Post Syndicated from jake original https://lwn.net/Articles/1044280/

Julia is a modern programming
language that is of particular interest to scientists due to its high
performance combined with language features such as Lisp-style macros, an
advanced type system, and multiple dispatch. We last looked at Julia in January on the occasion of
its 1.11 release. Early in October Julia 1.12
appeared, bringing a handful of quality-of-life improvements for Julia
programmers, most notably support, though still experimental and limited,
for the creation of binaries.

Post Syndicated from jake original https://lwn.net/Articles/1044844/

Barry Warsaw, writing for the Python steering council, has announced
that PEP 810 (“Explicit lazy
imports”) has been approved, unanimously, by the four who could vote. Since
Pablo Galindo Salgado was one of the PEP authors, he did not vote. The PEP provides a way to defer importing modules until the names
defined in a module are
needed by other parts of the program. We covered the PEP and the discussion around it
a few weeks back. The council also had “recommendations about some of
the PEP’s details, a few suggestions for filling a couple of small
gaps“, including:

Use lazy as the keyword. We debated many of the given alternatives
(and some we came up with ourselves), and ultimately agreed with the PEP’s
choice of the lazy keyword. The closest challenger was
defer, but once we tried to use that in all the places where the
term is visible, we ultimately didn’t think it was as good an overall
fit. The same was true with all the other alternative keywords we could
come up with, so… lazy it is!

What about from foo lazy import bar? Nope! We like that in both module imports and from-imports that the lazy keyword is the first thing on the line. It helps to visually recognize lazy imports of both varieties.

Post Syndicated from jake original https://lwn.net/Articles/1042715/

A new class of attacks on Android phones, called “Pixnapping“, was announced on
October 13. It allows a malicious app to gather output rendered in a
victim app, pixel-by-pixel, by exploiting a GPU side-channel. Depending on
what the victim app displays, anything from sensitive email and chats to
two-factor authentication (2FA) codes could be captured—and shipped off to
an attacker’s site.

Post Syndicated from jake original https://lwn.net/Articles/1041120/

Importing modules in Python is ubiquitous; most Python programs start
with at least a few import statements. But the performance impact
of those imports can be large—and may be entirely wasted effort if the
symbols imported end up being unused. There are multiple ways to lazily
import modules, including one in the standard library, but none of them are
part of the Python language itself. That
may soon change, if the recently proposed
PEP 810 (“Explicit lazy
imports”) is approved.

Post Syndicated from jake original https://lwn.net/Articles/1042680/

Security updates have been issued by Debian (imagemagick, incus, lxd, pgagent, svgpp, and sysstat), Fedora (chromium, complyctl, fetchmail, firefox, mbedtls, mingw-binutils, mingw-python3, mingw-qt5-qtsvg, mingw-qt6-qtsvg, python3.10, python3.11, python3.12, python3.9, runc, and suricata), Mageia (expat), Red Hat (firefox, kernel, qt5-qtbase, and qt6-qtbase), Slackware (stunnel), SUSE (chromium, coredns, ctdb, firefox, kernel, libexslt0, libpoppler-cpp2, ollama, openssl-1_1, pam, samba, and thunderbird), and Ubuntu (samba).

Post Syndicated from jake original https://lwn.net/Articles/1042330/

Security updates have been issued by AlmaLinux (kernel and libsoup3), Debian (chromium and firefox-esr), Fedora (httpd), Oracle (cups, ImageMagick, kernel, and vim), Red Hat (libssh), Slackware (samba), SUSE (alloy, exim, firefox-esr, ImageMagick, kernel, libcryptopp-devel, libQt6Svg6, libsoup-3_0-0, libtiff-devel-32bit, lsd, python3-gi-docgen, python311-Authlib, qt6-base, samba, and squid), and Ubuntu (ffmpeg, linux-oracle-6.8, redict, redis, samba, and subversion).

Post Syndicated from jake original https://lwn.net/Articles/1041781/

Greg Kroah-Hartman has announced the release of the 6.17.2, 6.16.12, 6.12.52, and 6.6.111 stable kernels. They each contain a
relatively small set of important fixes. In addition: “Note, this is the LAST 6.16.y kernel release, this branch is now
end-of-life. Please move to the 6.17.y branch at this point in time.“

Post Syndicated from jake original https://lwn.net/Articles/1041779/

Security updates have been issued by AlmaLinux (compat-libtiff3, iputils, kernel, open-vm-tools, and vim), Debian (asterisk, ghostscript, kernel, linux-6.1, and tiff), Fedora (cef, chromium, cri-o1.31, cri-o1.32, cri-o1.33, cri-o1.34, docker-buildx, log4cxx, mingw-poppler, openssl, podman-tui, prometheus-podman-exporter, python-socketio, python3.10, python3.11, python3.12, python3.9, skopeo, and valkey), Mageia (open-vm-tools), Red Hat (compat-libtiff3, kernel, kernel-rt, vim, and webkit2gtk3), and SUSE (distrobuilder, docker-stable, expat, forgejo, forgejo-longterm, gitea-tea, go1.25, haproxy, headscale, open-vm-tools, openssl-3, podman, podofo, ruby3.4-rubygem-rack, and weblate).

