LWN.net News from the source
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
Dat is a new peer-to-peer protocol that uses some of the concepts of BitTorrent and Git. Dat primarily targets researchers and open-data activists as it is a great tool for sharing, archiving, and cataloging large data sets. But it can also be used to implement decentralized web applications in a novel way.
Subscribers can read on for more on Dat by guest author Antoine Beaupré.
The Netdev 0x12 networking conference was held in mid-July. Participants at the event have put together a set of reports of the talks that were held on the last two days; Day 2 includes eleven talks, including the keynote by Van Jacobson, while Day 3 covers another ten topics.
By the time Linus Torvalds released 4.19-rc1 and closed the merge window for this development cycle, 12,317 non-merge changesets had found their way into the mainline; about 4,800 of those landed after last week's summary was written. As tends to be the case late in the merge window, many of those changes were fixes for the bigger patches that went in early, but there were also a number of new features added.
In 2017, the KDE community decided on three goals to concentrate on for the next few years. One of them was streamlining the onboarding of new contributors (the others were improving usability and privacy). During Akademy, the yearly KDE conference that was held in Vienna in August, Neofytos Kolokotronis shared the status of the onboarding goal, the work done during the last year, and further plans. While it is a complicated process in a project as big and diverse as KDE, numerous improvements have been already made.
Security updates have been issued by Debian (ruby2.1 and twitter-bootstrap3), Fedora (freeipa), openSUSE (libreoffice), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (graffana, kafka, logstash, monasca-installer and libreoffice), and Ubuntu (intel-microcode and libgd2).
The LWN.net Weekly Edition for August 23, 2018 is available.
Inside this week's LWN.net Weekly Edition
Security updates have been issued by Debian (dropbear, libextractor, and libgit2), Fedora (chromium, obs-build, and osc), openSUSE (GraphicsMagick, ImageMagick, kbuild, virtualbox, libgit2, nextcloud, and phpMyAdmin), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, rh-postgresql10-postgresql, and rh-postgresql96-postgresql), and SUSE (gdm, openssh, openssl, python, and xen).
The "Commons Clause", which is a condition that can be added to an open-source license, has been around for a few months, but its adoption by Redis Labs has some parts of the community in something of an uproar. At its core, using the clause is meant to ensure that those who are "selling" Redis modules (or simply selling access to them in the cloud) are prohibited from doing so—at least without a separate, presumably costly, license from Redis Labs. The clause effectively tries to implement a "no commercial use" restriction, though it is a bit more complicated than that. No commercial use licenses are not new—the "open core" business model is a more recent cousin, for example—but they have generally run aground on a simple question: "what is commercial use?"
Linus has released 4.19-rc1 and closed the merge window for this development cycle. "This was a fairly frustrating merge window, partly because 4.19 looks to be a pretty big release (no single reason), and partly just due to random noise. We had the L1TF hw vulnerability disclosure early in the merge window, which just added the usual frustration due to having patches that weren't public. That just shows just how good all our infrastructure for linux-next and various automated testing systems have become, in how painful it is when it's lacking."
Side-channel attacks are a reasonably well-known technique to exfiltrate information across security boundaries. Until relatively recently, concerns about these types of attacks were mostly confined to cryptographic operations, where the target was to extract secrets by observing some side channel. But with the advent of Spectre, speculative execution provides a new way to exploit side channels. A new Linux Security Module (LSM) is meant to help determine where a side channel might provide secrets to an attacker, so that a speculative-execution barrier operation can be performed.
OpenSSH 7.8 is out. It includes a fix for the username enumeration vulnerability; additionally, the default format for the private key file has changed, support for running ssh setuid root has been removed, a couple of new signature algorithms have been added, and more.
It has been understood for years that kernel performance can be improved by doing things in batches. Whether the task is freeing memory pages, initializing data structures, or performing I/O, things go faster if the work is done on many objects at once; many kernel subsystems have been reworked to take advantage of the efficiency of batching. It turns out, though, that there was a piece of relatively low-hanging fruit at the core of the kernel's network stack. The 4.19 kernel will feature some work increasing the batching of packet processing, resulting in some impressive performance improvements.
Here's a guide to picking a kernel release from Greg Kroah-Hartman. "The best solution for almost all Linux users is to just use the kernel from your favorite Linux distribution. Personally, I prefer the community based Linux distributions that constantly roll along with the latest updated kernel and it is supported by that developer community. Distributions in this category are Fedora, openSUSE, Arch, Gentoo, CoreOS, and others. All of these distributions use the latest stable upstream kernel release and make sure that any needed bugfixes are applied on a regular basis. That is the one of the most solid and best kernel that you can use when it comes to having the latest fixes (remember all fixes are security fixes) in it."
During this year's Akademy conference, Lays Rodrigues introduced Atelier, a cross-platform, open-source system that allows users to control their 3D printers. As she stated in her talk abstract, it is "a project with a goal to make the 3D printing world a better place". Read on for an overview of what the Atelier team is up to and what it has accomplished so far.
Five new stable kernels have been released: 4.18.5, 4.17.19, 4.14.67, 4.9.124, and 4.4.152. As usual, they contain important fixes and users should upgrade. "Note, this is the LAST 4.17.y kernel to be released, it is now end-of-life. [Please] move to 4.18.y at this time."
As of this writing, Linus Torvalds has pulled just over 7,600 non-merge changesets into the mainline repository for the 4.19 development cycle. 4.19 thus seems to be off to a faster-than-usual start, perhaps because the one-week delay in the opening of the merge window gave subsystem maintainers a bit more time to get ready. There is, as usual, a lot of interesting new code finding its way into the kernel, along with the usual stream of fixes and cleanups.
Security updates have been issued by Fedora (kernel-headers), Mageia (bind, cgit, dpkg, sssd, and thunderbird), openSUSE (libXcursor and python-Django), Oracle (postgresql), Red Hat (postgresql), Scientific Linux (postgresql), SUSE (libreoffice, openssl, and xen), and Ubuntu (kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-lts-xenial, linux-aws, and spice, spice-protocol).
The LWN.net Weekly Edition for August 16, 2018 is available.
Inside this week's LWN.net Weekly Edition
Bruce Perens looks at the license agreement for Intel's latest CPU microcode update and does not like what he sees. "So, lots of people are interested in the speed penalty incurred in the microcode fixes, and Intel has now attempted to gag anyone who would collect information for reporting about those penalties, through a restriction in their license. Bad move."
Update: Intel has since taken out the objectionable terms.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds