LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Updated: 1 hour 4 min ago
Xda developers looks
coming to the F-Droid repository of free/open source
apps for Android. The next version of F-Droid will have screenshot and
feature graphics, bulk download and install, improved notifications for
downloads and pending updates, and the ability to translate apps metadata.
"F-Droid is conducting further field tests to ensure that usability
issues with the new design are identified and resolved before the alpha
releases for v0.103 is rolled out to the public. The team is also inviting feedback and suggestions
to further improve the client. Additionally, the team mentions that this is one of the many improvements happening to the broader F-Droid ecosystem in 2017, and there’s more to come."
Security updates have been issued by Arch Linux (jenkins, libtiff, and webkit2gtk), Debian (ghostscript, kernel, and libreoffice), Fedora (dovecot, kernel, and tomcat), Mageia (firefox and tomcat), openSUSE (backintime and ffmpeg), and Ubuntu (ghostscript, libxslt, and nss).
The Debian release team has a few words about the upcoming Debian 9
"stretch" release. "At a recent team meeting, we decided that
support for Secure Boot in the forthcoming Debian 9 "stretch" would no
longer be a blocker to release. The likely, although not certain outcome is
that stretch will not have Secure Boot support." If stretch does
not release with Secure Boot support, it is possible that it will be
introduced later. Other than that, the number of Release Critical bugs
continues to drop and the team is considering the arrangements for the
Tor 0.3.0.6, the first stable release of the Tor 0.3.0 series, is available
. "With the 0.3.0 series, clients and relays now use Ed25519 keys to authenticate their link connections to relays, rather than the old RSA1024 keys that they used before. (Circuit crypto has been Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced the guard selection and replacement algorithm to behave more robustly in the presence of unreliable networks, and to resist guard- capture attacks."
The Linux kernel is highly scalable but, while it runs nicely on the
world's largest computers, it is not an entirely comfortable fit on the
smallest. The difficulties involved in running Linux on machines with 1MB
or less of memory have left an opening for other operating systems, such as
, with lower memory
needs. Some developers have not given up on scaling Linux to the smallest
computers, but the approaches they have to take have always been a bit of a
hard sell with the rest of the development community. Nicolas Pitre's minitty
patch set is a case in point.
Greg Kroah-Hartman has released stable kernels 4.10.13
, and 4.4.64
. They all contain important fixes and
users should upgrade.
Security updates have been issued by Debian (freetype, jasper, python-django, slurm-llnl, and weechat), Fedora (dovecot and pcre2), Gentoo (adobe-flash), openSUSE (curl, gstreamer-plugins-base, libsndfile, and tiff), and Ubuntu (mysql-5.5, mysql-5.7).
The LWN.net Weekly Edition for April 27, 2017 is available.
states: "In any dispute the intensity of feeling is inversely
proportional to the value of the issues at stake". In that context,
it is perhaps easy to understand why the discussion around the version
number for the next major openSUSE Leap release has gone on for hundreds of
sometimes vitriolic messages. While this change is controversial, the
openSUSE board hopes that it
will lead to more rational versioning in the long term — but the world has a
way of interfering with such plans.
Security updates have been issued by Debian (botan1.10, mysql-5.5, and rtmpdump), Fedora (collectd, firefox, java-1.8.0-openjdk, libdwarf, nss-softokn, nss-util, and tigervnc), Red Hat (httpd24-httpd and python27), and SUSE (kernel).
The grsecurity project has announced
kernel-hardening patches will now be an entirely private affair.
"Today we are handing over future maintenance of grsecurity test
patches to the community. This makes grsecurity for Linux 4.9 the last
version Open Source Security Inc. will release to non-subscribers."
An email client was once a mandatory offering for any operating system, but
that may be changing. A discussion on the ubuntu-desktop mailing list
explores the choices for a default email client for Ubuntu 17.10, which is
due in October. One of the possibilities being considered is to not have a
default email client at all.
The Kali Linux 2017.1 rolling release is available
Kali is a Debian derivative aimed at penetration testing and related
tasks. This release includes support for RTL8812AU wireless card
injection, streamlined support for CUDA GPU cracking, OpenVAS 9 packaged in
Kali repositories, and more.
is available. "Linkerd a service mesh for cloud
native applications. As part of this release, we wanted to define what this
actually meant." Support for per-service router configuration has
been added, along with new plugin interfaces for policy control. (LWN looked at linkerd
in early April).
with the Bash Bunny
, a USB device for attacking computers.
"It can run anything a regular Debian Linux distro can run, such as
Python scripts or common Linux commands. To infiltrate other computing
devices, Bash Bunny can fake its identity as a trusted media device,
networking device, keyboard, or other serial device. For example, it can
load itself as a keyboard device and mimic keystrokes. You can download
dozens of existing payload scripts, create your own, or ask questions in a
fairly active user forum."
The Drupal content management system
(CMS) has been an open-source tool of choice for many web site owners for
well over a decade now. Over that time, it has been overseen by its
original developer, Dries Buytaert, who is often referred to as the
benevolent dictator for life (BDFL) for the project. Some recent events
have led a sizable contingent in the Drupal community to question his
leadership, however. A request that a prominent developer leave the Drupal
community, apparently over elements of his private life rather than any
Drupal-related misstep, has led to something of an outcry in that
community—it may well lead to a change in the governance of the project.
Security updates have been issued by Debian (activemq, libav, minicom, mysql-5.5, tiff3, and xen), Fedora (ansible, collectd, icu, and pcre), openSUSE (chromium and firefox), Red Hat (chromium-browser and kernel), Slackware (firefox), and Ubuntu (kernel, linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-lts-trusty, linux-lts-xenial, qemu, and samba).
If you're one of the few people still using FTP to access the Debian
repositories, the time has come to move on: FTP service will be shut down
at the beginning of November.
Collabora Office 5.3 has been released
with all the fixes and several backported features from the upstream
LibreOffice 5.3 release. "The biggest change in this release is the inclusion of a long list of new features, combined with many User Interface improvements, making Collabora Office more powerful and at the same time faster and more comfortable to work with."
The multiqueue block layer subsystem
introduced in 2013, was a necessary step for the kernel to scale to the fastest
storage devices on large systems. The implementation in current kernels is
incomplete, though, in that it lacks an I/O scheduler designed to work with
multiqueue devices. That gap is
currently set to be closed in the 4.12 development cycle when the kernel
will probably get not just one, but two new multiqueue I/O schedulers.