Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 42 min ago

Security updates for Friday

Friday 28th of July 2017 03:15:26 PM
Security updates have been issued by Arch Linux (cacti and chromium), CentOS (tomcat), Debian (roundcube), Fedora (bind99, dhcp, freeradius, golang, mingw-poppler, minicom, php-symfony, and webkitgtk4), openSUSE (GraphicsMagick and the_silver_searcher), Oracle (tomcat), Scientific Linux (tomcat), SUSE (kernel), and Ubuntu (apache2 and freeradius).

Email2git: Matching Linux Code with its Mailing List Discussions (Linux.com)

Thursday 27th of July 2017 11:06:36 PM
Linux.com is carrying an article about email2git by its developer, Alexandre Courouble. Email2git is a way to match up commits and the email thread that discussed them. It currently targets the kernel and threads from the linux-kernel mailing list. There are two separate ways to use it, as an extension to cregit (at https://cregit.linuxsources.org/) that allows browsing changes at the token level or via a search by commit ID interface. "The Linux project's email-based reviewing process is highly effective in filtering open source contributions on their way from mailing list discussions towards Linus Torvalds' Git repository. However, once integrated, it can be difficult to link Git commits back to their review comments in mailing list discussions, especially when considering commits that underwent multiple versions (and hence review rounds), that belong to a multi-patch series, or that were cherry-picked. As an answer to these and other issues, we created email2git, a patch retrieving system built for the Linux kernel. For a given commit, the tool is capable of finding the email patch as well as the email conversation that took place during the review process. We are currently improving the system with support for multi-patch series and cherry-picking." The code for email2git is available on GitHub.

[$] Reconsidering the scheduler's wake_wide() heuristic

Thursday 27th of July 2017 10:11:13 PM
The kernel's CPU scheduler is charged with choosing which task to run next, but also with deciding where in a multi-CPU system that task should run. As is often the case, that choice comes down to heuristics — rules of thumb codifying the developers' experience of what tends to work best. One key task-placement heuristic has been in place since 2015, but a recent discussion suggests that it may need to be revisited.

Suricata 4.0 released

Thursday 27th of July 2017 05:16:32 PM
Version 4.0 of the Suricata intrusion detection system (IDS) and network security monitor (NSM) has been released. The release has improved detection for threats in HTTP, SSH, and other protocols, improvements to TLS, new support for NFS, additions to the extensible event format (EVE) JSON logging, some parts have been implemented in Rust, and more. "This is the first release in which we’ve implemented parts in the Rust language using the Nom parser framework. This work is inspired by Pierre Chiffliers’ (ANSSI), talk at SuriCon 2016 (pdf). By compiling with –enable-rust you’ll get a basic NFS parser and a re-implementation of the DNS parser. Feedback on this is highly appreciated. The Rust support is still experimental, as we are continuing to explore how it functions, performs and what it will take to support it in the community. Additionally we included Pierre Chiffliers Rust parsers work. This uses external Rust parser ‘crates’ and is enabled by using –enable-rust-experimental. Initially this adds a NTP parser."

Security updates for Thursday

Thursday 27th of July 2017 02:01:14 PM
Security updates have been issued by Arch Linux (lib32-expat, webkit2gtk, and wireshark-cli), Debian (resiprocate), Fedora (java-1.8.0-openjdk, kernel, and open-vm-tools), openSUSE (containerd, docker, runc and gnu-efi, pesign, shim), Red Hat (tomcat), and Ubuntu (gdb, libiberty, and openjdk-8).

[$] LWN.net Weekly Edition for July 27, 2017

Thursday 27th of July 2017 12:43:02 AM
The LWN.net Weekly Edition for July 27, 2017 is available.

[$] Ring 1.0 is released

Wednesday 26th of July 2017 10:46:51 PM

On July 21, Savoir-faire Linux (SFL) announced the release of version 1.0 of its Ring communication tool. It is a cross-platform (Linux, Android, macOS, and Windows) program for secure text, audio, and video communication. Beyond that, though, it is part of the GNU project and is licensed under the GPLv3. Given the announcement, it seemed like a quick trial was in order. While it looks like it has great promise, Ring 1.0 falls a bit short of expectations.

[$] Flatpaks for Fedora 27

Wednesday 26th of July 2017 07:56:30 PM

A proposal to add Flatpak as an option for distributing desktop applications in Fedora 27 has recently made an appearance. It is meant as an experiment of sorts to see how well Flatpak and RPM will play together—and to fix any problems found. There is a view that containers are the future, on the desktop as well as the server; Flatpaks would provide Fedora one possible path toward that future. The proposal sparked a huge thread on the Fedora devel mailing list; while the proposal itself doesn't really change much for those uninterested in Flatpaks, some are concerned with where Fedora packaging might be headed once the experiment ends.

