Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 59 min ago

[$] LWN.net Weekly Edition for December 4, 2014

Thursday 4th of December 2014 01:21:21 AM
The LWN.net Weekly Edition for December 4, 2014 is available.

[$] Moving some of Python to GitHub?

Wednesday 3rd of December 2014 06:06:47 PM
Over the years, Python's source repositories have moved a number of times, from CVS on SourceForge to Subversion at Python.org and, eventually, to Mercurial (aka hg), still on Python Software Foundation (PSF) infrastructure. But the new Python.org site code lives at GitHub (thus in a Git repository) and it looks like more pieces of Python's source may be moving in that direction. While some are concerned about moving away from a Python-based DVCS (i.e. Mercurial) into a closed-source web service, there is a strong pragmatic streak in the Python community that may be winning out.

Security advisories for Wednesday

Wednesday 3rd of December 2014 05:46:19 PM

Debian has updated wordpress (multiple vulnerabilities).

Fedora has updated drupal6 (F20; F19: two vulnerabilities), drupal7 (F20; F19: denial of service), lsyncd (F20; F19: command injection), mariadb-galera (F20: multiple vulnerabilities), and wordpress (F20; F19: multiple vulnerabilities).

Oracle has updated firefox (OL7: multiple vulnerabilities), nss (OL7; OL6; OL5: man-in-the-middle attack), and thunderbird (OL6: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), kernel-rt (RHE MRG: multiple vulnerabilities), mariadb-galera (RHEL OSP for RHEL7; RHEL OSP for RHEL6: multiple vulnerabilities), nss (RHEL5,6,7: man-in-the-middle attack), openstack-neutron (RHEL OSP for RHEL7; RHEL OSP for RHEL6: denial of service), openstack-trove (RHEL OSP for RHEL7: information disclosure), qemu-kvm-rhev (RHEL OSP for RHEL7: information leak), and thunderbird (RHEL5,6,7: multiple vulnerabilities).

Slackware has updated mozilla (multiple vulnerabilities).

SUSE has updated flash-player (SLED11 SP3: code execution), IBM Java (SLE11 SP2: multiple vulnerabilities), and java-1_7_1-ibm (SLE12: multiple vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: multiple vulnerabilities) and mod-wsgi (14.10, 14.04, 12.04: privilege escalation).

Announcing netdev 0.1

Tuesday 2nd of December 2014 09:19:13 PM
"Netdev" is a new conference aimed at networking developers; it will be held February 14 to 17 in balmy Ottawa, Canada. The call for papers is open now, with a submission deadline of January 10. "Netdev 0.1 (year 0, conference 1) is a community-driven conference geared towards Linux netheads. Linux kernel networking and user space utilization of the interfaces to the Linux kernel networking subsystem are the focus. If you are using Linux as a boot system for proprietary networking, then this conference may not be for you."

Update: the conference organizers have posted more information on the CFP and the types of proposals they are looking for.

The Impact of the Linux Philosophy (Opensource.com)

Tuesday 2nd of December 2014 09:04:35 PM
Starting with the premise that all operating systems have a philosophy, this article on Opensource.com looks at the Linux philosophy and how it differs from other operating systems. "Imagine for a moment the chaos and frustration that would result from attempting to use a nail gun that asked you if you really wanted to shoot that nail and would not allow you to pull the trigger until you said the word “yes” aloud. Linux allows you to use the nail gun as you choose. Other operating systems let you know that you can use nails but don't tell you what tool is used to insert the nails let alone allow you to put your own finger on the trigger."

LCA 2015 and InternetNZ Diversity Program

Tuesday 2nd of December 2014 08:44:38 PM
LCA 2015 and InternetNZ are supporting diversity at linux.conf.au. "The InternetNZ Diversity Programme is one of the many ways we ensure that the LCA 2015 continues to be an open and welcoming conference for everyone. Together with InternetNZ this program has been created to assist under-represented delegates who contribute to the Open Source community but, without financial assistance, would not be able to attend LCA 2015."

Security updates for Tuesday

Tuesday 2nd of December 2014 06:03:28 PM

Debian has updated openvpn (denial of service).

Fedora has updated curl (F20: information leak), erlang (F20: command injection), phpMyAdmin (F20; F19: multiple vulnerabilities), python-django14 (F20; F19: multiple vulnerabilities), python-eyed3 (F20; F19: insecure tmpfile use), wget (F19: symlink attack), and xen (F20; F19: multiple vulnerabilities).

