[$] Enhancing FineIBT
At the Linux\
Security Summit Europe (LSS EU), Scott Constable and Sebastian
Österlund gave a talk on an enhancement to a control-flow integrity (CFI)
protection that was added to the kernel several years ago. The “ FineIBT: Fine-grain Control-flow\
Enforcement with Indirect Branch Tracking” mechanism was merged for
Linux 6.2 in early 2023 to harden the kernel against CFI attacks of various
sorts, but needed [ … ⌘ Read more
Ubuntu 25.10 released
Ubuntu\
25.10, “Questing Quokka”, has been released. This release includes
Linux 6.17, GNOME 49, GCC 15, Python 3.13.7,
Rust 1.85, and more. This release also features Rust-based
implementations of sudo and coreutils; LWN covered the switch to the
Rust-based tools in March. The 25.10 version of Ubuntu flavors
Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu
Kylin, Ubuntu MATE, Ubun … ⌘ Read more
[$] Upcoming Rust language features for kernel development
The
Rust for Linux project has been good for Rust, Tyler Mandry, one of the
co-leads of Rust’s language-design team, said. He
gave a talk at
Kangrejos 2025 covering upcoming Rust language features and thanking
the Rust for Linux developers for helping drive them forward. Afterward, Benno Lossin and Xiangfei Ding
went into more detail about their work on the three most important language
features for kernel development: … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by Fedora (apptainer, civetweb, mod_http2, openssl, pandoc, and pandoc-cli), Oracle (kernel), Red Hat (gstreamer1-plugins-bad-free, iputils, kernel, open-vm-tools, and podman), SUSE (cairo, firefox, ghostscript, gimp, gstreamer-plugins-rs, libxslt, logback, openssl-1_0_0, openssl-1_1, python-xmltodict, and rubygem-puma), and Ubuntu (gst-plugins-base1.0, linux-aws-6.8, linux-aws-fips, linux-azure, linux-azure-nvidia, linux-gke, linux-nvidia-tegra- … ⌘ Read more
(g+) Schon altes Eisen?: Ältere Hardware mit Linux Mint weiternutzen
Der von Microsoft erzwungene Umstieg auf Windows 11 sorgt dafür, dass an sich noch brauchbare Hardware nicht mehr nutzbar ist. Mit Linux Mint lassen sich entsprechende PCs aber bequem weiterverwenden. Eine Anleitung von Martin Loschwitz ( Linux Mint, Storage)  Frei-Staat: Open Source in bayerischen Kommunen
Bayern steht im Verdacht, lieber sein eigenes Ding zu machen, als mit nördlichen Bundesländern zu kooperieren. Drei Beispiele zeigen, wie es auch anders gehen kann. Von Markus Feilner ( Open Source, Linux)
Security updates for Friday
Security updates have been issued by AlmaLinux (idm:DL1), Debian (gegl and haproxy), Fedora (ffmpeg, firefox, freeipa, python-pip, rust-astral-tokio-tar, sqlite, uv, webkitgtk, and xen), Oracle (idm:DL1, ipa, kernel, perl-JSON-XS, and python3), Red Hat (git), SUSE (curl, frr, jupyter-jupyterlab, and libsuricata8_0_1), and Ubuntu (linux-aws, linux-lts-xenial, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-6.8, linux-fips, linux-gcp-fips, and l … ⌘ Read more
All good things come to an end, I guess.
I have an Epson printer (AcuLaser C1100) and an Epson scanner (Perfection V10), both of which I bought about 20 years ago. The hardware still works perfectly fine.
Until recently, Epson still provided Linux drivers for them. That is pretty cool! I noticed today that they have relaunched their driver website – and now I can’t find any Linux drivers for that hardware anymore. Just doesn’t list it (it does list some drivers for Windows 7, for example).
I mean, okay, we’re talking about 20 years here. That is a very long time, much more than I expected. But if it still works, why not keep using it?
Some years ago, I started archiving these drivers locally, because I anticipated that they might vanish at some point. So I can still use my hardware for now (even if I had to reinstall my PC for some reason). It might get hacky at some point in the future, though.
This once more underlines the importance of FOSS drivers for your hardware. I sadly didn’t pay attention to that 20 years ago.
Security updates for Thursday
Security updates have been issued by AlmaLinux (perl-JSON-XS), Debian (chromium and openssl), Fedora (bird, dnsdist, firefox, mapserver, ntpd-rs, python-nh3, rust-ammonia, skopeo, sqlite, thunderbird, and xen), Oracle (perl-JSON-XS), Red Hat (kernel, kernel-rt, and libvpx), SUSE (afterburn, cairo, docker-stable, firefox, nginx, python-Django, snpguest, and warewulf4), and Ubuntu (libmspack, libxslt, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linu … ⌘ Read more
Alpine Linux plans /usr merge
The Alpine Linux project has announced
plans to change its base filesystem hierarchy:
In the future,
/lib,/bin, and/sbin
will be symbolic links to their/usrcounterparts, and every package
shall be installed under the/usrpaths. For now,
/usr/binand/usr/sbinwill continue to be independent paths,
but that might change if the Filesystem Hierarchy Standard (FHS) gets
updated.
The merge will take place in the upcomi … ⌘ Read more
OpenSUSE Leap 16 released
The openSUSE\
Leap 16 release is now available.
