Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 37 min ago

Real-world use of Linux multipath TCP

Saturday 1st of August 2015 01:56:15 PM
LWN looked at the Linux multipath TCP implementation back in 2013. That code remains out of tree, but it now seems that it is being used in some Samsung phones in Korea. "This service enables smartphone users to reach bandwidth of up to 1 Gbps on existing smartphones. This is probably the fastest commercially deployed mobile network. They achieve this high bandwidth by combining both fast LTE (with carrier aggregation) and fast WiFi networks on Multipath TCP enabled smartphones." (Thanks to Oliver Bonaventure).

OpenSSL: License Agreements and Changes Are Coming

Friday 31st of July 2015 10:10:29 PM

At the OpenSSL blog, Rich Salz has announced the project's decision to migrate away from the "rather unique and idiosyncratic" OpenSSL license to the Apache 2.0 license. In order to make the change in an upcoming release, though, the project "will soon require almost every contributor to have a signed a Contributor License Agreement (CLA) on file." Individual and corporate versions of the CLA are posted; trivial patches will evidently not trigger the need for the submitter to sign and file an agreement. Salz closes by noting that more details are still to come, since "there is a lot of grunt work needed to clean up the backlog and untangle all the years of work from the time when nobody paid much attention to this sort of detail."

Mozilla criticizes browser-selection change in Windows

Friday 31st of July 2015 09:50:20 PM

Mozilla has launched a multi-pronged campaign to challenge a recent change in Windows that has the effect of overriding users' choice of Firefox as the default web browser. Mozilla CEO Chris Beard posted a blog entry outlining the problem as well as an open letter to Microsoft CEO Satya Nadella. The change apparently landed with the recent Windows 10 release and, as Beard explains it, "while it is technically possible for people to preserve their previous settings and defaults, the design of the new Windows 10 upgrade experience and user interface does not make this obvious nor easy." Mozilla has also posted tutorials and videos to help users restore Firefox as their default browser.

A leadership change at FFmpeg

Friday 31st of July 2015 03:45:03 PM
FFmpeg leader Michael Niedermayer has announced his departure from the project. "I hope my resignation will make it easier for the teams to find back together and avoid a more complete split which would otherwise be the result sooner or later as the trees diverge and merging all improvements becomes too difficult for me to do."

Friday's security updates

Friday 31st of July 2015 03:28:38 PM

CentOS has updated java-1.6.0-openjdk (C5; C7: multiple vulnerabilities).

Debian has updated openafs (multiple vulnerabilities) and xmltooling (denial of service).

Fedora has updated libuser (F22: multiple vulnerabilities), openssh (F22: authentication limits bypass; F22: improper output filtering), and xrdp (F22: denial of service).

Mageia has updated groovy (M4, M5: code execution).

openSUSE has updated bind (11.4: multiple vulnerabilities) and openldap2 (13.1, 13.2: multiple vulnerabilities).

Oracle has updated java-1.6.0-openjdk (O6; O7: ).

Red Hat has updated java-1.6.0-openjdk (multiple vulnerabilities).

Scientific Linux has updated openafs (multiple vulnerabilities).

SUSE has updated bind (SLES 10: denial of service), java-1_7_0-openjdk (SLE 11; SLE 12: multiple vulnerabilities), java-1_7_1-ibm (SLE 11; SLE 12: multiple vulnerabilities), and kernel (SLE 12: multiple vulnerabilities).

Ubuntu has updated hplip (12.04, 14.04, 15.04: man-in-the-middle attack), kernel (14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), and sqlite3 (12.04, 14.04, 15.04: multiple vulnerabilities).

