Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] DCC-EX: open-source model railroading
There's just something about trains—model trains in particular. At Everything Open 2023, Paul Antoine spoke about his experiences with the DCC-EX project, which has a variety model-railroad automation hardware designs and software tools, all of which are freely available. There is a long legacy of sharing within the model railroading hobby, which continues today in the form of free and open-source software for it.
[$] Mobian: bringing Debian to mobile devices
Mobian is a project that aims to bring the Debian distribution to mobile devices such as smartphones and tablets. By building on the flexibility, stability, and community-driven development of Debian, Mobian aspires to create a powerful and user-friendly alternative to existing mobile operating systems. The project is actively working on reducing the delta between Mobian and Debian, and its ultimate goal is to be absorbed back into its parent distribution and to make it easy to run Debian on mobile devices.
[$] User trace events, one year later
The kernel has a well-developed mechanism for the control of tracing of events in kernel space. Developers often want to be able to trace user-space activity as well, using the same interfaces, but that mode is rather less well supported. One year ago, an attempt to add an API for the control of user-space trace events ran into trouble and has never been fully enabled. Now, Beau Belgrave is back with a reworked API that may finally result in this mechanism becoming generally available.
[$] An operation for filesystem tucking
As a general rule, the purpose behind mounting a filesystem is to make that filesystem's contents visible to the system, or at least to the mount namespace where that mount occurs. For similar reasons, it is unusual to mount one filesystem on top of another, since that would cause the contents of the over-mounted filesystem to be hidden. There are exceptions to everything, though, and that extends to mounted filesystems; a "tucking" mechanism proposed by Christian Brauner is designed to hide mounted filesystems underneath other mounts — temporarily, at least.
[$] The trouble with MODULE_LICENSE() in non-modules
The kernel's hierarchical maintainer model works quite well from the standpoint of allowing thousands of developers to work together without (often) stepping on each others' toes. But that model can also make life painful for developers who are trying to make changes across numerous subsystems. Other possible source of pain include changes related to licensing or those where maintainers don't understand the purpose of the work. Nick Alcock has managed to hit all of those hazards together in his effort to perform what would seem like a common-sense cleanup of the kernel's annotations for loadable modules.
[$] LWN.net Weekly Edition for March 30, 2023
Posted Mar 30, 2023 1:04 UTC (Thu)The LWN.net Weekly Edition for March 30, 2023 is available.
Inside this week's LWN.net Weekly Edition
- Front: Chokepoint capitalism; OpenSUSE MicroOS Desktop; Shadow stacks; O_DIRECTORY|O_CREAT; Ubuntu drops flatpak; Free software during wartime.
- Briefs: Security pre-notification; SSH host certificates; GnuCash 5; Quote; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Rebecca Giblin on chokepoint capitalism
The fourth and final keynote for
Everything Open 2023 was given
by Professor Rebecca Giblin of the Melbourne Law School, University of
Melbourne. It revolved
around her recent book, Chokepoint Capitalism,
which she wrote with Cory Doctorow; it is "a book about why creative
labor markets are rigged — and how to unrig them
". Giblin had planned
to be in Melbourne to give her talk in person, but "the universe had other
plans"; she got delayed in Austin,
Texas by an unexpected speaking slot at the South by
Southwest (SXSW)
conference, so she gave her talk via videoconference from there—at
nearly midnight in Austin.
[$] OpenSUSE MicroOS Desktop: a Flatpak-based immutable distribution
Immutable Linux distributions are on the rise recently, with multiple popular distributions creating their own immutable versions; it could be one of the trends of 2023, as predicted. While many of these immutable distributions are focused on server use, there are also some that offer a desktop experience. OpenSUSE MicroOS Desktop is one of them, with a minimal openSUSE Tumbleweed as the base operating system and applications running as Flatpaks or in containers. In its daily use, it feels a lot like a normal openSUSE desktop. Its biggest benefit is availability of the newest software releases without sacrificing system stability.
[$] Ubuntu stops shipping Flatpak by default
Canonical recently announced that it will no longer ship Flatpak as part of its default installation for the various official Ubuntu flavors, which is in keeping with the practices of the core Ubuntu distribution. The Flatpak package format has gained popularity among Linux users for its convenience and ease of use. Canonical will focus exclusively on its own package-management system, Snap. The decision has caused disgruntlement among some community members, who felt like the distribution was making this decision without regard for its users.
[$] The curious case of O_DIRECTORY|O_CREAT
The open() system call offers a number of flags that modify its behavior; not all combinations of those flags make sense in a single call. It turns out, though, that the kernel has responded in a surprising way to the combination of O_CREAT and O_DIRECTORY for a long time. After a 2020 change made that response even more surprising, it seems likely that this behavior will soon be fixed, resulting in a rare user-visible semantic change to a core system call.