This major version update of our fixed-release community-Linux
distribution has a fresh software stack and introduces an unmatched
maintenance- and security-support cycle, a new installer and
simplified migration options.
See our look at this release for more
information. ⌘ Read more
[$] Linting Rust code in the kernel
Klint is a Rust compiler extension
developed by Gary Guo to run some
kernel-specific lint rules, which may also be useful for embedded system
development. He spoke about his
recent work on the project at
Kangrejos 2025. The next day, Alejandra González
led a discussion about Rust’s normal linter,
Clippy. The two tools … ⌘ Read more
Bcachefs removed from the mainline kernel
After marking bcachefs “externally maintained” in 6.17, Linus Torvalds has
removed\
it entirely for 6.18. “It’s now a DKMS module, making the in-kernel
code stale, so remove it to avoid any version confusion.” ⌘ Read more
↳
In-reply-to
»
Task for this weekend:
⤋ Read More
@prologic@twtxt.net No, this is a Linux manpage from the man-pages project: https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man/man7/ascii.7
I do have an idea what’s going on. Could be an unfortunate interaction between the table preprocessor tbl and the man macro package. 🤔
↳
In-reply-to
»
@bender Really? 🤔
⤋ Read More
@zvava@twtxt.net Going to have to hard disagree here I’m sorry. a) no-one reads the raw/plain twtxt.txt files, the only time you do is to debug something, or have a stick beak at the comments which most clients will strip out and ignore and b) I’m sorry you’ve completely lost me! I’m old enough to pre-date before Linux became popular, so I’m not sure what UNIX principles you think are being broken or violated by having a Twt Subject (Subject) whose contents is a cryptographic content-addressable hash of the “thing”™ you’re replying to and forming a chain of other replies (a thread).
I’m sorry, but the simplest thing to do is to make the smallest number of changes to the Spec as possible and all agree on a “Magic Date” for which our clients use the modified function(s).
↳
In-reply-to
»
Next level poop: Can’t log in to reddit anymore with adblock enabled. It says invalid usename or password.
⤋ Read More
Hmm, not experiencing that. Using Zen (Firefox), under Linux, with uBlock Origin.
@mozilla@mozilla must have some telemetry or metrics or something to know how many #32bit firefox users are out there. I bet that, as a percentage, they aren’t more than a blip. Still, there has to be several thousand machines out there, running on 32bit hardware, connected to the internet, using #Firefox as its web browser.
And now Mozilla decided to hand those users over to #chromium, by stopping 32-bit support and telling them the alternative is to install a 64bit OS instead.
https://blog.mozilla.org/futurereleases/2025/09/05/firefox-32-bit-linux-support-to-end-in-2026/
What kind of client for linux do I need?
Is that really necessary? How hard is it to make a 32-bit build? 🤔 Honest question. https://blog.mozilla.org/futurereleases/2025/09/05/firefox-32-bit-linux-support-to-end-in-2026/
↳
In-reply-to
»
@lyse I'm looking for an OS that runs better than Windows (🤮) and through which I can do basic stuff like read RSS feeds and browse geminispace; but which I can also learn from.
⤋ Read More
@dce@hashnix.club Apart from the crap produced in Redmond two decades ago, I only ever used and still happily use Linux, mainly Debian and Ubuntu. I’ve no idea, but maybe something in there catches your eye: https://en.wikipedia.org/wiki/List_of_operating_systems (I know, what a silly recommendation.)
I have a late-2010s ThinkPad running OpenBSD, but it’s about as fast as a snail carrying heavy shopping through molasses. I’d like to run something other than Linux, for variety, but the other members of the BSD family failed for various reasons. What OS do you guys think I should try?
I’ve got a prototype of my hardcopy simulator going. I’m typing on the keyboard and the “display” goes to the printer:
https://movq.de/v/56feb53912/s.png
https://movq.de/v/235c1eabac/MVI_8810.MOV.mp4
The biiiiiiiiiig problem is that the print head and plastic cover make it impossible to see what’s currently being printed, because this is not a typewriter. This means: In order to see what I just entered, I have to feed the paper back and forth and back and forth … it’s not ideal.
I got that idea of moving back/forth from Drew DeVault, who – as it turned out – did something similar a few years back. (I tried hard to read as little as possible of his blog post, because figuring things out myself is more fun. But that could mean I missed a great idea here or there.)
But hey, at least this is running on my Pentium 133 on SuSE Linux 6.4, printer connected with a parallel cable. 😍
(Also, yes, you can see the printouts of earlier tests and, yes, I used ed(1) wrong at one point. 🤪 And ls insisted on using colors …)
I’m using #Filen (@filen@filen) for a while now and I’m very pleased with it!
«Affordable zero-knowledge end to end encrypted cloud storage made in Germany.» Works on #Linux, nice well thought features.
So I’m going to share a referral link because «For every friend you invite to Filen you receive 10 GB - and your friend also receives 10B. It’s that easy»:
I have been using #Filen (@filen@filen) for a while now and I’m very pleased with it!
«Affordable zero-knowledge end to end encrypted cloud storage made in Germany.» Works on #Linux, nice well thought features.
