Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] Building secure images with NixOS
Image-based Linux distributions have seen increasing popularity, recently. They promise reliability and security, but pose packaging problems for existing distributions. Ryan Lahfa and Niklas Sturm spoke about the work that NixOS has done to enable an image-based workflow at this year's All Systems Go! conference in Berlin. Unfortunately, LWN was not able to cover the conference for scheduling reasons, but the videos of the event are available for anyone interested in watching the talks. Lahfa and Sturm explained that it is currently possible to create a NixOS system that cryptographically verifies the kernel, initrd, and Nix store on boot — although doing so still has some rough edges. Making an image-based NixOS installation is similarly possible.
[$] Safety in an unsafe world
Joshua Liebow-Feeser took to the stage at RustConf to describe the methodology that his team uses to encode arbitrary constraints in the Rust type system when working on the Fuchsia operating system (slides). The technique is not unknown to the Rust community, but Liebow-Feeser did a good job of both explaining the method and making a case for why it should be used more widely.
[$] The OpenWrt One system
OpenWrt is, despite its relatively low profile, one of our community's most important distributions; it runs untold numbers of network routers and has served as the base on which a lot of network-oriented development (including the bufferbloat-reduction work) has been done. At the beginning of 2024, a few members of the project announced a plan to design and produce a router device specifically designed to run OpenWrt. This device, dubbed the "OpenWrt One", is now becoming available; the kind folks at the Software Freedom Conservancy were kind enough to ship one to LWN, where the desire to play with a new toy is never lacking.
[$] OSI board AMA at All Things Open
Members of the Open Source Initiative (OSI) board sat down for a 45-minute "Ask Me Anything" (AMA) session at All Things Open in Raleigh, NC on October 29. Though the floor was open to any topic the audience might want to ask of the OSI board, many of the questions were focused on the Open Source AI Definition (OSAID), which was announced the day before. The new definition has been somewhat controversial, and the board spent a lot of time addressing concerns about it during the session, as well as questions on open washing, and a need for more education about open source in general.
[$] The Overture open-mapping project
OpenStreetMap tends to dominate the space for open mapping data, but it is not the only project working in this area. At the 2024 Open Source Summit Japan, Marc Prioleau presented the Overture Maps Foundation, which is building and distributing a set of worldwide maps under open licenses. Overture may have a similar goal to OpenStreetMap, but its approach and intended uses are significantly different.
[$] LWN.net Weekly Edition for October 31, 2024
Posted Oct 31, 2024 0:42 UTC (Thu)The LWN.net Weekly Edition for October 31, 2024 is available.
Inside this week's LWN.net Weekly Edition
- Front: Open AI definition; M1/M2 GPU drivers; Rust compiler; realloc(0); BOLT; AutoFDO and Propeller; Test-suite validation.
- Briefs: CUPS vulnerability; Fedora 41; Firefox 132.0; Flock; OSAID 1.0; Thunderbird for Android; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] An update on Apple M1/M2 GPU drivers
The kernel graphics driver for the Apple M1 and M2 GPUs is, rather famously, written in Rust, but it has achieved conformance with various graphics standards, which is also noteworthy. At the X.Org Developers Conference (XDC) 2024, Alyssa Rosenzweig gave an update on the status of the driver, along with some news about the kinds of games it can support (YouTube video, slides). There has been lots of progress since her talk at XDC last year (YouTube video), with, of course, still more to come.
[$] A new approach to validating test suites
The first program that Martin Pool ever wrote, he said, had bugs; the ones he's writing now most likely have bugs too. The talk Pool gave at RustConf this year was about a way to try to write programs with fewer bugs. He has developed a tool called cargo-mutants that highlights gaps in test coverage by identifying functions that can be broken without causing any tests to fail. This can be a valuable complement to other testing techniques, he explained.
[$] The performance of the Rust compiler
Sparrow Li presented virtually at RustConf 2024 about the current state of and future plans for the Rust compiler's performance. The compiler is relatively slow to compile large programs, although it has been getting better over time. The next big performance improvement to come will be parallelizing the compiler's parsing, type-checking, and related operations, but even after that, the project has several avenues left to explore.
[$] AutoFDO and Propeller
Rong Xu and Han Shen described the kernel-optimization techniques that Google uses in the toolchains track at the 2024 Linux Plumbers Conference. They talked about automatic feedback-directed optimization (AutoFDO), which can be used with the Propeller optimizer to produce kernels with better performance using profile information gathered from real workloads. There is a fair amount of overlap between these tools and the BOLT post-link optimizer, which was the subject of a talk that directly preceded this session.
Funding restored for man-page maintenance
Man pages maintainer Alejandro Colomar announced in September that he was suspending his work due to a lack of support. He has now let it be known that funding has been found for the next year at least:
We've been talking for a couple of months, and we have already agreed to sign a contract through the LF [Linux Foundation], where a number of companies provide the funds for the contract. The contract will cover the next 12 months for the agreed amount, and we should sign it in the following days. Since I've already seen a draft of the contract, and it looks good, I've already started maintaining the project again, starting on Nov 1st.
