Linux Weekly News

The Xen Project has announced the release of Xen 4.20. This release adds support for AMD Zen 5 CPUs, improved compliance with the MISRA C standard, work on PCI-passthrough on Arm, and more. Xen 4.20 also removes support for Xeon Phi CPUs, which were discontinued in 2018. See the feature list and release notes for more information.

Version 136.0 of the Thunderbird Desktop mail client has been released. The release includes a quick toggle for adapting messages to dark mode, and a new "Appearance" setting to control message threading and sorting order globally, as well as a number of bug fixes. See the security advisory for a full list of security vulnerabilities addressed in Thunderbird 136.0.

Version 12.3 of Linux From Scratch (LFS) has been released, along with Beyond Linux From Scratch (BLFS) 12.3. LFS provides step-by-step instructions on building a customized Linux system entirely from source, and BLFS helps to extend an LFS installation into a more usable system. Notable changes in this release include toolchain updates to GNU Binutils 2.44, GNU C Library (glibc) 2.41, and Linux 6.13.2. The Changelog has a full list of changes since the previous stable release.

Security updates have been issued by Debian (libreoffice), Fedora (exim and fscrypt), Red Hat (kernel), Slackware (mozilla), SUSE (docker, firefox, and podman), and Ubuntu (linux, linux-lowlatency, linux-lowlatency-hwe-5.15, linux, linux-lowlatency, linux-lowlatency-hwe-6.8, linux, linux-oem-6.11, linux-aws, linux-aws-6.8, linux-oracle, linux-oracle-6.8, linux-raspi, linux-aws, linux-gcp, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime, linux-aws, linux-gkeop, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, and linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop).

Mozilla's actions have been rubbing many Firefox fans the wrong way as of late, and inspiring them to look for alternatives. There are many choices for users who are looking for a browser that isn't part of the Chrome monoculture but is full-featured and suitable for day-to-day use. For those who are willing to stay in the Firefox "family" there are a number of good options that have taken vastly different approaches. This includes GNU IceCat, Floorp, LibreWolf, and Zen.

Version 136.0 of the Firefox browser has been released. Changes include a new vertical tab layout, an automatic attempt to upgrade HTTP connections to HTTPS, support for AMD GPUs on Linux, an Arm64 port for Linux, and more.

Version 6.10 of the Incus container-management system has been released. New features include better Let's Encrypt support, API-wide filtering, IOMMU support in virtual machines, and more. See this announcement for details.

Security updates have been issued by AlmaLinux (kernel), Mageia (x11-server), Red Hat (emacs and webkit2gtk3), SUSE (ffmpeg-7, govulncheck-vulndb, kernel, and skopeo), and Ubuntu (cmark-gfm, erlang, krb5, linux-gcp-6.8, linux-raspi, linux-kvm, lucene-solr, postgresql-12, postgresql-14, postgresql-16, raptor2, spip, tomcat7, and wpa).

Mozilla has issued an update to its terms of use (TOU) that were announced on February 26. It has removed a reference in the TOU to Mozilla's Acceptable Use Policy "because it seems to be causing more confusion than clarity", and has revised the TOU "to more clearly reflect the limited scope of how Mozilla interacts with user data". The new language says:

You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.

Mozilla has also updated its Privacy FAQ to provide more detail about its reasons for the changes.

One of the many new features packed into the 6.13 kernel release was guard pages, a hardening mechanism that makes it possible to inject zero-access pages into a process's address space in an efficient way. That feature only supports anonymous (user-space data) pages, though. To make guard pages more widely useful, Lorenzo Stoakes has put together a patch set enabling the feature for file-backed pages as well; in the process, he examined and resolved a long list of potential problems that extending the feature could encounter. One potential problem was not on his list, though.

Security updates have been issued by Debian (ffmpeg, kernel, linux-6.1, mariadb-10.5, proftpd-dfsg, and xorg-server), Fedora (chromium, cutter-re, iniparser, nodejs22, rizin, webkitgtk, wireshark, xen, and xorg-x11-server), Mageia (binutils and ffmpeg), Oracle (emacs and kernel), Red Hat (emacs and webkit2gtk3), SUSE (azure-cli, bsdtar, gnutls, govulncheck-vulndb, libX11, libxkbfile, libxml2, nodejs-electron, openssh8.4, ovmf, phpMyAdmin, python, python-azure-identity, python311-jupyter-server, tiff, trivy, u-boot, and wireshark), and Ubuntu (opennds and Ruby SAML).

