Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 19 min ago

Security updates for Wednesday

Wednesday 13th of September 2017 03:52:52 PM
Security updates have been issued by Arch Linux (bluez and linux-hardened), CentOS (bluez and kernel), Debian (bluez, emacs24, tcpdump, and xen), Fedora (kernel and mimedefang), Oracle (bluez and kernel), Red Hat (bluez, flash-plugin, instack-undercloud, kernel, kernel-rt, and openvswitch), Scientific Linux (bluez and kernel), Slackware (emacs and libzip), SUSE (xen), and Ubuntu (bluez and qemu).

[$] Running Android on a mainline graphics stack

Tuesday 12th of September 2017 09:45:28 PM
The Android system may be based on the Linux kernel, but its developers have famously gone their own way for many other parts of the system. That includes the graphics subsystem, which avoids user-space components like X or Wayland and has special (often binary-only) kernel drivers as well. But that picture may be about to change. As Robert Foss described in his Open Source Summit North America presentation, running Android on the mainline graphics subsystem is becoming possible and brings a number of potential benefits.

Billions of devices imperiled by new clickless Bluetooth attack (ars technica)

Tuesday 12th of September 2017 04:14:30 PM
Ars technica reports on a set of just-disclosed Bluetooth vulnerabilities in multiple operating systems. "BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn't require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on."

Security updates for Tuesday

Tuesday 12th of September 2017 03:15:27 PM
Security updates have been issued by Debian (icedove), Fedora (file and kernel), Red Hat (chromium-browser, rh-postgresql94-postgresql, and rh-postgresql95-postgresql), and SUSE (qemu).

[$] A different approach to kernel configuration

Tuesday 12th of September 2017 05:06:43 AM
The kernel's configuration system can be challenging to deal with; Linus Torvalds recently called it "one of the worst parts of the whole project". Thus, anything that might help users with the process of configuring a kernel build would be welcome. A talk by Junghwan Kang at the 2017 Open-Source Summit demonstrated an interesting approach, even if it's not quite ready for prime time yet.

[$] Mongoose OS for IoT prototyping

Tuesday 12th of September 2017 01:46:38 AM

Mongoose OS is an open-source operating system for tiny embedded systems. It is designed to run on devices such as microcontrollers, which are often constrained with memory on the order of tens of kilobytes, while exposing a programming interface that provides access to modern APIs normally found on more powerful devices. A device running Mongoose OS has access to operating system functionality such as filesystems and networking, plus higher-level software such as a JavaScript engine and cloud access APIs.

LXC 2.1 has been released

Monday 11th of September 2017 04:45:30 PM
The LXC team has announced the release of LXC 2.1. LXC provides a userspace interface for the Linux kernel containment features. New features include resource limit support, support for unprivileged openvswitch networks, a new lxc.cgroup.dir key, support for hybrid cgroup layout, and more.

Security updates for Monday

Monday 11th of September 2017 03:36:06 PM
Security updates have been issued by Debian (freerdp, mbedtls, tiff, and tiff3), Fedora (chromium, krb5, libstaroffice, mbedtls, mingw-libidn2, mingw-openjpeg2, openjpeg2, and rubygems), Mageia (bzr, libarchive, libgcrypt, and tcpdump), openSUSE (gdk-pixbuf, libidn2, mpg123, postgresql94, postgresql96, and xen), Slackware (bash, mariadb, and tcpdump), and SUSE (evince and kernel).

Apache Struts Statement on Equifax Security Breach

Sunday 10th of September 2017 03:25:34 PM
The Apache Struts project has put out a statement on the possible role played by a Struts vulnerability in the massive Equifax data breach. "Regarding the assertion that especially CVE-2017-9805 is a nine year old security flaw, one has to understand that there is a huge difference between detecting a flaw after nine years and knowing about a flaw for several years. If the latter was the case, the team would have had a hard time to provide a good answer why they did not fix this earlier. But this was actually not the case here --we were notified just recently on how a certain piece of code can be misused, and we fixed this ASAP. What we saw here is common software engineering business --people write code for achieving a desired function, but may not be aware of undesired side-effects. Once this awareness is reached, we as well as hopefully all other library and framework maintainers put high efforts into removing the side-effects as soon as possible. It's probably fair to say that we met this goal pretty well in case of CVE-2017-9805."

Weekend stable kernel updates

Sunday 10th of September 2017 03:01:13 PM
The 4.13.1, 4.12.12, and 4.9.49 stable kernel updates have been released; each contains another set of important fixes. There is no 4.4.x stable update this time around.

[$] The first half of the 4.14 merge window

Friday 8th of September 2017 08:39:33 PM
As of this writing, just over 8,000 non-merge changesets have been pulled into the mainline kernel repository for the 4.14 development cycle. In other words, it looks like the pace is not slowing down for this cycle either. The merge window is not yet done, but quite a few significant changes have been merged so far. Read on for a summary of the most interesting changes entering the mainline in the first half of this merge window.

Security updates for Friday

Friday 8th of September 2017 01:37:35 PM
Security updates have been issued by Debian (icedove, libarchive, and unrar-free), Fedora (thunderbird), openSUSE (kernel), and Ubuntu (file).

[$] LWN.net Weekly Edition for September 8, 2017

Friday 8th of September 2017 02:34:04 AM
The LWN.net Weekly Edition for September 8, 2017 is available.

LLVM 5.0.0 released

Thursday 7th of September 2017 11:24:41 PM
Version 5.0.0 of the LLVM compiler infrastructure is out. "This release is the result of the community's work over the past six months, including: C++17 support, co-routines, improved optimizations, new compiler warnings, many bug fixes, and more". See the release notes (and release notes for Clang, Clang tools, lld, and polly) for details.

