Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 14 min ago

[$] LWN.net Weekly Edition for August 21, 2014

Thursday 21st of August 2014 01:56:37 AM
The LWN.net Weekly Edition for August 21, 2014 is available.

[$] GNOME development updates from GUADEC

Wednesday 20th of August 2014 07:39:03 PM

A project as large as GNOME consists of enough constituent parts that it can be a challenge just to keep up with the latest developments of the various applications, libraries, and infrastructure efforts. GUADEC 2014 in Strasbourg provided a number of opportunities to get up speed on the various moving pieces. Of course, it is impossible to catch everything at a multi-track event, but there were still quite a few updates worth mentioning.

Security advisories for Wednesday

Wednesday 20th of August 2014 03:41:49 PM

CentOS has updated qemu-kvm (C6: code execution).

Debian has updated cacti (multiple vulnerabilities).

openSUSE has updated gpgme (13.1, 12.3: code execution) and wireshark (13.1: multiple vulnerabilities).

Oracle has updated qemu-kvm (OL6: multiple vulnerabilities).

Red Hat has updated kernel-rt (RHE MRG 2.5: multiple vulnerabilities), openstack-neutron (RHEL OSP 4.0: denial of service), and thermostat1-httpcomponents-client (RHSC1: SSL server spoofing).

Ubuntu has updated openjdk-7 (14.04 LTS: multiple vulnerabilities).

[$] The 2014 Kernel Summit

Wednesday 20th of August 2014 02:37:13 PM
The 2014 Kernel Summit was held on August 18-20 in Chicago, IL, USA. Reports from the first day's session are now available to LWN subscribers. Topics covered range from I/O memory management units to the stable and linux-next trees, to performance regressions and code review. Click below (subscribers only) for access to the full set of articles.

Linux Kernel Git Repositories Add 2-Factor Authentication (Linux.com)

Tuesday 19th of August 2014 05:47:45 PM
Linux.com takes a look at using 2-factor authentication for commit access to kernel git repositories. "Having the technology available is one thing, but how to incorporate it into the kernel development process -- in a way that doesn't make developers' lives painful and unbearable? When we asked them, it became abundantly clear that nobody wanted to type in 6-digit codes every time they needed to do a git remote operation. Where do you draw the line between security and usability in this case? We looked at the options available in gitolite, the git repository management solution used at kernel.org, and found a way that allowed us to trigger additional checks only when someone performed a write operation, such as "git push." Since we already knew the username and the remote IP address of the developer attempting to perform a write operation, we put together a verification tool that allowed developers to temporarily whitelist their IP addresses using their 2-factor authentication token."

Security advisories for Tuesday

Tuesday 19th of August 2014 03:16:06 PM

CentOS has updated nss-util (C7: incorrect wildcard certificate handling), nss-softokn (C7: incorrect wildcard certificate handling), and nss (C7: incorrect wildcard certificate handling).

Fedora has updated kernel (F19: multiple vulnerabilities) and samba (F19: remote code execution/privilege escalation).

Oracle has updated nss, nss-util, nss-softokn (OL7: incorrect wildcard certificate handling).

Red Hat has updated qemu-kvm (RHEL6: multiple vulnerabilities).

Scientific Linux has updated qemu-kvm (SL6: multiple vulnerabilities).

SUSE has updated flash-player (SLED11 SP3: multiple vulnerabilities).

Ubuntu has updated openssl (10.04 LTS: regression in previous update).

Coghlan: Why Python 4.0 won't be like Python 3.0

Tuesday 19th of August 2014 02:47:28 PM
Python core developer Nick Coghlan seeks to dispel worries that an eventual Python 4.0 release will be as disruptive as 3.0 was. "Why mention this point? Because this switch to 'Unicode by default' is the most disruptive of the backwards incompatible changes in Python 3 and unlike the others (which were more language specific), it is one small part of a much larger industry wide change in how text data is represented and manipulated. With the language specific issues cleared out by the Python 3 transition, a much higher barrier to entry for new language features compared to the early days of Python and no other industry wide migrations on the scale of switching from 'binary data with an encoding' to Unicode for text modelling currently in progress, I can't see any kind of change coming up that would require a Python 3 style backwards compatibility break and parallel support period."

An md/raid6 data corruption bug

Tuesday 19th of August 2014 02:15:55 PM
Neil Brown, the MD maintainer, has sent out an alert for a bug which, in fairly abnormal conditions, can lead to data loss on an MD-hosted RAID6 array. "There is no risk to an optimal array or a singly-degraded array. There is also no risk on a doubly-degraded array which is not recovering a device or is not receiving write requests." RAID6 users will likely want to apply the patch, though, which is likely to show up in the next stable kernel update from distributors.

The Linux Foundation Technical Advisory Board election

Monday 18th of August 2014 08:47:48 PM
The election for half of the members of the Linux Foundation's Technical Advisory board will be held 8:00PM, August 20, at the Kernel Summit/LinuxCon joint reception. As of this writing, there are fewer candidates than open positions. Anybody interested in serving on the TAB is encouraged to make their interest known prior to the election time and, if possible, attend the election.

Monday's security updates

Monday 18th of August 2014 03:37:01 PM

Debian has updated xen (multiple vulnerabilities).

Fedora has updated 389-ds-base (F20: information disclosure), iodine (F19; F20: authentication bypass), kernel (F20: multiple vulnerabilities), krfb (F19; F20: denial of service), pixman (F20: denial of service), and tboot (F19; F20: boot chain bypass).

Gentoo has updated libmodplug (multiple vulnerabilities).

Mageia has updated 389-ds-base (information disclosure), dhcpcd (denial of service), flash-player-plugin (multiple vulnerabilities), kernel-linus (M3; M4: multiple vulnerabilities), kernel-tmb (M3; M4: multiple vulnerabilities), and kernel-vserver (multiple vulnerabilities).

openSUSE has updated flash-player (11.4: multiple vulnerabilities).

Red Hat has updated nss, nss-util, nss-softokn (RHEL7: incorrect certificate handling).

SUSE has updated krb5 (code execution).

Ubuntu has updated kernel (14.04: multiple vulnerabilities) and linux-lts-trusty (12.04: multiple vulnerabilities).

Kernel prepatch 3.17-rc1

Saturday 16th of August 2014 07:27:24 PM
Linus has released 3.17-rc1 and closed the merge window for this release. He had suggested that the merge window could be extended, but that's not how things turned out. "I'm going to be on a plane much of tomorrow, and am not really supportive of last-minute pull requests during the merge window anyway, so I'm closing the merge window one day early, and 3.17-rc1 is out there now."

Ten years of OpenStreetMap (O'Reilly Radar)

Friday 15th of August 2014 09:11:40 PM

O'Reilly Radar has posted a retrospective look at the OpenStreetMap (OSM) project on the occasion of OSM's ten-year anniversary. Tyler Bell calls the project "the most significant development in the Open Geo Data movement" outside of GPS; noting that before OSM's creation, "map data sources were few, and largely controlled by a small collection of private and governmental players. The scarcity of map data ensured that it remained both expensive and highly restrictive, and no one but the largest navigation companies could use map data." Particularly interesting are the various comparisons between the state of the map in 2007 and today; the project's 1.5 million registered users do not seem to be slowing down, even if today's emphasis has shifted somewhat to less-visible features: "nodes are getting connected and turn restrictions added to facilitate navigation, while addresses are being sourced to help with geocoding and place finding."

Friday's security updates

Friday 15th of August 2014 03:29:52 PM

Fedora has updated gd (F20: denial of service), httpd (F19: multiple vulnerabilities), krb5 (F20: code execution), python-bottle (F19; F20: remote code execution), tor (F19; F20: traffic confirmation), transmission (F19: code execution), and v8 (F19: denial of service).

Ubuntu has updated serf (12.04, 14.04: information leak) and subversion (12.04, 14.04: multiple vulnerabilities).

Riddell: Upstream and Downstream: why packaging takes time

Thursday 14th of August 2014 05:15:49 PM
Kubuntu developer Jonathan Riddell looks at packaging all of the pieces of KDE on his blog. His perspective is, of course, Kubuntu-focused, but the comments contain lengthy responses from Fedora and openSUSE KDE packagers, which makes for a good look at the work distributions put into packaging a huge code base like KDE. "Much of what we package are libraries and if one small bit changes in the library, any applications which use that library will crash. This is ABI and the rules for binary [compatibility] in C++ are nuts. Not infrequently someone in KDE will alter a library ABI without realising. So we maintain symbol files to list all the symbols, these can often feel like more trouble than they're worth because they need updated when a new version of GCC produces different symbols or when symbols disappear and on investigation they turn out to be marked private and nobody will be using them anyway, but if you miss a change and apps start crashing as nearly happened in KDE PIM last week then people get grumpy." (Thanks to Robie Basak.)

Five new stable kernels

Thursday 14th of August 2014 04:08:14 PM
Greg Kroah-Hartman has announced the release of five new stable kernels: 3.16.1, 3.15.10, 3.14.17, 3.10.53, and 3.4.103. As usual, each has important fixes and users should upgrade. In addition, this is the last 3.15.x release, so users should be switching to the 3.16 series.

Security advisories for Thursday

Thursday 14th of August 2014 03:52:21 PM

CentOS has updated openssl (C7; C6; C5: multiple vulnerabilities).

Debian has updated gpgme1.0 (code execution).

Gentoo has updated adobe-flash (multiple vulnerabilities), catfish (multiple privilege escalations), and libpng (three vulnerabilities, two from 2013).

openSUSE has updated flash-player (13.1, 12.3: multiple vulnerabilities).

Oracle has updated openssl (OL7; OL6; OL5: multiple vulnerabilities).

Red Hat has updated openssl (RHEL6&7; RHEL5: multiple vulnerabilities).

Scientific Linux has updated openssl (SL6; SL5: multiple vulnerabilities).

[$] LWN.net Weekly Edition for August 14, 2014

Thursday 14th of August 2014 01:03:17 AM
The LWN.net Weekly Edition for August 14, 2014 is available.

