Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 5 hours 18 sec ago

More stable kernel updates

Saturday 22nd of October 2016 03:33:46 PM
The 4.8.4, 4.7.10, and 4.4.27 stable updates are out. These would appear to contain the usual fixes. Note that 4.7.10 is the end of the line for the 4.7.x series.

[$] Dirty COW and clean commit messages

Friday 21st of October 2016 05:08:07 PM
We live in an era of celebrity vulnerabilities; at the moment, an unpleasant kernel bug called "Dirty COW" (or CVE-2016-5195) is taking its turn on the runway. This one is more disconcerting than many due to its omnipresence and the ease with which it can be exploited. But there is also some unhappiness in the wider community about how this vulnerability has been handled by the kernel development community. It may well be time for the kernel project to rethink its approach to serious security problems.

Friday's security updates

Friday 21st of October 2016 02:50:26 PM

Debian-LTS has updated bind9 (denial of service).

Fedora has updated libgit2 (F23: two vulnerabilities).

Mageia has updated kernel (three vulnerabilities), libtiff (multiple vulnerabilities, two from 2015), and openslp (code execution).

openSUSE has updated dbus-1 (13.2: code execution), ghostscript-library (42.1: three vulnerabilities, one from 2013), roundcubemail (42.1: two vulnerabilities), and squidGuard (42.1: cross-site scripting from 2015).

Red Hat has updated bind (RHEL6&5: denial of service) and bind97 (RHEL5: denial of service).

Scientific Linux has updated bind (SL6&5: denial of service) and bind97 (SL5: denial of service).

Ubuntu has updated bind9 (12.04: denial of service).

Ranking the Web With Radical Transparency (

Thursday 20th of October 2016 11:29:53 PM interviews Sylvain Zimmer, founder of the Common Search project, which is an effort to create an open web search engine. "Being transparent means that you can actually understand why our top search result came first, and why the second had a lower ranking. This is why people will be able to trust us and be sure we aren't manipulating results. However for this to work, it needs to apply not only to the results themselves but to the whole organization. This is what we mean by 'radical transparency.' Being a nonprofit doesn't automatically clear us of any ulterior motives, we need to go much further. As a community, we will be able to work on the ranking algorithm collaboratively and in the open, because the code is open source and the data is publicly available. We think that this means the trust in the fairness of the results will actually grow with the size of the community."

More information about Dirty COW (aka CVE-2016-5195)

Thursday 20th of October 2016 09:12:39 PM
The security hole fixed in the stable kernels released today has been dubbed Dirty COW (CVE-2016-5195) by a site devoted to the kernel privilege escalation vulnerability. There is some indication that it is being exploited in the wild. Ars Technica has some additional information. The Red Hat bugzilla entry and advisory are worth looking at as well.

Security advisories for Thursday

Thursday 20th of October 2016 03:49:08 PM

CentOS has updated java-1.8.0-openjdk (C7; C6: multiple vulnerabilities).

Debian has updated kernel (multiple vulnerabilities, one from 2015).

Debian-LTS has updated kernel (multiple vulnerabilities, one from 2015) and libxvmc (code execution).

Fedora has updated glibc-arm-linux-gnu (F23: denial of service) and perl-DBD-MySQL (F23: denial of service).

Oracle has updated java-1.8.0-openjdk (OL7; OL6: multiple vulnerabilities).

Red Hat has updated java-1.6.0-sun (multiple vulnerabilities), java-1.7.0-oracle (multiple vulnerabilities), and java-1.8.0-oracle (RHEL7&6: multiple vulnerabilities).

Scientific Linux has updated java-1.8.0-openjdk (SL7&6: multiple vulnerabilities).

SUSE has updated quagga (SLE11: code execution).

Ubuntu has updated kernel (12.04; 14.04; 16.04; 16.10: privilege escalation), linux-lts-trusty (12.04: privilege escalation), linux-lts-xenial (14.04: privilege escalation), linux-raspi2 (16.04: privilege escalation), linux-snapdragon (16.04: privilege escalation), and linux-ti-omap4 (12.04: privilege escalation).