[$] Expediting membarrier()

Wednesday 26th of July 2017 05:25:52 PM
The membarrier() system call is arguably one of the strangest offered by the Linux kernel. It expensively emulates an operation that can be performed by a single unprivileged barrier instruction, using an invocation of the kernel's read-copy-update (RCU) machinery — all in the name of performance. But, it would seem, membarrier() is not fast enough, causing users to fall back to complex and brittle tricks. An attempt to fix the problem is now under discussion, but not everybody is convinced that the cure is better than the disease.

Security updates for Wednesday

Wednesday 26th of July 2017 03:30:18 PM
Security updates have been issued by Debian (bind9, icedove, openjdk-8, qemu, and rkhunter), Fedora (krb5, libmwaw, perl-XML-LibXML, qemu, subversion, and webkitgtk4), Mageia (cinnamon-settings-daemon, graphite2, gsoap, libquicktime, and wireshark), openSUSE (catdoc, gsoap, jasper, and Wireshark), and Ubuntu (linux-aws, linux-gke and ruby1.9.1, ruby2.0, ruby2.3).

OpenSUSE Leap 42.3 released

Wednesday 26th of July 2017 01:40:14 PM
OpenSUSE Leap 42.3 is now available. "After basing openSUSE Leap on SLE (SUSE Linux Enterprise) and adding more source code to Leap 42.2 from SLE 12, Leap 42.3 adds even more packages from SLE 12 SP 3 and synchronizes several common packages. The shared codebase allows for openSUSE Leap 42.3 to receive enhanced maintenance and bug fixes from both the openSUSE community and SUSE engineers." There is quite a bit of new stuff in this release; see this page for some details.

[$] IncludeOS: a unikernel for C++ applications

Tuesday 25th of July 2017 11:52:24 PM

Is it truly an efficient use of cloud computing resources to run traditional operating systems inside virtual machines? In many cases, it isn't. An interesting alternative is to bundle a program into a unikernel, which is a single-tasking library operating system made specifically for running a single application in the cloud. A unikernel packs everything needed to run an application into a tiny bundle and, in theory, this approach would save disk space, memory, and processor time compared to running a full traditional operating system. IncludeOS is such a unikernel; it was created to support C++ applications. Like other unikernels, it is designed for resource-efficiency on shared infrastructure, and is primarily meant to run on a hypervisor.

Intel kills Curie module and Arduino 101 SBC (LinuxGizmos.com)

Tuesday 25th of July 2017 07:46:37 PM
LinuxGizmos reports that Intel is discontinuing its Curie wearables module and its Curie-enabled Arduino 101 SBC. "Intel will no longer update the Curie’s Open Developer Kit, and will continue forum support only through Sep. 15. After that, “Intel will make its online resources available for review only and maintain availability to the Intel Curie community until June 15, 2020,” according to the July 18 Intel forum post. Intel says it is “actively working with alternative manufacturers to continue to make the Arduino 101 development board available to the market.” The chipmaker will support orders of the Arduino 101 through Sep. 17, and will fulfill those orders through Dec. 17. Arduino.cc will continue to offer Arduino IDE support for the 101."

The end of Flash

Tuesday 25th of July 2017 06:08:38 PM
The long-awaited end of Flash has come a little closer with this announcement from Adobe. "Given this progress, and in collaboration with several of our technology partners – including Apple, Facebook, Google, Microsoft and Mozilla – Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats."

Security updates for Tuesday

Tuesday 25th of July 2017 03:29:38 PM
Security updates have been issued by Debian (catdoc, gsoap, and libtasn1-3), Fedora (GraphicsMagick, java-1.8.0-openjdk, krb5, librsvg2, nodejs, phpldapadmin, rubygem-rack-cors, and yara), Mageia (irssi), openSUSE (rubygem-puppet), Red Hat (kernel), Slackware (tcpdump), and Ubuntu (imagemagick, linux, linux-raspi2, linux-snapdragon, linux-lts-xenial, mysql-5.5, samba, and xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial).

Ring 1.0 released

Tuesday 25th of July 2017 01:51:17 PM
Savoir-faire Linux has announced the release of Ring 1.0. "Ring is a free/libre and universal communication platform that preserves the users’ privacy and freedoms. It is a GNU package. It runs on multiple platforms; and, it can be used for texting, calls, and video chats more privately, more securely, and more reliably."

