|
|
Subscribe / Log in / New account

Welcome to LWN.net

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] Another misstep for Audacity

[Development] Posted Jul 8, 2021 18:29 UTC (Thu) by corbet

While it has often been said that there is no such thing as bad publicity, the new owners of the Audacity audio-editor project may beg to differ. The project has only recently weathered the controversies around its acquisition by the Muse Group, proposed telemetry features, and imposition of a new license agreement on its contributors. Now, the posting of a new privacy policy has set off a new round of criticism, with some accusing the project of planning to ship spyware. The situation with Audacity is not remotely as bad as it has been portrayed, but it is a lesson on what can happen when a project loses the trust of its user community.

Full Story (comments: 6)

[$] LWN.net Weekly Edition for July 8, 2021

Posted Jul 8, 2021 1:23 UTC (Thu)

The LWN.net Weekly Edition for July 8, 2021 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Rust in the kernel; Core scheduling; 5.14 Merge window; bdflush(); Python attributes and API design.
  • Briefs: Virtuozzo VzLinux 8.4; Darktable 3.6; Copylefted copyright ownership; Quotes; ...
  • Announcements: Newsletters; conferences; security updates; kernel patches; ...
Read more

[$] Rust for Linux redux

[Kernel] Posted Jul 7, 2021 22:36 UTC (Wed) by jake

On July 4, the Rust for Linux project posted another version of its patch set adding support for the language to the kernel. It would seem that the project feels that it is ready to be considered for merging into the mainline. Perhaps a bigger question lingers, though: is the kernel development community ready for Rust? That part still seems to be up in the air.

Full Story (comments: 71)

[$] Python attributes, __slots__, and API design

[Development] Posted Jul 6, 2021 22:29 UTC (Tue) by jake

A discussion on the python-ideas mailing list touched on a number of interesting topics, from the problems with misspelled attribute names through the design of security-sensitive interfaces and to the use of the __slots__ attribute of objects. The latter may not be all that well-known (or well-documented), but could potentially fix the problem at hand, though not in a backward-compatible way. The conversation revolves around the ssl module in the standard library, which has been targeted for upgrades, more than once, over the years—with luck, the maintainers may find time for some upgrades relatively soon.

Full Story (comments: 12)

[$] Bye-bye bdflush()

[Kernel] Posted Jul 5, 2021 15:09 UTC (Mon) by corbet

The addition of system calls to the Linux kernel is a routine affair; it happens during almost every merge window. The removal of system calls, instead, is much more uncommon. That appears likely to happen soon, though, as discussions proceed on the removal of bdflush(). Read on for a look at the purpose and history of this obscure system call and to learn whether you will miss it (you won't).

Full Story (comments: 10)

[$] The first half of the 5.14 merge window

[Kernel] Posted Jul 2, 2021 13:58 UTC (Fri) by corbet

As of this writing, just under 5,000 non-merge changesets have been pulled into the mainline repository for the 5.14 development cycle. That is less than half of the patches that have been queued up in linux-next, so it is fair to say that this merge window is getting off to a bit of a slow start. Nonetheless, a fair number of significant changes have been merged.

Full Story (comments: 1)

[$] Core scheduling lands in 5.14

[Kernel] Posted Jul 1, 2021 15:25 UTC (Thu) by corbet

The core scheduling feature has been under discussion for over three years. For those who need it, the wait is over at last; core scheduling was merged for the 5.14 kernel release. Now that this work has reached a (presumably) final form, a look at why this feature makes sense and how it works is warranted. Core scheduling is not for everybody, but it may prove to be quite useful for some user communities.

Full Story (comments: 17)

LWN.net Weekly Edition for July 1, 2021

Posted Jul 1, 2021 1:00 UTC (Thu)

The LWN.net Weekly Edition for July 1, 2021 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Mozilla Rally; My Book Live disaster; Spectre revisits BPF; Suppressing SIGBUS; 5.13 Development statistics.
  • Briefs: KVM breakout; Rally; Linux 5.13; KernelCI hackfest; MyGNUHealth 1.0; Quotes; ...
  • Announcements: Newsletters; conferences; security updates; kernel patches; ...
Read more

Mozilla Rally: trading privacy for the "public good"

[Security] Posted Jun 30, 2021 22:35 UTC (Wed) by jake

A new project from Mozilla, which is meant to help researchers collect browsing data, but only with the informed consent of the browser-user, is taking a lot of heat, perhaps in part because the company can never seem to do anything right, at least in the eyes of some. Mozilla Rally was announced on June 25 as joint venture between the company and researchers at Princeton University "to enable crowdsourced science for public good". The idea is that users can volunteer to give academic studies access to the same kinds of browser data that is being tracked in some browsers today. Whether the privacy safeguards are strong enough—and if there is sufficient reason for users to sign up—remains to be seen.

Full Story (comments: 52)

An unpleasant surprise for My Book Live owners

[Security] Posted Jun 29, 2021 23:43 UTC (Tue) by jake

Embedded devices need regular software updates in order to even be minimally safe on today's internet. Products that have reached their "end of life", thus are no longer being updated, are essentially ticking time bombs—it is only a matter of time before they are vulnerable to attack. That situation played out in June for owners of Western Digital (WD) My Book Live network-attached storage (NAS) devices; what was meant to be a disk for home users accessible via the internet turned into a black hole when a remote command-execution flaw was used to delete all of the data stored there. Or so it seemed at first.

