A year-end wrap-up from LWN
Visionary?
The 50th anniversary of Unix happened just as predicted; your editor is
looking like a true visionary so far. That prediction also suggested that
we might see "interesting work in alternative operating-system models" this
year. Whether the development of systems like Fuchsia or
seL4 qualifies is a matter of
perspective. One could also observe, as Toke Høiland-Jørgensen
recently did, that "the Linux kernel continues its march towards
becoming a BPF runtime-powered microkernel
" and conclude that the
most viable alternative to the Unix model is developing right under our noses.
The prediction that there would be more hardware vulnerabilities was no less obvious back in January. Holes like MDS, SWAPGS, and TSX async abort duly put in an appearance. It seems unlikely that we are done at this point. A minor consolation might be found in the fact that, by most accounts, communications between the kernel community and hardware vendors regarding these vulnerabilities have improved as predicted.
Did kernel development become more formalized, as we thought might happen in January? Certainly there have been discussions around workflow issues and Change IDs that would point in that direction, as does the increased emphasis on automated testing. One might argue that the kernel community grows up far too slowly, but things do change over time. The suggestion that projects would continue to transition away from the patches-over-email model ties into this as well; even the kernel community is talking about it, though any such change still seems distant at the end of 2019.
Issues with the supportability of BPF APIs did arise as predicted, but the
statement that "more kernel APIs will be created for BPF programs rather
than exported as traditional system calls
" has not been fully borne out.
That doesn't mean that we aren't seeing interesting APIs being created for
BPF; for example, it may soon be possible to write TCP
congestion-control algorithms as BPF programs.
Did somebody try to test out the kernel's code-of-conduct as predicted? As of November 30, there had been no code-of-conduct events in the last three months, and only minor events before. That prediction, happily, has not worked out. Thus far, it seems that the code of conduct may actually have succeeded in making the kernel community a nicer place without the need for any serious enforcement efforts.
Whether we are seeing an increase in differentiation between distributions as predicted is unclear. There is clearly a growing divide between those that support systemd and those that do not; the Debian project is trying to decide where it fits on that divide as this is written. Fedora is working to prepare for the future with initiatives like Silverblue and Modularity. All distributors are trying to figure out how they fit in with the increasing popularity of language-specific package repositories — a concern that probably feels more pressing than differentiation from other distributions.
Your editor predicted that there would be more high-profile acquisitions of Linux companies in 2019; inspired by the purchase of Red Hat by IBM, the article also suggested that Canonical might finally be sold. Not looking quite so visionary now.
The Python community did indeed complete its transition to a post-Guido governance model, and recently held its second steering-council election. Is the Python 3 transition a memory as predicted? Perhaps so; certainly there are fewer discussions on the topic than there once were. For many, though, it remains a relatively vivid and unpleasant memory.
There are definitely groups out there trying to come up with new licensing models, as predicted. In January it seemed like these efforts would mostly be driven by companies trying to monetize their projects, but the emphasis appears to have shifted to attempts to drive other agendas. Thus we saw the Twente License that requires observance of human rights, the Cryptographic Autonomy License with its prohibition against locking up user data, the Vaccine License making rights available only to the vaccinated, and the CasperLabs Open Source License, which adds all kinds of complexity for unclear reasons. As a general rule, these are not truly open-source licenses and they are thus not going far, regardless of whether one agrees with their objectives.
The crypto wars have not yet returned as predicted, but there are a number of chilly breezes suggesting that the right to use strong encryption may yet come under serious threat.
The web-browser monopoly may not have gotten much worse over the past year, but that is mostly because there isn't room for things to get much worse. Chrome dominates the market, with other browsers relegated to single-digit-percentage usage shares. That causes site developers to not care about making sites work with anything but Chrome (and maybe Safari), forcing even dedicated users of other browsers to launch Chrome to make specific sites work. To those of us who lived through the period of Internet Explorer dominance, much of this looks discouragingly familiar.
The final prediction worried that free software has increasingly become a way for companies to develop software efficiently while depriving competitors of license revenues. Certainly there are companies that see free software that way. That is not an entirely bad thing; a lot of new software and a lot of development jobs result from companies working from this viewpoint. But there is more to free software than that, and many members of our community continue to work toward a vision of a world that is more free and more secure. We can only try to support those efforts, and that vision, as well as we can.
Events not foreseen
The other side of evaluating predictions is looking at what was missed. One obvious omission was the leadership transition at the Free Software Foundation as the result of Richard Stallman being forced out. In retrospect, it seems clear that a change had to happen at some point, but saying when it might occur is always hard ahead of the actual event.
On the kernel front, the many-year effort to get lockdown capability into the kernel finally came to fruition; that is another event that had to happen sometime, but your editor didn't expect it in 2019. Even more unpredictable was the pidfd API, which seemingly came into existence, fully formed, after the beginning of the year, though rumblings were certainly evident before then.
