LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
업데이트: 1시간 28분 지남
화, 2024/02/06 - 12:36오전
A common problem in kernel development is controlling when a
specific task should be done. Kernel code often executes in contexts where
some actions (sleeping, for example, or calling into filesystems) are not
possible. Other actions, while possible, may prevent the kernel from
taking care of a more important task in a timely manner. The kernel
community has developed a number of deferred-execution mechanisms designed
to ensure that every task is handled at the right time. One of those
mechanisms, tasklets, has been eyed for removal for years; that removal
might just happen in the near future.
화, 2024/02/06 - 12:04오전
Security updates have been issued by Debian (rear, runc, sudo, and zbar), Fedora (chromium, grub2, libebml, mingw-python-pygments, and python-aiohttp), Gentoo (FreeType, GNAT Ada Suite, Microsoft Edge, NBD Tools, OpenSSL, QtGui, SDDM, Wireshark, and Xen), Mageia (dracut, glibc, nss and firefox, openssl, packages, perl, and thunderbird), Slackware (libxml2), SUSE (java-11-openjdk, java-17-openjdk, perl, python-uamqp, slurm, and xerces-c), and Ubuntu (libssh and openssl).
월, 2024/02/05 - 12:46오전
The
6.8-rc3 kernel prepatch is out for
testing. "A slightly larger rc3 that I'd have hoped for, although at
this stage in the release process it's not something that really worries me
yet."
토, 2024/02/03 - 12:12오전
The Zig language
2024 roadmap
was presented in a talk last week on
Zig Showtime (a show covering
Zig news). Andrew Kelley, the benevolent dictator for life of the Zig project,
presented his goals
for the language, largely focusing on compiler performance and continuing
progress toward stabilization for the language. He discussed details of his plan
for incremental compilation, and addressed the sustainability of the project in
terms of both code contributions and financial support.
금, 2024/02/02 - 11:14오후
Simon Phipps
writes
on the Open Source Initiative blog that the latest version of the
European Cyber Resilience Act is much improved: "As a result of all this
effort from so many people, the final text of the CRA mitigated pretty much
all the risks we had identified to individual developers and to Open Source
foundations."
금, 2024/02/02 - 11:09오후
Security updates have been issued by Debian (chromium, man-db, and openjdk-17), Fedora (chromium, indent, jupyterlab, kernel, and python-notebook), Gentoo (glibc), Oracle (firefox, thunderbird, and tigervnc), Red Hat (rpm), SUSE (cpio, gdb, gstreamer, openconnect, slurm, slurm_18_08, slurm_20_02, slurm_20_11, slurm_22_05, slurm_23_02, squid, webkit2gtk3, and xerces-c), and Ubuntu (imagemagick and xorg-server, xwayland).
금, 2024/02/02 - 1:56오전
Filesystem development is not an easy task; the performance demands are
typically high, and the consequences for mistakes usually involve lost data
and irate users. The implementation of a virtual (or "pseudo") filesystem
— a filesystem implemented within the kernel and lacking a normal backing
store — can also be challenging, but for different reasons. A series of
conversations around the eventfs virtual filesystem has turned a spotlight
on the difficulty of creating a virtual filesystem for Linux.
목, 2024/02/01 - 11:53오후
A new version of the
Damn Small
Linux distribution has come out with an updated definition of "damn
small":
The new goal of DSL is to pack as much usable desktop distribution
into an image small enough to fit on a single CD, or a hard limit
of 700MB. This project is meant to service older computers and have
them continue to be useful far into the future. Such a notion sits
well with my values. I think of this project as my way of keeping
otherwise usable hardware out of landfills.
목, 2024/02/01 - 11:08오후
The
6.7.3,
6.6.15, and
6.1.76 stable kernels have been released.
These contain a large number of important fixes throughout the tree, as is
the norm.
목, 2024/02/01 - 10:57오후
Security updates have been issued by Debian (debian-security-support, firefox-esr, openjdk-11, and python-asyncssh), Fedora (glibc, python-templated-dictionary, thunderbird, and xorg-x11-server-Xwayland), Gentoo (Chromium, Google Chrome, Microsoft Edge and WebKitGTK+), Red Hat (firefox, gnutls, libssh, thunderbird, and tigervnc), SUSE (mbedtls, rear116, rear1172a, runc, squid, and tinyssh), and Ubuntu (glibc and runc).