[$] Lessons from the Novena laptop project

Wednesday 13th of August 2014 05:49:06 PM

Flock is the annual conference for the Fedora distribution, but, like most free-software events, the program draws on a wide range of projects. At this year's event in Prague, keynote speaker Sean Cross spoke about his work on the Novena laptop project—including some speculation as to why it is succeeding in the demonstrably harsh space of open hardware products. Cross told the audience he hoped to get Fedora running on Novena (which runs Debian only at the moment) over the course of the conference, but he also hoped that the Novena story would be a helpful and informative tale for others undertaking a difficult, large-scale task—such as building a distribution.

Wednesday's security updates

Wednesday 13th of August 2014 02:44:45 PM

Red Hat has updated flash-plugin (multiple vulnerabilities) and openstack-ceilometer (RHEL OpenStack Platform: privilege escalation).

Ubuntu has updated kernel (14.04: denial of service), linux-lts-trusty (12.04: denial of service), and openjdk-6 (10.04, 12.04: multiple vulnerabilities).

The Linux Plumbers Conference is almost full

Tuesday 12th of August 2014 09:29:11 PM
The 2014 Linux Plumbers Conference (October 15-17, Düsseldorf, Germany) has sent out an advisory that the registration limit is about to be reached. "We are very rapidly approaching our attendance limit, this year faster than in any past editions of the conference. We expect that the conference general registration will be sold out soon, possibly even within a few days. If you have a vested interest in participating in the discussions, please register now, to guarantee that you will obtain a ticket for the conference."

Also, the conference is seeking submissions for Microconference discussion and BOF topics.

More in Tux Machines

Today in Techrights

today's leftovers

Leftovers: Gaming

  • Company of Heroes 2 Might Be Coming Out For Linux
    While last year developers on the Company of Heroes 2 game said a Linux port was unlikely, recent Steam activity indicates that a Linux port is likely in the works. Company of Heroes 2 is a World War II set real-time strategy game developed by Relic Entertainment and sequel to the original Company of Heroes game. The Company of Heroes 2 title is powered by the Essence 3.0 Game Engine, which is proprietary to Relic Entertainment, uses a DirectX renderer, and designed around Windows. Company of Heroes 2 was released last summer for Microsoft Windows and is available on Steam.
  • Metro 2033 Redux Will Hopefully Hit Linux Real Soon
  • Sid Meier's Civilization: Beyond Earth for Linux No Longer Has a Release Date
    Sid Meier's Civilization: Beyond Earth, the next game in the Civilization series developed by Firaxis, no longer has a Linux launch date. When 2K Games and Firaxis announced that the upcoming Sid Meier's Civilization: Beyond Earth launch will also include a Linux version, gamers were ecstatic. This was supposed to be the silver bullet for the Linux platform, but it looks like we're going to be skipped.
  • Civilization: Beyond Earth for Mac has been postponed indefinitely
  • SteamOS Beta 133 Released
    Besides the normal security fixes, this release features a newer Linux kernel (no specifics) that boasts more network drivers and better Intel graphics performance. On top of that this release also features the Nvidia 340.32 drivers which fixes some of the white screen bugs when switching between modes.
  • SteamOS Update 133 Has Better Intel Performance, VA-API
    Valve released this morning the 133 update to the SteamOS Alchemist Beta. With this update comes new packages and other updates.
  • Crystal Picnic, A Colourful 2D RPG Released
    Crystal Picnic is a lighthearted and colourful tribute to the classic era of action RPGs! Join a sarcastic gardener and a wannabe knight as they journey across the kingdom chasing after ants who stole magic crystals from the castle. Oh, and did we mention the ants have gone mad because they're EATING those crystals? Yeah, that makes things much more unpredictable! Hours of exploration, mesmerizing platform-style combat, plenty of new friends to meet and loads of wacky enemies to encounter. When you fight chubby birds and ants carrying bazookas, you know you're in for a good time!
  • Metro 2033 Redux Shows Up in the Steam for Linux Database
    Metro 2033 Redux, a remake of the original Metro 2033 FPS released back in 2010, will be getting a Linux release on Steam for Linux. The developers from 4A Games have reworked the original title and they have introduced high resolution textures and new effects. In addition to that, they have reworked a number of gameplay aspects too. All of these have been done to get the game ready for Xbox One and PlayStation 4. They didn't ignored the PC, and Steam users will also be able to enjoy the game in a new coat.
  • Team Fortress 2 Receives Update with Important Balancing Changes

Linux on the desktop isn't dead

At LinuxCon this year, the creator of Linux, Linus Torvalds, was asked what he wanted for Linux. His response? "The desktop." For years, the call to Linux action was "World Domination." In certain markets, this has happened (think Linux helping to power Android and Chrome OS). On the desktop, however, Linux still has a long, long way to go. Wait... that came out wrong. I don't mean "Linux has a long, long way to go before it's ready for the desktop." What I meant to say is something more akin to "Linux is, in fact, desktop ready... it just hasn't found an inroad to the average consumer desktop." Read more