Nikita Prokopov reviewsSyncthing (a file-synchronization system) and, seemingly, rediscoversfree software: "Syncthing is everything I used to love about computers.It’s amazing how great computer products can be when they don’t need todeal with corporate bullshit, don’t have to promote a brand or to sell itsusers. Frankly, I almost ceased to believe it’s still possible. But itis."
Open-source developers put a lot of emphasis on quality and have createdmany tools to improve source code, such as linters and codeformatters. Documentation, on the other hand, doesn't receive theattention it deserves. LWN reviewed several grammar and style-checkingtools back in 2016. It seems like a good time to evaluate progress in thisarea.
Security updates have been issued by Fedora (galera, grafana, libjcat, libvirt, mariadb-connector-c, and perl), Gentoo (asterisk, bubblewrap, cyrus-imapd, faad2, json-c, openconnect, openjdk-bin, pcre2, PEAR-Archive_Tar, thunderbird, and tomcat), Mageia (mbedtls and scapy), openSUSE (libntlm, libupnp, prboom-plus, varnish, and xen), Oracle (libexif), Red Hat (kpatch-patch), Scientific Linux (libexif), SUSE (mariadb, nodejs6, and poppler), and Ubuntu (apport).
The Internet of Things (IoT) world is filled with countless microprocessors. One option we have covered in various ways before is the Arduino ecosystem. In the same vein, we now will look at another interesting segment of that community: The WiFi-enabled Espressif ESP8266 chip.
Security updates have been issued by Debian (intel-microcode, libexif, mysql-connector-java, and thunderbird), Fedora (gnutls, grafana, kernel, kernel-headers, mingw-gnutls, mod_auth_openidc, NetworkManager, and pdns-recursor), Gentoo (adobe-flash, ansible, chromium, firefox, glibc, mailutils, nokogiri, readline, ssvnc, and webkit-gtk), Mageia (axel, bind, dbus, flash-player-plugin, libreoffice, networkmanager, and roundcubemail), openSUSE (java-1_8_0-openjdk, kernel, nodejs8, rubygem-bundler, texlive-filesystem, and thunderbird), Oracle (libexif and tomcat6), Red Hat (chromium-browser, flash-plugin, and libexif), Scientific Linux (tomcat6), SUSE (libEMF), and Ubuntu (fwupd).
By the time Linus Torvalds released 5.8-rc1and closed the merge window for this development cycle, 14,206 non-merge changesets hadbeen pulled into the repository for 5.8. That is more work thanwas pulled for the entire 5.7 cycle; clearly development work on the kernelhas not (yet) slowed down in response to events in the wider world. The nearly 6,700 changespulled since the previous summary includehuge numbers of fixes and internal cleanups, but there were a number ofsignificant features added as well.
Linus has released 5.8-rc1 and closed themerge window for this release. By the end, 14,206 non-merge changesetsfound their way into the mainline repository, making this one of thebusiest development cycles ever. "So in the 5.8 merge window we have modified about 20% of all the filesin the kernel source repository. That's really a fairly bigpercentage, and while some of it _is_ scripted, on the whole it'sreally just the same pattern: 5.8 has simply seen a lot ofdevelopment.IOW, 5.8 looks big. Really big."
Over at TechNewsWorld, Jack M. Germain reviews the rather ... different ... distribution, PsychOS Linux. Just taking a peek at the home page may be enough to cause flashbacks to a misspent youth, or perhaps that of one's parents at this point. Bucking the trend for modern distributions, PsychOS is only built for 32-bit systems; the main focus seems to be DOS-oriented: "Retro comes alive in PsychOS and is the main driving point in its development. The distro creator still uses DOS software, which is launched easily from the applications menu via emulators such as DOSBox.Anyone with PsychOS 3.4.6 and higher who uses RetroGrab to install older software can do the same, noted the developer. The corresponding emulators must be installed first. PsychOS lets you run more than one DOS program at a time, too. Other programming influences include BASIC and BBC BASIC, due to shortcomings that helped the PsychOS developer learn more about Python. Other BASIC flavors are FreeBASIC, QB45, and QB64."
The bpfilter subsystem, along with its"user-mode blobs" infrastructure, attracted a lot of attention when it wasmerged for the 4.18 kernel in 2018. Since then, however, development inthis effort has been, to put it charitably, subdued. Now, two years afterits merging, bpfilter may be in danger of being removed from the kernel asa failed experiment.
Security updates have been issued by CentOS (tomcat), Debian (intel-microcode, libphp-phpmailer, mysql-connector-java, python-django, thunderbird, and xawtv), Fedora (kernel and thunderbird), Gentoo (perl), openSUSE (libexif and vim), Oracle (dotnet, kernel, microcode_ctl, and tomcat), Red Hat (net-snmp), Scientific Linux (libexif and tomcat), Slackware (kernel), and SUSE (adns, audiofile, ed, kvm, nodejs12, and xen).
