In a series of posts on his blog, Oscar Benjamin looks at SymPy, which is a Python-based symbolic-mathematics library. In the first article, he outlines the "big changes for SymPy with particular focus on speed". The second covers polynomial handling; subsequent articles will examine other pieces of the puzzle.
The work to add support for large anonymousfolios to the kernel has been underway for some time, but this featurehas not yet landed in the mainline. The author of this work, Ryan Roberts,has been trying to get a handle on what the remaining obstacles are so hecan address them. On September6, an online meeting ofmemory-management developers discussed that topic and made some progress;there is still some work to do, though, before large anonymous folios cango upstream.
Security updates have been issued by Debian (chromium, libssh2, memcached, and python-django), Fedora (netconsd), Oracle (firefox and thunderbird), Scientific Linux (firefox), SUSE (open-vm-tools), and Ubuntu (grub2-signed, grub2-unsigned, shim, and shim-signed, plib, and python2.7, python3.5).
The Ubuntu blog has adetailed article on plans to add full-disk encryption, with the keystored in the system's trusted platform module (TPM), to the desktopdistribution.
OpenSUSE Leap is a hybriddistribution; it is based on SUSE's enterprise distribution (SLE), whichfollows the "slow and stable" approach, but adds a number of newer packageson top. Leap is intended to be a desktop-oriented distribution with a stableand reliable base. As SUSE transitions away from its traditionalenterprise distribution toward its "AdaptableLinux Platform" (ALP), though, the stable base upon which openSUSE Leapis built is going away. The openSUSE community is currently discussing howthe project should respond.
Security updates have been issued by Fedora (erofs-utils, htmltest, indent, libeconf, netconsd, php-phpmailer6, tinyexr, and vim), Red Hat (firefox), and Ubuntu (linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15, linux-azure, linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-intel-iotg-5.15, linux-raspi, linux-oem-6.1, linux-raspi, linux-raspi-5.4, shiro, and sox).
A recent discussion on the Python forum looked at a way toprotect module objects (and users) from mistaken attribute assignment anddeletion. There are ways to get the same effect today, but the mechanism that would be used causes aperformance penalty for an unrelated, and heavily used, action: attributelookup on modules. Back in2017, PEP562 ("Module __getattr__and __dir__") set the stage for adding magic methods to module objects; nowa new proposal would extend that idea to add __setattr__() and__delattr__() to them.
Leandro Moreira is maintaining adetailed description of Linux network tuning parameters and how theyall tie together. There is a lot of good information for administratorsseeking a better understanding of how all those knobs work andinteroperate. (Seen on HN).
The Linux Vendor Firmware Service (LVFS)provides a repository where vendors can upload firmware updates that can beaccessed by the fwupdfirmware update daemon on Linux systems. That mechanism allows users to keepthe hardware components of their systems up to date with the latest firmwarereleases, but it has gotten so popular that the daily metadata queries are starting to swamp the LVFScontent delivery network (CDN) server. So Richard Hughes, who developedfwupd and LVFS, suggestedthat it would make sense to start looking at ways to reduce that burden;the idea was discussed in a recent thread on the Fedora devel mailing list.
Security updates have been issued by Debian (file and thunderbird), Fedora (exercism, libtommath, moby-engine, and python-pyramid), Oracle (cups and kernel), Red Hat (firefox, kernel, kernel-rt, kpatch-patch, and thunderbird), SUSE (amazon-ecs-init, buildah, busybox, djvulibre, exempi, firefox, gsl, keylime, kubernetes1.18, php7, and sccache), and Ubuntu (docker-registry and linux-azure-5.4).
The kernel-development community has recently been discussing a number ofindependent patches, each of which is intended to help improve the securityof deployed systems in some way. They touch on a number of areas within thekernel, including the question of how widely io_uring should be available,how to allow virtual machines to attest to their integrity, and the bestway to inform applications when their random-number generators need to bereseeded.
Security updates have been issued by Debian (thunderbird), Fedora (firefox, kernel, kubernetes, and mediawiki), Mageia (openldap), SUSE (terraform), and Ubuntu (atftp, busybox, and thunderbird).
