Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 18 min 4 sec ago

The 2015 EFF Pioneer Awards

Friday 28th of August 2015 06:58:51 AM
The Electronic Frontier Foundation has announced the recipients of its Pioneer Awards for 2015: Caspar Bowden, The Citizen Lab, Annriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra. "This extraordinary group of winners have all focused on the users, striving to give everyone the access, power, community, and protection they need in order to create and participate in our digital world."

KDE Sprints - who wins? (KDE.News)

Thursday 27th of August 2015 11:21:06 PM
KDE.News looks at KDE sprints and their benefits. The organization is doing some fundraising to help support its sprints, so it is trying get the word out about these code-focused events: "To start with, KDE sprints are intensive sessions centered around coding. They take place in person over several days, during which time skillful developers eat, drink and sleep code. There are breaks to refresh and gain perspective, but mostly sprints involve hard, focused work. All of this developer time and effort is unpaid. However travel expenses for some developers are covered by KDE. KDE is a frugal organization with comparatively low administrative costs, and only one paid person who works part time. So the money donated for sprints goes to cover actual expenses. Who gets the money? Almost all of it goes to transportation companies."

Security updates for Thursday

Thursday 27th of August 2015 05:30:01 PM

Debian has updated php5 (multiple vulnerabilities).

Debian-LTS has updated pykerberos (authentication botch) and python-django (two vulnerabilities).

Fedora has updated mariadb (F21: unspecified).

Mageia has updated cgit (code execution from 2014).

Ubuntu has updated qemu, qemu-kvm (multiple vulnerabilities, including one from 2014).

Grsecurity stable patches to be limited to sponsors

Thursday 27th of August 2015 04:29:07 AM
The developers of the Grsecurity kernel-hardening patch set have announced that, due to claimed ongoing GPL and trademark violations, the public distribution of the "stable" series of patches will stop. "We decided that it is unfair to our sponsors that the above mentioned unlawful players can get away with their activity. Therefore, two weeks from now, we will cease the public dissemination of the stable series and will make it available to sponsors only. The test series, unfit in our view for production use, will however continue to be available to the public to avoid impact to the Gentoo Hardened and Arch Linux communities."

[$] LWN.net Weekly Edition for August 27, 2015

Thursday 27th of August 2015 12:34:46 AM
The LWN.net Weekly Edition for August 27, 2015 is available.

Security updates for Wednesday

Wednesday 26th of August 2015 04:10:47 PM

Arch Linux has updated gnutls (denial of service), jasper (denial of service), pcre (code execution), and python-django (denial of service).

CentOS has updated httpd (C7: two vulnerabilities) and mariadb (C7: multiple vulnerabilities).

Debian has updated twig (code execution).

Debian-LTS has updated ruby1.8 (information disclosure) and ruby1.9.1 (information disclosure).

Mageia has updated gnutls (MG4,5: two vulnerabilities), vlc (MG5: code execution), and wireshark (MG4,5: multiple vulnerabilities).

Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities).

Ubuntu has updated gdk-pixbuf (15.04, 14.04, 12.04: code execution).

[$] Reviving the Hershey fonts

Wednesday 26th of August 2015 12:16:29 AM

At the 2015 edition of TypeCon in Denver, Adobe's Frank Grießhammer presented his work reviving the famous Hershey fonts from the Mid-Century era of computing. The original fonts were tailor-made for early vector-based output devices but, although they have retained a loyal following (often as a historical curiosity), they have never before been produced as an installable digital font.

Go 1.5 released

Tuesday 25th of August 2015 09:06:07 PM
Version 1.5 of the Go language has been released. "This release includes significant changes to the implementation. The compiler tool chain was translated from C to Go, removing the last vestiges of C code from the Go code base. The garbage collector was completely redesigned, yielding a dramatic reduction [PDF] in garbage collection pause times. Related improvements to the scheduler allowed us to change the default GOMAXPROCS value (the number of concurrently executing goroutines) from 1 to the number of available CPUs. Changes to the linker enable distributing Go packages as shared libraries to link into Go programs, and building Go packages into archives or shared libraries that may be linked into or loaded by C programs (design doc)."

Happy 24th birthday, Linux kernel (Opensource.com)

Tuesday 25th of August 2015 07:58:03 PM
Opensource.com wishes Linux a happy 24th birthday, with a brief timeline of Linux history. "There's some debate in the Linux community as to whether we should be celebrating Linux's birthday today or on October 5 when the first public release was made, but Linus says he is O.K. with you celebrating either one, or both! So as we say happy birthday, let's take a quick look back at the years that have passed and how far we have come."

