Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 15 min ago

[$] Toward better CPU load estimation

Monday 11th of December 2017 11:33:19 PM
"Load tracking" refers to the kernel's attempts to track how much load each running process will put on the system's CPUs. Good load tracking can yield reasonable predictions about the near-future demands on the system; those, in turn, can be used to optimize the placement of processes and the selection of CPU-frequency parameters. Obviously, poor load tracking will lead to less-than-optimal results. While achieving perfection in load tracking seems unlikely for now, it appears that it is possible to to do better than current kernels do. The utilization estimation patch set from Patrick Bellasi is the latest in a series of efforts to make the scheduler's load tracking work well with a wider variety of workloads.

Artifex and Hancom Reach Settlement Over Ghostscript Open Source Dispute

Monday 11th of December 2017 09:10:07 PM
Artifex Software, Inc. and Hancom, Inc. have announced a confidential agreement to settle their legal dispute. The case filed by Artifex concerned the use of Artifex’s GPL licensed Ghostscript in Hancom's office product. "While the parties had their differences in the interpretation of the open source license, the companies were able to reach an amicable resolution based on their mutual respect for and recognition of the copyright protection and the open source philosophy."

Elisa 0.0.80 Released

Monday 11th of December 2017 07:07:52 PM
A very early alpha version of the Elisa music player has been released. "Elisa allows to browse music by album, artist or all tracks. The music is indexed using either a private indexer or an indexer using Baloo. The private one can be configured to scan music on chosen paths. The Baloo one is much faster because Baloo is providing all needed data from its own database. You can build and play your own playlist."

Debian stable releases

Monday 11th of December 2017 04:35:33 PM
The Debian project has released updates to oldstable "jessie" and stable "stretch". Debian 9.3 "stretch" and Debian 8.10 "jessie" are available with the usual set of corrections for security issues and adjustments for serious problems.

Four stable kernel updates

Monday 11th of December 2017 04:20:11 PM
Stable kernels 4.14.5, 4.9.68, 4.4.105, and 3.18.87 have been released. They all contain important fixes and users should upgrade.

Security updates for Monday

Monday 11th of December 2017 04:12:44 PM
Security updates have been issued by CentOS (postgresql), Debian (firefox-esr, kernel, libxcursor, optipng, thunderbird, wireshark, and xrdp), Fedora (borgbackup, ca-certificates, collectd, couchdb, curl, docker, erlang-jiffy, fedora-arm-installer, firefox, git, linux-firmware, mupdf, openssh, thunderbird, transfig, wildmidi, wireshark, xen, and xrdp), Mageia (firefox and optipng), openSUSE (erlang, libXfont, and OBS toolchain), Oracle (kernel), Slackware (openssl), and SUSE (kernel and OBS toolchain).

Kernel prepatch 4.15-rc3

Monday 11th of December 2017 02:36:34 AM
The 4.15-rc3 kernel prepatch is out. "I'm not thrilled about how big the early 4.15 rc's are, but rc3 is often the biggest rc because it's still fairly early in the calming-down period, and yet people have had some time to start finding problems. That said, this rc3 is big even by rc3 standards. Not good." 489 changesets were merged since 4.15-rc2.

Let's Encrypt looks forward to 2018

Friday 8th of December 2017 08:51:09 PM
The Let's Encrypt project, working to encrypt as much web traffic as possible, looks forward to the coming year. "First, we’re planning to introduce an ACME v2 protocol API endpoint and support for wildcard certificates along with it. Wildcard certificates will be free and available globally just like our other certificates. We are planning to have a public test API endpoint up by January 4, and we’ve set a date for the full launch: Tuesday, February 27."

Fedora council elections canceled

Friday 8th of December 2017 08:24:09 PM
The Fedora Project's currently underway elections for the Fedora Council, FESCo, and the Mindshare committee have been canceled due to some glitches in making the interview material available. The project plans to get its act together and retry the elections in early January.

Security updates for Friday

Friday 8th of December 2017 03:20:48 PM
Security updates have been issued by Arch Linux (chromium and vlc), Debian (erlang), Mageia (ffmpeg, tor, and wireshark), openSUSE (chromium, opensaml, openssh, openvswitch, and php7), Oracle (postgresql), Red Hat (chromium-browser, postgresql, rh-postgresql94-postgresql, rh-postgresql95-postgresql, and rh-postgresql96-postgresql), SUSE (firefox, java-1_6_0-ibm, opensaml, and xen), and Ubuntu (kernel, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-azure, linux-gcp, linux-hwe, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync).

