Hugo: a static-site generator
([Development] Jul 7, 2020 23:28 UTC (Tue) (benhoyt))
Static web-site generators take page content written in a markup language and render it into fully baked HTML, making it easy for developers to upload the result and serve a web site simply and securely. This article looks at [1]Hugo , a static-site generator written in Go and optimized for speed. It is a flexible tool that can be configured for a variety of use cases: simple blogs, project documentation, larger news sites, and even government services.
[1] https://gohugo.io/
[1] https://gohugo.io/
Security updates for Tuesday
([Security] Jul 7, 2020 14:46 UTC (Tue) (ris))
Security updates have been issued by Debian (php7.3), Fedora (gst), Mageia (libvirt, mariadb, pdns-recursor, and ruby), openSUSE (chocolate-doom, coturn, kernel, live555, ntp, python3, and rust, rust-cbindgen), Oracle (virt:ol), Red Hat (file, firefox, gettext, kdelibs, kernel, kernel-alt, microcode_ctl, nghttp2, nodejs:10, nodejs:12, php, qemu-kvm, ruby, and tomcat), SUSE (libjpeg-turbo, mozilla-nspr, mozilla-nss, mozilla-nss, nasm, openldap2, and permissions), and Ubuntu (coturn, glibc, nss, and openexr).
[$] Sleepable BPF programs
([Kernel] Jul 7, 2020 17:20 UTC (Tue) (corbet))
When support for classic BPF was added to the kernel many years ago, there was no question of whether BPF programs could block in their execution. Their functionality was limited to examining a packet's contents and deciding whether the packet should be forwarded or not; there was nothing such a program could do to block. Since then, BPF has changed a lot, but the assumption that BPF programs cannot sleep has been built deeply into the BPF machinery. More recently, classic BPF has been pushed aside by the [1]extended BPF dialect; the wider applicability of extended BPF is now forcing a rethink of some basic assumptions.
[1] https://lwn.net/Articles/740157/
[1] https://lwn.net/Articles/740157/
Security updates for Monday
([Security] Jul 6, 2020 14:37 UTC (Mon) (ris))
Security updates have been issued by Debian (chromium, php7.0, and thunderbird), Fedora (ceph, gssdp, gupnp, libfilezilla, libldb, mediawiki, python-pillow, python36, samba, and xpdf), Mageia (curl, docker, firefox, libexif, libupnp, libvncserver, libxml2, mailman, ntp, perl-YAML, python-httplib2, tcpreplay, tomcat, and vlc), openSUSE (chocolate-doom, python3, and Virtualbox), Slackware (libvorbis), and SUSE (mozilla-nspr, mozilla-nss, systemd, tomcat, and zstd).
Kernel prepatch 5.8-rc4
([Kernel] Jul 6, 2020 3:54 UTC (Mon) (corbet))
The [1]5.8-rc4 kernel prepatch is out for testing. " The end result is that it's been fairly calm, and there's certainly been discussion of upcoming fixes, but I still have the feeling that 5.8 is looking fairly normal and things are developing smoothly despite the size of this release. "
[1] https://lwn.net/Articles/825348/
[1] https://lwn.net/Articles/825348/
Book: Perl 7: A Risk-Benefit Analysis
([Development] Jul 3, 2020 18:32 UTC (Fri) (corbet))
Dan Book has done [1]a detailed analysis of the [2]Perl 7 transition . " Large amount of CPAN modules will not work in Perl 7; plans for working around this would either involve every affected CPAN author, which is a virtual impossibility for the stated 1 year time frame; or the toolchain group, a loose group of people who each maintain various modules and systems that are necessary for CPAN to function, who either have not been consulted as of yet or have not revealed their plans related to the tools they maintain. Going into this potential problem sufficiently would be longer than this blog post, but suffice to say that a Perl where highly used CPAN modules don't seamlessly work is not Perl. "
[1] http://blogs.perl.org/users/grinnz/2020/07/perl-7-a-risk-benefit-analysis.html
[2] https://www.perl.com/article/announcing-perl-7/
[1] http://blogs.perl.org/users/grinnz/2020/07/perl-7-a-risk-benefit-analysis.html
[2] https://www.perl.com/article/announcing-perl-7/
Security updates for Friday
([Security] Jul 3, 2020 15:15 UTC (Fri) (jake))
Security updates have been issued by Debian (docker.io and imagemagick), Fedora (alpine, firefox, hostapd, and mutt), openSUSE (opera), Red Hat (rh-nginx116-nginx), SUSE (ntp, python3, and systemd), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv, linux, linux-azure, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-gke-5.0, linux-oem-osp1, net-snmp, and samba).
