Bookmarks (355)

Mark Surman, president of the Mozilla Corporation, has announced leadership updates for Mozilla. This includes a Mozilla Leadership Council made up of executives from each Mozilla organization, and new board chairs for the not-for-profit Mozilla Foundation, the Mozilla Corporation, and Mozilla.ai. The announcement also indicates a desire to further "diversify" Mozilla's focus: We've recognized that Mozilla faces major headwinds in terms of both financial...

Steven Rostedt recently posted a patch set that could help improve the performance of certain user-space applications by giving the scheduler more context about when they are safe to interrupt. The patch set lets programs request a small grace window before they can be interrupted so that they can relinquish any locks, decreasing the amount of time that other threads have to spend waiting....

Version 25.0.0 of the Mesa graphics library has been released. "The flashiest addition is probably the support for Vulkan 1.4 by Anv (Intel), Asahi (Apple), Lavapipe (software), NVK (NVIDIA), PanVK (Mali), RADV (AMD), and Turnip (Qualcomm). Users can expect the usual flurry of improvements across all drivers and components."

Many of us enjoy uninterrupted access to mobile networks. However, in remote areas or during emergencies, that connectivity may not always be available. For such scenarios, Meshtastic offers a decentralized wireless mesh network with open-source firmware that runs on affordable, low-power devices. At FOSDEM 2025, the Meshtastic project was represented by one of its core developers, Thomas Göttgens, who gave a talk, "Meshtastic -...

The Fedora Project has announced two milestones in its journey to supporting the RISC-V architecture: a dedicated RISC-V Koji build system instance is live in the Fedora data center, and Fedora 41-based images are now available for RISC-V. It is also possible to run Fedora RISC-V images using QEMU for those without supported hardware.

Debian Developer Thomas Lange has written a blog post in the attempt to help users find the right Debian image for their systems. It's difficult to find the right Debian image. We have thousands of ISO files and cloud images and we support multiple CPU architectures and several download methods. The directory structure of our main image server is like a maze, and our...

Security updates have been issued by AlmaLinux (gcc-toolset-14-gcc, nodejs:18, and nodejs:22), Fedora (bootc), Gentoo (OpenSSH), Oracle (doxygen, libxml2, mingw-glib2, and NetworkManager), Red Hat (bind, bind9.16, bind9.18, kernel, kernel-rt, mysql, and mysql:8.0), Slackware (openssh), SUSE (buildah, emacs, glibc, google-osconfig-agent, grub2, java-11-openj9, kernel, netty, netty-tcnative, openssh, openvswitch, podman, and ucode-intel), and Ubuntu (atril, libsndfile, libtasn1-6, openssh, python-virtualenv, and symfony).

Pi-hole v6 has been released. The latest version of the popular ad-blocking software sports a redesigned user interface, has support for subscribing to allowlists, and brings a new REST API and embedded web server. Its Docker/OCI image is now based on Alpine Linux rather than Debian to reduce image size. See the announcement for guidance on upgrading existing Pi-hole installations.

The Reproducible-openSUSE project has announced that it has created a usable version of openSUSE with 100% reproducible packages. [Bernhard] Wiedemann took on this 4-month-long project to create a fork of openSUSE that has 100% bit-reproducible packages. So far ring0 (aka bootstrap) and ring1 with 3,300 software packages have all successfully been patched and tested. This build is not yet recommended for production use, though.

Kernel developers have been working to convert various internal interfaces to use folios; while this process has been progressing, there is still the occasional regression introduced by the change. In December 2024, it was discovered that installing a Flatpak application could trigger a filesystem bug in the kernel that would cause the software to read incorrect data from the disk. The problem was quickly fixed...

The 6.12.15 stable kernel update has been fast-tracked to release. It seems that its predecessor contains a regression in the XFS filesystem that can lead to kernel crashes.

Security updates have been issued by Debian (gnutls28, openssh, and pam-pkcs11), Mageia (microcode and python-cryptography), Oracle (nodejs:18, nodejs:20, and rsync), Red Hat (gcc, nodejs:20, and nodejs:22), SUSE (emacs, kernel, openvswitch, and ucode-intel), and Ubuntu (Docker).

It is a standard practice to use milestones to reflect on the achievements of a project, such as the anniversary of its first release or first commit. Usually, these are observed at five and ten‑year increments; the tenth anniversary of the 1.0 release, or 25 years since from the first public announcement, etc. Lennart Poettering, however, took a different approach at FOSDEM 2025 with a...

