Tech Stuff - BlogFlock

[$] A FUSE implementation for famfs - LWN.net

2025-05-08T19:58:59.000Z

The famfs filesystem is meant to provide a shared-memory filesystem for large data sets that are accessed for computations by multiple systems. It was developed by John Groves, who led a combined filesystem and memory-management session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF) to discuss it. The session was a follow-up to the famfs session at last year's summit, but it was also meant to discuss whether the kernel's direct-access (DAX) mechanism, which is used by famfs, could be replaced in the filesystem by using other kernel features.

Security updates for Thursday - LWN.net

2025-05-08T16:26:38.000Z

Security updates have been issued by Debian (chromium, libapache2-mod-auth-openidc, mariadb-10.5, and openssh), Red Hat (osbuild-composer), Slackware (mariadb), SUSE (apache2-mod_auth_openidc, glib2, ImageMagick, libsoup, libsoup2, libva, openvpn, sqlite3, and weblate), and Ubuntu (libsoup3, php-horde-css-parser, and python-django).

Fitti: Waiting for Postgres 18: Accelerating Disk Reads with Asynchronous I/O - LWN.net

2025-05-08T06:11:47.000Z

Lukas Fitti writes in detail on the pganalyze blog about the asynchronous I/O capability coming with the PostgreSQL 18 release.

Asynchronous I/O delivers the most noticeable gains in cloud environments where storage is network-attached, such as Amazon EBS volumes. In these setups, individual disk reads often take multiple milliseconds, introducing substantial latency compared to local SSDs.
With traditional synchronous I/O, each of these reads blocks query execution until the data arrives, leading to idle CPU time and degraded throughput. By contrast, asynchronous I/O allows Postgres to issue multiple read requests in parallel and continue processing while waiting for results. This reduces query latency and enables much more efficient use of available I/O bandwidth and CPU cycles.

[$] LWN.net Weekly Edition for May 8, 2025 - LWN.net

2025-05-08T05:19:57.000Z

Inside this week's LWN.net Weekly Edition:

Front: Debian and essential packages; Custom BPF OOM killers; Speculation barriers for BPF programs; More LSFMM+BPF 2025 coverage.
Briefs: Deepin on openSUSE; AUTOSEL; Mission Center 1.0.0; OASIS ODF; Redis license; USENIX ATC; Quotes; ...
Announcements: Newsletters, conferences, security updates, patches, and more.

Home Assistant 2025.5 released - LWN.net

2025-05-07T20:25:33.000Z

Version 2025.5 of the Home Assistant home automation system has been released. With this release, the project is celebrating two million active installations. Changes include improvements to the backup system, Z-Wave Long Range support, a number of new integrations, and more.

[$] Hash table memory usage and a BPF interpreter bug - LWN.net

2025-05-07T16:46:47.000Z

Anton Protopopov led a short discussion at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit about amount of memory used by hash tables in BPF programs. He thinks that the current memory layout is inefficient, and wants to split the structure that holds table entries into two variants for different kinds of maps. When that proposal proved uncontroversial, he also took the chance to talk about a bug in BPF's call instruction.

[$] Debian's AWKward essential set - LWN.net

2025-05-07T14:35:58.000Z

The Debian project has the concept of essential packages, which provide the bare minimum functionality considered absolutely necessary (or "essential") for a system to function. Packages tagged as essential, and the packages that are required by the set of essential packages, are always installed as part of a Debian system. However, Debian's packaging rules do not require developers to explicitly declare dependencies on that set of packages (the essential set) but they can simply rely on the fact that those will always be present. That means that changing the essential set, as the project may wish to do occasionally, is more complicated than it should be. This came to light recently when a Debian developer asked what might be required to remove mawk to slim down the project's container images.

Deepin Desktop removed from openSUSE - LWN.net

2025-05-07T13:54:07.000Z

The SUSE Security Team has announced the removal of the Deepin Desktop from openSUSE due to violations of the project's packaging policy.

The discovery of the bypass of the security whitelistings via the deepin-feature-enable package marks a turning point in our assessment of Deepin. We don't believe that the openSUSE Deepin packager acted with bad intent when he implemented the "license agreement" dialog to bypass our whitelisting restrictions. The dialog itself makes the security concerns we have transparent, so this does not happen in a sneaky way, at least not towards users. It was not discussed with us, however, and it violates openSUSE packaging policies. Beyond the security aspect, this also affects general packaging quality assurance: the D-Bus configuration files and Polkit policies installed by the deepin-feature-enable package are unknown to the package manager and won't be cleaned up upon package removal, for example. Such bypasses are not deemed acceptable by us.