Security updates for Wednesday
Security updates have been issued by AlmaLinux (libtiff), Debian (context, libheif, and thunderbird), Fedora (php-tcpdf, syncthing, and thunderbird), Gentoo (EditorConfig core C library, Flatpak, Neat VNC, and Ubiquiti UniFi), Oracle (bcc, bpftrace, grafana-pcp, haproxy, kernel, krb5, libtiff, python-gevent, python3.11-urllib3, python3.12-urllib3, and xmlrpc-c), Red Hat (python3.11-urllib3), SUSE (audacity, curl, govulncheck-vulndb, gradle, htmldoc, libgsf, python310, and qbittorrent), and Ubuntu (linux-aws-5.4, linux-oracle-5.4, mpg123, and python-werkzeug).
LXQt 2.1.0 released
Version 2.1.0 of the LXQt lightweight Qt desktop environment has been released. The highlight of this release is support for multiple Wayland compositors:
Through its new component lxqt-wayland-session, LXQt 2.1.0 supports 7 Wayland sessions (with Labwc, KWin, Wayfire, Hyprland, Sway, River and Niri), has two Wayland back-ends in lxqt-panel (one for kwin_wayland and the other general), and will add more later. All LXQt components that are not limited to X11 — i.e., most components — work fine on Wayland. [...]
Of course, the X11 session will be supported indefinitely. Wayland is optional and rather experimental.
The BPF instruction set architecture is now RFC 9669
After a couple of years of effort, the BPF instruction set architecture has been accepted as RFC 9669, giving it a standard outside of the in-kernel implementation. This message from David Vernet (who also contributed an article on the standardization process last year) describes the process and why it is important:
Though some vendors have already implemented BPF offloading capabilities without having a standardized ISA, others are not quite as risk tolerant. As Christoph [Hellwig] discussed at LSFMM 2022, certain NVMe vendors have expressed an interest in building BPF offloading capabilities for various use cases such as eXpress Resubmission Path (XRP), but they simply can't fund such a project without certain components of BPF being standardized. Hence, the effort to standardize BPF was born.
Security updates for Tuesday
Security updates have been issued by AlmaLinux (firefox, openexr, and thunderbird), Fedora (llama-cpp and python-quart), Oracle (firefox, openexr, thunderbird, and xorg-x11-server and xorg-x11-server-Xwayland), SUSE (chromium, govulncheck-vulndb, openssl-1_1, python311, and python312), and Ubuntu (linux-azure, linux-bluefield, linux-azure, linux-gcp, linux-ibm, openjpeg2, and ruby3.0, ruby3.2, ruby3.3).
Security updates for Monday
Security updates have been issued by AlmaLinux (firefox, grafana, kernel, and mod_http2), Debian (chromium, openssl, and thunderbird), Fedora (chromium, krb5, mysql8.0, polkit, python-single-version, and webkitgtk), Mageia (bind, buildah, podman, skopeo, kernel, kmod-xtables-addons. kmod-virtualbox, kernel-firmware & kernel-firmware-nonfree radeon-firmware, and kernel-linus), SUSE (apache2, chromedriver, cups-filters, docker-stable, firefox, gama, govulncheck-vulndb, java-11-openjdk, java-17-openjdk, java-23-openjdk, libnss_slurm2, openssl-1_1, openssl-3, python-waitress, python3, python310-waitress, ruby2.5, rubygem-actionmailer-5_1, rubygem-actionpack-5_1, rubygem-bundler, webkit2gtk3, and xorg-x11-server), and Ubuntu (linux-azure-6.8).
Kernel prepatch 6.12-rc6
The 6.12-rc6 kernel prepatch is out for
testing. Linus says: "Another week, another rc. Nothing odd or special
seems to be going on - this may be a bit on the bigger side for an rc6, but
not hugely so, and nothing stands out.
"
Four Friday stable kernel updates
Greg Kroah-Hartman has released another four stable Linux kernel updates: 6.11.6, 6.6.59, 6.1.115, and 5.15.170.
Security updates for Friday
Security updates have been issued by Debian (firefox-esr), Fedora (xorg-x11-server-Xwayland), Oracle (buildah, e2fsprogs, grafana, kernel, and mod_http2), Red Hat (buildah, container-tools:rhel8, firefox, grafana, grafana:7.3.6, podman, and thunderbird), SUSE (alloy, cargo-audit-advisory-db-20241030, chromedriver, corepack22, netty, openvpn, python310-Werkzeug, thunderbird, uwsgi, and xsd), and Ubuntu (linux, linux-azure-6.8, linux-gcp-6.8, linux-hwe-6.8 and linux, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4).
October project goals update (Rust Blog)
The Rust blog has an update on its progress on some of its project goals. One of the project's flagship goals is to resolve the biggest blockers to Linux building on stable Rust:
Finally, we have been finding an increasing number of stabilization requests at the compiler level, and so @wesleywiser and @davidtwco from the compiler team have started attending meetings to create a faster response. One of the results of that collaboration is RFC #3716, authored by Alice Ryhl, which proposes a method to manage compiler flags that modify the target ABI. Our previous approach has been to create distinct targets for each combination of flags, but the number of flags needed by the kernel make that impractical. Authoring the RFC revealed more such flags than previously recognized, including those that modify LLVM behavior.