Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 40 min ago

Devuan Jessie beta released

12 hours 53 min ago
The Devuan community has finally gotten a beta release out for testing. "Debian GNU+Linux [sic] is a fork of Debian without systemd, on its way to become much more than that. This Beta release marks an important milestone towards the sustainability and the continuation of Devuan as an universal base distribution."

WebExtensions in Firefox 48

Friday 29th of April 2016 10:45:38 PM

At the Mozilla blog, Andy McKay announces that the browser maker has officially declared WebExtensions ready to use for add-on development. "With the release of Firefox 48, we feel WebExtensions are in a stable state. We recommend developers start to use the WebExtensions API for their add-on development." The WebExtensions support released for Firefox 48 includes improvements to the "alarms, bookmarks, downloads, notifications, webNavigation, webRequest, windows and tabs" APIs, support for a new Content Security Policy that limits where resources can be loaded from, and support in Firefox for Android. LWN looked at the WebExtensions API in December.

Friday's security updates

Friday 29th of April 2016 04:07:13 PM

Debian has updated subversion (multiple vulnerabilities).

Fedora has updated i7z (F23: denial of service).

openSUSE has updated php5 (Leap 42.1: multiple vulnerabilities).

SUSE has updated ntp (SLE11; SLE12: multiple vulnerabilities).

The ACM 2015 technical awards

Friday 29th of April 2016 07:34:27 AM
The Association for Computing Machinery has announced the recipients of its 2015 technical awards. They are Brent Walters, Michael Luby, Eric Horvitz, and: "Richard Stallman, recipient of the ACM Software System Award for the development and leadership of GCC (GNU Compiler Collection), which has enabled extensive software and hardware innovation, and has been a lynchpin of the free software movement."

X.Org votes to join SPI

Thursday 28th of April 2016 03:08:22 PM

The results of the X.Org election are in. There were two things up for a vote: four seats on the board of directors and amending the bylaws to join Software in the Public Interest (SPI). Unlike last year's election, this year's vote met the required 2/3 approval to join SPI (61 voters out of 65 members, with 54 voting "Yes", 4 "No", and 3 "Abstain"). In addition, Egbert Eich, Alex Deucher, Keith Packard, and Bryce Harrington were elected to the board.

Security updates for Thursday

Thursday 28th of April 2016 03:00:07 PM

CentOS has updated firefox (C6; C5: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities) and php5 (multiple vulnerabilities).

Fedora has updated kernel (F23: two vulnerabilities) and libtasn1 (F22: denial of service).

openSUSE has updated php5 (13.2: multiple vulnerabilities, including one from 2014).

SUSE has updated php5 (SLE12: multiple vulnerabilities, including one from 2014).

Ubuntu has updated libsoup2.4 (16.04, 15.10, 14.04: regression in previous update), oxide-qt (16.04, 15.10, 14.04: multiple vulnerabilities), php5 (15.10: regression in previous update), and thunderbird (multiple vulnerabilities).

[$] LWN.net Weekly Edition for April 28, 2016

Thursday 28th of April 2016 12:45:42 AM
The LWN.net Weekly Edition for April 28, 2016 is available.

Firefox 46.0

Wednesday 27th of April 2016 05:05:59 PM
Firefox 46.0 has been released, featuring improved security of the JavaScript Just In Time (JIT) Compiler and GTK3 integration. See the release notes for more details.

Security advisories for Wednesday

Wednesday 27th of April 2016 04:07:18 PM

CentOS has updated firefox (C7: multiple vulnerabilities).

Debian has updated mysql-5.5 (multiple vulnerabilities) and openjdk-7 (multiple vulnerabilities).

Fedora has updated rpm (F23: two vulnerabilities) and xstream (F23; F22: enabled processing of external entities).

Gentoo has updated libksba (three vulnerabilities) and wireshark (multiple vulnerabilities).

Mageia has updated libgd (code execution), samba (multiple vulnerabilities), w3m (denial of service), and wireshark (multiple vulnerabilities).

Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities).

Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities).

Slackware has updated firefox (multiple vulnerabilities).

Ubuntu has updated firefox (multiple vulnerabilities).

GCC 6.1 Released

Wednesday 27th of April 2016 12:14:57 PM
Version 6.1 of the GCC compiler suite is out. Changes in this release include defaulting to the C++14 standard, improved diagnostic output, full support for OpenMP 4.5, better optimization, and more; see the changelog for a full list.

