Post Syndicated from daroc original https://lwn.net/Articles/997238/

Programming language polyglots are files that are valid
programs in multiple languages, and do different things in each. While polyglots are normally
nothing more than a curiosity, the

Cosmopolitan Libc project has been trying
to put them to a novel use: producing native, multi-platform binaries that
run directly on several operating systems and architectures. There are still
some rough edges with the project’s approach, but it is generally possible to
build C programs into a polyglot format with with minimal
tweaking.

Post Syndicated from daroc original https://lwn.net/Articles/996720/

Back In Time is a GPL-2.0-licensed backup tool based on

rsync and written in Python. It has both graphical and command-line interfaces, and
supports backups to local disks or over SSH.
Back In Time was originally written by
Oprea Dan and released in 2009. The tool has been
through some rough patches over the years, and is currently on its third set of
maintainers. Christian Buhtz, one of the current maintainers, explained to me
how he and his co-maintainers had revived the project, as well as why he thought
Back In Time stood out from all of the existing backup solutions.

Post Syndicated from daroc original https://lwn.net/Articles/997525/

Greg Kroah-Hartman has shared another seven stable kernel updates:
6.6.60,
6.11.7,
6.1.116,
5.15.171,
5.10.229,
5.4.285, and
4.19.323.

Post Syndicated from daroc original https://lwn.net/Articles/997480/

Security updates have been issued by AlmaLinux (edk2), Debian (webkit2gtk), Fedora (thunderbird), Oracle (bzip2, container-tools:ol8, edk2, go-toolset:ol8, libtiff, python-idna, python3.11, and python3.12), Slackware (expat), and SUSE (apache2, govulncheck-vulndb, grub2, java-1_8_0-openjdk, python3, python39, qemu, xorg-x11-server, and xwayland).

Post Syndicated from daroc original https://lwn.net/Articles/996329/

Image-based Linux distributions have seen increasing popularity, recently. They
promise reliability and security, but pose packaging problems for
existing distributions. Ryan Lahfa and Niklas Sturm spoke about the work that
NixOS has done to enable an image-based workflow at this year’s

All Systems Go!
conference in Berlin.
Unfortunately, LWN was not able to cover the conference for scheduling reasons,
but the

videos of the event are available for anyone interested in watching the
talks.
Lahfa and Sturm explained that it is currently possible to create a

NixOS system that
cryptographically verifies the kernel, initrd, and Nix store on boot — although
doing so still has some rough edges. Making an image-based NixOS installation is
similarly possible.

Post Syndicated from daroc original https://lwn.net/Articles/995814/

Joshua Liebow-Feeser took to the stage at
RustConf to describe the methodology
that his team uses to encode
arbitrary constraints in the Rust type system when working on the

Fuchsia operating system
(slides).
The technique is not unknown to
the Rust community, but Liebow-Feeser did a good job of both explaining the
method and making a case for why it should be used more widely.

Post Syndicated from daroc original https://lwn.net/Articles/996687/

Greg Kroah-Hartman has released another four stable Linux kernel updates:
6.11.6,
6.6.59,
6.1.115, and
5.15.170.

Post Syndicated from daroc original https://lwn.net/Articles/996679/

Security updates have been issued by Debian (firefox-esr), Fedora (xorg-x11-server-Xwayland), Oracle (buildah, e2fsprogs, grafana, kernel, and mod_http2), Red Hat (buildah, container-tools:rhel8, firefox, grafana, grafana:7.3.6, podman, and thunderbird), SUSE (alloy, cargo-audit-advisory-db-20241030, chromedriver, corepack22, netty, openvpn, python310-Werkzeug, thunderbird, uwsgi, and xsd), and Ubuntu (linux, linux-azure-6.8, linux-gcp-6.8, linux-hwe-6.8 and linux, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4).

Post Syndicated from daroc original https://lwn.net/Articles/996216/

Mozilla has
announced the release of a new version of Firefox. This version has the usual mix of

security fixes and new features, as well as a handful of deprecations. The release removes support for HTTP/2 Push, but adds hardware acceleration for SVGs, support for wide color gamuts on more platforms, and restores support for remote debugging via USB.

Post Syndicated from daroc original https://lwn.net/Articles/995276/

The first program that Martin Pool ever wrote, he said, had bugs; the ones he’s writing
now most likely have bugs too. The talk Pool gave at
RustConf this year was about a way to try
to write programs with fewer bugs. He has developed a tool called

cargo-mutants that highlights gaps in test coverage by identifying
functions that can be broken without causing any tests to fail.
This can be a valuable complement to other testing techniques,
he explained.

