Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] RVKMS and Rust KMS bindings
At the 2024 X.Org Developers
Conference (XDC), Lyude Paul gave a talk on the work she has been doing
as part of the Nova
project, which is an effort build an NVIDIA
GPU driver in Rust. She wanted to provide an introduction to RVKMS, which
is being used to develop Rust kernel mode setting (KMS)
bindings; RVKMS is a port of the virtual KMS (VKMS)
driver to Rust. In addition, she wanted to give her opinion on Rust, and why she
thinks it is
a "game-changer for the kernel
", noting that the reasons are not
related to the oft-mentioned, "headline" feature of the language: memory
safety.
[$] Book review: Run Your Own Mail Server
The most common piece of advice given to users who ask about
running their own mail server is don't. Setting up
and securing a mail server in 2024 is not for the faint of heart, nor
for anyone without copious spare time. Spammers want to flood inboxes
with ads for questionable supplements, attackers want to abuse servers
to send spam (or worse), and getting the big providers to accept mail
from small servers is a constant uphill battle. Michael W. Lucas,
however, encourages users to thumb their nose at the "Email
Empire
", and declare email independence. His self-published book,
Run Your Own Mail
Server, provides a manual (and manifesto) for users who are
interested in the challenge.
[$] Development statistics for 6.12
Linus Torvalds released the 6.12 kernel on November 17, as expected. This development cycle, the last for 2024, brought 13,344 non-merge changesets into the mainline kernel; that made it a relatively slow cycle from this perspective, but 6.12 includes a long list of significant new features. The time has come to look at where those changes came from, and to look at the year-long LTS cycle as well.
[$] Two approaches to tightening restrictions on loadable modules
The kernel's loadable-module facility allows code to be loaded into (and sometimes removed from) a running kernel. Among other things, loadable modules make it possible to run a kernel with only the subsystems needed for the system's hardware and workload. Loadable modules can also make it easy for out-of-tree code to access parts of the kernel that developers would prefer to keep private; this has led to many discussions in the past. The topic has returned to the kernel's mailing lists with two different patch sets aimed at further tightening the restrictions applied to loadable modules.
[$] Fedora KDE gets a promotion
The Fedora Project is set to welcome a second desktop edition to its lineup after months (or years, depending when one starts the clock) of discussions. The project recently decided to allow a new working group to move forward with a KDE Plasma Desktop edition that will sit alongside the existing GNOME-based Fedora Workstation edition. This puts KDE on a more equal footing within the project, which, it is hoped, will bring more contributors and users interested in KDE to adopt Fedora as their Linux distribution of choice.
[$] Dancing the DMA two-step
Direct memory access (DMA) I/O is simple in concept: a peripheral device moves data directly to or from memory while the CPU is busy doing other things. As is so often the case, DMA is rather more complicated in practice, and the kernel has developed a complicated internal API to support it. It turns out that the DMA API, as it exists now, can affect the performance of some high-bandwidth devices. In an effort to address that problem, Leon Romanovsky is making the API even more complex with this patch series adding a new two-step mapping API.
[$] LWN.net Weekly Edition for November 14, 2024
Posted Nov 14, 2024 0:46 UTC (Thu)The LWN.net Weekly Edition for November 14, 2024 is available.
Inside this week's LWN.net Weekly Edition
- Front: Toolchain security features; systemd-homed; Open-source security in 2024; struct sockaddr; Cosmopolitan Libc; Back In Time.
- Briefs: Anaconda Web UI; RIP Jérémy Bobbio; gccrs; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Truly portable C applications
Programming language polyglots are files that are valid programs in multiple languages, and do different things in each. While polyglots are normally nothing more than a curiosity, the Cosmopolitan Libc project has been trying to put them to a novel use: producing native, multi-platform binaries that run directly on several operating systems and architectures. There are still some rough edges with the project's approach, but it is generally possible to build C programs into a polyglot format with with minimal tweaking.
[$] Progress on toolchain security features
Over the years, there has been steady progress in adding security features to compilers and other tools to assist with hardening the Linux kernel (and, of course, other programs). In something of a tradition in the toolchains track at the Linux Plumbers Conference, Kees Cook and Qing Zhao have led a session on that progress and further plans; this year, they were joined by Justin Stitt (YouTube video).
[$] The top open-source security events in 2024
What have been the most significant security-related incidents for the open-source community in 2024 (so far)? Marta Rybczyńska recently ran a poll and got some interesting results. At the 2024 Open Source Summit Japan, she presented those results along with some commentary of her own. The events in question are unlikely to be a surprise to LWN readers, but the overall picture that was presented was worth a look.
Blender 4.3 released
Version 4.3 of
the Blender animation system has been released. "Brush assets, faster
sculpting, a revolutionized Grease Pencil, and more. Blender 4.3 got you
covered.
"
Plans for CHICKEN 6
CHICKEN Scheme, a portable Scheme compiler, is gearing up for its next major release. Maintainer Felix Winkelmann has shared an article about what changes to expect in version 6 of the language, including better Unicode support and support for the R7RS (small) Scheme standard.
Every major release is a chance of fixing long-standing problems with the codebase and address bad design decisions. CHICKEN is now nearly 25 years old and we had many major overhauls of the system. Sometimes these caused a lot of pain, but still we always try to improve things and hopefully make it more enjoyable and practical for our users. There are places in the code that are messy, too complex, or that require cleanup or rewrite, always sitting there waiting to be addressed. On the other hand CHICKEN has been relatively stable compared to many other language implementations and has a priceless community of users that help us improving it. Our users never stop reminding us of what could be better, where the shortcomings are, where things are hard to use or inefficient.
Security updates for Wednesday
Security updates have been issued by Debian (guix, libmodule-scandeps-perl, needrestart, and thunderbird), SUSE (gh), and Ubuntu (kernel, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-hwe-6.8, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-raspi, linux-iot, linux-lowlatency, linux-lowlatency-hwe-6.8, needrestart, python2.7, python3.10, python3.12, python3.8, and Waitress).
Rocky Linux 9.5 released
Version 9.5 of the Rocky Linux distribution is out. As with the AlmaLinux 9.5 release, Rocky Linux 9.5 tracks the changes in upstream RHEL 9.5. See the release notes for details.
FreeCAD 1.0 released
It took more than 20 years, but the FreeCAD computer-aided design project has just made its 1.0 release.
Since the very beginnings, the FreeCAD community had a clear view of what 1.0 represented for us. What we wanted in it. FreeCAD matured over the years, and that list narrowed down to just two major remaining pieces: fixing the toponaming problem, and having a built-in assembly module.Well, I'm very proud to say those two issues are now solved.
Incus 6.7 released
Version 6.7 of the Incus container-management system (forked from LXD) has
been released. "This is another one of those pretty well rounded
releases with new features and improvements for everyone
". New
features include automatic cluster rebalancing, DHCP improvements, and more.
Security updates for Tuesday
Security updates have been issued by AlmaLinux (.NET 9.0, bcc, bluez, bpftrace, bubblewrap, flatpak, buildah, cockpit, containernetworking-plugins, cups, cyrus-imapd, edk2, expat, firefox, fontforge, gnome-shell, gnome-shell-extensions, grafana, grafana-pcp, gtk3, httpd, iperf3, jose, krb5, libgcrypt, libsoup, libvirt, libvpx, lldpd, microcode_ctl, mingw-glib2, mod_auth_openidc, nano, NetworkManager, oci-seccomp-bpf-hook, openexr, osbuild-composer, pcp, podman, poppler, postfix, python-dns, python-jinja2, python-jwcrypto, python3.11, python3.11-PyMySQL, python3.11-urllib3, python3.12, python3.12-PyMySQL, python3.12-urllib3, python3.9, qemu-kvm, runc, skopeo, squid, thunderbird, toolbox, tpm2-tools, vim, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Fedora (lemonldap-ng and mingw-expat), SUSE (bea-stax, xstream, expat, httpcomponents-client, httpcomponents-core, kernel, SUSE Manager Client Tools, SUSE Manager Proxy, Retail Branch Server 4.3, SUSE Manager Salt Bundle, SUSE Manager Server 4.3, and SUSE Manager Server 5.0), and Ubuntu (curl, glib2.0, and webkit2gtk).
AlmaLinux 9.5 released
Version 9.5 of the AlmaLinux enterprise-oriented distribution has been released.
AlmaLinux 9.5 aims to improve performance, development tooling, and security. Updated module streams offer better support for web applications. New versions of compilers provide access to the latest features and optimizations that improve performance and enable better code generation. The release also introduces improvements to system performance monitoring, visualization, and system performance data collecting.
FreeBSD Foundation releases Bhyve and Capsicum security audit
The FreeBSD Foundation has announced the release of a security audit report conducted by security firm Synacktiv. The audit uncovered a number of vulnerabilities:
Most of these vulnerabilities have been addressed through official FreeBSD Project security advisories, which offer detailed information about each vulnerability, its impact, and the measures implemented to improve the security of FreeBSD systems. [...]
The audit uncovered 27 vulnerabilities and issues within various FreeBSD subsystems. 7 issues were not exploitable and were robustness or code quality improvements rather than immediate security concerns.
Security updates for Monday
Security updates have been issued by AlmaLinux (binutils, libsoup, squid:4, tigervnc, and webkit2gtk3), Debian (icinga2, postgresql-13, postgresql-15, smarty3, symfony, thunderbird, and waitress), Fedora (dotnet9.0, ghostscript, microcode_ctl, php-bartlett-PHP-CompatInfo, python-waitress, and webkitgtk), Gentoo (Perl, Pillow, and X.Org X server, XWayland), Oracle (binutils, cups-filters, giflib, squid, and webkit2gtk3), Red Hat (webkit2gtk3), SUSE (ansible-core, apache2, gio-branding-upstream, icinga2, kernel-devel, libnghttp2-14, libsoup-2_4-1, libsoup-3_0-0, libvirt, nodejs-electron, postgresql13, postgresql16, python39, rclone, thunderbird, ucode-intel-20241112, and wget), and Ubuntu (python-asyncssh and tomcat9).