Linux Weekly News

Subscribe to Linux Weekly News feed
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 21 min 20 sec ago

[$] Containers without Docker at Red Hat

Wed, 12/20/2017 - 18:18

The Docker (now Moby) project has done a lot to popularize containers in recent years. Along the way, though, it has generated concerns about its concentration of functionality into a single, monolithic system under the control of a single daemon running with root privileges: dockerd. Those concerns were reflected in a talk by Dan Walsh, head of the container team at Red Hat, at KubeCon + CloudNativeCon. Walsh spoke about the work the container team is doing to replace Docker with a set of smaller, interoperable components. His rallying cry is "no big fat daemons" as he finds them to be contrary to the venerated Unix philosophy.

[$] Demystifying container runtimes

Wed, 12/20/2017 - 18:04

As we briefly mentioned in our overview article about KubeCon + CloudNativeCon, there are multiple container "runtimes", which are programs that can create and execute containers that are typically fetched from online images. That space is slowly reaching maturity both in terms of standards and implementation: Docker's containerd 1.0 was released during KubeCon, CRI-O 1.0 was released a few months ago, and rkt is also still in the game. With all of those runtimes, it may be a confusing time for those looking at deploying their own container-based system or Kubernetes cluster from scratch. This article will try to explain what container runtimes are, what they do, how they compare with each other, and how to choose the right one. It also provides a primer on container specifications and standards.

[$] A 2017 retrospective

Wed, 12/20/2017 - 17:15
The December 21 LWN Weekly Edition will be the final one for 2017; as usual, we will take the last week of the year off and return on January 4. It's that time of year where one is moved to look back over the last twelve months and ruminate on what happened; at LWN, we also get the opportunity to mock the predictions we made back in January. Read on for the scorecard and a year-end note from LWN.

New stable kernels

Wed, 12/20/2017 - 11:14
Four stable kernels have been released; 4.14.8, 4.9.71, 4.4.107, and 3.18.89. They all contain important fixes and users should upgrade.

Security updates for Wednesday

Wed, 12/20/2017 - 11:07
Security updates have been issued by Debian (otrs2), Fedora (glibc, kernel, libextractor, LibRaw, nodejs, optipng, python34, python35, qt5-qtbase, wayland, and xen), and Slackware (ruby).

[$] The current state of kernel page-table isolation

Wed, 12/20/2017 - 10:33
At the end of October, the KAISER patch set was unveiled; this work separates the page tables used by the kernel from those belonging to user space in an attempt to address x86 processor bugs that can disclose the layout of the kernel to an attacker. Those patches have seen significant work in the weeks since their debut, but they appear to be approaching a final state. It seems like an appropriate time for another look.

Ubuntu 17.10 can brick some laptops

Wed, 12/20/2017 - 09:00
Downloads of Ubuntu 17.10 have been disabled due to an issue that can cause it to corrupt the firmware on some laptops. Lenovo laptops appear to be the most affected, but the problem is apparently not limited to them. The intel-spi driver has been named as the source of the problem; it's not clear whether other distributions may also be affected. If you downloaded 17.10, you might want to hold off on installing it.

New Thunderbird Releases and New Thunderbird Staff

Tue, 12/19/2017 - 18:31
The Mozilla Thunderbird Blog looks at recent releases of the Thunderbird email client, including a fifth point release for version 52 ESR and 58 beta. "Thunderbird 57 beta was also very successful. While Thunderbird 58 is equally stable and offers further cutting-edge improvements to Thunderbird users, the user community is starting to feel the impact of Mozilla platform changes which are phasing out so-called legacy add-ons. The Thunderbird technical leadership is working closely with add-on authors who face the challenge of updating their add-ons to work with the Mozilla interface changes. With a few usually simple changes most add-ons can be made to work in Thunderbird 58 beta. https://wiki.mozilla.org/Thunderbird/Add-ons_Guide_57 explains what needs to be done, and Thunderbird developers are happy to lend a hand to add-on authors." The project has also added four new staff members.

Fedora redesigns its modularity initiative

Tue, 12/19/2017 - 14:21
The Fedora Project has announced a number of changes to its modularity initiative after failing to meet its initial set of goals. "From an end-user’s perspective, Fedora will ship with two sets of repositories. One will be the traditional Fedora repositories (fedora, updates, and updates-testing) and the other will be a new set of repositories providing alternative and supplementary modules. We haven’t decided on a final name for these yet, so we will use the placeholder terms modular, modular-updates, and modular-updates-testing."

Security updates for Tuesday

Tue, 12/19/2017 - 11:25
Security updates have been issued by Debian (libxml2), Fedora (kernel, perl-DBD-MySQL, and python26), openSUSE (389-ds and pdns-recursor), Red Hat (heketi and rh-ruby24-ruby), Scientific Linux (postgresql), and SUSE (java-1_6_0-ibm).

Haas: MVCC and VACUUM

Tue, 12/19/2017 - 10:39
Robert Haas gets into the details of how PostgreSQL concurrency works and why an occasional VACUUM is necessary. "The second approach to providing transactions with atomicity and isolation is multi-version concurrency control (MVCC). The basic idea is simple: instead of locking a row that we want to update, let’s just create a new version of it which, initially, is visible only to the transaction which created it. Once the updating transaction commits, we’ll make the new row visible to all new transactions that start after that point, while existing transactions continue to see the old row."

[$] HarfBuzz brings professional typography to the desktop

Mon, 12/18/2017 - 19:53

By their nature, low-level libraries go mostly unnoticed by users and even some programmers. Usually, they are only noticed when something goes wrong. However, HarfBuzz deserves to be an exception. Not only does the adoption of HarfBuzz mean that free software's ability to convert Unicode characters to a font's specific glyphs is as advanced as any proprietary equivalent, but its increasing use means that professional typography can now be done from the Linux desktop as easily as at a print shop.

Parrot 3.10 is out

Mon, 12/18/2017 - 12:44
Parrot 3.10, the latest version of the security oriented GNU/Linux distribution, has been released. "The first big news is the introduction of a full firejail+apparmor sandboxing system to proactively protect the OS by isolating its components with the combination of different tecniques. The first experiments were already introduced in Parrot 3.9 with the inclusion of firejail, but we took almost a month of hard work to make it even better with the improvement of many profiles, the introduction of the apparmor support and enough time to make all the tests."

Four stable kernels

Mon, 12/18/2017 - 12:04
Stable kernels 4.14.7, 4.9.70, 4.4.106, and 3.18.88 have been released. They all contain important fixes and users should upgrade.

Security updates for Monday

Mon, 12/18/2017 - 11:55
Security updates have been issued by Arch Linux (chromium, lib32-openssl-1.0, openssl-1.0, and tor), Debian (kildclient, openafs, openssl1.0, otrs2, reportbug, rsync, and sensible-utils), Fedora (tor), Mageia (deluge, evince, lynx, openssl, and rsync), openSUSE (chromium, GraphicsMagick, kernel, mercurial, and openssl), Red Hat (chromium-browser), SUSE (openssl), and Ubuntu (php5).

Kernel prepatch 4.15-rc4

Sun, 12/17/2017 - 22:42
Linus has released the 4.15-rc4 kernel prepatch. "I would like to say that I hope things will continue to calm down, but I already know I have more stuff pending. That, together with the holidays, makes me strongly suspect that this will be one of those 'we'll do an rc8' releases, but we'll see."

[$] Python 3, ASCII, and UTF-8

Sun, 12/17/2017 - 11:37

The dreaded UnicodeDecodeError exception is one of the signature "features" of Python 3. It is raised when the language encounters a byte sequence that it cannot decode into a string; strictly treating strings differently from arrays of byte values was something that came with Python 3. Two Python Enhancement Proposals (PEPs) bound for Python 3.7 look toward reducing those errors (and the related UnicodeEncodeError) for environments where they are prevalent—and often unexpected.

[$] Shrinking the kernel with link-time garbage collection

Fri, 12/15/2017 - 17:41
One of the keys to fitting the Linux kernel into a small system is to remove any code that is not needed. The kernel's configuration system allows that to be done on a large scale, but it still results in the building of a kernel containing many smaller chunks of unused code and data. With a bit of work, though, the compiler and linker can be made to work together to garbage-collect much of that unused code and recover the wasted space for more important uses.

Click below (subscribers only) for a detailed article from Nicolas Pitre on how to use link-time garbage collection to create a smaller kernel image.

Security updates for Friday

Fri, 12/15/2017 - 11:23
Security updates have been issued by Debian (erlang), Fedora (python-dulwich), Gentoo (curl, opencv, openssl, and webkit-gtk), openSUSE (libapr-util1 and php5), Red Hat (qemu-kvm-rhev), and Ubuntu (linux, linux-aws, linux-kvm, linux-raspi2 and linux-lts-xenial, linux-aws).

Goodbye, net neutrality—Ajit Pai’s FCC votes to allow blocking and throttling (Ars Technica)

Thu, 12/14/2017 - 15:04
In a vote that was not any kind of surprise, the US Federal Communications Commission (FCC) voted to end the "net neutrality" rules that stop internet service providers (ISPs) and others from blocking or throttling certain kinds of traffic to try to force consumers and content providers to pay more for "fast lanes". Ars Technica covers the vote and the reaction to it, including the fact that the fight is not yet over: "Plenty of organizations might appeal, said consumer advocate Gigi Sohn, who was a top counselor to then-FCC Chairman Tom Wheeler when the commission imposed its rules. 'I think you'll see public interest groups, trade associations, and small and mid-sized tech companies filing the petitions for review,' Sohn told Ars. One or two 'big companies' could also challenge the repeal, she thinks. Lawsuit filers can challenge the repeal on numerous respects, she said. They can argue that the public record doesn't support the FCC's claim that broadband isn't a telecommunications service, that 'throwing away all protections for consumers and innovators for the first time since this issue has been debated is arbitrary and capricious,' and that the FCC cannot preempt state net neutrality laws, she said."

Pages