DebConf15 schedule and featured speakers announced

Thursday 30th of July 2015 11:21:24 PM
Debconf15, which will be held in Heidelberg, Germany August 15-23, has announced its schedule as well as four featured speakers: Allison Randal, President, Open Source Initiative and Distinguished Technologist, HP; Peter Eckersly, Chief Computer Scientist, Electronic Frontier Foundation; John Sullivan, Executive Director, Free Software Foundation; and Jon 'maddog' Hall, Executive Director, Linux International. "The DebConf content team is pleased to announce the schedule of DebConf15, the forthcoming Debian Developers Conference. From a total of nearly 100 talk submissions, the team selected 75 talks. Due to the high number of submissions, several talks had to be shortened to 20 minute slots, of which a total of 30 talks have made it to the schedule. In addition, around 50 meetings and discussions (BoFs) have been organized so far, as well as several other events like lightning talk sessions, live demos, a movie screening, a poetry night or stand-up comedy."

Oracle Linux 6.7 released

Thursday 30th of July 2015 09:33:39 PM
Oracle has announced the release of Oracle Linux 6.7. As usual this release features both a Red Hat compatible kernel and Oracle's enterprise kernel. Some notable features include Open Security Content Automation Protocol (OpenSCAP), including the oscap utility for enhanced security auditing and compliance, Load Balancing and High Availability with Keepalived and HAProxy, supported under Oracle Linux Premier Support subscriptions, Enhanced SSSD support for Active Directory, and more. See the release notes for details.

Security updates for Thursday

Thursday 30th of July 2015 04:35:20 PM

Debian-LTS has updated squid3 (security bypass).

Fedora has updated drupal7-path_breadcrumbs (F22; F21: cross-site scripting), ecryptfs-utils (F22; F21: password disclosure from 2014), hplip (F21: key verification botch), httpd (F21: multiple vulnerabilities), ipython (F22; F21: cross-site request forgery), libunwind (F21: code execution), libwmf (F21: two denial of service flaws), nx-libs (F22: unspecified vulnerabilities), wpa_supplicant (F21: code execution), and xrdp (F21: denial of service).

openSUSE has updated lxc (13.2; 13.1: two vulnerabilities).

Oracle has updated autofs (OL6: privilege escalation from 2014), bind (OL6; OL6: denial of service), curl (OL6: multiple vulnerabilities, some from 2014), freeradius (OL6: code execution from 2014), gnutls (OL6: two vulnerabilities), grep (OL6: code execution), hivex (OL6: code execution from 2014), ipa (OL6: cross-site scripting from 2010 and 2012), kernel (OL6: multiple vulnerabilities, some from 2014), kernel 3.8.13 (OL7; OL6: three vulnerabilities, one from 2014), libreoffice (OL6: code execution), libuser (OL6: privilege escalation), libxml2 (OL6: two vulnerabilities, one from 2014), mailman (OL6: two vulnerabilities, one from 2002), net-snmp (OL6: denial of service from 2014), ntp (OL6: three vulnerabilities), pki-core (OL6: cross-site scripting), python (OL6: two vulnerabilities from 2013 and 2014), sudo (OL6: information disclosure from 2014), wireshark (OL6: multiple vulnerabilities, some from 2014), and wpa_supplicant (OL6: denial of service).

SUSE has updated bind (SLE11SP1: denial of service).

Ubuntu has updated ghostscript (15.04, 14.04, 12.04: code execution), openjdk-7 (15.04, 14.04: multiple vulnerabilities), pcre3 (15.04, 14.04, 12.04: multiple vulnerabilities, one from 2014), and tidy (15.04, 14.04, 12.04: two vulnerabilities).

Mourning Nóirín Plunkett

Thursday 30th of July 2015 08:53:12 AM
Here are a couple sad notes from the Ada Initiative and the Apache Software Foundation on the abrupt passing of Nóirín Plunkett. "Throughout Nóirín's time at the Foundation she was an Apache httpd contributor, ASF board member, VP and ApacheCon organizer. Nóirín's passionate contributions and warm personality will be sorely missed. Many considered Nóirín a friend and viewed Nóirín's work to improving 'Women in Technology' as a great contribution to this cause."

[$] LWN.net Weekly Edition for July 30, 2015

Thursday 30th of July 2015 01:10:23 AM
The LWN.net Weekly Edition for July 30, 2015 is available.

