lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 1시간 50분 지남

Kata Containers 1.0

19시간 21분 지남
Kata Containers 1.0 has been released. "This first release of Kata Containers completes the merger of Intel’s Clear Containers and Hyper’s runV technologies, and delivers an OCI compatible runtime with seamless integration for container ecosystem technologies like Docker and Kubernetes."

Three stable kernel updates

20시간 31분 지남
Stable kernels 4.16.11, 4.14.43, and 4.9.102 have been released. They all contain important fixes and users should update.

[$] SMB/CIFS compounding support

23시간 25분 지남

In a filesystem-track session at the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM), Ronnie Sahlberg talked about some changes he has made to add support for compounding to the SMB/CIFS implementation in Linux. Compounding is a way to combine multiple operations into a single request that can help reduce network round-trips.


Security updates for Tuesday

화, 2018/05/22 - 11:10오후
Security updates have been issued by Debian (gitlab and packagekit), Fedora (glibc, postgresql, and webkitgtk4), Oracle (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Red Hat (java-1.7.0-openjdk, kernel-rt, qemu-kvm, and qemu-kvm-rhev), SUSE (openjpeg2, qemu, and squid3), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux, linux-aws, linux-kvm,, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-aws, qemu, and xdg-utils).

[$] Using GitHub Issues for Python

화, 2018/05/22 - 9:28오전

In a 2018 Python Language Summit talk that was initially billed as "Mariatta's Topic of Mystery", Mariatta Wijaya described her reasoning for advocating moving Python away from its current bug tracker to GitHub Issues. She wanted to surprise her co-attendees with the talk topic at least partly because it is somewhat controversial. But it would complete Python's journey to GitHub that started a ways back.


RFC: LWN's draft updated privacy policy

화, 2018/05/22 - 7:46오전
It is the season for web sites to be updating their privacy policies and obtaining consent from their users for whatever data they collect. LWN, being short of staff with the time or interest to work in this area, is rather late to this game. The first step is an updated privacy policy, which we're now putting out for review. Little has changed from the current version; we still don't collect much data, share data with others, or attempt to monetize what we have in any way. We would like to ask interested readers to have a look and let us know about any potential problems they see.

Spectre variants 3a and 4

화, 2018/05/22 - 7:30오전
Intel has, finally, disclosed two more Spectre variants, called 3a and 4. The first ("rogue system register read") allows system-configuration registers to be read speculatively, while the second ("speculative store bypass") could enable speculative reads to data after a store operation has been speculatively ignored. Some more information on variant 4 can be found in the Project Zero bug tracker. The fix is to install microcode updates, which are not yet available.

[$] Network filesystem topics

화, 2018/05/22 - 5:19오전

At the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM), Steve French led a discussion of various problem areas for network filesystems. Unlike previous sessions (in 2016 and 2017), there was some good news to report because the long-awaited statx() system call was released in Linux 4.11. But there is still plenty of work to be done to better support network filesystems in Linux.


Parrot 4.0 is out

화, 2018/05/22 - 2:36오전
Parrot 4.0 has been released. Parrot is a security-oriented distribution aimed at penetration tests and digital forensics analysis, with additional tools to preserve privacy. "On Parrot 4.0 we decided to provide netinstall images too as we would like people to use Parrot not only as a pentest distribution, but also as a framework to build their very own working environment with ease." Docker templates are also available.

Security updates for Monday

월, 2018/05/21 - 11:12오후
Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox).

Kernel prepatch 4.17-rc6

월, 2018/05/21 - 9:01오후
The 4.17-rc6 kernel prepatch is out. "So nothing special to report. Go read the shortlog, pull the changes, build, and test. It should all be good and pretty stable by this point."

Some weekend stable kernel updates

일, 2018/05/20 - 10:41오후
The 4.16.10, 4.14.42, and 4.9.101 stable kernel updates are available; each contains another set of important fixes.

The Software Freedom Conservancy on Tesla's GPL compliance

일, 2018/05/20 - 4:22오전
The Software Freedom Conservancy has put out a blog posting on the history and current status of Tesla's GPL compliance issues. "We're thus glad that, this week, Tesla has acted publicly regarding its current GPL violations and has announced that they've taken their first steps toward compliance. While Tesla acknowledges that they still have more work to do, their recent actions show progress toward compliance and a commitment to getting all the way there."

[$] The NOVA filesystem

토, 2018/05/19 - 5:42오전

At the 2018 Linux Storage, Filesystem, and Memory-Management Summit, Andiry Xu presented the NOVA filesystem, which he is trying to get into the upstream kernel. Unlike existing kernel filesystems, NOVA exclusively targets non-volatile main memory (NVMM) rather than traditional block devices (disks or SSDs). In fact, it does not use the kernel's block layer at all and instead uses persistent memory mapped directly into the kernel address space.


Williams: Introducing Git protocol version 2

토, 2018/05/19 - 4:49오전
Brandon Williams writes about the new Git remote protocol that will debut in the 2.18 release. "We recently rolled out support for protocol version 2 at Google and have seen a performance improvement of 3x for no-op fetches of a single branch on repositories containing 500k references. Protocol v2 has also enabled a reduction of 8x of the overhead bytes (non-packfile) sent from googlesource.com servers. A majority of this improvement is due to filtering references advertised by the server to the refs the client has expressed interest in."

Vim 8.1 released

토, 2018/05/19 - 2:16오전
Version 8.1 of the Vim editor is available. "The main new feature of Vim 8.1 is support for running a terminal in a Vim window. This builds on top of the asynchronous features added in Vim 8.0."

[$] A reworked TCP zero-copy receive API

금, 2018/05/18 - 9:58오후
In April, LWN looked at the new API for zero-copy reception of TCP data that had been merged into the net-next tree for the 4.18 development cycle. After that article was written, a couple of issues came to the fore that required some changes to the API for this feature. Those changes have been made and merged; read on for the details.

Security updates for Friday

금, 2018/05/18 - 9:37오후
Security updates have been issued by Arch Linux (curl and zathura-pdf-mupdf), Debian (libmad and vlc), openSUSE (enigmail), Red Hat (collectd, Red Hat OpenStack Platform director, and sensu), and SUSE (firefox, ghostscript, and mysql).

Haas: Built-in Sharding for PostgreSQL

금, 2018/05/18 - 2:24오전
Robert Haas writes about the sharding capabilities that PostgreSQL will someday have. "The capabilities already added are independently useful, but I believe that some time in the next few years we're going to reach a tipping point. Indeed, I think in a certain sense we already have. Just a few years ago, there was serious debate about whether PostgreSQL would ever have built-in sharding. Today, the question is about exactly which features are still needed."

[$] Securing the container image supply chain

목, 2018/05/17 - 11:35오후
"Security is hard" is a tautology, especially in the fast-moving world of container orchestration. We have previously covered various aspects of Linux container security through, for example, the Clear Containers implementation or the broader question of Kubernetes and security, but those are mostly concerned with container isolation; they do not address the question of trusting a container's contents. What is a container running? Who built it and when? Even assuming we have good programmers and solid isolation layers, propagating that good code around a Kubernetes cluster and making strong assertions on the integrity of that supply chain is far from trivial. The 2018 KubeCon + CloudNativeCon Europe event featured some projects that could eventually solve that problem.