Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 55 min ago

PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 released

Thursday 8th of November 2018 03:36:39 PM
There is a whole new set of PostgreSQL releases out there, the main purpose of which is to include an important security fix. "Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs `pg_upgrade` on the database or during a pg_dump dump/restore cycle. This attack requires a `CREATE` privilege on some non-temporary schema or a `TRIGGER` privilege on a table. This is exploitable in the default PostgreSQL configuration, where all users have `CREATE` privilege on `public` schema." Note that this is the final update for the 9.3 series; users on that version should be planning an upgrade in the near future.

Security updates for Thursday

Thursday 8th of November 2018 02:47:47 PM
Security updates have been issued by CentOS (python-paramiko and thunderbird), Debian (firefox-esr, libdatetime-timezone-perl, and mariadb-10.0), Fedora (curl, NetworkManager, and xorg-x11-server), openSUSE (kernel), Oracle (java-1.7.0-openjdk, python-paramiko, thunderbird, and xorg-x11-server), Red Hat (java-11-openjdk and spice-server), SUSE (firefox, kernel, and SDL_image), and Ubuntu (nginx).

[$] LWN.net Weekly Edition for November 8, 2018

Thursday 8th of November 2018 12:34:45 AM
The LWN.net Weekly Edition for November 8, 2018 is available.

[$] A "joke" in the glibc manual

Wednesday 7th of November 2018 09:28:16 PM

A "joke" in the glibc manual—targeting a topic that is, at best, sensitive—has come up for discussion on the glibc-alpha mailing list again. When we looked at the controversy in May, Richard Stallman had put his foot down and a patch removing the joke—though opinions of its amusement value vary—was reverted. Shortly after that article was published, a "cool down period" was requested (and honored), but that time has expired. Other developments in the GNU project have given some reason to believe that the time is ripe to finally purge the joke, but that may not work out any better than the last attempt.

[$] Limiting the power of package installation in Debian

Wednesday 7th of November 2018 05:19:34 PM

There is always at least a small risk when installing a package for a distribution. By its very nature, package installation is an invasive process; some packages require the ability to make radical changes to the system—changes that users surely would not want other packages to take advantage of. Packages that are made available by distributions are vetted for problems of this sort, though, of course, mistakes can be made. Third-party packages are an even bigger potential problem because they lack this vetting, as was discussed in early October on the debian-devel mailing list. Solutions in this area are not particularly easy, however.

Security updates for Wednesday

Wednesday 7th of November 2018 03:42:14 PM
Security updates have been issued by Arch Linux (ghostscript), Debian (curl), Fedora (curl, thunderbird, and zchunk), openSUSE (thunderbird), Oracle (389-ds-base, binutils, curl and nss-pem, glusterfs, gnutls, jasper, kernel, krb5, libcdio, libkdcraw, libmspack, libvirt, openssl, ovmf, python, samba, setup, sssd, wget, wpa_supplicant, xerces-c, zsh, and zziplib), Red Hat (xerces-c), SUSE (libarchive and systemd), and Ubuntu (ppp and spamassassin).

[$] Zinc: a new kernel cryptography API

Tuesday 6th of November 2018 04:26:24 PM

We looked at the WireGuard virtual private network (VPN) back in August and noted that it is built on top of a new cryptographic API being developed for the kernel, which is called Zinc. There has been some controversy about Zinc and why a brand new API was needed when the kernel already has an extensive crypto API. A recent talk by lead WireGuard developer Jason Donenfeld at Kernel Recipes 2018 would appear to be a serious attempt to reach out, engage with that question, and explain the what, how, and why of Zinc.

Security updates for Tuesday

Tuesday 6th of November 2018 04:18:54 PM
Security updates have been issued by Debian (glusterfs, gthumb, and mysql-5.5), Red Hat (389-ds-base, kernel, and xerces-c), Slackware (mariadb), SUSE (accountsservice, curl, icinga, kernel, and opensc), and Ubuntu (libxkbcommon, openssh, and ruby1.9.1, ruby2.0, ruby2.3, ruby2.5).

