Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 28 min ago

[$] An end to high memory?

7 hours 45 min ago
This patch from Johannes Weiner seemed like a straightforward way to improve memory-reclaim performance; without it, the virtual filesystem layer throws away memory that the memory-management subsystem thinks is still worth keeping. But that patch quickly ran afoul of a feature (or "misfeature" depending on who one asks) from the distant past, one which goes by the name of "high memory". Now, more than 20 years after its addition, high memory may be brought down low, as developers consider whether it should be deprecated and eventually removed from the kernel altogether.

Security updates for Thursday

10 hours 42 min ago
Security updates have been issued by CentOS (kernel, ksh, python-pillow, and thunderbird), Debian (opensmtpd, proftpd-dfsg, and rake), Fedora (NetworkManager-ssh), openSUSE (chromium), and SUSE (libexif, mariadb, ovmf, python3, and squid).

[$] LWN.net Weekly Edition for February 27, 2020

Thursday 27th of February 2020 01:59:07 AM
The LWN.net Weekly Edition for February 27, 2020 is available.

[$] Impedance matching for BPF and LSM

Wednesday 26th of February 2020 11:10:02 PM
The "kernel runtime security instrumentation" (KRSI) patch set has been making the rounds over the past few months; the idea is to use the Linux security module (LSM) hooks as a way to detect, and potentially deflect, active attacks against a running system. It does so by allowing BPF programs to be attached to the LSM hooks. That has caused some concern in the past about exposing the security hooks as external kernel APIs, which makes them potentially subject to the "don't break user space" edict. But there has been no real objection to the goals of KRSI. The fourth version of the patch set was posted by KP Singh on February 20; the concerns raised this time are about its impact on the LSM infrastructure.

Security updates for Wednesday

Wednesday 26th of February 2020 03:41:13 PM
Security updates have been issued by Debian (python-pysaml2), Mageia (clamav, graphicsmagick, opencontainers-runc, squid, and xmlsec1), Oracle (kernel, ksh, python-pillow, systemd, and thunderbird), Red Hat (rh-nodejs12-nodejs), Scientific Linux (ksh, python-pillow, and thunderbird), and SUSE (nodejs6, openssl, ppp, and squid).

[$] A look at "BPF Performance Tools"

Wednesday 26th of February 2020 01:47:25 PM
BPF has exploded within the Linux world over the last few years, growing from its networking roots into the go-to tool for running custom in-kernel programs. Its role seems to expand with every kernel release into diverse areas such as security and device control. But none of that is the focus of a relatively new book from Brendan Gregg, BPF Performance Tools; it looks, instead, at how BPF provides visibility into the guts of the kernel. Finding performance bottlenecks of various sorts on (generally large) production systems is an area where BPF and the tool set that has grown up around it can excel; Gregg's book describes that landscape in great depth.

Manjaro 19.0 released

Wednesday 26th of February 2020 11:16:32 AM
Version 19 of the Arch-based Manjaro distribution is out. "The Xfce edition remains our flagship offering and has received the attention it deserves. Only a few can claim to offer such a polished, integrated and leading-edge Xfce experience. With this release we ship Xfce 4.14 and have mostly focused on polishing the user experience with the desktop and window manager. Also we have switched to a new theme called Matcha. A new feature Display-Profiles allows you to store one or more profiles for your preferred display configuration. We also have implemented auto-application of profiles when new displays are connected."

FSF to launch code hosting

Tuesday 25th of February 2020 09:03:13 PM
The Free Software Foundation has announced that it is planning to launch a public code hosting and collaboration platform later this year. "We plan on contributing improvements upstream for the new forge software we choose, to boost its score on [GNU ethical repository] criteria. Our tech team is small for the size of the network we maintain, and we don't have any full-time developers who work for the FSF, so we are limited in the amount of time we can spend on the software we choose. We'll communicate with the upstream developers to request improvements and help clarify any questions related to the ethical repository criteria."

Security updates for Tuesday

Tuesday 25th of February 2020 03:49:41 PM
Security updates have been issued by Debian (curl and otrs2), Fedora (NetworkManager-ssh and python-psutil), Mageia (ipmitool, libgd, libxml2_2, nextcloud, radare2, and upx), openSUSE (inn and sudo), Oracle (kernel, ksh, python-pillow, and thunderbird), Red Hat (curl, kernel, nodejs:10, nodejs:12, procps-ng, rh-nodejs10-nodejs, ruby, and systemd), SUSE (dpdk, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libexif, libvpx, nodejs10, nodejs8, openssl1, pdsh, slurm_18_08, python-azure-agent, python3, and webkit2gtk3), and Ubuntu (libapache2-mod-auth-mellon, libpam-radius-auth, and rsync).

[$] watch_mount(), watch_sb(), and fsinfo() (again)

Monday 24th of February 2020 10:21:11 PM
Filesystems, by design, hide a lot of complexity from users. At times, though, those users need to be able to look inside the black box and extract information about what is going on within a filesystem. Answering this need is David Howells, the creator of a number of filesystem-oriented system calls; in this patch set he tries to add three more, one of which we have seen before and two of which are new.

Kernel prepatch 5.6-rc3

Monday 24th of February 2020 04:47:21 PM
The 5.6-rc3 kernel prepatch is out for testing. Linus says: "Fairly normal rc3 as far as I can tell. We've seen bigger, but we've seen smaller ones too. Maybe this is slightly on the low side of average at this time, which would make sense since this was a smaller merge window. Anyway, too much noise in the signal to be sure either way."

Stable kernel updates

Monday 24th of February 2020 03:47:51 PM
Stable kernels 5.5.6, 5.4.22, and 4.19.106 have been released. They all have a large set of important fixes.

Security updates for Monday

Monday 24th of February 2020 03:39:52 PM
Security updates have been issued by Debian (libpam-radius-auth, pillow, ppp, proftpd-dfsg, and python-pysaml2), Fedora (firefox, glib2, hiredis, http-parser, libuv, mingw-openjpeg2, nghttp2, nodejs, openjpeg2, python-pillow, skopeo, and webkit2gtk3), Mageia (patch, postgresql, and systemd), Red Hat (ksh, nodejs:10, openjpeg2, python-pillow, systemd, and thunderbird), and SUSE (java-1_7_1-ibm, libsolv, libzypp, zypper, pdsh, slurm_18_08, and php53).

[$] CAP_PERFMON — and new capabilities in general

Friday 21st of February 2020 05:37:58 PM
The perf_event_open() system call is a complicated beast, requiring a fair amount of study to master. This call also has some interesting security implications: it can be used to obtain a lot of information about the running system, and the complexity of the underlying implementation has made it more than usually prone to unpleasant bugs. In current kernels, the security controls around perf_event_open() are simple, though: if you have the CAP_SYS_ADMIN capability, perf_event_open() is available to you (though the system administrator can make it available without any privilege at all). Some current work to create a new capability for the perf events subsystem would seem to make sense, raising the question of why adding new capabilities isn't done more often.

Security updates for Friday

Friday 21st of February 2020 02:03:03 PM
Security updates have been issued by CentOS (openjpeg2), Debian (cloud-init, jackson-databind, and python-reportlab), Red Hat (ksh, python-pillow, systemd, and thunderbird), Slackware (proftpd), SUSE (java-1_7_0-ibm, nodejs10, and nodejs12), and Ubuntu (ppp and squid, squid3).

[$] Memory-management optimization with DAMON

Thursday 20th of February 2020 03:09:52 PM
To a great extent, memory management is based on making predictions: which pages of memory will a given process need in the near future? Unfortunately, it turns out that predictions are hard, especially when they are about future events. In the absence of useful information sent back from the future, memory-management subsystems are forced to rely on observations of recent behavior and an assumption that said behavior is likely to continue. The kernel's memory-management decisions are opaque to user space, though, and often result in less-than-optimal performance. A pair of patch sets from SeongJae Park tries to make memory-usage patterns visible to user space, and to let user space change memory-management decisions in response.

Security updates for Thursday

Thursday 20th of February 2020 02:13:45 PM
Security updates have been issued by Debian (netty and netty-3.9), Fedora (ceph, dovecot, poppler, and webkit2gtk3), openSUSE (inn and rmt-server), Oracle (openjpeg2), Red Hat (rabbitmq-server), Scientific Linux (openjpeg2), SUSE (dnsmasq, rsyslog, and slurm), and Ubuntu (php7.0).

[$] LWN.net Weekly Edition for February 20, 2020

Thursday 20th of February 2020 01:04:41 AM
The LWN.net Weekly Edition for February 20, 2020 is available.

Stable kernel updates

Wednesday 19th of February 2020 09:07:26 PM
Stable kernels 5.5.5, 5.4.21, and 4.19.105 have been released, with the usual set of important fixes.

[$] Debian discusses how to handle 2038

Wednesday 19th of February 2020 07:38:15 PM
At this point, most of the kernel work to avoid the year-2038 apocalypse has been completed. Said apocalypse could occur when time counted in seconds since 1970 overflows a 32-bit signed value (i.e. time_t). Work in the GNU C Library (glibc) and other C libraries is well underway as well. But the "fun" is just beginning for distributions, especially those that support 32-bit architectures, as a recent Debian discussion reveals. One of the questions is: how much effort should be made to support 32-bit architectures as they fade from use and 2038 draws nearer?

More in Tux Machines

The Apache Software Foundation Announces 20th Anniversary of Apache® Subversion®

The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the 20th Anniversary of Apache® Subversion®, the popular centralized software version control system. Apache Subversion ("SVN") allows users to commit code, manage changes, and recover previous versions of all sorts of data across files and directories. Subversion is ideal for distributed teams who need to easily audit and act on modification logs and versioning history across projects. Subversion originated at CollabNet in 2000 as an effort to create an Open Source version-control system similar to the then-standard CVS (Concurrent Versions System) but with additional features and functionality. Subversion was submitted to the Apache Incubator In November 2009, and became an Apache Top-Level Project in February 2010. "We are very proud of Subversion's long history, and remain committed to our mission statement," said Stefan Sperling, Vice President of Apache Subversion. "Subversion has moved well beyond its initial goal of creating a compelling replacement for CVS. In 2010 our mission statement was updated to ‘Enterprise-class centralized version control for the masses’.” Read more Also: Apache Celebrates Subversion's 20th Anniversary

Software: HPLIP, MuseScore, TeamViewer

  • HPLIP 3.20.2 Released with Linux Mint 19.3 Support

    HPLIP 3.20.2, HP developed open source Linux driver for HP printers and scanners, was released today with many new devices and Linux Mint 19.3 support.

  • MuseScore – Create, play, and print beautiful sheet music

    Do you need a top-notch musical notation editor for your Linux PC? MuseScore should be the software of your choice. A good music notation app requires to provide the user with features like quick corrections, fast editing, reliable sharing, and provision of a uniform layout of sheet music. It should make the whole process of creating, editing, and printing music a lot easier and fast. MuseScore is one of the powerful and versatile open-source music score editors in the market. It might not offer all the editing features provided by high-end paid software, but it provides users with the core functionality needed.

  • Best 14 teamviewer alternatives for Linux/Ubuntu

    One of the most popular software enabling computers to be controlled remotely is TeamViewer, but there are many other options that are available as well, which have just as many features (desktop sharing, online conferences, and data transfers). Since TeamViewer dominates the major online users, it has long ranked number one by many users. However, for many, TeamViewer isn’t their number one choice and so in the true spirit of ope n source, let’s talk about thousands of similar software. Since I can’t discuss it all, let’s talk about the top 14 alternatives of TeamViewer for Linux in 2020.