New functional programming language can generate C, Python code for apps (InfoWorld)

Tuesday 26th of April 2016 08:24:42 PM
InfoWorld introduces Futhark, an open source functional programming language designed for creating code that runs on GPUs. It can automatically generate both C and Python code to be integrated with existing apps. "Most GPU programming involves using frameworks like OpenCL or CUDA, both of which use variations of C or C++ to generate code that runs on the GPU. Futhark can generate C code, but is its own language, more similar to Haskell or Standard ML than C. (Futhark is itself written in Haskell.) Futhark's creators claim that the expressiveness of the language makes it easier to describe complex operations that use parallelism. This includes the ability to support nested parallelizations (parallel operations inside other parallel operations). Futhark can do this "despite the complexities of efficiently mapping to the flat parallelism supported by hardware, as a great many programs depend on this feature," say the language's creators."

Tuesday's security updates

Tuesday 26th of April 2016 04:30:11 PM

CentOS has updated nspr (C5: two vulnerabilities), nss (C5: two vulnerabilities), nspr (C7: two vulnerabilities), nss (C7: two vulnerabilities), nss-softokn (C7: two vulnerabilities), and nss-util (C7: two vulnerabilities).

Fedora has updated ansible1.9 (F23; F22: code execution), golang (F23; F22: denial of service), gsi-openssh (F23; F22: command injection), mingw-poppler (F23; F22: code execution), mod_nss (F23; F22: invalid handling of +CIPHER operator), and webkitgtk4 (F22: multiple vulnerabilities).

openSUSE has updated flash-player (11.4: code execution).

Oracle has updated nss and nspr (OL5: two vulnerabilities) and nss, nspr, nss-softokn, and nss-util (OL7: three vulnerabilities).

Scientific Linux has updated nss, nspr, nss-softokn, nss-util (SL7: two vulnerabilities).

SUSE has updated php53 (SLE11-SP4: multiple vulnerabilities), portus (SLEM12: multiple vulnerabilities), and xen (SLES11-SP2: multiple vulnerabilities).

Finding a new home for Thunderbird

Tuesday 26th of April 2016 08:52:58 AM
The Mozilla Foundation has (in the guise of Gervase Markham) posted an update on the process of spinning off the Thunderbird mail client as a separate project. As part of that, they engaged Simon Phipps to write up a survey of possible new homes [PDF] for the project. "Having reviewed the destinations listed below together with several others which were less promising, I believe there are three viable choices for a future home for the Thunderbird Project; Software Freedom Conservancy, The Document Foundation and a new deal at the Mozilla Foundation. None of these three is inherently the best, and it is possible that over time the project might seek to migrate to a 'Thunderbird Foundation' as a permanent home (although I would not recommend that as the next step)."

Intel releases the Arduino 101 firmware source code

Monday 25th of April 2016 10:04:47 PM
Arduino has announced the release of the source code for the real-time operating system (RTOS) powering the Arduino 101 and Genuino 101. "The package contains the complete BSP (Board Support Package) for the Curie processor on the 101. It allows you to compile and modify the core OS and the firmware to manage updates and the bootloader. (Be careful with this one since flashing the wrong bootloader could brick your board and require a JTAG programmer to unbrick it)." (Thanks to Paul Wise)

Security advisories for Monday

Monday 25th of April 2016 05:28:51 PM

Arch Linux has updated pgpdump (denial of service), samba (multiple vulnerabilities), squid (multiple vulnerabilities), and thunderbird (two vulnerabilities).

Debian has updated imlib2 (multiple vulnerabilities) and libgd2 (code execution).

Fedora has updated java-1.8.0-openjdk (F23: multiple vulnerabilities), openssh (F23: privilege escalation), parallel (F23; F22: file overwrites), python-tgcaptcha2 (F23; F22: reusable captchas), thunderbird (F23: multiple vulnerabilities), w3m (F23: denial of service), and webkitgtk4 (F23: multiple vulnerabilities).

Mageia has updated java-1.8.0-openjdk (multiple vulnerabilities), libcryptopp (information disclosure), squid (denial of service), varnish (access control bypass), and vtun (denial of service).

openSUSE has updated Chromium (13.2; 13.1: multiple vulnerabilities) and clamav (Leap42.1: database refresh).

Red Hat has updated nss, nspr (RHEL5: two vulnerabilities) and nss, nspr, nss-softokn, nss-util (RHEL7: two vulnerabilities).

