+ LWN.net + News from the source +
++ LWN.net is a reader-supported news site dedicated to producing the best + coverage from within the Linux and free software development communities. + See the LWN FAQ for more information, and + please consider subscribing to gain full + access and support our activities. ++
+
+ Network packet headers contain a great deal of information, but the +kernel often only needs a subset of that information to be able to perform +filtering or associate any given packet with a flow. The piece of code that +follows the different layers of packet encapsulation to find the important +data is called a flow dissector. In current Linux kernels, the flow +dissector +is written in C. A patch set has been +proposed recently to implement it in BPF with the clear goal of improving +security, flexibility, and maybe even performance. + +
+ Full Story (comments: 1) +
+
+ The Harvard Business School's "Working Knowledge" site has an +article arguing that it can pay for companies to allow their developers +to contribute back to the projects whose software they use. +"And that presents an interesting dilemma for firms that rely heavily +on open source. Should they allow employees on company time to make updates +and edits to the software for community use that could be used by +competitors? New research by Assistant Professor Frank Nagle, a member of +the Strategy Unit at Harvard Business School, shows that paying employees +to contribute to such software boosts the companyâs productivity from using +the software by as much as 100 percent, when compared with free-riding +competitors." +
+
+ The LWN.net Weekly Edition for September 6, 2018 is available. +
+ Inside this week's LWN.net Weekly Edition +
+ +
+ Security updates have been issued by Debian (curl, gdm3, git-annex, lcms2, and sympa), Fedora (discount, dolphin-emu, gd, obs-build, osc, tcpflow, and yara), openSUSE (wireshark), Slackware (curl, firefox, ghostscript, and thunderbird), SUSE (apache-pdfbox, curl, dovecot22, and libvirt), and Ubuntu (libtirpc). + +
+ Full Story (comments: none) +
+
+
+Security and convenience rarely go hand-in-hand, but if your job (or life) +requires extraordinary care against potentially targeted attacks, the +security side of that tradeoff may win out. If so, running a system like +Qubes OS on your desktop or CopperheadOS on your phone might make sense, +which is just what Konstantin Ryabitsev, Linux Foundation (LF) director of IT +security, has done. He reported on the experience in a talk +[YouTube video] entitled "Life Behind the Tinfoil Curtain" at the 2018 +Linux +Security Summit North America. + +
+ Full Story (comments: 9) +
+
+ The GNOME Project has announced the release of GNOME 3.30 +"AlmerÃa". "This release brings automatic updates in Software, more +games, and a new Podcasts application. Improvements to core GNOME +applications include a refined location and search bar in Files, a +[Thunderbolt] panel in Settings, support for remoting using RDP in Boxes, and +many more." The release notes +contain more information. + +
+ Full Story (comments: none) +
+
+ The Spectre variant 2 vulnerability allows the speculative execution of +incorrect (in an attacker-controllable way) indirect branch predictions, +resulting in +the ability to exfiltrate information via side channels. The kernel has +been reasonably well protected against this variant since shortly after its +disclosure in January. It is, however, possible for user-space processes +to use Spectre v2 to attack each other; thus far, the mainline kernel has +offered relatively little protection against such attacks. A recent proposal +from Jiri Kosina may change that situation, but there are still some +disagreements around the details. + +
+ Full Story (comments: 1) +
+
+ Mozilla has released Firefox 62.0, with several new features. The Firefox +Home (default New Tab) allows users to display up to 4 rows of top sites, +Pocket stories, and highlights; for those using containers there is menu +option to reopen a tab in a different container; Firefox 63 will remove all +trust for Symantec-issued certificates, and it is optional in Firefox +62; FreeBSD support for WebAuthn was added; and more. See the release +notes for details. +
+
+
GopherCon is the major +conference for the Go language, attended +by 1600 +dedicated "gophers", as the members of its community like to call +themselves. Held for the last five years in Denver, it attracts programmers, +open-source contributors, and technical managers from all over North +America and the world. GopherCon's highly-technical program is an intense +mix of Go internals and programming tutorials, a few of which we will +explore in this article. +
+Subscribers can read on for a report from GopherCon by guest author Josh +Berkus. + +
