) at the end of the talk.

CentOS Linux 7 (1908) released

Tuesday 17th of September 2019 04:46:23 PM
A new release of CentOS Linux 7 is available. This release is tagged as 1908 and derived from Red Hat Enterprise Linux 7.7 source code. The release notes have the details. CentOS Linux 7 (1908) is also available for several alternate architectures.

Security updates for Tuesday

Tuesday 17th of September 2019 02:50:35 PM
Security updates have been issued by Debian (dino-im, python2.7, python3.4, and wpa), Fedora (kmplayer), openSUSE (podman and samba), Oracle (thunderbird), Red Hat (thunderbird), Slackware (expat), SUSE (curl), and Ubuntu (apache2).

[$] Maintainers Summit topics: pull depth, hardware vulnerabilities, etc.

Tuesday 17th of September 2019 05:57:47 AM
The final sessions at the 2019 Linux Kernel Maintainers Summit covered a number of relatively quick topics, including the "pull depth" for code going into the mainline, the handling of hardware vulnerabilities, the ABI status of tracepoints, and more.

Richard Stallman resigns from the FSF

Tuesday 17th of September 2019 05:39:16 AM
With a brief announcement, the Free Software Foundation has let it be known that founder Richard Stallman has resigned both as president and from the board of directors. "The board will be conducting a search for a new president, beginning immediately. Further details of the search will be published on fsf.org".

[$] Linus Torvalds on the kernel development community

Monday 16th of September 2019 05:22:22 PM
The Linux Kernel Maintainers Summit is all about the development process, so it is natural to spend some time on how that process is working at the top of the maintainer hierarchy. The "is Linus happy?" session during the 2019 summit revealed that things are working fairly well at that level, but that, as always, there are a few things that could be improved.

Stable kernel updates

Monday 16th of September 2019 02:35:05 PM
Stable kernels 5.2.15, 4.19.73, 4.14.144, 4.9.193, and 4.4.193 have been released. They all contain important fixes and users should upgrade.

Security updates for Monday

Monday 16th of September 2019 02:27:28 PM
Security updates have been issued by Debian (ansible, faad2, linux-4.9, and thunderbird), Fedora (jbig2dec, libextractor, sphinx, and thunderbird), Mageia (expat, kconfig, mediawiki, nodejs, openldap, poppler, thunderbird, webkit2, and wireguard), openSUSE (buildah, ghostscript, go1.12, libmirage, python-urllib3, rdesktop, and skopeo), SUSE (python-Django), and Ubuntu (exim4, ibus, and Wireshark).

[$] The stable-kernel process

Monday 16th of September 2019 10:05:10 AM
The stable kernel process is a perennial topic of discussion at gatherings of kernel developers; the 2019 Linux Kernel Maintainers Summit was no exception. Sasha Levin ran a session there where developers could talk about the problems they have with stable kernels and ponder solutions.

The 5.3 kernel is out

Monday 16th of September 2019 05:50:13 AM
The 5.3 kernel is available at last. The announcement includes a long discussion about user-space regressions — an ext4 filesystem performance improvement had caused some systems to fail booting due to a lack of entropy early after startup. "It's more that it's an instructive example of what counts as a regression, and what the whole 'no regressions' kernel rule means. The reverted commit didn't change any API's, and it didn't introduce any new bugs. But it ended up exposing another problem, and as such caused a kernel upgrade to fail for a user. So it got reverted."

Some of the more significant changes in 5.3 include scheduler utilization clamping, the pidfd_open() and clone3() system calls, bounded loop support for BPF programs, support for the 0.0.0.0/8 IPv4 address range, a new configuration option for the soon-to-be-merged realtime preemption code, and more. See the KernelNewbies 5.3 page for lots of details.

[$] Dealing with automated kernel bug reports

Sunday 15th of September 2019 07:36:54 AM
There is value in automatic testing systems, but they also present a problem of their own: how can one keep up with the high volume of bug reports that they generate? At the 2019 Linux Kernel Maintainers Summit, Shuah Khan ran a session dedicated to this issue. There was general agreement that the reports are hard to deal with, but not a lot of progress toward a solution.

[$] Defragmenting the kernel development process

Saturday 14th of September 2019 07:22:20 AM
The first session at the 2019 Linux Kernel Maintainers Summit was a last-minute addition to the schedule. Dmitry Vyukov's Linux Plumbers Conference session on the kernel development process (slides [PDF]) had inspired a number of discussions that, it was agreed, should carry over into the summit. The result was a wide-ranging conversation about the kernel's development tools and what could be done to improve them.

