ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Six stable kernels

([Kernel] Jul 22, 2020 15:49 UTC (Wed) (ris))

Stable kernels [1]5.7.10 , [2]5.4.53 , [3]4.19.134 , [4]4.14.189 , [5]4.9.231 , and [6]4.4.231 have been released. They all contain important fixes and users should upgrade.



[1] https://lwn.net/Articles/826715/

[2] https://lwn.net/Articles/826716/

[3] https://lwn.net/Articles/826717/

[4] https://lwn.net/Articles/826718/

[5] https://lwn.net/Articles/826719/

[6] https://lwn.net/Articles/826720/

Security updates for Wednesday

([Security] Jul 22, 2020 15:40 UTC (Wed) (ris))

Security updates have been issued by Debian (librsvg and squid), Fedora (mailman, mingw-LibRaw, php-horde-kronolith, and targetcli), openSUSE (openconnect), Red Hat (cloud-init, container-tools:rhel8, dbus, java-1.8.0-openjdk, java-11-openjdk, jbig2dec, kernel, kpatch-patch, mod_auth_openidc:2.3, nodejs:10, openstack-keystone, rh-nodejs10-nodejs, sane-backends, thunderbird, and virt:rhel), SUSE (webkit2gtk3 and xrdp), and Ubuntu (evolution-data-server, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux, linux-aws, linux-gcp, linux-hwe-5.4, linux-kvm, linux-oracle, linux-raspi-5.4, linux-riscv, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, pillow, and python2.7, python3.4, python3.5, python3.6, python3.8).

Linux Foundation announces COVID-19 exposure notification application initiative (TechRepublic)

([Briefs] Jul 21, 2020 21:51 UTC (Tue) (coogle))

TechRepublic [1]reports that the Linux Foundation has [2]announced the [3]Linux Foundation Public Health initiative (LFPH). Using projects based on the [4]Google Apple Exposure Notification system , the initiative's goal according to LFPH general manager Dan Kohn is " building a global community of leading technology and consulting companies, public health authorities, epidemiologists, and other public health specialists, privacy and security experts, and individual developers. " With this announcement is the launch of two open-source projects: [5]COVID Shield and [6]COVID Green .



[1] https://www.techrepublic.com/article/linux-foundation-announces-open-source-exposure-notification-apps-initiative-to-combat-covid-19/#ftag=RSS56d97e7

[2] https://www.prnewswire.com/news-releases/tech-leaders-and-health-authorities-from-around-the-globe-collaborate-to-combat-covid-19-301096039.html

[3] https://www.lfph.io/

[4] https://www.google.com/covid19/exposurenotifications/

[5] https://www.covidshield.app/

[6] https://github.com/covidgreen/covid-green-app

[$] Mycroft: an open-source voice assistant

([Development] Jul 24, 2020 21:40 UTC (Fri) (coogle))

[1]Mycroft is a free and open-source software project aimed at providing voice-assistant technology, licensed under the [2]Apache 2.0 license . It is an interesting alternative to closed-source commercial offerings such as [3]Amazon Alexa , [4]Google Home , or [5]Apple Siri . Use of voice assistants has become common among consumers, but the privacy concerns surrounding them are far-reaching. There have been [6]multiple instances of law enforcement's interest in the data these devices produce for use against their owners. Mycroft claims to offer a privacy-respecting, open-source alternative, giving users a choice on how much of their personal data is shared and with whom.



[1] http://mycroft.ai

[2] https://github.com/MycroftAI/mycroft-core/blob/dev/LICENSE.md

[3] https://smile.amazon.com/smart-home-devices/b?ie=UTF8&node=9818047011&sa-no-redirect=1

[4] https://store.google.com/us/magazine/compare_nest_speakers_displays

[5] https://www.apple.com/siri/

[6] https://www.washingtonpost.com/technology/2019/11/02/police-think-amazons-alexa-may-have-information-fatal-stabbing-case/

Safely reviving shared memory (Mozilla Hacks)

([Development] Jul 21, 2020 17:03 UTC (Tue) (corbet))

The Mozilla Hacks blog [1]covers some recent Firefox changes that will allow code from web sites to use shared memory and high-resolution timers in a (hopefully) safe manner. " Together with others in the WHATWG community, we designed a set of headers that meet these requirements. The Cross-Origin-Opener-Policy header allows you to process-isolate yourself from attackers. It also has the desirable effect that attackers cannot have access to your global object if they were to open you in a popup. This prevents XS-Leaks and various navigation attacks. Adopt this header even if you have no intention of using shared memory! "



[1] https://hacks.mozilla.org/2020/07/safely-reviving-shared-memory/

Security updates for Tuesday

([Security] Jul 21, 2020 14:40 UTC (Tue) (ris))

Security updates have been issued by Debian (ksh), openSUSE (ant, chromium, ldb, samba, and LibVNCServer), Red Hat (dbus, kernel, kernel-rt, and NetworkManager), and SUSE (cni-plugins, firefox, openexr, Salt, salt, SUSE Manager Client Tools, and tomcat).

