ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

LWN.net Weekly Edition for October 15, 2020


Security updates for Thursday

([Security] Oct 8, 2020 13:12 UTC (Thu) (jake))

Security updates have been issued by Debian (activemq, golang-go.crypto, packagekit, and sympa), Fedora (php and xen), Red Hat (bind, kernel, and qemu-kvm), SUSE (qemu), and Ubuntu (golang-github-seccomp-libseccomp-golang and spice).

A PHP syntax for discardable assignments

([Development] Oct 14, 2020 19:05 UTC (Wed) (coogle))

Recently, John Bafford [1] revived a years-long conversation on expanding the syntax of the PHP foreach statement to include iterating solely over keys. Bafford, who wrote a [2] patch and [3]request for comments (RFC) on the matter back in 2016, hopes to update his work and convince the community to adopt the abbreviated syntax in PHP 8.1. The community took Bafford's general idea and expanded it into other areas of the language.



[1] https://lwn.net/ml/php-internals/34212284-827A-41E1-B86B-F8B28214219C%40zort.net/

[2] https://github.com/jbafford/php-src/commit/e8fcc5b16784c2527a4b4de636fb30f26811df66

[3] https://wiki.php.net/rfc/foreach_void

[$] The ABI status of filesystem formats

([Kernel] Oct 8, 2020 16:55 UTC (Thu) (corbet))

One of the key rules of Linux kernel development is that the ABI between the kernel and user space cannot be broken; any change that breaks previously working programs will, outside of exceptional circumstances, be reverted. The rule seems clear, but there are ambiguities when it comes to determining just what constitutes the kernel ABI; tracepoints are [1]a perennial example of this. A recent discussion has brought another one of those ambiguities to light: the on-disk format of Linux filesystems.



[1] https://lwn.net/Articles/799262/#tp

Three stable kernels

([Kernel] Oct 7, 2020 14:59 UTC (Wed) (ris))

Stable kernels [1]5.8.14 , [2]5.4.70 , and [3]4.19.150 have been released with some important fixes. Users should upgrade.



[1] https://lwn.net/Articles/833689/

[2] https://lwn.net/Articles/833690/

[3] https://lwn.net/Articles/833691/

Security updates for Wednesday

([Security] Oct 7, 2020 14:53 UTC (Wed) (ris))

Security updates have been issued by Arch Linux (brotli, lib32-brotli, lib32-zeromq, samba, yaws, and zeromq), Debian (php7.0, puma, sane-backends, thunderbird, and tigervnc), Fedora (ghc-cmark-gfm, ghc-hakyll, gitit, pandoc, pandoc-citeproc, and patat), openSUSE (kdeconnect-kde and perl-DBI), Oracle (kernel), Red Hat (chromium-browser and spice and spice-gtk), SUSE (hexchat and nodejs8), and Ubuntu (vino).

Fixing our broken internet

([Front] Oct 7, 2020 22:30 UTC (Wed) (jake))

In unusually stark terms, [1]Mozilla is trying to rally the troops to take back the internet from the forces of evil—or at least " misinformation, corruption and greed "—that have overtaken it. In a September 30 [2]blog post , the organization behind the [3]Firefox web browser warned that " the internet needs our love ". While there is lots to celebrate about the internet, it is increasingly under threat from various types of bad actors, so Mozilla is starting a campaign to try to push back against those threats.



[1] https://www.mozilla.org/en-US/

[2] https://blog.mozilla.org/blog/2020/09/30/the-internet-needs-our-love/

[3] https://www.mozilla.org/en-US/firefox/

[$] Python and the infinite

([Development] Oct 13, 2020 17:49 UTC (Tue) (coogle))

A recent proposal on the python-ideas mailing list would add a new way to represent floating-point infinity in the language. Cade Brown [1] suggested the change; he cited a few different reasons for it, including fixing an inconsistency in the way the string representation of infinity is handled in the language. The discussion that followed branched in a few directions, including adding a constant for [2]"not a number" (NaN) and a more general discussion of the inconsistent way that Python handles expressions that evaluate to infinity.



[1] https://lwn.net/ml/python-ideas/CACfVAhGjVkPvTV3PThb2AqteRhrokBYeKTvBxAB8N_crQKDeOA@mail.gmail.com/

[2] https://en.wikipedia.org/wiki/NaN

Security updates for Tuesday

([Security] Oct 6, 2020 15:05 UTC (Tue) (ris))

Security updates have been issued by Fedora (chromium, libproxy, mumble, and thunderbird), openSUSE (perl-DBI), Red Hat (qemu-kvm-rhev, rh-mariadb102-mariadb and rh-mariadb102-galera, rh-maven35-jackson-databind, spice and spice-gtk, and unbound), SUSE (gnutls, java-1_7_0-openjdk, openssl1, and perl-DBI), and Ubuntu (brotli, cyrus-imapd, openconnect, opendmarc, python-urllib3, ruby-rack-cors, spice, tika, and yaws).

