[$] Restartable sequences, TCMalloc, and Hyrum’s Law
Hyrum’s Law states that any
observable behavior of a system will eventually be depended upon by
somebody. The kernel community is currently contending with a clear
demonstration of that principle. The recent work to address some restartable-sequences\
performance problems in the 6.19 release maintained the documented API
in all respects, but that was not enough; Google’s [TCMalloc](https://google.github.io/tcmalloc/ … ⌘ Read more

GCC 16.1 released
Version\
16.1 of the GNU Compiler Collection (GCC) has been
released.

The C++ frontend now defaults to the GNU C++20 dialect and the corresponding
parts of the standard library are no longer experimental. Several
C++26 features receive experimental support, including Reflection
( -freflection), Contracts, expansion statements and std::simd.

Other changes include the introduction of an experimental compiler
frontend for the [Algol … ⌘ Read more

Seven new stable kernels for Thursday
Greg Kroah-Hartman has released the 7.0.3, 6.18.26, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254 stable kernels. The 7.0.3 and
6.18.26 kernels only contain fixes needed for Xen users; he advises
that all users of the other kernel series … ⌘ Read more

Security updates for Thursday
Security updates have been issued by AlmaLinux (buildah, firefox, gdk-pixbuf2, giflib, grafana, java-1.8.0-openjdk, java-21-openjdk, LibRaw, OpenEXR, PackageKit, pcs, python3.11, python3.12, python3.9, sudo, tigervnc, vim, xorg-x11-server, xorg-x11-server-Xwayland, yggdrasil, and yggdrasil-worker-package-manager), Debian (calibre, firefox-esr, and openjdk-17), Fedora (asterisk, binaryen, buildah, dokuwiki, lemonldap-ng, libexif, libgcrypt, miniupnpd, openvpn, podman, python3.9, rust-rpm-sequo … ⌘ Read more

[$] LWN.net Weekly Edition for April 30, 2026
Inside this week’s LWN.net Weekly Edition:

• Front: Famfs; Python packaging council; Zig concurrency; pages and folios; Strawberry music manager; 7.1 merge window.

• Briefs: GnuPG 2.5.19; Copy Fail; Plasma security; Fedora 44; Ubuntu 26.04; Niri 26.04; pip 26.1; RIP Seth Nickell; RIP Tomáš Kalibera; Quotes; …

• Announcements: Newsletters, conferences, security updates, patc … ⌘ Read more

A security bug in AEAD sockets
Security analysis firm Xint has disclosed a security bug in the Linux kernel
that allows for arbitrary 4-byte writes to the page cache, and which has been
present since 2017.
The vulnerability has
been fixed in mainline kernels. A proof-of-concept script demons … ⌘ Read more

[$] Python packaging council approved
The Python packaging world now has a formal
governance council, of the form described in PEP 772 (“Packaging
Council governance process”), which was approved\
by the steering council on April 16. It has been over a year
since the PEP was first proposed in February 2025 and it has undergone
lengthy discussions in multiple postings … ⌘ Read more

Security review of Plasma Login Manager (SUSE Security Team Blog)
SUSE’s Security Team has published a detailed\
blog post on their recent review of the Plasma\
Login Manager version 6.6.2,
which was forked from the SDDM display\
manager.

While most of the code [remains t … ⌘ Read more

Security updates for Wednesday
Security updates have been issued by AlmaLinux (firefox, gdk-pixbuf2, java-17-openjdk, libxml2, python3, python3.11, python3.12, sudo, and webkit2gtk3), Debian (dnsdist, node-tar, pdns, pdns-recursor, and policykit-1), Fedora (chromium, edk2, and vim), Oracle (firefox, gdk-pixbuf2, go-toolset:rhel8, libpng12, LibRaw, libxml2, python, python3, python3.11, python3.12, python3.12-wheel, vim, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, yggdrasil, and yggdrasil-worker-package-mana … ⌘ Read more

Remembering Seth Nickell
LWN has received the sad news that Seth Nickell passed away, on
April 16, from his father, Eric Nickell:

Many of you knew Seth from his work in the GNOME Usability Project, but his
roots in that community trace back to his high school years. As a father of
a high school junior, I remember being terrified when he flashed the hard
drive of a computer he purchased for himself with this weird “Linux” thing.
And I was a bit awed by the college application essay he wrote about open
source and Linus Tor … ⌘ Read more

