All posts by jake

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/791165/rss

Security updates have been issued by Arch Linux (gvim, lib32-openssl, openssl, and vim), Debian (dbus), Fedora (dovecot, evince, js-jquery-jstree, libxslt, php-phpmyadmin-sql-parser, and phpMyAdmin), openSUSE (neovim and rubygem-rack), Oracle (docker-engine and python), Scientific Linux (python), Slackware (mozilla), and SUSE (containerd, docker, docker-runc, go, go1.11, go1.12,
golang-github-docker-libnetwork, elfutils, libvirt, and python-requests).

[$] Paying (some) Debian developers

Post Syndicated from jake original https://lwn.net/Articles/790954/rss

In an offshoot of the Debian discussion we looked at last week, the Debian project has
been discussing the idea of paying developers to work on the distribution.
There is some history behind the idea, going back to the controversial Dunc-Tank initiative in 2006,
but some think attitudes toward funding developers may have changed—or that
a new
approach might be better accepted. While it is playing out with regard to
Debian right now, it is a topic that other projects have struggled with
along the
way—and surely will again.

[$] Python and “dead” batteries

Post Syndicated from jake original https://lwn.net/Articles/790677/rss

Python is, famously, a “batteries included” language; it comes with a rich
standard library right out of the box, which makes for a highly useful
starting point for everyone. But that does have some downsides as well. The
standard library modules are largely maintained by the CPython core
developers, which adds to their duties; the modules themselves are
subject to the CPython release schedule, which may be suboptimal. For
those reasons and others, there have been thoughts about retiring some
of the older modules; it is a topic that has come up several times over the
last year or so.

[$] BPF for security—and chaos—in Kubernetes

Post Syndicated from jake original https://lwn.net/Articles/790684/rss

BPF is probably familiar to many LWN readers, though it’s likely not yet
quite as well known in the Kubernetes community — but that could soon
change. At KubeCon +
CloudNativeCon Europe 2019
there were multiple sessions with BPF in
the title where developers talked about how BPF can be used to
help with Kubernetes security, monitoring, and even chaos engineering
testing.
We will look at two of those talks that were led by engineers closely
aligned with the
open-source Cilium project, which is all
about bringing BPF to Kubernetes container environments.
Thomas Graf, who contributes to BPF development in the Linux kernel,
led a session on transparent chaos testing with Envoy, Cilium, and BPF,
while his counterpart Dan Wendlandt, who is well known in the OpenStack
community for helping to start the Neutron networking project, spoke about
using the kernel’s BPF capabilities to add visibility and
security in a Kubernetes-aware manner.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/790647/rss

Security updates have been issued by Debian (evolution and qemu), Fedora (cyrus-imapd and hostapd), Gentoo (exim), openSUSE (exim), Red Hat (qpid-proton), SUSE (bind, libvirt, mariadb, mariadb-connector-c, python, and rubygem-rack), and Ubuntu (firefox, jinja2, and linux-lts-xenial, linux-aws).

[$] Seeking consensus on dh

Post Syndicated from jake original https://lwn.net/Articles/790382/rss

Debian takes an almost completely “hands off” approach to the decisions
that Debian developers
(DDs) can make in regard to the packaging and maintenance of their
packages. That leads to maximal freedom for DDs, but
impacts the project in other ways, some of which may be less than entirely
desirable. New Debian project leader (DPL) Sam Hartman started a
conversation about potential changes to the Debian packaging requirements
back in mid-May. In something of a departure from the Debian tradition of
nearly endless discussion without reaching a conclusion (and, possibly,
punting the decision to the technical committee or a
vote in a general
resolution
), Hartman has instead tried
to guide the discussion toward reaching some kind of rough consensus.

[$] How many kernel test frameworks?

Post Syndicated from jake original https://lwn.net/Articles/790235/rss

The kernel self-test framework (kselftest)
has been a part of the kernel for some time now; a relatively recent
proposal for a kernel unit-testing framework,
called KUnit,
has left some wondering why both exist. In a lengthy discussion thread about
KUnit, the justification for adding another testing
framework to the kernel was debated. While there are different use cases
for kselftest and KUnit, there was concern about fragmenting the kernel-testing
landscape.

