Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 40 min ago

LibreOffice 6.0 released

Wednesday 31st of January 2018 03:43:58 PM
The LibreOffice 6.0 release is available. Changes include a new help system, a better spelling checker, OpenPGP support, better document interoperability, improvements to LibreOffice Online, and more. "LibreOffice 6.0 represents the bleeding edge in term of features for open source office suites, and as such is targeted at technology enthusiasts, early adopters and power users."

Security updates for Wednesday

Wednesday 31st of January 2018 02:23:18 PM
Security updates have been issued by Arch Linux (dnsmasq, libmupdf, mupdf, mupdf-gl, mupdf-tools, and zathura-pdf-mupdf), CentOS (kernel), Debian (smarty3, thunderbird, and unbound), Fedora (bind, bind-dyndb-ldap, coreutils, curl, dnsmasq, dnsperf, gcab, java-1.8.0-openjdk, libxml2, mongodb, poco, rubygem-rack-protection, transmission, unbound, and wireshark), Red Hat (collectd, erlang, and openstack-nova), SUSE (bind), and Ubuntu (clamav and webkit2gtk).

[$] Increasing open-source inclusivity with paper circuits

Tuesday 30th of January 2018 06:38:46 PM
Open-source software has an inclusiveness problem that will take some innovative approaches to fix. But, Andrew "bunnie" Huang said in his fast-moving linux.conf.au 2018 talk, if we don't fix it we may find we have bigger problems in the near future. His approach to improving the situation is to make technology more accessible — by enabling people to create electronic circuits on paper and write code for them.

The Git community mourns Shawn Pearce

Tuesday 30th of January 2018 06:37:49 PM
Shawn Pearce, a longtime contributor to the Git community (and beyond), has passed away. The thread on the Git mailing list makes it clear that he will be missed by many people.

Haas: DO or UNDO - there is no VACUUM

Tuesday 30th of January 2018 05:53:17 PM
PostgreSQL developer Robert Haas describes a new storage module that is under development. "We are working to build a new table storage format for PostgreSQL, which we’re calling zheap. In a zheap, whenever possible, we handle an UPDATE by moving the old row version to an undo log, and putting the new row version in the place previously occupied by the old one. If the transaction aborts, we retrieve the old row version from undo and put it back in the original location; if a concurrent transaction needs to see the old row version, it can find it in undo. [...] This means that there is no need for VACUUM, or any similar process, to scan the table looking for dead rows."

Chiariglione: A crisis, the causes and a solution

Tuesday 30th of January 2018 04:48:06 PM
Worth a read: this blog posting from Leonardo Chiariglione, the founder and chair of MPEG, on how (in his view) the group is being destroyed by free codecs and patent trolls. "Good stories have an end, so the MPEG business model could not last forever. Over the years proprietary and 'royalty free' products have emerged but have not been able to dent the success of MPEG standards. More importantly IP holders – often companies not interested in exploiting MPEG standards, so called Non Practicing Entities (NPE) – have become more and more aggressive in extracting value from their IP." (Thanks to Paul Wise).

Security updates for Tuesday

Tuesday 30th of January 2018 04:27:04 PM
Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, and rsync), Debian (curl), Fedora (clamav and java-1.8.0-openjdk), openSUSE (apache2), Oracle (kernel), and Ubuntu (linux-kvm and thunderbird).

Yaghmour: Ten Days in Shenzhen

Monday 29th of January 2018 11:05:08 PM
On his blog, embedded developer Karim Yaghmour has written about his ten-day trip to Shenzen, China, which is known as the "Silicon Valley of hardware". His lengthy trip report covers much that would be of use to others who are thinking of making the trip, but also serves as an interesting travelogue even for those who are likely to never go. "The map didn't disappoint and I was able to find a large number of kiosks selling some of the items I was interested in. Obviously many kiosks also had items that I had seen on Amazon or elsewhere as well. I was mostly focusing on things I hadn't seen before. After a few hours of walking floors upon floors of shops, I was ready to start focusing on other aspects of my research: hard to source and/or evaluate components, tools and expanding my knowledge of what was available in the hardware space. Hint: TEGES' [The Essential Guide to Electronics in Shenzhen] advice about having comfortable shoes and comfortable clothing is completely warranted. Finding tools was relatively easy. TEGES indicates the building and floor to go to, and you'll find most anything you can think of from rework stations, to pick-and-place machines, and including things like oscilloscopes, stereo microscopes, multimeters, screwdrivers, etc. In the process I saw some tools which I couldn't immediately figure out the purpose for, but later found out their uses on some other visits. Satisfied with a first glance at the tools, I set out to look for one specific component I was having a hard time with. That proved a lot more difficult than anticipated. Actually I should qualify that. It was trivial to find tons of it, just not something that matched exactly what I needed. I used TEGES to identify one part of the market that seemed most likely to have what I was looking for, but again, I could find lots of it, just not what I needed."