[$] 4.20 Merge window part 2

Monday 5th of November 2018 05:00:58 PM
At the end of the 4.20 merge window, 12,125 non-merge changesets had been pulled into the mainline kernel repository; 6,390 came in since last week's summary was written. As is often the case, the latter part of the merge window contained a larger portion of cleanups and fixes, but there were a number of new features in the mix as well.

Stable kernel updates

Monday 5th of November 2018 03:57:28 PM
Stable kernels 4.19.1, 4.18.17, and 4.14.79 have been released. As usual, there are important fixes and users should upgrade.

Security updates for Monday

Monday 5th of November 2018 03:51:07 PM
Security updates have been issued by Debian (curl, icecast2, mupdf, and ruby2.3), Fedora (lldpad, NetworkManager, python-django, roundcubemail, thunderbird, webkit2gtk3, xen, and xorg-x11-server), Mageia (axis, cimg, gmic, dnsmasq, gitolite, gnutls, java-1.8.0-openjdk, lighttpd, mbedtls, mediawiki, perl-Dancer2, python-cryptography, and virtualbox), Red Hat (openvswitch, Red Hat Virtualization, and thunderbird), SUSE (curl, ffmpeg, and soundtouch), and Ubuntu (network-manager and systemd).

Kernel prepatch 4.20-rc1

Monday 5th of November 2018 01:35:22 PM
Linus has released 4.20-rc1 and closed the merge window for this development cycle. "So I did debate calling it 5.0, but if we all help each other, I'm sure we can count to 20. It's a nice round number, and I didn't want to make a pattern of it. I think 5.0 happens next year, because then I *really* run out of fingers and toes."

[$] SpamAssassin is back

Friday 2nd of November 2018 09:35:04 PM
The SpamAssassin 3.4.2 release was the first from that project in well over three years. At the 2018 Open Source Summit Europe, Giovanni Bechis talked about that release and those that will be coming in the near future. It would seem that, after an extended period of quiet, the SpamAssassin project is back and has rededicated itself to the task of keeping junk out of our inboxes.

Duffy: Intro to UX design for the ChRIS Project – Part 1

Friday 2nd of November 2018 09:00:49 PM
On her blog, Máirín Duffy writes about her experiences helping design the "user experience" (UX) for the ChRIS project, which is an open-source effort aimed at medical imagery processing and distribution for hospitals and other facilities. "One of the driving reasons for ChRIS’ creation was to allow for hospitals to own and control their own data without needing to give it up to the industry. How do you apply the latest cloud-based rapid data processing technology without giving your data to one of the big cloud companies? ChRIS has been built to interface with cloud providers such as the Massachusetts Open Cloud that have consortium-based data governance that allow for users to control their own data. I want to emphasize the cloud-based computing piece here because it’s important – ChRIS allows you [to] run image processing tools at scale in the cloud, so elaborate image processing that typically days, weeks, or months to complete could be completed in minutes. For a patient, this could enable a huge positive shift in their care – rather than have to wait for days to get back results of an imaging procedure (like an MRI), they could be consulted by their doctor and make decisions about their care that day."

Security updates for Friday

Friday 2nd of November 2018 02:18:41 PM
Security updates have been issued by Arch Linux (kernel and linux-lts), Debian (chromium-browser and mono), Oracle (firefox), and Ubuntu (curl).

[$] Protecting the open-source license commons

Thursday 1st of November 2018 07:52:09 PM
Richard Fontana has a long history working with open-source licenses in commercial environments. He came to the 2018 Open Source Summit Europe with a talk that, he said, had never before been presented outside of "secret assemblies of lawyers"; it gave an interesting view of licenses as resources that are shared within the community and the risks that this shared nature may present. While our licenses have many good properties, including a de facto standardization role, those properties come with some unique and increasing risks when it comes to litigation.

