Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 34 min 4 sec ago

OpenSUSE Leap 42.1 milestone 1 released

Friday 24th of July 2015 09:03:02 PM
The first development release of the upcoming openSUSE 42.1 distribution is now available. "Milestone is being used to avoid the term Alpha because the milestone is able to be deployed without the additional future items and subsystems that will become available when Leap is officially released." As reported in June, openSUSE 42.1 is a new version of the distribution based on the SUSE Linux Enterprise core.

Friday's security updates

Friday 24th of July 2015 03:04:13 PM

Arch Linux has updated chromium (multiple vulnerabilities), crypto++ (private key recovery), libuser (multiple vulnerabilities), and openssh (authentication limits bypass).

CentOS has updated libuser (C7: multiple vulnerabilities).

Debian has updated chromium-browser (multiple vulnerabilities).

Gentoo has updated e2fsprogs (code execution).

Oracle has updated libuser (O7: multiple vulnerabilities).

Red Hat has updated java-1.7.0-ibm (RHEL 5: multiple vulnerabilities) and libuser (RHEL 6; RHEL 7: multiple vulnerabilities).

Scientific Linux has updated libuser (SL7: multiple vulnerabilities).

Ubuntu has updated kernel (12.04; 14.04; 14.10; 15.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

Day: HIG updates

Thursday 23rd of July 2015 10:24:31 PM

At his blog, Allan Day announces the first major update to the GNOME Human Interface Guidelines since the first GNOME 3 version (released in 2014). Day notes that the GNOME 3 HIG is structured around design patterns, in the hopes that it can be updated regularly to reflect current practices. "These new guidelines are the direct result of design work that has happened in the past year. They attempt to distill everything we’ve learned through our own process of trial and error." Furthermore, "the HIG now links to the relevant GTK+ API reference documentation for each design component. This is nice for knowing which widget does what; and makes the design guidelines a more effective accompaniment to the toolkit."

Thursday's security updates

Thursday 23rd of July 2015 02:26:05 PM

Debian has updated kernel (multiple vulnerabilities).

Fedora has updated hostapd (F21; F22: denial of service) and python-django (F22: multiple vulnerabilities).

Gentoo has updated libXfont (multiple vulnerabilities).

Mageia has updated java-1.7.0-openjdk (M4: multiple vulnerabilities) and php (M4: multiple vulnerabilities).

Red Hat has updated java-1.6.0-ibm (RHEL 5,6: multiple vulnerabilities) and java-1.7.1-ibm (RHEL 6,7: multiple vulnerabilities).

Ubuntu has updated nbd (multiple vulnerabilities).

[$] LWN.net Weekly Edition for July 23, 2015

Thursday 23rd of July 2015 12:13:14 AM
The LWN.net Weekly Edition for July 23, 2015 is available.

[$] Django Girls one year later

Wednesday 22nd of July 2015 09:06:30 PM

Though it got a bit of a late start due to some registration woes, the first day of EuroPython 2015 began with an engaging and well-received keynote. It recounted the history of a project that got its start just a year ago when the first Django Girls workshop was held at EuroPython 2014 in Berlin. The two women who started the project, Ola Sitarska and Ola Sendecka, spoke about how the workshop to teach women about Python and the Django web framework all came together—and the amazing progress that has been made by the organization in its first year.

Red Hat Enterprise Linux 6.7 released

Wednesday 22nd of July 2015 05:11:04 PM
Red Hat has announced the general availability of RHEL 6.7. "As the basis for large, complex IT deployments, Red Hat Enterprise Linux 6.7 offers enterprise IT teams new capabilities to bolster system security, proactively identify and resolve business-critical IT issues, and confidently embrace some of the latest open source technologies, such as Linux containers, without sacrificing operational stability." The release notes contain details.

Wednesday's security advisories

Wednesday 22nd of July 2015 04:49:58 PM

Arch Linux has updated jre7-openjdk (multiple vulnerabilities).

Debian has updated cacti (SQL injection).

