Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 18 min ago

Interview with Nathan Willis, GUADEC Keynote Speaker (GNOME News)

Friday 25th of July 2014 05:42:23 PM
LWN editor Nathan Willis is giving a keynote talk at the upcoming GUADEC (GNOME Users and Developers European Conference) and was interviewed by GNOME News. Willis's talk is titled "Should We Teach The Robot To Kill" and will look at free software and the automotive industry. "And, finally, my ultimate goal would be to persuade some people that the free-software community can — and should — take up the challenge and view the car as a first-rate environment where free software belongs. Because there will naturally be lots of little gaps where the different corporate projects don’t quite have every angle covered. But we don’t have to wait for other giant companies to come along and finish the job. We can get involved now, and if we do, then the next generation of automotive software will be stronger for it, both in terms of features and in terms of free-software ideals." GUADEC is being held in Strasbourg, France July 26–August 1.

Kügler: Plasma’s Road to Wayland

Friday 25th of July 2014 03:34:39 PM
On his blog, Sebastian Kügler looks at what's left to be done for KDE's Plasma desktop to support Wayland. He discusses why the project cares about Wayland, what it means to support Wayland, the current status, the strategy for further work, and how interested folks can get involved. "One of the important topics which we have (kind of) excluded from Plasma’s recent 5.0 release is support for Wayland. The reason is that much of the work that has gone into renovating our graphics stack was also needed in preparation for Wayland support in Plasma. In order to support Wayland systems properly, we needed to lift the software stack to Qt5, make X11 dependencies in our underlying libraries, Frameworks 5 optional. This part is pretty much done. We now need to ready support for non-X11 systems in our workspace components, the window manager and compositor, and the workspace shell."

Security updates for Friday

Friday 25th of July 2014 02:45:38 PM

CentOS has updated kernel (C7; C6; C5: two vulnerabilities) and qemu-kvm (C7: many vulnerabilities).

Debian has updated apache2 (three vulnerabilities) and transmission (code execution).

Fedora has updated httpd (F20: multiple vulnerabilities), ipython (F20; F19: code execution), java-1.7.0-openjdk (F19: multiple vulnerabilities), java-1.8.0-openjdk (F20; F19: multiple vulnerabilities), and kernel (F19: multiple vulnerabilities).

Oracle has updated enterprise kernel (OL7: three vulnerabilities) and kernel (OL5: two vulnerabilities).

Red Hat has updated openstack-nova (OSP5.0: information disclosure), openstack-swift (OSP5.0: cross-site scripting), python-django-horizon (OSP5.0: three vulnerabilities), and qemu-kvm-rhev (OSP4.0, OSP3.0: multiple vulnerabilities).

Fedora 21 delayed three weeks

Thursday 24th of July 2014 11:25:42 PM
At yesterday's Fedora Engineering Steering Committee (FESCo) meeting, the release of Fedora 21 was delayed by three weeks (FESCo ticket), with the final release now scheduled for November 4. There are some problems with "test composes" of the release (creating test ISO images) that mean the deadline for the alpha release would be missed. The original plan was to delay for two weeks, but that put the freeze just before the Flock conference, so it was decided to push out an additional week.

An Interview with Karen Sandler (Model View Culture)

Thursday 24th of July 2014 06:19:46 PM
Over at Model View Culture, Adam Saunders interviews Karen Sandler, executive director of the Software Freedom Conservancy (SFC) and formerly the executive director of the GNOME Foundation. Sandler talks about SFC, the Outreach Program for Women, as well as being a cyborg: "I was diagnosed with a heart condition and needed a pacemaker/defibrillator, and none of the device manufacturers would let me see the source code that was to be literally sewn into my body and connected to my heart. My life relies on the proper functioning of software every day, and I have no confidence that it will. The FDA generally doesn't review the source code of medical devices nor can the public. But multiple researchers have shown that these devices can be maliciously hacked, with fatal consequences. Once you start considering medical devices, you quickly start to realize that it's all kinds of software that is life and society-critical - cars, voting machines, stock markets... It's essential that our software be safe, and the only way we can realistically expect that to be the case over time is by ensuring that our software is free and open. If there's catastrophic failure at Medtronic (the makers of my defibrillator), for example, I wouldn't be able to fix a bug in my own medical device."

Security updates for Thursday

Thursday 24th of July 2014 04:41:31 PM

CentOS has updated httpd (C7; C6; C5: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities) and openjdk-7 (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities).

Oracle has updated dovecot (OL7: denial of service), firefox (OL7; OL7; OL5: multiple vulnerabilities), gnutls (OL7: two vulnerabilities), httpd (OL7; OL6; OL5: multiple vulnerabilities), java-1.6.0-openjdk (OL7; OL7: multiple vulnerabilities), java-1.7.0-openjdk (OL7; OL7: multiple vulnerabilities), json-c (OL7: two denial of service flaws), kernel (OL7; OL6: two privilege escalations), kernel (OL7: multiple vulnerabilities), kernel (OL7:privilege escalation), libtasn1 (OL7: three vulnerabilities), libvirt (OL7: information disclosure/denial of service), lzo (OL7: denial of service/possible code execution), mariadb (OL7: multiple unspecified vulnerabilities), nss, nspr (OL7: code execution), openssl (OL7: multiple vulnerabilities), openssl098e (OL7: man-in-the-middle attack), qemu-kvm (OL7: many vulnerabilities), qemu-kvm (OL7: code execution), samba (?:), (tomcat (OL7: three vulnerabilities), and tomcat (OL7: three vulnerabilities).

