Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 22 min ago

Anbox - Android in a Box

Wednesday 12th of April 2017 07:35:54 PM
Simon Fels introduces his Anbox (Android in a Box) project, which uses LXC containers to bring Android applications to your desktop. "Anbox uses Linux namespaces (user, network, cgroup, pid, ..) to isolate the Android operating system from the host. For Open GL ES support Anbox takes code parts from the Android emulator implementation to serialize the command stream and send it over to the host where it is mapped on existing Open GL or Open GL ES implementations." Anbox is still pre-alpha so expect crashes and instability.

[$] Network security in the microservice environment

Wednesday 12th of April 2017 07:31:39 PM
We have seen that a microservice architecture is intimately tied to the use of a TCP/IP network as the interconnecting fabric, so when Bernard Van De Walle from Aporeto gave a talk at CloudNativeCon and KubeCon Europe 2017 on why we shouldn't bother securing that network, it seemed a pretty provocative idea.

Nginx 1.12 Released

Wednesday 12th of April 2017 07:27:08 PM
The Nginx web server version 1.12 has been released, "incorporating new features and bug fixes from the 1.11.x mainline branch - including variables support and other improvements in the stream module, HTTP/2 fixes, support for multiple SSL certificates of different types, improved dynamic modules support, and more." The changelog has more details.

Silber: A new vantage point

Wednesday 12th of April 2017 04:57:10 PM
Jane Silber announces the end of her tenure as CEO of Canonical. "Over the next three months I will remain CEO but begin to formally transfer knowledge and responsibility to others in the executive team. In July, Mark [Shuttleworth] will retake the CEO role and I will move to the Canonical Board of Directors. In terms of a full-time role, I will take some time to recharge and then seek new challenges."

[$] A report from Netconf: Day 2

Wednesday 12th of April 2017 04:46:34 PM
This article covers the second day of the informal Netconf discussions, held on on April 4, 2017. Topics discussed this day included the binding of sockets in VRF, identification of eBPF programs, inconsistencies between IPv4 and IPv6, changes to data-center hardware, and more.

Stable kernel updates

Wednesday 12th of April 2017 03:43:58 PM
Greg KH has released stable kernels 4.10.10, 4.9.22, and 4.4.61. All of them contain important fixes and users should upgrade.

Security updates for Wednesday

Wednesday 12th of April 2017 03:39:27 PM
Security updates have been issued by Debian (bouncycastle), Fedora (flatpak), openSUSE (php7 and slrn), Oracle (389-ds-base and kernel), Red Hat (kernel and kernel-rt), Scientific Linux (389-ds-base and kernel), SUSE (xen), and Ubuntu (dovecot).

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2) (Project Zero)

Tuesday 11th of April 2017 11:21:49 PM
Here's the second part in the detailed Google Project Zero series on using the Broadcom WiFi stack to compromise the host system. "In this post, we’ll explore two distinct avenues for attacking the host operating system. In the first part, we’ll discover and exploit vulnerabilities in the communication protocols between the Wi-Fi firmware and the host, resulting in code execution within the kernel. Along the way, we’ll also observe a curious vulnerability which persisted until quite recently, using which attackers were able to directly attack the internal communication protocols without having to exploit the Wi-Fi SoC in the first place! In the second part, we’ll explore hardware design choices allowing the Wi-Fi SoC in its current configuration to fully control the host without requiring a vulnerability in the first place."

OpenBSD 6.1 released

Tuesday 11th of April 2017 07:08:47 PM
OpenBSD 6.1 has been released. This version adds the arm64 platform, using clang as the base system compiler. The loongson platform supports systems with Loongson 3A CPU and RS780E chipset. The armish, sparc, and zaurus platforms have been retired.

Portable Computing Language (pocl) v0.14 released

Tuesday 11th of April 2017 06:59:02 PM
Pocl aims to become a performance portable open source (MIT-licensed) implementation of the OpenCL standard. Version 0.14 adds support for LLVM/Clang 4.0 and 3.9 and a new binary format that enables running OpenCL programs on hosts without online compiler support. There is also initial support for out-of-order command queue task scheduling and plenty of bug fixes.

[$] A report from Netconf: Day 1

Tuesday 11th of April 2017 05:24:00 PM
As is becoming traditional, two times a year the kernel networking community meets in a two-stage conference: an invite-only, informal, two-day plenary session called Netconf, held in Toronto this year, and a more conventional one-track conference open to the public called Netdev. This article covers the first day of the conference which consisted of around 25 Linux developers meeting under the direction of David Miller, the kernel's networking subsystem maintainer.

Security updates for Tuesday

Tuesday 11th of April 2017 02:49:06 PM
Security updates have been issued by Debian (bouncycastle, dovecot, libnl, libnl3, and samba), Fedora (libtiff), Gentoo (chromium, qemu, and xorg-server), openSUSE (pidgin), Red Hat (389-ds-base and kernel), Slackware (vim), and Ubuntu (dovecot and webkit2gtk).

Mozilla Awards $365,000 to Open Source Projects as part of MOSS

Monday 10th of April 2017 11:55:58 PM
The Mozilla Open Source Support (MOSS) program awards grants to projects "that contribute to our work and to the health of the Internet." Recent recipients include SecureDrop, libjpeg-turbo, LLVM, LEAP Encryption Access Project, and Tokio. There have also been MOSS supported audits of ntp, ntpsec, curl, and more. "We ran a major joint audit on two codebases, one of which is a fork of the other – ntp and ntpsec. ntp is a server implementation of the Network Time Protocol, whose codebase has been under development for 35 years. The ntpsec team forked ntp to pursue a different development methodology, and both versions are widely used. As the name implies, the ntpsec team suggest that their version is or will be more secure. Our auditors did find fewer security flaws in ntpsec than in ntp, but the results were not totally clear-cut."

