Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 9 min ago

Security updates for Tuesday

5 hours 57 min ago
Security updates have been issued by CentOS (java-1.8.0-openjdk), Fedora (mosquitto), openSUSE (binutils, clamav, exiv2, fuse, haproxy, singularity, and zziplib), Slackware (firefox), SUSE (apache-pdfbox, net-snmp, pam_pkcs11, postgresql94, rpm, tiff, and wireshark), and Ubuntu (kernel, libssh, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, net-snmp, paramiko, requests, and texlive-bin).

Linux Foundation Technical Advisory Board election call for nominations

10 hours 45 min ago
The Linux Foundation's Technical Advisory Board is chosen by a vote at the Kernel Summit each year; this year, that will happen during the Linux Plumbers Conference in November. The call for nominations to the board has gone out; it remains open until the voting happens. "The TAB advises the Foundation on kernel-related matters, helps member companies learn to work with the community, and works to resolve community-related problems before they get out of hand. We're also working with kernel maintainers to help refine the new code of conduct, and serving as the initial point of contact for code of conduct issues."

[$] The code of conduct at the Maintainers Summit

13 hours 9 min ago
The 2018 Kernel Maintainers Summit convened in Edinburgh, UK on October 22 with a number of things to discuss, but the top subject on most minds was the recently (and hastily) adopted code of conduct. Linus Torvalds made his reentry into the kernel community with a discussion of how we got to the current state of affairs, and the assembled maintainers had a relatively good-natured discussion on how this situation came about and where things can be expected to go from here.

How to do Samba: Nicely

Monday 22nd of October 2018 07:46:39 PM
The Samba team has announced a set of guidelines for the project. "Please note this is not a "Code of Conduct" as such, but a set of advisory guidelines we'd like people to follow, with a way for people (privately if they prefer) to raise issues if they see them. I hope everyone will find this document acceptable as a way for us to agree on how we want our community to be a welcoming one for all members."

Announcing the GNU Kind Communication Guidelines

Monday 22nd of October 2018 05:08:04 PM
Richard Stallman has released an initial version of the GNU Kind Communications Guidelines, and asks all GNU contributors to make their best efforts to follow these guidelines in GNU Project discussions. "The idea of the GNU Kind Communication Guidelines is to start guiding people towards kinder communication at a point well before one would even think of saying, "You are breaking the rules." The way we do this, rather than ordering people to be kind or else, is try to help people learn to make their communication more kind. I hope that kind communication guidelines will provide a kinder and less strict way of leading a project's discussions to be calmer, more welcoming to all participants of good will, and more effective."

Security updates for Monday

Monday 22nd of October 2018 03:27:07 PM
Security updates have been issued by Arch Linux (thunderbird), Debian (drupal7, exiv2, and ghostscript), Fedora (apache-commons-compress, git, libssh, and patch), Mageia (389-ds-base, calibre, clamav, docker, ghostscript, glib2.0, libtiff, mgetty, php-smarty, rust, tcpflow, and vlc), openSUSE (Chromium, icinga, and libssh), and SUSE (clamav, fuse, GraphicsMagick, haproxy, libssh, thunderbird, tomcat, udisks2, and Xerces-c).

The 4.19 kernel is out

Monday 22nd of October 2018 08:49:41 AM
Greg Kroah-Hartman has released the 4.19 kernel. Headline features in this release include the new AIO-based polling interface, L1TF vulnerability mitigations, the block I/O latency controller, time-based packet transmission, the CAKE queuing discipline, and much more. "And with that, Linus, I'm handing the kernel tree back to you. You can have the joy of dealing with the merge window".

Some kernel code-of-conduct refinements

Saturday 20th of October 2018 03:48:21 PM
Greg Kroah-Hartman has posted a series of patches making some changes around the newly adopted code of conduct. In particular, it adds a new document describing how the code is to be interpreted in the kernel community. "I originally sent the first two patches in this series to a lot of kernel developers privately, to get their review and comments and see if they wanted to ack them. This is the traditional way we have always done for policy documents or other 'contentious' issues like the GPLv3 statement or the 'closed kernel modules are bad' statement. Due to the very unexpected way that the original Code of Conduct file was added to the tree, a number of developers asked if this series could also be posted publicly before they were merged, and so, here they are."

