LWN.net

Version 4.3.0of the Krita painting application is out. "There’s a whole new setof brush presets that evoke watercolor painting. There’s a color mode inthe gradient map filter and a brand new palettize filter and a high passfilter. The scripting API has been extended. It’s now possible to adjustthe opacity and lightness on colored brush tips separately. You can nowcreate animated brush tips that select brush along multipledimensions. We’ve made it possible to put the canvas area in a window ofits own, so on a multi monitor setup, you can have all the controls on onemonitor, and your images on the other. The color selector has had a bigupdate. There’s a new snapshot docker that stores states of your image, andyou can switch between those. There’s a brand new magnetic selectiontool. Gradients can now be painting as spirals."

Security updates have been issued by Debian (drupal7 and python-django), Fedora (glib-networking, kernel, kernel-headers, and nghttp2), openSUSE (adns, chromium, file-roller, and libEMF), SUSE (java-1_7_1-ibm), and Ubuntu (bind9 and nss).

The LWN.net Weekly Edition for June 18, 2020 is available.

More and more web-site owners are concerned about the "all-seeing Google"tracking users as they browse around the web. Google Analytics (GA) is a full-featured web-analytics system that is available for free and, despite the privacyconcerns, has become the de facto analytics tool for small and large web sitesalike. However, in recent years, a growing number of alternatives are helpingbreak Google's dominance. In this article we'll look at two of the lightweightopen-source options, namely GoatCounter and Plausible. In a subsequent article,we'll look at a few of the larger tools.

Stable kernels 5.7.3, 5.6.19, and 5.4.47 have been released with important fixesthroughout the tree. This is the last 5.6.y release and users should moveto 5.7.y.

Arguments about terminology are not rare in our community; words arepowerful tools, so we want to be sure that we are using them in the correctway. But, naturally, opinions on what is "correct" may (and do) differ.Discussions on the use of loaded terms like "master" and "slave" have beenongoing in the community for some time, but recent world events have giventhem a new urgency. Some projects have made changes in the past, but thecurrent wave of changes seems likely to be far larger.

Security updates have been issued by Arch Linux (dbus and intel-ucode), CentOS (libexif), Debian (vlc), SUSE (xen), and Ubuntu (dbus, libexif, and nss).

Nikita Prokopov reviewsSyncthing (a file-synchronization system) and, seemingly, rediscoversfree software: "Syncthing is everything I used to love about computers.It’s amazing how great computer products can be when they don’t need todeal with corporate bullshit, don’t have to promote a brand or to sell itsusers. Frankly, I almost ceased to believe it’s still possible. But itis."

Open-source developers put a lot of emphasis on quality and have createdmany tools to improve source code, such as linters and codeformatters. Documentation, on the other hand, doesn't receive theattention it deserves. LWN reviewed several grammar and style-checkingtools back in 2016. It seems like a good time to evaluate progress in thisarea.

Security updates have been issued by Fedora (galera, grafana, libjcat, libvirt, mariadb-connector-c, and perl), Gentoo (asterisk, bubblewrap, cyrus-imapd, faad2, json-c, openconnect, openjdk-bin, pcre2, PEAR-Archive_Tar, thunderbird, and tomcat), Mageia (mbedtls and scapy), openSUSE (libntlm, libupnp, prboom-plus, varnish, and xen), Oracle (libexif), Red Hat (kpatch-patch), Scientific Linux (libexif), SUSE (mariadb, nodejs6, and poppler), and Ubuntu (apport).

The Internet of Things (IoT) world is filled with countless microprocessors. One option we have covered in various ways before is the Arduino ecosystem. In the same vein, we now will look at another interesting segment of that community: The WiFi-enabled Espressif ESP8266 chip.