Security updates for Friday

Friday 13th of September 2019 02:49:22 PM
Security updates have been issued by Debian (curl, dnsmasq, and golang-go.crypto), Mageia (docker, firefox, flash-player-plugin, ghostscript, links, squid, sympa, tcpflow, thunderbird, and znc), openSUSE (srt), Oracle (.NET Core, kernel, libwmf, and poppler), Scientific Linux (firefox), SUSE (cri-o, curl, java-1_8_0-ibm, python-SQLAlchemy, and python-urllib3), and Ubuntu (curl and expat).

[$] Comparing GCC and Clang security features

Thursday 12th of September 2019 10:33:56 PM
Hardening must be performed at all levels of a system, including in the compiler that is used to build that system. There are two viable compilers in the free-software community now, each of which offers a different set of security features. Kees Cook ran a session during the Toolchains microconference at the 2019 Linux Plumbers Conference that examined the security-feature support provided by both GCC and LLVM Clang, noting the places where each one could stand to improve.

More in Tux Machines

Yocto-based Torizon distro adds OTA updater

Toradex has released an experimental version of an OTA updater for its new Torizon embedded Linux distribution. Torizon OTA offers fault-tolerant features and supports web-based remote management including grouping of devices into fleets. Read more

Growth of Kubernetes

  • Just how popular is Kubernetes?

    In its study of usage data from thousands of companies and more than 1.5 billion containers, the company found "roughly 45% of Datadog customers running containers use Kubernetes, whether in self-managed clusters or through a cloud service." Not bad for a technology that's just over five years old. What's more telling though is that almost half of all Datadog container users have already turned to Kubernetes. It's Kubernetes' growth rate that really tells the story. In the last year, Kubernetes' numbers of users grew by 10%. In the meantime, other container orchestration programs, such as Marathon and Docker swarm mode, have simply not caught fire. Indeed, their parent companies, D2iQ, formerly Mesosphere, and Docker both started offering Kubernetes to their customers. Need more be said? Datadog also found that Kubernetes is very popular on the public cloud. In particular, managed Kubernetes services such as Google Kubernetes Engine (GKE) dominates the Google Cloud Platform (GCP). Since Kubernetes ancestry goes back to Google that comes as no surprise.

  • Rancher CEO on k3s: Kubernetes is the new Linux; you run it everywhere

    Once, Kubernetes was just some geeky cloud-native project for orchestrating containers (a virtualized method for running distributed applications). Isn’t it funny how it’s worked its way into practically every tech conversation in just a few years? In fact, thanks to technologies that shrink and simplify it, Kubernetes is about to find its way into even more use cases. With the technology and its uses expanding so rapidly, how do we even define it anymore? Sheng Liang (pictured), co-founder and chief executive officer of Rancher Labs Inc., has an idea: “Kubernetes is the new Linux, and you run it everywhere.” Cloud, on-premises data center, bare metal, internet of things edge, Raspberry Pi, surveillance camera? Check. The developer ecosystem is invading more and more spaces through tweaks that make Kubernetes easier than ever to deploy.

Screencasting with OBS Studio on Wayland

For the past few months, I’ve been doing live coding sessions on YouTube showing how GNOME development goes. Usually it’s a pair of sessions per week, one in Brazilian Portuguese so that my beloved community can enjoy GNOME in their native language; and one in English, to give other people at least a chance to follow development as well. We are quite lucky to have OBS Studio available for screencasting and streaming, as it makes our lives a lot easier. It’s really a fantastic application. I learned about it while browsing Flathub, and it’s what actually motivated me to start streaming in the first place. However, I have to switch to X11 in order to use it, since the GNOME screencast plugin never really worked for me. This is annoying since Mutter supports screencasting for years now, and I really want to showcase the latest and greatest while streaming. We’re still not using the appropriate APIs and methods to screencast, which doesn’t set a high standard on the community. So I decided to get my hands dirty, bite the bullet, and fix this situation. And so was born the obs-xdg-portal plugin for OBS Studio! The plugin uses the standard ScreenCast portal, which means it should work inside and outside the Flatpak sandbox, in Wayland and X11, and on GNOME and KDE (and perhaps others?). Read more

Snapcraft secret sauce: KDE neon extension

Simplicity is the magic ingredient in any product design. For members of the KDE community, snap development has become that much simpler, thanks to the recent introduction of the KDE neon extension. Last year, we talked about the KDE build and content snaps, which can greatly speed the build of KDE application snaps and save disk space. The extension takes this effort one step farther, and allows for faster, smoother integration of snaps into the Linux desktop. While there are no shortcuts in life, you can rely on a passionate community of skilled techies to make the journey easier. Read more