Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 21 min 56 sec ago

[$] Lessons from the Novena laptop project

Wednesday 13th of August 2014 05:49:06 PM

Flock is the annual conference for the Fedora distribution, but, like most free-software events, the program draws on a wide range of projects. At this year's event in Prague, keynote speaker Sean Cross spoke about his work on the Novena laptop project—including some speculation as to why it is succeeding in the demonstrably harsh space of open hardware products. Cross told the audience he hoped to get Fedora running on Novena (which runs Debian only at the moment) over the course of the conference, but he also hoped that the Novena story would be a helpful and informative tale for others undertaking a difficult, large-scale task—such as building a distribution.

Wednesday's security updates

Wednesday 13th of August 2014 02:44:45 PM

Red Hat has updated flash-plugin (multiple vulnerabilities) and openstack-ceilometer (RHEL OpenStack Platform: privilege escalation).

Ubuntu has updated kernel (14.04: denial of service), linux-lts-trusty (12.04: denial of service), and openjdk-6 (10.04, 12.04: multiple vulnerabilities).

The Linux Plumbers Conference is almost full

Tuesday 12th of August 2014 09:29:11 PM
The 2014 Linux Plumbers Conference (October 15-17, Düsseldorf, Germany) has sent out an advisory that the registration limit is about to be reached. "We are very rapidly approaching our attendance limit, this year faster than in any past editions of the conference. We expect that the conference general registration will be sold out soon, possibly even within a few days. If you have a vested interest in participating in the discussions, please register now, to guarantee that you will obtain a ticket for the conference."

Also, the conference is seeking submissions for Microconference discussion and BOF topics.

SFC and OSI team up to work on tax exemption issues for US organizations

Tuesday 12th of August 2014 06:06:17 PM
The Software Freedom Conservancy (SFC) and Open Source Initiative (OSI) have announced (and here) that they are both founding members of a working group "focused on tax exemption issues for organizations in the United States". The working group will be open to participation by any concerned groups or individuals and will be looking for legal experts to join in. Aaron Williamson, formerly of the Software Freedom Law Center, will be chairing the group. "Recent activity by the Internal Revenue Service in response to applications for tax exempt status have sparked a lot of interest and discussion amongst free and open source software communities. OSI and Conservancy recognize that the IRS's understanding and evaluation of free and open source software can impact both new organizations created to promote the public good as charities (known as 501(c)(3) organizations after the corresponding tax code provision), as well as new organizations formed to forward a common business interest (known as 501(c)(6) organizations)." We looked at the issue in July after the Yorba Foundation's unsuccessful attempt to become a US tax-exempt organization.

LPC: An In-Depth Look: Live Kernel Patching Microconference

Tuesday 12th of August 2014 05:37:15 PM
The Linux Plumbers Conference (LPC) has a new blog post looking at the live kernel patching microconference. "There has been a great deal of interest in live kernel patching (see this LWN.net article) over the past few months, with several different approaches proposed, including CRIU+kexec, kGraft, and kpatch, all in addition to ksplice. This microconference will host discussions on required infrastructure (including tracing, checkpoint/restart, kexec, and live patching), along with expositions and comparisons of the various approaches. The purpose, believe it or not, is to work towards a common implementation that everyone can live with." LPC will be held in Düsseldorf, Germany, October 15­­–17, co-located with LinuxCon Europe; the front-page blog for LPC has looks at many of the other microconferences along with other interesting information about the conference.

Tuesday's security updates

Tuesday 12th of August 2014 02:55:03 PM

CentOS has updated tomcat6 (C6: two vulnerabilities, one from 2013).

Debian has updated acpi-support (regression in earlier security fix).

Gentoo has updated libssh (key disclosure via bad randomness).

Mageia has updated drupal (denial of service), kdelibs4 (M3: authorization bypass), openssl (multiple vulnerabilities), wireshark (multiple vulnerabilities), and wordpress (multiple vulnerabilities).

Oracle has updated kernel-2.6.32 (OL6; OL5: denial of service), kernel-2.6.39 (OL6; OL5: denial of service), kernel-3.8.13 (OL7; OL6: two vulnerabilities), and tomcat6 (OL6: two vulnerabilities, one from 2013).

Red Hat has updated java-1.7.0-ibm (RHEL5&6: many vulnerabilities), java-1.7.1-ibm (RHEL7: many vulnerabilities), and tomcat6 (RHEL6: two vulnerabilities, one from 2013).

Scientific Linux has updated tomcat6 (SL6: two vulnerabilities, one from 2013).

Ubuntu has updated python-pycadf (14.04: information leak).

