Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 44 min ago

Kernel prepatch 5.3-rc4

Monday 12th of August 2019 01:34:29 PM
The 5.3-rc4 kernel prepatch has been released for testing. "I mentioned last week that rc3 was unusually small. Well, we fixed that."

Stable kernels 5.2.8, 4.19.66, and 4.14.138

Friday 9th of August 2019 05:58:42 PM
Greg Kroah-Hartman has announced the release of three new stable kernels: 5.2.8, 4.19.66, and 4.14.138. As usual, the kernels contain important fixes, so users should upgrade.

[$] Akaunting: a web-based accounting system

Friday 9th of August 2019 04:31:27 PM
One of these years, LWN will have a new accounting system based on free software. That transition has not yet happened, though, despite the expending of a fair amount of energy into researching alternatives. Your editor recently became aware of a system called Akaunting, so a look seemed worthwhile. This tool may have the features that some users want, but it seems clear that your editor's quest is not done yet.

A Kubernetes security assessment

Friday 9th of August 2019 04:12:23 PM
The Kubernetes community has posted the extensive results [PDF] of a security assessment performed earlier this year. "Overall, Kubernetes is a large system with significant operational complexity. The assessment team found configuration and deployment of Kubernetes to be non-trivial, with certain components having confusing default settings, missing operational controls, and implicitly defined security controls. Also, the state of the Kubernetes codebase has significant room for improvement. The codebase is large and complex, with large sections of code containing minimal documentation and numerous dependencies, including systems external to Kubernetes. There are many cases of logic re-implementation within the codebase which could be centralized into supporting libraries to reduce complexity, facilitate easier patching, and reduce the burden of documentation across disparate areas of the codebase."

Security updates for Friday

Friday 9th of August 2019 01:47:46 PM
Security updates have been issued by Debian (postgresql-11, postgresql-9.4, and postgresql-9.6), Fedora (exiv2), openSUSE (python-Django and vlc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (evince, nodejs10, python, and squid), and Ubuntu (postgresql-10, postgresql-11, postgresql-9.5).

The Document Foundation announces LibreOffice 6.3

Thursday 8th of August 2019 06:00:11 PM
The Document Foundation has announced the release of LibreOffice 6.3. This new version of the free-software office suite has lots of new features, better performance, and more interoperability with proprietary formats. In particular, documents can now be redacted to hide sensitive information before they are shared or exported, there are user-interface changes to make it more compact and easier to work with, a FOURIER function has been added to Calc, editable PDFs can be designed more easily, multiple improvements have been made in the Microsoft Office format handling, and more. Beyond that: "Writer and Calc performance has been improved by an order of magnitude based on documents provided by end users: text files with different bookmarks, tables and embedded fonts, large ODS/XLSX spreadsheets, and Calc files with VLOOKUP load and render more quickly. Saving Calc spreadsheets as XLS files is also faster."

[$] Grand Schemozzle: Spectre continues to haunt

Thursday 8th of August 2019 03:08:33 PM
The Spectre v1 hardware vulnerability is often characterized as allowing array bounds checks to be bypassed via speculative execution. While that is true, it is not the full extent of the shenanigans allowed by this particular class of vulnerabilities. For a demonstration of that fact, one need look no further than the "SWAPGS vulnerability" known as CVE-2019-1125 to the wider world or as "Grand Schemozzle" to the select group of developers who addressed it in the Linux kernel.

Security updates for Thursday

Thursday 8th of August 2019 01:46:13 PM
Security updates have been issued by Arch Linux (exim, python-django, python2-django, and sdl2), Debian (proftpd-dfsg), Fedora (php and sqlite), openSUSE (proftpd), Red Hat (kernel), Slackware (kdelibs), SUSE (nodejs10, squid, and tcpdump), and Ubuntu (php5 and ruby-rack).

