lwn.net

Fedora Magazine has announced the creation Fedora Atomic Desktops: a way of branding Fedora's growing set of rpm-ostree spins. Joseph Gayso wrote "we’ve seen more of our mainline Fedora Linux spins make the jump to offer a version that implements rpm-ostree. It’s reached the point where it can be hard to talk about all of them at the same time. Therefore we’ve introduced a new brand that will serve to simplify how we discuss rpm-ostree and how we name future atomic spins." LWN covered Project Bluefin, which is based on Fedora's rpm-ostree work, in December 2023.

Over on the Collabora blog, Helen Koike writes about the DRM-CI project for running automated continuous integration (CI) tests on multiple graphics devices in several different labs. It uses the IGT GPU tools for testing, though there are plans to expand: The roadmap for DRM-CI includes enabling other devices, incorporating additional tests like kselftests, adding support for vgem driver, and implementing further automations. DRM-CI builds upon the groundwork laid by Mesa3D CI, including its GitLab YAML files and most of its setup, fostering collaboration and mutual strengthening.

[...] Adapting the DRM-CI pipeline to other subsystems is feasible with a few modifications. The primary consideration is setting up dedicated GitLab-CI runners since Freedesktop's infrastructure is meant only for graphics.

In light of this, our team is developing a versatile and user-friendly GitLab-CI pipeline. This new pipeline is envisioned to function as a flexible interface for kernel maintainers and developers that can be evolved to connect with different test environments that can also be hooked with CI systems such as KernelCI. This approach aims to simplify the integration process, making GitLab-CI more accessible and beneficial to a broader range of developers.

Over on the Collabora blog, Helen Koike writes about the DRM-CI project for running automated continuous integration (CI) tests on multiple graphics devices in several different labs. It uses the IGT GPU tools for testing, though there are plans to expand: The roadmap for DRM-CI includes enabling other devices, incorporating additional tests like kselftests, adding support for vgem driver, and implementing further automations. DRM-CI builds upon the groundwork laid by Mesa3D CI, including its GitLab YAML files and most of its setup, fostering collaboration and mutual strengthening.

[...] Adapting the DRM-CI pipeline to other subsystems is feasible with a few modifications. The primary consideration is setting up dedicated GitLab-CI runners since Freedesktop's infrastructure is meant only for graphics.

In light of this, our team is developing a versatile and user-friendly GitLab-CI pipeline. This new pipeline is envisioned to function as a flexible interface for kernel maintainers and developers that can be evolved to connect with different test environments that can also be hooked with CI systems such as KernelCI. This approach aims to simplify the integration process, making GitLab-CI more accessible and beneficial to a broader range of developers.

Gnuplot 6.0 was released in December 2023, bringing a host of significant improvements and new capabilities to the open-source graphing tool. Here we survey the major new features, including filled contours in 3D, adaptive plotting resolution, watchpoints, clipping of surfaces, sector plots for making things like pie charts, and new syntax for conditionals in gnuplot's scripting language. In addition, there are detailed examples of the features described.

Gnuplot 6.0 was released in December 2023, bringing a host of significant improvements and new capabilities to the open-source graphing tool. Here we survey the major new features, including filled contours in 3D, adaptive plotting resolution, watchpoints, clipping of surfaces, sector plots for making things like pie charts, and new syntax for conditionals in gnuplot's scripting language. In addition, there are detailed examples of the features described.

David Rowley looks deeply into the improvements coming to the query planner in PostgreSQL 16.

For a long time now, PostgreSQL has been able to remove a LEFT JOIN where no column from the left joined table was required in the query and the join could not possibly duplicate any rows.

However, in versions prior to PostgreSQL 16, there was no support for left join removals on partitioned tables. Why? Because the proofs that the planner uses to determine if there’s any possibility any inner-side row could duplicate any outer-side row were not present for partitioned tables.

The PostgreSQL 16 query planner now allows the LEFT JOIN removal optimization with partitioned tables.

David Rowley looks deeply into the improvements coming to the query planner in PostgreSQL 16.

For a long time now, PostgreSQL has been able to remove a LEFT JOIN where no column from the left joined table was required in the query and the join could not possibly duplicate any rows.

However, in versions prior to PostgreSQL 16, there was no support for left join removals on partitioned tables. Why? Because the proofs that the planner uses to determine if there’s any possibility any inner-side row could duplicate any outer-side row were not present for partitioned tables.

The PostgreSQL 16 query planner now allows the LEFT JOIN removal optimization with partitioned tables.

Security updates have been issued by Debian (webkit2gtk), Fedora (atril, chromium, gnutls, python-aiohttp, and webkitgtk), Gentoo (libxml2), Mageia (gnutls, gpac, kernel, kernel-linus, microcode, pam, and postfix), Red Hat (container-tools:2.0, container-tools:3.0, container-tools:4.0, container-tools:rhel8, gimp, libmaxminddb, python-pillow, runc, and unbound), SUSE (cosign, netpbm, python, python-Pillow, python3, and python36), and Ubuntu (libde265, linux-gcp, linux-gcp-5.4, and linux-intel-iotg).

