Odprtokodni pogled

Opensource view


Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Posodobljeno: 22 min 2 sec nazaj

[$] Fighting Spectre with cache flushes

Tor, 10/16/2018 - 00:23
One of the more difficult aspects of the Spectre hardware vulnerability is finding all of the locations in the code that might be exploitable. There are many locations that look vulnerable that aren't, and others that are exploitable without being obvious. It has long been clear that finding all of the exploitable spots is a long-term task, and keeping new ones from being introduced will not be easy. But there may be a simple technique that can block a large subset of the possible exploits with a minimal cost.

Security updates for Monday

Pon, 10/15/2018 - 15:47
Security updates have been issued by Arch Linux (wireshark-cli), Debian (imagemagick, otrs2, tomcat7, and wireshark), Fedora (ca-certificates, dislocker, dolphin-emu, kernel-headers, kernel-tools, libgit2, mbedtls, mingw-openjpeg2, nekovm, openjpeg2, patch, strongswan, and thunderbird), Mageia (firefox, git, nextcloud, and texlive), Oracle (kernel and openssl), Scientific Linux (spamassassin), SUSE (libtirpc), and Ubuntu (requests).

Kernel prepatch 4.19-rc8

Pon, 10/15/2018 - 14:48
As expected, the 4.19 development cycle has gone to 4.19-rc8. "Please go and test and ensure that all works well for you. Hopefully this should be the last -rc release."

A pile of weekend stable kernel updates

Sob, 10/13/2018 - 17:24
The 4.18.14, 4.14.76, 4.9.133, 4.4.161, and 3.18.124 stable kernels have all been released; each contains another pile of important fixes and updates.

[$] I/O scheduling for single-queue devices

Pet, 10/12/2018 - 18:03
Block I/O performance can be one of the determining factors for the performance of a system as a whole, especially on systems with slower drives. The need to optimize I/O patterns has led to the development of a long series of I/O schedulers over the years; one of the most recent of those is BFQ, which was merged during the 4.12 development cycle. BFQ incorporates an impressive set of heuristics designed to improve interactive performance, but it has, thus far, seen relatively little uptake in deployed systems. An attempt to make BFQ the default I/O scheduler for some types of storage devices has raised some interesting questions, though, on how such decisions should be made.

Security updates for Friday

Pet, 10/12/2018 - 15:48
Security updates have been issued by Debian (net-snmp), Fedora (php-horde-nag), openSUSE (git, java-1_8_0-openjdk, libxml2, mgetty, moinmoin-wiki, postgresql10, and soundtouch), Oracle (spamassassin), Red Hat (spamassassin), SUSE (apache2, axis, kernel, libX11 and libxcb, and texlive), and Ubuntu (clamav, git, and texlive-bin).

[$] OpenPGP signature spoofing using HTML

Čet, 10/11/2018 - 17:58

Beyond just encrypting messages, and thus providing secrecy, the OpenPGP standard also enables digitally signing messages to authenticate the sender. Email applications and plugins usually verify these signatures automatically and will show whether an email contains a valid signature. However, with a surprisingly simple attack, it's often possible to fool users by faking — or spoofing — the indication of a valid signature using HTML email.

Tutanota, the First Encrypted Email Service with an App on F-Droid (Linux Journal)

Čet, 10/11/2018 - 16:26
Here's a Linux Journal article from one of the creators of the Tutanota encrypted email client. "That's why we decided to build Tutanota: a secure email service that is so easy to use, everyone can send confidential email, not only the tech-savvy. The entire encryption process runs locally on users' devices, and it's fully automated. The automatic encryption also enabled us to build fully encrypted email apps for Android and iOS. Finally, end-to-end encrypted email is starting to become the standard: 58% of all email sent from Tutanota already are end-to-end encrypted, and the percentage is constantly rising."

Security updates for Thursday

Čet, 10/11/2018 - 15:44
Security updates have been issued by Debian (dnsruby, gnulib, and jekyll), Fedora (calamares, fawkes, git, kernel-headers, librime, and pdns), openSUSE (ImageMagick), Oracle (kernel), Scientific Linux (glusterfs, kernel, and nss), Slackware (git), SUSE (ImageMagick), and Ubuntu (tomcat7, tomcat8).

[$] LWN.net Weekly Edition for October 11, 2018

Čet, 10/11/2018 - 01:18
The LWN.net Weekly Edition for October 11, 2018 is available.

Control Flow Integrity in the Android kernel (Android Developers)

Sre, 10/10/2018 - 22:28
The Android Developers Blog describes the control-flow integrity work that is shipping on the Pixel 3 handset. "LLVM's CFI implementation adds a check before each indirect branch to confirm that the target address points to a valid function with a correct signature. This prevents an indirect branch from jumping to an arbitrary code location and even limits the functions that can be called. As C compilers do not enforce similar restrictions on indirect branches, there were several CFI violations due to function type declaration mismatches even in the core kernel that we have addressed in our CFI patch sets for kernels 4.9 and 4.14."

[$] A status update for virgl

Sre, 10/10/2018 - 22:28

At the 2018 X.Org Developers Conference, Elie Tournier gave an update on the state of the Virgil (or virgl) virtual 3D GPU for QEMU. He looked at the project's history along with what has happened with it over the last year or so. As is usual in a status update talk, he finished with some thoughts about future plans for virgl. For the last year, Tournier has been working on virgl for Collabora.

Microsoft joins Open Invention Network

Sre, 10/10/2018 - 16:53
Microsoft has announced that it has joined the Open Invention Network (OIN). "We know Microsoft’s decision to join OIN may be viewed as surprising to some, as it is no secret that there has been friction in the past between Microsoft and the open source community over the issue of patents. For others who have followed our evolution as a company, we hope this will be viewed as the next logical step for a company that is listening to its customers and is firmly committed to Linux and other open source programs."

Stable kernel updates

Sre, 10/10/2018 - 15:52
Stable kernels 4.18.13, 4.14.75, 4.9.132, and 4.4.160 have been released. They all contain important fixes throughout the tree and users should upgrade.

Security updates for Wednesday

Sre, 10/10/2018 - 15:45
Security updates have been issued by Arch Linux (patch), CentOS (firefox, glusterfs, kernel, and nss), Debian (net-snmp), Oracle (firefox, glusterfs, kernel, and nss), Red Hat (glusterfs, kernel, and nss), Scientific Linux (firefox), SUSE (kernel), and Ubuntu (webkit2gtk).

[$] Advances in Mesa continuous integration

Tor, 10/09/2018 - 18:55

Continuous integration (CI) has become increasingly prevalent in open-source projects over the last few years. Intel has been active in building CI systems for graphics, both for the kernel side and for the Mesa-based user-space side of the equation. Mark Janes and Clayton Craft gave a presentation on Intel's Mesa CI system at the 2018 X.Org Developers Conference (XDC), which was held in A Coruña, Spain in late September. The Mesa CI system is one of the earliest successful CI initiatives in open source that he knows of, Janes said. It is a core component of Mesa development, especially at Intel.

Gregg: bpftrace (DTrace 2.0) for Linux 2018

Tor, 10/09/2018 - 16:41
Brendan Gregg introduces the bpftrace tracing tool. "bpftrace was created as an even higher-level front end for custom ad-hoc tracing, and can serve a similar role as DTrace. We've been adding bpftrace features as we need them, not just because DTrace had them. I can think of over a dozen things that DTrace can do that bpftrace currently cannot, including custom aggregation printing, shell arguments, translators, sizeof(), speculative tracing, and forced panics."

Security updates for Tuesday

Tor, 10/09/2018 - 15:43
Security updates have been issued by Arch Linux (git), Debian (kernel, samba, and tinc), Fedora (kernel-headers), Oracle (firefox), Red Hat (firefox and qemu-kvm-rhev), Scientific Linux (firefox), SUSE (java-1_8_0-ibm, kubernetes-salt, velum, libxml2, and postgresql10), and Ubuntu (libxkbcommon).

[$] The modernization of PCIe hotplug in Linux

Pon, 10/08/2018 - 23:52
PCI Express hotplug has been supported in Linux for fourteen years. The code, which is aging, is currently undergoing a transformation to fit the needs of contemporary applications such as hot-swappable flash drives in data centers and power-manageable Thunderbolt controllers in laptops. Time for a roundup.

Amit: How new-lines affect the Linux kernel performance

Pon, 10/08/2018 - 17:53
Nadav Amit decided to dig into why some small kernel functions were not being inlined by GCC; the result is a detailed investigation into how these things can go wrong. "Ignoring the assembly shenanigans that this code uses, we can see that in practice it generates a single ud2 instruction. However, the compiler considers this code to be 'big' and consequently oftentimes does not inline functions that use WARN() or similar functions. The reason turns to be the newline characters (marked as '\n' above). The kernel compiler, GCC, is unaware to the code size that will be generated by the inline assembly. It therefore tries to estimate its size based on newline characters and statement separators (';' on x86)."