Add your blog

  • Put your hackergotchi in website/hackergotchi/. A hackergotchi should be a photo of your face smaller than 80x80 pixels with a transparent background. svn add the file.
  • At the end of the .rawdog/config file add your details (the name in brackets is your IRC nick):
  • feed 15m http://path.to/my/feed.rss define_name Konqi Konqueror (konqi) define_face hackergotchi/konqi.png define_facewidth 80 define_faceheight 80

    Sites Aggregated

    FeedRSSLast fetchedNext fetched after
    Athens Wireless Metropolitan Network XML 21:05, Tuesday, 23 April 21:20, Tuesday, 23 April
    forum.pwmn.net XML 21:05, Tuesday, 23 April 21:20, Tuesday, 23 April
    Hackerspace.gr - Recent changes [en] XML 21:05, Tuesday, 23 April 21:20, Tuesday, 23 April
    LWN.net XML 21:05, Tuesday, 23 April 21:20, Tuesday, 23 April
    OpenWrt.gr XML 21:05, Tuesday, 23 April 21:20, Tuesday, 23 April
    Wireless Amateur Network of Amaliada XML 21:05, Tuesday, 23 April 21:20, Tuesday, 23 April

    Linux Weekly News

    [$] A change in direction for security-module stacking?

    The long-running effort to complete the work on stacking (or composing) the Linux security modules (LSMs) recently encountered a barrier—in the form of a "suggestion" to discontinue it from Linus Torvalds. His complaint revolved around the indirect function calls that are used to implement LSMs, but he also did not think much of the effort to switch away from those calls. While it does not appear that a major course-change is in store for LSMs, it is clear that Torvalds is not happy with the direction of that subsystem.

    20:50, Tuesday, 23 April UTC

    Linux Weekly News

    Fedora 40 released

    The Fedora 40 distribution has been released. See the "what's new" pages for Fedora Workstation and Fedora KDE to learn more about the desktop spins, along with this LWN article, for more information.

    17:12, Tuesday, 23 April UTC

    Linux Weekly News

    [$] Rust for embedded Linux kernels

    The Rust programming language, it is hoped, will bring a new level of safety to the Linux kernel. At the moment, though, there are still a number of impediments to getting useful Rust code into the kernel. In the Embedded Open Source Summit track of the Open Source Summit North America, Fabien Parent provided an overview of his work aimed at improving the infrastructure needed to write the device drivers needed by embedded systems in Rust; there is still some work to be done.

    16:31, Tuesday, 23 April UTC

    Linux Weekly News

    Security updates for Tuesday

    Security updates have been issued by Debian (glibc and samba), Fedora (chromium, cjson, mingw-python-idna, and pgadmin4), Mageia (kernel, kmod-xtables-addons, kmod-virtualbox, kernel-linus, and perl-Clipboard), Red Hat (go-toolset:rhel8, golang, java-11-openjdk, kpatch-patch, and shim), Slackware (freerdp), SUSE (apache-commons-configuration, glibc, jasper, polkit, and qemu), and Ubuntu (google-guest-agent, google-osconfig-agent, linux-lowlatency-hwe-6.5, pillow, and squid).

    16:30, Tuesday, 23 April UTC

    Linux Weekly News

    The Open Home Foundation launches

    The Open Home Foundation has announced its existence as a home and support resource for free home-automation projects.

    We created the Open Home Foundation to fight for the fundamental principles of privacy, choice, and sustainability for smart homes. And every person who lives in one.

    Ahead of today, we've transferred over 240 projects, standards, drivers, and libraries—Home Assistant, ESPHome, Zigpy, Piper, Improv Wi-Fi, Wyoming, and so many more—to the Open Home Foundation. This is all about looking into the future. We've done this to create a bulwark against surveillance capitalism, the risk of buyout, and open-source projects becoming abandonware. To an extent, this protection extends even against our future selves—so that smart home users can continue to benefit for years, if not decades. No matter what comes.

    01:34, Tuesday, 23 April UTC

    Linux Weekly News

    Andreas Tille elected as Debian project leader

    The Debian project leader election results are in and Andreas Tille has been elected. In a fairly competitive vote, Tille beat Sruthi Chandran to fill the position for the coming year. We looked at the election and the candidates a few weeks back.

    22:37, Monday, 22 April UTC

    Linux Weekly News

    [$] Linus and Dirk chat about AI, XZ, hardware, and more

    One of the mainstays of the the Linux Foundation's Open Source Summit is the "fireside chat" (sans fire) between Linus Torvalds and Dirk Hohndel to discuss open source and Linux kernel topics of the day. On April 17, at Open Source Summit North America (OSSNA) in Seattle, Washington, they held with tradition and discussed a range of topics including proper whitespace parsing, security, and the current AI craze.

    20:39, Monday, 22 April UTC

    Linux Weekly News

    Hutterer: udev-hid-bpf: quickstart tooling to fix your HID devices with eBPF

    Peter Hutterer announces udev-hid-bpf, a tool to facilitate the loading of BPF programs that make human-input devices work correctly.

    eBPF was originally written for network packet filters but as of kernel v6.3 and thanks to Benjamin, we have BPF in the HID subsystem. HID actually lends itself really well to BPF because, well, we have a byte array and to fix our devices we need to do complicated things like "toggle that bit to zero" or "swap those two values".

    See this article for more information on the BPF-HID mechanism.

    17:44, Monday, 22 April UTC

    Linux Weekly News

    Security updates for Monday

    Security updates have been issued by AlmaLinux (firefox and java-1.8.0-openjdk), Debian (chromium, flatpak, guix, openjdk-11, openjdk-17, thunderbird, and tomcat9), Fedora (chromium, firefox, glibc, nghttp2, nodejs18, python-aiohttp, python-django3, python-pip, and uxplay), Mageia (putty & filezilla), Red Hat (Firefox, firefox, java-1.8.0-openjdk, java-21-openjdk, nodejs:18, shim, and thunderbird), Slackware (freerdp), SUSE (apache-commons-configuration2, nodejs14, perl-CryptX, putty, shim, and wireshark), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.5, linux-azure, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-starfive, linux-starfive-6.5, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, lxd, percona-xtrabackup, and pillow).

    17:38, Monday, 22 April UTC

    Linux Weekly News

    Kernel prepatch 6.9-rc5

    Linus has released 6.9-rc5 for testing.

    But if you ignore those oddities, it all looks pretty normal and things appear fairly calm. Which is just as well, since the first part of the week I was on a quick trip to Seattle, and the second part of the week I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus.

    00:55, Monday, 22 April UTC

    Linux Weekly News

    [$] Weighted memory interleaving and new system calls

    Gregory Price recently posted a patch set that adds support for weighted memory interleaving — allowing a process's memory to be distributed between non-uniform memory access (NUMA) nodes in a more controlled way. According to his performance measurements, the patch set could provide a significant improvement for computers with network-attached memory. The patch set also introduces new system calls and paves the way for future extensions intended to give processes more control over their own memory.

    17:12, Friday, 19 April UTC

    Linux Weekly News

    Security updates for Friday

    Security updates have been issued by AlmaLinux (gnutls, java-17-openjdk, mod_http2, and squid), Debian (firefox-esr), Fedora (editorconfig, perl-Clipboard, php, rust, and wordpress), Mageia (less, libreswan, puppet, and x11-server, x11-server-xwayland, and tigervnc), Slackware (aaa_glibc), and SUSE (firefox, graphviz, kernel, nodejs12, pgadmin4, tomcat, and wireshark).

    16:08, Friday, 19 April UTC

    Linux Weekly News

    [$] Gentoo bans AI-created contributions

    Gentoo Council member Michał Górny posted an RFC to the gentoo-dev mailing list in late February about banning "'AI'-backed (LLM/GPT/whatever) contributions" to the Gentoo Linux project. Górny wrote that the spread of the "AI bubble" indicated a need for Gentoo to formally take a stand on AI tools. After a lengthy discussion, the Gentoo Council voted unanimously this week to adopt his proposal and ban contributions generated with AI/ML tools.

    18:11, Thursday, 18 April UTC

    Linux Weekly News

    [$] Warning about WARN_ON()

    Kernel developers, like conscientious developers for many projects, will often include checks in the code for conditions that are never expected to occur, but which would indicate a serious problem should that expectation turn out to be incorrect. For years, developers have been encouraged (to put it politely) to avoid using assertions that crash the machine for such conditions unless there is truly no alternative. Increasingly, though, use of the kernel's WARN_ON() family of macros, which developers were told to use instead, is also being discouraged.

