LWN.net

Python has keyword arguments for functions that is a useful (and popular)feature; it can make reading the code more clear and eliminate thepossibility of passing arguments in the wrong order. Python can also indexan object in various ways to refer to a subset or an aspect of the object.Bringing the idea of keywords to indexing would provide a way to get the claritybenefit for indexing operations; doing so has been discussed in Pythoncircles for a long time.Some renewed interest, in the formof lengthy discussions on the python-ideas mailing list and a new Python enhancementproposal (PEP), look like they just might take keyword indexing over the finish line.

Security updates have been issued by Debian (blueman), Fedora (nodejs), Gentoo (firefox), openSUSE (kleopatra), Oracle (java-1.8.0-openjdk), SUSE (apache2, binutils, firefox, pacemaker, sane-backends, spice, spice-gtk, tomcat, virt-bootstrap, xen, and zeromq), and Ubuntu (ca-certificates, mariadb-10.1, mariadb-10.3, netty, openjdk-8, openjdk-lts, perl, and tomcat6).

Address-space isolation is the technique of removing a range of memory fromone or more address spaces as a way of preventing accidental or maliciousaccess to that memory. Since the disclosure of the Meltdown and Spectrevulnerabilities, the kernel has used one formof address-space isolation to make kernel memory completelyinaccessible to user-space processes, for example. There has been a steadylevel of interest in using similar techniques to protect memory in othercontexts; two patches implementing new isolation mechanisms are gettingcloser to being ready for merging into the mainline kernel.

Security updates have been issued by Debian (thunderbird), Fedora (createrepo_c, dnf-plugins-core, dnf-plugins-extras, librepo, livecd-tools, and pdns-recursor), openSUSE (firefox and mailman), Oracle (firefox), Red Hat (chromium-browser, java-1.8.0-openjdk, and Satellite 6.8), Scientific Linux (java-1.8.0-openjdk), SUSE (libvirt), and Ubuntu (blueman, firefox, mysql-5.7, mysql-8.0, php7.4, and ruby-kramdown).

The Fedora 33release is now available in a variety of editions, including the newly promoted IoT edition. "No matterwhat variant of Fedora you use, you’re getting the latest the open sourceworld has to offer. Following our 'First' foundation, we’ve updated keyprogramming language and system library packages, including Python 3.9,Ruby on Rails 6.0, and Perl 5.32. In Fedora KDE, we’ve followed the work inFedora 32 Workstation and enabled the EarlyOOM service by default toimprove the user experience in low-memory situations.To make the default Fedora experience better, we’ve set nano as the defaulteditor." A number of the more significant Fedora 33 changeswere covered here in June.

Linus Walleij continues his series of blog posts on the 32-bit Arm kernelwith thisdetailed description about how page tables work. "The Linuxkernel will act as if 5 levels of page tables exist. This is of coursegrossly over-engineered for ARM32 which has 2 or 3 levels of page tables,but we need to cater for the rest of the world. One size fits all. Inpractice, the code is organized such that these page tables 'fold' and wemostly skip over the intermediate translation steps when possible."

Linus Torvalds released5.10-rc1 and closed the 5.10 merge window on October 25; by that time, 13,903 non-merge changesets hadbeen pulled into the mainline repository. Of those, over 6,700 were mergedsince LWN's summary of the first half ofthe merge window. A fair number of interesting features found their wayinto the kernel among those commits; read on to catch up with what's comingin 5.10.

Security updates have been issued by Debian (fastd, freetype, openjdk-11, phpmyadmin, and thunderbird), Fedora (ant, firefox, freetype, kde-partitionmanager, kpmcore, mupdf, python-PyMuPDF, singularity, suricata, and zathura-pdf-mupdf), Mageia (claws-mail, nss, firefox, pdns-recursor, and thunderbird), openSUSE (atftp, chromium, firefox, freetype2, gnutls, hunspell, kleopatra, and opera), Oracle (firefox, java-11-openjdk, and kernel), Red Hat (firefox and kpatch-patch), SUSE (bluez, firefox, glibc, libcdio, rmt-server, and SDL), and Ubuntu (freetype, pam-python, and perl).

Linus has released 5.10-rc1 and closed themerge window for this development cycle. "This looks to be a bigger release than I expected, and while the mergewindow is smaller than the one for 5.8 was, it's not a *lot* smaller.And 5.8 was our biggest release ever."

Version 10.1 of the GDB debugger is out. Changes include support fordebugging BPF programs, GDBserver support on the RISC-V architecture, andsupport for "debuginfod", which is "an HTTP server for distributing ELF/DWARF debugging information as well as source code."

GNU Autoconf, awidely used build tool that shines at compatibility with avariety of Unixes, has accumulated many improvements since its last releasein 2012 — and there are patches awaiting review. While many projects have switched toother build systems, interest in Autoconf remains. Now, a small team(disclaimer: including article author Sumana Harihareswara) is rejuvenating it, working through somedeferred maintenance and code review. A testablebeta is now out, a new stable release is due in early November, andinterested parties can build on this momentum to further refresh the restof the GNUBuild System (also known as Autotools).

Security updates have been issued by Gentoo (freetype), openSUSE (mailman), Red Hat (firefox, java-11-openjdk, OpenShift Container Platform 3.11.306 jenkins, and rh-maven35-jackson-databind), SUSE (kernel, mercurial, openldap2, python-pip, and xen), and Ubuntu (firefox, netty-3.9, and python-pip).

The Ubuntu 20.10 release is out. "The Ubuntu kernel has been updated to the 5.8 based Linux kernel, andour default toolchain has moved to gcc 10 with glibc 2.32. Additionally,there is now a desktop variant of the Raspberry Pi image for RaspberryPi 4 4GB and 8GB.Ubuntu Desktop 20.10 introduces GNOME 3.38, the fastest release yet withsignificant performance improvements delivering a more responsiveExperience". See therelease notes for more details.

The seccomp()system call allows user space to load one or more (classic) BPF programsto be run whenever the calling process invokes a system call. Thoseprograms can examine (to an extent) thearguments to each call and inform the kernel whether the call should beallowed to proceed or not. This feature is used in a number ofcontainerization solutions (and beyond) as a way of reducing the kernel'sattack surface. In some situations, though, using seccomp() can resultin a significant performance reduction. There are currently two patch setsin circulation that are aimed at reducing the overhead ofseccomp() for one common use case.

Security updates have been issued by Arch Linux (freetype2), Debian (bluez, firefox-esr, and freetype), Fedora (firefox), openSUSE (chromium), Oracle (kernel), Red Hat (java-11-openjdk), Slackware (kernel), SUSE (freetype2, gnutls, kernel, php7, and tomcat), and Ubuntu (flightgear, italc, libapache2-mod-auth-mellon, libetpan, and php-imagick).

The LWN.net Weekly Edition for October 22, 2020 is available.

Recently, PHP 8 release candidate 2 was posted by the project. A lot of changes are coming with this release, including a just-in-time compiler, a good number of backward-compatibility breaks, and new features that developers have been requesting for years. Now that the dust has settled, and the community is focusing on squashing bugs for the general-availability release scheduled for November 26, it's a good time to look at what to expect.

Security updates have been issued by Arch Linux (kdeconnect, kernel, kpmcore, lib32-freetype2, linux-hardened, linux-lts, linux-zen, lua, and powerdns-recursor), Debian (mariadb-10.1 and mariadb-10.3), Fedora (thunderbird), Mageia (claw-mail, freetype2, geary, kernel, and tigervnc), Oracle (nodejs:12), Red Hat (python27, rh-postgresql96-postgresql, and rh-python38), Slackware (freetype), SUSE (hunspell, kernel, libvirt, and taglib), and Ubuntu (grunt, quassel, and tomcat9).

Firefox 82.0 has been released, with improvements "that make watchingvideos more delightful" and improved performance. Firefox ESR 78.4.0is also available with various stability, functionality, and securityfixes. See the release notes (82.0,78.4.0)for details.

The Julia programming language hasseen a major increase in its use and popularity over the last few years.We last looked at it two years ago, around the time of the Julia 1.0release. Here, we will look at some of the changes since that release,none of which are major, as well as some newer resources for learning thelanguage, but the main focus of this article is a case study that is meantto help show why the language has been taking off. A follow-up articlewill introduce a new computational notebook for Julia, called Pluto, that is akin to Jupyter notebooks.

Security updates have been issued by Debian (python-flask-cors), Fedora (kleopatra, nextcloud, and phpMyAdmin), Gentoo (ark, libjpeg-turbo, libraw, and libxml2), openSUSE (bind, kernel, php7, and transfig), Red Hat (kernel, kernel-alt, kernel-rt, rh-python36, virt:8.1 and virt-devel:8.1, and virt:8.2 and virt-devel:8.2), and Ubuntu (collabtive, freetype, linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon, and linux-oem-osp1, linux-raspi2-5.3).

ThisMatrix blog entry describes a planned reputation-management systemthat, it is claimed, accomplishes some of the same goals as governmentbackdoors without the need to compromise end-to-end encryption."Just like the Web, Email or the Internet as a whole, there isliterally no way to unilaterally censor or block content in Matrix. Butwhat we can do is provide first-class infrastructure to let users (androom/community moderators and server admins) make up their own mind aboutwho to trust, and what content to allow. This would also provide a meansfor authorities to publish reputation data about illegal content, providinga privacy-respecting mechanism that admins/mods/users can use to keepillegal content away from their servers/clients."

Version 2.29.0 of the Git source-code management system is out. Thisrelease includes a long list of smallish improvements; click below for thedetails. Also present is the code enabling Git to switch to the SHA-256 hash algorithm; thisfeature is still deemed experimental, though, and interoperability withSHA-1 repositories is not yet available.

Applications that run on the Linux desktop have changed significantlyunder the hood in recent years; for example, they use more processes thanbefore. Desktop environments need to adapt to this change. During Akademy 2020, KDE developers DavidEdmundson and Henri Chain delivered a talk (YouTubevideo) about how KDE, working with other desktop environments, isstarting to use advanced kernel features to give users more control overtheir systems. This talk complements a presentation by GNOME developers thatwas recently covered here.

Security updates have been issued by Debian (kernel, thunderbird, and yaws), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, kata-agent, libdnf, librepo, and wireshark), Gentoo (chromium and firefox), Mageia (brotli, flash-player-plugin, php, phpmyadmin, and wireshark), openSUSE (crmsh, gcc10, nvptx-tools, icingaweb2, kernel, libproxy, pdns-recursor, phpMyAdmin, and rubygem-activesupport-5_1), Red Hat (nodejs:12 and rh-maven35-apache-commons-collections4), and SUSE (gcc10, nvptx-tools and transfig).

The5.9.1,5.8.16,5.4.72,4.19.152,4.14.202,4.9.240, and4.4.240stable updates have all been released; each contains another set ofimportant fixes.

As of this writing, 7,153 non-merge changesets have been pulled into themainline Git repository for the 5.10 release — over a period of four days.This development cycle is clearly off to a strong start. Read on for anoverview of the significant changes merged thus far for the 5.10 kernelrelease.

Security updates have been issued by Fedora (dnf, kernel, libdnf, python27, and python34), SUSE (blktrace, crmsh, php7, and php72), and Ubuntu (containerd, docker.io, firefox, htmlunit, and newsbeuter).

The 2021 edition of linux.conf.au will be held online onJanuary 23-25, 2021; the call for proposals has gone out with arelatively tight deadline of November 6. "Our theme is 'So what's next?'.We all know we're living through unprecedented change and uncertain times. How can open source play a role in creating, helping and adapting to this ongoing change? What new developments in software and coding can we look forward to in 2021 and beyond?"Since there is no travel involved, this is a rare opportunity for those whohave not normally been able to participate in LCA.

One of the first features merged for the 5.10 kernel development cycle wassupport for theArm v8.5 memory tagging extension [PDF]. By adding a "key" value topointers, this mechanism enables the automated detection of a wide range ofmemory-safety issues. The result should be safer and more secure code —once support for the feature shows up in actual hardware.

Security updates have been issued by Arch Linux (chromium), Debian (httpcomponents-client), Fedora (claws-mail), SUSE (bcm43xx-firmware, crmsh, libqt5-qtimageformats, libqt5-qtsvg, php53, php7, and rubygem-activesupport-4_2), and Ubuntu (php5, php7.0, php7.2, php7.4, python2.7, python3.4, python3.5, python3.6, and vim).

The LWN.net Weekly Edition for October 15, 2020 is available.

We have looked at the problem ofconfusingly named packages in repositories such as the Python Package Index (PyPI) before. In general,malicious actors create these packages with names that can be mistaken for those oflegitimate packages in the repository in a form of "typosquatting".Since our 2016 article, the problem has not gone away—no surprise—but there has been some recent analysis of it, as well assome efforts to combat it.

Recently, John Bafford revived a years-long conversation on expanding the syntax of the PHP foreach statement to include iterating solely over keys. Bafford, who wrote a patch and request for comments (RFC) on the matter back in 2016, hopes to update his work and convince the community to adopt the abbreviated syntax in PHP 8.1. The community took Bafford's general idea and expanded it into other areas of the language.

Several flaws in the BlueZ kernel Bluetooth stack prior to Linux 5.9 are being reported by Intel and by Google (GHSA-h637-c88j-47wq, GHSA-7mh3-gq28-gfrq, and GHSA-ccx2-w2r4-x649). They are collectively being called "BleedingTooth", and more information will be forthcoming, though there is already a YouTube video demonstrating remote code execution using BleedingTooth.

Stable kernels 5.8.15, 5.4.71, 4.19.151, 4.14.201, 4.9.239, and 4.4.239 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (jackson-databind and tomcat8), Fedora (dovecot), Oracle (firefox, spice and spice-gtk, and thunderbird), Red Hat (flash-plugin), SUSE (ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client, bind, crmsh, kernel, libproxy, php74, rubygem-activesupport-5_1, and tigervnc), and Ubuntu (dom4j, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux, linux-lts-trusty, and linux-hwe, linux-gke-5.0, linux-gke-5.3, linux-oem-osp1, linux-raspi2-5.3).

