LWN.net

Gnuplot 5.4 has been released, three years after the last major release of the free-softwaregraphing program.In this article we will take a look at five major new capabilities in gnuplot.First, we briefly visit voxel plotting, for visualizing 3D data. Since this isa big subject and the most significant addition to the program, we'll save the detailsfor a subsequent article. Next, we learn about plotting polygons in 3D, another completelynew gnuplot feature. After that, we'll get caught up briefly in spider plots, using themto display some recent COVID-19 infection data. Then we'll see an example of how touse pixmaps, a new feature allowing for the embedding of pictures alongside curves orsurfaces. Finally, we'll look at some more COVID-19 data using the new 3D bar chart.

"Do Not Track" (DNT) is a simple HTTP header that a browser can send tosignal to a web site that the user does not want to be tracked. The DNTheader had a promising start and the support of major browsers almost a decadeago. Most web browsers still support sending it, but in 2020 it is almostuseless because the vast majority of web sites ignore it. Advertisingcompanies, in particular, argued that its legal status was unclear, andthat it was difficult to determine how to interpret the header. There havebeen some relatively recent attempts at legislation to enforce honoring theDNT header, but those efforts do not appear to be going anywhere. Incomparison, the European Union's GeneralData Protection Regulation (GDPR) and the CaliforniaConsumer Privacy Act (CCPA) attempt to solve some of the same problemsas DNT but are legally enforceable.

Stable kernels 5.7.10, 5.4.53, 4.19.134, 4.14.189, 4.9.231, and 4.4.231 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (librsvg and squid), Fedora (mailman, mingw-LibRaw, php-horde-kronolith, and targetcli), openSUSE (openconnect), Red Hat (cloud-init, container-tools:rhel8, dbus, java-1.8.0-openjdk, java-11-openjdk, jbig2dec, kernel, kpatch-patch, mod_auth_openidc:2.3, nodejs:10, openstack-keystone, rh-nodejs10-nodejs, sane-backends, thunderbird, and virt:rhel), SUSE (webkit2gtk3 and xrdp), and Ubuntu (evolution-data-server, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux, linux-aws, linux-gcp, linux-hwe-5.4, linux-kvm, linux-oracle, linux-raspi-5.4, linux-riscv, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, pillow, and python2.7, python3.4, python3.5, python3.6, python3.8).

The memory protection keys feature wasadded to the 4.6 kernel in 2016; it allows user space to group pages into"protection domains" that can have their access restricted independently ofthe normal page protections. There is no equivalent feature for kernelspace; access to memory in the kernel's portion of the address space iscontrolled exclusively by the page protections. That situation maybe aboutto change, though, as a result of the protectionkeys supervisor (PKS) patch set posted by Ira Weiny (with many patcheswritten by Fenghua Yu).

TechRepublic reports that the Linux Foundation has announced the Linux Foundation Public Health initiative (LFPH). Using projects based on the Google Apple Exposure Notification system, the initiative's goal according to LFPH general manager Dan Kohn is "building a global community of leading technology and consulting companies, public health authorities, epidemiologists, and other public health specialists, privacy and security experts, and individual developers." With this announcement is the launch of two open-source projects: COVID Shield and COVID Green.

The Mozilla Hacks blog coverssome recent Firefox changes that will allow code from web sites to useshared memory and high-resolution timers in a (hopefully) safe manner."Together with others in the WHATWG community, we designed a set of headers that meet these requirements.The Cross-Origin-Opener-Policy header allows you to process-isolateyourself from attackers. It also has the desirable effect that attackerscannot have access to your global object if they were to open you in apopup. This prevents XS-Leaks and various navigation attacks. Adopt thisheader even if you have no intention of using shared memory!"

Security updates have been issued by Debian (ksh), openSUSE (ant, chromium, ldb, samba, and LibVNCServer), Red Hat (dbus, kernel, kernel-rt, and NetworkManager), and SUSE (cni-plugins, firefox, openexr, Salt, salt, SUSE Manager Client Tools, and tomcat).

