|
|
Subscribe / Log in / New account

Welcome to LWN.net

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] The tangled web of XSLT browser support

[Development] Posted Aug 27, 2025 17:03 UTC (Wed) by jzb

The Extensible Stylesheet Language Transformations (XSLT) language is used by web browsers to style XML content to make it easily readable; XSLT is part of the HTML living standard that is maintained by the Web Hypertext Application Technology Working Group (WHATWG). Only a small fraction of web sites serve content that requires web browsers to support XSLT, in part because major browser implementations have neglected the technology over the past 25 years. Now, it seems, they would like to rid themselves of it entirely. A plan to disable XSLT in Blink (Chrome's rendering engine) and a pull request by a Google Chrome developer to remove mentions of the specification from the HTML standard have been met with opposition, but arguments in favor of XSLT have proven ineffective.

Full Story (comments: 3)

[$] The need to reliably preserve our community history

[Front] Posted Aug 27, 2025 13:05 UTC (Wed) by corbet

The Internet is a wonderful thing; it allows anybody to look up information of interest. Included in all of that is the history of the free-software development community; how we got to where we are says a lot about why things are the way they are and what might come next. So the takeover of Groklaw rings a loud alarm; we have been reminded that history stored on the Internet is an ephemeral thing and cannot be expected to remain available forever.

Full Story (comments: 7)

[$] Shadow-stack control in clone3()

[Kernel] Posted Aug 26, 2025 7:16 UTC (Tue) by corbet

Shadow stacks are a control-flow-integrity feature designed to defend against exploits that manipulate a thread's call stack. The kernel first gained support for hardware-implemented shadow stacks, for the x86 architecture, in the 6.6 release; 64-bit Arm support followed in 6.13. This feature does not give user space much control over the allocation of shadow stacks for new threads, though; a patch series from Mark Brown may, after many attempts, finally be about to change that situation.

Full Story (comments: 13)

[$] Linux's missing CRL infrastructure

[Security] Posted Aug 25, 2025 14:52 UTC (Mon) by daroc

In July 2024, Let's Encrypt, the nonprofit TLS certificate authority (CA), announced that it would be ending support for the online certificate status protocol (OCSP), which is used to determine when a server's signing certificate has been revoked. This prevents a compromised key from being used to impersonate a web server. The organization cited privacy concerns, and recommended that people rely on certificate revocation lists (CRLs) instead. On August 6, Let's Encrypt followed through and disabled its OCSP service. This poses a problem for Linux systems that must now rely on CRLs because, unlike on other operating systems, there is no standardized way for Linux programs to share a CRL cache.

Full Story (comments: 40)

[$] The "impossibly small" Microdot web framework

[Development] Posted Aug 22, 2025 14:22 UTC (Fri) by jake

The Microdot web framework is quite small, as its name would imply; it supports both standard CPython and MicroPython, so it can be used on systems ranging from internet-of-things (IoT) devices all the way up to large, cloudy servers. It was developed by Miguel Grinberg, who gave a presentation about it at EuroPython 2025. His name may sound familiar from his well-known Flask Mega-Tutorial, which has introduced many to the Flask lightweight Python-based web framework. It should come as no surprise, then, that Microdot is inspired by its rather larger cousin, so Flask enthusiasts will find much to like in Microdot—and will come up to speed quickly should their needs turn toward smaller systems.

Full Story (comments: 2)

[$] Bringing restartable sequences out of the niche

[Kernel] Posted Aug 21, 2025 16:12 UTC (Thu) by corbet

The restartable sequences feature, which was added to the 4.18 kernel in 2018, exists to enable better performance in certain types of threaded applications. While there are users for restartable sequences, they tend to be relatively specialized code; this is not a tool that most application developers reach for. Over time, though, the use of restartable sequences has grown, and it looks to grow further as the feature is tied to new capabilities provided by the kernel. As restartable sequences become less of a niche feature, though, some problems have turned up; fixing one of them may involve an ABI change visible in user space.

