Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 35 min ago

Jonathan Riddell forced out of Kubuntu

Wednesday 27th of May 2015 01:40:51 AM
Scott Kitterman has posted a series of emails around the the Ubuntu Community Council's decision to remove Jonathan Riddell as the leader of the Kubuntu project. He has also stated his intent to leave the Ubuntu community. "I also wish to extend my personal apology to the Kubuntu community for keeping this private for as long as we did. Generally, I don’t believe such an approach is consistent with our values, but I supported keeping it private in the hope that it would be easier to achieve a mutually beneficial resolution of the situation privately. Now that it’s clear that is not going to happen, I (and others in the KC) could not in good faith keep this private."

Trouble with the May 22 PostgreSQL update

Tuesday 26th of May 2015 09:45:04 PM
If you run PostgreSQL and have applied one of the updates that were released on May 22, it would be a good idea to read this page about an unfortunate bug in those releases. In some cases, the problem can cause the server to fail to restart after a crash. There is a new release in the works; meanwhile, a workaround is available.

The Moose is loose: Linux-based worm turns routers into social network bots (Ars Technica)

Tuesday 26th of May 2015 09:28:54 PM
Ars Technica takes a look at the latest malware threat. "A worm that targets cable and DSL modems, home routers, and other embedded computers is turning those devices into a proxy network for launching armies of fraudulent Instagram, Twitter, and Vine accounts as well as fake accounts on other social networks. The new worm can also hijack routers' DNS service to route requests to a malicious server, steal unencrypted social media cookies such as those used by Instagram, and then use those cookies to add "follows" to fraudulent accounts. This allows the worm to spread itself to embedded systems on the local network that use Linux-based operating systems. The malware, dubbed "Linux/Moose" by Olivier Bilodeau and Thomas Dupuy of the security firm ESET Canada Research, exploits routers open to connections from the Internet via Telnet by performing brute-force login attempts using default or common administrative credentials. Once connected, the worm installs itself on the targeted device."

Security advisories for Tuesday

Tuesday 26th of May 2015 04:53:19 PM

Arch Linux has updated nbd (denial of service), pgbouncer (denial of service), postgresql (multiple vulnerabilities), webkitgtk (information disclosure), and webkitgtk2 (information disclosure).

Debian has updated ipsec-tools (denial of service), nbd (denial of service), postgresql-9.1 (multiple vulnerabilities), postgresql-9.4 (multiple vulnerabilities), tiff (multiple vulnerabilities), and zendframework (multiple vulnerabilities).

Debian-LTS has updated ntfs-3g (privilege escalation).

Fedora has updated firefox (F22: multiple vulnerabilities), hostapd (F22: denial of service), java-1.8.0-openjdk (F22: file overwrites), kernel (F20: two vulnerabilities), libarchive (F21: denial of service), LibRaw (F22; F20: denial of service), mingw-LibRaw (F22; F22; F20: denial of service), openstack-glance (F22: access restriction bypass), php (F22: multiple vulnerabilities), php-ZendFramework2 (F22: CRLF injection), phpMyAdmin (F22: two vulnerabilities), qemu (F22; F20: code execution), quassel (F22: denial of service), suricata (F22: denial of service), thunderbird (F22: multiple vulnerabilities), wordpress (F22: cross-site scripting), and xen (F22; F21; F20: privilege escalation).

Mageia has updated chromium-browser-stable (multiple vulnerabilities) and kernel (memory corruption).

openSUSE has updated coreutils (13.2: multiple vulnerabilities), firefox (13.2, 13.1: multiple vulnerabilities), libraw (13.2, 13.1: denial of service), LibVNCServer (13.2: code execution), quassel (13.2, 13.1: SQL injection), thunderbird (13.2, 13.1: multiple vulnerabilities), and wireshark (13.2; 13.1: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities).

SUSE has updated KVM (SLES11SP2: code execution), MySQL (SLE11SP3: multiple vulnerabilities), and Xen (SLES11SP2; SLES11SP1; SLES10SP4: two vulnerabilities).

Ubuntu has updated kernel (14.04: denial of service), linux-lts-trusty (12.04: denial of service), and postgresql-9.1, postgresql-9.3, postgresql-9.4 (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

Fedora 22 released

Tuesday 26th of May 2015 02:15:57 PM
The Fedora 22 release is out. "If this release had a human analogue, it'd be Fedora 21 after it'd been to college, landed a good job, and kept its New Year's Resolution to go to the gym on a regular basis. What we're saying is that Fedora 22 has built on the foundation we laid with Fedora 21 and the work to create distinct editions of Fedora focused on the desktop, server, and cloud (respectively). It's not radically different, but there are a fair amount of new features coupled with features we've already introduced but have improved for Fedora 22." LWN's preview of Fedora 22 was published in the May 21 Weekly Edition.