Introducing Zink, an OpenGL implementation on top of Vulkan (Collabora blog)

Thursday 1st of November 2018 05:55:33 PM
Over at the Collabora blog, Erik Faye-Lund writes about Zink, which is an effort to create an OpenGL driver on top of Vulkan that he has been working on with Dave Airlie. "One problem is that OpenGL is a big API with a lot of legacy stuff that has accumulated since its initial release in 1992. OpenGL is well-established as a requirement for applications and desktop compositors. But since the very successful release of Vulkan, we now have two main-stream APIs for essentially the same hardware functionality. It's not looking like neither OpenGL nor Vulkan is going away, and the software-world is now hard at work implementing Vulkan support everywhere, which is great. But this leads to complexity. So my hope is that we can simplify things here, by only require things like desktop compositors to support one API down the road. We're not there yet, though; not all hardware has a Vulkan-driver, and some older hardware can't even support it. But at some point in the not too far future, we'll probably get there. This means there might be a future where OpenGL's role could purely be one of legacy application compatibility. Perhaps Zink can help making that future a bit closer?"

Security updates for Thursday

Thursday 1st of November 2018 03:07:20 PM
Security updates have been issued by Debian (phpldapadmin, poppler, and tzdata), Fedora (firefox, java-11-openjdk, libarchive, sos-collector, and teeworlds), Scientific Linux (java-1.7.0-openjdk, python-paramiko, and thunderbird), Slackware (curl), and SUSE (kernel, MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, and wireshark).

[$] LWN.net Weekly Edition for November 1, 2018

Thursday 1st of November 2018 12:26:25 AM
The LWN.net Weekly Edition for November 1, 2018 is available.

[$] Init system support in Debian

Wednesday 31st of October 2018 09:08:29 PM

The "systemd question" has roiled Debian multiple times over the years, but things had mostly been quiet on that front of late. The Devuan distribution is a Debian derivative that has removed systemd; many of the vocal anti-systemd Debian developers have switched, which helps reduce the friction on the Debian mailing lists. But that seems to have led to support for init system alternatives (and System V init in particular) to bitrot in Debian. There are signs that a bit of reconciliation between Debian and Devuan will help fix that problem.

More in Tux Machines

Security Leftovers

Ubuntu Mir's EGMDE Desktop Getting Experimental XWayland

Ubuntu's little known EGMDE example Mir desktop that is mostly a proving grounds for Mir development is now receiving support for XWayland for being able to run X11 applications within this example environment. Lead Mir developer Alan Griffiths posted about initial XWayland support for EGMDE but that it is "highly experimental, and can crash the desktop." This support is available via the "edge" EGMDE Snap. Read more

Devices: Coreboot, Toradex and Digi, Raspberry Pi 3 Model A+

  • Another Micro-ATX Haswell Era Motherboard Working With Coreboot But Needs Tiny Blob
    There are many Sandy Bridge era motherboards that have been freed by Coreboot while if you are looking for more options on something (slightly) newer, a micro-ATX Haswell-era motherboard from ASRock now works under this open-source BIOS implementation. The ASRock H81M-HDS is the latest motherboard port now mainline in Coreboot. The ASRock H81M-HDS supports Haswell Core and Xeon CPUs, supports two DDR3/DDR3L DIMMs, one PCI Express x16 slot, onboard display outputs, four SATA ports, and multiple USB3/USB2 ports. This motherboard can be found refurbished still from some Internet shops for about $70 USD.
  • Toradex and Digi launch i.MX8X-based Colibri and ConnectCore COMs
    Toradex and Digi have released Linux-friendly i.MX8X-based modules via early access programs. The Colibri iMX8X and Digi ConnectCore 8X each provide WiFi-ac and Bluetooth 4.2. NXP’s i.MX8X SoC has made quite a splash this week. Eight months after Phytec announced an i.MX8X-based phyCORE-i.MX 8X module, Variscite unveiled a VAR-SOM-MX8X module and then Congatec followed up with the Qseven form-factor Conga-QMX8X and SMARC 2.0 Conga-SMX8X. Now Toradex and Digi are beginning shipments of i.MX8X based modules for early access customers.
  • New Raspberry Pi 3 Model A+ launched for only $25

