Understanding the Postgres Hackers Mailing List Language
Reading an established open-source project’s developer mailing list
may leave new contributors wishing they had a decoder ring. Greg
Sabino Mullane has written up a valuable explainer
for those new to the PostgreSQL hackers ( pgsql-hackers)
mailing list that may also be useful for decoding other lists as well:
The mailing lists are full of acro … ⌘ Read more
[$] A SpamAssassin surprise
Here is a piece of advice for anybody wanting an easy and frustration-free
life: do not run your own email system. While there numerous advantages to
keeping some control over your communications, there is also a long list of
things that can go wrong. A recent failure of spam filtering on the LWN
email system illustrated one of those ways, as well as shining a light on
how even a seemingly independent email system is tied to other services
across the net. ⌘ Read more
ElasticSearch and Kibana become free software (again)
Back in 2021, the ElasticSearch search engine and Kibana visualization
platform were relicensed under the non-free
Server Side Public License (SSPL). Now, Elastic (the company owning those
projects) has announced
that those projects will also be distributable under the Affero GPL license.
We never stopped believing and behaving like an open source
community after we changed t … ⌘ Read more
Airlie: On Rust, Linux, developers, maintainers
Dave Airlie makes\
an analogy between the stages of road building and those of adding Rust
to the Linux kernel.
For the wayfinders the process of interacting with maintainers is
frustrating and slow, and they don’t enjoy it as much as
wayfinding, and because they still only care about the hotel at the
end, when a maintainer gets into the details of their particular
intersection they don’t wan … ⌘ Read more
AnandTech shuts down
The venerable AnandTech site has announced\
its closing after 27 years of technology-industry coverage.
Still, few things last forever, and the market for written tech
journalism is not what it once was – nor will it ever be again. So,
the time has come for AnandTech to wrap up its work, and let the
next generation of tech journalists take their place within the
zeitgeist.
The site will surely be missed. ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (libvpx, postgresql, postgresql:12, postgresql:13, postgresql:15, and python39:3.9 and python39-devel:3.9), Debian (chromium and ghostscript), Fedora (python3.13), and SUSE (chromium and podman). ⌘ Read more
Graham: Asking for donations in Plasma
The KDE project plans to directly
ask for donations in the Plasma desktop starting with version
6.2. According to this\
blog post by Nate Graham, users will see a\
system notification once per year (in December) asking for a
donation to the non-profit KDE e.V.:
Now, I know that messages like this can be contr … ⌘ Read more
GNU Screen v.5.0.0 is released
Version 5.0.0 of GNU Screen has
been released. Notable changes in this release include
new commands for authentication, input into multiple windows at the
same time, and to turn on/off truecolor support. ⌘ Read more
Three new stable kernels
Greg Kroah-Hartman has announced the release of the 6.10.7, 6.6.48, and 6.1.107 stable kernels. They all contain
important fixes throughout the kernel tree, as is the norm. ⌘ Read more
[$] Plasma Mobile for highly configurable Linux phones
Plasma Mobile is an open-source
user interface for mobile devices, developed by the KDE community. It’s
built on the same foundations as Plasma Desktop, including KDE Frameworks and the KWin window
manager. Much like its desktop counterpart, Plasma Mobile caters to
advanced users by offering extensive customizability. It is offe … ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (bind and bind-dyndb-ldap and postgresql:16), Fedora (less and python3.6), Mageia (nodejs & yarnpkg), Oracle (libvpx and postgresql:16), Red Hat (edk2, git, kernel, openldap, postgresql:15, postgresql:16, python3, and python39:3.9 and python39-devel:3.9), SUSE (apache2, python-setuptools, and python3-setuptools), and Ubuntu (linux-oracle). ⌘ Read more
Rust-for-Linux Wedson Almeida Filho drops out
Wedson Almeida Filho, one of the key developers driving the Rust for Linux project, has retired from the\
project.
After almost 4 years, I find myself lacking the energy and
enthusiasm I once had to respond to some of the nontechnical
nonsense, so it’s best to leave it up to those who still have it
in them.
