LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
업데이트: 1시간 26분 지남
토, 2023/02/11 - 12:40오전
It was only a matter of time before somebody tried to bring BPF to the
kernel's CPU scheduler. At the end of January, Tejun Heo posted
the second
revision of a 30-part patch series, co-written with David Vernet, Josh
Don, and Barret Rhoden, that does just that. There are clearly interesting
things that could be done by deferring scheduling decisions to a BPF
program, but it may take some work to sell this idea to the development
community as a whole.
금, 2023/02/10 - 11:52오후
Security updates have been issued by Debian (postgresql-11 and sox), Fedora (opusfile), SUSE (bind, jasper, libapr-util1, pkgconf, tiff, and xrdp), and Ubuntu (cinder, imagemagick, less, linux, linux-aws, linux-azure, linux-azure-5.4, linux-gkeop, linux-kvm,
linux-oracle, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency,
linux-oracle, linux-raspi, linux, linux-aws, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux, linux-azure, linux-azure-5.15, linux-gkeop, linux-hwe-5.15,
linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15,
linux-oracle, linux-oracle-5.15, linux-raspi, linux-azure, linux-azure-4.15, linux-dell300x, linux-gke, linux-oem-5.14, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, linux-snapdragon, nova, and swift).
금, 2023/02/10 - 3:15오전
The
6.1.11 and
5.15.93 stable kernel updates have been
released; each contains another set of important fixes.
금, 2023/02/10 - 1:43오전
The Thunderbird email client blog has
a
plan for where the project is going.
Throughout the next 3 years, the Thunderbird project is aiming at
these primary objectives:
- Make the code base leaner and more reliable, rewrite ancient code,
remove technical debt.
- Rebuild the interface from scratch to create a consistent design
system, as well as developing and maintaining an adaptable and extremely
customizable user interface.
- Switch to a monthly release schedule.
금, 2023/02/10 - 1:36오전
Serial litigant Craig Wright recently
won
a procedural ruling in a London court that allows a
multi-billion-dollar Bitcoin-related lawsuit to proceed. This case has
raised a fair amount of concern within the free-software community, where
it is seen as threatening the "no warranty" language included in almost
every free-software license. As it happens, this case does not actually
involve that language, but it has some potentially worrisome implications
anyway.
목, 2023/02/09 - 11:43오후
Security updates have been issued by Debian (chromium, libsdl2, and wireshark), Fedora (pesign, tpm2-tss, and webkitgtk), Oracle (hsqldb, krb5, libksba, tigervnc, and tigervnc and xorg-x11-server), Red Hat (openvswitch2.13, openvswitch2.15, openvswitch2.16, openvswitch2.17, rh-varnish6-varnish, tigervnc, and tigervnc and xorg-x11-server), Scientific Linux (tigervnc and xorg-x11-server), and SUSE (apache2, apache2-mod_security2, apr-util, netatalk, podman, python-swift3, rubygem-globalid, syslog-ng, and thunderbird).
목, 2023/02/09 - 10:55오전
The LWN.net Weekly Edition for February 9, 2023 is available.
목, 2023/02/09 - 8:27오전
The Atlantic Council (
described by
Wikipedia as "an American think tank in the field of international
affairs") has published
a
lengthy report on the problem of security in open-source software and
what might be done about it.
OSS is really not much different from proprietary software: all
code can be developed more securely, and the security risks OSS
faces are common across most digital systems. For OSS the
differences come in the relationships between open-source
consumers—from government to the private sector to end users—and
the projects they rely on. The lack of clear transactional
relationships and the deeply influential role of the diverse,
ever-changing contributor community are a challenge for policy and
industry to navigate and support sufficiently. The result is an
ecosystem that has both enabled digital innovation and often
suffered from overburdened developers and under-resourced
communities and projects.
목, 2023/02/09 - 8:24오전
A lot of digital ink has been expended in recounting the ongoing
Python packaging saga, which is now in its fourth installment
(earlier articles:
landscape survey,
visions and unification, and
pip-conda convergence). Most of that
covered conversations that
took place in November and the discussion largely settled down over the
holidays, but it picked up again with a
packaging-strategy
thread that started in early January. That thread was based on the
results
of a user survey about packaging that was meant to help guide the
Python Packaging Authority (PyPA)
and other interested developers, but the guidance provided was somewhat
ambiguous—leading to lots more discussion.
목, 2023/02/09 - 12:54오전
The nccgroup blog is carrying
a
four-part series by Domen Puncer Kugler on how vulnerabilities can make
their way into device drivers written in Rust.
In other words, the CONFIG_INIT_STACK_ALL_ZERO build
option does nothing for Rust code! Developers must be cautious to
avoid shooting themselves in the foot when porting a driver from C
to Rust, especially if they previously relied on this config option
to mitigate this class of vulnerability. It seems that kernel info
leaks and KASLR bypasses might be here to stay, at least, for a
little while longer.