Part 1 of this series, covered somebackground on ION, DMA-BUF heaps, the DMA API, and the concept of"ownership" when it comes to handling CPU-cache maintenance, finally endingon a conventional DMA API view of how DMA-BUF cache handling should bedone. The article concluded with a discussion of why the traditional DMAAPIs can perform poorly on contemporary systems. This article completesthe series with an exploration ofsome of the approaches that DMA-BUF exporters can use to avoidunnecessary cache operations along with some rough proposals for how wemight improve things.
Greg Kroah-Hartman has announced the release of the 5.7.2, 5.6.18,5.4.46, 4.19.128, 4.14.184, 4.9.227, and 4.4.227 stable kernels. These containmitigations for the special register buffer datasampling (SRBDS) hardware vulnerability, as well as other fixeselsewhere in the trees. Users of those series should upgrade.
Security updates have been issued by CentOS (kernel and microcode_ctl), Debian (roundcube), Mageia (coturn, cups, libarchive, libvirt, libzypp, nghttp2, nrpe, openconnect, perl, python-typed-ast, ruby-rack, ruby-RubyGems, sudo, vino, wpa_supplicant, and xawtv), openSUSE (firefox, gnutls, GraphicsMagick, ucode-intel, and xawtv), Oracle (dotnet3.1 and kernel), Red Hat (curl, expat, file, gettext, kernel, kpatch-patch, libexif, pcs, python, tomcat, tomcat6, and unzip), Scientific Linux (kernel and microcode_ctl), SUSE (kernel), and Ubuntu (intel-microcode and sqlite3).
The Internet of Things (IoT) push continues to expand as tens of thousands of different internet-enabled devices from light bulbs to dishwashers reach consumers' homes. Home Assistantis an open-source project to make the most of all of those devices, potentially with no data being shared with third parties.
Kees Cook has been doing some thinking about plans for new seccomp features to work on soon. There werefour separate areas that he was interested in, which he detailed in alengthy mid-May message on the linux-kernel mailing list. One of thosefeatures, deep argument inspection, has been covered here before, but it would seem that weare getting closer to a resolution on how that all will work.
The Debian Med team joined a COVID-19 Biohackathon last April and isplaning on doing it again on June 15-21.A recently shared pre-publication draft paper highlights whichsoftware tools are considered useful "to Accelerate SARS-CoV-2 andCoronavirus Research". Many of these tools would benefit from beingpackaged in Debian and all the advantages that Debian brings for bothusers and upstream alike.As in the first sprint most tasks do not require any knowledge ofbiology or medicine, and all types of contributions are welcome: bugtriage, testing, documentation, CI, translations, packaging, and codecontributions.
We have not had a new CPU vulnerability for a little while — a situationthat was clearly too good to last. The mainline kernel has just mergedmitigations for the "special register buffer data sampling" vulnerabilitywhich, in short, allows an attacker to spy on the random numbers obtainedby others. In particular, the results of the RDRAND instructioncan be obtained via a speculative attack.The mitigation involves more flushing and the serialization ofRDRAND. That means a RDRAND instruction will take longerto run, but it also means that RDRAND requires locking across thesystem, which will slow things considerably if it is executed frequently.There are ways to turn the mitigations off, of course. See this new kernel document for moreinformation.These fixes are currently queued to be part of the5.7.2,5.6.18,5.4.46,4.19.128,4.14.1844.9.227,4.4.227, and3.16.85stable updates.
TechRepublic interviewed Lenovo's general manager and executive director of the Workstation & Client AI Group Rob Herman about the company's plans to begin optionally pre-loading enterprise versions of the Red Hat and Ubuntu Linux distributions across its P Series ThinkPad and ThinkStation products, putting Linux on parity with Microsoft Windows for those product lines. "'Around the workstation and what I would call the performance computing world, the world is really changing [...] We're starting to see a lot more use of data science and AI workloads on performance client products like workstations, [and] we're seeing software development need the ability for more customization and flexibility.' This is where Linux and the power of open source come into the picture, says Herman. This is particularly crucial in artificial intelligence data science and content creation applications, areas Lenovo is eager to tap. 'Overall, we see content creators looking for an edge, looking for a new way, a new platform to develop on,' says Herman. 'The number of Linux users is increasing year on year, so from a market standpoint, we see it's the right time to do it.'"
Security updates have been issued by Debian (libpam-tacplus), Gentoo (gnutls), Oracle (unbound), Scientific Linux (freerdp and unbound), and SUSE (firefox, java-11-openjdk, java-1_7_0-openjdk, java-1_8_0-openjdk, nodejs10, and ruby2.1).
