Post Syndicated from corbet original https://lwn.net/Articles/842692/rss

The LWN.net Weekly Edition for January 21, 2021 is available.

Post Syndicated from corbet original https://lwn.net/Articles/843313/rss

Back in October, LWN looked at a conversation
within the Debian project regarding whether it was permissible to ship
Kubernetes bundled with some 200 dependencies. The Debian technical
committee has finally come
to a conclusion on this matter: this bundling is acceptable and the
maintainer will not be required to make changes:

In the end, allowing this vendoring seemed like the only feasible way to
package Kubernetes for Debian.

Post Syndicated from corbet original https://lwn.net/Articles/843213/rss

Red Hat has announced
a new set of options meant to attract current CentOS users who are unhappy
with the shift to CentOS Stream.
“While CentOS Linux provided a no-cost Linux distribution, no-cost RHEL also exists today through the Red Hat Developer program. The program’s terms formerly limited its use to single-machine developers. We recognized this was a challenging limitation.

We’re addressing this by expanding the terms of the Red Hat Developer program so that the Individual Developer subscription for RHEL can be used in production for up to 16 systems. That’s exactly what it sounds like: for small production use cases, this is no-cost, self-supported RHEL.”

Post Syndicated from corbet original https://lwn.net/Articles/842842/rss

User namespaces provide a number of
interesting challenges for the kernel. They give a user the illusion of
owning the system, but must still operate within the restrictions that
apply outside of the namespace. Resource
limits represent one type of
restriction that, it seems, is proving too restrictive for some users. This
patch set from Alexey Gladkov attempts to address the problem by way of
a not-entirely-obvious approach.

Post Syndicated from corbet original https://lwn.net/Articles/843081/rss

Version
3.9.0.0 of the GNU Radio software-defined radio system has been
released. “All in all, the main breaking change for pure GRC users
will consist in a few changed blocks – an incredible feat, considering the
amount of shift under the hood.”

Post Syndicated from corbet original https://lwn.net/Articles/842965/rss

The
5.10.8,
5.4.90,
4.19.168,
4.14.216,
4.9.252, and
4.4.252
stable kernel updates have all been released; each contains the usual array
of important fixes.

Post Syndicated from corbet original https://lwn.net/Articles/842944/rss

The 5.11-rc4 kernel prepatch is out
for testing. “Things continue to look fairly normal for this release:
5.11-rc4 is solidly average in size, and nothing particularly scary stands
out.”

Post Syndicated from corbet original https://lwn.net/Articles/842837/rss

Daniel Stenberg writes
about getting paid to work on curl — 21 years after starting the
project. “I ran curl as a spare time project for decades. Over the
years it became more and more common that users who submitted bug reports
or asked for help about things were actually doing that during their paid
work hours because they used curl in a commercial surrounding – which
sometimes made the situation almost absurd. The ones who actually got paid
to work with curl were asking the unpaid developers to help them
out.”

Post Syndicated from corbet original https://lwn.net/Articles/842385/rss

The Linux 5.10 release included a change
that is expected to significantly increase the performance of the ext4
filesystem; it goes by the name “fast commits” and introduces a new,
lighter-weight journaling method. Let us look into how the feature works, who
can benefit from it, and when its use may be appropriate.

Post Syndicated from corbet original https://lwn.net/Articles/842415/rss

Since the release of the 5.5 kernel in January 2020, there have been almost
87,000 patches from just short of 4,600 developers merged into the mainline
repository. Reviewing all of those patches would be a tall order for even
the most prolific of kernel developers, so decisions on patch acceptance
are delegated to a long list of subsystem maintainers, each of whom takes
partial or full responsibility for a specific portion of the kernel. These
maintainers are documented in a file called, surprisingly, MAINTAINERS.
But the MAINTAINERS file, too, must be maintained; how well does
it reflect reality?

Post Syndicated from corbet original https://lwn.net/Articles/842713/rss

Version 6.0 of the Wine
Windows not-an-emulator has been released. “This release is
dedicated to the memory of Ken Thomases, who passed away just before
Christmas at the age of 51. Ken was an incredibly brilliant developer, and
the mastermind behind the macOS support in Wine. We all miss his skills,
his patience, and his dark sense of humor.” Significant features
include core modules built as PE executables, an experimental Direct3D
renderer, DirectShow support, a new text console, and more.