Security updates have been issued by Debian (intel-microcode, libexif, mysql-connector-java, and thunderbird), Fedora (gnutls, grafana, kernel, kernel-headers, mingw-gnutls, mod_auth_openidc, NetworkManager, and pdns-recursor), Gentoo (adobe-flash, ansible, chromium, firefox, glibc, mailutils, nokogiri, readline, ssvnc, and webkit-gtk), Mageia (axel, bind, dbus, flash-player-plugin, libreoffice, networkmanager, and roundcubemail), openSUSE (java-1_8_0-openjdk, kernel, nodejs8, rubygem-bundler, texlive-filesystem, and thunderbird), Oracle (libexif and tomcat6), Red Hat (chromium-browser, flash-plugin, and libexif), Scientific Linux (tomcat6), SUSE (libEMF), and Ubuntu (fwupd).

By the time Linus Torvalds released 5.8-rc1and closed the merge window for this development cycle, 14,206 non-merge changesets hadbeen pulled into the repository for 5.8. That is more work thanwas pulled for the entire 5.7 cycle; clearly development work on the kernelhas not (yet) slowed down in response to events in the wider world. The nearly 6,700 changespulled since the previous summary includehuge numbers of fixes and internal cleanups, but there were a number ofsignificant features added as well.

Linus has released 5.8-rc1 and closed themerge window for this release. By the end, 14,206 non-merge changesetsfound their way into the mainline repository, making this one of thebusiest development cycles ever. "So in the 5.8 merge window we have modified about 20% of all the filesin the kernel source repository. That's really a fairly bigpercentage, and while some of it _is_ scripted, on the whole it'sreally just the same pattern: 5.8 has simply seen a lot ofdevelopment.IOW, 5.8 looks big. Really big."

Over at TechNewsWorld, Jack M. Germain reviews the rather ... different ... distribution, PsychOS Linux. Just taking a peek at the home page may be enough to cause flashbacks to a misspent youth, or perhaps that of one's parents at this point. Bucking the trend for modern distributions, PsychOS is only built for 32-bit systems; the main focus seems to be DOS-oriented: "Retro comes alive in PsychOS and is the main driving point in its development. The distro creator still uses DOS software, which is launched easily from the applications menu via emulators such as DOSBox.Anyone with PsychOS 3.4.6 and higher who uses RetroGrab to install older software can do the same, noted the developer. The corresponding emulators must be installed first. PsychOS lets you run more than one DOS program at a time, too. Other programming influences include BASIC and BBC BASIC, due to shortcomings that helped the PsychOS developer learn more about Python. Other BASIC flavors are FreeBASIC, QB45, and QB64."

The bpfilter subsystem, along with its"user-mode blobs" infrastructure, attracted a lot of attention when it wasmerged for the 4.18 kernel in 2018. Since then, however, development inthis effort has been, to put it charitably, subdued. Now, two years afterits merging, bpfilter may be in danger of being removed from the kernel asa failed experiment.

Security updates have been issued by CentOS (tomcat), Debian (intel-microcode, libphp-phpmailer, mysql-connector-java, python-django, thunderbird, and xawtv), Fedora (kernel and thunderbird), Gentoo (perl), openSUSE (libexif and vim), Oracle (dotnet, kernel, microcode_ctl, and tomcat), Red Hat (net-snmp), Scientific Linux (libexif and tomcat), Slackware (kernel), and SUSE (adns, audiofile, ed, kvm, nodejs12, and xen).

Part 1 of this series, covered somebackground on ION, DMA-BUF heaps, the DMA API, and the concept of"ownership" when it comes to handling CPU-cache maintenance, finally endingon a conventional DMA API view of how DMA-BUF cache handling should bedone. The article concluded with a discussion of why the traditional DMAAPIs can perform poorly on contemporary systems. This article completesthe series with an exploration ofsome of the approaches that DMA-BUF exporters can use to avoidunnecessary cache operations along with some rough proposals for how wemight improve things.

Greg Kroah-Hartman has announced the release of the 5.7.2, 5.6.18,5.4.46, 4.19.128, 4.14.184, 4.9.227, and 4.4.227 stable kernels. These containmitigations for the special register buffer datasampling (SRBDS) hardware vulnerability, as well as other fixeselsewhere in the trees. Users of those series should upgrade.

