LWN.net

Security updates have been issued by Debian (krb5), Fedora (galera, mariadb, and mingw-python3), Red Hat (389-ds:1.4, kernel, kernel-rt, kpatch-patch, krb5, and usbguard), Scientific Linux (krb5), Slackware (kernel), SUSE (binutils, dbus-1, exiv2, freerdp, git, java-1_8_0-ibm, kernel, libarchive, libdb-4_8, libmspack, nginx, opencc, python, python3, rxvt-unicode, sudo, supportutils, systemd, vim, and webkit2gtk3), and Ubuntu (bind9, gnutls28, libsamplerate, linux-gcp-5.4, perl, pixman, shadow, and sysstat).

As of late, concerns about the future of Twitter have caused many of itsusers to seek alternatives. Amid this upheaval, an open-sourcemicroblogging service called Mastodon has received a great deal ofattention. Mastodon is not reliant on any single company or centralauthority to run its servers; anyone can run their own. Servers communicatewith each other, allowing people on different servers to send each othermessages and follow each other's posts. Mastodon doesn't just talk toitself, though; it can exchange messages with anything that speaks the ActivityPub protocol.There are many such implementations, so someone who wants to deploy their ownmicroblogging service enjoys a variety of choices.

Asahi Lina gives a detailedupdate on progress toward a graphics driver for Apple M1 hardware.

Lucien Cartier-Tilet looksforward to the upcoming Emacs 29 release.

Security updates have been issued by Debian (frr, gerbv, mujs, and twisted), Fedora (nodejs and python-virtualbmc), Oracle (dotnet7.0, kernel, kernel-container, krb5, varnish, and varnish:6), SUSE (busybox, python3, tiff, and tomcat), and Ubuntu (harfbuzz).

The BPF subsystem, which allows code to be loaded into the kernel from userspace and safely executed in the kernel context, is bound to create a number ofchallenges for the kernel as a whole. One might not think that allocatingmemory for BPF programs would be high on the list of problems, but life(and memory management) can be surprising. The attempts to do a better jobof providing space for compiled BPF code have, to date, only been partiallysuccessful; now Song Liu is back with a newapproach to finish the job.

FFmpeg is an indispensable tool forworking with audio and video streams, but it can be challenging to learn to use well.FFmpeg — TheUltimate Guide, posted by Csaba Kopias, can help. "This guidecovers the ins and outs of FFmpeg starting with fundamental concepts andmoving to media transcoding and video and audio processing providingpractical examples along the way."

Security updates have been issued by Debian (chromium, commons-configuration2, graphicsmagick, heimdal, inetutils, ini4j, jackson-databind, and varnish), Fedora (drupal7-i18n, grub2, kubernetes, and python-slixmpp), Mageia (botan, golang, kernel, kernel-linus, radare2/rizin, and xterm), Red Hat (krb5, varnish, and varnish:6), SUSE (busybox, chromium, erlang, exiv2, firefox, freerdp, ganglia-web, java-1_8_0-openj9, nodejs12, nodejs14, opera, pixman, python3, sudo, tiff, and xen), and Ubuntu (libice and shadow).

The 6.1-rc7 kernel prepatch has beenreleased for testing.

Greg Kroah-Hartman has released the 5.10.156, 5.4.225, 4.19.267, 4.14.300, and 4.9.334 stable kernels. As usual, theycontain important fixes throughout the kernel tree.Update: 6.0.10 and 5.15.80 were released on November 26.

Security updates have been issued by Fedora (firefox), Mageia (dropbear, freerdp, java, libx11, and tumbler), Slackware (ruby), SUSE (erlang, grub2, libdb-4_8, and tomcat), and Ubuntu (exim4, jbigkit, and tiff).

Security updates have been issued by Debian (vim), Fedora (drupal7-context, drupal7-link, firefox, xen, xorg-x11-server, and xorg-x11-server-Xwayland), Oracle (container-tools:ol8, device-mapper-multipath, dotnet7.0, firefox, hsqldb, keylime, podman, python3.9, python39:3.9, thunderbird, and xorg-x11-server), SUSE (exiv2-0_26, keylime, libarchive, net-snmp, nginx, opensc, pixman, python-joblib, strongswan, and webkit2gtk3), and Ubuntu (expat, imagemagick, mariadb-10.3, mariadb-10.6, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, xwayland).

