Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 14 min ago

Francis: The story of Firefox OS

Friday 3rd of March 2017 03:49:25 PM
Ben Francis has posted a detailed history of the Firefox OS project. "For me it was never about Firefox OS being the third mobile platform. It was always about pushing the limits of web technologies to make the web a more competitive platform for app development. I think we certainly achieved that, and I would argue our work contributed considerably to the trends we now see around Progressive Web Apps. I still believe the web will win in the end. "

Security updates for Friday

Friday 3rd of March 2017 02:34:09 PM
Security updates have been issued by Debian (munin), Fedora (kernel, libXdmcp, and xrdp), Mageia (ming, quagga, util-linux, and webkit2), Oracle (ipa, kernel, and qemu-kvm), Red Hat (ipa, kernel, kernel-rt, python-oslo-middleware, and qemu-kvm), Scientific Linux (ipa, kernel, and qemu-kvm), and Ubuntu (munin, php7, and w3m).

FSFE: What happened in Munich

Friday 3rd of March 2017 12:30:13 AM
The Free Software Foundation Europe has put out a release providing its view of the decision in Munich to possibly back away from its free-software-based infrastructure. "Since this decision was reached, the majority of media have reported that a final call was made to halt LiMux and switch back to Microsoft software. This is, however, not an accurate representation of the outcome of the city council meeting. We studied the available documentation and our impression is that the last word has not been spoken."

Security updates for Thursday

Thursday 2nd of March 2017 03:01:07 PM
Security updates have been issued by Debian (imagemagick, libquicktime, munin, and qemu), Fedora (cxf, netpbm, and vim), openSUSE (ImageMagick, php7, and util-linux), and Red Hat (kernel and openstack-puppet-modules).

LWN.net Weekly Edition for March 2, 2017

Thursday 2nd of March 2017 02:12:19 AM
The LWN.net Weekly Edition for March 2, 2017 is available.

Security updates for Wednesday

Wednesday 1st of March 2017 04:35:43 PM
Security updates have been issued by CentOS (qemu-kvm), Debian (bind9, libquicktime, mupdf, qemu-kvm, and tnef), Fedora (mupdf, rpm, tomcat, util-linux, and xen), openSUSE (gstreamer and gstreamer-plugins-base), Oracle (qemu-kvm), Red Hat (qemu-kvm), Scientific Linux (qemu-kvm), SUSE (kernel and xen), and Ubuntu (libgd2).

MySQL 8 is coming (Opensource.com)

Tuesday 28th of February 2017 07:42:14 PM
Opensource.com takes a look at changes to MySQL 8.0. "Ever open up a directory of a MySQL schema and see all those files—.frm, .myi, .myd, and the like? Those files hold some of the metadata on the database schemas. Twenty years ago, it was a good way to go, but InnoDB is a crash proof storage engine and can hold all that metadata safely. This means file corruption of a .frm file is not going to stall your work. Developers also removed the file system's maximum number of files as the limiting factor to your number of databases; you can now have literally have millions of tables in your database."

[$] The case of the prematurely freed SKB

Tuesday 28th of February 2017 07:41:11 PM
CVE-2017-6074 is the vulnerability identifier for a use-after-free bug in the kernel's network stack. This vulnerability is apparently exploitable in local privilege-escalation attacks. The problem, introduced in 2005, is easily fixed, but it points at a couple of shortcomings in the kernel development process; as a result, it would not be surprising if more bugs of this variety were to turn up in the near future.

Security updates for Tuesday

Tuesday 28th of February 2017 04:58:51 PM
Security updates have been issued by Debian (apache2, libplist, and tnef), Fedora (firebird, kernel, and vim), Red Hat (java-1.6.0-ibm, java-1.7.0-ibm, java-1.7.1-ibm, kernel, and qemu-kvm-rhev), SUSE (php53 and xen), and Ubuntu (tiff).

Subversion SHA1 collision problem statement

Tuesday 28th of February 2017 04:27:23 PM
Users of the Subversion source-code management system may want to take a look at this post from Mark Phippard. He explains how hash collisions can corrupt a repository and a couple of short-term workarounds. "The quick summary if you do not want to read this entire post is that the problem is really not that bad. If you run into it there are solutions to resolve it and you are not going to run into it in normal usage. There will also likely be some future updates to Subversion that avoid it entirely so if you regularly update your server and client when new releases come out you are probably safe not doing anything and just waiting for an update to happen."