Security updates have been issued by CentOS (kernel and microcode_ctl), Debian (roundcube), Mageia (coturn, cups, libarchive, libvirt, libzypp, nghttp2, nrpe, openconnect, perl, python-typed-ast, ruby-rack, ruby-RubyGems, sudo, vino, wpa_supplicant, and xawtv), openSUSE (firefox, gnutls, GraphicsMagick, ucode-intel, and xawtv), Oracle (dotnet3.1 and kernel), Red Hat (curl, expat, file, gettext, kernel, kpatch-patch, libexif, pcs, python, tomcat, tomcat6, and unzip), Scientific Linux (kernel and microcode_ctl), SUSE (kernel), and Ubuntu (intel-microcode and sqlite3).

The LWN.net Weekly Edition for June 11, 2020 is available.

The Internet of Things (IoT) push continues to expand as tens of thousands of different internet-enabled devices from light bulbs to dishwashers reach consumers' homes. Home Assistantis an open-source project to make the most of all of those devices, potentially with no data being shared with third parties.

Kees Cook has been doing some thinking about plans for new seccomp features to work on soon. There werefour separate areas that he was interested in, which he detailed in alengthy mid-May message on the linux-kernel mailing list. One of thosefeatures, deep argument inspection, has been covered here before, but it would seem that weare getting closer to a resolution on how that all will work.

Security updates have been issued by Arch Linux (chromium, firefox, gnutls, python-django, thunderbird, tomcat7, tomcat8, and tomcat9), CentOS (unbound), Debian (bluez, firefox-esr, kernel, and linux-4.9), Oracle (kernel), Red Hat (.NET Core, .NET Core 3.1, kernel, kernel-rt, libexif, microcode_ctl, pcs, and virt:rhel), SUSE (gnutls, java-1_7_0-ibm, kernel, microcode_ctl, nodejs10, nodejs8, rubygem-bundler, texlive, texlive-filesystem, thunderbird, and ucode-intel), and Ubuntu (intel-microcode, kernel, libjpeg-turbo, linux, linux-aws, linux-aws-5.3, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux, linux-lts-trusty, and linux-gke-5.0, linux-oem-osp1).

The Debian Med team joined a COVID-19 Biohackathon last April and isplaning on doing it again on June 15-21.A recently shared pre-publication draft paper highlights whichsoftware tools are considered useful "to Accelerate SARS-CoV-2 andCoronavirus Research". Many of these tools would benefit from beingpackaged in Debian and all the advantages that Debian brings for bothusers and upstream alike.As in the first sprint most tasks do not require any knowledge ofbiology or medicine, and all types of contributions are welcome: bugtriage, testing, documentation, CI, translations, packaging, and codecontributions.

We have not had a new CPU vulnerability for a little while — a situationthat was clearly too good to last. The mainline kernel has just mergedmitigations for the "special register buffer data sampling" vulnerabilitywhich, in short, allows an attacker to spy on the random numbers obtainedby others. In particular, the results of the RDRAND instructioncan be obtained via a speculative attack.The mitigation involves more flushing and the serialization ofRDRAND. That means a RDRAND instruction will take longerto run, but it also means that RDRAND requires locking across thesystem, which will slow things considerably if it is executed frequently.There are ways to turn the mitigations off, of course. See this new kernel document for moreinformation.These fixes are currently queued to be part of the5.7.2,5.6.18,5.4.46,4.19.128,4.14.1844.9.227,4.4.227, and3.16.85stable updates.

TechRepublic interviewed Lenovo's general manager and executive director of the Workstation & Client AI Group Rob Herman about the company's plans to begin optionally pre-loading enterprise versions of the Red Hat and Ubuntu Linux distributions across its P Series ThinkPad and ThinkStation products, putting Linux on parity with Microsoft Windows for those product lines. "'Around the workstation and what I would call the performance computing world, the world is really changing [...] We're starting to see a lot more use of data science and AI workloads on performance client products like workstations, [and] we're seeing software development need the ability for more customization and flexibility.' This is where Linux and the power of open source come into the picture, says Herman. This is particularly crucial in artificial intelligence data science and content creation applications, areas Lenovo is eager to tap. 'Overall, we see content creators looking for an edge, looking for a new way, a new platform to develop on,' says Herman. 'The number of Linux users is increasing year on year, so from a market standpoint, we see it's the right time to do it.'"

Security updates have been issued by Debian (libpam-tacplus), Gentoo (gnutls), Oracle (unbound), Scientific Linux (freerdp and unbound), and SUSE (firefox, java-11-openjdk, java-1_7_0-openjdk, java-1_8_0-openjdk, nodejs10, and ruby2.1).

Version 5.19 ofthe KDE Plasma desktop is out. "In this release, we have prioritizedmaking Plasma more consistent, correcting and unifying designs of widgetsand desktop elements; worked on giving you more control over your desktopby adding configuration options to the System Settings; and improvedusability, making Plasma and its components easier to use and an overallmore pleasurable experience."

Linux capabilities empower the holder to perform a set of specificprivileged operations while withholding the full power of root access; seethecapabilities man page for a list of current capabilities and what theycontrol. There have been no capabilities added to the kernel since CAP_AUDIT_READwas merged for 3.16 in 2014. That's about to change with the 5.8 release,though, which is set to contain two new capabilities; yet another iscurrently under development.

Security updates have been issued by Debian (cups, dbus, gnutls28, graphicsmagick, libupnp, and nodejs), Fedora (gnutls, kernel, libarchive, php-phpmailer6, and sympa), openSUSE (axel, GraphicsMagick, libcroco, libreoffice, libxml2, and xawtv), Oracle (bind, firefox, freerdp, and kernel), Red Hat (bind, freerdp, and unbound), Scientific Linux (firefox), SUSE (dpdk, file-roller, firefox, gnuplot, libexif, php7, php72, slurm_20_02, and vim), and Ubuntu (gnutls28).

The5.7.1,5.6.17,5.4.45, and4.19.127 stable kernel updates have beenreleased with another set of important fixes.

Alyssa Rosenzweig providesan update on the Panfrost driver for Mali GPUs on the Collabora blog."In the past 3 months since we began work on Bifrost, fellowCollaboran Tomeu Vizoso and I have progressed from stubbing out the newcompiler and command stream in March to running real programs byMay. Driven by a reverse-engineering effort in tandem with the freesoftware community, we are confident that against proprietary blobs anddownstream hacks, open-source software will prevail."

Just over 7,500 non-merge changesets have been pulled into the mainlinerepository since the opening of the 5.8 merge window — not a small amountof work for just four days. The early pulls are dominated by thenetworking and graphics trees, but there is a lot of other material inthere as well. Read on for a summary of what entered the kernel in thefirst part of this development cycle.

Security updates have been issued by CentOS (bind, firefox, and freerdp), Debian (netqmail and python-django), Fedora (cacti, cacti-spine, dbus, firefox, gjs, mbedtls, mozjs68, and perl), Oracle (freerdp and kernel), Scientific Linux (bind and firefox), Slackware (mozilla), SUSE (krb5-appl, libcroco, libexif, libreoffice, libxml2, qemu, transfig, and vim), and Ubuntu (firefox, freerdp, and python-django).

Recently, the DMA-BUF heapsinterface was added to the 5.6 kernel. Thisinterface is similar to ION,which has been used for years by Android vendors. However, in trying to move vendors touse DMA-BUF heaps, we have begun to see how the DMA API modeldoesn't fit well for modern mobile devices. Additionally, the lack of clearguidance in how to handle cache operations efficiently, results in vendorsusing custom device-specific optimizations that aren't generic enough foran upstream solution. This article will describe the nature of theproblem; the upcoming second installment will look at the path toward asolution.

Security updates have been issued by Debian (firefox-esr), Fedora (firefox and prboom-plus), Oracle (bind), Red Hat (firefox), and SUSE (osc).

The LWN.net Weekly Edition for June 4, 2020 is available.

The PHP language is widely used in solving some of the most interestingtechnical problems on the web. But for a language with widespread use, itis unique — or at least an outlier — in the way it's governed compared toother open-source projects. Unlike others, PHP governance has grown intosomething fairly democratic for a project its size, allowing almost anyoneto bring an idea to the table. If it's popular enough, that idea can findits way into a future release. That is, of course, as long as there is adeveloper to put in the work to make it happen.