Ruby 3.0 brings new type checking and concurrency features

([Development] Oct 7, 2020 16:34 UTC (Wed) (coogle))

The first preview of [1]Ruby version 3.0 was [2]released on September 25. It includes better support for type checking, additional language features, and two new experimental features: a parallel execution mechanism called [3]Ractor , and [4]Scheduler , which provides concurrency improvements.



[1] https://www.ruby-lang.org/en/

[2] https://www.ruby-lang.org/en/news/2020/09/25/ruby-3-0-0-preview1-released/

[3] https://github.com/ruby/ruby/blob/master/doc/ractor.md

[4] https://github.com/ruby/ruby/blob/master/doc/scheduler.md

Python 3.9 released

([Development] Oct 5, 2020 20:48 UTC (Mon) (jake))

Version 3.9 of the Python programming language has been [1]released . The [2]changelog , " [3]What's New in Python 3.9 " document, and our [4]recent article have lots more information on the release. " Maintenance releases for the 3.9 series will follow at regular bi-monthly intervals starting in late November of 2020. OK, boring! Where is Python 4? Not so fast! The next release after 3.9 will be 3.10. It will be an incremental improvement over 3.9, just as 3.9 was over 3.8, and so on. "



[1] https://lwn.net/ml/python-dev/F90C58C0-297F-4E5D-8771-4CE78E0BD286@langa.pl/

[2] https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog

[3] https://docs.python.org/release/3.9.0/whatsnew/3.9.html

[4] https://lwn.net/Articles/831783/

U-Boot v2020.10 released

([Development] Oct 5, 2020 18:48 UTC (Mon) (ris))

[1]U-Boot (the Universal Boot Loader) v2020.10 is out. " With this release we have a number of 'please migrate to DM [ [2]Driver Model [PDF] ]' warnings that are now 1 year past their warning date, and well past 1 year of those warnings being printed. It's getting up there on my TODO list to see if removing features or boards in these cases is easier. "



[1] https://www.denx.de/wiki/U-Boot

[2] https://www.denx.de/wiki/pub/U-Boot/MiniSummitELCE2014/dm-u-boot.pdf

Security updates for Monday

([Security] Oct 5, 2020 14:43 UTC (Mon) (ris))

Security updates have been issued by Debian (libvirt, snmptt, squid3, and xen), Fedora (chromium, libproxy, mumble, samba, and xawtv), openSUSE (bcm43xx-firmware, dpdk, grafana, nodejs12, python-pip, xen, and zabbix), Oracle (thunderbird), Red Hat (cockpit-ovirt, imgbased, redhat-release-virtualization-host, redhat-virtualization-host and qemu-kvm-rhev), and SUSE (perl-DBI).

Kernel prepatch 5.9-rc8

([Kernel] Oct 4, 2020 23:23 UTC (Sun) (corbet))

The [1]eighth and presumably final 5.9 prepatch is out for testing. " So things have been pretty calm, and rc8 is fairly small. I'm still waiting for a networking pull with some fixes, so it's not like I could have made a final 5.9 release even if I had wanted to, but there was nothing scary going on this past week, and it all feels ready for a final 5.9 next weekend. "



[1] https://lwn.net/Articles/833476/

[$] Zig heading toward a self-hosting compiler

([Development] Oct 6, 2020 23:35 UTC (Tue) (jake))

The [1]Zig programming language is a relatively recent entrant into the "systems programming" realm; it looks to interoperate with C, while adding safety features without sacrificing performance. The language has been gaining some attention of late and has [2]announced progress toward a Zig compiler written in Zig in September. That change will allow LLVM to become an optional component, which will be a big step forward for the " maturity and stability " of Zig.



[1] https://ziglang.org/

[2] https://kristoff.it/blog/zig-new-relationship-llvm/

Security updates for Friday

([Security] Oct 2, 2020 14:17 UTC (Fri) (jake))

Security updates have been issued by Debian (jruby and ruby2.3), Fedora (crun, pdns, and podman), openSUSE (go1.14 and kernel), Oracle (qemu-kvm and virt:ol), Red Hat (qemu-kvm-ma and thunderbird), SUSE (nodejs10, nodejs12, perl-DBI, permissions, and xen), and Ubuntu (ntp).