[$] QUIC as a solution to protocol ossification

Monday 29th of January 2018 05:31:43 PM
The TCP protocol has become so ubiquitous that, to many people, the terms "TCP/IP" and "networking" are nearly synonymous. The fact that introducing new protocols (or even modifying existing protocols) has become nearly impossible tends to reinforce that situation. That is not stopping people from trying, though. At linux.conf.au 2018, Jana Iyengar, a developer at Google, discussed the current state of the QUIC protocol which, he said, is now used for about 7% of the traffic on the Internet as a whole.

Security updates for Monday

Monday 29th of January 2018 04:57:41 PM
Security updates have been issued by Arch Linux (glibc, lib32-glibc, and zziplib), Debian (clamav, ffmpeg, thunderbird, tiff, tiff3, and wireshark), Fedora (firefox, mingw-libtasn1, and webkitgtk4), Gentoo (fossil), Mageia (webkit2), openSUSE (chromium, clamav, and thunderbird), and SUSE (clamav and kernel).

CopperheadOS: Security features, installing apps, and more (opensource.com)

Monday 29th of January 2018 03:38:29 PM
Here's an opensource.com article on the virtues of CopperheadOS. "Unlike other custom ROMs that strive to add lots of new functionality, Copperhead runs a pretty vanilla version of AOSP. Also, while the first thing you usually do when playing with a custom ROM is to add root access to the device, not only does Copperhead prevent that, it also requires that you have a device that has verified boot, so there's no unlocking the bootloader. This is to prevent malicious code from getting access to the handset."

The 4.15 kernel is out

Sunday 28th of January 2018 10:14:44 PM
Linus has released the 4.15 kernel. "After a release cycle that was unusual in so many (bad) ways, this last week was really pleasant. Quiet and small, and no last-minute panics, just small fixes for various issues. I never got a feeling that I'd need to extend things by yet another week, and 4.15 looks fine to me." Some of the more significant features in this release include: the long-awaited CPU controller for the version-2 control-group interface, significant live-patching improvements, initial support for the RISC-V architecture, support for AMD's secure encrypted virtualization feature, and the MAP_SYNC mechanism for working with nonvolatile memory. This release also, of course, includes mitigations for the Meltdown and Spectre variant-2 vulnerabilities though, as Linus points out in the announcement, the work of dealing with these issues is not yet done.

LinuxBoot: a new Linux Foundation project for boot firmware

Saturday 27th of January 2018 03:05:32 AM
The Linux Foundation has announced a new project, called LinuxBoot, that is working on replacements for much of the firmware used to boot our systems. The project is based on work by Google and others to use Linux (and Go programs) to replace most of the UEFI boot firmware. "Firmware has always had a simple purpose: to boot the OS. Achieving that has become much more difficult due to increasing complexity of both hardware and deployment. Firmware often must set up many components in the system, interface with more varieties of boot media, including high-speed storage and networking interfaces, and support advanced protocols and security features. LinuxBoot addresses the often slow, often error-prone, obscured code that executes these steps with a Linux kernel. The result is a system that boots in a fraction of the time of a typical system, and with greater reliability."

Security updates for Friday

Friday 26th of January 2018 11:13:54 PM
Security updates have been issued by CentOS (389-ds-base, dhcp, kernel, and nautilus), Debian (curl, openssh, and wireshark), Fedora (clamav, firefox, java-9-openjdk, and poco), Gentoo (clamav), openSUSE (curl, libevent, mupdf, mysql-community-server, newsbeuter, php5, redis, and tre), Oracle (389-ds-base, dhcp, kernel, and nautilus), Slackware (mozilla), and Ubuntu (kernel and linux-hwe, linux-azure, linux-gcp, linux-oem).

GCC 7.3 released

Thursday 25th of January 2018 11:22:20 PM
GCC 7.3 is out. This is mainly a bug-fix release, but it does also contain the "retpoline" support needed to build the kernel (and perhaps other code) with resistance to the Spectre variant-2 vulnerability.