Fedora Linux 44 has been released
The Fedora Project has announced
the release of Fedora Linux 44. There are “what’s new”
articles for Fedora\
Workstation, Fedora\
KDE Plasma Desktop, and Fedora\
Atomic Desktops. The Fedora Asahi Remix for Apple Silicon Macs,
ba … ⌘ Read more

[$] Strawberry is ripe for managing music collections
There are dozens of music-player applications for Linux; the options range
from bare-bones programs that only play local files to full-blown
music-management projects with a full suite of tools for managing (and playing)
a music collection. Strawberry
is in the latter category; it has a bumper crop of features, including smart
playlists, support for editing music metadata tags, the ability to organize music
files, and more. ⌘ Read more

In Memoriam: Tomáš Kalibera
We have received the sad news that Tomáš Kalibera, a member of the
R Project core team, has
passed away\
after a short illness.

A friend who knew him well wrote to me: he was very happy, and
his work fulfilled him. That is, perhaps, the best thing one can
say about a life in open source — that the work mattered, that it
reached millions, and that the person who did it found meaning in it.

Kalibera was mentioned in … ⌘ Read more

All FOSDEM 2026 videos are online
FOSDEM’s organizers have announced
that all of the video recordings “worth publishing” from FOSDEM 2026 are now available.

Videos are linked from the individual schedule pages for the talks and
the full\
> schedule page. They are also available, organised by room, at
video.fosdem.org/2026.

LWN’s [coverage](https://lwn.net/Arc … ⌘ Read more

Security updates for Tuesday
Security updates have been issued by Debian (openjdk-21 and webkit2gtk), Fedora (botan3, chromium, cockpit, firefox, flatpak, gum, libarchive, libcoap, mingw-python3, ngtcp2, nss, openssh, openssl, openvpn, PackageKit, python3-docs, python3.11, python3.12, python3.13, python3.14, vim, and xrdp), Oracle (firefox, gdk-pixbuf2, java-1.8.0-openjdk, java-21-openjdk, python3.12, python3.9, sudo, and tigervnc), Red Hat (tigervnc and xorg-x11-server-Xwayland), Slackware (mpg123 and proftpd), * … ⌘ Read more

pip 26.1 released
Version 26.1 of
the pip package installer for Python has been released. Richard Si
has published a blog\
post that looks at some of the highlights of 26.1 including
dependency cooldowns, experimental support for pylock ( pylock.toml)
files, and [resolver\
improvements](https://ichard26.github.io/blog/2026/04/whats-new-i … ⌘ Read more

[$] The rest of the 7.1 merge window
By the time Linus Torvalds released 7.1-rc1
and closed the 7.1 merge window, 12,996 non-merge changesets had been
pulled into the mainline repository; just over 9,000 of those arrived after
the first-half summary was written. These
changes were more driver-oriented than those seen earlier, but still also
included many new features across the kernel as a whole. ⌘ Read more

Four new stable kernels for Monday
Greg Kroah-Hartman has announced the release of the 7.0.2, 6.18.25, 6.12.84, and 6.6.136 stable kernels. As usual, each
contains important fixes throughout; users are advised to upgrade. ⌘ Read more

pgBackRest is no longer maintained
David Steele, maintainer of the popular pgBackRest backup and restore project for
PostgreSQL, has archived\
the project and announced that it is no longer being maintained.

After a lot of thought, I have decided to stop working on pgBackRest. I did
not come to this decision lightly. pgBackRest has been my passion project for
the last thirteen years, and I was fortunate to have corporate sponsorship f … ⌘ Read more

[$] Zig explores structured concurrency
Version 0.16.0 of the Zig programming language was
recently announced, and with
it an expanded version of the new Io interface that we
covered in December.
The new interface is based on an idea called structured concurrency that makes writing
correct concurrent applications easier. Zig’s implementation of
the idea is more explicit and verbose than other languages, however, which could
offer an oppor … ⌘ Read more

The future of AI in Ubuntu
Jon Seager, VP engineering for Canonical, has posted
an update on “what Canonical and Ubuntu will do (or not) to
incorporate AI” that explains what part AI will play in the future
of the company and its distribution.

