Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 39 min ago

Security updates for Tuesday

5 hours 35 min ago
Security updates have been issued by Debian (chromium-browser, evince, pdns-recursor, and simplesamlphp), Fedora (ceph, dhcp, erlang, exim, fedora-arm-installer, firefox, libvirt, openssh, pdns-recursor, rubygem-yard, thunderbird, wordpress, and xen), Red Hat (rh-mysql57-mysql), SUSE (kernel), and Ubuntu (openssl).

Nottingham: Internet protocols are changing

6 hours 30 min ago
Worth a read: this APNIC blog entry from Mark Nottingham on the near-term evolution of various Internet protocols. "The newest change on the horizon is DOH — DNS over HTTP. A significant amount of research has shown that networks commonly use DNS as a means of imposing policy (whether on behalf of the network operator or a greater authority). Circumventing this kind of control with encryption has been discussed for a while, but it has a disadvantage (at least from some standpoints) — it is possible to discriminate it from other traffic; for example, by using its port number to block access. DOH addresses that by piggybacking DNS traffic onto an existing HTTP connection, thereby removing any discriminators."

[$] Toward better CPU load estimation

Monday 11th of December 2017 11:33:19 PM
"Load tracking" refers to the kernel's attempts to track how much load each running process will put on the system's CPUs. Good load tracking can yield reasonable predictions about the near-future demands on the system; those, in turn, can be used to optimize the placement of processes and the selection of CPU-frequency parameters. Obviously, poor load tracking will lead to less-than-optimal results. While achieving perfection in load tracking seems unlikely for now, it appears that it is possible to do better than current kernels do. The utilization estimation patch set from Patrick Bellasi is the latest in a series of efforts to make the scheduler's load tracking work well with a wider variety of workloads.

Artifex and Hancom Reach Settlement Over Ghostscript Open Source Dispute

Monday 11th of December 2017 09:10:07 PM
Artifex Software, Inc. and Hancom, Inc. have announced a confidential agreement to settle their legal dispute. The case filed by Artifex concerned the use of Artifex’s GPL licensed Ghostscript in Hancom's office product. "While the parties had their differences in the interpretation of the open source license, the companies were able to reach an amicable resolution based on their mutual respect for and recognition of the copyright protection and the open source philosophy."

Elisa 0.0.80 Released

Monday 11th of December 2017 07:07:52 PM
A very early alpha version of the Elisa music player has been released. "Elisa allows to browse music by album, artist or all tracks. The music is indexed using either a private indexer or an indexer using Baloo. The private one can be configured to scan music on chosen paths. The Baloo one is much faster because Baloo is providing all needed data from its own database. You can build and play your own playlist."

Debian stable releases

Monday 11th of December 2017 04:35:33 PM
The Debian project has released updates to oldstable "jessie" and stable "stretch". Debian 9.3 "stretch" and Debian 8.10 "jessie" are available with the usual set of corrections for security issues and adjustments for serious problems.

Four stable kernel updates

Monday 11th of December 2017 04:20:11 PM
Stable kernels 4.14.5, 4.9.68, 4.4.105, and 3.18.87 have been released. They all contain important fixes and users should upgrade.

Security updates for Monday

Monday 11th of December 2017 04:12:44 PM
Security updates have been issued by CentOS (postgresql), Debian (firefox-esr, kernel, libxcursor, optipng, thunderbird, wireshark, and xrdp), Fedora (borgbackup, ca-certificates, collectd, couchdb, curl, docker, erlang-jiffy, fedora-arm-installer, firefox, git, linux-firmware, mupdf, openssh, thunderbird, transfig, wildmidi, wireshark, xen, and xrdp), Mageia (firefox and optipng), openSUSE (erlang, libXfont, and OBS toolchain), Oracle (kernel), Slackware (openssl), and SUSE (kernel and OBS toolchain).

Kernel prepatch 4.15-rc3

Monday 11th of December 2017 02:36:34 AM
The 4.15-rc3 kernel prepatch is out. "I'm not thrilled about how big the early 4.15 rc's are, but rc3 is often the biggest rc because it's still fairly early in the calming-down period, and yet people have had some time to start finding problems. That said, this rc3 is big even by rc3 standards. Not good." 489 changesets were merged since 4.15-rc2.

