User: Password:
Subscribe / Log in / New account

水溶少女 is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] Managing tasks with todo.txt and Taskwarrior
[Development] Posted Jun 26, 2020 14:40 UTC (Fri) by tbm

One quote from Douglas Adams has always stayed with me: "I lovedeadlines. I like the whooshing sound they make as they fly by".Weall lead busy lives and few ever see the bottom of our long to-do lists.One of the oldest items on my list, ironically, is to find a better systemto manage all my tasks.Can task-management systems make us more productivewhile, at the same time, reducing the stress caused by the sheer number ofoutstanding tasks?

This article, from guest author Martin Michlmayr, looks at todo.txt and Taskwarrior.

Full Story (comments: 4)

GnuCash 4.0 Released
[Development] Posted Jun 29, 2020 15:53 UTC (Mon) by corbet

Version 4.0 of the GnuCash finance manager is out.Significant changesinclude a command-line tool for performing a number of functions outside ofthe graphical interface, explicit support for accounts payable and accountsreceivable, translation improvements, and more.

Full Story (comments: none)

[$] Emulating Windows system calls in Linux
[Kernel] Posted Jun 25, 2020 16:36 UTC (Thu) by corbet

The idea of handling system calls differently depending on the origin of eachcall in the process's address space is not entirely new.OpenBSD, forexample, disallows system calls entirely ifthey are not made from the system's C library as a security-enhancingmechanism.At the end of May, Gabriel Krisman Bertazi proposeda similar mechanism for Linux, but the objective was not security atall; instead, he is working to make Windows games run better under Wine. That involves detecting and emulating Windows system calls; this can bedone through origin-based filtering, but that may not be the solution thatis merged in the end.

Full Story (comments: 15)

Security updates for Monday
[Security] Posted Jun 29, 2020 15:10 UTC (Mon) by ris

Security updates have been issued by Debian (libtasn1-6, libtirpc, mcabber, picocom, pngquant, trafficserver, and zziplib), Fedora (curl and xen), openSUSE (bluez, ceph, chromium, curl, grafana, grafana-piechart-panel,, graphviz, mariadb, and mercurial), Oracle (nghttp2), Red Hat (microcode_ctl), SUSE (mutt, python3-requests, and tomcat), and Ubuntu (glib-networking and mailman).

Full Story (comments: none)

[$] Weekly Edition for June 25, 2020
Posted Jun 25, 2020 1:04 UTC (Thu)

The Weekly Edition for June 25, 2020 is available.

Inside this week's Weekly Edition

  • Front: Git's SHA-256 protocol; Contact tracing; Futex API; ESPHome; PHP releases; More analytics packages.
  • Briefs: Krita 4.3; Perl 7; Plumbers virtual town hall; FOSS contributors survey; Quotes; ...
  • Announcements: Newsletters; conferences; security updates; kernel patches; ...
Read more

Kernel prepatch 5.8-rc3
[Kernel] Posted Jun 28, 2020 22:44 UTC (Sun) by corbet

The third 5.8 kernel prepatch is out fortesting."Well, we had a big merge window, and we have a fairly big rc3 heretoo. The calm period for rc2 is clearly over.That said, I don't think there's anything _particularly_ scary inhere, and the size of this rc is probably simply a direct result ofthe fact that 5.8 is a big release."

Comments (1 posted)

[$] More alternatives to Google Analytics
[Development] Posted Jun 24, 2020 20:17 UTC (Wed) by benhoyt

Last week, we introduced the privacyconcerns with using Google Analytics (GA) and presented two lightweightopen-source options: GoatCounter and Plausible. Those tools are usefulfor site owners who need relatively basic metrics. In this second article,we present several heavier-weight GA replacements for those who need moredetailed analytics. We also look at some tools that produce analytics databased on web-server-access logs, GoAccess, in particular.

Full Story (comments: 3)

Using syzkaller, part 4: Driver fuzzing
[Kernel] Posted Jun 26, 2020 15:10 UTC (Fri) by corbet

Ricardo Ca?uelo Navarro describesthe challenges associated with fuzzing complex device drivers with Syzkaller — andsome solutions."V4L2, however, is only supported in the sense thatthe involved system calls (including the myriad V4L2 ioctls) and datastructures are described. This is already useful and, equipped with thosedescriptions, Syzkaller has been able to find many V4L2 bugs. But thefuzzing process contains a lot of randomness and, while that's a good thingin many cases when it comes to fuzzing, due to the complexity of the V4L2API, simply randomizing the system calls and its inputs may not be enoughto reach most of the code in some drivers, especially in drivers withcomplicated interfaces such as those based on the Request API, includingstateless drivers."

Comments (2 posted)

[$] Open-source contact tracing, part 1
[Security] Posted Jun 24, 2020 18:12 UTC (Wed) by mrybczyn

One of the responses to the COVID-19 pandemic consists of identifyingcontacts of infected people so they can be informed about the risk; that will allow themto search for medical care, if needed. This islaborious work if it is donemanually, so a number of applications have been developed to help withcontact tracing. But they are causing debates about their effectiveness andprivacy impacts. Many of the applications were released under open-sourcelicenses. Here, we look at theprinciples of these applications and the software frameworks used to build them;part two will look into some applications in more detail,along with the controversies (especially related to privacy) around these tools.

