ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Malcolm: Static analysis in GCC 10

([Development] Mar 26, 2020 20:56 UTC (Thu) (corbet))

David Malcolm [1]writes about the static-analysis features that he is working on adding to the GCC compiler. " This issue is, of course, a huge problem to tackle. For this release, I’ve focused on the kinds of problems seen in C code—and, in particular double-free bugs—but with a view toward creating a framework that we can expand on in subsequent releases (when we can add more checks and support languages other than C). "



[1] https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/

[$] Per-system-call kernel-stack offset randomization

([Kernel] Mar 27, 2020 15:33 UTC (Fri) (corbet))

In recent years, the kernel has (finally) upped its game when it comes to hardening. It is rather harder to compromise a running kernel than it used to be. But "rather harder" is relative: attackers still manage to find ways to exploit kernel bugs. One piece of information that can be helpful to attackers is the location of the kernel stack; [1]this patch set from Kees Cook and Elena Reshetova may soon make that information harder to come by and nearly useless in any case.



[1] https://lwn.net/ml/linux-kernel/20200324203231.64324-1-keescook@chromium.org/

LWN.net Weekly Edition for April 2, 2020


Plasma on TV: Presenting Plasma Bigscreen (KDE.News)

([Development] Mar 26, 2020 15:02 UTC (Thu) (corbet))

The KDE.News site is carrying [1]an announcement for the [2]Plasma Bigscreen environment, which is meant for large-screen televisions. " Talking of interacting from the couch, voice control provides users with the ultimate comfort when it comes to TV viewing. But most big brands not only do not safeguard the privacy of their customers, but actively harvest their conversations even when they are not sending instructions to their TV sets. We use Mycroft's Open Source voice assistant to solve this problem. "



[1] https://dot.kde.org/2020/03/26/plasma-tv-presenting-plasma-bigscreen

[2] https://plasma-bigscreen.org/

Security updates for Thursday

([Security] Mar 26, 2020 12:37 UTC (Thu) (jake))

Security updates have been issued by CentOS (firefox, icu, kernel-rt, libvncserver, python-imaging, python-pip, python-virtualenv, thunderbird, tomcat, tomcat6, and zsh), Debian (icu and okular), Fedora (libxslt and php), Gentoo (bluez, chromium, pure-ftpd, samba, tor, weechat, xen, and zsh), Oracle (libvncserver), Red Hat (ipmitool and zsh), and SUSE (python-cffi, python-cryptography and python-cffi, python-cryptography, python-xattr).

O'Reilly shutting down its conference group

([Briefs] Mar 25, 2020 19:27 UTC (Wed) (corbet))

O'Reilly has [1]announced that it is canceling all of its upcoming in-person conferences and shutting down its conference group permanently. " Without understanding when this global health emergency may come to an end, we can’t plan for or execute on a business that will be forever changed as a result of this crisis. With large technology vendors moving their events completely on-line, we believe the stage is set for a new normal moving forward when it comes to in-person events. " There is still no notice to this effect on the [2]OSCON page , but one assumes that is coming.



[1] https://www.oreilly.com/conferences/from-laura-baldwin.html

[2] https://conferences.oreilly.com/oscon/oscon-or

Some stable kernels

([Kernel] Mar 25, 2020 18:14 UTC (Wed) (ris))

Stable kernels [1]5.5.13 , [2]5.5.12 , [3]5.4.28 , and [4]4.19.113 have been released. They all contain important fixes and users should upgrade.



[1] https://lwn.net/Articles/815958/

[2] https://lwn.net/Articles/815957/

[3] https://lwn.net/Articles/815959/

[4] https://lwn.net/Articles/815960/

Security updates for Wednesday

([Security] Mar 25, 2020 14:47 UTC (Wed) (ris))

Security updates have been issued by Debian (e2fsprogs, ruby2.1, and weechat), Fedora (java-1.8.0-openjdk and webkit2gtk3), openSUSE (apache2-mod_auth_openidc, glibc, mcpp, nghttp2, and skopeo), Oracle (libvncserver and thunderbird), and SUSE (keepalived).

Speeding up Linux disk encryption (Cloudflare)

([Kernel] Mar 25, 2020 14:29 UTC (Wed) (corbet))

The Cloudflare blog has [1]an article on the company's work to improve the performance of Linux disk encryption. " As we can see the default Linux disk encryption implementation has a significant impact on our cache latency in worst case scenarios, whereas the patched implementation is indistinguishable from not using encryption at all. In other words the improved encryption implementation does not have any impact at all on our cache response speed, so we basically get it for free! " Patches are available, but they are apparently not in any form to go upstream.



[1] https://blog.cloudflare.com/speeding-up-linux-disk-encryption/

Helping FOSS conferences in the face of a pandemic

([Front] Mar 25, 2020 23:12 UTC (Wed) (jake))

The effects of the [1]Coronavirus disease 2019 (COVID-19) pandemic are horrific and far-reaching; we really do not yet know just how bad it will get. One far less serious area that has been [2]affected is conferences for and about free and open-source software (FOSS). On the grand scale, these problems are pretty low on the priority list. There are a fair number of non-profit organizations behind the gatherings, however, that have spent considerable sums setting up now-canceled events or depend on the conferences for a big chunk of their budget—or both. A new organization, [3]FOSS Responders , has formed to try to help out.



[1] https://en.wikipedia.org/wiki/Coronavirus_disease_2019

[2] https://lwn.net/Articles/814420/

[3] https://fossresponders.com/

LLVM 10.0.0 released

([Development] Mar 24, 2020 20:43 UTC (Tue) (corbet))

Version 10.0.0 of the LLVM compiler suite is out. New features include support for [1]C++ concepts , [2]Windows control flow guard support, and much more; click below for pointers to a set of language-specific release notes.



