lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 4분 17초 지남

[$] Business models and open source

목, 2019/04/18 - 4:02오전

One of the more lively sessions that was held at the 2019 Legal and Licensing Workshop (LLW) was Heather Meeker's talk on open-source business models and alternative licensing. As a lawyer in private practice, Meeker worked on a number of the alternative licenses that were drafted and presented over the last year or so. But she is also part of a venture capital (VC) firm that is exclusively investing in companies focused on open source, so she has experience in thinking about what kinds of models actually work for those types of businesses.


Stable kernel updates

수, 2019/04/17 - 11:38오후
Stable kernels 5.0.8, 4.19.35, 4.14.112, and 4.9.169 have been released. They all contain important fixes and users should upgrade.

Security updates for Wednesday

수, 2019/04/17 - 11:31오후
Security updates have been issued by CentOS (mod_auth_mellon), Debian (ghostscript and ruby2.3), openSUSE (dovecot22, gnuplot, and openwsman), Scientific Linux (mod_auth_mellon), SUSE (krb5, openexr, python3, and wget), and Ubuntu (firefox and openjdk-lts).

[$] An update on compliance for containers

수, 2019/04/17 - 5:07오전

The inability to determine the contents of container images is a topic that annoys Dirk Hohndel. At last year's Legal and Licensing Workshop (LLW), he gave a presentation that highlighted the problem and some work he had been doing to combat it. At this year's LLW, he updated attendees on the progress that has been made and where he hopes things will go from here.


Security updates for Tuesday

화, 2019/04/16 - 11:53오후
Security updates have been issued by Debian (cacti and libxslt), Fedora (pcsc-lite and samba), Gentoo (gnutls, phpmyadmin, and tiff), openSUSE (apache2, clamav, dovecot23, nodejs10, SDL, and webkit2gtk3), Red Hat (mod_auth_mellon and rh-python36-python), SUSE (firefox, nspr, nss and python), and Ubuntu (libxslt and webkit2gtk).

[$] Avoiding page reference-count overflows

화, 2019/04/16 - 9:49오전
The 5.1-rc5 announcement mentioned "changes all over" and highlighted a number of the areas that had been touched. One thing that was not mentioned there was the addition of four patches fixing a security-related issue in the core memory-management subsystem. The vulnerability is sufficiently difficult to exploit that almost nobody should feel the need to rush out a kernel update, but it is still interesting to look at as a demonstration of how things can go wrong.

An eBPF overview series from Collabora

화, 2019/04/16 - 5:38오전
Adrian Ratiu is posting a series of articles on the Collabora blog digging into the kernel's eBPF subsystem. The first two parts are available now: an introduction and a look at the virtual machine. "eBPF is a RISC register machine with a total of 11 64-bit registers, a program counter and a 512 byte fixed-size stack. 9 registers are general purpouse read-write, one is a read-only stack pointer and the program counter is implicit, i.e. we can only jump to a certain offset from it. The VM registers are always 64-bit wide (even when running inside a 32-bit ARM processor kernel!) and support 32-bit subregister addressing if the most significant 32 bits are zeroed - this will be very useful in part 4 when cross-compiling and running eBPF programs on embedded devices."

Stable kernel updates

화, 2019/04/16 - 4:10오전
Stable kernels 5.0.7, 4.19.34, 4.14.111, and 4.9.168 were actually released last week, but the email wasn't sent. As usual they all contain important fixes and users should upgrade.

Security updates for Monday

화, 2019/04/16 - 12:02오전
Security updates have been issued by Debian (graphicsmagick, jasper, and libssh2), Fedora (kernel, kernel-headers, kernel-tools, nodejs-simple-markdown, and php), openSUSE (netpbm and xen), and SUSE (audiofile, firefox, java-1_7_0-openjdk, libvirt, openssh, and systemd).

Kernel prepatch 5.1-rc5

월, 2019/04/15 - 11:02오후
The 5.1-rc5 kernel prepatch is out for testing. "Nothing in here makes me feel uncomfortable about this release cycle so far. Knock wood."

