ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Checking out FreeCAD

([Development] Aug 5, 2020 19:56 UTC (Wed) (coogle))

[1]Our look at running a [2]CNC milling machine using open-source software led me to another tool worth looking at: [3]FreeCAD . I wasn't previously familiar with the program, so I decided to check it out. In this article I will walk through my experiences with using FreeCAD for the first time to do a variety of CNC-related tasks I normally would have used a commercial product for. I had varying degrees of success in my endeavors, but in the end came away with a positive opinion.



[1] https://lwn.net/Articles/827240/

[2] https://en.wikipedia.org/wiki/Numerical_control

[3] http://www.freecadweb.org

Security updates for Tuesday

([Security] Aug 4, 2020 14:30 UTC (Tue) (ris))

Security updates have been issued by Debian (libx11, webkit2gtk, and zabbix), Fedora (webkit2gtk3), openSUSE (claws-mail, ghostscript, and targetcli-fb), Red Hat (dbus, kpatch-patch, postgresql-jdbc, and python-pillow), Scientific Linux (libvncserver and postgresql-jdbc), SUSE (kernel and python-rtslib-fb), and Ubuntu (ghostscript, sqlite3, squid3, and webkit2gtk).

Linux Foundation announces Open Source Security Foundation

([Briefs] Aug 3, 2020 20:14 UTC (Mon) (ris))

The Linux Foundation has [1]announced the formation of the Open Source Security Foundation (OpenSSF). The foundation aims to improve the security of open source software. " The OpenSSF brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab, are just a couple of the projects that will be brought together under the new OpenSSF. The Foundation’s governance, technical community and its decisions will be transparent, and any specifications and projects developed will be vendor agnostic. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. "



[1] https://www.linuxfoundation.org/press-release/2020/08/technology-and-enterprise-leaders-combine-efforts-to-improve-open-source-security/

Julia 1.5 has been released

([Development] Aug 3, 2020 17:30 UTC (Mon) (jake))

Version 1.5 of the [1]Julia programming language has been [2]released . On the Julia blog, Jeff Bezanson and Stefan Karpinski [3]describe the highlights of the release , which includes struct layout improvements for decreasing heap allocations, stabilization of the multithreading API, faster random numbers, changes to the scoping rules in the read-eval-print loop (REPL), and more. " Julia excels at simulations, so random numbers are important to a lot of users of the language. For this release [4]Rafael Fourquet , one of the primary architects of the Random standard library and a prolific contributor in general, implemented some impressive algorithmic improvements for some popular cases. The first is a major improvement when generating normally-distributed double-precision floats. Calling randn(1000) is nearly twice as fast in Julia 1.5 compared with Julia 1.4. Generating random booleans also got much faster: rand(Bool, 1000) is nearly 6x faster. Finally, sampling from discrete collections has also gotten faster: rand(1:100, 1000) got 25% faster. " LWN looked at Julia ( [5]part 1 , [6]part 2 ) back in 2018, shortly after the release of Julia 1.0.



[1] https://julialang.org/

[2] https://discourse.julialang.org/t/julia-v1-5-0-has-been-released/44169

[3] https://julialang.org/blog/2020/08/julia-1.5-highlights/

[4] https://github.com/rfourquet

[5] https://lwn.net/Articles/763626/

[6] https://lwn.net/Articles/764001/

Debian 10.5 released

([Distributions] Aug 3, 2020 14:56 UTC (Mon) (ris))

Debian 10 "buster" received a fifth update. In addition to the usual security and bug fixes, this point release addresses Debian Security Advisory: [1]DSA-4735-1 grub2 . This security update covers multiple CVE issues regarding the [2]GRUB2 UEFI SecureBoot 'BootHole' vulnerability .



[1] https://www.debian.org/security/2020/dsa-4735

[2] https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/

Security updates for Monday

([Security] Aug 3, 2020 14:37 UTC (Mon) (ris))

Security updates have been issued by Arch Linux (ffmpeg, libjcat, mbedtls, tcpreplay, and wireshark-cli), Debian (ark, evolution-data-server, libjpeg-turbo, libopenmpt, libpam-radius-auth, libphp-phpmailer, libssh, ruby-zip, thunderbird, and transmission), Fedora (chromium, clamav, claws-mail, evolution-data-server, freerdp, glibc, java-latest-openjdk, nspr, and nss), Gentoo (libsndfile, pycrypto, python, snmptt, thunderbird, and webkit-gtk), Mageia (botan2, chocolate-doom, cloud-init, dnsmasq, freerdp/remmina, gssdp/gupnp, java-1.8.0-openjdk, matio, microcode, nasm, openjpeg2, pcre2, php-phpmailer, redis, roundcubemail, ruby-rack, thunderbird, virtualbox, and xerces-c), openSUSE (claws-mail, ldb, and libraw), Oracle (firefox), Red Hat (bind, grub2, kernel-rt, libvncserver, nss and nspr, and qemu-kvm-rhev), Scientific Linux (firefox), Slackware (thunderbird), and SUSE (firefox, kernel, and targetcli-fb).

