Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 57 min ago

LLVM 3.7 released

Wednesday 2nd of September 2015 06:03:17 AM
Version 3.7 of the LLVM compiler suite is out. "This release contains the work of the LLVM community over the past six months: full OpenMP 3.1 support (behind a flag), the On Request Compilation (ORC) JIT API, a new backend for Berkeley Packet Filter (BPF), Control Flow Integrity checking, as well as improved optimizations, new Clang warnings, many bug fixes, and more." See the release notes for LLVM and Clang for details.

Microsoft, Google, Amazon, others, aim for royalty-free video codecs (Ars Technica)

Tuesday 1st of September 2015 06:49:40 PM
Ars Technica reports that Microsoft, Google, Mozilla, Cisco, Intel, Netflix, and Amazon have launched a new consortium, the Alliance for Open Media. "The Alliance for Open Media would put an end to this problem [of patent licenses and royalties]. The group's first aim is to produce a video codec that's a meaningful improvement on HEVC. Many of the members already have their own work on next-generation codecs; Cisco has Thor, Mozilla has been working on Daala, and Google on VP9 and VP10. Daala and Thor are both also under consideration by the IETF's netvc working group, which is similarly trying to assemble a royalty-free video codec."

Tuesday's security advisories

Tuesday 1st of September 2015 04:36:29 PM

Fedora has updated qemu (F21: multiple vulnerabilities).

Oracle has updated gdk-pixbuf2 (OL7; OL6: code execution), jakarta-taglibs-standard (OL7; OL6: code execution), and nss-softokn (OL7; OL6: signature forgery).

Red Hat has updated nss-softokn (RHEL6,7: signature forgery) and pcs (RHEL6,7: privilege escalation).

Ubuntu has updated expat (15.04, 14.04, 12.04: denial of service) and gnutls28 (15.04: two vulnerabilities).

OpenSSL Security: A Year in Review

Tuesday 1st of September 2015 03:34:22 PM
The OpenSSL project looks at its security record for the last year. "The acceptable timeline for disclosure is a hot topic in the community: we meet CERT’s 45-day disclosure deadline more often than not, and we’ve never blown Project Zero’s 90-day baseline. Most importantly, we met the goal we set ourselves and released fixes for all HIGH severity issues in well under a month. We also landed mitigation for two high-profile protocol bugs, POODLE and Logjam. Those disclosure deadlines weren’t under our control but our response was prepared by the day the reports went public."

ownCloud Contributor Conference Announcements

Monday 31st of August 2015 11:03:08 PM
The ownCloud Contributor Conference 2015 (August 28-September 3 in Berlin, Germany) started off with some big announcements, including the publishing of the User Data Manifesto 2.0, the creation of the ownCloud Security Bug Bounty Program, and the release of the ownCloud Proxy app. "Designed for those of you who want your own private, secure “Dropbox” and don’t want the hassle of configuring routers, firewalls and DNS entries for access from anywhere, at any time, ownCloud Proxy is for you. It comes installed as an ownCloud community app in the new ownCloud community appliance, connects to relay servers in the cloud, and provides anytime, anywhere access to your files, on your PC running in your home network, quickly and easily. And, of course, you can grab it from the ownCloud app store and add it to an existing ownCloud server if you already have one running."

Security updates for Monday

Monday 31st of August 2015 04:20:46 PM

Debian has updated drupal7 (multiple vulnerabilities) and iceweasel (multiple vulnerabilities).

Mageia has updated audit (MG4,5: unsafe escape-sequence handling), firefox (MG4,5: multiple vulnerabilities), and glusterfs (MG5; MG4: two vulnerabilities).

openSUSE has updated ansible (13.2: regression in previous update) and thunderbird (13.2; 13.1: multiple vulnerabilities).

Red Hat has updated gdk-pixbuf2 (RHEL6,7: code execution) and jakarta-taglibs-standard (RHEL6,7: code execution).

Scientific Linux has updated firefox (SL5,6,7: two vulnerabilities), gdk-pixbuf2 (SL6,7: code execution), and jakarta-taglibs-standard (SL6,7: code execution).

Slackware has updated firefox (multiple vulnerabilities).

SUSE has updated kvm (SLE11SP4: code execution).

The 4.2 kernel has been released

Sunday 30th of August 2015 10:25:30 PM
Linus has announced the final release of the 4.2 kernel. "So judging by how little happened this week, it wouldn't have been a mistake to release 4.2 last week after all, but hey, there's certainly a few fixes here, and it's not like delaying 4.2 for a week should have caused any problems either." Headline features in this release include the security module stacking patches, the delay-gradient congestion-control algorithm, improvements to writeback management in control groups, a lot of important persistent-memory infrastructure, and more.

