lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 53분 56초 지남

Librem 5 phone hands-on—Open source phone shows the cost of being different (Ars Technica)

토, 2020/01/25 - 6:32오전
Ars Technica reviews the Purism Librem 5 smartphone, which is made from open-source software and (mostly) open hardware. It is clearly not there yet as a replacement for the phone in our pockets, but it would seem to be on the right path. "The thing to keep in mind here is that Purism has taken on an absolutely gargantuan task. It somehow scraped together a new supply chain of mostly open source components, it came up with a smartphone design from scratch, and it is building its own smartphone distribution of Linux. Two years is not enough time to do this. The OS and app package is not nearly finished, and it lacks basic smartphone functionality. The hardware is nearly finished, but you'll have a hard time taking advantage of it right now since the power management isn't really implemented, and support for things like the cameras are non-existent. If you really want open source smartphones to be a thing, though, this is where you need to start. The Librem 5 is a proof of concept."

When Computer Crimes Are Used To Silence Journalists: Why EFF Stands Against the Prosecution of Glenn Greenwald

토, 2020/01/25 - 6:26오전
The Electronic Frontier Foundation (EFF) has put out a statement in support of journalist Glenn Greenwald whose "prosecution is an attempt to use computer crime law to silence an investigative reporter who exposed deep-seated government corruption". Greenwald is being charged in Brazil, where he reported on corruption within the government of that country. While the EFF said that it has seen "no actions detailed in the criminal complaint that violate Brazilian law", its main concern is the use of ill-defined "cybercrime" laws. "Around the world, cybercrime laws are notoriously hazy. This is in part because it’s challenging to write good cybercrime laws: technology evolves quickly, our language for describing certain digital actions may be imprecise, and lawmakers may not always imagine how laws will later be interpreted. And while the laws are hazy, the penalties are often severe, which makes them a dangerously big stick in the hands of prosecutors. Prosecutors can and do take advantage of this disconnection, abusing laws designed to target criminals who break into computers for extortion or theft to prosecute those engaged in harmless activities, or research—or, in this case, journalists communicating with their sources."

[$] The rapid growth of io_uring

토, 2020/01/25 - 2:01오전
One year ago, the io_uring subsystem did not exist in the mainline kernel; it showed up in the 5.1 release in May 2019. At its core, io_uring is a mechanism for performing asynchronous I/O, but it has been steadily growing beyond that use case and adding new capabilities. Herein we catch up with the current state of io_uring, where it is headed, and an interesting question or two that will come up along the way.

Security updates for Friday

금, 2020/01/24 - 11:42오후
Security updates have been issued by Debian (git and python-apt), Oracle (openslp), Red Hat (chromium-browser and ghostscript), SUSE (samba, slurm, and tomcat), and Ubuntu (clamav, gnutls28, and python-apt).

[$] How to contribute to kernel documentation

금, 2020/01/24 - 8:13오전
Some years back, I was caught in a weak moment and somehow became the kernel documentation maintainer. More recently, I've given a few talks on the state of kernel documentation and the sort of work that needs to be done to make things better. A key part of getting that work done is communicating to potential contributors the tasks that they might helpfully take on — a list that was, naturally, entirely undocumented. To that end, a version of the following document is currently under review and headed for the mainline. Read on to see how you, too, can help to make the kernel's documentation better.

Five new stable kernels

목, 2020/01/23 - 11:56오후

Greg Kroah-Hartman has announced the release of the 4.4.211, 4.9.211, 4.14.167, 4.19.98, and 5.4.14 stable kernels. As usual, these contain important fixes throughout the kernel tree; users should upgrade.


Security updates for Thursday

목, 2020/01/23 - 11:11오후
Security updates have been issued by openSUSE (chromium, libredwg, and thunderbird), Oracle (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, and python-reportlab), Red Hat (kernel), Scientific Linux (apache-commons-beanutils, libarchive, and openslp), SUSE (java-11-openjdk), and Ubuntu (e2fsprogs, graphicsmagick, python-apt, and zlib).

[$] LWN.net Weekly Edition for January 23, 2020

목, 2020/01/23 - 9:48오전
The LWN.net Weekly Edition for January 23, 2020 is available.

[$] A tiny Python called Snek

목, 2020/01/23 - 5:28오전
Keith Packard is no stranger to the linux.conf.au stage; he has spoken on a wide variety of topics since he started going to the conference in 2004 (which was held in Adelaide, where organizers apparently had a lot of ice cream for attendees). One of his talks at this year's conference was on an education-focused project that he has been working on for around a year: a version of Python called "Snek" targeting embedded processors. He gave a look at some of the history of his work with 10-12 year-old students that led to the development of Snek as well as some plans for the language—and hardware to run it on—moving forward.