Contact tracing is a way to help prevent the spread of a disease, such asCOVID-19, by identifying an infected person's contacts so that theycan be informed of the infection risk.In the first part of thisseries, we introduced open-source contact-tracing applications developed inresponse to the current pandemic, and described how they work. In thispart, we look into the details of some of them, of both centralized anddecentralized design. These application projects have all released theirsource code, but they differ in the implementation details, licenses used,and whether they accept user requests or patches. We conclude withthe controversies around the tracing applications and the responses to them.

Security updates have been issued by Debian (libopenmpt, nginx, nss, qemu, rails, redis, ruby-sanitize, and tomcat9), Fedora (glibc, libldb, nspr, nss, samba, and webkit2gtk3), openSUSE (cairo, firefox, google-compute-engine, LibVNCServer, mumble, ntp, openconnect, openexr, openldap2, pdns-recursor, python-ipaddress, rubygem-puma, samba, singularity, slirp4netns, thunderbird, xen, and xrdp), and Oracle (.NET Core, .NET Core 3.1, java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird).

The 5.8-rc6 kernel prepatch is out fortesting. "Things continue to look very normal, even if this is a big release.rc6 is pretty much par for the course, and nothing in here stands outsize-wise or otherwise."

Back in June, LWN covered a patch setadding a mechanism intended to help systems like Wine emulate Windows system calls on a Linuxsystem. That patch set got a lot of attention and comments, with theresult that its form has changed considerably. Gabriel Krisman Bertazi hasnow posted anew patch set that takes a different approach to solving the same problem.

Security updates have been issued by Fedora (bashtop and python39), openSUSE (openexr), Red Hat (java-1.8.0-openjdk), and Scientific Linux (thunderbird).

Flutter is Google's open-source toolkit to build cross-device (and cross-platform) applications. Based on the Dart programming language released by the company in 2013, Flutter promises developers the ability to write and maintain a single application that runs on all of a user's devices. Flutter applications support deployment on Android, iOS, Web browsers via JavaScript, macOS, and now Canonical and Google have teamed up to support Flutter applications in Linux. Promises of native speed, rapid development, and a growing community make it an interesting technology to take a look at.

Greg Kroah-Hartman has released the 5.7.9,5.4.52, and 4.19.133 stable kernels. As usual, thesecontain lots of important fixes throughout the tree; users should upgrade.

Security updates have been issued by Debian (evolution-data-server and webkit2gtk), Fedora (kernel, snapd, and xen), openSUSE (thunderbird and xen), Oracle (dbus and thunderbird), Red Hat (java-1.8.0-openjdk, java-11-openjdk, jbig2dec, sane-backends, and thunderbird), Scientific Linux (kernel), SUSE (cairo, containerd, docker, docker-runc, golang-github-docker-libnetwork, google-compute-engine, mailman, mercurial, openconnect, openexr, and xrdp), and Ubuntu (libvpx and snapd).

The LWN.net Weekly Edition for July 16, 2020 is available.

LWN recently covered the effort within theLibreOffice project to find ways to support the companies doing the bulk ofthe development work. The project has now posted arevised marketing plan [PDF] with a number of changes, including theremoval of the "personal edition" name. Regarding LibreOffice Online:"Following our normal development process, the Ecosystem will releasetheir own versions in their own timing, allowing some features to reachtheir Enterprise versions before they are subsequently shipped in TDF builds(this allows the Ecosystem to positively differentiate by contributing newfeatures & functionality)".

The OMG! Ubuntu! site reportsthat the Debian "popularity contest" application is being removed fromUbuntu. "But with Snaps, Flatpaks, PPAs and other avenues givingdevelopers more direct ways to market to users (not to mention moreaccurate numbers on how many people use their software) the relative meritsof 'what's popular in the repos' is …Well, a touch moot."

Lua version 5.4 was released at theend of June; it is the fifteenth major version of the lightweight scriptinglanguage since its creation in 1993. New in 5.4 isa generationalmode for the garbage collector, which performs better for programs withlots of short-lived allocations. The language now supports "attributes" onlocal variables, allowing developers to mark variables as constant(const) or resources as closeable (close). There werealso significant performance improvements over 5.3 along with a host ofminor changes.