수, 2023/02/08 - 11:28오후
Security updates have been issued by Debian (heimdal, openssl, shim, and xorg-server), Oracle (kernel and thunderbird), Red Hat (git, libksba, samba, and tigervnc), Scientific Linux (thunderbird), Slackware (openssl and xorg), SUSE (EternalTerminal, openssl-1_0_0, openssl-1_1, openssl-3, openssl1, polkit, and sssd), and Ubuntu (git, grunt, heimdal, openssl, openssl1.0, and xorg-server, xorg-server-hwe-18.04, xwayland).
수, 2023/02/08 - 5:58오전
The
Flatpak package format promises to
bring "the future of apps on Linux", but a Linux distribution like
Fedora already provides packages in its native format—and built
to its specifications. Flatpaks that come from upstream projects may or
may not follow the packaging guidelines, philosophy, and practices so they
exist in their own world, separate from the packages that come directly
from Fedora. But
those worlds have
collided to a certain extent over the
past year to two. Recently, a
packager announced their plans to stop packaging the
Bottles tool, used for running
Windows programs in Wine-based containers on Linux, in favor of
recommending that Fedora users install the upstream Flatpak.
화, 2023/02/07 - 11:57오후
Security updates have been issued by Debian (graphite-web, openjdk-11, webkit2gtk, wpewebkit, and xorg-server), Mageia (advancecomp, apache, dojo, git, java/timezone, libtiff, libxpm, netatalk, nodejs-minimist, opusfile, python-django, python-future, python-mechanize, ruby-sinatra, sofia-sip, thunderbird, and tigervnc), Oracle (git and thunderbird), Red Hat (git, libksba, rh-git227-git, rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon, and thunderbird), SUSE (apache2, nginx, php8-pear, redis, rubygem-activesupport-5_1, rubygem-rack, sssd, xorg-x11-server, and xwayland), and Ubuntu (tmux).
화, 2023/02/07 - 12:23오전
The most recent batch of stable kernels has been released:
6.1.10,
5.15.92,
5.10.167,
5.4.231,
4.19.272, and
4.14.305. Those updates contain a relatively small
number of important fixes throughout the kernel tree.
화, 2023/02/07 - 12:19오전
Computer-aided design (CAD) software is expensive to develop, which is a
good
reason to appreciate the existing free and open-source alternatives to some
of the big names
in the industry. This article takes a bird's-eye view at free
and open-source software for 2D drafting and 3D parametric solid modeling,
its progress over the years, as well as wins and ongoing challenges.
월, 2023/02/06 - 11:41오후
Security updates have been issued by Debian (libhtml-stripscripts-perl), Fedora (binwalk, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, kernel, sudo, and syncthing), SUSE (syslog-ng), and Ubuntu (editorconfig-core, firefox, pam, and thunderbird).
월, 2023/02/06 - 9:06오전
The
6.2-rc7 kernel prepatch is out for
testing.
So the 6.2 rc releases are continuing to be fairly small and
controlled, to the point where normally I'd just say that this is
the last rc. But since I've stated multiple times that I'll do an
rc8 due to the holiday start of the release, that's what I'll do.
토, 2023/02/04 - 12:18오전
Of all the attacks on cryptographic code, timing attacks may be among the
most insidious. An algorithm that appears to be coded correctly, perhaps
even with a formal proof of its correctness, may be undermined by
information leaked as the result of data-dependent timing differences.
Both Arm and Intel have introduced modes that are intended to help defend
against timing attacks, but the extent to which those modes should be used
in the kernel is still under discussion.
금, 2023/02/03 - 11:32오후
Security updates have been issued by Fedora (chromium and vim), Slackware (openssh), and Ubuntu (lrzip and tiff).
금, 2023/02/03 - 6:52오전
Version 7.5 of the
LibreOffice Community edition is
now available. LibreOffice is, of course, the FOSS desktop office suite; version 7.5 brings new features to multiple parts of the tool, including major improvements to dark mode, better PDF exports, improved bookmarks in Writer, data tables for charts in Calc, better interoperability with Microsoft Office, and lots more.
Check out the
release notes for further information.
LibreOffice 7.5 Community's new features have been developed by 144
contributors: 63% of code commits are from the 47 developers employed by
three companies sitting in TDF's Advisory Board - Collabora, Red Hat and
allotropia - or other organizations, 12% are from 6 developers at The
Document Foundation, and the remaining 25% are from 91 individual
volunteers.
Other 112 volunteers - representing hundreds of other people providing
translations - have committed localizations in 158 languages. LibreOffice
7.5 Community is released in 120 different language versions, more than any
other free or proprietary software, and as such can be used in the native
language (L1) by over 5.4 billion people worldwide. In addition, over 2.3
billion people speak one of those 120 languages as their second language
(L2).
페이지