Security: Patches, Whonix, IPFire and More

  • Security updates for Thursday

    Security updates have been issued by CentOS (kernel, ksh, python-pillow, and thunderbird), Debian (opensmtpd, proftpd-dfsg, and rake), Fedora (NetworkManager-ssh), openSUSE (chromium), and SUSE (libexif, mariadb, ovmf, python3, and squid). 

  • Whonix VirtualBox 15.0.0.8.9 - Point Release! - vanguards; TCP ISN Leak Protection; Extensive Hardening!

    This is a point release. Download Whonix for VirtualBox:

  • Build your career in Computer Forensics: List of Digital Forensic Tools - Part I

    Digital devices are present everywhere and considered to be the primary source of evidence in the case of cybercrime. Out of all the devices, phones and laptops are the top weapons used in cybercrimes. Regardless of who the device belonged to, either the victim or suspect, it offers an abundance of data to investigate the crime. But retrieving evidence from these devices in a secure environment can be very challenging. To overcome the time constraint and other complications, cyber forensic professionals use digital forensic tools.  

  • What are Open Source Security Approaches? With Examples

    Open source security approaches enable organizations to secure their applications and networks while avoiding expensive proprietary security offerings.  An open source approach allows organizations to secure their applications across cloud providers and other platforms using platform-agnostic APIs. These APIs are written by contributors to the open source software code while cloud providers may use open source code that allows the open APIs to connect to the cloud. Open source approaches, for security or not, also bring in collaboration across an industry. It isn’t just one organization that benefits from a program or technology, but everyone who contributes to and uses it. The open source projects and programs used as examples in this article come from two major open source entities: The Linux Foundation and the Cloud Native Computing Foundation (CNCF). The two also work closely together to further the projects under their purview.

  • Cloud Snooper: Hackers Using Linux Kernel Driver To Attack Cloud Server [Ed: So, if you install malicious software in Linux, due to recklessness or sabotage, it'll do malicious things. How is that a Linux weakness?]

    Whether you’re a Linux user or not, you must have heard the buzzword about the Linux — “Best OS for security.” Well, it is true, but being a computer program, Linux also has some downside that challenges its security. Talking about the security risks, recently, SophosLab published a report about a new malware dubbed Cloud Snooper, that can compromise the security of any Linux or other OS based servers by deploying a kernel driver.

  • IPFire on AWS: Update to IPFire 2.25 - Core Update 141

    Today, we have updated IPFire on AWS to IPFire 2.25 - Core Update 141 - the latest official release of IPFire. Since IPFire is available on AWS, we are gaining more and more users who are securing their cloud infrastructure behind an easy to configure, yet fast and secure firewall. This update adds the rewritten DNS stack and brings many bug fixes to the cloud.

Huawei’s plan to escape Google could fix Android for everyone

Huawei has stopped sidestepping the unavoidable question – no Google, what next? After suggesting it could (eventually) make its own smartphone operating system, built on Harmony OS in 2019, Huawei is now unequivocal – for the foreseeable future, it’s all in with its Google Mobile Services (GMS) free version of Android. The long term partnership with Google saw Huawei launch the jewel in its crown, the P30 Pro, which, a year on, is still an easy phone to recommend. But, there’s a big question mark over its more recent, arguably better-specced devices like the Mate 30 Pro and upcoming Huawei Mate Xs, given the fact they don’t support essential features like access to the Google Play Store. Rather than serve as an indictment on Huawei’s inability to step up and deliver an alternative within months, however, this is part of a much bigger question. Is Android really open source, or have developers, manufacturers and, ultimately, all of us as Android users been sleepwalking into a state of total dependence upon Google? It’s important to note that if Google had its way, we could say with some assurance, it would keep working with Huawei. After all, this political fallout highlights just how hoodwinked the world is into thinking the Android we’ve been using is an open-source alternative to iOS. Read more