The6.5.1,6.4.14,6.1.51,5.15.130,5.10.194,5.4.256,4.19.294, and4.14.325stable kernel updates have all been released; each contains another set ofimportant fixes.
The pidfd API has been added to the kernelover the last several years to provide a race-free way for processes torefer to each other. While the GNU C Library (glibc) gainedbasic pidfd support with the 2.36 release in 2022, it still lacks acomplete solution for race-free process creation. Thispatch set from Adhemerval Zanella seems likely to fill that gap in thenear future, though, with an extension to the posix_spawn()API.
Security updates have been issued by Debian (chromium, firefox-esr, and gst-plugins-ugly1.0), Fedora (firefox, libeconf, libwebsockets, mosquitto, and rust-rustls-webpki), SUSE (amazon-ssm-agent, open-vm-tools, and terraform-provider-helm), and Ubuntu (linux-azure, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp-5.15, linux-gcp-5.4, linux-oracle-5.4, linux-gkeop, linux-gkeop-5.15, linux-intel-iotg, linux-kvm, linux-oracle, and python-git).
As of this writing, 4,588 non-merge changesets have been pulled into themainline repository for the 6.6 kernel release. The 6.6 merge window, inother words, is just getting started. Nonetheless, a fair amount ofsignificant work has already been pulled, so the time has come to summarizewhat has happened so far in this development cycle.
Security updates have been issued by Debian (firefox-esr, json-c, opendmarc, and otrs2), Red Hat (java-1.8.0-ibm and kpatch-patch), Scientific Linux (kernel), Slackware (mozilla), SUSE (haproxy, php7, vim, and xen), and Ubuntu (elfutils, frr, and linux-gcp, linux-starfive).
A series of rabbit holes, some of which led to unshavedyaks, recently landed me on a book called Mastering Emacs.Given that I have been using Emacs "professionally" for more than16years-and first looked into it a good ways into the previous century-Ishould probably be pretty well-versed in that editor-cum-operating-system.Sadly, for a variety of reasons, that is not really true, but the book andsome concerted effort have been helping me down a path toward Emacs-ianenlightenment. Mastering Emacs may also help others who arestruggling in the frothy sea that makes up Emacs documentation.
"Sugar" is, to a certain extent, in the eye of the beholder-at least whenit comes to syntax. Programming languages are often made up of a (mostly)irreducible core, with lots of sugary constructs sprinkled on top-the syntactic sugar. No onewants to be forced to do without the extra syntax-at least not for theirfavorite pieces-but it is worth looking at how a language's constructs canbe built from the core. That is just what Brett Cannon has been doing forPython, on his blog and in talks,including a talk at PyCon back in April (YouTube video).
Security updates have been issued by Debian (flask-security and opendmarc), Fedora (qemu), Oracle (rust and rust-toolset:ol8), Red Hat (cups and libxml2), Scientific Linux (cups), SUSE (ca-certificates-mozilla, chromium, clamav, freetype2, haproxy, nodejs12, procps, and vim), and Ubuntu (faad2, json-c, libqb, linux, linux-aws, linux-lts-xenial, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, and linux-gke, linux-ibm-5.4).
The OpenChain site carries the sad news of thepassing of Satoru Ueda. Your editor first met Ueda San at the 2007 Linux Foundation Japan Symposium, where asmall group of dedicated developers and managers was working hard to bringopen-source development practices to the country. Ueda San was always astrong advocate for this cause and deserves much credit for the success ofLinux and open source in Japan. He was also always a warm and welcomingperson; he will be much missed.
The 6.5 kernel was releasedon August27 after a nine-week development cycle. By that time, some13,561 non-merge changesets had found their way into the mainlinerepository, the lowest number seen since the 5.15 release (12,377changesets) in late 2021. Nonetheless, quite a bit of significant work wasdone in this cycle; read on for a look at where that work came from.
August 26 was the 25th anniversary of the release of the Bugzilla bug tracker as open-source software under the Mozilla Public License (MPL). A blog post for the occasion has some announcements, including several upcoming releases, help wanted, and a new legal entity to house the project:
Security updates have been issued by Debian (chromium, clamav, librsvg, rar, and unrar-nonfree), Fedora (caddy, chromium, and xen), and SUSE (ca-certificates-mozilla, gawk, ghostscript, java-1_8_0-ibm, java-1_8_0-openjdk, php7, qemu, and xen).
