Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 20 min ago

Introducing AcousticBrainz

Friday 21st of November 2014 10:09:54 PM

MusicBrainz, the not-for-profit project that maintains an assortment of "open content" music metadata databases, has announced a new effort named AcousticBrainz. AcousticBrainz is designed to be an open, crowd-sourced database cataloging various "audio features" of music, including "low-level spectral information such as tempo, and additional high level descriptors for genres, moods, keys, scales and much more." The data collected is more comprehensive than MusicBrainz's existing AcoustID database, which deals only with acoustic fingerprinting for song recognition. The new project is a partnership with the Music Technology Group at Universitat Pompeu Fabra, and uses that group's free-software toolkit Essentia to perform its acoustic analyses. A follow-up post digs into the AcousticBrainz analysis of the project's initial 650,000-track data set, including examinations of genre, mood, key, and other factors.

A Friday kernel collection

Friday 21st of November 2014 09:05:48 PM

Greg Kroah-Hartman has released three new stable kernels: 3.10.61, 3.14.25, and 3.17.4, each containing important updates and fixes.

Version 2 of the kdbus patches posted

Friday 21st of November 2014 06:22:09 PM
The second version of the kdbus patches have been posted to the Linux kernel mailing list by Greg Kroah-Hartman. The biggest change since the original patch set (which we looked at in early November) is that kdbus now provides a filesystem-based interface (kdbusfs) rather than the /dev/kdbus device-based interface. There are lots of other changes in response to v1 review comments as well. "kdbus is a kernel-level IPC implementation that aims for resemblance to [the] protocol layer with the existing userspace D-Bus daemon while enabling some features that couldn't be implemented before in userspace."

Friday's security updates

Friday 21st of November 2014 04:07:37 PM

CentOS has updated libxml2 (C5: denial of service).

Debian has updated drupal7 (multiple vulnerabilities).

Fedora has updated kernel (F20: multiple vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities).

Mageia has updated boinc-client (denial of service), ffmpeg (M3; M4: multiple vulnerabilities), hawtjni (M3: code execution), kdebase4-runtime, kwebkitpart (code execution), kdebase4-workspace (M4: privilege escalation), kdenetwork4 (M3: multiple vulnerabilities), kernel (M3; M4: multiple vulnerabilities), kernel-vserver (M3: multiple vulnerabilities), krb5 (ticket forgery), libvirt (information disclosure), php-smarty (M3; M4: code execution), privoxy (denial of service), python-djblets (M4: multiple vulnerabilities), python-imaging, python-pillow (multiple vulnerabilities), qemu (M4: multiple vulnerabilities), ruby (multiple vulnerabilities), srtp (M3: denial of service), and wireshark (multiple vulnerabilities).

Mandriva has updated asterisk (BS1: multiple vulnerabilities).

openSUSE has updated gnutls (multiple vulnerabilities) and libvirt (password leak).

Oracle has updated bash (O5; O6; O7: multiple vulnerabilities), libvirt (O6: multiple vulnerabilities), libXfont (O6; O7: multiple vulnerabilities), libxml2 (O5: denial of service), mariadb (O7: multiple vulnerabilities), and mysql55-mysql (O5: multiple vulnerabilities).

Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm (RHEL6: multiple vulnerabilities), java-1.7.1-ibm (RHEL6,7: multiple vulnerabilities), and libxml2 (RHEL5: denial of service).

Scientific Linux has updated libxml2 (SL5: denial of service).

Ubuntu has updated apparmor (14.04: privilege escalation) and ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 (12.04, 14.04, 14.10: denial of service).

McKenney: Stupid RCU Tricks: rcutorture Catches an RCU Bug

Thursday 20th of November 2014 09:30:34 PM
On his blog, Paul McKenney investigates a bug in read-copy update (RCU) in preparation for the 3.19 merge window. "Of course, we all have specific patches that we are suspicious of. So my next step was to revert suspect patches and to otherwise attempt to outguess the bug. Unfortunately, I quickly learned that the bug is difficult to reproduce, requiring something like 100 hours of focused rcutorture testing. Bisection based on 100-hour tests would have consumed the remainder of 2014 and a significant fraction of 2015, so something better was required. In fact, something way better was required because there was only a very small number of failures, which meant that the expected test time to reproduce the bug might well have been 200 hours or even 300 hours instead of my best guess of 100 hours."

Security advisories for Thursday

Thursday 20th of November 2014 04:53:15 PM

Mandriva has updated clamav (BS1.0: denial of service from 2013) and php-ZendFramework (BS1.0: authentication bypass).

openSUSE has updated emacs (13.1: multiple vulnerabilities).

Red Hat has updated java-1.6.0-ibm (RHEL5&6: multiple vulnerabilities) and java-1.7.0-ibm (RHEL5: multiple vulnerabilities).

SUSE has updated firefox (SLE11SP3: multiple vulnerabilities).

Ubuntu has updated oxide-qt (14.10, 14.04: multiple vulnerabilities).