Debian-LTS has updated python-tornado (side-channel attack).

openSUSE has updated ansible (13.2: two vulnerabilities), libressl (13.2: multiple vulnerabilities), pdns (13.2, 13.1: denial of service), and rubygem-activesupport-3_2 (13.2, 13.1: denial of service).

Red Hat has updated autofs (RHEL6: privilege escalation), bind (RHEL6: denial of service), curl (RHEL6: multiple vulnerabilities), freeradius (RHEL6: buffer overflow), gnutls (RHEL6: multiple vulnerabilities), grep (RHEL6: two vulnerabilities), hivex (RHEL6: code execution), httpd (RHEL6: access restriction bypass), ipa (RHEL6: cross-site scripting), kernel (RHEL6: multiple vulnerabilities), libreoffice (RHEL6: code execution), libxml2 (RHEL6: denial of service), mailman (RHEL6: two vulnerabilities), net-snmp (RHEL6: denial of service), ntp (RHEL6: multiple vulnerabilities), pacemaker (RHEL6: privilege escalation), pki-core (RHEL6: cross-site scripting), ppc64-diag (RHEL6: two vulnerabilities), python (RHEL6: multiple vulnerabilities), sudo (RHEL6: information disclosure), wireshark (RHEL6: multiple vulnerabilities), and wpa_supplicant (RHEL6: denial of service).

Ubuntu has updated lxc (15.04, 14.10, 14.04: two vulnerabilities) and mysql-5.5, mysql-5.6 (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

Stable kernels 4.1.3 and 4.0.9

Wednesday 22nd of July 2015 05:16:34 AM
The 4.1.3 and 4.0.9 stable kernel releases are available with the usual set of important fixes. Note that 4.0.9 is the last in the 4.0.x series.

[$] Domesticating applications, OpenBSD style

Tuesday 21st of July 2015 08:54:11 PM
One of the many approaches to improving system security consists of reducing the attack surface of a given program by restricting the range of system calls available to it. If an application has no need for access to the network, say, then removing its ability to use the socket() system call should cause no loss in functionality while reducing the scope of the mischief that can be made should that application be compromised. In the Linux world, this kind of sandboxing can be done using a security module or the seccomp() system call. OpenBSD has lacked this capability so far, but it may soon gain it via a somewhat different approach than has been seen in Linux.

"Cloud Native Computing Foundation" launched

Tuesday 21st of July 2015 06:15:23 PM
The Linux Foundation has announced the Cloud Native Computing Foundation. "This new organization aims to advance the state-of-the-art for building cloud native applications and services, allowing developers to take full advantage of existing and to-be-developed open source technologies. Cloud native refers to applications or services that are container-packaged, dynamically scheduled and micro services-oriented. Founding organizations include AT&T, Box, Cisco, Cloud Foundry Foundation, CoreOS, Cycle Computing, Docker, eBay, Goldman Sachs, Google, Huawei, IBM, Intel, Joyent, Kismatic, Mesosphere, Red Hat, Switch SUPERNAP, Twitter, Univa, VMware and Weaveworks. Other organizations are encouraged to participate as founding members in the coming weeks, as the organization establishes its governance model."

Security advisories for Tuesday

Tuesday 21st of July 2015 04:14:33 PM

CentOS has updated bind (C7: denial of service) and thunderbird (C7; C6; C5: multiple vulnerabilities).

Debian-LTS has updated cacti (SQL injection) and cacti (regression in previous update).

Fedora has updated asterisk (F22: SSL server spoofing), bind (F21: denial of service), httpd (F22: multiple vulnerabilities), java-1.8.0-openjdk (F22; F21: multiple vulnerabilities), libunwind (F22: buffer overflow), php-horde-Horde-Auth (F22; F21: multiple vulnerabilities), php-horde-Horde-Core (F22; F21: multiple vulnerabilities), php-horde-Horde-Form (F22; F21: multiple vulnerabilities), php-horde-Horde-Icalendar (F22; F21: multiple vulnerabilities), polkit (F21: multiple vulnerabilities), and squashfs-tools (F21: two vulnerabilities).

