Brief items
Security
Multiple security issues in Screen
The SUSE Security Team has published an article detailing several security issues it has uncovered with GNU Screen. This includes a local root exploit when Screen is shipped setuid-root, as it is in some Linux and BSD distributions. The security team also reports problems in coordinating disclosure with the upstream Screen project.
We are not satisfied with how this coordinated disclosure developed, and we will try to be more attentive to such problematic situations early on in the future. This experience also sheds light on the overall situation of Screen upstream. It looks like it suffers from a lack of manpower and expertise, which is worrying for such a widespread open source utility. We hope this publication can help to draw attention to this and to improve this situation in the future.
The article includes a table of operating systems, screen versions, and which vulnerabilities they may be affected by.
Kernel development
Kernel release status
The current development kernel is 6.15-rc6, released on May 11. Linus remarked: "We've got another two weeks to go in the normal release schedule, and it still feels like everything is on track."
Stable updates: 6.14.6, 6.12.28, 6.6.90, 6.1.138, and 5.15.182 were all released on May 9.
The 6.14.7, 6.12.29, 6.6.91, 6.1.139, and 5.15.183 updates are in the review process; they are due at any time.
Distributions
Guix project migrating to Codeberg
The Guix project has announced that it is migrating all of its Git repositories, as well as bug tracking and patch tracking, from Savannah to the Codeberg Git forge.
As a user, the main change is that your channels.scm configuration files, if they refer to the git.savannah.gnu.org URL, should be changed to refer to https://codeberg.org/guix/guix.git once migration is complete. But don't worry: guix pull will tell you if/when you need to update your config files and the old URL will remain a mirror for at least a year anyway.
The motivation for the move, which is spelled out in a Guix
Consensus Document (GCD), is to improve the contribution
experience and improve quality assurance efforts. Migration of Git
repositories should be completed by June 7, though they will
continue to be mirrored on Savannah until "at least
" May 2026. LWN covered Guix in February 2024.
Distributions quote of the week
The entirety of law, politics, and civilization is designed by humans, for humans. Free software is a movement of humans that attempts to provide other humans with specific freedoms and guarantees around the software they use. I don't work on free software because I want to make something easier for Google's LLM. I work on free software because I want to give freedom and control to human beings.— Russ AllberyWe're the ones building the system. Why should we not design the system for us, to help us, to make our lives better?
[...] We *absolutely* should base our rules on what's best for human beings, not corporate constructs. That is the entire point of the free software movement.
Development
Fittl: Waiting for Postgres 18: Accelerating Disk Reads with Asynchronous I/O
Lukas Fittl writes in detail on the pganalyze blog about the asynchronous I/O capability coming with the PostgreSQL 18 release.
Asynchronous I/O delivers the most noticeable gains in cloud environments where storage is network-attached, such as Amazon EBS volumes. In these setups, individual disk reads often take multiple milliseconds, introducing substantial latency compared to local SSDs.With traditional synchronous I/O, each of these reads blocks query execution until the data arrives, leading to idle CPU time and degraded throughput. By contrast, asynchronous I/O allows Postgres to issue multiple read requests in parallel and continue processing while waiting for results. This reduces query latency and enables much more efficient use of available I/O bandwidth and CPU cycles.
GNOME Foundation announces new executive director
The GNOME Foundation has announced the hiring of Steven Deobald as its new executive director.
Steven has been a GNOME user since 2002 and has been involved in numerous free software initiatives throughout his career. His professional background spans technical leadership, cooperative business development, and nonprofit work. Having worked with projects like XTDB and Endatabas, he brings valuable experience in open source product development. Based in Halifax, Canada, Steven is well-positioned to collaborate with our global community across time zones.
Nextcloud claims Google is being anticompetitive
Nextcloud provides an open-source collaboration platform called Nextcloud Hub, which includes file-sharing and syncing features. The company has written a blog post explaining that Google has revoked a critical permission from the Nextcloud Files app for Android that allows it to sync files to Nextcloud Hub.
Google is stating security concerns as a reason for revoking the permission. This is hard to believe for us. Nextcloud has had this feature since its inception in 2016, and we have never heard about any security concerns from Google about it. Moreover, several Big Tech apps as well as Google's own still have this. What we think: Google owning the platform means they can and are giving themselves preferential treatment.
Despite multiple appeals since mid-2024, Google has refused to reinstate the permission, blocking automated Nextcloud file uploads for millions of users.
The Nextcloud app available via F-Droid does not have this limitation, but the post notes that that is not an option for many users.
Podman 5.5.0 released
Version 5.5.0 of the Podman container-management tool has been released. Notable features include the addition of a podman machine cp command to copy files into a running Podman VM, a podman artifact extract command to copy contents of an OCI artifact to disk, and a --mount=artifact option to mount OCI artifacts into containers. See the release announcement for a full list of improvements and bug fixes.
Albertson: OSL's path to sustainability
Lance Albertson writes that the Oregon State University Open Source Lab has been funded for the next year, following his announcement in April that the future of OSL was in jeopardy. OSL is now focusing on becoming self-sustainable long term.
The recent support was amazing for our immediate team needs. But for the OSL to thrive long-term, we need a sustainable financial foundation. This is crucial, as the university expects units like ours to become self-sufficient beyond this current year.
So, our big focus this next year is locking in ongoing support – think annualized pledges, different kinds of regular income, and other recurring help. This is vital, especially with potential new data center costs and hardware needs. Getting this right means we can stop worrying about short-term funding and plan for the future: investing in our tech and people, growing our awesome student programs, and serving the FOSS community. We're looking for partners, big and small, who get why foundational open source infrastructure matters and want to help us build this sustainable future together.
Development quote of the week
— Aaron Hewitt (thanks to Paul Wise)Linux "just works"—if you can see.
If you're blind?
You boot into a live image and get nothing.
No speech. No braille. No login prompt feedback. Maybe Orca starts, maybe not.
Maybe you know the shortcut (Alt+Super+S?) but does that even work in this session type?
Is it Wayland? Is it X11? Is the screen reader bound to a key combo that doesn't exist on your keyboard?
You open the installer?
"Next. Button. Button. Button. Button." That's all Orca says.
Ubuntu MATE 12.04 had a working, labeled, navigable installer.
Ubuntu MATE 24.04? It's garbage.No headings. No structure. No sense of where you are. Just unlabeled buttons and blank space.
This isn't a bug.
This is neglect.
Page editor: Daroc Alden
Next page:
Announcements>>