Let's Encrypt looks forward to 2018

Friday 8th of December 2017 08:51:09 PM
The Let's Encrypt project, working to encrypt as much web traffic as possible, looks forward to the coming year. "First, we’re planning to introduce an ACME v2 protocol API endpoint and support for wildcard certificates along with it. Wildcard certificates will be free and available globally just like our other certificates. We are planning to have a public test API endpoint up by January 4, and we’ve set a date for the full launch: Tuesday, February 27."

Fedora council elections canceled

Friday 8th of December 2017 08:24:09 PM
The Fedora Project's currently underway elections for the Fedora Council, FESCo, and the Mindshare committee have been canceled due to some glitches in making the interview material available. The project plans to get its act together and retry the elections in early January.

Security updates for Friday

Friday 8th of December 2017 03:20:48 PM
Security updates have been issued by Arch Linux (chromium and vlc), Debian (erlang), Mageia (ffmpeg, tor, and wireshark), openSUSE (chromium, opensaml, openssh, openvswitch, and php7), Oracle (postgresql), Red Hat (chromium-browser, postgresql, rh-postgresql94-postgresql, rh-postgresql95-postgresql, and rh-postgresql96-postgresql), SUSE (firefox, java-1_6_0-ibm, opensaml, and xen), and Ubuntu (kernel, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-azure, linux-gcp, linux-hwe, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync).

[$] Kernel support for HDCP

Thursday 7th of December 2017 11:18:13 PM
High-bandwidth Digital Content Protection (or HDCP) is an Intel-designed copy-protection mechanism for video and audio streams. It is a digital rights management (DRM) system of the type disliked by many in the Linux community. But does that antipathy mean that Linux should not support HDCP? That question is being answered — probably in favor of support — in a conversation underway on the kernel mailing lists.

Is blockchain a security topic? (Opensource.com)

Thursday 7th of December 2017 09:40:56 PM
At Opensource.com, Mike Bursell looks at blockchain security from the angle of trust. Unlike cryptocurrencies, which are pseudonymous typically, other kinds of blockchains will require mapping users to real-life identities; that raises the trust issue. "What's really interesting is that, if you're thinking about moving to a permissioned blockchain or distributed ledger with permissioned actors, then you're going to have to spend some time thinking about trust. You're unlikely to be using a proof-of-work system for making blocks—there's little point in a permissioned system—so who decides what comprises a "valid" block that the rest of the system should agree on? Well, you can rotate around some (or all) of the entities, or you can have a random choice, or you can elect a small number of über-trusted entities. Combinations of these schemes may also work. If these entities all exist within one trust domain, which you control, then fine, but what if they're distributors, or customers, or partners, or other banks, or manufacturers, or semi-autonomous drones, or vehicles in a commercial fleet? You really need to ensure that the trust relationships that you're encoding into your implementation/deployment truly reflect the legal and IRL [in real life] trust relationships that you have with the entities that are being represented in your system. And the problem is that, once you've deployed that system, it's likely to be very difficult to backtrack, adjust, or reset the trust relationships that you've designed."

Security updates for Thursday

Thursday 7th of December 2017 02:00:07 PM
Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, kernel, liblouis, qemu-kvm, sssd, and thunderbird), Debian (heimdal and nova), openSUSE (shibboleth-sp), Oracle (java-1.7.0-openjdk), Red Hat (Red Hat OpenShift Enterprise), Scientific Linux (openafs), SUSE (kernel), and Ubuntu (rsync).

[$] LWN.net Weekly Edition for December 7, 2017

Thursday 7th of December 2017 12:12:52 AM
The LWN.net Weekly Edition for December 7, 2017 is available.

[$] Mozilla releases tools and data for speech recognition

Wednesday 6th of December 2017 10:54:32 PM

Voice computing has long been a staple of science fiction, but it has only relatively recently made its way into fairly common mainstream use. Gadgets like mobile phones and "smart" home assistant devices (e.g. Amazon Echo, Google Home) have brought voice-based user interfaces to the masses. The voice processing for those gadgets relies on various proprietary services "in the cloud", which generally leaves the free-software world out in the cold. There have been FOSS speech-recognition efforts over the years, but Mozilla's recent announcement of the release of its voice-recognition code and voice data set should help further the goal of FOSS voice interfaces.