    17:24, Thursday, 18 April UTC

    Linux Weekly News

    Security updates for Thursday

    Security updates have been issued by Debian (firefox-esr, jetty9, libdatetime-timezone-perl, tomcat10, and tzdata), Fedora (cockpit, filezilla, and libfilezilla), Red Hat (firefox, gnutls, java-1.8.0-openjdk, java-17-openjdk, kernel, kernel-rt, less, mod_http2, nodejs:18, rhc-worker-script, and shim), Slackware (mozilla), SUSE (kernel), and Ubuntu (apache2, glibc, and linux-xilinx-zynqmp).

    17:03, Thursday, 18 April UTC

    Linux Weekly News

    [$] LWN.net Weekly Edition for April 18, 2024

    The LWN.net Weekly Edition for April 18, 2024 is available.

    03:29, Thursday, 18 April UTC

    Athens Wireless Metropolitan Network (awmn)

    Συνάντηση στους Αμπελοκήπους 20-4-2024

    Forum: Meeting μηνός Δημοσιεύτηκε Από: john70 Χρόνος Δημοσίευσης: 17/04/2024 στις 21:43

    UTC

    Linux Weekly News

    [$] Managing to-do lists on the command line with Taskwarrior

    Managing to-do lists is something of a universal necessity. While some people handle them mentally or on paper, others resort to a web-based tool or a mobile application. For those preferring the command line, the MIT-licensed Taskwarrior offers a flexible solution with a healthy community and lots of extensions.

    18:25, Wednesday, 17 April UTC

    Linux Weekly News

    Security updates for Wednesday

    Security updates have been issued by Debian (apache2 and cockpit), Fedora (firefox, kernel, mbedtls, python-cbor2, wireshark, and yyjson), Mageia (nghttp2), Red Hat (kernel, kernel-rt, opencryptoki, pcs, shim, squid, and squid:4), Slackware (firefox), SUSE (emacs, firefox, and kernel), and Ubuntu (linux-aws, linux-aws-5.15, linux-aws-6.5, linux-raspi, and linux-iot).

    15:36, Wednesday, 17 April UTC

    Linux Weekly News

    [$] Identifying dependencies used via dlopen()

    The recent XZ backdoor has sparked a lot of discussion about how the open-source community links and packages software. One possible security improvement being discussed is changing how projects like systemd link to dynamic libraries that are only used for optional functionality: using dlopen() to load those libraries only when required. This could shrink the attack surface exposed by dependencies, but the approach is not without downsides — most prominently, it makes discovering which dynamic libraries a program depends on harder. On April 11, Lennart Poettering proposed one way to eliminate that problem in a systemd RFC on GitHub.

    22:54, Tuesday, 16 April UTC

    Linux Weekly News

    [$] Fedora 40 firms up for release

    Fedora 40 Beta was released on March 26, and the final release is nearing completion. So far, the release is coming together nicely with major updates for GNOME, KDE Plasma, and the usual cavalcade of smaller updates and enhancements. As part of the release, the project also scuttled Delta RPMs and OpenSSL 1.1.

    19:00, Tuesday, 16 April UTC

    Linux Weekly News

    PuTTY 0.81 security release

    Version 0.81 of the PuTTY SSH client is out with a fix for CVE-2024-31497; some users will want to update and generate new keys:

    PuTTY 0.81, released today, fixes a critical vulnerability CVE-2024-31497 in the use of 521-bit ECDSA keys (ecdsa-sha2-nistp521). If you have used a 521-bit ECDSA private key with any previous version of PuTTY, consider the private key compromised: remove the public key from authorized_keys files, and generate a new key pair.

    However, this only affects that one algorithm and key size. No other size of ECDSA key is affected, and no other key type is affected.

    18:33, Tuesday, 16 April UTC

    Linux Weekly News

    Security updates for Tuesday

    Security updates have been issued by Debian (php7.4 and php8.2), Fedora (c-ares), Mageia (python-pillow and upx), Oracle (bind and dhcp, bind9.16, httpd:2.4/mod_http2, kernel, rear, and unbound), SUSE (eclipse, maven-surefire, tycho, emacs, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, nodejs16, nodejs18, nodejs20, texlive, vim, webkit2gtk3, and xen), and Ubuntu (gnutls28, klibc, libvirt, nodejs, and webkit2gtk).

    17:00, Tuesday, 16 April UTC

    Linux Weekly News

    OpenSSF and OpenJS warn about social-engineering attacks

    The Open Source Security Foundation and the OpenJS Foundation have jointly posted a warning about XZ-like social-engineering attacks after OpenJS was seemingly targeted.