KDE Ships Plasma 5.4.0, Feature Release for August

Tuesday 25th of August 2015 07:33:33 PM
KDE has released Plasma 5.4 with some new features. "This release of Plasma brings many nice touches for our users such as much improved high DPI support, KRunner auto-completion and many new beautiful Breeze icons. It also lays the ground for the future with a tech preview of Wayland session available. We're shipping a few new components such as an Audio Volume Plasma Widget, monitor calibration tool and the User Manager tool comes out beta."

Tuesday's security updates

Tuesday 25th of August 2015 05:22:29 PM

CentOS has updated httpd (C6: denial of service) and nss (C5: two vulnerabilities).

Oracle has updated httpd (OL7; OL6: denial of service), mariadb (OL7: multiple unspecified vulnerabilities), and nss (OL5: two vulnerabilities).

Red Hat has updated httpd (RHEL7; RHEL6: HTTP request smuggling), httpd24-httpd (RHSCL2: multiple vulnerabilities), libunwind (RHELOSP6: buffer overflow), mariadb (RHEL7: multiple vulnerabilities), nss (RHEL5: two vulnerabilities), openstack-neutron (RHELOSP6: denial of service), openstack-swift (RHELOSP6; RHELOSP5: arbitrary object deletion), python-django (RHELOSP6; RHELOSP5: denial of service), python-django-horizon (RHELOSP6: cross-site scripting), python-keystoneclient (RHELOSP6; RHELOSP5: two vulnerabilities), qemu-kvm-rhev (RHELOSP6; RHELOSP5: information leak), redis (RHELOSP6: code execution), and thunderbird (RHEL5,6,7: multiple vulnerabilities).

Scientific Linux has updated httpd (SL7; SL6: denial of service), mariadb (SL7: multiple vulnerabilities), nss (SL5: two vulnerabilities), and thunderbird (SL5,6,7: multiple vulnerabilities).

Ubuntu has updated thunderbird (15.04, 14.04, 12.04: multiple vulnerabilities).

Ubuntu on the Mainframe: Interview with Canonical's Dustin Kirkland (Linux.com)

Monday 24th of August 2015 10:26:16 PM
Linux.com has an interview with Dustin Kirkland of Canonical's Ubuntu Product and Strategy team, about Ubuntu on the mainframe and more. "Canonical is doing a lot of different things in the enterprise space, to solve different problems. One of the interesting works going on at Canonical is Fan networking. We all know that the world is running out of IPv4 addresses (or already has). The obvious solution to this problem is IPv6, but it’s not universally available. Kirkland said, "There are still places where IPv6 doesn't exist -- little places like Amazon web services where you end up finding lots of containers." The problem multiplies as many instances in cloud need IP addresses. "Each of those instances can run hundreds of containers, each of those containers then needs to be addressable," said Kirkland."

Security advisories for Monday

Monday 24th of August 2015 04:39:38 PM

Debian-LTS has updated extplorer (cross-site scripting), roundup (multiple vulnerabilities), and wesnoth-1.8 (information leak).

Mageia has updated libcryptopp (MG4,5: information disclosure), mediawiki (MG4,5: multiple vulnerabilities), openssh (MG4,5: multiple vulnerabilities), php (MG5; MG4: multiple vulnerabilities), and x11-server (MG5: permission bypass).

openSUSE has updated wireshark (13.2: multiple vulnerabilities) and xfsprogs (13.2, 13.1: information disclosure).

Red Hat has updated rh-ruby22-ruby (RHSCL2: DNS hijacking).

Slackware has updated gnutls (denial of service).

SUSE has updated glibc (SLE11SP3,4: multiple vulnerabilities) and kvm (SLE11SP2: two vulnerabilities).

Kernel prepatch 4.2-rc8

Monday 24th of August 2015 08:01:23 AM
In the end, Linus decided to hold off one more week and release 4.2-rc8 instead of the final 4.2 kernel. "It's not like there are any real outstanding issues, and I waffled between just doing the release and doing another -rc. But we did have another low-level x86 issue come up this week, and together with the fact that a number of people are on vacation, I decided that waiting an extra week isn't going to hurt. But it was close. It's a fairly small rc8, and I really feel like it could have gone either way."