LPC town hall #2: the kernel report
([Briefs] Jul 2, 2020 19:43 UTC (Thu) (corbet))
The Linux Plumbers Conference has [1]announced the second in a brief series of "town hall" events leading up to the full (virtual) conference starting August 24. This one features LWN editor Jonathan Corbet presenting a version of his "Kernel Report" talk covering the current and future state of the kernel-development community. This talk is scheduled for July 16 at 9:00AM US/Mountain time (8:00AM US/Pacific, 3:00PM UTC). Mark your calendars.
[1] https://www.linuxplumbersconf.org/blog/2020/announcing-town-hall-2-the-kernel-weather-report/
[1] https://www.linuxplumbersconf.org/blog/2020/announcing-town-hall-2-the-kernel-weather-report/
OpenSUSE Leap 15.2 released
([Distributions] Jul 2, 2020 13:43 UTC (Thu) (corbet))
The [1]openSUSE Leap 15.2 release is now available; see the announcement for a long list of new features. " In general, software packages in the distribution grew by the hundreds. Data fusion, Machine Learning and AI aren't all that is new in openSUSE Leap 15.2; a Real-Time Kernel for managing the timing of microprocessors to ensure time-critical events are processed as efficiently as possible is available in this release. "
[1] https://news.opensuse.org/2020/07/02/opensuse-leap-15-2-release-brings-exciting-new-packages/
[1] https://news.opensuse.org/2020/07/02/opensuse-leap-15-2-release-brings-exciting-new-packages/
Security updates for Thursday
([Security] Jul 2, 2020 13:17 UTC (Thu) (jake))
Security updates have been issued by Debian (chromium and firefox-esr), Fedora (chromium and ntp), SUSE (ntp and unbound), and Ubuntu (libvncserver).
LWN.net Weekly Edition for July 9, 2020
Linux Mint drops Ubuntu Snap packages
([Development] Jul 8, 2020 16:46 UTC (Wed) (coogle))
The [1]Linux Mint project has [2]made good on [3]previous threats to actively prevent Ubuntu Snap packages from being installed through the APT package-management system without the user's consent. This move is the result of " major worries " from Linux Mint on Snap's impact with regard to user choice and software freedom. Ubuntu's parent company, Canonical, seems open to finding a solution to satisfy the popular distribution's concerns — but it too has interests to consider.
[1] https://linuxmint.com/
[2] https://blog.linuxmint.com/?p=3906
[3] https://blog.linuxmint.com/?p=3766
[1] https://linuxmint.com/
[2] https://blog.linuxmint.com/?p=3906
[3] https://blog.linuxmint.com/?p=3766
[$] Home Assistant improves performance in 0.112 release
([Development] Jul 6, 2020 17:23 UTC (Mon) (coogle))
The [1]Home Assistant project has [2]released version 0.112 of the open-source home automation hub we have [3]previously covered , which is the eighth release of the project this year. While previous releases have largely focused on new integrations and enhancements to the front-end interface, in this release the focus has shifted more toward improving the performance of the database. It is important to be aware that there are significant database changes and multiple potential backward compatibility breaks to understand before attempting an upgrade to take advantage of the improvements.
[1] https://www.home-assistant.io/
[2] https://www.home-assistant.io/blog/2020/07/01/release-112/
[3] https://lwn.net/Articles/822350/
[1] https://www.home-assistant.io/
[2] https://www.home-assistant.io/blog/2020/07/01/release-112/
[3] https://lwn.net/Articles/822350/
A set of stable kernels
([Kernel] Jul 1, 2020 15:51 UTC (Wed) (ris))
Stable kernels [1]5.7.7 , [2]5.4.50 , [3]4.19.131 , [4]4.14.187 , [5]4.9.229 , and [6]4.4.229 have been released. They all contain important fixes and users should upgrade.
