Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 37 min ago

Chapman: Unlocking my Lenovo laptop

5 hours 19 min ago
In a lengthy blog series (part 1, part 2, and part 3), Matthew Chapman described the process of getting a non-Lenovo battery to charge in his Thinkpad laptop. He reverse-engineered the authorization that real batteries do and changed the code in the embedded controller (EC) on the laptop to allow other batteries to charge. "I look in BIOS to see where these messages are coming from. Both this message and the original unauthorised battery message are displayed by LenovoVideoInitDxe.efi: don’t ask me why this code is in this module rather than somewhere more relevant (may I suggest LenovoAnnoyingBatteryMessageDxe.efi?), but it might have been convenient to put it in the video initialisation module as the message is displayed when the screen is cleared post-POST [Power-on self-test]." (Thanks to Neil Brown.)

D’Souza: Maru is open source!

5 hours 46 min ago
On the Maru blog, developer Preetam D’Souza has announced that the Maru project is now open source. Maru is a desktop system running on a smartphone, so that adding a display, keyboard, and mouse to a phone allows the user to run their desktop on the phone—and still be able to use the device as a phone. "I’ve gotta say, the open source community never ceases to amaze me. I’ve had emails from people asking if they can help test Maru on other devices on a Sunday. How many normal people do you know that willingly want to give up their Sundays to help test software? I’ve experienced this helpfulness time and time again, whether it was the speakers at open source conferences so willing to share their knowledge, or the folks on forums who were so keen to help out beginners like me. Maru would never have been possible without that spirit of openness."

[$] Winning the copyleft fight

9 hours 54 min ago
Bradley Kuhn started off his linux.conf.au 2016 talk by stating a goal that, he hoped, he shared with the audience: a world where more (or most) software is free software. The community has one key strategy toward that goal: copyleft licensing. He was there to talk about whether that strategy is working, and what can be done to make it more effective; the picture he painted was not entirely rosy, but there is hope if software developers are willing to make some changes.

Is the vinyl LP an open music format? (Opensource.com)

10 hours 8 min ago
Chris Hermansen looks at an early open music format—vinyl LP records—over at Opensource.com. He goes into some of the details of the format and how it is read, as well as a bit about ripping records using Linux. "Ok, so we just figured out that our stylus puts 136 times as much pressure on our records as our car puts on the pavement? That's crazy!!! Why doesn't the stylus completely destroy the record? Those alternate-Earth physicists and engineers are rolling on the floor now, clutching their bellies and gasping for breath... but here is the final straw. Despite the seemingly ridiculous or even impossible nature of the whole ensemble of components, a well-recorded vinyl LP played back with a decent turntable, tonearm, and cartridge sounds wonderful."

Friday's security updates

12 hours 36 min ago

Debian has updated libgcrypt20 (key leak) and nginx (three vulnerabilities).

Debian-LTS has updated eglibc (regression in previous security update).

Fedora has updated nodejs-is-my-json-valid (F22: denial of service) and python-pymongo (F23; F22: two vulnerabilities).

openSUSE has updated cacti (42.1; 13.2; 13.1: multiple vulnerabilities), cacti-spine (13.1: unspecified), and openssl (13.1: cipher downgrade).

Slackware has updated mozilla (14.1: unspecified).

Ubuntu has updated firefox (15.10, 14.04, 12.04: same-origin restriction bypass) and postgresql-9.1, postgresql-9.3, postgresql-9.4 (15.10, 14.04, 12.04: two vulnerabilities).

Security advisories for Thursday

Thursday 11th of February 2016 05:16:28 PM

Arch Linux has updated botan (three vulnerabilities).

Fedora has updated firebird (F23: denial of service), firefox (F23: denial of service), gsi-openssh (F23: privilege escalation), and php-PHPMailer (F23; F22: header injection).

openSUSE has updated flash-player (13.2; 13.1: multiple vulnerabilities), jasper (13.1: denial of service), and tiff (13.1: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL5&6: multiple vulnerabilities).

SUSE has updated java-1_6_0-ibm (SLE12; SLE11SP2: multiple vulnerabilities) and java-1_7_0-ibm (SLE11SP2: multiple vulnerabilities).

[$] LWN.net Weekly Edition for February 11, 2016

Thursday 11th of February 2016 01:22:53 AM
The LWN.net Weekly Edition for February 11, 2016 is available.

[$] A Linux-powered microwave oven

Wednesday 10th of February 2016 07:08:29 PM
Scratching an itch is a recurring theme in presentations at linux.conf.au. As the open-hardware movement gains strength, more and more of these itches relate to the physical world, not just the digital. David Tulloh used his presentation [WebM] on the “Linux Driven Microwave” to discuss how annoying microwave ovens can be and to describe his project to build something less irritating.

Click below (subscribers only) for the full report from Neil Brown.

Security advisories for Wednesday

Wednesday 10th of February 2016 05:06:40 PM

Arch Linux has updated kscreenlocker (restriction bypass).

CentOS has updated sos (C6: information leak).

Fedora has updated claws-mail (F22: stack-based buffer overflow), imlib2 (F22: denial of service), python-pillow (F23: denial of service), and webkitgtk4 (F22: multiple vulnerabilities).