[$] Who should see Python deprecation warnings?

Wednesday 6th of December 2017 08:43:46 PM
As all Python developers discover sooner or later, Python is a rapidly evolving language whose community occasionally makes changes that can break existing programs. The switch to Python 3 is the most prominent example, but minor releases can include significant changes as well. The CPython interpreter can emit warnings for upcoming incompatible changes, giving developers time to prepare their code, but those warnings are suppressed and invisible by default. Work is afoot to make them visible, but doing so is not as straightforward as it might seem.

[$] Container IDs for the audit subsystem

Wednesday 6th of December 2017 05:56:31 PM

Linux containers are something of an amorphous beast, at least with respect to the kernel. There are lots of facilities that the kernel provides (namespaces, control groups, seccomp, and so on) that can be composed by user-space tools into containers of various shapes and colors; the kernel is blissfully unaware of how user space views that composition. But there is interest in having the kernel be more aware of containers and for it to be able to distinguish what user space considers to be a single container. One particular use case for the kernel managing container identifiers is the audit subsystem, which needs unforgeable IDs for containers that can be associated with audit trails.

Announcing sources.debian.org

Wednesday 6th of December 2017 04:18:45 PM
The Debian project has announced the launch of sources.debian.org, a site that enables browsing of the source code for every package shipped with the Debian distribution. "You may already know this service as previously hosted at sources.debian.net . We took the move to Debian hardware as the opportunity to officially announce it here."

More in Tux Machines

Linux Foundation News

  • Juniper Networks Reinforces Longstanding Commitment to Open Source by Moving OpenContrail's Codebase to the Linux Foundation
    Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, today further bolstered its support for open standards during its annual NXTWORK user conference, by announcing its intent to move the codebase for OpenContrail™, an open-source network virtualization platform for the cloud, to the Linux Foundation. Juniper first released its Juniper® Contrail® products as open sourced in 2013 and built a vibrant user and developer community around this project. Earlier this year, Juniper expanded the project's governance, creating an even more open, community-led effort to strengthen the project for its next growth phase. Adding OpenContrail's codebase to the Linux Foundation's networking projects will further its objective to grow the use of open source platforms in cloud ecosystems.
  • Hyperledger Hub Supports Open Source Blockchain Development
    Hyperledger is a global blockchain collaboration hub created and hosted by nonprofit The Linux Foundation. Its members are leaders in finance, banking, the Internet of Things, supply chains, manufacturing and technology. Now two years in, Hyperledger compares closely to the Ethereum Enterprise Alliance. Hyperledger is a hub for communities of software developers building blockchain frameworks and platforms. These developers, on the other hand, are a mix of individuals and teams from organizations around the world.
  • Linux Foundation Continues to Emphasize Diversity and Inclusiveness at Events
    This has been a pivotal year for Linux Foundation events. Our largest gatherings, which include Open Source Summit, Embedded Linux Conference, KubeCon + CloudNativeCon, Open Networking Summit, and Cloud Foundry Summit, attracted a combined 25,000 people from 4,500 different organizations globally. Attendance was up 25 percent over 2016. Linux Foundation events are often the only time that developers, maintainers, and other pros who contribute to Linux and other critical open source projects — like AGL, Kubernetes and Hyperledger to name a few — get together in person. Face-to-face meetings are crucial because they speed collaboration, engagement and innovation, improving the sustainability of projects over time.  

