Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 55 min ago

Security updates for Friday

Friday 31st of August 2018 02:47:54 PM
Security updates have been issued by Debian (389-ds-base, bind9, and squirrelmail), Fedora (dolphin-emu), openSUSE (libX11), SUSE (cobbler, GraphicsMagick, ImageMagick, liblouis, postgresql10, qemu, and spice), and Ubuntu (libx11).

The Tink crypto library

Friday 31st of August 2018 11:38:02 AM
Google has announced the existence of a new cryptographic library called "Tink". "Tink aims to provide cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Tink is built on top of existing libraries such as BoringSSL and Java Cryptography Architecture, but includes countermeasures to many weaknesses in these libraries, which were discovered by Project Wycheproof, another project from our team."

[$] Protecting files with fs-verity

Thursday 30th of August 2018 06:50:12 PM
The developers of the Android system have, among their many goals, the wish to better protect Android devices against persistent compromise. It is bad if a device is taken over by an attacker; it's worse if it remains compromised even after a reboot. Numerous mechanisms for ensuring the integrity of installed system files have been proposed and implemented over the years. But it seems there is always room for one more; to fill that space, the fs-verity mechanism is being proposed as a way to protect individual files from malicious modification.

Security updates for Thursday

Thursday 30th of August 2018 02:36:49 PM
Security updates have been issued by Debian (libx11), Fedora (bouncycastle, libxkbcommon, libzypp, nodejs, ntp, openssh, tomcat, xen, and zypper), Red Hat (ansible, kernel, and opendaylight), and SUSE (apache2, cobbler, ImageMagick, libtirpc, libzypp, zypper, and qemu).

[$] LWN.net Weekly Edition for August 30, 2018

Thursday 30th of August 2018 01:06:59 AM
The LWN.net Weekly Edition for August 30, 2018 is available.

[$] Measuring (and fixing) I/O-controller throughput loss

Wednesday 29th of August 2018 09:20:33 PM
Many services, from web hosting and video streaming to cloud storage, need to move data to and from storage. They also often require that each per-client I/O flow be guaranteed a non-zero amount of bandwidth and a bounded latency. An expensive way to provide these guarantees is to over-provision storage resources, keeping each resource underutilized, and thus have plenty of bandwidth available for the few I/O flows dispatched to each medium. Alternatively one can use an I/O controller. Linux provides two mechanisms designed to throttle some I/O streams to allow others to meet their bandwidth and latency requirements. These mechanisms work, but they come at a cost: a loss of as much as 80% of total available I/O bandwidth. I have run some tests to demonstrate this problem; some upcoming improvements to the bfq I/O scheduler promise to improve the situation considerably.

[$] C considered dangerous

Wednesday 29th of August 2018 09:11:29 PM

At the North America edition of the 2018 Linux Security Summit (LSS NA), which was held in late August in Vancouver, Canada, Kees Cook gave a presentation on some of the dangers that come with programs written in C. In particular, of course, the Linux kernel is mostly written in C, which means that the security of our systems rests on a somewhat dangerous foundation. But there are things that can be done to help firm things up by "Making C Less Dangerous" as the title of his talk suggested.

bison-3.1 released

Wednesday 29th of August 2018 04:35:54 PM
Version 3.1 of the Bison parser generator has been released. "It introduces new features such as typed midrule actions, brings improvements in the diagnostics, fixes several bugs and portability issues, improves the examples, and more".

Security updates for Wednesday

Wednesday 29th of August 2018 03:01:04 PM
Security updates have been issued by CentOS (bind and postgresql), Debian (linux-4.9 and tomcat8), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), Slackware (kernel), SUSE (kernel and openssl1), and Ubuntu (linux-azure, linux-oem, linux-gcp and poppler).

