The
famfs
filesystem is meant to provide a shared-memory filesystem for large data
sets that are accessed for computations by multiple systems. It was
developed by John Groves, who led a combined filesystem and
memory-management session at
the 2025 Linux Storage, Filesystem, Memory
Management, and BPF Summit (LSFMM+BPF) to discuss it. The session was a
follow-up to
the famfs session at last year's
summit, but it was also meant to discuss whether the kernel's
direct-access (DAX)
mechanism, which is used by famfs, could be replaced in the filesystem
by using other kernel features.
Security updates have been issued by Debian (chromium, libapache2-mod-auth-openidc, mariadb-10.5, and openssh), Red Hat (osbuild-composer), Slackware (mariadb), SUSE (apache2-mod_auth_openidc, glib2, ImageMagick, libsoup, libsoup2, libva, openvpn, sqlite3, and weblate), and Ubuntu (libsoup3, php-horde-css-parser, and python-django).
Lukas Fittl
writes in detail
on the pganalyze blog about the asynchronous I/O capability coming with the
PostgreSQL 18 release.
Asynchronous I/O delivers the most noticeable gains in cloud
environments where storage is network-attached, such as Amazon EBS
volumes. In these setups, individual disk reads often take multiple
milliseconds, introducing substantial latency compared to local
SSDs.
With traditional synchronous I/O, each of these reads blocks query
execution until the data arrives, leading to idle CPU time and
degraded throughput. By contrast, asynchronous I/O allows Postgres
to issue multiple read requests in parallel and continue processing
while waiting for results. This reduces query latency and enables
much more efficient use of available I/O bandwidth and CPU cycles.
Version
2025.5 of the Home Assistant home automation system has been released.
With this release, the project is celebrating two million active
installations. Changes include improvements to the backup system, Z-Wave
Long Range support, a number of new integrations, and more.
Anton Protopopov led a short discussion at the 2025 Linux Storage, Filesystem,
Memory-Management, and BPF Summit about amount of memory used
by hash tables in BPF programs. He thinks that the current memory layout is
inefficient, and wants to split the structure that holds table entries into two
variants for different kinds of maps. When that proposal proved
uncontroversial, he also took the chance to talk about a bug in BPF's call
instruction.
The Debian project has the concept of essential
packages, which provide the bare minimum functionality considered
absolutely necessary (or "essential") for a system to
function. Packages tagged as essential, and the packages that are
required by the set of essential packages, are always installed as
part of a Debian system. However, Debian's packaging rules do not
require developers to explicitly declare dependencies on that set of
packages (the essential set) but they can simply rely on the fact that those
will always be present. That means that changing the essential set, as
the project may wish to do occasionally, is more complicated than it
should be. This came to light recently when a Debian developer asked
what might be required to remove mawk to slim down
the project's container images.
The SUSE Security Team has announced the removal of the Deepin
Desktop from openSUSE due to violations of the project's packaging
policy.
The discovery of the bypass of the security whitelistings via the
deepin-feature-enable package marks a turning point in our assessment
of Deepin. We don't believe that the openSUSE Deepin packager acted
with bad intent when he implemented the "license agreement" dialog to
bypass our whitelisting restrictions. The dialog itself makes the
security concerns we have transparent, so this does not happen in a
sneaky way, at least not towards users. It was not discussed with us,
however, and it violates openSUSE packaging policies. Beyond the
security aspect, this also affects general packaging quality
assurance: the D-Bus configuration files and Polkit policies installed
by the deepin-feature-enable package are unknown to the package
manager and won't be cleaned up upon package removal, for
example. Such bypasses are not deemed acceptable by us.
Security updates have been issued by Fedora (incus and nodejs20), Red Hat (freetype, kernel, kernel-rt, libsoup, libtiff, redis, redis:6, and thunderbird), SUSE (apparmor, chromium, grafana, ImageMagick, java-11-openjdk, java-17-openjdk, libsoup, libsoup2, libxslt, opensaml, rabbitmq-server, rubygem-rack-1_6, sqlite3, and thunderbird), and Ubuntu (kernel, libfcgi, libraw, libsoup2.4, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oracle, linux-raspi, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-4.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-azure, linux-azure-6.11, linux-azure-6.8, linux-azure-fips, linux-intel-iot-realtime, linux-realtime, linux-oem-6.11, linux-raspi, linux-realtime, python, python-scrapy, and ruby-carrierwave).
Willy Tarreau and William Lallemand have posted
an extensive white
paper examining the landscape of the available SSL implementations.
OpenSSL 3.0 performs significantly worse than alternative SSL
libraries, forcing organizations to provision more hardware just to
maintain existing throughput. This raises important questions about
performance, energy efficiency, and operational costs.
Examining alternatives—BoringSSL, LibreSSL, WolfSSL, and
AWS-LC—reveals a landscape of trade-offs. Each offers different
approaches to API compatibility, performance optimization, and QUIC
support. For developers navigating the modern SSL ecosystem,
understanding these trade-offs is crucial for optimizing
performance, maintaining compatibility, and future-proofing their
infrastructure.