The end for Mandriva

Tuesday 26th of May 2015 01:24:41 PM
An anonymous reader has pointed out that Mandriva is currently being liquidated (page in French). The company brought in €553,000 in 2013, but that is seemingly not enough to keep it going in 2015. It is a sad end for a company that has been pursuing the desktop Linux dream since 1998.

Kernel prepatch 4.1-rc5

Monday 25th of May 2015 03:45:09 AM
The fifth 4.1 prepatch is out for testing. "So we're on schedule for a normal 4.1 release, if it wasn't for the fact that the timing looks like the next merge window would hit our yearly family vacation. So we'll see how that turns out, I might end up delaying the release just to avoid that (or just delay opening the merge window)."

[$] A tale of two data-corruption bugs

Sunday 24th of May 2015 02:09:45 PM
There have been two bugs causing filesystem corruption in the news recently. One of them, a bug in ext4, has gotten the bulk of the attention, despite the fact that it is an old bug that is hard to trigger. The other, however, is recent and able to cause data loss on filesystems installed on a RAID 0 array. Both are interesting examples of how things can go wrong, and, thus, merit a closer look.

Nocera: iio-sensor-proxy 1.0 is out!

Friday 22nd of May 2015 10:08:09 PM

At his blog, Bastien Nocera announces the 1.0 release of iio-sensor-proxy, a framework for accessing the various environmental sensors (e.g., accelerometer, magnetometer, proximity, or ambient-light sensors) built in to recent laptops. The proxy is a daemon that listens to the Industrial I/O (IIO) subsystem and provides access to the sensor readings over D-Bus. As of right now, support for ambient-light sensors and accelerometers is working; other sensor types are in development. The current API is based on those used by Android and iOS, but may be expanded in the future. "For future versions, we'll want to export the raw accelerometer readings, so that applications, including games, can make use of them, which might bring up security issues. SDL, Firefox, WebKit could all do with being adapted, in the near future."

Friday's security updates

Friday 22nd of May 2015 02:52:08 PM

Arch Linux has updated chromium (multiple vulnerabilities).

Debian has updated chromium-browser (multiple vulnerabilities), fuse (privilege escalation), and ntfs-3g (privilege escalation).

SUSE has updated KVM (SLES11 SP1: multiple vulnerabilities), SUSE Manager Server 1.7 (SLE11 SP2: multiple vulnerabilities), and Xen (SLE11 SP3: multiple vulnerabilities).

Ubuntu has updated apport (two privilege escalation vulnerabilities), fuse (privilege escalation), ntfs-3g (privilege escalation), oxide-qt (14.04, 14.10, 15.04: multiple vulnerabilities), and python-dbusmock (14.04, 14.10, 15.04: code execution).

Announcing qboot, a minimal x86 firmware for QEMU

Thursday 21st of May 2015 03:57:11 PM
The announcement of Clear Containers (which guest author Arjan van de Ven described in an LWN article from this week) seems to have sparked some interesting work on QEMU that resulted in qboot: "a minimal x86 firmware that runs on QEMU and, together with a slimmed-down QEMU configuration, boots a virtual machine in 40 milliseconds on an Ivy Bridge Core i7 processor." Paolo Bonzini announced the project (code is available at git://github.com/bonzini/qboot.git), which is quite new: "The first commit to qboot is more or less 24 hours old, so there is definitely more work to do, in particular to extract ACPI tables from QEMU and present them to the guest. This is probably another day of work or so, and it will enable multiprocessor guests with little or no impact on the boot times. SMBIOS information is also available from QEMU."

Security advisories for Thursday

Thursday 21st of May 2015 02:32:20 PM

Debian has updated libmodule-signature-perl (multiple vulnerabilities).

Debian-LTS has updated dnsmasq (information disclosure).

Fedora has updated wordpress (F21; F20: three vulnerabilities).

Oracle has updated docker (OL7; OL6: multiple vulnerabilities).

Red Hat has updated java-1.5.0-ibm (RHEL5&6: multiple vulnerabilities, one from 2005) and java-1.7.1-ibm (RHEL6&7: multiple vulnerabilities, one from 2005).

SUSE has updated gstreamer-0_10-plugins-bad (SLE11SP3: code execution) and xen (SLE12: multiple vulnerabilities).

[$] LWN.net Weekly Edition for May 21, 2015

Thursday 21st of May 2015 12:48:33 AM
The LWN.net Weekly Edition for May 21, 2015 is available.

