Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 5 hours 3 min ago

FontForge release

Wednesday 5th of October 2016 08:48:07 PM
There's a new release of FontForge available. "This release introduces a new icon set, new functionality for custom icon selection graphics, support for GlyphOrderAndAliasDB files, and support for Unicode 9.0."

Security advisories for Wednesday

Wednesday 5th of October 2016 04:06:41 PM

CentOS has updated kernel (C6: two vulnerabilities).

Debian has updated icedove (multiple vulnerabilities) and libav (multiple vulnerabilities).

Debian-LTS has updated libav (multiple vulnerabilities).

Fedora has updated gd (F23: denial of service) and links (F24; F23: anonymity leak).

openSUSE has updated flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso (Leap42.1: buffer overflow), mariadb (Leap42.1: SQL injection/privilege escalation), and php5 (Leap42.1: multiple vulnerabilities).

Oracle has updated kernel (OL6: three vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and kernel (RHEL6: two vulnerabilities).

Scientific Linux has updated thunderbird (SL5,6,7: multiple vulnerabilities).

Ubuntu has updated php5, php7.0 (multiple vulnerabilities).

MOSS supports four more open source projects

Tuesday 4th of October 2016 09:35:19 PM
The Mozilla Open Source Support (MOSS) program has awarded $300,000 to four projects this quarter. "On the Foundational Technology track, we awarded $100,000 to Redash, a tool for building visualizations of data for better decision-making within organizations, and $50,000 to Review Board, software for doing web-based source code review. Both of these pieces of software are in heavy use at Mozilla. We also awarded $100,000 to Kea, the successor to the venerable ISC DHCP codebase, which deals with allocation of IP addresses on a network. Mozilla uses ISC DHCP, which makes funding its replacement a natural move even though we haven’t deployed it yet. On the Mission Partners track, we awarded $56,000 to Speech Rule Engine, a code library which converts mathematical markup into vocalised form (speech) for the sight-impaired, allowing them to fully appreciate mathematical and scientific content on the web." (Thanks to Paul Wise)

Plasma 5.8 LTS is out

Tuesday 4th of October 2016 08:24:53 PM
KDE has released Plasma 5.8. "This marks the point where the developers and designers are happy to recommend Plasma for the widest possible audience be they enterprise or non-techy home users. If you tried a KDE desktop previously and have moved away, now is the time to re-assess, Plasma is simple by default, powerful when needed." Plasma 5.8 is KDE's first Long Term Support release. The changelog has the details.

Mageia thanks long time contributor and friend

Tuesday 4th of October 2016 04:35:03 PM
The Mageia project remembers Thomas Spuhler who died in September. "Thomas had been contributing to Mageia, and Mandriva before that, since 2009 as a packager, and much earlier already partaking in email discussions and bug reports. His packaging interests were mostly web and server-related components, for which his contributions were invaluable. He had to step back from his Mageia responsibilities in early August due to his health condition."

Tuesday's security advisories

Tuesday 4th of October 2016 03:58:51 PM

Arch Linux has updated hostapd (two vulnerabilities) and systemd (denial of service).

CentOS has updated thunderbird (C7; C6; C5: code execution).

Debian has updated libdbd-mysql-perl (denial of service).

Fedora has updated bind99 (F24: denial of service), mariadb (F23: SQL injection/privilege escalation), and mongodb (F23: information disclosure).

Mageia has updated bind (denial of service), chromium-browser-stable (multiple vulnerabilities), freerdp (denial of service), libcryptopp (information disclosure), and python-django (cross-site request forgery).

openSUSE has updated chromium (Leap42.1, 13.2; SPH for SLE12: multiple vulnerabilities), glibc (13.2: denial of service), and php5 (13.2: multiple vulnerabilities).

Oracle has updated thunderbird (OL7; OL6: code execution).

Red Hat has updated thunderbird (RHEL5,6,7: code execution).

SUSE has updated firefox (SLE12-SP1; SLE11-SP2: multiple vulnerabilities).

