Brief items
Security
Updating Firefox is highly recommended
Mozilla has released Firefox versions 131.0.2, ESR 128.3.1, and ESR 115.16.1. These updates address a severe, remotely exploitable code-execution vulnerability that is evidently already being exploited. Updating to a fixed release seems like a wise thing to do.
Kernel development
Kernel release status
The current development kernel is 6.12-rc3, released on October 13. Linus remarked:
So the diffstat looks a bit odd, because one of the fixes here caused the UTF tables to be regenerated, and an effective one-liner change turned into 6703 lines of diff.But if you ignore that effect, everything looks normal.
Stable updates: 6.11.3, 6.10.14, 6.6.55, and 6.6.56 were released on October 10; 6.6.56 contains a single fix for a build problem. Note that 6.10.14 is the final release in the 6.10.x series.
The 6.11.4, 6.6.57, 6.1.113, 5.15.168, and 5.10.227 stable updates are in the review process; they are due at any time.
Quote of the week
I'm all for moving the kernel to a less error prone programming language. I've done ADA programming in my former professional live and I'm well aware about the advantages of a "safe" programming language.— Thomas GleixnerFor me Rust is definitely the right way to go, aside of my personal distaste of the syntax and the insanity of abandoning an existing universe of ADA tools just because of 'not invented here', but that's a different discussion to be had.
That said, converging to Rust requires a massive effort of being disciplined on the C side in the first place. Otherwise the Rust abstractions will just end up being a mostly useless wrapper around the existing C insanities. Which in turn will neither reduce technical debt, nor be able to hold up the promise to squash a whole class of bugs.
Quite the contrary it will accelerate the problems we already have instead of reducing them, while everyone can pretend that we are so much better off.
TBH, converging to Rust is a real chance to move away from the "features first, correctness later" approach, but the way our community is approaching it right now is just following the old scheme by making Rust compatible to the "features first, correctness later" mantra.
Distributions
Ubuntu 24.10 released
Version 24.10 of the Ubuntu distribution is out. This release includes GNOME 47, Linux 6.11, security enhancements for managing Personal Package Archives (PPAs), experimental security controls for Snap packages, and more.
Distributions quotes of the week
I just got a call from the owner of a hotel for which we provide hotspot service. She says that a guest spotted the "Powered by FreeBSD" logo at the bottom of the login page, and was offended; the guest was convinced that either we or the hotel management "worshipped the Devil" and refused to stay at the hotel unless the logo was removed. The owner could make no headway by explaining that the besneakered mascot was a cartoon character and was a daemon, not the Devil. And she feared upsetting the guest even more if she said that large portions of the same software are inside every Mac and iPad. The hotel stands to lose more than $1000 if the guest, who had originally planned to stay for a long period, moves out.
One of our tech support people also got a call directly from the hotel guest, who claimed that having the logo on the page constituted "abuse." The guest also claimed to be "losing money" because she wouldn't use the hotspot if there was a "devil" on the splash page. He didn't even realize what she was talking about at first.... He couldn't imagine why on Earth this person was calling him and going on about devils.
This is yet another reason why it was brilliant for Linux to have a Penguin as their logo. Up until then all Unix imagery was counter-productive to wide adoption: It was mostly wizards (a reminder that Unix is difficult to use and only understood by few) or devils (which is just plain confusing to the 99.99% of the planet that hasn't taken Operating Systems 101 in college).
Development
Forgejo 9.0 released
Version 9.0 of the Forgejo software forge system has been released. Changes include a switch to the GPLv3 license, the beginning of a quota system, the removal of go-git support, and a lot of fixes. (LWN looked at Forgejo in February).Inkscape 1.4 released
Version 1.4 of the Inkscape open-source vector-graphics editor has been released. Highlights of this release include a filter gallery, import for Affinity Designer files, internal links in exported PDFs, and more. See the release notes for all of the new features. LWN previewed the 1.4 release in early October.
LibreSSL 4.0.0 released
Version 4.0.0 of the LibreSSL TLS/cryptography stack has been released. Changes include a cleanup of the MD4 and MD5 implementations, removal of unused DSA methods, changes in libtls protocol parsing to ignore unsupported TLSv1.1 and TLSv1.0 protocols, and many more internal changes and bug fixes.
Development quote of the week
The second, and more serious, problem with the "pg_dump is not a backup tool" narrative is that it's invalidating. Without offering any specific fact or theory or argument, it asserts that if you think that pg_dump is a backup tool, you're foolish. You're so foolish, in fact, that the speaker need not justify the outlandish claim that pg_dump does not do what the documentation has clearly said that it does for more than two decades. If you haven't heard somebody else say it already, then allow me to be the first: you are not foolish for thinking that pg_dump can be used to back up your PostgreSQL instance. It totally can. It is often not the best approach, but sometimes it may be just perfect. The case mentioned above, where you want to have the contents of your database in text format that you can read with non-PostgreSQL tools, is just one example of where that may be so. Others exist, too.
Page editor: Daroc Alden
Next page:
Announcements>>