Post Syndicated from daroc original https://lwn.net/Articles/982398/

On July 12, Jocelyn Falempe

proposed a change to the configuration options that Fedora sets for its
kernels, in order to make kernel panics easier to report.
Falempe would like to enable the kernel’s recently added
DRM-panic feature, which adds
a graphical crash screen that is reminiscent of the infamous
Windows “blue screen of death” for kernel panics. The feature introduces a few
tradeoffs, including currently limited driver support, so the proposal spawned a
good deal of discussion.

Post Syndicated from daroc original https://lwn.net/Articles/982965/

Let’s Encrypt has
announced
that it intends to end support “as soon as possible” for the

Online Certificate Status Protocol (OCSP) over privacy concerns. OCSP was developed as a
lighter-weight alternative to

Certificate Revocation Lists (CRLs) that did not involve downloading
the entire CRL in order to check whether a certificate was valid. Let’s Encrypt will continue
supporting OCSP as long as it is a requirement for Microsoft’s

Trusted Root Program, but hopes to discontinue it soon:

We plan to end support for OCSP primarily because it represents a considerable risk to privacy on the Internet. When someone visits a website using a browser or other software that checks for certificate revocation via OCSP, the Certificate Authority (CA) operating the OCSP responder immediately becomes aware of which website is being visited from that visitor’s particular IP address. Even when a CA intentionally does not retain this information, as is the case with Let’s Encrypt, CAs could be legally compelled to collect it. CRLs do not have this issue.

People using Let’s Encrypt as their CA should, for the most part, not need to change their setups.
All modern browsers support CRLs, so end-users shouldn’t notice an impact either.

Post Syndicated from daroc original https://lwn.net/Articles/982077/

LWN has covered BPF

since its initial introduction to Linux, usually through the lens of the newest
developments; this can make it hard to view the whole picture. BPF provides
a way to extend a running kernel, without having to recompile and reboot.
It does this in a safe way, so that malicious BPF
programs cannot crash a running kernel, thanks to the BPF verifier. So how does
the verifier actually work, what are its limits, and how has it changed since
the early days of BPF?

Post Syndicated from daroc original https://lwn.net/Articles/982585/

The Next Generation Internet
(NGI) project, an initiative of the EU’s European Commission (EC),
provides funding in the form of grants for a wide variety of
open-source software,
including
Redox,
Briar,
SourceHut, and many more.
But the NGI project is not among those that would be funded under the current draft budget for 2025,

as The Register reports. More than 60 organizations have signed on to an open letter asking the
EC to reconsider:

We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure.
Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organizations.

Post Syndicated from daroc original https://lwn.net/Articles/981663/

The
NumPy project
released version 2.0.0 on
June 16, the first major release of the widely
used Python-based numeric-computing library since 2006. The release has been planned for some
time, as an opportunity to clean up NumPy’s API. As with most NumPy updates,
there are performance improvements to several individual functions. There are only a few new
features, but several backward-incompatible changes, including a change to
NumPy’s numeric-promotion rules. Changes to the Python API require relatively minor changes to
Python code using the library, but the changes to the C API may be more
difficult to adapt to. In
both cases, the official

migration guide describes what needs to be adapted to the new version.

Post Syndicated from daroc original https://lwn.net/Articles/982559/

Security updates have been issued by AlmaLinux (firefox, java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, libndp, openssh, qt5-qtbase, ruby, skopeo, and thunderbird), Debian (thunderbird), Fedora (dotnet6.0, httpd, python-django, python-django4.2, qt6-qtbase, rapidjson, and ruby), Red Hat (389-ds-base, firefox, java-1.8.0-openjdk, java-11-openjdk, libndp, qt5-qtbase, and thunderbird), Slackware (httpd), SUSE (apache2, chromium, and kernel), and Ubuntu (apache2, linux-aws, linux-azure-fde, linux-azure-fde-5.15, linux-hwe-5.15, linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5, and linux-raspi, linux-raspi-5.4).

Post Syndicated from daroc original https://lwn.net/Articles/982186/

Redox has received a
grant to work on implementing POSIX-compatible signals. The

draft design calls for them to be implemented nearly completely in user space.

So far, the signals project has been going according to plan, and
hopefully, POSIX support for signals will be mostly complete by the
end of summer, with in-kernel improvements to process management.
After that, work on the userspace process manager will begin,
possibly including new kernel performance and/or functionality
improvements to facilitate this.

Post Syndicated from daroc original https://lwn.net/Articles/972580/

On June 25, Matthew Wilcox posted

a second version of a patch set
introducing a new
data structure called rosebush, which
“is a resizing, scalable, cache-aware, RCU optimised hash
table.” The kernel already has generic hash tables, though, including
rhashtable. Wilcox believes that the design of
rhashtable is not the best choice for performance, and has written rosebush as
an alternative for use in the

directory-entry cache (dcache) — the filesystem cache used to speed up
file-name lookup.

Post Syndicated from daroc original https://lwn.net/Articles/981813/

Security updates have been issued by Debian (apache2), Fedora (mingw-python3 and python-urllib3), Oracle (dotnet6.0, dotnet8.0, fence-agents, openssh, pki-core, and virt:ol and virt-devel:rhel), SUSE (apache2, firefox, libvpx, oniguruma, python-zipp, python310, thunderbird, and tomcat10), and Ubuntu (apache2, apport, linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi, linux, linux-gcp, linux-nvidia-6.5, linux-raspi, linux-gke, and python-django).

