Bookmarks (2565)

Uniquely identifying users so that they can be tracked as they go about their business on the internet is, sadly, a major goal for advertisers and others today. Web browser cookies provide a fairly well-known avenue for tracking users as they traverse various web sites, but mobile apps are not browsers, so that mechanism is not available. As it turns out, though, there are...

Security updates have been issued by Debian (php7.3 and php7.4), Mageia (kernel and kernel-linus), openSUSE (chromium and virtualbox), Oracle (xstream), Red Hat (kernel, rh-ruby30-ruby, and samba), and Ubuntu (binutils and mysql-5.7).

The 5.15-rc7 kernel prepatch is out, rather later than would have normally been expected due to Linus's travel schedule. But please do give it a good testing to make sure we've shaken out any issues. I have yet more travel coming up next week, so it would be very convenient for me to delay the merge window if I get the excuse to do...

Memory management is a balancing act in a number of ways. The kernel must balance the needs of current users of memory with anticipated future needs, for example. The kernel must also balance the act of reclaiming memory for other uses, which can involve writing data to permanent storage, with the rate of data that the underlying storage devices are able to accept. For...

Security updates have been issued by Debian (faad2 and mailman), Fedora (java-11-openjdk, libzapojit, nodejs, python-reportlab, vim, and watchdog), Mageia (ansible, docker-containerd, flatpak, tomcat, and virtualbox), openSUSE (containerd, docker, runc), Oracle (firefox and thunderbird), Red Hat (xstream), Scientific Linux (xstream), SUSE (cairo and containerd, docker, runc), and Ubuntu (apport and mysql-5.7, mysql-8.0).

Since the early days, Unix-like systems have implemented the concept of process priorities, where higher-priority processes are given more CPU time to get their work done. Implementations have changed, and alternatives (such as deadline scheduling) are available for specialized situations, but the core priority (or, in an inverted sense, "niceness") concept remains essentially the same. What should happen, though, in a world where increasing...

Security updates have been issued by Arch Linux (apache, chromium, nodejs, nodejs-lts-erbium, nodejs-lts-fermium, and virtualbox), Fedora (vsftpd and watchdog), Oracle (java-1.8.0-openjdk, java-11-openjdk, and redis:6), and Ubuntu (libcaca, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-azure-5.8, and mailman).

The Jalopnik automotive site has posted an article on a (relatively) new set of open-source tools that can extract log data from Tesla cars. Since Tesla cars run a Debian-based operating system, navigating through their file systems is somewhat trivial to anyone who’s spent a weekend messing with virtual Linux machines (or watching Mr. Robot). Actually accessing the car’s memory, however, is considerably harder:...

The Rust language project has announced the release of stable version 1.56.0 and the Rust 2021 edition. We wrote about plans for the Rust 2021 Edition in May. Editions are a mechanism for opt-in changes that may otherwise pose backwards compatibility risk. See the edition guide for details on how this is achieved. This is a smaller edition, especially compared to 2018, but there are...

For those who are curious about where the development of Git is headed: Johannes Schindelin has posted an extensive set of notes from the just-concluded Git Contributors' Summit. We held our second all-virtual Summit over the past two days. It was the traditional unconference style meeting, with topics being proposed and voted on right before the introduction round. It was really good to see...

While the BPF virtual machine has been supported by Linux for most of the kernel's existence, its role for much of that time was limited to, as its full name (Berkeley packet filter) would suggest, filtering packets. That began to change in 2012 with the introduction of seccomp() filtering, and the pace picked up in 2014 with the arrival of the extended BPF virtual...

Security updates have been issued by Debian (python-babel, squashfs-tools, and uwsgi), Fedora (gfbgraph and rust-coreos-installer), Mageia (aom, libslirp, redis, and vim), openSUSE (fetchmail, go1.16, go1.17, mbedtls, ncurses, python, squid, and ssh-audit), Red Hat (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (fetchmail, git, go1.16, go1.17, ncurses, postgresql10, python, python36, and squid), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm,...

A new style of GPL-enforcement lawsuit was filed on October 19 by Software Freedom Conservancy (SFC) against television maker Vizio. Unlike previous GPL-enforcement suits, which have been pursued on behalf of the developers and copyright holders of GPL-licensed code, this suit has been filed on behalf of owners of the TVs in question. The idea that owners of devices that contain code under the GPL...

Stable kernels 5.14.14, 5.10.75, 5.4.155, 4.19.213, and 4.14.252 have been released. They all contain important fixes and users of those series should upgrade.

Security updates have been issued by Debian (ffmpeg, smarty3, and strongswan), Fedora (udisks2), openSUSE (flatpak, strongswan, util-linux, and xstream), Oracle (redis:5), Red Hat (java-1.8.0-openjdk, java-11-openjdk, openvswitch2.11, redis:5, redis:6, and rh-redis5-redis), SUSE (flatpak, python-Pygments, python3, strongswan, util-linux, and xstream), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-raspi and strongswan).