Are the BSDs dying? Some security researchers think so (CSO)

Thursday 25th of January 2018 10:25:00 PM
Here's a 34c3 conference report in CSO suggesting that the BSDs are losing developers. "von Sprundel says he easily found around 115 kernel bugs across the three BSDs, including 30 for FreeBSD, 25 for OpenBSD, and 60 for NetBSD. Many of these bugs he called 'low-hanging fruit.' He promptly reported all the bugs, but six months later, at the time of his talk, many remained unpatched. 'By and large, most security flaws in the Linux kernel don't have a long lifetime. They get found pretty fast,' von Sprundel says. 'On the BSD side, that isn't always true. I found a bunch of bugs that have been around a very long time.' Many of them have been present in code for a decade or more."

Security updates for Thursday

Thursday 25th of January 2018 09:59:59 PM
Security updates have been issued by CentOS (firefox), Debian (firefox-esr, gcab, and poppler), Fedora (clamav and firefox), Mageia (bind, firefox, glibc, graphicsmagick, squid, systemd, and virtualbox), openSUSE (firefox, GraphicsMagick, libexif, and libvpx), Red Hat (389-ds-base, dhcp, kernel, kernel-alt, kernel-rt, and nautilus), Scientific Linux (389-ds-base, dhcp, kernel, and nautilus), Slackware (curl), SUSE (kernel and webkit2gtk3), and Ubuntu (firefox, libtasn1-6, and mysql-5.5).

[$] LWN.net Weekly Edition for January 25, 2018

Thursday 25th of January 2018 01:39:22 AM
The LWN.net Weekly Edition for January 25, 2018 is available.

[$] Changes in Prometheus 2.0

Thursday 25th of January 2018 01:30:45 AM
2017 was a big year for the Prometheus project, as it published its 2.0 release in November. The new release ships numerous bug fixes, new features, and, notably, a new storage engine that brings major performance improvements. This comes at the cost of incompatible changes to the storage and configuration-file formats. An overview of Prometheus and its new release was presented to the Kubernetes community in a talk held during KubeCon + CloudNativeCon. This article covers what changed in this new release and what is brewing next in the Prometheus community; it is a companion to this article, which provided a general introduction to monitoring with Prometheus.

Containers, the GPL, and copyleft: No reason for concern (opensource.com)

Wednesday 24th of January 2018 09:51:43 PM
Richard Fontana explores the intersection of containers and copyleft licensing on opensource.com. "One imperfect way of framing the question is whether GPL-licensed code, when combined in some sense with proprietary code, forms a single modified work such that the proprietary code could be interpreted as being subject to the terms of the GPL. While we haven’t yet seen much of that concern directed to Linux containers, we expect more questions to be raised as adoption of containers continues to grow. But it’s fairly straightforward to show that containers do not raise new or concerning GPL scope issues."

More in Tux Machines

SuiteCRM 7.10 Released

  • SuiteCRM 7.10 released
    SalesAgility, the creators and maintainers of SuiteCRM, are excited to announce a new major release of the world’s most popular open source CRM – SuiteCRM 7.10, including highly anticipated new features and many enhancements. SuiteCRM is a fully featured, highly flexible, open source CRM, which can be installed on-premise or in the cloud, and allows companies and organisations to have full control over their own customer data. It delivers actionable insights into customers, boosts conversions, helps increase sales, bolsters customer care and streamlines business operations. The CRM is as powerful as Salesforce and Dynamics, but with the unique benefit of being completely open source.
  • SuiteCRM 7.10 released
    SuiteCRM is a fork of the formerly open-source SugarCRM customer relationship management system.
  • SuiteCRM 7.10 Released For Open-Source Customer Relationship Management
    SuiteCRM 7.10 is now available as the latest major feature release to this customer relationship management (CRM) software forked from SugarCRM's last open-source release.
  • How startups and SME’s can leverage open source CRM to increase business
    Prominent Open Source CRM in India: – SugarCRM Founded in 2004, Sugar CRM has over 7,000 customers and more than half a million users worldwide. Easily one of the largest open sources CRM in the world, SugarCRM offers versatile functionalities including sales-force automation, marketing campaigns, customer support, collaboration, Mobile CRM, Social CRM and reporting. While SugarCRM has released no open source editions since early 2014, its earlier community versions continued to inspire other open source software, namely Suite CRM, Vtiger CRM and SarvCRM. – SuiteCRM Suite CRM is a popular fork of SugarCRM and was launched as the latest version of the SugarCRM in October 2013. In a short period of its existence, it has won several awards and has been adopted by reputed clientele, including the Govt. of UK’s National Health Scheme (NHS) program. Suite CRM is an enterprise-class open source alternative to proprietary alternatives and offers a series of extension for both free and paid-for enhancements. Prominent additional modules available with SuiteCRM include Teams security, Google Maps, Outlook Plugin, Products, Contracts, Invoices, PDF Templates, workflow, reporting and Responsive Theme.