[$] Kernel support for HDCP

Thursday 7th of December 2017 11:18:13 PM
High-bandwidth Digital Content Protection (or HDCP) is an Intel-designed copy-protection mechanism for video and audio streams. It is a digital rights management (DRM) system of the type disliked by many in the Linux community. But does that antipathy mean that Linux should not support HDCP? That question is being answered — probably in favor of support — in a conversation underway on the kernel mailing lists.

Is blockchain a security topic? (Opensource.com)

Thursday 7th of December 2017 09:40:56 PM
At Opensource.com, Mike Bursell looks at blockchain security from the angle of trust. Unlike cryptocurrencies, which are pseudonymous typically, other kinds of blockchains will require mapping users to real-life identities; that raises the trust issue. "What's really interesting is that, if you're thinking about moving to a permissioned blockchain or distributed ledger with permissioned actors, then you're going to have to spend some time thinking about trust. You're unlikely to be using a proof-of-work system for making blocks—there's little point in a permissioned system—so who decides what comprises a "valid" block that the rest of the system should agree on? Well, you can rotate around some (or all) of the entities, or you can have a random choice, or you can elect a small number of über-trusted entities. Combinations of these schemes may also work. If these entities all exist within one trust domain, which you control, then fine, but what if they're distributors, or customers, or partners, or other banks, or manufacturers, or semi-autonomous drones, or vehicles in a commercial fleet? You really need to ensure that the trust relationships that you're encoding into your implementation/deployment truly reflect the legal and IRL [in real life] trust relationships that you have with the entities that are being represented in your system. And the problem is that, once you've deployed that system, it's likely to be very difficult to backtrack, adjust, or reset the trust relationships that you've designed."

Security updates for Thursday

Thursday 7th of December 2017 02:00:07 PM
Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, kernel, liblouis, qemu-kvm, sssd, and thunderbird), Debian (heimdal and nova), openSUSE (shibboleth-sp), Oracle (java-1.7.0-openjdk), Red Hat (Red Hat OpenShift Enterprise), Scientific Linux (openafs), SUSE (kernel), and Ubuntu (rsync).

[$] LWN.net Weekly Edition for December 7, 2017

Thursday 7th of December 2017 12:12:52 AM
The LWN.net Weekly Edition for December 7, 2017 is available.

[$] Mozilla releases tools and data for speech recognition

Wednesday 6th of December 2017 10:54:32 PM

Voice computing has long been a staple of science fiction, but it has only relatively recently made its way into fairly common mainstream use. Gadgets like mobile phones and "smart" home assistant devices (e.g. Amazon Echo, Google Home) have brought voice-based user interfaces to the masses. The voice processing for those gadgets relies on various proprietary services "in the cloud", which generally leaves the free-software world out in the cold. There have been FOSS speech-recognition efforts over the years, but Mozilla's recent announcement of the release of its voice-recognition code and voice data set should help further the goal of FOSS voice interfaces.

[$] Who should see Python deprecation warnings?

Wednesday 6th of December 2017 08:43:46 PM
As all Python developers discover sooner or later, Python is a rapidly evolving language whose community occasionally makes changes that can break existing programs. The switch to Python 3 is the most prominent example, but minor releases can include significant changes as well. The CPython interpreter can emit warnings for upcoming incompatible changes, giving developers time to prepare their code, but those warnings are suppressed and invisible by default. Work is afoot to make them visible, but doing so is not as straightforward as it might seem.

[$] Container IDs for the audit subsystem

Wednesday 6th of December 2017 05:56:31 PM

Linux containers are something of an amorphous beast, at least with respect to the kernel. There are lots of facilities that the kernel provides (namespaces, control groups, seccomp, and so on) that can be composed by user-space tools into containers of various shapes and colors; the kernel is blissfully unaware of how user space views that composition. But there is interest in having the kernel be more aware of containers and for it to be able to distinguish what user space considers to be a single container. One particular use case for the kernel managing container identifiers is the audit subsystem, which needs unforgeable IDs for containers that can be associated with audit trails.

Announcing sources.debian.org

Wednesday 6th of December 2017 04:18:45 PM
The Debian project has announced the launch of sources.debian.org, a site that enables browsing of the source code for every package shipped with the Debian distribution. "You may already know this service as previously hosted at sources.debian.net . We took the move to Debian hardware as the opportunity to officially announce it here."