today's leftovers

  • Personal Backups with Duplicati on Linux
  • Flatpak'ed Epiphany Browser Becomes More Useful
    Epiphany 3.27.3 was released this morning as the newest release of GNOME's web browser in the road to the GNOME 3.28 stable desktop debut next March.
  • BlackArch 2017.12.11
    Today we released new BlackArch Linux ISOs. For details see the ChangeLog below. Here's the ChangeLog: update blackarch-installer to version 0.6.2 (most important change) included kernel 4.14.4 updated lot's of blackarch tools and packages updated all blackarch tools and packages updated all system packages bugfix release! (see blackarch-installer)
  • Latest Linux Distribution Releases (The Always Up-to-date List)
  • Mining cryptocurrency with Raspberry Pi and Storj
    I'm always looking for ways to map hot technologies to fun, educational classroom use. One of the most interesting, and potentially disruptive, technologies over the past few years is cryptocurrencies. In the early days, one could profitably mine some of the most popular cryptocurrencies, like Bitcoin, using a home PC. But as cryptocurrency mining has become more popular, thanks in part to dedicated mining hardware, the algorithms governing it have boosted computational complexity, making home PC mining often impractical, unprofitable, and environmentally unwise.
  • Huawei Collaborated with the Developers of Phoenix OS for the Mate 10’s Easy Projection Feature
    Though the company has virtually no presence in the United States, Huawei is a top 3 smartphone manufacturer in the world. Its subsidiary, Honor, aims to penetrate the Indian market with budget smartphones. Elsewhere, Huawei recently launched the Huawei Mate 10 and Mate 10 Pro in several markets around the world, and rumors have it the device will launch in the United States as well. Apart from the AI features powered by the company’s HiSilicon Kirin 970 SoC, one of the company’s most publicized features is Easy Projection. While not as powerful as Samsung DeX, it brings a desktop OS-like experience without needing to purchase an expensive accessory. Huawei is pushing the feature on its flagship devices, though there’s something about Easy Projection that hasn’t really been mentioned in the press yet. Behind Huawei’s Easy Projection feature is a relatively unheard of player—Beijing Chaozhuo Technology, developers of Phoenix OS.
  • Namaste ! (on the road to Swatantra 2017)
    I’ll have the pleasure to give a talk about GCompris, and another one about Synfig studio. It’s been a long time since I didn’t talk about the latter, but since Konstantin Dmitriev and the Morevna team were not available, I’ll do my best to represent Synfig there.
  • #PeruRumboGSoC2018 – Session 4
    We celebrated yesterday another session of the local challenge 2017-2 “PeruRumboGSoC2018”. It was held at the Centro Cultural Pedro Paulet of FIEE UNI. GTK on C was explained during the fisrt two hours of the morning based on the window* exercises from my repo to handle some widgets such as windows, label and buttons.
  • Chrome 63 revamps Bookmark Manager w/ Material Design on Mac, Windows, Linux, Chrome OS
    Chrome 63 began rolling out to Android and desktop browsers last week with the usual security fixes and new developer features. On the latter platform, this update introduces Material Design to the Bookmark Manager. Several versions ago, Google began updating various aspects of the browser with Material Design, including History, Downloads, and Settings. Like the Flags page for enabling experiments and in-development features, which Google also revamped in version 63, the Bookmark Manager (Menu > Bookmarks > Bookmark Manager) adopts the standard Materials UI elements. This includes an app bar that houses a large search bar. It adopts the same dark blue theme and includes various Material animations and flourishes.
  • ExpressVPN Unveils Industry’s First Suite of Open-Source Tools to Test for Privacy and Security Leaks
  • New format in GIMP: HGT
    Lately a recurrent contributor to the GIMP project (Massimo Valentini) contributed a patch to support HGT files. From this initial commit, since I found this data quite cool, I improved the support a bit (auto-detection of the variants and special-casing in particular, as well as making an API for scripts). So what is HGT? That’s topography data basically just containing elevation in meters of various landscape (HGT stands for “height“), gathered by the Shuttle Radar Topography Mission (SRTM) run by various space agencies (NASA, National Geospatial-Intelligence Agency, German and Italian space agencies…).
  • What You Need To Know About The Intel Management Engine
    Over the last decade, Intel has been including a tiny little microcontroller inside their CPUs. This microcontroller is connected to everything, and can shuttle data between your hard drive and your network adapter. It’s always on, even when the rest of your computer is off, and with the right software, you can wake it up over a network connection. Parts of this spy chip were included in the silicon at the behest of the NSA. In short, if you were designing a piece of hardware to spy on everyone using an Intel-branded computer, you would come up with something like the Intel Managment Engine. Last week, researchers [Mark Ermolov] and [Maxim Goryachy] presented an exploit at BlackHat Europe allowing for arbitrary code execution on the Intel ME platform. This is only a local attack, one that requires physical access to a machine. The cat is out of the bag, though, and this is the exploit we’ve all been expecting. This is the exploit that forces Intel and OEMs to consider the security implications of the Intel Management Engine. What does this actually mean?

Red Hat News

Tizen News: TVs, Cars, Devices