Bookmarks (360)

A reminder has gone out that the deadline for proposals for the 2025 Linux Storage, Filesystem, Memory Management and BPF Summit is February 1; anybody wanting to attend will need to make themselves known before then. The reminder also says that there will be no remote participation option (or live streams) this year.

The idea of adding None-aware operators to Python has sprung up once again. These would make traversing structures with None values in them easier, by short-circuiting lookups when a None is encountered. Almost exactly a year ago, LWN covered the previous attempt to bring the operators to Python, but there have been periodic discussions stretching back to 2015 and possibly before. This time Noah...

Security updates have been issued by Debian (rsync and tomcat9), Fedora (chromium, mingw-python-jinja2, redict, and valkey), Gentoo (GIMP and pip), Oracle (.NET, fence-agents, ipa, kernel, python-virtualenv, raptor2, and rsync), Red Hat (.NET 8.0 and .NET 9.0), SUSE (apache2-mod_jk, git, git-lfs, kernel, python-Django, thunderbird, and xen), and Ubuntu (audacity, bcel, dotnet8, dotnet9, gimp-dds, harfbuzz, libxml2, poppler, rsync, and tqdm).

The kernel is, on its face, a single large development project, but internally it is better viewed as 100 or so semi-independent projects all crammed into one big tent. Within those projects, there is a fair amount of latitude about how changes are managed, and some subsystems are using that freedom in the search for more efficient ways of working. In the end, though,...

Security updates have been issued by AlmaLinux (fence-agents, raptor2, and rsync), Debian (chromium), Fedora (rsync and seamonkey), Mageia (openjpeg2), Red Hat (tuned), Slackware (git), SUSE (dcmtk, dnsmasq, govulncheck-vulndb, libQtWebKit4, libraptor-devel, opera, python311-Pillow, python311-translate-toolkit, rsync, and SDL2_sound-devel), and Ubuntu (linux-raspi-5.4, neomutt, and python2.7).

Inside this week's LWN.net Weekly Edition: Front: Chimera Linux; Vim; Page-table hardening; Modifying system calls; Ghostty 1.0; TuxFamily. Briefs: rsync vulnerabilities; Linux Mint 22.1; Git v2.48.0; Libvirt v11.0.0; Rust 1.84.0; RIP Helen Borrie, Paolo Mantegazza, and Bill Gianopoulos; SFC lawsuit; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.

The Ghostty terminal emulator project has generated a surprising amount of interest, even before code was released to the public. This is in part due to the high profile of its creator, HashiCorp founder Mitchell Hashimoto. Its development was conducted behind closed doors for beta testing, until version 1.0 was released on December 26 under the MIT license. While far from finished, Ghostty is ready...

Version 11.0.0 of the libvirt virtualization API has been released. Notable changes in this release include the ability to export virtiofs filesystems in read-only mode, the addition of support for vlan tagging and trunking of network interfaces with the network, qemu, and lxc drivers, as well as a number of bug fixes.

We have just now received word of the passing of Helen Borrie, a longtime contributor to the Firebird relational database project. Helen's quiet leadership and dedication left a lasting impact on Firebird and its users. Her efforts helped build not just a powerful database but also a strong, collaborative community. She will be deeply missed by all who knew her and benefited from her...

Linux Mint version 22.1, a long-term-support (LTS) release with support until 2029, is now available. Notable changes in this release include a transition to Aptkit for background package management tasks, Captain to install Debian packages, and a new default theme with improved Wayland compatibility. See the release notes for known issues.

Nick Tait announced on the oss-security mailing list that rsync, the widely used file transfer program, had a number of serious vulnerabilities. Users can mitigate all six vulnerabilities by upgrading to version 3.4.0, which was released on January 14. While all users should upgrade, servers that use rsyncd are especially impacted: In the most severe CVE, an attacker only requires anonymous read access to...