Linux Journal ceases publication

Thursday 8th of August 2019 03:16:34 AM
It is with sadness that we report that Linux Journal has ceased publication. The magazine announced its demise at the end of 2017, then was happily reborn in early 2018, but apparently that was not to last. Editor Kyle Rankin posted "An Awkward Goodbye" on August 7. "After dying and being revived, it was finally starting to look like some day soon we would be able to walk on our own. Unfortunately, we didn't get healthy enough fast enough, and when we found out we needed to walk on our own strength, we simply couldn't. So here we are giving our second, much more awkward, goodbye. What happens now? We gave each other a proper hug during the first goodbye, do we hug again this time? Do we do the hand-shake-that-turns-into-a-single-arm-hug thing? Do we just sort of wave and smile?" LJ will be missed.

[$] LWN.net Weekly Edition for August 8, 2019

Thursday 8th of August 2019 01:03:20 AM
The LWN.net Weekly Edition for August 8, 2019 is available.

[$] Mozilla's WebThings Gateway now available for Turris Omnia router

Wednesday 7th of August 2019 10:03:23 PM
The "Web of Things" (WoT) is meant as a way to enable Internet of Things (IoT) devices to appear on the web. Mozilla's entry into the WoT world is the WebThings project, which consists of both a Framework API and a Gateway software distribution to host applications. On July 25, the project announced the Gateway 0.9 release with support for the Turris Omnia wireless home router.

[$] Escape sequences in Python strings

Wednesday 7th of August 2019 07:07:40 PM
A change for Python 3.8—currently in beta—has produced some user-visible warnings, but the problem is often in code that a user cannot (or should not) change: third-party modules. The problem that the warning is trying to highlight is real, however. The upshot is that the handling of escape sequences (or non escape sequences, in truth) in Python string literals is in a rather messy state at this point.

FSFE releases the REUSE 3.0 copyright/licensing specification

Wednesday 7th of August 2019 04:57:32 PM
The Free Software Foundation Europe has an announcement about the release of the REUSE 3.0 specification. "The licensing of a software project is critical information. Developers set the terms under which others can reuse their software, from individuals to giant corporations. Authors want to make sure that others adhere to their chosen licenses; potential re-users have to know the license of third-party software before publication; and companies have to ensure license compliance in their products that often build on top of existing projects. The REUSE project, led by the Free Software Foundation Europe (FSFE), helps all of these parties."

Security updates for Wednesday

Wednesday 7th of August 2019 02:51:08 PM
Security updates have been issued by Fedora (hostapd), openSUSE (aubio and spamassassin), Oracle (kernel), Red Hat (augeas, kernel-rt, libssh2, perl, procps-ng, redis:5, and systemd), SUSE (bzip2, evince, kernel, linux-azure, nodejs4, nodejs8, osc, python, python-Twisted, and python3), and Ubuntu (BWA and Mercurial).

Knoll: Technical vision for Qt 6

Wednesday 7th of August 2019 02:12:27 PM
Lars Knoll describes the goals for the next major version of the Qt graphics toolkit. "Qt has been growing a lot over the last years, to the point where delivering a new version of it is a major undertaking. With Qt 6 there is an opportunity to restructure our product offering and have a smaller core product that contains the essential frameworks and tooling. We will use the market place to deliver our add-on frameworks and tools, not as a tightly coupled bundle with the core Qt product."

[$] Racket: Lisp for learning

Tuesday 6th of August 2019 10:52:50 PM
Lisp is one of the oldest programming languages still in use today—Fortran is older by a year, but the Lisp community (or communities) seems to be the more dynamic of the two. In any case, the Lisp landscape has a lot of nooks and crannies to explore; I recently ran into a dialect that I had not encountered before: Racket. That may simply reflect ignorance on my part, but, while I was introduced to Lisp (too) many moons ago, I had not really paid it much mind until I sat in on a talk about Lisp at linux.conf.au earlier this year. Something about Racket caught my eye, so I did some poking around to see what it is all about.

FFmpeg 4.2 released

Tuesday 6th of August 2019 10:03:28 PM
Version 4.2 of the FFmpeg multimedia framework is out. It features a long list of new filters and decoders, including a long-awaited AV1 decoder.

A set of stable kernels

Tuesday 6th of August 2019 08:05:56 PM
Stable kernels 5.2.7, 4.19.65, 4.14.137, 4.9.188, and 4.4.188 have been released. They all contain important fixes and users should upgrade.