Survey results: the usage of money in Debian
The Debian project has reported on a survey of developers on the use of project funds to support development work.
There seems to be broad support for paying people who are already involved as Debian contributors, but very little support for hiring contractors, that is to say, those who are not already Debian contributors in some way. Members of the Security Team were by far the most supportive towards the idea of paying Debian contributors.
The full report is available for those wanting all the details and pie charts.
More stable kernels
The 5.15.106, 5.10.177, 5.4.240, 4.19.280, and 4.14.312 stable kernel updates have been released, each with another set of important fixes.
The 6.2.10 and 6.1.23 updates are also in the works, but have ended up going through additional rounds of review; they could be released almost any time.
Security updates for Wednesday
Security updates have been issued by Debian (ghostscript and openimageio), Fedora (kernel, rubygem-actioncable, rubygem-actionmailbox, rubygem-actionmailer, rubygem-actionpack, rubygem-actiontext, rubygem-actionview, rubygem-activejob, rubygem-activemodel, rubygem-activerecord, rubygem-activestorage, rubygem-activesupport, rubygem-rails, and rubygem-railties), Oracle (gnutls, httpd, kernel, nodejs:16, nodejs:18, pesign, postgresql:13, tigervnc, and tigervnc, xorg-x11-server), Red Hat (gnutls, httpd, httpd:2.4, kernel, kpatch-patch, pcs, pesign, postgresql:13, tigervnc, and tigervnc, xorg-x11-server), Scientific Linux (httpd and tigervnc, xorg-x11-server), SUSE (aws-efs-utils.11048, libheif, liblouis, openssl, python-cryptography, python-Werkzeug, skopeo, tomcat, and wireshark), and Ubuntu (imagemagick, ipmitool, and node-trim-newlines).
The 2023 Debian Project Leader election
The first call for votes for the 2023 Debian Project Leader election has gone out. The campaigning was easy to miss this year, for one simple reason: the current incumbent, Jonathan Carter, is running unopposed for another term. That suggests that turnout will be low this time but, as several developers have pointed out, there is still value in voting; it clarifies whether Carter still has the support of the project.
Security updates for Tuesday
Security updates have been issued by Fedora (openbgpd and seamonkey), Red Hat (httpd:2.4, kernel, kernel-rt, and pesign), SUSE (compat-openssl098, dpdk, drbd, ImageMagick, nextcloud, openssl, openssl-1_1, openssl-3, openssl1, oracleasm, pgadmin4, terraform-provider-helm, and yaml-cpp), and Ubuntu (haproxy, ldb, samba, and vim).
Security updates for Monday
Security updates have been issued by Debian (duktape, firmware-nonfree, intel-microcode, svgpp, and systemd), Fedora (amanda, dino, flatpak, golang, libldb, netconsd, samba, tigervnc, and vim), Red Hat (nodejs:14), Slackware (ruby and seamonkey), SUSE (drbd, flatpak, glibc, grub2, ImageMagick, kernel, runc, thunderbird, and xwayland), and Ubuntu (amanda).
Kernel prepatch 6.3-rc5
The 6.3-rc5 kernel prepatch is out for
testing. "This release continues to appear very normal and boring,
which is just how I like it. The commit count says that we've started
calming down right on schedule, and the diffstat looks normal too.
"
A quarter century of Mozilla
The Mozilla project celebrates 25 years of existence.
A lot has changed since 1998. Mozilla is no longer just a bold idea. We’re a family of organizations — a nonprofit, a public benefit-corporation, and others — that builds products, fuels movements, and invests in responsible tech.And we’re no longer a small group of engineers in Netscape’s Mountain View office. We’re technologists, researchers, and activists located around the globe — not to mention tens of thousands of volunteers.
But if a Mozillian from 1998 stepped into a Mozilla office (or joined a Mozilla video call) in 2023, I think they’d quickly feel something recognizable. A familiar spirit, and a familiar set of values.
Security updates for Friday
Security updates have been issued by Debian (joblib, json-smart, libmicrohttpd, and xrdp), Fedora (thunderbird and xorg-x11-server-Xwayland), Mageia (dino, perl-Cpanel-JSON-XS, perl-Net-Server, snort, tigervnc/x11-server, and xapian), SUSE (curl, kernel, openssl-1_0_0, and shim), and Ubuntu (glusterfs, linux-gcp-4.15, musl, and xcftools).
X.org vulnerability and releases
The X.Org project has announced a vulnerability in its X server and Xwayland (CVE-2023-1393).
This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.[...] If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
That has led to the release of xorg-server 21.1.8, xwayland 22.1.9, and xwayland 23.1.1.