Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 3 hours 33 min ago

Nmap 7 released

Friday 20th of November 2015 03:11:29 PM
Version 7 of the Nmap security scanner has been released. "It is the product of three and a half years of work, nearly 3200 code commits, and more than a dozen point releases since the big Nmap 6 release in May 2012. Nmap turned 18 years old in September this year and celebrates its birthday with 171 new NSE scripts, expanded IPv6 support, world-class SSL/TLS analysis, and more user-requested features than ever."

Langridge: No UI is some UI

Thursday 19th of November 2015 11:01:23 PM

At his blog, Stuart Langridge takes issue with a recent Medium post by Tony Aubé titled No UI is the New UI. Aubé's premise is that "invisible" applications—those that use text-messaging or voice-recognition rather than on-screen interfaces—are the future of UI design. Langridge, however, contends that "until very recently, and honestly pretty much still, a computer can’t understand the nuance of language. So 'use language to control computers' meant 'learn the computer’s language', not 'the computer learns yours'." More to the point, "understanding you is laughably incomplete and is obviously the core of the problem, although explaining one’s ideas and being understood by people is also the core problem of civilisation and we haven’t cracked that one yet either." There is less reason to be optimistic about language-based interfaces, he concludes: "I will say that point-and-grunt is not a very sophisticated way of communicating, but it may be all that technology can currently understand."

Thursday's security updates

Thursday 19th of November 2015 05:00:52 PM

CentOS has updated java-1.6.0-openjdk (C6; C5; C7: multiple vulnerabilities) and postgresql (C6; C7: multiple vulnerabilities).

Debian has updated libpng (multiple vulnerabilities).

Debian-LTS has updated strongswan (authentication bypass).

Fedora has updated kernel (F23; F22: ), krb5 (F22: multiple vulnerabilities), m2crypto (F23; F22: denial of service), monitorix (F23; F22: multiple vulnerabilities), perl-IPTables-Parse (F23; F22: predictable temporary file names), python-django (F23: multiple vulnerabilities), and rpcbind (F22: denial of service).

openSUSE has updated xscreensaver (13.1, 13.2, Leap 42.1: denial of service).

Oracle has updated java-1.6.0-openjdk (O7; O6; O5: multiple vulnerabilities) and postgresql (O7; O6: multiple vulnerabilities).

Red Hat has updated java-1.6.0-openjdk (RHEL 5,6,7: multiple vulnerabilities), postgresql (RHEL 6; RHEL 7: multiple vulnerabilities), postgresql92-postgresql (RHSC 2: multiple vulnerabilities), and rh-postgresql94-postgresql (RHSC 2: multiple vulnerabilities).

Scientific Linux has updated java-1.6.0-openjdk (multiple vulnerabilities) and postgresql (SL6; SL7: multiple vulnerabilities).

Ubuntu has updated nvidia-graphics-drivers-352, nvidia-graphics-drivers-352-updates (privilege escalation).

[$] Weekly Edition for November 19, 2015

Thursday 19th of November 2015 02:13:23 AM
The Weekly Edition for November 19, 2015 is available.

Hiring Open Source Maintainers is Key to Stable Software Supply Chain (

Thursday 19th of November 2015 12:36:55 AM
Brian Warner talks about why Samsung has an open-source group in this article. "If you want the full economic and technical benefit of consuming open source, you hire people who are already influential in the projects that matter to you. You then ask them to continue doing exactly what they do: write great code, manage great releases, and contribute to the overall stability of the project. This is the single best way to ensure stability and predictability in your software supply chain."

Security advisories for Wednesday

Wednesday 18th of November 2015 05:17:23 PM

Arch Linux has updated jenkins (multiple vulnerabilities).

Debian-LTS has updated libpng (multiple vulnerabilities) and openafs (multiple vulnerabilities).

Fedora has updated cyrus-imapd (F22: information disclosure) and pdns (F22: denial of service).

openSUSE has updated dracut (13.2: unspecified vulnerability) and putty (Leap42.1, 13.2, 13.1: memory corruption).

Red Hat has updated nss, nss-util, nspr (RHEL6.2, 6.4, 6.5, 6.6: code execution).

Ubuntu has updated lxcfs (15.10, 15.04: privilege escalation).

Microsoft's Visual Studio Code open-sourced

Wednesday 18th of November 2015 04:05:05 PM
Microsoft has announced that its Visual Studio Code tool is now available under the MIT license. "Code combines the streamlined UI of a modern editor with rich code assistance and navigation, and an integrated debugging experience – without the need for a full IDE." The code for Code can be found in its GitHub repository.

