LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Updated: 1 hour 14 min ago
Ben Francis has posted a
detailed history of the Firefox OS project
"For me it was never about Firefox OS being the third mobile platform. It
was always about pushing the limits of web technologies to make the web a
more competitive platform for app development. I think we certainly
achieved that, and I would argue our work contributed considerably to the
trends we now see around Progressive Web Apps. I still believe the web will
win in the end. "
Security updates have been issued by Debian (munin), Fedora (kernel, libXdmcp, and xrdp), Mageia (ming, quagga, util-linux, and webkit2), Oracle (ipa, kernel, and qemu-kvm), Red Hat (ipa, kernel, kernel-rt, python-oslo-middleware, and qemu-kvm), Scientific Linux (ipa, kernel, and qemu-kvm), and Ubuntu (munin, php7, and w3m).
The Free Software Foundation Europe has put out a release providing its
view of the decision in Munich to possibly back away from its
"Since this decision was reached, the majority of media have reported
that a final call was made to halt LiMux and switch back to Microsoft
software. This is, however, not an accurate representation of the
outcome of the city council meeting. We studied the available
documentation and our impression is that the last word has not been
Security updates have been issued by Debian (imagemagick, libquicktime, munin, and qemu), Fedora (cxf, netpbm, and vim), openSUSE (ImageMagick, php7, and util-linux), and Red Hat (kernel and openstack-puppet-modules).
The LWN.net Weekly Edition for March 2, 2017 is available.
Security updates have been issued by CentOS (qemu-kvm), Debian (bind9, libquicktime, mupdf, qemu-kvm, and tnef), Fedora (mupdf, rpm, tomcat, util-linux, and xen), openSUSE (gstreamer and gstreamer-plugins-base), Oracle (qemu-kvm), Red Hat (qemu-kvm), Scientific Linux (qemu-kvm), SUSE (kernel and xen), and Ubuntu (libgd2).
Opensource.com takes a look
at changes to MySQL 8.0. "Ever open up a directory of a MySQL schema and see all those files—.frm, .myi, .myd, and the like? Those files hold some of the metadata on the database schemas. Twenty years ago, it was a good way to go, but InnoDB is a crash proof storage engine and can hold all that metadata safely. This means file corruption of a .frm file is not going to stall your work. Developers also removed the file system's maximum number of files as the limiting factor to your number of databases; you can now have literally have millions of tables in your database."
is the vulnerability identifier
for a use-after-free bug in the kernel's network stack. This vulnerability
is apparently exploitable in local privilege-escalation attacks. The
problem, introduced in 2005, is easily fixed, but it points at a couple of
shortcomings in the kernel development process; as a result, it would not
be surprising if more bugs of this variety were to turn up in the near
Security updates have been issued by Debian (apache2, libplist, and tnef), Fedora (firebird, kernel, and vim), Red Hat (java-1.6.0-ibm, java-1.7.0-ibm, java-1.7.1-ibm, kernel, and qemu-kvm-rhev), SUSE (php53 and xen), and Ubuntu (tiff).
Users of the Subversion source-code management system may want to take a
look at this
post from Mark Phippard
. He explains how hash collisions can corrupt a
repository and a couple of short-term workarounds. "The quick
summary if you do not want to read this entire post is that the problem is
really not that bad. If you run into it there are solutions to resolve it
and you are not going to run into it in normal usage. There will also
likely be some future updates to Subversion that avoid it entirely so if
you regularly update your server and client when new releases come out you
are probably safe not doing anything and just waiting for an update to
algorithm has been known for at least a decade to be
weak; while no generated hash collisions had been reported, it was assumed
that this would happen before too long. On February 23, Google announced
that it had succeeded at this task. While the technique used is
computationally expensive, this event has clarified what most developers
have known for some time: it is time to move away from SHA-1. While the
migration has essentially been completed in some areas (SSL certificates,
for example), there are still important places where it is heavily used,
including at the core of the Git source-code management system.
Unsurprisingly, the long-simmering discussion in the Git community on
moving away from SHA-1 is now at a full boil.
Security updates have been issued by Debian (apache2, radare2, and shadow), Mageia (firebird, libevent, and php-tcpdf), and openSUSE (chromium).