Two Arduinos become one (Arduino Blog)

Monday 3rd of October 2016 06:09:51 PM
The schism between two Arduino companies (that we covered in March 2015) has apparently been settled. The poster child for the open hardware movement is now under one company "Arduino Holding" and a new not-for-profit Arduino Foundation has been started. "Massimo Banzi, Co-Founder of Arduino LLC, commented, 'Today is one of the best days in Arduino history. This allows us to start a new course for Arduino made of constructive dialogue and disruptive innovation in the education, Makers and IoT fields. The Arduino Foundation will allow us to champion the core values of the Arduino Community within the open-source ecosystem and to make our commitment to open-source stronger than ever. This is really a new beginning for Arduino!'" (Thanks to Paul Wise.)

Security updates for Monday

Monday 3rd of October 2016 05:38:41 PM

Debian has updated c-ares (code execution), chromium-browser (MV), and wordpress (regression in previous security update).

Debian-LTS has updated ruby-activerecord-3.2 (access restriction bypass).

Fedora has updated bash (F24: code execution), bind (F24: denial of service), community-mysql (F23: unspecified), nodejs-tough-cookie (F23: denial of service), openjpeg2 (F24: denial of service), openssh (F24: null pointer dereference), pdns (F23: denial of service), and systemd (F24: denial of service).

Scientific Linux has updated python-twisted-web (SL7&6: HTTP proxy redirect).

Slackware has updated thunderbird (unspecified).

Ubuntu has updated pillow (14.04: regression in previous security update).

The 4.8 kernel has been released

Monday 3rd of October 2016 01:04:23 AM
Linus Torvalds has announced the availability of the 4.8 kernel: "So the last week was really quiet, which maybe means that I could probably just have skipped rc8 after all. Oh well, no real harm done." Some of the headline changes in this release include support for transparent huge pages in the tmpfs filesystem, a new formatted documentation subsystem and a number of documentation changes to match, a new timeout subsystem that should address the latency problems experienced by its predecessor, continued work on the express data path for high-performance network routing, build-system improvements allowing the use of GCC plugins, the hardened usercopy security work, and much more. The KernelNewbies 4.8 page is still under construction as of this writing, but should contain lots of details in the near future.

[$] Why kernel development still uses email

Saturday 1st of October 2016 09:19:09 PM
In a world full of fancy development tools and sites, the kernel project's dependence on email and mailing lists can seem quaintly dated, if not positively prehistoric. But, as Greg Kroah-Hartman pointed out in a Kernel Recipes talk titled "Patches carved into stone tablets", there are some good reasons for the kernel community's choices. Rather than being a holdover from an older era, email remains the best way to manage a project as large as the kernel.

Varda: The Mysterious Fiber Bomb Problem: A Debugging Story

Friday 30th of September 2016 10:58:08 PM
Over at the Sandstorm Blog, project founder Kenton Varda relates a debugging war story. Sandstorm web servers would mysteriously peg the CPU around once a week, slowing request processing to a crawl, seemingly at random. "Obviously, we needed to take a CPU profile while the bug was in progress. Of course, the bug only reproduced in production, therefore we’d have to take our profile in production. This ruled out any profiling technology that would harm performance at other times – so, no instrumented binaries. We’d need a sampling profiler that could run on an existing process on-demand. And it would have to understand both C++ and V8 Javascript. (This last requirement ruled out my personal favorite profiler, pprof from google-perftools.) Luckily, it turns out there is a correct modern answer: Linux’s “perf” tool. This is a sampling profiler that relies on Linux kernel APIs, thus not requiring loading any code into the target binary at all, at least for C/C++. And for Javascript, it turns out V8 has built-in support for generating a “perf map”, which tells the tool how to map JITed code locations back to Javascript source: just pass the --perf_basic_prof_only_functions flag on the Node command-line. This flag is safe in production – it writes some data to disk over time, but we rebuild all our VMs weekly, so the files never get large enough to be a problem."