[$] Moving Git past SHA-1

Monday 27th of February 2017 06:56:43 PM
The SHA-1 hash algorithm has been known for at least a decade to be weak; while no generated hash collisions had been reported, it was assumed that this would happen before too long. On February 23, Google announced that it had succeeded at this task. While the technique used is computationally expensive, this event has clarified what most developers have known for some time: it is time to move away from SHA-1. While the migration has essentially been completed in some areas (SSL certificates, for example), there are still important places where it is heavily used, including at the core of the Git source-code management system. Unsurprisingly, the long-simmering discussion in the Git community on moving away from SHA-1 is now at a full boil.

Security updates for Monday

Monday 27th of February 2017 04:42:27 PM
Security updates have been issued by Debian (apache2, radare2, and shadow), Mageia (firebird, libevent, and php-tcpdf), and openSUSE (chromium).

More in Tux Machines

Linux Devices, Tizen, and Android

Leftovers: OSS

  • SAP buys into blockchain, joins Hyperledger Project
  • foss-north speaker line-up
    I am extremely pleased to have confirmed the entire speaker line-up for foss north 2017. This will be a really good year!
  • Chromium/Chrome Browser Adds A glTF Parser
    Google's Chrome / Chromium web-browser has added a native glTF 1.0 parser. The GL Transmission Format, of course, being Khronos' "3D asset delivery format" for dealing with compressed scenes and assets by WebGL, OpenGL ES, and other APIs. There are glTF utility libraries in JavaScript and other web-focused languages, but Google adding a native glTF 1.0 parser appears to be related to their VR push with supporting VR content on the web. Their glTF parser was added to Chromium Git on Friday.
  • Sex and Gor and open source
    A few weeks ago, Dries Buytaert, founder of the popular open-source CMS Drupal, asked Larry Garfield, a prominent Drupal contributor and long-time member of the Drupal community, “to leave the Drupal project.” Why did he do this? He refuses to say. A huge furor has erupted in response — not least because the reason clearly has much to do with Garfield’s unconventional sex life. [...] I’ll unpack the first: open-source communities/projects are crucially important to many people’s careers and professional lives — cf “the cornerstone of my career” — so who they allow and deny membership to, and how their codes of conduct are constructed and followed, is highly consequential.
  • Hazelcast Releases 3.8 – The Fastest Open Source In-Memory Data Grid
  • SecureDrop and Alexandre Oliva are 2016 Free Software Awards winners
  • MRRF 17: Lulzbot and IC3D Release Line Of Open Source Filament
    Today at the Midwest RepRap Festival, Lulzbot and IC3D announced the creation of an Open Source filament. While the RepRap project is the best example we have for what can be done with Open Source hardware, the stuff that makes 3D printers work – filament, motors, and to some extent the electronics – are tied up in trade secrets and proprietary processes. As you would expect from most industrial processes, there is an art and a science to making filament and now these secrets will be revealed.
  • RApiDatetime 0.0.2

Security Leftovers

  • NSA: We Disclose 90% of the Flaws We Find
    In the wake of the release of thousands of documents describing CIA hacking tools and techniques earlier this month, there has been a renewed discussion in the security and government communities about whether government agencies should disclose any vulnerabilities they discover. While raw numbers on vulnerability discovery are hard to come by, the NSA, which does much of the country’s offensive security operations, discloses more than nine of every 10 flaws it finds, the agency’s deputy director said.
  • EFF Launches Community Security Training Series
    EFF is pleased to announce a series of community security trainings in partnership with the San Francisco Public Library. High-profile data breaches and hard-fought battles against unlawful mass surveillance programs underscore that the public needs practical information about online security. We know more about potential threats each day, but we also know that encryption works and can help thwart digital spying. Lack of knowledge about best practices puts individuals at risk, so EFF will bring lessons from its comprehensive Surveillance Self-Defense guide to the SFPL. [...] With the Surveillance Self-Defense project and these local events, EFF strives to help make information about online security accessible to beginners as well as seasoned techno-activists and journalists. We hope you will consider our tips on how to protect your digital privacy, but we also hope you will encourage those around you to learn more and make better choices with technology. After all, privacy is a team sport and everyone wins.
  • NextCloud, a security analysis
    First, I would like to scare everyone a little bit in order to have people appreciate the extent of this statement. As the figure that opens the post indicates, there are thousands of vulnerable Owncloud/NextCloud instances out there. It will surprise many just how easy is to detect those by trying out common URL paths during an IP sweep.
  • FedEx will deliver you $5.00 just to install Flash
    Bribes on offer as courier's custom printing service needs Adobe's security sinkhole

GNOME Extensions Website Has A New Look

Every GNOME Shell user will visit the official GNOME Shell Extensions website at least once. And if those users do so this weekend they’ll notice a small difference as the GNOME Shell Extensions website is sporting a minor redesign. This online repo plays host to a stack of terrific add-ons that add additional features and tweak existing ones. Read more