Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 17 min ago

[$] LWN.net Weekly Edition for May 25, 2017

4 hours 28 min ago
The LWN.net Weekly Edition for May 25, 2017 is available.

[$] Progress on the Gilectomy

8 hours 37 min ago

At the 2016 Python Language Summit, Larry Hastings introduced Gilectomy, his project to remove the global interpreter lock (GIL) from CPython. The GIL serializes access to the Python interpreter, so it severely limits the performance of multi-threaded Python programs. At the 2017 summit, Hastings was back to update attendees on the progress he has made and where Gilectomy is headed.

[$] The state of bugs.python.org

9 hours 48 min ago

In a brief session at the 2017 Python Language Summit, Maciej Szulik gave an update on the state and plans for bugs.python.org (bpo). It is the Roundup-based bug tracker for Python; moving to GitHub has not changed that. He described the work that two Google Summer of Code (GSoC) students have done to improve the bug tracker.

[$] New CPython workflow issues

12 hours 17 min ago

As part of a discussion in 2014 about where to host some of the Python repositories, Brett Cannon was delegated the task of determining where they should end up. In early 2016, he decided that Python's code and other repositories (e.g. PEPs) should land at GitHub; at last year's language summit, he gave an overview of where things stood with a few repositories that had made the conversion. Since that time, the CPython repository has made the switch and he wanted to discuss some of the workflow issues surrounding that move at this year's summit.

A Samba remote code execution vulnerability

12 hours 56 min ago
The Samba Team has issued an advisory regarding CVE-2017-7494: "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it." Distributors are already shipping the fix; there's also a workaround in the advisory for those who cannot update immediately.

[$] System monitoring with osquery

12 hours 57 min ago

Your operating system generates a lot run-time data and statistics that are useful for monitoring system security and performance. How you get this information depends on the operating system you're running. It could be a from report in a fancy GUI, or obtained via a specialized API, or simply text values read from the filesystem in the case of Linux and /proc. However, imagine if you could get this data via an SQL query, and obtain the output as a database table or JSON object. This is exactly what osquery lets you do on Linux, macOS, and Windows.

Check Point: Hacked in Translation

13 hours 1 min ago
Check Point has issued an advisory that a number of video-player applications can be compromised via specially crafted subtitles. "By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years."

[$] Python 3.6.x, 3.7.0, and beyond

13 hours 24 min ago

Ned Deily, release manager for the Python 3.6 and 3.7 series, opened up the 2017 edition of the Python Language Summit with a look at the release process and where things stand. It was an "abbreviated update" to his talk at last year's summit, he said. He looked to the future for 3.6 and 3.7, but also looked a bit beyond those two.

This is the start of LWN's coverage of the language summit; look for more articles over the next week or so.

Security updates for Wednesday

13 hours 33 min ago
Security updates have been issued by CentOS (libtirpc and rpcbind), Debian (libtasn1-3, libtasn1-6, and samba), Fedora (FlightGear, openvpn, and python-fedora), openSUSE (libtirpc and libxslt), Oracle (libtirpc and rpcbind), Red Hat (samba, samba3x, and samba4), Scientific Linux (samba and samba4), SUSE (java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, samba, and tomcat), and Ubuntu (jbig2dec, miniupnpc, rtmpdump, and samba).

[$] Containers as kernel objects

Tuesday 23rd of May 2017 10:56:06 PM
The kernel has, over the years, gained comprehensive support for containers; that, in turn, has helped to drive the rapid growth of a number of containerization systems. Interestingly, though, the kernel itself has no concept of what a container is; it just provides a number of facilities that can be used in the creation of containers in user space. David Howells is trying to change that state of affairs with a patch set adding containers as a first-class kernel object, but the idea is proving to be a hard sell in the kernel community.

LibreOffice leverages Google’s OSS-Fuzz to improve quality of office suite

Tuesday 23rd of May 2017 06:31:44 PM
The Document Foundation looks at the progress made in improving the quality and reliability of LibreOffice's source code by using Google's OSS-Fuzz. "Developers have used the continuous and automated fuzzing process, which often catches issues just hours after they appear in the upstream code repository, to solve bugs - and potential security issues - before the next binary release. LibreOffice is the first free office suite in the marketplace to leverage Google's OSS-Fuzz. The service, which is associated with other source code scanning tools such as Coverity, has been integrated into LibreOffice's security processes - under Red Hat's leadership - to significantly improve the quality of the source code."

Security updates for Tuesday

Tuesday 23rd of May 2017 03:40:39 PM
Security updates have been issued by Arch Linux (lynis), CentOS (kdelibs, libtirpc, rpcbind, and samba), Debian (miniupnpc), Fedora (chromium, chromium-native_client, and kernel), Oracle (kdelibs and samba), Red Hat (libtirpc and rpcbind), and Scientific Linux (kdelibs, libtirpc, rpcbind, and samba).