Friday's security advisories

Friday 30th of September 2016 05:58:53 PM

Arch Linux has updated c-ares (code execution) and wordpress (multiple vulnerabilities).

CentOS has updated python-twisted-web (C7; C6: HTTP proxy redirect).

Debian has updated wordpress (multiple vulnerabilities).

Debian-LTS has updated chicken (two vulnerabilities), firefox-esr (regression in previous security update), icedove (multiple vulnerabilities), and ruby-activesupport-3.2 (access restriction bypass).

Fedora has updated curl (F23: code execution) and php-adodb (F24; F23: SQL injection).

openSUSE has updated libgcrypt (42.1: flawed random number generation), openjpeg (42.1: denial of service), and postgresql93 (13.2: two vulnerabilities).

Oracle has updated python-twisted-web (OL7; OL6: HTTP proxy redirect).

Red Hat has updated python-twisted-web (RHEL7&6: HTTP proxy redirect).

SUSE has updated pidgin (SLE11: multiple vulnerabilities) and postgresql94 (SLE11: two vulnerabilities).

Stable kernels 4.7.6 and 4.4.23

Friday 30th of September 2016 09:17:41 AM
Greg Kroah-Hartman has released the 4.7.6 and 4.4.23 stable kernels with the usual set of important fixes.

Security updates for Thursday

Thursday 29th of September 2016 06:39:57 PM

CentOS has updated bind (C7; C6; C5: denial of service), bind97 (C5: denial of service), kvm (C5: two vulnerabilities), and openssl (C7; C6: multiple vulnerabilities).

Fedora has updated vfrnav (F24: unspecified).

Oracle has updated bind (OL7; OL6; OL5: denial of service) and bind97 (OL5: denial of service).

Scientific Linux has updated bind (denial of service), bind97 (SL5: denial of service), kvm (SL5: two vulnerabilities), and openssl (SL7&6: multiple vulnerabilities).

SUSE has updated postgresql93 (SLE12: two vulnerabilities) and postgresql94 (SLE12: two vulnerabilities).

Ubuntu has updated clamav (16.04, 14.04, 12.04: three code execution flaws), samba (16.04, 14.04: crypto downgrade), and systemd (16.04: denial of service).

Qubes OS 3.2 released

Thursday 29th of September 2016 02:20:53 PM
Version 3.2 of the Qubes OS distribution is available. "This is an incremental improvement over the 3.1 version that we released earlier this year. A lot of work went into making this release more polished, more stable and easier to use than our previous releases." Changes include a new management infrastructure, the ability to assign individual USB devices to virtual machines and a switch to the Xfce4 desktop. See the release notes for details.

PostgreSQL 9.6 released

Thursday 29th of September 2016 02:04:31 PM
The PostgreSQL 9.6 release is available. "This release will allow users to both scale up and scale out high performance database workloads. New features include parallel query, synchronous replication improvements, phrase search, and improvements to performance and usability, as well as many more features." See the announcement text and the release notes for more information.

[$] Weekly Edition for September 29, 2016

Thursday 29th of September 2016 01:12:29 AM
The Weekly Edition for September 29, 2016 is available.

Debian Project mourns the loss of Kristoffer H. Rose

Wednesday 28th of September 2016 04:27:21 PM
Ana Guerrero Lopez sadly reports that Kristoffer H. Rose died on September 17. "Kristoffer was a Debian contributor from the very early days of the project, and the upstream author of several packages that are still in the Debian archive nowadays, such as the LaTeX package Xy-pic and FlexML. On his return to the project after several years' absence, many of us had the pleasure of meeting Kristoffer during DebConf15 in Heidelberg. The Debian Project honours his good work and strong dedication to Debian and Free Software. Kristoffer's broad technical knowledge and his ability to share that knowledge with others will be missed. The contributions of Kristoffer will not be forgotten, and the high standards of his work will continue to serve as an inspiration to others."

