LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
One quote from Douglas Adams has always stayed with me: "I lovedeadlines. I like the whooshing sound they make as they fly by".Weall lead busy lives and few ever see the bottom of our long to-do lists.One of the oldest items on my list, ironically, is to find a better systemto manage all my tasks.Can task-management systems make us more productivewhile, at the same time, reducing the stress caused by the sheer number ofoutstanding tasks?
This article, from guest author Martin Michlmayr, looks at todo.txt and Taskwarrior.
Version 4.0 of the GnuCash finance manager is out.Significant changesinclude a command-line tool for performing a number of functions outside ofthe graphical interface, explicit support for accounts payable and accountsreceivable, translation improvements, and more.
The idea of handling system calls differently depending on the origin of eachcall in the process's address space is not entirely new.OpenBSD, forexample, disallows system calls entirely ifthey are not made from the system's C library as a security-enhancingmechanism.At the end of May, Gabriel Krisman Bertazi proposeda similar mechanism for Linux, but the objective was not security atall; instead, he is working to make Windows games run better under Wine. That involves detecting and emulating Windows system calls; this can bedone through origin-based filtering, but that may not be the solution thatis merged in the end.
Security updates have been issued by Debian (libtasn1-6, libtirpc, mcabber, picocom, pngquant, trafficserver, and zziplib), Fedora (curl and xen), openSUSE (bluez, ceph, chromium, curl, grafana, grafana-piechart-panel,, graphviz, mariadb, and mercurial), Oracle (nghttp2), Red Hat (microcode_ctl), SUSE (mutt, python3-requests, and tomcat), and Ubuntu (glib-networking and mailman).
The LWN.net Weekly Edition for June 25, 2020 is available.
Inside this week's LWN.net Weekly Edition
The third 5.8 kernel prepatch is out fortesting."Well, we had a big merge window, and we have a fairly big rc3 heretoo. The calm period for rc2 is clearly over.That said, I don't think there's anything _particularly_ scary inhere, and the size of this rc is probably simply a direct result ofthe fact that 5.8 is a big release."
Last week, we introduced the privacyconcerns with using Google Analytics (GA) and presented two lightweightopen-source options: GoatCounter and Plausible. Those tools are usefulfor site owners who need relatively basic metrics. In this second article,we present several heavier-weight GA replacements for those who need moredetailed analytics. We also look at some tools that produce analytics databased on web-server-access logs, GoAccess, in particular.
Ricardo Ca?uelo Navarro describesthe challenges associated with fuzzing complex device drivers with Syzkaller — andsome solutions."V4L2, however, is only supported in the sense thatthe involved system calls (including the myriad V4L2 ioctls) and datastructures are described. This is already useful and, equipped with thosedescriptions, Syzkaller has been able to find many V4L2 bugs. But thefuzzing process contains a lot of randomness and, while that's a good thingin many cases when it comes to fuzzing, due to the complexity of the V4L2API, simply randomizing the system calls and its inputs may not be enoughto reach most of the code in some drivers, especially in drivers withcomplicated interfaces such as those based on the Request API, includingstateless drivers."
One of the responses to the COVID-19 pandemic consists of identifyingcontacts of infected people so they can be informed about the risk; that will allow themto search for medical care, if needed. This islaborious work if it is donemanually, so a number of applications have been developed to help withcontact tracing. But they are causing debates about their effectiveness andprivacy impacts. Many of the applications were released under open-sourcelicenses. Here, we look at theprinciples of these applications and the software frameworks used to build them;part two will look into some applications in more detail,along with the controversies (especially related to privacy) around these tools.
Security updates have been issued by Debian (alpine), Fedora (fwupd, microcode_ctl, mingw-libjpeg-turbo, mingw-sane-backends, suricata, and thunderbird), openSUSE (uftpd), Red Hat (nghttp2), SUSE (ceph, curl, mutt, squid, tigervnc, and unbound), and Ubuntu (linux kernel and nvidia-graphics-drivers-390, nvidia-graphics-drivers-440).
PHP is used extensively on the web. How new features, security fixes, and bug fixes make their way into a release is important to understand. Likewise, understanding what can be expected in community support for previous releases is even more important. Since PHP-based sites are typically exposed to the Internet, keeping up-to-date is not something a security-minded administrator can afford to ignore.
The Git source-code management system has for years been moving toward abandoning the Secure Hash Algorithm 1 (SHA-1) in favor of the more secure SHA-256 algorithm. Recently, the project moved a step closer to that goal with contributors implementing new Git protocol capabilities to enable the transition.
The Linux futex()system call is a bit of a strange beast.It is widely used to providelow-level synchronization support in user space, but there is no wrapperfor it in the GNU C Library.Its implementation was meant to be simple,but kernel developers have despaired at the complex beast that it hasbecome, and few dare to venture into that code.Recently, though, a neweffort has begun to rework futexes; it is limited to a new system-callinterface for now, but the plans go far beyond that.
The Perl project has announced theupcoming release of Perl 7.Unlike Perl 6, though, this is not aradical departure, yet at least: "Perl 7.0 is going to be v5.32 butwith different, saner, more modern defaults. You won’t have to enable mostof the things you are already doing because they are enabled for you. Themajor version jump sets the boundary between how we have been doing thingsand what we can do in the future."The plan is to have a Perl 7 release "within the nextyear".
ESPHome is a project that brings together two recent subjects at LWN: The open-source smart hub Home Assistant, and the EspressifESP8266 microcontroller. With this project, smart home devices can be created and integrated quickly — without needing to write a single line of code.
Security updates have been issued by CentOS (kernel, ntp, and unbound), Fedora (php-horde-horde and tcpreplay), openSUSE (chromium, java-1_8_0-openj9, mozilla-nspr, mozilla-nss, and opera), Oracle (gnutls, grafana, thunderbird, and unbound), Red Hat (candlepin and satellite, docker, microcode_ctl, openstack-keystone, openstack-manila and openstack-manila, and qemu-kvm-rhev), Scientific Linux (kernel and ntp), Slackware (ntp), SUSE (curl, libreoffice, libssh2_org, and php5), and Ubuntu (curl).
The LWN.net Weekly Edition for June 18, 2020 is available.
Inside this week's LWN.net Weekly Edition
The Linux Foundation's CoreInfrastructure Initiative (CII) and the Laboratory for Innovation Science atHarvard (LISH) have developed a surveyfor contributors to free and open-source software (FOSS) projects. The aim is "to identify how to improve security, including the sustainability of the FOSS ecosystem, especially the FOSS systems heavily relied upon by organizations worldwide."
Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linuxis a registered trademark of Linus Torvalds