The openSUSE board troubles that LWN reportedon in March have continued to simmer, and the promised election for anempty seat has not yet been held. During this time, instead, the project hasvoted on a petition to declare a lack of confidence in the board as awhole, a result that would have forced the election of an entirely newboard. In the end, the number of votes fell far short of the numberrequired, and the existing board will move forward with the election plan.

Security updates have been issued by CentOS (dbus), Debian (python3.5), Fedora (podofo and roundcubemail), Oracle (dbus, dovecot, jbig2dec, kernel, nodejs:10, nodejs:12, sane-backends, and thunderbird), Red Hat (.NET Core and kernel), SUSE (ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm, bind, jasper, java-1_8_0-openjdk, LibVNCServer, libxml2, python-ipaddress, rubygem-bundler, rubygem-puma, samba, slirp4netns, xen, and xrdp), and Ubuntu (firefox and webkit2gtk).

The io_uring subsystem is not much over oneyear old, having been merged for the 5.1 kernel in May 2019. It wasinitially added as a better way to perform asynchronous I/O from user space; over time it has gained numerous features and supportfor functionality beyond just moving bits around. What it has not yet gainedis any sort of security mechanism beyond what the kernel already providesfor the underlying system calls. That may be about to change, though, asthe result of thispatch set from Stefano Garzarella adding a set of user-configurablerestrictions to io_uring.

Security updates have been issued by Fedora (mingw-podofo and python-rsa), openSUSE (LibVNCServer, mozilla-nss, nasm, openldap2, and permissions), Red Hat (dovecot, sane-backends, and thunderbird), Scientific Linux (dbus), and SUSE (firefox and thunderbird).

In an earlier article, guest author Martin Michlmayr reviewed the todo.txt and Taskwarrior task managers. This article continues the process of examining taskmanagers by looking at tools for Org mode, which is a system originally created for Emacs, aswell as at tools that make use of the iCalendar standard. It is time to findout whether he can find a system that meets his needs.

Security updates have been issued by Debian (chromium, mailman, openjpeg2, ruby-rack, squid3, tomcat8, and xen), Fedora (botan2, kernel, LibRaw, mingw-OpenEXR, mingw-podofo, podofo, seamonkey, squid, and webkit2gtk3), Mageia (ffmpeg, mbedtls, mediawiki, and xpdf), Oracle (kernel), Red Hat (bind, dbus, jbig2dec, and rh-nodejs12-nodejs), and SUSE (graphviz and xen).

The 5.8-rc5 kernel prepatch is out fortesting; it's a relatively large set of changes. "Maybe I'm indenial, but I still think we might hit the usual release schedule. A fewmore weeks to go before I need to make that decision, so it won't bekeeping me up at night."

For years, Windows PHP users have enjoyed builds provided directly by Microsoft. The company has contributed to the PHP project in many ways, with the binaries made available on windows.php.net being the most visible. Recently Microsoft Project Manager Dale Hirt announced that, beginning with PHP 8.0, Microsoft support for PHP on Windows would end.

Connecting one source of data to another isn't always easy because of differentstandards, data formats, and APIs to contend with, among the manychallenges. One of the groups that is trying to help with the challenge ofdata interoperability is the Linux Foundation's Open Data Platforminitiative (ODPi). At the 2020Open Source Summit North America virtual event on July 2, ODPiTechnical Steering Committee chairperson MandyChessell outlined the goals of ODPi and the projects that are part of it.She also described how ODPiis taking an open-source development approach to make data moreeasily accessible.

Security updates have been issued by Fedora (curl, LibRaw, python-pillow, and python36), Mageia (coturn, samba, and vino), openSUSE (opera), and Ubuntu (openssl).

The LibreOffice project wouldseem to be on a roll. It produces what is widely seen as the leadingfree office-productivity suite, and has managed to move out of the shadowof the moribund (but brand-recognized) ApacheOpenOffice project. The LibreOffice 7 release is coming within a month, and the tenthanniversary of the founding of the Document Foundation arrives inSeptember. Meanwhile, LibreOfficeOnline is taking off and, seemingly, seeing some market success.So it is a bit surprising to see the project's core developersin a sort of crisis mode while users worry about a tag that showed up inthe project's repository.