[$] An introduction to the Julia language, part 1

Tuesday 28th of August 2018 08:57:02 PM
Julia is a young computer language aimed at serving the needs of scientists, engineers, and other practitioners of numerically intensive programming. It was first publicly released in 2012. After an intense period of language development, version 1.0 was released on August 8. The 1.0 release promises years of language stability; users can be confident that developments in the 1.x series will not break their code. This is the first part of a two-part article introducing the world of Julia. This part will introduce enough of the language syntax and constructs to allow you to begin to write simple programs. The following installment will acquaint you with the additional pieces needed to create real projects, and to make use of Julia's ecosystem.

Reports from Netdev 0x12

Tuesday 28th of August 2018 04:56:16 PM
The Netdev 0x12 networking conference was held in mid-July. The conference team has provided a brief introduction. Participants at the event have put together a set of reports of the talks that were held during the conference; tutorials and workshops were held on Day 1, Day 2 includes eleven talks, including the keynote by Van Jacobson, while Day 3 covers another ten topics.

Two stable kernel updates

Tuesday 28th of August 2018 03:23:02 PM
Stable kernels 4.4.153 and 3.18.120 have been released. They both contain important fixes and users should upgrade.

Security updates for Tuesday

Tuesday 28th of August 2018 03:17:14 PM
Security updates have been issued by Debian (ruby2.1 and twitter-bootstrap3), Fedora (freeipa), openSUSE (libreoffice), Oracle (bind), Red Hat (bind), Scientific Linux (bind), SUSE (graffana, kafka, logstash, monasca-installer and libreoffice), and Ubuntu (intel-microcode and libgd2).

[$] Sharing and archiving data sets with Dat

Monday 27th of August 2018 11:25:58 PM

Dat is a new peer-to-peer protocol that uses some of the concepts of BitTorrent and Git. Dat primarily targets researchers and open-data activists as it is a great tool for sharing, archiving, and cataloging large data sets. But it can also be used to implement decentralized web applications in a novel way.

Subscribers can read on for more on Dat by guest author Antoine Beaupré.

Security updates for Monday

Monday 27th of August 2018 02:50:52 PM
Security updates have been issued by Debian (dropbear, libextractor, and libgit2), Fedora (chromium, obs-build, and osc), openSUSE (GraphicsMagick, ImageMagick, kbuild, virtualbox, libgit2, nextcloud, and phpMyAdmin), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, rh-postgresql10-postgresql, and rh-postgresql96-postgresql), and SUSE (gdm, openssh, openssl, python, and xen).

[$] The second half of the 4.19 merge window

Sunday 26th of August 2018 10:56:47 PM
By the time Linus Torvalds released 4.19-rc1 and closed the merge window for this development cycle, 12,317 non-merge changesets had found their way into the mainline; about 4,800 of those landed after last week's summary was written. As tends to be the case late in the merge window, many of those changes were fixes for the bigger patches that went in early, but there were also a number of new features added.

Kernel prepatch 4.19-rc1

Sunday 26th of August 2018 10:52:32 PM
Linus has released 4.19-rc1 and closed the merge window for this development cycle. "This was a fairly frustrating merge window, partly because 4.19 looks to be a pretty big release (no single reason), and partly just due to random noise. We had the L1TF hw vulnerability disclosure early in the merge window, which just added the usual frustration due to having patches that weren't public. That just shows just how good all our infrastructure for linux-next and various automated testing systems have become, in how painful it is when it's lacking."

More in Tux Machines

Security: 0-Days and Back Doors

OpenShot Video Editor Released 2.4.3 – Here’s What’s New

OpenShot is a cross platform video editor available in Linux, Windows and Mac. This beginner’s friendly to advanced users’ video editor comes with huge set to of tools to create your videos, edit videos, cut, add sliding transitions and many more. The free and open source video editor OpenShot lands with latest release with improvements. Read more

Ubuntu Studio 18.10 Wallpaper Contest Winners

We would like to thank everyone who participated in our wallpaper contest for Ubuntu Studio 18.10! With 487 votes, the top 5 submissions were chosen. The winners can be found at this link. Additionally, we’d like to announce the new default wallpaper for 18.10, designed by Ubuntu Studio developer Eylul Dogruel, and is pictured to the right. Read more

Red Hat Leftovers