Red Hat today issued an "urgent security alert" for Fedora 41 and Fedora Rawhide users over XZ. Yes, the XZ tools and libraries for this compression format. Some malicious code was added to XZ 5.6.0/5.6.1 that could allow unauthorized remote system access.
Michael Larabel
Michael Larabel is the founder and principal author of Phoronix, having founded the site on 5 June 2004. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org. Michael has authored thousands of articles on open-source software, the state of Linux hardware and other topics.
Learn more at MichaelLarabel.com or @MichaelLarabel on Twitter.
Some of The Recent Popular Articles By Michael Larabel:
Today's disclosure of XZ upstream release packages containing malicious code to compromise remote SSH access has certainly been an Easter weekend surprise... The situation only looks more bleak over time with how the upstream project was compromised while now the latest twist is GitHub disabling the XZ repository in its entirety.
Changwoo Min with Igalia presented yesterday at Open-Source Summit North America on optimizing the kernel's scheduler for Linux gaming. Of course, the motivation is around Valve's Steam Deck but for Linux gaming at large to benefit too from this scheduler work to ideally yield less stuttering during gameplay.
David Malcolm of Red Hat's compiler team is out with his annual blog post summarizing the static analysis improvements to find with the upcoming GCC 14 stable compiler release.
Within yesterday's Linux 6.9-rc4 release is an interesting little nugget by Linus Torvalds to battle Kconfig parsers that can't correctly handle tabs but rather just assume spaces for whitespace for this kernel configuration format.
Going through my usual scanning of all the "-next" Git subsystem branches of new code set to be introduced for the next Linux kernel merge window, a very notable addition was just queued up... Linux 6.10 is set to merge the NTSYNC driver for emulating the Microsoft Windows NT synchronization primitives within the kernel for allowing better performance with Valve's Steam Play (Proton) and Wine of Windows games and other apps on Linux.
The open-source Rust-written Redox OS has enjoyed "significant" performance and correctness improvements to its kernel recently as it further shows off the capability of this from-scratch OS.
The Linux 6.9 kernel will be able to boot systems with large amounts of memory -- and in particular making use of HugeTLB pages -- much faster than with previous kernels, netting a noticeable reduction in boot times.
The Ubuntu 24.04 beta won't be happening tomorrow as planned but has been pushed back by one week due to the XZ security nightmare and wanting to rebuild packages out of an abundance of caution.
Following last year Nouveau receiving support for running with the NVIDIA GSP firmware and initial GeForce RTX 40 series accelerated support, Ben Skeggs of Red Hat unexpectedly resigned as the Nouveau kernel driver maintainer. It turns out this longtime open-source Nouveau driver developer is now employed by NVIDIA Corp and continuing to work on the open-source Linux graphics driver.
A change proposal filed for fedora 42 seeks to make KDE Plasma the default desktop of Fedora Workstation while GNOME would move to its own separate spin/edition. The proposal has yet to be voted on by the Fedora Engineering and Steering Committee (FESCo) but given Red Hat's deep roots with GNOME, I have a hard time seeing this pass at least in the near-term.
With time Microsoft's Linux kernel contributions have extended beyond just the initial business focus on Hyper-V support and other needs for Azure as well as around Windows Subsystem for Linux (WSL) to more general contributions. Microsoft has also hired more key Linux contributors along with stakes in other projects like systemd. Earlier this week were patches from a Microsoft engineer working out Rust language improvements for the Linux kernel while now in ending out the holiday weekend are patches for making the Linux kernel language more inclusive.
After not being ready in time for this week's early release target date, it's now been determined today that Fedora 40 is ready for release next week.
Following yesterday's news of Canonical launching Ubuntu Pro For Devices, the latest mobile/embedded news in the Ubuntu space this week is Canonical partnering with Qualcomm.
A new release of Llamafile is available this Easter Sunday from the Mozilla Ocho group. Llamafile is a means of distributing and running large language models (LLMs) from a single file, making LLMs much easier to distribute and use by developers and end-users. Llamafile remains one of the more interesting non-browser projects out of Mozilla in recent times that so far has a bright future.
After working at ATI/AMD for more than a quarter century and being the open-source graphics driver manager during the early days, John Bridgman has retired.
With the recent Mesa 24.1 support for Wayland explicit sync with Vulkan drivers, GNOME merging explicit sync support, Wayland-Protocols 1.34 introducing linux-drm-syncobj, and XWayland explicit sync also nearing the state of being merged, there's been much talk recently about Wayland explicit sync. KDE KWin developer Xaver Hugl has written a detailed blog post for those interested in the topic.
Given the recent change by Redis to adopt dual source-available licensing for all their releases moving forward (Redis Source Available License v2 and Server Side Public License v1), the Linux Foundation announced today their fork of Redis.
A change proposal has been filed for building the CPython interpreter and the Python standard library using the "-O3" compiler optimization flag rather than Fedora's imposed default of the "-O2" optimization level. This is being sought in the name of greater Python performance on Fedora 41.
What a time we live in where Microsoft not only continues contributing significantly to the Linux kernel but doing so to further flesh out the design of the Linux kernel's Rust programming language support. A previously unimaginable combination of Microsoft, the Rust programming language, and the Linux kernel.
While recently there has been more Linux distribution vendor interest in evaluating x86-64-v2 and/or x86-64-v3 baselines for future Linux distribution releases as well as offering optimized packages for higher x86-64 baselines either for x86-64-v3 with being able to assume AVX/AVX2 or in the x86-64-v4 level where AVX-512 is introduced, the prospect of x86-64 micro-architecture feature levels for future processors isn't clear.
After years being used by Ubuntu Server/Cloud, Ubuntu 23.10 began making use of Canonical's Netplan declarative network configuration software and now Netplan is fully ready to take on all duties with Ubuntu 24.04 LTS. After seven years of development, Netplan 1.0 is ready for primetime use from servers to desktops.
With the SDL library that's widely-used by cross-platform games with the current SDL 3.0 development code it prefers Wayland over X11, but a new pull request would temporarily revert that on the basis of the Wayland ecosystem still not being up to par.
While Linux 6.9 brings many great changes and new features / hardware support, on the deprecation side it's deprecating the classic EXT2 file-system driver.
APT as the packaging tool built around Debian Linux is embarking on some big upgrades with the APT 2.9 development series to then roll-out as APT 3.0. There's big improvements to the command-line user interface with the new APT and it's certainly looking nice from my initial Friday night encounter.