Version 5.19 ofthe KDE Plasma desktop is out. "In this release, we have prioritizedmaking Plasma more consistent, correcting and unifying designs of widgetsand desktop elements; worked on giving you more control over your desktopby adding configuration options to the System Settings; and improvedusability, making Plasma and its components easier to use and an overallmore pleasurable experience."
Linux capabilities empower the holder to perform a set of specificprivileged operations while withholding the full power of root access; seethecapabilities man page for a list of current capabilities and what theycontrol. There have been no capabilities added to the kernel since CAP_AUDIT_READwas merged for 3.16 in 2014. That's about to change with the 5.8 release,though, which is set to contain two new capabilities; yet another iscurrently under development.
Security updates have been issued by Debian (cups, dbus, gnutls28, graphicsmagick, libupnp, and nodejs), Fedora (gnutls, kernel, libarchive, php-phpmailer6, and sympa), openSUSE (axel, GraphicsMagick, libcroco, libreoffice, libxml2, and xawtv), Oracle (bind, firefox, freerdp, and kernel), Red Hat (bind, freerdp, and unbound), Scientific Linux (firefox), SUSE (dpdk, file-roller, firefox, gnuplot, libexif, php7, php72, slurm_20_02, and vim), and Ubuntu (gnutls28).
Alyssa Rosenzweig providesan update on the Panfrost driver for Mali GPUs on the Collabora blog."In the past 3 months since we began work on Bifrost, fellowCollaboran Tomeu Vizoso and I have progressed from stubbing out the newcompiler and command stream in March to running real programs byMay. Driven by a reverse-engineering effort in tandem with the freesoftware community, we are confident that against proprietary blobs anddownstream hacks, open-source software will prevail."
Just over 7,500 non-merge changesets have been pulled into the mainlinerepository since the opening of the 5.8 merge window — not a small amountof work for just four days. The early pulls are dominated by thenetworking and graphics trees, but there is a lot of other material inthere as well. Read on for a summary of what entered the kernel in thefirst part of this development cycle.
Security updates have been issued by CentOS (bind, firefox, and freerdp), Debian (netqmail and python-django), Fedora (cacti, cacti-spine, dbus, firefox, gjs, mbedtls, mozjs68, and perl), Oracle (freerdp and kernel), Scientific Linux (bind and firefox), Slackware (mozilla), SUSE (krb5-appl, libcroco, libexif, libreoffice, libxml2, qemu, transfig, and vim), and Ubuntu (firefox, freerdp, and python-django).
Recently, the DMA-BUF heapsinterface was added to the 5.6 kernel. Thisinterface is similar to ION,which has been used for years by Android vendors. However, in trying to move vendors touse DMA-BUF heaps, we have begun to see how the DMA API modeldoesn't fit well for modern mobile devices. Additionally, the lack of clearguidance in how to handle cache operations efficiently, results in vendorsusing custom device-specific optimizations that aren't generic enough foran upstream solution. This article will describe the nature of theproblem; the upcoming second installment will look at the path toward asolution.
The PHP language is widely used in solving some of the most interestingtechnical problems on the web. But for a language with widespread use, itis unique — or at least an outlier — in the way it's governed compared toother open-source projects. Unlike others, PHP governance has grown intosomething fairly democratic for a project its size, allowing almost anyoneto bring an idea to the table. If it's popular enough, that idea can findits way into a future release. That is, of course, as long as there is adeveloper to put in the work to make it happen.
The FreeNAS distribution implements network-attached storage on top of theZFS filesystem; it was reviewed here backin 2015. FreeNAS has always been based on FreeBSD, but now iXsystems, thecompany behind this system, has announceda new version, called TrueNAS SCALE, that will be based on Debian."Linux is a key requirement to achieve some of the SCALE projectgoals". More information about those goals will evidently beforthcoming in the future.
In the kernel graphics world, there has been a longstanding "line in the sand" that disallows mergingkernel drivers without a corresponding free-software user-space driver. The idea is thatnot having a way to test the full functionality means that the kerneldevelopers cannot verify the proper functioning and security of thedriver; changes to the kernel driver may lead to unforeseen (anduntestable) problems on the user-space side. More recently, though, wehave seen other types of devices with complex drivers, but no useful freeuser-space piece, that have been proposed for inclusion into the kernel;at least one was merged, but the tide has perhaps turned against those typesof drivers at this point—or some of them, anyway.
Security updates have been issued by Fedora (java-11-openjdk, perl-Email-MIME, perl-Email-MIME-ContentType, and slurm), openSUSE (imapfilter, mailman, and python-rpyc), Red Hat (bind and firefox), SUSE (evolution-data-server, python, qemu, and w3m), and Ubuntu (python-django).