Another surprise was the openSUSE project's decision to separate from SUSE and form a separate foundation. This move is being made partly to make it easier for openSUSE to seek support from multiple sources, but the project still is likely to be dependent on SUSE for some time — perhaps indefinitely. The process of negotiating the project's future relationship — and the use of the openSUSE name, which the project elected to retain — with its former corporate owner is likely to be complex. One can only wish openSUSE well as it charts its course going forward.
Closing another year
In 2019, the LWN crew produced 50 Weekly Editions containing 266 feature articles and 56 articles from 16 guest authors. We reported from 26 conferences hosted on four continents — something that was made possible by our ongoing travel support from the Linux Foundation. It has been a satisfying year, but it's fair to say that we are ready for a break.
We cannot sign off, though, without acknowledging the force that keeps this whole operation going: you, our readers. Advertising revenue hit a new low this year but, thanks to you, we have not been overly dependent on advertising for many years. Subscriber numbers are down a bit since last year, which can mostly be attributed to some of the people who came in for the Meltdown/Spectre coverage opting not to renew. With a slightly longer perspective, it is clear that our base of support remains solid, and for that we are extremely grateful. We wouldn't be here without you.
On that note, we'll sign off for the year; we look forward to resuming next
year with the January 2 Weekly Edition. As always, the lights will
not go completely out between now and then; be sure to check in for the
occasional article and update. Meanwhile, we wish a great holiday season
for all of our readers.
Posted Dec 18, 2019 22:49 UTC (Wed)
by mb (subscriber, #50428)
[Link] (1 responses)
And we enjoyed each and every single one of them.
Posted Dec 18, 2019 23:17 UTC (Wed)
by mtaht (subscriber, #11087)
[Link]
My christmas wish to all:
No major security vulns over the holidays.
And to all, a good night.
Posted Dec 18, 2019 23:39 UTC (Wed)
by gus3 (guest, #61103)
[Link]
Being able to follow the latest news, while it's on the front page, makes said subscription well worth the money. Many thanks to Corbet and his team for all the work they put in.
Posted Dec 19, 2019 2:35 UTC (Thu)
by Paf (subscriber, #91811)
[Link]
Posted Dec 19, 2019 3:56 UTC (Thu)
by fenaren (subscriber, #116987)
[Link]
Posted Dec 19, 2019 7:07 UTC (Thu)
by tjasper (subscriber, #4310)
[Link]
Merry Christmas to all
Posted Dec 19, 2019 7:14 UTC (Thu)
by joncb (guest, #128491)
[Link] (21 responses)
I feel this is a little more doom and gloom than reality suggests (to me at any rate). While it is true that Chrome is heavily dominating the browser space, this feels to me nowhere familiar to the old IE dominance days.
1/ When you say "Chrome is heavily dominating the browser space", I think it's fairer to say "Blink is heavily dominating the browser space" since the surrounding UI is mostly irrelevant when compared to the actual HTML Renderer. From that perspective you're basically saying "The open source project behind Chrome, Opera, Vivaldi and (probably) Edge is dominating the browser space". This strikes me as gloomily as the idea that OpenSSL is dominating the cryptography space.
2/ Blink seems (so far) to be pretty compatible with it's parent project. Wikipedia at any rate says that Chromium on MacOS uses WebKit instead of Blink which suggests that it's not a huge operation to switch them out. This implies that you're really saying "The pair of open source projects behind basically every browser other than Firefox is dominating the browser space"...
3/ Even ignoring that, Chrome is pretty heavily available compared to IE which was available on Windows and MacOS.
4/ I use Firefox as my personal browser (Vivaldi at work) and so far i haven't seen any page that didn't work due to being Firefox. I get(vastly) more problems from my javascript blocker (uMatrix) than I do from my browser choice. Do you have any references for "forcing even dedicated users of other browsers to launch Chrome to make specific sites work"? (Not saying you're wrong or lying, it just completely clashes with my experience) I could definitely see needing to use Chrome for things using experimental tech (like PNaCl) just like you needed to use firefox for their own experimental tech (like early ASM.js) but there's a difference between experimentation and "embrace and extend".
Having said all that, it's definitely something to keep an eagle eye on. While i think people sometimes jump on the google bashing bandwagon a little too readily, I certainly can believe that they would push things in a direction that wouldn't have the best interests of users in mind. But suggesting that this is "discouragingly familiar" to the bad old IE days seems nonsensical to me.
Posted Dec 19, 2019 9:27 UTC (Thu)
by rhertzog (subscriber, #4671)
[Link] (1 responses)
Posted Dec 21, 2019 11:53 UTC (Sat)
by joncb (guest, #128491)
[Link]
Posted Dec 19, 2019 12:57 UTC (Thu)
by martin.langhoff (guest, #61417)
[Link] (14 responses)
This is very different from the bad old days when a proprietary engine with insecure "extensions" to the web platform (ActiveX) was dominating.