So I’m going to share a referral link because «For every friend you invite to Filen you receive 10 GB - and your friend also receives 10B. It’s that easy»:
↳
In-reply-to
»
@lyse @kat Colorized manpages have been a thing for a very long time:
⤋ Read More
(Just for fun, SuSE Linux 6.4 from ~25 years ago: https://movq.de/v/dc62d0256c/s.png )
In 1996, they came up with the X11 “SECURITY” extension:
https://www.reddit.com/r/linux/comments/4w548u/what_is_up_with_the_x11_security_extension/
This is what could have (eventually) solved the security issues that we’re currently seeing with X11. Those issues are cited as one of the reasons for switching to Wayland.
That extension never took off. The person on reddit wonders why – I think it’s simple: Containers and sandboxes weren’t a thing in 1996. It hardly mattered if X11 was “insecure”. If you could run an X11 client, you probably already had access to the machine and could just do all kinds of other nasty things.
Today, sandboxing is a thing. Today, this matters.
I’ve heard so many times that “X11 is beyond fixable, it’s hopeless.” I don’t believe that. I believe that these problems are solveable with X11 and some devs have said “yeah, we could have kept working on it”. It’s that people don’t want to do it:
Why not extend the X server?
Because for the first time we have a realistic chance of not having to do that.
https://wayland.freedesktop.org/faq.html
I’m not in a position to judge the devs. Maybe the X.Org code really is so bad that you want to run away, screaming in horror. I don’t know.
But all this was a choice. I don’t buy the argument that we never would have gotten rid of things like core fonts.
All the toolkits and programs had to be ported to Wayland. A huge, still unfinished effort. If that was an acceptable thing to do, then it would have been acceptable to make an “X12” that keeps all the good things about X11, remains compatible where feasible, eliminates the problems, and requires some clients to be adjusted. (You could have still made “X11X12” like “XWayland” for actual legacy programs.)
↳
In-reply-to
»
I was drafting support for showing “application icons” in my window manager, i.e. the Firefox icon in the titlebar:
⤋ Read More
@lyse@lyse.isobeef.org True, at least old versions of KDE had icons:
https://movq.de/v/0e4af6fea1/s.png
GNOME, on the other hand, didn’t, at least to my old screenshots from 2007:
https://www.uninformativ.de/desktop/2007%2D05%2D25%2D%2Dgnome2%2Dlaptop.png
I switched to Linux in 2007 and no window manager I used since then had icons, apparently. Crazy. An icon-less existence for 18 years. (But yeah, everything is keyboard-driven here as well and there are no buttons here, either.)
Anyway, my draft is making progress:
https://movq.de/v/5b7767f245/s.png
I do like this look. 😊
Only figured this out yesterday:
pinentry, which is used to safely enter a password on Linux, has several frontends. There’s a GTK one, a Qt one, even an ncurses one, and so on.
GnuPG also uses pinentry. And you can configure your frontend of choice here in gpg-agent.conf.
But what happens when you don’t configure it? What’s the default?
Turns out, pinentry is a shellscript wrapper and it’s not even that long. Here it is in full:
#!/bin/bash
# Run user-defined and site-defined pre-exec hooks.
[[ -r "${XDG_CONFIG_HOME:-$HOME/.config}"/pinentry/preexec ]] && \
. "${XDG_CONFIG_HOME:-$HOME/.config}"/pinentry/preexec
[[ -r /etc/pinentry/preexec ]] && . /etc/pinentry/preexec
# Guess preferred backend based on environment.
backends=(curses tty)
if [[ -n "$DISPLAY" || -n "$WAYLAND_DISPLAY" ]]; then
case "$XDG_CURRENT_DESKTOP" in
KDE|LXQT|LXQt)
backends=(qt qt5 gnome3 gtk curses tty)
;;
*)
backends=(gnome3 gtk qt qt5 curses tty)
;;
esac
fi
for backend in "${backends[@]}"
do
lddout=$(ldd "/usr/bin/pinentry-$backend" 2>/dev/null) || continue
[[ "$lddout" == *'not found'* ]] && continue
exec "/usr/bin/pinentry-$backend" "$@"
done
exit 1
Preexec, okay, then some auto-detection to use a toolkit matching your desktop environment …
… and then it invokes ldd? To find out if all the required libraries are installed for the auto-detected frontend?
Oof. I was sitting here wondering why it would use pinentry-gtk on one machine and pinentry-gnome3 on another, when both machines had the exact same configs. Yeah, but different libraries were installed. One machine was missing gcr, which is needed for pinentry-gnome3, so that machine (and that one alone) spawned pinentry-gtk …
↳
In-reply-to
»
HTTP referrers are quite broken, aren’t they?
⤋ Read More
@lyse@lyse.isobeef.org Hm, I don’t think so, the requested page was a Linux-specific post. 🤔 I sometimes wonder if privacy-oriented browsers might do this on purpose, to create garbage data? 🤔 No idea.
This is it, boys and girls! The year of the Linux Desktop is this! I can smell it! :-D
For the first time, Linux has officially broken the 5% desktop market share barrier in the United States of America! It’s a huge milestone for open-source and our fantastic Linux community.
PSA: setpriv on Linux supports Landlock.
If this twt goes through, then restricting the filesystem so that jenny can only write to ~/Mail/twt, ~/www/twtxt.txt, ~/.jenny-cache, and /tmp works.
Impossible Linux things in my to-do list:
- Fix erratically jumping mouse wheel scrolling on a Dell
- Make a “SysRq key” work so I can do “REISUB” or something, when my computer freezes
I must have spent days (multiples of 24 hours) trying to solve these things and maybe I should just give up.