As an example of the sort of “nonsense” he referred to, he provided [a lin … ⌘ Read more
[$] LWN.net Weekly Edition for August 29, 2024
The LWN.net Weekly Edition for August 29, 2024 is available. ⌘ Read more
[$] MemHive: sharing immutable data between Python subinterpreters
Immutable data makes concurrent access easier, since it
eliminates the data-race conditions that can plague multithreaded programs. At
PyCon 2024, Yury Selivanov
introduced an early-stage project called MemHive, which uses Python
subinterpreters and immutable data to
overcome the problems of thread serialization that are caused by the
language’s Global Interpreter Loc … ⌘ Read more
[$] Debian discusses principles for package maintenance
Achieving consensus among Debian Developers on technical topics and
procedures can be, to put it mildly, challenging. Nevertheless, that
is exactly what Otto Kekäläinen has tried to do with a proposal that
would set up “principles all Debian packages should follow to be
open for collaboration in package maintenance”. In the near term,
it seems unlikely that the proposal wi … ⌘ Read more
Judge dismisses majority of GitHub Copilot copyright claims (Developer)
Developer reports
that most (but not all) of the claims in the GitHub Copilot lawsuit have
been dismissed with prejudice by the judge.
Judge Jon Tigar’s ruling, unsealed last week, leaves only two
claims standing: one accusing the companies of an open-source
license violation and another alleging breach of contract. This
decision marks a substantial setback … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by Fedora (calibre, dotnet8.0, dovecot, webkit2gtk4.0, and webkitgtk), Oracle (nodejs:20), Red Hat (bind, bind and bind-dyndb-ldap, postgresql:16, and squid), Slackware (kcron and plasma), SUSE (keepalived and webkit2gtk3), and Ubuntu (drupal7). ⌘ Read more
WineHQ to take over Mono
The Mono project was started in 2001 to develop a .NET environment for
Linux systems. Microsoft has owned that project since 2016, but has not
made a major release since 2019. The company has now announced that Mono is being
handed over to the WineHQ organization, which will maintain the repository going
forward. Microsoft, meanwhile, is steering users toward its “modern
fork” that it continues to maintain. ⌘ Read more
Calligra Office 4.0 released
KDE developer Carl Schwan has announced
the release of Calligra Office
version 4.0. The most significant changes in this release include a “major
overhaul” of the office suite’s user interface, and a transition to Qt 6 and KDE Frameworks 6. ⌘ Read more
Call for nominations: Ubuntu Community Council
Nominations are now\
open for people interested in joining the Ubuntu\
Community Council, “the highest governance body of the Ubuntu
project”. Any Ubuntu Member can
apply from now until Sunday, September 22 at 23:59 UTC.
The Ubuntu project turned 20 this year, but is still in constant
flux. The a … ⌘ Read more
[$] NIST finalizes post-quantum encryption standards
On August 13, the US National Institute of Standards and Technology (NIST)
published the final form of its new post-quantum cryptographic standards. One
key-exchange mechanism and two digital-signature schemes are now officially
sanctioned by the institute. Adopting the new standards should be fairly
painless for most developers, but the overhead added by the schemes could pose
challenges for some applications … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by AlmaLinux (nodejs:20), Debian (python3.11), Fedora (dotnet8.0), Red Hat (bind, krb5, libreoffice, linux-firmware, orc, orc:0.4.28, and orc:0.4.31), SUSE (mariadb and openssl-3), and Ubuntu (linux-aws-5.4). ⌘ Read more
A malicious Pidgin plugin
The developers of the Pidgin chat program
have announced that
a malicious plugin had been listed on its third-party plugins list for over
one month. This plugin included a key logger and could capture
screenshots.