[$] Building a Tizen IVI test experience

Wednesday 29th of July 2015 09:55:29 PM

In November of 2013, I decided to undertake a garage-hacking project and build an in-vehicle infotainment (IVI) Linux box for my own car. Motivated hobbyists have done such things for years, of course. But, after having followed the development of various automotive Linux projects (such as GENIVI and Tizen IVI), I wanted to put them to the test, rather than simply stuff a Raspberry Pi into the glove compartment and run Rhythmbox on a tiny screen on the dashboard. Interesting developments were happening at automakers and software vendors, and they were worth exploring. It turned out to be a rather large project, so to cover it fully will take more than one installment. The first major milestone involves understanding the unique hardware, power, and boot requirements of an IVI unit (as well as finding a distribution that fits the bill).

Security updates for Wednesday

Wednesday 29th of July 2015 06:09:14 PM

Arch Linux has updated bind (denial of service), pacman (man-in-the-middle attack), and qemu (multiple vulnerabilities).

CentOS has updated bind (C7; C5: denial of service) and bind97 (C5: denial of service).

Debian has updated bind9 (denial of service).

Debian-LTS has updated apache2 (denial of service) and bind9 (denial of service).

Fedora has updated elfutils (F21: unspecified vulnerabilities), haproxy (F22; F21: information leak), hplip (F22: man-in-the-middle attack), libidn (F22; F21: information disclosure), php (F21: multiple vulnerabilities), roundcubemail (F22; F21: multiple vulnerabilities), subversion (F21: multiple vulnerabilities), and wpa_supplicant (F22: denial of service).

Mageia has updated ansible (MG4,5: two vulnerabilities), freeradius (MG4,5: insufficient certificate verification), openssh (MG4,5: authentication limits bypass), python-django (MG4,5: multiple vulnerabilities), and springframework (MG5: denial of service).

Oracle has updated bind (OL7; OL5: denial of service) and bind97 (OL5: denial of service).

Red Hat has updated bind (RHEL6,7; RHEL5: denial of service), bind97 (RHEL5: denial of service), and qemu-kvm-rhev (RHOSP5,6: two vulnerabilities).

Scientific Linux has updated bind (SL5: denial of service) and bind97 (SL5: denial of service).

Slackware has updated bind (denial of service).

SUSE has updated bind (SLE12; SLE11SP3,4: denial of service).

Ubuntu has updated bind9 (15.04, 14.04, 12.04: denial of service) and qemu (15.04, 14.04: multiple vulnerabilities).

Roadies vs. rock stars: The art of open leadership (Opensource.com)

Tuesday 28th of July 2015 10:15:25 PM
Matt Thompson talks with Allen Gunn, Executive Director of Aspiration, at Opensource.com. "I think you lead with a very earnest form of humility. The best forms of open are lovingly subversive, in that they draw others to form their own conclusions about the benefit of open rather than beating them over the head with it."

Tuesday's security updates

Tuesday 28th of July 2015 05:10:06 PM

CentOS has updated clutter (C7: screen lock bypass) and qemu-kvm (C7: two vulnerabilities).

Debian-LTS has updated icu (code execution).

Mageia has updated chromium-browser (MG4,5: multiple vulnerabilities), expat (MG4,5: denial of service), icu (MG5; MG4: denial of service/code execution), stunnel (MG5: authentication bypass), thunderbird (MG4,5: multiple vulnerabilities), wesnoth (MG5; MG4: information leak), and wordpress (MG4: two vulnerabilities).

Oracle has updated clutter (OL7: screen lock bypass) and qemu-kvm (OL7: two vulnerabilities).

Red Hat has updated clutter (RHEL7: screen lock bypass).

Scientific Linux has updated clutter (SL7: screen lock bypass) and qemu-kvm (SL7: two vulnerabilities).

SUSE has updated xen (SLE12; SLE11SP4: two vulnerabilities).

