Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 44 min ago

Three challenges for the web, according to its inventor

Monday 13th of March 2017 07:24:47 PM
The world wide web has been around for 28 years now. Web inventor Sir Tim Berners-Lee writes about the challenges facing the modern web, including the loss of control of our personal data, the spread of misinformation, and the lack of transparency in political advertising. "Political advertising online has rapidly become a sophisticated industry. The fact that most people get their information from just a few platforms and the increasing sophistication of algorithms drawing upon rich pools of personal data, means that political campaigns are now building individual adverts targeted directly at users. One source suggests that in the 2016 US election, as many as 50,000 variations of adverts were being served every single day on Facebook, a near-impossible situation to monitor. And there are suggestions that some political adverts – in the US and around the world – are being used in unethical ways – to point voters to fake news sites, for instance, or to keep others away from the polls. Targeted advertising allows a campaign to say completely different, possibly conflicting things to different groups. Is that democratic?"

LLVM 4.0.0 released

Monday 13th of March 2017 06:45:52 PM
The LLVM 4.0.0 release is out. "This release is the result of the community's work over the past six months, including: use of profile data in ThinLTO, more aggressive aggressive dead code elimination, experimental support for coroutines, experimental AVR target, better GNU ld compatibility and significant performance improvements in LLD, as well as improved optimizations, many bug fixes and more." The LLVM compiler project has moved to a new numbering scheme with this release, where the first number increments with each major release.

Security updates for Monday

Monday 13th of March 2017 04:01:52 PM
Security updates have been issued by Arch Linux (chromium, firefox, libxslt, and thunderbird), Debian (firefox-esr, icoutils, and pidgin), Fedora (firefox, freetype, GraphicsMagick, kdelibs, kdelibs3, kernel, libupnp, munin, php-pear-PHP-CodeSniffer, thunderbird, and wireshark), Mageia (flac, flash-player-plugin, potrace, and wireshark), openSUSE (bitlbee, cacti, kdelibs4, kio, lynx, openssh, pax-utils, perl-Image-Info, Wireshark, and xen), and SUSE (qemu).

Kernel prepatch 4.11-rc2

Sunday 12th of March 2017 10:05:17 PM
The 4.11-rc2 kernel prepatch is out for testing. "I think we're in fine shape for this stage in the development kernel, it shouldn't be particularly scary to just say 'I'll be a bit adventurous and test an rc2 kernel'. Yes, it's early rc time still, but go on, help us make sure we're doing ok."

A set of weekend stable kernel updates

Sunday 12th of March 2017 02:55:23 PM
The 4.10.2, 4.9.14, and 4.4.53 stable kernel updates are out; each contains another relatively large set of important fixes.

Security updates for Friday

Friday 10th of March 2017 02:36:30 PM
Security updates have been issued by Debian (firefox-esr, pidgin, and vim), openSUSE (potrace and sane-backends), SUSE (xen), and Ubuntu (libarchive and lxc).

Critical vulnerability under “massive” attack imperils high-impact sites (Ars Technica)

Thursday 9th of March 2017 04:56:51 PM
Ars Technica is reporting that a recently patched vulnerability in the Apache Struts 2 web framework is being actively exploited in the wild. "It's not clear why the vulnerability is being exploited so widely 48 hours after a patch was released. One possibility is that the Apache Struts maintainers didn't adequately communicate the risk. Although they categorize the vulnerability security rating as high, they also describe it as posing a 'possible remote code execution' risk. Outside researchers, meanwhile, have said the exploits are trivial to carry out, are highly reliable, and require no authentication. It's also easy to scan the Internet for vulnerable servers. It's also possible to exploit the bug even if a Web application doesn't implement file upload functionality."

Security updates for Thursday

Thursday 9th of March 2017 02:29:40 PM
Security updates have been issued by CentOS (firefox and kvm), Debian (kernel and wget), Fedora (drupal7-views, firefox, GraphicsMagick, knot, and knot-resolver), Oracle (firefox), Red Hat (firefox), Scientific Linux (firefox), and Ubuntu (kde4libs and linux-aws).