Greg Kroah-Hartman has released three more stable kernels: 6.13.3, 6.12.14, and 6.6.78. There was a bit of confusion that resulted in the patch for CVE 2025-21687 getting applied twice — but that doesn't result in any problems for users of the kernel, just a bit of extra noise in the CVE database, so Kroah-Hartman has decided to leave the releases as-is instead of rushing...

Security updates have been issued by AlmaLinux (container-tools:rhel8, gcc, libxml2, nodejs:18, and nodejs:20), Debian (freerdp2, golang-glog, trafficserver, and tryton-client), Fedora (chromium, krb5, libheif, microcode_ctl, nginx, nginx-mod-fancyindex, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, and webkitgtk), Mageia (ffmpeg, golang, postgresql13 and postgresql15, and python-zipp), Oracle (container-tools:ol8, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, kernel, libxml2, and nodejs:20), Red Hat (gcc, idm:DL1, and ipa), SUSE (buildah, chromium, glibc, kernel, kernel-firmware-all-20250206, libecpg6, postgresql15, python, python3,...

The 6.14-rc3 kernel prepatch is out for testing; the announcement, for unknown reasons, went only to the linux-btrfs list. So the first few weeks of the 6.14 release development were smaller-than-usual, but rc3 is actually right in line with normal releases at this point. Probably just timing of pull requests, and we'll see how next week goes. But nothing looks worrisome. Along with the...

There are many challenges involved with running a web site like LWN. Some of them, such as finding the courage to write for people who know more about the subject matter than we do, simply come with the territory we have chosen. But others show up as an unwelcome surprise; the ongoing task of fending off bots determined to scrape the entire Internet to...

Memcached is a memory-based data-caching daemon that has a long history. More than twenty years after its first public release, Memcached strives to remain relevant in a vastly changed computing landscape, balancing new features with a commitment to the original principles that separate it from newer alternatives like Redis and Hazelcast.

Security updates have been issued by AlmaLinux (doxygen, gcc-toolset-13-gcc, gcc-toolset-14-gcc, kernel, and libxml2), Debian (chromium, postgresql-13, and webkit2gtk), Fedora (krb5, openssl, and python3.13), Mageia (ark, ofono, and perl-Net-OAuth, perl-Crypt-URandom, perl-Module-Build), Oracle (firefox, gcc, gcc-toolset-14-gcc, kernel, openssl, tbb, and thunderbird), Red Hat (libxml2), SUSE (chromium, golang-github-prometheus-prometheus, grafana, kernel, kernel-firmware-ath10k-20250206, kernel-firmware-bnx2-20250206, kernel-firmware-brcm-20250206, kernel-firmware-chelsio-20250206, kernel-firmware-dpaa2-20250206, kernel-firmware-mwifiex-20250206, kernel-firmware-platform-20250206, kernel-firmware-realtek-20250206, kernel-firmware-serial-20250206, kernel-firmware-ueagle-20250206, libtasn1, python312, qemu, SUSE Manager Client Tools,...

The Asahi Linux project, which is working to support Linux on Apple silicon, has announced the resignation of Hector "marcan" Martin as its lead, and his replacement by a seven-person committee. "Today's news is bittersweet. We are grateful to marcan for kicking off this project and tirelessly working on it these past years. Our community will miss him. Still, with your support, the project...

The openSUSE project has announced that future installations of the Tumbleweed rolling distribution will use SELinux for mandatory access control rather than AppArmor. Existing installations will not be migrated, and AppArmor will continue to be maintained for Tumbleweed. The openSUSE Leap 15 distribution is not changing.

Huge pages can increase the performance of many programs, but they can also have unfortunate performance impacts of their own. Over the last few years, multi-size transparent huge pages (mTHPs) have increasingly been seen as a happy medium that bring the benefits of huge pages at a lower cost. The system cannot benefit from mTHPs, though, if it does not create them; two developers...

Security updates have been issued by AlmaLinux (doxygen and openssl), Debian (dcmtk and webkit2gtk), Fedora (chromium, clevis-pin-tpm2, envision, fido-device-onboard, gotify-desktop, keylime-agent-rust, keyring-ima-signer, libkrun, python3.10, python3.11, python3.14, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-openssl, rust-openssl-sys, rust-pore, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sqv, rust-sevctl, rust-snphost, rust-tealdeer, rustup, and s390utils), Mageia (ffmpeg, php-tcpdf, python-tornado, and subversion), Red Hat (openssl and python-jinja2), SUSE (crun, glibc, kernel, libngtcp2-16, libtasn1, netty,...