Security advisories for Wednesday

Wednesday 28th of September 2016 04:19:04 PM

Arch Linux has updated bind (denial of service), lib32-openssl (denial of service), and openssl (denial of service).

Debian has updated bind9 (two denial of service flaws).

Fedora has updated jansson (F24; F23: denial of service) and openssl (F24: multiple vulnerabilities).

Mageia has updated autotrace (code execution), firefox/rootcerts/nss (multiple vulnerabilities), gnutls (certificate verification bypass), graphicsmagick (multiple vulnerabilities), pdns (three denial of service flaws), thunderbird (multiple vulnerabilities), wget (two vulnerabilities), and zookeeper (buffer overflow).

openSUSE has updated bind (Leap42.1, 13.2: denial of service), freerdp (Leap42.1; 13.2: two vulnerabilities), and openssl (Leap42.1: multiple vulnerabilities).

Oracle has updated kvm (OL5: two vulnerabilities) and openssl (OL7; OL6: multiple vulnerabilities).

Red Hat has updated bind (RHEL5,6,7: denial of service), bind97 (RHEL5: denial of service), kernel (RHEL6.6: information leak), and kvm (RHEL5: two vulnerabilities).

Slackware has updated bind (denial of service).

SUSE has updated bind (SLE12-SP1; SLES12; SOSC5, SMP2.1, SM2.1, SLE11-SP4: denial of service), mariadb (SLE12-SP1; SLES12: SQL injection/privilege escalation), openssl (SLE12-SP1: multiple vulnerabilities), and php5 (SLESDK12-SP1, SLEM12: multiple vulnerabilities).

Ubuntu has updated bind9 (denial of service) and Pillow (14.04: multiple vulnerabilities).

Firefox OS, B2G OS, and Gecko

Tuesday 27th of September 2016 06:31:07 PM
Ari Jaaksi and David Bryant posted a note to the B2G (Boot to Gecko) OS community looking at the end of Firefox OS development and at what happens to the code base going forward. "In the spring and summer of 2016 the Connected Devices team dug deeper into opportunities for Firefox OS. They concluded that Firefox OS TV was a project to be run by our commercial partner and not a project to be led by Mozilla. Further, Firefox OS was determined to not be sufficiently useful for ongoing Connected Devices work to justify the effort to maintain it. This meant that development of the Firefox OS stack was no longer a part of Connected Devices, or Mozilla at all. Firefox OS 2.6 would be the last release from Mozilla. Today we are announcing the next phase in that evolution. While work at Mozilla on Firefox OS has ceased, we very much need to continue to evolve the underlying code that comprises Gecko, our web platform engine, as part of the ongoing development of Firefox. In order to evolve quickly and enable substantial new architectural changes in Gecko, Mozilla’s Platform Engineering organization needs to remove all B2G-related code from mozilla-central. This certainly has consequences for B2G OS. For the community to continue working on B2G OS they will have to maintain a code base that includes a full version of Gecko, so will need to fork Gecko and proceed with development on their own, separate branch." (Thanks to Paul Wise)

