Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] LWN.net Weekly Edition for May 2, 2024
Posted May 2, 2024 1:11 UTC (Thu)The LWN.net Weekly Edition for May 2, 2024 is available.
Inside this week's LWN.net Weekly Edition
- Front: Ubuntu 24.04; Nix leadership; Embedded security; State of realtime and embedded Linux; TSO on Arm; Rust for codecs; Python JIT.
- Briefs: run0; Dolstra steps down; Ubuntu 24.04 LTS; Amarok 3.0; Git 2.45.0; GNOME financials; GNU nano 8.0; Yocto 5.0; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] A look at Ubuntu Desktop LTS 24.04
Ubuntu 24.04 LTS, code-named "Noble Numbat", was released on April 25. This release includes GNOME 46, installer updates, security enhancements, a lot of updated packages, and a new App Center that puts a heavy emphasis on using Snaps to install software. It is not an ambitious release, but it brings enough to the table that it's a worthwhile update.
[$] Security patterns and anti-patterns in embedded development
When it comes to security, telling developers to do (or not do) something can be ineffective. Helping them understand the why behind instructions, by illustrating good and bad practices using stories, can be much more effective. With several such stories Marta Rybczyńska fashioned an interesting talk about patterns and anti-patterns in embedded Linux security at the Embedded Open Source Summit (EOSS), co-located with Open Source Summit North America (OSSNA), on April 16 in Seattle, Washington.
[$] A leadership crisis in the Nix community
On April 21, a group of anonymous authors and non-anonymous signatories published a lengthy open letter to the Nix community and Nix founder Eelco Dolstra calling for his resignation from the project. They claimed ongoing problems with the project's leadership, primarily focusing on the way his actions have allegedly undermined people nominally empowered to perform various moderation and governance tasks. Since its release, the letter has gained more than 100 signatures.
[$] Giving Rust a chance for in-kernel codecs
Video playback is undeniably one of the most important features in modern consumer devices. Yet, surprisingly, users are by and large unaware of the intricate engineering involved in the compression and decompression of video data, with codecs being left to find a delicate balance between image quality, bandwidth, and power consumption. In response to constant performance pressure, video codecs have become complex and hardware implementations are now common, but programming these devices is becoming increasingly difficult and fraught with opportunities for exploitation. I hope to convey how Rust can help fix this problem.
[$] Support for the TSO memory model on Arm CPUs
At the CPU level, a memory model describes, among other things, the amount of freedom the processor has to reorder memory operations. If low-level code does not take the memory model into account, unpleasant surprises are likely to follow. Naturally, different CPUs offer different memory models, complicating the portability of certain types of concurrent software. To make life easier, some Arm CPUs offer the ability to emulate the x86 memory model, but efforts to make that feature available in the kernel are running into opposition.
[$] Python JIT stabilization
On April 11, Brandt Bucher posted PEP 744 ("JIT Compilation"), which summarizes the current state of Python's new copy-and-patch just-in-time (JIT) compiler. The JIT is currently experimental, but the PEP proposes some criteria for the circumstances under which it should become a non-experimental part of Python. The discussion of the PEP hasn't reached a conclusion, but several members of the community have already raised questions about how the JIT would fit into future iterations of the Python language.
[$] The state of realtime and embedded Linux
Linux, famously, appears in a wide range of systems. While servers and large data centers get a lot of the attention, and this year will always be the year of the Linux desktop, there is also a great deal of Linux to be found in realtime and embedded applications. Two talks held in the realtime and embedded tracks of the 2024 Open Source Summit North America provided listeners with an update on how Linux is doing in those areas. Work on realtime Linux appears to be nearing completion, while the embedded community is still pushing forward at full speed.
LWN.net Weekly Edition for April 25, 2024
Posted Apr 25, 2024 1:21 UTC (Thu)The LWN.net Weekly Edition for April 25, 2024 is available.
Inside this week's LWN.net Weekly Edition
- Front: Dirk and Linus; Gentoo bans AI; Rust existential types; Rust in embedded kernels; WARN_ON(); Memory interleaving; Security-module stacking.
- Briefs: GitHub malware; Tille elected; Fedora 40; QEMU 9.0; Open Home Foundation; udev-hid-bpf; Firefox crash reporting; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
Existential types in Rust
For several years, contributors to the Rust project have been working to improve support for asynchronous code. The benefits of these efforts are not confined to asynchronous code, however. Members of the Rust community have been working toward adding explicit existential types to Rust since 2017. Existential types are not a common feature of programming languages (something the RFC acknowledges), so the motivation for their inclusion might be somewhat obscure.
GNU nano 8.0 released
Version 8.0 of the terminal text editor GNU nano has been released. This update includes several changes to keybindings to be more newcomer-friendly, such as remapping Ctrl-F to forward-search and adding an option for modern bindings:
Command-line option --modernbindings (-/) makes ^Q quit, ^X cut, ^C copy, ^V paste, ^Z undo, ^Y redo, ^O open a file, ^W write a file, ^R replace, ^G find again, ^D find again backwards, ^A set the mark, ^T jump to a line, ^P show the position, and ^E execute.
The release also provides access to 14 levels of gray scale in xterm (up from four), as well as many bug fixes.
Eelco Dolstra steps down from NixOS Foundation board
The NixOS Foundation board announced on April 30 that Eelco Dolstra is stepping down from the board following the recent calls for his resignation.
Eelco is the principal author of Nix and undoubtedly a central figure in the ecosystem that grew around it. We confirm that Eelco showed no intention to be perceived as or act like the BDFL [Benevolent Dictator for Life] of the Nix ecosystem, or the Nix code base. To commit to that in a timely manner, he has decided to formally step down from the board.
