Eduard Zingerman presented a daring proposal that "makes sense if you think about it a bit" at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit. He wants to inline performance-sensitive kernel functions into the BPF programs that call them. His prototype does not yet address all of the design problems inherent in that idea, but it did spark a lengthy discussion about the feasibility of his proposal.

GCC will use color when emitting its text messages on stderr at a suitably modern terminal, using a few colors that seem to work well in a number of different terminal themes—but the exact rules for choosing which color to use for each aspect of the output have been rather arbitrary.

For GCC 15, I've gone through C and C++'s errors, looking for places where two different things in the source are being contrasted, such as type mismatches. These diagnostics now use color to visually highlight and distinguish the differences.

• Front: Debian project leader election; 6.15 Merge window; Lots of LSFMM coverage; Joplin.
• Briefs: Firefox hardening; OpenSSH 10.0; Supply chain security; FreeDOS 1.4; OpenSSL 3.5.0; Rust 1.86.0; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Tom Schuster, Frederik Braun, and Christoph Kerschbaumer have published an article on the Firefox Security team's Attack & Defense blog that explains recent work to harden Firefox's frontend code.

We have rewritten over 600 JavaScript event handlers to mitigate XSS and other injection attacks in the main Firefox user interface. This mitigation will ship in Firefox 138. However, blocking the execution of scripts in the parent process is not the end - we will expand this technique to other contexts in the near future. There is still more work to do as the UI requires JavaScript APIs with a high level of privileges. However: We still eliminated a whole class of attacks, significantly raising the bar for attackers to exploit Firefox.

Four candidates have stepped up to run in the 2025 Debian Project Leader (DPL) election. Andreas Tille, who is in his first term as DPL, is running again. Sruthi Chandran, Gianfranco Costamagna, and Julian Andres Klode are the other candidates running for a chance to serve a term as DPL. The campaigning phase ended on April 5, and Debian members began voting on April 6. Voting ends on April 19. This year, the campaign period has been lively and sometimes contentious, touching on problems with Debian team delegations and finances.

The 6.15 merge window saw the inclusion of a new type of lock for BPF programs: a resilient queued spinlock that Kumar Kartikeya Dwivedi has been working on for some time. Eventually, he hopes to convert all of the spinlocks currently used in the BPF subsystem to his new lock. He gave a remote presentation about the design of the lock at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF summit.

OpenSSH 10.0 has been released. Support for the DSA signature algorithm, which was disabled by default beginning in 2015, has been removed. Other notable changes include using the post-quantum algorithm mlkem768x25519-sha256 for key agreement by default, support for systemd-style socket activation in Portable OpenSSH, and moving code for user authentication from the sshd-session binary to the new ssh-auth binary:

Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after the authentication phase completes. This change should be largely invisible to users, though some log messages may now come from "sshd-auth" instead of "sshd-session". Downstream distributors of OpenSSH will need to package the sshd-auth binary.

The release notes also warn that "software that naively matches versions using patterns like "OpenSSH_1*"" may be confused by the new version number.

Version 1.4 of FreeDOS has been released. This is the first stable release since 2022, and includes improvements to the Fdisk hard-disk-management program, and reliability updates for the mTCP set of TCP/IP applications for DOS.

This version was much smoother because Jerome Shidel, our distribution manager, had an idea after FreeDOS 1.3 that we could have a rolling test release that collected all of the changes that people make over time. Previous to this, each new FreeDOS distribution (like 1.0, 1.1, 1.2, and 1.3) required bundling up packages into a "release candidate," and we would go through several iterations of updating the release candidates.

Jerome's method of building the FreeDOS distribution made it easier to automate a test release, which we decided to update every month. As the test releases accumulated enough changes to warrant a release, we could then make the next test release a "release candidate" which would iterate to the next version of the FreeDOS distribution. Since 2022, we've released monthly test releases. Thanks Jerome!

LWN covered FreeDOS last year for its 30th anniversary.

Joplin is an open-source note-taking application designed to handle taking many kinds of notes, whether it is managing code snippets, writing documentation, jotting down lecture notes, or drafting a novel. Joplin has Markdown support, a plugin system for extensibility, and accepts multimedia content, allowing users to attach images, videos, and audio files to their notes. It can provide synchronization of content across devices using end-to-end encryption, or users can opt to stick to local storage only. Joplin even offers a command-line version for terminal-based usage. Joplin 3.2, the most recent feature release, brought long-awaited multi-window support, multi-column layouts, enhanced accessibility, and theme detection.