Security updates have been issued by Arch Linux (rsync), Debian (rsync), Fedora (perl-Net-OAuth and redis), Red Hat (ipa, raptor2, rsync, and tuned), Slackware (rsync), SUSE (apache2-mod_jk, git, kernel, rclone, rsync, and webkit2gtk3), and Ubuntu (git, linux-azure-5.4, pdns, pdns-recursor, python-django, rlottie, and rsync).

The Mastodon project has announced that founder Eugen Rochko will be transferring "key Mastodon ecosystem and platform components (including name and copyrights, among other assets)" to a new non-profit organization: Practically Mastodon will remain headquartered in and operate from Europe primarily. We will continue day-to-day operations through the Mastodon GmbH for-profit entity, which will become wholly owned by the new European not-for-profit entity. The...

TuxFamily is a French free-software-hosting service that has been in operation since 1999. It is a non-profit that accepts "any project released under a free license", whether that is a software license or a free-content license, such as CC-BY-SA. It is also, unfortunately, slowly dying due to hardware failures and lack of interest. For example, the site's download servers are currently offline with no...

The ptrace() system call allows a suitably privileged process to modify another in a large number of ways. Among other things, ptrace() can intercept system calls and make changes to them, but such operations can be fiddly and architecture-dependent. This patch series from Dmitry Levin seeks to improve that situation by adding a new ptrace() operation to make changes to another process's system calls...

Security updates have been issued by AlmaLinux (kernel, NetworkManager, and thunderbird), Fedora (golang-github-aws-sdk-2, golang-github-aws-smithy, golang-github-ncw-swift-2, rclone, and thunderbird), Mageia (ceph, firefox, and thunderbird), Oracle (kernel, NetworkManager, and thunderbird), Red Hat (fence-agents and raptor2), SUSE (dpdk, firefox, frr, grafana, operator-sdk, perl-Module-ScanDeps, proftpd, python311-mistune, redis, thunderbird, valkey, and yq), and Ubuntu (hplip and webkit2gtk).

Hans de Goede has posted an update about his work to support IPU6 cameras on Fedora and submitting fixes upstream. The initial IPU6 camera support landed in Fedora 41 only works on a limited set of laptops. The reason for this is that with MIPI cameras every different sensor and glue-chip like IO-expanders needs to be supported separately. I have been working on making...

Chimera Linux is a new distribution designed to be "simple, transparent, and easy to pick up". The distribution is built from scratch, and recently announced its first beta release. While the documentation and installation process are both a bit rough, the project already provides a usable desktop with plenty of useful software — one built primarily on tools adopted from BSD.

The blog of the SeaMonkey project, which develops an all-in-one internet application suite based on Mozilla code, has reported the sad news of the sudden passing of Bill Gianopoulos ("WG9s") on January 6 (obituary). He was a core developer and release engineer for the project.

Security updates have been issued by AlmaLinux (dpdk, firefox, iperf3, thunderbird, and webkit2gtk3), Debian (firefox-esr, gnuchess, node-mocha, openafs, python-django, and thunderbird), Fedora (libxmp, python-jinja2, suricata, thunderbird, and xen), Mageia (avahi, libjxl, opencontainers-runc, radare2, rizin, and tinyproxy), Oracle (cups, dpdk, firefox, iperf3, kernel, thunderbird, and webkit2gtk3), SUSE (apptainer, chromedriver, dnsmasq, govulncheck-vulndb, gstreamer, gstreamer-plugins-base, gstreamer-plugins-good, logback, and python311-slixmpp), and Ubuntu (libxmltok, linux-realtime, roundcube, and snapd).

Linus has released 6.13-rc7 for testing. "So unless something odd happens the upcoming week, I expect to release a final 6.13 next week as per the normal schedule". Read the full announcement for your details on how to get a free guitar pedal assembled by Linus himself.

Version 2.48.0 of the Git source-code management system has been released. There is a long list of incremental improvements and bug fixes; see the announcement and the highlights blog from GitHub for details.

We have just now received word of the passing of Paolo Mantegazza, the driving force behind the Real Time Application Interface project and a key figure in the development of realtime Linux. Paolo used to describe himself as a simple practitioner of software development, one of whose missions was to contribute a free real-time system his students could use, study and improve for their...

The death of Bram Moolenaar, Vim founder and benevolent dictator for life (BDFL), in 2023 sent a shock through the community, and raised concern about the future of the project. At VimConf 2024 in November, current Vim maintainer Christian Brabandt delivered a keynote on "the new Vim project" that detailed how the community has reorganized itself to continue maintaining Vim and what the future...

Automattic has announced that it is reallocating its resources away from contributing to the WordPress project as a response to the WP Engine lawsuit: As part of this reset, Automattic will match its volunteering pledge with those made by WP Engine and other players in the ecosystem, or about 45 hours a week that qualify under the Five For the Future program as benefitting the...

After yesterday's stable kernel releases, Chris Clayton reported a build problem with 6.6.70, which prompted Greg Kroah-Hartman to release 6.6.71 to fix it.

Security updates have been issued by Fedora (chromium and mingw-poppler), Red Hat (dpdk, thunderbird, and webkit2gtk3), SUSE (firefox, govulncheck-vulndb, gstreamer, gstreamer-plugins-base, gstreamer-plugins-good, libmfx, openjpeg2, python310, python312, python39, tomcat, and webkit2gtk3), and Ubuntu (golang-golang-x-net).

Version 1.84.0 of the Rust language has been released. Changes include improved version selection for dependencies in Cargo, the beginning of the migration to a new trait solver, and some updated pointer-provenance APIs. Most of the time, programmers do not need to worry much about provenance, and it is very clear how a pointer got derived. However, when casting pointers to integers and back,...

The Software Freedom Conservancy is reporting that AVM has released the full source and installation scripts for its routers in response to a lawsuit, filed by Sebastian Steck, based on Lesser GNU Public License rights. Historically, lawsuits have focused on the copyrights licensed under GPL (or the GPL and LGPL together). Steck's lawsuit uniquely focused exclusively on users' rights under the LGPL. Steck's work...

Attacks on the kernel can take many forms; one popular exploitation path is to find a way to overwrite some memory with attacker-supplied data. If the right memory can be targeted, one well-targeted stray write is all that is needed to take control of the system. Since the system's page tables regulate access to memory, they are an attractive target for this type of...

The 6.12.9, 6.6.70, 6.1.124, 5.15.176, 5.10.233, and 5.4.289 stable kernels have been released. As usual, they contain important fixes all over the kernel tree.

Security updates have been issued by AlmaLinux (cups, kernel, and kernel-rt), Debian (chromium, firefox-esr, and webkit2gtk), Fedora (curl, firefox, gimp, mupdf, openjpeg2, and valkey), Red Hat (389-ds-base, cups, firefox, iperf3, kernel, kernel-rt, libreswan, python3.11-urllib3, thunderbird, and webkit2gtk3), Slackware (firefox, seamonkey, and thunderbird), SUSE (apptainer, firefox-esr, libopenjp2-7, libruby3_4-3_4, openjpeg2, and tomcat10), and Ubuntu (firefox, linux-azure, linux-azure, linux-azure-4.15, linux-azure, linux-azure-6.8, linux-azure, linux-intel-iotg-5.15, linux-azure-5.15, python2.7, thunderbird, and...

The Sequoia OpenPGP library has been in development for some time. LWN covered the library in 2020. Now the project's command-line interface has been released. The sq tool offers a promising alternative to the venerable GNU Privacy Guard (GPG) tool — albeit one with a different interface, set of terminology, and approach to the web of trust. Several distributions are making increasing use of...

The Tor Project has published a review of major milestones from 2024, including merging with the Tails project, work to enable human-friendly .onion addresses, and the launch of WebTunnel: By mimicking common internet protocols, WebTunnel improves the resilience of the Tor network in regions with heavy censorship. And since its launch earlier this year, we've made sure to prioritize small download sizes for more...