[$] Expedited memory reclaim from killed processes

토, 2019/04/13 - 7:26오전
Running out of memory puts a Linux system into a difficult situation; in the worst cases, there is often no way out other than killing one or more processes to reclaim their memory. This killing may be done by the kernel itself or, on systems like Android, by a user-space out-of-memory (OOM) killer process. Killing a process is almost certain to make somebody unhappy; the kernel should at least try to use that process's memory expeditiously so that, with luck, no other processes must die. That does not always happen, though, in current kernels. This patch set from Suren Baghdasaryan aims to improve the situation, but the solution that results in the end may take a different form.

Emacs 26.2 released

토, 2019/04/13 - 4:38오전
Version 26.2 of the Emacs editor is out. The headline features include the ability to build modules outside of the source tree, Unicode 11 compliance, and the long-awaited ability to compress an entire directory full of files with a single keystroke.

Security updates for Friday

토, 2019/04/13 - 12:05오전
Security updates have been issued by CentOS (freerdp, kernel, openssh, and python), Fedora (checkstyle), openSUSE (bluez, file, kernel, and libarchive), SUSE (apache2, curl, ghostscript, libvirt, openssh, and systemd), and Ubuntu (rssh).

[$] Counting corporate beans

금, 2019/04/12 - 11:47오전
Some things simply take time. When your editor restarted the search for a free accounting system, he had truly hoped to be done by now. But life gets busy, and accounting systems are remarkably prone to falling off the list of things one wants to deal with in any given day. On the other hand, accounting can return to that list quickly whenever LWN's proprietary accounting software does something particularly obnoxious. This turns out to be one of those times, so your editor set out to determine whether beancount could do the job.

Security updates for Thursday

금, 2019/04/12 - 12:33오전
Security updates have been issued by Arch Linux (apache, evolution, gnutls, and thunderbird), Debian (wpa), Gentoo (git), Mageia (dovecot, flash-player-plugin, gpac, gpsd, imagemagick, koji, libssh2, libvirt, mariadb, ming, mumble, ntp, python, python3, squirrelmail, and wget), openSUSE (apache2), Red Hat (httpd24-httpd and httpd24-mod_auth_mellon), SUSE (libqt5-qtbase, openldap2, tar, and xmltooling), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 and wpa).

[$] LWN.net Weekly Edition for April 11, 2019

목, 2019/04/11 - 8:51오전
The LWN.net Weekly Edition for April 11, 2019 is available.

[$] A backdoor in a popular Ruby gem

목, 2019/04/11 - 2:56오전

Finding ways to put backdoors into various programming-language package repositories (e.g. npm, PyPI, and now RubyGems) seems like it is becoming a new Olympic sport or something. Every time you turn around, there is a report of a new backdoor. It is now apparently Ruby's turn, with a new report of a remote-execution backdoor being inserted, briefly, into a popular gem that is installed by some sites using the Ruby on Rails web-application framework.


Security updates for Wednesday

목, 2019/04/11 - 12:01오전
Security updates have been issued by Debian (samba and spip), openSUSE (samba), Red Hat (flash-plugin), Scientific Linux (kernel and openssh), SUSE (clamav and xen), and Ubuntu (apache2).

Microsoft research: A fork() in the road

수, 2019/04/10 - 9:39오후
Here's a research paper from Andrew Baumann, Jonathan Appavoo, Orran Krieger, and Timothy Roscoe at Microsoft Research arguing that the fork() system call is a fundamental design mistake. "As the designers and implementers of operating systems, we should acknowledge that fork’s continued existence as a first-class OS primitive holds back systems research, and deprecate it. As educators, we should teach fork as a historical artifact, and not the first process creation mechanism students encounter." The discussion of better alternatives is limited, though.


[$] Positional-only parameters for Python

수, 2019/04/10 - 2:05오후

Arguments can be passed to Python functions by position or by keyword—generally both. There are times when API designers may wish to restrict some function parameters to only be passed by position, which is harder than some think it should be in pure Python. That has led to a PEP that is meant to make the situation better, but opponents say it doesn't really do that; it simply replaces one obscure mechanism with another. The PEP was assigned a fairly well-known "BDFL delegate" (former BDFL Guido van Rossum), who has accepted it, presumably for Python 3.8.