Version 4.4.0of the Krita painting application has been released. "With a wholeslew of new fill layer types, including the really versatile SeExpr basedscriptable fill layer type, exciting new options for Krita’s brushes likethe gradient map mode for brushes, lightness and gradient modes for brushtextures, support for dynamic use of colors in gradients, webm export foranimations, new scripting features — and of course, hundreds of bug fixesthat make this version of Krita better than ever."See the releasenotes for details.

The 5.9 kernel wasreleased on October 11, at the end of a ten-week development cycle —the first release to take more than nine weeks since 5.4 at the end of 2019.While this cycle was not as busy as 5.8, whichbroke some records, it was still one of the busier ones we have seenin some time, featuring 14,858 non-merge changesets contributed by 1,914developers. Read on for our traditional look at what those developers wereup to while creating the 5.9 release.

A recent proposal on the python-ideas mailing list would add a new way to represent floating-point infinity in the language. Cade Brown suggested the change; he cited a few different reasons for it, including fixing an inconsistency in the way the string representation of infinity is handled in the language. The discussion that followed branched in a few directions, including adding a constant for "not a number" (NaN) and a more general discussion of the inconsistent way that Python handles expressions that evaluate to infinity.

Security updates have been issued by Mageia (mariadb), openSUSE (qemu and tigervnc), Oracle (kernel), Red Hat (chromium-browser and kernel), and SUSE (php5).

On the 20th anniversary of the open-sourcing of the OpenOffice.org suite,the LibreOffice project has sent anopen letter to the Apache OpenOffice project suggesting that it is timefor the latter to recognize that the game is over. "If ApacheOpenOffice wants to still maintain its old 4.1 branch from 2014, sure,that’s important for legacy users. But the most responsible thing to do in2020 is: help new users. Make them aware that there’s a much more modern,up-to-date, professionally supported suite, based on OpenOffice, with manyextra features that people need."

Plausible, a web-analytics package thatwas reviewed here in June, has announced a movefrom the MIT license to the Affero GPL, version 3. "This changemakes no difference to any of you who subscribe to Plausible Cloud or whoself-host Plausible, but it may upset a few corporations who tried to useour software to directly compete with us without contributing back."

The Open InventionNetwork, which offers patent protection for a wide range of open-sourcesoftware, has expanded its Linux SystemDefinition — the set of software covered by the OIN patentnon-aggression agreement. In particular, the new definition includes theexFAT filesystem (once the subject of a lot of patent worries), the KDE Frameworks, the Robot Operating System, and version 10of the Android Open Source Project.

Version 5.20 ofthe Plasma KDE desktop is out. "A massive release, containing improvements to dozens of components,widgets, and the desktop behavior in general.Everyday utilities and tools, such as the Panels, Task Manager,Notifications and System Settings, have all been overhauled to make themmore usable, efficient, and friendlier." There are also significantimprovements in Plasma's Wayland support.

Security updates have been issued by Debian (eclipse-wtp, httpcomponents-client, rails, and spice), Fedora (crun, oniguruma, and podman), openSUSE (grafana, kdeconnect-kde, kernel, nextcloud, nodejs10, nodejs8, and permissions), Oracle (kernel), and SUSE (tigervnc).

Version11.0.0 of the LLVM compiler suite is out. Significant change includethe addition of a Fortran frontend and a lot more; see the collection ofrelease-note sets in the announcement for details.

David Miller is the long-time maintainer of the kernel's networkingsubsystem. On October 10, he wrote this to hisTwitter feed: "I had a stroke on Tuesday and have been recoveringsince please pray for me". We at LWN wish David a fast and completerecovery. (Thanks to Harald Welte for the heads-up).

Linus has released the 5.9 kernel."Ok, so I'll be honest - I had hoped for quite a bit fewer changesthis last week, but at the same time there doesn't really seem to beanything particularly scary in here. It's just more commits and more lineschanged than I would have wished for."Some of the significant features in this release are:x86 FSGSBASE support,capacity awareness in the deadlinescheduler,the close_range() system call,proactive compaction in thememory-management subsystem,the rationalization of kernel-threadpriorities, and more.See the KernelNewbies 5.9page for more details.

Systems that manage large amounts of network traffic end up dedicating asignificant part of their available CPU time to the network stack itself.Much of this work is done in software-interrupt context, which can beproblematic in a number of ways. That may be about to change, though,once thispatch series posted by Wei Wang is merged into the mainline.