All posts by jake

[$] A schism in the OpenPGP world

Post Syndicated from jake original https://lwn.net/Articles/953797/

The OpenPGP standard for email
encryption has been around since 1997, when it was derived from the
venerable Pretty Good
Privacy
(PGP) program that was released in 1991. Since it came about,
OpenPGP has been the decentralized, interoperable way to exchange encrypted
email, though
its use never really took off as advocates hoped. Now, though, it
would seem that a split in the OpenPGP community threatens to
fragment the OpenPGP-encrypted-email landscape, potentially leading to
interoperability woes.

[$] Supplementing CVEs with !CVEs

Post Syndicated from jake original https://lwn.net/Articles/953738/

The Common Vulnerabilities and Exploits
(CVE) system is the main mechanism for tracking various security
flaws,
using the omnipresent CVE number—even vulnerabilities with fancy names and
web sites
have CVE numbers. But the CVE system is not without its critics and, in
truth, the incentives between the reporting side and those responsible for
handling the bugs have always been misaligned, which leads to abuse of
various kinds. There have been efforts to
combat some of those abuses
along the way; a newly announced
“!CVE” project
is meant to track vulnerabilities “that are not
acknowledged by vendors but
still are serious security issues
“.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/953702/

Security updates have been issued by Debian (amanda, ncurses, nghttp2, opendkim, rabbitmq-server, and roundcube), Fedora (golang-github-openprinting-ipp-usb, kernel, kernel-headers, kernel-tools, and samba), Mageia (audiofile, galera, libvpx, and virtualbox), Oracle (kernel and postgresql:13), SUSE (openssl-3, optipng, and python-Pillow), and Ubuntu (firefox).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/953512/

Security updates have been issued by Debian (chromium, gimp-dds, horizon, libde265, thunderbird, vlc, and zbar), Fedora (java-17-openjdk and xen), Mageia (optipng, roundcubemail, and xrdp), Red Hat (postgresql), Slackware (samba), SUSE (chromium, containerd, docker, runc, libqt4, opera, python-django-grappelli, sqlite3, and traceroute), and Ubuntu (linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15,
linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, and linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp,
linux-gcp-6.2).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/953379/

Security updates have been issued by Fedora (chromium, gnutls, gst-devtools, gstreamer1, gstreamer1-doc, libcap, mingw-poppler, python-gstreamer1, qbittorrent, webkitgtk, and xen), Mageia (docker, kernel-linus, and python-django), Oracle (dotnet6.0, dotnet7.0, dotnet8.0, firefox, samba, squid, and thunderbird), Red Hat (firefox, postgresql:13, squid, and thunderbird), SUSE (cilium, freerdp, java-1_8_0-ibm, and java-1_8_0-openj9), and Ubuntu (ec2-hibinit-agent, freerdp2, gimp, gst-plugins-bad1.0, openjdk-17, openjdk-21, openjdk-lts, openjdk-8, pypy3, pysha3, and u-boot-nezha).

[$] An overview of kernel samepage merging (KSM)

Post Syndicated from jake original https://lwn.net/Articles/953141/

In the Kernel Summit
track
at the 2023 Linux
Plumbers Conference
(LPC), Stefan Roesch led a session on kernel
samepage merging
(KSM). He gave an overview of the feature and described
some recent changes to KSM. He showed how
an application can enable KSM to deduplicate its memory and how the feature
can be evaluated to determine whether it is a good fit for new workloads.
In addition, he provided some real-world data of the benefits from his
workplace at Meta.

[$] Using drgn on production kernels

Post Syndicated from jake original https://lwn.net/Articles/952942/

The drgn Python-based kernel
debugger was developed by Omar Sandoval for use in his job on the kernel
team at Meta. He now spends most of his time working on drgn, both in
developing new features for the tool and in using
it to debug production problems at Meta, which gives him a view of both
ends of that feedback loop. At the 2023
Linux Plumbers
Conference
(LPC), he led a session on drgn in the kernel debugging
microconference
, where he wanted to brainstorm on how to add some new
features to the debugger and, in particular, how to allow them to work on
production kernels.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/952923/

Security updates have been issued by Debian (freeimage, gimp, gst-plugins-bad1.0, node-json5, opensc, python-requestbuilder, reportbug, strongswan, symfony, thunderbird, and tiff), Fedora (chromium, galera, golang, kubernetes, mariadb, python-asyncssh, thunderbird, vim, and webkitgtk), Gentoo (AIDE, Apptainer, GLib, GNU Libmicrohttpd, Go, GRUB, LibreOffice, MiniDLNA, multipath-tools, Open vSwitch, phpMyAdmin, QtWebEngine, and RenderDoc), Slackware (vim), SUSE (gstreamer-plugins-bad, java-1_8_0-ibm, openvswitch, poppler, slurm, slurm_22_05, slurm_23_02, sqlite3, vim, webkit2gtk3, and xrdp), and Ubuntu (openvswitch and thunderbird).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/952602/

Security updates have been issued by Debian (firefox-esr, gnutls28, intel-microcode, and tor), Fedora (chromium, microcode_ctl, openvpn, and vim), Gentoo (LinuxCIFS utils, SQLite, and Zeppelin), Oracle (c-ares, container-tools:4.0, dotnet7.0, kernel, kernel-container, nodejs:20, open-vm-tools, squid:4, and tigervnc), Red Hat (samba and squid), Slackware (mozilla), SUSE (fdo-client, firefox, libxml2, maven, maven-resolver, sbt, xmvn, poppler, python-Pillow, squid, strongswan, and xerces-c), and Ubuntu (apache2, firefox, glusterfs, nghttp2, poppler, python2.7, python3.5, python3.6, tiff, and zfs-linux).