An important set of stable kernel updates

Thursday 20th of October 2016 01:44:39 PM
The 4.8.3, 4.7.9, and 4.4.26 stable kernel updates have been released. There's nothing in the announcements to indicate this, but they all contain a fix for CVE-2016-5195, a bug that can allow local attackers to overwrite files they should not have write access to. So the "all users must upgrade" message seems more than usually applicable this time around.

[$] Weekly Edition for October 20, 2016

Thursday 20th of October 2016 12:02:41 AM
The Weekly Edition for October 20, 2016 is available.

Security advisories for Wednesday

Wednesday 19th of October 2016 04:52:17 PM

Debian has updated quagga (stack overrun) and tor (denial of service).

Debian-LTS has updated dwarfutils (multiple vulnerabilities), guile-2.0 (two vulnerabilities), libass (two vulnerabilities), libgd2 (two vulnerabilities), libxv (insufficient validation), and tor (denial of service).

Fedora has updated epiphany (F24: unspecified), ghostscript (F24; F23: multiple vulnerabilities), glibc-arm-linux-gnu (F24: denial of service), guile (F24: two vulnerabilities), libgit2 (F24: two vulnerabilities), openssh (F23: null pointer dereference), qemu (F24: multiple vulnerabilities), and webkitgtk4 (F24: unspecified).

Mageia has updated asterisk (denial of service), flash-player-plugin (multiple vulnerabilities), kernel (multiple vulnerabilities), and mailman (password disclosure).

Red Hat has updated java-1.8.0-openjdk (RHEL6, 7: multiple vulnerabilities), kernel (RHEL6.7: use-after-free), and mariadb-galera (RHOSP8: SQL injection/privilege escalation).

Live kernel patches for Ubuntu

Wednesday 19th of October 2016 02:33:54 PM
Canonical has announced the availability of a live kernel patch service for the 16.04 LTS release. "It’s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads." Up to three systems can be patched for free; the service requires a fee thereafter. There is a long FAQ about the service in this blog post; it appears to be based on the mainline live-patching functionality with some Canonical add-ons.

Kügler: Plasma’s road ahead

Tuesday 18th of October 2016 07:36:01 PM
Sebastian Kügler reports on KDE's Plasma team meeting. "We took this opportunity to also look and plan ahead a bit further into the future. In what areas are we lacking, where do we want or need to improve? Where do we want to take Plasma in the next two years?" Specific topics include release schedule changes, UI and theming improvements, feature backlog, Wayland, mobile, and more. (Thanks to Paul Wise)

Tuesday's security updates

Tuesday 18th of October 2016 04:22:57 PM

Debian-LTS has updated libarchive (three vulnerabilities), libxrandr (insufficient validation), libxrender (insufficient validation), and quagga (stack overrun).

openSUSE has updated ffmpeg (Leap42.1; SPH for SLE12: multiple vulnerabilities) and kcoreaddons (Leap42.1, 13.2; SPH for SLE12: HTML injection).

Red Hat has updated atomic-openshift (RHOSCP: authentication bypass), kernel (RHEL6.5: privilege escalation), and openssl (RHEL6.7: multiple vulnerabilities).

[$] Graphics world domination may be closer than it appears

Tuesday 18th of October 2016 02:25:40 PM
The mainline kernel has support for a wide range of hardware. One place where support has traditionally been lacking, though, is graphics adapters. As a result, a great many people are still using proprietary, out-of-tree GPU drivers. Daniel Vetter went before the crowd at Kernel Recipes 2016 to say that the situation is not as bad as some think; indeed, he said, in this area as well as others, world domination is proceeding according to plan.

Secure Your Containers with this One Weird Trick (RHEL Blog)

Monday 17th of October 2016 05:55:41 PM
Over on the Red Hat Enterprise Linux Blog, Dan Walsh writes about using Linux capabilities to help secure Docker containers. "Let’s look at the default list of capabilities available to privileged processes in a docker container: chown, dac_override, fowner, fsetid, kill, setgid, setuid, setpcap, net_bind_service, net_raw, sys_chroot, mknod, audit_write, setfcap. In the OCI/runc spec they are even more drastic only retaining, audit_write, kill, and net_bind_service and users can use ocitools to add additional capabilities. As you can imagine, I like the approach of adding capabilities you need rather than having to remember to remove capabilities you don’t." He then goes through the capabilities listed describing what they govern and when they might need to be turned on for a container application.