Post Syndicated from jake original https://lwn.net/Articles/1039633/

At the Linux
Security Summit Europe (LSS EU), Scott Constable and Sebastian
Österlund gave a talk on an enhancement to a control-flow integrity (CFI)
protection that was added to the kernel several years ago. The “FineIBT: Fine-grain Control-flow
Enforcement with Indirect Branch Tracking” mechanism was merged for
Linux 6.2 in early 2023 to harden the kernel against CFI attacks of various
sorts, but needed some fixes and
enhancements more recently. The talk looked at the CFI vulnerability
problem, FineIBT, and an enhanced version that is hoped to be able to unify
all of the disparate hardware and software mitigations to address both
regular and speculative CFI vulnerabilities.

Post Syndicated from jake original https://lwn.net/Articles/1041404/

Security updates have been issued by AlmaLinux (gnutls, kernel, kernel-rt, and open-vm-tools), Debian (chromium, python-django, and redis), Fedora (chromium, insight, mirrorlist-server, oci-seccomp-bpf-hook, rust-maxminddb, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, rust-protobuf-support, turbo-attack, and yarnpkg), Oracle (iputils, kernel, open-vm-tools, redis, and valkey), Red Hat (perl-File-Find-Rule and perl-File-Find-Rule-Perl), SUSE (expat, ImageMagick, matrix-synapse, python-xmltodict, redis, redis7, and valkey), and Ubuntu (fort-validator and imagemagick).

Post Syndicated from jake original https://lwn.net/Articles/1041023/

Version 2025.10 of the U-Boot boot loader
has been released with new features, including Python tooling improvements,
cleanups for implicit header inclusions, better support for numerous Arm
platforms, support for new RISC-V platforms, better documentation, and
more. Maintainer Tom Rini also reports on some project news:

As I mentioned with the v2025.07
release, I was looking for a few people to step up and help with the
overall organization and management of the project. To that end, Peter
Robinson and Neil Armstrong have stepped up and have been helping me.
This has been part of the process for the project to join up under the
Software Freedom Conservancy’s (SFC) umbrella and have a legal entity
that can help the project work with other legal entities on things like
donations.

Post Syndicated from jake original https://lwn.net/Articles/1040992/

The 6.17.1, 6.16.11, 6.12.51, and 6.6.110 stable kernels have been released.
This time around, they contain a relatively small number of important fixes
in various parts of the kernel.

Post Syndicated from jake original https://lwn.net/Articles/1040991/

Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, git, log4cxx, and openssl), Fedora (containernetworking-plugins, firebird, firefox, jupyterlab, mupdf, and thunderbird), Oracle (ipa), Red Hat (container-tools:rhel8, firefox, gnutls, kernel, kernel-rt, multiple packages, mysql, mysql:8.0, nginx, podman, and thunderbird), Slackware (fetchmail), SUSE (afterburn, chromium, firefox, haproxy, libvmtools-devel, logback, python311-Django, python311-Django4, and redis), and Ubuntu (linux-gcp, linux-gcp-6.14, linux-oem-6.14, linux-nvidia-tegra-igx, linux-oracle, mysql-8.0, poppler, and squid).

Post Syndicated from jake original https://lwn.net/Articles/1040593/

Greg Kroah-Hartman has announced the release of the 6.16.10, 6.12.50, 6.6.109, 6.1.155, 5.15.194, 5.10.245, and 5.4.300 stable kernels. All of these kernels
have lots of important fixes throughout the kernel tree.

Post Syndicated from jake original https://lwn.net/Articles/1040591/

Security updates have been issued by AlmaLinux (perl-JSON-XS), Debian (chromium and openssl), Fedora (bird, dnsdist, firefox, mapserver, ntpd-rs, python-nh3, rust-ammonia, skopeo, sqlite, thunderbird, and xen), Oracle (perl-JSON-XS), Red Hat (kernel, kernel-rt, and libvpx), SUSE (afterburn, cairo, docker-stable, firefox, nginx, python-Django, snpguest, and warewulf4), and Ubuntu (libmspack, libxslt, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-hwe-6.14, linux-realtime, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux, linux-kvm, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-hwe-6.8, linux-kvm, linux-oracle-5.15, linux-oracle-6.14, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, linux-realtime-6.14, and python-django).