Greg Kroah-Hartman has announced the release of the 5.7.8, 5.4.51,4.19.132, 4.14.188, 4.9.230, and 4.4.230 stable kernels. As usual, these allcontain important fixes; users should upgrade.

Security updates have been issued by CentOS (firefox), Debian (ffmpeg, fwupd, ruby2.5, and shiro), Fedora (freerdp, gssdp, gupnp, mingw-pcre2, remmina, and xrdp), openSUSE (chocolate-doom), Oracle (firefox and kernel), and Ubuntu (linux, linux-lts-xenial, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon and thunderbird).

The LWN.net Weekly Edition for July 9, 2020 is available.

The Linux Mint project has made good on previous threats to actively prevent Ubuntu Snap packages from being installed through the APT package-management system without the user's consent. This move is the result of "major worries" from Linux Mint on Snap's impact with regard to user choice and software freedom. Ubuntu's parent company, Canonical, seems open to finding a solution to satisfy the popular distribution's concerns — but it too has interests to consider.

Security updates have been issued by Debian (roundcube), Fedora (chromium, firefox, and ngircd), Oracle (firefox and thunderbird), Scientific Linux (firefox), Slackware (seamonkey), SUSE (djvulibre, ffmpeg, firefox, freetds, gd, gstreamer-plugins-base, icu, java-11-openjdk, libEMF, libexif, librsvg, LibVNCServer, libvpx, Mesa, nasm, nmap, opencv, osc, perl, php7, python-ecdsa, SDL2, texlive-filesystem, and thunderbird), and Ubuntu (cinder, python-os-brick).

Google has announcedthe creation of the Open UsageCommons, which is intended to help open-source projects manage theirtrademarks. From theorganization's own announcement: "We created the Open UsageCommons because free and fair open source trademark use is critical to thelong-term sustainability of open source. However, understanding andmanaging trademarks takes more legal know-how than most project maintainerscan do themselves. The Open Usage Commons is therefore dedicated tocreating a model where everyone in the open source chain – from projectmaintainers to downstream users to ecosystem companies – has peace of mindaround trademark usage and management. The projects in the Open UsageCommons will receive support specific to trademark protection andmanagement, usage guidelines, and conformance testing." Initialmembers include the Angular, Gerrit, and Istio projects.

The Cloudflare blog is running anoverview of sandboxing with seccomp(), culminating in a toolwritten there to sandbox any existing program. "We really liked the'zero code seccomp' approach with systemd SystemCallFilter= directive, butwere not satisfied with its limitations. We decided to take it one stepfurther and make it possible to prohibit any system call in any processexternally without touching its source code, so came up with the Cloudflaresandbox. It’s a simple standalone toolkit consisting of a shared libraryand an executable. The shared library is supposed to be used withdynamically linked applications and the executable is for statically linkedapplications."

Static web-site generators take page content written in a markuplanguage and render it into fully baked HTML, making it easy for developersto upload the result and serve a web site simply andsecurely. This article looks at Hugo, astatic-site generator written in Go and optimized for speed. It is aflexible tool that can be configured for a variety of use cases: simpleblogs, project documentation, larger news sites, and even governmentservices.

When support for classic BPF was added to the kernel many yearsago, there was no question of whether BPF programs could block in theirexecution. Their functionality was limited to examining a packet'scontents and deciding whether the packet should be forwarded or not; therewas nothing such a program could do to block. Since then, BPF has changeda lot, but the assumption that BPF programs cannot sleep has been builtdeeply into the BPF machinery. More recently, classic BPF has been pushedaside by the extended BPF dialect; thewider applicability of extended BPF is nowforcing a rethink of some basic assumptions.

