Brief items
Security
Quote of the week
The integrity and trust of the entire software industry has sharply declined due to cryptocurrency. It sets up perverse incentives for new projects, where developers are no longer trying to convince you to use their software because it’s good, but because they think that if they can convince you it will make them rich. I’ve had to develop a special radar for reading product pages now: a mounting feeling of dread as a promising technology is introduced while I inevitably arrive at the buried lede: it’s more crypto bullshit.— Drew DeVault
Kernel development
Kernel release status
The 5.12 kernel is out, released on April 25. Quoth Linus: "Thanks to everybody who made last week very calm indeed, which just makes me feel much happier about the final 5.12 release."
Headline features in 5.12 include the removal of a number of obsolete, (mostly) 32-bit Arm subarchitectures, atomic instructions for BPF, conditional file lookups with LOOKUP_CACHED, support for zoned block devices in the Btrfs filesystem, threaded NAPI polling in the network stack, filesystem ID mapping, support for building the kernel with Clang link-time optimization, the KFENCE kernel-debugging tool, and more. See the LWN merge-window summaries (part 1, part 2) and the (in-progress) KernelNewbies 5.12 page for more information.
Stable updates: 5.11.17, 5.10.33, 5.4.115, 4.19.189, 4.14.232, 4.9.268, and 4.4.268 were released on April 28.
A statement on the UMN mess
Speaking for the Linux Foundation Technical Advisory Board, Kees Cook has posted a brief statement on the controversy over patches submitted from the University of Minnesota.
The LF Technical Advisory Board is taking a look at the history of UMN's contributions and their associated research projects. At present, it seems the vast majority of patches have been in good faith, but we're continuing to review the work. Several public conversations have already started around our expectations of contributors.
Stay tuned for more.
A letter from the UMN researchers
The University of Minnesota researchers who have stirred up the kernel community with various types of bad patches have sent an open letter to the linux-kernel list. "This current incident has caused a great deal of anger in the Linux community toward us, the research group, and the University of Minnesota. We apologize unconditionally for what we now recognize was a breach of the shared trust in the open source community and seek forgiveness for our missteps."
"Full disclosure" from the University of Minnesota
The researchers at the University of Minnesota have posted a description of the work they did [PDF] as part of their "hypocrite commits" project. It includes a list of the buggy commits they posted and how they were handled.In the following we will show two parts: (1) the message log of our disclosure of the findings to the community, and (2) the patches we submitted. By showing the details of the patches and the exchange of messages, we wish to help the community to confirm that the buggy patches were "stopped" during message exchanges and not merged into the actual Linux code. No other interactions with the Linux Kernel team has involved intentional deception or intentionally misleading or bad patches. This misguided behavior on our part was limited to the patches described and clarified in this document.
Amusingly, one of their attempts to submit a buggy commit was, itself, buggy, yielding a valid change overall.
An Interview With Linus Torvalds: Linux and Git (Tag1)
The Tag1 Consulting site has posted an interview with Linus Torvalds.
So I think the GPLv2 is pretty much the perfect balance of "everybody works under the same rules", and still requires that people give back to the community ("tit-for-tat"). And everybody knows that all the other people involved are bound by the same rules, so it's all very equitable and fair.Of course, another part of that is that you also get out what you put in. Sure, you can try to "coast" on the project and be just a user, and that's ok. But if you do that, you also have no control over the project. That can be perfectly fine too, if you really just need a basic operating system, and Linux already does everything you want. But if you have special requirements, the only way to really affect the project is to participate.
Quote of the week
If the result of the exercise is that a typical device driver will contain more unsafe code than not, then device drivers are not a good starting point for Rust in the Linux kernel. In that case I would recommend that Rust start at a point where there is a lot of abstract code that is prone to the kind of problems that Rust is trying to solve. My intuition would be such things as network protocols. But I may be wrong.— Linus Walleij
Distributions
Fedora Linux 34 released
The Fedora 34 release is now available. "This release features GNOME 40, the next step in focused, distraction-free computing. GNOME 40 brings improvements to navigation whether you use a trackpad, a keyboard, or a mouse. The app grid and settings have been redesigned to make interaction more intuitive." LWN recently reviewed the Fedora 34 Workstation release.
Ubuntu 21.04 released
The Ubuntu 21.04 distribution release is available. "Today, Canonical released Ubuntu 21.04 with native Microsoft Active Directory integration, Wayland graphics by default, and a Flutter application development SDK. Separately, Canonical and Microsoft announced performance optimization and joint support for Microsoft SQL Server on Ubuntu."
Yocto Project 3.3 (hardknott-25.0.0) released
Yocto Project, a system to build embedded Linux distributions, released version 3.3 "Hardknott". In this version all OE-Core recipes build reproducibly regardless of host distro/build location except golang recipes and ruby's docs package. There are many more new features, upgrades, and bug fixes. The release notes have more details.
Development
GCC 11.1 released
Version 11.1 of the GCC compiler suite is out. "This release switches the default debugging format to DWARF 5 on most targets and switches the default C++ language version to -std=gnu++17. It makes great progress in the C++20 language support, both on the compiler and library sides, adds experimental C++23 support, some C2X enhancements, various optimization enhancements and bug fixes, several new hardware enablement changes and enhancements to the compiler back-ends and many other changes."
Development quotes of the week
We welcome the participation of researchers of all kinds in the Julia community. However, please remember that open source developmnent is a social process and that the participants on the other side of any interaction are (obviously) humans. If you are doing research *on the community or its processes*, you are likely performing Human Subject Research (HSR) and are expected to abide by the highest standards of ethics and professional practice. Meeting this expectation is your responsibility.— The Julia language's amended code of conduct
Anyway. The moral of all of this is that sometimes history works out such that you write some software that a huge number of people run without any idea of who you are, and also that this can happen without you having any [...] idea what you're doing.— Matthew Garrett
Miscellaneous
Computer security world in mourning over death of Dan Kaminsky (The Register)
The Register reports on the death of security researcher Dan Kaminsky. "Though Kaminsky rose to fame in 2008 for identifying a critical design weakness in the internet's infrastructure – and worked in secret with software developers to mitigate the issue before it could be easily exploited – he had worked behind the scenes in the infosec world for at least the past two decades."
Page editor: Jake Edge
Next page:
Announcements>>