Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 36 min ago

[$] A different approach to kernel configuration

Tuesday 12th of September 2017 05:06:43 AM
The kernel's configuration system can be challenging to deal with; Linus Torvalds recently called it "one of the worst parts of the whole project". Thus, anything that might help users with the process of configuring a kernel build would be welcome. A talk by Junghwan Kang at the 2017 Open-Source Summit demonstrated an interesting approach, even if it's not quite ready for prime time yet.

[$] Mongoose OS for IoT prototyping

Tuesday 12th of September 2017 01:46:38 AM

Mongoose OS is an open-source operating system for tiny embedded systems. It is designed to run on devices such as microcontrollers, which are often constrained with memory on the order of tens of kilobytes, while exposing a programming interface that provides access to modern APIs normally found on more powerful devices. A device running Mongoose OS has access to operating system functionality such as filesystems and networking, plus higher-level software such as a JavaScript engine and cloud access APIs.

LXC 2.1 has been released

Monday 11th of September 2017 04:45:30 PM
The LXC team has announced the release of LXC 2.1. LXC provides a userspace interface for the Linux kernel containment features. New features include resource limit support, support for unprivileged openvswitch networks, a new lxc.cgroup.dir key, support for hybrid cgroup layout, and more.

Security updates for Monday

Monday 11th of September 2017 03:36:06 PM
Security updates have been issued by Debian (freerdp, mbedtls, tiff, and tiff3), Fedora (chromium, krb5, libstaroffice, mbedtls, mingw-libidn2, mingw-openjpeg2, openjpeg2, and rubygems), Mageia (bzr, libarchive, libgcrypt, and tcpdump), openSUSE (gdk-pixbuf, libidn2, mpg123, postgresql94, postgresql96, and xen), Slackware (bash, mariadb, and tcpdump), and SUSE (evince and kernel).

Apache Struts Statement on Equifax Security Breach

Sunday 10th of September 2017 03:25:34 PM
The Apache Struts project has put out a statement on the possible role played by a Struts vulnerability in the massive Equifax data breach. "Regarding the assertion that especially CVE-2017-9805 is a nine year old security flaw, one has to understand that there is a huge difference between detecting a flaw after nine years and knowing about a flaw for several years. If the latter was the case, the team would have had a hard time to provide a good answer why they did not fix this earlier. But this was actually not the case here --we were notified just recently on how a certain piece of code can be misused, and we fixed this ASAP. What we saw here is common software engineering business --people write code for achieving a desired function, but may not be aware of undesired side-effects. Once this awareness is reached, we as well as hopefully all other library and framework maintainers put high efforts into removing the side-effects as soon as possible. It's probably fair to say that we met this goal pretty well in case of CVE-2017-9805."

Weekend stable kernel updates

Sunday 10th of September 2017 03:01:13 PM
The 4.13.1, 4.12.12, and 4.9.49 stable kernel updates have been released; each contains another set of important fixes. There is no 4.4.x stable update this time around.

[$] The first half of the 4.14 merge window

Friday 8th of September 2017 08:39:33 PM
As of this writing, just over 8,000 non-merge changesets have been pulled into the mainline kernel repository for the 4.14 development cycle. In other words, it looks like the pace is not slowing down for this cycle either. The merge window is not yet done, but quite a few significant changes have been merged so far. Read on for a summary of the most interesting changes entering the mainline in the first half of this merge window.

Security updates for Friday

Friday 8th of September 2017 01:37:35 PM
Security updates have been issued by Debian (icedove, libarchive, and unrar-free), Fedora (thunderbird), openSUSE (kernel), and Ubuntu (file).

[$] LWN.net Weekly Edition for September 8, 2017

Friday 8th of September 2017 02:34:04 AM
The LWN.net Weekly Edition for September 8, 2017 is available.

LLVM 5.0.0 released

Thursday 7th of September 2017 11:24:41 PM
Version 5.0.0 of the LLVM compiler infrastructure is out. "This release is the result of the community's work over the past six months, including: C++17 support, co-routines, improved optimizations, new compiler warnings, many bug fixes, and more". See the release notes (and release notes for Clang, Clang tools, lld, and polly) for details.

[$] Finding driver bugs with DR. CHECKER

Thursday 7th of September 2017 09:20:15 PM

Drivers are a consistent source of kernel bugs, at least partly due to less review, but also because drivers are typically harder for tools to analyze. A team from the University of California, Santa Barbara has set out to change that with a static-analysis tool called DR. CHECKER. In a paper [PDF] presented at the recent 26th USENIX Security Symposium, the team introduced the tool and the results of running it on nine production Linux kernels. Those results were rather encouraging: "it correctly identified 158 critical zero-day bugs with an overall precision of 78%".