The bottom line is that Canonical is ramping up its use of AI tools
in a focused and principled manner that favours open weight models
with license terms that feel most compatible with our values, combined
with open sou … ⌘ Read more

Niri 26.04 released
Version 26.04
of the niri scrollable-tiling Wayland compositor has been released. The most
notable change in this release, as the “most requested niri feature by far”,
is support for the blur effect using the Wayland protocol’s ext-background-effect. This
release also features optional configuration\
includes, screencasting support enhanc … ⌘ Read more

Security updates for Monday
Security updates have been issued by AlmaLinux (java-25-openjdk, kernel, osbuild-composer, thunderbird, webkit2gtk3, and wireshark), Debian (chromium, distro-info-data, libde265, mbedtls, and thunderbird), Fedora (awstats, bind9-next, bpfman, buildah, calibre, cef, chromium, composer, corosync, coturn, cups, curl, dnsdist, doctl, erlang, fido-device-onboard, flatpak-builder, freetype, glab, goose, jq, kea, libarchive, libcap, libcgif, libgsasl, libinput, libmicrohttpd, libpng, libpng12, libpng1 … ⌘ Read more

Kernel prepatch 7.1-rc1
Linus has released 7.1-rc1 and closed the
merge window for this release.

Things look fairly normal, although we do have a few different
projects to cull some old hardware support to help minimize
maintenance burden: phasing out i486 support (configs deleted, code
deletions to follow) and independently starting to remove some
really old networking hardware support, and removing some SoC
support that never went anywhere.

But we’re more than making up for … ⌘ Read more

GnuPG 2.5.19 released
Werner Koch has announced
the release of GnuPG 2.5.19. This release includes a few new options
and a number of bug fixes, and comes with the reminder that the
GnuPG 2.4 series will reach end-of-life soon

The main features in the 2.5 series are improvements for 64 bit Windows
and the introduction of Kyber (aka ML-KEM or FIPS-203) as PQC encryption
algorithm. Other than PQC support the 2.6 series will not differ a lot
from 2.4 because th … ⌘ Read more

[$] On pages and folios
The kernel coverage here at LWN often touches on memory-management topics
and, as a result, tends to talk a lot about both pages and folios. As the
folio transition in the kernel has moved forward, it has often become
difficult to decide which term to use in writing that is meant to be both
approachable and technically correct. As this work continues, it will be
increasingly common to use “folio” rather than page. This article is
intended to be a convenient reference for readers wanting to differentiate
the tw … ⌘ Read more

Security updates for Friday
Security updates have been issued by Fedora (anaconda, dnf5, firefox, flatpak-builder, libexif, minetest, nss, plasma-setup, python-blivet, rpki-client, and xorg-x11-server), Oracle (bind, kernel, osbuild-composer, thunderbird, webkit2gtk3, and wireshark), Red Hat (java-25-openjdk), SUSE (cacti, cacti, cacti-spine, cockpit-machines, cockpit-podman, cockpit-tukit, csync2, flannel, gdk-pixbuf, go1.25-openssl, go1.26-openssl, haproxy, kernel, libcap, libpng16, libtree-sitter0_26, libvirt, ncu … ⌘ Read more

Ubuntu 26.04 LTS released
Ubuntu 26.04 (“Resolute Raccoon”) LTS has been released
on schedule.

This release brings a significant uplift in security, performance,
and usability across desktop, server, and cloud environments. Ubuntu
26.04 LTS introduces TPM-backed full-disk encryption, expanded use of
memory-safe components, improved application permission controls, and
Livepatch support for Arm systems, helping reduce downtime and
strengthe … ⌘ Read more

[$] Famfs, FUSE, and BPF
The famfs filesystem first showed up on the\
mailing lists in early 2024; since then, it has been the topic of
regular discussions at the Linux Storage, Filesystem, Memory Management and
BPF (LSFMM+BPF) Summit. It has also, as result of those discussions, been
through some significant changes since that initial posting. So it is not
surprising that a suggestion that it needed to be rewritten yet again was
not entirely well received. How much more … ⌘ Read more

Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel and osbuild-composer), Debian (cpp-httplib, firefox-esr, gimp, and packagekit), Fedora (chromium, composer, libcap, pgadmin4, pie, python3-docs, python3.14, and sudo), Mageia (gvfs), Oracle (.NET 8.0, delve, freerdp, giflib, ImageMagick, kernel, OpenEXR, and osbuild-composer), SUSE (erlang, giflib, google-guest-agent, GraphicsMagick, ignition, imagemagick, kea, kernel, kissfft, libraw, libssh, ocaml-patch, opam, openCryptoki, … ⌘ Read more

