Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 31 min ago

[$] Avoiding memory-allocation deadlocks

Wed, 16/04/2014 - 11:31am
There is a saying that you need to spend money to make money, though this apparent paradox is easily resolved with a start-up loan and the discipline of balancing expenses against income. A similar logic applies to the management of memory in an operating system kernel such as Linux: sometimes you need to allocate memory to free memory. Here, too, discipline is needed, though the typical consequences of not being sufficiently careful is not bankruptcy but rather a deadlock. The history of how the Linux kernel developed its balance between saving and spending is interesting as a microcosm of how Linux development proceeds.

Click below (subscribers only) for the full article by Neil Brown.

Security updates for Tuesday

Tue, 15/04/2014 - 3:41pm

Debian has updated strongswan (authentication bypass).

Fedora has updated mingw-openssl (F20: information disclosure), mod_security (F20; F19: rules bypass), php-ZendFramework (F20; F19: multiple vulnerabilities), php-ZendFramework2 (F20; F19: multiple vulnerabilities), and systemd (F20: code execution).

openSUSE has updated couchdb (13.1, 12.3: denial of service) and jakarta-commons-fileupload (13.1; 12.3: denial of service).

Ubuntu has updated curl (all: information disclosure) and python-imaging (all: two tmpfile flaws).

Lucas Nussbaum reelected as Debian project leader

Tue, 15/04/2014 - 1:01pm
The results of the 2014 Debian project leader election are in; incumbent Lucas Nussbaum fended off challenger Neil McGovern to win a second one-year term in this position. See the DPL election page for details on how the voting went.

Cinnamon 2.2 released

Tue, 15/04/2014 - 12:35pm
Version 2.2 of the Cinnamon desktop environment is out. New features include a lot of improvements to the settings dialogs, tweaks to the "hot corners" and heads-up display mechanisms, better high-resolution display support, and more.

Four new stable kernels

Mon, 14/04/2014 - 8:29pm

Greg Kroah-Hartman has released kernels 3.14.1, 3.13.10, 3.10.37, and 3.4.87. Each contains important updates and fixes; in addition, Greg notes that 3.13.10 will be the next-to-last release in the 3.13.y stable series, so migration to 3.14.y soon is advisable.

Mozilla's interim CEO: Chris Beard

Mon, 14/04/2014 - 7:14pm
Mitchell Baker has announced that Chris Beard has been appointed to the board of directors and will be serving as the interim CEO. "In this time of transition there is no better person to lead us. Chris has one of the clearest visions of how to take the Mozilla mission and turn it into programs and activities and product ideas that I have ever seen. In the early years at Mozilla he was responsible for leading the Mozilla product, marketing and innovation teams. More recently, Chris was our CMO, leading user, developer and community engagement activities globally, including the initial launches of Firefox on Android and Firefox OS at MWC. Chris is the right person to lead us through this time and he is a strong candidate for CEO."

Monday's security updates

Mon, 14/04/2014 - 2:46pm

Debian has updated curl (multiple vulnerabilities) and wordpress (multiple vulnerabilities).

Mandriva has updated jbigkit (BS1, ES5: code execution).

openSUSE has updated flash-player (multiple vulnerabilities), nagios (12.3, 13.1: denial of service), python (12.3: code execution), rubygem-rack-ssl (12.3, 13.1: cross-site scripting), and xinetd (12.3, 13.1: multiple vulnerabilities).

Ubuntu has updated net-snmp (denial of service).

Debian Project voting on a code of conduct

Mon, 14/04/2014 - 12:03pm
As the annual project leader election winds down, the Debian Project has begun a new vote on a proposed code of conduct for project members. It lays out some general guidelines for behavior within the project and allows administrators to ban "serious or persistent offenders" from communicating through Debian's channels. Voting is open through April 27.

Kernel prepatch 3.15-rc1

Mon, 14/04/2014 - 12:17am
Linus has released the 3.15-rc1 prepatch and closed the merge window for this development cycle. "In comparison to those large releases, 3.15-rc1 is just big in general. No single big thing, but just lots and lots of commits. Sure, it has a few big new staging drivers (rtl8723au in particular), but even when big, those aren't nearly the bulk of things. There's just a lot going on." In the end, 12,034 non-merge changesets were pulled into the mainline repository during the 3.15 merge window.

Python Software Foundation opens membership to the entire Python community

Sun, 13/04/2014 - 3:13pm
During an April 13 keynote at PyCon, Van Lindberg, chair of the Python Software Foundation (PSF) board, announced that PSF membership would now be open to the entire community. It had previously been a self-sustaining membership, with current members nominating new members, but that has now changed. Community members can sign up as PSF members by way of a "Become a Member" button at the bottom of the Python home page. Filling out a a form and agreeing to the Code of Conduct is all that is required to join. Instead of the roughly 200 members reported at PyCon 2013, he would like to see 30,000 or more PSF members by the end of 2014. This is part of an effort to diversify the PSF in much the same way that the Python community itself has diversified over the years, Lindberg said.

GCC 4.9.0 release candidate available

Sun, 13/04/2014 - 11:39am
The GCC 4.9.0 release candidate is available for testing; the final 4.9.0 release is expected to happen on April 22. The list of new features in this release is quite long; see this page for details.