Security advisories for Wednesday

Wednesday 20th of May 2015 04:50:58 PM

Debian has updated icedove (multiple vulnerabilities), proftpd-dfsg (unauthenticated copying of files), and zendframework (multiple vulnerabilities).

Fedora has updated dovecot (F21; F20: denial of service), firefox (F20: multiple vulnerabilities), libtasn1 (F21: denial of service), php-ZendFramework2 (F21; F20: CRLF injection), and thunderbird (F20: multiple vulnerabilities).

Ubuntu has updated kernel (14.10; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: two vulnerabilities).

[$] PostgreSQL: the good, the bad, and the ugly

Wednesday 20th of May 2015 03:01:08 PM
The PostgreSQL development community is working toward the 9.5 release, currently planned for the third quarter of this year. Development activity is at peak levels as the planned feature freeze for this release approaches. While this activity is resulting in the merging of some interesting functionality, including the long-awaited "upsert" feature, it is also revealing some fault lines within the community. The fact that PostgreSQL lacks the review resources needed to keep up with its natural rate of change has been understood for years; many other projects suffer from the same problem. But the pressures on PostgreSQL seem to be becoming more acute, leading to concerns about fairness in the community and the durability of the project's cherished reputation for high-quality software.

20 years of Qt

Wednesday 20th of May 2015 01:26:03 PM
Lars Knoll marks the 20th anniversary of the Qt toolkit on the Qt blog. "From the beginning, Qt has been released with both open source and commercial licensing options. Over the years, we have worked on expanding this model, and nowadays, Qt is actually developed as an open source project. In this sense Qt is actually in a rather unique position, having a strong ecosystem with passionate people, as well as a commercial entity behind it, which backs up and funds most of the development."

How to Make Money from Open Source Platforms (Linux.com)

Tuesday 19th of May 2015 08:48:05 PM
Over at Linux.com, John Mark Walker examines why companies aren't making money on pure open source ventures. "It is not that there is no money in selling open source software, but rather that the business models have shifted. Whereas, under the old proprietary world, a larger percentage of money went to pure software vendors, now that money has spread among a larger spectrum of companies and industries; lots of people get paid to work on or with open source software, but an increasing number of them don’t work for software vendors, per se. In addition to looking in all the wrong places, the current investment model is suspicious of an open source approach. The vast majority of venture capitalists, especially in Silicon Valley, are very risk averse and shy away from open source products that, in their view, will not give as large a return on their investment. In order to secure the funding required to scale a company, investors will frequently require that the startup company include proprietary bits as tools to increase revenue and margins. These two factors - diffusion of revenue and risk-averse investors - combine to both give a false impression and, in part due to the false impression, prevent pure open source software vendors from getting funding."

Tuesday's security updates

Tuesday 19th of May 2015 04:40:47 PM

CentOS has updated thunderbird (C6; C5: multiple vulnerabilities).

Debian has updated kfreebsd-9 (denial of service) and xen (code execution).

Debian-LTS has updated commons-httpclient (multiple vulnerabilities) and ruby1.8 (man-in-the-middle attack).

Mageia has updated avidemux (multiple vulnerabilities), firefox, thunderbird, sqlite3 (multiple vulnerabilities), moodle (multiple vulnerabilities), php (multiple vulnerabilities), phpmyadmin (two vulnerabilities), and xbmc (denial of service).

openSUSE has updated clamav (13.2, 13.1: multiple vulnerabilities), docker (13.2: multiple vulnerabilities), and flash-player (13.2, 13.1: multiple vulnerabilities).

Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities).

Scientific Linux has updated thunderbird (SL5,6,7: multiple vulnerabilities).

Ubuntu has updated thunderbird (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

Goodbye, Pi. Hello, C.H.I.P. (Linux Journal)

Monday 18th of May 2015 08:03:39 PM
Linux Journal takes a look at the C.H.I.P. mini-computer, an open software and hardware device that comes with a Debian-based OS. "The official public release is scheduled for next year, but crowdfunding backers will be able to land a "Kernel Hacker" package this September. This package is aimed at Linux developers who want to help to contribute to kernel modifications for the C.H.I.P. before its final release."

Kernel prepatch 4.1-rc4

Monday 18th of May 2015 07:47:04 PM
Linus has released the 4.1-rc4 kernel prepatch, saying: "So here it is, last-minute fix and all. The -rc4 patch is a bit bigger than the previous ones, but that seems to be mainly due to normal random timing - just the fluctuation of when submaintainer trees get pushed."

