In conjunction with the KDE community's second beta release of Applications and Platform 4.13, Jos Poortvliet has put together a guide to helping test the Applications piece of the release. He looks at the improvements that are going into the Applications to give ideas about what to test. There are also some more formal testing resources that he mentions. "Testing is a matter of trying out some scenarios you decide to test, for example, pairing your Android phone to your computer with KDE Connect. If it works – awesome, move on. If it doesn't, find out as much as you can about why it doesn't and use that for a bug report."

Ars technica reports on the virtual Ubuntu Developer Summit (vUDS) keynote from Canonical's Mark Shuttleworth. "On the desktop, users can install Mir themselves, but it won't be turned on by default for everyone just yet. 'My expectation is that within the next 12 months you will see lots of people running Mir as their default display server, and by 16.04 it will be the default display server,' Shuttleworth said. 'There's lots of reasons why that will let us support more hardware, let us get much better performance, and let us do great things with some of the software companies we care about, who want to squeeze every bit of performance out of the hardware you've got.'"

Debian has updated cups (three vulnerabilities) and lighttpd (two vulnerabilities).

Fedora has updated mantis (F20; F19: three SQL injection flaws) and net-snmp (F20; F19: denial of service).

Mageia has updated flash-player-plugin (two vulnerabilities) and imapsync (information leak).

Mandriva has updated apache-commons-fileupload (BS1.0: denial of service), file (BS1.0: two vulnerabilities), libssh (BS1.0: private key leak), net-snmp (BS1.0: two denial of service flaws), otrs (BS1.0: code execution), and owncloud (BS1.0: multiple unspecified vulnerabilities).

openSUSE has updated otrs (12.3, 13.1: code execution).

Red Hat has updated flash-plugin (two vulnerabilities), gnutls (certificate validation botch), and kernel (RHEL5: multiple vulnerabilities).

Slackware has updated mutt (code execution).

The LWN.net Weekly Edition for March 13, 2014 is available.

The Free Software Foundation has put out a release claiming that developers working on the Replicant fork of Android have found a backdoor on Samsung Galaxy handsets. "While working on Replicant, a fully free/libre version of Android, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a back-door that lets the modem perform remote file I/O operations on the file system. This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write and delete files on the phone's storage. On several phone models, this program runs with sufficient rights to access and modify the user's personal data."

Interpreted, "duck typing" languages often have some idiosyncrasies in their definitions of "truth" and Python is no exception. But Python goes a bit further than some other languages in interpreting the True or False status of non-Boolean values. Even so, it often comes as a big surprise for programmers to find (sometimes by way of a hard-to-reproduce bug) that, unlike any other time value, midnight (i.e. datetime.time(0,0,0)) is False. A long discussion on the python-ideas mailing list shows that, while surprising, that behavior is desirable—at least in some quarters.

Greg Kroah-Hartman has released stable kernel 3.4.83 with important fixes throughout the tree.

Debian has updated cups-filters (multiple vulnerabilities), file (code execution), and mutt (code execution).

Fedora has updated file (F20: code execution) and php-sabre-dav (F20; F19: unspecified vulnerability).

openSUSE has updated libpng16 (13.1: denial of service).

Red Hat has updated kernel (RHEL6.4 EUS: multiple vulnerabilities).

Ubuntu has updated cups (10.04 LTS: multiple vulnerabilities), cups-filters (13.10, 12.10, 12.04 LTS: multiple vulnerabilities), and libssh (13.10, 12.10, 12.04 LTS: private key leak).

Impressive amounts of effort have gone into optimizing the kernel's low-level locking mechanisms over the years, but that does not mean that there is no room for improving their performance further. Some work that will be in the 3.14 3.15 kernel, with more likely to come later, has the potential to speed up kernel locking considerably, especially in situations where there are significant amounts of contention.

Click below (subscribers only) for the full article from this week's Kernel Page.

CentOS has updated sudo (C5: privilege escalation).

Fedora has updated mediawiki (F20; F19: ), openldap (F19: denial of service), rubygem-actionpack (F20; F19: multiple vulnerabilities), and rubygem-activerecord (F20: multiple vulnerabilities).

Mandriva has updated wireshark (multiple vulnerabilities).

Oracle has updated sudo (OL5: privilege escalation).

Red Hat has updated sudo (RHEL5: privilege escalation).

Scientific Linux has updated sudo (SL5: privilege escalation).

Slackware has updated udisks (privilege escalation).

Paul McKenney has announced that the first edition of his 500-page book Is Parallel Programming Hard, And, If So, What Can You Do About It? is available in electronic form; a printed version will follow soon. The entire book is available under the CC-BY-SA 3.0 license.

On March 27, there will be a meeting between database and kernel developers at the Linux Foundation's Collaboration Summit; interested developers are invited to attend. "If there are developers attending Collaboration Summit that work in the database or kernel communities, it would be great if you could come along. Previous discussions were on the PostgreSQL list and that should be expanded in case we accidentally build postgres-only features. The intent is to identify the problems encountered by databases and where relevant, test cases that can be used to demonstrate them if they exist. While the kernel community may be aware of some of the problems, they are not always widely known or understood."

The 2014 edition of Google's Summer of Code (GSoC) marks the tenth year of the program. Opensource.com covers a few of this year's 190 mentoring organizations. "What is likely to remain the same this year is the overwhelming response from students from all over the world who want the chance to work on free and open source projects with mentoring organizations that Google has hand-picked. Carol Smith, Open Source Programs Manager at Google, tells us that to date GSoC students have helped generate over 50 million lines of open source code to date, from over 8,500 student developers."

Debian has updated libyaml-libyaml-perl (code execution), udisks (privilege escalation), and wireshark (multiple vulnerabilities).

Fedora has updated freeradius (F20; F19: buffer overflow), imapsync (F19: information leak), kernel (F19: three vulnerabilities), php (F20: code execution), and v8 (F20; F19: incorrect handling of popular pages).

Gentoo has updated libyaml (code execution).

Mageia has updated mediawiki (multiple vulnerabilities) and wireshark (MG3; MG4: multiple vulnerabilities).

Mandriva has updated gnutls (certificate verification issue), postgresql (multiple vulnerabilities), and subversion (denial of service).

openSUSE has updated SSLCipherSuite (11.4: CRIME attack), fail2ban (13.1, 12.3: three vulnerabilities), freeradius-server (13.1, 12.3: denial of service), gnutls (11.4: two vulnerabilities), phpMyAdmin (13.1, 12.3: cross-site scripting), and postgresql92 (13.1, 12.3: multiple vulnerabilities).

Ubuntu has updated udisks, udisks2 (privilege escalation).

The 3.14-rc6 kernel prepatch is out. Linus says: "There haven't been any huge problems, but there's been quite a few small bumps that shouldn't happen this late in the release cycle. And rc6 is noticeably bigger than rc5 was, as well. So I'm really hoping that the upcoming week will be calmer, because otherwise I'll start thing rc8 and even rc9."

Mozilla has announced that it is "transitioning Persona to community ownership" — or, in other words, dropping development support for this identity management project. "For a variety of reasons, Persona has received less adoption than we were hoping for by this point. However, we do still believe that Persona offers a unique and useful alternative to passwords, and we intend to support it as such. Reducing the scope of Persona and stabilizing its core APIs over the last quarter has shown us that adding more features was not the way forward." (LWN reported on Persona in March 2013).

Greg Kroah-Hartman has released kernels 3.13.6 and 3.10.33, each with the usual bevy of updates and fixes.

Fedora has updated libssh (F20: private key leak) and rubygem-actionpack (F20: multiple vulnerabilities).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), file (code execution), net-snmp (multiple vulnerabilities), and owncloud (multiple unspecified vulnerabilities).

Ubuntu has updated imagemagick (12.04, 12.10, 13.10: multiple vulnerabilities), kernel (12.04; 12.10; 13.10: multiple vulnerabilities), linux-lts-quantal (multiple vulnerabilities), linux-lts-raring (multiple vulnerabilities), linux-lts-saucy (multiple vulnerabilities), and linux-ti-omap4 (12.04; 12.10; 13.10: multiple vulnerabilities).

The Linux Foundation has announced that it is building a massive open online course (MOOC) with edX, the non-profit learning platform created by Harvard University and Massachusetts Institute of Technology (MIT). "The Linux Foundation and edX are partnering to develop a MOOC program that will help address this issue by making basic Linux training materials available to all for free. Previously a $2,400 course, Introduction to Linux will be the first class available as a MOOC and will be free to anyone, anywhere. The Linux Foundation is among a new group of member organizations edX announced today who will contribute courses to the platform. EdX’s MOOC’s are an increasingly popular way to provide for unlimited participation and open access to learning material to people anywhere in the world via the web. These programs also provide interactive users forums where students and professors can build communities, similar to the way in which the Linux community collaborates. MOOCs have recently generated enrollments for individual classes of 60,000 or more students."

The Calligra office suite has announced its 2.8 release. In addition to the Krita painting program's 2.8 release (which we reviewed in the March 6 edition of LWN), other components have new features and bug fixes as well. Words and Author gained support for document comments, Kexi (visual database tool) has many fixes and improvements based on user feedback, Sheets now has pivot tables, and so on. "There are also some general improvements in all apps. It is now possible to copy and paste any shape between any documents in Calligra applications. Moreover, copying and pasting of images and rich text is now more advanced."