Post Syndicated from jzb original https://lwn.net/Articles/1031148/

Richard van der Hoff, a member of the team that runs the Matrix.org homeserver,
has written
a detailed blog post about diagnosing and fixing a problem where Matrix rooms
would simply stop working:

We know that there are plenty of users out there who will have been
affected by the problem, and found themselves unable to communicate as
a result. We very much share your frustration, and we’d like to
apologise for the disruption to service.

With that said, we’re glad that we were able to get to the bottom
of most of the problem, and get the lost data restored within a
relatively short time. If nothing else, hopefully this blog post will
be of use to future generations faced with Postgres index
corruption!

Post Syndicated from jzb original https://lwn.net/Articles/1030669/

Providing security updates for a Linux distribution, such as
Debian, involves a lot of work behind the scenes—and requires
much more than simply shipping the latest code. On July 15, at DebConf25 in Brest, France,
Samuel Henrique walked through the process of providing security
updates to users; he discussed how Debian learns about security
vulnerabilities, decides on the best response, and the process of
sending out updates to keep its users safe. He also provided guidance
on how others could get involved.

Post Syndicated from jzb original https://lwn.net/Articles/1031129/

The Home Assistant project has published
an update on improvements in its Android app, and plans for upcoming releases:

In our latest update of the Android app 2025.7.1, we’ve added a
couple of useful features. Including a new basic invite flow, which
will be shared between Android and iOS, adding a good layer of
consistency between our most-used companion apps. The idea is to make
it much more seamless to add new users or set up new devices (no need
to type the URL in your Android Automotive device!).

We’ve also made My
Links work better. If you’re unfamiliar with My Links, they’re
those cool links (that anyone can
make) that bring you right to an integration, blueprint, add-on,
or settings page. They have always worked great on desktop, but up
until recently, they were a bit clunky to use on mobile. Now you can
get to the link’s destination with a single click.

LWN looked at Home
Assistant in May.

Post Syndicated from jzb original https://lwn.net/Articles/1031104/

Security updates have been issued by AlmaLinux (cloud-init, fence-agents, git, kernel, and kernel-rt), Debian (openjdk-11), Fedora (firefox, golang, libinput, transfig, and yasm), Mageia (qtbase5, qtbase6), Red Hat (fence-agents, go-toolset:rhel8, golang, kernel, and python-setuptools), Slackware (mozilla), SUSE (cyradm, gstreamer-plugins-base, and xen), and Ubuntu (gdk-pixbuf, jq, linux-gcp, linux-gcp-6.8, linux-oracle, ruby-sinatra, thunderbird, and unbound).

Post Syndicated from jzb original https://lwn.net/Articles/1030936/

GNOME and Fedora contributor Michael Catanzaro has written a
lengthy blog
post about the future of Fedora Workstation as an image-based
release and the need to enable Flathub by default. He writes that the
Fedora Workstation of the future must be “safe and image-based by
default“, with applications provided through Flathub:

Flathub is drastically more popular than Fedora Flatpaks even among
the most hardcore Fedora community members who participate in change
proposal debate on Fedora Discussion. (At time of writing, nearly 80%
of discussion participants favor filtering out Fedora Flatpaks.)

This is the most important point. Flathub has already
won.

He notes that Fedora should not force users to install an
image-based OS if they do not want to, and there will be a
package-based version for users who prefer or require it: “so no
need to panic“.

Post Syndicated from jzb original https://lwn.net/Articles/1029769/

At DebConf25 in Brest,
France, the
talk “When Free Software Communities Unite: Tails, Tor, and the
Fight for Privacy” was delivered by a man who introduced himself only
as intrigeri. He delivered an overview of the Tor Project, its mission, and
the projects under the umbrella. He also spoke about how the
organization depends on Debian, and plans for the software it
delivers.

Post Syndicated from jzb original https://lwn.net/Articles/1029354/

Fedora’s NeuroFedora
special-interest group (SIG) is considering a change of strategy
when it comes to packaging Python modules. The SIG, which consists of
three active members, is struggling to keep up with maintaining the
hundreds of packages that it has taken on. What’s more, it’s not
clear that the majority of packages are even being consumed by Fedora
users; the group is trying to determine the right strategy to meet its
goals and shed unnecessary work. If its new packaging strategy is
successful, it may point the way to a more sustainable model for Linux
distributions to provide value to users without trying to package
everything under the sun.