The 6.14-rc5 kernel prepatch is out for testing. "Nothing looks particularly big or worrisome".

Differences of opinion, as well as outright disputes, between upstream open-source projects and Linux distribution packagers over packaging practices are nothing new. It is rarer, though, for those disputes to boil over to threats of legal action—but a disagreement between the Open Broadcaster Software (OBS) Studio project and Fedora packagers reached that point in mid-February. After escalation to a higher authority, things have been worked out to the satisfaction of the OBS project, but some lingering questions remain. How Fedora should prioritize Flatpak repositories, how to handle conflicts between upstreams and Fedora packagers, and the mechanics of removing or retiring Flatpaks all remain open questions.

There is a fair amount of unhappiness on the Internet about the announcement from Mozilla about a new "terms of use" agreement and an updated privacy notice for the Firefox browser.

Firefox will always continue to add new features, improve existing ones, and test new ideas. We remain dedicated to making Firefox open source, but we believe that doing so along with an official Terms of Use will give you more transparency over your rights and permissions as you use Firefox. And actually asking you to acknowledge it is an important step, so we're making it a part of the standard product experience starting in early March for new users and later this year for existing ones.

Specifically, the apparent removal of a promise to not sell users' personal data has drawn attention.

(See also: this analysis by Michael Taggart. "So, is this Mozilla 'going evil?' Nah, prolly not. But it is at best clumsy, and a poor showing if they want me to believe they care about Firefox, rather than the data it can provide".)

Security updates have been issued by Debian (emacs, freerdp2, and gst-plugins-good1.0), Fedora (java-17-openjdk, python3.6, and xorg-x11-server-Xwayland), Mageia (radare2), SUSE (libX11, openvswitch3, postgresql13, procps, ruby2.5, webkit2gtk3, and xorg-x11-server), and Ubuntu (git, linux-aws, linux-aws, linux-aws-6.8, linux-aws, linux-oracle, linux-oracle-5.4, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, and linux-oem-6.11).

Paul McKenney has put together a series of articles on how to improve one's ability to give a good talk at a technical conference.

On the other hand, (1) presentation skills stay with you through life, and (2) small improvements in presentation skills over months or years can provide you with great advantages longer term. An old saying credited to Thomas Edison claims a breakdown of 1% inspiration and 99% perspiration. However, my own experience with RCU has instead been 0.1% inspiration, 9.9% perspiration, and 90% communication. Had I been unable to communicate effectively, others would have extreme difficulty using RCU, as in even more difficulty than they do now.

There is a lot of speaking experience distilled into this set of posts.

Version 4.0 of the Fish shell has been released. Improvements include a better key-binding mechanism, the ability to tie abbreviations to a specific command, selective ignoring of commands in the history, some scripting improvements, and more. See the release notes for details.

Zotero is an open-source reference management tool designed for collecting, organizing, and citing research materials. It is particularly useful for those writing research papers, theses, or books that require a bibliography in standard formats like APA Style, Chicago Style, or MLA Format. Zotero stores bibliographic metadata, annotations, and user data and integrates with word processors like LibreOffice, Microsoft Word, and Google Docs to produce in-text citations and bibliographies. The core features of Zotero include metadata extraction, tagging, full-text indexing, and cloud synchronization for multi-device access, and Zotero has a plugin system to allow anyone to expand its capabilities. The most recent major release, Zotero 7, added support for reading EPUBs, brought user-interface improvements including a dark mode, performance improvements, and more.

Intel's indirect branch tracking (IBT) is a hardware-implemented control-flow-integrity mechanism that makes it harder for an attacker to gain control of the system by way of a corrupted indirect branch. FineIBT is a software extension to IBT that is meant to improve its protection. Recently, though, Jennifer Miller reported a novel way to bypass FineIBT by taking advantage of how the kernel's system-call entry point is constructed. In response, Peter Zijlstra is working on some FineIBT enhancements to close that hole and make IBT more secure in general.

The 6.13.5, 6.12.17, and 6.6.80 stable kernels have been released. As usual, they contain important fixes all over the kernel tree; users of those series should upgrade.