[$] LWN.net Weekly Edition for July 4, 2024
4 juillet 2024 à 02:32
The LWN.net Weekly Edition for July 4, 2024 is available.
A major reason for Sun's early success was that they in effect open-sourced the Network File System. X11 was open source under the MIT license. I, and some of the other Sun engineers, understood that NeWS could not displace X11 as the Unix standard window system without being equally open source. But Sun's management looked at NeWS and saw superior technology, an extension of the PostScript that Adobe was selling, and couldn't bring themselves to give it away.
Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon.Exploitation on non-glibc systems is conceivable but has not been examined.
There is a configuration workaround for systems that cannot be updated, though it has its own problems. See this Qualys advisory for more details.
This release continues to be fairly calm, and rc6 looks pretty small. It's also entirely just random small fixes spread all over, with no bigger pattern."
There has been a lot of work on the next-generation trait solver. The initiative posted a separate update at the end of last year. While we would have liked to stabilize its use in coherence a few months ago, this surfaced additional small behavior regressions and hangs, causing delays. We are working on fixing these issues and intend to merge the stabilization PR soon. We are getting close to compiling the standard library and the compiler with the new solver enabled everywhere, after which will be able to run crater to figure out the remaining issues.
It is not yet clear how many of these models will fit the EU's definition of open source. Under the act, this would refer to models that are released under a "free and open" licence that, for example, allows users to modify a model but says nothing about access to training data. Refining this definition will probably form "a single pressure point that will be targeted by corporate lobbies and big companies", the paper says.
In a particular situation, when each scheduling policy needs its specific action, the core kernel scheduler calls an operation defined in struct sched_class. For example, when the core kernel scheduler needs to select a task to be scheduled, it calls the sched_class.pick_next_task(rq) callback of a concrete scheduling policy. When a task becomes runnable, the core kernel scheduler calls sched_class.enqueue(rq, p, flags) so the concrete scheduling policy enqueues task p to run queue rq. When a task's runtime state needs to be updated, the core kernel scheduler calls sched_class.update_curr(rq).
an emergency bugfix release" fixing a vulnerability that can cause the editor to execute arbitrary shell code in Org mode. Anybody who runs Emacs on untrusted files — including those using Gnus or one of the Emacs mail modes — should be looking to update. For those who cannot update, a pair of messages from Russ Allbery and Florian Weimer investigates how to disable the Org-mode evaluation, a task that is seemingly more complicated than it should be.
So far, the 6.10 release cycle has been fairly calm, and rc5 continues that trend. Let's hope things stay that way."