I suppose that if I had a “Linux experienced” friend by my side these could be solved in minutes, maybe?
Try again. RR fixed for Linux core browser systems…
The Linux installation on my main PC turned 14 today:
$ head -n 1 /var/log/pacman.log
[2011-07-07 11:19] installed filesystem (2011.04-1)
↳
In-reply-to
»
I bought the “remastered” versions of Grim Fandango and Forsaken on GOG, because they’re super cheap at the moment. Both have native Linux versions.
⤋ Read More
@eldersnake@we.loveprivacy.club This wasn’t always the case, though. Quake3, Quake4, Unreal Tournament 99 and 2004 are examples of games that used to run very well as native Linux games. But that was 20+ years ago …
↳
In-reply-to
»
I bought the “remastered” versions of Grim Fandango and Forsaken on GOG, because they’re super cheap at the moment. Both have native Linux versions.
⤋ Read More
@movq@www.uninformativ.de reminds me how many Windows games using Proton (or WINE with similar patches) on Linux run better than some of the old native Linux binaries.
It looks like I missed a lot. My Pinephone is ideal for Gopher browsing because Firefox runs like a slug. Need more ARM Linux browsers.
↳
In-reply-to
»
I bought the “remastered” versions of Grim Fandango and Forsaken on GOG, because they’re super cheap at the moment. Both have native Linux versions.
⤋ Read More
In all fairness, GOG says that Forsaken is only supported on Ubuntu 16.04 – not current Arch Linux. If you ask me, this just goes to show that Linux is not a good platform for proprietary binary software.
Is it free software, do you have the source code? Then you’re good to go, things can be patched/updated (that can still be a lot of work). But proprietary binary blobs? Very bad idea.
I bought the “remastered” versions of Grim Fandango and Forsaken on GOG, because they’re super cheap at the moment. Both have native Linux versions.
And both these Linux version crap their pants. 🫤 The bundled SDL2 of Forsaken says it “can’t find a matching GLX visual” and I couldn’t figure out how to fix that. I didn’t spend a lot of time on Grim Fandango.
Both work great in Wine. 🤦
(I do have the original version of Grim Fandango from the 1990ies, but that one does not work so well in Wine. I figured, if it’s so cheap, why not. And I now get to play the english version. 😃 The german dub is pretty damn good, actually, but I always prefer the original these days.)
Speaking of Wine, Arch Linux completely fucked up Wine for me with the latest update.
- 16-bit support is gone.
- Performance of 3D games is horrible and unplayable.
Arch is shipping a WoW64 build now, which is not yet ready for prime time.
And then I realized that there’s actually only one stable Wine release per year but Arch has been shipping development releases all the time. That’s quite unusual. I’m used to Arch only shipping stable packages … huh.
Hopefully things will improve again. I’m not eager to build Wine from source. I’d rather ditch it and resort to my real Windows XP box for the little (retro)gaming that I do … 🫤
update on tux racer: ofc it doesn’t run on modern linux LMFAOOOOOOO i’m installing red hat in a VM right now
OpenBSD has the wonderful pledge() and unveil() syscalls:
https://www.youtube.com/watch?v=bXO6nelFt-E
Not only are they super useful (the program itself can drop privileges – like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.
Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:
unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);
Done. It’s now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.
I can’t wait for the day when we have something like this on Linux. There have been some attempts, but it’s not that easy. And it’s certainly not mainstream, yet.
I need to have a closer look at Linux’s Landlock soon (“soon”), but this is considerably more complicated than pledge()/unveil():
[$] Improving iov_iter
The iov_iter interface is used to
describe and iterate through buffers in the kernel. David Howells led a combined storage and
filesystem session at
the 2025 Linux Storage,
Filesystem, Memory Management, and BPF Summit (LSFMM+BPF) to discuss ways
to improve iov_iter. His topic\
proposal listed a few different ideas including replacing some
iov_iter types and possibly allowing mixed types in chains of … ⌘ Read more
[$] An end to uniprocessor configurations
The Linux kernel famously scales from the smallest of systems to massive
servers with thousands of CPUs. It was not always that way, though; the
initial version of the kernel could only manage a single processor. That
limitation was lifted, obviously, but single-processor machines have always
been treated specially in the scheduler. That longstanding situation may
soon come to an end, though, if this patch\
series from Ingo M … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (python-django), Fedora (krb5), Mageia (cockpit, golang, kernel, and kernel-linus), SUSE (augeas, go1.23, go1.24, iputils, libwebp, transfig, and xen), and Ubuntu (amd64-microcode, apport, linux-azure, linux-azure, linux-azure-4.15, linux-azure-fips, linux-raspi, systemd, and tomcat). ⌘ Read more
攻克 Linux 內核 Oops:手把手教你從崩潰到破案!
