Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 23 min ago

CyanogenMod shutting down WhisperPush

Wednesday 20th of January 2016 12:32:52 AM
The CyanogenMod developers have announced that they will be shutting down the WhisperPush secure messaging system (covered here in 2013). "We’ve ultimately made the decision that we will no longer be supporting WhisperPush functionality directly within CyanogenMod. Further, WhisperPush services will be end-of-lifed beginning Feb 1st 2016. As this is a server side implementation, all branches of CM from CM10.2 and forward will be affected."

[$] An interview with Joey Hess

Tuesday 19th of January 2016 07:35:06 PM
Two of the earliest figures in the Linux community were Lars Wirzenius and Joey Hess. So when the former offered us an interview with the latter, we were quick to accept. Click below (subscribers only) for Joey's views on his departure from Debian, Haskell development, off-the-grid living, and more.

Tuesday's security updates

Tuesday 19th of January 2016 04:03:57 PM

Debian has updated kernel (multiple vulnerabilities, including one from 2013).

Debian-LTS has updated isc-dhcp (denial of service), passenger (environment variable injection), and srtp (denial of service).

openSUSE has updated mbedtls (42.1: signature forgery), perl-Module-Signature (13.2, 13.1: multiple vulnerabilities), and polarssl (13.2: signature forgery).

Red Hat has updated kernel (RHEL5: two remote denial of service vulnerabilities) and kernel (RHEL6.2: two denial of service vulnerabilities).

SUSE has updated samba (SLE11SP4, SLE11SP3: multiple vulnerabilities) and kernel (SLE12: multiple vulnerabilities).

An unpleasant local kernel vulnerability

Tuesday 19th of January 2016 02:41:31 PM
Perception Point discloses a use-after-free vulnerability in the kernel's keyring subsystem; it is exploitable for local privilege escalation. "If a process causes the kernel to leak 0x100000000 references to the same object, it can later cause the kernel to think the object is no longer referenced and consequently free the object. If the same process holds another legitimate reference and uses it after the kernel freed the object, it will cause the kernel to reference deallocated, or a reallocated memory. This way, we can achieve a use-after-free, by using the exact same bug from before. A lot has been written on use-after-free vulnerability exploitation in the kernel, so the following steps wouldn’t surprise an experienced vulnerability researcher." This bug, introduced in 3.8, looks like a good one to patch quickly; of course, for vast numbers of users of mobile and embedded systems, that may not be an option.

Wingo: Unboxing in Guile

Tuesday 19th of January 2016 02:19:53 PM
Here is a long and detailed post from Andy Wingo on how he improved numerical performance in the Guile language by carefully removing runtime type information ("unboxing"). "If Guile did native compilation, it would always be a win to unbox any integer operation, if only because you would avoid polymorphism or any other potential side exit. For bignums that are within the unboxable range, the considerations are similar to the floating-point case: allocation costs dominate, so unboxing is almost always a win, provided that you avoid double-boxing. Eliminating one allocation can pay off a lot of instruction dispatch."

Mycroft: Linux’s Own AI (Linux.com)

Monday 18th of January 2016 11:02:11 PM
Swapnil Bhartiya takes a look at Mycroft AI and talks with CTO Ryan Sipes, on Linux.com. "Earlier this month, the developers released the Adapt intent parser as open source. When many people look at Mycroft, they think voice recognition is the important piece, but the brain of Mycroft is the Adapt intent. It takes natural language, analyzes the ultimate sentence, and then decides what action needs to be taken. That means when someone says “turn the lights off in the conference room,” Adapt grabs the intent “turn off” and identifies the entity as “conference room.” So, it makes a decision and then reaches out to whatever device is controlling the lights in the conference rooms and tells it to turn them off. That’s complex work. And, the Mycroft developers just open sourced the biggest and most powerful piece of their software."

Security advisories for Monday

Monday 18th of January 2016 05:44:53 PM

Arch Linux has updated docker (information disclosure), ffmpeg (cross-origin attacks), go (information disclosure), go-ipfs (information disclosure), hub (information disclosure), keybase (information disclosure), ntp (man-in-the-middle attack), roundcubemail (code execution), and syncthing (information disclosure).

Debian has updated tomcat7 (Security Manager bypass).

Debian-LTS has updated prosody (guessable keys) and roundcube (code execution).

Fedora has updated dhcp (F23: denial of service), golang (information disclosure), openssh (F23; F22: information disclosure), openstack-glance (F23: unspecified), php (F23; F22: multiple vulnerabilities), python-kdcproxy (F23: unspecified), salt (F23: insecure /tmp file handling), wireshark (F22: multiple vulnerabilities), and wordpress (F23; F22: cross-site scripting).

Gentoo has updated openssh (multiple vulnerabilities).