Post Syndicated from daroc original https://lwn.net/Articles/981124/

Since the

disagreements that led to Eelco Dolstra

stepping down from the NixOS
Foundation board, there have been a number of projects forked from or inspired
by

Nix that have stepped up to compete with it. Two months on, some of these
projects are now well-established enough to look at what they have to offer and
how they compare to each other. Overall, users have a number of good options to
choose from, whether they’re seeking a compatible replacement for Nix (the
configuration language and package manager) or NixOS (the Linux distribution),
or something that takes the same ideas in a different direction.

Post Syndicated from daroc original https://lwn.net/Articles/980430/

The

PSP security protocol (PSP) is a way to transparently encrypt packets by
efficiently offloading encryption and decryption to the network
interface cards (NICs) that Google uses for connections inside its data centers. The
protocol is similar to

IPsec, in that it allows for wrapping arbitrary traffic
in a layer of encryption. The difference is that PSP is encapsulated in UDP, and
designed from the beginning to reduce the amount of state that NICs
have to track in order to send and receive encrypted traffic, allowing for more
simultaneous connections. Jakub Kicinski

wants to add support for the protocol to the Linux kernel.

Post Syndicated from daroc original https://lwn.net/Articles/979870/

ISO releases new C++
language standards on a three-year cadence; now that it’s been
more than a year since the finalization of
C++23, we have a good idea of what

features could be adopted for
C++26 — although proposals can
still be submitted until January 2025. Of particular interest is the addition of
support for

hazard pointers and

user-space read-copy-update (RCU).
Even though C++26 is not yet a standard, many of the proposed features are already
available to experiment with in GCC or Clang.

Post Syndicated from daroc original https://lwn.net/Articles/980856/

Greg Kroah-Hartman has announced the release of seven more stable kernels.
Versions 6.9.8,
6.9.37,
6.1.97,
5.15.162,
5.10.221,
5.4.279,
and 4.19.317 are now available.

Post Syndicated from daroc original https://lwn.net/Articles/980855/

Security updates have been issued by Fedora (cockpit, python-astropy, python3-docs, and python3.12), Gentoo (BusyBox, GNU Coreutils, GraphicsMagick, podman, PuTTY, Sofia-SIP, TigerVNC, and WebKitGTK+), Mageia (chromium-browser-stable and openvpn), SUSE (cockpit, krb5, and netatalk), and Ubuntu (kopanocore, libreoffice, linux-aws, linux-oem-6.8, linux-aws-5.15, linux-azure, linux-azure-4.15, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oracle, linux-starfive-6.5, and virtuoso-opensource).

Post Syndicated from daroc original https://lwn.net/Articles/979747/

On May 7, Kees Cook sent

a proposal to the linux-kernel mailing list, asking for the kernel
developers to start
working on a way to mitigate unintentional arithmetic overflow, which has been a
source of many bugs. This is not the first time Cook has made a request along
these lines; he sent a related patch set in
January 2024.
Several core developers objected to the plan for different
reasons. After receiving their feedback,
Cook modified his approach to tackle the problem
in a series of smaller steps.

Post Syndicated from daroc original https://lwn.net/Articles/980003/

The Free Software Foundation Europe has

submitted a joint position to the European Commission (EC), claiming that Apple
has failed to comply with the EU’s Digital Markets Act (DMA). This is the law
that requires Apple to support alternative application stores on the devices it
makes.

Apple’s unfair behaviour against Free Software highlights the critical need to
monitor the implementation of the DMA. The FSFE collaborated with F-Droid, the
AppFair project, and other interoperability experts to scrutinize Apple’s DMA
compliance, and it’s impact on Free Software. Since then, we coordinated several
expert workshops with stakeholders,

discussed with regulators in FOSDEM, had

official meetings with the EC’s DMA team, and submitted a

comprehensive position
to the EC detailing several problematic elements in the Apple compliance that
will harm the Free Software.

Post Syndicated from daroc original https://lwn.net/Articles/979524/

With the

Rust-for-Linux project starting to gain some ground, it is worth
looking at other operating systems that use Rust in their kernels. There
are
many attempts to use
Rust for operating system development, but Redox
may be the most complete.
Redox is an MIT-licensed microkernel and corresponding user space, designed
around concepts taken from

Plan 9. While nowhere near being usable as a
replacement for Linux, it already provides a graphical user interface and

the ability to run many POSIX programs.

Post Syndicated from daroc original https://lwn.net/Articles/979999/

Security updates have been issued by AlmaLinux (pki-core), Debian (dlt-daemon and plasma-workspace), Fedora (emacs and kernel), Mageia (erofs-utils, libheif, libopenmpt, and wget), Red Hat (pki-core and python3), SUSE (frr), and Ubuntu (fontforge, sqlite3, and squid3).

Post Syndicated from daroc original https://lwn.net/Articles/978955/

Unison is a
MIT-licensed programming language, in development since 2013, that
explores the ramifications of making code immutable and stored in a database,
instead of a set of text files.
Unison supports a greatly simplified model for distributed
programming — one that describes the configuration of and communication between
programs in the same language as the programs themselves. Along the way, it
introduces a new approach to interfacing with programming languages, which is tailored to
its design.

Post Syndicated from daroc original https://lwn.net/Articles/979259/

The
6.9.6,
6.6.35,
6.1.95, and
5.10.220
stable kernels have all been released; as usual, users are advised to update
immediately.