[$] The Compact C Type Format in the GNU toolchain

Tuesday 6th of August 2019 06:42:26 PM
The Compact C Type Format (CTF) is a way of representing information about a binary program; it can be seen as a simpler alternative to the widely used DWARF format. While CTF has been around for some years, it has not seen much use in the Linux world. According to Elena Zannoni, who talked about CTF at the 2019 Open Source Summit Japan, that situation may be about to change; work is underway to bring CTF support to the GNU tools shipped universally with Linux systems.

Red Hat Enterprise Linux 7.7 released

Tuesday 6th of August 2019 02:53:11 PM
Red Hat has announced the release of Red Hat Enterprise Linux 7.7. "Beyond new capabilities, Red Hat Enterprise Linux 7.7 also marks the transition of Red Hat Enterprise Linux 7 to Maintenance Phase I within the Red Hat Enterprise Linux 10-year lifecycle. Maintenance Phase I emphasizes maintaining infrastructure stability for production environments and enhancing the reliability of the operating system. Future minor releases of Red Hat Enterprise Linux 7 will now focus solely on retaining and improving this stability rather than net-new features."

More in Tux Machines

Events: LibreOffice Conference 2020, MariaDB's Thomas Boyd and Upcoming Linux Foundation’s Open Source Summit

  • LibreOffice Conference 2020 Proposals

    The Document Foundation has received two different proposals for the organization of LibOCon 2020 from the Turkish and German communities. When this has happened in the past, in 2012 (Berlin vs Zaragoza) and 2013 (Milan vs Montreal), TDF Members have been asked to decide by casting their vote. This document provides an outline of the two proposals, which are attached in their original format.

  • Thomas Boyd Discusses Which Open Source Database is the Best Fit for the Business

    The world's largest and most innovative businesses are turning to enterprise open source databases for mission-critical applications, with the most popular open source relational databases being MariaDB, MySQL, and Postgres. However, while all three of these databases are open source, mature, and available in enterprise editions, there are significant differences between them — both in terms of application development as well as database administration and operations. DBTA recently held a webinar featuring Thomas Boyd, director of technical marketing, MariaDB Corporation, who discussed the differences between MariaDB, MySQL, and Postgres. [...] EnterpriseDB is heap only while MySQL and MariaDB offer InnoDB, Columnar, Aria, MyRocks, and more.

  • Open Source Summit welcomes Platform9 experts

    Cloud-native experts share tips and practical learnings for Kubernetes in the enterprise, Kubernetes on bare metal or with stateful MySQL databases, and optimizing the cost and performance of Serverless applications.

  • Transform Your Career: Attend Open Source Summit North America this August in San Diego

    For the last decade, The Linux Foundation’s Open Source Summit has proven to be invaluable for attendees.  A 2018 participant recently wrote an article on OpenSource.com stating “Last August, I arrived at the Vancouver Convention Centre to give a lightning talk and speak on a panel at Open Source Summit North America 2018. It’s no exaggeration to say that this conference—and applying to speak at it—transformed my career.” We encourage you to read the article and discover why attending Open Source Summit can be a game changer for you as well.

OSS Leftovers

  • Intervalometerator: Open Source Code for a Remote Timelapse DSLR

    Want to set up a remote DSLR for shooting a time-lapse? The Intervalometerator (AKA ‘intvlm8r’) is an open-source intervalometer that can help you do so at minimal hardware cost (as long as you’re comfortable tinkering with hardware and software). Created by Sydney-based coder Greig Sheridan and his photographer partner Rocky over the course of a year, the Intervalometerator is designed to be both cheap and easy to build with familiar tools and using Raspberry Pi and Arduino microcontrollers. “My partner and I have been working for over twelve months now on an intervalometer in order to shoot a DSLR-based time-lapse of the construction of our friends’ home in NZ,” Sheridan tells PetaPixel. “It was at the time a seemingly clever idea for a house-warming present, but it grew like tribbles to consume an incredible amount of effort).

  • Open Source Tools & Framework: Microservices Perspective
  • Open Source flexiWAN SD-WAN Software Beta Ships
  • Agile and open source can complement each other

    Despite the growing popularity of both Agile development and open-source practices, it’s not often that they come up in the same conversation. When these two concepts do intersect, it’s often to highlight the contradicting viewpoints that these two models supposedly represent. While there are core differences, Agile doesn’t have to be the enemy of open source—in fact, I would argue the opposite.