[$] Finding driver bugs with DR. CHECKER

Thursday 7th of September 2017 09:20:15 PM

Drivers are a consistent source of kernel bugs, at least partly due to less review, but also because drivers are typically harder for tools to analyze. A team from the University of California, Santa Barbara has set out to change that with a static-analysis tool called DR. CHECKER. In a paper [PDF] presented at the recent 26th USENIX Security Symposium, the team introduced the tool and the results of running it on nine production Linux kernels. Those results were rather encouraging: "it correctly identified 158 critical zero-day bugs with an overall precision of 78%".

Applications for winter Outreachy internships open

Thursday 7th of September 2017 09:04:07 PM
The application for the (northern-hemisphere) Outreach winter internship cycle is open, with applications due by October 23. "Outreachy is paid, remote, three month internship program that helps people traditionally underrepresented in tech make their first contributions to Free and Open Source Software (FOSS) communities."

Stable kernels 4.12.11, 4.9.48, 4.4.87, and 3.18.70

Thursday 7th of September 2017 04:13:37 PM
Greg Kroah-Hartman has released the 4.12.11, 4.9.48, 4.4.87, and 3.18.70 stable kernels. As usual, there are fixes throughout the tree and users of those series should upgrade.

[$] The challenges of supporting geolocation in WordPress

Thursday 7th of September 2017 03:21:53 PM
As much as we get addicted to mobile phones and online services, nobody (outside of cyberpunk fiction) actually lives online. That's why maps, geolocation services, and geographic information systems (GISes) have come to play a bigger role online. They reflect they way we live, work, travel, socialize, and (in the case of natural or human-made disasters, which come more and more frequently) suffer. Thus there is value in integrating geolocation into existing web sites, but systems like WordPress do not make supporting that easy. The software development firm LuminFire has contributed to the spread of geolocation services by creating a library for WordPress that helps web sites insert geolocation information into web pages. This article describes how LuminFire surmounted the challenges posed by WordPress and shows a few uses for the library.

Security updates for Thursday

Thursday 7th of September 2017 03:21:25 PM
Security updates have been issued by Arch Linux (chromium and postgresql), Fedora (gd and mingw-libzip), Mageia (groovy18, libxdmcp, mariadb, and mercurial), openSUSE (salt), Red Hat (instack-undercloud, kernel-rt, openvswitch, and rh-nodejs6-nodejs-qs), and SUSE (gdk-pixbuf).

GnuCOBOL 2.2 released

Thursday 7th of September 2017 03:10:41 PM
Version 2.2 of the GNU COBOL compiler is out. Changes include a relicensing to GPLv3, a set of new intrinsic functions, a direct call interface for C functions, and more.

More in Tux Machines

Android Leftovers

Baidu puts open source deep learning into smartphones

A year after it open sourced its PaddlePaddle deep learning suite, Baidu has dropped another piece of AI tech into the public domain – a project to put AI on smartphones. Mobile Deep Learning (MDL) landed at GitHub under the MIT license a day ago, along with the exhortation “Be all eagerness to see it”. MDL is a convolution-based neural network designed to fit on a mobile device. Baidu said it is suitable for applications such as recognising objects in an image using a smartphone's camera. Read more

AMD and Linux Kernel

  • Ataribox runs Linux on AMD chip and will cost at least $250
    Atari released more details about its Ataribox game console today, disclosing for the first time that the machine will run Linux on an Advanced Micro Devices processor and cost $250 to $300. In an exclusive interview last week with GamesBeat, Ataribox creator and general manager Feargal Mac (short for Mac Conuladh) said Atari will begin a crowdfunding campaign on Indiegogo this fall and launch the Ataribox in the spring of 2018. The Ataribox will launch with a large back catalog of the publisher’s classic games. The idea is to create a box that makes people feel nostalgic about the past, but it’s also capable of running the independent games they want to play today, like Minecraft or Terraria.
  • Linux 4.14 + ROCm Might End Up Working Out For Kaveri & Carrizo APUs
    It looks like the upstream Linux 4.14 kernel may end up playing nicely with the ROCm OpenCL compute stack, if you are on a Kaveri or Carrizo system. While ROCm is promising as AMD's open-source compute stack complete with OpenCL 1.2+ support, its downside is that for now not all of the necessary changes to the Linux kernel drivers, LLVM Clang compiler infrastructure, and other components are yet living in their upstream repositories. So for now it can be a bit hairy to setup ROCm compute on your own system, especially if running a distribution without official ROCm packages. AMD developers are working to get all their changes upstreamed in each of the respective sources, but it's not something that will happen overnight and given the nature of Linux kernel development, etc, is something that will still take months longer to complete.
  • Latest Linux kernel release candidate was a sticky mess
    Linus Torvalds is not noted as having the most even of tempers, but after a weekend spent scuba diving a glitch in the latest Linux kernel release candidate saw the Linux overlord merely label the mess "nasty". The release cycle was following its usual cadence when Torvalds announced Linux 4.14 release candidate 2, just after 5:00PM on Sunday, September 24th.
  • Linus Torvalds Announces the Second Release Candidate of Linux Kernel 4.14 LTS
    Development of the Linux 4.14 kernel series continues with the second Release Candidate (RC) milestone, which Linus Torvalds himself announces this past weekend. The update brings more updated drivers and various improvements. Linus Torvalds kicked off the development of Linux kernel 4.14 last week when he announced the first Release Candidate, and now the second RC is available packed full of goodies. These include updated networking, GPU, and RDMA drivers, improvements to the x86, ARM, PowerPC, PA-RISC, MIPS, and s390 hardware architectures, various core networking, filesystem, and documentation changes.

Red Hat: ‘Hybrid Cloud’, University of Alabama, Red Hat Upgrades Ansible and Expectations