Mageia has updated ffmpeg (multiple vulnerabilities), flash-player-plugin (multiple vulnerabilities), jasper (denial of service), and nettle (improper cryptographic calculations).

openSUSE has updated jasper (13.2: denial of service), krb5 (13.2: three vulnerabilities), and tiff (13.2: three vulnerabilities).

Oracle has updated sos (OL6: information leak).

Red Hat has updated openstack-swift (RHELOSP7: denial of service) and python-django (RHELOSP7; RHELOSP5 for RHEL7; RHELOSP5 for RHEL6: information disclosure).

Scientific Linux has updated sos (SL6: information leak).

SUSE has updated flash-player (SLE12-SP1; SLE11-SP4: multiple vulnerabilities) and java-1_7_1-ibm (SLE12-SP1; SLE11-SP4: multiple vulnerabilities).

Ubuntu has updated nginx (15.10, 14.04: denial of service).

SourceForge dumps DevShare

Wednesday 10th of February 2016 03:14:07 PM
The SourceForge hosting site has announced that it has a new owner (BIZX, LLC, along with Slashdot) and that it will be getting rid of the controversial DevShare program, which was covered here in 2013. "As of last week, the DevShare program was completely eliminated. The DevShare program delivered installer bundles as part of the download for participating projects. We want to restore our reputation as a trusted home for open source software, and this was a clear first step towards that. We’re more interested in doing the right thing than making extra short-term profit."

LibreOffice 5.1 released

Wednesday 10th of February 2016 02:54:38 PM
The LibreOffice 5.1 release is available. "LibreOffice 5.1's user interface has been completely reorganized, to provide faster and more convenient access to its most used features. A new menu has been added to each of the applications: Style (Writer), Sheet (Calc) and Slide (Impress and Draw). In addition, several icons and menu commands have been repositioned based on user preferences." See this page for (a little) more information and some videos.

The US government's "Cybersecurity National Action Plan"

Wednesday 10th of February 2016 12:12:31 AM
The Obama administration has put out a plan for how it would like to make the net a safer place. There are a lot of topics covered here; toward the end it also mentions that "the Government will work with organizations such as the Linux Foundation’s Core Infrastructure Initiative to fund and secure commonly used internet 'utilities' such as open-source software, protocols, and standards. Just as our roads and bridges need regular repair and upkeep, so do the technical linkages that allow the information superhighway to flow."

[$] Protecting systems with the TPM

Tuesday 9th of February 2016 09:41:35 PM
"TPM," said Matthew Garrett in his linux.conf.au 2016 talk, stands for "trusted platform module"; it is a tool that is meant to allow a system's owner to decide which software to trust. Some years ago, there was a lot of fear that the TPM would be used, instead, to take that decision away, to allow others to decide which software would be trusted to run on our systems; for that reason, some called "trusted computing" by the rather less complimentary name "treacherous computing." That scenario didn't come about, though, for a number of reasons, both technical and social. But we can still use the TPM for its original purpose; Matthew was there to talk about his work to bring about computing that we can trust.

Click below (subscribers only) for the full report from LCA 2016.

Tuesday's security updates

Tuesday 9th of February 2016 04:44:40 PM

Debian has updated qemu (multiple vulnerabilities), qemu (more vulnerabilities), qemu-kvm (multiple vulnerabilities), and wordpress (two vulnerabilities).

Debian-LTS has updated gajim (man-in-the-middle).

Mageia has updated mbedtls/hiawatha/belle-sip/linphone/pdns (code execution), openssl (man-in-the-middle), php (multiple vulnerabilities), privoxy (denial of service), and radicale (authentication bypass).

Red Hat has updated sos (RHEL6: information leak).

Slackware has updated curl (authentication bypass) and flac (multiple vulnerabilities).

SUSE has updated java-1_8_0-ibm (SLE12-SP1: multiple vulnerabilities) and rubygem-rails-html-sanitizer (SES2.1: multiple vulnerabilities).

Ubuntu has updated firefox (regression in previous update).

It’s Been 20 Years Since This Man Declared Cyberspace Independence (Wired)

Monday 8th of February 2016 11:40:04 PM
Wired talks with John Perry Barlow on the 20th anniversary of his Declaration of Independence of Cyberspace. "In the modern era of global NSA surveillance, China’s Great Firewall, and FBI agents trawling the dark Web, it’s easy to write off Barlow’s declaration as early dotcom-era hubris. But on his document’s 20th anniversary, Barlow himself wants to be clear: He stands by his words just as much today as he did when he clicked “send” in 1996."

Security advisories for Monday

Monday 8th of February 2016 06:11:04 PM

Arch Linux has updated lib32-libsndfile (multiple vulnerabilities) and libsndfile (multiple vulnerabilities).

Debian has updated polarssl (code execution) and tiff (multiple vulnerabilities).

Debian-LTS has updated eglibc (multiple vulnerabilities) and linux-2.6 (multiple vulnerabilities).

Fedora has updated claws-mail (F23: stack-based buffer overflow), nginx (F22: denial of service), and prosody (F23: insecure handling of dialback keys).