More in Tux Machines

Leftovers: OSS and Sharing

  • Google’s Open Source Report Card Highlights Game-Changing Contributions
    Ask people about Google’s relationship to open source, and many of them will point to Android and Chrome OS — both very successful operating systems and both based on Linux. Android, in particular, remains one of the biggest home runs in open source history. But, as Josh Simmons from Google’s Open Source Programs Office will tell you, Google also contributes a slew of useful open source tools and programs to the community each year. Now, Google has issued its very first “Open Source Report Card,” as announced by Simmons on the Google Open Source Blog. "We're sharing our first Open Source Report Card, highlighting our most popular projects, sharing a few statistics and detailing some of the projects we've released in 2016. We've open sourced over 20 million lines of code to date and you can find a listing of some of our best known project releases on our website," said Simmons.
  • Nino Vranešič: Open Source Advocate and Mozilla Rep in Slovenia
    “My name is Nino Vranešič and I am connecting IT and Society,” is what Nino says about himself on LinkedIn. The video is a little hard to understand in places due to language differences and (we think) a slow or low-bandwidth connection between the U.S.-based Zoom servers and Eastern Europe, a problem that crops up now and then in video conversation and VOIP phone calls with people in that part of the world, no matter what service you choose. But Vranešič is worth a little extra effort to hear, because it’s great to learn that open source is being used in lots of government agencies, not only in Slovenia but all over Europe. And aside from this, Vranešič himself is a tres cool dude who is an ardent open source volunteer (“Mozilla Rep” is an unpaid volunteer position), and I hope I have a chance to meet him F2F next time he comes to a conference in Florida — and maybe you’ll have a chance to meet him if he comes to a conference near you.
  • MySQL and database programming for beginners
    Dave Stokes has been using MySQL for more than 15 years and has served as its community manager since 2010. At All Things Open this year, he'll give a talk about database programming for newbies with MySQL. In this interview, he previews his talk and shares a few helpful resources, required skills, and common problems MySQL beginners run into.
  • Nadella's trust talk is just so much hot air
    Microsoft chief executive Satya Nadella appears to have an incredibly short memory. Else he would be the last person who talks about trust being the most pressing issue in tech in our times. Over the last year, we have been treated to a variety of cheap tricks by Microsoft, attempting to hoodwink Windows users left, right and centre in order to get them to upgrade to Windows 10. After that, talking about trust sounds odd. Very odd. Microsoft does not have the best reputation among tech companies. It is known for predatory practices, for being convicted as a monopolist, and in recent times has been trying to cultivate a softer image as a company that is not as rapacious as it once was. That has, in large measure, come about as its influence and rank in the world of computing have both slipped, with other companies like Apple, Facebook and Google coming to dominate.
  • If you wish, you may rebuild all dports to use non-base SSL library of your choice
  • DragonFlyBSD Continues LibreSSL Push, OpenSSL To Be Dropped
    DragonFlyBSD is now defaulting to LibreSSL throughout its operating system stack and is planning to completely remove OpenSSL in the near future. Last month DragonFlyBSD began using LibreSSL by default while that effort has continued. OpenSSL is no longer being built by default and in about one month's time the OpenSSL support will be completely stripped from the DragonFly tree.
  • Ranking the Web With Radical Transparency
    Ranking every URL on the web in a transparent and reproducible way is a core concept of the Common Search project, says Sylvain Zimmer, who will be speaking at the upcoming Apache: Big Data Europe conference in Seville, Spain. The web has become a critical resource for humanity, and search engines are its arbiters, Zimmer says. However, the only search engines currently available are for-profit entities, so the Common Search project is creating a nonprofit engine that is open, transparent, and independent. We spoke with Zimmer, who founded Jamendo, dotConferences, and Common Search, to learn more about why nonprofit search engines are important, why Apache Spark is such a great match for the job, and some of the challenges the project faces.
  • A look inside the 'blinky flashy' world of wearables and open hardware
    While looking at the this year's All Things Open event schedule, a talk on wearables and open hardware caught my eye: The world of the blinky flashy. Naturally, I dug deeper to learn what it was all about.
  • Why Perl is not use for new development , most of time use for maintenance and support projects ?
    There has been a tendency amongst some companies to play a “wait and see” attitude towards Perl, but the Perl market appears to have stabilized in the past couple of years and more companies appear to be returning to Perl. As one of our clients explained to me when I asked why they chose Perl “We’re tired of being bitten by hype.”

And More Security Leftovers

  • The NyaDrop Trojan for Linux-running IoT Devices
  • Flaw resides in BTB helps bypass ASLR
  • Thoughts on the BTB Paper
    Though the attack might have some merits with regards to KASLR, the attack on ASLR is completely debunked. The authors of the paper didn't release any supporting code or steps for independent analysis and verification. The results, therefore, cannot be trusted until the authors fully open source their work and the work is validated by trusted and independent third parties.
  • Spreading the DDoS Disease and Selling the Cure
    Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September. That attack came in apparent retribution for a story here which directly preceded the arrest of two Israeli men for allegedly running an online attack for hire service called vDOS. Turns out, the site where the Mirai source code was leaked had some very interesting things in common with the place vDOS called home.

