Hírolvasó

The Open Source Initiative (OSI) has announced the results of its recent board of directors election. Ruth Suehle and McCoy Smith are new to the board, while Carlo Piana will serve another term. The results, however, seem tainted in the eyes of some participants and observers. The election has been plagued by missteps from the beginning. It has culminated with the exclusion of three candidates for failing to meet a requirement to sign the OSI board agreement, which was added after the election was over and before results were tallied or announced.

As a system runs and its memory becomes fragmented, allocating large, physically contiguous regions of memory becomes increasingly difficult. Much effort over the years has gone into avoiding the need to make such allocations whenever possible, but there are times when they simply cannot be avoided. The kernel's contiguous memory allocator (CMA) subsystem attempts to make such allocations possible, but it has never been a perfect solution. Suren Baghdasaryan is is trying to improve that situation with the guaranteed contiguous memory allocator patch set, which includes work from Minchan Kim as well.

Julien Malka has called for the NixOS project to use build-reproducibility to detect when a program has a maintainer-generated tarball that results in a different artifact than building from source. There are good reasons for projects to release maintainer-generated tarballs, but since the materials included in them are usually documentation, extra build scripts, and so on, it makes sense to check that they don't influence the final build output. While this would not have stopped last year's XZ backdoor, it would have made it harder to hide.

People are often convinced that OSS is more trustworthy than closed-source software because the code can be audited by practitioners and security professionals in order to detect vulnerabilities or backdoors. In this instance, this procedure has been made difficult by the fact that part of the code activating the backdoor was not included in the sources available within the git repository but was instead present in the maintainer-provided tarball. While this was used to hide the backdoor out of sight of most investigating eyes, this is also an opportunity for us to improve our software supply chain security processes.

Brendan Jackman has been working to try to get ahead of the next hardware CPU vulnerability before it gets discovered. In January, he posted the second version of a patch set that introduces address-space isolation (ASI) as a way of preventing future CPU vulnerabilities from leaking important information. The core concept is to ensure that data that is not currently needed is not present in memory, so that speculative execution cannot leak it. The work is nowhere near ready to be incorporated into the mainline kernel — not least of all because it has a large performance impact in its current form — but it is likely to once again be a topic of discussion at the 2025 Linux Filesystem, Memory Management, and BPF Summit.

Raspberry Pi has announced rpi-image-gen, a tool to create custom software images for its devices.

rpi-image-gen is a Bash orientated scripting engine capable of producing software images with different on-disk partition layouts, file systems and profiles using collections of metadata and a defined flow of execution. It provides the means to create a highly customised software image for your Raspberry Pi device. rpi-image-gen is human readable, auditable and easy to use.

The Git repository for rpi-image-gen has a number of examples to help users get started making their own custom images.

The Asahi Linux project, working to support Linux on Apple hardware, has published a progress report to coincide with the 6.14 kernel release.

Now that Rust for Linux abstractions are starting to be merged at a healthy pace, we are faced with an emerging challenge. It is rare for any kernel patch to survive the mailing list without at least a couple of non-trivial changes, and Rust abstractions are no exception. Every time an abstraction used by our driver is merged, we must drop our downstream version and rebase the driver atop the version accepted upstream. This is grueling, menial, and unpleasant work, and Janne has our deepest gratitude for volunteering his time to get through it.

Security updates have been issued by Debian (chromium), Fedora (fluent-bit, openssh, php, and webkitgtk), Mageia (freerdp), Oracle (libreoffice and webkit2gtk3), Red Hat (kernel-rt), Slackware (libarchive), SUSE (apptainer, gitea-tea, libxml2, tomcat, webkit2gtk3, and wpa_supplicant), and Ubuntu (libxslt and pam-pkcs11).

A keresőcég torkig van a Google Térképet kihasználó csalókkal.

Egyelőre nem nyereséges a streamingszolgáltatás, de ha valaki, akkor a cupertinóiak ezt megengedhetik maguknak.

RTL Híradó bias trey 2025. 03. 21., p – 12:48

A csoportos keresetet indítók szerint a gyártó félrevezette a vevőket, amikor fejlett AI-funkciókkal ellátott iPhone-okról kommunikált.

Kérdés, megéri-e majd a fejlesztőknek.

Trehányság? Alulméretezés? Hamisítás? Most megtudhatod, mi állt a 2000-es évek kondenzátor-járványának hátterében.

Kíváncsi vagy a legdurvább kulisszatitkokra a HWSW elmúlt negyed évszázadából? Popcornt elő, jöhet az 57. Weekly!

FORMULA 1 HEINEKEN CHINESE GRAND PRIX 2025 trey 2025. 03. 21., p – 08:34

As the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit (LSFMM+BPF) approaches, the density of memory-management patches on the mailing lists has increased. Included among those are patches aimed at improving the reliability and performance of huge-page allocation, implementing page promotion on tiered-memory systems, adding a different approach to deduplicating memory, and replacing the BPF memory allocator. Read on for an overview of each.

Security updates have been issued by Debian (php7.4, python-django, and python3.9), Fedora (bluez, iwd, libell, and radare2), Mageia (chromium-browser-stable, mosquitto, tomcat, tomcat packages, and vim), Oracle (firefox, grub2, python3, thunderbird, and webkit2gtk3), Red Hat (fence-agents, php:7.4, and python-jinja2), SUSE (assimp-devel, crane, ffmpeg-4, freetype2, helm, kernel, kured, python-Django, python-Jinja2, python311-Django4, and tomcat), and Ubuntu (alpine, djoser, libxslt, postgresql-9.5, and valkey).

Láthatólag nem aknázta ki teljesen a hajlítható kijelzőkben rejlő lehetőséget a kínai Huawei.

CPU pasztáért mentem trey 2025. 03. 20., cs – 14:34

Drupal 11.1.4 -> Drupal 11.1.5 trey 2025. 03. 20., cs – 14:30