User: Password:
|
|
Subscribe / Log in / New account

Welcome to LWN.net

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] Better tools for kernel developers
[Kernel] Posted Feb 6, 2020 18:13 UTC (Thu) by corbet

By many accounts, the kernel project uses outdated tooling, far behind the state of the art that Kids Today tend to favor. The kernel's workflow has worked well (enough) for years, but there are signs that it may not be sustainable indefinitely. As a result, there has been an ongoing conversation about improving the kernel's workflow, but little has changed so far. The posting of a simple tool called get-lore-mbox is a sign that the rate of change may be about to increase.

Full Story (comments: 33)

Hutterer: User-specific XKB configuration - part 1
[Development] Posted Feb 6, 2020 20:13 UTC (Thu) by jake

On his blog, Peter Hutterer writes about some changes that will allow users to start deploying their own rules to modify keyboard layouts without driving themselves crazy.

Many many moons ago before the Y2K bug was even in its larvae stage, the idea was that you could configure all of those because every UNIX tool had to be more flexible than your yoga teacher. I'm unsure to what extent this was actually ever the case but around 2007-ish the old keyboard driver got deprecated and the evdev driver made it's grand entrance. And one side-effect of that was that things broke. evdev uses different keycodes, so all those users that copy-pasted unnecessary XKB configuration into their xorg.conf now had broken keys because they were applying the wrong rules. After whacking enough moles that we got in trouble with the RSPCA [Royal Society for the Prevention of Cruelty to Animals] we started hardcoding the "evdev" ruleset everywhere. The xorg.conf option "XKBRules" became a noop and thus stopped breaking users' setups.

Except that it also stopped users from deploying their own rules files - something that probably didn't really matter anyway. This had some unintended side-effects though. First, to have a working custom XKB layout you basically had to get it merged upstream. Yes, you could edit the files locally but they'd just be overwritten next time you update the packages. Second, getting rid of hardcoded things is hard so we're stuck with the evdev ruleset for the forseeable future. This was the situation until, well, now.

Comments (none posted)

[$] LWN.net Weekly Edition for February 6, 2020
Posted Feb 6, 2020 0:23 UTC (Thu)

The LWN.net Weekly Edition for February 6, 2020 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Chrome user tracking; A new hash algorithm for Git; 5.6 Merge window; Offloading netfilter; Python 3.9 feature removals.
  • Briefs: CoreOS Container Linux EOL; glibc 2.31; Lars Kurth and Scott Rifenbark RIP; Quotes; ...
  • Announcements: Newsletters; conferences; security updates; kernel patches; ...
Read more

Security updates for Thursday
[Security] Posted Feb 6, 2020 14:15 UTC (Thu) by jake

Security updates have been issued by CentOS (kernel-rt, qemu-kvm, spamassassin, and Xorg), Debian (ruby-rack-cors), Fedora (glibc), openSUSE (ImageMagick), Oracle (ipa, kernel, and qemu-kvm), SUSE (systemd), and Ubuntu (exiv2, mbedtls, and systemd).

Full Story (comments: none)

[$] Browsers, web sites, and user tracking
[Security] Posted Feb 5, 2020 20:55 UTC (Wed) by jake

Browser tracking across different sites is certainly a major privacy concern and one that is more acute when the boundaries between sites and browsers blur—or disappear altogether. That seems to be the underlying tension in a "discussion" of an only tangentially related proposal being made by Google to the W3C Technical Architecture Group (TAG). The proposal would change the handling of the User-Agent headers sent by browsers, but the discussion turned to the unrelated X-Client-Data header that Chrome sends to Google-owned sites. The connection is that in both cases some feel that the web-search giant is misusing its position to the detriment of its users and its competitors in the web ecosystem.

Full Story (comments: 9)

More stable kernels
[Kernel] Posted Feb 5, 2020 23:57 UTC (Wed) by ris

Stable kernels 5.4.18, 4.19.102, and 4.14.170 have been released. They contain important fixes and users should upgrade.

Comments (none posted)

[$] Postponing some feature removals in Python 3.9
[Development] Posted Feb 4, 2020 21:45 UTC (Tue) by jake

Python 2 was officially "retired" on the last day of 2019, so no bugs will be fixed or changes made in that version of the language, at least by the core developers—distributions and others will continue for some time to come. But there are lots of Python projects that still support Python 2.7 and may not be ready for an immediate clean break. Some changes that were made for the upcoming Python 3.9 release (which is currently scheduled for October) are causing headaches because support for long-deprecated 2.7-compatibility features is being dropped. That led to a discussion on the python-dev mailing list about postponing those changes to give a bit more time to projects that want to drop Python 2.7 support soon, but not immediately.

Full Story (comments: 4)

Support for CoreOS Container Linux ending in May
[Distributions] Posted Feb 5, 2020 17:38 UTC (Wed) by corbet

Support for the CoreOS Container Linux distribution is coming to an end on May 26; there will be no further updates after that date. Users are recommended to move to Fedora CoreOS or some other distribution.

Comments (6 posted)

[$] A new hash algorithm for Git
[Development] Posted Feb 3, 2020 17:10 UTC (Mon) by corbet

The Git source-code management system is famously built on the SHA‑1 hashing algorithm, which has become an increasingly weak foundation over the years. SHA‑1 is now considered to be broken and, despite the fact that it does not yet seem to be so broken that it could be used to compromise Git repositories, users are increasingly worried about its security. The good news is that work on moving Git past SHA‑1 has been underway for some time, and is slowly coming to fruition; there is a version of the code that can be looked at now.

