1 év 2 hónap óta
jzb
1 év 2 hónap óta
KDE developer Nate Graham has announced
a new set of KDE Human
Interface Guidelines (HIG) for the KDE project. Graham says that the goals
for the new HIGs were to reflect how KDE designs software today, make
the content 100% actionable, improve navigation, and to improve the
guidelines so people feel comfortable contributing:
Like any rewrite, there are bound to be rough edges and omissions
compared to the old version. Maybe I missed a piece of useful
information in the old HIG that had been buried somewhere but retained
some value. Maybe there's low-hanging fruit for improvement. Help out
by
contributing!
jzb
1 év 2 hónap óta
The openSUSE project recently announced
the second release candidate (RC2) of its Aeon Desktop, formerly known
as MicroOS Desktop GNOME. Aside from the new coat of naming paint,
Aeon breaks ground in a few other ways by dabbling with technologies not found in other openSUSE releases. The goal for Aeon is to provide
automated system updates using snapshots that can be applied
atomically, removing the burden of system maintenance for
"lazy developers" who want to focus on their work rather than desktop
administration. System-tinkerers need not apply.
jzb
1 év 2 hónap óta
This
Project Zero article looks at the exploitation of a few Android driver
bugs in great detail.
As it becomes more difficult to find 0-days in core Android,
third-party Linux kernel drivers continue to become a more and more
attractive target for attackers. While the bulk of present-day
detected ITW [in-the-wild] Android exploitation targets GPU
drivers, it's equally important that other third-party drivers are
encouraged towards the same security standards.
corbet
1 év 2 hónap óta
Security updates have been issued by CentOS (389-ds-base, bind, bind-dyndb-ldap, and dhcp, firefox, glibc, ipa, less, libreoffice, and thunderbird), Debian (cups), Fedora (chromium and cyrus-imapd), Mageia (golang and poppler), Oracle (bind, bind-dyndb-ldap, and dhcp, gvisor-tap-vsock, python-idna, and ruby), Red Hat (dnsmasq and expat), SUSE (libaom, php8, podman, python-pymongo, python-scikit-learn, and tiff), and Ubuntu (h2database and vte2.91).
daroc
1 év 3 hónap óta
The BPF verifier is a complex program. This has the unfortunate effect of making
it simultaneously more difficult for contributors to work on, and more likely
to harbor unknown bugs. Shung-Hsi Yu had two concrete proposals for how to
simplify the verifier to make it easier to maintain that he presented at the 2024
Linux Storage,
Filesystem, Memory Management, and BPF Summit. Yu proposed changing how the
verifier tracks partially known values and cleaning up the interface to
hide the details of the value-tracker's internal representation.
daroc
1 év 3 hónap óta
Redirecting execution flow is a common malware
technique that can be used to compromise operating systems. To protect from such attacks,
the chip makers of leading architectures like x86 and arm64 have implemented
control-flow-integrity (CFI) extensions, though they need system
software support to function. At the
Linux
Security Summit North America,
RISC-V kernel developer Deepak Gupta described the CFI
protections for that architecture and invited community input on the
kernel support for them.
jake
1 év 3 hónap óta
Version
1.79.0 of the Rust language has been released. Changes this time
include inline const expressions, the "associated item bounds
syntax", and more.
corbet
1 év 3 hónap óta
Security updates have been issued by Debian (firefox-esr), Fedora (nginx-mod-modsecurity, php, and tomcat), Mageia (strongswan), Oracle (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, firefox, gdk-pixbuf2, idm:DL1, ipa, kernel, libreoffice, podman, rpm-ostree, and thunderbird), Red Hat (dnsmasq and nghttp2), Slackware (mozilla), SUSE (curl, firefox, kernel, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, openssl-3, and python-Pillow), and Ubuntu (libmatio, libndp, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4,
linux-xilinx-zynqmp, linux-oem-6.5, and virtuoso-opensource).
jake
1 év 3 hónap óta
The LWN.net Weekly Edition for June 13, 2024 is available.
corbet
1 év 3 hónap óta
The Cockpit project has
announced
the first release of Cockpit
Files, a plugin for Cockpit that allows file management on your server
via a web browser:
Cockpit Files was initially started by Google Summer of Code (GSoC)
student
Mahmoud Hamdy
and is now under active development by the Cockpit team. The goal is
to replace the functionality of the
cockpit-navigator
plugin from 45Drives and include automated testing per commit, a
standard PatternFly-based interface, and consistency with the rest of
Cockpit.
Development builds for Fedora are available via a
Copr repository, and packages are expected for Arch, Debian, and
Fedora. LWN covered the
Cockpit project in March.
jzb
1 év 3 hónap óta
CentOS Linux 7 was first
released in July 2014, and is due to go end-of-life (EOL) on June 30.