Four stable kernel updates
The
7.0.1,
6.19.14,
6.18.24, and
6.12.83
stable kernels have been released; each contains another set of important
fixes. Note that the 6.19.x line ends with 6.19.14. ⌘ Read more

[$] LWN.net Weekly Edition for April 23, 2026
Inside this week’s LWN.net Weekly Edition:

• Front: LLMs and Python bugs; scheduler regression; new Rust traits; dependency cooldowns; 7.1 merge window; Shor’s algorithm; drama at The Document Foundation.

• Briefs: Firefox zero-days; kernel code removal; reproduceible Arch; Debian election; Firefox 150; Forgejo 15.0; Git 2.54.0; KDE Gear 26.04; LillyPond 2.26.0; Rust 1.95.0; Quotes; …

• [Announcements](https:/ … ⌘ Read more

[$] Dependency-cooldown discussions warm up
Efforts to introduce malicious code into the open-source supply
chain have been on the rise in recent years, and there is no indication that they
will abate anytime soon. These attacks are often found quickly, but not quickly
enough to prevent the compromised code from being automatically injected into other
projects or code deployed by users where it can wreak havoc. One method of avoiding
supply-chain attacks is to add a delay of a few days before pulling upates in what
is known as a “dep … ⌘ Read more

[$] One Sized trait does not fit all
In Rust, types either possess a constant size known at compile time, or a
dynamically calculated size known at
run time. That is fine for most purposes, but recent proposals for the language
have shown the need for a more fine-grained hierarchy.
RFC 3729 from David Wood and Rémy Rakic would add a hierarchy of
traits to describe types with sizes known under different circumstances. While
the idea has been subject … ⌘ Read more

LilyPond 2.26.0 released
Version\
2.26.0 of the LilyPond
music-engraving program has been released. Major\
changes include the ability to use the Cairo library to generate
output and improvements in spacing between clefs and time
signatures. See the release notes for a full list of [miscellaneous\
improvements](https://lilypond.org/doc/v2.26/Documentation/changes/miscellan … ⌘ Read more

Four stable kernels for Wednesday
Greg Kroah-Hartman has announced the release of the 7.0.1, 6.19.14, 6.18.24, and 6.12.83 stable kernels. As usual, each
contains important fixes throughout the tree. Users are encouraged to
upgrade. ⌘ Read more

Security updates for Wednesday
Security updates have been issued by Debian (firefox-esr, flatpak, ngtcp2, ntfs-3g, packagekit, python-geopandas, simpleeval, strongswan, and xdg-dbus-proxy), Fedora (chromium, cups, curl, jq, opkssh, perl-Net-CIDR-Lite, python-cbor2, python-pillow, tinyproxy, xdg-dbus-proxy, and xorg-x11-server-Xwayland), Slackware (libXpm and mozilla), SUSE (botan, chromium, clamav, cockpit, cockpit-machines, cockpit-packages, cockpit-podman, cockpit-subscriptions, dovecot24, firefox, flatpak, freeipmi … ⌘ Read more

Kernel code removals driven by LLM-created security reports
There are a number of ongoing efforts to remove kernel code, mostly from
the networking subsystem, as an alternative to dealing with the increase in
security-bug reports from large language models. The proposed removals
include ISA\
and PCMCIA Ethernet drivers, a pair\
of PCI drivers, the [ax25 and amat … ⌘ Read more

Firefox: The zero-days are numbered
This\
Firefox blog post reports that the Firefox 150 release includes
fixes for 271 vulnerabilities found by the Claude Mythos preview.

