Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 46 min ago

[$] A filesystem corruption bug breaks loose

Monday 10th of December 2018 05:58:42 PM
Kernel bugs can have all kinds of unfortunate consequences, from inconvenient crashes to nasty security vulnerabilities. Some of the most feared bugs, though, are those that corrupt data in filesystems. The losses imposed on users can be severe, and the resulting problems may not be noticed for a long time, making recovery difficult. Filesystem developers, knowing that they will have to face their users in the real world, go to considerable effort to prevent this kind of bug from finding its way into a released kernel. A recent failure in that regard raises a number of interesting questions about how kernel development is done.

Security updates for Monday

Monday 10th of December 2018 03:57:17 PM
Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml).

Kernel prepatch 4.20-rc6

Monday 10th of December 2018 07:52:47 AM
The 4.20-rc6 kernel prepatch is out for testing. "Most of it looks pretty small and normal. Would I have preferred for there to be less churn? Yes. But it's certainly smaller than rc5 was, so we're moving in the right direction, and we have at least one more rc to go."

More stable kernel updates

Saturday 8th of December 2018 06:34:40 PM
The stable kernel process continues to churn out releases; 4.19.8, 4.14.87, and 4.9.144 are now available with another set of important fixes.

[$] Kernel quality control, or the lack thereof

Friday 7th of December 2018 06:28:33 PM
Filesystem developers tend toward a high level of conservatism when it comes to making changes; given the consequences of mistakes, this seems like a healthy survival trait. One might rightly be tempted to regard a recent disagreement over the backporting of filesystem-related fixes to the stable kernels as an example of this conservatism, but there is more to it. The kernel development process has matured in many ways over the years; perhaps this discussion hints at some of the changes that will be needed to continue that maturation in the future.

Security updates for Friday

Friday 7th of December 2018 04:05:09 PM
Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack).

[$] Toward race-free process signaling

Thursday 6th of December 2018 06:51:45 PM
Signals have existed in Unix systems for years, despite the general consensus that they are an example of a bad design. Extensions and new ways of using signals pop up from time to time, fixing the issues that have been found. A notable addition was the introduction of signalfd() nearly 10 years ago. Recently, the kernel developers have discussed how to avoid race conditions related to process-ID (PID) recycling, which occurs when a process terminates and another one is assigned the same PID. A process that fails to notice that its target has exited may try to send a signal to the wrong recipient, with potentially grave consequences. A patch set from Christian Brauner is trying to solve the issue by adding signaling via file descriptors.

Microsoft's Edge browser moving to Chromium

Thursday 6th of December 2018 05:35:39 PM
Microsoft has announced that its "Edge" browser is joining the Chromium world. "Today we’re announcing that we intend to adopt the Chromium open source project in the development of Microsoft Edge on the desktop to create better web compatibility for our customers and less fragmentation of the web for all web developers. As part of this, we intend to become a significant contributor to the Chromium project, in a way that can make not just Microsoft Edge — but other browsers as well — better on both PCs and other devices."

Security updates for Thursday

Thursday 6th of December 2018 02:42:13 PM
Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin).

[$] LWN.net Weekly Edition for December 6, 2018

Thursday 6th of December 2018 01:35:19 AM
The LWN.net Weekly Edition for December 6, 2018 is available.

Videos from the Linux Plumbers Conference

Wednesday 5th of December 2018 08:49:01 PM
Videos from the 2018 Linux Plumbers Conference (November 13-15, Vancouver) have now been posted for all sessions, including the Kernel Summit and Networking tracks. They can be found by going to the detailed schedule and clicking on the session of interest.

[$] Investigating GitLab

Wednesday 5th of December 2018 08:10:42 PM

Daniel Vetter began his talk in the refereed track of the 2018 Linux Plumbers Conference (LPC) by noting that it would be in a somewhat similar vein to other talks he has given, since it is about tooling and workflows that are outside of the kernel norm. But, unlike those other talks that concerned changes that had already taken place, this talk was about switching open-source graphics projects to using a hosted version of GitLab, which has not yet happened. In it, he wanted to share his thoughts about why he thinks migrating to GitLab makes sense for the kernel graphics community—and maybe the kernel as a whole.

Stable kernel updates

Wednesday 5th of December 2018 08:09:37 PM
Stable kernels 4.19.7, 4.14.86, and 4.9.143 have been released, with the usual set of important fixes throughout the tree.