[$] LWN.net Weekly Edition for November 20, 2014

Thursday 20th of November 2014 12:55:32 AM
The LWN.net Weekly Edition for November 20, 2014 is available.

Mozilla drops Google in favor of a multiple-search-partner plan

Thursday 20th of November 2014 12:32:19 AM

Mozilla has announced that it is not renewing the longstanding arrangement with Google that made Google the default search engine in Firefox in exchange for a sizable payment. Instead, when the current deal ends, Firefox will adopt different default search engines in different regions, a move described as a "more local and flexible approach to increase choice and innovation on the Web." Yahoo will be the default search engine in the United States, Yandex in Russia, and Baidu in China.

Mozilla CEO Chris Beard frames this change in terms of Mozilla's independence and non-commercial status. "This is why our independence matters. Being non-profit lets us make different choices. Choices that keep the Web open, everywhere and independent." The Yahoo deal, at least, lasts for five years, and one of the conditions was that Yahoo will support Mozilla's Do Not Track header. Google will remain a pre-installed search engine option, and will continue to provide Firefox's Safe Browsing and Geolocation features.

[$] A Firefox OS 2.0 preview on the Flame

Wednesday 19th of November 2014 07:21:55 PM

Mozilla has rolled out a preview of the next major milestone in Firefox OS, its HTML-driven mobile operating system. The upcoming release is branded Firefox OS 2.0 and incorporates a number of significant changes. The preview was released first as an over-the-air update available for the Flame developer phone; since I had recently acquired such a device, I decided to take a look.

Tracing Summit 2014 videos available

Wednesday 19th of November 2014 06:33:46 PM
Videos from the Tracing Summit, that was held in Düsseldorf, Germany last month, are available on YouTube. They are also linked from the schedule.

Security advisories for Wednesday

Wednesday 19th of November 2014 05:46:50 PM

CentOS has updated libvirt (C6: multiple vulnerabilities) and libXfont (C7: multiple vulnerabilities).

Debian has updated php5 (out-of-bounds read flaw) and php5 (regression in previous update).

Fedora has updated drupal7-ckeditor (F20; F19: cross-site scripting), geary (F20: TLS certificate issues), icecream (F20; F19: code execution), and nrpe (F20: code execution).

Mandriva has updated curl (information leak), dbus (multiple vulnerabilities), and gnutls (code execution).

openSUSE has updated dbus-1 (13.2, 13.1; 12.3: denial of service) and polarssl (13.2: two vulnerabilities).

Red Hat has updated kernel (RHEL6.4: denial of service), libvirt (RHEL6: multiple vulnerabilities), and libXfont (RHEL6,7: multiple vulnerabilities).

Scientific Linux has updated libvirt (SL6: multiple vulnerabilities) and libXfont (SL6,7: multiple vulnerabilities).

Today's Debian technical committee resignation: Ian Jackson

Wednesday 19th of November 2014 01:34:19 PM
Ian Jackson has announced his immediate resignation from the Debian technical committee. "While it is important that the views of the 30-40% of the project who agree with me should continue to be represented on the TC, I myself am clearly too controversial a figure at this point to do so. I should step aside to try to reduce the extent to which conversations about the project's governance are personalised. And, speaking personally, I am exhausted." (Thanks to Mattias Mattsson).

Results for the Debian init system coupling GR

Wednesday 19th of November 2014 12:12:52 AM
The preliminary results have been announced for the Debian general resolution on init system coupling. The winning option was #4, the one saying that no general resolution is required in this situation. So there will be no change in Debian policy resulting from this vote.

EFF: Let's Encrypt

Tuesday 18th of November 2014 10:15:09 PM
The Electronic Frontier Foundation (EFF) is helping to launch a new non-profit organization that will offer free server certificates beginning in summer 2015. "Let's Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation." Let's Encrypt will be overseen by the Internet Security Research Group (ISRG), a California public benefit corporation.

Tuesday's security updates

Tuesday 18th of November 2014 05:05:46 PM

CentOS has updated libxfont (C6: multiple vulnerabilities), mariadb (C7: multiple vulnerabilities), and mysql55-mysql (C5: multiple vulnerabilities).

Fedora has updated oath-toolkit (F20: denial of service), python-requests-kerberos (F20; F19: authentication bypass), and qpid-cpp (F19: xml exchange can be induced to make http requests).

openSUSE has updated flash-player (13.2, 13.1, 12.3: multiple vulnerabilities) and libreoffice (13.2: code execution).

Red Hat has updated bash Shift_JIS (RHEL5.9: multiple vulnerabilities).

Scientific Linux has updated mariadb (SL7: multiple vulnerabilities).

SUSE has updated flash-player (SLED11 SP3: multiple vulnerabilities).

Ubuntu has updated mountall (14.10: privilege escalation).

Live kernel patching for SUSE Enterprise Linux

Tuesday 18th of November 2014 02:27:14 PM
SUSE has announced that it is now using kGraft to make live kernel patches available for its enterprise distribution. "Unlike some other Linux kernel live patching technologies, SUSE Linux Enterprise Live Patching doesn't require stopping the whole system while it performs the patching. And because it is a fully open source solution, it allows for easy code review of the patch sources. SUSE is engaging with the upstream community to help ensure a sustainable future for kernel live patching on Linux in general and SUSE Linux Enterprise specifically."