Open source intelligent solutions to transform work, businesses

New trends are opening up new opportunities and new ways to deal with IT, according to Thomas di Giacomo, SUSE CTO, speaking at the SUSE executive roundtable, which the open source company hosted in partnership with ITWeb last week. There are many new and innovative technologies that can help IT leaders meet these new demands, he added. Open source based technologies have become the driving force behind most of the technologically disruptive innovations, said Di Giacomo. "It is pretty clear that all the new innovation is coming from open source. "For example, open source progress with Linux and virtualisation a couple of decades ago, cloud in the last 10 years, and more recently, containers for applications, software-defined infrastructure, and platform-as-a-service, empowering DevOps principles." However, these trends also present some new challenges, said Di Giacomo. Compared to a couple of decades ago, the number of open source projects today has skyrocketed - from hundreds in the different foundations like the Linux Foundation, Apache, Eclipse and others, to millions of projects on Github. Read more

today's lefftovers

OSS Leftovers

  • Running for the board of the Open Source Initiative – a few words
    Today I would like to explain my reasons for my candidacy at the board of the Open Source Initiative. I can think of two kinds of reason for my decision: one is personal, and the other one is directly related to current state of Open Source and software freedom. Let’s start with the first one: I’m currently helping the Open Information Security Foundation and the Suricata project in my capacity at ANSSI, while contributing in a minor way to the LibreOffice project and the Document Foundation.
  • Tutanota: Encrypted Open Source Email Service for Privacy Minded People
    Since then, I have heard of another email provider that you may be interested in. It’s a little different, but it touts some of the same features ProtonMail does: privacy, security, open-source code, etc. It’s called Tutanota, and like ProtonMail, I am a very big fan.
  • Open FinTech Forum – Event preview, October 10-11, New York City.
  • The tracker will always get through
    A big objection to tracking protection is the idea that the tracker will always get through. Some people suggest that as browsers give users more ability to control how their personal information gets leaked across sites, things won't get better for users, because third-party tracking will just keep up. On this view, today's easy-to-block third-party cookies will be replaced by techniques such as passive fingerprinting where it's hard to tell if the browser is succeeding at protecting the user or not, and users will be stuck in the same place they are now, or worse. I doubt this is the case because we're playing a more complex game than just trackers vs. users. The game has at least five sides, and some of the fastest-moving players with the best understanding of the game are the adfraud hackers. Right now adfraud is losing in some areas where they had been winning, and the resulting shift in adfraud is likely to shift the risks and rewards of tracking techniques.
  • MozMEAO SRE Status Report - February 16, 2018
    Here’s what happened on the MozMEAO SRE team from January 23 - February 16.
  • The major milestones of the Government Digital Service (GDS)
  • PyTorch Should Be Copyleft
    Most people have heard of Google’s Tensorflow which was released at the end of 2015, but there’s an active codebase called PyTorch which is easier to understand, less of a black box, and more dynamic. Tensorflow does have solutions for some of those limitations (such as Tensorflow-fold, and Tensorflow-Eager) but these new capabilities remove the need for other features and complexity of Tensorflow. Google built a great system for doing static computation graphs before realizing that most people want dynamic graphs. Doh! [...] I wish PyTorch used the AGPL license. Most neural networks are run on servers today, it is hardly used on the Linux desktop. Data is central to AI and that can stay owned by FB and the users of course. The ImageNet dataset created a revolution in computer vision, so let’s never forget that open data sets can be useful.
  • Linux on Nintendo Switch, a new Kubernetes ML platform, and more news
    In this edition of our open source news roundup, we take a look at the Mozilla's IoT gateway, a new machine learning platform, Code.mil's revamp, and more.