Security advisories for Monday

Monday 17th of October 2016 03:40:38 PM

Arch Linux has updated guile (two vulnerabilities).

Debian has updated libgd2 (denial of service).

Debian-LTS has updated icedove (multiple vulnerabilities), libarchive (file overwrite), libdbd-mysql-perl (denial of service), and mpg123 (denial of service).

Fedora has updated chromium (F24: multiple vulnerabilities).

Gentoo has updated oracle-jdk-bin (multiple vulnerabilities).

openSUSE has updated thunderbird (13.1: multiple vulnerabilities) and tiff (13.1: denial of service).

Oracle has updated openssl (OL5: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities).

A set of stable kernels

Sunday 16th of October 2016 06:35:49 PM
The 4.8.2, 4.7.8, and 4.4.25 stable kernels have been released. Each contains the usual set of important fixes.

The 4.9 merge window closes

Saturday 15th of October 2016 08:10:59 PM
Linus has released 4.9-rc1 and closed the merge window for this release one day earlier than some might have expected. "My own favorite 'small detail under the hood' happens to be Andy Lutomirski's new virtually mapped kernel stack allocations. They make it easier to find and recover from stack overflows, but the effort also cleaned up some code, and added a kernel stack mapping cache to avoid any performance downsides." The virtually mapped kernel stack work was covered here in June. There were 14,308 non-merge changesets pulled for this release, meaning that 4.9 will be, by far, the busiest development cycle ever.

Celebrating open standards around the world

Friday 14th of October 2016 07:04:13 PM celebrates World Standards Day on October 14. "Whether in the world of software, where without standards we would have been unable to connect the world through the Internet and the World Wide Web, or the physical world, where standards make nearly everything you buy easier, more useful, and safer, the world would be a difficult place to navigate without standards. And critical to the useful of standards is making them available to all in an accessible, free format, unencumbered by legal or other hurdles."

[$] PostgreSQL 9.6 improves synchronous replication and more

Friday 14th of October 2016 06:05:58 PM
The PostgreSQL project released version 9.6 on September 29th. This new major release has an assortment of new goodies for PostgreSQL fans, including parallel query and phrase search, new options for synchronous replication, remote query execution using foreign data wrappers, "crosstab" data transformations in psql, and more. Together with version 9.6, the community released a completely rewritten version of the pgAdmin database graphical interface. We'll explore multiple synchronous replicas, foreign data wrapper changes, crosstabs and the new pgAdmin here.

Friday's security advisories

Friday 14th of October 2016 04:05:32 PM

Arch Linux has updated gdk-pixbuf2 (denial of service).

Debian has updated freeimage (two vulnerabilities).

Debian-LTS has updated libxfixes (integer overflow).

Fedora has updated dbus (F24: code execution) and xen (F24; F23: three vulnerabilities).

openSUSE has updated compat-openssl098 (Leap42.1: multiple vulnerabilities), derby (13.2: information leak), libreoffice (Leap42.1: code execution), php5 (Leap42.1: multiple vulnerabilities), go1.4 (SPH for SLE12: denial of service), systemd (Leap42.1: denial of service), and unzip (13.2: two vulnerabilities).

Oracle has updated kernel 4.1.12 (OL7; OL6: stack corruption).

Red Hat has updated mariadb-galera (RHOSP9; RHELOSP7 for RHEL7; RHELOSP6 for RHEL7; RHELOSP5 for RHEL7; RHELOSP5 for RHEL6: SQL injection/privilege escalation).

SUSE has updated xen (SLE12; SLES11-SP2: multiple vulnerabilities).

Ubuntu has updated linux-ti-omap4 (12.04: three vulnerabilities).

