LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
업데이트: 26분 38초 지남
화, 2024/04/23 - 10:30오후
Security updates have been issued by Debian (glibc and samba), Fedora (chromium, cjson, mingw-python-idna, and pgadmin4), Mageia (kernel, kmod-xtables-addons, kmod-virtualbox, kernel-linus, and perl-Clipboard), Red Hat (go-toolset:rhel8, golang, java-11-openjdk, kpatch-patch, and shim), Slackware (freerdp), SUSE (apache-commons-configuration, glibc, jasper, polkit, and qemu), and Ubuntu (google-guest-agent, google-osconfig-agent, linux-lowlatency-hwe-6.5, pillow, and squid).
화, 2024/04/23 - 7:34오전
The Open Home Foundation has
announced
its existence as a home and support resource for free home-automation
projects.
We created the Open Home Foundation to fight for the fundamental
principles of privacy, choice, and sustainability for smart
homes. And every person who lives in one.
Ahead of today, we've transferred over 240 projects, standards,
drivers, and libraries—Home Assistant, ESPHome, Zigpy, Piper,
Improv Wi-Fi, Wyoming, and so many more—to the Open Home
Foundation. This is all about looking into the future. We've done
this to create a bulwark against surveillance capitalism, the risk
of buyout, and open-source projects becoming abandonware. To an
extent, this protection extends even against our future selves—so
that smart home users can continue to benefit for years, if not
decades. No matter what comes.
화, 2024/04/23 - 2:39오전
One of the mainstays of the the Linux Foundation's Open Source Summit is the "fireside chat"
(sans fire) between Linus Torvalds and Dirk Hohndel to discuss open source and
Linux kernel topics of the day. On April 17, at Open Source Summit
North America (OSSNA) in Seattle, Washington, they held with tradition
and discussed a range of topics including proper whitespace parsing,
security, and the current AI craze.
월, 2024/04/22 - 11:44오후
Peter Hutterer
announces
udev-hid-bpf, a tool to facilitate the loading of BPF programs that
make human-input devices work correctly.
eBPF was originally written for network packet filters but as of
kernel v6.3 and thanks to Benjamin, we have BPF in the HID
subsystem. HID actually lends itself really well to BPF because,
well, we have a byte array and to fix our devices we need to do
complicated things like "toggle that bit to zero" or "swap those
two values".
See this article for more information on
the BPF-HID mechanism.
월, 2024/04/22 - 11:38오후
Security updates have been issued by AlmaLinux (firefox and java-1.8.0-openjdk), Debian (chromium, flatpak, guix, openjdk-11, openjdk-17, thunderbird, and tomcat9), Fedora (chromium, firefox, glibc, nghttp2, nodejs18, python-aiohttp, python-django3, python-pip, and uxplay), Mageia (putty & filezilla), Red Hat (Firefox, firefox, java-1.8.0-openjdk, java-21-openjdk, nodejs:18, shim, and thunderbird), Slackware (freerdp), SUSE (apache-commons-configuration2, nodejs14, perl-CryptX, putty, shim, and wireshark), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-azure-5.15, linux-azure-fde,
linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,
linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,
linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm,
linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4,
linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle,
linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.5, linux-azure, linux-gcp, linux-gcp-6.5,
linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-nvidia-6.5,
linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi,
linux-starfive, linux-starfive-6.5, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, lxd, percona-xtrabackup, and pillow).
월, 2024/04/22 - 6:55오전
Linus has
released 6.9-rc5 for testing.
But if you ignore those oddities, it all looks pretty normal and
things appear fairly calm. Which is just as well, since the first
part of the week I was on a quick trip to Seattle, and the second
part of the week I've been doing a passable imitation of the
Fontana di Trevi, except my medium is mucus.
금, 2024/04/19 - 11:12오후
Gregory Price recently posted
a patch set that adds support for weighted memory interleaving — allowing a
process's memory to be distributed between
non-uniform memory access (NUMA)
nodes in a more controlled way.
According to his performance measurements, the patch set could provide a
significant improvement for computers with network-attached memory.
The patch set also
introduces new system calls and paves the way for future extensions
intended to give processes more control over their own memory.
금, 2024/04/19 - 10:08오후
Security updates have been issued by AlmaLinux (gnutls, java-17-openjdk, mod_http2, and squid), Debian (firefox-esr), Fedora (editorconfig, perl-Clipboard, php, rust, and wordpress), Mageia (less, libreswan, puppet, and x11-server, x11-server-xwayland, and tigervnc), Slackware (aaa_glibc), and SUSE (firefox, graphviz, kernel, nodejs12, pgadmin4, tomcat, and wireshark).