Inside this week's LWN.net Weekly Edition: Front: BPF load-time checking; IRQ suspension; Rust for Linux; Rewriting coreutils; Selfish contributors; emlearn. Briefs: RfL policy; OpenWrt 24.10.0; Arti 1.4.0; LibreOffice 25.2; OpenInfra; Plasma 6.3; Attacks on Codeberg; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.

The Codeberg development forge has recently been subject to sustained attacks resulting in, among other things, abusive email being sent to the site's users. The organization has now put up a description and a defiant response: Extreme right forces actively target members of our communities and discriminate based on ethnicity and gender, political background, sexual orientation, disabilities, nationality and faith. However diversity is an...

While large language models and the expensive hardware they require are all the rage now, other areas of artificial intelligence work within much more constrained hardware environments. At FOSDEM 2025, Jon Nordby presented his open-source machine-learning inference engine for microcontrollers, named emlearn. The project also boasts bindings for MicroPython, thus making machine-learning applications even more accessible.

Security updates have been issued by AlmaLinux (firefox, kernel, kernel-rt, tbb, and thunderbird), Debian (bind9, cacti, pam-pkcs11, and ruby2.7), Fedora (bind, bind-dyndb-ldap, chromium, crun, and java-21-openjdk), Mageia (calibre, nginx, python-ansible-core, python-jinja2, python-pip, python-setuptools, python-twisted, and python-waitress), Red Hat (doxygen, firefox, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, tbb, and thunderbird), SUSE (go1.24, govulncheck-vulndb, java-1_8_0-openj9, kernel, openssl-3, ovmf, python3-numpy, python311, python36, qemu, and skopeo), and Ubuntu (bluez and openssl).

Most Linux systems depend on a suite of core utilities that the GNU Project started development on decades ago and are, of course, written in C. At FOSDEM 2025, Sylvestre Ledru made the case in his main stage talk that modern systems require safer, more maintainable tools. Over the past few years, Ledru has led the charge of rewriting the GNU Core Utilities (coreutils) in...

High-performance networking is a highly tuned activity; the amount of time available to deal with each packet may be measured in nanoseconds, so care must be taken to avoid anything that might slow the process down. Recently, there has been a fair amount of attention given to a patch set merged for 6.13 that, it is claimed, can improve processing efficiency (and, thus, power...

Version 6.3 of the Plasma desktop has been released. One year on, with the teething problems a major new release inevitably brings firmly behind us, Plasma's developers have worked on fine-tuning, squashing bugs and adding features to Plasma 6 — turning it into the best desktop environment for everyone. Changes include improved support for drawing tablets, better fractional-scaling support, and more.

The 6.6.77 stable kernel update has been released; it contains a single fix for a User Mode Linux build problem.

Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim).

Miguel Ojeda gave a keynote at FOSDEM 2025 about the history of the Rust-for-Linux project, and the current attitude of people in the kernel community toward the experiment. Unlike his usual talks, this talk didn't focus so much on the current state of the project, but rather on discussing history and predictions for the future. He ended up presenting quotes from more than 30 people...

Version 1.4.0 of Arti, the Tor Project's next-generation Tor client written in Rust, has been released. Notable improvements in this release include a new RPC interface, and preparatory work toward service-side onion service denial-of-service resistance. The release is dedicated to the memory of Jérémy Bobbio, better known by many as "Lunar". For full details on the release, see the changelog.

Miguel Ojeda has announced the posting of a new document describing policies around the use of Rust in the Linux kernel. There has been a fair amount of confusion about what the kernel policies around Rust are, who maintains what and so on. This document tries to clarify some of these points with what, to the best of our knowledge, is the current status.

Security updates have been issued by AlmaLinux (buildah, bzip2, galera and mariadb, keepalived, kernel, kernel-rt, mariadb:10.11, mingw-glib2, and podman), Debian (ark, firefox-esr, kernel, sssd, and thunderbird), Fedora (abseil-cpp, clevis-pin-tpm2, dbus-parsec, envision, fido-device-onboard, firefox, golang-github-nvidia-container-toolkit, gotify-desktop, jpegxl, keylime-agent-rust, keyring-ima-signer, libkrun, php-phpseclib, python-cryptography, python3-docs, python3.12, python3.13, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-crypto-auditing-agent, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-oo7-cli, rust-openssl, rust-openssl-sys, rust-pore, rust-routinator, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-sqv, rust-sevctl,...