[1] https://en.wikipedia.org/wiki/Concepts_(C%2B%2B)

[2] https://www.thewindowsclub.com/control-flow-guard-windows

[$] Avoiding retpolines with static calls

([Kernel] Mar 26, 2020 18:28 UTC (Thu) (corbet))

January 2018 was a sad time in the kernel community. The Meltdown and Spectre vulnerabilities had finally been disclosed, and the required workarounds hurt kernel performance in a number of ways. One of those workarounds — [1]retpolines — continues to cause pain, with developers going out of their way to avoid indirect calls, since they must now be implemented with retpolines. In some cases, though, there may be a way to avoid retpolines and regain much of the lost performance; after a long gestation period, the "static calls" mechanism may finally be nearing the point where it can be merged upstream.



[1] https://support.google.com/faqs/answer/7625886

PSF: New pip resolver to roll out this year

([Development] Mar 24, 2020 17:23 UTC (Tue) (ris))

The Python Software Foundation blog [1]looks at some changes to pip, the Python Package installer, in the process of developing a new resolver. The new resolver will reduce inconsistency and be stricter, refusing to install two packages with incompatible requirements.



[1] https://pyfound.blogspot.com/2020/03/new-pip-resolver-to-roll-out-this-year.html Also, this is a major change to a key part of pip - it's quite possible there will initially be bugs. We would like to make sure that those get caught before people start using the new version in production. [...]

We recognize that everyone's work is being disrupted by the COVID-19 pandemic, and that many data scientists and medical researchers use Python and pip in their work. We want to make the upgrade process as smooth and bug-free as possible for our users; if you can help us, you'll be helping each other.

Security updates for Tuesday

([Security] Mar 24, 2020 14:51 UTC (Tue) (ris))

Security updates have been issued by Debian (tomcat8), Fedora (chromium and okular), openSUSE (texlive-filesystem), Oracle (tomcat6), Scientific Linux (libvncserver, thunderbird, and tomcat6), Slackware (gd), SUSE (cloud-init, postgresql10, python36, and strongswan), and Ubuntu (ibus and vim).

Django changes its governance

([Development] Mar 25, 2020 15:10 UTC (Wed) (jake))

The [1]Django web framework has come a long way since it was first released as open source in 2005. It started with a benevolent dictator for life (BDFL) governance model, like the language it is implemented in, Python, but switched to a [2]different model in 2014. When Python [3]switched away from the BDFL model in 2018, it followed Django's lead to some extent. But now Django is changing yet again, moving from governance based around a "core team" to one that is more inclusive and better reflects the way the project is operating now.



[1] https://www.djangoproject.com/

[2] https://docs.djangoproject.com/en/dev/internals/organization/

[3] https://lwn.net/Articles/775105/

Announcing Season of Docs 2020

([Development] Mar 23, 2020 19:20 UTC (Mon) (ris))

Google Open Source has [1]announced the 2020 edition of [2]Season of Docs , a program to connect open source projects with technical writers to improve documentation. Open source organizations may apply from April 14-May 4. Once mentoring organizations and technical writers are connected, there will be a month long community bonding period, beginning August 11. Writers will then work with mentors to complete documentation projects by the December 6 deadline.



[1] https://opensource.googleblog.com/2020/03/announcing-season-of-docs-2020.html

[2] https://developers.google.com/season-of-docs

MythTV 31

([Development] Mar 23, 2020 18:46 UTC (Mon) (ris))

For those stuck at home looking for something to do, version 31 of the [1]MythTV DVR and home media center hub, has been released. Features include, significant changes to video decoding and playback, improved channel scanning, and Python 3 support. See the [2]release notes for more information.



[1] https://www.mythtv.org/detail/mythtv

[2] https://www.mythtv.org/wiki/Release_Notes_-_31

Parrot OS 4.8 released

([Distributions] Mar 23, 2020 15:38 UTC (Mon) (ris))

[1]Parrot OS is a security and privacy focused distribution, with tools for cyber security operations. [2]Parrot 4.8 follows Debian testing and has many updates from the Debian repositories. Parrot Docker containers allow you to use Parrot tools on docker-supported operating systems. Since the previous release last September the Parrot team has put some effort into reorganizing its internal structure, from the operations and workflow of developers, up to the infrastructure. " After such a huge work, we have finally moved to the new workflow, and Parrot 4.8 is the proof of how hard we wanted such changes to take place in the project and how smooth development and cooperation became after achieving this goal. "



[1] https://www.parrotsec.org/

[2] https://parrotsec.org/blog/parrot-4.8-release-notes/

Security updates for Monday

([Security] Mar 23, 2020 14:43 UTC (Mon) (ris))

Security updates have been issued by Debian (amd64-microcode, chromium, graphicsmagick, jackson-databind, phpmyadmin, python-bleach, and tor), Gentoo (exim and nodejs), openSUSE (chromium and thunderbird), Oracle (tomcat), Red Hat (devtoolset-8-gcc, libvncserver, runc, samba, thunderbird, and tomcat6), and SUSE (ruby2.5).

Git v2.26.0 released

([Development] Mar 23, 2020 13:04 UTC (Mon) (corbet))

Version 2.26.0 of the Git source-code management system is out. Significant changes include a reimplementation of the "rebase" mechanism, improvements to sparse checkouts, performance improvements, and more. See [1]this GitHub blog entry for more information.



[1] https://github.blog/2020-03-22-highlights-from-git-2-26/
More

You can't hug a child with nuclear arms.