[$] Faster reference-count overflow protection

Monday 24th of July 2017 09:42:14 PM
Improving the security of a system often involves tradeoffs, with the costs measured in terms of convenience and performance, among others. To their frustration, security-oriented developers often discover that the tolerance for these costs is quite low. Defenses against reference-count overflows have run into that sort of barrier, slowing their adoption considerably. Now, though, it would appear that a solution has been found to the performance cost imposed by reference-count hardening, clearing the way toward its adoption throughout the kernel.

Trust Issues: Exploiting TrustZone TEEs (Project Zero)

Monday 24th of July 2017 04:53:16 PM
Here is a lengthy and detailed look from Google's Project Zero at the trusted execution environments that, one hopes, protect devices from compromise. "In this blog post we’ll explore the security properties of the two major TEEs present on Android devices. We’ll see how, despite their highly sensitive vantage point, these operating systems currently lag behind modern operating systems in terms of security mitigations and practices. Additionally, we’ll discover and exploit a major design issue which affects the security of most devices utilising both platforms. Lastly, we’ll see why the integrity of TEEs is crucial to the overall security of the device, making a case for the need to increase their defences."

Stable Debian releases

Monday 24th of July 2017 04:15:52 PM
Debian has released updates to its stable and old stable distributions. Debian 9.1 is the first update to "stretch" and Debian 8.9 is the ninth update to "jessie". These updates do not constitute a new versions of Debian, they only update some of the packages included. "Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release."

Security updates for Monday

Monday 24th of July 2017 03:51:38 PM
Security updates have been issued by CentOS (graphite2 and java-1.8.0-openjdk), Debian (atril, bind9, catdoc, and qemu), Fedora (glpi, GraphicsMagick, heimdal, kernel, nodejs, perl-XML-LibXML, and qt5-qtwebengine), Gentoo (adobe-flash), Mageia (c-ares, expat, flash-player-plugin, gnutls, libgcrypt, libtiff, sane, and tnef), openSUSE (evince and xorg-x11-server), Scientific Linux (graphite2), Slackware (seamonkey), and Ubuntu (heimdal and linux-lts-trusty).

More in Tux Machines

Debian GNU/Linux Running On Mobile Devices Like PocketCHIP, Samsung Galaxy, ZeroPhone, & Pyra

Debian is also called the universal operating system as it is used as a base for hundreds of Linux distributions. So, this claim also underlines that Debian should run on mobile devices too–right? Well, Debian developers are continuously working to add support for new devices and adapt it as per hardware and GUI capabilities of different devices. Read more

Didier Roche: Ubuntu GNOME Shell in Artful: Day 5

Big update today and probably a very awaited one: here is an important step on our journey on transforming the default session in Ubuntu Artful. Let’s get the new Ubuntu Dock installed by default! For more background on this, you can refer back to our decisions regarding our default session experience as discussed in my blog post. Read more

5 Best Vector Graphics Editors for Linux

Here's a list of the best vector graphics software for Linux that can be used as Adobe Illustrator alternative for Linux. Read more

Oracle changes heart on Java EE

  • Oracle opens up Java EE
    Oracle continues to make progress Java EE 8, the enterprise edition for the Java platform, and moving forward it would like to advance Java EE within a more open and collaborative community. Specifications are nearly complete and the Java team expects to deliver the Java EE 8 reference implementation this summer. As the delivery of Java EE 8 approaches, Oracle believes they have the ability to rethink how Java EE is developed in order to “make it more agile and responsive to changing industry and technology demands.”
  • Oracle considers moving Java EE to an open source foundation
    With the finalization of the Java EE 8 platform on the horizon, Oracle on Thursday said it's considering moving Java Enterprise Edition technologies to an open source foundation. The move, Oracle said in a blog post, "may be the right next step, in order to adopt more agile processes, implement more flexible licensing, and change the governance process."
  • Oracle doesn't want Java EE any more
    Oracle wants to end its leadership in the development of enterprise Java and is looking for an open source foundation to take on the role. The company said today that the upcoming Java EE (Enterprise Edition) 8 presents an opportunity to rethink how the platform is developed. Although development is done via open source with community participation, the current Oracle-led process is not seen agile, flexible, or open enough. ”We believe that moving Java EE technologies to an open source foundation may be the right next step, to adopt more agile processes, implement more flexible licensing and change the governance process,” Oracle said in a statement.