lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 1시간 1분 지남

[$] Julia v1.10: Performance, a new parser, and more

수, 2024/01/17 - 10:58오전
The new year arrived bearing a new version of Julia, a general-purpose, open-source programming language with a focus on high-performance scientific computing. Some of Julia's unusual features are Lisp-inspired metaprogramming, the ability to examine compiled representations of code in the REPL or in a "reactive notebook", an advanced type and dispatch system, and a sophisticated, built-in package manager. Version 1.10 brings big increases in speed and developer convenience, especially improvements in code precompilation and loading times. It also features a new parser written in Julia.

Wine 9.0 released

수, 2024/01/17 - 7:32오전
Version 9.0 of the Wine Windows-compatibility system has been released. "This release represents a year of development effort and over 7,000 individual changes. It contains a large number of improvements that are listed below. The main highlights are the new WoW64 architecture and the experimental Wayland driver."

A glitch in the merge window

수, 2024/01/17 - 1:20오전
On January 13, Linus Torvalds let it be known that he had lost power due to the bad weather in the US Pacific Northwest. As of this writing, he has not yet resurfaced, so the 6.8 merge window has ground to a halt.

There's apparently about 100k people without power, and I doubt our neighborhood is the priority, so I expect to be without power for some time still. I hope I'm wrong, but a few years ago it took more than a week to restore power due to all the downed trees. It's hopefully nowhere near that, but..


Security updates for Tuesday

화, 2024/01/16 - 11:58오후
Security updates have been issued by Gentoo (KTextEditor, libspf2, libuv, and Nettle), Mageia (hplip), Oracle (container-tools:4.0, gnutls, idm:DL1, squid, squid34, and virt:ol, virt-devel:rhel), Red Hat (.NET 6.0, krb5, python3, rsync, and sqlite), SUSE (chromium, perl-Spreadsheet-ParseXLSX, postgresql, postgresql15, postgresql16, and rubygem-actionpack-5_1), and Ubuntu (binutils, libspf2, libssh2, mysql-5.7, w3m, webkit2gtk, and xerces-c).

A new crop of stable kernels

화, 2024/01/16 - 4:02오전
The 6.6.12, 6.1.73, 5.15.147, 5.10.208, 5.4.267, and 4.19.305 stable kernels have been released. They contain a relatively small number of important fixes.

OpenSUSE Leap 16 is coming

화, 2024/01/16 - 12:21오전
The openSUSE project has confirmed that there will be a successor to openSUSE Leap 15, but is not sharing a lot of details at this point.

The transition to Leap 16 is not just a numerical step-up but symbolizes a significant path forward in technology and user experiences. The future of openSUSE Leap is based on the innovative concept of SUSE’s Adaptable Linux Platform.

The Adaptable Linux Platform powers the next-generation openSUSE Leap, Leap Micro, and SUSE solutions. It makes distributions more adaptable and suitable for cloud-native workloads while also being capable of handling a rapid pace of innovation.


Stawinski: How We Executed a Critical Supply Chain Attack on PyTorch

화, 2024/01/16 - 12:16오전
John Stawinski IV describes, in detail, how he and a partner were able to compromise the security of the heavily used PyTorch project.

Our exploit path resulted in the ability to upload malicious PyTorch releases to GitHub, upload releases to AWS, potentially add code to the main repository branch, backdoor PyTorch dependencies – the list goes on. In short, it was bad. Quite bad.

As we’ve seen before with SolarWinds, Ledger, and others, supply chain attacks like this are killer from an attacker’s perspective. With this level of access, any respectable nation-state would have several paths to a PyTorch supply chain compromise.


[$] Rust and C filesystem APIs

화, 2024/01/16 - 12:09오전
As the Rust-for-Linux project advances, the kernel is gradually accumulating abstraction layers that enable Rust code to interface with the existing C code. As the discussion around the set of filesystem abstractions posted by Wedson Almeida Filho in December shows, though, there is some tension between two approaches to the design of those abstractions. The approach favored by most of the kernel's C programmers looks set to win out, but this is a discussion that is likely to return as the use of Rust in the kernel grows.

Security updates for Monday

월, 2024/01/15 - 11:05오후
Security updates have been issued by CentOS (bind, cups, curl, firefox, ipa, iperf3, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, linux-firmware, open-vm-tools, openssh, postgresql, python, python3, squid, thunderbird, tigervnc, and xorg-x11-server), Fedora (chromium, python-flask-security-too, and tkimg), Gentoo (libgit2, Opera, QPDF, and zlib), Mageia (chromium-browser-stable, gnutls, openssh, packages, and vlc), Oracle (.NET 6.0, fence-agents, frr, ipa, kernel, nss, pixman, and tomcat), and SUSE (gstreamer-plugins-bad).

Stable kernel 5.10.207

토, 2024/01/13 - 7:00오전
The 5.10.207 stable kernel update has been released; it consists entirely of a handful of reverts of SCSI patches.