[$] Fun with LEDs and CircuitPython

Post Syndicated from jake original https://lwn.net/Articles/789930/rss

Nina Zakharenko has been programming for a long time; when she was young
she thought that “the idea that I could trick computers into doing what I
tell them was pretty awesome”. But as she joined the workforce, her
opportunities for “creative coding” faded away; she regained some of that
working with open source, but tinkering with hardware is what let her
creativity “truly explode”. It has taken her years to get back what she
learned long ago, she said, and her keynote at PyCon 2019 was meant to show
attendees the kinds of things can be built with Python—starting with
something that attendees would find in their swag bag.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/789995/rss

Security updates have been issued by Debian (miniupnpd and qemu), Fedora (drupal7-entity and xen), openSUSE (kernel), Oracle (bind and firefox), Red Hat (go-toolset-1.11-golang), SUSE (cronie, evolution, firefox, gnome-shell, java-1_7_0-openjdk, jpeg, and mailman), and Ubuntu (corosync, evolution-data-server, gnutls28, and libseccomp).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/789849/rss

Security updates have been issued by CentOS (firefox and libvirt), Debian (openjdk-8 and tomcat7), Fedora (drupal7-entity), Mageia (kernel), openSUSE (bluez, gnutls, and libu2f-host), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (axis, libtasn1, and rmt-server), and Ubuntu (sudo).

[$] A kernel debugger in Python: drgn

Post Syndicated from jake original https://lwn.net/Articles/789641/rss

A kernel debugger that allows Python scripts to access data structures in
a running kernel was the topic of Omar Sandoval’s plenary session at the
2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM). In
his day job at Facebook, Sandoval does a fair amount of kernel debugging
and he found the existing tools to be lacking. That led him to build drgn, which is a debugger built
into a Python library.

[$] Shrinking filesystem caches for dying control groups

Post Syndicated from jake original https://lwn.net/Articles/789640/rss

In a followup to his earlier session on dying
control groups
, Roman Gushchin wanted to talk about problems with the
shrinkers and filesystem caches in a combined filesystem and
memory-management session at the
2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM).
Specifically, for control groups that share the same underlying filesystem,
the shrinkers are not able to reclaim memory from the VFS caches after a
control group dies, at least under slight to moderate memory pressure. He
wanted to discuss how to reclaim that memory without major performance
impacts.

[$] The Linux “copy problem”

Post Syndicated from jake original https://lwn.net/Articles/789623/rss

In a filesystem session on the third day of the 2019 Linux Storage,
Filesystem, and Memory-Management Summit (LSFMM), Steve French wanted to
talk about copy operations. Much of the development work that has gone on
in the Linux filesystem world over the last few years has been related to
the performance of
copying files, at least indirectly, he said. There are still pain
points around copy operations, however, so he would like to see those get
addressed.

[$] A way to do atomic writes

Post Syndicated from jake original https://lwn.net/Articles/789600/rss

Finding a way for applications to do atomic writes to files, so that either
the old or new data is present after a crash and not a combination of the
two, was the topic of a session
led by Christoph Hellwig at the 2019 Linux Storage, Filesystem, and
Memory-Management Summit (LSFMM).
Application developers hate the fact that when they update files in place,
a crash can leave them with old or new data—or sometimes a combination of
both.
He discussed some implementation ideas
that he has for atomic writes for XFS and wanted to see what the other
filesystem developers thought about it.

[$] Storage testing

Post Syndicated from jake original https://lwn.net/Articles/789538/rss

Ted Ts’o led a discussion on storage testing and, in particular, on his
experience getting blktests running for his test
environment,
in a combined storage and filesystem session at the 2019 Linux Storage,
Filesystem, and Memory-Management Summit. He has been adding some testing
to his automated test platform, including blktests, and he would like to
see more people running storage tests. The idea of his session was to see
what could be done to help that cause.

[$] Improving .deb

Post Syndicated from jake original https://lwn.net/Articles/789449/rss

Debian Linux and its family of derivatives (such as Ubuntu) are partly
characterized by their use of .deb as the packaging format.
Packages in this format are produced not only by the distributions themselves,
but also by independent software vendors. The last major change of the format
internals happened back in 1995. However, a discussion of possible
changes has been brought up recently on the debian-devel mailing list by Adam
Borowski.

[$] Testing and the stable tree

Post Syndicated from jake original https://lwn.net/Articles/789225/rss

The stable tree was the topic for a plenary session led by Sasha Levin at
the 2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM).
One of the main areas that needs attention is testing, according to Levin.
He wanted to discuss how to do more and better testing as well as to
address any concerns that attendees might have with regard to the stable tree.