[$] Supporting secure DNS in glibc

Wednesday 18th of November 2015 03:55:52 PM
One of the many weak links in Internet security is the domain name system (DNS); it is subject to attacks that, among other things, can mislead applications regarding the IP address of a system they wish to connect to. That, in turn, can cause connections to go to the wrong place, facilitating man-in-the-middle attacks and more. The DNSSEC protocol extensions are meant to address this threat by setting up a cryptographically secure chain of trust for DNS information. When DNSSEC is set up properly, applications should be able to trust the results of domain lookups. As the discussion over an attempt to better integrate DNSSEC into the GNU C Library shows, though, ensuring that DNS lookups are safe is still not a straightforward problem.

Red Hat delivers Software Collections 2.1

Tuesday 17th of November 2015 05:26:29 PM
Red Hat has announced the availability of Red Hat Software Collections 2.1. Red Hat Developer Toolset 4 was also released. "Applications built with Red Hat Software Collections can be deployed into production with greater confidence, as most software collections and components are supported for three years. In addition to Red Hat Enterprise Linux 6 and 7, applications built with Red Hat Software Collections can also be deployed to Red Hat Enterprise Linux Atomic Host and OpenShift, Red Hat’s Platform-as-a-Service (PaaS) offering, giving more choice and flexibility for application portfolios."

Security advisories for Tuesday

Tuesday 17th of November 2015 05:19:06 PM

Arch Linux has updated lib32-libpng (two vulnerabilities) and libpng (two vulnerabilities).

CentOS has updated xen (C5: code execution).

Fedora has updated cyrus-imapd (F23: information disclosure), pdns (F23: denial of service), python-pygments (F23: shell execution), and webkitgtk4 (F23: two vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities).

Mageia has updated chromium-browser-stable (information leak), iceape (multiple vulnerabilities), krb5 (code execution), and mariadb (multiple vulnerabilities).

openSUSE has updated xen (13.2: multiple vulnerabilities).

Oracle has updated xen (OL5: code execution).

Red Hat has updated xen (RHEL5: code execution).

Scientific Linux has updated xen (SL5: code execution).

SUSE has updated krb5 (SLEDebuginfo11SP3: denial of service).

Ubuntu has updated libxml2 (multiple vulnerabilities) and strongswan (15.10, 15.04, 14.04: authentication bypass).

Security advisories for Monday

Monday 16th of November 2015 06:18:29 PM

Debian has updated freexl (regression in previous update) and strongswan (authentication bypass).

Fedora has updated dovecot (F23; F22; F21: buffer overflow), drupal7-jquery_update (F23; F22; F21: open redirect attack), libsedml (F23; F22: hardened builds), libsndfile (F23: buffer overflow), MUMPS (F23; F22; F21: hardened builds), openms (F23; F22: hardened builds), owncloud (F23; F22; F21: unspecified vulnerabilities), snappy-player (F23; F22; F21: denial of service), telegram-cli (F23; F22: hardened builds), tubo (F23; F22; F21: hardened builds), and wildmagic5 (F23; F22; F21: hardened builds).

openSUSE has updated krb5 (Leap42.1: multiple vulnerabilities), libsndfile (13.2, 13.1: multiple vulnerabilities), and python-tornado (13.1: side-channel attack).

Oracle has updated kernel 3.8.13 (OL7; OL6: multiple vulnerabilities).

Slackware has updated seamonkey (multiple vulnerabilities).

Kernel prepatch 4.4-rc1

Monday 16th of November 2015 01:28:54 AM
Linus has released the 4.4-rc1 prepatch and closed the merge window for this cycle. "Just looking at the patch itself, things look fairly normal at a high level, possibly a bit more driver-heavy than usual with about 75% of the patch being drivers, and 10% being architecture updates. The remaining 15% is documentation, filesystem, core networking (as opposed to network drivers), tooling and some core infrastructure."

A change of look

Sunday 15th of November 2015 04:52:25 PM
The basic form of the LWN site was first laid out in early 1998, with some tweaks when the site code was replaced in 2002; since then, it has been mostly static. Meanwhile, the web has moved on, leaving LWN looking increasingly dated, especially on small-screen devices. We have been working (sporadically) on a new layout for the last year and some, and many readers have helped us out by testing it. Now the time has come to switch to the new mode by default.

Hopefully, the result is a cleaner screen and much better usability on mobile devices.