Vetter: Review, not Rocket Science

Monday 10th of April 2017 10:53:14 PM
Daniel Vetter discusses how to get people to review code. "The take away from these two articles seems to be that review is hard, there’s a constant lack of capable and willing reviewers, and this has been the state of review since forever. I’d like to counter pose this with our experiences in the graphics subsystem, where we’ve rolled out a well-working review process for the Intel driver, core subsystem and now the co-maintained small driver efforts with success, and not all that much pain."

[$] Connecting Kubernetes services with linkerd

Monday 10th of April 2017 05:12:19 PM
When a monolithic application is divided up into microservices, one new problem that must be solved is how to connect all those microservices to provide the old application's functionality. Linkerd, which is now officially a Cloud-Native Computing Foundation project, is a transparent proxy which solves this problem by sitting between those microservices and routing their requests. Two separate CNC/KubeCon events — a talk by Oliver Gould briefly joined by Oliver Beattie, and a salon hosted by Gould — provided a view of linkerd and what it can offer.

Security updates for Monday

Monday 10th of April 2017 03:39:51 PM
Security updates have been issued by Arch Linux (mediawiki, python-django, and python2-django), Debian (jasper, libdatetime-timezone-perl, logback, ming, potrace, and tzdata), Fedora (curl, ghostscript, icecat, and xen), openSUSE (apparmor), and Slackware (libtiff).

Kernel prepatch 4.11-rc6

Sunday 9th of April 2017 04:59:58 PM
The 4.11-rc6 kernel prepatch is out. "Things are looking fairly normal, so here's the regular weekly rc. It's a bit bigger than rc5, but not alarmingly so, and nothing looks particularly worrisome."

Haas: New Features Coming in PostgreSQL 10

Saturday 8th of April 2017 02:06:28 PM
Here's an extensive summary of new features in the upcoming PostgreSQL 10 release from Robert Haas. "PostgreSQL has had physical replication -- often called streaming replication -- since version 9.0, but this requires replicating the entire database, cannot tolerate writes in any form on the standby server, and is useless for replicating across versions or database systems. PostgreSQL has had logical decoding -- basically change capture -- since version 9.4, which has been embraced with enthusiasm, but it could not be used for replication without an add-on of some sort. PostgreSQL 10 adds logical replication which is very easy to configure and which works at table granularity, clearly a huge step forward. It will copy the initial data for you and then keep it up to date after that."

Weekend stable kernel updates

Saturday 8th of April 2017 01:50:40 PM
The 4.10.9, 4.9.21, and 4.4.60 stable kernel updates have been released. Each contains a relatively large set of important fixes.

Open Build Service 2.8 Released

Friday 7th of April 2017 10:37:14 PM
Open Build Service 2.8 has been released. "We’ve been hard at work to bring you many new features to the UI, the API and the backend. The UI has undergone several handy improvements including the filtering of the projects list based on a configurable regular expression and the ability to download a project’s gpg key and ssl certificate (also available via the API). The API has been fine-tuned to allow more control over users including locking or deleting them from projects as well as declaring users to be sub-accounts of other users. The backend now includes new features such as mulibuild - the ability to build multiple jobs from a single source package without needing to create local links. Worker tracking and management has also been enhanced along with the new obsservicedispatch service which handles sources in an asynchronous queue. Published packages can now be removed using the osc unpublish command." The reference server http://build.opensuse.org is available for all developers to build packages for the most popular distributions.

More in Tux Machines

Radeon RX 580: AMDGPU-PRO vs. DRM-Next + Mesa 17.2-dev

Last week I posted initial Radeon RX 580 Linux benchmarks and even AMDGPU overclocking results. That initial testing of this "Polaris Evolved" hardware was done with the fully-open Radeon driver stack that most Linux enthusiasts/gamers use these days. The AMDGPU-PRO driver wasn't tested for those initial articles as it seems to have a diminishing user-base and largely focused for workstation users. But for those wondering how AMDGPU-PRO runs with the Radeon RX 580, here are some comparison results to DRM-Next code for Linux 4.12 and Mesa 17.2-dev. Read more

Void GNU/Linux Operating System Adopts Flatpak for All Supported Architectures

Void Linux, an open-source, general-purpose GNU/Linux distribution based on the monolithic Linux kernel, is the latest operating system to adopt the Flatpak application sandboxing technologies. Read more

Top 4 CDN services for hosting open source libraries

A CDN, or content delivery network, is a network of strategically placed servers located around the world used for the purpose of delivering files faster to users. A traditional CDN will allow you to accelerate your website's images, CSS files, JS files, and any other piece of static content. This allows website owners to accelerate all of their own content as well as provide them with additional features and configuration options. These premium services typically require payment based on the amount of bandwidth a project uses. Read more

Bash Bunny: Big hacks come in tiny packages

Bash Bunny is a Debian Linux computer with a USB interface designed specifically to execute payloads when plugged into a target computer. It can be used against Windows, MacOS, Linux, Unix, and Android computing devices. It features a multicolor RGB LED that indicates various statuses and a three-position selector switch: Two of the positions are used to launch payloads, while the third makes Bash Bunny appear to be a regular USB storage device for copying and modifying files. Read more