Vue normale

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
Aujourd’hui — 7 mai 2024LWN

[$] A proposal to switch Fedora Workstation's desktop

Par : jake
7 mai 2024 à 21:46
A proposal to switch the default desktop for Fedora Workstation from GNOME to KDE Plasma largely went over like the proverbial lead balloon—unsurprisingly. But the conversation about the proposal did surface some areas where the distribution could perhaps be more inclusive with regard to the other desktop choices available. The project believes that it benefits from being opinionated and not requiring users to make multiple decisions before they can even install the distribution, but there is a balance to be found.

[$] Systemd heads for a big round-number release

Par : daroc
7 mai 2024 à 15:50

The systemd project is preparing for a new release. Version 256-rc1 was released on April 25 with a large number of changes and new features. Most of the changes relate to security, easier configuration, unprivileged access to system resources, or all three of these. Users of systemd will find setting up containers — even without root access — much simpler and more secure.

GCC 14.1 released

Par : corbet
7 mai 2024 à 12:57
Version 14.1 of the GCC compiler suite has been released. The list of changes is long; it includes support for more C++26 features, preparation for Fortran 2023 support, a new -fhardened flag to enable security-hardening features, vectorizer improvements, and a number of static-analyzer improvements. See the release notes for details.

Secure Randomness in Go 1.22 (Go Blog)

Par : corbet
7 mai 2024 à 12:46
The Go Blog has a detailed article on the new, more secure random-number generator implemented for the 1.22 release.

For example, when Go 1.20 deprecated math/rand's Read, we heard from developers who discovered (thanks to tooling pointing out use of deprecated functionality) they had been using it in places where crypto/rand's Read was definitely needed, like generating key material. Using Go 1.20, that mistake is a serious security problem that merits a detailed investigation to understand the damage. Where were the keys used? How were the keys exposed? Were other random outputs exposed that might allow an attacker to derive the keys? And so on. Using Go 1.22, that mistake is just a mistake.
Hier — 6 mai 2024LWN

2023 PSF annual impact report

Par : jzb
6 mai 2024 à 21:21

The Python Software Foundation (PSF) has announced its annual impact report for 2023. The report includes updates from PSF staff as well as summaries of the foundation's activities, financials, and infrastructure. The PSF celebrated the 20th anniversary of PyCon US, distributed more than $370,000 in grants, and enjoyed impressive traffic on PyPI:

In 2023 PyPI saw a 45% growth in download counts and bandwidth alike, serving 603,378,275 downloads for the 516,402 projects hosted there requiring 747.4 Petabytes of data transfer, or 189.6 Gbps of bandwidth 24x7x365.

See the full report for a breakdown of grant disbursements and trends, PSF expenses, and high-level plans for the rest of 2024.

Stenberg: I survived curl up 2024

Par : daroc
6 mai 2024 à 20:14

Daniel Stenberg has posted a report about the recent curl up conference about curl development. It was held over two days in Stockholm. The report has short summaries of the talks with links to the recordings.

curl up is never a big meeting/conference but we have in the past sometimes been around twenty-five attendees. This year's amount of fifteen was the smallest so far, but in this small set of people we have a set of long-term well-known curl contributors. It is not a big list of attendees that creates a good curl up.

[$] Modernizing accessibility for desktop Linux

Par : jzb
6 mai 2024 à 17:08

In some aspects, such as in gaming, the Linux desktop has made enormous strides in the past few years. In others, such as accessibility, things have stagnated. At Open Source Summit North America (OSSNA), Matt Campbell spoke about the need for, and an approach to, modernizing accessibility for desktop Linux. This included a discussion of Newton, a fledgling project that may greatly improve accessibility on the Linux desktop.

The 2023 FSF Free Software Awards

Par : corbet
6 mai 2024 à 14:55
The Free Software Foundation has announced the recipients of its 2023 Free Software Awards: Bruno Haible for work on gnulib, Nick Logozzo as the "outstanding new free software contributior", and code.gouv.fr for projects of social benefit.

When presenting the award to Haible, FSF executive director Zoë Kooyman commented on the significance of Haible's work, saying that Haible's work enabled free software programmers around the world to focus on the main, innovative portions of their program, thus facilitating the development of more and more free software.

Security updates for Monday

Par : jake
6 mai 2024 à 14:37
Security updates have been issued by Debian (glibc, intel-microcode, less, libkf5ksieve, and ruby3.1), Fedora (chromium, gdcm, httpd, and stalld), Gentoo (Apache Commons BCEL, borgmatic, Dalli, firefox, HTMLDOC, ImageMagick, MediaInfo, MediaInfoLib, MIT krb5, MPlayer, mujs, Pillow, Python, PyPy3, QtWebEngine, Setuptools, strongSwan, and systemd), Oracle (grub2 and shim), Red Hat (git-lfs, kpatch-patch, unbound, and varnish), and SUSE (avahi, grafana and mybatis, java-11-openjdk, java-17-openjdk, skopeo, SUSE Manager Client Tools, SUSE Manager Salt Bundle, and SUSE Manager Server 4.3).
À partir d’avant-hierLWN

[$] The file_operations structure gets smaller

Par : corbet
3 mai 2024 à 15:56
Kernel developers are encouraged to send their changes in small batches as a way of making life easier for reviewers. So when a longtime developer and maintainer hits the list with a 437-patch series touching 859 files, eyebrows are certain to head skyward. Specifically, this series from Jens Axboe is cleaning up one of the core abstractions that has been part of the Linux kernel almost since the beginning; authors of device drivers (among others) will have to take note.

[$] Inheritable credentials for directory file descriptors

Par : corbet
2 mai 2024 à 15:10
In Unix-like systems, an open file descriptor carries the right to access the opened object in specific ways. As a general rule, that file descriptor does not enable access to any other objects. The recently merged BPF token feature runs counter to this practice by creating file descriptors that carry specific BPF-related access rights. A similar but different approach to capability-carrying file descriptors, in the form of directory file descriptors that include their own credentials, is currently under consideration in the kernel community.

Rust 1.78.0 released

Par : corbet
2 mai 2024 à 14:43
Version 1.78.0 of the Rust language has been released. Changes include a new mechanism for diagnostic attributes, changes to how assertions around unsafe blocks are handled, and more.

Rust now supports a #[diagnostic] attribute namespace to influence compiler error messages. These are treated as hints which the compiler is not required to use, and it is also not an error to provide a diagnostic that the compiler doesn't recognize. This flexibility allows source code to provide diagnostics even when they're not supported by all compilers, whether those are different versions or entirely different implementations.

GNU nano 8.0 released

Par : jzb
1 mai 2024 à 17:54

Version 8.0 of the terminal text editor GNU nano has been released. This update includes several changes to keybindings to be more newcomer-friendly, such as remapping Ctrl-F to forward-search and adding an option for modern bindings:

Command-line option --modernbindings (-/) makes ^Q quit, ^X cut, ^C copy, ^V paste, ^Z undo, ^Y redo, ^O open a file, ^W write a file, ^R replace, ^G find again, ^D find again backwards, ^A set the mark, ^T jump to a line, ^P show the position, and ^E execute.

The release also provides access to 14 levels of gray scale in xterm (up from four), as well as many bug fixes.

❌
❌