  • SD Times Open-Source Project of the Week: Twilio CLI

    In an effort to help its developers be more productive, Twilio has announced the beta version of Twilio CLI. It is an open-source command line interface that enables developers to access Twilio through their command prompt. “It’s hard to beat the flexibility and power that a CLI provides at development time. Until now, there was no CLI designed for typical communications requirements,” Ashley Roach, the product manager for developer interfaces at Twilio, wrote in a post.

  • Using open source in your enterprise? What to look out for

    According to Statista, the open source market was valued at $11.4 billion in 2017 and is estimated to grow to $32.95 billion by 2022, showing it has no intention of slowing down anytime soon. Founded on the belief that collaboration and cooperation build better software, open source sounds closer to a utopian dream than to the cold digital world of programming. Research showed that open source code takes over proprietary one in applications at 57%. This has numerous benefits, such as speeding up the software development process or creating more effective and innovative software. For example, open source frontend development frameworks, such as Angular, are often found in custom web apps, which allows companies to get their products to market at ever-increasing rates. In addition, companies tend to engage open source when at the cusp of technological innovation, especially when it comes to AR, blockchain, IoT, and AI.

  • Open Source Technology: What's It All About?

    To understand how open source works, it is important to appreciate where it all began. The very idea behind its inception isn’t exactly a new one. It’s been adopted by scientists for decades. Let’s imagine a scientist working on a project to develop a cure for an illness. If this scientist only published the results and kept the methods a secret, this would undoubtedly inhibit scientific discovery and further research in this area. On the other hand, teaming up with other researchers and making results and methodologies visible allows for greater and faster innovation. This is the premise from which open source was originally born. Open source refers to software that has an open source code so it can be viewed, modified for a particular need, and importantly, shared (under license). One of the first well known open source initiatives was developed in 1998 by Netscape, which released its Navigator browser as free software and demonstrated the benefits of taking an open source approach. Since then, there have been a number of pivotal moments in open source history that have shaped the technology industry as we know it today. Nowadays, some of the latest technology you use on a daily basis, like your smartphone or laptop, will have been built using open source software. [...] Recent research found that 60 percent of organizations are already using open source software. Many businesses are realizing the benefits that the technology can bring in relation to driving innovation and reducing costs. This in turn is seeing a growing number of organizations integrate open source into their IT operations or even building entire businesses around it. With emerging technologies such as cloud, AI and machine learning only driving this adoption further, open source will continue to play a central and growing role throughout the technology landscape.

  • How to Take Your Open Source Project from Good to Great

    Whether or not you expect anyone to contribute to your project, you should be prepared for the possibility of others wanting to help your cause. And when that happens, your contributing guide will show those helpers exactly how they can get involved. This guide, usually in the form of a CONTRIBUTING.md file, should include information on how one should submit a pull request or open an issue for your project and what kinds of help you’re looking for (bug fixes, design direction, feature requests, etc.).

  • ForgeRock Delivers Open Source IoT Edge Controller for Device Identity

    According to a recent announcement, ForgeRock, a platform provider of digital identity management solutions, has launched its IoT Edge Controller, which is designed to provide consumer and industrial manufacturers the ability to deliver trusted identity at the device level.

  • Browser Settings Too Complex? Let Firefox Handle That for You

    Firefox SVP David Camp doesn't want internet users wasting time 'understanding how the internet is watching you.'