The6.1.48,5.15.128, and5.10.192stable kernels have been released; each contains another set of importantfixes.Update: 6.1.49 has also beenreleased. "This upgrade is only for all users of the 6.1 series thatuse the x86 platform OR the F2FS file system. If that's not you, feel freeto ignore this release."
The OpenTF Foundation has announced that it is moving forward with its eponymous fork of HashiCorp Terraform, which was recently changed to a non-FOSS license by the company. The organization has applied to become part of the Linux Foundation, "with the end goal of having OpenTF as part of Cloud Native Computing Foundation". There is a GitHub repository for its manifesto, but the code repository for OpenTF is private for now, with plans to open it up in the next week or two. Work has been going on for the last week and more developers are coming on board:
The more one pays attention to the Internet of Things (IoT), the more onelearns to appreciate simple, unconnected devices. Your editor long agoacquired an aversion to products that advertise themselves as "smart"or "WiFi-enabled". There can be advantages, though, to devices thatcontain microprocessors, are Internet connected, and are remotelyaccessible, if they are implemented well. The OpenSprinkler sprinkler timer wouldappear to be a case in point.
The kernel's software I/O translation lookaside buffer ("swiotlb") is anobscure corner of the DMA-support layer. The swiotlb was initiallyintroduced to enable DMA for devices with special challenges, and one mighthave expected it to fade away as newer peripherals came along. Instead,though, the swiotlb has turned out to be useful in places outside of itsoriginal use cases. Thispatch set from Petr Tesarik now aims to update the swiotlb with an eyetoward its continuing use indefinitely into the future.
Greg Kroah-Hartman has announced the release of two new stable kernels: 6.4.12 and 6.1.47. Both contain lots of important fixesthroughout the kernel tree.
Over the years, there have been multiple examples of open-source softwarethat, suddenly, was no longer open source; on August10, some furtherexamples were added to the pile. That happened when HashiCorp announcedthat it would be switching the license on its products from the Mozilla PublicLicense2.0 (MPL) to the Business Source License1.1(BSL or BUSL). At least one of the products affected by the change, the Terraform infrastructure-automationtool, has attracted an effort to continue it as an open-source tool in theform of a fork that would be maintained by the nascent OpenTF Foundation. That seems like asensible reaction to the move, but it also helps serve up yet anotherreminder that code which is controlled by a single entity is normallyalways at risk of suchadverse changes.
Security updates have been issued by Debian (mediawiki and qt4-x11), Fedora (java-17-openjdk, linux-firmware, and python-yfinance), Red Hat (kernel, kpatch-patch, and subscription-manager), SUSE (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and Ubuntu (inetutils).
ThePineTime is an inexpensivesmartwatch developed by PINE64 that isdesigned to run open-source operating systems. Despite its low cost, however,it has most of the features expected from more expensive, proprietarysmartwatches. Because it runs open-source software, though, interesteddevelopers can add any other useful features that they dream up.
Making a filesystem implementation robust in the face of maliciouslycreated filesystem images is a challenging task even when theimplementation is actively maintained, which many in the kernel are not. There is a way tomake that task even harder, though: modify that filesystem image behind theimplementation's back while it is mounted. A recent discussion on thelinux-fsdevel list reveals an ongoing disagreement over whether (and how)this threat should be addressed.
The Document Foundationhas announcedthe release of LibreOffice7.6 Community. It is the last releaseusing the existing numbering scheme as the office suite will move to date-basedrelease numbers starting with LibreOffice24.2 inFebruary,2024. Highlights of this release include support fordocument themes, including import and export of them, a new navigationpanel for Impress and Draw, zoom-gesture support, font-handlingimprovements, and lots more; the releasenotes have all the details.
Security updates have been issued by Debian (fastdds, flask, and kernel), Fedora (chromium, dotnet6.0, dotnet7.0, gerbv, java-1.8.0-openjdk, libreswan, procps-ng, and spectre-meltdown-checker), SUSE (chromium, kernel-firmware, krb5, opensuse-welcome, and python-mitmproxy), and Ubuntu (clamav, firefox, and vim).
LWN.net