PyCon 2015: Call for Proposals is open

Monday 11th of August 2014 09:57:02 PM
On the Montréal-Python blog, Mathieu Leduc-Hamel has announced that the 2015 PyCon Call for Proposals (CFP) is now open. The conference will be held in Montréal April 8–16, 2015; CFPs will be accepted until September 15. "There are likely 95 talk slots to fill, assuming we keep the usual balance of 30/45 minute slots the same, and we'll have room for 32 tutorials. This makes for some steep competition given the potential to reach over 600 talk proposals, while seeing three to four times as many tutorial proposals as available slots. While proposals will be accepted through September 15, we encourage submissions as early as possible, allowing reviewers more time to assess and provide feedback which may prove beneficial as the various rounds of review begin."

Security updates for Monday

Monday 11th of August 2014 03:39:51 PM

Debian has updated drupal7 (denial of service), kde4libs (privilege escalation), krb5 (multiple vulnerabilities), libav (multiple vulnerabilities, most from 2011 and 2013), wireshark (multiple vulnerabilities), and wordpress (multiple vulnerabilities).

Fedora has updated drupal7-views (F20; F19: access control bypass), openssl (F20; F19: multiple vulnerabilities), thunderbird (F19: multiple vulnerabilities), and xulrunner (F20: multiple vulnerabilities).

Gentoo has updated freetype (code execution).

Mandriva has updated wireshark (multiple vulnerabilities).

openSUSE has updated chromium (13.1, 12.3: multiple vulnerabilities), elfutils (13.1, 12.3: code execution), exim (13.1, 12.3; 11.4: multiple vulnerabilities going back to 2011), jbigkit (13.1, 12.3: code execution from 2013), kdelibs4 (13.1: privilege escalation), kdirstat (13.1: code execution), kernel (13.1: multiple vulnerabilities), krb5 (13.1, 12.3: multiple vulnerabilities), thunderbird (13.1, 12.3: multiple vulnerabilities), tor (13.1, 12.3: traffic confirmation), and transmission (13.1: code execution).

Slackware has updated openssl (multiple vulnerabilities).

Ubuntu has updated krb5 (14.04, 12.04, 10.04: multiple vulnerabilities going back to 2012) and libav (12.04: multiple vulnerabilities, most from 2011 and 2013).

FSF: GNU Radio controls the ISEE-3 spacecraft

Friday 8th of August 2014 08:51:39 PM
The Free Software Foundation has put out a press release on the use of free software to recover control of the ISEE-3 spacecraft. "To do this, the group turned to GNU Radio, a free software toolkit for implementing software-defined radios and signal processing systems. Modifying the software to communicate in the 1970s satellite protocol, members of the reboot project were able to gain access to the spacecraft and fire its thrusters in early July, and will soon attempt to move the satellite into an orbit close to Earth."

A set of stable kernel updates

Friday 8th of August 2014 01:28:31 PM
The 3.15.9, 3.14.16, 3.10.52, and 3.4.102 stable kernel updates are available; each contains the usual set of important fixes. Greg warns that there will only be one more 3.15 update, so 3.15 users should be thinking about moving on.

Friday's security updates

Friday 8th of August 2014 12:51:29 PM

CentOS has updated 389-ds-base: (C6, C7: information disclosure) and tomcat (C7: XML parser injection).

Fedora has updated ansible (F19, F20: code execution), bugzilla (F19: information disclosure), chicken (F19, F20: denial of service and possible code execution), dpkg (F19: multiple vulnerabilities), kernel (F19: general-principles update to 3.14.15), krb5 (F19, F20: multiple vulnerabilities), mosquitto (F19, F20: unknown vulnerability), openstack-keystone (F20: privilege escalation), pixman (F20: integer underflow), Samba (F20: remote code execution), trafficserver (F20: mysterious vulnerability), v8 (F20: denial of service), and wireshark (F20: more dissector vulnerabilities).

Mageia has updated drupal (multiple vulnerabilities), apache-mod_wsgi (denial of service), and php (three denial-of-service or "unspecified other impact" vulnerabilities).

Mandriva has updated ocsinventory (cross-site scripting), ipython (code execution), and openssl (multiple vulnerabilities).

openSUSE has updated apache (multiple vulnerabilities, with a mod_security filter bypass fix tossed in as well).

Oracle has updated 389-ds-base (OL6, OL7: information disclosure) and tomcat (OL7: XML parser injection).

Red Hat has updated 389-ds-base (RHEL6-7: information disclosure), java-1.5.0-ibm (RLEL5-6: seven "important" vulnerabilities), java-1.6.0-ibm (RHEL5-6: nine "critical" vulnerabilities), and tomcat (RHEL7: XML parser injection).