Full Story (comments: 67)

Stable kernel updates
[Kernel] Posted Feb 5, 2020 16:01 UTC (Wed) by ris

Stable kernels 5.5.2, 4.9.213, and 4.4.213 have been released with important fixes. Users should upgrade.

Comments (none posted)

[$] Accelerating netfilter with hardware offload, part 2
[Kernel] Posted Jan 31, 2020 16:49 UTC (Fri) by corbet

As network interfaces get faster, the amount of CPU time available to process each packet becomes correspondingly smaller. The good news is that many tasks, including packet filtering, can be offloaded to the hardware itself. The bad news is that the Linux kernel required quite a bit of work to be able to take advantage of that capability. The first article in this series provided an overview of how hardware-based packet filtering can work and the support for this feature that already existed in the kernel. This series now concludes with a detailed look at how offloaded packet filtering works in the netfilter subsystem and how administrators can make use of it.

Full Story (comments: 2)

Security updates for Wednesday
[Security] Posted Feb 5, 2020 15:47 UTC (Wed) by ris

Security updates have been issued by Debian (storebackup), openSUSE (e2fsprogs and wicked), Red Hat (containernetworking-plugins, ipa, kernel, kernel-rt, ksh, and qemu-kvm), Scientific Linux (ipa and qemu-kvm), SUSE (libqt5-qtbase, python-reportlab, and terraform), and Ubuntu (graphicsmagick, OpenSMTPD, spamassassin, and sudo).

Full Story (comments: none)

[$] The 5.6 merge window opens
[Kernel] Posted Jan 30, 2020 16:18 UTC (Thu) by corbet

As of this writing, 4,726 non-merge changesets have been pulled into the mainline repository for the 5.6 development cycle. That is a relatively slow start by contemporary kernel standards, but it still is enough to bring a number of new features, some of which have been pending for years, into the mainline. Read on for a summary of the changes pulled in the early part of the 5.6 merge window.

Full Story (comments: 8)

Security updates for Tuesday
[Security] Posted Feb 4, 2020 15:42 UTC (Tue) by ris

Security updates have been issued by Arch Linux (salt), CentOS (git), Debian (qtbase-opensource-src), Fedora (java-11-openjdk), Mageia (kernel and openjpeg2), openSUSE (mailman, python-reportlab, ucl, and upx), Oracle (git), Red Hat (container-tools:rhel8, go-toolset:rhel8, grub2, kernel, kernel-rt, php:7.2, and sudo), SUSE (crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client and python36), and Ubuntu (python-django).

Full Story (comments: none)

LWN.net Weekly Edition for January 30, 2020
Posted Jan 30, 2020 0:32 UTC (Thu)

The LWN.net Weekly Edition for January 30, 2020 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Cryptography and elections; Fedora's git forge; io_uring; Kernel documentation; 5.5 Development statistics.
  • Briefs: OpenSMTPD vuln; Linux 5.5; LibreOffice 6.4; Qt changes; Librem 5; Thunderbird spun out; Quotes; ...
  • Announcements: Newsletters; conferences; security updates; kernel patches; ...
Read more

Security updates for Monday
[Security] Posted Feb 3, 2020 15:45 UTC (Mon) by ris

Security updates have been issued by Arch Linux (opensmtpd), Debian (firefox-esr, libidn2, libjackson-json-java, prosody-modules, qemu, qtbase-opensource-src, spamassassin, and sudo), Fedora (e2fsprogs, java-1.8.0-openjdk, mingw-openjpeg2, openjpeg2, samba, sox, upx, webkit2gtk3, and xar), Red Hat (git), Scientific Linux (git), Slackware (sudo), SUSE (ceph and rmt-server), and Ubuntu (sudo).

Full Story (comments: none)

Fedora gathering requirements for a Git forge
[Distributions] Posted Jan 29, 2020 21:32 UTC (Wed) by jake

Fedora currently uses Pagure to host many of its Git repositories and to handle things like documentation and bug tracking. But Pagure is maintained by the Red Hat Community Platform Engineering (CPE) team, which is currently straining under the load of managing the infrastructure and tools for Fedora and CentOS, while also maintaining the tools used by the Red Hat Enterprise Linux (RHEL) team. That has led to a discussion about identifying the requirements for a "Git forge" and possibly moving away from Pagure.

Full Story (comments: 21)

GNU C Library 2.31 released
[Development] Posted Feb 1, 2020 16:24 UTC (Sat) by corbet

The GNU libc 2.31 release is out. Significant changes include some initial C2X standard support, some DNS stub resolver changes, a new pthread_clockjoin_np() POSIX threads extension, a number of changes to time-related functions, and more.

Full Story (comments: 46)

Cryptography and elections
[Front] Posted Jan 28, 2020 22:17 UTC (Tue) by jake

Transparent and verifiable electronic elections are technically feasible, but for a variety of reasons, the techniques used are not actually viable for running most elections—and definitely not for remote voting. That was one of the main takeaways from a keynote at this year's linux.conf.au given by University of Melbourne Associate Professor Vanessa Teague. She is a cryptographer who, along with her colleagues, has investigated several kinds of e-voting software; as is probably not all that much of a surprise, what they found is buggy implementations. She described some of that work in a talk that was a mix of math with software-company and government missteps; the latter may directly impact many of the Australian locals who were in attendance.

Full Story (comments: 159)

Some weekend stable kernel updates
[Kernel] Posted Feb 1, 2020 16:21 UTC (Sat) by corbet

The 5.5.1, 5.4.17, and 4.19.101 stable kernel updates have been released; each contains another set of important fixes.

Comments (none posted)

--> More news items


Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds