Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 11 min 31 sec ago

FontForge release

Wednesday 5th of October 2016 08:48:07 PM
There's a new release of FontForge available. "This release introduces a new icon set, new functionality for custom icon selection graphics, support for GlyphOrderAndAliasDB files, and support for Unicode 9.0."

Security advisories for Wednesday

Wednesday 5th of October 2016 04:06:41 PM

CentOS has updated kernel (C6: two vulnerabilities).

Debian has updated icedove (multiple vulnerabilities) and libav (multiple vulnerabilities).

Debian-LTS has updated libav (multiple vulnerabilities).

Fedora has updated gd (F23: denial of service) and links (F24; F23: anonymity leak).

openSUSE has updated flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso (Leap42.1: buffer overflow), mariadb (Leap42.1: SQL injection/privilege escalation), and php5 (Leap42.1: multiple vulnerabilities).

Oracle has updated kernel (OL6: three vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and kernel (RHEL6: two vulnerabilities).

Scientific Linux has updated thunderbird (SL5,6,7: multiple vulnerabilities).

Ubuntu has updated php5, php7.0 (multiple vulnerabilities).

MOSS supports four more open source projects

Tuesday 4th of October 2016 09:35:19 PM
The Mozilla Open Source Support (MOSS) program has awarded $300,000 to four projects this quarter. "On the Foundational Technology track, we awarded $100,000 to Redash, a tool for building visualizations of data for better decision-making within organizations, and $50,000 to Review Board, software for doing web-based source code review. Both of these pieces of software are in heavy use at Mozilla. We also awarded $100,000 to Kea, the successor to the venerable ISC DHCP codebase, which deals with allocation of IP addresses on a network. Mozilla uses ISC DHCP, which makes funding its replacement a natural move even though we haven’t deployed it yet. On the Mission Partners track, we awarded $56,000 to Speech Rule Engine, a code library which converts mathematical markup into vocalised form (speech) for the sight-impaired, allowing them to fully appreciate mathematical and scientific content on the web." (Thanks to Paul Wise)

Plasma 5.8 LTS is out

Tuesday 4th of October 2016 08:24:53 PM
KDE has released Plasma 5.8. "This marks the point where the developers and designers are happy to recommend Plasma for the widest possible audience be they enterprise or non-techy home users. If you tried a KDE desktop previously and have moved away, now is the time to re-assess, Plasma is simple by default, powerful when needed." Plasma 5.8 is KDE's first Long Term Support release. The changelog has the details.

Mageia thanks long time contributor and friend

Tuesday 4th of October 2016 04:35:03 PM
The Mageia project remembers Thomas Spuhler who died in September. "Thomas had been contributing to Mageia, and Mandriva before that, since 2009 as a packager, and much earlier already partaking in email discussions and bug reports. His packaging interests were mostly web and server-related components, for which his contributions were invaluable. He had to step back from his Mageia responsibilities in early August due to his health condition."

Tuesday's security advisories

Tuesday 4th of October 2016 03:58:51 PM

Arch Linux has updated hostapd (two vulnerabilities) and systemd (denial of service).

CentOS has updated thunderbird (C7; C6; C5: code execution).

Debian has updated libdbd-mysql-perl (denial of service).

Fedora has updated bind99 (F24: denial of service), mariadb (F23: SQL injection/privilege escalation), and mongodb (F23: information disclosure).

Mageia has updated bind (denial of service), chromium-browser-stable (multiple vulnerabilities), freerdp (denial of service), libcryptopp (information disclosure), and python-django (cross-site request forgery).

openSUSE has updated chromium (Leap42.1, 13.2; SPH for SLE12: multiple vulnerabilities), glibc (13.2: denial of service), and php5 (13.2: multiple vulnerabilities).

Oracle has updated thunderbird (OL7; OL6: code execution).

Red Hat has updated thunderbird (RHEL5,6,7: code execution).

SUSE has updated firefox (SLE12-SP1; SLE11-SP2: multiple vulnerabilities).

Two Arduinos become one (Arduino Blog)

Monday 3rd of October 2016 06:09:51 PM
The schism between two Arduino companies (that we covered in March 2015) has apparently been settled. The poster child for the open hardware movement is now under one company "Arduino Holding" and a new not-for-profit Arduino Foundation has been started. "Massimo Banzi, Co-Founder of Arduino LLC, commented, 'Today is one of the best days in Arduino history. This allows us to start a new course for Arduino made of constructive dialogue and disruptive innovation in the education, Makers and IoT fields. The Arduino Foundation will allow us to champion the core values of the Arduino Community within the open-source ecosystem and to make our commitment to open-source stronger than ever. This is really a new beginning for Arduino!'" (Thanks to Paul Wise.)

Security updates for Monday

Monday 3rd of October 2016 05:38:41 PM

Debian has updated c-ares (code execution), chromium-browser (MV), and wordpress (regression in previous security update).

Debian-LTS has updated ruby-activerecord-3.2 (access restriction bypass).

Fedora has updated bash (F24: code execution), bind (F24: denial of service), community-mysql (F23: unspecified), nodejs-tough-cookie (F23: denial of service), openjpeg2 (F24: denial of service), openssh (F24: null pointer dereference), pdns (F23: denial of service), and systemd (F24: denial of service).

Scientific Linux has updated python-twisted-web (SL7&6: HTTP proxy redirect).

Slackware has updated thunderbird (unspecified).

Ubuntu has updated pillow (14.04: regression in previous security update).

The 4.8 kernel has been released

Monday 3rd of October 2016 01:04:23 AM
Linus Torvalds has announced the availability of the 4.8 kernel: "So the last week was really quiet, which maybe means that I could probably just have skipped rc8 after all. Oh well, no real harm done." Some of the headline changes in this release include support for transparent huge pages in the tmpfs filesystem, a new formatted documentation subsystem and a number of documentation changes to match, a new timeout subsystem that should address the latency problems experienced by its predecessor, continued work on the express data path for high-performance network routing, build-system improvements allowing the use of GCC plugins, the hardened usercopy security work, and much more. The KernelNewbies 4.8 page is still under construction as of this writing, but should contain lots of details in the near future.

[$] Why kernel development still uses email

Saturday 1st of October 2016 09:19:09 PM
In a world full of fancy development tools and sites, the kernel project's dependence on email and mailing lists can seem quaintly dated, if not positively prehistoric. But, as Greg Kroah-Hartman pointed out in a Kernel Recipes talk titled "Patches carved into stone tablets", there are some good reasons for the kernel community's choices. Rather than being a holdover from an older era, email remains the best way to manage a project as large as the kernel.

Varda: The Mysterious Fiber Bomb Problem: A Debugging Story

Friday 30th of September 2016 10:58:08 PM
Over at the Sandstorm Blog, project founder Kenton Varda relates a debugging war story. Sandstorm web servers would mysteriously peg the CPU around once a week, slowing request processing to a crawl, seemingly at random. "Obviously, we needed to take a CPU profile while the bug was in progress. Of course, the bug only reproduced in production, therefore we’d have to take our profile in production. This ruled out any profiling technology that would harm performance at other times – so, no instrumented binaries. We’d need a sampling profiler that could run on an existing process on-demand. And it would have to understand both C++ and V8 Javascript. (This last requirement ruled out my personal favorite profiler, pprof from google-perftools.) Luckily, it turns out there is a correct modern answer: Linux’s “perf” tool. This is a sampling profiler that relies on Linux kernel APIs, thus not requiring loading any code into the target binary at all, at least for C/C++. And for Javascript, it turns out V8 has built-in support for generating a “perf map”, which tells the tool how to map JITed code locations back to Javascript source: just pass the --perf_basic_prof_only_functions flag on the Node command-line. This flag is safe in production – it writes some data to disk over time, but we rebuild all our VMs weekly, so the files never get large enough to be a problem."

Friday's security advisories

Friday 30th of September 2016 05:58:53 PM

Arch Linux has updated c-ares (code execution) and wordpress (multiple vulnerabilities).

CentOS has updated python-twisted-web (C7; C6: HTTP proxy redirect).

Debian has updated wordpress (multiple vulnerabilities).

Debian-LTS has updated chicken (two vulnerabilities), firefox-esr (regression in previous security update), icedove (multiple vulnerabilities), and ruby-activesupport-3.2 (access restriction bypass).

Fedora has updated curl (F23: code execution) and php-adodb (F24; F23: SQL injection).

openSUSE has updated libgcrypt (42.1: flawed random number generation), openjpeg (42.1: denial of service), and postgresql93 (13.2: two vulnerabilities).

Oracle has updated python-twisted-web (OL7; OL6: HTTP proxy redirect).

Red Hat has updated python-twisted-web (RHEL7&6: HTTP proxy redirect).

SUSE has updated pidgin (SLE11: multiple vulnerabilities) and postgresql94 (SLE11: two vulnerabilities).

More in Tux Machines

Linux Devices

Linux Graphics

Fedora News

  • The Bugs So Far Potentially Blocking The Fedora 25 Release
    Adam Williamson of the Fedora QA team has sent out a list of the bugs currently outstanding that could block the Fedora 25 release from happening on its current schedule should they not be fixed in time.
  • Updated Fedora 24 ISO Respins Now Available with Dirty COW-Patched Linux Kernel
    It looks like a new set of updated Live ISO images for the Fedora 24 GNU/Linux operating system were published by Ben Williams, founder of the Fedora Unity Project and a Fedora Ambassador. Dubbed F24-20161023, the updated Live ISOs a few days ago and include up-to-date components from the official Fedora 24 Linux software repositories, with which was fully syncronized as of October 23, 2016. Of course, this means that they also include the latest Linux kernel update fully patched against the "Dirty COW" bug.
  • PHP version 5.6.28RC1 and 7.0.13RC1
  • Flock Stories 2016, Episode 1: Redon Skikuli
    Flock Stories by Chris WardIf you were wondering where Flock 2018 might be, today’s guest Redon Skikuli might just have your answer! Redon is not just a Fedora community contributor, he’s a Fedora community creator. I ask Redon what he’s up to these days and why he thinks we should also consider joining future Flocks.

New KNOPPIX Release, LibreOffice 5.1.6, Rosa Down

In Linux news today KNOPPIX 7.7.1 was released to the public based on Debian with GNOME 3.22, KDE 5.7.2, and "Everything 3D." The Rosa project is experiencing network issues and folks may experience problems trying to connect to their services the next few days. LibreOffice 5.1.6 was announced today by The Document Foundation, the sixth update to the Still branch for stable users, and a new vulnerability was disclosed in GNU Tar. Read more