Many community-based Linux distributions have made the decision to switchto systemd, and most of those decisions were accompanied by lengthy,sometimes acrimonious mailing-list discussions. No distribution had aharder time of it than Debian, though, where arguments raged through muchof 2013 before the Debian Technical Committee decided on systemd in early 2014. Thereafter,it is fair to say,appetite for renewing the init-system discussion has been low. Now,though, the topic has returned to the fore andit would appear that the project is heading toward a new generalresolution to decide at what level init systems other than systemd shouldbe supported.
The Free Software Foundation's Respects Your Freedom program provides acertification for hardware that supports your freedom. A new website listing certified products has beenlaunched. "In 2012, when we announced the first certification,we hosted information about the program and retailers as a simple page onthe Free Software Foundation (FSF) Web site. With only one retailer sellingone device, this was certainly satisfactory. As the program grew, we addedeach new device chronologically to that page, highlighting the newestcertifications. We are now in a place where eight different retailers havegained nearly fifty certifications [...]. With so many devices available, across so many different device categories, it was getting more difficult for users to find what they were looking for in just a plain chronological list."
The seventh 5.4 prepatch is out fortesting. "Nothing looks _bad_, but there is too much of it.So I'm leaning towards an rc8 being likely next weekend due to that,but I won't make a final decision yet. We'll see."
Operating systems and computing hardware both carry a lot of their historywith them. The x86 I/O-port mechanism is one piece of that history; it israrely used by hardware designed in the last 20 years, but it muststill be supported. That doesn't mean that this support can't be cleanedup and improved, though, especially when the old implementation turns outto have some unpleasant properties. An example can be seen in theiopl() patch set from Thomas Gleixner.
The openSUSE project has been considering aname change as part of its move into a separate foundation since (atleast) June. A long and somewhat controversial vote of project members hasjust come to an end, and the result is conclusive: 225-42 against the namechange.
Security updates have been issued by Arch Linux (linux-hardened), Debian (fribidi), Gentoo (oniguruma, openssh/openssh, openssl, and pump), Mageia (chromium-browser-stable, expat, firefox, freetds, proftpd, python, thunderbird, and unbound), Oracle (sudo), Scientific Linux (thunderbird), Slackware (kernel), SUSE (rubygem-haml), and Ubuntu (fribidi and webkit2gtk).
As of this writing, just over 14,000 non-merge changesets have found theirway into the mainline repository for the 5.4 release; that is a bit lessthan we saw for 5.3, but more than most of the other recent kernels. Thefinal 5.4 release is approaching, so it must be time for our usual look atwhere the code merged in this development cycle came from. It's mostlybusiness as usual in the kernel community, modulo an appearance from noneother than Hulk Robot.
Security updates have been issued by Arch Linux (squid), Fedora (chromium, libssh2, and wpa_supplicant), openSUSE (chromium), Red Hat (ansible, chromium-browser, openstack-octavia, patch, qemu-kvm-rhev, sudo, and thunderbird), Scientific Linux (sudo), SUSE (bluez, gdb, php72, and thunderbird), and Ubuntu (cpio and rygel).
Version1.39.0 of the Rust language is available. The biggest new featureappears to be the async/await mechanism, which is described in thisblog post: "So, what is async await? Async-await is a way towrite functions that can 'pause', return control to the runtime, and thenpick up from where they left off. Typically those pauses are to wait forI/O, but there can be any number of uses."
Running untrusted code in a safe manner is generally the goal of sandboxingefforts. The sandbox technique presented by Georgia Tech PhD studentAshish Bijlani at Open Source Summit Europe 2019 is no exception. He has used something of a novelscheme to allow unprivileged code to implement the sandbox policies usingBPF; the policies are then enforced by the kernel.
At OpenSource Summit Europe 2019, Michael C. Jaeger and Maximilian Huberupdated attendees on the FOSSologyproject, which is an open-source license-compliance tool. Theyintroduced FOSSology and talked about how it can be used, but they alsolooked at the new features added in the last few releases. Beyond that,they presented some experiments the project has been doing with creatingmachine-learning models for license recognition.
Linux systems have traditionally run with a single address space thatis shared by user and kernel space. That changed with the advent of theMeltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of2017. But, Mike Rapoport said during his 2019Open Source Summit Europe talk, that may not be the end of the story for address-space isolation.There is a good case to be made for increasing the separation of addressspaces, but implementing that may require some fundamental changes in howkernel memory management works.
Red Hat has announcedthe release of Red Hat Enterprise Linux 8.1. This is the first updatein what is planned to be a 6 month cadence for minor releases. The releasenotes contain more information.
Git 2.24 has been released. This blogpost covers the highlights of this release, beginning with featuremacros. "Usually, configuring some behavior requires only a single configuration change, like enabling or disabling any of the aforementioned values. But what about when it doesn’t? What do you do when you don’t know which configuration values to change? For example, let’s say you want to live on the bleeding-edge of the latest from upstream Git, but don’t have a chance to discover all the new configurable options. In Git 2.24, you can now opt into feature macros—one Git configuration that implies many others. These are hand-selected by the developers of Git, and they let you opt into a certain feature or adopt a handful of settings based on the characteristics of your repository."