More in Tux Machines

today's leftovers

  • Xfce Power Manager 1.5.0 Finally Ported to GTK3+
    Xfce's Power Manager was getting behind the times, but it has been updated and ported to GTK+ 3.14. As you can imagine, this is an important update, and it packs other changes as well.
  • There Are 140k Benchmark Results So Far On LinuxBenchmarking.com
    Yesterday data access to LinuxBenchmarking.com was opened, the public results viewer to the immense amount of test data -- primarily the Linux kernel, LLVM Clang, and GCC -- collected on a daily basis within the new server room. Here's some numbers behind it.
  • Interview with Andrei Rudenko
    When I became interested in Linux and open source. I found Krita, it had everything that I needed for a digital painting. For me it is important to repeat that feeling like you paint using traditional materials.
  • KDE Plasma 5.3.1 Is Out with Fix for "Show Desktop"
    The KDE Community has just revealed that Plasma 5.3.1, the desktop for the KDE project, has been made available, and it comes with a large number of changes and various small fixes.
  • Friction Building Around An Ubuntu Community Council Decision
    Scott Kitterman exposed the email exchanges today of the Ubuntu Community Council informing Jonathan Riddell that due to his aggressive, confrontational behavior towards some within the Ubuntu community and Canonical, he should step away from "all positions of leadership in the Ubuntu Community for at least 12 months." His leadership positions should be put aside for both Ubuntu and Kubuntu while he would be able to keep his upload/commit rights and still participate as a member of the Ubuntu community.
  • Reaffirmed on the Kubuntu Council
    I’d like to thank all the Kubuntu members who just voted to re-affirm me on the Kubuntu Council. Scott Kitterman’s blog post has a juicy details of the unprecedented and astonishing move by the Ubuntu Community Council asking me to step down as Kubuntu leader. I’ve never claimed to be a leader and never used or been given any such title so it’s a strange request without foundation and without following the normal channels documented of consultation or Code of Conduct reference.
  • Mark Shuttleworth, Ubuntu Community Council ask Kubuntu developer to step down as leader
    Friction between the lead Kubuntu developer Jonathan Riddell and Ubuntu reached extreme temperatures on Monday when the Ubuntu Community Council (UCC) asked Riddell to step down from the position of Kubuntu Leader.
  • The last planned Qt 4 release is here: Qt 4.8.7. Is your app runnning with Qt5?
  • Qt 4.8.7 Released with over 150 Improvements and Bug Fixes
    On May 26, the Qt Company, through Tuukka Turunen, had the great pleasure of announcing the immediate availability for download of the seventh maintenance release of Qt 4.8.
  • Qt 4.8.7 Released - Marks The End Of Qt4
    While Qt 5 has so many compelling advantages over Qt4, for those still running the older version of the Norwegian toolkit, version 4.8.7 of Qt4 is now available and it ships with tons of changes.
  • GNOME Disk Utility 3.17.2
    The GNOME Project released version 3.17.2 of Disks, better known as GNOME Disk Utility. This utility contains several significant improvements and new features, for example D-Bus is now activatable and the appearance of the volume grid has been refined.
  • Technology Is A Tool, Not A Learning Outcome
    Croatia is gaining in usage of GNU/Linux. That TFA was written shows the awareness of a lack of availability of IT. All that is needed to bridge the digital divide is for Croatian schools to catch up with and to exceed the rest of society in using GNU/Linux, the right way to do IT in education. Croatia needs to treble its IT in schools. That isn’t going to happen with Wintel. With FLOSS it is possible and can be done within a few years for no extra expenditure. With a little extra effort the change can be done in two years.
  • Gartner Reports Strong Chromebook Sales in Schools, Enterprises...Not So Much
    Gartner researchers report that worldwide Chromebook sales are set to reach 7.3 million units in 2015, a 27 percent jump from the 5.7 million units sold last year.
  • You might be surprised by how few businesses protect their Linux servers with antivirus
  • Alpine 3.2.0 Features MATE 1.10, Xfce 4.12, and Linux Kernel 3.18
    Natanael Copa has been happy to announce today, May 26, the immediate availability for download of the Alpine Linux 3.2.0 operating system, which includes several attractive new features.
  • Ubuntu 15.10 Wily Werewolf Started Updating The GNOME Packages To Version 3.16
    Canonical has added some of the GNOME 3.16 packages in their Ubuntu 15.10 Wily Werewolf system, but the changes will not be spotted by the regular user. The problem is not with the updated applications, but with an upgraded GTK version, which may really affect the system. Before implementing apps by default, Canonical patches them to work well with Unity, basic on the philosophy that an app that works well does not need to get updated.

Leftovers: Software

today's howtos

Leftovers: Gaming