作爲一名長期深耕 Linux 內核開發的博主,在這條探索之路上,我遭遇過無數的挑戰,而 Linux 內核 Oops 問題,絕對是其中讓人最爲頭疼的難題之一。還記得那是一個爲某項目開發定製 Linux 內核模塊的緊張時期,我滿心期待地將新編寫的驅動程序模塊加載到內核中,本以爲一切會順利進行,結果屏幕上突然跳出一大串密密麻麻的 Oops 錯誤信息,系統也陷入了不穩定的狀態。那一刻,我的心瞬間懸了起來, ⌘ Read more
FreeBSD laptop support update
The FreeBSD Foundation
has announced
a report
for work completed in April to improve FreeBSD support for
laptops. This includes installer updates, improved suspend/resume
behavior, as well as progress on [a\
port of Linux 6.7 and 6.8 graphics drivers](https://github.com/FreeBSDFoundation/pro … ⌘ Read more
Linux 內核內存管理:核心技術與優化策略
在 Linux 系統中,內存管理堪稱內核的核心功能之一,其運作機制複雜且精妙。Linux 採用虛擬內存技術,爲進程構建獨立的地址空間,借內存管理單元(MMU)將虛擬地址精準映射至物理地址,既保障進程間內存隔離,又防止相互干擾。物理內存管理上,Linux 以分頁機制爲基,將內存切爲固定大小頁(常見 4KB) ,由夥伴系統算法主導分配與回收。通過合併、分割內存頁,夥伴系統有效減少內存碎片,提升內存利用 ⌘ Read more
Anzeige: Zentrale Benutzerverwaltung mit Keycloak sicher umsetzen
Zugriffssteuerung, Authentifizierung und zentrale Benutzerverwaltung - ein Online-Workshop zeigt, wie sich Keycloak gezielt in bestehende IT-Strukturen integrieren lässt. ( Golem Karrierewelt, Linux)
↳
In-reply-to
»
I had a lot of fun with my modems these past few days:
⤋ Read More
SuSE Linux 6.4 and Arachne on DOS also work (with Windows 2000 as a call target):
[$] Nyxt: the Emacs-like web browser
Nyxt is an unusual web
browser that tries to answer the question, “what if Emacs was a
good web browser?”. Nyxt is not an Emacs package, but a full
web browser written in Common Lisp and available under the BSD
three-clause license. Its target audience is developers who want a
browser that is keyboard-driven and extensible; Nyxt is also developed
for Linux first, rather than Linux being an afterthought or just a
sliver of its audience. The philosophy (as described … ⌘ Read more
[$] Zero-copy for FUSE
In a combined storage and filesystem session at the 2025 Linux Storage,
Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Keith Busch led
a discussion about zero-copy operations for the Filesystem\
in Userspace (FUSE) subsystem. The session was proposed
by his colleague, David Wei, who could not make it to the summit, so Busch
filled in, though he noted that “I do … ⌘ Read more
[$] Open source and the Cyber Resilience Act
The European Union’s
Cyber Resilience Act (CRA) has caused a stir in the
software-development world. Thanks to advocacy by the Eclipse Foundation, Open
Source Initiative, Linux Foundation, Mozilla, and others, open-source software
projects generally have minimal requirements under the CRA
— but nothing to do with law is ever quite
so simple. Marta Rybczyńska spoke at Linaro Connect 2025 about the impact of the
CRA on the open-source eco … ⌘ Read more
Aus dem Verlag: Golem-Plus-Leser erhalten Rabatt auf digitales Linux-Magazin
Golem-Plus-Leser können 33 Prozent auf ein Linux-Magazin-Jahresabo sparen - für zwölf Ausgaben und Vollzugriff auf ein Archiv für tiefes Open-Source-Wissen. ( Aus dem Verlag, Open Source)
[$] LWN.net Weekly Edition for June 5, 2025
Inside this week’s LWN.net Weekly Edition:
Front: OpenH264 in Fedora; Wallabag; Safety certification; 6.16 Merge window; Bounce buffering; Hardening repository problems; Device-initiated I/O; Faster networking; OSPM 2025; Free software in science.
Briefs: Kea vulnerabilities; Alpine Linux 3.22.0; Fedora strategy; Quotes; …
Announcements: Newsletters, conferences, securi … ⌘ Read more
[$] Device-initiated I/O
Peer-to-peer DMA (P2PDMA) has been part of
the kernel since the 4.20 release in 2018;
it provides a framework that allows devices to transfer data between themselves
directly, without using system RAM for the transfer. At the 2025 Linux
Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Stephen
Bates led a combined storage, filesystems, and memory-management session on
device-initiated I/O, which is perhaps what P2PDMA is … ⌘ Read more
Anzeige: LPIC-1-Zertifizierung - fünf Tage intensive Vorbereitung
Das LPIC-1-Zertifikat gilt international als Nachweis fundierter Linux-Kompetenz. Ein fünftägiger Onlinekurs bereitet gezielt auf die Prüfungen LPI 101 und 102 vor - praxisnah und prüfungsorientiert. ( Golem Karrierewelt, Server-Applikationen) 
Per Coredump: Angreifer können unter Linux Passwort-Hashes abgreifen
Mehrere Versionen von Ubuntu, Fedora und RHEL sind angreifbar. Böswillige Akteure können Anwendungen crashen und vertrauliche Daten erbeuten. ( Sicherheitslücke, Ubuntu)
Alpine Linux 3.22.0 released
Version\
3.22.0 of the Alpine Linux distribution has been released. Notable
changes in this release include the removal of the X11 session for KDE
Plasma, a switch to systemd-efistub, and experimental support
for user\
services with the OpenRC
init system. See the [release\
notes](https://wiki.alpinelinux.org/wiki/Rele … ⌘ Read more
[$] Reports from OSPM 2025, day three
The seventh edition of the Power Management and Scheduling\
in the Linux Kernel Summit (known as “OSPM”) took place on March 18-20,
2025. Topics discussed on the third (and final) day include proxy
execution, energy-aware scheduling, the deadline scheduler, and an