Security updates have been issued by Arch Linux (electron, ghostscript, glibc, python2, and samba), Debian (webkit2gtk), Slackware (libtiff), SUSE (ImageMagick, python-ecdsa, and samba), and Ubuntu (apport, haproxy, ruby-nokogiri, and whoopsie).
The stable kernel releases are meant to contain as many important fixes aspossible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for astable update. This exercise has had some success but, at the 2019 OpenSource Summit Europe, Sasha Levin asked whether this process could beimproved further. Might it be possible for a machine-learning system toidentify patches that create bugs and intercept them, so that thefixes never become necessary?
Security updates have been issued by Arch Linux (chromium and qt5-webengine), CentOS (firefox and php), Fedora (file, java-latest-openjdk, nspr, nss, php, t1utils, and webkit2gtk3), Mageia (ansible, aspell, golang, libsoup, and libxslt), openSUSE (chromium and chromium, re2), Oracle (php), and Ubuntu (apport and file).
The 5.4-rc6 kernel prepatch is out fortesting. "There's no particular area or outstanding issue that isworrisome, but if things don't calm down this week, I suspect we'll belooking at one of those releases when we have an rc8. We'll see how thingsevolve here over the next couple of weeks."
The kernel project's email-based development process is well establishedand has some strong defenders, but it isalso showing its age. At the 2019 KernelMaintainers Summit, it became clear that the kernel's processes aremuch in need of updating, and that the maintainers are beginning tounderstand that. It is one thing, though, to establish goals for animproved process; it is another to actually implement that process andconvince developers to use it. At the 2019Open Source Summit Europe, a group of 20 or so maintainers anddevelopers met in the corner of a noisy exhibition hall to try to work out what some ofthe first steps in that direction might be.
The long discussion on changing the Pythonproject's release cadence has come to a conclusion: the project will now bereleasing new versions on an annual basis. See PEP 602 for thedetails on how it is expected to work.
Security updates have been issued by CentOS (firefox, sudo, and thunderbird), Debian (libarchive and qtbase-opensource-src), Oracle (php), Red Hat (php, rh-php71-php, and rh-php72-php), Scientific Linux (firefox and php), and SUSE (kernel and samba).
Steven Rostedt has been a part of the Linux kernel tracing community formost of its existence, it seems. He was the developer of ftrace,which was one of the early mainline additions for tracing. There are nowmany tracing facilities in the kernel. At the 2019Open Source Summit Europe in Lyon, France, Rostedt wanted to present an ideathat he has been thinking about for a long time: a unified tracing platformto provide access to all of the kernel tracing facilities from user-space applications.
Security updates have been issued by Debian (imapfilter, libvncserver, and pam-python), Fedora (tcpdump), Mageia (file, graphviz, kernel, and php, pcre2), openSUSE (nfs-utils), Red Hat (heketi and samba), Scientific Linux (thunderbird), SUSE (libtomcrypt, php7, and runc), and Ubuntu (apport, libarchive, libidn2, samba, and whoopsie).
Fedora Magazine announces therelease of Fedora 31. This release includes the Fedora Toolbox forlaunching and managing personal workspace containers. The Fedora Editionsinclude Workstation, Server, with CoreOS and IoT in a previewstate. Alternate architectures include ARM AArch64, Power, andS390x. However the 32-bit only i686 system has been dropped. The releasenotes contain additional information.
Back in March, we looked at a discussionand Python Enhancement Proposal (PEP) for a new dictionary "addition"operator forPython. The discussion back then was lively and voluminous, but the PEP needed someupdates and enhancements in order to proceed. That work has now been doneand a postabout the revisedPEP to the python-ideas mailing list has set off another mega-thread.
Stable kernels 5.3.8, 4.19.81, 4.14.151, 4.9.198, and 4.4.198 have been released. They all containimportant fixes throughout the tree and users should upgrade.
Security updates have been issued by Debian (php7.0, php7.3, ruby-loofah, and spip), Fedora (proftpd), openSUSE (lz4 and sysstat), Red Hat (chromium-browser, jss, kernel, kernel-alt, kpatch-patch, pango, polkit, sudo, systemd, and thunderbird), SUSE (graphite-web, python3, and samba), and Ubuntu (php5, php7.0, php7.2, php7.3, and samba).
The BPF in-kernel virtual machine hasbrought a new set of capabilities to a number of functional areas in thekernel, including, significantly, tracing.Since BPF programs run in the kernel, much effort goes into ensuring thatthey will not cause problems for the running system;to that end, the BPF verifier checks every possible aspect of each BPF program'sbehavior to ensure that it is safe to run in the kernel — with one notableexception. With a patch set titled "revolutionizebpf tracing", Alexei Starovoitov aims to close that loophole andeliminate a set of potential problems in a widely used class of BPFprograms.