Post Syndicated from jzb original https://lwn.net/Articles/1029597/

Security updates have been issued by AlmaLinux (gnome-remote-desktop, go-toolset:rhel8, golang, jq, kernel, kernel-rt, libxml2, and podman), Fedora (chromium, git, helix, pam, rust-blazesym-c, rust-clearscreen, rust-gitui, rust-nu-cli, rust-nu-command, rust-nu-test-support, rust-procs, rust-which, selenium-manager, sudo, thunderbird, and uv), SUSE (audiofile, chmlib-devel, docker, firefox, go1, libsoup, libsoup2, libssh, libxml2, tomcat, umoci, and xen), and Ubuntu (git and resteasy, resteasy3.0).

Post Syndicated from jzb original https://lwn.net/Articles/1028558/

Few, if any, web sites or web-based services have gone unscathed by
the locust-like hordes of AI crawlers looking to consume (and then
re-consume) all of the world’s content. The Anubis project is designed to
provide a first line of defense that blocks mindless bots—while
granting real users access to sites without too much hassle. Anubis is
a young project, not even a year old. However, its development is
moving quickly, and the project seems to be enjoying rapid
adoption. The most recent release of Anubis, version
1.20.0, includes a feature that many users have been interested in
since the project launched: support for challenging clients without
requiring users to have JavaScript turned on.

Post Syndicated from jzb original https://lwn.net/Articles/1029313/

Version
3.3 of the Amarok music
player has been released. This is the first release of Amarok based on
KDE Frameworks 6
and Qt 6. Amarok 3.3
also includes a major rework of its audio engine to use GStreamer for audio
playback.

The reworked audio engine provides unified feature set for all users
and should provide a solid and future-proof sonic experience for years
to come. Notable improvements have also landed to the database system:
improved character set support helps with e.g. emojis in podcast
descriptions and other very exotic symbols, date handling has been
improved (‘year 2038 problem’), and various other potential and actual
database-related issues have been fixed.

Post Syndicated from jzb original https://lwn.net/Articles/1029312/

The AlmaLinux project has announced
new upgrade paths for its ELevate utility, which
allows users to upgrade between major versions of Red Hat Enterprise
Linux derivatives. The new paths include upgrades from AlmaLinux 9
to AlmaLinux 10 and CentOS Stream 9 to
CentOS Stream 10, with support for EPEL, Docker CE, and
PostgreSQL third-party package repositories. LWN covered ELevate last
year.

Post Syndicated from jzb original https://lwn.net/Articles/1029278/

Security updates have been issued by AlmaLinux (container-tools:rhel8, jq, kernel, podman, python-setuptools, socat, and thunderbird), Gentoo (Chromium, Google Chrome, Microsoft Edge. Opera, ClamAV, Git, NTP, REXML, and strongSwan), Oracle (buildah, gnome-remote-desktop, ipa, jq, kernel, podman, python-setuptools, ruby:3.3, socat, uek-kernel, and xorg-x11-server-Xwayland), SUSE (kernel), and Ubuntu (freerdp3, git, gnupg2, linux-aws, linux-oracle, linux-azure, linux-azure, linux-azure-6.11, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-ibm-5.15, linux-intel-iotg, linux-nvidia-tegra,
linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-kvm, linux-lowlatency, linux-oem-6.11, and onionshare).

Post Syndicated from jzb original https://lwn.net/Articles/1029175/

Version
140 of the Thunderbird mail client has been released. Notable
features include “dark message mode” to adapt message content
to dark mode, the ability to easily transfer desktop
settings to the mobile Thunderbird client, experimental support for
Microsoft Exchange, as well as global controls for message threading
and sort order.

Thunderbird 140 is an extended-support
release (ESR) which will be supported for 12 months. However, the
Thunderbird project is trying to encourage users to adopt the Release
channel for monthly updates instead. The project is staggering
upgrades to 140 for existing Thunderbird users in order to catch any
significant bugs before they are widely deployed, but users can
upgrade manually via the Help > About
menu. See the release
notes for a full list of changes.

Post Syndicated from jzb original https://lwn.net/Articles/1025866/

Niri
is a relatively new Rust-based compositor
for Wayland with a different take on tiling window management: windows
are placed onscreen in an “infinite” row that can expand beyond the
bounds of the visible workspace. It is not a full-blown desktop
environment, but niri may be a suitable option for Linux users who
want tiling features and the minimalism of a window manager for
Wayland.

Post Syndicated from jzb original https://lwn.net/Articles/1028583/

Collin Richards has announced version
0.0.1 of tmux-rs, a port of the tmux terminal multiplexer
to Rust.