Mozilla: The Future of Developing Firefox Add-ons

Friday 21st of August 2015 04:58:11 PM
Mozilla has announced a significant set of changes for authors of Firefox add-ons. These include a new API (and the deprecation of XUL and XPCOM), a process-based sandboxing mechanism, mandatory signing of extensions, and more. "For our add-on development community, these changes will bring benefits, like greater cross-browser add-on compatibility, but will also require redevelopment of a number of existing add-ons. We’re making a big investment by expanding the team of engineers, add-on reviewers, and evangelists who work on add-ons and support the community that develops them. They will work with the community to improve and finalize the WebExtensions API, and will help developers of unsupported add-ons make the transition to newer APIs and multi-process support."

The bcachefs filesystem

Friday 21st of August 2015 04:43:20 PM
Kent Overstreet, author of the bcache block caching layer, has announced that bcache has metamorphosed into a fully featured copy-on-write filesystem. "Well, years ago (going back to when I was still at Google), I and the other people working on bcache realized that what we were working on was, almost by accident, a good chunk of the functionality of a full blown filesystem - and there was a really clean and elegant design to be had there if we took it and ran with it. And a fast one - the main goal of bcachefs to match ext4 and xfs on performance and reliability, but with the features of btrfs/zfs."

Security updates for Friday

Friday 21st of August 2015 03:52:48 PM

Fedora has updated pure-ftpd (F21: denial of service).

Red Hat has updated openshift (RHOSE3: privilege escalation).

SUSE has updated xen (SLE11SP1: two vulnerabilities).

Ubuntu has updated subversion (15.04, 14.04, 12.04: multiple vulnerabilities) and firefox (15.04, 14.04, 12.04: regression in previous update).

[$] Glibc wrappers for (nearly all) Linux system calls

Thursday 20th of August 2015 09:27:58 PM
The GNU C Library (glibc) is a famously conservative project. In the past, that conservatism created a situation where there is no way to directly call a number of Linux system calls from a glibc-using program. As glibc has relaxed a bit in recent years, its developers have started to reconsider adding wrapper functions for previously inaccessible system calls. But, as the discussion shows, adding these wrappers is still not as straightforward as one might think.

Security advisories for Thursday

Thursday 20th of August 2015 04:29:52 PM

Debian has updated conntrack (denial of service), openjdk-6 (multiple vulnerabilities), vlc (code execution), and zendframework (XML External Entity attack).

Debian-LTS has updated conntrack (denial of service).

Fedora has updated mariadb (F22: multiple vulnerabilities).

Red Hat has updated mariadb55-mariadb (RHSCL2: multiple vulnerabilities) and rh-mariadb100-mariadb (RHSCL2: multiple vulnerabilities).

SUSE has updated kvm (SLE11SP1: code execution).

Rkt 0.8 released

Wednesday 19th of August 2015 07:03:12 PM

Version 0.8 of the rkt container specification has been released. The changelog notes that this version adds support for running under the LKVM hypervisor and adds experimental support for user namespaces. Other features include improved integration with systemd and additional functional tests. An accompanying blog post goes into further detail for many of these new features.

More in Tux Machines

Ubuntu Kylin 15.10 Beta 1 Is Out with Updated Software Center, Linux Kernel 4.1 LTS

As part of the release of Ubuntu 15.10 (Wily Werewolf) Beta 1 for opt-in flavors, the Ubuntu Kylin team had the pleasure of announcing the immediate availability for download and testing of the first Beta build of the upcoming Ubuntu Kylin 15.10 distro. Read more Also: Kubuntu Wily Beta 1

Leftovers: Ubuntu

Croatian policy encourages open source adoption

Earlier this year, Croatian political party Sustainable Development of Croatia (ORaH) published a new policy that encourages the government to pursue open source solutions, addresses the dangers of vendor lock-in, and insists on open document standards. Best of all, they did it the open source way. Read more

Is Office 365 cheaper than OpenOffice and open source?

Indeed, Microsoft's marketing team published a press release recently saying Office 365 is about 80% cheaper compared to the open source office suite, OpenOffice - with the figures stemming from reports in Italy and the City Council of Pesaro. The Redmond giant claims that to roll out Open Office, Pesaro incurred a one off cost of about €300,000 and had lots of problems with document formatting. But equally how would you convince a public sector organisation to migrate to your cloud services instead of using 'expensive' open source software? The obvious way would be to present a case study from a similar organisation together with a well written report commissioned to an "independent" consultancy firm. At this point your future customer has all the data and justifications required to sign on the dotted line. And some journalists are now presenting this case as fact of Microsoft Office 365 being 80% more economical than open source alternatives. I would argue that this is an isolated case and the PR efforts by big technology vendors, like many other methods, are being used to trick private and public organisations into signing contracts based on data or claims that may be not completely true. Read more