evaluation of the kernel’s EEVDF scheduler. ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, firefox, ghostscript, gstreamer1-plugins-bad-free, libsoup3, mingw-freetype, perl, ruby, sqlite, thunderbird, unbound, valkey, and xz), Debian (chromium, firefox-esr, libavif, linux-6.1, modsecurity-apache, mydumper, systemd, and thunderbird), Fedora (coreutils, dnsdist, docker-buildx, maturin, mingw-python-flask, mingw-python-flit-core, ruff, rust-hashlink, rust-rusqlite, and thunderbird), Red Hat (pcs), SUSE (augeas, … ⌘ Read more
[$] Glibc project revisits infrastructure security
The GNU C Library
(glibc) is the core C library for most Linux distributions, so it is a
crucial part of the open-source ecosystem—and an attractive
target for any attackers looking to carry out supply-chain
attacks. With that being the case, securing the project’s
infrastructure using industry best practices and improving the
security of its development practices are a frequent topic among glibc
developers. A recent discussion suggests that improveme … ⌘ Read more
[$] Allowing BPF programs more access to the network
Mahé Tardy led two sessions about some of the challenges that he, Kornilios Kourtis,
and John Fastabend have run into in their work on
Tetragon (Apache-licensed BPF-based security monitoring software)
at the Linux Storage, Filesystem, Memory Management, and BPF Summit. The session
prompted discussion about the feasibility of letting BPF programs
send data over the network, as well as potential new kfuncs to let BPF firewalls
send TCP reset packets. Tardy pre … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (gstreamer1-plugins-bad-free and kernel), Arch Linux (bind and varnish), Debian (glibc and syslog-ng), Fedora (microcode_ctl, mozilla-ublock-origin, nodejs20, and nodejs22), Mageia (firefox, nss, rootcerts, open-vm-tools, sqlite3, and thunderbird), Oracle (gstreamer1-plugins-bad-free, kernel, libsoup, nodejs:22, php, php:8.2, php:8.3, python-tornado, redis, and redis:7), Red Hat (libsoup, pcs, and python-tornado), Slackware … ⌘ Read more
Klinge FPGA Computer Targets Secure, Headless Linux Deployments
Klinge is a compact FPGA-based headless computer designed by Lone Dynamics Corporation. It targets secure networking and long-term Linux applications, and can be used as a blade server in modular enclosures or standalone setups. Klinge uses the Lattice ECP5 FPGA (LFE5U-25F), offering 24K LUTs when compiled with open-source tools. The board includes 512MB of DDR3L […] ⌘ Read more
AlmaLinux OS 10.0 released
Version\
10 of the AlmaLinux OS distribution has been released.
The goal of AlmaLinux OS is to support our community, and AlmaLinux
OS 10 is the best example of that yet. With an unwavering eye on
maintaining compatibility with Red Hat Enterprise Linux (RHEL), we
have made small improvements to AlmaLinux OS 10 that target
specific sections of our userbase.
See [the\ release notes](https://wiki.almalinux.org/release-notes/10.0.h … ⌘ Read more
[$] Verifying the BPF verifier’s path-exploration logic
Srinivas Narayana led a remote session about extending
Agni to prove the correctness of
the BPF verifier’s handling of different execution paths as part of the Linux Storage,
Filesystem, Memory Management, and BPF Summit. The problem of ensuring the
correctness of path exploration
is much more difficult than the problem of
ensuring the co … ⌘ Read more
gamado à @aperture@aperture porque há meses/anos que quero escrever um texto sobre esta postura, e esta imagem explica tão bem o problema
(fonte)
The 6.15 kernel has been released
Linus has released the 6.15 kernel, as
expected.
So this was delayed by a couple of hours because of a last-minute
bug report resulting in one new feature being disabled at the
eleventh hour, but 6.15 is out there now.
Significant changes in 6.15 include smarter timer-ID assignment to make
checkpoint/restore operations more reliable, the [ability](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/comm … ⌘ Read more
Hardkernel Introduces Low-Cost Amlogic S905X5M SBC with 4K@60Hz HDMI Output
The ODROID-C5 is a compact single-board computer designed for developers and hobbyists working with Linux or Android platforms. It features improved performance, reduced power consumption, and enhanced memory and storage interfaces over its predecessor, the ODROID-C4. The board is powered by the Amlogic S905X5M processor, which combines a quad-core Arm Cortex-A55 CPU running at 2.5GHz […] ⌘ Read more
[$] Reports from OSPM 2025, day two
The seventh edition of the Power Management and Scheduling\
in the Linux Kernel Summit (known as “OSPM”) took place on March 18-20,
2025. Topics discussed on the second day include improvements to device
suspend and resume, the status and future of sched_ext, the scx_lavd
scheduler, improving the efficiency of load balancing, and hierarchical
constant bandwidth server scheduling. ⌘ Read more
[$] Formally verifying the BPF verifier
The BPF verifier is an increasingly complex and security-critical piece of code.