Linux for lettuce (Opensource.com)

Monday 17th of November 2014 09:26:24 PM
Opensource.com covers the founding of the Open Source Seed Initiative (OSSI) and its continuing efforts to apply the concepts of open-source to plant breeding, in an increasingly patent encumbered space. "OSSI’s de facto leader is Jack Kloppenburg, a social scientist at the University of Wisconsin who has been involved with issues concerning plant genetic resources since the 1980s. He has published widely about the concept behind OSSI, and his words are now echoed (even copied verbatim) by public plant-breeding advocates in Germany, France, and India. As he explains it, for most of human history, seeds have naturally been part of the commons—those natural resources that are inherently public, like air or sunshine. But with the advent of plant-related intellectual property and the ownership it enables, this particular part of the commons has become a resource to be mined for private gain. Thus the need for a protected commons—open source seed. Inspired by open source software, OSSI’s idea is to use “the master’s tools” of intellectual property, but in ways the master never intended: to create and enforce an ethic of sharing."

Colin Watson resigns from Debian Technical Committee

Monday 17th of November 2014 05:44:49 PM
Colin Watson announced his resignation from the Debian Technical Committee before Russ. "I appreciate that the timing is such that this looks like a response to Joey's mails, or perhaps to some other recent discussions. That isn't the case. I've been doing a good deal of refactoring of my life recently as a result of realising that I was burning out, and right now it's important that I make an effort to spend my Debian time on things I find relaxing rather than things I've been finding stressful." (Thanks to Jeff Schroeder)

Security advisories for Monday

Monday 17th of November 2014 05:15:27 PM

Debian has updated libgcrypt11 (side-channel attack).

Fedora has updated kde-workspace (F20; F19: privilege escalation), kernel (F19: multiple vulnerabilities), and konversation (F20; F19: information disclosure).

Gentoo has updated wget (symlink attack).

Mageia has updated dbus (denial of service), gnutls (code execution), kernel (MG4; MG3: multiple vulnerabilities), kernel-linus (MG4; MG3: multiple vulnerabilities), kernel-tmb (MG4; MG3: multiple vulnerabilities), and kernel-vserver (MG4: multiple vulnerabilities).

Red Hat has updated mariadb (RHEL7: multiple vulnerabilities), mariadb55-mariadb (RHSCL1: multiple vulnerabilities), and mysql55-mysql (RHEL5; RHSCL1: multiple vulnerabilities).

Scientific Linux has updated mysql55-mysql (SL5: multiple vulnerabilities).

Slackware has updated mozilla (multiple vulnerabilities).

Russ Allbery leaves the Debian technical committee

Monday 17th of November 2014 02:04:35 PM
Another resignation in the Debian camp: Russ Allbery has become the second member of the project's technical committee to leave that committee. "I think project governance is a hard problem, and a worthwhile problem, and I hope that someone with good ideas will step forward and work on that problem. Debian is one of the largest free software projects, and one that faces a large number of hard decisions. If we can do that work well, it would be a valuable contribution to the broader community. But, right now, I don't feel like I'm helping that process, and at times am making it worse."

More in Tux Machines

SolydX 201411 Is a Rolling Release Alternative to Linux Mint Debian Xfce

SolydX, a Debian-based distribution that features the Xfce desktop environment and uses a rolling release model, is now at version 201411 and is ready for download. Read more

Linux-Based Beautiful Jolla Tablet Registers Fantastic Success on Indigogo

Jolla is a new tablet developed by a team of people who used to work for Nokia and it's powered by a Linux-driver operating system called Sailfish OS. The recently launched crowdfunding campaign has surpassed any expectations. Read more

WordPress 4.0.1 Updates Millions of Sites for 8 Flaws

Millions of open-source WordPress site owners received email notifications over the last 24 hours advising them of a site update. The new WordPress 4.0.1 update provides multiple security fixes and data-hardening improvements to help secure WordPress sites. The WordPress 4.0.1 update is the first incremental update for WordPress since the 4.0 release in September. The 4.0.1 update provides 23 bug fixes and an additional 8 security vulnerability fixes. Read more

V2 Of KDBUS Published For Linux Kernel Review

The second revision to the Linux kernel based D-Bus implementation is now available for review. Greg Kroah-Hartman on Thursday night posted the "v2" revision of the KDBUS implementation for providing the kernel with a new IPC implementation that resembles the existing user-space D-Bus daemon while adding extra features. Among the changes in this revision to KDBUS are exposing its control files and other information via a new kdbusfs file-system, KDBUS expects to be mounted to /sys/fs/kdbus, a new KDBUS domain is created for each time kdbusfs is mounted, and various other low-level changes. More details via the patch-set series. It's not clear yet whether KDBUS will be ready for merging in the Linux 3.19 kernel or will be held off until Linux 3.20 or longer. Read more