All posts by corbet

[$] Reconsidering unprivileged BPF

Post Syndicated from corbet original https://lwn.net/Articles/796328/rss

The BPF virtual machine within the kernel has seen a great deal of work
over the last few years; as that has happened, its use has expanded to many
different kernel subsystems. One of the objectives of that work in the
past has been
to make it safe to allow unprivileged users to load at least some types of
BPF programs into the kernel. A recent discussion has made it clear,
though, that the goal of opening up BPF to unprivileged users has been
abandoned as unachievable, and that further work in that direction will not
be accepted by the BPF maintainer.

kdevops: a devops framework for Linux kernel development

Post Syndicated from corbet original https://lwn.net/Articles/796466/rss

Luis Chamberlain has announced
the “kdevops” kernel-development framework. “I’m announcing the
release of kdevops which aims at making setting up and testing the Linux
kernel for any project as easy as possible. Note that setting up testing
for a subsystem and testing a subsystem are two separate operations,
however we strive for both. This is not a new test framework, it allows you
to use existing frameworks, and set those frameworks up as easily can
humanly be possible. It relies on a series of modern hip devops frameworks,
it relies on ansible, vagrant and terraform, ansible roles through the
Ansible Galaxy, and terraform modules.

[$] PHP and P++

Post Syndicated from corbet original https://lwn.net/Articles/796214/rss

PHP is the Fortran of the world-wide web: it demonstrated the power of code
embedded in web pages, but has since been superseded in many developers’
minds by more contemporary technologies. Even so, as with Fortran, there
is far more PHP code out there than one might think, and PHP is still
chosen for new projects. There is a certain amount of tension in the PHP
development community between the need to maintain compatibility for large
amounts of ancient code and the need to evolve the language to keep it
relevant for current developers. That tension has now come into the open
with a proposal to split PHP into two languages.

EPEL 8.0 released

Post Syndicated from corbet original https://lwn.net/Articles/796202/rss

EPEL 8.0 is out.
EPEL stands for Extra Packages for Enterprise Linux and is a
subcommunity of the Fedora and CentOS projects aimed at bringing a
subset of packages out of Fedora releases ready to be used and
installed on various Red Hat Enterprise Linux (RHEL).

Beyond the update to RHEL (and CentOS) 8, this release features a new
faster-moving
“playground” package stream and support for the s390 architecture.

Kroah-Hartman: Patch Workflow With Mutt – 2019

Post Syndicated from corbet original https://lwn.net/Articles/796198/rss

For those interested in the details of how one kernel developer works: Greg
Kroah-Hartman has documented
his email workflow
in great detail. “The ability to edit a
single message directly within my email client is essential. I end up
having to fix up changelog text, editing the subject line to be correct,
fixing the mail headers to not do foolish things with text formats, and in
some cases, editing the patch itself for when it is corrupted or needs to
be fixed (I want a Linkedin skill badge for ‘can edit diff files by hand
and have them still work’)

[$] Long-term get_user_pages() and truncate(): solved at last?

Post Syndicated from corbet original https://lwn.net/Articles/796000/rss

Technologies like RDMA benefit from the ability to map file-backed pages
into memory. This benefit extends to persistent-memory devices, where the
backing store for the file can be mapped directly without the need to go
through the kernel’s page cache. There is a fundamental conflict, though,
between mapping a file’s backing store directly and letting the filesystem
code modify that file’s on-disk layout, especially when the mapping is held
in place for a long time (as RDMA is wont to do). The problem seems
intractable, but there may yet be a solution in the form of this
patch set
(marked “V1,000,002”) from Ira Weiny.

[$] Akaunting: a web-based accounting system

Post Syndicated from corbet original https://lwn.net/Articles/795771/rss

One of these years, LWN will have a new accounting system based on free
software. That transition has not yet happened, though, despite the
expending of a fair amount of energy into researching alternatives. Your
editor recently became aware of a system called Akaunting, so a look seemed worthwhile.
This tool may have the features that some users want, but it seems clear
that your editor’s quest is not done yet.