Ubuntu has updated apache2 (15.04, 14.04, 12.04: two vulnerabilities), kernel (15.04; 14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-lts-vivid (14.04: multiple vulnerabilities).

The Dronecode Foundation aims to keep UAVs open (Opensource.com)

Monday 27th of July 2015 09:37:37 PM
Opensource.com follows up with the Dronecode Foundation, which was founded in October 2014. "In the past year, Dronecode's developer community has grown from 1,200 to more than 2000 contributors, with more than 12,000 commits in the codebase. The rate of development is rapid with 1,000 commits being reviewed a month, with well over 2 million lines of code across the various Dronecode projects. Developers from Qualcomm, Intel, Parrot, Yuneec and many others are actively engaged in the development of the Dronecode technology stack. As a result, updates, new releases and project milestones are in motion all the time. For example, in late May, the APM project released version 3.3 of its flight code, and the PX4 project reached a milestone with the first RC candidate for release 1.0."

The Android "Stagefright" vulnerability

Monday 27th of July 2015 07:48:23 PM
Here is an article on the "Threatpost" site about a set of remotely exploitable media-library vulnerabilities present on vast numbers of Android devices. "An attacker in possession of their target’s phone number could send an MMS or even a Google Hangouts message to an affected device that triggers the vulnerability before the victim has a chance to open the message. In some cases, the attack would delete the MMS in question, leaving behind only a notification that a message was sent."

Security advisories for Monday

Monday 27th of July 2015 05:10:08 PM

Debian has updated expat (code execution), lxc (two vulnerabilities), and openjdk-7 (multiple vulnerabilities).

Debian-LTS has updated expat (code execution), ghostscript (buffer overflow), and lighttpd (man-in-the-middle attack).

Mageia has updated apache (MG4,5: two vulnerabilities), java-1.8.0-openjdk (MG5: multiple vulnerabilities), libuser (MG4,5: two vulnerabilities), and mariadb (MG4,5: multiple vulnerabilities).

openSUSE has updated cacti (13.2, 13.1: SQL injection), Chromium (13.2, 13.1: multiple vulnerabilities), java-1_7_0-openjdk (13.2, 13.1: multiple vulnerabilities), and java-1_8_0-openjdk (13.2: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and qemu-kvm (RHEL7: two vulnerabilities).

Kernel prepatch 4.2-rc4

Monday 27th of July 2015 03:42:44 AM
The fourth 4.2 prepatch is out for testing. Linus says: "I really wish that things were calming down, but it hasn't happened quite yet. It's not like this is particularly big or scary, but it's also not at the stage where it's really starting to get quiet and the bugs are really small and esoteric."

Plasma Mobile launched

Saturday 25th of July 2015 11:05:47 AM
Here is the announcement for Plasma Mobile, a KDE-based platform for smartphones. "The goal for Plasma Mobile is to give the user full use of the device. It is designed as an inclusive system, intended to support all kinds of apps. Native apps are developed using Qt; it will also support apps written in GTK, Android apps, Ubuntu apps, and many others, if the license allows and the app can be made to work at a technical level." There is a prototype build available for Nexus 5 phones.

etcd 2.1 released

Saturday 25th of July 2015 08:18:30 AM
The etcd 2.1 release is out. "For a quick overview, etcd is an open source, distributed, consistent key value store for shared configuration, service discovery, and scheduler coordination. By using etcd, applications can ensure that even in the face of individual servers failing, the application will continue to work. " New features include a new authentication/authorization API, various robustness improvements, better logging, and a new metrics API.