Oracle has updated bind (OL7: denial of service) and thunderbird (OL7; OL6: multiple vulnerabilities).

Red Hat has updated bind (RHEL7: denial of service) and thunderbird (RHEL5,6,7: multiple vulnerabilities).

Scientific Linux has updated bind (SL7: denial of service) and thunderbird (SL5,6,7: multiple vulnerabilities).

SUSE has updated mariadb (SLE12: multiple vulnerabilities).

Ubuntu has updated thunderbird (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

Gorman: Continual testing of mainline kernels

Tuesday 21st of July 2015 08:43:43 AM
Mel Gorman introduces SUSE's kernel performance-testing system. "Marvin is a system that continually runs performance-related tests and is named after another robot doomed with repetitive tasks. When tests are complete it generates a performance comparison report that is publicly available but rarely linked. The primary responsibility of this system is to check SUSE Linux for Enterprise kernels for performance regressions but it is also configured to run tests against mainline releases."

Security updates for Monday

Monday 20th of July 2015 06:38:17 PM

Arch Linux has updated apache (multiple vulnerabilities).

Debian has updated freexl (denial of service), mariadb-10.0 (multiple vulnerabilities), mysql-5.5 (multiple vulnerabilities), and tidy (two vulnerabilities).

Debian-LTS has updated groovy (code execution), inspircd (denial of service), libidn (information disclosure), ruby1.9.1 (denial of service), and tidy (two vulnerabilities).

Fedora has updated bind (F22: denial of service), condor (F21: code execution), cups-filters (F21: code execution), drupal7-migrate (F22; F21: cross-site scripting), drupal7-views_bulk_operations (F22; F21: permission bypass), openstack-cinder (F21: file disclosure), pcre (F21: two vulnerabilities), python-keystonemiddleware (F22: certificate verification botch), rawstudio (F22; F21: two vulnerabilities), redis (F22; F21: code execution), squashfs-tools (F22: two vulnerabilities), thunderbird (F22; F21: multiple vulnerabilities), webkitgtk4 (F22: denial of service), and xen (F22; F21: privilege escalation).

Gentoo has updated postgresql (multiple vulnerabilities).

openSUSE has updated flash-player (11.4: two vulnerabilities), libcryptopp (13.2, 13.1: information disclosure), libidn (13.2, 13.1: information disclosure), firefox, thunderbird (11.4: multiple vulnerabilities), rubygem-jquery-rails (13.2, 13.1: CSRF vulnerability), rubygem-rack (13.2, 13.1: denial of service), rubygem-rack-1_3 (13.2, 13.1: denial of service), and rubygem-rack-1_4 (13.2, 13.1: denial of service).

Slackware has updated httpd (multiple vulnerabilities) and php (multiple vulnerabilities).

SUSE has updated firefox, nspr, nss (SLE12; SLES11SP4; SLE11SP3: multiple vulnerabilities) and PHP (SLE11SP3: multiple vulnerabilities).

dgit 1.0 released

Monday 20th of July 2015 06:13:55 AM
Ian Jackson has announced the availability of dgit 1.0. "dgit allows you to treat the Debian archive as if it were a git repository, and get a git view of any package. If you have the appropriate access rights you can do builds and uploads from git, and other dgit users will see your git history."

Kernel prepatch 4.2-rc3

Monday 20th of July 2015 06:08:10 AM
The third 4.2 kernel prepatch is out for testing. Linus says: "Normal Sunday release schedule, and a fairly normal rc release. There was some fallout from the x86 FPU cleanups, but that only hit CPU's with the xsaves instruction, and it should be all good now."

Mozilla Winter of Security is back

Friday 17th of July 2015 10:42:32 PM

At the Mozilla Blog, Julien Vehent announces that Mozilla will be conducting a second round of its "Winter of Security" mentoring program. Aimed at college students, the program allows participants to work on security-related free software for university credit, with guidance provided by Mozilla project members. This year's targeted project list includes some high-profile projects like Let's Encrypt and Mozilla's digital forensics tool MiG. Applications are due August 15.