Over at the Project Zero blog, Jann Horn has a lengthy post on a kernel bug, ways to exploit it, and various ideas on mitigation. While the exploitation analysis is highly detailed, more than half of the post looks at various defenses to this kind of bug. This blog post describes a straightforward Linux kernel locking bug and how I exploited it against Debian...

On October 11, the first release candidate for Qubes OS version 4.1 was announced. Qubes OS is a security-oriented desktop operating system that uses multiple virtual machines (VMs or "qubes") to isolate various types of functionality. The idea is to compartmentalize different applications and operating-system subsystems to protect them from each other and to limit access to the user's data if an application is compromised. Version 4.1 will...

Software Freedom Conservancy has announced that it filed suit against TV maker Vizio over "repeated failures to fulfill even the basic requirements of the General Public License (GPL)". The organization raised the problems with Vizio in August 2018, but the company stopped responding in January 2020, according to the announcement. "We are asking the court to require Vizio to make good on its obligations...

Security updates have been issued by Debian (redmine and strongswan), Fedora (containerd, fail2ban, grafana, moby-engine, and thunderbird), openSUSE (curl, firefox, glibc, kernel, libqt5-qtsvg, rpm, ssh-audit, systemd, and webkit2gtk3), Red Hat (389-ds:1.4, curl, kernel, kernel-rt, redis:5, and systemd), SUSE (util-linux), and Ubuntu (ardour, linux-azure, linux-azure-5.11, and strongswan).

Differences of opinion over which kernel symbols should be exported to loadable modules have been anything but uncommon over the years. Often, these disagreements relate to which kernel capabilities should be available to proprietary modules. Sometimes, though, it hinges on the disagreements over the best way to solve a problem. The recent discussion around the removal of an export for a core kernel function...

Security updates have been issued by Debian (amd64-microcode, libreoffice, linux-4.19, and nghttp2), Fedora (chromium, libopenmpt, vim, and xen), openSUSE (firefox, kernel, krb5, libaom, and opera), Oracle (thunderbird), SUSE (firefox, firefox, rust-cbindgen, iproute2, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, and krb5), and Ubuntu (nginx).

The 5.15-rc6 kernel prepatch is out. "I'd love to say that it's all looking average, but rc6 is actually bigger than rc5 was, and larger than normal for this time in the release cycle. It's not _enormously_ larger than normal, and it's not the largest rc6 we've had, but it's still slightly worrisome."

Greg Kroah-Hartman has released the 5.14.13, 5.10.74, 5.4.154, 4.19.212, 4.14.251, 4.9.287, and 4.4.289 stable kernel updates. Each contains another set of important fixes.

The name Debian brings to mind a Linux distribution, but the Debian project is far more than that; it is an ongoing experiment in democratic project governance. Debian's processes can result in a lot of public squabbling; one should not lose track, though, of the fact that those processes have enabled a large community to maintain and grow a complex distribution for decades without...

Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).

The latest release of the Ubuntu Linux distribution is out: Ubuntu 21.10, code named "Impish Indri". The release notes fills in all of the details for the new features in this version, but the announcement lists some as well: Ubuntu Desktop 21.10 makes wayland sessions available while using the Nvidia proprietary driver. PulseAudio 15 introduces support for Bluetooth LDAC and AptX codecs, as well...

Version 4.0 of the Devuan distribution has been released; it is code-named Chimaera. This release is based on Debian Bullseye, has improved desktop support, and benefits from more accessibility work. See the release notes for details.

Concerns over the performance of programs written in Python are often overstated — for some use cases, at least. But there is no getting around the problem imposed by the infamous global interpreter lock (GIL), which severely limits the concurrency of multi-threaded Python code. Various efforts to remove the GIL have been made over the years, but none have come anywhere near the point...

The KDE project is celebrating its 25th anniversary with a special release of the Plasma desktop. This time around, Plasma renews its looks and, not only do you get a new wallpaper, but also a gust of fresh air from an updated theme: Breeze - Blue Ocean. The new Breeze theme makes KDE apps and tools not only more attractive, but also easier to...

Security updates have been issued by Mageia (golang, grilo, mediawiki, plib, python-flask-restx, python-mpmath, thunderbird, and xstream/xmlpull/mxparser), Oracle (389-ds-base, grafana, httpd:2.4, kernel, libxml2, and openssl), Red Hat (httpd), and SUSE (kernel).

The syzbot kernel-fuzzing system finds an enormous number of bugs, but, since many of them may seem to be of a relatively low severity, they have a lower priority when contending for the attention of developers. A talk at the recent Linux Security Summit North America reported on some research that dug further into the bugs that syzbot has found; the results are rather...