Full Story (comments: 63)

Security updates for Thursday

[Security] Posted Jul 8, 2021 13:57 UTC (Thu) by jake

Security updates have been issued by CentOS (linuxptp), Fedora (kernel and php), Gentoo (bladeenc, blktrace, jinja, mechanize, privoxy, and rclone), Oracle (linuxptp, ruby:2.6, and ruby:2.7), Red Hat (kernel and kpatch-patch), SUSE (kubevirt), and Ubuntu (avahi).

Full Story (comments: none)

Four 5.x stable kernels

[Kernel] Posted Jul 7, 2021 15:12 UTC (Wed) by ris

Sasha Levin has released stable kernels 5.13.1, 5.12.15, 5.10.48, and 5.4.130. They all contain a small set of important fixes and users should upgrade.

Comments (2 posted)

Security updates for Wednesday

[Security] Posted Jul 7, 2021 15:01 UTC (Wed) by ris

Security updates have been issued by Fedora (glibc), Gentoo (doas, firefox, glib, schismtracker, and tpm2-tss), Mageia (httpcomponents-client), openSUSE (virtualbox), Red Hat (linuxptp), Scientific Linux (linuxptp), and Ubuntu (libuv1 and php7.2, php7.4).

Full Story (comments: none)

Virtuozzo VzLinux 8.4 Now Available

[Distributions] Posted Jul 6, 2021 16:25 UTC (Tue) by ris

The Virtuozzo team has announced the release of VzLinux 8.4; its fork of RHEL. "Thanks for noticing that we are fixing bugs so quickly (24 hours) and that you think VzLinux is stable and enterprise ready. To those who have asked if we will be following a similar path as CentOS, shifting its focus to Stream, the answer is: there are no plans for us to go this route, VzLinux will remain free to download, use and distribute. See the release notes for details.

Comments (20 posted)

Security updates for Tuesday

[Security] Posted Jul 6, 2021 14:37 UTC (Tue) by ris

Security updates have been issued by Arch Linux (python-django), Debian (libuv1, libxstream-java, and php7.3), Fedora (rabbitmq-server), Gentoo (glibc, google-chrome, libxml2, and postsrsd), openSUSE (libqt5-qtwebengine and roundcubemail), SUSE (python-rsa), and Ubuntu (djvulibre).

Full Story (comments: none)

Security updates for Monday

[Security] Posted Jul 5, 2021 15:03 UTC (Mon) by ris

Security updates have been issued by Arch Linux (electron11, electron12, istio, jenkins, libtpms, mediawiki, mruby, opera, puppet, and python-fastapi), Debian (djvulibre and openexr), Fedora (dovecot, libtpms, nginx, and php-league-flysystem), Gentoo (corosync, freeimage, graphviz, and libqb), Mageia (busybox, file-roller, live, networkmanager, and php), openSUSE (clamav-database, lua53, and roundcubemail), Oracle (389-ds:1.4, kernel, libxml2, python38:3.8 and python38-devel:3.8, and ruby:2.5), and SUSE (crmsh, djvulibre, python-py, and python-rsa).

Full Story (comments: none)

Darktable 3.6 released

[Development] Posted Jul 5, 2021 13:32 UTC (Mon) by corbet

Version 3.6 of the Darktable raw photo editor has been released. "The darktable team is proud to announce our second summer feature release, darktable 3.6. Merry (summer) Christmas! This is the first of two releases this year and, from here on, we intend to issue two new feature releases each year, around the summer and winter solstices." The list of new features is long, including a new color-balance module, a "censorize" module for partial pixelization of images, a new demosaic algorithm, and more.

Comments (5 posted)

Security updates for Friday

[Security] Posted Jul 2, 2021 13:51 UTC (Fri) by jake

Security updates have been issued by Fedora (ansible and seamonkey), openSUSE (go1.15 and opera), Oracle (kernel and microcode_ctl), and Red Hat (go-toolset-1.15 and go-toolset-1.15-golang).

Full Story (comments: none)

Kuhn: It Matters Who Owns Your Copylefted Copyrights

[Development] Posted Jul 1, 2021 17:25 UTC (Thu) by corbet

Bradley Kuhn has posted a lengthy missive on the Software Freedom Conservancy blog about the hazards of distributed copyright ownership.

As a result, in debates about copyright ownership, discussions of what policy contributors want regarding the fruits of their labor is sadly moot. Without a clear, organized mitigation strategy to assure that FOSS contributors keep their own copyrights, a project (such as GCC or glibc) that switches from a standing “(nearly) all copyrights assigned to a charity” model to a plain Developer Certificate of Origin (DCO) or naked inbound=outbound contributor arrangement will, after a period of years, mostly likely to have copyrights that are primarily held by the employers of the most prolific contributors, rather than by the contributors themselves.

Comments (95 posted)

Security updates for Thursday

[Security] Posted Jul 1, 2021 12:16 UTC (Thu) by jake

Security updates have been issued by Debian (htmldoc, ipmitool, and node-bl), Fedora (libgcrypt and libtpms), Mageia (dhcp, glibc, p7zip, sqlite3, systemd, and thunar), openSUSE (arpwatch, go1.15, and kernel), SUSE (curl, dbus-1, go1.15, and qemu), and Ubuntu (xorg-server).

Full Story (comments: none)

--> More news items


Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds