Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 days 15 hours ago

Garrett: Making hibernation work under Linux Lockdown

Monday 22nd of February 2021 03:25:40 PM
Matthew Garrett recently posted a patch set enabling hibernation on systems that are running in the UEFI secure-boot lockdown mode. This blog entry gets into the details of how it all works. "When we encrypt material with the TPM, we can ask it to record the PCR state. This is given back to us as metadata accompanying the encrypted secret. Along with the metadata is an additional signature created by the TPM, which can be used to prove that the metadata is both legitimate and associated with this specific encrypted data. In our case, that means we know what the value of PCR 23 was when we encrypted the key. That means that if we simply extend PCR 23 with a known value in-kernel before encrypting our key, we can look at the value of PCR 23 in the metadata. If it matches, the key was encrypted by the kernel - userland can create its own key, but it has no way to extend PCR 23 to the appropriate value first. We now know that the key was generated by the kernel."

Kodi 19 released

Monday 22nd of February 2021 03:11:36 PM
Version 19 of the Kodi "entertainment center" application is out with a long list of new features.

For audio and music lovers, there are significant improvements across the board to metadata handling: library improvements, new tags, new displays, improvements to how Kodi handles release dates, album durations, multi-disc sets, and more. There's a new, Matrix-inspired visualisation, there are improvements to display when fetching files from a web server, and several changes to how audio decoder addons can pass information through to the Kodi player.

For video, most of the changes are more technical, and may depend on your hardware: AV1 software decoding, HLG HDR and static HDR10 playback on Windows 10, static HDR10 and dynamic Dolby Vision HDR support on Android, and more OpenGL bicubic scalers.

Security updates for Monday

Monday 22nd of February 2021 02:41:37 PM
Security updates have been issued by Debian (chromium, libzstd, openldap, openvswitch, screen, and wpa), Fedora (dotnet5.0, subversion, and wpa_supplicant), openSUSE (mumble, python-djangorestframework, and tor), Oracle (container-tools:ol8, kernel, nodejs:10, nodejs:12, nodejs:14, subversion:1.10, and xterm), Red Hat (stunnel and xterm), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, krb5-appl, python3, tomcat, and webkit2gtk3).

[$] An introduction to lockless algorithms

Friday 19th of February 2021 06:33:32 PM
Lockless algorithms are of interest for the Linux kernel when traditional locking primitives either cannot be used or are not performant enough. For this reason they come up every now and then on LWN; one of the last mentions, which prompted me to write this article series, was last July. Topics that arise even more frequently are read-copy-update (RCU — these articles from 2007 are still highly relevant), reference counting, and ways of wrapping lockless primitives into higher-level, more easily understood APIs. These articles will delve into the concepts behind lockless algorithms and how they are used in the kernel.

Security updates for Friday

Friday 19th of February 2021 03:18:40 PM
Security updates have been issued by Debian (bind9, libbsd, openssl1.0, php-horde-text-filter, qemu, and unrar-free), Fedora (kiwix-desktop and libntlm), Mageia (coturn, mediawiki, privoxy, and veracrypt), openSUSE (buildah, libcontainers-common, podman), Oracle (kernel, nss, and perl), Red Hat (xterm), SUSE (java-1_7_1-ibm, php74, python-urllib3, and qemu), and Ubuntu (libjackson-json-java and shiro).

[$] How useful should copy_file_range() be?

Thursday 18th of February 2021 03:20:32 PM
The copy_file_range() system call looks like a relatively straightforward feature; it allows user space to ask the kernel to copy a range of data from one file to another, hopefully applying some optimizations along the way. In truth, this call has never been as generic as it seems, though some changes made during 5.3 helped in that regard. When the developers of the Go language ran into problems with copy_file_range(), there ensued a lengthy discussion on how this system call should work and whether the kernel needs to do more to make it useful.

Security updates for Thursday

Thursday 18th of February 2021 02:46:04 PM
Security updates have been issued by Debian (mumble, openssl, php7.3, and webkit2gtk), openSUSE (jasper, php7, and screen), SUSE (bind, php7, and php72), and Ubuntu (bind9, openssl, openssl1.0, and webkit2gtk).

Google's effort to mitigate memory-safety issues

Thursday 18th of February 2021 02:19:22 PM
The Google Security Blog carries an announcement of a heightened effort to reimplement security-critical software in memory-safe languages. "The new Rust-based HTTP and TLS backends for curl and now this new TLS library for Apache httpd are an important starting point in this overall effort. These codebases sit at the gateway to the internet and their security is critical in the protection of data for millions of users worldwide."

[$] LWN.net Weekly Edition for February 18, 2021

Thursday 18th of February 2021 01:11:04 AM
The LWN.net Weekly Edition for February 18, 2021 is available.

[$] What goes into default Debian?

Wednesday 17th of February 2021 08:22:23 PM
The venerable locate file-finding utility has long been available for Linux systems, though its origins are in the BSD world. It is a generally useful tool, but does have a cost beyond just the disk space it occupies in the filesystem; there is a periodic daemon program (updatedb) that runs to keep the file-name database up to date. As a recent debian-devel discussion shows, though, people have differing ideas of just how important the tool is—and whether it should be part of the default installation of Debian.

Another pair of stable kernels

Wednesday 17th of February 2021 03:18:55 PM
The 5.10.17 and 5.4.99 stable kernel updates have been released; they both contain another set of important fixes.

Security updates for Wednesday

Wednesday 17th of February 2021 02:53:37 PM
Security updates have been issued by Debian (openssl and ruby-mechanize), Fedora (chromium, jasper, roundcubemail, spice-vdagent, and webkit2gtk3), openSUSE (python-bottle), Oracle (dotnet, kernel, and kernel-container), Red Hat (redhat-ds:11, RHDM, and RHPAM), SUSE (jasper, kernel, and screen), and Ubuntu (thunderbird and wpa).

Go 1.16 released

Wednesday 17th of February 2021 02:30:58 PM
Version 1.16 of the Go language is available. New features include an "embed" package, Apple Arm64 support, use of modules by default, and build-performance improvements; see the release notes for details.

[$] Malware in open-source web extensions

Tuesday 16th of February 2021 08:45:48 PM
On February 4, millions of browser tabs were suddenly terminated. Not everyone was surprised; the dozen people who spent the last four months waiting for this tragedy to occur watched in relief as the first in a rapid stream of GitHub comments began pouring in. The Great Suspender, a Chrome extension that suspended inactive tabs, with around two-million users, had been forcibly uninstalled because it contained malware. This was a serious problem for users, in part due to the difficulty in recovering the lost tabs, but the extension's malevolence had been painfully obvious to anyone who cared to investigate it.

5.12 Merge window delayed

Tuesday 16th of February 2021 08:41:38 PM
Those of us who are watching the mainline kernel repository may have been wondering why it appears that no pull requests for the 5.12 merge window have yet been acted upon. The problem, it seems, is power outages caused by the severe winter weather in the US Pacific northwest. Until that gets resolved, which could take a few days, the 5.12 merge window is likely to remain on hold.

Security updates for Tuesday

Tuesday 16th of February 2021 04:17:40 PM
Security updates have been issued by Debian (spip), Mageia (chromium-browser, kernel, kernel-linus, and trojita), openSUSE (mumble and opera), Red Hat (container-tools:rhel8, java-1.8.0-ibm, kernel, kernel-rt, net-snmp, nodejs:10, nodejs:12, nodejs:14, nss, perl, python, and rh-nodejs10-nodejs), and SUSE (jasper, python-bottle, and python-urllib3).

[$] Development statistics for the 5.11 kernel

Monday 15th of February 2021 07:48:14 PM
The 5.11 kernel was released on February 14 — the most romantic sort of Valentine's day gift one could hope for. This kernel saw the merging of 14,340 changesets from 1,912 developers; it is certainly not the busiest development cycle we have seen recently, but it still saw a lot of activity. Read on for our traditional look at where the code merged for 5.11 came from.

Security updates for Monday

Monday 15th of February 2021 03:37:35 PM
Security updates have been issued by Debian (busybox, linux-4.19, openvswitch, subversion, unbound1.9, and xterm), Fedora (audacity, community-mysql, kernel, libzypp, mysql-connector-odbc, python-django, python3.10, and zypper), openSUSE (librepo, openvswitch, subversion, and wpa_supplicant), Red Hat (subversion:1.10), SUSE (kernel, openvswitch, perl-File-Path, and wpa_supplicant), and Ubuntu (postgresql-12).

The 5.11 kernel is out

Sunday 14th of February 2021 10:57:24 PM
Linus has released the 5.11 kernel, as expected. "I know it's Valentine's Day here in the US - maybe give this release a good testing before you go back and play with development kernels. All right? Because I'm sure your SO will understand." Headline features in 5.11 include Intel SGX support, a new system-call interception mechanism, the seccomp() constant-action bitmap optimization, the internal kmap_local() API, the epoll_pwait2() system call, and much more. See the LWN merge-window articles (part 1, part 2) and the (under development) KernelNewbies 5.11 page for more information.

Saturday stable kernels

Saturday 13th of February 2021 04:25:58 PM
The 5.10.16, 5.4.98, and 4.19.176 stable kernel updates have been released; each contains another set of important fixes.

More in Tux Machines

Kubuntu vs. Ubuntu

There is a massive list of Linux distributions available for the users, and these distros are not limited due to their features and compatibilities for different systems. Linux distros like Ubuntu, Lubuntu, Kubuntu, Arch Linux, Debian, Fedora offer unique options and features to the users. Many people are turning their way towards Kubuntu because of its compatibility. Still, there is always an argument that Kubuntu is based on Ubuntu, and it is less capable than Ubuntu. We shall overview Ubuntu and Kubuntu’s side by side in this article to provide complete details and a brief comparison between them. Read more

today's howtos

  • How to extract Tar GZ archives in Ubuntu [Guide]

    Not all Linux programs come in DEB or RPM packages. Some programs are distributed to Linux users inside of Tar GZ archive files. These files are compressed and the user must manually extract the contents. A whole lot of new Ubuntu users do not understand how to extract Tar GZ archives. As a result, many users give up on Tar GZ archives. This guide will show you various ways you can extract Tar GZ archive files on Ubuntu.

  • How to install Gimp in Ubuntu [Guide]

    Are you using Ubuntu Linux and need to install the latest Gimp for photo editing or graphic work? Can’t figure out how to get the app working on your system? We can help! Follow along as we go over how to get Gimp working on Ubuntu!

  • Useful Tips & Tricks of Kubuntu KNotes

    Kubuntu computer users benefit from its useful tool KNotes that is helpful to use everyday. For example, you can keep frequently used text in it and copy paste them quickly at any time you wish, such as chat group rules (including classrooms) and your online payment information. This is a list of tips and tricks using the sticky notes. Hope you will like it!

  • How to Install and Use PulseAudio-Equalizer on Linux Mint 20 – Linux Hint

    The PulseAudio is an open-source volume control and audio effects tool. It allows us to control and tune the audio settings. The PulseAudio Equalizer has a multi-band interface. Therefore, you can easily adjust the slider when the audio is playing. As PulseAudio is a popular open-source tool, it is included in Linux Mint 20 standard repositories installed from there. Moreover, it can also be installed on Linux Mint 20 from the external PPA repository. This post explains the installation of PulseAudio-Equalizer on Linux Mint.

  • How to use arithmetic operations in bash

    When you are writing a bash script, sometimes you may want to crunch numbers quickly inside the script. For example, you want to convert a unit of data you are working with, round a divided value to the nearest integer, increment a counter in simple loops, etc. Every programming language has built-in support for basic arithmetic operations against common data types. However, since bash is not a general-purpose programming language, but rather a command-line interpreter, it comes with limited support for arithmetic operations. In this tutorial, I present tips on how to perform integer or floating point arithmetic operations in a bash shell script.

  • How to fix “bash: /usr/sbin/ifconfig: No such file or directory” on Linux – Linux Hint

    You were trying to know the IP address of your Linux Operating System, and an error occurred with the message “bash: /usr/sbin/ifconfig: No such file or directory,” and that error has brought you here. Don’t worry; you are reading exactly the right post. But, the question arises that it was working before; what happened?

  • How to Install Git on Linux Mint 20 – Linux Hint

    Git, developed by Linus Torvalds, is the most popular distributed system for version control. Git is a very efficient platform for open-source projects. Using Git, you can collaborate with the other developers, upload the new changes, keep track of the changes, and many more.

  • How To Install And Setup TinyProxy On Your Linux Server – Linux Hint

    Tinyproxy is an HTTP/HTTPS Proxy. It is lightweight, fast, very easy to configure, and an open-source proxy service. Tinyproxy is configurable as a reverse proxy as well. It is good to be used as a small proxy with fewer system resources because it is very lightweight.

  • How to Enable Snap Applications Support in Linux Mint 20 (Recommended Method) – Linux Hint

    Snap is a package manager for Linux-based distributions, and snaps refer to the application packages that are available for IoT, cloud, and desktop. Snaps are multi-platform, easy to install, secure, and dependency-free applications. One of the biggest advantages of snap applications is that they update automatically. On Linux Mint 20, the snap support is disabled by default. There could be a situation that you are interested in installing any particular application, and the application version is only available from the snap application manager. In this situation, you will require to enable and install the snap-on Linux Mint 20.

  • How to Undelete Files in Ubuntu: 3 Tools for Linux Data Recovery | IT Pro

    Here's how to undelete files in Ubuntu, although the tools and methods should work on any mainstream Linux distribution.

  • How to Use Two-Factor Authentication with Ubuntu

    Over time, the traditional username and password authentication has proven inadequate in providing robust security to applications and systems. Usernames and passwords can easily be cracked using a plethora of hacking tools, leaving your system vulnerable to breaches. For this reason, any company or entity that takes security seriously needs to implement 2-Factor authentication. Colloquially known as MFA (Multi-Factor Authentication), 2-Factor authentication provides an extra layer of security that requires users to provides certain details such as codes, or OTP (One Time Password) before or after authenticating with the usual username and password. Nowadays multiple companies such as Google, Facebook, Twitter, and AWS, to mention a few provide users the choice of setting up MFA to further protect their accounts.

  • How to Run the Same Command Multiple Times in Linux – Linux Hint

    When programming, you may encounter a situation in which you need to perform the same task multiple times. A simple solution is to manually repeat the process as many times as it is needed; however, it is not productive to do so. That is why the concept of loops was introduced to programming. The basic goal of a loop is to repeat a task several times, depending upon the value provided for the iterator and the termination condition of the loop. Loops allow programmers to avoid the hassle of repeating processes manually. Suppose that there is a command that you wish to run multiple times. There are several important reasons that you might need to run a command repeatedly, so you want to be sure that a certain command produces the correct output every time it is executed. The more you run a command manually, the more certainty you will gain each time you run the command. But how do you do this programmatically? Well, there are several methods that can be used to run the same command multiple times, as well as for verifying the output of the repeated command. This article shows you how to create a repeatable command using Linux Mint 20 as the host operating system.

Federico Mena-Quintero: Librsvg, Rust, and non-mainstream architectures

Almost five years ago librsvg introduced Rust into its source code. Around the same time, Linux distributions started shipping the first versions of Firefox that also required Rust. I unashamedly wanted to ride that wave: distros would have to integrate a new language in their build infrastructure, or they would be left without Firefox. I was hoping that having a working Rust toolchain would make it easier for the rustified librsvg to get into distros. Two years after that, someone from Debian complained that this made it hard or impossible to build librsvg (and all the software that depends on it, which is A Lot) on all the architectures that Debian builds on — specifically, on things like HP PA-RISC or Alpha, which even Debian marks as "discontinued" now. Recently there was a similar kerfuffle, this time from someone from Gentoo, specifically about how Python's cryptography package now requires Rust. So, it doesn't build for platforms that Rust/LLVM don't support, like hppa, alpha, and Itanium. It also doesn't build for platforms for which there are no Rust packages from Gentoo yet (mips, s390x, riscv among them). Read more

LXPanel 0.10.1 released.

After long period of time without releases, another core LXDE component which is the panel, got a long waited release with few fixes. No new features yet but fixes are also good ones. Features will be later, that is certain. Anyone are welcome to contribute, as always. Read more