Conservancy Announces New Strategy for GPL Enforcement and Related Work, Receives Grant from ARDC

([Briefs] Oct 1, 2020 23:10 UTC (Thu) (jake))

The [1]Software Freedom Conservancy has [2]announced that it is embarking on " a new strategy toward improving compliance and the freedom of users of devices that contain Linux-based systems ". That includes [3]GPL enforcement , an effort to [4]create alternative firmware for embedded Linux devices, and collaboration with other organizations " to promote copyleft compliance as a feature for consumers to protect their privacy and get more out of their devices ". The work is being sponsored by an initial $150,000 grant from [5]Amateur Radio Digital Communications (ARDC). " We take this holistic approach because compliance is not an end in itself, but rather a lever to help people advance technology for themselves and the world. Bradley Kuhn, Conservancy’s Policy Fellow and Hacker-in-Residence remarked: 'GPL enforcement began as merely an education process more than twenty years ago. We all had hoped that industry-wide awareness of copyleft’s essential role in spreading software freedom would yield widespread, spontaneous compliance. We were simply wrong about that. Today, we observe almost universal failure in compliance throughout the (so-called) Internet of Things (IoT) market. Only unrelenting enforcement that holds companies accountable can change this abysmal reality. ARDC, a visionary grant-maker, recognizes the value of systemic enforcement that utilizes the legal system to regain software freedom. That process also catalyzes community-led projects to build liberated firmware for many devices.' "



[1] https://sfconservancy.org/

[2] https://sfconservancy.org/news/2020/oct/01/new-copyleft-strategy-launched-with-ARDC-grant/

[3] https://sfconservancy.org/copyleft-compliance/enforcement-strategy.html

[4] https://sfconservancy.org/copyleft-compliance/firmware-liberation.html

[5] https://www.ampr.org/

Edmundson: Plasma and the systemd startup

([Development] Oct 1, 2020 17:45 UTC (Thu) (jake))

On his blog, David Edmundson [1]writes about a new optional mechanism for starting up the KDE Plasma desktop using systemd. " Another big motivating factor was the ability for customisation. The root of Plasma's startup is very hardcoded. What if you want to run krunner with a different environment variable set? or have a script run every time plasmashell restarts, or show a UI after kwin is loaded but before plasma shell to perform some user setup? You can edit the code, but that's not easy and you're very much on your own. Systemd provides that level of customisation; both at a distro or a user level out of the box. From our POV for free. "



[1] http://blog.davidedmundson.co.uk/blog/plasma-and-the-systemd-startup/

A new crop of stable kernels

([Kernel] Oct 1, 2020 17:04 UTC (Thu) (jake))

The [1]5.8.13 , [2]5.4.69 , [3]4.19.149 , [4]4.14.200 , and [5]4.4.238 stable kernels have been released. Note that 4.9.238 was in the review cycle with the rest of these kernels but needed a [6]respin due to some test failures, so it will be released on or after October 3. As usual, all five of the released kernels have fixes throughout the tree; users should upgrade.



[1] https://lwn.net/Articles/833236/

[2] https://lwn.net/Articles/833237/

[3] https://lwn.net/Articles/833238/

[4] https://lwn.net/Articles/833239/

[5] https://lwn.net/Articles/833240/

[6] https://lwn.net/ml/linux-kernel/20201001091034.685078175@linuxfoundation.org/ Update : Apparently October 3 came early for Greg Kroah-Hartman because [1]4.9.238 has now been released.



[1] https://lwn.net/Articles/833276/

[$] Collabora Online moves out of The Document Foundation

([Front] Oct 2, 2020 14:25 UTC (Fri) (corbet))

The Document Foundation (TDF) was [1]formed in 2010 as a home for the newly created LibreOffice project; it has just [2]celebrated its tenth anniversary . As it begins its second decade, though, TDF is showing some signs of strain. Evidence of this could be seen in [3]the disagreement over a five-year marketing plan in July. More recently, the TDF membership committee [4]sent an open letter to the board of directors demanding more transparency and expressing fears of conflicts of interest within the board. Now the situation has advanced with one of the TDF's largest contributing companies announcing that it will be moving some of its work out of the foundation entirely.



[1] https://lwn.net/Articles/407339/

[2] https://blog.documentfoundation.org/blog/2020/09/27/libreoffice-10th-anniversary/

[3] https://lwn.net/Articles/825598/

[4] https://lwn.net/Articles/833252/
More

As to Jesus of Nazareth...I think the system of Morals and his Religion,
as he left them to us, the best the World ever saw or is likely to see;
but I apprehend it has received various corrupting Changes, and I have,
with most of the present Dissenters in England, some doubts as to his
divinity.
-- Benjamin Franklin