lwn.net

LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
업데이트: 2시간 46분 지남
Security updates for Tuesday
Security updates have been issued by Debian (sudo and xtrlock), openSUSE (sudo), Red Hat (Single Sign-On), Slackware (sudo), SUSE (binutils, dhcp, ffmpeg, kernel, kubernetes-salt, sudo, and tcpdump), and Ubuntu (sudo).
KDE Plasma 5.17 released
The KDE project has announced the
release of version 5.17 of the Plasma desktop environment.
"Night Color, the color-grading system that relaxes your eyes when
the sun sets, has landed for X11. Your Plasma desktop also recognizes when
you are giving a presentation, and stops messages popping up in the middle
of your slideshow. If you are using Wayland, Plasma now comes with
fractional scaling, which means that you can adjust the size of all your
desktop elements, windows, fonts and panels perfectly to your HiDPI
monitor."
Python 3.8.0 released
Version
3.8.0 of the Python language has been released. New features include
the controversial assignment expressions,
positional-only arguments,
the Vectorcall
mechanism, and more; see the what's new in Python
3.8 document for more information.
PyPy 7.2 released
Version
7.2 of PyPy, an implementation of the Python language, is out. With
this release, Python 3.6 support is deemed ready: "This release
removes the 'beta' tag from PyPy3.6. While there may still be some small
corner-case incompatibilities (around the exact error messages in
exceptions and the handling of faulty codec errorhandlers) we are happy
with the quality of the 3.6 series and are looking forward to working on a
Python 3.7 interpreter."
[$] Finding race conditions with KCSAN
Race conditions can be some of the trickiest bugs to find. The resulting
problems can be subtle, and reproducing the problem in order to track it
down can be difficult or impossible; often code inserted to narrow down a
race condition will cause it to stop manifesting entirely. A tool that can
find race conditions automatically would thus be a valuable thing for the
kernel community to have. In late September, Marco Elver announced
a tool called KCSAN (the Kernel Concurrency Sanitizer) that does
exactly that — and which has already found a number of real problems.
Security updates for Monday
Security updates have been issued by Arch Linux (chromium, sdl, and unbound), Debian (clamav, libdatetime-timezone-perl, openssl, tcpdump, and tzdata), Fedora (cutter-re, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-parent, libapreq2, ming, opendmarc, radare2, and thunderbird), openSUSE (chromium), Oracle (kernel), and SUSE (axis, jakarta-commons-fileupload, kernel, sles12sp3-docker-image, sles12sp4-image, system-user-root, and webkit2gtk3).
Kernel prepatch 5.4-rc3
The 5.4-rc3 kernel prepatch is out for
testing. "Things continue to look fairly normal, with rc3 being
larger than rc2, as people are starting to find more regressions, but 5.4
so far remains on the smaller side of recent releases."
More stable kernels
[$] Calibrating your fear of big bad optimizing compilers
As noted
earlier,
when compiling Linux-kernel code that does a plain C-language load or
store, as in
"a=b", the C standard grants the compiler the right
to assume that the affected variables are neither accessed nor modified
by any other thread at the time of that load or store.
The compiler is therefore permitted to carry out a surprisingly
large number of optimizations, any number of which might ruin your
concurrent code's day.
Given that current compilers usually do not emit diagnostics warning of
potential ruined days, it would be good to have other tools take on this
task.
Security updates for Friday
Security updates have been issued by Debian (lucene-solr and ruby-openid), Fedora (krb5 and SDL2), openSUSE (kernel and libopenmpt), and Ubuntu (python2.7, python3.4).
Understanding Scheduling Behavior with SchedViz (Google Open Source Blog)
The Google Open Source Blog has an announcement of the release of the SchedViz tool that is used internally at the company "to discover many opportunities for better scheduling choices and to root-cause many latency issues". SchedViz provides a GUI to explore kernel traces: "The SchedViz UI displays collections in several ways. A zoomable and pannable heatmap shows system cores on the y-axis, and the trace duration on the x-axis. Each core in the system has a swim-lane, and each swim-lane shows CPU utilization (when that CPU is being kept busy) and wait-queue depth (how many threads are waiting to run on that CPU.) The UI also includes a thread list that displays which threads were active in the heatmap, along with how long they ran, waited to run, and blocked on some event, and how many times they woke up or migrated between cores. Individual threads can be selected to show their behavior over time, or expanded to see their details."
[$] BPF at Facebook (and beyond)
It is no secret that much of the work on the in-kernel BPF virtual machine
and associated user-space support code is being done at Facebook. But less
is known about how Facebook is actually using BPF. At Kernel Recipes 2019,
BPF developer Alexei Starovoitov described
a bit of that work, though even he admitted that he didn't know what most
of the BPF programs running there were doing. He also summarized recent
developments with BPF and some near-future work.
Security updates for Thursday
Security updates have been issued by Debian (clamav, libtomcrypt, and rsyslog), Fedora (suricata), SUSE (libopenmpt and python-requests), and Ubuntu (libsoup2.4 and octavia).
[$] LWN.net Weekly Edition for October 10, 2019
The LWN.net Weekly Edition for October 10, 2019 is available.
[$] An update on the input stack
The input stack for Linux is an essential part of interacting with our
systems, but it is also an area that is lacking in terms of developers.
There has been progress over the last few years, however; Peter Hutterer
from Red Hat came to the 2019 X.Org
Developers Conference to talk about some
of the work that has been done. He gave a status report on the input
stack that covered development work that is going on now as well as things
that have been completed in the last two years or so. Overall, things are
looking pretty good for input on Linux, though the "bus factor" for the
stack is alarmingly low.
Stallman: No radical changes in GNU Project
Richard Stallman has issued a brief statement saying that there will not be
any radical changes in the GNU Project's goals, principles and
policies. "I would like to make incremental changes in how some
decisions are made, because I won't be here forever and we need to ready
others to make GNU Project decisions when I can no longer do so. But these
won't lead to unbounded or radical changes."
[$] Free software support for virtual and augmented reality
A talk at the recent X.Org Developers Conference in
Montréal, Canada
looked at support for "XR" in free software. XR is an umbrella term that
includes both virtual reality (VR) and augmented reality (AR). In the
talk, Joey
Ferwerda and Christoph Haag from Collabora gave an overview of XR and
the
Monado project that provides support for
those types of applications.
Security updates for Wednesday
Security updates have been issued by Fedora (chromium), openSUSE (rust and sqlite3), SUSE (dnsmasq, firefox, and kubernetes, patchinfo), and Ubuntu (python2.7, python3.5, python3.6, python3.7).
OpenSSH 8.1 released
OpenSSH 8.1 is out. It includes some security fixes, including the
encryption of keys at rest to defend them against speculative-execution
attacks. There is also an experimental new signature and verification
mechanism for public keys.