[1] https://lwn.net/Articles/824960/
[2] https://lwn.net/Articles/824961/
[3] https://lwn.net/Articles/824962/
[4] https://lwn.net/Articles/824963/
[5] https://lwn.net/Articles/824964/
[6] https://lwn.net/Articles/824965/
[1] https://lwn.net/Articles/824960/
[2] https://lwn.net/Articles/824961/
[3] https://lwn.net/Articles/824962/
[4] https://lwn.net/Articles/824963/
[5] https://lwn.net/Articles/824964/
[6] https://lwn.net/Articles/824965/
Security updates for Wednesday
([Security] Jul 1, 2020 14:59 UTC (Wed) (ris))
Security updates have been issued by Arch Linux (bind, chromium, freerdp, imagemagick, sqlite, and tomcat8), Debian (coturn, imagemagick, jackson-databind, libmatio, mutt, nss, and wordpress), Fedora (libEMF, lynis, and php-PHPMailer), Red Hat (httpd24-nghttp2), and SUSE (ntp, openconnect, squid, and transfig).
Firefox 78
([Development] Jun 30, 2020 19:46 UTC (Tue) (ris))
Firefox 78.0 has been released. This is an Extended Support Release (ESR). The [1]Protections Dashboard has new features to track the number of breaches that were resolved from the dashboard and to see if any of your saved passwords may have been exposed in a breach. More details about this and other new features can be found in the [2]release notes .
[1] https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_protections-dashboard
[2] https://www.mozilla.org/en-US/firefox/78.0/releasenotes/
[1] https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_protections-dashboard
[2] https://www.mozilla.org/en-US/firefox/78.0/releasenotes/
[$] Btrfs at Facebook
([Kernel] Jul 2, 2020 15:18 UTC (Thu) (corbet))
The Btrfs filesystem has had a long and sometimes turbulent history; LWN first [1]wrote about it in 2007. It offers features not found in any other mainline Linux filesystem, but reliability and performance problems have prevented its widespread adoption. There is at least one company that is using Btrfs on a massive scale, though: Facebook. At the [2]2020 Open Source Summit North America virtual event, Btrfs developer Josef Bacik described why and how Facebook has invested deeply in Btrfs and where the remaining challenges are.
[1] https://lwn.net/Articles/238923/
[2] https://events.linuxfoundation.org/open-source-summit-north-america/
[1] https://lwn.net/Articles/238923/
[2] https://events.linuxfoundation.org/open-source-summit-north-america/
Security updates for Tuesday
([Security] Jun 30, 2020 14:27 UTC (Tue) (ris))
Security updates have been issued by Debian (coturn, drupal7, libvncserver, mailman, php5, and qemu), openSUSE (curl, graphviz, mutt, squid, tomcat, and unbound), Red Hat (chromium-browser, file, kernel, microcode_ctl, ruby, and virt:rhel), Slackware (firefox), and SUSE (mariadb-100, mutt, unzip, and xmlgraphics-batik).
[$] Netflix releases open-source crisis-management tool
([Development] Jul 3, 2020 15:01 UTC (Fri) (coogle))
Earlier this year, Netflix developed and released a new Apache-licensed project named [1]Dispatch . It is designed to coordinate the response to and the resolution of security-related incidents, but the project aims for more than just that. Rather, it hopes to be valuable for any type of one-off incident that needs coordination across an organization, such as a service outage.
[1] https://netflixtechblog.com/introducing-dispatch-da4b8a2a8072
[1] https://netflixtechblog.com/introducing-dispatch-da4b8a2a8072
[$] First PHP 8 alpha released
([Development] Jun 30, 2020 16:33 UTC (Tue) (coogle))
The PHP project has [1]released the first alpha of PHP 8, which is slated for general availability in November 2020. This initial test release includes many new features such as just-in-time (JIT) compilation, new constructs like Attributes, and more. One of [2]twelve planned releases before the general availability release, it represents a feature set that is still subject to change.
[1] https://www.php.net/archive/2020.php#2020-06-25-1
[2] https://wiki.php.net/todo/php80
[1] https://www.php.net/archive/2020.php#2020-06-25-1
[2] https://wiki.php.net/todo/php80
There has also been some work to allow the interesting use of macro names.
For example, if you wanted all of your "creat()" calls to include read
permissions for everyone, you could say
#define creat(file, mode) creat(file, mode | 0444)
I would recommend against this kind of thing in general, since it
hides the changed semantics of "creat()" in a macro, potentially far away
from its uses.
To allow this use of macros, the preprocessor uses a process that
is worth describing, if for no other reason than that we get to use one of
the more amusing terms introduced into the C lexicon. While a macro is
being expanded, it is temporarily undefined, and any recurrence of the macro
name is "painted blue" -- I kid you not, this is the official terminology
-- so that in future scans of the text the macro will not be expanded
recursively. (I do not know why the color blue was chosen; I'm sure it
was the result of a long debate, spread over several meetings.)
-- From Ken Arnold's "C Advisor" column in Unix Review