Post Syndicated from corbet original https://lwn.net/Articles/841992/rss

The LWN.net Weekly Edition for January 14, 2021 is available.

Post Syndicated from corbet original https://lwn.net/Articles/842582/rss

Tedium is running a
history of the Linksys WRT54G router. “But the reason the WRT54G
series has held on for so long, despite using a wireless protocol that was
effectively made obsolete 12 years ago, might come down to a feature that
was initially undocumented—a feature that got through amid all the
complications of a big merger. Intentionally or not, the WRT54G was hiding
something fundamental on the router’s firmware: Software based on
Linux.”

Post Syndicated from corbet original https://lwn.net/Articles/842574/rss

Arnd Bergmann stirred up a bit of a discussion with his January 8 “bring
out your dead” posting, wherein he raised the idea of removing support
for a long list of seemingly unloved Arm platforms — and a few non-Arm ones
as well. Many of these have seen no significant work in at least six
years. In a
January 13 followup, he notes that several of those platforms will
be spared for now due to ongoing interest. Several others, though (efm32,
picoxcell, prima2, tango, u300, and zx) remain on the chopping block, and
the status of another handful remains uncertain. Readers who care about
old Arm platforms may want to have a look at the list now and speak up if
they still need support for one of the platforms that might otherwise be
deleted.

Post Syndicated from corbet original https://lwn.net/Articles/842395/rss

The Google Project Zero blog is carrying a
six-part series exploring, in great detail, a set of sophisticated
exploits discovered in the wild. “These exploit chains are designed
for efficiency & flexibility through their modularity. They are
well-engineered, complex code with a variety of novel exploitation methods,
mature logging, sophisticated and calculated post-exploitation techniques,
and high volumes of anti-analysis and targeting checks. We believe that
teams of experts have designed and developed these exploit chains. We hope
this blog post series provides others with an in-depth look at exploitation
from a real world, mature, and presumably well-resourced actor.”

Post Syndicated from corbet original https://lwn.net/Articles/842122/rss

The kernel project goes out of its way to facilitate building with older
toolchains. Building a kernel on a new system can be enough of a challenge
as it is; being being forced to install a custom toolchain first would not
improve the situation. So the kernel
developers try to keep it possible to build the kernel with the toolchains
shipped by most distributors. There are costs to this policy though, including
an inability to use newer compiler features. But, as was seen in a recent
episode, building with old compilers can subject developers to old compiler
bugs too.

Post Syndicated from corbet original https://lwn.net/Articles/842244/rss

The 5.11-rc3 kernel prepatch is out for
testing. “So in the rc2 announcement notes I thought we might have a slow week
for rc3 as well due to people just coming back from vacations and it
taking some time for bug reports etc to start tricking in.

That turned out to be the incoherent ramblings of a crazy old man.”

Post Syndicated from corbet original https://lwn.net/Articles/842165/rss

The
5.10.6,
5.4.88,
4.19.166,
4.14.214,
4.9.250, and
4.4.250
stable kernel updates have all been released; each contains a relatively
small number of important fixes.

Post Syndicated from corbet original https://lwn.net/Articles/842002/rss

The Fedora 34 release is planned
for April 20 — a plan that may well come to fruition, given that the
Fedora project appears to have abandoned its tradition of delayed
releases. As part of that schedule, any proposals for system-wide changes
were supposed to be posted by December 29. That has not stopped the
arrival of a
late proposal to add file signatures to Fedora’s RPM packages, though.
This proposal, meant to support the use of the integrity measurement
architecture (IMA) in Fedora, has not been met with universal acclaim.

Post Syndicated from corbet original https://lwn.net/Articles/841916/rss

A key component of system hardening is restricting access to memory; this
extends to preventing the kernel itself from accessing or modifying much of
the memory in the system most of the time. Memory that cannot be accessed
cannot be read or changed by an attacker. On many systems, though, these
restrictions do not apply to peripheral devices, which can happily use
direct memory access (DMA) on most or all of the available memory. The
recently posted restricted
DMA patch set aims to reduce exposure to buggy or malicious device
activity by tightening up control over the memory that DMA operations are
allowed to access.