A Kubernetes security assessment

Post Syndicated from corbet original https://lwn.net/Articles/795834/rss

The Kubernetes community has posted the
extensive results [PDF]
of a security assessment performed earlier this
year. “Overall, Kubernetes is a large system with significant
operational complexity. The assessment team found configuration and
deployment of Kubernetes to be non-trivial, with certain components having
confusing default settings, missing operational controls, and implicitly
defined security controls. Also, the state of the Kubernetes codebase has
significant room for improvement. The codebase is large and complex, with
large sections of code containing minimal documentation and numerous
dependencies, including systems external to Kubernetes. There are many
cases of logic re-implementation within the codebase which could be
centralized into supporting libraries to reduce complexity, facilitate
easier patching, and reduce the burden of documentation across disparate
areas of the codebase
.”

[$] Grand Schemozzle: Spectre continues to haunt

Post Syndicated from corbet original https://lwn.net/Articles/795637/rss

The Spectre v1 hardware vulnerability is
often characterized as
allowing array bounds checks to be bypassed via speculative execution.
While that is true, it is not the full extent of the shenanigans allowed by
this particular class of vulnerabilities. For a demonstration of that
fact, one need look no further than the “SWAPGS vulnerability” known as
CVE-2019-1125 to the wider world or as “Grand Schemozzle” to the select
group of developers who addressed it in the Linux kernel.

Knoll: Technical vision for Qt 6

Post Syndicated from corbet original https://lwn.net/Articles/795590/rss

Lars Knoll describes
the goals
for the next major version of the Qt graphics toolkit.
Qt has been growing a lot over the last years, to the point where
delivering a new version of it is a major undertaking. With Qt 6 there is
an opportunity to restructure our product offering and have a smaller core
product that contains the essential frameworks and tooling. We will use the
market place to deliver our add-on frameworks and tools, not as a tightly
coupled bundle with the core Qt product.

[$] The Compact C Type Format in the GNU toolchain

Post Syndicated from corbet original https://lwn.net/Articles/795384/rss

The Compact C Type Format (CTF) is a way of representing information about
a binary program; it can be seen as a simpler alternative to the widely
used DWARF
format. While CTF has been around for some years, it has not seen much use
in the Linux world. According to Elena Zannoni, who talked about CTF at
the 2019 Open Source Summit Japan, that situation may be about to change;
work is underway to bring CTF support to the GNU tools shipped universally
with Linux systems.

Freedombone 4.0 released

Post Syndicated from corbet original https://lwn.net/Articles/795395/rss

Freedombone
4.0
is available. Freedombone is a distribution (based on
Debian 10) focused on the hosting network services under one’s own
control on home servers. “There is no freedom without freedom of
association. That is, having the ability to define who you are and what
kind of community you want to live in. This release includes Community
Networks as an initial step towards networks run by and for the people who
use them.
” Support for the Wireguard VPN has been added, but the
“Fediverse” applications (GNU Social, PostActiv, and Pleroma) have been
removed as being too hard to manage.

Freedomebone 4.0 released

Post Syndicated from corbet original https://lwn.net/Articles/795395/rss

Freedombone
4.0
is available. Freedombone is a distribution (based on
Debian 10) focused on the hosting network services under one’s own
control on home servers. “There is no freedom without freedom of
association. That is, having the ability to define who you are and what
kind of community you want to live in. This release includes Community
Networks as an initial step towards networks run by and for the people who
use them.
” Support for the Wireguard VPN has been added, but the
“Fediverse” applications (GNU Social, PostActiv, and Pleroma) have been
removed as being too hard to manage.

[$] vDSO, 32-bit time, and seccomp

Post Syndicated from corbet original https://lwn.net/Articles/795128/rss

The seccomp()
mechanism is notoriously difficult to use. It also turns out to be easy to
break unintentionally, as the development community discovered when a
timekeeping change meant to address the year-2038 problem created a regression for
seccomp() users in the 5.3 kernel. Work is underway to mitigate
the problem for now, but seccomp() users on 32-bit systems are
likely to have to change their configurations at some point.