Applications for winter Outreachy internships open

Thursday 7th of September 2017 09:04:07 PM
The application for the (northern-hemisphere) Outreach winter internship cycle is open, with applications due by October 23. "Outreachy is paid, remote, three month internship program that helps people traditionally underrepresented in tech make their first contributions to Free and Open Source Software (FOSS) communities."

Stable kernels 4.12.11, 4.9.48, 4.4.87, and 3.18.70

Thursday 7th of September 2017 04:13:37 PM
Greg Kroah-Hartman has released the 4.12.11, 4.9.48, 4.4.87, and 3.18.70 stable kernels. As usual, there are fixes throughout the tree and users of those series should upgrade.

[$] The challenges of supporting geolocation in WordPress

Thursday 7th of September 2017 03:21:53 PM
As much as we get addicted to mobile phones and online services, nobody (outside of cyberpunk fiction) actually lives online. That's why maps, geolocation services, and geographic information systems (GISes) have come to play a bigger role online. They reflect they way we live, work, travel, socialize, and (in the case of natural or human-made disasters, which come more and more frequently) suffer. Thus there is value in integrating geolocation into existing web sites, but systems like WordPress do not make supporting that easy. The software development firm LuminFire has contributed to the spread of geolocation services by creating a library for WordPress that helps web sites insert geolocation information into web pages. This article describes how LuminFire surmounted the challenges posed by WordPress and shows a few uses for the library.

Security updates for Thursday

Thursday 7th of September 2017 03:21:25 PM
Security updates have been issued by Arch Linux (chromium and postgresql), Fedora (gd and mingw-libzip), Mageia (groovy18, libxdmcp, mariadb, and mercurial), openSUSE (salt), Red Hat (instack-undercloud, kernel-rt, openvswitch, and rh-nodejs6-nodejs-qs), and SUSE (gdk-pixbuf).

GnuCOBOL 2.2 released

Thursday 7th of September 2017 03:10:41 PM
Version 2.2 of the GNU COBOL compiler is out. Changes include a relicensing to GPLv3, a set of new intrinsic functions, a direct call interface for C functions, and more.

Cook: Security things in Linux v4.13

Wednesday 6th of September 2017 10:37:06 PM
Kees Cook highlights the security-related changes in the 4.13 kernel. "Daniel Micay created a version of glibc’s FORTIFY_SOURCE compile-time and run-time protection for finding overflows in the common string (e.g. strcpy, strcmp) and memory (e.g. memcpy, memcmp) functions. The idea is that since the compiler already knows the size of many of the buffer arguments used by these functions, it can already build in checks for buffer overflows. When all the sizes are known at compile time, this can actually allow the compiler to fail the build instead of continuing with a proven overflow. When only some of the sizes are known (e.g. destination size is known at compile-time, but source size is only known at run-time) run-time checks are added to catch any cases where an overflow might happen. Adding this found several places where minor leaks were happening, and Daniel and I chased down fixes for them."

[$] Python security transparency

Wednesday 6th of September 2017 08:40:24 PM

As Steve Dower noted in his lightning talk at the 2017 Python Language Summit, Python itself can be considered a security vulnerability—because of its power, its presence on a target system is a boon to attackers. Now, Dower is trying to address parts of that problem with a Python Enhancement Proposal (PEP) that would enable system administrators and others to detect when Python is being used for a nefarious purpose by increasing the "security transparency" of the language. It is not a solution that truly thwarts an attacker's ability to use Python in an unauthorized way, but will make it easier for administrators to detect, and eventually disable, those kinds of attacks.

Security updates for Wednesday

Wednesday 6th of September 2017 03:12:07 PM
Security updates have been issued by Debian (file, icedove, irssi, ruby2.3, and tcpdump), Fedora (libzip and openjpeg2), openSUSE (clamav-database, icu, libzypp, zypper, and php5), Oracle (389-ds-base), Red Hat (rh-maven33-groovy), SUSE (postgresql94, postgresql96, and python-pycrypto), and Ubuntu (bzr and libgd2).