A cash crunch at the GNOME Foundation

Sun, 13/04/2014 - 11:25am
The GNOME Foundation has announced that, due to cash flow problems, it is freezing all non-essential expenditures. "The issue has been caused by a number of factors. These include increased administrative overheads in the last few years due to the increased turnover which has been caused by to the Outreach Program for Women (OPW), and the associated payments going out while the associated income has been slow to come in." See the FAQ page for more information.

Numerical Python (Linux Journal)

Sat, 12/04/2014 - 12:36am
The Linux Journal digs into the NumPy Python extension. "The key element that NumPY introduces is an N-dimensional array object. The great flexibility of Python lists, allowing all sorts of different types of elements, comes at a computational cost. NumPY arrays deal with this cost by introducing restrictions. Arrays can be multidimensional, and they must all be the same data type. Once this is done, you can start to take some shortcuts by taking advantage of the fact that you already know what the type of the elements is. It adds extra overloading functions for the common operators and functions to help optimize uses of arrays."

Raspberry Pi Foundation announces a new, small-and-modular form factor

Fri, 11/04/2014 - 11:14pm

The Raspberry Pi Foundation has announced a forthcoming addition to the Pi lineup, the "Pi Compute Module," which is "a Raspberry Pi shrunk down to fit on a SODIMM with onboard memory, whose connectors you can customise for your own needs." The form factor is intended for those who are going to create their own boards on which to attach the module, although there will be a breakout board designed by the Foundation as well. The module includes the same System-on-Chip as the original Pi and the same eMMC flash storage module; in addition the SODIMM connector will apparently expose more pins than the credit-card form factor, so that "the full flexibility of the BCM2835 SoC (which means that many more GPIOs and interfaces are available as compared to the Raspberry Pi)." The expected release date is sometime in June.

Friday's security updates

Fri, 11/04/2014 - 1:05pm

Debian has updated jbigkit (code execution).

Mandriva has updated a2ps (BS1: code execution).

openSUSE has updated squid (11.4: denial of service).

SUSE has updated puppet (SLES11 SP2–3, SLED11 SP3: code execution).

OSI Board Changes 2014

Thu, 10/04/2014 - 10:25pm

At the Open Source Initiative (OSI) blog, OSI President Simon Phipps announces the organization's new board members. "Three of the vacancies were allocated for filling by people selected by the Individual Members, and the other was assigned to the Affiliate Members (comprising open source related non-profit organisations). Using approval voting, the Individual members selected Allison Randal (68% approval), Richard Fontana (61% approval) and Leslie Hawthorn (42% approval) -- each to serve for one year -- and the Affiliate Members selected Stefano Zacchiroli to serve for three years." The changes to how board members are selected are part of OSI's recent restructuring moves, which will continue with the selection of next year's president—after which, Phipps says, the board plans to "meet with the Free Software Foundation and review our strategy for transformation. We are very grateful for your continued support and aim to make OSI ever more valuable both to its members and to the wider open source community."

Thursday's security updates

Thu, 10/04/2014 - 3:35pm

CentOS has updated samba4 (C6: multiple vulnerabilities).

Debian has updated imagemagick (code execution) and openafs (multiple vulnerabilities).

Mandriva has updated file (BS1: denial of service), perl-YAML-LibYAML (BS1: multiple vulnerabilities), php (BS1: denial of service), php-ZendFramework (BS1: multiple vulnerabilities), python (BS1: multiple vulnerabilities), and yaml (ES5: multiple vulnerabilities; BS1: code execution).

openSUSE has updated a2ps (12.3, 13.1: code execution), chromium (12.3, 13.1: multiple vulnerabilities), libyaml (12.3, 13.1: code execution), and python3 (13.1: multiple vulnerabilities).

Oracle has updated samba4 (O6: multiple vulnerabilities).

Red Hat has updated python-keystoneclient (RHEL OSP4: privilege escalation) and samba4 (RHEL6: multiple vulnerabilities).

Scientific Linux has updated openafs (denial of service) and samba4 (SL6: multiple vulnerabilities).

Notes from the Python Language Summit

Thu, 10/04/2014 - 11:59am
Guido van Rossum has posted his notes from the just-concluded Python Language Summit in Montreal. "We (I) still don't want to do a 2.8 release, and I don't want to accelerate 3.5, but I do think we should make things better for people who have to straddle Python 2 and 3 in a single codebase, by developing more tools, and by security and possibly installer updates to 2.7 (PEP 466)." See the thread for notes from other participants as well.

[$] LWN.net Weekly Edition for April 10, 2014

Thu, 10/04/2014 - 1:37am
The LWN.net Weekly Edition for April 10, 2014 is available.

[$] Project updates from Libre Graphics Meeting 2014

Wed, 09/04/2014 - 11:22pm

Last week we took a brief look at the many new projects that were represented on the initial day of Libre Graphics Meeting (LGM) 2014 in Leipzig. Although there were a few other newcomer projects presented in the remaining three days, the schedule for the latter part of the event was slanted more toward updates from existing projects, user presentations, and slots for team meetings, workshops, and hackfests. All of these are valuable, of course—in particular, LGM routinely does an exceptional job soliciting talks from real-world software users. But the updates from established projects, particularly those that set out short- and medium-term roadmaps, are likely of interest to many of those who could not attend in person.