금, 2024/04/19 - 12:11오전
Gentoo Council member Michał Górny posted
an RFC to the gentoo-dev mailing
list in late February about banning "'AI'-backed (LLM/GPT/whatever)
contributions" to the Gentoo Linux project. Górny wrote that the spread of the
"AI bubble" indicated a need for Gentoo to formally take a stand on AI
tools. After a lengthy discussion, the Gentoo Council voted
unanimously this week to adopt his proposal and ban contributions generated with AI/ML tools.
목, 2024/04/18 - 11:24오후
Kernel developers, like conscientious developers for many projects, will
often include checks in the code for conditions that are never expected to
occur, but which would indicate a serious problem should that expectation
turn out to be incorrect. For years, developers have been encouraged (to
put it politely) to avoid using assertions that crash the machine for such
conditions unless there is truly no alternative. Increasingly, though, use
of the kernel's WARN_ON() family of macros, which developers were
told to use instead, is also being discouraged.
목, 2024/04/18 - 11:03오후
Security updates have been issued by Debian (firefox-esr, jetty9, libdatetime-timezone-perl, tomcat10, and tzdata), Fedora (cockpit, filezilla, and libfilezilla), Red Hat (firefox, gnutls, java-1.8.0-openjdk, java-17-openjdk, kernel, kernel-rt, less, mod_http2, nodejs:18, rhc-worker-script, and shim), Slackware (mozilla), SUSE (kernel), and Ubuntu (apache2, glibc, and linux-xilinx-zynqmp).
목, 2024/04/18 - 9:29오전
The LWN.net Weekly Edition for April 18, 2024 is available.
목, 2024/04/18 - 12:25오전
Managing to-do lists is something of a universal necessity. While some
people handle them mentally or on paper, others resort to a web-based tool or
a mobile
application. For those preferring the command line, the MIT-licensed
Taskwarrior offers a flexible solution
with a healthy community and lots of extensions.
수, 2024/04/17 - 9:36오후
Security updates have been issued by Debian (apache2 and cockpit), Fedora (firefox, kernel, mbedtls, python-cbor2, wireshark, and yyjson), Mageia (nghttp2), Red Hat (kernel, kernel-rt, opencryptoki, pcs, shim, squid, and squid:4), Slackware (firefox), SUSE (emacs, firefox, and kernel), and Ubuntu (linux-aws, linux-aws-5.15, linux-aws-6.5, linux-raspi, and linux-iot).
수, 2024/04/17 - 4:54오전
The recent XZ backdoor has sparked a lot of discussion about how the open-source
community links and packages software. One possible
security improvement being discussed
is changing how
projects like systemd link to dynamic libraries that are only used for
optional functionality: using
dlopen() to load those libraries only
when required. This could
shrink the attack surface exposed by dependencies, but the approach is not
without downsides — most prominently, it makes discovering which dynamic
libraries a program depends on harder.
On April 11, Lennart Poettering proposed one way to eliminate that problem
in a systemd RFC on GitHub.
수, 2024/04/17 - 1:00오전
Fedora 40 Beta was released
on March 26, and the final release is nearing completion. So far,
the release is coming together nicely with major
updates for GNOME, KDE Plasma, and the usual cavalcade of
smaller updates and enhancements. As part of the release, the project also scuttled Delta
RPMs and OpenSSL 1.1.
수, 2024/04/17 - 12:33오전
Version
0.81 of the PuTTY SSH client is out with a fix for
CVE-2024-31497;
some users will want to update and generate new keys:
PuTTY 0.81, released today, fixes a critical vulnerability
CVE-2024-31497 in the use of 521-bit ECDSA keys
(ecdsa-sha2-nistp521). If you have used a 521-bit ECDSA private
key with any previous version of PuTTY, consider the private key
compromised: remove the public key from authorized_keys files, and
generate a new key pair.
However, this only affects that one algorithm and key size. No
other size of ECDSA key is affected, and no other key type is
affected.
화, 2024/04/16 - 11:00오후
Security updates have been issued by Debian (php7.4 and php8.2), Fedora (c-ares), Mageia (python-pillow and upx), Oracle (bind and dhcp, bind9.16, httpd:2.4/mod_http2, kernel, rear, and unbound), SUSE (eclipse, maven-surefire, tycho, emacs, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, nodejs16, nodejs18, nodejs20, texlive, vim, webkit2gtk3, and xen), and Ubuntu (gnutls28, klibc, libvirt, nodejs, and webkit2gtk).
페이지