Linux Weekly News

Drew DeVault has just released a (mostly complete) book on the Wayland display-server protocol under the Creative Commons CC-SA license. "This book will help you establish a firm understanding of the concepts, design, and implementation of Wayland, and equip you with the tools to build your own Wayland client and server applications. Over the course of your reading, we'll build a mental model of Wayland and establish the rationale that went into its design. Within these pages you should find many 'aha!' moments as the intuitive design choices of Wayland become clear, which should help to keep the pages turning." For those who would rather peruse (or contribute to) the Markdown source, it's available here.

Security updates have been issued by Debian (ansible, ntp, and roundcube), Fedora (libldb and samba), Mageia (chromium-browser-stable, crawl, dolphin-emu, exiv2, fortune-mod, gnuchess, kernel, libsndfile, openexr, openldap, openvpn, qtbase5, ruby-json, squid, teeworlds, and webkit2), Red Hat (sqlite), and SUSE (icu, mailman, nginx, rmt-server, rpmlint, and rubygem-actionview-5_1).

The end of April saw the posting of a complex patch set called "Popcorn Linux distributed thread execution". It is the first appearance on the kernel mailing lists of an academic project (naturally called Popcorn Linux) that has been underway since 2013 or so. This project has, among other goals, the objective of turning a tightly networked set of computers into something that looks like a single system — a sort of NUMA machine with even larger than usual inter-node costs. The posted code, which is a portion of the larger project, is focused on process migration and memory sharing across machines. It is an interesting proof of concept, but one should not expect to see it merged in anything close to its current form.

This year PHP turned 25 and, as with all things, the hope is that with age comes wisdom and maturity. Often derided as a great way to write bad (and insecure) code, PHP is hard to ignore completely when it is used in nearly eight out of ten websites. With PHP 7.4.5 released in April, it's worthwhile to take a look at modern PHP, how it has evolved to address the criticisms of the past, and what lies ahead in its future.

Version 1.0 of the Inkscape drawing editor has been released. "One of the first things users will notice is a reorganized tool box, with a more logical order. There are many new and improved Live Path Effect (LPE) features. The new searchable LPE selection dialog now features a very polished interface, descriptions and even the possibility of marking favorite LPEs. Performance improvements are most noticeable when editing node-heavy objects, using the Objects dialog, and when grouping/ungrouping."

Stable kernels 5.6.10, 5.4.38, 4.19.120, 4.14.178, 4.9.221, and 4.4.221 have been released. They all contain important fixes and users should upgrade.

Security updates have been issued by Debian (mailman, openldap, pound, tomcat8, and trafficserver), Fedora (chromium, java-11-openjdk, kernel, openvpn, pxz, and rubygem-json), openSUSE (apache2, bouncycastle, chromium, git, python-typed-ast, resource-agents, ruby2.5, samba, squid, webkit2gtk3, and xen), Slackware (seamonkey), SUSE (LibVNCServer and permissions), and Ubuntu (mysql-5.7, mysql-8.0).

The fourth 5.7 kernel prepatch is out for testing. "Anyway, it doesn't feel like there's anything worrisome going on, so come on in and test the waters."

The 5.6.9 and 5.4.37 stable updates have been released with another set of important fixes. Note that the 4.19.120, 4.14.178, 4.9.221, and 4.4.221 updates went into the review process at the same time as 5.6.9 and 5.4.37; they will probably show up in the near future.

Normally, files exist in a filesystem to keep data contained within them separated; seeing data exchanged directly between files is often a sign of filesystem corruption. There are, however, use cases where it is desirable to be able to perform a controlled swap of data between a pair of files. Darrick Wong has recently posted a patch set implementing this feature for the XFS filesystem, but also making it available in a general way.

The 2020 Python Language Summit was held virtually this year, over two days, via videoconference, with discussions via voice and chat. The summit is a yearly gathering for developers of CPython, other Python implementations, and related projects. As with last year, A. Jesse Jiryu Davis covered the summit; his writeups are being posted to the Python Software Foundation (PSF) blog. So far, all of the first day's session writeups are up, as well as two (of six) from the second day. Topics include "All strings become f-strings", "The path forward for typing", "A formal specification for the (C)Python virtual machine", and more.

Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2).

Developers who are concerned about system integrity often put a fair amount of effort into ensuring that data stored on disk cannot be tampered with without being detected. Technologies like dm-verity and fs-verity are attempts to solve this problem, as is the recently covered integrity policy enforcement security module. More Recently, Johannes Thumshirn has posted a patch series adding filesystem-level authentication to Btrfs; it promises to provide integrity with a surprisingly small amount of code.

Security updates have been issued by Arch Linux (chromium, git, and webkit2gtk), Debian (nodejs and tiff), Fedora (libxml2, php-horde-horde, pxz, and sqliteodbc), Oracle (python-twisted-web), Red Hat (chromium-browser, git, and rh-git218-git), Scientific Linux (python-twisted-web), SUSE (ceph, kernel, munge, openldap2, salt, squid, and xen), and Ubuntu (mailman, python3.8, samba, and webkit2gtk).

The LWN.net Weekly Edition for April 30, 2020 is available.

The second annual Copyleft Conference was held on February 3 in Brussels; videos from the event have now been posted. "In his talk, Tony [Sebro] wonders whether the community around copyleft, like those around eschatology and Afro-centric hip-hop, has lost it's center and how we might entice new stakeholders to reinvest in our shared values. His keynote is a great place to start with this year's videos."

A call for faster Fedora updates in response to security vulnerabilities was recently posted to the Fedora devel mailing list; it urgently advocated changes to the process so that updates, in general, and to the kernel and packages based on web browsers, in particular, are handled more expeditiously. While Fedora developers are sympathetic to that, there is only so much the distribution can do as there are logistical and other hurdles between Fedora and its users. It turns out that, to a great extent, Fedora can already move quickly when it needs to.

Stable kernels 5.6.8, 5.4.36, and 4.19.119 have been released with important fixes. Users should upgrade.

Python's SimpleNamespace class provides an easy way for a programmer to create an object to store values as attributes without creating their own (almost empty) class. While it is useful (and used) in its present form, Raymond Hettinger thinks it could be better. He would like to see the hooks used by mappings (e.g. dictionaries) added to the class, so that attributes can be added and removed using either x.a or x['a']. It would bring benefits for JSON handling and more in the language.

The Trinity Desktop Environment (TDE) R14.0.8 release is out. Trinity started out as a fork of KDE 3. "Ten years ago today, the Trinity Desktop Environment (TDE) saw the release of its first version (3.5.11). Lot of things have happened since that day but TDE has continued to grow and flourish throughout the years. Today the project is healthier than ever, with dedicated self-hosted servers, regular releases, modern collaboration tools and a vibrant community of users and enthusiasts."