Vue lecture
[$] Building secure images with NixOS
Image-based Linux distributions have seen increasing popularity, recently. They promise reliability and security, but pose packaging problems for existing distributions. Ryan Lahfa and Niklas Sturm spoke about the work that NixOS has done to enable an image-based workflow at this year's All Systems Go! conference in Berlin. Unfortunately, LWN was not able to cover the conference for scheduling reasons, but the videos of the event are available for anyone interested in watching the talks. Lahfa and Sturm explained that it is currently possible to create a NixOS system that cryptographically verifies the kernel, initrd, and Nix store on boot — although doing so still has some rough edges. Making an image-based NixOS installation is similarly possible.
Funding restored for man-page maintenance
We've been talking for a couple of months, and we have already agreed to sign a contract through the LF [Linux Foundation], where a number of companies provide the funds for the contract. The contract will cover the next 12 months for the agreed amount, and we should sign it in the following days. Since I've already seen a draft of the contract, and it looks good, I've already started maintaining the project again, starting on Nov 1st.
Security updates for Wednesday
LXQt 2.1.0 released
Version 2.1.0 of the LXQt lightweight Qt desktop environment has been released. The highlight of this release is support for multiple Wayland compositors:
Through its new component lxqt-wayland-session, LXQt 2.1.0 supports 7 Wayland sessions (with Labwc, KWin, Wayfire, Hyprland, Sway, River and Niri), has two Wayland back-ends in lxqt-panel (one for kwin_wayland and the other general), and will add more later. All LXQt components that are not limited to X11 — i.e., most components — work fine on Wayland. [...]
Of course, the X11 session will be supported indefinitely. Wayland is optional and rather experimental.
[$] Safety in an unsafe world
Joshua Liebow-Feeser took to the stage at RustConf to describe the methodology that his team uses to encode arbitrary constraints in the Rust type system when working on the Fuchsia operating system (slides). The technique is not unknown to the Rust community, but Liebow-Feeser did a good job of both explaining the method and making a case for why it should be used more widely.
The BPF instruction set architecture is now RFC 9669
Though some vendors have already implemented BPF offloading capabilities without having a standardized ISA, others are not quite as risk tolerant. As Christoph [Hellwig] discussed at LSFMM 2022, certain NVMe vendors have expressed an interest in building BPF offloading capabilities for various use cases such as eXpress Resubmission Path (XRP), but they simply can't fund such a project without certain components of BPF being standardized. Hence, the effort to standardize BPF was born.
Security updates for Tuesday
[$] The OpenWrt One system
Security updates for Monday
Kernel prepatch 6.12-rc6
Another week, another rc. Nothing odd or special seems to be going on - this may be a bit on the bigger side for an rc6, but not hugely so, and nothing stands out."
[$] OSI board AMA at All Things Open
Members of the Open Source Initiative (OSI) board sat down for a 45-minute "Ask Me Anything" (AMA) session at All Things Open in Raleigh, NC on October 29. Though the floor was open to any topic the audience might want to ask of the OSI board, many of the questions were focused on the Open Source AI Definition (OSAID), which was announced the day before. The new definition has been somewhat controversial, and the board spent a lot of time addressing concerns about it during the session, as well as questions on open washing, and a need for more education about open source in general.
Security updates for Friday
October project goals update (Rust Blog)
The Rust blog has an update on its progress on some of its project goals. One of the project's flagship goals is to resolve the biggest blockers to Linux building on stable Rust:
Finally, we have been finding an increasing number of stabilization requests at the compiler level, and so @wesleywiser and @davidtwco from the compiler team have started attending meetings to create a faster response. One of the results of that collaboration is RFC #3716, authored by Alice Ryhl, which proposes a method to manage compiler flags that modify the target ABI. Our previous approach has been to create distinct targets for each combination of flags, but the number of flags needed by the kernel make that impractical. Authoring the RFC revealed more such flags than previously recognized, including those that modify LLVM behavior.
[$] The Overture open-mapping project
Security updates for Thursday
[$] LWN.net Weekly Edition for October 31, 2024
Ravier: What's new for Fedora Atomic Desktops in Fedora 41
Timothée Ravier has written a blog post about changes in the Fedora Atomic Desktops for Fedora Linux 41. Some of the notable new features for Atomic Desktops include bootloader updates enabled by default for UEFI systems, first steps towards using bootable containers, and more.
A new release of Raspberry Pi OS
The Raspberry Pi project has announced a new version of Raspberry Pi OS. It includes a number of significant changes, the most notable of which is that the Raspberry Pi Desktop now uses Wayland by default for all Pi models using the labwc compositor:
For most of this year, we have been working on porting labwc to the Raspberry Pi Desktop. This has very much been a collaborative process with the developers of both labwc and wlroots: both have helped us immensely with their support as we contribute features and optimisations needed for our desktop.
This release also features Linux 6.6.51, improved touchscreen support, a new screen configuration tool called raindrop, and more. See the release notes for a full list of changes.