The board also announced its intent to set up new, explicit governance for the project, answerable to the community:
We will appoint a constitutional assembly within the next 14 days. Its task will be to set up a new governance structure, run by the community, that is capable of serving the community's needs. Once established, we will delegate our power to institutions within that new structure. This entire process will take place in a public space, such that it's traceable for anyone concerned. We are committed to listening to everyone who may help with solving the problems the community is facing.
Security updates for Wednesday
Security updates have been issued by Debian (nghttp2 and qtbase-opensource-src), Mageia (cjson, freerdp, guava, krb5, libarchive, and mediawiki), Oracle (container-tools:4.0 and container-tools:ol8), Red Hat (bind, buildah, container-tools:3.0, container-tools:rhel8, expat, gnutls, golang, grafana, kernel, kernel-rt, libreswan, libvirt, linux-firmware, mod_http2, pcp, pcs, podman, python-jwcrypto, rhc-worker-script, shadow-utils, skopeo, sssd, tigervnc, unbound, and yajl), SUSE (kernel and python311), and Ubuntu (gerbv and node-json5).
Yocto Project 5.0 released
Version 5.0 of the Yocto Project distribution builder has been released. The list of new features is long; see the release notes for the details.
"run0" as a sudo replacement
This Mastodon stream from Lennart Poettering describes a sudo replacement — called run0 — that will be part of the upcoming systemd 256 release. It takes a rather different approach to the execution of privileged commands, avoiding the use of setuid (which he calls "SUID") permissions entirely.
So, in my ideal world, we'd have an OS entirely without SUID. Let's throw out the concept of SUID on the dump of UNIX' bad ideas. An execution context for privileged code that is half under the control of unprivileged code and that needs careful manual clean-up is just not how security engineering should be done in 2024 anymore.
Git 2.45.0 released
Version 2.45.0 of the Git source-code management system has been released. Changes include a new list command for git reflog, a couple of new configuration variables for git diff, the ability to drop redundant commits while cherry-picking, a number of performance improvements, and more.
Security updates for Tuesday
Security updates have been issued by Debian (org-mode), Oracle (shim and tigervnc), Red Hat (ansible-core, avahi, buildah, container-tools:4.0, containernetworking-plugins, edk2, exfatprogs, fence-agents, file, freeglut, freerdp, frr, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd, ipa, kernel, libjpeg-turbo, libnbd, LibRaw, libsndfile, libssh, libtiff, libvirt, libX11, libXpm, mingw components, mingw-glib2, mingw-pixman, mod_http2, mod_jk and mod_proxy_cluster, motif, mutt, openssl and openssl-fips-provider, osbuild and osbuild-composer, pam, pcp, pcs, perl, pmix, podman, python-jinja2, python3.11, python3.11-cryptography, python3.11-urllib3, qemu-kvm, qt5-qtbase, runc, skopeo, squashfs-tools, systemd, tcpdump, tigervnc, toolbox, traceroute, webkit2gtk3, wpa_supplicant, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), SUSE (docker, ffmpeg, ffmpeg-4, frr, and kernel), and Ubuntu (anope, freerdp3, and php7.0, php7.2, php7.4, php8.1).
Amarok 3.0 "Castaway" released
The Amarok music player project has announced the release of version 3.0, which is codenamed "Castaway". It is the first stable version using Qt 5 and KDE Frameworks 5, and the first stable release since the final Qt-4-based 2.9.0 in 2018.
The road to 3.0 has not been a short one. Much of the Qt5/KF5 porting was done in 2015 already, but finishing and polishing everything up has been a slow, sometimes ongoing and sometimes stalled process ever since. 3.0 Alpha was released in February 2021 and has been since used by many people, as have been nightly builds of git master available for various distributions. Now in the past few months, an effort was made to get everything ready for a proper 3.0 release.Common usecases should work quite well, and in addition to fixing KF5 port related regressions reported in pre-releases, 3.0 features many bugfixes and implemented features for longstanding issues, the oldest such documented being from 2009. However, with more than 20 years of development history, it is likely that not every feature Amarok has been tested thoroughly in the new release, and specifically some Internet services that have changed their API in recent years are not available, at least for now. It might well be that getting them in better state wouldn't require huge effort, however, so if you know your way with Qt and KDE Frameworks and your favourite Internet music service does not work with Amarok 3.0, you are extremely welcome to join in and help!
Security updates for Monday
Security updates have been issued by AlmaLinux (buildah, go-toolset:rhel8, golang, java-11-openjdk, java-21-openjdk, libreswan, thunderbird, and tigervnc), Debian (chromium, emacs, frr, mediawiki, ruby-rack, trafficserver, and zabbix), Fedora (chromium, grub2, python-idna, and python-reportlab), Mageia (chromium-browser-stable, firefox, opencryptoki, and thunderbird), Red Hat (container-tools:4.0, container-tools:rhel8, git-lfs, and shim), SUSE (frr, java-11-openjdk, java-1_8_0-openjdk, kernel, pdns-recursor, and shim), and Ubuntu (apache2, cpio, curl, glibc, gnutls28, less, libvirt, and pillow).
McQueen: Update from the GNOME board
Robert McQueen has posted a message from the GNOME Foundation board describing the current financial situation, plans to improve it, and an increase in the size of the board.
The Foundation has a reserves policy which specifies a minimum amount of money we have to keep in our accounts. This is so that if there is a significant interruption to our usual income, we can preserve our core operations while we work on new funding sources. We've now "hit the buffers" of this reserves policy, meaning the Board can't approve any more deficit budgets – to keep spending at the same level we must increase our income.