The combination of these factors led us to the decision to remove the Deepin desktop completely from openSUSE Tumbleweed and from the future Leap 16.0 release. In openSUSE Leap 15.6 we will remove the offending deepin-feature-enable package only. It is a difficult decision given that the Deepin desktop has a considerable number of users. We firmly believe the Deepin packaging and security assessment in openSUSE needs a reboot, however, ideally involving new people that can help get the Deepin packages into shape, establish a relationship with Deepin upstream and keep an eye on bugfixes, thus avoiding fruitless follow-up reviews that just waste our time. In such a new setup we would be willing to have a look at all the sensitive Deepin components again one by one.

The announcement goes into detail about the bypass of openSUSE packaging policy and the history of security reviews of Deepin components. It also offers guidance on continuing to use Deepin Desktop on openSUSE.

Security updates for Wednesday - LWN.net

2025-05-07T13:05:09.000Z

Security updates have been issued by Fedora (incus and nodejs20), Red Hat (freetype, kernel, kernel-rt, libsoup, libtiff, redis, redis:6, and thunderbird), SUSE (apparmor, chromium, grafana, ImageMagick, java-11-openjdk, java-17-openjdk, libsoup, libsoup2, libxslt, opensaml, rabbitmq-server, rubygem-rack-1_6, sqlite3, and thunderbird), and Ubuntu (kernel, libfcgi, libraw, libsoup2.4, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oracle, linux-raspi, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-4.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-azure, linux-azure-6.11, linux-azure-6.8, linux-azure-fips, linux-intel-iot-realtime, linux-realtime, linux-oem-6.11, linux-raspi, linux-realtime, python, python-scrapy, and ruby-carrierwave).

The state of SSL stacks - LWN.net

2025-05-07T08:20:37.000Z

Willy Tarreau and William Lallemand have posted an extensive white paper examining the landscape of the available SSL implementations.

OpenSSL 3.0 performs significantly worse than alternative SSL libraries, forcing organizations to provision more hardware just to maintain existing throughput. This raises important questions about performance, energy efficiency, and operational costs.
Examining alternatives—BoringSSL, LibreSSL, WolfSSL, and AWS-LC—reveals a landscape of trade-offs. Each offers different approaches to API compatibility, performance optimization, and QUIC support. For developers navigating the modern SSL ecosystem, understanding these trade-offs is crucial for optimizing performance, maintaining compatibility, and future-proofing their infrastructure.

The end of the USENIX Annual Technical Conference - LWN.net

2025-05-07T07:37:59.000Z

On the 50th anniversary of the USENIX organization, its flagship Annual Technical Conference (ATC) is coming to an end.

For the past two decades, as more USENIX conferences have joined the USENIX calendar by focusing on specific topics that grew out of ATC itself, attendance at ATC has steadily decreased to the point where there is no longer a critical mass of researchers and practitioners joining us. Thus, after many years of experiments to adapt this conference to the ever-changing tech landscape and community, the USENIX Board of Directors has made the difficult decision to sunset USENIX ATC.

Many important technologies first saw the light of day at this event.

Mission Center 1.0.0 released - LWN.net

2025-05-06T21:05:37.000Z

Version 1.0.0 of Mission Center, a system monitoring application, has been released. Notable changes in this release include the addition of SMART data for SATA and NVMe devices, display of per-process network usage, as well as a redesigned Apps Page that provides more information about applications and processes. Mission Center's backend application for obtaining system data has been renamed from the Gatherer to Magpie, and is now available as a standalone executable and libraries that can be used by other applications.

[$] Filtering fanotify events with BPF - LWN.net

2025-05-06T20:14:21.000Z

Linux systems can have large filesystems; trying to keep up with the stream of fanotify filesystem-monitoring notifications for them can be a struggle. Fanotify is one of a few ways to monitor accesses to filesystems provided by the kernel. Song Liu led a discussion on how to improve in-kernel filtering of fanotify events to a joint session of the filesystem and BPF tracks at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit. He wants to combine the best parts of a few different approaches to efficiently filter filesystem events.

[$] Improving FUSE writeback performance - LWN.net

2025-05-06T18:55:52.000Z

In a combined filesystem and memory-management session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Joanne Koong led a discussion on improving the writeback performance for the Filesystem in Userspace (FUSE) layer. Writeback is how data that is written to the filesystem is actually flushed to the disk; it is the process of writing dirty pages from the page cache to storage. The current FUSE implementation allocates unmovable memory, then copies the dirty data to it before initiating writeback, which is slow; Koong wanted to change that behavior. Since the session, she has posted a patch set that has been applied by FUSE maintainer Miklos Szeredi.

Overhearings - Doc Searls Weblog

2025-05-06T12:48:40.000Z

Not too oldie but still goodie.I was just reminded that I guested on Joseph Jaffe's podcast three years ago yesterday. Starts about eleven minutes in at that link.