  • Exclusive: Automattic CEO Matt Mullenweg on what’s next for Tumblr

    It’s been a long and winding road for Tumblr, the blogging site that launched a thousand writing careers. It sold to Yahoo for $1.1 billion in 2013, then withered as Yahoo sold itself to AOL, AOL sold itself to Verizon, and Verizon realized it was a phone company after all. Through all that, the site’s fierce community hung on: it’s still Taylor Swift’s go-to social media platform, and fandoms of all kinds have homes there. Verizon sold Tumblr for a reported $3 million this week, a far cry from the billion-dollar valuation it once had. But to Verizon’s credit, it chose to sell Tumblr to Automattic, the company behind WordPress, the publishing platform that runs some 34 percent of the world’s websites. Automattic CEO Matt Mullenweg thinks the future of Tumblr is bright. He wants the platform to bring back the best of old-school blogging, reinvented for mobile and connected to Tumblr’s still-vibrant community, and he’s retaining all 200 Tumblr employees to build that future. It’s the most exciting vision for Tumblr in years. Matt joined Verge reporter Julia Alexander and me on a special Vergecast interview episode to chat about the deal, how it came together, what Automattic’s plans for Tumblr look like, and whether Tumblr might become an open-source project, like WordPress itself. (“That would be pretty cool,” said Matt.) Oh, and that porn ban.

Apache: Self Assessment and Security

  • The Apache® Software Foundation Announces Annual Report for 2019 Fiscal Year

    The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the availability of the annual report for its 2019 fiscal year, which ended 30 April 2019.

  • Open Source at the ASF: A Year in Numbers

    332 active projects, 71 million lines of code changed, 7,000+ committers… The Apache Software Foundation has published its annual report for fiscal 2019. The hub of a sprawling, influential open source community, the ASF remains in rude good health, despite challenges this year including the need for “an outsized amount of effort” dealing with trademark infringements, and “some in the tech industry trying to exploit the goodwill earned by the larger Open Source community.” [...] The ASF names 10 “platinum” sponsors: AWS, Cloudera, Comcast, Facebook, Google, LeaseWeb, Microsoft, the Pineapple Fund, Tencent Cloud, and Verizon Media

  • Apache Software Foundation Is Worth $20 Billion

    Yes, Apache is worth $20 billion by its own valuation of the software it offers for free. But what price can you realistically put on open source code? If you only know the name Apache in connection with the web server then you are missing out on some interesting software. The Apache Software Foundation ASF, grew out of the Apache HTTP Server project in 1999 with the aim of furthering open source software. It provides a licence, the Apache licence, a decentralized governance and requires projects to be licensed to the ASF so that it can protect the intellectual property rights.

  • Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe

    Researchers have pinpointed errors in two dozen Apache Struts security advisories, which warn users of vulnerabilities in the popular open-source web app development framework. They say that the security advisories listed incorrect versions impacted by the vulnerabilities. The concern from this research is that security administrators in companies using the actual impacted versions would incorrectly think that their versions weren’t affected – and would thus refrain from applying patches, said researchers with Synopsys who made the discovery, Thursday. “The real question here from this research is whether there remain unpatched versions of the newly disclosed versions in production scenarios,” Tim Mackey, principal security strategist for the Cybersecurity Research Center at Synopsys, told Threatpost. “In all cases, the Struts community had already issued patches for the vulnerabilities so the patches exist, it’s just a question of applying them.”

Google and Android Code

  • Google releases source code for I/O 2019 app with Android Q gesture nav, dark theme

    The Google I/O companion app for Android often takes advantage of the latest design stylings and OS features. It demoed Android Q’s gesture navigation and dark theme this year, with the company today releasing the I/O 2019 source code.

  • Introducing Coil, an open-source Android image loading library backed by Kotlin Coroutines

    Yesterday, Colin White, a Senior Android Engineer at Instacart, introduced Coroutine Image Loader (Coil). It is a fast, lightweight, and modern image loading library for Android backed by Kotlin.

  • Google open-sources Live Transcribe’s speech engine

    Google today open-sourced the speech engine that powers its Android speech recognition transcription tool Live Transcribe. The company hopes doing so will let any developer deliver captions for long-form conversations. The source code is available now on GitHub. Google released Live Transcribe in February. The tool uses machine learning algorithms to turn audio into real-time captions. Unlike Android’s upcoming Live Caption feature, Live Transcribe is a full-screen experience, uses your smartphone’s microphone (or an external microphone), and relies on the Google Cloud Speech API. Live Transcribe can caption real-time spoken words in over 70 languages and dialects. You can also type back into it — Live Transcribe is really a communication tool. The other main difference: Live Transcribe is available on 1.8 billion Android devices. (When Live Caption arrives later this year, it will only work on select Android Q devices.)