More in Tux Machines

KDE Announces the Beta of KDE Applications 15.08, Based on KDE Frameworks 5

After having a lot of fun at Akademy 2015, the annual world summit of KDE, which took place in A Coruña, Galicia, Spain between July 25-31, the KDE developers finally decided to post the announcement for the Beta release of KDE Applications 15.08. Read more

Zorin OS 10 Core & Ultimate have arrived

We are excited to finally announce the release of Zorin OS 10 with the availability of the Zorin OS 10 Core and Ultimate editions. Zorin OS 10 is our best, most beautiful release yet. We have made major strides with the visual styling in Zorin OS. In addition to the refined & perfected desktop theme and the new default FreeSans desktop font, we have introduced a stunning new icon theme, based on the elementary and elementary-add icon themes. This is its first major overhaul since Zorin OS 2.0. Read more

Zidoo's 'X1' is a $59 Android media box that touts its 4K prowess

Bottom line, the Zidoo X1 checks all the boxes when it comes to streaming and playing local media. The X1 is affordable with an MSRP of $59 USD and comes with a one year warranty. Despite its paltry specifications, the X1 was able to handle pretty much all movie files and streaming duties. The only concern would be how well Zidoo would continue to support the device via software updates. While this doesn't quite beat pricing from the likes of the Chromecast or the MK808B it does provide more features. While this is my first time with an true Android media box, I found that the experience as pretty seamless when it was all set up. While the X1 was able to stand up the challenge of 4K, the real question is: when will see more 4K UHD content that is easily accessible. Read more

today's leftovers

  • Dawn of the data center operating system
    How microservices architecture and Linux containers will tame distributed computing for developers and ops
  • 30 Sys Admins to Follow on SysAdmin Day
    Systems administrators: They keep our high-tech world up and running. From capacity planning, to 3 a.m. phone calls, to retiring that 10-year-old server that uses more power than your whole house, sys admins do it all. Open source communities would not be able to thrive without the networks, services, and tools that allow for communication and collaboration, and sys admins are the ones who work thanklessly year-round to keep them going. July 31 is System Administrator Appreciation Day, a day for all of us to express our undying gratitude for sys admins. Sure, you could buy your favorite sys admin cake and ice cream, or perhaps a nice gift card. You could even go as far as not breaking the server for just one day. You also can follow these 30 sys admins.
  • See What Systemd 223 Brings New
  • Sparkfun's pcDuino Acadia Benchmarks Against Other ARM SBCs
    Sparkfun's pcDuino Acadia os a $119 USD development board powered by a Freescale i.MX6 quad-core Cortex-A9 SoC with Mali 400 graphics. There's 1GB of RAM and other connectivity options for this board.
  • Linux Based Solus OS Now Boots in Flat 1.2 Seconds
    Solus OS is a Linux distro that was built from scratch and uses a new desktop environment called Budgie. You can consider it as the next version of the Solus OS as it was built by the same developer team, so they didn’t bother changing the name for a new operating system.
  • Arch Linux 2015.08.01 Has Been Released. Upgrade Now!
    Arch Linux 2015.08.01 has been released and is powered by Kernel 4.1 and includes all the update patches since the 1st of July 2015.
  • uReadIt 3 – The Best Reddit Client For Ubuntu Touch
    As you may know, uReadIt is an open-source Reddit client for Ubuntu Touch, being one of the best native apps for Ubuntu mobile.
  • You Can Now Watch Flash Content With MPV On Ubuntu
    As you may know, Adobe Flash is not the safest thing on the internet this days. Mozilla even disabled it from the Firefox browser a while, due to the vulnerabilities found lately.
  • Ubuntu MATE 15.04 Running on the Rikomatic MK808B
    Ubuntu MATE, the latest member of the Ubuntu family, has been spotted running on the MK808B Plus Quad-Core mini TV box device. The device runs with Android 4.4 by default, but a third party developer has tweaked it to run Ubuntu.
  • LEGO Smart Home
    We spoke to Bhavana Srinivas and Geremy Cohen from PubNub about their LEGO Smart Home model, a proof of concept project that shows how you can use the Raspberry Pi with communication platform PubNub in order to automate your household electronics and other Internet of Things devices. You can read the full piece in the latest issue.
  • Compact module runs Linux on quad-core Braswell
    Congatec announced a compact, low power computer-on-module based on Intel’s 14nm “Braswell” SoCs, and featuring triple display outputs, and up to 4K video.