Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] TOTP authentication with free software
One-time passwords (OTPs) are increasingly used as a defense against phishing and other password-stealing attacks, usually as a part of a two-factor authentication process. Perhaps the mostly commonly used technique is sending a numeric code to a phone via SMS, but SMS OTPs have security problems of their own. An alternative is to use time-based one-time passwords (TOTPs). The normal TOTP situation is to have all of the data locked into a proprietary phone app, but it need not be that way.
[$] Process-level kernel samepage merging control
The kernel samepage merging (KSM) feature can save significant amounts of memory with some types of workloads, but security concerns have greatly limited its use. Even when KSM can be safely enabled, though, the control interface provided by the kernel makes it unlikely that KSM actually will be used. A small patch series from Stefan Roesch aims to change this situation by improving and simplifying how KSM is managed.
[$] LWN.net Weekly Edition for April 13, 2023
Posted Apr 13, 2023 0:28 UTC (Thu)The LWN.net Weekly Edition for April 13, 2023 is available.
Inside this week's LWN.net Weekly Edition
- Front: Early days; Orchid pollinators; Unaccepted memory; Semaphores; Standardizing BPF; Python 3.12.
- Briefs: FreeBSD 13.2; OpenBSD 7.3; Buck2 build system; Rust trademark; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Searching for an elusive orchid pollinator
Orchids are, of course, flowers, and flowers generally need pollinators in order to reproduce. A seemingly offhand comment about the unknown nature of the pollinator(s) for a species of orchid in Western Australia has led Paul Hamilton to undertake a multi-year citizen-science project to try to fill that hole. He came to Everything Open 2023 to give a report on the progress of the search.
[$] The early days of Linux
My name is Lars Wirzenius, and I was there when Linux started. Linux is now a global success, but its beginnings were rather more humble. These are my memories of the earliest days of Linux, its creation, and the start of its path to where it is today.
[$] Python 3.12: error messages, perf support, and more
Python 3.12 approaches. While the full feature set of the final release—slated for October 2023—is still not completely known, by now we have a good sense for what it will offer. It picks up where Python 3.11 left off, improving error messages and performance. These changes are accompanied by a smattering of smaller changes, though Linux users will likely make use of one in particular: support for the perf profiler.
[$] Standardizing BPF
The extended BPF (eBPF) virtual machine allows programs to be loaded into and executed with the kernel — and, increasingly, other environments. As the use of BPF grows, so does interest in defining what the BPF virtual machine actually is. In an effort to ensure a consistent and fair environment for defining what constitutes the official BPF language and run-time environment, and to encourage NVMe vendors to support BPF offloading, a recent effort has been undertaken to standardize BPF.
[$] The shrinking role of semaphores
The kernel's handling of concurrency has changed a lot over the years. In 2023, a kernel developer's toolkit includes tools like completions, highly optimized mutexes, and a variety of lockless algorithms. But, once upon a time, concurrency control came down to the use of simple semaphores; a discussion on a small change to the semaphore API shows just how much the role of semaphores has changed over the course of the kernel's history.
[$] Seeking an acceptable unaccepted memory policy
Operating systems have traditionally used all of the memory that the hardware provides to them. The advent of virtualization and confidential computing is changing this picture somewhat, though; the system can now be more picky about which memory it will use. Patches to add support for explicit memory acceptance when running under AMD's Secure Encrypted Virtualization and Secure Nested Paging (SEV-SNP), though, have run into some turbulence over how to handle a backward-compatibility issue.
LWN.net Weekly Edition for April 6, 2023
Posted Apr 6, 2023 0:59 UTC (Thu)The LWN.net Weekly Edition for April 6, 2023 is available.
Inside this week's LWN.net Weekly Edition
- Front: Model railroading; MODULE_LICENSE(); Filesystem tucking; User trace events; Mobian.
- Briefs: X.Org vulnerabilities; DPL election; Debian money survey results; Quarter century of Mozilla; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
Duffy: Run an open source-powered virtual conference!