The 5.8 kernel is out

([Kernel] Aug 2, 2020 22:10 UTC (Sun) (corbet))

Linus has [1]released the 5.8 kernel. " So I considered making an rc8 all the way to the last minute, but decided it's not just worth waiting another week when there aren't any big looming worries around. " Headline features in this release include: [2]branch target identification and shadow call stacks for the arm64 architecture, the [3]BPF iterator mechanism, [4]inline encryption support in the block layer, the [5]CAP_PERFMON and [6]CAP_BPF capabilities, a [7]generalized kernel event-notification subsystem , the [8]KCSAN data-race detector, and more. As always, see [9]the KernelNewbies 5.8 page for more information.



[1] https://lwn.net/Articles/827819/

[2] https://lwn.net/Articles/804982/

[3] https://lwn.net/Articles/818714/

[4] https://lwn.net/Articles/797309/

[5] https://lwn.net/Articles/812719/

[6] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a17b53c4a4b5

[7] https://lwn.net/Articles/760714/

[8] https://lwn.net/Articles/816850/

[9] https://kernelnewbies.org/Linux_5.8

Some statistics from the 5.8 kernel cycle

([Kernel] Aug 3, 2020 18:34 UTC (Mon) (corbet))

Linus Torvalds [1]released the 5.8 kernel on August 2, concluding another nine-week development cycle. By the time the work was done, 16,306 non-merge changesets had been pulled into the mainline repository for this release. That happens to be a record, beating the previous record holder (4.9, released in December 2016) by 92 changesets. It was, in other words, a busy development cycle. It's time for our traditional look into where that work came from to see what might be learned.



[1] https://lwn.net/ml/linux-kernel/CAHk-=wj+mDPbj8hXspXRAksh+1TmPjubc9RNEbu8EVpYyypX=w@mail.gmail.com/

Stable kernels 5.7.12, 5.4.55, 4.19.136, 4.14.191, 4.9.232, and 4.4.232

([Kernel] Jul 31, 2020 18:21 UTC (Fri) (coogle))

Greg Kroah-Hartman has released the [1]5.7.12 , [2]5.4.55 , [3]4.19.136 , [4]4.14.191 , [5]4.9.232 , and [6]4.4.232 stable kernels. As usual, these contain lots of important fixes throughout the tree; users should upgrade.



[1] https://lwn.net/Articles/827717/

[2] https://lwn.net/Articles/827718

[3] https://lwn.net/Articles/827719

[4] https://lwn.net/Articles/827720

[5] https://lwn.net/Articles/827721

[6] https://lwn.net/Articles/827722

X.org security fixes address potential ASLR bypass, heap corruption

([Security] Jul 31, 2020 17:38 UTC (Fri) (coogle))

The X.Org project has announced two security advisories that impact Xserver and libX11. The [1]first advisory for X server is regarding uninitialized memory in AllocatePixmap() that could lead to [2]address space layout randomization bypass . [3]The second , impacting libX11, is a heap corruption caused by integer overflows and signed/unsigned comparisons.



[1] https://lwn.net/Articles/827704

[2] https://en.wikipedia.org/wiki/Address_space_layout_randomization

[3] https://lwn.net/Articles/827705

Security updates for Friday

([Security] Jul 31, 2020 16:32 UTC (Fri) (coogle))

Security updates have been issued by Debian (grub2 and mercurial), Fedora (chromium, firefox, and freerdp), Oracle (firefox and kernel), Red Hat (firefox), Scientific Linux (firefox, grub2, and kernel), and SUSE (ghostscript and targetcli-fb).

systemd 246 released

([Development] Jul 31, 2020 14:41 UTC (Fri) (corbet))

Systemd 246 has been released. There is an incredibly long list of new features, many of which have to do with support for encrypted and signed disk volumes. " Various command line parameters and configuration file settings that configure key or certificate files now optionally take paths to AF_UNIX sockets in the file system. If configured that way a stream connection is made to the socket and the required data read from it. This is a simple and natural extension to the existing regular file logic, and permits other software to provide keys or certificates via simple IPC services, for example when unencrypted storage on disk is not desired. "