The second 6.14 kernel prepatch is out for testing. It's Sunday afternoon, and I'm releasing the usual regularly scheduled release candidate while the rest of the US is getting ready for the biggest day in TV commercials interrupted by some kind of lawn bowling tournament.

The 6.13.2, 6.12.13, and 6.6.76 stable kernels have been released; each contains another set of important fixes.

The BPF verifier is charged with the challenging task of ensuring that a BPF program is safe for the kernel to run before that program is loaded. Among many other concerns, the verifier must ensure that any kfuncs (kernel functions that have been exported to BPF programs) are called with the correct parameters and from the right context. The "context" part of that enforcement...

Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc).

Jonathan Bryce has announced two open community meetings to hear input on the topic of the OpenInfra Foundation migrating to the Linux Foundation. Bryce wrote that the OpenInfra board has carefully evaluated its options, and sees joining the Linux Foundation as the best way forward. Like the Linux Foundation, the OpenInfra Foundation is 501(c)(6) nonprofit. According to the FAQ, OpenInfra "is in great health,...

Version 25.2 of the LibreOffice productivity suite is out. Changes include the ability to remove all personal information from any document, support for ODF version 1.4, a number of accessibility improvements, and more; see the release notes for details.

Version 24.10.0 of the OpenWrt router-oriented distribution has been released. Changes include an update to the 6.6 kernel, use of access control lists on larger systems, multipath TCP support, better WiFi6 support, the beginning of WiFi7 support, and more.

Open source is often described as a "gift economy"—an ecosystem where contributors are motivated by a desire to make the world a better place. That is, sometimes, true. However, James Bottomley used his main track slot at FOSDEM 2025, on February 1, to make the case that it is better to bank on the selfish motivations of individuals to drive community success than to rely...

Security updates have been issued by Debian (asterisk and chromium), Fedora (FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, and SimGear), Mageia (bind, chromium-browser-stable, python-django, and vim), Oracle (buildah, bzip2, firefox, keepalived, mariadb:10.11, and podman), Slackware (curl, mariadb, and mozilla), SUSE (cargo-audit-advisory-db-20250204 and python311-scikit-learn), and Ubuntu (ckeditor, krb5, and ruby2.7).

Inside this week's LWN.net Weekly Edition: Front: Finding concurrency bugs with sched_ext; Rust abstractions; 6.14 Merge window; Sealed system mappings; OpenSUSE board; Julia; Site tour. Briefs: Binutils 2.44; Firefox 135.0; Freedesktop GitLab; GNU C Library 2.41; GTK; Servo; Thunderbird updates; Sanctions; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.

The Servo Rust-based rendering engine project has published an article summarizing its progress in 2024, and plans for the future: Servo main dependencies (SpiderMonkey, Stylo and WebRender) have been upgraded, the new layout engine has kept evolving adding support for floats, tables, flexbox, fonts, etc. By the end of 2024 Servo passes 1,515,229 WPT subtests (79%). Many other new features have been under active development: WebGPU, Shadow...

Over the past year or so, LWN has added a number of useful new features for our subscribers to enhance the experience of reading and commenting on our content. Those features are of little use, however, to readers who do not know about them. It has been more than a decade since we last provided a tour of the site—it seems that another is...

Jake Hillion gave a presentation at FOSDEM about using sched_ext, the BPF scheduling framework that was introduced in kernel version 6.12, to help find elusive concurrency problems. In collaboration with Johannes Bechberger, he has built a scheduler that can reveal theoretically possible but unobserved concurrency bugs in test code in a few minutes. Since their scheduler only relies on mainline kernel features, it can...

Security updates have been issued by Debian (firefox-esr), Fedora (fastd, ovn, and yq), Mageia (libreoffice), Slackware (mozilla), SUSE (google-osconfig-agent, grafana, helm, and rime-schema-all), and Ubuntu (linux-azure, linux-azure-5.4, linux-lowlatency, openjdk-17, openjdk-21, openjdk-23, openjdk-8, and openjdk-lts).