GDB 7.10 released

Sunday 30th of August 2015 10:59:13 AM
Version 7.10 of the GDB debugger is out. Improvements this time around include better support for access to shared libraries on remote targets, reverse debugging on ARM64 systems, support for DTrace static probes, and more.

Starting in September, Chrome will stop auto-playing Flash ads

Friday 28th of August 2015 09:02:25 PM

Google has announced that, beginning September 1, Chrome will no longer auto-play Flash-based ads in the company's popular AdWords program. The post frames this as a move to improve browsing performance for users, and notes that most Flash ads are automatically converted to HTML5 already. Commenting on the news, The Register notes that the change should also offer some additional protection against malware delivered via Flash. Chrome will continue to auto-play Flash content in the main body of pages, however. The Register's story says the change is, in fact, just a modification of the default setting for plugin behavior, which already supports an option to disable plugin content not deemed "important." Mozilla, of course, blacklisted the Flash plugin in July, although that action only disabled the then-current, vulnerable release—which was subsequently updated.

Friday's security updates

Friday 28th of August 2015 03:25:08 PM

Arch Linux has updated firefox (multiple vulnerabilities).

CentOS has updated firefox (C5; C6; C7: multiple vulnerabilities) and thunderbird (C5; C6; C7: multiple vulnerabilities).

Debian-LTS has updated openjdk-6 (multiple vulnerabilities) and zendframework (XML external entity attack).

Fedora has updated maradns (F21; F22: denial of service), openssh (F21: multiple vulnerabilities), php-guzzle-Guzzle (F21; F22: XML external entity attack), php-twig (F22: code execution), php-ZendFramework2 (F21; F22: XML external entity attack), rt (F21; F22: cross-site scripting), and rubygem-rack (F21: denial of service).

Mageia has updated drupal (M4,5: multiple vulnerabilities), python-django, python-django14 (M4,5: multiple vulnerabilities), subversion (M4,5: multiple vulnerabilities), thunderbird (M4,5: multiple vulnerabilities), and vlc (M4,5: code execution).

Oracle has updated firefox (O5; O6; O7: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities).

SUSE has updated MozillaFirefox, mozilla-nss (SLE11: multiple vulnerabilities).

Ubuntu has updated cups-filters (15.04: unintended printer access) and firefox (12.04, 14.04, 15.04: multiple vulnerabilities).

The 2015 EFF Pioneer Awards

Friday 28th of August 2015 06:58:51 AM
The Electronic Frontier Foundation has announced the recipients of its Pioneer Awards for 2015: Caspar Bowden, The Citizen Lab, Annriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra. "This extraordinary group of winners have all focused on the users, striving to give everyone the access, power, community, and protection they need in order to create and participate in our digital world."

KDE Sprints - who wins? (KDE.News)

Thursday 27th of August 2015 11:21:06 PM
KDE.News looks at KDE sprints and their benefits. The organization is doing some fundraising to help support its sprints, so it is trying get the word out about these code-focused events: "To start with, KDE sprints are intensive sessions centered around coding. They take place in person over several days, during which time skillful developers eat, drink and sleep code. There are breaks to refresh and gain perspective, but mostly sprints involve hard, focused work. All of this developer time and effort is unpaid. However travel expenses for some developers are covered by KDE. KDE is a frugal organization with comparatively low administrative costs, and only one paid person who works part time. So the money donated for sprints goes to cover actual expenses. Who gets the money? Almost all of it goes to transportation companies."

Security updates for Thursday

Thursday 27th of August 2015 05:30:01 PM

Debian has updated php5 (multiple vulnerabilities).

Debian-LTS has updated pykerberos (authentication botch) and python-django (two vulnerabilities).

Fedora has updated mariadb (F21: unspecified).

Mageia has updated cgit (code execution from 2014).

Ubuntu has updated qemu, qemu-kvm (multiple vulnerabilities, including one from 2014).

Grsecurity stable patches to be limited to sponsors

Thursday 27th of August 2015 04:29:07 AM
The developers of the Grsecurity kernel-hardening patch set have announced that, due to claimed ongoing GPL and trademark violations, the public distribution of the "stable" series of patches will stop. "We decided that it is unfair to our sponsors that the above mentioned unlawful players can get away with their activity. Therefore, two weeks from now, we will cease the public dissemination of the stable series and will make it available to sponsors only. The test series, unfit in our view for production use, will however continue to be available to the public to avoid impact to the Gentoo Hardened and Arch Linux communities."

[$] LWN.net Weekly Edition for August 27, 2015

Thursday 27th of August 2015 12:34:46 AM
The LWN.net Weekly Edition for August 27, 2015 is available.

Security updates for Wednesday

Wednesday 26th of August 2015 04:10:47 PM

Arch Linux has updated gnutls (denial of service), jasper (denial of service), pcre (code execution), and python-django (denial of service).

CentOS has updated httpd (C7: two vulnerabilities) and mariadb (C7: multiple vulnerabilities).

Debian has updated twig (code execution).

Debian-LTS has updated ruby1.8 (information disclosure) and ruby1.9.1 (information disclosure).

Mageia has updated gnutls (MG4,5: two vulnerabilities), vlc (MG5: code execution), and wireshark (MG4,5: multiple vulnerabilities).

Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities).

Ubuntu has updated gdk-pixbuf (15.04, 14.04, 12.04: code execution).

[$] Reviving the Hershey fonts

Wednesday 26th of August 2015 12:16:29 AM

At the 2015 edition of TypeCon in Denver, Adobe's Frank Grießhammer presented his work reviving the famous Hershey fonts from the Mid-Century era of computing. The original fonts were tailor-made for early vector-based output devices but, although they have retained a loyal following (often as a historical curiosity), they have never before been produced as an installable digital font.

Go 1.5 released

Tuesday 25th of August 2015 09:06:07 PM
Version 1.5 of the Go language has been released. "This release includes significant changes to the implementation. The compiler tool chain was translated from C to Go, removing the last vestiges of C code from the Go code base. The garbage collector was completely redesigned, yielding a dramatic reduction [PDF] in garbage collection pause times. Related improvements to the scheduler allowed us to change the default GOMAXPROCS value (the number of concurrently executing goroutines) from 1 to the number of available CPUs. Changes to the linker enable distributing Go packages as shared libraries to link into Go programs, and building Go packages into archives or shared libraries that may be linked into or loaded by C programs (design doc)."

Happy 24th birthday, Linux kernel (Opensource.com)

Tuesday 25th of August 2015 07:58:03 PM
Opensource.com wishes Linux a happy 24th birthday, with a brief timeline of Linux history. "There's some debate in the Linux community as to whether we should be celebrating Linux's birthday today or on October 5 when the first public release was made, but Linus says he is O.K. with you celebrating either one, or both! So as we say happy birthday, let's take a quick look back at the years that have passed and how far we have come."

KDE Ships Plasma 5.4.0, Feature Release for August

Tuesday 25th of August 2015 07:33:33 PM
KDE has released Plasma 5.4 with some new features. "This release of Plasma brings many nice touches for our users such as much improved high DPI support, KRunner auto-completion and many new beautiful Breeze icons. It also lays the ground for the future with a tech preview of Wayland session available. We're shipping a few new components such as an Audio Volume Plasma Widget, monitor calibration tool and the User Manager tool comes out beta."

More in Tux Machines

The Leader Of The Ubuntu Phone Project Has Left

Cristian Parrino, the former Vice President of Mobile at Canonical where he was the team leader for the Ubuntu Phone project, has left the company. In a post dated yesterday, Cristian writes that it's "the end of a cycle. The beginning of a new one." Read more

That Awkward Ubuntu Tablet Plans To Go Up For Pre-Order Soon

Since last December we've been receiving emails from a company working on an Ubuntu Tablet inspired by the failed Ubuntu Edge campaign. That company is apparently going to start accepting pre-orders for their device soon with hopes of shipping this unofficial Ubuntu Tablet in January. The last we heard of this Ubuntu tablet was earlier in the year when they shared with us their Intel specifications on this tablet and in March had shared expected pricing on the tablet with hopes of shipping the device later this calendar year. Last week I received an unsolicited email from Mark Jun of MJ Technology. Read more

Red Hat Enterprise Linux 7.2 Beta Now Available

Today, we are pleased to announce the beta availability of Red Hat Enterprise Linux 7.2, the latest version of the world’s leading enterprise Linux platform. Red Hat Enterprise Linux 7.2 beta includes a number of new features and enhancements – furthering Red Hat’s mission to redefine the enterprise operating system – while continuing to provide the stability, reliability, and security required to meet both the demands of the modern datacenter and next-generation IT requirements. A focus on security, manageability and system administration, as well as a continued emphasis on the functionality to build and deploy Linux containers, helps Red Hat Enterprise Linux 7.2 beta provide enterprises a trusted path towards the future of information technology. Read more

Rackspace developer advocate on getting started with open source

There are several reasons. If you have an idea for a utility or framework or whatever, and you would like the support of an entire community of developers, open source is a great way to go. If you want your code "out there" so it can be reviewed and critiqued (which will improve your skills), open source is a good solution. If you are just out of school and want to establish yourself and show off your coding skills, start an open source project. Finally, if you're altruistic and just want to help the software community at large, yes, please, start an open source project. Read more