Stable kernels 5.14.12, 5.10.73, 5.4.153, and 4.19.211 have been released with important fixes. Users of those series should upgrade.

We recently looked at some of the changes and new features arriving with the upcoming version 1.7 release of the Julia programming language. The package system provided by the language makes it easier to explore new language versions, while still preserving multiple versions of various parts of the ecosystem. This flexible system takes care of dependency management, both for writing exploratory code in the REPL...

Security updates have been issued by Debian (flatpak and ruby2.3), Fedora (flatpak, httpd, mediawiki, redis, and xstream), openSUSE (kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), Red Hat (.NET 5.0, 389-ds-base, httpd:2.4, kernel, kernel-rt, libxml2, openssl, and thunderbird), Scientific Linux (389-ds-base, kernel, libxml2, and openssl), SUSE (apache2-mod_auth_openidc, curl, glibc, kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), and Ubuntu (squashfs-tools).

There are many barriers to producing software that is reliable and maintainable over the long term. One of those is software complexity. At the recently concluded 2021 KVM Forum, Paolo Bonzini explored this topic, using QEMU, the open source emulator and virtualizer, as a case study. Drawing on his experience as a maintainer of several QEMU subsystems, he made some concrete suggestions on how...

Security updates have been issued by Debian (firefox-esr, hiredis, and icu), Fedora (kernel), Mageia (libreoffice), openSUSE (chromium, firefox, git, go1.16, kernel, mbedtls, mupdf, and nodejs8), Oracle (firefox and kernel), Red Hat (firefox, grafana, kernel, kpatch-patch, and rh-mysql80-mysql), and SUSE (apache2, containerd, docker, runc, curl, firefox, kernel, libqt5-qtsvg, and squid).

A group of researchers at Trinity College in Dublin has released the results of a study into the data collected by a number of Android variants. There are few surprises here, but the picture is still discouraging. We find that the Samsung, Xiaomi, Huawei and Realme Android variants all transmit a substantial volume of data to the OS developer (i.e. Samsung etc) and to...

One does not normally expect a lot of controversy around a patch series that makes changes to platform-specific configurations and drivers. The furor over some work on the Samsung Exynos platform may thus be surprising. When one looks into the discussion, things become more clear; it mostly has to do with disagreements over the best ways to get hardware vendors to cooperate with the...

Security updates have been issued by Debian (apache2, mediawiki, neutron, and tiff), Fedora (chromium, dr_libs, firefox, and grafana), Mageia (apache), openSUSE (chromium and rabbitmq-server), Oracle (kernel), Red Hat (firefox and httpd24-httpd), SUSE (rabbitmq-server), and Ubuntu (libntlm).

Jörg Schilling, a longtime free-software developer, has passed on. Most people will remember him from his work on cdrtools and the seemingly endless drama that surrounded that work. He was a difficult character to deal with, but he also contributed some important code that, for a period, almost all of us depended on. Rest well, Jörg.

The 5.15-rc5 kernel prepatch is out for testing. "So things continue to look quite normal, and it looks like the rough patch (hah!) we had early in the release is all behind us. Knock wood."

The 5.14.11, 5.10.72, 5.4.152, 4.19.210, 4.14.250, 4.9.286, and 4.4.288 stable kernel updates have all been released; each contains another set of important fixes.

For the time being, the effort to add the folio concept to the memory-management subsystem appears to be stalled, but appearances can be deceiving. The numerous folio discussions have produced a number of points of consensus, though; one of those is that far too much of the kernel has to work with page structures to get its job done. As an example of how...

Security updates have been issued by Fedora (libssh), Mageia (firefox), Slackware (httpd), SUSE (xen), and Ubuntu (firefox and mysql-5.7).

Stable kernels 5.14.10 and 4.4.287 have been released. 5.14.10 is a standard stable release, with fixes throughout the kernel tree, while 4.4.287 is fixing a build problem: "You only need this release if you are building for ARM64 and had build failures with 4.4.286."

Among the many new features pulled into the mainline during the 5.15 merge window is the ksmbd network filesystem server. Ksmbd implements the SMB protocol (also known as CIFS, though that name has gone out of favor) that is heavily used in the Windows world. The creation of an in-kernel SMB server is a bit surprising, given that Linux has benefited greatly from the...

Security updates have been issued by Debian (firefox-esr), Mageia (cockpit, fail2ban, libcryptopp, libss7, nodejs, opendmarc, and weechat), openSUSE (curl, ffmpeg, git, glibc, go1.16, libcryptopp, and nodejs8), SUSE (apache2, curl, ffmpeg, git, glibc, go1.16, grilo, libcryptopp, nodejs8, transfig, and webkit2gtk3), and Ubuntu (linux-oem-5.10 and python-bottle).