    The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to "address any critical vulnerabilities," yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement.

    19:48, Monday, 15 April UTC

    Linux Weekly News

    [$] Cleaning up after BPF exceptions

    Kumar Kartikeya Dwivedi has been working to add support for exceptions to BPF since mid-2023. In July, Dwivedi posted the first patch set in this effort, which adds support for basic stack unwinding. In February 2024, he posted the second patch set aimed at letting the kernel release resources held by the BPF program when an exception occurs. This makes exceptions usable in many more contexts.

    17:56, Monday, 15 April UTC

    Linux Weekly News

    Security updates for Monday

    Security updates have been issued by AlmaLinux (bind, bind and dhcp, bind9.16, gnutls, httpd:2.4/mod_http2, squid:4, and unbound), Debian (kernel, trafficserver, and xorg-server), Fedora (chromium, kernel, libopenmpt, and rust-h2), Mageia (apache-mod_jk, golang, indent, openssl, perl-HTTP-Body, php, rear, ruby-rack, squid, varnish, and xfig), Oracle (bind, squid, unbound, and X.Org server), Red Hat (bind and dhcp and unbound), Slackware (less and php), SUSE (gnutls, python-Pillow, webkit2gtk3, xen, xorg-x11-server, and xwayland), and Ubuntu (yard).

    16:42, Monday, 15 April UTC

    Linux Weekly News

    Kernel prepatch 6.9-rc4

    The 6.9-rc4 kernel prepatch is out for testing. "Nothing particularly unusual going on this week - some new hw mitigations may stand out, but after a decade of this I can't really call it 'unusual' any more, can I?"

    00:18, Monday, 15 April UTC

    Linux Weekly News

    Saturday's stable kernel updates

    The 6.8.6, 6.6.27, 6.1.86, 5.15.155, 5.10.215, 5.4.274, and 4.19.312 stable kernel updates have all been released; each contains a relatively large number of important fixes.

    00:30, Sunday, 14 April UTC

    Linux Weekly News

    [$] A tale of two troublesome drivers

    The kernel project merges dozens of drivers with every development cycle, and almost every one of those drivers is entirely uncontroversial. Occasionally, though, a driver submission raises wider questions, leading to lengthy discussion and, perhaps, opposition. That is currently the case with two separate drivers, both with ties to the networking subsystem. One of them is hung up on questions of whether (and how) all device functionality should be made available to user space, while the other has run into turbulence because it drives a device that is unobtainable outside of a single company.

    17:29, Friday, 12 April UTC

    Linux Weekly News

    What we need to take away from the XZ Backdoor (openSUSE News)

    Dirk Mueller has posted a lengthy analysis of the XZ backdoor on the openSUSE News site, with a focus on openSUSE's response.

    Debian, as well as the other affected distributions like openSUSE are carrying a significant amount of downstream-only patches to essential open-source projects, like in this case OpenSSH. With hindsight, that should be another Heartbleed-level learning for the work of the distributions. These patches built the essential steps to embed the backdoor, and do not have the scrutiny that they likely would have received by the respective upstream maintainers. Whether you trust Linus Law or not, it was not even given a chance to chime in here. Upstream did not fail on the users, distributions failed on upstream and their users here.

    16:55, Friday, 12 April UTC

    Linux Weekly News

    Security updates for Friday

    Security updates have been issued by Debian (chromium), Fedora (rust, trafficserver, and upx), Mageia (postgresql-jdbc and x11-server, x11-server-xwayland, tigervnc), Red Hat (bind, bind9.16, gnutls, httpd:2.4, squid, unbound, and xorg-x11-server), SUSE (perl-Net-CIDR-Lite), and Ubuntu (apache2, maven-shared-utils, and nss).

    16:25, Friday, 12 April UTC

    Linux Weekly News

    [$] Completing the EEVDF scheduler

    The Earliest Virtual Deadline First (EEVDF) scheduler was merged as an option for the 6.6 kernel. It represents a major change to how CPU scheduling is done on Linux systems, but the EEVDF front has been relatively quiet since then. Now, though, scheduler developer Peter Zijlstra has returned from a long absence to post a patch series intended to finish the EEVDF work. Beyond some fixes, this work includes a significant behavioral change and a new feature intended to help latency-sensitive tasks.