Scientific Linux has updated nss, nspr (SL5: two vulnerabilities).

SUSE has updated yast2-users (SLE12-SP1: empty passwords fields in /etc/shadow).

Ubuntu has updated mysql-5.7 (16.04: multiple vulnerabilities).

Kernel prepatch 4.6-rc5

Monday 25th of April 2016 08:36:48 AM
Linus has released the 4.6-rc5 kernel prepatch. "Things continue to be fairly calm: rc5 is bigger than rc4 was, but rc4 really was tiny. And while we're back to fairly normal commit counts for this time in the release window, the kinds of bugs people are finding remain very low grade: there's absolutely nothing scary in here. If things continue this way, this might be one of those rare releases that don't even get to rc7."

Rintel: Network Manager 1.2 is here

Friday 22nd of April 2016 11:42:58 PM

At his blog, Lubomir Rintel highlights some of the changes found in the new 1.2 release of Network Manager, the network-configuration utility suite shipped by many Linux distributions. High on the list are privacy improvements; the post notes that "the identity of a mobile host can also leak via Wi-Fi hardware addresses. A common way to solve this is to use random addresses when scanning for available access points, which is what NetworkManager now does (with a recent enough version of wpa_supplicant). The actual hardware address is used only after the device is associated to an access point." Network Manager can also now be used to manage tun, tap, macvlan, vxlan and IP tunnel software devices, and can run multiple VPN modules simultaneously. In addition, support for several hardware device classes was split into loadable modules, which will reduce memory overhead.

Friday's security updates

Friday 22nd of April 2016 03:01:00 PM

CentOS has updated java-1.7.0-openjdk (C6; C5; C7: multiple vulnerabilities) and java-1.8.0-openjdk (C6; C7: multiple vulnerabilities).

Debian has updated varnish (access control bypass) and xen (multiple vulnerabilities).

Fedora has updated drupal7-block_class (F23; F22: cross-site scripting), glpi (F23; F22: SQL injection), libtasn1 (F23: denial of service), and springframework-amqp (F22: code execution).

Mageia has updated chromium-browser-stable (M5: multiple vulnerabilities), imlib2 (M5: code execution), lha (M5: buffer overflow), and poppler (M5: denial of service).

Oracle has updated java-1.7.0-openjdk (O7; O6; O5: multiple vulnerabilities).

Red Hat has updated java-1.6.0-sun (RHEL 5,6,7: multiple vulnerabilities), java-1.7.0-openjdk (RHEL 5,7; RHEL6: multiple vulnerabilities), java-1.7.0-oracle (RHEL 5,6,7: multiple vulnerabilities), and java-1.8.0-oracle (RHEL 6,7: multiple vulnerabilities).

Scientific Linux has updated java-1.7.0-openjdk (SL 5,7; SL6: multiple vulnerabilities).

Ubuntu has updated mysql-5.5, mysql-5.6 (12.04, 14.04, 15.10: multiple vulnerabilities) and php5 (12.04, 14.04, 15.10: multiple vulnerabilities).

Ubuntu 16.04 LTS (Xenial Xerus) released

Thursday 21st of April 2016 11:08:40 PM
The Ubuntu team has announced the release of Ubuntu 16.04 LTS for Desktop, Server, Cloud, and Core. "Ubuntu 16.04 LTS is the first long-term support release available for the new "s390x" architecture for IBM LinuxONE and z Systems, as well as introducing the new Ubuntu MATE community flavour." Joining Ubuntu in this release are the flavors Kubuntu, Lubuntu, Mythbuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu. Maintenance updates will be provided for 5 years for Ubuntu Desktop, Ubuntu Server, Ubuntu Cloud, Ubuntu Core, and Ubuntu Kylin. All the remaining flavors will be supported for 3 years.

Three new stable kernel releases

Thursday 21st of April 2016 09:17:43 PM

Greg Kroah-Hartman has released the latest batch of stable kernels: 4.5.2, 4.4.8, and 3.14.67. Each contains updates and fixes throughout the tree.

More in Tux Machines

OpenStack Roundup

  • OpenStack Summit Returns to Austin With Much Fanfare
    Back in July 2010, 75 developers gathered at the Omni hotel here for the very first OpenStack Summit. At the time, OpenStack was in the earliest stages of development. In April 2016, OpenStack returned to Austin in triumph as the de facto standard for private cloud deployment and the platform of choice for a significant share of the Fortune 100 companies. About 7,500 people from companies of all sizes from all over the world attended the 2016 OpenStack Summit in Austin from April 25 to April 29. In 2010, there were no users, because there wasn't much code running, but in 2016, that has changed. Among the many OpenStack users speaking at the summit were executives from Verizon and Volkswagen Group. While the genesis of OpenStack was a joint effort between NASA and Rackspace, the 2016 summit was sponsored by some of the biggest names in technology today—including IBM, Cisco, Dell, EMC and Hewlett Packard Enterprise. In this slide show, eWEEK takes a look at some highlights of the 2016 OpenStack Summit.
  • A Look Into IBM's OpenStack Meritocracy
    Angel Diaz, IBM vice president of Cloud Architecture and Technology, discusses how Big Blue has earned its place in the OpenStack community.
  • OpenStack cloud’s “killer use case”: Telcos and NFV
    Today, 114 petabytes of data traverse AT&T's network daily, and the carrier predicts a 10x increase in traffic by 2020. To help manage this, AT&T is transitioning from purpose-built appliances to white boxes running open source software. And according to AT&T Senior Vice President of Software Development and Engineering Sarabh Saxena, OpenStack has been a key part of this shift.

Ubuntu 16.04 vs. vs. Clear Linux vs. openSUSE vs. Scientific Linux 7

Here are some extra Linux distribution benchmarks for your viewing pleasure this weekend. Following the release of Ubuntu 16.04 LTS last week, I was running another fresh performance comparison of various Linux distributions on my powerful Xeon E3-1270 v5 Skylake system. I made it a few Linux distributions in before the motherboard faced an untimely death. Not sure of the cause yet, but the motherboard is kaput and thus the testing was ended prematurely. Read more

GhostBSD 10.3 ALPHA1 is now ready for Testing

Yes we skip 10.2 for 10.3 since was FreeBSD 10.3 was coming we thought we should wait for 10.3. This is the first ALPHA development release for testing and debugging for GhostBSD 10.3, only as MATE been released yet which is available on SourceForge and for the amd64 and i386 architectures. Read more

Leftovers: Ubuntu

  • Ubuntu-based Smartphones And Tablets Sound Good, On Paper, But...Do They Make Any Sense?
    As I previously stated in a recent article, I'm a huge fan of Ubuntu as a desktop operating system. It's friendly, reliable, consumes little resources and is largely virus-free.
  • Elementary OS 0.4 ‘Loki’ expected to be based on Ubuntu 16.04
    Elementary OS 0.4 ‘Loki’ coming soon, to be based on Ubuntu 16.04 and have plenty of new features
  • BQ Aquaris M10 Ubuntu Edition tablet - The heat is on
    Some investments are financial. Some are emotional. When it comes to Linux on tablets, my motives are mostly of the latter kind. I was super-excited to learn BQ was launching a tablet with Ubuntu, something that I have been waiting for a good solid three years now. We had the phone released last spring, and now there's a tablet. The cycle is almost complete. Now, as you know, I was only mildly pleased with the Ubuntu phone. It is a very neat product, but it is not yet as good as the competitors, across all shades of the usability spectrum. But this tablet promises a lot. Full HD, desktop-touch continuum, seamless usage model, and more. Let us have a look.
  • Kubuntu-16.04 — a review
    The kubuntu implementation of Plasma 5 seems to work quite well. It’s close to what I am seeing in other implementations. It includes the Libre Office software, rather than the KDE office suite. But most users will prefer that anyway. I’m not a big fan of the default menu. But the menu can easily be switched to one of the alternative forms. I’ve already done that, and am preferring the “launcher based on cascading popup menus”. If you are trying kubuntu, I suggest you experiment with the alternative formats to see which you prefer.
  • Ubuntu 16.04 LTS Review: Very Stable & Improved, Buggy Software Center, Though
    In almost all the occasions that I tested Ubuntu LTS releases, quite rightly so, they’ve always worked better than the non-LTS releases. And this Ubuntu 16.04 LTS, the 6th of such release is no exception. This one actually is even more impressive than the others because it has addressed some security related issues and even although not critical, subtle issues that I mentioned in the review. As far as the performance was concerned, Ubuntu 16.04 LTS was only largely outperformed by the memory usage where there is a large increase in memory usage. Other than that, those numbers look pretty good to me. That ‘.deb’ file issues with the Software Center is the only major concern that I can come up with. But I’m sure it’ll be fixed very soon.