The FreeNAS distribution implements network-attached storage on top of theZFS filesystem; it was reviewed here backin 2015. FreeNAS has always been based on FreeBSD, but now iXsystems, thecompany behind this system, has announceda new version, called TrueNAS SCALE, that will be based on Debian."Linux is a key requirement to achieve some of the SCALE projectgoals". More information about those goals will evidently beforthcoming in the future.

In the kernel graphics world, there has been a longstanding "line in the sand" that disallows mergingkernel drivers without a corresponding free-software user-space driver. The idea is thatnot having a way to test the full functionality means that the kerneldevelopers cannot verify the proper functioning and security of thedriver; changes to the kernel driver may lead to unforeseen (anduntestable) problems on the user-space side. More recently, though, wehave seen other types of devices with complex drivers, but no useful freeuser-space piece, that have been proposed for inclusion into the kernel;at least one was merged, but the tide has perhaps turned against those typesof drivers at this point—or some of them, anyway.

Stable kernels 5.6.16, 5.4.44, 4.19.126, 4.14.183, 4.9.226, and 4.4.226 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Fedora (java-11-openjdk, perl-Email-MIME, perl-Email-MIME-ContentType, and slurm), openSUSE (imapfilter, mailman, and python-rpyc), Red Hat (bind and firefox), SUSE (evolution-data-server, python, qemu, and w3m), and Ubuntu (python-django).

Devuan Beowulf 3.0.0 has been released. This version is based on Debian10.4 Buster, with eudev and elogind to replace aspects of systemd. Optionalalternatives runit and openrc are also available.

The 5.7 kernel was released onMay 31. By all appearances this was a normal development cycle,unaffected by the troubles in the wider world. Still, there are things tobe learned by looking at where the code came from this time around. Readon for LWN's traditional look at who contributed to 5.7, who supported thatwork, and the paths by which it got into the mainline.

Firefox 77.0 has been released. Among the new things in this release, LWNreaders may be most interested in the new about:certificate pagewhere you can view and manage web certificates. See the releasenotes for details.

Security updates have been issued by Arch Linux (ant, bind, freerdp, and unbound), CentOS (bind, freerdp, and git), Debian (python-httplib2), Fedora (ant, kernel, sqlite, and sympa), openSUSE (java-11-openjdk and qemu), Oracle (bind), Red Hat (freerdp), Scientific Linux (python-pip and python-virtualenv), Slackware (firefox), SUSE (qemu), and Ubuntu (Apache Ant, ca-certificates, flask, and freerdp2).

The FSGSBASEpatch series is up to its thirteenth version as of late May. Itenables some "new" instructions for the x86 architecture, opening the way for a number ofsignificant performance improvements. One might think that such a patchseries would be a shoo-in, but FSGSBASE has had a troubled history;meanwhile, the delays in getting it merged may have led to a number ofusers installing root holes on their Linux systems in the hope of improvingsecurity.

Security updates have been issued by Debian (bind9, dosfstools, gst-plugins-good0.10, gst-plugins-ugly0.10, json-c, php-horde, php-horde-gollem, salt, and sane-backends), Fedora (drupal7, marked, NetworkManager, and wireshark), Mageia (gdb, jasper, and json-c), openSUSE (freetds, jasper, libmspack, mariadb-connector-c, sysstat, and trousers), Red Hat (bind), Scientific Linux (bind and freerdp), and SUSE (file-roller and java-11-openjdk).

Linus has released the 5.7 kernel right onschedule. Headline features in 5.7 includex86 split-lock detection,thermal-pressure management,frequency invariance in the load-trackingcode,coexistence between BPF and realtimepreemption,support for BPF security hook programs (formerly called the KRSI security module),a new, Microsoft-blessed exFAT filesystem implementation, and more.The final patch to be merged was this one deprecatingthe long-standing 80-column limit for kernel source.See the KernelNewbies 5.7 page forlots of details.