Security updates for Wednesday

목, 2020/01/23 - 12:37오전
Security updates have been issued by Debian (tiff and transfig), Fedora (thunderbird-enigmail), Mageia (ffmpeg and sox), openSUSE (fontforge, python3, and tigervnc), Oracle (python-reportlab), Red Hat (apache-commons-beanutils, java-1.8.0-openjdk, kernel, kernel-alt, libarchive, openslp, openvswitch2.11, openvswitch2.12, and python-reportlab), Scientific Linux (java-1.8.0-openjdk and python-reportlab), SUSE (samba and tigervnc), and Ubuntu (python-pysaml2).

[$] Control-flow integrity for the kernel

수, 2020/01/22 - 9:46오전
Control-flow integrity (CFI) is a technique used to reduce the ability to redirect the execution of a program's code in attacker-specified ways. The Clang compiler has some features that can assist in maintaining control-flow integrity, which have been applied to the Android kernel. Kees Cook gave a talk about CFI for the Linux kernel at the recently concluded linux.conf.au in Gold Coast, Australia.

Wine 5.0 released

수, 2020/01/22 - 4:04오전
Wine 5.0 has been released. The main highlights are builtin modules in PE format, multi-monitor support, XAudio2 reimplementation, and Vulkan 1.1 support. Wine is capable of running Windows applications on Linux and other POSIX-compliant systems.

Roose: PHP in 2020

수, 2020/01/22 - 12:48오전
Brent Roose argues that it is time to take another look at PHP. "In this post, I want to look at this bright side of PHP development. I want to show you that, despite its many shortcomings, PHP is a worthwhile language to learn. I want you to know that the PHP 5 era is coming to an end. That, if you want to, you can write modern and clean PHP code, and leave behind much of the mess it was 10 years ago."

Security updates for Tuesday

수, 2020/01/22 - 12:41오전
Security updates have been issued by Debian (openconnect), Fedora (e2fsprogs, glibc, kernel, and nss), openSUSE (Mesa, php7, and slurm), Oracle (.NET Core, java-1.8.0-openjdk, java-11-openjdk, and thunderbird), Red Hat (java-1.8.0-openjdk, openvswitch, and openvswitch2.11), Scientific Linux (java-1.8.0-openjdk), SUSE (java-11-openjdk, libssh, libvpx, Mesa, and thunderbird), and Ubuntu (libbsd and samba).

[$] process_madvise(), pidfd capabilities, and the revenge of the PIDs

화, 2020/01/21 - 9:52오전
Once upon a time, there were few ways for one process to operate upon another after its creation; sending signals and ptrace() were about it. In recent years, interest in providing ways for processes to control others has been on the increase, and the kernel's process-management API has been expanded accordingly. Along these lines, the process_madvise() system call has been proposed as a way for one process to influence how memory management is done in another. There is a new process_madvise() series which is interesting in its own right, but this series has also raised a couple of questions about how process management should be improved in general.

GNU make 4.3 released

화, 2020/01/21 - 1:06오전
GNU make 4.3 is out. New features include explicit grouped targets, a new .EXTRA_PREREQS variable, the ability to specify parallel builds in the makefile itself, and more. There are also a couple of backward-incompatible changes; see the announcement for details.

Security updates for Monday

화, 2020/01/21 - 12:57오전
Security updates have been issued by CentOS (git, java-11-openjdk, and thunderbird), Debian (cacti, chromium, gpac, kernel, openjdk-11, ruby-excon, and thunderbird), Fedora (chromium and rubygem-rack), Mageia (suricata, tigervnc, and wireshark), openSUSE (glusterfs, libredwg, and uftpd), and Ubuntu (linux-hwe and sysstat).

Kernel prepatch 5.5-rc7

월, 2020/01/20 - 9:33오전
The 5.5-rc7 kernel prepatch is out. Linus is still unsure whether the final 5.5 release will come out next week or not: "if it looks like there's pent-up fixes pending next week, I'll make another rc".

Three stable kernels

토, 2020/01/18 - 8:57오전
Stable kernels 5.4.13, 4.19.97, and 4.14.166 have been released. They all contain important fixes and users should upgrade.

[$] KRSI and proprietary BPF programs

토, 2020/01/18 - 7:55오전
The "kernel runtime security instrumentation" (or KRSI) patch set enables the attachment of BPF programs to every security hook in the kernel; LWN covered this work in December. That article focused on ABI issues, but it deferred another potential problem to our 2020 predictions: the possibility that vendors could start shipping proprietary BPF programs for use with frameworks like KRSI. Other developers did pick up on the possibility that KRSI could be abused this way, though, leading to a discussion on whether KRSI should continue to allow the loading of BPF programs that do not carry a GPL-compatible license.