Brief items
Security
Security quotes of the week
Tar files are commonly used to transport files throughout the supply chain. They are used for source code archives but also for containers.— Samanta Navarro (Thanks to Paul Wise.)Many different tar formats evolved to satisfy different demands, just like many different tar implementations have been written. Some of these programs and libraries try to support as many formats as possible and even previous implementation mistakes for backward compatibility.
This allows a malicious actor to create a single tar archive which leads to different file outputs based on the implementation in use. A clever combination even allows the creation of a tar file which leads to no error message among the most common tar implementations.
But in talking to people who were upset about being cut off from Facebook, Instagram, WhatsApp, or Facebook Messenger, it was a good point to remind people that another benefit of a protocols, not platforms approach to these things is that it's way more resilient. If you're using Messenger and it's down, but can easily swap in a different tool and continue to communicate that's a much better, more resilient solution than relying on Facebook not to mess up. And that's on top of all the other benefits I laid out in my paper.— Mike MasnickIn fact, a protocols approach also creates more incentives for better uptime from services, since continually screwing up for extended periods of times doesn't just mean losing ad revenue for a few hours, but it is much more likely to lead people to permanently switch to an alternative provider.
Indeed, a key part of the value of the internet, originally, was in its resiliency of being highly distributed, rather than centralized, and how it could continue to work well if one part fell off the network. The increasing centralization/silo-ization of the internet has taken away much of that benefit. So, if anything, yesterday's mess should be seen as another reason to look more closely at a protocols-based approach to building new internet services.
Kernel development
Kernel release status
The current development kernel is 5.15-rc4, released on October 3. Linus said:
One thing standing out in the diffs might be the m68k 'set_fs()' removal - not really a regression fix, but it has been pending for a while, and it turned out that the problems attributed to it were due to an entirely unrelated m68k signal handling issue. So with that fixed, we could get rid of set_fs from another architecture.
See this article for information on set_fs() and its removal.
Stable updates: 5.14.9, 5.10.70, and 5.4.150 were released on September 30, followed by 5.10.71, 5.4.151, 4.19.209, 4.14.249, 4.9.285, and 4.4.286 on October 6.
Note that 5.14.10 has been through more than the usual number of release candidates and is not yet out; it should show up in the near future.
McKenney: So You Want to Rust the Linux Kernel?
Paul McKenney has started a blog series on Rust for the Linux kernel. He has posted six of a planned 11 articles, though several are labeled as "under construction".This series focuses mostly on use cases and opportunities, rather than on any non-trivial solutions. Please note that I am not in any way attempting to dictate or limit Rust's level of ambition. I am instead noting the memory-model consequences of a few potential levels of ambition, ranging from "portions of a few drivers", "a few drivers", "some core code" and up to and including "the entire kernel". Greater levels of ambition will require greater willingness to accommodate a wider variety of LKMM [Linux-kernel memory model] requirements.[...] These blog posts will therefore present approaches ranging upwards from trivial workarounds. But be warned that some of the high-quality approaches require profound reworking of compiler backends that have thus far failed to spark joy in the hearts of compiler writers. In addition, Rust enjoys considerable use outside of the Linux kernel, for example, as something into which to rewrite inefficient Python scripts. (A megawatt here, a megawatt there, and pretty soon you are talking about real power consumption!) Therefore, there are probably sharp limits beyond which the core Rust developers are unwilling to go.
Distributions
AlmaLinux Foundation opens membership
The AlmaLinux Foundation has opened membership to everyone.The AlmaLinux Foundation [...] was created as a 501(c)(6) non-profit (the same as the Linux Foundation) in order to put OWNERSHIP of the OS, the Intellectual Property and the direction of the project into the hands of the community. By joining as a member (100% free for community members) you have the right and the ability to vote on board members and the direction of the project and other decisions as they will come up in the future.
Asahi Linux Progress Report September
The Asahi Linux project has a progress report on its goal of running Linux on Mac M1 hardware.Earlier this year we saw the absolute lowest level drivers being merged into the kernel. Those are important for bring-up, but to get a usable system we need many more. Over September we’ve seen a lot of action on this front, with many important drivers now in review or even already merged for Linux 5.16. The goal of the Asahi Linux project is to upstream everything into the Linux kernel, so all our drivers are eventually headed for upstream review.
Development
Bottomley: Linux Plumbers Conference Matrix and BBB integration
James Bottomley explains how the integration of Matrix and BigBlueButton was done for the just-concluded Linux Plumbers Conference.
One thing that emerged from our initial disaster with Matrix on the first day is that we failed to learn from the experiences of other open source conferences (i.e. FOSDEM, which used Matrix and ran into the same problems). So, an object of this post is to document for posterity what we did and how to repeat it.
Firefox 93.0
Firefox 93.0 has been released. With this version Firefox supports the new AVIF image format, which is based on the modern and royalty free AV1 video codec. The PDF viewer supports filling more forms, such as XFA-based forms used by multiple governments and banks. Downloads that rely on insecure connections are blocked, protecting against potentially malicious or unsafe downloads. Details on these features and more can be found in the release notes.Ratiu: A tale of two toolchains and glibc
Adrian Ratiu writes on the Collabora blog about the challenges that face developers trying to build the GNU C Library with the LLVM compiler.
Is it worth it to fix glibc (and other projects which support only GCC) to build with LLVM? Is it better to just replace them with alternatives already supporting LLVM? Is it best to use both GCC and LLVM, each for their respective supported projects?This post is an exploration starting from these questions but does not attempt to give any definite answers. The intent here is to not be divisive and controversial, but to raise awareness by describing parts of the current status-quo and to encourage collaboration.
LLVM 13.0.0 released
Version 13.0.0 of the LLVM compiler suite is out. There is a long list of changes, as always; see the numerous sets of release notes below for details.PostgreSQL 14 released
Version 14 of the PostgreSQL relational database manager is out.
PostgreSQL 14 brings a variety of features that help developers and administrators deploy their data-backed applications. PostgreSQL continues to add innovations on complex data types, including more convenient access for JSON and support for noncontiguous ranges of data. This latest release adds to PostgreSQL's trend on improving high performance and distributed data workloads, with advances in connection concurrency, high-write workloads, query parallelism and logical replication.
More information can be found in the release notes.
Python 3.10.0 released
Version 3.10.0 of the Python language has been released. There are a lot of significant changes in this release, including the much-discussed structural pattern-matching feature. See this article for an overview of what's in 3.10.
Page editor: Jake Edge
Next page:
Announcements>>