Hughes: Updating Logitech Hardware on Linux

Tuesday 23rd of May 2017 03:05:42 PM
Richard Hughes describes his work to address the MouseJack vulnerability in Logitech (and other) receivers. This vulnerability allows an attacker to pair new devices with the receiver with no user interaction or awareness, and, thus, take over the machine. "This makes sitting in a café quite a dangerous thing to do when any affected hardware is inserted, which for the unifying dongle is quite likely as it’s explicitly designed to remain in an empty USB socket."

Logitech has provided firmware updates, but not for "unsupported" platforms like Linux. Hughes has filled that gap by getting documentation and a fixed firmware image from Logitech and adding support for these devices to fwupd. He is now looking for testers to ensure that the whole thing works across all devices. This is important work that is well worth supporting.

GNU Guix & GuixSD 0.13.0 released

Monday 22nd of May 2017 06:11:40 PM
GNU Guix and GuixSD 0.13.0 have been released. GNU Guix is a transactional package manager for the GNU system and the Guix System Distribution, GuixSD, is an advanced distribution of the GNU system. A couple of highlights in this version: Guix can now be used on aarch64 systems, and GuixSD now supports Btrfs and adds the LXDE desktop as an option. See the announcement for more information.

FreeBSD quarterly status report

Monday 22nd of May 2017 04:28:08 PM
FreeBSD has released its status report for the first quarter of 2017. As usual there are reports from the FreeBSD Core Team, the FreeBSD Foundation, the FreeBSD Ports Collection, and the FreeBSD Release Engineering Team, followed by more information about ongoing projects, and more.

Security updates for Monday

Monday 22nd of May 2017 03:22:40 PM
Security updates have been issued by Arch Linux (fop), Debian (dropbear, icu, and openjdk-7), Fedora (chicken, cinnamon-settings-daemon, jbig2dec, libtirpc, sane-backends, and smb4k), Mageia (flash-player-plugin, vlc, and webmin), Oracle (libtirpc and rpcbind), Red Hat (kdelibs, libtirpc, rpcbind, and samba), and SUSE (kernel).

The end of Parsix GNU/Linux

Monday 22nd of May 2017 02:01:24 PM
The Debian-based Parsix distribution has announced that it will be shutting down six months after the Debian "Stretch" release. "Parsix GNU/Linux 8.15 (Nev) will be fully supported during this time and users should be able to upgrade their installations to Debian Stretch without any significant issues. We will make all necessary changes, and updates to ensure a smooth transition to Debian Stretch."

Kernel prepatch 4.12-rc2

Monday 22nd of May 2017 02:54:28 AM
The 4.12-rc2 kernel prepatch is out. "I'm back on the usual Sunday schedule, and everything else looks fairly normal too. This rc2 is maybe a bit bigger than usual, but the whole merge window was bigger than most, so maybe it's just that. And it's not like it's huge".

Stable kernels for everybody

Saturday 20th of May 2017 02:59:38 PM
The 4.11.2, 4.10.17, 4.9.29, 4.4.69, and 3.18.54 stable kernel updates have all been released with the usual set of important fixes. Note that this is the final update for the 4.10 kernel.

[$] Revisiting "too small to fail"

Saturday 20th of May 2017 01:58:16 PM
Back in 2014, the revelation that the kernel's memory-management subsystem would not allow relatively small allocation requests to fail created a bit of a stir. The discussion has settled down since then, but the "too small to fail" rule still clearly creates a certain amount of confusion in the kernel community, as is evidenced by a recent discussion inspired by the 4.12 merge window. It would appear that the rule remains in effect, but developers are asked to act as if it did not.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story LinuxAndUbuntu Distro Review Of The Week - Deepin OS Mohd Sohail 25/05/2017 - 4:46am
Story Android Leftovers Rianne Schestowitz 24/05/2017 - 11:32pm
Story The Licensing and Compliance Lab interviews AJ Jordon of gplenforced.org Rianne Schestowitz 24/05/2017 - 10:39pm
Story Red Hat General and Financial News Rianne Schestowitz 24/05/2017 - 10:35pm
Story today's howtos Rianne Schestowitz 24/05/2017 - 10:33pm
Story Tizen in Bolivia and India Rianne Schestowitz 24/05/2017 - 10:29pm
Story Security Leftovers Rianne Schestowitz 24/05/2017 - 10:28pm
Story KDE, Qt, GTK and GNOME News Rianne Schestowitz 24/05/2017 - 9:07pm
Story Red Hat News: Flatpak, CloudLinux, Red Hat Enterprise Linux (RHEL) 7.4 Rianne Schestowitz 24/05/2017 - 7:08pm
Story Gaming News Rianne Schestowitz 24/05/2017 - 11:55am