When the kinds of people who are apt to work on BPF see a situation like that,
they naturally question whether it’s possible to use formal verification to
ensure that the implementation of the code in question is correct. Santosh
Nagarakatte led the first of two extra-long sessions in the BPF track
of the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit
about his team’s work formally verifying the … ⌘ Read more
Security updates for Friday
Security updates have been issued by Fedora (dotnet9.0, dropbear, ghostscript, nbdkit, openssh, python-watchfiles, rpm-ostree, yelp, yelp-xsl, and zsync), Oracle (firefox and kernel), Red Hat (osbuild-composer), Slackware (aaa_glibc and mozilla), SUSE (chromedriver, open-vm-tools, postgresql14, python-cryptography, and thunderbird), and Ubuntu (linux-aws, linux-hwe-5.4, python, and sqlite3). ⌘ Read more
Home Assistant deprecates the “core” and “supervised” installation modes
Our recent article on Home Assistant
observed that the project emphasizes installations using its own Linux
distribution or within containers. The project has now made that emphasis
rather stronger with this\
announcement of the deprecation of the “core” and “supervised”
installation modes, which allowed H … ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and webkit2gtk3), Fedora (mozilla-ublock-origin and sudo-rs), Oracle (.NET 8.0, compat-openssl10, grafana, osbuild-composer, redis:6, ruby:2.5, and webkit2gtk3), SUSE (dante, firefox-esr, gnuplot, govulncheck-vulndb, grype, postgresql13, postgresql14, postgresql15, postgresql16, postgresql17, python-tornado6, python314, thunderbird, ucode-intel, and xen), and Ubuntu (bind9, libfcgi-perl, linux-ibm-5.4, linux-oracle-5.4 … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (.NET 8.0, avahi, buildah, compat-openssl10, compat-openssl11, expat, firefox, gimp, git, grafana, libsoup, libxslt, mod_auth_openidc, nginx, nodejs:22, osbuild-composer, php, redis, redis:7, skopeo, thunderbird, vim, webkit2gtk3, xterm, and yelp), Arch Linux (dropbear, freetype2, go, nodejs, nodejs-lts-iron, nodejs-lts-jod, python-django, webkit2gtk, webkit2gtk-4.1, webkitgtk-6.0, and wpewebkit), Debian (mongo-c-driver), Fedora (openssh, … ⌘ Read more
SiFive and Red Hat Collaborate to Bring RHEL 10 to RISC-V Development
SiFive has announced a new collaboration with Red Hat to deliver a developer preview of Red Hat Enterprise Linux 10 for the RISC-V architecture. The initial support is available on the SiFive HiFive Premier P550 development platform, giving developers a path to build and test enterprise and cloud workloads on RISC-V hardware. The HiFive Premier […] ⌘ Read more
[$] An update on continuous testing of BPF kernel patches
Ihor Solodrai has been working on the BPF subsystem’s continuous-integration
(CI) testing for the last six months. At the 2025 Linux Storage, Filesystem,
Memory-Management, and BPF Summit, he remotely shared
an update on his work, and solicited feedback on how the tests could be further
improved. Much of the work he’s done has been specific to the BPF subsystem, but
some is more generic and could potentially be of use to other subsystems. He
also shared some general lessons le … ⌘ Read more
Red Hat Enterprise Linux 10 released
Red Hat has announced
the release of Red Hat Enterprise Linux (RHEL) 10. A blog post
accompanying the release provides details on some of the more notable
features, such as encrypted DNS, a developer preview of RHEL 10
for RISC-V,
and image\
mode for RHEL using [bootc](https://lwn.net/A … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (firefox-esr, openjdk-11, openjdk-17, and wireless-regdb), Fedora (iputils, open-vm-tools, sfnt2woff-zopfli, and woff), Red Hat (postgresql:12), SUSE (apache2-mod_auth_openidc, brltty, helm, python-maturin, and rubygem-rack), and Ubuntu (linux-azure-fips). ⌘ Read more
Android is a brunch of linux. You only need to install a terminal app. But the termux app on Google Apps will not run on old android. Perhaps connectbot (ssh client) will run.
[$] Reports from OSPM 2025, day one
The seventh edition of the Power Management and Scheduling\
in the Linux Kernel (known as “OSPM”) Summit took place on March 18-20,
2025. It was organized by Juri Lelli, Frauke Jäger, Tommaso Cucinotta, and
Lorenzo Pieralisi, and was hosted by Linutronix at Alte Fabrik,
Uhldingen-Mühlhofen, Germany. The event was sponsored by Linutronix, Arm,
and the Scuola Superiore Sant’Anna in Pisa. ⌘ Read more
斬獲 4-1K star,再見 tcpdump!Kyanos 這款開源神器讓網絡分析快如閃電!
Kyanos 是一款基於革命性 eBPF 技術打造的開源網絡分析工具,專爲解決現代分佈式系統中的網絡疑難雜症而生。它能像 X 光機般透視 Linux 內核的網絡活動,精準定位 HTTP、Redis、MySQL 等協議的性能瓶頸,讓 “服務爲什麼變慢” 這類世紀難題迎刃而解。與傳統抓包工具相比,Kyanos 具備三大殺手鐧:零配置開箱即用:單個二進制文件搞定所有監控需求 內核級透視能力:從 ⌘ Read more
Go 語言中字符串四種拼接方式的性能對比,哪個更勝一籌?