Naturally, multiple compatible implementations are better, and I want Firefox to remain viable and available. But if either FF or Chromium is to dominate... I would not be worried, as long as licensing remains open and governance is reasonably good. That multiple players are using Chromium and collaborating on its codebase tells me that governance is fine.
Posted Dec 19, 2019 13:25 UTC (Thu)
by pizza (subscriber, #46)
[Link] (4 responses)
Alas, Chrome plugins are rapidly becoming the new ActiveX.
Posted Dec 20, 2019 0:42 UTC (Fri)
by Kamilion (guest, #42576)
[Link] (3 responses)
I only have the pepper flash plugin (which is supposed to go away soon?) and the pepper sandboxed pdf renderer...
Are you sure you're not mixing plugins up with extensions?
Posted Dec 20, 2019 1:34 UTC (Fri)
by pizza (subscriber, #46)
[Link] (2 responses)
I'm not referring to the likes of uMatrix, EFF Privacy Badger, and other reputable F/OSS extensions that users are free to install (or not); Instead I'm referring to corporate-mandated antivirus/data exfiltration extensions that hoover up everything you do, web sites that spam you with "install our chrome app" messages (to ensure you don't block their ads and data collection), and other such practices.
Sure, they're not binary x86 code with (effectively) full system access, but they are still locking you into a specific (browser) platform.
Posted Dec 20, 2019 9:08 UTC (Fri)
by farnz (subscriber, #17727)
[Link]
The interesting development here is WebExtension APIs that allow you to port from Chrome to a cross-browser standard. Assuming they're good enough for the corporate-mandated extensions, that permits a migration to Firefox in future.
The critical question is whether those APIs are good enough to polyfill from Chrome to Firefox in one step, or whether you have to do significant engineering effort to port. If Google started a migration from their Chrome extension APIs to WebExtension, this would definitely break the monopoly - extensions would be cross-browser by default.
Posted Dec 21, 2019 11:50 UTC (Sat)
by joncb (guest, #128491)
[Link]
I feel there's a meaningful distinction to be made between "restricted corporate world" and "general internet". So long as the corporate browser monoculture (and there is solid reasons for the corporate world to push in the direction of a monoculture) remains compatible with the general internet, i'm willing to dismiss what they do as mostly irrelevant.
Posted Dec 19, 2019 14:00 UTC (Thu)
by rahulsundaram (subscriber, #21946)
[Link]
That speaks more to the overwhelming and unhealthy dominance of a single web platform and others sorta giving up more than good governance. Firefox's lack of interest in being easily embedded didn't help either. Yes, the situation a bit better than IE but the parallels are quite clear
Posted Dec 19, 2019 15:48 UTC (Thu)
by mathstuf (subscriber, #69389)
[Link]
Are there any collaborators that couldn't be grouped into a multi-national corporation association?
Posted Dec 21, 2019 2:28 UTC (Sat)
by roc (subscriber, #30627)
[Link] (6 responses)
It tells you no such thing. What it tells you is that wannabe browser vendors prefer to avoid the massive cost of developing their own engine, and they like how Chrome market share means Chromium is the most Web-compatible engine.
Chromium's governance model is simple: Google's in charge. The kerfuffle over extension manifest v3 illustrated this perfectly: Google engineers made a decision, it was very unpopular with certain Chrome extension authors and users, and murmurings of discontent from non-Google Chromium users, but there was never any process for challenging that decision.
Posted Dec 21, 2019 7:45 UTC (Sat)
by flussence (guest, #85566)
[Link] (5 responses)
A bit like how Firefox Focus uses Chromium because no other browser has a competent embedding API.
Posted Dec 21, 2019 8:11 UTC (Sat)
by roc (subscriber, #30627)
[Link] (4 responses)
iOS Firefox Focus used Webkit and still does because Apple gives you no choice on iOS.
Posted Dec 21, 2019 21:29 UTC (Sat)
by flussence (guest, #85566)
[Link] (3 responses)
Then what's WebView? Webkit? Opera??
Posted Dec 22, 2019 1:33 UTC (Sun)
by rahulsundaram (subscriber, #21946)
[Link] (1 responses)
Webview is WebKit. Not Chromium
Posted Dec 27, 2019 20:57 UTC (Fri)
by flussence (guest, #85566)
[Link]
Posted Dec 22, 2019 1:34 UTC (Sun)
by roc (subscriber, #30627)
[Link]
Posted Dec 20, 2019 5:14 UTC (Fri)
by ThinkRob (guest, #64513)
[Link] (1 responses)
I don't know... it's familiar in the sense of it being a (near) monoculture controlled by a company whose goals don't really align with a Free and open Web.