A long-anticipated move has finally been madeofficial: the KernelCIcontinuous-integration project has found a new home under the LinuxFoundation umbrella. "The primary goal of KernelCI is to use an opentesting philosophy to improve the quality, stability and long-termmaintenance of the Linux kernel. Expected improvements to the platformunder the Linux Foundation include improved LTS kernel testing andvalidation; consolidation of existing testing initiatives; quality-of-lifeimprovements to the current service; expanded compute resources; andincreased pool of hardware to be tested. In the long-term, members expectto modernize the architecture; test software beyond the Linux kernel; anddefine testing standards and engage in cross-project collaboration."
The 5.4-rc5 kernel prepatch is out fortesting."So we have a bit more fixes than normal during this stage, but nothinglooks very strange, and the diffstat looks _mostly_ flat (with thecpufrequency power-QoS and io_uring changes looking a bit bigger)which is my sign for 'small changes all over'". The codename haschanged again; now it's "Kleptomanic Octopus", suggesting some interestingencounters in Linus's latest diving outing.
The io_uring mechanism is a relatively newinterface for asynchronous I/O; it first appeared in the 5.1 kernel inMay. Since then, though, it has quickly grown in capabilities and inusers; now it appears that it is outgrowing some of the kernelinfrastructure that supports it. Thus, we have a proposal from Jens Axboe(the io_uring maintainer) for a newworkqueue subsystem for io_uring that hints at some interesting plansfor the future.
Security updates have been issued by Debian (firefox-esr), Gentoo (php), Oracle (firefox), Scientific Linux (sudo), and SUSE (accountsservice, binutils, nfs-utils, and xen).
The GNU Project was created by RichardStallman in 1983 to further his goal of developing an entirely freeoperating system — a goal that seemed impossibly ambitious at the time.Stallman has recently resigned from some of his roles, but asof this writing his personal site stillleads off with this proclamation: "I continue to be the ChiefGNUisance of the GNU Project. I do not intend to stop any time soon". Within the project itself,though, it has become clear that this intention lacks universal support.We appear to be seeing the beginning of a governance transition for thisvenerable project.
Security updates have been issued by Debian (file), Mageia (bind, chromium-browser-stable, java-1.8.0-openjdk, libsndfile, mediawiki, and virtualbox), Oracle (firefox), Red Hat (firefox and sudo), Scientific Linux (firefox and OpenAFS), SUSE (kernel, lz4, rust, and xen), and Ubuntu (firefox).
Back in July, Linus Torvalds merged a patchin the 5.3 merge windowthat added the PREEMPT_RT option to the kernel build-time configuration.That was meant as a signal that the realtime patch set was moving from its longtime status asout-of-tree code to a fully supported kernel feature. As the code behindthe configuration option makes its way into the mainline, some friction canbe expected; we are seeing a bit of that now with respect to the BPF subsystem.
There has been discussion about the release cadence of Python for a coupleof years now. The 18-month cycle between major releases of the languageis seen by some core developers as causingtoo muchdelay in getting new features into the hands of users. Now there are twocompeting proposals for ways to shorten that cycle, either to one year orby creating a rolling-release model. In general, the steering councilhas seemed inclined toward making some kind of release-cycle change—one ofthose Python Enhancement Proposals (PEPs) may well form the basis ofPython's release cadence moving forward.
Security updates have been issued by Arch Linux (go, go-pie, pacman, and xpdf), CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, and patch), openSUSE (gcc7), Red Hat (firefox, kernel, and qemu-kvm-rhev), Slackware (mozilla), SUSE (kernel, libcaca, openconnect, python, sysstat, and zziplib), and Ubuntu (libxslt, linux-azure, and linux-lts-xenial, linux-aws).
Tails (The Amnesic Incognito LiveSystem) is, as the spelled out name implies, a privacy focuseddistribution, designed to run from removable media. Version 4.0 has been released. "We are especially proud to present you Tails 4.0, the first version of Tails based on Debian 10 (Buster). It brings new versions of most of the software included in Tails and some important usability and performance improvements. Tails 4.0 introduces more changes than any other version since years."
Version70 of the Firefox web browser is out. The headline features include anew password generator and a "privacy protection report" showing userswhich trackers have been blocked. "Amazing user features and protections aside, we’ve also got plentyof cool additions for developers in this release. These include DOMmutation breakpoints and inactive CSS rule indicators in the DevTools,several new CSS text properties, two-value display syntax, and JS numericseparators." See the releasenotes for more details.
Security updates have been issued by CentOS (jss and kernel), Debian (libpcap, openjdk-8, and tcpdump), Fedora (java-11-openjdk), openSUSE (libreoffice), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk, python, and wget), Scientific Linux (java-1.7.0-openjdk), SUSE (ceph, ceph-iscsi, ses-manual_en, dhcp, openconnect, and procps), and Ubuntu (exiv2, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-gke-5.0, linux-snapdragon, and uw-imap).
Rothschild Patent Imaging LLC filed a patentsuit against the GNOME Foundation in September, asserting a violationin the Shotwell photo manager. GNOME has now goneon the counterattack, questioning the validity of the patent and whetherit applies to Shotwell at all. There is also an unspecified counterclaimto strike back against Rothschild. "We want to send a message to allsoftware patent trolls out there — we will fight your suit, we will win,and we will have your patent invalidated. To do this, we need yourhelp."
LWN.net