The 4.19.266 stable kernel update has beenreleased; it consists entirely of backported fixes forspeculative-execution vulnerabilities.

Security updates have been issued by Debian (heimdal, libarchive, and nginx), Fedora (varnish-modules and xterm), Red Hat (firefox), Scientific Linux (firefox, hsqldb, and thunderbird), SUSE (Botan, colord, containerized-data-importer, ffmpeg-4, java-1_8_0-ibm, krb5, nginx, redis, strongswan, tomcat, and xtrabackup), and Ubuntu (apr-util, freerdp2, and sysstat).

For those who are waiting for Linux on Apple hardware, the Asahi Linuxproject has put out a detailedreport on progress toward a working kernel and distribution.

The Document Foundation has announcedthe hiring of a quality-assurance analyst, bringing its staff up to 13people.

Security updates have been issued by Debian (ntfs-3g), Fedora (krb5 and samba), Gentoo (firefox-bin, ghostscript-gpl, pillow, sudo, sysstat, thunderbird-bin, and xterm), Red Hat (firefox, hsqldb, and thunderbird), SUSE (cni, cni-plugins, and krb5), and Ubuntu (isc-dhcp and sqlite3).

Security updates have been issued by Debian (graphicsmagick and krb5), Fedora (dotnet6.0, js-jquery-ui, kubernetes, and xterm), Gentoo (php and postgresql), Mageia (php-pear-CAS, sysstat, varnish, vim, and x11-server), Red Hat (thunderbird), SUSE (389-ds, binutils, dpkg, firefox, frr, grub2, java-11-openjdk, java-17-openjdk, kernel, kubevirt stack, libpano, nodejs16, openjpeg, php7, php74, pixman, python-Twisted, python39, rubygem-loofah, sccache, sudo, thunderbird, tor, and tumbler), and Ubuntu (flac, git, linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4, linux-gcp, linux-gcp-4.15, and linux-gcp-5.15, linux-gke-5.15, linux-intel-iotg, linux-raspi).

The 6.1-rc6 kernel prepatch is out fortesting.

Even a single kernel oops is never a good thing; it is an indication that something hasgone badly wrong in the system somewhere and a straightforwardrecovery is not possible. But it seems that oopsing a large numberof times has the potential to be even worse. To head off problems thatmight result from repeated oopsing, thereis currently work afoot to put an upper limit on the number of times thatthe kernel can be allowed to oops before just giving up and rebooting.

Libre Arts looks atthe GIMP as the 3.0 release approaches.

The Register looksat the discussion around the GNU Tools Infrastructure proposal.

Security updates have been issued by Debian (asterisk, firefox-esr, php-phpseclib, phpseclib, python-django, and thunderbird), Fedora (grub2, samba, and thunderbird), Mageia (firefox, sudo, systemd, and thunderbird), Slackware (freerdp), SUSE (firefox, go1.18, go1.19, kernel, openvswitch, python-Twisted, systemd, and xen), and Ubuntu (expat, git, multipath-tools, unbound, and webkit2gtk).

The merge window for the 6.1 release brought in basic support for writing kernel code in Rust— with an emphasis on "basic". It is possible to create a "hello world"module for 6.1, but not much can be done beyond that. There is, however, alot more Rust code for the kernel out there; it's just waiting for its turn to bereviewed and merged into the mainline. Miguel Ojeda has now posted the nextround of Rust patches, adding to the support infrastructure in thekernel.

Security updates have been issued by Debian (firefox-esr and thunderbird), Fedora (expat, xen, and xorg-x11-server), Oracle (kernel, kernel-container, qemu, xorg-x11-server, and zlib), Scientific Linux (xorg-x11-server), Slackware (firefox, krb5, samba, and thunderbird), SUSE (ant, apache2-mod_wsgi, jsoup, rubygem-nokogiri, samba, and tomcat), and Ubuntu (firefox and linux, linux-aws, linux-aws-hwe, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon).

The LWN.net Weekly Edition for November 17, 2022 is available.

The high-frequency-trading (HFT) industry is rather tight-lipped about whatit does and how it does it, but PJ Waskiewicz of Jump Trading came to the Netdev 0x16 conference to tryto demystify some of that, especially with respect to its use ofnetworking. He wanted to contrast the needs of HFT with those of the traditional networkingas it is used outside of the HFT space. He also has some thoughts on whatthe Linux kernel could do to help address those needs so that HFT companiescould move away from some of the custom code that is currently beingdeveloped and maintained by multiple firms in the industry.