Full Story (comments: 10)

[$] LWN.net Weekly Edition for August 21, 2025

Posted Aug 21, 2025 3:01 UTC (Thu)

The LWN.net Weekly Edition for August 21, 2025 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Debian; CPython; huge zero folio; kexec handover; FHS; Koka programming language
  • Briefs: PyPI domain checks; Firefox 142.0; Git v2.51; Ghostty; LibreOffice 25.8; Zig 0.15.1; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.
Read more

[$] Python, tail calls, and performance

[Development] Posted Aug 20, 2025 14:45 UTC (Wed) by jake

Ken Jin welcomed EuroPython 2025 attendees to his talk entitled "Building a new tail-calling interpreter for Python", but noted that the title really should be: "Measuring the performance of compilers and interpreters is really hard". Jin's efforts to switch the CPython interpreter to use tail calls, which can be optimized as regular jumps, initially seemed to produce an almost miraculous performance improvement. As his modified title suggests, the actual improvement was rather smaller; there is still some performance improvement and there are other benefits from the change.

Full Story (comments: 2)

[$] Lucky 13: a look at Debian trixie

[Distributions] Posted Aug 20, 2025 13:34 UTC (Wed) by jzb

After more than two years of development, the Debian Project has released its new stable version, Debian 13 ("trixie"). The release comes with the usual bounty of upgraded packages and more than 14,000 new packages; it also debuts Advanced Package Tool (APT) 3.0 as the default package manager and makes 64-bit RISC-V a supported architecture. There are few surprises with trixie, which is exactly what many Linux users are hoping for—a free operating system that just works as expected.

Full Story (comments: 22)

[$] The Koka programming language

[Development] Posted Aug 19, 2025 14:25 UTC (Tue) by daroc

Statically typed programming languages can help catch mismatches between the kinds of values a program is intended to manipulate, and the values it actually manipulates. While there have been many bytes spent on discussions of whether this is worth the effort, some programming language designers believe that the type checking in current languages does not go far enough. Koka, an experimental functional programming language, extends its type system with an effect system that tracks the side-effects a program will have in the course of producing a value.

Full Story (comments: 10)

Rosenzweig: Dissecting the Apple M1 GPU, the end

[Development] Posted Aug 27, 2025 17:25 UTC (Wed) by jzb

Alyssa Rosenzweig has written a blog post about her work to help ship a "great driver" for the Apple M1 GPU that supports OpenGL, Vulkan, and enables gaming with Proton.

We've succeeded beyond my dreams. The challenges I chased, I have tackled. The drivers are fully upstream in Mesa. Performance isn't too bad. With the Vulkan on Apple myth busted, conformant Vulkan is now coming to macOS via LunarG's KosmicKrisp project building on my work.

Satisfied, I am now stepping away from the Apple ecosystem. My friends in the Asahi Linux orbit will carry the torch from here.

Rosenzweig indicates her next project will be working on Intel's Xe-HPG graphics architecture. LWN covered her talk on Apple M1/M2 GPU drivers in October 2024.

Comments (none posted)

GhostBSD 25.02 released

[Distributions] Posted Aug 27, 2025 15:25 UTC (Wed) by jzb

The GhostBSD project has released version 25.02 of the FreeBSD-based desktop operating system. This release brings GhostBSD up to date with FreeBSD 14.3, includes enhancements for the Software Station package management application, and introduces an "OS X-like" desktop environment based on GNUstep called Gershwin:

This early preview includes:

  • GNUstep-based desktop environment with familiar OS X-style interface
  • Seamless integration with GhostBSD tools through wrappers for installer, Software Station, Backup Station, and Update Station
  • Support for running non-GNUstep applications alongside GNUstep apps
  • Several included GNUstep applications to get you started

LWN covered GhostBSD in June 2024.

Comments (none posted)

Security updates for Wednesday

[Security] Posted Aug 27, 2025 13:05 UTC (Wed) by jzb

Security updates have been issued by Debian (node-cipher-base), Fedora (keylime-agent-rust and libtiff), Oracle (aide, kernel, mod_http2, pam, pki-deps:10.6, python-cryptography, python3, python3.12, and thunderbird), SUSE (cheat, ffmpeg, firebird, govulncheck-vulndb, postgresql17, tomcat, tomcat10, tomcat11, ucode-intel-20250812, and v2ray-core), and Ubuntu (binutils, gst-plugins-base1.0, gst-plugins-good1.0, and linux-raspi-realtime).