Security updates have been issued by Debian (webkit2gtk), Fedora (atril, chromium, gnutls, python-aiohttp, and webkitgtk), Gentoo (libxml2), Mageia (gnutls, gpac, kernel, kernel-linus, microcode, pam, and postfix), Red Hat (container-tools:2.0, container-tools:3.0, container-tools:4.0, container-tools:rhel8, gimp, libmaxminddb, python-pillow, runc, and unbound), SUSE (cosign, netpbm, python, python-Pillow, python3, and python36), and Ubuntu (libde265, linux-gcp, linux-gcp-5.4, and linux-intel-iotg).

On February 2, Google announced this year's "Season of Docs", a program complementing its Summer of Code program by providing funding to open source projects to hire technical writers to improve their documentation. Interested projects have until April 2 to apply.

Google Season of Docs provides direct grants to open source projects to improve their documentation and gives professional technical writers an opportunity to gain experience in open source. Together we raise awareness of open source, of docs, and of technical writing.

On February 2, Google announced this year's "Season of Docs", a program complementing its Summer of Code program by providing funding to open source projects to hire technical writers to improve their documentation. Interested projects have until April 2 to apply.

Google Season of Docs provides direct grants to open source projects to improve their documentation and gives professional technical writers an opportunity to gain experience in open source. Together we raise awareness of open source, of docs, and of technical writing.

Stephen Brennan describes kernel core dumps in excruciating detail.

Kernel core dumps are complex. They are not simply copies of system memory; they contain plenty of extra metadata which is critical to understanding their contents. And like any other type of data, the design of the file formats can enable lots of flexibility and power. However, due to the broad variety of tools out there, the diversity of dump formats is overwhelming, and the lack of documentation or specifications compounds the problem.

Stephen Brennan describes kernel core dumps in excruciating detail.

Kernel core dumps are complex. They are not simply copies of system memory; they contain plenty of extra metadata which is critical to understanding their contents. And like any other type of data, the design of the file formats can enable lots of flexibility and power. However, due to the broad variety of tools out there, the diversity of dump formats is overwhelming, and the lack of documentation or specifications compounds the problem.

Mitchell Baker has announced that she is stepping down from the role of Mozilla CEO, effective immediately. Laura Chambers will be the new CEO "for the remainder of the year".

We’re at a critical juncture where public trust in institutions, governments, and the fabric of the internet has reached unprecedented lows. There’s a tectonic shift underway as everyone battles to own the future of AI. It is Mozilla’s opportunity and imperative to forge a better future. I’m excited about Laura’s day-to-day involvement and the chance for Mozilla to achieve more. Our power lies in the collective effort of people contributing to something better and I’m eager for Mozilla to meet the needs of this era more fully.

Mitchell Baker has announced that she is stepping down from the role of Mozilla CEO, effective immediately. Laura Chambers will be the new CEO "for the remainder of the year".

We’re at a critical juncture where public trust in institutions, governments, and the fabric of the internet has reached unprecedented lows. There’s a tectonic shift underway as everyone battles to own the future of AI. It is Mozilla’s opportunity and imperative to forge a better future. I’m excited about Laura’s day-to-day involvement and the chance for Mozilla to achieve more. Our power lies in the collective effort of people contributing to something better and I’m eager for Mozilla to meet the needs of this era more fully.

The generation of random (or, at least, unpredictable) numbers is key to many security technologies. For this reason, the provision of random data as a CPU feature has drawn a lot of attention over the years. A proper hardware-based random-number generator can address the problems that make randomness hard to obtain in some systems, but only if the manufacturer can be trusted to not have compromised that generator in some way. A recent discussion has brought to light a different problem, though: what happens if a hardware random-number generator can be simply driven into exhaustion?

The generation of random (or, at least, unpredictable) numbers is key to many security technologies. For this reason, the provision of random data as a CPU feature has drawn a lot of attention over the years. A proper hardware-based random-number generator can address the problems that make randomness hard to obtain in some systems, but only if the manufacturer can be trusted to not have compromised that generator in some way. A recent discussion has brought to light a different problem, though: what happens if a hardware random-number generator can be simply driven into exhaustion?

The GNU C Library project has been accepted as a CVE Numbering Authority (CNA), meaning that the project is now in control of the CVE numbers assigned to its code.

As a CNA the glibc security team will be working to improve the quality and response time of security advisories and mitigations.

Over the coming months, the glibc security team will define the process for the CNA and establish best practices that can also be used by the rest of the GNU Toolchain.

See this article for some background on this change.

The GNU C Library project has been accepted as a CVE Numbering Authority (CNA), meaning that the project is now in control of the CVE numbers assigned to its code.

As a CNA the glibc security team will be working to improve the quality and response time of security advisories and mitigations.

Over the coming months, the glibc security team will define the process for the CNA and establish best practices that can also be used by the rest of the GNU Toolchain.

See this article for some background on this change.

Security updates have been issued by Debian (chromium), Red Hat (gimp, kernel, kernel-rt, and runc), Slackware (expat), SUSE (libavif), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive).