Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] Divvi Up: privacy-respecting telemetry aggregation
There is ongoing discussion about the ethics and effectiveness of telemetry following some recent LWN articles that touched on Thunderbird's use of opt-out telemetry and planned metrics in Fedora. The Internet Security Research Group (ISRG), the nonprofit behind Let's Encrypt, has a potential solution to the problem of how to collect and aggregate telemetry without violating users' privacy. The scheme is based on a draft protocol being standardized with the Internet Engineering Task Force (IETF), and has an open-source implementation available.
[$] Maximal min() and max()
Like many projects written in C, the kernel makes extensive use of the C preprocessor; indeed, the kernel's use is rather more extensive than most. The preprocessor famously has a number of sharp edges associated with it. One might not normally think of increased compilation time as one of them, though. It turns out that some changes to a couple of conceptually simple preprocessor macros — min() and max() — led to some truly pathological, but hidden, behavior where those macros were used.
[$] LWN.net Weekly Edition for August 1, 2024
Posted Aug 1, 2024 4:57 UTC (Thu)The LWN.net Weekly Edition for August 1, 2024 is available.
Inside this week's LWN.net Weekly Edition
- Front: Bootstrapping Linux; Python in GNOME; GNOME annual meeting; FOLL_FORCE; getrandom(); 6.11 Merge window; Famfs; Better kernel panics.
- Briefs: Funtoo discontinued; Mint 22; Vanilla OS 2; Forgejo v8.0; Git 2.46.0; Rust 1.80.0; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Showing up for Python in GNOME
A few years ago, PyGObject—the Python package that provides bindings for GTK and GNOME applications—was not faring particularly well. Several maintainers had left the project and its development was not keeping pace with changes in GTK. At this year's GUADEC, Dan Yeaw presented a talk about the project's decline, improvements in the last year, and his experience getting involved in an undermaintained project.
[$] Pulling Linux up by its bootstraps
A bootstrappable build is one that builds existing software from scratch — for example, building GCC without relying on an existing copy of GCC. In 2023, the Guix project announced that the project had reduced the size of the binary bootstrap seed needed to build its operating system to just 357-bytes — not counting the Linux kernel required to run the build process. Now, the live-bootstrap project has gone a step further and removed the need for an existing kernel at all.
[$] Famfs: a filesystem interface to shareable memory
At the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit, John Groves led a session on famfs, which is a filesystem he has developed that uses the kernel's direct-access (DAX) mechanism to access memory that is shareable between hosts. The discussion was aimed at whether a different approach should be taken and, in particular, whether FUSE should be used instead of implementing as an in-kernel filesystem. As noted in the thread about his proposal for an LSFMM+BPF session, and the mailing-list discussions on the first and second version of his patch set, there is some skepticism that a new in-kernel filesystem is warranted for the use case.
[$] Report from the annual general meeting at GUADEC
At GUADEC in Denver, Colorado on July 21, the GNOME Foundation held its annual general meeting (AGM) to provide updates from the foundation's board and committees. Topics included work accomplished in the past year, challenges facing the GNOME Foundation–including fundraising and finding a new executive director–and some insight into plans for the next year. And last, but not least, the awarding of the Pants of Thanks.
[$] The rest of the 6.11 merge window
The release of 6.11-rc1 marked the end of the 6.11 merge window on July 28. By that time, 12,102 non-merge changesets had been pulled into the mainline repository; about 8,000 of those came in after the first-half summary was written. Quite a few significant changes were to be found in those changesets; there is also one big change that did not make it.
[$] May the FOLL_FORCE not be with you
One of the simplest hardening concepts to understand is that memory should never be both writable and executable, otherwise an attacker can use it to load and run arbitrary code. That rule is generally followed in Linux systems, but there is a glaring loophole that is exploitable from user space to inject code into a running process. Attackers have duly exploited it. A new effort to close the hole ran into trouble early in the merge window, but a solution may yet be found in time for the 6.11 kernel release.
[$] What became of getrandom() in the vDSO
In the previous episode of the vgetrandom() story, Jason Donenfeld had put together a version of the getrandom() system call that ran in user space, significantly improving performance for applications that need a lot of random data while retaining all of the guarantees provided by the system call. At that time, it seemed that a consensus had built around the implementation and that it was headed toward the mainline in that form. A few milliseconds after that article was posted, though, a Linus-Torvalds-shaped obstacle appeared in its path. That obstacle has been overcome and this work has now been merged for the 6.11 kernel, but its form has changed somewhat.