Blockchain and FOSS

Ubuntu Leftovers

  • Celebrating 12 years of Ubuntu
    Founder Mark Shuttleworth announced the first public release of Ubuntu – version 4.10, or “Warty Warthog” – on Oct. 20, 2004. The idea behind what would become the most recognizable and widely used Linux distributions ever was simple – create a Linux operating system that anybody could use. Here’s a look back at Ubuntu’s history.
  • Happy 12th Birthday, Ubuntu!
    Yup, it’s twelve years to the day since Mark Shuttleworth sat down to tap out the first Ubuntu release announcement and herald in an era of “Linux for human beings”.
  • A Slice of Ubuntu
    The de facto standard for Raspberry Pi operating systems is Raspbian–a Debian based distribution specifically for the diminutive computer. Of course, you have multiple choices and there might not be one best choice for every situation. It did catch our eye, however, that the RaspEX project released a workable Ubunutu 16.10 release for the Raspberry Pi 2 and 3. RaspEX is a full Linux Desktop system with LXDE (a lightweight desktop environment) and many other useful programs. Firefox, Samba, and VNC4Server are present. You can use the Ubuntu repositories to install anything else you want. The system uses kernel 4.4.21. You can see a review of a much older version of RaspEX in the video below.
  • Download Ubuntu Yakkety Yak 16.10 wallpaper
    The Yakkety Yak 16.10 is released and now you can download the new wallpaper by clicking here. It’s the latest part of the set for the Ubuntu 2016 releases following Xenial Xerus. You can read about our wallpaper visual design process here.
  • Live kernel patching from Canonical now available for Ubuntu 16.04 LTS
    We are delighted to announce the availability of a new service for Ubuntu which any user can enable on their current installations – the Canonical Livepatch Service. This new live kernel patching service can be used on any Ubuntu 16.04 LTS system (using the generic Linux 4.4 kernel) to minimise unplanned downtime and maintain the highest levels of security.
  • How to enable free 'Canonical Livepatch Service' for Linux kernel live-patching on Ubuntu
    Linux 4.0 introduced a wonderful feature for those that need insane up-time -- the ability to patch the kernel without rebooting the machine. While this is vital for servers, it can be beneficial to workstation users too. Believe it or not, some home users covet long up-time simply for fun -- bragging rights, and such. If you are an Ubuntu 16.04 LTS user (with generic Linux kernel 4.4) and you want to take advantage of this exciting feature, I have good news -- it is now conveniently available for free! Unfortunately, this all-new Canonical Livepatch Service does have a catch -- it is limited to three machines per user. Of course, home users can register as many email addresses as they want, so it is easy to get more if needed. Businesses can pay for additional machines through Ubuntu Advantage. Want to give it a go? Read on. "Since the release of the Linux 4.0 kernel about 18 months ago, users have been able to patch and update their kernel packages without rebooting. However, until now, no other Linux distribution has offered this feature for free to their users. That changes today with the release of the Canonical Livepatch Service", says Tom Callway, Director of Cloud Marketing, Canonical.
  • KernelCare Is Another Alternative To Canonical's Ubuntu Live Kernel Patching
    Earlier this week Canonical announced their Kernel Livepatching Service for Ubuntu 16.04 LTS users. Canonical's service is free for under three systems while another alternative for Ubuntu Linux users interested in a commercial service is CloudLinux's KernelCare. The folks from CloudLinux wrote in to remind us of their kernel patching solution, which they've been offering since 2014 and believe is a superior solution to Canonical's service. KernelCare isn't limited to just Ubuntu 16.04 but also works with Ubuntu 14.04 and other distributions such as CentOS/RHEL, Debian, and other enterprise Linux distributions.