Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 19 min 55 sec ago

[$] The PEP 572 endgame

4 hours 56 min ago

Over the last few months, it became clear that the battle over PEP 572 would be consequential; its scale and vehemence was largely unprecedented in the history of Python. The announcement by Guido van Rossum that he was stepping down from his role as benevolent dictator for life (BDFL), due in part to that battle, underscored the importance of it. While the Python project charts its course in the wake of his resignation, it makes sense to catch up on where things stand with this contentious PEP that has now been accepted for Python 3.8.

Stable kernel 4.17.8

5 hours 16 min ago
Stable kernel 4.17.8 has been released. This fixes the issue with i386 systems that was present in the 4.17.7 kernel.

Security updates for Wednesday

5 hours 22 min ago
Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), Debian (blender, ffmpeg, and wordpress), Fedora (curl), Gentoo (tqdm), Oracle (kernel), Slackware (mutt), SUSE (xen), and Ubuntu (policykit-1).

[$] Kernel symbol namespacing

8 hours 50 min ago
In order to actually do anything, a kernel module must gain access to functions and data structures in the rest of the kernel. Enabling and controlling that access is the job of the symbol-export mechanism. While the enabling certainly happens, the control part is not quite so clear; many developers view the nearly 30,000 symbols in current kernels that are available to all modules as being far too many. The symbol namespaces patch set from Martijn Coenen doesn't reduce that number, but it does provide a mechanism that might help to impose some order on exported symbols in general.

Stable kernel updates

Tuesday 17th of July 2018 03:16:03 PM
Stable kernels 4.17.7, 4.14.56, 4.9.113, and 4.4.141 have been released. The 4.17.7 kernel is broken for i386 systems. "I did this release anyway with this known problem as there is a fix in here for x86-64 systems that was nasty to track down and was affecting people. Given that the huge majority of systems are NOT i386, I felt this was a safe release to do at this point in time." Beyond that, these kernels all contain the usual set of important fixes.

Security updates for Tuesday

Tuesday 17th of July 2018 03:03:02 PM
Security updates have been issued by Arch Linux (thunderbird), Debian (ruby-rack-protection), Fedora (firefox and soundtouch), Red Hat (kernel), Scientific Linux (gnupg2), SUSE (perl and python-paramiko), and Ubuntu (policykit-1).

[$] Python post-Guido

Tuesday 17th of July 2018 02:38:30 PM

The recent announcement by Guido van Rossum that he was stepping away from his "benevolent dictator for life" (BDFL) role for Python was met with some surprise, but not much shock, at least in the core-developer community. Van Rossum has been telegraphing some kind of change, at some unspecified point, for several years now, though the proximate cause (the "PEP 572 mess") is unfortunate. In the meantime, though, the project needs to figure out how to govern itself moving forward—Van Rossum did not appoint a successor and has left the governance question up to the core developers.

Security updates for Monday

Monday 16th of July 2018 02:57:43 PM
Security updates have been issued by CentOS (firefox, gnupg2, kernel, python, and qemu-kvm), Debian (389-ds-base, cups, imagemagick, kernel, mailman, ruby2.1, sssd, thunderbird, and znc), Fedora (glpi, hadoop, kernel, rubygem-sprockets, singularity, thunderbird, wordpress, xapian-core, and xen), Mageia (cantata and flash-player-plugin), openSUSE (exiv2, libvorbis, nodejs6, nodejs8, openslp, singularity, slurm, and tiff), and SUSE (kernel-azure and openssl).

Kernel prepatch 4.18-rc5

Sunday 15th of July 2018 08:49:30 PM
The 4.18-rc5 kernel prepatch has been released. "For some reason this week actually felt very busy, but the rc5 numbers show otherwise. It's all small and calm, and things are progressing nicely."

[$] Tracking pressure-stall information

Friday 13th of July 2018 09:51:00 PM
All underutilized systems are essentially the same, but each overutilized system tends to be overloaded in its own way. If one's goal is to maximize the use of the available computing resources, overutilization tends not to be too far away, but when it happens, it can be hard to tell where the problem is. Sometimes, even the fact that there is a problem at all is not immediately apparent. The pressure-stall information patch set from Johannes Weiner may make life easier for system administrators by exposing more information about the real utilization state of the system.

