Since the disagreements that led to Eelco Dolstra stepping down from the NixOS Foundation board, there have been a number of projects forked from or inspired by Nix that have stepped up to compete with it. Two months on, some of these projects are now well-established enough to look at what they have to offer and how they compare to each other. Overall, users have a number of good options to choose from, whether they're seeking a compatible replacement for Nix (the configuration language and package manager) or NixOS (the Linux distribution), or something that takes the same ideas in a different direction.

The PSP security protocol (PSP) is a way to transparently encrypt packets by efficiently offloading encryption and decryption to the network interface cards (NICs) that Google uses for connections inside its data centers. The protocol is similar to IPsec, in that it allows for wrapping arbitrary traffic in a layer of encryption. The difference is that PSP is encapsulated in UDP, and designed from the beginning to reduce the amount of state that NICs have to track in order to send and receive encrypted traffic, allowing for more simultaneous connections. Jakub Kicinski wants to add support for the protocol to the Linux kernel.

ISO releases new C++ language standards on a three-year cadence; now that it's been more than a year since the finalization of C++23, we have a good idea of what features could be adopted for C++26 — although proposals can still be submitted until January 2025. Of particular interest is the addition of support for hazard pointers and user-space read-copy-update (RCU). Even though C++26 is not yet a standard, many of the proposed features are already available to experiment with in GCC or Clang.

Greg Kroah-Hartman has announced the release of seven more stable kernels. Versions 6.9.8, 6.6.37, 6.1.97, 5.15.162, 5.10.221, 5.4.279, and 4.19.317 are now available.

On May 7, Kees Cook sent a proposal to the linux-kernel mailing list, asking for the kernel developers to start working on a way to mitigate unintentional arithmetic overflow, which has been a source of many bugs. This is not the first time Cook has made a request along these lines; he sent a related patch set in January 2024. Several core developers objected to the plan for different reasons. After receiving their feedback, Cook modified his approach to tackle the problem in a series of smaller steps.

The Free Software Foundation Europe has submitted a joint position to the European Commission (EC), claiming that Apple has failed to comply with the EU's Digital Markets Act (DMA). This is the law that requires Apple to support alternative application stores on the devices it makes.

Apple's unfair behaviour against Free Software highlights the critical need to monitor the implementation of the DMA. The FSFE collaborated with F-Droid, the AppFair project, and other interoperability experts to scrutinize Apple's DMA compliance, and it's impact on Free Software. Since then, we coordinated several expert workshops with stakeholders, discussed with regulators in FOSDEM, had official meetings with the EC's DMA team, and submitted a comprehensive position to the EC detailing several problematic elements in the Apple compliance that will harm the Free Software.

With the Rust-for-Linux project starting to gain some ground, it is worth looking at other operating systems that use Rust in their kernels. There are many attempts to use Rust for operating system development, but Redox may be the most complete. Redox is an MIT-licensed microkernel and corresponding user space, designed around concepts taken from Plan 9. While nowhere near being usable as a replacement for Linux, it already provides a graphical user interface and the ability to run many POSIX programs.

Unison is a MIT-licensed programming language, in development since 2013, that explores the ramifications of making code immutable and stored in a database, instead of a set of text files. Unison supports a greatly simplified model for distributed programming — one that describes the configuration of and communication between programs in the same language as the programs themselves. Along the way, it introduces a new approach to interfacing with programming languages, which is tailored to its design.

The 6.9.6, 6.6.35, 6.1.95, and 5.10.220 stable kernels have all been released; as usual, users are advised to update immediately.

Arnaldo Carvalho de Melo spoke at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit about his work on Poke-a-hole (pahole), a program that has expanded greatly over the years, but which was relevant to the BPF track because it produces BPF Type Format (BTF) information from DWARF debugging information. He covered some small changes to the program, and then went into detail about the new support for data-type profiling. His slides include several examples.

Andrii Nakryiko led a session at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit giving a look into the APIs for capturing stack traces using BPF, and how the APIs could be made more useful. BPF programs can capture the current stack trace of a running process, including the portion in the kernel during execution of a system call, which can be useful for diagnosing performance problems, among other things. But there are substantial problems with the existing API.

On the final day of the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit, the BPF track opened with a series of sessions on improving the performance and flexibility of probes and other performance-monitoring tools, in the kernel and in user space. Jiri Olsa led two sessions about different aspects of probes: making the API for BPF programs attached to a probe more flexible, and making user-space probes more efficient.

The kernel has a lot of code paths that are normally disabled: debugging print statements, tracepoints, etc. To support these efficiently, there is a common mechanism called static keys that provides a way to enable or disable a code path at run time, with effectively no overhead for disabled branches. BPF programs have not been able to take advantage of static keys so far, because they aren't compiled into the kernel. Now, it looks like BPF may be getting support for a similar mechanism — and the design could also provide one of the components needed to support jump tables, another missing feature. Anton Protopopov presented his plans to add static keys to BPF at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit.

The BPF verifier is a complex program. This has the unfortunate effect of making it simultaneously more difficult for contributors to work on, and more likely to harbor unknown bugs. Shung-Hsi Yu had two concrete proposals for how to simplify the verifier to make it easier to maintain that he presented at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit. Yu proposed changing how the verifier tracks partially known values and cleaning up the interface to hide the details of the value-tracker's internal representation.

BPF is in a unique position in terms of security. It runs in a privileged context, within the kernel, and can have access to many sensitive details of the kernel's operation. At the same time, unlike kernel modules, BPF programs aren't signed. Additionally, the mechanisms behind BPF present challenges to implementing signing or other security features. Three nearly back-to-back sessions at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit addressed some of the potential security problems.