LWN Headlines

[$] Rhashtables: under the hood

The first article in this series described the interface to the "rhashtable" resizable hash-table abstraction in Linux 4.15. While a knowledge of the interface can result in successful use of rhashtables, it often helps to understand what is going on "under the hood", particularly when those details leak out through the interface, as is occasionally the case with rhashtable. The centerpiece for understanding the implementation is knowing exactly how the table is resized. So this follow-on article will explain that operation; it will also present the configuration parameters that were skimmed over last time and discuss how they affect the implementation.

FFmpeg 4.0 released

Version 4.0 of the FFmpeg multimedia toolkit is out. There is a long list of new filters, formats, and more; see the announcement for details.

[$] Finding Spectre vulnerabilities with smatch

The furor over the Meltdown and Spectre vulnerabilities has calmed a bit — for now, at least — but that does not mean that developers have stopped worrying about them. Spectre variant 1 (the bounds-check bypass vulnerability) has been of particular concern because, while the kernel is thought to contain numerous vulnerable spots, nobody really knows how to find them all. As a result, the defenses that have been developed for variant 1 have only been deployed in a few places. Recently, though, Dan Carpenter has enhanced the smatch tool to enable it to find possibly vulnerable code in the kernel.

Security updates for Friday

Security updates have been issued by Debian (libreoffice and mysql-5.5), Fedora (corosync), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), and Ubuntu (openssl).

[$] Zero-copy TCP receive

In the performance-conscious world of high-speed networking, anything that can be done to avoid copying packet data is welcome. The MSG_ZEROCOPY feature added in 4.14 enables zero-copy transmission of data, but does not address the receive side of the equation. It now appears that the 4.18 kernel will include a zero-copy receive mechanism by Eric Dumazet to close that gap, at least for some relatively specialized applications.

Security updates for Thursday

Security updates have been issued by Debian (opencv and wireshark), Fedora (corosync and pcs), Oracle (firefox, kernel, libvncserver, and libvorbis), Slackware (gd), SUSE (kernel), and Ubuntu (apache2).

[$] Counting beans—and more—with Beancount

It is normally the grumpy editor's job to look at accounting software; he does so with an eye toward getting the business off of the proprietary Quickbooks application and moving to something free. It may be that Beancount deserves a look of that nature before too long but, in the meantime, a slightly less grumpy editor has been messing with this text-based accounting tool for a variety of much smaller projects. It is an interesting system, with a lot of capabilities, but its reliance on hand-rolling for various pieces may scare some folks off.

Pip 10.0 has been released

The release of pip 10.0 has been announced. Some highlights of this release include the removal of Python 2.6 support, limited PEP 518 support (with more to come), a new "pip config" command, and other improvements.

New PyPI launched

The new PyPI has been launched. Browser traffic and API calls (including "pip install") have been redirected from the old pypi.python.org to the new site. The old PyPI will shut down on April 30. LWN covered the new PyPI last week.

[$] PostgreSQL's fsync() surprise

Developers of database management systems are, by necessity, concerned about getting data safely to persistent storage. So when the PostgreSQL community found out that the way the kernel handles I/O errors could result in data being lost without any errors being reported to user space, a fair amount of unhappiness resulted. The problem, which is exacerbated by the way PostgreSQL performs buffered I/O, turns out not to be unique to Linux, and will not be easy to solve even there.

Security updates for Wednesday

Security updates have been issued by Debian (freeplane and jruby), Fedora (kernel and python-bleach), Gentoo (evince, gdk-pixbuf, and ncurses), openSUSE (kernel), Oracle (gcc, glibc, kernel, krb5, ntp, openssh, openssl, policycoreutils, qemu-kvm, and xdg-user-dirs), Red Hat (corosync, glusterfs, kernel, and kernel-rt), SUSE (openssl), and Ubuntu (openssl and perl).

Security updates for Tuesday

Security updates have been issued by Debian (corosync, linux-tools, qemu, qemu-kvm, and r-cran-readxl), openSUSE (evince, memcached, nodejs4, ntp, pdns-recursor, python-gunicorn, python3-gunicorn, and python3), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3).

Introducing Microsoft Azure Sphere

Microsoft has issued a press release describing the security dangers involved with the Internet of things ("a weaponized stove, baby monitors that spy, the contents of your refrigerator being held for ransom") and introducing "Microsoft Azure Sphere" as a combination of hardware and software to address the problem. "Unlike the RTOSes common to MCUs today, our defense-in-depth IoT OS offers multiple layers of security. It combines security innovations pioneered in Windows, a security monitor, and a custom Linux kernel to create a highly-secured software environment and a trustworthy platform for new IoT experiences."

postmarketOS Low-Level

Alpine Linux-based postmarketOS is touch-optimized and pre-configured for installation on smartphones and other mobile devices. The postmarketOS blog introduces postmarketOS-lowlevel which is a community project aimed at creating free bootloaders and cellular modem firmware, currently focused on MediaTek phones. "But before we get started, please keep in mind that these are moon shots. So while there is some little progress, it's mostly about letting fellow hackers know what we've tried and what we're up to, in the hopes of attracting more interested talent to our cause. After all, our philosophy is to keep the community informed and engaged during the development phase!"

Security updates for Monday

Security updates have been issued by Arch Linux (lib32-openssl and zsh), Debian (patch, perl, ruby-loofah, squirrelmail, tiff, and tiff3), Fedora (gnupg2), Gentoo (go), Mageia (firefox, flash-player-plugin, nxagent, puppet, python-paramiko, samba, and thunderbird), Red Hat (flash-plugin), Scientific Linux (python-paramiko), and Ubuntu (patch, perl, and ruby).

Apache Subversion 1.10.0 released

Version 1.10 of the Subversion version-control system is out. Improvements include a new interactive resolver for merge conflicts, better path-based authorization, LZ4 compression, and more; see the release notes for details.

[$] The second half of the 4.17 merge window

By the time the 4.17 merge window was closed and 4.17-rc1 was released, 11,769 non-merge changesets had been pulled into the mainline repository. 4.17 thus looks to be a typically busy development cycle, with a merge window only slightly more busy than 4.16 had. Some 6,000 of those changes were pulled after last week's summary was written. There was a lot of the usual maintenance work in those patches (over 10% of those changes were to device-tree files, for example), but also some more significant changes.