Security updates for Friday

Friday 13th of July 2018 01:50:01 PM
Security updates have been issued by Debian (cinnamon), Fedora (docker, firefox, jetty, and knot-resolver), Oracle (gnupg2), Scientific Linux (gnupg2), SUSE (gdk-pixbuf, java-1_8_0-openjdk, libopenmpt, php7, and rsyslog), and Ubuntu (dns-root-data, dnsmasq, and thunderbird).

Guido van Rossum resigns as Python leader

Thursday 12th of July 2018 06:00:38 PM
Python creator and Benevolent Dictator for Life Guido van Rossum has decided, in the wake of the difficult PEP 572 discussion, to step down from his leadership of the project. "Now that PEP 572 is done, I don't ever want to have to fight so hard for a PEP and find that so many people despise my decisions. I would like to remove myself entirely from the decision process. I'll still be there for a while as an ordinary core dev, and I'll still be available to mentor people -- possibly more available. But I'm basically giving myself a permanent vacation from being BDFL, and you all will be on your own."

[$] Six (or seven) new system calls for filesystem mounting

Thursday 12th of July 2018 03:00:51 PM
Mounting filesystems is a complicated business. The kernel supports a wide variety of filesystem types, and each has its own, often extensive set of options. As a result, the mount() system call is complex, and the list of mount options is a rather long read. But even with all of that complexity, mount() does not do everything that users would like. For example, the options for a mount operation must all fit within a single 4096-byte page — the fact that this is a problem for some users is illustrative in its own right. The problems with mount() have come up at various meetings, including at the 2018 Linux Storage, Filesystem, and Memory-Management Summit. A set of patches implementing a new approach is getting closer to being ready, but it features some complexity of its own and there are some remaining concerns about the proposed system-call API.

Security updates for Thursday

Thursday 12th of July 2018 01:16:56 PM
Security updates have been issued by Arch Linux (qutebrowser), CentOS (firefox), Debian (ruby-sprockets), Fedora (botan2, git-annex, kernel, kernel-tools, and visualboyadvance-m), Mageia (chromium-browser-stable, graphviz, mailman, nikto, perl-Archive-Zip, redis, and w3m), openSUSE (nextcloud), Oracle (gnupg2), Red Hat (flash-plugin, gnupg2, and kernel), Slackware (bind and curl), SUSE (java-1_8_0-openjdk, php7, rsyslog, slurm, and ucode-intel), and Ubuntu (cups, libpng, and libpng, libpng1.6).

[$] LWN.net Weekly Edition for July 12, 2018

Thursday 12th of July 2018 12:51:39 AM
The LWN.net Weekly Edition for July 12, 2018 is available.

[$] Signing and distributing Gentoo

Wednesday 11th of July 2018 06:55:44 PM

The compromise of the Gentoo's GitHub mirror was certainly embarrassing, but its overall impact on Gentoo users was likely fairly limited. Gentoo and GitHub responded quickly and forcefully to the breach, which greatly limited the damage that could be done; the fact that it was a mirror and not the master copy of Gentoo's repositories made it relatively straightforward to recover from. But the black eye that it gave the project has led some to consider ways to make it even harder for an attacker to add malicious content to Gentoo—even if the distribution's own infrastructure were to be compromised.

A set of stable kernel updates

Wednesday 11th of July 2018 04:44:31 PM
Greg Kroah-Hartman has released stable kernels 4.17.6, 4.14.55, 4.9.112, 4.4.140, and 3.18.115. As usual, they contain important fixes and users should upgrade.

[$] Emacs & TLS

Wednesday 11th of July 2018 03:35:58 PM

A recent query about the status of network security (TLS settings in particular) in Emacs led to a long thread in the emacs-devel mailing list. That thread touched on a number of different areas, including using OpenSSL (or other TLS libraries) rather than GnuTLS, what kinds of problems should lead to complaints out of the box, what settings should be the default, and when those settings could change for Emacs so as not to discombobulate users. The latter issue is one that lots of projects struggle with: what kinds of changes are appropriate for a bug-fix release versus a feature release. For Emacs, its lengthy development cycle, coupled with the perceived urgency of security changes, makes that question even more difficult.