[$] LWN.net Weekly Edition for March 9, 2017

Thursday 9th of March 2017 01:05:12 AM
The LWN.net Weekly Edition for March 9, 2017 is available.

Samba 4.6.0 Available for Download

Wednesday 8th of March 2017 07:23:07 PM
Samba 4.6 has been released with many new features and changes. New features include Kerberos client encryption types, a new option for owner inheritance, multi-process Netlogon support, new options for controlling TCP ports used for RPC services, and more.

Security updates for Wednesday

Wednesday 8th of March 2017 04:40:32 PM
Security updates have been issued by Debian (texlive-base), Fedora (cacti, drupal7-metatag, freeipa, mingw-gtk-vnc, suricata, and xen), Oracle (kvm), Red Hat (java-1.8.0-ibm and kvm), Scientific Linux (kvm), Slackware (firefox and thunderbird), SUSE (qemu), and Ubuntu (firefox, imagemagick, kernel, linux, linux-gke, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux, linux-ti-omap4, linux-hwe, linux-lts-trusty, linux-lts-xenial, and network-manager-applet).

[$] An update to GitHub's terms of service

Wednesday 8th of March 2017 10:33:28 AM
On February 28th, GitHub published a brand new version of its Terms of Service (ToS). While the first draft announced earlier in February didn't generate much reaction, the new ToS raised concerns that they may break at least the spirit, if not the letter, of certain free-software licenses. Digging in further reveals that the situation is probably not as dire as some had feared.

Firefox 52.0

Tuesday 7th of March 2017 06:42:37 PM
Firefox 52.0 has been released. This version features support for WebAssembly, adds user warnings for non-secure HTTP pages with logins, implements the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute, and enhances Sync to allow users to send and open tabs from one device to another. See the release notes for more information.

Security updates for Tuesday

Tuesday 7th of March 2017 04:07:19 PM
Security updates have been issued by Debian (freetype and libzip-ruby), Fedora (cacti, canl-c, and mupdf), and openSUSE (bind, munin, and mysql-community-server).

DRM in HTML5 is a victory for the open Web, not a defeat (Ars Technica)

Monday 6th of March 2017 11:22:00 PM
Ars Technica argues that Encrypted Media Extensions (EME), a framework that will allow the delivery of DRM-protected media through the browser, will be good for the web. "Moreover, a case could be made that EME will make it easier for content distributors to experiment with—and perhaps eventually switch to—DRM-free distribution. Under the current model, whether it be DRM-capable browser plugins or DRM-capable apps, a content distributor such as Netflix has no reason to experiment with unprotected content. Users of the site's services are already using a DRM-capable platform, and they're unlikely to even notice if one or two videos (for example, one of the Netflix-produced broadcasts like House of Cards or the forthcoming Arrested Development episodes) are unprotected. It wouldn't make a difference to them."

The Free Software Foundation has a different take on EME. "We have been fighting EME since 2013, and we will not back off because the W3C presents weak guidance as a fig leaf for DRM-using companies to hide their disrespect for users' rights. Companies can impose DRM without the W3C; but we should make them do it on their own, so it is seen for what it is—a subversion of the Web's principles—rather than normalize it or give it endorsement."

Security updates for Monday

Monday 6th of March 2017 05:16:53 PM
Security updates have been issued by Arch Linux (curl), CentOS (ipa, kernel, and qemu-kvm), Debian (munin, ruby-zip, and zabbix), Fedora (bind99, gtk-vnc, jenkins, jenkins-remoting, kdelibs, kf5-kio, libcacard, libICE, libXdmcp, and vim), openSUSE (php5), Oracle (kernel), Red Hat (ansible and openshift-ansible and rpm-ostree and rpm-ostree-client), and Ubuntu (munin).

Kernel prepatch 4.11-rc1

Monday 6th of March 2017 05:22:42 AM
The first 4.11 kernel prepatch is out, and the merge window is closed for this development cycle. "This looks like a fairly regular release. It's on the smallish side, but mainly just compared to 4.9 and 4.10 - so it's not really _unusually_ small (in recent kernels, 4.1, 4.3, 4.5, 4.7 and now 4.11 all had about the same number of commits in the merge window)." There were 10,960 non-merge commits pulled in the end, so it's definitely not unusually small.