By now, anyone who pays attention to such things is aware that Red Hat pulled the plug on
CentOS Linux in late 2020 to be replaced by CentOS Stream
instead. CentOS Linux 8
support was wound
down at the end of 2021 rather than in 2029 as originally stated.
CentOS Linux 7 was allowed to serve out its
full lifespan—but that EOL is approaching rapidly and
there's no direct upgrade path. Users and organizations looking for a lifeline might want to consider
AlmaLinux's ELevate
utility, which allows CentOS users to migrate to alternate enterprise
Linux (EL) operating systems.
jzb
1 év 3 hónap óta
The Python Software
Foundation (PSF) has announced
that nominations are open for the PSF Board election through June
25:
Who runs for the board? People who care about the Python community,
who want to see it flourish and grow, and also have a few hours a
month to attend regular meetings, serve on committees, participate in
conversations, and promote the Python community.
The PSF has a video about
serving on the board for those who might be interested. PSF members
can nominate themselves or another member. Candidates
will be announced on June 27. Voting begins on July 2 and will end on
July 16.
jzb
1 év 3 hónap óta
The
mseal() system call allows a
process to prevent any future changes to portions of its address space
(thus "sealing" them); it was patterned after the
mimmutable() system call in OpenBSD.
mseal() generated a lot of discussion, but it was finally merged
for the upcoming 6.10 kernel release. While mseal() was initially
aimed at securing the Chrome browser, the hope was that it would be useful
elsewhere; as a step toward realizing that hope, Adhemerval Zanella has
posted
a
patch series adding support for — and use of — mseal() to the
GNU C library (glibc).
corbet
1 év 3 hónap óta
Systemd 256 has been released. As usual, the list of changes is long; see
this article for an overview, or the
announcement for all the details.
corbet
1 év 3 hónap óta
Greg Kroah-Hartman has announced another round of stable kernel
updates: 6.9.4, 6.6.33, and 6.1.93 have been released. Each contains
another set of important fixes, users of these kernels are advised to
upgrade right away.
jzb
1 év 3 hónap óta
The
openSUSE
Leap 15.6 release is available; this is intended to be the last
Leap 15.x release before Leap 16 comes out.
"Leap 15.6 is projected to receive maintenance and security updates
until the end of 2025 to ensure sufficient overlap with the next
release". Changes include the addition of the
Cockpit server-management tool, a
6.4 kernel, GNOME 45, and many other upgrades. This release also
removes a long list of unmaintained Python packages. See
the
release notes for details.
corbet
1 év 3 hónap óta
Security updates have been issued by AlmaLinux (booth), Debian (cyrus-imapd and vlc), Fedora (firefox, libarchive, php, and singularity-ce), Oracle (ipa and ruby:3.3), Red Hat (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, gdk-pixbuf2, gvisor-tap-vsock, kernel, kernel-rt, kpatch-patch, libreoffice, podman, protobuf-c, python-idna, rpm-ostree, ruby, and tomcat), Slackware (cups and mozilla), SUSE (bind, cups, iperf, kernel, nano, and poppler), and Ubuntu (libapache-mod-jk, linux-aws, linux-aws-5.15, linux-aws, linux-oracle, linux-intel-iotg-5.15, linux-nvidia, and mysql-8.0).
jzb
1 év 3 hónap óta
The
extensible scheduler class
("sched_ext") framework allows the writing of CPU schedulers as a set of
BPF programs. It has been
somewhat
controversial, and its merging into the kernel has been blocked despite
a clear level of interest from users.
Linus Torvalds has now
let
it be known that he has made a decision and, overriding the scheduler
maintainer, will merge sched_ext for the 6.11 release.
I honestly see no reason to delay this any more. This whole
patchset was the major (private) discussion at last year's kernel
maintainer summit, and I don't find any value in having the same
discussion (whether off-list or as an actual event) at the upcoming
maintainer summit one year later, so to make any kind of sane
progress, my current plan is to merge this for 6.11.
corbet
1 év 3 hónap óta
BPF is in a unique position in terms of security. It runs in a privileged
context, within the kernel, and can have access to many sensitive details of the
kernel's operation. At the same time, unlike kernel modules, BPF programs aren't signed.
Additionally, the mechanisms behind BPF present challenges to implementing
signing or other security features. Three nearly back-to-back sessions at the
2024
Linux Storage,
Filesystem, Memory Management, and BPF Summit
addressed some of the potential security problems.
daroc
Ellenőrizve
16 perc 48 másodperc ago
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Feliratkozás a következőre: Linux Weekly News hírcsatorna