Red Hat has updated kernel (RHEL7; RHEL6.4; RHEL6; RHEL5: two privilege escalations) and qemu-kvm (RHEL7: many vulnerabilities).

Scientific Linux has updated kernel (SL6; SL5: two privilege escalations).

Slackware has updated httpd (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and firefox (multiple vulnerabilities).

SUSE has updated libtasn1 (SLE11SP3: three vulnerabilities) and ppc64-diag (SLE11SP3: two vulnerabilities).

Ubuntu has updated apache2 (14.04, 12.04, 10.04: multiple vulnerabilities), jinja2 (12.04: code execution), lzo2 (14.04, 12.04: denial of service/possible code execution), and oxide-qt (14.04: multiple vulnerabilities).

Oracle Linux 7 released

Thursday 24th of July 2014 01:54:09 PM
Another of the Red Hat Enterprise Linux (RHEL) rebuilds has released its version of RHEL 7: Oracle Linux 7 for x86_64 is now available. It does add some features, including DTrace, Ksplice, and Xen. More information can be found in the release notes.

[$] LWN.net Weekly Edition for July 24, 2014

Thursday 24th of July 2014 01:44:00 AM
The LWN.net Weekly Edition for July 24, 2014 is available.

[$] Browser tracking through "canvas fingerprinting"

Wednesday 23rd of July 2014 06:27:14 PM

Recently, public attention has been called to a new online user-tracking method that is purported to be nearly impossible to block. Called "canvas fingerprinting," the technique relies on forcing the browser to generate an image on the client side of the connection—an image that is unique enough to serve as a fingerprint for the browser that created it. In fact, the basis for this fingerprinting approach is several years old, but it does now seem to be in use in the wild. Whether or not it truly amounts to an insurmountable blocking challenge, however, remains to be seen.

ownCloud 7 released

Wednesday 23rd of July 2014 05:59:36 PM
The ownCloud 7 release has been announced. The headline feature this time around appears to be server-to-server sharing, but it also has mobile web browser support, file activity notifications, and an improved management interface.

Security advisories for Wednesday

Wednesday 23rd of July 2014 05:48:41 PM

CentOS has updated firefox (C6; C5: multiple vulnerabilities), firefox, xulrunner (C7: multiple vulnerabilities), libvirt (C7: information disclosure/denial of service), nss, nspr (C7: code execution), nss (C5; C6: code execution), nss-util (C6: code execution), nspr (C6; C5: code execution), and thunderbird (C5; C6: multiple vulnerabilities).

Debian has updated acpi-support (privilege escalation) and mysql-5.5 (unidentified vulnerabilities).

Fedora has updated libXfont (F19: multiple vulnerabilities), python-simplejson (F19: information disclosure), and readline (F20: insecure temporary files).

Oracle has updated firefox (OL6: multiple vulnerabilities), nss, nspr (OL6; OL5: code execution), and thunderbird (OL6: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), httpd (RHEL5,6; RHEL7: multiple vulnerabilities), httpd24-httpd (RHSC1: multiple vulnerabilities), kernel-rt (RHE MRG2.5: multiple vulnerabilities), libvirt (RHEL7: information disclosure/denial of service), nss (RHEL5.6,5.9,6.2,6.4: code execution), nss, nspr (RHEL5,7: code execution), nss, nspr (RHEL6: multiple vulnerabilities), and thunderbird (RHEL5,6: multiple vulnerabilities).

Scientific Linux has updated firefox (SL5,6: multiple vulnerabilities), httpd (SL5,6: multiple vulnerabilities), nss and nspr (SL6; SL5: code execution), and thunderbird (SL5,6: multiple vulnerabilities).

Ubuntu has updated acpi-support (12.04 LTS: privilege escalation), firefox (14.04 LTS, 12.04 LTS: multiple vulnerabilities), libtasn1-3, libtasn1-6 (14.04 LTS, 12.04 LTS, 10.04 LTS: multiple vulnerabilities), and thunderbird (14.04 LTS, 12.04 LTS: multiple vulnerabilities).

More in Tux Machines

today's leftovers

Proposed: A Tainted Performance State For The Linux Kernel

Similar to the kernel states of having a tainted kernel for using binary blob kernel modules or unsigned modules, a new tainting method has been proposed for warning the user about potentially adverse kernel performance. Dave Hansen of Intel has proposed a new "TAINT_PERFORMANCE" for the kernel that would proactively print a warning message about not using the kernel for any performance measurements. Dave explained in his RFC announcement, "I have more than once myself been the victim of an accidentally-enabled kernel configuration option being mistaken for a true performance problem. I'm sure I've also taken profiles or performance measurements and assumed they were real-world when really I was measuring the performance with an option that nobody turns on in production. A warning like this late in boot will help remind folks when these kinds of things are enabled." Read more

Scientific Linux 7.0 x86_64 BETA 3

Fermilab's intention is to continue the development and support of Scientific Linux and refine its focus as an operating system for scientific computing. Today we are announcing a beta release of Scientific Linux 7. We continue to develop a stable process for generating and distributing Scientific Linux, with the intent that Scientific Linux remains the same high quality operating system the community has come to expect. Please do not install Pre-Release software in your production environment. Read more

Ubuntu 14.10 (Utopic Unicorn) Now Features Linux Kernel 3.16.1

"The Utopic kernel has been rebased to the first v3.16.1 upstream stable kernel and uploaded to the archive, ie. linux-3.16.0-9.14. Please test and let us know your results," says Canonical's Joseph Salisbury, after the latest Ubuntu Kernel Team meeting. Read more