[$] A last-minute MMU notifier change

Tuesday 5th of September 2017 10:40:09 PM
One does not normally expect to see significant changes to an important internal memory-management mechanism in the time between the ‑rc7 prepatch and the final release for a development cycle, but that is exactly what happened just before 4.13 was released. A regression involving the memory-management unit (MMU) notifier mechanism briefly threatened to delay this release, but a last-minute scramble kept 4.13 on schedule and also resulted in a cleanup of that mechanism. This seems like a good time to look at a mechanism that Linus Torvalds called "a badly designed mistake" and how it was made to be a bit less mistaken.

More in Tux Machines

LWN (Now Open Access): Kernel Configuration, Linux 4.14 Merge Window, Running Android on a Mainline Graphics Stack

  • A different approach to kernel configuration
    The kernel's configuration system can be challenging to deal with; Linus Torvalds recently called it "one of the worst parts of the whole project". Thus, anything that might help users with the process of configuring a kernel build would be welcome. A talk by Junghwan Kang at the 2017 Open-Source Summit demonstrated an interesting approach, even if it's not quite ready for prime time yet. Kang is working on a Debian-based, cloud-oriented distribution; he wanted to tweak the kernel configuration to minimize the size of the kernel and, especially, to reduce its attack surface by removing features that were not needed. The problem is that the kernel is huge, and there are a lot of features that are controlled by configuration options. There are over 300 feature groups and over 20,000 configuration options in current kernels. Many of these options have complicated dependencies between them, adding to the challenge of configuring them properly.
  • The first half of the 4.14 merge window
    September 8, 2017 As of this writing, just over 8,000 non-merge changesets have been pulled into the mainline kernel repository for the 4.14 development cycle. In other words, it looks like the pace is not slowing down for this cycle either. The merge window is not yet done, but quite a few significant changes have been merged so far. Read on for a summary of the most interesting changes entering the mainline in the first half of this merge window.
  • Running Android on a mainline graphics stack
    The Android system may be based on the Linux kernel, but its developers have famously gone their own way for many other parts of the system. That includes the graphics subsystem, which avoids user-space components like X or Wayland and has special (often binary-only) kernel drivers as well. But that picture may be about to change. As Robert Foss described in his Open Source Summit North America presentation, running Android on the mainline graphics subsystem is becoming possible and brings a number of potential benefits. He started the talk by addressing the question of why one might want to use mainline graphics with Android. The core of the answer was simple enough: we use open-source software because it's better, and running mainline graphics takes us toward a fully open system. With mainline graphics, there are no proprietary blobs to deal with. That, in turn, makes it easy to run current versions of the kernel and higher-level graphics software like Mesa.

Beautify Your KDE Plasma 5 Desktop Environment with Freshly Ported Adapta Theme

Good morning! It's time to beautify your KDE Plasma 5 desktop environment, and we have just the perfect theme for that as it looks like the popular Adapta GTK theme was recently ported to Plasma 5. Read more

Roughing it, with Linux

I have been traveling for about two weeks now, spending 10 days camping in Iceland and now a few days on the ferry to get back. For this trip I brought along my Samsung N150 Plus (a very old netbook), loaded with openSUSE Linux 42.3. Read more

Red Hat: Ansible Tower, Patent Promise, and Shares Declining

  • Red Hat’s automation solution spreading among APAC enterprises
    Red Hat recently shared revealed its agentless automation platform is spreading among enterprises in APAC countries like Australia, China, India and Singapore. The company asserts its Ansible Tower helps enterprises cut through the complexities of modern IT environments with powerful automation capabilities that improve productivity and reduce downtime. “Today’s business demands can mean even greater complexity for many organisations. Such dynamic environments can necessitate a new approach to automation that can improve speed, scale and stability across IT environments,” says head of APAC office of technology at Red Hat, Frank Feldmann.
  • Red Hat broadens patent pledge to most open-source software
    Red Hat, the world's biggest open source company, has expanded its commitment on patents, which had originally been not to enforce its patents against free and open source software.
  • Red Hat expands Patent Promise
    Open-source software provider Red Hat has revised its Patent Promise, which was initially intended to discourage patent aggression against free and open-source software. The expanded version of the defensive patent aggregation scheme extends the zone of non-enforcement to all of Red Hat’s patents and all software under “well-recognised” open-source licenses. In its original Patent Promise in 2002, Red Hat said software patents are “inconsistent with open-source and free software”.
  • Red Hat Inc (RHT) AO Seeing a Consistent Downtrend
  • Red Hat, Inc. (RHT) noted a price change of -0.14% and RingCentral, Inc. (RNG) closes with a move of -2.09%