Linux Mint 21.3 “Virginia” released

토, 2024/01/13 - 5:05오전
The Linux Mint distribution has announced the release of Linux Mint 21.3, which is codenamed "Virginia". It has the Cinnamon 6.0 desktop, "comes with full support for SecureBoot and compatibility with a wider variety of BIOS and EFI implementation", has added new features to the Hypnotix TV-viewer application, and more. See the release notes for even more information about it.

[$] The first half of the 6.8 merge window

토, 2024/01/13 - 12:12오전
The 6.8 merge window has gotten off to a relatively slow start; reasons for that include a significant scheduler performance regression that Linus Torvalds stumbled into and has spent time tracking down. Even so, 4,282 non-merge changesets have found their way into the mainline repository for the 6.8 release as of this writing. These commits have brought a number of significant changes and new features.

Information on the SourceHut outage

금, 2024/01/12 - 11:53오후
Users of SourceHut will have noticed that the site has been unreachable; Drew DeVault has now posted a report on what is happening (it's a distributed denial-of-service attack) and what is being done to recover.

We deal with ordinary DDoS attacks in the normal course of operations, and we are generally able to mitigate them on our end. However, this is not an ordinary DDoS attack; the attacker posesses considerable resources and is operating at a scale beyond that which we have the means to mitigate ourselves. In response, before we could do much ourselves to understand or mitigate the problem, our upstream network provider null routed SourceHut entirely, rendering both the internet at large, and SourceHut staff, unable to reach our servers.


Security updates for Friday

금, 2024/01/12 - 11:04오후
Security updates have been issued by Debian (kernel, linux-5.10, php-phpseclib, php-phpseclib3, and phpseclib), Fedora (openssh and tinyxml), Gentoo (FreeRDP and Prometheus SNMP Exporter), Mageia (packages), Red Hat (openssl), SUSE (gstreamer-plugins-rs and python-django-grappelli), and Ubuntu (dotnet6, dotnet7, dotnet8, openssh, and xerces-c).

OpenSSH announces DSA-removal timeline

금, 2024/01/12 - 12:20오전
For those of you still using DSA keys with SSH: the project has announced its plans to remove support for that algorithm around the beginning of 2025.

The only remaining use of DSA at this point should be deeply legacy devices. As such, we no longer consider the costs of maintaining DSA in OpenSSH to be justified. Moreover, we hope that OpenSSH's final removal of this insecure algorithm accelerates its deprecation in other SSH implementations and allows maintainers of cryptography libraries to remove it too.


[$] The kernel "closure" API

금, 2024/01/12 - 12:09오전
The data structure known as a "closure" first found its way into the mainline kernel with the addition of bcache in the 3.10 development cycle. With the advent of bcachefs in 6.7, though, it acquired a second user and was moved to the kernel's lib directory, making it available to other kernel users as well. The documentation of closures in the source is better than that of many things in the kernel, but there is still room for a gentler introduction.

Security updates for Thursday

목, 2024/01/11 - 11:29오후
Security updates have been issued by Debian (chromium), Fedora (chromium, python-paramiko, tigervnc, and xorg-x11-server), Oracle (ipa, libxml2, python-urllib3, python3, and squid), Red Hat (.NET 6.0, .NET 7.0, .NET 8.0, container-tools:4.0, fence-agents, frr, gnutls, idm:DL1, ipa, kernel, kernel-rt, libarchive, libxml2, nss, openssl, pixman, python-urllib3, python3, tigervnc, tomcat, and virt:rhel and virt-devel:rhel modules), SUSE (gstreamer-plugins-bad), and Ubuntu (firefox, Go, linux-aws, linux-gcp-5.15, linux-intel-iotg-5.15, linux-iot, linux-oem-6.1, and twisted).

[$] LWN.net Weekly Edition for January 11, 2024

목, 2024/01/11 - 9:16오전
The LWN.net Weekly Edition for January 11, 2024 is available.

[$] Notes on Emacs Org mode

목, 2024/01/11 - 8:32오전
As part of my quest to master Emacs, which is sort of a sub-quest on the way toward learning more about Lisp, I have spent a fair amount of time discovering various corners of the Emacs world. One of those is the famous "Org mode" that is used for a wide variety of organizational tasks within the editor—and not just Emacs, but for Vim and others too. Org mode can be used for to-do lists, notes with interconnections between them, literate programming, web sites, and more. Now my quests are growing quests of their own and digging into Org mode is one of those.

Stable kernel 4.14.336

목, 2024/01/11 - 1:03오전
The 4.14.336 stable kernel update has been released with a small handful of fixes; this is the end of the line for the 4.14 stable series:

This is the LAST 4.14.y kernel to be released. It is now officially end-of-life. Do NOT use this kernel version anymore, please move to a newer one, as shown on the kernel.org releases page.

All users of the 4.14 kernel series must upgrade. But then, move to a newer release. If you are stuck at this version due to a vendor requiring it, go get support from that vendor for this obsolete kernel tree, as that is what you are paying them for :)