[$] The sad, slow-motion death of Do Not Track

([Security] Jul 22, 2020 16:01 UTC (Wed) (benhoyt))

"Do Not Track" (DNT) is a simple HTTP header that a browser can send to signal to a web site that the user does not want to be tracked. The DNT header had a [1]promising start and the [2]support of major browsers almost a decade ago. Most web browsers still support sending it, but in 2020 it is almost useless because the vast majority of web sites ignore it. Advertising companies, in particular, argued that its legal status was unclear, and that it was difficult to determine how to interpret the header. There have been some relatively recent attempts at legislation to enforce honoring the DNT header, but those efforts do not appear to be going anywhere. In comparison, the European Union's [3]General Data Protection Regulation (GDPR) and the [4]California Consumer Privacy Act (CCPA) attempt to solve some of the same problems as DNT but are legally enforceable.



[1] https://lwn.net/Articles/424861/

[2] https://lwn.net/Articles/439460/

[3] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

[4] https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act

[$] Memory protection keys for the kernel

([Kernel] Jul 21, 2020 22:33 UTC (Tue) (corbet))

The [1]memory protection keys feature was added to the 4.6 kernel in 2016; it allows user space to group pages into "protection domains" that can have their access restricted independently of the normal page protections. There is no equivalent feature for kernel space; access to memory in the kernel's portion of the address space is controlled exclusively by the page protections. That situation may be about to change, though, as a result of the [2]protection keys supervisor (PKS) patch set posted by Ira Weiny (with many patches written by Fenghua Yu).



[1] https://lwn.net/Articles/695355/

[2] https://lwn.net/ml/linux-kernel/20200717072056.73134-1-ira.weiny@intel.com/

Security updates for Monday

([Security] Jul 20, 2020 14:34 UTC (Mon) (ris))

Security updates have been issued by Debian (libopenmpt, nginx, nss, qemu, rails, redis, ruby-sanitize, and tomcat9), Fedora (glibc, libldb, nspr, nss, samba, and webkit2gtk3), openSUSE (cairo, firefox, google-compute-engine, LibVNCServer, mumble, ntp, openconnect, openexr, openldap2, pdns-recursor, python-ipaddress, rubygem-puma, samba, singularity, slirp4netns, thunderbird, xen, and xrdp), and Oracle (.NET Core, .NET Core 3.1, java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird).

Kernel prepatch 5.8-rc6

([Kernel] Jul 20, 2020 2:33 UTC (Mon) (corbet))

The [1]5.8-rc6 kernel prepatch is out for testing. " Things continue to look very normal, even if this is a big release. rc6 is pretty much par for the course, and nothing in here stands out size-wise or otherwise. "



[1] https://lwn.net/Articles/826463/

New features in gnuplot 5.4

([Development] Jul 22, 2020 21:15 UTC (Wed) (leephillips))

[1]Gnuplot 5.4 has been released, three years after the last major release of the free-software graphing program. In this article we will take a look at five major new capabilities in gnuplot. First, we briefly visit voxel plotting, for visualizing 3D data. Since this is a big subject and the most significant addition to the program, we'll save the details for a subsequent article. Next, we learn about plotting polygons in 3D, another completely new gnuplot feature. After that, we'll get caught up briefly in spider plots, using them to display some recent COVID-19 infection data. Then we'll see an example of how to use pixmaps, a new feature allowing for the embedding of pictures alongside curves or surfaces. Finally, we'll look at some more COVID-19 data using the new 3D bar chart.



[1] http://gnuplot.info/

Security updates for Friday

([Security] Jul 17, 2020 13:59 UTC (Fri) (jake))

Security updates have been issued by Fedora (bashtop and python39), openSUSE (openexr), Red Hat (java-1.8.0-openjdk), and Scientific Linux (thunderbird).