Security updates for Wednesday

Wednesday 6th of December 2017 04:12:26 PM
Security updates have been issued by CentOS (samba4), Mageia (libxcursor and libxfont/libxfont2), openSUSE (exim, GraphicsMagick, graphviz, pdns, and pdns-recursor), Oracle (firefox and liblouis), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), SUSE (firefox, shibboleth-sp, and xen), and Ubuntu (linux-firmware).

[$] Trying Tryton

Tuesday 5th of December 2017 10:56:07 PM
The quest to find a free-software replacement for the QuickBooks accounting tool continues. In this episode, your editor does his best to put Tryton through its paces. Running Tryton proved to be a trying experience, though; this would not appear to be the accounting tool we are searching for.

More in Tux Machines

Spaceman Shuttleworth Finds Earthly Riches With Ubuntu Software

He’s best known for being the world’s first “Afronaut,” but since returning to Earth from his 2002 trip on Russia’s Soyuz TM-34 rocket ship, Cape Town native Mark Shuttleworth set about with the conquest of a much more lucrative universe: the internet-of-things. Shuttleworth created Ubuntu, an open-source Linux operating system that helps connect everything from drones to thermostats to the internet. His company, Canonical Group Ltd., makes money from about 800 paying customers, including Netflix Inc., Tesla Inc. and Deutsche Telekom AG, which pay for support services. Its success has helped boost his net worth to $1 billion, according to the Bloomberg Billionaires Index. “It’s destructive to be too focused on that,” Shuttleworth said of his wealth in an interview at Bloomberg’s office in Boston. “It’s just a distraction from whether you have your finger on the pulse of what’s next.” Read more Also:

  • Rocket.chat communication platform enables simplicity through snaps
    Created in Brazil, Rocket.Chat provides an open source chat solution for organisations of all sizes around the world. Built on open source values and a love of efficiency, Rocket.Chat is driven by a community of contributors and has seen adoption in all aspects of business and education. As Rocket.Chat has evolved, it has been keen to get its platform into the hands of as many users as possible without the difficulties of installation often associated with bespoke Linux deployments.
  • The Silph Road embraces cloud and containers with Canonical
    The Silph Road is the premier grassroots network for Pokémon GO players around the world offering research, tools, and resources to the largest Pokémon GO community worldwide, with up to 400,000 visitors per day Operating a volunteer-run, community network with up to 400,000 daily visitors is no easy task especially in the face of massive and unpredictable demand spikes, and with developers spread all over the world.With massive user demand and with volunteer developers located all over the world, The Silph Road’s operations must be cost-effective, flexible, and scalable. This led the Pokémon GO network first to cloud, and then to containers and in both cases Canonical ’s technology was the answer.

How to Install Arch Linux

Installing Arch Linux could be a tidious and tricky task. Here's how to do it the right way. Read more

Turi as FOSS

  • Fruit of an acquisition: Apple AI software goes open
    Apple's joined other juggernauts of the tech sector by releasing an open source AI framework. Turi Create 4.0, which landed at GitHub recently, is a fruit of its 2016 US$200 million acquisition of Turi. As the GitHub description explains, it targets app developers that want custom machine learning models but don't have the expertise to “add recommendations, object detection, image classification, image similarity or activity classification” to their apps.
  • Apple Releases Turi ML Software as Open Source
    Apple last week released Turi Create, an open source package that it says will make it easy for mobile app developers to infuse machine learning into their products with just a few lines of code. “You don’t have to be a machine learning expert to add recommendations, object detection, image classification, image similarity, or activity classification to your app,” the company says in the GitHub description for Turi Create. “Focus on tasks instead of algorithms.”

Security: Patch Management, Windows Keyloggers, and Fingerprinting MySQL

  • Open Source Patch Management: Options for DIYers [Ed: "Linux comes with patch management," it says, which defeats much of the point of this article...]
    CVE-2017-5638 is the code vulnerability that will long live in the corporate memory of Equifax, the credit ratings agency. A simple patch management system might have kept that vulnerability from turning into one of the most high-profile data breaches in recent memory. CVE-2017-5638 is a remote code execution bug that affects the Jakarta Multipart parser in Apache Struts, an open source application framework for developing Java EE web applications. Remote code execution bugs are generally extremely serious, and for that reason, when the vulnerability was discovered, the Apache Foundation recommended that any developers or users of affected versions of Struts upgrade to later versions that had been patched to close the vulnerability.
  • HP laptops found to have hidden keylogger

    HP said more than 460 models of laptop were affected by the "potential [sic] security vulnerability".

    [...]

    In May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.

  • Fingerprinting MySQL with scannerl

    The goal here is to identify the version of MySQL running on a remote host.