It went unnoticed at the time that the plugin was not providing any
source code and was only providing binaries for download. Going
forward, we will be requiring that all plugins that we link to have
an OSI Approv … ⌘ Read more
Sovereign Tech Fund (STF) to invest in FreeBSD infrastructure modernization
The FreeBSD Foundation has announced that Germany’s Sovereign Tech\
Fund (STF) has agreed to invest €686,400 toward improvements in the
FreeBSD project’s infrastructure, security, regulatory compliance, and
developer experience:
The work commissioned by STF also aligns closely with the recent
[August\ > 9, 2024 summary report](https://www.whitehouse.gov/oncd … ⌘ Read more
Security updates for Monday
Security updates have been issued by Debian (chromium, python-html-sanitizer, and trafficserver), Fedora (nginx, nginx-mod-fancyindex, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, python-webob, python3-docs, python3.11, python3.12, python3.9, and zabbix), Red Hat (bind, bind and bind-dyndb-ldap, bind9.16, httpd, kernel, kernel-rt, and nodejs:20), SUSE (caddy, chromium, chromium, gn, rust-bindgen, cockpit, fetchmail, gdcm, gh, keybase-client, libhtp, libofx, nano, plasma5-workspace, … ⌘ Read more
Kernel prepatch 6.11-rc5
The 6.11-rc5 kernel prepatch is out for
testing. “Other than the timing, there’s not a whole lot unusual
here. The diffstat looks fairly flat, which means ‘mostly pretty small
changes’.” Linus Torvalds added a\
note that today marks the 33rd anniversary of the first Linux
announcement; “A third of a century. And it *still* isn’t ready”. ⌘ Read more
[$] The history, status, and plans for reproducible builds
On the second day of DebConf24
in Busan, South Korea, Holger Levsen provided a history lesson on the
“first 11 years” of the Reproducible Builds project.
He has been involved in the project for most of that time and has been a
Debian user since the mid-1990s, contributor since 2001, and a Debian
member since 2007; “I love Debian”. Meanwhile, his aim is to make all free
software be reproducible, so that anyon … ⌘ Read more
Forgejo changes license to GPLv3+
The
Forgejo project has announced that, starting from version 9.0, Forgejo will be released under the GPLv3 license (or a later version). Older versions of the software forge remain MIT-licensed.
A copyleft license makes reusing other copyleft software easier. Recently, we discovered that
[some of the dependencies we used were incompatible with the license Forgejo was distributed with](https://forgejo.org/2024-07-non-free-dependency-foun … ⌘ Read more
Security updates for Friday
Security updates have been issued by Fedora (community-mysql, iaito, and radare2), Oracle (python3.12-setuptools and tomcat), Red Hat (krb5 and podman), Slackware (ffmpeg), SUSE (apache2, expat, firefox, webkit2gtk3, and xen), and Ubuntu (imagemagick and libxstream-java). ⌘ Read more
LibreOffice 24.8 released
Version\
24.8 of the LibreOffice office suite has been released. Changes
include the ability to filter identifying information from exported files,
easier creation of cross reference, better control over hyphenation, a
number of new spreadsheet functions, accessibility improvements, and more. ⌘ Read more
[$] A review of file descriptor memory safety in the kernel
On July 30, Al Viro sent
a patch set to the linux-fsdevel mailing list with a
comprehensive cover letter explaining his
recent work on ensuring that the kernel’s internal representation of
file descriptors are used correctly in the kernel.
File descriptors are ubiquitous; many system calls
need to handle them. Viro’s review
identified a few existing bugs, and may prevent more in the future. He also had
suggestions for way … ⌘ Read more
Garrett: What is an SBAT and why does everyone suddenly care
Matthew Garrett describes\
the role of the Secure Boot Advanced Targeting mechanism and how it
played into the recent Windows upgrade problems.
So why is this suddenly relevant? SBAT was developed
collaboratively between the Linux community and Microsoft, and
Microsoft chose to push a Windows update that told systems not to
trust versions of grub with a security generation below a certain
level. This was because those … ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (.NET 8.0, bind, bind9.16, curl, edk2, firefox, gnome-shell, grafana, jose, krb5, libreoffice, mod_auth_openidc:2.3, orc, pcs, poppler, python-setuptools, python-urllib3, python3.11-setuptools, python3.12-setuptools, thunderbird, tomcat, and wget), Fedora (webkitgtk), SUSE (apache2, glib2, and roundcubemail), and Ubuntu (kernel, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
linux-azure-fde, linux-azure-fde-5.15, linux-gcp … ⌘ Read more
[$] LWN.net Weekly Edition for August 22, 2024
The LWN.net Weekly Edition for August 22, 2024 is available. ⌘ Read more
“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update (ars technica)
Ars technica covers
a recent update
that is causing problems for users with systems that dual-boot Windows
and Linux.