But IE had an even higher market share in the darkest days of IE dominance than Chrome does now, and Firefox was still a viable choice back then. Every once in a while you'd hit some site coded by total boneheads that depended on an IE bug, but it was usually solvable... often with nothing more than a bit of user-agent fibbing.
I guess I'm optimistic that, if/when necessary, the open-source nature of Blink will at least help the FF devs figure out how to implement bug-for-bug compatibility modes.
Or maybe the modern web is too complex for that and we're all doomed to a pro-tracking browser. But I hope not!
Posted Dec 21, 2019 12:22 UTC (Sat)
by joncb (guest, #128491)
[Link]
Is it possible that Google could go rogue with Chrome? Absolutely. If someone opined that it's only a matter of time before they do so, i'd probably agree. No the real thing that makes me optimistic is that if they go rogue in Blink, they have to do it in the open and I have faith that someone will see it. Particularly when you take into account things like Brave who are (theoretically) explicitly trying to place themselves in the space where Google is most likely to go rogue.
I think the only thing i really disagree about is the distrust of monoculture. I don't trust a closed monoculture and if blink ever goes closed source, that's an immediate warning sign to me. I don't think open source is perfect, hearbleed should disabuse anyone of that notion, but it's still vastly better than other options and I think having an open source HTML Renderer as a monoculture is actually better for us as users as it makes it impractical to create a closed source one.
Posted Dec 21, 2019 2:22 UTC (Sat)
by roc (subscriber, #30627)
[Link] (1 responses)
Then Wikipedia is wrong. For sure Chromium on MacOS uses Blink.
Chrome on iOS uses Webkit, because Apple doesn't allow apps to use any engine other than Webkit. But Chrome on iOS is not Chromium.
Posted Dec 21, 2019 11:12 UTC (Sat)
by joncb (guest, #128491)
[Link]
Sorry, mea culpa. You are correct, I mixed up iOS and MacOS.
Posted Dec 19, 2019 14:39 UTC (Thu)
by sytoka (guest, #38525)
[Link] (1 responses)
That would be very classy!
Posted Dec 20, 2019 2:44 UTC (Fri)
by flussence (guest, #85566)
[Link]
Posted Dec 19, 2019 19:26 UTC (Thu)
by pebolle (guest, #35204)
[Link]
Recently I received issue 35 of the FSF Bulletin. (Not yet available at https://www.fsf.org/bulletin .) My copy has already been recycled but it struck me Stallman wasn't mentioned even once.
Surreal.
Posted Dec 19, 2019 20:04 UTC (Thu)
by kpfleming (subscriber, #23250)
[Link]
Posted Dec 19, 2019 21:31 UTC (Thu)
by gwolf (subscriber, #14632)
[Link]
Posted Dec 20, 2019 5:57 UTC (Fri)
by rustylife (subscriber, #102864)
[Link]
Posted Dec 20, 2019 12:04 UTC (Fri)
by z3ntu (subscriber, #117661)
[Link]
Posted Dec 20, 2019 20:40 UTC (Fri)
by djc (subscriber, #56880)
[Link]
Posted Dec 25, 2019 12:02 UTC (Wed)
by rweikusat2 (subscriber, #117920)
[Link]
Posted Dec 27, 2019 17:02 UTC (Fri)
by dgan (guest, #136178)
[Link]
A year-end wrap-up from LWN
Thanks for providing an extremely high quality technical news source.
A year-end wrap-up from LWN
the Python government transition
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
> Chrome to make specific sites work. To those of us who lived through the period of Internet Explorer dominance, much of this looks discouragingly familiar.
A year-end wrap-up from LWN
A year-end wrap-up from LWN
I can sympathize with voice/video chat being hard to do cross-browser compatible.
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
Almost all of my extensions are available for firefox too... uMatrix, uBlock Origin, EFF Privacy Badger, singlefile, tampermonkey, visbug/firebug, web of trust, proxyswitchy omega... the only extension that doesn't work is the NaCL OpenSSH extension that used to be a chromeos app and was migrated to an extension, and the mosh extension.
But firefox has a jetpack for mosh, and I think it works for ssh too..?
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
https://support.mozilla.org/mk/kb/geckoview-firefox-focus...
It never used Chromium.
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
While it is true that Chrome is heavily dominating the browser space, this feels to me nowhere familiar to the old IE dominance days.
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
Having said that, it's explicit about "Chromium on iOS" not "Chrome on iOS" however that's still working with third hand infomation, i have no way to check and the build page for iOS isn't explicit about what engine is being built so i'll bow to your superior info on this.
Perl6 -> Raku
Perl6 -> Raku
A year-end wrap-up from LWN
A year-end wrap-up from LWN
Tuning in to the "thank you"...
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
A year-end wrap-up from LWN
Keep going!!