Post Syndicated from daroc original https://lwn.net/Articles/996196/

Security updates have been issued by Debian (exim4) and SUSE (chromium, openssl-1_1, and openssl-3).

Post Syndicated from daroc original https://lwn.net/Articles/995125/

Sparrow Li presented virtually at

RustConf 2024 about the current state of and
future plans for the Rust compiler’s performance. The compiler is relatively slow to compile
large programs, although it has been getting better over time. The next big
performance improvement to come will be parallelizing the compiler’s parsing,
type-checking, and related operations, but even after that, the project has
several avenues left to explore.

Post Syndicated from daroc original https://lwn.net/Articles/995768/

Security updates have been issued by Debian (distro-info-data), Fedora (libtiff), Mageia (firefox and oath-toolkit), Red Hat (krb5), and SUSE (openssl-1_1).

Post Syndicated from daroc original https://lwn.net/Articles/994334/

Currently in Rust, there is no efficient and safe way to turn an array of bytes
into a structure that corresponds to the array. Changing that was the topic of
Jack Wrenn’s talk this year at

RustConf:

“Safety Goggles for Alchemists”. The goal is to be able to “transmute” —
Rust’s name for this kind of conversion — values into arbitrary user-defined
types in a safer way. Wrenn justified the approach that the project has taken to
accomplish this, and spoke about the future work required to stabilize it.

Post Syndicated from daroc original https://lwn.net/Articles/994704/

The Image-Based Linux Summit has by now established itself as a yearly event.
Following on from last year’s edition,
the third edition was held in Berlin on September 24, the
day before

All Systems Go! 2024 (ASG). The purpose of this event is to gather
stakeholders from various engineering groups and hold friendly but lively
discussions around the topic of image-based Linux — that is, Linux distributions
based around immutable images, instead of mutable root filesystems.

Post Syndicated from daroc original https://lwn.net/Articles/994865/

The

Guix project has

disclosed a security vulnerability in the build daemon that the distribution uses to build and install software locally. The vulnerability allows an existing unprivileged user to get access to a

setuid binary, and from there potentially interfere with any other software built or installed on the computer. The project recommends upgrading the guix daemon now, to avoid the issue.

This exploit requires the ability to start a derivation build and the
ability to run arbitrary code with access to the store in the root PID
namespace on the machine the build occurs on. As such, this represents
an increased risk primarily to multi-user systems and systems using
dedicated privilege-separation users for various daemons: without
special sandboxing measures, any process of theirs can take advantage
of this vulnerability.

Post Syndicated from daroc original https://lwn.net/Articles/994703/

Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, and webkit2gtk3), Debian (apache2), Red Hat (expat), SUSE (cups-filters, jetty-minimal, OpenIPMI, and python-starlette), and Ubuntu (linux-azure, linux-azure, linux-azure-5.15, linux-azure, linux-azure-5.4, and oath-toolkit).

Post Syndicated from daroc original https://lwn.net/Articles/993785/

Rust, like C, has its own memory model describing how concurrent access to the
same data by multiple threads can behave.
The Linux kernel, however, has its own
ideas. The

Linux kernel memory model (LKMM) is subtly different from both the
standard C memory model and Rust’s model.
At Kangrejos, Boqun Feng gave a presentation about the
need to reconcile the memory models used by Rust and the kernel,
including a few potential avenues for doing so. While
no consensus was reached, it is an area of active discussion.

Post Syndicated from daroc original https://lwn.net/Articles/993484/

Paul McKenney gave a presentation at Kangrejos this year that wasn’t (directly)
related to Rust. Instead, he spoke about the work he has been doing in concert
with many other contributors on improving the handling of subtle concurrency
problems in C++.
Although he cautioned that his talk was only an overview, and not a
substitute for reading the relevant papers, he hoped that the things the C++
community is working on would be of interest to the Rust developers present as
well, and potentially inform future work on the language. McKenney’s talk was,
as is his style, full of subtle examples of weird multithreaded behavior.
Interested readers may wish to refer to

his slides in an attempt to follow along.

Post Syndicated from daroc original https://lwn.net/Articles/993163/

At Kangrejos, Gary Guo wanted to discuss three problems with the way
Rust and C code in the kernel interact: mismatched types, too many type casts,
and the overhead of helper functions. To fix the first two problems, Guo proposed
changing the way the kernel maps C types into Rust types. The last problem was a
bit trickier, but he has a clever workaround for that, based on tricking
the compiler into inlining the helper functions across language boundaries.