The "Clair" security scanner

Friday 13th of November 2015 09:11:31 PM
CoreOS has announced the release of a container-security tool called Clair. "Clair scans each container layer and provides a notification of vulnerabilities that may be a threat, based on the Common Vulnerabilities and Exposures database (CVE) and similar databases from Red Hat, Ubuntu, and Debian. Since layers can be shared between many containers, introspection is vital to build an inventory of packages and match that against known CVEs."

Friday's security updates

Friday 13th of November 2015 03:07:00 PM

Arch Linux has updated chromium (information leak) and putty (code execution).

Debian has updated krb5 (denial of service).

Fedora has updated kernel (F21: privilege escalation), openstack-ironic-discoverd (F23; F22: remote code execution), python-cryptography (F23: denial of service), python-cryptography-vectors (F23: denial of service), sddm (F22: denial of service), and wpa_supplicant (F23: denial of service).

openSUSE has updated flash-player (13.1, 13.2: multiple vulnerabilities).

SUSE has updated MozillaFirefox, mozilla-nspr, mozilla-nss (SLE11 SP2; SLE11 SP3, SP4: multiple vulnerabilities).

Ubuntu has updated krb5 (multiple vulnerabilities) and lxd (15.10: privilege escalation).

Did the FBI Pay a University to Attack Tor Users? (Tor blog)

Thursday 12th of November 2015 10:38:59 PM
The Tor blog is carrying a post from interim executive director Roger Dingledine that accuses Carnegie Mellon University (CMU) of accepting $1 million from the FBI to de-anonymize Tor users. "There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon's Institutional Review Board. We think it's unlikely they could have gotten a valid warrant for CMU's attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once. Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users." Cryptographer Matthew Green has also weighed in (among others, including Forbes and Ars Technica): "If CMU really did conduct Tor de-anonymization research for the benefit of the FBI, the people they identified were allegedly not doing the nicest things. It's hard to feel particularly sympathetic. Except for one small detail: there's no reason to believe that the defendants were the only people affected."

Thursday's security advisories

Thursday 12th of November 2015 02:43:50 PM

Arch Linux has updated flashplugin (multiple vulnerabilities) and powerdns (denial of service).

Fedora has updated lxc (F22; F21: directory traversal).

Mageia has updated flash-player-plugin (multiple vulnerabilities).

openSUSE has updated git (13.2, 13.1: code execution), java-1_7_0-openjdk (42.1: multiple vulnerabilities), and xen (13.1; 42.1: multiple vulnerabilities, one from 2014).

Firefox OS 2.5 developer preview

Thursday 12th of November 2015 01:06:26 PM
Mozilla has announced the availability of a developer preview for version 2.5 of Firefox OS. New features include an add-on mechanism, tracking protection, and more. There is also a version of the system packaged as an Android app, allowing it to be tried on an Android device without wiping Android itself. "If you’re curious to see what Firefox OS is all about, or just interested in testing out new features, the Firefox OS 2.5 Developer Preview app makes it very simple to get started with very little risk involved. By downloading the app, you can experience Firefox OS and explore many of its capabilities, without flashing hardware. If you decide you’re done trying it out, the app can be removed as simply as any other app." Weekly Edition for November 12, 2015

Thursday 12th of November 2015 01:09:48 AM
The Weekly Edition for November 12, 2015 is available.

[$] A look at darktable 2.0

Wednesday 11th of November 2015 10:50:42 PM
The darktable project has unveiled the first release-candidate (RC) packages for its upcoming version 2.0 milestone. Darktable retains its focus as a high-end photo editor in the forthcoming release, with new features that target professional workflows and experienced users. But there are also improvements that will be appreciated by casual shutterbugs.

More in Tux Machines

today's howtos

Raspberry Pi Zero: The Latest

Linux Foundation adds Open Networking Summit to event portfolio

The Linux Foundation is adding the Open Networking Summit to its event portfolio beginning with the next show scheduled for March 14 in Santa Clara, California. The ONS was initially started by companies focused on software-defined networking technologies to enable collaboration efforts centered on SDN, OpenFlow and network functions virtualization. Those events have seen collaborative efforts announced from the likes of AT&T, Google and the Linux Foundation. Read more

Richard Stallman Is Not The Father Of Open Source

Richard Stallman wants to make one thing completely clear: He is not the father. "I'm not the father of open source. If I'm the father of open source, it was conceived by artificial insemination without my knowledge or consent," he proclaimed from the keynote stage last month at Fossetcon 2015. It wasn't close to the strongest statement he made from that stage. Read more