목, 2024/02/01 - 9:57오전
The LWN.net Weekly Edition for February 1, 2024 is available.
목, 2024/02/01 - 5:41오전
Version
24.2 of the LibreOffice office suite is available. Changes include
AutoRecovery enabled by default, styling of comments, better floating-table
support, improved accessibility, and more. See
the release
notes for details.
목, 2024/02/01 - 4:46오전
Return-oriented programming (ROP) attacks are hard to defend against.
Partial mitigations such as address-space layout randomization, stack
canaries, and other techniques are commonly deployed to try and frustrate
ROP attacks. Now, OpenBSD is experimenting with a new
mitigation that makes it harder for attackers to make system
calls, although some security researchers have expressed doubt that it will
prove effective at stopping real-world attacks.
In his
announcement message, Theo de Raadt said that this work
"makes some specific low-level attack
methods unfeasable on OpenBSD, which will force the use of other methods."
목, 2024/02/01 - 1:25오전
Qualys has
disclosed
a vulnerability in the GNU C Library that can be exploited by a local
attacker for root access. It was introduced in the 2.37 release, and also
backported to 2.36.
For example, we confirmed that Debian 12 and 13, Ubuntu 23.04 and
23.10, and Fedora 37 to 39 are vulnerable to this buffer
overflow. Furthermore, we successfully exploited an up-to-date,
default installation of Fedora 38 (on amd64): a Local Privilege
Escalation, from any unprivileged user to full root. Other
distributions are probably also exploitable.
Vulnerable systems with untrusted users should probably be updated in a
timely manner.
수, 2024/01/31 - 11:33오후
Security updates have been issued by Debian (bind9 and glibc), Fedora (ncurses), Gentoo (containerd, libaom, and xorg-server, xwayland), Mageia (python-pillow and zlib), Oracle (grub2 and tomcat), Red Hat (avahi, c-ares, container-tools:3.0, curl, firefox, frr, kernel, kernel-rt, kpatch-patch, libfastjson, libmicrohttpd, linux-firmware, oniguruma, openssh, perl-HTTP-Tiny, python-pip, python-urllib3, python3, rpm, samba, sqlite, tcpdump, thunderbird, tigervnc, and virt:rhel and virt-devel:rhel modules), SUSE (python-Pillow, slurm, slurm_20_02, slurm_20_11, slurm_22_05, slurm_23_02, and xen), and Ubuntu (libde265, linux-nvidia, mysql-8.0, openldap, pillow, postfix, and xorg-server, xwayland).
수, 2024/01/31 - 6:29오전
EmacsConf 2023 was, like its
recent predecessors, an online conference with lots of talks about various
aspects of the
Emacs
editor—though, of course, it is way more than just an editor. Last year's
edition was held in early December. One of the
talks that looked interesting was
on Emacs
development, which was given live by John Wiegley. In it, he briefly
described some
of the biggest features coming in Emacs 30, which is the next major version
coming for the tool.
수, 2024/01/31 - 1:01오전
The eBPF Foundation has published a glossy document called
The
State of eBPF; it seems mostly concerned with how a small number of
large companies are using and developing this technology.
No doubt, eBPF will become the new layer in the new cloud native
infrastructure stack, impacting the observability, performance,
reliability, networking, and security of all applications,
supporters say. Platform engineers will cobble together
eBPF-powered infrastructure building blocks to create platforms
that developers then deploy software on, adding business logic to
the mix, and replacing aging Linux kernel internals that cannot
keep up with today’s digital and, increasingly, cloud native world.
화, 2024/01/30 - 11:26오후
Security updates have been issued by Debian (pillow, postfix, and redis), Fedora (python-templated-dictionary and selinux-policy), Red Hat (gnutls, kpatch-patch, libssh, and tomcat), and Ubuntu (amanda, ceph, linux-azure, linux-azure-4.15, linux-kvm, and tinyxml).
화, 2024/01/30 - 2:22오전
In December, the Rust project released
a call for proposals for inclusion in the 2024 edition. Rust handles
backward incompatible changes by using
Editions,
which permit projects to specify a single stable edition for their code
and allow libraries written
in different editions to be linked together. Proposals for Rust 2024 are
now in, and have until the end of February to be debated and decided on. Once
the proposals are accepted, they have until May to be implemented in time for
the 2024 edition to be released in the second half of the year.
페이지