Security updates have been issued by Debian (php7.3), Fedora (gst), Mageia (libvirt, mariadb, pdns-recursor, and ruby), openSUSE (chocolate-doom, coturn, kernel, live555, ntp, python3, and rust, rust-cbindgen), Oracle (virt:ol), Red Hat (file, firefox, gettext, kdelibs, kernel, kernel-alt, microcode_ctl, nghttp2, nodejs:10, nodejs:12, php, qemu-kvm, ruby, and tomcat), SUSE (libjpeg-turbo, mozilla-nspr, mozilla-nss, mozilla-nss, nasm, openldap2, and permissions), and Ubuntu (coturn, glibc, nss, and openexr).

The Home Assistant project has released version 0.112 of the open-source home automation hub we have previously covered, which is the eighth release of the project this year. While previous releases have largely focused on new integrations and enhancements to the front-end interface, in this release the focus has shifted more toward improving the performance of the database. It is important to be aware that there are significant database changes and multiple potential backward compatibility breaks to understand before attempting an upgrade to take advantage of the improvements.

Security updates have been issued by Debian (chromium, php7.0, and thunderbird), Fedora (ceph, gssdp, gupnp, libfilezilla, libldb, mediawiki, python-pillow, python36, samba, and xpdf), Mageia (curl, docker, firefox, libexif, libupnp, libvncserver, libxml2, mailman, ntp, perl-YAML, python-httplib2, tcpreplay, tomcat, and vlc), openSUSE (chocolate-doom, python3, and Virtualbox), Slackware (libvorbis), and SUSE (mozilla-nspr, mozilla-nss, systemd, tomcat, and zstd).

The 5.8-rc4 kernel prepatch is out fortesting. "The end result is that it's been fairly calm, andthere's certainly been discussion of upcoming fixes, but I still havethe feeling that 5.8 is looking fairly normal and things aredeveloping smoothly despite the size of this release."

Dan Book has done adetailed analysis of the Perl 7transition. "Large amount of CPAN modules will not work in Perl7; plans for working around this would either involve every affected CPANauthor, which is a virtual impossibility for the stated 1 year time frame;or the toolchain group, a loose group of people who each maintain variousmodules and systems that are necessary for CPAN to function, who eitherhave not been consulted as of yet or have not revealed their plans relatedto the tools they maintain. Going into this potential problem sufficientlywould be longer than this blog post, but suffice to say that a Perl wherehighly used CPAN modules don't seamlessly work is not Perl."

Security updates have been issued by Debian (docker.io and imagemagick), Fedora (alpine, firefox, hostapd, and mutt), openSUSE (opera), Red Hat (rh-nginx116-nginx), SUSE (ntp, python3, and systemd), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv, linux, linux-azure, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-gke-5.0, linux-oem-osp1, net-snmp, and samba).

Earlier this year, Netflix developed and released a new Apache-licensed project named Dispatch. It is designed to coordinate the response to and the resolution of security-related incidents, but the project aims for more than just that. Rather, it hopes to be valuable for any type of one-off incident that needs coordination across an organization, such as a service outage.

The Linux Plumbers Conference has announcedthe second in a brief series of "town hall" events leading up to the full(virtual) conference starting August 24. This one features LWN editorJonathan Corbet presenting a version of his "Kernel Report" talk coveringthe current and future state of the kernel-development community. Thistalk is scheduled for July 16 at 9:00AM US/Mountain time (8:00AMUS/Pacific, 3:00PM UTC). Mark your calendars.

The Btrfs filesystem has had a long and sometimes turbulent history; LWNfirst wrote about it in 2007. It offersfeatures not found in any other mainline Linux filesystem, but reliabilityand performance problems have prevented its widespread adoption. There is atleast one company that is using Btrfs on a massive scale, though:Facebook. At the 2020Open Source Summit North America virtual event, Btrfs developer JosefBacik described why and how Facebook has invested deeply in Btrfs and where the remainingchallenges are.

The openSUSELeap 15.2 release is now available; see the announcement for a longlist of new features. "In general, software packages in thedistribution grew by the hundreds. Data fusion, Machine Learning and AIaren't all that is new in openSUSE Leap 15.2; a Real-Time Kernel formanaging the timing of microprocessors to ensure time-critical events areprocessed as efficiently as possible is available in this release."