1 év 11 hónap óta
Security updates have been issued by Debian (qpdf, ring, and tryton-server), Fedora (mingw-qt5-qtbase and moby-engine), Red Hat (cups, kernel, kernel-rt, kpatch-patch, librsvg2, and virt:rhel and virt-devel:rhel), and Ubuntu (amd64-microcode, firefox, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop,
linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency,
linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-kvm,
linux-oracle, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-hwe-6.2, linux-ibm,
linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi, linux-bluefield, linux-ibm, linux-oem-6.1, and openjdk-lts, openjdk-17).
corbet
1 év 11 hónap óta
Version 0.92
of Game of Trees
has been released (and the port
updated):
* got 0.92; 2023-08-29
see git repository history for per-change authorship information
- allow modified files to be deleted during
merges if content exists in repo
- disallow overlapping repo and work tree in '
got checkout'
- speed up opening of the work tree's file-index
- speed up deltification by resizing block hash tables less often
- add support for commit keywords to '
got log -x'
- fix 'got log -dPp' diffstat duplication bug
- improve out-of-date reporting accuracy in '
got branch -l' output
- document that the log -d option implies log -P
- prevent file-index corruption via deletion of missing locally-added files
- prevent a double-free in got_worktree_commit
- fix regression from 0.76: '
got diff' output matches /usr/bin/
diff -p again
-
gotsh: do not set POLLOUT flag if there is no data to send, for portability
-
gotd: stop logging "unexpected end of file" when client decides to disconnect
- make gotd flush pending messages before disconnecting the client upon success
-
gotwebd: fix bogus modification times displayed when show_repo_age is off
-
tog: show work tree base commit marker in the log view
- tog: fix an infinite loop that could be triggered via log view search
- plug a memory leak in tog's blame view
- tog regress: prevent crash in ncurses when Ctrl-C is used to cancel test runs
- tog regress: fix occasional failures due to commit timestamp mismatch
- regress: nix '
set -A' kshism from tests for portability
1 év 11 hónap óta
"Sugar" is, to a certain extent, in the eye of the beholder—at least when
it comes to syntax. Programming languages are often made up of a (mostly)
irreducible core, with lots of sugary constructs sprinkled on top—the
syntactic sugar. No one
wants to be forced to do without the extra syntax—at least not for their
favorite pieces—but it is worth looking at how a language's constructs can
be built from the core. That is just what Brett Cannon has been doing for
Python,
on his blog and in talks,
including a talk at PyCon back in April (
YouTube video).
jake
1 év 11 hónap óta
Security updates have been issued by Debian (flask-security and opendmarc), Fedora (qemu), Oracle (rust and rust-toolset:ol8), Red Hat (cups and libxml2), Scientific Linux (cups), SUSE (ca-certificates-mozilla, chromium, clamav, freetype2, haproxy, nodejs12, procps, and vim), and Ubuntu (faad2, json-c, libqb, linux, linux-aws, linux-lts-xenial, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, and linux-gke, linux-ibm-5.4).
corbet
1 év 11 hónap óta
Work involves supporting Windows (there's a lot of specialised hardware design software that's only supported under Windows, so this isn't really avoidable), but also involves git, so I've been working on extending our support for hardware-backed SSH certificates to Windows and trying to glue that into git. In theory this doesn't sound like a hard problem, but in practice oh good heavens.
Git for Windows is built on top of
msys2, which in turn is built on top of
Cygwin. This is an astonishing artifact that allows you to build roughly unmodified POSIXish code on top of Windows, despite the terrible impedance mismatches inherent in this. One is that until 2017, Windows had no native support for Unix sockets. That's kind of a big deal for compatibility purposes, so Cygwin worked around it. It's, uh,
kind of awful. If you're not a Cygwin/msys app but you want to implement a socket they can communicate with, you need to implement this undocumented protocol yourself. This isn't
impossible, but ugh.
But going to all this trouble helps you avoid another problem! The Microsoft version of OpenSSH ships an SSH agent that doesn't use Unix sockets, but uses a named pipe instead. So if you want to communicate between Cygwinish OpenSSH (as is shipped with git for Windows) and the SSH agent shipped with Windows, you need something that bridges between those. The state of the art seems to be to use
npiperelay with
socat, but if you're already writing something that implements the Cygwin socket protocol you can just use
npipe to talk to the shipped ssh-agent and then export your own socket interface.