Security updates for Wednesday

Wednesday 11th of July 2018 03:12:01 PM
Security updates have been issued by Debian (cups), Oracle (kernel and qemu-kvm), Red Hat (ansible, kernel, kernel-rt, and qemu-kvm), Scientific Linux (kernel and qemu-kvm), Slackware (thunderbird), and Ubuntu (curl, firefox, imagemagick, and xapian-core).

Malware found in the Arch Linux AUR repository

Tuesday 10th of July 2018 10:09:28 PM
Here's a report in Sensors Tech Forum on the discovery of a set of hostile packages in the Arch Linux AUR repository system. AUR contains user-contributed packages, of course; it's not a part of the Arch distribution itself. "The security investigation shows that shows that a malicious user with the nick name xeactor modified in June 7 an orphaned package (software without an active maintainer) called acroread. The changes included a curl script that downloads and runs a script from a remote site. This installs a persistent software that reconfigures systemd in order to start periodically. While it appears that they are not a serious threat to the security of the infected hosts, the scripts can be manipulated at any time to include arbitrary code. Two other packages were modified in the same manner." This thread in the aur-general list shows the timeline of the discovery and response.

More in Tux Machines

Software: Latte Dock, Emacs, Ick, REAPER

  • Latte Dock 0.8 Released with Widget Separators, Setup Sharing, More
    A new version of Latte Dock, an icon-based task bar for the KDE desktop, is available to download. Latte Dock 0.8 is the first stable release of the app switching software in almost a year and is the third stable release overall.
  • 3 Emacs modes for taking notes
    No matter what line of work you're in, it's inevitable you have to take a few notes. Often, more than a few. If you're like many people in this day and age, you take your notes digitally. Open source enthusiasts have a variety of options for jotting down their ideas, thoughts, and research in electronic format. You might use a web-based tool. You might go for a desktop application. Or, you might turn to the command line. If you use Emacs, that wonderful operating system disguised as a text editor, there are modes that can help you take notes more efficiently. Let's look at three of them.
  • Ick version 0.53 released: CI engine
    I have just made a new release of ick, my CI system. The new version number is 0.53, and a summary of the changes is below. The source code is pushed to my git server (git.liw.fi), and Debian packages to my APT repository (code.liw.fi/debian). See https://ick.liw.fi/download/ for instructions.
  • REAPER 5.93 Brings New Linux-Native Builds
    Since 2016 we have been looking forward to the REAPER digital audio workstation software for Linux while with this week's v5.93 release, the experimental Linux-native builds are now officially available.
  • Digital Audio Workstation REAPER Adds Experimental Native Linux Builds
    REAPER, a popular music production tool, added experimental native Linux builds to its download page with the latest 5.93 release. Initially released in 2005, REAPER (Rapid Environment for Audio Production, Engineering, and Recording) is a powerful digital audio workstation (DAW) and MIDI sequencer, available for Windows, macOS and Linux. Cockos, the company that develops REAPER, was founded by Justin Frankel of Winamp and Gnutella peer-to-peer network fame. The application uses a proprietary license and you can evaluate it for free for 60 days without having to provide any personal details or register. After the free trial ends, you can continue to use it but a nag screen will show up for a few seconds when the application starts. A license costs $225 for commercial use, or $60 for a discounted license (details here).

today's howtos

Red Hat News

At Rest Encryption

There are many steps you can take to harden a computer, and a common recommendation you'll see in hardening guides is to enable disk encryption. Disk encryption also often is referred to as "at rest encryption", especially in security compliance guides, and many compliance regimes, such as PCI, mandate the use of at rest encryption. This term refers to the fact that data is encrypted "at rest" or when the disk is unmounted and not in use. At rest encryption can be an important part of system-hardening, yet many administrators who enable it, whether on workstations or servers, may end up with a false sense of security if they don't understand not only what disk encryption protects you from, but also, and more important, what it doesn't. Read more