Mozilla Firefox and Google Chrome: Net Neutrality Stance, Mozilla, a VR Work, Firefox Monitor and 5 Best Chrome Extensions For Productivity

  • Mozilla Fights On For Net Neutrality
    Mozilla took the next step today in the fight to defend the web and consumers from the FCC’s attack on an open internet. Together with other petitioners, Mozilla filed our reply brief in our case challenging the FCC’s elimination of critical net neutrality protections that require internet providers to treat all online traffic equally. The fight for net neutrality, while not a new one, is an important one. We filed this case because we believe that the internet works best when people control for themselves what they see and do online. The FCC’s removal of net neutrality rules is not only bad for consumers, it is also unlawful. The protections in place were the product of years of deliberation and careful fact-finding that proved the need to protect consumers, who often have little or no choice of internet provider. The FCC is simply not permitted to arbitrarily change its mind about those protections based on little or no evidence. It is also not permitted to ignore its duty to promote competition and protect the public interest. And yet, the FCC’s dismantling of the net neutrality rules unlawfully removes long standing rules that have ensured the internet provides a voice for everyone. Meanwhile, the FCC’s defenses of its actions and the supporting arguments of large cable and telco company ISPs, who have come to the FCC’s aid, are misguided at best. They mischaracterize the internet’s technical structure as well as the FCC’s mandate to advance internet access, and they ignore clear evidence that there is little competition among ISPs. They repeatedly contradict themselves and have even introduced new justifications not outlined in the FCC’s original decision to repeal net neutrality protections.
  • Virtual meeting rooms don’t have to be boring. We challenge you to design better ones!
    Mozilla’s mission is to make the Internet a global public resource, open and accessible to all, including innovators, content creators, and builders on the web. VR is changing the very future of web interaction, so advancing it is crucial to Mozilla’s mission. That was the initial idea behind Hubs by Mozilla, a VR interaction platform launched in April 2018 that lets you meet and talk to your friends, colleagues, partners, and customers in a shared 360-environment using just a browser, on any device from head-mounted displays like HTC Vive to 2D devices like laptops and mobile phones. Since then, the Mozilla VR team has kept integrating new and exciting features to the Hubs experience: the ability bring videos, images, documents, and even 3D models into Hubs by simply pasting a link. In early October, two more useful features were added: drawing and photo uploads.
  • New Raspbian Update, Qt Creator 4.8 Beta2 Released, Firefox Monitor Now Available in More Than 26 Languages, Chrome OS Linux Soon Will Have Access to Downloads Folder and Canonical Extends Ubuntu 18.04 Long-Term Support
    Firefox Monitor, the free services that tells you whether your email has been part of a security breach, is now available in more than 26 languages: "Albanian, Traditional and Simplified Chinese, Czech, Dutch, English (Canadian), French, Frisian, German, Hungarian, Indonesian, Italian, Japanese, Malay, Portuguese (Brazil), Portuguese (Portugal), Russian, Slovak, Slovenian, Spanish (Argentina, Mexico, and Spain), Swedish, Turkish, Ukranian and Welsh." Along with this, Mozilla also announced that it has added "a notification to our Firefox Quantum browser that alerts desktop users when they visit a site that has had a recently reported data breach". See the Mozilla blog for details.
  • 5 Best Chrome Extensions For Productivity That You Should Use In 2019
    Google is the most popular browser around and supports a vast number of extensions as well. Since there are a lot of Chrome addons available in the Chrome Web Store, picking the best Google Chrome extension can be quite a task. Also, it is quite easy to get distracted on the web and lose track of time. Thankfully, several good extensions for productivity are available that can help you focus on your tasks, save time by prioritizing them and skillfully manage your to-do list. So here is a list of excellent Google Chrome extensions for productivity for the year 2019 that will assist you in your work in.