+ Full Story (comments: 10) +
+
+
Part 1 of this series introduced +the Julia project's goals and +development process, along with +the language syntax, including the basics of control flow, data +types, and, in more detail, how to work with arrays. In this part, +user-defined functions and the central +concept of multiple dispatch are described. It will also survey Julia's +module and +package system, cover some syntax features, show how to make +plots, and briefly dip into macros and distributed computing. + +
+ Full Story (comments: 7) +
+
+ Security updates have been issued by Debian (lcms2), openSUSE (yubico-piv-tool), Oracle (kernel), and SUSE (cobbler and kvm). + +
+ Full Story (comments: none) +
+
+ It is common for kernel code to generate unique integers for identifiers. +When one plugs in a flash drive, it will show up as +/dev/sdN; that N (a letter derived from a +number) must be generated in the +kernel, and it should not already be in use for another drive or unpleasant +things will happen. One might think that generating such numbers would not +be a difficult task, but that turns out not to be the case, especially in +situations where many numbers must be tracked. The IDA (for "ID +allocator", perhaps) API exists to handle this specialized task. In past +kernels, it has managed to make the process of getting an unused number +surprisingly +complex; the 4.19 kernel has a new IDA API that simplifies things +considerably. + +
+ Full Story (comments: 8) +
+
+ Security updates have been issued by openSUSE (ImageMagick, libressl, postgresql10, spice, and spice-gtk), Red Hat (collectd, kernel, Red Hat Gluster Storage, Red Hat Virtualization, RHGS WA, rhvm-appliance, and samba), and SUSE (crowbar, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, kernel, spice, and spice-gtk). + +
+ Full Story (comments: none) +
+
+ The developers of the Android system have, among their many goals, the wish +to better protect Android devices against persistent compromise. It is bad +if a device is taken over by an attacker; it's worse if it remains +compromised even after a reboot. Numerous mechanisms for ensuring the +integrity of installed system files have been proposed and implemented +over the years. But it seems there is always room for one more; to fill +that space, the fs-verity +mechanism is being proposed as a way to protect individual files from +malicious modification. + +
+ Full Story (comments: 6) +
+
+ The annual Maintainer and Kernel Summits will be held in Vancouver, BC on +November 12 to 15, in conjunction with the Linux Plumbers Conference. +The program committee is looking for topics for both summits; read on for +details on how to submit ideas and, perhaps, get an invitation to the +Maintainer Summit. + +
+ Full Story (comments: none) +
+
+ The LWN.net Weekly Edition for August 30, 2018 is available. +
+ Inside this week's LWN.net Weekly Edition +
+ +
+ Security updates have been issued by Debian (dojo, libtirpc, mariadb-10.0, php5, ruby-json-jwt, spice, spice-gtk, tomcat8, and trafficserver), Fedora (ghc-hakyll, ghc-hs-bibutils, ghostscript, mariadb, pandoc-citeproc, phpMyAdmin, and xen), Mageia (java-1.8.0-openjdk, libarchive, libgd, libraw, libxcursor, mariadb, mercurial, openssh, openssl, poppler, quazip, squirrelmail, and virtualbox), openSUSE (cobbler, libressl, wireshark, and zutils), and SUSE (couchdb, java-1_7_0-ibm, java-1_7_1-ibm, OpenStack, and spice). + +
+ Full Story (comments: none) +
+
+ Many services, from web hosting and video streaming to cloud storage, +need to move data to and from storage. They also often require that each per-client +I/O flow be guaranteed a non-zero amount of bandwidth and a bounded latency. An +expensive way to provide these guarantees is to over-provision +storage resources, keeping each resource underutilized, and thus +have plenty of bandwidth available for the few I/O flows dispatched to +each medium. Alternatively one can use an I/O controller. Linux provides +two mechanisms designed to throttle some I/O streams to allow others to +meet their bandwidth and latency requirements. These mechanisms work, but +they come at a cost: a loss of as much as 80% of total available I/O +bandwidth. I have run some tests to demonstrate this problem; some +upcoming improvements to the bfq I/O +scheduler promise to improve the situation considerably. + +
+ Full Story (comments: 4) +
+
+ The 4.19-rc2 kernel prepatch is out for +testing. +"As usual, the rc2 release is pretty small. People are taking a +breather after the merge window, and it takes a bit of time for bug +reports to start coming in and get identified." +
+
+
+ Copyright © 2018, Eklektix, Inc.
+
+ Comments and public postings are copyrighted by their creators.
+ Linux is a registered trademark of Linus Torvalds
+
+