Security updates for Tuesday - LWN.net

2025-05-06T10:18:08.000Z

Security updates have been issued by Fedora (chromium and kappanhang), Red Hat (osbuild-composer and thunderbird), SUSE (chromedriver), and Ubuntu (c-ares, corosync, mysql-8.0, mysql-8.4, openjdk-17, openjdk-21, openjdk-24, openjdk-8, and openjdk-lts).

A new AUTOSEL release - LWN.net

2025-05-06T08:11:11.000Z

AUTOSEL is a tool that is used to find kernel patches that should be considered for backporting into the stable releases. Sasha Levin has announced a new and completely rewritten version of AUTOSEL for those who would like to play with it.

Unlike the previous version that relied on word statistics and older neural network techniques, AUTOSEL leverages modern large language models and embedding technology to provide significantly more accurate recommendations.

[$] Injecting speculation barriers into BPF programs - LWN.net

2025-05-05T19:04:44.000Z

The disclosure of the Spectre class of hardware vulnerabilities created a lot of pain for kernel developers (and many others). That pain was especially acutely felt in the BPF community. While an attacker might have to painfully search the kernel code base for exploitable code, an attacker using BPF can simply write and load their own speculation gadgets, which is a much more efficient way of operating. The BPF community reacted by, among other things, disallowing the loading of programs that may include speculation gadgets. Luis Gerhorst would like to change that situation with this patch series that takes a more direct approach to the problem.

The Offing of What’s On - Doc Searls Weblog

2025-05-05T18:31:23.000Z

Parody of a page from TV Guide, circa 1978

For the final seven decades of the last millennium, most people in the developed world scheduled their evenings by answering a simple question: What’s on? For the first two of those decades, the question was “What’s on the radio?” For the next five, it was “What’s on TV?”

Guidance toward answers were provided on newspaper pages covering entertainment, and in weekly magazines. The biggest of those was TV Giude, at its peak the most popular magazine in the U.S. *with 20 million customers, plus some multiple of pass-along readers.

In the guide were stations (such as those above), which belonged to networks. The biggest of those—CBS, NBC, and ABC—migrated over from radio. PBS and Fox came later.

To get TV stations, you needed an antenna. Rabbit ears worked if you had strong signals, but the picture looked best only if you had a roof antenna. The best of those looked like the skeleton of a 10-foot tuna on a spike:

A dead TV antenna I spotted recently in Oden, Indiana. The flat feed line says it dates from the 1970s or earlier. The tower was next to a house, and the antenna was about 40 feet above the ground. Back in the Analog Age, it probably got stations from Indianapolis, Louisville, Evansville, Terra Haute, and maybe even St. Louis. Here in the Digital Age, it would get a handful of signals from stations within about 50 miles, but nothing from the bigger markets.

In rural areas, you needed a big one, ideally high above the ground, on a tower of its own or strapped to a chimney, with a rotator so you could spin it around. The one I used in Chapel Hill, back in the ’70s and early ’80s, could get every station within two hundred miles. I got channel 7s from Washington, NC, and Roanoke, VA. On channel 3, I got Charlotte and Wilmington, both in NC.

Cable began as CATV—Community Antenna Television. When I lived in far northern New Jersey in the early ’70s, we were shadowed by terrain from New York City and Philadelphia signals, but our CATV provider gave us the 12 VHF channels of both cities. Gradually, cable companies added lots of channels that were cable-only. That gave folks a lot more answers to “What’s On?” and kept that era going.

But that era is mostly over, because optionality vergest on absolute. This happened because, as Clay Shirky put it,

Now you can produce a show on your phone almost as easily as you consume one on a TV. You can share it with the world on YouTube, Vimeo, your blog, or wherever. This is why there are more than fourteen billion videos on YouTube alone. There are also four and a half million podcasts, and countless millions of musical selections available over streaming services. Against all of this, broadcast radio and TV are dead technologies walking.

Interesting fact: What makes a TV a TV is its antenna connection:

Without that and the tuner inside, it’s just a monitor.

So let’s compare:

And that bottom line is where we’re at. “What’s on?” has become an archaic expression, like “prithee” and “forsooth.”

And we’re changed by that. As Marshall McLuhan is said to have said (but didn’t—see that last link), we shape our tools, and then our tools shape us.

Departments of Correction - Doc Searls Weblog

2025-05-05T15:07:21.000Z

One more reason to move off Chrome? A URL that begins with chrome-extension://efwhaddfugisallthisjiveepwnj/ before it gets to http:// is not a URL.

My record is about 20 feet—in opposite directions. And under furniture that's hard to move. You drop your AirPod case on a hard floor. How far do the pods fly from their popped case?