More in Tux Machines

Leftovers: Software

  • i2pd 2.10 released
    i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client. I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses. I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers). I2P allows people from all around the world to communicate and share information without restrictions.
  • Pixeluvo Review | Photo Editor for Linux & Windows
    A review of Pixeluvo, a great photo editor available on Linux and Windows. Pixeluvo is not free or open source.
  • Blit, A Retrospective On My Largest Project Ever
    I’ve always been someone who’s liked art and programming. Especially combining the two. One of my favorite genres is pixel art, or sprites as they are also known. I’ve dabbled in making a few other art programs before, but nothing like this. Originally Blit supposed to be only a sprite animation tool that had a modern look and feel, but my ideas for it grew greater (*sigh* feature creep). There are many other sprinting tools out there like GrafX2, Aseprite, (and other 2D animation programs like TVPaint). I’m not saying that it’s wrong that they make their own GUI toolkit, but it feels kind of odd. I really wanted to bring these types of programs out of the days of the Amiga. After doing some initial research, I settled on using Qt.
  • An alert on the upcoming 7.51.0 release
    In two weeks time, on Wednesday November 2nd, we will release curl and libcurl 7.51.0 unless something earth shattering happens.
  • Desktop Gmail Client `WMail` 2.0.0 Stable Released
    WMail is a free, open source desktop client for Gmail and Google Inbox, available for Linux, Windows, and Mac.
  • SpaceView: Ubuntu File System Usage Indicator
  • FunYahoo++: New Yahoo Messenger Plugin For Pidgin / libpurple [PPA]
    Yahoo retired its old Messenger protocol in favor of a new one, breaking compatibility with third-party applications, such as Pidgin, Empathy, and so on. Eion Robb, the SkypeWeb and Hangouts developer, has created a replacement Yahoo prpl plugin, called FunYahoo++, that works with the new Yahoo Messenger protocol. Note that I tested the plugin with Pidgin, but it should work with other instant messaging applications that support libpurple, like BitlBee or Empathy.
  • GCC Lands Loop Splitting Optimization
    The latest GCC 7 development code has an optimization pass now for loop splitting.
  • GCC 7 To End Feature Development Next Month
    Friday's GCC 7 status report indicates the feature freeze is coming up in just a few weeks. Red Hat developer Jakub Jelinek wrote in the latest status report, "Trunk which will eventually become GCC 7 is still in Stage 1 but its end is near and we are planning to transition into Stage 3 starting Nov 13th end of day time zone of your choice. This means it is time to get things you want to have in GCC 7 finalized and reviewed. As usual there may be exceptions to late reviewed features but don't count on that. Likewise target specific features can sneak in during Stage 3 if maintainers ok them."
  • GNU Parallel 20161022 ('Matthew') released [stable]
    GNU Parallel 20161022 ('Matthew') [stable] has been released. It is available for download at: No new functionality was introduced so this is a good candidate for a stable release.
  • GNU Health 3.0.4 patchset released
    GNU Health 3.0.4 patchset has been released !
  • guile-ncurses 2.0 released
    I am pleased to announce the release of guile-ncurses 2.0 guile-ncurses is a library for the creation of text user interfaces in the GNU Guile dialect of the Scheme programming language. It is a wrapper to the ncurses TUI library. It contains some basic text display and keyboard and mouse input functionality, as well as a menu widget and a form widget. It also has lower level terminfo and termios functionality.
  • Unifont 9.0.03 Released
    Unifont 9.0.03 is released. The main changes are the addition of the Pikto and Tonal ConScript Unicode Registry scripts.
  • PATHspider 1.0.0 released!
    In today’s Internet we see an increasing deployment of middleboxes. While middleboxes provide in-network functionality that is necessary to keep networks manageable and economically viable, any packet mangling — whether essential for the needed functionality or accidental as an unwanted side effect — makes it more and more difficult to deploy new protocols or extensions of existing protocols. For the evolution of the protocol stack, it is important to know which network impairments exist and potentially need to be worked around. While classical network measurement tools are often focused on absolute performance values, PATHspider performs A/B testing between two different protocols or different protocol extensions to perform controlled experiments of protocol-dependent connectivity problems as well as differential treatment.
  • The Domain Name System

