Linux Weekly News

The Go blog has announced the release of version 1.17 of the Go programming language. The new version has some fairly small changes to the language, support for the Arm 64-bit architecture on Windows, along with other features, bug fixes, and more: This release brings additional improvements to the compiler, namely a new way of passing function arguments and results. This change has shown about a 5% performance improvement in Go programs and reduction in binary sizes of around 2% for amd64 platforms. Support for more platforms will come in future releases.

See the release notes for more information.

Even in the dog days of (northern-hemisphere) summer, the kernel community is a busy place. There are many developments that show up on your editor's radar, but which, for whatever reason, do not find their way into a full-length feature article. The time has come to catch up with a few of those topics; read on for updates on the realtime patch set, the effort to reinvent futexes, and the ntfs3 filesystem.

For those waiting to run Linux on Apple M1 hardware, the the August Asahi Linux progress report is out.

Instead, a much safer approach that has been used by projects such as Nouveau in the past is to record a log of the hardware accesses that the official drivers perform on a real system, without actually looking at the code. Nouveau accomplished this by using a Linux driver to intercept accesses by Nvidia’s official Linux driver. Of course, Apple’s M1 drivers are for macOS, not Linux. While we could implement the same approach with a custom patch to the open source core of the macOS kernel, we decided instead to go one level deeper and build a hypervisor that can run the entirety of macOS, unmodified, in a VM that transparently presents it the real M1 hardware.

Following the Debian "Bullseye" release is a new Skolelinux distribution for a school near you.

Debian Edu, also known as Skolelinux, is a Linux distribution based on Debian providing an out-of-the box environment of a completely configured school network. Immediately after installation, a school server running all services needed for a school network is set up just waiting for users and machines to be added via GOsa², a comfortable web interface.

Security updates have been issued by Arch Linux (c-ares, firefox, fossil, gitlab, jupyterlab, loki, lynx, opera, prosody, and vivaldi), Debian (amd64-microcode, exiv2, ffmpeg, thunderbird, and trafficserver), Fedora (libsndfile, rust-argh, rust-argh_derive, rust-argh_shared, rust-askalono-cli, rust-asyncgit, rust-bugreport, rust-crosstermion, rust-diskonaut, rust-dua-cli, rust-fancy-regex, rust-fedora-update-feedback, rust-filetreelist, rust-git-version, rust-git-version-macro, rust-gitui, rust-heatseeker, rust-jql, rust-pulldown-cmark, rust-sd, rust-shadow-rs, rust-skim, rust-textwrap, rust-tokei, rust-tui, rust-tui-react, rust-unicode-linebreak, rust-unicode-truncate, rust-urlencoding, rust-versions, rust-weezl, and zola), Mageia (dino, firefox, glibc, libvirt, mariadb, qtwebengine5, spice, sylpheed, claws-mail, and webkit2), openSUSE (grafana, kernel, libdnf, and openscad), Oracle (.NET 5.0, .NET Core 3.1, and virt:ol and virt-devel:rhel), Red Hat (compat-exiv2-026, exiv2, firefox, sssd, and thunderbird), SUSE (cpio and kernel), and Ubuntu (mariadb-10.3, mariadb-10.5).

The 5.14-rc6 kernel prepatch is out for testing. "Nothing particular stands out to me. Go test, we should be getting pretty close to done with this release..."

The 5.13.11, 5.10.59, 5.4.141, 4.19.204, 4.14.244, 4.9.280, and 4.4.281 stable kernel updates have been released; each contains a relatively small number of important fixes.

Debian 11, codenamed "bullseye", has been released after just over two years of development. It has lots of updates, including to half a dozen different desktop environments, lots of tools and programming languages, and, of course, more. It is available for nine different architectures. This release contains over 11,294 new packages for a total count of 59,551 packages, along with a significant reduction of over 9,519 packages which were marked as "obsolete" and removed. 42,821 packages were updated and 5,434 packages remained unchanged.

"bullseye" becomes our first release to provide a Linux kernel with support for the exFAT filesystem and defaults to using it for mount exFAT filesystems. Consequently it is no longer required to use the filesystem-in-userspace implementation provided via the exfat-fuse package. Tools for creating and checking an exFAT filesystem are provided in the exfatprogs package.

The KDE project has announced the release of KDE Gear 21.08, which updates the over 200 apps that are part of the project. The announcement highlights updates in many of the desktop tools that KDE Plasma users are accustomed to, including the Okular document viewer, the Dolphin file manager, Elisa music player, and Gwenview image viewer. The Konsole terminal application got updated as well: Text terminals are intimidating to people who are new to Linux. But knowing just a bit about how to use them (no, you don’t need to know how to program) gives you a level of control over your machine difficult to achieve any other way.

This is doubly true when using Konsole, KDE’s very powerful spin on the classic text terminal. In fact, calling Konsole a “terminal emulator” and leaving it at that is not fair. Take Konsole’s preview feature, for example, type white, red, blue or salmon at the command line, hover the cursor over the word, and a box will appear displaying the color. You can also use HTML color codes, like #1d99f3 and get a preview of the KDE blue color.