Full Story (comments: none)

Security updates for Tuesday

[Security] Posted Aug 26, 2025 7:13 UTC (Tue) by corbet

Security updates have been issued by Debian (ffmpeg, firebird3.0, and luajit), Fedora (chromium, python3-docs, and python3.13), Oracle (aide, firefox, glibc, libxml2, and tomcat), Red Hat (aide, git, kernel, kernel-rt, libarchive, pam, python-cryptography, python3, python3.12, and webkit2gtk3), SUSE (cmake3, ffmpeg-4, kernel, kubernetes1.18, libqt4, minikube, net-tools, pam, postgresql16, proftpd, python-urllib3, python311, python312, python36, tomcat10, tomcat11, and webkit2gtk3), and Ubuntu (nginx).

Full Story (comments: 2)

New restrictions on Android app sideloading

[Distributions] Posted Aug 26, 2025 5:01 UTC (Tue) by corbet

Google has announced a new set of restrictions on the ability of users to install apps on their own devices:

Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down. Think of it like an ID check at the airport, which confirms a traveler's identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from.

Comments (36 posted)

PyCon US 2025 recap and recordings

[Development] Posted Aug 25, 2025 15:29 UTC (Mon) by jzb

The PyCon team has announced that all PyCon US 2025 recordings are now available on its YouTube channel.

We had an amazing and diverse group of community members join us for PyCon US 2025, attending from 58 different countries! By the numbers, we welcomed a total attendance of 2,225 Pythonistas to the David L. Lawrence Convention Center. We couldn't be more grateful for all who supported the Python ecosystem and helped make PyCon US 2025 a huge success.

See the LWN conference index for coverage of some of the talks from PyCon US 2025.

Comments (8 posted)

Report: the state of commercial open source

[Briefs] Posted Aug 25, 2025 8:54 UTC (Mon) by corbet

The Linux Foundation, in cooperation with a couple of other groups, has announced the publication on the intersection of businesses and commercial open-source software (deemed "COSS"). Everything, it seems, is great, and COSS companies make a lot of money for their investors.

Even more encouraging, COSS project communities continue along healthy growth paths after the company receives venture funding. In essence, highly valued COSS companies tend to cultivate more vibrant, diverse, and integral open source ecosystems, reinforcing the idea that business value and community value are tightly coupled in successful COSS models.

Comments (3 posted)

Security updates for Monday

[Security] Posted Aug 25, 2025 4:27 UTC (Mon) by jake

Security updates have been issued by AlmaLinux (kernel and tomcat9), Debian (iperf3, mupdf, qemu, thunderbird, and unbound), Fedora (glab, kubernetes1.31, kubernetes1.32, kubernetes1.33, and toolbox), Oracle (kernel and tomcat9), Red Hat (firefox, kernel, kernel-rt, and squid), SUSE (abseil-cpp-devel, aide, flake-pilot, gdk-pixbuf, glibc, go-sendxmpp, ImageMagick, jetty-annotations, jupyter-bqplot-jupyterlab, libtiff-devel-32bit, pam, pdns-recursor, ruby3.4-rubygem-activerecord, rust-keylime, terragrunt, and thunderbird), and Ubuntu (linux-azure and linux-azure-fips).

Full Story (comments: none)

Kernel prepatch 6.17-rc3

[Kernel] Posted Aug 24, 2025 18:29 UTC (Sun) by corbet

Linus has released 6.17-rc3 (called "3.17-rc3" in the email, but the tag in the repository is correct) for testing. "Anyway, things seem fairly normal for this phase in the release cycle, nothing stands out. Please keep testing,"

Comments (none posted)

Stable kernel 6.16.3

[Kernel] Posted Aug 23, 2025 18:26 UTC (Sat) by corbet

The 6.16.3 stable kernel update has been released. It contains a set of ext4 filesystem fixes that are probably a good thing for any 6.16 ext4 user to have.

Comments (3 posted)

--> More news items


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds