Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 18 min ago

[$] LWN.net Weekly Edition for February 23, 2017

Thursday 23rd of February 2017 01:02:40 AM
The LWN.net Weekly Edition for February 23, 2017 is available.

Turunen: Qt Roadmap for 2017

Wednesday 22nd of February 2017 07:20:14 PM
Tuukka Turunen presents a roadmap for Qt. "Qt 3D was first released with Qt 5.7 and in Qt 5.8 the focus was mostly on stability and performance. With Qt 5.9 we are providing many new features which significantly improve the functionality of Qt 3D. Notable new features include support for mesh morphing and keyframe animations, using Qt Quick items as a texture for 3D elements, as well as support for physically based rendering and particles. There are also multiple smaller features and improvements throughout the Qt 3D module."

Wednesday's security advisories

Wednesday 22nd of February 2017 05:10:06 PM

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

Debian has updated tomcat7 (regression in previous update) and tomcat8 (regression in previous update).

Gentoo has updated archive-tar-minitar (file overwrites) and ghostscript-gpl (multiple vulnerabilities).

openSUSE has updated profanity (42.2, 42.1: user impersonation).

SUSE has updated php7 (SLE12: multiple vulnerabilities).

Ubuntu has updated kernel (14.04: three vulnerabilities), linux, linux-raspi2 (16.10: three vulnerabilities), linux, linux-snapdragon (16.04: multiple vulnerabilities), linux, linux-ti-omap4 (12.04: three vulnerabilities), linux-lts-trusty (12.04: three vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), and tcpdump (multiple vulnerabilities).

[$] Principled free-software license enforcement

Wednesday 22nd of February 2017 04:47:48 PM
Issues of when and how to enforce free-software licenses, and who should do it, have been on some people's minds recently, and Richard Fontana from Red Hat decided to continue the discussion at FOSDEM. This was a fairly lawyerly talk; phrases like "alleged violation" and "I think that..." were scattered throughout it to a degree not normally found in talks by developers. This is because Fontana is a lawyer at Red Hat, and he was talking about ideas which, while they are not official Red Hat positions, were developed following discussions between him and other members of the legal team at Red Hat.

Subscribers can click below for the full report of the talk by guest author Tom Yates.

A draft glibc year-2038 design document

Wednesday 22nd of February 2017 03:56:06 PM
The year-2038 apocalypse is now just under 21 years away. For those who are curious about how the GNU C Library plans to deal with this problem, there is a draft design document out for review. "In order to avoid duplicating APIs for 32-bit and 64-bit time, glibc will provide either one but not both for a given application; the application code will have to choose between 32-bit or 64-bit time support, and the same set of symbols (e.g. time_t or clock_gettime) will be provided in both cases."

Linux Plumbers Conference call for microconferences

Wednesday 22nd of February 2017 02:32:19 PM
The 2017 Linux Plumbers Conference is set for September 13 to 15 in Los Angeles, California. The core of this event is the microconferences, focused gatherings that address a specific range of problems. The call for microconferences for the 2017 event is now out. "Good microconferences result in solutions to these problems and concerns, while the best microconferences result in patches that implement those solutions."

The "Upspin" global filesystem

Tuesday 21st of February 2017 10:32:57 PM
A group of Google developers has announced the release of (an early version of) a new global filesystem called "Upspin". "Upspin looks a bit like a global file system, but its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world. Upspin is not an 'app' or a web service, but rather a suite of software components, intended to run in the network and on devices connected to it, that together provide a secure, modern information storage and sharing network."

Internet-enable your microcontroller projects for under $6 with ESP8266 (Opensource.com)

Tuesday 21st of February 2017 08:16:01 PM
David Egts takes a look at the ESP8266 WiFi chip, on Opensource.com. "What is the ESP8266 exactly? The ESP8266 is a 32-bit RISC CPU made by Espressif Systems. Its clock runs at 80MHz, and it supports up to 16MB of flash RAM for program storage. These specifications are quite impressive when compared to an Arduino UNO, which runs at 16MHz, only has 32KB of RAM, and is several times more expensive. Another big difference is that the ESP8266 requires only 3.3 volts of power while most Arduinos require 5 volts. Keep this voltage difference in mind when extending your existing Arduino knowledge and projects to the ESP8266 to prevent magic smoke."

Security updates for Tuesday

Tuesday 21st of February 2017 06:02:19 PM

CentOS has updated openssl (C7; C6: two vulnerabilities).

Debian-LTS has updated gtk-vnc (two vulnerabilities).

Fedora has updated kernel (F25; F24: two vulnerabilities), mingw-gstreamer1 (F25: denial of service), mingw-gstreamer1-plugins-bad-free (F25: two vulnerabilities), mingw-gstreamer1-plugins-base (F25: multiple vulnerabilities), mingw-gstreamer1-plugins-good (F25: multiple vulnerabilities), mingw-wavpack (F25; F24: multiple vulnerabilities), and xen (F25: denial of service).

Gentoo has updated adobe-flash (multiple vulnerabilities), dropbear (multiple vulnerabilities), firefox (multiple vulnerabilities), libass (multiple vulnerabilities), libvncserver (two vulnerabilities), mariadb (multiple vulnerabilities), mysql (multiple vulnerabilities), nagios-core (multiple vulnerabilities, one from 2008), ocaml (information leak), opus (code execution), php (multiple vulnerabilities), pycrypto (denial of service), qemu (multiple vulnerabilities), redis (three vulnerabilities), tcpdump (multiple vulnerabilities), thunderbird (multiple vulnerabilities), tigervnc (code execution), and xen (code execution).

Mageia has updated ruby-archive-tar-minitar (file overwrites).

openSUSE has updated libplist (42.1: multiple vulnerabilities) and nodejs (42.1: three vulnerabilities).

Oracle has updated openssl (OL7; OL6: two vulnerabilities).

SUSE has updated flash-player (SLE12-SP1: multiple vulnerabilities).

Ubuntu has updated gtk-vnc (14.04, 12.04: two vulnerabilities), spice (16.10, 16.04, 14.04: two vulnerabilities), and tomcat6, tomcat7 (14.04, 12.04: denial of service).

The return of the Linux kernel podcast

Tuesday 21st of February 2017 03:18:22 AM
After taking a few years off, Jon Masters is restarting his kernel podcast. "In this week’s edition: Linus Torvalds announces Linux 4.10, Alan Tull updates his FPGA manager framework, and Intel’s latest 5-level paging patch series is posted for review. We will have this, and a summary of ongoing development in the first of the newly revived Linux Kernel Podcast."

Monday's security advisories

Monday 20th of February 2017 07:13:16 PM

Debian-LTS has updated gst-plugins-bad0.10 (two vulnerabilities), gst-plugins-base0.10 (two vulnerabilities), gst-plugins-good0.10 (two vulnerabilities), gst-plugins-ugly0.10 (two vulnerabilities), and wireshark (denial of service).

Fedora has updated bind (F24: denial of service), python-peewee (F25; F24: largely unspecified), sshrc (F25: unspecified), and zoneminder (F25; F24: information disclosure).

Gentoo has updated glibc (multiple vulnerabilities, most from 2014 and 2015), mupdf (three vulnerabilities), and ntfs3g (privilege escalation).

Mageia has updated gnutls (multiple vulnerabilities), gtk-vnc (two vulnerabilities), iceape (multiple vulnerabilities), jitsi (user spoofing), libarchive (denial of service), libgd (multiple vulnerabilities), lynx (URL spoofing), mariadb (multiple vulnerabilities, almost all unspecified), netpbm (multiple vulnerabilities), openjpeg2 (multiple vulnerabilities), tomcat (information disclosure), and viewvc (cross-site scripting).

openSUSE has updated chromium (42.2, 42.1: multiple vulnerabilities), firebird (42.2, 42.1: access restriction bypass), java-1_7_0-openjdk (42.2, 42.1: multiple vulnerabilities), mcabber (42.2: user spoofing), mupdf (42.2, 42.1: multiple vulnerabilities), open-vm-tools (42.1: CVE with no description from 2015), opus (42.2, 42.1: code execution), tiff (42.2, 42.1: code execution), and vim (42.1: code execution).

Red Hat has updated openssl (RHEL7&6: two vulnerabilities).

Scientific Linux has updated openssl (SL7&6: two vulnerabilities).

SUSE has updated kernel (SLE12: denial of service) and kernel (SLE11: multiple vulnerabilities, some from 2004, 2012, and 2015).

Ubuntu has updated python-crypto (16.10, 16.04, 14.04: regression in previous update).

The 4.10 kernel has been released

Sunday 19th of February 2017 11:23:05 PM
Linus has released the 4.10 kernel. "On the whole, 4.10 didn't end up as small as it initially looked. After the huge release that was 4.9, I expected things to be pretty quiet, but it ended up very much a fairly average release by modern kernel standards." Features of note in this release include some long-awaited writeback throttling work, the ability to attach a BPF network filter to a control group, encryption in UBIFS filesystems, Intel cache-allocation technology support, and more. See the KernelNewbies 4.10 page for lots of details.

Stable kernels 4.9.11 and 4.4.50

Sunday 19th of February 2017 04:56:55 PM
The 4.9.11 and 4.4.50 stable kernel updates are available; each contains the usual set of important fixes.

SystemTap 3.1 has been released

Friday 17th of February 2017 09:43:55 PM
The SystemTap team has announced the 3.1 release of the tool that allows extracting performance and debugging information at runtime from the kernel as well as various user-space programs. New features include support for adding probes to Python 2 and 3 functions, Java probes now convert all parameters to strings before passing them to probes, a new @variance() statistical operator has been added, new sample scripts have been added, and more.

Security updates for Friday

Friday 17th of February 2017 03:59:18 PM

Arch Linux has updated diffoscope (file overwrite), flashplugin (multiple vulnerabilities), and lib32-flashplugin (multiple vulnerabilities).

Debian has updated spice (two vulnerabilities).

Debian-LTS has updated spice (two vulnerabilities).

Gentoo has updated imagemagick (multiple vulnerabilities).

openSUSE has updated expat (42.2, 42.1: two vulnerabilities, one from 2012), guile (42.2, 42.1: information disclosure), libgit2 (42.2: multiple vulnerabilities), mariadb (42.2, 42.1: multiple vulnerabilities), mysql-community-server (42.1: multiple vulnerabilities), openssl (42.2; 42.1: multiple vulnerabilities), and postfixadmin (42.2, 42.1: security bypass).

SUSE has updated java-1_7_0-openjdk (SLE12: multiple vulnerabilities).

Ubuntu has updated bind9 (denial of service), python-crypto (16.10, 16.04, 14.04: code execution), and webkit2gtk (16.10, 16.04: multiple vulnerabilities).

Go 1.8 released

Thursday 16th of February 2017 11:08:19 PM
The Go team has announced the release of Go 1.8. "The compiler back end introduced in Go 1.7 for 64-bit x86 is now used on all architectures, and those architectures should see significant performance improvements. For instance, the CPU time required by our benchmark programs was reduced by 20-30% on 32-bit ARM systems. There are also some modest performance improvements in this release for 64-bit x86 systems. The compiler and linker have been made faster. Compile times should be improved by about 15% over Go 1.7. There is still more work to be done in this area: expect faster compilation speeds in future releases." See the release notes for more details.

Thursday's security updates

Thursday 16th of February 2017 03:18:35 PM

Arch Linux has updated gvim (code execution) and vim (code execution).

Red Hat has updated openstack-cinder, openstack-glance, and openstack-nova (OSP7.0: denial of service from 2015).

SUSE has updated kernel (SLE12: many vulnerabilities, some from 2015 and 2014).

Ubuntu has updated libgc (code execution) and openjdk-6 (12.04: multiple vulnerabilities).

Top 10 FOSS legal stories in 2016 (opensource.com)

Thursday 16th of February 2017 01:47:16 PM
Mark Radcliffe surveys the most important legal issues surrounding free and open-source software on opensource.com. "The challenge for the Linux community is to decide when to bring litigation to enforce the GPLv2. What it means in many situations is that to be compliant is currently left to individual contributors rather than being based on a set of community norms. As Theodore Ts'o noted, this issue really concerns project governance. Although permitting individual contributors to make these decisions may be the Platonic ideal, the tradeoff is ambiguity for users trying to be compliant as well as the potential for rogue members of the community (like McHardy) to create problems. The members of the Linux community and other FOSS communities need to consider how they can best assist the members of their community to understand what compliance means and to determine when litigation might be useful in furtherance of the community's goals."

[$] LWN.net Weekly Edition for February 16, 2017

Thursday 16th of February 2017 12:38:06 AM
The LWN.net Weekly Edition for February 16, 2017 is available.

TensorFlow 1.0 released

Wednesday 15th of February 2017 09:19:20 PM
The TensorFlow 1.0 release is available, bringing an API stability guarantee to this machine-learning library from Google. "TensorFlow 1.0 introduces a high-level API for TensorFlow, with tf.layers, tf.metrics, and tf.losses modules. We've also announced the inclusion of a new tf.keras module that provides full compatibility with Keras, another popular high-level neural networks library."

More in Tux Machines

OSS Leftovers

  • Open Source IoT on Steady Enterprise March
    Enterprise IT decision makers have been exploring the potential of Internet of Things technologies, but they are not rushing IoT projects into development and are showing caution in their adoption commitments, according to survey results Red Hat released Wednesday. Of the 215 participants in the company's survey, "Enterprise IoT in 2017: Steady as she goes," 55 percent indicated that IoT was important to their organization. However, only a quarter of those organizations actually were writing project code and deploying IoT technologies.
  • WSO2 Offers Open Source Enterprise Mobility Management
    The software is fully open source under the Apache License 2.0. Source code is available on GitHub.
  • 5 trends impacting enterprise mobility in 2017
    At this point, there’s little left to say that’s new about the impact the IoT can have on the enterprise. Although the potential size of the IoT market is often hyped, the opportunities now available in various lines of business are indisputable. IoT enables entities (i.e. consumers, businesses, and governments) to connect to and control IoT devices in areas like energy, manufacturing, transportation, agriculture, and more.
  • China Unicom & Radisys use CORD architecture to build better networks
  • Radisys launches open source RAN software for M-Cord project
  • Haddington Dynamics Releases Entire Source Code for Dexter Open-Source Robot, Invites Global Collaboration
  • Twilio paid $8.5 million in cash for assets of Kurento Open Source Project
    Twilio has been making strides to improve its WebRTC capabilities and part of its strategy includes making acquisitions to advance its objective. In September, the cloud-based telephony company purchased the team behind the Kurento Open Source Project and its assets. At the time, the financial terms were not disclosed, but now we know the deal was for $8.5 million in cash. In a filing with the Securities and Exchange Commission, Twilio revealed that it had picked up proprietary WebRTC media processing technologies; select licenses, patents, and trademarks; and some employees who worked on the service, although specifics were not provided.
  • What to do when people start hacking your culture
    I've previously written about the fact the Apache Software Foundation offers an exemplar of large-scale open source governance. Even with those supreme qualities, things can still go wrong. Apache offers some of the best protections for open source contributors but its mature rules can be manipulated by skilled politicians and/or determined agendas. What can we learn from their experience? In a very small proportion of Apache projects, there have been issues that seem to arise from Apache's rules and culture being intentionally gamed. They are a non-representative fraction of the work of Apache, but they provide valuable lessons on the way open source communities can be gamed. In this article I mention two such projects: Apache Harmony, an implementation of Java SE created independently of Sun that's now in the Apache Attic, and Apache OpenOffice, one of the successors to the OpenOffice.org project that closed after Oracle bought Sun Microsystems.
  • Embedded Linux Conference Features IoT and Development Tools
    The 2017 Embedded Linux Conference (ELC) is off to a fine start even as the rain clears up here in Portland, Ore. I don’t often get to sit in on technical sessions at trade shows because of a host of meetings, but this is the exception. If you get a chance, and Linux or Android is in your bailiwick, then ELC is worth attending. It delves into the technical details for using Linux and application spaces like the Internet of Things (IoT), with more hands-on details than our popular (but higher-end) IoT show, IoT Emerge, which will be returning this fall. IoT Emerge provides a high-level view of IoT applications and issues, whereas ELC is for the hardcore developers.

Red Hat News

  • HPE, Red Hat Team on Storage, OpenStack for NFV
    Hewlett Packard Enterprise (NYSE: HPE) and Red Hat, Inc. (NYSE: RHT) announced today they are working together to accelerate the deployment of network functions virtualization (NFV) solutions based on fully open, production-ready, standards-based infrastructures. HPE plans to offer ready-to-use, pre-integrated HPE NFV System solutions and HPE Validated Configurations incorporating Red Hat OpenStack Platform and Red Hat Ceph Storage for communications service providers (CSPs).
  • Irish unit of open source software developers Red Hat sees profits jump
    A Cork-based subsidiary of open source software specialist Red Hat reported a sharp rise in revenues and profits last year, recently lodged accounts show. Red Hat Ltd, whose parent acquired Irish software firm Feed Henry for €63.5 million in September 2014, recorded a pretax profit of €33.2 million for the 12 months ending February 2016. This compares with a profit before tax of €26.6 million a year earlier.
  • From SAP to Red Hat: Lenovo to leverage partnerships to boost data center numbers
    A week after Lenovo executives pointed to partnerships as a way to drive numbers in its data center business, the company has announced an expanded relationship with SAP. It’s the latest in a string of partnerships, from Red Hat to Nutanix (Nasdaq: NTNX), all targeted to help Lenovo better compete.
  • Notable Runners: Red Hat, Inc. (NYSE:RHT), Genuine Parts Company (NYSE:GPC)

Leftovers: Software

  • 3 mind mapping tools in Fedora
    In a previous Magazine article, we covered tracking your time and tasks. In that article we mentioned some mind mapping tools. Now we’ll cover three mind mapping apps you can use in Fedora. You can use these tools to generate and manipulate maps that show your thoughts. Mind maps can help you to improve your creativity and effectiveness. You can use them for time management, to organize tasks, to overview complex contexts, to sort your ideas, and more.
  • 10 command-line tools for data analysis in Linux
    So you've landed on some data you want to analyze. Where do you begin? Many people used to working in a graphical environment might default to using a spreadsheet tool, but there's another way that might prove to be faster and more efficient, with just a little more effort. And you don't need to become an expert in a statistical modeling language or a big data toolset to take advantage of these tools. I'm talking about the Linux command line. Just using some tools that you've probably already got installed on your computer, you can learn a lot about a dataset without ever leaving your terminal. Long-time Linux users will of course laugh—they've been using many of these tools for years to parse logs and understand configuration tools. But for the Linux newcomer, the revelation that you've got a whole data analysis toolkit already at your fingertips can be a welcomed surprise.
  • Trojita Is a Super Fast Desktop Email Client for Linux
    If you’re looking for a fast, IMAP compatible email client for Linux, why not try Trojita? Trojita aims to fetch and display email as quickly, and as efficiently, as possible. The open-source email app adheres to ‘open standards and modern technologies’, and is built around ‘the vendor-neutrality that IMAP provides’.
  • gparted 0.28.1
    A new version of gparted was released recently and I have updated the Fedora package to the latest version - 0.28.1. This version brings a rather exciting (at least, to me) update - ability to copy and resize already open LUKS filesystems.

Android Leftovers