On her blog, Máirín Duffy writes about using open-source software to run a virtual conference. The Fedora design team recently ran the first Creative Freedom Summit as a virtual conference for FOSS creative tools. The team could have used the same non-open-source platform that is used by the Flock Fedora conference, but took a different path:
Using Matrix's Element client, we embedded the live stream video and an Etherpad into a public Matrix room for the conference. We used attendance in the channel to monitor overall conference attendance. We had live chat going throughout the conference and took questions from audience members both from the chat and the embedded Q&A Etherpad.
Back in 2020, the Linux Plumbers Conference also put together a virtual conference using free software, as did LibrePlanet and likely others.
Security updates for Friday
Security updates have been issued by Debian (haproxy and openvswitch), Fedora (bzip3, libyang, mingw-glib2, thunderbird, xorg-x11-server, and xorg-x11-server-Xwayland), and Ubuntu (apport, ghostscript, linux-bluefield, node-thenify, and python-flask-cors).
Stable kernels 6.2.11, 6.1.24, and 5.15.107
Greg Kroah-Hartman has announced the release of the 6.2.11, 6.1.24, and 5.15.107 stable kernels. They contain another collection of important fixes throughout the kernel tree.
Security updates for Thursday
Security updates have been issued by Debian (chromium, firefox-esr, lldpd, and zabbix), Fedora (ffmpeg, firefox, pdns-recursor, polkit, and thunderbird), Oracle (kernel and nodejs:14), Red Hat (nodejs:14, openvswitch2.17, openvswitch3.1, and pki-core:10.6), Slackware (mozilla), SUSE (nextcloud-desktop), and Ubuntu (exo, linux, linux-kvm, linux-lts-xenial, linux-aws, smarty3, and thunderbird).
Security updates for Wednesday
Security updates have been issued by Fedora (chromium, ghostscript, glusterfs, netatalk, php-Smarty, and skopeo), Mageia (ghostscript, imgagmagick, ipmitool, openssl, sudo, thunderbird, tigervnc/x11-server, and vim), Oracle (curl, haproxy, and postgresql), Red Hat (curl, haproxy, httpd:2.4, kernel, kernel-rt, kpatch-patch, and postgresql), Slackware (mozilla), SUSE (firefox), and Ubuntu (dotnet6, dotnet7, firefox, json-smart, linux-gcp, linux-intel-iotg, and sudo).
FreeBSD 13.2 released
The latest release of FreeBSD, version 13.2, has been released. It contains lots of package upgrades including to OpenSSH 9.2p1, OpenSSL 1.1.1t, and OpenZFS 2.1.9. Other new features include upgrading the bhyve hypervisor to now support more than 16 virtual CPUs in a guest, a WireGuard VPN driver, netlink for network configuration, and lots more. See the release notes for more information.
A draft Rust trademark policy
A draft updated trademark policy for the Rust language is being circulated for comments. It is not a short read.
RS can be used freely and without permission to indicate that software or a project is derived from or based on Rust, compatible with Rust, inspired by Rust, or can be used for the same purpose as Rust. We recommend using RS instead of ‘Rust’ if you have any concerns about your use falling outside of this policy, for example, naming your crate foo-rs instead of rust-foo.
Some discussion can be found in this Reddit post.
Update: there has since been a followup note posted on the process being followed in the creation and consideration of this draft policy.
We want to thank the community for participating in this process, and for your patience as we learn the best way to navigate it. We recognize that the process and communication around it could have been better. Notably, the wider project was insufficiently included in the process. We were responsible for that and apologize.
Security updates for Tuesday
Security updates have been issued by Debian (keepalived and lldpd), Oracle (kernel), and SUSE (kernel, podman, seamonkey, and upx).
OpenBSD 7.3 released
OpenBSD 7.3 has been released. As usual, the list of changes and new features is long; click below for the details.
Security updates for Monday
Security updates have been issued by Debian (openimageio and udisks2), Fedora (chromium, curl, kernel, mediawiki, and seamonkey), Oracle (httpd:2.4), Red Hat (httpd and mod_http2 and tigervnc), SUSE (ghostscript and kernel), and Ubuntu (irssi).