Mageia has updated openssh (multiple vulnerabilities), php (information disclosure), and qemu (multiple vulnerabilities).

openSUSE has updated nodejs (two vulnerabilities) and openssh (13.1; 11.4: multiple vulnerabilities).

More in Tux Machines

Kernel Space: Linux, Graphics

  • Linux kernel bug delivers corrupt TCP/IP data to Mesos, Kubernetes, Docker containers
    The Linux Kernel has a bug that causes containers that use veth devices for network routing (such as Docker on IPv6, Kubernetes, Google Container Engine, and Mesos) to not check TCP checksums. This results in applications incorrectly receiving corrupt data in a number of situations, such as with bad networking hardware. The bug dates back at least three years and is present in kernels as far back as we’ve tested. Our patch has been reviewed and accepted into the kernel, and is currently being backported to -stable releases back to 3.14 in different distributions (such as Suse, and Canonical). If you use containers in your setup, I recommend you apply this patch or deploy a kernel with this patch when it becomes available. Note: Docker’s default NAT networking is not affected and, in practice, Google Container Engine is likely protected from hardware errors by its virtualized network.
  • Performance problems
    Just over a year ago I implemented an optimization to the SPI core code in Linux that avoids some needless context switches to a worker thread in the main data path that most clients use. This was really nice, it was simple to do but saved a bunch of work for most drivers using SPI and made things noticeably faster. The code got merged in v4.0 and that was that, I kept on kicking a few more ideas for optimizations in this area around but that was that until the past month.
  • Compute Shader Code Begins Landing For Gallium3D
    Samuel Pitoiset began pushing his Gallium3D Mesa state tracker changes this morning for supporting compute shaders via the GL_ARB_compute_shader extension. Before getting too excited, the hardware drivers haven't yet implemented the support. It was back in December that core Mesa received its treatment for compute shader support and came with Intel's i965 driver implementing CS.
  • Libav Finally Lands VDPAU Support For Accelerated HEVC Decoding
    While FFmpeg has offered hardware-accelerated HEVC decoding using NVIDIA's VDPAU API since last summer, this support for the FFmpeg-forked libav landed just today. In June was when FFmpeg added support to its libavcodec for handling HEVC/H.265 video decoding via NVIDIA's Video Decode and Presentation API for Unix interface. Around that same time, developer Philip Langdale who had done the FFmpeg patch, also submitted the patch for Libav for decoding HEVC content through VDPAU where supported.

Unixstickers, Linux goes to Washington, Why Linux?

  • Unixstickers sent me a package!
    There's an old, popular saying, beware geeks bearing gifts. But in this case, I was pleased to see an email in my inbox, from unixstickers.com, asking me if I was interested in reviewing their products. I said ye, and a quick few days later, there was a surprise courier-delivered envelope waiting for me in the post. Coincidentally - or not - the whole thing happened close enough to the 2015 end-of-the-year holidays to classify as poetic justice. On a slightly more serious note, Unixstickers is a company shipping T-shirts, hoodies, mugs, posters, pins, and stickers to UNIX and Linux aficionados worldwide. Having been identified one and acquired on the company's PR radar, I am now doing a first-of-a-kind Dedoimedo non-technical technical review of merchandise related to our favorite software. So not sure how it's gonna work out, but let's see.
  • Linux goes to Washington: How the White House/Linux Foundation collaboration will work
    No doubt by now you've heard about the Obama Administration's newly announced Cybersecurity National Action Plan (CNAP). You can read more about it on CIO.com here and here. But what you may not know is that the White House is actively working with the Linux and open source community for CNAP. In a blog post Jim Zemlin, the executive director of the Linux Foundation said, “In the proposal, the White House announced collaboration with The Linux Foundation’s Core Infrastructure Initiative (CII) to better secure Internet 'utilities' such as open-source software, protocols and standards.”
  • Why Linux?
    Linux may inspire you to think of coders hunched over their desks (that are littered with Mountain Dew cans) while looking at lines of codes, faintly lit by the yellow glow of old CRT monitors. Maybe Linux sounds like some kind of a wild cat and you have never heard the term before. Maybe you have use it every day. It is an operating system loved by a few and misrepresented to many.

RebeccaBlackOS 2016-02-08 Review. Why? Because it’s Friday.

These are the types of problems found in an independent distro build from scratch. I cannot understand how a system built on Debian could be this buggy and apparently have zero VM support which Debian comes with by default. I can take some solace in the fact that it was built by one person and that one person is a Rebecca Black fan but as far as a Linux Distribution is concerned there is not much here. Some could say “Well its not supposed to be taken as a serious Distribution.” True except it is listed and kept up with on DistroWatch therefor it should be held as a system ready distribution especially when it was not released as a beta or an RC. If this distribution is ever going to be considered a real platform it has a long way to go. I give it about as many thumbs down as the Rebecca Black Friday video. Read more

Android More Leftovers