Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 26 min ago

[$] X and SteamOS

8 hours 35 min ago
In a talk entitled "SteamOS Magic", longtime X developer Keith Packard looked at the new Linux "distribution" and the effort to turn the Linux desktop into a gaming console. It turns out that, with a fairly small amount of code, Steam and SteamOS creator, Valve, was able to take the existing X-based desktop and turn it into a "living-room experience".

Click below (subscribers only) for the full report from LinuxCon North America.

Security advisories for Wednesday

10 hours 11 min ago

Debian has updated apt (multiple vulnerabilities) and dbus (multiple vulnerabilities).

Red Hat has updated krb5 (RHEL5: code execution).

SUSE has updated procmail (SLE11 SP3: code execution) and kernel (SLES11 SP1: multiple vulnerabilities).

Ubuntu has updated apt (multiple vulnerabilities), libav (12.04: code execution), and openjdk-7 (14.04: updates for arm64 and ppc64el).

Garrett: ACPI, kernels and contracts with firmware

14 hours 6 min ago
Matthew Garrett writes about the challenges faced by the developers working on ACPI-based ARM systems. "Somebody is going to need to take responsibility for tracking ACPI behaviour and incrementing the exported interface whenever it changes, and we need to know who that's going to be before any of these systems start shipping. The alternative is a sea of ARM devices that only run specific kernel versions, which is exactly the scenario that ACPI was supposed to be fixing."

[$] OpenSSL's new security policy

17 hours 16 min ago

The OpenSSL project is widely known due to its broad adoption as the SSL/TLS library of choice for open-source software—though, in April, it also became widely known because of a particularly vicious security vulnerability. To a large degree, the project weathered the storm, but the project has also undertaken some changes in the wake of the incident. The most recent is the adoption of a public security policy describing how issues of various kinds will be dealt with.

openSUSE statement on the recent Merger announcement

Tuesday 16th of September 2014 11:31:41 PM
SUSE's parent entity, the Attachmate Group has entered into an agreement to merge with Micro Focus, prompting some to wonder about how that might affect openSUSE. SUSE's President and General Manager, Nils Brauckmann has contacted the openSUSE Board with a reassuring message. "Business as Usual: There are no changes planned for the SUSE business structure and leadership."

SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn (The Register)

Tuesday 16th of September 2014 05:48:23 PM
The Register reports that SUSE Linux owner Attachmate Group is being purchased by Micro Focus International. "Micro Focus is taking Attachmate Group in exchange for 86.60 million shares, in a deal described as a merger. The combined companies will create a “leading global infrastructure software company” with revenue of $1.4bn, Micro Focus said. The deal is expected to close in November."

New MINIX release for x86 and ARM is BSD compatible

Tuesday 16th of September 2014 05:36:59 PM
Andrew Tanenbaum has announced the release of MINIX 3.3.0, a major new release of the OS. "It is based on a tiny (13 KLoC) microkernel with the operating system running as a set of protected user-mode processes. Each device driver is also a separate process. If a driver fails, it is automatically and transparently restarted without rebooting and without applications even noticing, making the system self-healing. In addition to the x86, the ARM Cortex A8 is now supported, with ports to the BeagleBoard and BeagleBone available. Finally, the entire userland has been redone to make it NetBSD compatible, with thousands of NetBSDpackages available out of the box."

Tuesday's security updates

Tuesday 16th of September 2014 03:59:27 PM

CentOS has updated axis (C6; C5: SSL hostname verification bypass).

openSUSE has updated php5 (13.1, 12.3: multiple vulnerabilities), ppp (13.1, 12.3: privilege escalation), python-django (13.1, 12.3: multiple vulnerabilities), and flash-player (11.4: multiple vulnerabilities).

Oracle has updated axis (OL6; OL5: SSL hostname verification bypass).

Red Hat has updated automake (RHEL5: code execution), bind97 (RHEL5: denial of service), conga (RHEL5: multiple vulnerabilities), krb5 (RHEL5: multiple vulnerabilities), and nss, nspr (RHEL5: multiple vulnerabilities).

Scientific Linux has updated axis (SL5&6: SSL hostname verification bypass).

SUSE has updated glibc (SLES10 SP3; SLES11 SP2: multiple vulnerabilities).

Ubuntu has updated python-django (multiple vulnerabilities).