在 Go 語言開發中,字符串拼接是最常見的操作之一。不同的拼接方式在性能上可能有數量級的差異,特別是在高頻調用或大數據量處理的場景下。本文將使用標準基準測試,全面對比四種主流字符串拼接方式的性能表現。測試環境與方法測試環境Go 版本:1.20+ 操作系統:macOS/Windows/Linux CPU:8 核 測試方法我們創建了一個完整的基準測試文件echobenchtest.g ⌘ Read more
Go 語言中字符串四種拼接方式的性能對比,哪個更勝一籌?
在 Go 語言開發中,字符串拼接是最常見的操作之一。不同的拼接方式在性能上可能有數量級的差異,特別是在高頻調用或大數據量處理的場景下。本文將使用標準基準測試,全面對比四種主流字符串拼接方式的性能表現。測試環境與方法測試環境Go 版本:1.20+ 操作系統:macOS/Windows/Linux CPU:8 核 測試方法我們創建了一個完整的基準測試文件echobenchtest.g ⌘ Read more
↳
In-reply-to
»
@lyse Nope, this is some random photo. 😅
⤋ Read More
@movq@www.uninformativ.de you need to get a gold chain and hang this little penguin on it, so that nobody can doubt your Linux user status.
Hello from my SCHI535, a Samsung Galaxy S3 running Android Kitkat. I want to put Linux on this thing.
An Asahi Linux 6.15 progress report
The Asahi Linux
project, which supports Linux on Apple Silicon Macs, has published a
progress report ahead of the 6.15 kernel’s release.
We are pleased to announce that our graphics driver userspace API
(uAPI) has been merged into the Linux kernel. This major milestone
allows us to finally enable OpenGL, OpenCL and Vulkan support for
Apple Silicon in upstream Mesa. This is the only time a graphics
driver’s uAPI has been merged into the kernel independent … ⌘ Read more
[$] A new DMA-mapping API
Leon Romanovsky began his session at the 2025 Linux Storage, Filesystem,
Memory Management, and BPF Summit (LSFMM+BPF) by explaining that the improved DMA-mapping API that he has been
working on is a group effort. He, Chaitanya Kulkarni, Christoph Hellwig,
Jason Gunthorpe, and others are proposing to modernize the API and to
“make it more suitable for current kernels”. He told the assembled
storage and filesystem developers that the progress on the proposal has
stalled, but that it was the basis for further … ⌘ Read more
Oniux: kernel-level Tor isolation for Linux applications
The Tor project has announced
the oniux utility which provides Tor network isolation, using Linux
namespaces, for third-party applications.
Namespaces are a powerful feature that gives us the ability to
isolate Tor network access of an arbitrary application. We put each
application in a network namespace that doesn’t provide access … ⌘ Read more
[$] The future of Flatpak
At the Linux Application\
Summit (LAS) in April, Sebastian Wick said that, by many metrics, Flatpak is doing great. The Flatpak
application-packaging format is popular with upstream developers, and
with many users. More and more applications are being published in the
Flathub application store, and the
format is even being adopted by Linux distributions like
Fedora. However, he worried that work on the Flatpak project itself
had s … ⌘ Read more
OH MY FUCKING GOD I’M GOING TO CRY I NEED BIG TUX SO BAD https://www.steiner-plueschshop.de/kuscheltiere/arktis-seetiere/pinguin-linux/
Security updates for Wednesday
Security updates have been issued by AlmaLinux (emacs, firefox, gnutls, java-17-openjdk, java-21-openjdk, osbuild-composer, python39:3.9, and thunderbird), Arch Linux (screen), Debian (varnish), Fedora (chromium), Gentoo (Atop, FreeType, and Spidermonkey), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk and postgresql15, postgresql13), Oracle (389-ds-base, emacs, firefox, kernel, libsoup, libtiff, mod_auth_openidc:2.3, nodejs:20, nodejs:22, … ⌘ Read more
[$] A look at what’s possible with BPF arenas
BPF arenas are areas of memory where the verifier can safely relax its checking of
pointers, allowing programmers to write arbitrary data structures in BPF. Emil
Tsalapatis reported on how his team has used arenas in writing
sched_ext schedulers at the 2025 Linux Storage, Filesystem,
Memory-Management, and BPF Summit. His biggest complaint was about the fact that
kernel pointers can’t be stored in BPF arenas — someth … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (libeconf and rubygems), Fedora (libxmp), Gentoo (glibc), Oracle (java-1.8.0-openjdk, kernel, libxslt, and virtuoso-opensource), SUSE (augeas, git-lfs, kanidm, and tomcat10), and Ubuntu (linux-lts-xenial). ⌘ Read more
Multiple security issues in Screen
The SUSE Security Team has published
an article detailing several security\
issues it has uncovered with GNU Screen. This includes
a local root exploit when Screen is shipped setuid-root, as it is in
some Linux and BSD distributions. The security team also reports [problems\
in coordinating disclosure … ⌘ Read more
VPS troubles and the weekend
This weekend I went to the cottage with P on Friday. I hoped I would
have a nice weekend reading in front of the wood stove, but I had also
planned to spend at least a few hours trying to configure Maddy as the
new mail server for hack.org et al.
Then the web server I moved to the new VPS died. Again. I connected to
the VNC console and, like before, the Linux kernel couldn’t find its
root disk. A simple:
# mount /dev/vda2 /sysroot; exit
in the emergency shell solved thi … ⌘ Read more