Four new stable kernels

Saturday 20th of October 2018 03:03:59 PM
A new set of stable kernels is now available: 4.18.16, 4.14.78, 4.9.135, and 4.4.162. As usual, there are important fixes contained therein; users should upgrade.

cairo release 1.16.0 now available

Saturday 20th of October 2018 02:57:45 PM
After four years of development since 1.14.0, version 1.16.0 of the cairo 2D graphics library has been released. "Of particular note is a wealth of work by Adrian Johnson to enhance PDF functionality, including restoring support for MacOSX 10.4, metadata, hyperlinks, and more. Much attention also went into fonts, including new colored emoji glyph support, variable fonts, and fixes for various font idiosyncrasies. Other noteworthy changes include GLESv3 support for the cairo_gl backend, tracking of SVG units in generated SVG documents, and cleanups for numerous test failures and related issues in the PDF and Postscript backends." More information can be found in the change log.

OpenSSH 7.9 released

Friday 19th of October 2018 02:53:50 PM
The OpenSSH 7.9 release is out. It (finally) allows the use of symbolic service names rather than port numbers, adds support for sending signals over the SSH protocol, bans the use of DSA keys for certificate authorities, and more.

Security updates for Friday

Friday 19th of October 2018 02:13:12 PM
Security updates have been issued by Debian (drupal7 and libssh), openSUSE (binutils, ImageMagick, and java-11-openjdk), Oracle (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), and SUSE (apache2, bash, binutils, clamav, curl, dovecot22, firefox, ghostscript, git, glibc, gnutls, gpg2, icu, java-1_7_0-openjdk, java-1_7_1-ibm, java-1_8_0-ibm, java-1_8_0-openjdk, kernel, kernel-firmware, libvirt, libzypp, zypper, mariadb, nagios, ntp, openslp, openssh, openssl, perl, postgresql10, qemu, qpdf, samba, shadow, smt, yast2-smt, ucode-intel, wireshark, xen, yast2-smt, and zziplib).

OpenBSD 6.4

Thursday 18th of October 2018 10:31:05 PM
OpenBSD 6.4 has been released. This release features improved hardware support, adding a number of new drivers. Notable security improvements include the new unveil() system call to restrict file system access.

Ubuntu 18.10 (Cosmic Cuttlefish) released

Thursday 18th of October 2018 06:33:22 PM
Ubuntu has announced the release of its latest version, 18.10 (or "Cosmic Cuttlefish"). It has lots of updated packages and such, and is available in both a desktop and server version; there are also multiple flavors that were released as well. More information can be found in the release notes. "The Ubuntu kernel has been updated to the 4.18 based Linux kernel, our default toolchain has moved to gcc 8.2 with glibc 2.28, and we've also updated to openssl 1.1.1 and gnutls 3.6.4 with TLS1.3 support. Ubuntu Desktop 18.04 LTS brings a fresh look with the community-driven Yaru theme replacing our long-serving Ambiance and Radiance themes. We are shipping the latest GNOME 3.30, Firefox 63, LibreOffice 6.1.2, and many others. Ubuntu Server 18.10 includes the Rocky release of OpenStack including the clustering enabled LXD 3.0, new network configuration via netplan.io, and iteration on the next-generation fast server installer. Ubuntu Server brings major updates to industry standard packages available on private clouds, public clouds, containers or bare metal in your datacentre."

PostgreSQL 11 released

Thursday 18th of October 2018 05:05:33 PM
The PostgreSQL 11 release is out. "PostgreSQL 11 provides users with improvements to overall performance of the database system, with specific enhancements associated with very large databases and high computational workloads. Further, PostgreSQL 11 makes significant improvements to the table partitioning system, adds support for stored procedures capable of transaction management, improves query parallelism and adds parallelized data definition capabilities, and introduces just-in-time (JIT) compilation for accelerating the execution of expressions in queries." See this article for a detailed overview of what is in this release.