Scientific Linux has updated 389-ds-base (SL6: information disclosure).

Ubuntu has updated openssl (multiple vulnerabilities).

Google boosting sites that use HTTPS

Thursday 7th of August 2014 02:03:12 PM
Google has announced that it is starting to look favorably on sites that use HTTPS. "We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

Thursday's security updates

Thursday 7th of August 2014 01:21:49 PM
CentOS has updated php (C5: multiple vulnerabilities) and kernel (C7: multiple vulnerabilities).

Debian has updated OpenSSL (nine CVE numbers).

Mandriva has updated cups (symbolic link vulnerability), glibc (multiple vulnerabilities), mediawiki (JSONP injection, cross-site scripting, and clickjacking vulnerabilities), readline (temporary file vulnerability), and kernel (multiple vulnerabilities).

Oracle has updated php (OL5, OL6, OL7: many vulnerabilities) and kernel (OL7: multiple vulnerabilities).

Red Hat has updated kernel (RHEL6: local privilege escalation) and kernel (RHEL7: six vulnerabilities).

SUSE has updated apache (SLES11: multiple vulnerabilities).

LWN.net Weekly Edition for August 7, 2014

Thursday 7th of August 2014 02:48:31 AM
The LWN.net Weekly Edition for August 7, 2014 is available.

Security advisories for Wednesday

Wednesday 6th of August 2014 04:50:51 PM

CentOS has updated php (C7: multiple vulnerabilities), php53 (C6: multiple vulnerabilities), resteasy-base (C7: XML eXternal Entity (XXE) attacks), samba (C7: remote code execution/privilege escalation), and samba4 (C6: remote code execution/privilege escalation).

Debian has updated reportbug (code execution).

Mageia has updated cups (privilege escalation), eet (denial of service), file (denial of service), glibc (multiple vulnerabilities), ipython (code execution), kernel (MG4; MG3: multiple vulnerabilities), mediawiki (multiple vulnerabilities), moodle (multiple vulnerabilities), ocsinventory (cross-site scripting), php-ZendFramework (SQL injection), phpmyadmin (multiple vulnerabilities), polarssl (denial of service), readline (insecure temporary files), and tor (traffic confirmation attack).

Mandriva has updated php (multiple denial of service attacks) and tor (traffic confirmation attack).

Oracle has updated resteasy-base (OL7: XML eXternal Entity (XXE) attacks), samba (OL7: remote code execution/privilege escalation), samba4 (OL6: multiple vulnerabilities), and yum-updatesd (OL5: bypass RPM package signing restriction).

Red Hat has updated php (RHEL7: multiple vulnerabilities), php53 (RHEL5&6: multiple vulnerabilities), resteasy-base (RHEL7: XML eXternal Entity (XXE) attacks), samba (RHEL7: remote code execution/privilege escalation), and samba4 (RHEL6: remote code execution/privilege escalation).

Scientific Linux has updated php53 and php (SL5&6: multiple vulnerabilities) and samba4 (SL6: remote code execution/privilege escalation).

Ubuntu has updated gpgme1.0 (code execution) and eglibc (10.04 LTS: regression in previous update).

Qt to be spun off into a separate company

Wednesday 6th of August 2014 02:26:21 PM
Digia, the current owner of the Qt toolkit, has announced that Qt will be split off into a separate company that will be able to focus more on commercial licensing. "The importance of Digia’s commercial business for securing the future of Qt cannot be underestimated as it drives Qt’s foundation and everyday operations. A look into the commit statistics shows that around 75% of all code submissions to qt-project.org come from Digia employees. In addition, Digia manages the release process and the CI and testing infrastructure, thus covering more than 85% of the costs of developing Qt."

How to think like open source pioneer Michael Tiemann (Opensource.com)

Tuesday 5th of August 2014 06:09:42 PM
Opensource.com is running an interview with Michael Tiemann. "Make no mistake: For Tiemann, open source is not simply a business model. It's not just a method of developing software. It isn't an ethic. It's a Platonic form—perhaps something like a force, a tendency. Throughout history, many people have tried to glimpse it, if only for a moment. Tiemann knows he is but one of them: the programmer, the hacker, attempting to articulate, through code, this thing that abides. Failure to recognize the magnitude of what makes open source businesses successful, Tiemann says, is what has led so many to misunderstand them."

[$] Reconsidering ffmpeg in Debian

Tuesday 5th of August 2014 04:46:29 PM
For better or for worse, forks are a part of the free software landscape. Often a fork will result in a reinvigorated development community and the removal of unneeded roadblocks. But not all forks work out well. What is a distributor to do if, at some point, it concludes that it chose wrongly when it followed a fork of an important project? Going back to the original may not always be an easy thing to do, even if there appears to be a consensus for that move. The presence of security concerns can make such a change even harder to contemplate. The recent discussion on welcoming ffmpeg back into Debian illustrates the potential hazards nicely.