Meta has announcedthe open-source release of part of its internal source-code managementsystem, called Sapling.

The6.0.9,5.15.79, and5.10.155stable kernel updates have been released; each contains another set ofimportant fixes.

Security updates have been issued by Debian (grub2, nginx, and wordpress), Red Hat (389-ds-base, bind, buildah, curl, device-mapper-multipath, dnsmasq, dotnet7.0, dpdk, e2fsprogs, grafana-pcp, harfbuzz, ignition, Image Builder, kernel, keylime, libguestfs, libldb, libtiff, libvirt, logrotate, mingw-zlib, mutt, openjpeg2, podman, poppler, python-lxml, qt5, rsync, runc, samba, skopeo, toolbox, unbound, virt-v2v, wavpack, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), SUSE (389-ds, bluez, dhcp, freerdp, jackson-databind, kernel, LibVNCServer, libX11, nodejs12, nodejs16, php7, php8, python-Mako, python-Twisted, python310, sudo, systemd, and xen), and Ubuntu (mako).

The scalability of Linus Torvalds was arecurring theme during Linux's early years; these days maintainer strugglesare a recognized problem within open-sourcecommunities in general. It is thus not surprising that Sean Christophersongave a talk at Open Source Summit Europe (and KVM Forum) with the title"Scaling KVM and its community". The talk mostly focused on KVM for thex86 architecture—the largest and most mature KVM architecture—whichChristopherson co-maintains. But it was not a technical talk: most of the content can beapplied to other KVM architectures, or even other Linux subsystems, so thatthey can avoid making the same kinds of mistakes.

Version 37of the Fedora family of distributions has been released, a few weeks laterthan originally intended.

Security updates have been issued by Fedora (kernel and webkit2gtk3), Red Hat (dhcp, dovecot, flac, freetype, fribidi, frr, gimp, grafana, guestfs-tools, httpd, kernel-rt, libtirpc, mingw-gcc, mingw-glib2, pcs, php, protobuf, python3.9, qemu-kvm, redis, speex, and swtpm), SUSE (chromium, containerized-data-importer, jhead, kubevirt stack, nodejs14, nodejs16, python-Werkzeug, and xen), and Ubuntu (golang-1.13, nginx, and vim).

NLnet Labs has put up ablog entry warning about the possible effects of the "Cyber ResilienceAct" proposal in the European Commission.

As a general rule, one need not have worked in the technology industry forlong before the value of good data backups becomes clear. Creating abackup that is truly good, though, can be a challenge if the filesystem inquestion is actively being changed while the backup process runs. Over theyears, various ways of addressing this problem have been developed, rangingfrom simply shutting down the system while backups run to a variety ofsnapshotting mechanisms. The kernel may be about to get another approachto snapshots should the blksnappatch set from Sergei Shtepa find its way into the mainline.

Security updates have been issued by Debian (dropbear, php7.4, pixman, sysstat, and xorg-server), Fedora (mingw-expat, mingw-libtasn1, and mingw-pixman), Mageia (binutils/gdb, chromium-browser-stable, exiv2, libtiff, nodejs, pcre, pixman, wayland, and webkit2), Red Hat (device-mapper-multipath and libksba), SUSE (autotrace, busybox, libmodbus, php72, python-numpy, rustup, samba, varnish, xen, and xterm), and Ubuntu (thunderbird).

Linus has released 6.1-rc5 for testing.

The Git source-code management system exists to track changes to a set offiles; the stream of commits in a Git repositoryreflects the change history of those files. What is seen in Git, though, is thefinal form of those commits; the changes that the patches themselves wentthrough on their way toward acceptance are not shown there. That historycan have value, especially while changes are still under consideration.The proposed gitevolve subcommand is a recognition that changes themselves gothrough changes and that this process might benefit from tooling support.

Security updates have been issued by Debian (chromium and exiv2), Fedora (curl, device-mapper-multipath, dotnet6.0, mediawiki, mingw-gcc, and php-pear-CAS), Gentoo (lesspipe), Slackware (php), SUSE (git, glibc, kernel, libarchive, python, python-rsa, python3-lxml, rpm, sudo, xen, and xwayland), and Ubuntu (wavpack).

The5.4.224,4.19.265,4.14.299, and4.9.333stable kernel updates have been released; each contains another set ofimportant fixes.Note that 6.0.8,5.15.78,5.10.154went into the review process at the same time, but have not yet been released.