LWN.net Weekly Edition for August 6, 2020


[$] Netgpu and the hazards of proprietary kernel modules

([Kernel] Jul 31, 2020 19:46 UTC (Fri) (corbet))

On its face, the [1]netgpu patch set appears to add a useful feature: the ability to copy network data directly between a network adapter and a GPU without moving it through the host CPU. This patch set has quickly become an example of how not to get work into the kernel, though; it has no chance of being merged in anything like its current form and has created a backlash designed to keep modules like it from ever working in mainline kernels. It all comes down to one fundamental mistake: basing kernel work on a proprietary kernel module.



[1] https://lwn.net/ml/netdev/20200727224444.2987641-1-jonathan.lemon@gmail.com/

Grub2 updates for Red Hat systems are making some unbootable

([Security] Jul 30, 2020 16:44 UTC (Thu) (jake))

As [1]reported in the comments on the [2]Grub2 secure-boot vulnerabilities report , the updates for grub2 for RHEL 8 and CentOS 8 are [3]making some systems unbootable . The boot problems are seemingly unrelated to whether the system has secure boot enabled. It may be worth waiting a bit for that to shake out.



[1] https://lwn.net/Articles/827504/

[2] https://lwn.net/Articles/827403/

[3] https://bugzilla.redhat.com/show_bug.cgi?id=1861977

Security updates for Thursday

([Security] Jul 30, 2020 16:45 UTC (Thu) (jake))

Security updates have been issued by Arch Linux (webkit2gtk), CentOS (GNOME, grub2, and kernel), Debian (firefox-esr, grub2, json-c, kdepim-runtime, libapache2-mod-auth-openidc, net-snmp, and xrdp), Gentoo (chromium and firefox), Mageia (podofo), openSUSE (knot and tomcat), Oracle (grub2, kernel, postgresql-jdbc, and python-pillow), Red Hat (firefox, grub2, kernel, and kernel-rt), SUSE (grub2), and Ubuntu (firefox, grub2, grub2-signed, and librsvg).

A long list of GRUB2 secure-boot holes

([Security] Jul 29, 2020 18:47 UTC (Wed) (corbet))

Several vulnerabilities have been disclosed in the GRUB2 bootloader; they enable the circumvention of the UEFI secure boot mechanism and the persistent installation of hostile software. Fixing the problem is not just a matter of getting a new GRUB2 installation, unfortunately. " It is important to note that updating the exploitable binaries does not in fact mitigate the CVE, since an attacker could bring an old, exploitable, signed copy of a grub binary onto a system with whatever kernel they wished to load. In order to mitigate, the UEFI Revocation List (dbx) must be updated on a system. Once the UEFI Revocation List is updated on a system, it will no longer boot binaries that pre-date these fixes. This includes old install media. "

Four stable kernels

([Kernel] Jul 29, 2020 15:17 UTC (Wed) (ris))

Stable kernels [1]5.7.11 , [2]5.4.54 , [3]4.19.135 , and [4]4.14.190 have been released. They all contain important fixes and users should upgrade.



[1] https://lwn.net/Articles/827379/

[2] https://lwn.net/Articles/827380/

[3] https://lwn.net/Articles/827381/

[4] https://lwn.net/Articles/827382/

Security updates for Wednesday

([Security] Jul 29, 2020 14:58 UTC (Wed) (ris))

Security updates have been issued by Debian (curl, firefox-esr, luajit, and salt), Fedora (clamav, java-1.8.0-openjdk, and java-11-openjdk), Gentoo (claws-mail, dropbear, ffmpeg, libetpan, mujs, mutt, and rsync), openSUSE (qemu), Red Hat (openstack-tripleo-heat-templates), SUSE (freerdp, ldb, rubygem-puma, samba, and webkit2gtk3), and Ubuntu (mysql-5.7, mysql-8.0 and sympa).

GNU nano 5.0 released

([Development] Jul 29, 2020 14:25 UTC (Wed) (corbet))

Version 5.0 of the GNU nano text editor is out; it contains a number of improvements to the editing experience. " With --indicator (or -q or 'set indicator') nano will show a kind of scrollbar on the righthand side of the screen to indicate where in the buffer the viewport is located and how much it covers. "
More

Bringing computers into the home won't change either one, but may
revitalize the corner saloon.