    17:26, Thursday, 11 April UTC

    Linux Weekly News

    Security updates for Thursday

    Security updates have been issued by AlmaLinux (kernel, less, libreoffice, nodejs:18, nodejs:20, rear, thunderbird, and varnish), Debian (pillow), Fedora (dotnet7.0), SUSE (sngrep, texlive-specs-k, tomcat, tomcat10, and xorg-x11-server), and Ubuntu (nss, squid, and util-linux).

    16:49, Thursday, 11 April UTC

    Linux Weekly News

    [$] LWN.net Weekly Edition for April 11, 2024

    The LWN.net Weekly Edition for April 11, 2024 is available.

    03:47, Thursday, 11 April UTC

    Linux Weekly News

    Gentoo Linux becomes an SPI Associated Project

    The Gentoo Linux project has announced that it is now an Associated Project of Software in the Public Interest (SPI), which will allow it to accept tax deductible donations in the US and reduce its "non-technical workload":

    The current Gentoo Foundation has bylaws restricting its behavior to that of a non-profit, is a recognized non-profit only in New Mexico, but a for-profit entity at the US federal level. A direct conversion to a federally recognized non-profit would be unlikely to succeed without significant effort and cost.

    [...] SPI is already now recognized at US federal level as a full-[fledged] non-profit 501(c)(3). It also handles several projects of similar type and size (e.g., Arch and Debian) and as such has exactly the experience and background that Gentoo needs.

    According to the announcement, the goal is to "eventually transfer the existing assets to SPI and dissolve the Gentoo Foundation". How to do that is still under discussion. This will not affect Förderverein Gentoo e.V., which has public-benefit status in Germany and can accept tax deductible donations in Europe.

    22:10, Wednesday, 10 April UTC

    Linux Weekly News

    Four stable kernel updates

    Greg Kroah-Hartman has announced another round of stable kernel updates: 6.8.5, 6.6.26, 6.1.85, and 5.15.154 have all been released; each contains another set of important fixes, including the mitigations for the recently disclosed branch history injection hardware vulnerability.

    18:25, Wednesday, 10 April UTC

    Linux Weekly News

    [$] Book review: Practical Julia

    A recent book by LWN guest author Lee Phillips provides a nice introduction to the Julia programming language. Practical Julia does more than that, however. As its subtitle ("A Hands-On Introduction for Scientific Minds") implies, the book focuses on bringing Julia to scientists, rather than programmers, which gives it something of a different feel from most other books of this sort.

    17:31, Wednesday, 10 April UTC

    Linux Weekly News

    [$] Continued attacks on HTTP/2

    On April 3 security researcher Bartek Nowotarski published the details of a new denial-of-service (DoS) attack, called a "continuation flood", against many HTTP/2-capable web servers. While the attack is not terribly complex, it affects many independent implementations of the HTTP/2 protocol, even though multiple similar vulnerabilities over the years have given implementers plenty of warning.

    16:52, Wednesday, 10 April UTC

    Linux Weekly News

    Security updates for Wednesday

    Security updates have been issued by Debian (gtkwave), Fedora (dotnet7.0, dotnet8.0, and python-pillow), Mageia (apache, gstreamer1.0, libreoffice, perl-Data-UUID, and xen), Oracle (kernel, kernel-container, and varnish), Red Hat (edk2, kernel, rear, and unbound), SUSE (apache2-mod_jk, gnutls, less, and xfig), and Ubuntu (bind9, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-starfive, linux-starfive-6.5, linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux-azure, and xorg-server, xwayland).

    15:53, Wednesday, 10 April UTC

    Linux Weekly News

    The "branch history injection" hardware vulnerability

    The mainline kernel has just received a set of commits mitigating the latest x86 hardware vulnerability, known as "branch history injection". From this commit:

    Branch History Injection (BHI) attacks may allow a malicious application to influence indirect branch prediction in kernel by poisoning the branch history. eIBRS isolates indirect branch targets in ring0. The BHB can still influence the choice of indirect branch predictor entry, and although branch predictor entries are isolated between modes when eIBRS is enabled, the BHB itself is not isolated between modes.

    See this commit for documentation on the command-line parameter that controls this mitigation. There are stable kernel releases (6.8.5, 6.6.26, 6.1.85, and 5.15.154) in the works that also contain the mitigations.

    22:22, Tuesday, 09 April UTC