[$] Making the GPL more scary

Thursday 18th of October 2018 03:22:43 PM
For some years now, one has not had to look far to find articles proclaiming the demise of the GNU General Public License. That license, we are told, is too frightening for many businesses, which prefer to use software under the far weaker permissive class of license. But there is a business model that is based on the allegedly scary nature of the GPL, and there are those who would like to make it more lucrative; the only problem is that the GPL isn't quite scary enough yet.

Stable kernels 4.18.15, 4.14.77, and 4.9.134

Thursday 18th of October 2018 02:35:07 PM
Greg Kroah-Hartman has announced the release of the 4.18.15, 4.14.77, and 4.9.134 stable kernels. As usual, there are important fixes throughout the tree and users should upgrade.

Security updates for Thursday

Thursday 18th of October 2018 02:20:25 PM
Security updates have been issued by Arch Linux (chromium, libssh, and net-snmp), Debian (libssh and xen), Fedora (audiofile), openSUSE (axis, GraphicsMagick, ImageMagick, kernel, libssh, samba, and texlive), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk, rh-nodejs6-nodejs, and rh-nodejs8-nodejs), SUSE (binutils and fuse), and Ubuntu (paramiko).

[$] LWN.net Weekly Edition for October 18, 2018

Thursday 18th of October 2018 12:29:38 AM
The LWN.net Weekly Edition for October 18, 2018 is available.

[$] A new direction for i965

Wednesday 17th of October 2018 10:30:08 PM

Graphical applications are always pushing the limits of what the hardware can do and recent developments in the graphics world have caused Intel to rethink its 3D graphics driver. In particular, the lower CPU overhead that the Vulkan driver on Intel hardware can provide is becoming more attractive for OpenGL as well. At the 2018 X.Org Developers Conference Kenneth Graunke talked about an experimental re-architecting of the i965 driver using Gallium3D—a development that came as something of a surprise to many, including him.

More in Tux Machines

Raspberry Pi lookalike offers HDMI 2.0 and optional M.2

Geniatech’s “XPI-S905X” is a new Raspberry Pi pseudo clone with a quad -A53 Amlogic S905X plus 2GB RAM, up to 16GB eMMC, 4K-ready HDMI 2.0, LAN, 4x USB, touch-enabled LVDS, and optional M.2. Geniatech, which is known for Qualcomm based SBCs such as the Snapdragon 410 based, 96Boards-like Development Board IV and Snapdragon 820E based Development Board 8, has posted specs for a Raspberry Pi form factor board with a quad -A53, Amlogic S905X with 1/6GHz to 2GHz performance. No pricing is available for the XPI-S905X, which appears to be aimed at the OEM market. Read more

​Linus Torvalds talks about coming back to work on Linux

"'I'm starting the usual merge window activity now," said Torvalds. But it's not going to be kernel development as usual. "We did talk about the fact that now Greg [Kroah-Hartman] has write rights to my kernel tree, and if will be easier to just share the load if we want to, and maybe we'll add another maintainer after further discussion." So, Kroah-Hartman, who runs the stable kernel, will have a say on Linus' cutting-edge kernel. Will someone else get write permission to Torvalds' kernel code tree to help lighten the load? Stay tuned. Read more Also: Linux Foundation Technical Advisory Board election call for nominations

Mozilla: Firefox 65 Plans and Firefox 63 Analysis

  • Firefox 65 Will Block Tracking Cookies By Default
    Mozilla today released Firefox 63, which includes an experimental option to block third-party tracking cookies, protecting against cross-site tracking. You can test this out today, but Mozilla wants to enable it for everyone by default in Firefox 65.
  • The Path to Enhanced Tracking Protection
    As a leader of Firefox’s product management team, I am often asked how Mozilla decides on which privacy features we will build and launch in Firefox. In this post I’d like to tell you about some key aspects of our process, using our recent Enhanced Tracking Protection functionality as an example.
  • Firefox 63 Lets Users Block Tracking Cookies
    As announced in August, Firefox is changing its approach to addressing tracking on the web. As part of that plan, we signaled our intent to prevent cross-site tracking for all Firefox users and made our initial prototype available for testing. Starting with Firefox 63, all desktop versions of Firefox include an experimental cookie policy that blocks cookies and other site data from third-party tracking resources. This new policy provides protection against cross-site tracking while minimizing site breakage associated with traditional cookie blocking.
  • Firefox 63 – Tricks and Treats!
  • Firefox 63 Released, Red Hat Collaborating with NVIDIA, Virtual Box 6.0 Beta Now Available, ODROID Launching a New Intel-Powered SBC and Richard Stallman Announces the GNU Kind Communication Guidelines
    Firefox 63.0 was released this morning. With this new version, "users can opt to block third-party tracking cookies or block all trackers and create exceptions for trusted sites that don't work correctly with content blocking enabled". In addition, WebExtensions now run in their own process on Linux, and Firefox also now warns if you have multiple windows and tabs open when you quit via the main menu. You can download it from here.
  • Changes to how Mozilla Readability extracts article metadata in Firefox 63
    Mozilla Readability will now extract document metadata from Dublin Core and Open Graph Protocol meta tags instead of trying to guess article titles. Earlier this year, I documented how reader mode in web browsers extract metadata about articles. After learning about the messy state of metadata extraction for reader mode, I sought to improve the extraction logic used in Mozilla Readability. Mozilla Readability was one of the first reader mode parsers and it’s used in Firefox as well as other web browsers.

Security: Cross-Hyperthread Spectre V2 Mitigation Ready For Linux, Targeted vs General-Purpose Security and More

  • Cross-Hyperthread Spectre V2 Mitigation Ready For Linux With STIBP
    On the Spectre front for the recently-started Linux 4.20~5.0 kernel is STIBP support for cross-hyperthread Spectre Variant Two mitigation. Going back to the end of the summer was the patch work for this cross-hyperthread Spectre V2 mitigation with STIBP while now it's being merged to mainline.
  • Targeted vs General purpose security
    There seems to be a lot of questions going around lately about how to best give out simple security advice that is actionable. Goodness knows I’ve talked about this more than I can even remember at this point. The security industry is really bad at giving out actionable advice. It’s common someone will ask what’s good advice. They’ll get a few morsels, them someone will point out whatever corner case makes that advice bad and the conversation will spiral into nonsense where we find ourselves trying to defend someone mostly concerned about cat pictures from being kidnapped by a foreign nation. Eventually whoever asked for help quit listening a long time ago and decided to just keep their passwords written on a sticky note under the keyboard. I’m pretty sure the fundamental flaw in all this thinking is we never differentiate between a targeted attack and general purpose security. They are not the same thing. They’re incredibly different in fact. General purpose advice can be reasonable, simple, and good. If you are a target you’ve already lost, most advice won’t help you. General purpose security is just basic hygiene. These are the really easy concepts. Ideas like using a password manager, multi-factor-auth, install updates on your system. These are the activities anyone and everyone should be doing. One could argue these should be the default settings for any given computer or service (that’s a post for another day though). You don’t need to be a security genius to take these steps. You just have to restrain yourself from acting like a crazy person so whoever asked for help can actually get the advice they need.
  • Oracle Moves to Gen 2 Cloud, Promising More Automation and Security [Ed: Ellison wants people to blindly trust proprietary blobs for security (a bad thing to do, never mind the CIA past of Oracle and severe flaws in its DBs)].
    A primary message from Ellison is that the Gen 2 Oracle cloud is more secure, with autonomous capabilities to help protect against attacks. Ellison also emphasized the segmentation and isolation of workloads on the Gen 2 Oracle cloud, providing improved security.
  • Reproducible Builds: Weekly report #182
    Here’s what happened in the Reproducible Builds effort between Sunday October 14 and Saturday October 20 2018...