The pkgsrc developers have announced the 2024Q4 branch of the pkgsrc cross-platform packaging system. It is the default package manager for NetBSD, SmartOS, and is available for Linux as well. This marks the 85th quarterly release of pkgsrc: Since the pkgsrc-2024Q3 release, 110 packages were added, 1580 packages were updated (with 2399 updates, including language-specific updates: 24 Go, 3 OCaml, 66 Perl, 5 PHP,...

Security updates have been issued by Fedora (firefox, mupdf, and php-tcpdf), SUSE (etcd, file-roller, gtk3, kernel, python-django-ckeditor, rubygem-json-jwt, and tomcat10), and Ubuntu (ffmpeg, HTMLDOC, linux-aws, linux-raspi, linux-gke, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, and tinyproxy).

Kernel networking maintainer Jakub Kicinski reviews progress in the networking subsystem in 2024. Work on relieving the rtnl_lock pressure has continued throughout the year. The rtnl_lock is often mentioned as one of the biggest global locks in the kernel, as it protects all of the network configuration and state. The efforts can be divided into two broad categories – converting read operations to rely...

Gentoo Linux has published a project retrospective that looks at the major improvements and news from 2024, the Gentoo Foundation's finances, and contributions to Gentoo by the numbers. The number of commits to the main ::gentoo repository has remained at an overall high level in 2024, with a 2.4% increase from 121000 to 123942. The number of commits by external contributors has grown strongly...

In the past, LWN had a tradition of publishing a timeline of notable events from the previous year in early January. We thought we might try reviving that tradition in 2025 to see if our readers find it useful. While we have covered these events as they happened, it's interesting to see how much has taken place in just 12 months.

Version 134.0 of the Firefox browser has been released. Changes include support for touchpad hold gestures on Linux, a refreshed layout for the New Tab page for users in the US and Canada, and improved support for debugging web extensions.

Security updates have been issued by AlmaLinux (python-requests), Oracle (python-requests), SUSE (python-Jinja2 and rizin), and Ubuntu (ceph, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-lts-xenial, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi, linux-aws, linux-kvm, linux-hwe-6.8, linux-intel-iotg, linux-oem-6.11, linux-raspi-5.4, and salt).

During EmacsConf 2024, which was held online in early December 2024, Ramin Honary gave a talk about Project Gypsum, which is his effort to rewrite Emacs in Scheme. Unlike most other Emacs clones, which simply replicate the key bindings, Gypsum is also implementing Emacs Lisp (or Elisp). Honary is initially targeting Guile, which is an implementation of Scheme, but wants to make the code portable to...

From the Ubuntu Discourse instance comes the sad news that longtime Debian and Ubuntu contributor Steve Langasek has passed away. Steve passed away at the dawn of 2025. His time was short but remarkable. He will forever remain an inspiration. Judging by the outpouring of feelings this week, he is equally missed and mourned by colleagues and friends across the open source landscape, in...

Security updates have been issued by Fedora (ofono and webkitgtk), Mageia (ruby and virtualbox & kmod-virtualbox), Red Hat (oci-seccomp-bpf-hook and runc), SUSE (corepack22, dpdk, libpoppler-cpp1, pcp, python-Jinja2, and sysstat), and Ubuntu (tinyproxy).

Linus has released 6.13-rc6 for testing. So we had a slight pickup in commits this last week, but as expected and hoped for, things were still pretty quiet. About twice as many commits as the holiday week, but that's still not all that many. I expect things will start becoming more normal now that people are back from the holidays and are starting to...

The Pony programming language is dedicated to exploring how to make high-performance actor-based systems. Started in 2014, the language's most notable feature is probably reference capabilities, a system of pointer annotations that gives the developer fine manual control over how data is shared between actors, while simultaneously ensuring that Pony programs don't have data races. The language is not likely to overtake other more...

Security updates have been issued by Debian (linux-6.1), Fedora (iwd and libell), Red Hat (python-requests), and SUSE (velero).

We are reliably informed by the calendar that yet another year has begun. That can only mean one thing: the time has come to go out on a limb with a series of ill-advised predictions that are almost certainly not how the year will actually go. We have to try; it's traditional, after all. Read on for our view of what's coming and how...