The road to Rust 1.0

Tuesday 16th of September 2014 01:04:41 PM
The Rust Programming Language Blog has an article describing recent changes to the language and what remains to be done for the eventual 1.0 release. "The key to all these changes has been a focus on the core concepts of ownership and borrowing. Initially, we introduced ownership as a means of transferring data safely and efficiently between tasks, but over time we have realized that the same mechanism allows us to move all sorts of things out of the language and into libraries. The resulting design is not only simpler to learn, but it is also much 'closer to the metal' than we ever thought possible before. All Rust language constructs have a very direct mapping to machine operations, and Rust has no required runtime or external dependencies."

RPM 4.12.0 released

Tuesday 16th of September 2014 12:48:38 PM
Version 4.12.0 of the RPM package manager is out. New features include weak dependencies ("suggests," "recommends," "supplements," and "enhances" tags), a new rpm2archive utility to turn a package into a tar archive, lots of internal improvements, the removal of the "collections" feature, and, for those who think it is wise, the ability to put files larger than 4GB into a package.

Intel's Edison Brings Yocto Linux to Wearables (Linux.com)

Monday 15th of September 2014 11:04:54 PM
Linux.com takes a look at Intel's Edison computing module. "Linux-based platforms for wearables include Android Wear, Samsung's Tizen SDK for Wearables, and now Intel's Yocto Linux and Intel Atom-based Edison computing module. The Edison was released last week in conjunction with the Intel Developer Forum. Prior to the formal launch, some 70 Intel Edison beta units have been seeded, forming the basis for about 40 Edison-based projects, says Intel."

Freenode server compromised

Monday 15th of September 2014 07:48:18 PM
The freenode infrastructure team found a server issue that indicated that an IRC server may have been compromised. "We immediately started an investigation to map the extent of the problem and located similar issues with several other machines and have taken those offline. For now, since network traffic may have been sniffed, we recommend that everyone change their NickServ password as a precaution." (Thanks to Paul Wise)

Security advisories for Monday

Monday 15th of September 2014 04:59:10 PM

Fedora has updated curl (F20: two cookie-handling vulnerabilities), GraphicsMagick (F19: code execution), libreoffice (F20: file disclosure), and procmail (F20: code execution).

Mageia has updated dump (denial of service/possible code execution), glibc (two vulnerabilities), libgadu (missing ssl certificate validation), mariadb (code execution), and moodle (two vulnerabilities).

openSUSE has updated LibreOffice (13.1, 12.3: two vulnerabilities).

Red Hat has updated axis (RHEL5&6: SSL hostname verification bypass), python-django-horizon (RHEL OSP4.0: multiple vulnerabilities), and qemu-kvm-rhev (RHEL OSP4&5, RHEL6: code execution).

SUSE has updated firefox (SLES11 SP1: multiple vulnerabilities), flash-player (SLED11 SP3: multiple vulnerabilities), and glibc (SLE11 SP3: code execution).

Ubuntu has updated curl (two cookie-handling vulnerabilities).

LedgerSMB 1.4.0 released

Monday 15th of September 2014 02:43:19 PM
Version 1.4.0 of the LedgerSMB accounting system is out. It features a new contact management subsystem, a reworked report generation subsystem, better integration with other business applications, and more. The announcement left out download information; those who are interested can find the software at ledgersmb.org.

Kernel prepatch 3.17-rc5

Monday 15th of September 2014 01:11:19 PM
The fifth 3.17 prepatch is out. "So I should probably have delayed this until Wednesday for sentimental reasons: that will be 23 years since I uploaded the 0.01 source tree. But I'm not an overly sentimental person, so screw that. I'm doing my normal Sunday release." Linus noted that this is a relatively large set of changes, so any thoughts of doing an early 3.17 release (to avoid conflicts between the merge window and his travel plans) have to be put aside.

Klumpp: Listaller: Back to the future!

Friday 12th of September 2014 09:27:03 PM

At his blog, Matthias Klumpp provides an update on recent work in Listaller, the cross-distribution framework for third-party package installation. The core issue is that Listaller currently relies on PackageKit's plugin infrastructure, which is going away. As a result, Klumpp has started work on a substantial rewrite of Listaller that will integrate with AppStream and other up-to-date tools. He is also, notably, taking this opportunity to trim down the project in other respects: "The new incarnation of Listaller will only support installations of statically linked software at the beginning. We will start with a very small, robust core, and then add more features (like dependency-solving) gradually, but only if they are useful. There will be no feature-creep like in the previous version."