Full Story (comments: 26)

Security updates for Friday
[Security] Posted Jun 26, 2020 13:14 UTC (Fri) by jake

Security updates have been issued by Debian (alpine), Fedora (fwupd, microcode_ctl, mingw-libjpeg-turbo, mingw-sane-backends, suricata, and thunderbird), openSUSE (uftpd), Red Hat (nghttp2), SUSE (ceph, curl, mutt, squid, tigervnc, and unbound), and Ubuntu (linux kernel and nvidia-graphics-drivers-390, nvidia-graphics-drivers-440).

Full Story (comments: none)

[$] PHP releases and support
[Development] Posted Jun 23, 2020 21:38 UTC (Tue) by coogle

PHP is used extensively on the web. How new features, security fixes, and bug fixes make their way into a release is important to understand. Likewise, understanding what can be expected in community support for previous releases is even more important. Since PHP-based sites are typically exposed to the Internet, keeping up-to-date is not something a security-minded administrator can afford to ignore.

Full Story (comments: 4)

Four new stable kernels
[Kernel] Posted Jun 25, 2020 18:06 UTC (Thu) by jake

Greg Kroah-Hartman has announced the release of the 5.7.6, 5.4.49,4.19.130, and 4.14.186 stable kernels.These all contain arather large number of fixes all over the kernel tree; users of thoseseries should upgrade.

Comments (none posted)

[$] Updating the Git protocol for SHA-256
[Development] Posted Jun 19, 2020 16:07 UTC (Fri) by coogle

The Git source-code management system has for years been moving toward abandoning the Secure Hash Algorithm 1 (SHA-1) in favor of the more secure SHA-256 algorithm. Recently, the project moved a step closer to that goal with contributors implementing new Git protocol capabilities to enable the transition.

Full Story (comments: 52)

Security updates for Thursday
[Security] Posted Jun 25, 2020 13:25 UTC (Thu) by jake

Security updates have been issued by Fedora (libexif, php-horde-horde, and tcpreplay), openSUSE (rubygem-bundler), Oracle (docker-cli docker-engine, kernel, and ntp), Slackware (curl and libjpeg), and Ubuntu (mutt).

Full Story (comments: none)

[$] Rethinking the futex API
[Kernel] Posted Jun 18, 2020 21:35 UTC (Thu) by corbet

The Linux futex()system call is a bit of a strange beast.It is widely used to providelow-level synchronization support in user space, but there is no wrapperfor it in the GNU C Library.Its implementation was meant to be simple,but kernel developers have despaired at the complex beast that it hasbecome, and few dare to venture into that code.Recently, though, a neweffort has begun to rework futexes; it is limited to a new system-callinterface for now, but the plans go far beyond that.

Full Story (comments: 44)

Perl 7 launches
[Development] Posted Jun 24, 2020 17:14 UTC (Wed) by corbet

The Perl project has announced theupcoming release of Perl 7.Unlike Perl 6, though, this is not aradical departure, yet at least: "Perl 7.0 is going to be v5.32 butwith different, saner, more modern defaults. You won’t have to enable mostof the things you are already doing because they are enabled for you. Themajor version jump sets the boundary between how we have been doing thingsand what we can do in the future."The plan is to have a Perl 7 release "within the nextyear".

Comments (47 posted)

[$] Simple IoT Devices using ESPHome
[Development] Posted Jun 18, 2020 15:21 UTC (Thu) by coogle

ESPHome is a project that brings together two recent subjects at LWN: The open-source smart hub Home Assistant, and the EspressifESP8266 microcontroller. With this project, smart home devices can be created and integrated quickly — without needing to write a single line of code.

Full Story (comments: none)

Security updates for Wednesday
[Security] Posted Jun 24, 2020 15:06 UTC (Wed) by ris

Security updates have been issued by CentOS (kernel, ntp, and unbound), Fedora (php-horde-horde and tcpreplay), openSUSE (chromium, java-1_8_0-openj9, mozilla-nspr, mozilla-nss, and opera), Oracle (gnutls, grafana, thunderbird, and unbound), Red Hat (candlepin and satellite, docker, microcode_ctl, openstack-keystone, openstack-manila and openstack-manila, and qemu-kvm-rhev), Scientific Linux (kernel and ntp), Slackware (ntp), SUSE (curl, libreoffice, libssh2_org, and php5), and Ubuntu (curl).

Full Story (comments: none) Weekly Edition for June 18, 2020
Posted Jun 18, 2020 1:26 UTC (Thu)

The Weekly Edition for June 18, 2020 is available.

Inside this week's Weekly Edition

  • Front: Loaded terms; 5.8 Merge window; Bpfilter; DMA; ESP8266 for IoT; English tools; Analytics alternatives.
  • Briefs: Linux 5.8-rc1; PsychOS; Syncthing; Quotes; ...
  • Announcements: Newsletters; conferences; security updates; kernel patches; ...
Read more

FOSS Contributor Survey
[Briefs] Posted Jun 23, 2020 15:23 UTC (Tue) by ris

The Linux Foundation's CoreInfrastructure Initiative (CII) and the Laboratory for Innovation Science atHarvard (LISH) have developed a surveyfor contributors to free and open-source software (FOSS) projects. The aim is "to identify how to improve security, including the sustainability of the FOSS ecosystem, especially the FOSS systems heavily relied upon by organizations worldwide."

Comments (21 posted)

--> More news items

Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linuxis a registered trademark of Linus Torvalds