LWN.net

Inside this week's LWN.net Weekly Edition: Front : Python's bitwise-inversion operator; atomic buffered I/O; keeping open source open; Magit and Majutsu; IIIF; free software and free tools. Briefs : Ad tracking; firmware updates; TCP zero-copy; Motorola GrapheneOS phones; Gram 1.0; groff 1.24.0; Texinfo 7.3; Quotes; ... Announcements : Newsletters, conferences, security updates, patches, and more.

Sasha Levin has announced the release of the 6.19.6 , 6.18.16 , 6.12.75 , 6.6.128 , 6.1.165 , 5.15.202 , and 5.10.252 stable kernels. Each contains important fixes throughout the tree; users of these kernels are advised to upgrade.

Security updates have been issued by AlmaLinux (container-tools:rhel8, firefox, go-rpm-macros, kernel, kernel-rt, mingw-fontconfig, nginx:1.24, thunderbird, and valkey), Debian (gimp), Fedora (apt, avr-binutils, keylime, keylime-agent-rust, perl-Crypt-URandom, python-apt, and rsync), Red Hat (go-rpm-macros and yggdrasil-worker-package-manager), Slackware (python3), SUSE (busybox, cosign, cups, docker, evolution-data-server, freerdp, glibc, gnome-remote-desktop, go1.24-openssl, go1.25-openssl, g…

Jujutsu is an increasingly popular Git-compatible version-control system. It has a focus on simplifying Git's conceptual model to produce a smoother, clearer command-line experience. Some people already have a preferred replacement for Git's usual command-line interface, though: Magit , an Emacs package for working with Git repositories that also tries to make the interface more discoverable. Now, a handful of people are working to implement a Magit-style interface for Jujutsu: Majutsu .

This 404 Media article looks at how the US Customs and Border Protection agency (CBP) is using location data from phones to track the location of people of interest. Specifically, CBP says the data was in part sourced via real-time bidding, or RTB. Whenever an advertisement is displayed inside an app, a near instantaneous bidding process happens with companies vying to have their advert served to a certain demographic. A side effect of this is that surveillance firms, or rogue advertising compa…

One of the contradictions of the modern open-source movement is that projects which respect user freedoms often rely on proprietary tools that do not: communities often turn to non-free software for code hosting, communication, and more. At Configuration Management Camp (CfgMgmtCamp) 2026, Jan Ainali spoke about the need for open-source projects to adopt open tools; he hoped to persuade new and mature projects to switch to open alternatives, even if just one tool, to reduce their dependencies o…

Matthew Garrett examines the factors that go into the decision about whether to install a firmware update or not. I trust my CPU vendor. I don't trust my CPU vendor because I want to, I trust my CPU vendor because I have no choice. I don't think it's likely that my CPU vendor has designed a CPU that identifies when I'm generating cryptographic keys and biases the RNG output so my keys are significantly weaker than they look, but it's not literally impossible. I generate keys on it anyway, becau…

Security updates have been issued by AlmaLinux (containernetworking-plugins, gnutls, kernel, libpng, and skopeo), Debian (firefox-esr, php8.2, and spip), Fedora (erlang and python-pillow), Red Hat (go-toolset:rhel8, golang, and yggdrasil), SUSE (cups, fluidsynth, gvfs, haproxy, libsoup, libsoup-3_0-0, mozilla-nss, python-azure-core, and shim), and Ubuntu (git and mailman).

There are many applications that need to be able to write multi-block chunks of data to disk with the assurance that the operation will either complete successfully or fail altogether — that the write will not be partially completed (or "torn"), in other words. For years, kernel developers have worked on providing atomic writes as a way of satisfying that need; see, for example, sessions from the Linux Storage, Filesystem, Memory Management, and BPF (LSFMM+BPF) Summit from 2023 , 2024 , and 202…

Toke Høiland-Jørgensen has posted an overview of how zero-copy networking works in the Linux kernel. Since the memory is being copied directly from userspace to the network device, the userspace application has to keep it around unmodified, until it has finished sending. The sendmsg() syscall itself is asynchronous, and will return without waiting for this. Instead, once the memory buffers are no longer needed by the stack, the kernel will return a notification to userspace that the buffers can…

Version 7.3 of Texinfo, the GNU documentation-formatting system, has been released. It contains a number of new features, performance improvements, and enhancements.

The free and open-source software (FOSS) movements have always been about giving freedom and power to individuals and organizations; throughout that history, though, there have also been actors trying to exploit FOSS to their own advantage. At Configuration Management Camp (CfgMgmtCamp) 2026 in Ghent, Belgium, Richard Fontana described the " exploitation paradox " of open source: the recurring pattern of crises when actors exploit loopholes to restrict freedoms or gain the upper hand over other…

Motorola has announced that it will be working with the GrapheneOS Foundation, a producer of a security-enhanced Android distribution. " Together, Motorola and the GrapheneOS Foundation will work to strengthen smartphone security and collaborate on future devices engineered with GrapheneOS compatibility. ". LWN looked at GrapheneOS last July.

Version 1.0 of Gram, an " opinionated fork of the Zed code editor ", has been released. Gram removes telemetry, AI features, collaboration features, and more. It adds built-in documentation, support for additional languages, and tab-completion features similar to the Supertab plugin for Vim. The mission statement for the project explains: At first, I tried to build some other efforts I found online to make Zed work without the AI features just so I could check it out, but didn't manage to get t…

Security updates have been issued by Debian (lxd, orthanc, and thunderbird), Fedora (cef, chromium, gimp, nextcloud, pgadmin4, python-django4.2, python-django5, python3-docs, python3.12, python3.13, and python3.9), Oracle (container-tools:rhel8 and mingw-fontconfig), Slackware (gvfs, mozilla, and telnet), SUSE (avahi, cockpit-356, cockpit-podman, cockpit-podman-120, containerized-data-importer, digger-cli, docker, evolution-data-server, expat, firefox, freerdp2, gimp, glib2, glibc, go1, google-…