Vue normale
[$] Security patterns and anti-patterns in embedded development
When it comes to security, telling developers to do (or not do) something can be ineffective. Helping them understand the why behind instructions, by illustrating good and bad practices using stories, can be much more effective. With several such stories Marta Rybczyńska fashioned an interesting talk about patterns and anti-patterns in embedded Linux security at the Embedded Open Source Summit (EOSS), co-located with Open Source Summit North America (OSSNA), on April 16 in Seattle, Washington.
Yocto Project 5.0 released
"run0" as a sudo replacement
So, in my ideal world, we'd have an OS entirely without SUID. Let's throw out the concept of SUID on the dump of UNIX' bad ideas. An execution context for privileged code that is half under the control of unprivileged code and that needs careful manual clean-up is just not how security engineering should be done in 2024 anymore.
Git 2.45.0 released
Security updates for Tuesday
Amarok 3.0 "Castaway" released
The road to 3.0 has not been a short one. Much of the Qt5/KF5 porting was done in 2015 already, but finishing and polishing everything up has been a slow, sometimes ongoing and sometimes stalled process ever since. 3.0 Alpha was released in February 2021 and has been since used by many people, as have been nightly builds of git master available for various distributions. Now in the past few months, an effort was made to get everything ready for a proper 3.0 release.Common usecases should work quite well, and in addition to fixing KF5 port related regressions reported in pre-releases, 3.0 features many bugfixes and implemented features for longstanding issues, the oldest such documented being from 2009. However, with more than 20 years of development history, it is likely that not every feature Amarok has been tested thoroughly in the new release, and specifically some Internet services that have changed their API in recent years are not available, at least for now. It might well be that getting them in better state wouldn't require huge effort, however, so if you know your way with Qt and KDE Frameworks and your favourite Internet music service does not work with Amarok 3.0, you are extremely welcome to join in and help!
[$] A leadership crisis in the Nix community
On April 21, a group of anonymous authors and non-anonymous signatories published a lengthy open letter to the Nix community and Nix founder Eelco Dolstra calling for his resignation from the project. They claimed ongoing problems with the project's leadership, primarily focusing on the way his actions have allegedly undermined people nominally empowered to perform various moderation and governance tasks. Since its release, the letter has gained more than 100 signatures.
Security updates for Monday
McQueen: Update from the GNOME board
The Foundation has a reserves policy which specifies a minimum amount of money we have to keep in our accounts. This is so that if there is a significant interruption to our usual income, we can preserve our core operations while we work on new funding sources. We've now "hit the buffers" of this reserves policy, meaning the Board can't approve any more deficit budgets – to keep spending at the same level we must increase our income.
Kernel prepatch 6.9-rc6
Things continue to look pretty normal, and nothing here really stands out. The biggest single change that stands out in the diffstat is literally a documentation update, everything else looks pretty small and spread out.
[$] Giving Rust a chance for in-kernel codecs
[$] Support for the TSO memory model on Arm CPUs
Security updates for Friday
[$] Python JIT stabilization
On April 11, Brandt Bucher posted PEP 744 ("JIT Compilation"), which summarizes the current state of Python's new copy-and-patch just-in-time (JIT) compiler. The JIT is currently experimental, but the PEP proposes some criteria for the circumstances under which it should become a non-experimental part of Python. The discussion of the PEP hasn't reached a conclusion, but several members of the community have already raised questions about how the JIT would fit into future iterations of the Python language.
Ubuntu 24.04 LTS (Noble Numbat) released
This release continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, together with the community and our partners, to introduce new features and fix bugs.
The list of changes and enhancements is long; click below for some details. More information can be found in the release notes; see also this page for a summary of security-related changes.