Kernel prepatch 6.11-rc2
Linus has released 6.11-rc2 for testing.
"Hopefully we've gotten rid of the bulk of the silly noise here in rc2,
and not added too much new noise, so that we can get on with the process of
finding more meaningful issues.
"
Three stable kernel updates for Saturday
The 6.10.3, 6.6.44, and 6.1.103 stable kernel updates have all been released. As usual, they contain important fixes throughout the tree. Users of those kernels should upgrade.
Security updates for Friday
Security updates have been issued by Fedora (chromium), SUSE (docker and patch), and Ubuntu (bind9, gross, linux-azure, linux-azure-4.15, linux-lowlatency-hwe-6.5, and tomcat8, tomcat9).
Sovereign Tech Fund introduces fellowship pilot program
The Sovereign Tech Fund (STF) has announced
a fellowship program to support "the dedicated individuals who keep
our digital infrastructure running
":
Over the past two years, STF has successfully contracted over 40 FOSS projects, enhancing their technical sustainability through targeted milestones. However, the activities of maintainers, who often work on multiple FOSS projects, are hard to quantify for funding applications, as the demands and challenges vary and can change quickly. This is where the fellowship for maintainers comes into play.
According to the fellowship page the STF plans to fund five fellowships, beginning in the fourth quarter of this year, for a period of 12 months.
Mel Chua RIP
We have received the sad news that Dr. Mel Chua has passed away. Mel was probably best known in the free-software community as a contributor to the Fedora Project in its early days. The Fedora Community blog honored Mel recently after she had moved to hospice care with tributes from several Fedorans. Stephen Jacobs wrote:
I can't find the words to express how much of a positive impact Mel has had on my work, our shared work, my family, the experiences of my students, and the world of FOSS writ large. Nor can I find the words to convey just how much I will miss her.
Mel will be greatly missed.
Security updates for Thursday
Security updates have been issued by Debian (chromium), Fedora (kernel, obs-cef, and xen), Mageia (emacs), Oracle (freeradius, freeradius:3.0, and kernel), Red Hat (emacs, httpd, and kpatch-patch-4_18_0-305_120_1), Slackware (curl), SUSE (apache2, cockpit-wicked, glibc, gnutls, gvfs, less, nghttp2, opensc, python-idna, python-requests, qemu, rpm, tpm2-0-tss, tpm2.0-tools, and unbound), and Ubuntu (clickhouse, exim4, libcommons-collections3-java, linux, linux-aws, linux-kvm, linux-lts-xenial, mysql-8.0, openssl, php-cas, prometheus-alertmanager, and snapd).
A deprecation timeline for older Arm CPUs
Arnd Bergmann has posted a detailed timeline for the deprecation of support for old Arm CPUs in both the kernel and the compiler toolchain. Anybody who is working with that hardware will likely want to review this list and let the relevant developers know if any of that support is still needed.
Vanilla OS 2 "Orchid" released
Version 2.0 of the Vanilla OS image-based Linux distribution has been released. Dubbed "Orchid", Vanilla OS is now based on Debian Sid (prior versions were Ubuntu-based), allows creation of customized Linux environments, support for running Android applications using Waydroid, and many other improvements.
Forgejo v8.0 released
Version 8.0 of the Forgejo
software-development platform has been released. Notable
changes include the removal
of non-free software found in the codebase, improved stability, and a
reduction
in "seemingly random User Interface changes
":
A gentle way of describing Forgejo User eXperience is that it is an acquired taste: it grew over the years, driven by the inspiration of the person with the keyboard in their hand. Once implemented it almost never changed. A user who started with Forgejo in 2022 can only see minor changes in 2024 and not all of them make intuitive sense. The solution to this problem is simple and was identified early on: User Research. But only in the making of Forgejo v8.0 did it get some momentum.
See the release notes for a full list of changes.
Security updates for Wednesday
Security updates have been issued by Fedora (xdg-desktop-portal-hyprland), Red Hat (freeradius, freeradius:3.0, git-lfs, httpd, kernel, openssh, and varnish:6), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, git, gtk2, gtk3, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, orc, postgresql14, python-dnspython, python-urllib3, shadow, and xen), and Ubuntu (openjdk-17, openjdk-21, openjdk-8, openjdk-lts, and python3.10, python3.8).