today's howtos

Leftovers: KDE

  • Happy 20th birthday, KDE!
    KDE turned twenty recently, which seems significant in a world that seems to change so fast. Yet somehow we stay relevant, and excited to continue to build a better future. Lydia asked recently on the KDE-Community list what we were most proud of.
  • SETI – Week of Information Technology
  • KDevelop for Windows available on Chocolatey now
    Which is already great in itself! But now it's also possible to install it via the super popular Windows package manager for Windows, Chocolatey.
  • colord-kde 0.5.0 released!
    Last official stable release was done more than 3 years ago, it was based on Qt/KDE 4 tech, after that a few fixes got in what would be 0.4.0 but as I needed to change my priorities it was never released. Thanks to Lukáš Tinkl it was ported to KF5, on his port he increased the version number to 0.5.0, still without a proper release distros rely on a git checkout.
  • Call for attendees Lakademy 2017
    As many of you know, since 2012 we organize the Lakademy, a sort of Latin American Akademy. The event brings together KDE Latin American contributors in hacking sessions to work on their projects, promo meetings to think KDE dissemination strategies in the region and other activities.
  • Plasma 5 Desktop on FreeBSD Branding
    The FreeBSD packages of KDE software — the KDE 4 desktop, and soon KDE Frameworks 5 and Plasma 5 Desktop and KDE Applications — have traditionally been shipped pretty much as delivered from the upstream source. We compile, we package, and there is very little customization we do as a “distro”. The KDE 4 packages came with a default wallpaper that was a smidgen different from the one shipped with several Linux distro’s. I think Ivan Cukic did that artwork originally. For Plasma 5 Desktop, we also wanted to do a tiny bit of branding — just the default wallpaper for new users, mind.
  • A bit on Tooling
    So on the weekend I also worked on updating Qt 5.6.1 to Qt 5.6.2 on FreeBSD, which involves using new and scary tools as well. Power tools, they can be really useful, or they can take off a finger if you’re not careful. In this case it was Phabricator, which is also used in KDE — but not everywhere in KDE. For FreeBSD, the tool is used to review updates to ports (the packaging instructions), so I did an update of Qt from 5.6.1 to 5.6.2 and we handled the review through FreeBSD’s Phab. The ports infrastructure is stored in SVN, so the review is relatively straightforward: update the ports-tree checkout, apply your changes, use arc to create or update a review request. I was amazed by how painless it was — somehow I’d been frightened. Using the tool once, properly, makes a big difference in self-confidence.
  • Krita 3.1 second beta.
    The Krita 3.1 beta come with a full features and fixes. The linux version to download your krita-3.0.91-x86_64.appimage.
  • Second Beta for Krita 3.1 Available
    We’re still fixing bugs like madmen… And working on some cool new features as well, but that’s for a later release. In any case, here is the second Krita 3.1 beta! Yes, you’re reading that correctly. Originally, we had planned to use 3.0.2 as the version for this release, but there is so much news in it that it merits a bigger version bump.


  • Consequences of the HACK CAMP 2016 FEDORA + GNOME
    I used to do install parties in order to promote the use of FEDORA and GNOME project since five years ago. As you can see more details in the Release Party FEDORA 17 for Fedora, and Linux Camp 2012, GNOME PERU 2013, GNOME PERU 2014...
  • GNOME Shell Making It Easy To Launch Apps/Games For Optimus / Dual GPU Systems
    With the GNOME 3.24 desktop that's currently in development the latest GNOME Shell code has support for easily letting the user launch an app on a dedicated GPU when applicable for handling NVIDIA Optimus use-cases of having integrated and discrete GPU laptops. When a dual-GPU system is detected, a menu item will be added to opt for "Launch using Dedicated Graphics Card", per this commit. The GNOME Shell change for supporting discrete GPUs was made and when the user opts to launch on the dedicated GPU, the DRI_PRIME=1 environment variable will automatically be set for that new program/game.