Post Syndicated from jake original https://lwn.net/Articles/1038859/

As with a mobile phone, a portable gaming device like the Steam Deck can contain
lots of personal information that the owner would like to keep
secret—especially given that such devices can do far more than gaming.
Alberto Garcia worked with his colleagues at Igalia and people at
Valve, the company behind the Steam gaming platform, to come
up with a new tool to manage encrypted filesystems for SteamOS, which is a Linux
distribution optimized for gaming. Garcia gave a talk about that tool, dirlock, at Open
Source Summit Europe, which was held in Amsterdam in late August.
In the talk, he looked at the design process for
the encrypted-files feature, the alternatives considered, and why they made
the choices
they did.

Post Syndicated from jake original https://lwn.net/Articles/1040058/

Security updates have been issued by AlmaLinux (avahi, cups, firefox, gnutls, golang, httpd, kernel, libtpms, mysql, opentelemetry-collector, php:8.2, podman, postgresql:13, postgresql:15, python3, python3.11, python3.12, python3.9, thunderbird, and udisks2), Debian (firefox-esr, gimp, nncp, node-tar-fs, and squid), Fedora (chromium, firebird, python-azure-keyvault-securitydomain, python-azure-mgmt-security, and python-microsoft-security-utilities-secret-masker), Red Hat (httpd:2.4, kernel, kernel-rt, and mod_http2), SUSE (aide, apache2-mod_security2, chromedriver, cloud-init, docker, gdk-pixbuf, git, google-osconfig-agent, govulncheck-vulndb, gstreamer-plugins-base, iperf, kernel, krb5, krita, luajit, net-tools, nvidia-open-driver-G06-signed, pam, postgresql17, python311, rust-keylime, sevctl, tor, tree-sitter-ruby, and udisks2), and Ubuntu (curl, ghostscript, inetutils, python2.7, and qtbase-opensource-src).

Post Syndicated from jake original https://lwn.net/Articles/1039612/

Longtime PyPy developer Antonio Cuni has a
lengthy
blog post that describes his talk at the recently completed
2025
CPython
Core Dev Sprint, held at Arm in Cambridge, UK. The talk, entitled
“Tracing JIT and real world Python — aka: what we can learn from PyPy” was
meant to try to pass on some of his experiences “optimizing existing
code for PyPy at a high-frequency trading firm” to the
developers working on the CPython JIT compiler. His goal was
to raise awareness of some of the problems he encountered:

Until now CPython’s performance has been particularly predictable, there are well established “performance tricks” to make code faster, and generally speaking you can mostly reason about the speed of a given piece of code “locally”.

Adding a JIT completely changes how we reason about performance of a given program, for two reasons:

1. JITted code can be very fast if your code conforms to the heuristics applied by the JIT compiler, but unexpectedly slow(-ish) otherwise;
2. the speed of a given piece of code might depend heavily on what
   happens elsewhere in the program, making it much harder to reason about
   performance locally.

The end result is that modifying a line of code can significantly impact seemingly unrelated code. This effect becomes more pronounced as the JIT becomes more sophisticated.

Cuni also gave a talk on Python performance, which LWN covered, at
EuroPython 2025 in July.

Post Syndicated from jake original https://lwn.net/Articles/1039533/

The 6.16.9, 6.12.49, 6.6.108, and 6.1.154 stable kernels have been released.
As usual, they all contain important fixes throughout the kernel tree.

Post Syndicated from jake original https://lwn.net/Articles/1039528/

Security updates have been issued by AlmaLinux (grub2 and kernel), Debian (chromium and libxslt), Fedora (chromium, expat, libssh, and webkitgtk), Oracle (avahi, firefox, ImageMagick, kernel, libtpms, and mysql), Red Hat (kernel), SUSE (bird3, expat, kernel, and tiff), and Ubuntu (dpkg, gnuplot, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-riscv-5.15, linux-xilinx-zynqmp, linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime, linux-riscv, linux-riscv-6.14, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure-fips, linux-ibm, linux-ibm-6.8, linux-intel-iot-realtime, linux-realtime, linux-oem-6.14, linux-oracle-5.15, linux-realtime-6.14, and python-eventlet).