A look at Dart

([Development] Jul 29, 2020 15:14 UTC (Wed) (coogle))

[1]Dart is a BSD-licensed programming language from Google with a mature open-source community supporting the project. It works with [2]multiple architectures , is capable of producing native machine-code binaries, and can also produce JavaScript versions of its applications. Dart version 1.0 was [3]released in 2013 , with the most recent version, 2.8, [4]released on June 3 (2.9 is currently in public beta). Among the open-source projects using Dart is the cross-device user-interface (UI) toolkit [5]Flutter . We recently covered the [6]Canonical investment in Flutter to help drive more applications to the Linux desktop, and Dart is central to that story.



[1] http://dart.dev

[2] https://dart.dev/platforms

[3] https://news.dartlang.org/2013/11/dart-10-stable-sdk-for-structured-web.html

[4] https://medium.com/dartlang/announcing-dart-2-8-7750918db0a

[5] http://flutter.dev/

[6] https://lwn.net/Articles/826124/

[$] Emulating Windows system calls, take 2

([Kernel] Jul 17, 2020 14:10 UTC (Fri) (corbet))

Back in June, LWN [1]covered a patch set adding a mechanism intended to help systems like [2]Wine emulate Windows system calls on a Linux system. That patch set got a lot of attention and comments, with the result that its form has changed considerably. Gabriel Krisman Bertazi has now posted [3]a new patch set that takes a different approach to solving the same problem.



[1] https://lwn.net/Articles/824380/

[2] https://winehq.org/

[3] https://lwn.net/ml/linux-kernel/20200712044516.2347844-1-krisman@collabora.com/

LWN.net Weekly Edition for July 23, 2020


Stable kernels 5.7.9, 5.4.52, and 4.19.133

([Kernel] Jul 16, 2020 15:16 UTC (Thu) (jake))

Greg Kroah-Hartman has released the [1]5.7.9 , [2]5.4.52 , and [3]4.19.133 stable kernels. As usual, these contain lots of important fixes throughout the tree; users should upgrade.



[1] https://lwn.net/Articles/826290/

[2] https://lwn.net/Articles/826291/

[3] https://lwn.net/Articles/826292/

Security updates for Thursday

([Security] Jul 16, 2020 14:10 UTC (Thu) (jake))

Security updates have been issued by Debian (evolution-data-server and webkit2gtk), Fedora (kernel, snapd, and xen), openSUSE (thunderbird and xen), Oracle (dbus and thunderbird), Red Hat (java-1.8.0-openjdk, java-11-openjdk, jbig2dec, sane-backends, and thunderbird), Scientific Linux (kernel), SUSE (cairo, containerd, docker, docker-runc, golang-github-docker-libnetwork, google-compute-engine, mailman, mercurial, openconnect, openexr, and xrdp), and Ubuntu (libvpx and snapd).

A new LibreOffice strategic marketing plan

([Development] Jul 15, 2020 22:09 UTC (Wed) (corbet))

LWN recently [1]covered the effort within the LibreOffice project to find ways to support the companies doing the bulk of the development work. The project has now posted [2]a revised marketing plan [PDF] with a number of changes, including the removal of the "personal edition" name. Regarding LibreOffice Online: " Following our normal development process, the Ecosystem will release their own versions in their own timing, allowing some features to reach their Enterprise versions before they are subsequently shipped in TDF builds (this allows the Ecosystem to positively differentiate by contributing new features & functionality) ".



[1] https://lwn.net/Articles/825598/

[2] https://nextcloud.documentfoundation.org/s/4pLtn9xn76BkxFK#pdfviewer

Ubuntu Will No Longer Track Which Packages Users Install (OMG! Ubuntu!)

([Distributions] Jul 15, 2020 21:57 UTC (Wed) (corbet))

The OMG! Ubuntu! site [1]reports that the Debian "popularity contest" application is being removed from Ubuntu. " But with Snaps, Flatpaks, PPAs and other avenues giving developers more direct ways to market to users (not to mention more accurate numbers on how many people use their software) the relative merits of 'what's popular in the repos' is …Well, a touch moot. "



[1] https://www.omgubuntu.co.uk/2020/07/ubuntu-popularity-contest-removed

OpenSUSE board non-confidence effort fails

([Distributions] Jul 15, 2020 15:43 UTC (Wed) (corbet))

The openSUSE board troubles that LWN [1]reported on in March have continued to simmer, and the promised election for an empty seat has not yet been held. During this time, instead, the project has voted on a petition to declare a lack of confidence in the board as a whole, a result that would have forced the election of an entirely new board. In the end, the number of votes fell far short of the number required, and the existing board will move forward with the election plan.



[1] https://lwn.net/Articles/813800/
More

There is nothing wrong with writing ... as long as it is done in private
and you wash your hands afterward.