Devuan Beowulf 3.0.0 has been released. This version is based on Debian10.4 Buster, with eudev and elogind to replace aspects of systemd. Optionalalternatives runit and openrc are also available.
The 5.7 kernel was released onMay 31. By all appearances this was a normal development cycle,unaffected by the troubles in the wider world. Still, there are things tobe learned by looking at where the code came from this time around. Readon for LWN's traditional look at who contributed to 5.7, who supported thatwork, and the paths by which it got into the mainline.
Firefox 77.0 has been released. Among the new things in this release, LWNreaders may be most interested in the new about:certificate pagewhere you can view and manage web certificates. See the releasenotes for details.
Security updates have been issued by Arch Linux (ant, bind, freerdp, and unbound), CentOS (bind, freerdp, and git), Debian (python-httplib2), Fedora (ant, kernel, sqlite, and sympa), openSUSE (java-11-openjdk and qemu), Oracle (bind), Red Hat (freerdp), Scientific Linux (python-pip and python-virtualenv), Slackware (firefox), SUSE (qemu), and Ubuntu (Apache Ant, ca-certificates, flask, and freerdp2).
The FSGSBASEpatch series is up to its thirteenth version as of late May. Itenables some "new" instructions for the x86 architecture, opening the way for a number ofsignificant performance improvements. One might think that such a patchseries would be a shoo-in, but FSGSBASE has had a troubled history;meanwhile, the delays in getting it merged may have led to a number ofusers installing root holes on their Linux systems in the hope of improvingsecurity.
Security updates have been issued by Debian (bind9, dosfstools, gst-plugins-good0.10, gst-plugins-ugly0.10, json-c, php-horde, php-horde-gollem, salt, and sane-backends), Fedora (drupal7, marked, NetworkManager, and wireshark), Mageia (gdb, jasper, and json-c), openSUSE (freetds, jasper, libmspack, mariadb-connector-c, sysstat, and trousers), Red Hat (bind), Scientific Linux (bind and freerdp), and SUSE (file-roller and java-11-openjdk).
Linus has released the 5.7 kernel right onschedule. Headline features in 5.7 includex86 split-lock detection,thermal-pressure management,frequency invariance in the load-trackingcode,coexistence between BPF and realtimepreemption,support for BPF security hook programs (formerly called the KRSI security module),a new, Microsoft-blessed exFAT filesystem implementation, and more.The final patch to be merged was this one deprecatingthe long-standing 80-column limit for kernel source.See the KernelNewbies 5.7 page forlots of details.
The Linux deadline scheduler supports realtime systems whereapplications need tobe sure of getting their work done within a specific period of time. Itallocates CPU time to deadline tasks in such a way as to ensure that eachtask's specific timing constraints are met.However, the currentimplementation does not work well on asymmetric CPU configurations like Arm'sbig.LITTLE. Dietmar Eggemann recently posteda patch set to address this problem by adding the notion of CPUcapacity to the deadline scheduler.
Security updates have been issued by Debian (libexif and tomcat8), Fedora (python38), openSUSE (libxslt), Oracle (git), Red Hat (bind, freerdp, and git), Scientific Linux (git), SUSE (qemu and tomcat), and Ubuntu (apt, json-c, kernel, linux, linux-raspi2, linux-raspi2-5.3, and openssl).
In traditional build tools like Make, targets and dependencies are alwaysfiles. Imagine if you could specify an entire tree (directory) as adependency: You could exhaustively specify a "build root" filesystem containingthe toolchain used for building some target as a dependency of that target.Similarly, a rule that creates that build root would have the tree as itstarget.Using Merkletrees as first-class citizens in a build system gives greatflexibility and many optimization opportunities. In this article, guest author David Röthlisbergerexplores this idea using OSTree,Ninja, and Python.
Security updates have been issued by Fedora (dovecot, dpdk, knot-resolver, and unbound), Mageia (ant, libexif, and php), SUSE (libmspack), and Ubuntu (php5, php7.0, php7.2, php7.3, php7.4 and unbound).
The Python Language Summit is an annual gathering for the developers ofvarious Python implementations, though, this year, the gathering actuallyhappened via videoconference—as with so many other conferences due to the pandemic.The invite-only gathering typically has numerous interesting sessions, ascan be seen in the LWN coverage ofthe summit from 2015 to 2018, as well as in the 2019 summit coverageon the Python SoftwareFoundation (PSF) blog. Those writeups were penned by A. Jesse JiryuDavis, who reprised his role for thisyear's summit. In this article, I will summarize some of the sessions that caught my eye.
Kees Cook takesa look some changes improving security in Linux 5.5. Topics includerestrict perf_event_open() from LSM, generic fast fullrefcount_t, linker script cleanup for exception tables, KASLR for32-bit PowerPC, seccomp for RISC-V, and more.
LWN.net