Security updates for Wednesday

Wednesday 5th of December 2018 03:54:19 PM
Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby).

Critical Kubernetes privilege escalation disclosed

Tuesday 4th of December 2018 07:00:57 PM
A critical flaw in the Kubernetes container orchestration system has been announced. It will allow any user to compromise a Kubernetes cluster by way of exploiting any aggregated API server that is deployed for it. This affects all Kubernetes versions 1.0 to 1.12, but is only fixed in the supported versions (in 1.10.11, 1.11.5, and 1.12.3). "With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection. [...] In default configurations, all users (authenticated and unauthenticated) are allowed to perform discovery API calls that allow this escalation. [...] There is no simple way to detect whether this vulnerability has been used. Because the unauthorized requests are made over an established connection, they do not appear in the Kubernetes API server audit logs or server log. The requests do appear in the kubelet or aggregated API server logs, but are indistinguishable from correctly authorized and proxied requests via the Kubernetes API server." Kubernetes users should obviously update as soon as possible.

[$] Unexpected fallout from /usr merge in Debian

Tuesday 4th of December 2018 06:41:24 PM

Back in 2011, Harald Hoyer and Kay Sievers came up with a proposal for Fedora to merge much of the operating system into /usr; former top-level directories, /bin, /lib, and /sbin, would then become symbolic links pointing into the corresponding subdirectories of /usr. Left out of the merge would be things like configuration files in /etc, data in /var, and user home directories. This change was aimed at features like atomic upgrades and easy snapshots. The switch to a merged /usr was successful for Fedora 17; many other distributions (Arch, OpenSUSE, Mageia, just to name a few) have followed suit. More recently, Debian has been working toward a merged /usr, but it ran into some surprising problems that are unique to the distribution.

Security updates for Tuesday

Tuesday 4th of December 2018 04:16:40 PM
Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, linux-gcp, perl, and poppler).

[$] Bounded loops in BPF programs

Monday 3rd of December 2018 10:45:39 PM
The BPF verifier is charged with ensuring that any given BPF program is safe for the kernel to load and run. Programs that fail to terminate are clearly unsafe, as they present an opportunity for denial-of-service attacks. In current kernels, the verifier uses a heavy-handed technique to block such programs: it disallows any program containing loops. This works, but at the cost of disallowing a wide range of useful programs; if the verifier could determine whether any given loop would terminate within a bounded time, this restriction could be lifted. John Fastabend presented a plan for doing so during the BPF microconference at the 2018 Linux Plumbers Conference.

CentOS Linux 7.6 (1810) released

Monday 3rd of December 2018 07:47:54 PM
CentOS has released CentOS Linux 7.6 (1810). "Updates released since the upstream release are all posted, across all architectures. We strongly recommend every user apply all updates, including the content released today, on your existing CentOS Linux 7 machine by just running 'yum update'." See the release notes for more information.

Security updates for Monday

Monday 3rd of December 2018 04:23:15 PM
Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel).

More in Tux Machines

KDE4 and Plasma 5 for Slackware

  • KDE4 and Qt4 deprecation in FreeBSD
    This is a reminder — for those who don’t read all of the FreeBSD mailing lists — that KDE4 is marked deprecated in the official ports tree for FreeBSD, and will be removed at the end of this year (in about 20 days). Then Qt4 will be removed from the official ports tree in mid-march. Since both pieces of software are end-of-life and unmaintained upstream already for several years, the kde@ team at FreeBSD no longer can maintain them. Recent time-sinks were dealing with OpenSSL 1.1.1, libressl, C++17, .. the code is old, and there’s newer, nicer, better-maintained code available generally by replacing 4 with 5.
  • KDE Plasma 5 for Slackware – end of the year edition
    I just uploaded a whole new batch of packages containing KDE Plasma5 for Slackware. The previous batch, KDE 5_18.10 is already two months old and has some library compatibility issues. The new KDE 5_18.12 for Slackware consists of KDE Frameworks 5.53.0, Plasma 5.14.4 and Applications 18.08.3. All this on top of Qt 5.11.3. Compiled on the latest Slackware -current, it’s running smoothly here on my laptop. I decided against upgrading to QT 5.12.0. This is a new LTS release, but I will wait for the other distros to find bugs in this new software. Next week, KDE will release KDE Applications 18.12.0 and that too is something I want to check a bit before releasing Slackware packages. Therefore it’s likely that a new batch of packages containing Qt 5.12 and KDE Applications 18.12 will see the light shortly after the New Year.

