lwn.net

The 6.14-rc5 kernel prepatch is out for testing. "Nothing looks particularly big or worrisome".

Differences of opinion, as well as outright disputes, between upstream open-source projects and Linux distribution packagers over packaging practices are nothing new. It is rarer, though, for those disputes to boil over to threats of legal action—but a disagreement between the Open Broadcaster Software (OBS) Studio project and Fedora packagers reached that point in mid-February. After escalation to a higher authority things have been worked out to the satisfaction of the OBS project, but some lingering questions remain. How Fedora should prioritize Flatpak repositories, how to handle conflicts between upstreams and Fedora packagers, and the mechanics of removing or retiring Flatpaks all remain open questions.

There is a fair amount of unhappiness on the Internet about the announcement from Mozilla about a new "terms of use" agreement and an updated privacy notice for the Firefox browser.

Firefox will always continue to add new features, improve existing ones, and test new ideas. We remain dedicated to making Firefox open source, but we believe that doing so along with an official Terms of Use will give you more transparency over your rights and permissions as you use Firefox. And actually asking you to acknowledge it is an important step, so we're making it a part of the standard product experience starting in early March for new users and later this year for existing ones.

Specifically, the apparent removal of a promise to not sell users' personal data has drawn attention.

(See also: this analysis by Michael Taggart. "So, is this Mozilla 'going evil?' Nah, prolly not. But it is at best clumsy, and a poor showing if they want me to believe they care about Firefox, rather than the data it can provide".)

Security updates have been issued by Debian (emacs, freerdp2, and gst-plugins-good1.0), Fedora (java-17-openjdk, python3.6, and xorg-x11-server-Xwayland), Mageia (radare2), SUSE (libX11, openvswitch3, postgresql13, procps, ruby2.5, webkit2gtk3, and xorg-x11-server), and Ubuntu (git, linux-aws, linux-aws, linux-aws-6.8, linux-aws, linux-oracle, linux-oracle-5.4, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, and linux-oem-6.11).

Paul McKenney has put together a series of articles on how to improve one's ability to give a good talk at a technical conference.

On the other hand, (1) presentation skills stay with you through life, and (2) small improvements in presentation skills over months or years can provide you with great advantages longer term. An old saying credited to Thomas Edison claims a breakdown of 1% inspiration and 99% perspiration. However, my own experience with RCU has instead been 0.1% inspiration, 9.9% perspiration, and 90% communication. Had I been unable to communicate effectively, others would have extreme difficulty using RCU, as in even more difficulty than they do now.

There is a lot of speaking experience distilled into this set of posts.

Version 4.0 of the Fish shell has been released. Improvements include a better key-binding mechanism, the ability to tie abbreviations to a specific command, selective ignoring of commands in the history, some scripting improvements, and more. See the release notes for details.

Zotero is an open-source reference management tool designed for collecting, organizing, and citing research materials. It is particularly useful for those writing research papers, theses, or books that require a bibliography in standard formats like APA Style, Chicago Style, or MLA Format. Zotero stores bibliographic metadata, annotations, and user data and integrates with word processors like LibreOffice, Microsoft Word, and Google Docs to produce in-text citations and bibliographies. The core features of Zotero include metadata extraction, tagging, full-text indexing, and cloud synchronization for multi-device access, and Zotero has a plugin system to allow anyone to expand its capabilities. The most recent major release, Zotero 7, added support for reading EPUBs, brought user-interface improvements including a dark mode, performance improvements, and more.

Intel's indirect branch tracking (IBT) is a hardware-implemented control-flow-integrity mechanism that makes it harder for an attacker to gain control of the system by way of a corrupted indirect branch. FineIBT is a software extension to IBT that is meant to improve its protection. Recently, though, Jennifer Miller reported a novel way to bypass FineIBT by taking advantage of how the kernel's system-call entry point is constructed. In response, Peter Zijlstra is working on some FineIBT enhancements to close that hole and make IBT more secure in general.

The 6.13.5, 6.12.17, and 6.6.80 stable kernels have been released. As usual, they contain important fixes all over the kernel tree; users of those series should upgrade.

Security updates have been issued by Debian (emacs and openh264), Fedora (rpm-ostree), Mageia (dcmtk, libcap, openssh, and proftpd), Red Hat (emacs, kernel, and pki-servlet-engine), Slackware (emacs), SUSE (chromium, ffmpeg-4, ffmpeg-7, gnutls, libiniparser-devel, procps, socat, vim, xorg-x11-server, and xwayland), and Ubuntu (binutils, libsndfile, libxmltok, and php5).