For the [past] 6 months or so I’ve been quietly porting tmux from C to
Rust. I’ve recently reached a big milestone: the code base is now 100%
(unsafe) Rust. I’d like to share the process of porting the original
codebase from ~67,000 lines of C code to ~81,000 lines of Rust
(excluding comments and empty lines). You might be asking: why did you
rewrite tmux in Rust? And yeah, I don’t really have a good
reason. It’s a hobby project. Like gardening, but with more segfaults.

Richards says that the next goal for the project is to convert it
to safe Rust. It is currently “not very difficult to get it to
crash“, but he wanted to share the project with other Rust fans
now. The project is available on
GitHub.

Post Syndicated from jzb original https://lwn.net/Articles/1028224/

Debian’s Bananas team has put
out a call for people with Apple M1 or M2 systems to help test
Debian on those machines:

The Bananas Team has set up an installer at with images
for GNOME, KDE and console installations. While we’d like to build an
actual Debian installer sooner or later (we may need a heads-up from the
Debian Images team for that), at this time we only provide an asahi-type
installer, which installs both the “bootloader” and the OS partitions to
disk from the network (as opposed to only installing the bootloader and
then letting you install Debian using a d-i USB stick). We haven’t
forked Trixie from Testing yet, so what you’ll get is Debian Testing
quite deep into the freeze.

Post Syndicated from jzb original https://lwn.net/Articles/1028160/

Security updates have been issued by AlmaLinux (apache-commons-beanutils, firefox, kea, kernel, kernel-rt, libblockdev, libvpx, pam, python-setuptools, python3, python3.11, python3.12, python3.9, and sudo), Debian (chromium), Gentoo (sudo), Oracle (.NET 8.0, buildah, firefox, freerdp, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, gvisor-tap-vsock, libsoup3, mod_proxy_cluster, perl-FCGI, podman, python-setuptools, qt6-qtbase, skopeo, sudo, and thunderbird), Slackware (mozilla), SUSE (redis, runc, xorg-x11-server, and xwayland), and Ubuntu (composer, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke,
linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia,
linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle,
linux-oracle-6.8, linux-raspi, linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,
linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency,
linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle,
linux-raspi, linux-realtime, linux, linux-aws, linux-lts-xenial, linux, linux-gcp, linux-raspi, linux-realtime, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-realtime, and linux-realtime, linux-raspi-realtime).

Post Syndicated from jzb original https://lwn.net/Articles/1026917/

A change
proposal to end support for 32-bit x86 (i686) applications on the
x86_64 architecture with the Fedora 44 release has been withdrawn
after significant pushback. As proposed, the change could have
had a significant impact on gamers, compiler development, and the Bazzite project, which uses Fedora as a
base for a gaming-focused distribution. While i686 gets a reprieve for
now, the question still lingers: who is going to keep the necessary
i686 packages in working order when few upstream maintainers or
volunteer packagers care about the architecture?

Post Syndicated from jzb original https://lwn.net/Articles/1026895/

The NLnet Foundation has announced
a new group of projects receiving funding through the Next
Generation Internet (NGI) Zero Commons Fund.

Free and open source technologies, open standards, open hardware and
open data help to strengthen the open web and the open internet. The
projects selected by NLnet all contribute in their own way to this
important goal, and will empower end users and the community at large
on different layers of the stack. For example, there are people
working a browser controlled ad hoc cellular network (Wsdr) which can be used to
create small mobile networks where they are needed. The open hardware
security key Nitrokey is
aiming for formal certification of their implementation of the FIDO2
standard, and will be adding encrypted storage
capabilities. There are also more applied technologies: the high
end open hardware microscope OpenFlexure will
enable among others e-health use cases such as telepathology, allowing
medical professionals to work together to help people in more remote
areas.

See the announcement for the full list of selected projects and the
current projects
page for other projects recently funded by NLnet.

Post Syndicated from jzb original https://lwn.net/Articles/1025971/

Libxml2, an
XML parser and toolkit, is an almost perfect example of the successes
and failures of the open-source movement. In the 25 years since its
first release, it has been widely adopted by open-source projects, for
use in commercial software, and for government use. It also
illustrates that while many organizations love using open-source software,
far fewer have yet to see value in helping to sustain it. That has led
libxml2’s current maintainer to reject security embargoes and sparked
a discussion about maintenance terms for free and open-source
projects.