Programming: GCC, LLVM, Rust, Ruby and Python

  • GCC 9 Guts Out The PowerPC SPE Support
    It should come as no surprise since it was deprecated in this year's GCC 8 release, but the PowerPC SPE code has been removed. This isn't to be confused with conventional POWER/PowerPC but rather PowerPC SPE that is for the "Signal Processing Engine" on older FreeScale/IBM cores like the e500. It's not all that important these days and doesn't affect newer versions of the 64-bit Power support.
  • LLVM's OpenMP Runtime Picks Up DragonFlyBSD & OpenBSD Support
    Good news for those using the LLVM Clang compiler on OpenBSD or DragonFlyBSD: the OpenMP run-time should now be supported with the latest development code.
  • Nick Cameron: Rust in 2022
    In case you missed it, we released our second edition of Rust this year! An edition is an opportunity to make backwards incompatible changes, but more than that it's an opportunity to bring attention to how programming in Rust has changed. With the 2018 edition out of the door, now is the time to think about the next edition: how do we want programming in Rust in 2022 to be different to programming in Rust today? Once we've worked that out, lets work backwards to what should be done in 2019. Without thinking about the details, lets think about the timescale and cadence it gives us. It was three years from Rust 1.0 to Rust 2018 and I expect it will be three years until the next edition. Although I think the edition process went quite well, I think that if we'd planned in advance then it could have gone better. In particular, it felt like there were a lot of late changes which could have happened earlier so that we could get more experience with them. In order to avoid that I propose that we aim to avoid breaking changes and large new features landing after the end of 2020. That gives 2021 for finishing, polishing, and marketing with a release late that year. Working backwards, 2020 should be an 'impl year' - focussing on designing and implementing the things we know we want in place for the 2021 edition. 2019 should be a year to invest while we don't have any release pressure. To me, investing means paying down technical debt, looking at our processes, infrastructure, tooling, governance, and overheads to see where we can be more efficient in the long run, and working on 'quality of life' improvements for users, the kind that don't make headlines but will make using Rust a better experience. It's also the time to investigate some high-risk, high-reward ideas that will need years of iteration to be user-ready; 2019 should be an exciting year!
  • A Java Developer Walks Into A Ruby Conference: Charles Nutter’s Open Source Journey
    As a Java developer, Nutter began looking for an existing way to run Ruby within a Java runtime environment, specifically a Java virtual machine (JVM). This would let Ruby programs run on any hardware or software platform supported by a JVM, and would facilitate writing polyglot applications that used some Java and some Ruby, with developers free to choose whichever language was best for a particular task.
  • Good ciphers in OpenJDK
  • Don’t delete the same file in its own directory
  • Create a home button on the pause scene

Audiocasts/Shows: Going Linux, Linux Thursday and More

  • Going Linux #358 · Listener Feedback
    This month we have voice feedback from Paul, suggestions on alternatives for G+, a question on OpenVPN, feedback and problems moving to Linux. Troy provides a Going Linux story on software for Linux users.
  • Linux Thursday - Dec 6, 2018
  • Gnocchi: A Scalable Time Series Database For Your Metrics with Julien Danjou - Episode 189
    Do you know what your servers are doing? If you have a metrics system in place then the answer should be “yes”. One critical aspect of that platform is the timeseries database that allows you to store, aggregate, analyze, and query the various signals generated by your software and hardware. As the size and complexity of your systems scale, so does the volume of data that you need to manage which can put a strain on your metrics stack. Julien Danjou built Gnocchi during his time on the OpenStack project to provide a time oriented data store that would scale horizontally and still provide fast queries. In this episode he explains how the project got started, how it works, how it compares to the other options on the market, and how you can start using it today to get better visibility into your operations.

Best Lightweight Linux Distros for Older Computers

Don’t throw away that old Pentium III tower and CRT monitor just yet! While that old laptop in the closet may not be able to run Windows 10 or macOS Mojave, it doesn’t mean it’s destined for the dump. Many Linux distributions are made specifically for utilizing the ancient, underpowered hardware found in older machines. By installing these lightweight distros, you can breathe new life into an old PC thought to be long past its prime. Here are the best lightweight Linux distros that we’ve picked out from the pile. Read more