“Note that Windows says this update won’t apply to systems that
dual-boot Windows and Linux,” one frustrated person wrote … ⌘ Read more
Górny: Gentoo: profiles and keywords rather than releases
Gentoo developer Michał Górny has written a lengthy blog\
post that explains how Gentoo approaches releases:
Gentoo is something of a hybrid, as it combines the best of both
worlds. It is a rolling release distribution with a single shared
repository that is available to all users. However, within this
repository we use a keywording system to provide a choice between
stab … ⌘ Read more
[$] Modernizing openSUSE installation with Agama
Linux installers receive a disproportionate amount of attention
compared to the amount of time that most users spend with them. Ideally,
a user spends only a few minutes using the installer, versus years using
the distribution after it is installed. Yet, the installer sets the
first impression, and if it fails to do its job, little else matters.
Installers also have to continually evolve to keep pace with new
hardware, changes in distribution packaging (such as image-based Linux
distrib … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by Debian (aom, cinder, dovecot, glance, and nova), Fedora (mysql8.0), Oracle (curl and libreoffice), SUSE (oniguruma, openssl-1_0_0, openssl1, and xen), and Ubuntu (cacti, curl, exfatprogs, firefox, and vim). ⌘ Read more
[$] Python subinterpreters and free-threading
At
PyCon 2024 in Pittsburgh,
Pennsylvania, Anthony Shaw looked at the various kinds of parallelism
available to Python programs. There have been two major developments on
the parallel-execution front over the last few years, with the effort to
provide subinterpreters, each with its own
global interpreter lock (GIL), along with the work to remove the GIL entirely. In the talk, he
explored t … ⌘ Read more
uv 0.3.0 released
Version 0.3.0 of the uv
Python package and project manager has been released. Introduced in
February, uv is written in Rust and aims to be “Cargo for
Python”. Notable changes in this release include the addition of
interfaces for managing projects, installing\
Python, [running scripts](https://docs.astral.sh … ⌘ Read more
[$] Per-call-site slab caches for heap-spraying protection
One tactic often used by attackers set on compromising a system is heap spraying; in
short, the attacker fills as much of the heap as possible with crafted data
in the hope of getting the target system to use that data in a bad way. If
heap spraying can be blocked, attackers will lose an important tool. The
kernel has some heap-spraying defenses now, including the dedicated bucket allocator merg … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (squid), Fedora (putty), Mageia (quictls), Oracle (bind, curl, python-setuptools, python3.11-setuptools, and python3.12-setuptools), Red Hat (kernel, kpatch-patch-4_18_0-305_120_1, kpatch-patch-4_18_0-372_87_1 and kpatch-patch-4_18_0-372_91_1, kpatch-patch-4_18_0-477_43_1, kpatch-patch-4_18_0-553, kpatch-patch-5_14_0-284_48_1 and kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-427_13_1, and libreoffice), *SUSE … ⌘ Read more
[$] FreeBSD considers Rust in the base system
The FreeBSD Project is, for the second
time this year, engaging in a long-running discussion about the
possibility of including Rust in its base\
system. The sequel to the first discussion included some work by
Alan Somers to show what it might look like to use Rust code in the
base tree. Support for Rust code does not appear much closer to being
included in FreeBSD’s base system, but the conversation h … ⌘ Read more
Seven new stable kernels
Today’s crop of new stable kernels consists of seven new versions: 6.10.6, 6.6.47, 6.1.106, 5.15.165, 5.10.224, 5.4.282, and 4.19.320. As usual, each contains important
fixes throughout the kernel tree. ⌘ Read more
Security updates for Monday
Security updates have been issued by Debian (python-asyncssh), Fedora (bind, bind-dyndb-ldap, httpd, and tor), SUSE (cosign, cpio, curl, expat, java-11-openjdk, ncurses, netty, netty-tcnative, opera, python-Django, python-Pillow, shadow, sudo, and wpa_supplicant), and Ubuntu (firefox). ⌘ Read more
Formatted Rust kernel documentation available
The Rust code being added to the kernel is documented using the usual rustdoc
conventions; that documentation is now available on kernel.org in
formatted form. There is also the linux-next version of\
the documentation for Rust code that will land in the kernel soon. ⌘ Read more
Kernel prepatch 6.11-rc4
The fourth 6.11 kernel prepatch is out for
testing. According to Linus:
But it all looks fairly normal. rc4 is bigger than either rc2 or
rc3 were, but not hugely so, and it’s actually a normal pattern,
where it takes a while before people find some issues. So nothing
feels all that odd. ⌘ Read more