Friday's security updates

Friday 12th of September 2014 02:46:01 PM

Debian has updated bind9 (denial of service) and gnupg (key disclosure).

SUSE has updated glibc (SLES10 SP4; SLES11 SP1: multiple vulnerabilities) and firefox (SLES10 SP3; SLES10 SP4: multiple vulnerabilities).

Ubuntu has updated thunderbird (12.04, 14.04: multiple vulnerabilities).

Hertzog: Freexian’s first report about Debian Long Term Support

Thursday 11th of September 2014 09:14:15 PM
On his blog, Raphaël Hertzog reports on the first few months of work on Debian Long Term Support (LTS). Official support for Debian 6.0 (Squeeze) ended in May and the LTS is an effort to continue the support until February 2016 (five years after the original release). Hertzog's company, Freexian, is collecting subscriptions to pay Debian developers to work on the LTS. Reports from the two developers sponsored, Thorsten Alteholz and Holger Levsen, are also linked from the report. "It’s worth noting that Freexian sponsored Holger’s work to fix the security tracker to support squeeze-lts. It’s my belief that using the money of our sponsors to make it easier for everybody to contribute to Debian LTS is money well spent. As evidenced by the progress bar on Freexian’s offer page, we have not yet reached our minimal goal of funding the equivalent of a half-time position. And it shows in the results, the dla-needed.txt still shows around 30 open issues. This is slightly better than the state two months ago but we can improve a lot on the average time to push out a security update…" (Thanks to Paul Wise.)

Yao: The State of ZFS on Linux

Thursday 11th of September 2014 07:56:00 PM
At the ClusterHQ blog, Richard Yao looks at the current status of the ZFSOnLinux (ZoL) project. He argues that ZoL is ready for production use for a number of different reasons, all of which boil down to the belief that the ZFS filesystem port to Linux has achieved the same level of data integrity, runtime stability, and features as have the other platforms where ZFS runs. "Sharing a common code base with other Open ZFS platforms has given ZFS on Linux the opportunity to rapidly implement features available on other Open ZFS platforms. At present, Illumos is the reference platform in the Open ZFS community and despite its ZFS driver having hundreds of features, ZoL is only behind on about 18 of them."

Thursday's security advisories

Thursday 11th of September 2014 02:18:54 PM

Debian has updated curl (two cookie-handling vulnerabilities) and file (regression in previous security update).

Fedora has updated qemu (F20: information leak).

openSUSE has updated glibc (13.1, 12.3: three vulnerabilities) and procmail (13.1, 12.3: code execution).

Oracle has updated kernel 2.6.39 (OL6; OL5: denial of service), kernel 2.6.32 (OL6; OL5: two vulnerabilities), kernel 3.8.13 (OL7; OL6: denial of service), and procmail (OL5: code execution).

SUSE has updated firefox (SLE11SP2: two vulnerabilities) and LibreOffice (SLE11SP3: two vulnerabilities, one from 2013).

More in Tux Machines

Leftovers: Software

  • diction: The words you choose and why
  • style: Similar idea, different direction
  • SMS based Cosmos Browser for the developing countries
    Browsing the internet has different meaning to different people. While to some the web is a source of entertainment, to others it is a valuable and source of learning. Sadly enough, the internet is not widely available and easily affordable everywhere in the globe. Slow network speed is another problem. Developer Stefan Aleksic of ColdSauce tries to find a solution in an SMS (text) based browser for the third world countries which are yet to see the internet as we know it. He has named it the Cosmos Browser. If you ever used elinks on Linux, you know how efficient and low-bandwidth text only browsing can be. Of course, it is not meant for visiting a website for downloading wallpapers, but it is more than sufficient if you want to read some information from the web. Cosmos will work on text and will not need any data plan or WiFi.
  • Keyboard Modifiers State indicator For Ubuntu: Xkbmod Indicator

today's howtos

Leftovers: Gaming

Sorry, Windows 9 Fans, This Is How Multiple Desktops Should Work – Video

The Linux platform has always taken pride in this cool feature. Having multiple desktops is a great way to increase the productivity and there are numerous means to implement it. Lots of Linux distributions have this option, which is used in various ways. Read more