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/951999/

Security updates have been issued by Debian (freerdp2, lwip, netty, and wireshark), Fedora (dotnet6.0, dotnet7.0, golang, gst-devtools, gstreamer1, gstreamer1-doc, gstreamer1-plugin-libav, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-rtsp-server, gstreamer1-vaapi, podman-tui, prometheus-podman-exporter, python-gstreamer1, syncthing, and tigervnc), Mageia (chromium-browser-stable, haproxy, and tigervnc), Oracle (curl, ghostscript, microcode_ctl, nghttp2, open-vm-tools, samba, and squid), SUSE (gcc13, postgresql14, and yt-dlp), and Ubuntu (iniparser).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/951801/

Security updates have been issued by Debian (webkit2gtk), Fedora (microcode_ctl, pack, and tigervnc), Slackware (gimp), SUSE (frr, gcc13, go1.20, go1.20-openssl, go1.21, go1.21-openssl, libnbd, libxml2, python-Pillow, python-urllib3, and xen), and Ubuntu (intel-microcode and openvpn).

[$] Faster kernel testing with virtme-ng

Post Syndicated from jake original https://lwn.net/Articles/951313/

Building new kernels and booting into them is an unavoidable—and
time-consuming—part of kernel development. Andrea Righi works for
Canonical on the Ubuntu kernel team, so he does a lot of that and wanted to
find a way to speed up the task. To that end, he has been working
on virtme-ng, which is a
way to boot a new kernel in a virtual machine, and it does
so quickly. He came to the 2023
Linux Plumbers Conference
(LPC) in Richmond, Virginia to introduce the
project to a wider audience.

[$] Using Common Lisp in Emacs

Post Syndicated from jake original https://lwn.net/Articles/951090/

Lisp
is one of the oldest programming languages still in use today, but it has
evolved in multiple directions over its more than 60-year history. Two of
the more prominent descendants, Common Lisp and Emacs Lisp (or Elisp),
are fairly closely related at some level, but there is still something of a
divide between them. Some recent discussion in the emacs-devel mailing
list have shown that some elements from Common Lisp are not completely
welcome in
Elisp—at least in the code that is maintained by the Emacs project itself.

Kernel prepatch 6.7-rc1

Post Syndicated from jake original https://lwn.net/Articles/951201/

Linus Torvalds has released
6.7-rc1, thus closing the merge window
for this release. It is the largest merge window ever, but some of that
was due to the bcachefs history that came with merge of that filesystem.

But 6.7 is pretty
big in other ways too, with

12678 files changed, 838819 insertions(+), 280754 deletions(-)

which is also bigger than those historically big releases [4.9, 5.8 and
5.13]. And that’s
not due to bcachefs, that’s actually mainly due to ia64 removal and a
lot of GPU support (notably lots of AMD GPU header files again – lots
and lots of lines, but there’s support for new nvidia cards too).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/951066/

Security updates have been issued by Fedora (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), Mageia (squid and vim), Oracle (dnsmasq, python3, squid, squid:4, and xorg-x11-server), Red Hat (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), Scientific Linux (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), SUSE (go1.21), and Ubuntu (linux-gke and linux-iot).

[$] Reducing patch postings to linux-kernel

Post Syndicated from jake original https://lwn.net/Articles/950567/

The linux-kernel mailing list famously gets an enormous amount of email on a
daily basis; the volume is so high that various email providers try to
rate-limit it, which can lead to huge backlogs on the sending
side and, of course, delayed mail. Part of the reason there is so much
traffic is that nearly every patch gets copied to the mailing list, even
when it may be unnecessary to do so. A proposed change
would start shunting some of that patch email aside and, as might be
guessed, has both supporters and detractors, but the discussion does
highlight some of the
different ways the mailing list is used by kernel developers.

[$] Progress in wrangling the Python C API

Post Syndicated from jake original https://lwn.net/Articles/950457/

There has been a lot of action for the Python C API in the last month or
so—much of it organizational in nature. As predicted in our late September article on using the “limited”
C API in the standard library, the core developer sprint in October was the
scene of some discussions about the API and the plans for it. Out
of those discussions have come two PEPs, one of which describes the API,
its purposes, strengths, and weaknesses, while the other would establish a C
API working group to coordinate and oversee the development and maintenance
of it.