Inside this week's LWN.net Weekly Edition:

• Front: Tail calls in CPython; BPF cancellation; Slabs, sheaves, and barns; Atomic block writes; Large filesystem block sizes; EPEL 10 for older CPUs; pytest-mh; Open-source battery.
• Briefs: DMA discussion; Armbian 25.2; Gentoo qcow2; Aqualung 2.0; Emacs 30.1; Rust 1.85.0; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

FOSDEM 2025 featured the usual talks about open-source software, but, as always, the conference also offered the opportunity to discover some more exotic and less software-centric topics. That's how I learned about the Flow Battery Research Collective (FBRC), which is building what will eventually become an open-source home battery. Daniel Fernández Pinto represented the collective at FOSDEM with his talk "Building an Open-Source Battery for Stationary Storage" in the "Energy: Accelerating the Transition through Open Source" developer room (devroom).

The Gentoo Linux project has announced the availability of qcow2 images for amd64 (x86_64) and arm64 (aarch64), and plans to "eventually" offer images for the riscv64 and loongarch64 architectures.

The images, updated weekly, include an EFI boot partition and a fully functional Gentoo installation; either with no network activated but a password-less root login on the console ("no root pw"), or with network activated, all accounts initially locked, but cloud-init running on boot ("cloud-init").

One of the often-requested LWN site features that has languished the longest on our to-do list is full-text RSS feeds. We are happy to announce that, finally, there is a set of such feeds available; the full set can be seen on our feeds page. This is a subscriber-only feature, and it works by creating a unique fetch URL for each user. We will, of course, be counting on our readers to not share those URLs.

Another feature we have had requests for is to automatically present the site in dark-mode colors when a reader's browser has been configured to prefer it. That feature, too, is now available. In this case, we had to think about the interaction between automatic selection and the color customization that the site has long had. The conclusion we reached is that, if custom colors have been configured for an account, they will win out over the automatic selection. There is a new preference in the customization area to change this default if desired.

Both of these features — and the other enhancements we have made recently — were enabled by the support of LWN's subscribers. By making it possible to bring in new staff last year, you created the space to improve the site experience while keeping up with the writing. We thank all of you for your support.

Version 25.2 of the Armbian Linux distribution for single-board computers (SBCs) has been released. Notable changes in this release include support for many new SBCs, an upgrade to Linux kernel 6.12.x, and more. See the changelog for a complete list.

The Faster CPython project has been working to speed up the Python interpreter for the past several years. Now, Ken Jin, a member of the project, has merged a new set of changes that have been benchmarked as improving performance by 10% for some architectures. The only change is switching from using computed goto statements to using tail calls as part of the implementation of Python's bytecode interpreter — but that change allows modern compilers to generate significantly better code.

Security updates have been issued by Fedora (crun, gnutls, libtasn1, and openssl), Mageia (emacs, gnutls, iniparser, kernel, kmod-virtualbox, kmod-xtables-addons, kernel-linus, krb5, libxml2, and vim), Slackware (tigervnc and xorg), SUSE (libprotobuf-lite28_3_0 and Maven), and Ubuntu (dropbear, kernel, libxml2, linux, linux-lowlatency, linux-lowlatency-hwe-6.8, linux, linux-lts-xenial, linux-aws-5.4 linux-raspi-5.4, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi, ProFTPD, python-virtualenv, rails, and xorg-server, xwayland).

The conversation around the merging of a set of Rust abstractions for the kernel's DMA-mapping layer has mostly settled after Linus Torvalds made it clear that the code would be accepted. One other consequence of this decision, though, is that Christoph Hellwig has quietly stepped down from the maintenance of the DMA-mapping code. Marek Szyprowski will be the maintainer of that layer going forward. Hellwig has maintained that code for many years; his contributions will be missed.

The Linux kernel supports attaching BPF programs to many operations. This is generally safe because the BPF verifier ensures that BPF programs can't misuse kernel resources, run indefinitely, or otherwise escape their boundaries. There is continuing tension, however, between trying to expand the capabilities of BPF programs and ensuring that the verifier can handle every edge case. On February 14, Juntong Deng shared a proof-of-concept patch set that adds some run-time checks to BPF to make it possible in the future to interrupt a running BPF program.

Security updates have been issued by AlmaLinux (libpq, postgresql:13, postgresql:15, and postgresql:16), Debian (nodejs and php-nesbot-carbon), Mageia (neomutt), Red Hat (python3.11-urllib3 and tuned), SUSE (crun, ovmf, pam_pkcs11, qemu, and webkit2gtk3), and Ubuntu (iniparser, libcap2, linux, linux-hwe, linux, linux-hwe-5.4, linux, linux-lowlatency, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm-5.4, linux-azure, linux-azure-fde, linux-gkeop, linux-nvidia, linux-oracle, linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-kvm, linux-lowlatency-hwe-5.15, and linux-xilinx-zynqmp).