And, amazingly, this all works? I've managed to hack together an SSH agent (using
Go's SSH agent implementation) that can satisfy hardware backed queries itself, but forward things on to the Windows agent for compatibility with other tooling. Now I just need to figure out how to plumb it through to WSL. Sigh.
comments
1 év 11 hónap óta
Confidential Computing is continuing to remain a popular topic in computing industry. From memory encryption to trusted I/O, hardware has been constantly improving and broadening. In the past years, confidential computing microconferences have brought together developers working on various features in hypervisors, firmware, Linux kernel, low level userspace up to container runtimes. We have discussed a broad range of topics, ranging from, hardware enablement to generic attestation workflows.
Just in the last year, we have seen support for Intel TDX and AMD SEV-SNP guests merged into Linux. Support for unaccepted memory has also landed in mainline. We have also had support for running as a CVM under Hyper-V partially merged into the kernel. However, there is still a long way to go before a complete Confidential Computing stack with open source software and Linux as the hypervisor becomes a reality. We invite contributions to this microconference to help make progress to that goal.
Topics of interest include
Please use the LPC CfP process to submit your proposals. Submissions can be made via the LPC abstract submission page. Make sure to select “Confidential Computing MC” as the track.
1 év 11 hónap óta
August 26 was the 25th anniversary of the release of the
Bugzilla bug tracker as open-source software under the Mozilla Public License (MPL). A
blog post for the occasion has some announcements, including several upcoming releases, help wanted, and a new legal entity to house the project:
Which now brings us to today, when I’m happy to announce the formation of Zarro Boogs Corporation, which will now be overseeing the Bugzilla Project. This is a taxable non-profit non-charitable corporation - we have filed with the IRS our intent to operate under US Tax Code §501(c)(4) (still pending approval from the IRS) meaning the IRS would require us to spend money raised on project expenses and not make a profit, but money donated to us will not earn you a tax deduction because we aren’t a charity (software development is not considered a charitable cause in the US). Unlike Thunderbird, which is a subsidiary of the Mozilla Foundation, we are an independent entity not owned by or associated with the Mozilla Foundation, although they have licensed the use of the Bugzilla trademark to us.
jake
1 év 11 hónap óta
Security updates have been issued by Debian (chromium, clamav, librsvg, rar, and unrar-nonfree), Fedora (caddy, chromium, and xen), and SUSE (ca-certificates-mozilla, gawk, ghostscript, java-1_8_0-ibm, java-1_8_0-openjdk, php7, qemu, and xen).
jake
1 év 11 hónap óta
Linus has, as expected,
released the 6.5
kernel.
I still have this nagging feeling that a lot of people are on
vacation and that things have been quiet partly due to that. But
this release has been going smoothly, so that's probably just me
being paranoid. The biggest patches this last week were literally
just to our selftests.
Headline features in 6.5 include
faster booting on large x86 systems,
Arm Permission Indirection Extension
support,
Rust 1.68.2 support,
unaccepted memory handling,
"mount beneath" support for filesystems,
the cachestat() system call,
the ability to pass a pidfd via a SCM_CREDENTIALS control message,
scope-based resource management for
internal kernel code,
the deprecation of the SLAB allocator,
and more. See the LWN merge-window summaries
(part 1,
part 2) and the (in-progress)
KernelNewbies 6.5 page
for details.
corbet
1 év 11 hónap óta
The
OpenTF Foundation has
announced that it is moving forward with its eponymous fork of
HashiCorp Terraform, which was recently
changed to a non-FOSS license by the company. The organization has applied to become part of the Linux Foundation, "with the end goal of having
OpenTF as part of Cloud Native Computing Foundation". There is a
GitHub repository for its manifesto, but the code repository for OpenTF is private for now, with
plans to open it up in the next week or two. Work has been going on for the last week and more developers are coming on board:
So far, four companies pledged the equivalent of 14 full-time engineers (FTEs) to the OpenTF initiative. We expect this number to at least double in the following few weeks. To give you some perspective, Terraform was effectively maintained by about 5 FTEs from HashiCorp in the last 2 years. If you don’t believe us, look at their repository.
Some of the people behind OpenTF are participating in a Hacker News thread, so more information can be found there as well.
jake