Tuesday's security updates

Tuesday 5th of August 2014 04:03:15 PM

CentOS has updated yum-updatesd (C5: bypass RPM package signing restriction).

Debian has updated icedove (multiple vulnerabilities).

Red Hat has updated yum-updatesd (RHEL5: bypass RPM package signing restriction).

Scientific Linux has updated yum-updatesd (SL5: bypass RPM package signing restriction).

SUSE has updated openjdk (SLED11 SP3: multiple vulnerabilities).

Ubuntu has updated eglibc (multiple vulnerabilities).

CyanogenMod 11.0 M9 Released

Monday 4th of August 2014 07:54:31 PM
CyanogenMod 11.0 M9 has been released. "This release marks the first ever (non-nightly) release for the Xperia Z2 ‘sirius’, Xperia Z2 Tablets ‘castor’ and the HTC One ‘m8′ – kudos to their maintainers and all the other maintainers that bring you these releases every month!"

More in Tux Machines

Today in Techrights

today's leftovers

Leftovers: Gaming

  • Company of Heroes 2 Might Be Coming Out For Linux
    While last year developers on the Company of Heroes 2 game said a Linux port was unlikely, recent Steam activity indicates that a Linux port is likely in the works. Company of Heroes 2 is a World War II set real-time strategy game developed by Relic Entertainment and sequel to the original Company of Heroes game. The Company of Heroes 2 title is powered by the Essence 3.0 Game Engine, which is proprietary to Relic Entertainment, uses a DirectX renderer, and designed around Windows. Company of Heroes 2 was released last summer for Microsoft Windows and is available on Steam.
  • Metro 2033 Redux Will Hopefully Hit Linux Real Soon
  • Sid Meier's Civilization: Beyond Earth for Linux No Longer Has a Release Date
    Sid Meier's Civilization: Beyond Earth, the next game in the Civilization series developed by Firaxis, no longer has a Linux launch date. When 2K Games and Firaxis announced that the upcoming Sid Meier's Civilization: Beyond Earth launch will also include a Linux version, gamers were ecstatic. This was supposed to be the silver bullet for the Linux platform, but it looks like we're going to be skipped.
  • Civilization: Beyond Earth for Mac has been postponed indefinitely
  • SteamOS Beta 133 Released
    Besides the normal security fixes, this release features a newer Linux kernel (no specifics) that boasts more network drivers and better Intel graphics performance. On top of that this release also features the Nvidia 340.32 drivers which fixes some of the white screen bugs when switching between modes.
  • SteamOS Update 133 Has Better Intel Performance, VA-API
    Valve released this morning the 133 update to the SteamOS Alchemist Beta. With this update comes new packages and other updates.
  • Crystal Picnic, A Colourful 2D RPG Released
    Crystal Picnic is a lighthearted and colourful tribute to the classic era of action RPGs! Join a sarcastic gardener and a wannabe knight as they journey across the kingdom chasing after ants who stole magic crystals from the castle. Oh, and did we mention the ants have gone mad because they're EATING those crystals? Yeah, that makes things much more unpredictable! Hours of exploration, mesmerizing platform-style combat, plenty of new friends to meet and loads of wacky enemies to encounter. When you fight chubby birds and ants carrying bazookas, you know you're in for a good time!
  • Metro 2033 Redux Shows Up in the Steam for Linux Database
    Metro 2033 Redux, a remake of the original Metro 2033 FPS released back in 2010, will be getting a Linux release on Steam for Linux. The developers from 4A Games have reworked the original title and they have introduced high resolution textures and new effects. In addition to that, they have reworked a number of gameplay aspects too. All of these have been done to get the game ready for Xbox One and PlayStation 4. They didn't ignored the PC, and Steam users will also be able to enjoy the game in a new coat.
  • Team Fortress 2 Receives Update with Important Balancing Changes

Linux on the desktop isn't dead

At LinuxCon this year, the creator of Linux, Linus Torvalds, was asked what he wanted for Linux. His response? "The desktop." For years, the call to Linux action was "World Domination." In certain markets, this has happened (think Linux helping to power Android and Chrome OS). On the desktop, however, Linux still has a long, long way to go. Wait... that came out wrong. I don't mean "Linux has a long, long way to go before it's ready for the desktop." What I meant to say is something more akin to "Linux is, in fact, desktop ready... it just hasn't found an inroad to the average consumer desktop." Read more