Previews extend to images and folders: hover the cursor over an image filename in a list in Konsole and a thumbnail will pop up showing you a preview. Hovering over a folder will show you a preview of its contents. This is very useful when you want to make sure you are copying, moving, or erasing the right thing.

Device drivers, along with the hardware they control, have long been considered to be a trusted part of the system. This faith has been under assault for some time, though, and it fails entirely in some situations, including virtual machines that do not trust the host system they are running under. The recently covered virtio-hardening work is one response to this situation, but that only addresses a small portion of the drivers built into a typical kernel. What is to be done about the rest? The driver-filter patch from Kuppuswamy Sathyanarayanan demonstrates one possible approach: disable them altogether.

Security updates have been issued by Debian (commons-io, curl, and firefox-esr), Fedora (perl-Encode), openSUSE (golang-github-prometheus-prometheus, grafana, and python-reportlab), Oracle (.NET Core 2.1, 389-ds:1.4, cloud-init, go-toolset:ol8, nodejs:12, nodejs:14, and rust-toolset:ol8), SUSE (aspell, firefox, kernel, and rpm), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial and postgresql-10, postgresql-12, postgresql-13).

The Linux Foundation has announced the formation of the eBPF Foundation: Founding members include Facebook, Google, Isovalent, Microsoft and Netflix. This comes in advance of the eBPF Summit, a free and virtual event taking place August 18-19, 2021.

eBPF allows developers to safely and efficiently embed programs in any piece of software, including the operating system kernel. As a result, eBPF is quickly becoming the method of choice for achieving a wide range of infrastructure use cases, delivering significant efficiency and performance gains and dramatically reducing the complexity of the system. For example, Facebook is using eBPF as the primary software-defined load balancer in its data centers, and Google is using Cilium to bring eBPF-based networking and security to the managed Kubernetes offerings GKE and Anthos.

[...] The eBPF Foundation will expand the significant level of contributions being made to extend the powerful capabilities of eBPF and grow beyond Linux. It will be the home for open source eBPF projects and technologies and nurture the community through a variety of activities, including summits and other collaboration events in order to further drive the growth and adoption of the eBPF ecosystem.

While it may seem like the number of developers would be the limiting factor in a free-software project, the truth of the matter is that, for all but the smallest of project, the scarcest resource is reviewer time. Lots of people like to crank out code; rather fewer can find the time to take a close look at somebody else's patches. Free-software projects have taken a number of different approaches to address the review problem; the PostgreSQL developer community is currently struggling with its review load and considering changes to its commitfest process in response.

Greg Kroah-Hartman has announced the release of the 5.13.10, 5.10.58, 5.4.140, and 4.19.203 stable kernels. As usual, they all contain important fixes throughout the kernel tree; users of those series should upgrade.

Security updates have been issued by CentOS (java-1.8.0-openjdk), Debian (firefox-esr, libspf2, and openjdk-11-jre-dcevm), Fedora (bluez, fetchmail, and prosody), Oracle (edk2, glib2, kernel, and libuv), Red Hat (.NET Core 3.1), SUSE (cpio), and Ubuntu (firefox and openssh).

The LWN.net Weekly Edition for August 12, 2021 is available.

Child pornography and other types of sexual abuse of children are unquestionably heinous crimes; those who participate in them should be caught and severely punished. But some recent efforts to combat these scourges have gone a good ways down the path toward a kind of AI-driven digital panopticon that will invade the privacy of everyone in order to try to catch people who are violating laws prohibiting those activities. It is thus no surprise that privacy advocates are up in arms about an Apple plan to scan iPhone messages and an EU measure to allow companies to scan private messages, both looking for "child sexual abuse material" (CSAM). As with many things of this nature, there are concerns about the collateral damage that these efforts will cause—not to mention the slippery slope that is being created.

David A. Wheeler lists some of the security-related projects he is overseeing at the Linux Foundation. For example:

Ariadne Conill is improving Alpine Linux security, including significant improvements to its vulnerability processing and making it reproducible. For example, as noted in the July 2021 report, this resulted in Alpine 3.14 being released with the lowest open vulnerability count in the final release in a long time. Alpine Linux’s security is important because many containers use it.

Security updates have been issued by Debian (ceph), Fedora (buildah, containernetworking-plugins, and podman), openSUSE (chromium, kernel, php7, python-CairoSVG, python-Pillow, seamonkey, and transfig), Red Hat (microcode_ctl), SUSE (kernel and libcares2), and Ubuntu (c-ares).

Version 6 of the elementary OS distribution is now available. "It’s been a long road to elementary OS 6—what with a whole global pandemic dropped on us in the middle of development—but it’s finally here. elementary OS 6 Odin is available to download now. And it’s the biggest update to the platform yet!" Headline changes include a new dark-mode theme, a switch to Flatpak for application packaging, a rewritten email client, and more.