We have finally added a set of dark mode defaults to the customization options for the site forthose who prefer the dark side. Thanks to all the readers who have askedfor this; apologies for taking so long to do it. The defaults seem good,but we are not dark-mode users, so please let us know if you havesuggestions for improvements.Another new feature that has been requested for some time is the ability toreceive feature articles via email. These emails are currently availableto subscribers at the "Project Leader" level and higher; interestedsubscribers can sign up for the "Features" list on the mailing-lists page.

The GitHub Copilotoffering claims to assist software developers through the application ofmachine-learning techniques. Since its inception, Copilot has beenfollowed by controversies, mostly based onthe extensive use of free software to train the machine-learning engine. The announcement of aclass-action lawsuit against Copilot was thus unsurprising. The lawsuitraises all of the expected licensing questions and more;while some in ourcommunity have welcomed this attack against Copilot,it is not clear that this action will lead to good results.

Security updates have been issued by Debian (libjettison-java and xorg-server), Slackware (sysstat and xfce4), SUSE (python3 and xen), and Ubuntu (firefox).

The LWN.net Weekly Edition for November 10, 2022 is available.

At the end of our earlier article on JohnOusterhout's talk at Netdev 0x16, he had concludedthat TCP was unsuitable for data-center environments for a variety ofreasons. He also argued that there was no way to repair TCP so that itcould serve the needs of data-center networking. In order for software tobe able to use the full potential of today's networking hardware, TCP needs to bereplaced with a protocol that is different in almost every way, he said.The second half of the talk covered the Homatransport protocol that he and others at Stanford have been working onas a possible replacement for TCP in the data center.

Security updates have been issued by Debian (vim, webkit2gtk, and wpewebkit), Fedora (mingw-python3, vim, webkit2gtk3, webkitgtk, and xen), Mageia (389-ds-base, bluez, ffmpeg, libtasn1, libtiff, libxml2, and mbedtls), Red Hat (kpatch-patch and linux-firmware), SUSE (conmon, containerized data importer, exim, expat, ganglia-web, gstreamer-0_10-plugins-base, gstreamer-0_10-plugins-good, gstreamer-plugins-base, gstreamer-plugins-good, kernel, kubevirt, protobuf, sendmail, and vsftpd), and Ubuntu (libzstd, openjdk-8, openjdk-lts, openjdk-17, openjdk-19, php7.2, php7.4, php8.1, and pixman).

SSH is awell-known mechanism for accessing remote computers in asecure way; thanks to its use of cryptography, nobody can alter oreavesdrop on the communication. Unfortunately, SSH is somewhatcumbersome when connecting to a host for the first time; it's also tricky for aserver administrator to provide time-limited access to the server. SSHcertificates can solve these problems.

Version 7.0 of Texinfo, the GNU Project's documentation system, has beenreleased. There are a number of changes here, the biggest of which may bethe ability to produce output in the EPUB format.

Security updates have been issued by Debian (pixman and sudo), Fedora (mingw-binutils and mingw-gdb), Red Hat (bind, bind9.16, container-tools:3.0, container-tools:4.0, container-tools:rhel8, dnsmasq, dotnet7.0, dovecot, e2fsprogs, flatpak-builder, freetype, fribidi, gdisk, grafana, grafana-pcp, gstreamer1-plugins-good, httpd:2.4, kernel, kernel-rt, libldb, libreoffice, libtiff, libxml2, mingw-expat, mingw-zlib, mutt, nodejs:14, nodejs:18, openblas, openjpeg2, osbuild, pcs, php:7.4, php:8.0, pki-core:10.6 and pki-deps:10.6, poppler, protobuf, python27:2.7, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, qt5, redis:6, rsync, unbound, virt:rhel, virt-devel:rhel, wavpack, webkit2gtk3, xmlrpc-c, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), SUSE (exiv2, expat, rubygem-nokogiri, sudo, and vsftpd), and Ubuntu (isc-dhcp, libraw, sqlite3, and tiff).

On the surface, the kernel's internal timer mechanism would not appear tohave changed much in a long time; the core API looks quite similar to theone present in the 1.0 release. Underneath the API, naturally, quite a bitof complexity has been added over the years. The implementation of thisAPI looks to become even more complex — but faster — if and when this patch set from Anna-Maria Behnsen finds its way into the mainline.