Mageia has updated cakephp (denial of service), cgit (three vulnerabilities), curl (authentication bypass), cyrus-imapd (two vulnerabilities), docker/golang (two vulnerabilities), gajim (man-in-the-middle), imlib2 (denial of service), java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix (multiple vulnerabilities), krb5 (three vulnerabilities), phpmyadmin/phpseclib (multiple vulnerabilities), and socat (man-in-the-middle).

openSUSE has updated curl (Leap42.1; 13.2; 13.1: authentication bypass), mariadb (Leap42.1; 13.2: multiple vulnerabilities), mysql (Leap42.1, 13.2; 13.1: multiple vulnerabilities), nginx (Leap42.1: denial of service), openssl (13.2: man-in-the-middle), php5 (Leap42.1: two vulnerabilities), phpMyAdmin (Leap42.1, 13.2: multiple vulnerabilities), rubygem-actionpack-3_2 (13.2: multiple vulnerabilities), rubygem-actionpack-4_2 (Leap42.1: multiple vulnerabilities), rubygem-rails-html-sanitizer (Leap42.1: multiple vulnerabilities), and phpmyadmin (13.1: multiple vulnerabilities).

Red Hat has updated openstack-swift (RHELOSP5 for RHEL6; RHELOSP5 for RHEL7; RHELOSP6 for RHEL7: denial of service) and python-django (RHELOSP6 for RHEL7: information disclosure).

SUSE has updated kernel (SLE11-SP3: multiple vulnerabilities).

Kernel prepatch 4.5-rc3

Monday 8th of February 2016 02:37:45 PM
The 4.5-rc3 kernel prepatch is out. "It's slightly bigger than I'd like, but not excessively so (and not unusually so). Most of the patches are pretty small, although the diff is utterly dominated by the (big) removal a couple of staging rdma drivers that just weren't going anywhere. Those removal patches are 90% of the bulk of the diff."

The rkt container manager reaches 1.0

Friday 5th of February 2016 10:49:50 PM

The CoreOS project has announced version 1.0 of its rkt container manager. As part of the release, rkt's command-line interface and on-disk format have been declared stable. The announcement also highlights a number of new security features, including "KVM-based container isolation, SELinux support, TPM integration, image signature validation, and privilege separation" and notes that rkt will run Docker images.

Friday's security updates

Friday 5th of February 2016 03:55:55 PM

Arch Linux has updated libbsd (denial of service).

Debian has updated krb5 (multiple vulnerabilities).

Fedora has updated nettle (F23: improper cryptographic calculations), salt (F22: information leak), and webkitgtk4 (F23: multiple vulnerabilities).

SUSE has updated MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (SLE12: multiple vulnerabilities) and MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (SLE11: multiple vulnerabilities).

First Ubuntu Touch Tablet Brings Convergence at Last (Linux.com)

Thursday 4th of February 2016 10:18:53 PM
Over at Linux.com, Eric Brown looks at the newly announced Ubuntu Touch tablet. The hardware: "The Aquaris M10 is equipped with a 64-bit, quad-core, Cortex-A53 MediaTek MT8163A system-on-chip clocked to 1.5GHz, along with a high-powered ARM Mali-T720 MP2 GPU. The tablet ships with 2GB of RAM, 16GB flash, and a microSD slot." It is said to have 1920x1200 resolution and an 8 megapixel camera capable of HD recording. The interface will change to take advantage of larger displays and additional input devices (e.g. keyboard, mouse). "It appears that the upcoming Ubuntu 16.04 “Xenial Xerus” LTS release due in April will be the first true convergence release. According to PC World, it will still be optional, however, with a traditional Unity 7 build with X.org available alongside the newly converged Unity 8 with the new Mir display server. The new tablet, and Unity 8, will feature Ubuntu Touch’s Scopes interface, which presents frequently used content and services as an alternative to traditional apps. In addition to automatically changing the interface in response to new screens and input devices, Ubuntu is also providing convergence on the application development level. Developers are already developing single apps that can automatically morph into desktop, phone, and tablet formats."

More in Tux Machines

Android Leftovers

Hands-On: More adventures with Manjaro-ARM for the Raspberry Pi 2

In my previous post I celebrated the announcement of Manjaro-ARM Linux for the Raspberry Pi 2. I installed it on my Pi 2 with no problems, and I was ready to continue experimenting and investigating with two major objectives - how complete/stable is it, and what are the chances of getting the i3 window manager working on it? Read more

Canonical Will Be Present at MWC 2016 to Showcase Its Ubuntu Convergence

MWC (Mobile World Congress) 2016 is almost upon us, and one of the biggest attraction there will be, of course, Canonical's latest Ubuntu convergence features, which the company behind the world's most popular free operating system will showcase on the new BQ Aquaris M10 Ubuntu Edition tablet device. Read more

Benchmarks Of The ODROID-C2 64-Bit ARM Development Board

Earlier this month Hardkernel announced the ODROID-C2 as a 64-bit ARM development board that would begin shipping in March. Fortunately, you don't need to wait until next month to find out how this $40 USD 64-bit ARM development board is performing: here are some benchmarks. Read more