Elite security researchers find bugs that fuzzers can’t largely by
reasoning through the source code. This is effective, but
time-consuming and bottlenecked on scarce human
expertise. Computers were completely incapable of doing this a few
months ago, and now they excel at i … ⌘ Read more

Fedora Verified: a proposal to recognize Fedora contributor status
The Fedora Project has been wrestling with the question of who should be able to vote in\
Fedora elections recently, with project membership being a major topic at\
the Fedora Council face-to-face held in early February. Now the
project is considering a new contributor status, “Fedora Verified”,
and is [looking\
to get input](https://communityblog.fedoraproject.org/fedora-verified-rec … ⌘ Read more

[$] Using LLMs to find Python C-extension bugs
The open-source world is currently awash in\
reports of LLM-discovered bugs and vulnerabilities, which makes for a lot more
work for maintainers, but many of the current crop are being reported
responsibly with an eye toward minimizing that impact. A recent report
on an effort to systematically find bugs in [Python extensions\
written in C](h … ⌘ Read more

Firefox 150 released
Version\
150 of the Firefox web browser has been released. Notable changes
include local-network-access\
restrictions being turned on for all users, the ability to
reorder, copy, delete, paste, and export pages from a PDF using
Firefox’s built-in viewer, as well as improvements in its split\
view feature, … ⌘ Read more

Security updates for Tuesday
Security updates have been issued by AlmaLinux (freerdp, kernel, and kernel-rt), Debian (mupdf, opam, simpleeval, and xdg-dbus-proxy), Mageia (firefox, thunderbird and libtiff), Red Hat (containernetworking-plugins, gvisor-tap-vsock, nodejs22, nodejs:20, nodejs:22, perl-XML-Parser, python3.11, python3.9, runc, and skopeo), and SUSE (bind, buildah, cockpit-subscriptions, container-suseconnect, containerd, corosync, cosign, docker, dovecot24, flatpak, freeipmi, gegl, GraphicsMagick, helm … ⌘ Read more

Git 2.54.0 released
Git maintainer Junio Hamano has announced
Git 2.54.0, which includes contributions from 137 people; 66 of those
people are first-time contributors to the project. Changes include the
addition of Git history rewriting, Git’s web interface (gitweb)
“has been taught to be mobile friendly”, and much more. See the
announcement for all improvements, additions, and bug fixes. Hamano
is now taking a short break:

I will go offline for a couple of weeks starting thi … ⌘ Read more

Arch Linux now has a reproducible container image
Robin Candau has announced
the availability of a bit-for-bit reproducible container image for
Arch Linux:

The bit-for-bit reproducibility of the image is confirmed by digest
equality across builds ( podman inspect --format '{{.Digest}}' <image>) and by running diffoci
to compare builds. We provide d … ⌘ Read more

[$] Digging into drama at The Document Foundation
The Document Foundation (TDF) is
the nonprofit entity behind the LibreOffice productivity suite. Most of the
time, the software takes the spotlight, but that has changed in the past few weeks, and
not for pleasant reasons. TDF has revoked\
foundation membership status from about 30 people who work for or have
contracting statu … ⌘ Read more

Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, delve, freerdp, giflib, go-rpm-macros, libarchive, and openexr), Debian (gimp, imagemagick, luanti, mapserver, mupdf, opam, perl, pillow, postgresql-13, and tiff), Fedora (aqualung, awstats, curl, incus, mac, mbedtls, mingw-LibRaw, python-msal, python3.11, python3.12, python3.15, smb4k, stb, and usd), Gentoo (DTrace and FUSE), Mageia (gdk-pixbuf2.0, giflib, polkit-122, python-cairosvg, and rsync), Oracle … ⌘ Read more

Seven stable kernels for Saturday
Greg Kroah-Hartman has announced the release of the 6.19.13, 6.18.23, 6.12.82, 6.6.135, 6.1.169, 5.15.203, and 5.10.253 stable kernels. Each contains a
number of important fixes throughout the tree; users are advised to
upgrade. ⌘ Read more

[$] A more efficient implementation of Shor’s algorithm
Shor’s algorithm is the main practical example of an algorithm that runs more
quickly on a quantum computer than a classical computer — at least in theory.
Shor’s algorithm allows large numbers to be factored
into their component prime factors quickly.
In reality, existing quantum computers do not have nearly
enough memory to factor interesting numbers using Shor’s algorithm, despite
decades of research.
[A new paper](https://a … ⌘ Read more

[$] The 7.0 scheduler regression that wasn’t
One of the more significant changes in the 7.0 kernel release is to use the lazy-preemption mode by default in the CPU
scheduler. The scheduler developers have wanted to reduce the number of
preemption modes for years, and lazy preemption looks like a step toward
that goal. But then there came this report
from Salvatore Dipietro that lazy preemption caused a 50% performance
regression on … ⌘ Read more