How Threat Modeling Helps Discover Security Vulnerabilities (Red Hat Security Blog)

Friday 3rd of March 2017 08:19:29 PM
Over at the Red Hat Security Blog, Hooman Broujerdi looks at threat modeling as a tool to help create more secure software. "Threat modeling is a systematic approach for developing resilient software. It identifies the security objective of the software, threats to it, and vulnerabilities in the application being developed. It will also provide insight into an attacker's perspective by looking into some of the entry and exit points that attackers are looking for in order to exploit the software. [...] Although threat modeling appears to have proven useful for eliminating security vulnerabilities, it seems to have added a challenge to the overall process due to the gap between security engineers and software developers. Because security engineers are usually not involved in the design and development of the software, it often becomes a time consuming effort to embark on brainstorming sessions with other engineers to understand the specific behavior, and define all system components of the software specifically as the application gets complex. [...] While it is important to model threats to a software application in the project life cycle, it is particularly important to threat model legacy software because there's a high chance that the software was originally developed without threat models and security in mind. This is a real challenge as legacy software tends to lack detailed documentation. This, specifically, is the case with open source projects where a lot of people contribute, adding notes and documents, but they may not be organized; consequently making threat modeling a difficult task."

Francis: The story of Firefox OS

Friday 3rd of March 2017 03:49:25 PM
Ben Francis has posted a detailed history of the Firefox OS project. "For me it was never about Firefox OS being the third mobile platform. It was always about pushing the limits of web technologies to make the web a more competitive platform for app development. I think we certainly achieved that, and I would argue our work contributed considerably to the trends we now see around Progressive Web Apps. I still believe the web will win in the end. "

Security updates for Friday

Friday 3rd of March 2017 02:34:09 PM
Security updates have been issued by Debian (munin), Fedora (kernel, libXdmcp, and xrdp), Mageia (ming, quagga, util-linux, and webkit2), Oracle (ipa, kernel, and qemu-kvm), Red Hat (ipa, kernel, kernel-rt, python-oslo-middleware, and qemu-kvm), Scientific Linux (ipa, kernel, and qemu-kvm), and Ubuntu (munin, php7, and w3m).

More in Tux Machines

Leftovers: Software

  • Flowblade Video Editor 1.12 Released, Adds 2 New Tools
    A shiny new version of open-source video editor Flowblade is available for download. Flowblade 1.12 introduces a pair of new tools. Progress has also been made towards creating a distribution agnostic .AppImage, though, alas, there are still kinks to be ironed out so you won’t find an app image of the current release.
  • Vivaldi 1.8 Web Browser Launch Imminent As First Release Candidate Is Out
    Vivaldi's Ruarí Ødegaard announced today, March 24, 2017, the release and immediate availability of the first Release Candidate of the forthcoming Vivaldi 1.8 web browser for all supported platforms. Dubbed as Vivaldi Snapshot 1.8.770.44, the Release Candidate of Vivaldi 1.8 is here to fix some last-minute bugs for the new History feature, which is the star of the new upcoming web browser release based on the latest Chromium 57 open-source project, as well as to improve the user interface zoom functionality.
  • Epiphany 3.24 Web Browser Has New Bookmarks UI, Improves Tracking Protection
    GNOME 3.24 arrived a couple of days ago, and it's the biggest release of the popular desktop environment so far, shipping with lots of new features and improvements across all of its applications and components. During its 6-month development cycle, we managed to cover all the major features implemented in the GNOME 3.24 desktop environment, but also the various improvements included in many of the apps that are usually distributed under the GNOME Stack umbrella.
  • Firefox Sync Support Is Coming to GNOME Web
    GNOME Web (aka the browser formerly known as Epiphany) is working to add Firefox Sync support, letting users keep bookmarks, history and open-tabs in sync across devices.

Games and CrossOver

Red Hat and Fedora

Android Leftovers