Friday's security updates

Friday 17th of July 2015 02:53:59 PM

Arch Linux has updated flashplugin (code execution) and lib32-flashplugin (code execution).

Mageia has updated flash-player-plugin (M4, M5: multiple vulnerabilities).

Oracle has updated java-1.7.0-openjdk (O5: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL 5, 6: multiple vulnerabilities), java-1.6.0-sun (RHEL 5, 6, 7: multiple vulnerabilities), java-1.7.0-oracle (RHEL 5, 6, 7: multiple vulnerabilities), and java-1.8.0-oracle (RHEL 5, 6, 7: multiple vulnerabilities).

SUSE has updated flash-player (SLE11; SLE12: multiple vulnerabilities) and php5 (SLE12: multiple vulnerabilities).

Calculating the "truck factor" for GitHub projects

Thursday 16th of July 2015 10:03:30 PM
The idea of a truck or bus factor (or number) has been—morbidly, perhaps—bandied about in development projects for many years. It is a rough measure of how many developers would have to be lost (e.g. hit by a bus) to effectively halt the project. A new paper [PDF] outlines a method to try to calculate this number for various GitHub projects. Naturally, it has its own GitHub project with a description of the methodology used and some of the results. It was found that 46% of the projects looked at had a truck factor of 1, while 28% were at 2. Linux scored the second highest at 90, while the Mac OS X Homebrew package manager had the highest truck factor at 159.

Security updates for Thursday

Thursday 16th of July 2015 02:52:01 PM

CentOS has updated java-1.7.0-openjdk (C7; C6; C5: many vulnerabilities), java-1.8.0-openjdk (C7; C6: many vulnerabilities), and kernel (C6: multiple vulnerabilities, one from 2011).

Debian-LTS has updated python-django (three vulnerabilities).

Fedora has updated cryptopp (F22; F21: information disclosure), drupal7-feeds (F22; F21: three vulnerabilities), rsyslog (F22: denial of service), and springframework (F22; F21: denial of service).

openSUSE has updated bind (13.2; 13.1: three vulnerabilities, one from 2014).

Oracle has updated java-1.7.0-openjdk (OL7; OL6: unspecified), java-1.8.0-openjdk (OL7; OL6: unspecified), kernel 3.8.13 (OL7; OL6: two vulnerabilities), kernel 2.6.39 (OL6; OL5: two vulnerabilities), and kernel 2.6.32 (OL6; OL5: denial of service).

Scientific Linux has updated java-1.7.0-openjdk (SL5; SL6&7: many vulnerabilities), java-1.8.0-openjdk (SL6&7: many vulnerabilities), and kernel (SL6: multiple vulnerabilities, one from 2011).

More in Tux Machines

Latest Ubuntu Touch SDK Updates Focus on Convergence Features for OTA-6

On the last day of July 2015, Canonical's Zoltán Balogh posted an important email on the Ubuntu Touch mailing list, informing us all about the work done lately on the Ubuntu SDK (Software Development Kit) software. Read more

Wifislax 4.11.1 Linux Distro Arrives with Linux Kernel 4.1.3 LTS, Xfce 4.12.3

The developers of the popular Wifislax Linux distribution based on the well-known Slackware operating system and built around the KDE and Xfce desktop environments announced the release of Wifislax 4.11.1. Read more

5 Best Linux Desktop Environments With Pros & Cons


Picture

If you are new to Linux then I'm sure you are giving up lots of time choosing Desktop Environment of your Linux Distribution. You are probably thinking to give a try to each one of them but that's very time consuming. Edit - There are other good DEs also That's why I'm reviewing the 5 Best Linux Desktop Environments with the pros & cons. The article gives you what you should know for choosing a DE. So let's get started!

Redis open source DBMS overview

Redis runs on Linux. Although the Redis project doesn't directly support Windows, Microsoft Open Technologies develops and maintains a Windows port targeting Win64. The Redis open source DBMS is available as a BSD license. The Redis community offers support through the official mailing list as well as #redis on Freenode. Commercial support is available through Pivotal, the official sponsor of Redis. Pivotal offers two levels of professional support. Read more