Mageia has updated gnome-shell (lock screen bypass), tcpdump (two vulnerabilities), and teeworlds (information leak).

Scientific Linux has updated ruby (SL7; SL6: multiple vulnerabilities).

Ubuntu has updated openvpn (14.10, 14.04, 12.04: denial of service).

New features in Git 2.2.0

Tuesday 2nd of December 2014 02:15:23 PM
The "Atlassian Developers" site has a summary of interesting features in the recent Git 2.2.0 release, including signed pushes. "This is an important step in preventing man-in-the-middle attacks and any other unauthorized updates to your repository's refs. git push has learnt the --signed flag which applies your GPG signature to a "push certificate" sent over the wire during the push invocation. On the server-side, git receive-pack (the command that handles incoming git pushes) has learnt to verify GPG-signed push certificates. Failed verifications can be used to reject pushes and those that succeed can be logged in a file to provide an audit log of when and who pushed particular ref updates or objects to your git server."

Firefox 34 released

Monday 1st of December 2014 08:00:29 PM
Mozilla has released Firefox 34. This version changes the default search engine, includes the Firefox Hello real-time communication client, implements HTTP/2 (draft14) and ALPN, disables SSLv3, and more. See the release notes for details.

Rocket, a new container runtime from CoreOS

Monday 1st of December 2014 07:02:00 PM
CoreOS has announced that it is moving away from Docker and toward "Rocket," a new container runtime that it has developed. "Unfortunately, a simple re-usable component is not how things are playing out. Docker now is building tools for launching cloud servers, systems for clustering, and a wide range of functions: building images, running images, uploading, downloading, and eventually even overlay networking, all compiled into one monolithic binary running primarily as root on your server. The standard container manifesto was removed. We should stop talking about Docker containers, and start talking about the Docker Platform. It is not becoming the simple composable building block we had envisioned."

[$] A preview of darktable 1.6

Monday 1st of December 2014 06:43:32 PM

The darktable project recently announced the first release-candidate (RC) builds for its upcoming version 1.6 release. The new version will add a slideshow presentation tool to darktable's primary photo-editing features, plus several new image operations and support for new digital cameras. This time, several of the additions add to darktable's automatic adjustment capabilities, making the application a bit more friendly for users who are new to high-end photo editing.


Security advisories for Monday

Monday 1st of December 2014 05:37:52 PM

CentOS has updated ruby (C7; C6: multiple vulnerabilities).

Debian has updated flac (multiple vulnerabilities), libvncserver (multiple vulnerabilities), mutt (denial of service), openjdk-7 (multiple vulnerabilities), and ppp (privilege escalation).

Mageia has updated flac (multiple vulnerabilities) and geary (TLS certificate issues).

SUSE has updated IBM Java (SLE11 SP3: multiple vulnerabilities).

Ubuntu has updated ppp (privilege escalation).

Kernel prepatch 3.18-rc7

Monday 1st of December 2014 01:13:28 PM
The 3.18-rc7 prepatch is out. Linus seems happy enough, despite the persistent lockup problem that has defied all debugging attempts so far. "At the same time, with the holidays coming up, and the problem _not_ being a regression, I suspect that what will happen is that I'll release 3.18 on time in a week, because delaying it will either mess up the merge window and the holiday season, or I'd have to delay it a *lot*."

LSF/MM 2015 Call For Proposals

Saturday 29th of November 2014 07:09:32 PM
The 2015 Linux Storage, Filesystem, and Memory Management summit will be held March 9 and 10 in Boston. The call for agenda proposals has gone out, with a deadline of January 16. Attendance will be capped to facilitate discussions, so developers who are interested in attending this event might want to get their proposals in soon.

Touring the hidden corners of LWN

Saturday 29th of November 2014 07:00:34 PM
One of the more surprising outcomes (to us) of the recent systemd "debates" in our comments section was finding out that some subscribers did not know of our comment filtering feature. Subscribers have been able to filter out specific commenters since 2010, but knowledge of that feature seems to have dissipated over time. We certainly could do a better job of documenting all of our features, but we thought it might be a good time to both introduce a couple of new features while refreshing people's memories of some of the features we already offer.

More in Tux Machines

Kodi 14.0 Helix Unwinds

Merry Christmas and happy holidays, everyone! We are proud to announce the release of Kodi 14.0, which comes with a new name, a new logo, and a wide variety of new features, but underneath the new coat of paint remains the same software we all love. A detailed changelog for Kodi 14 can be found under milestones on our code repository, should you be interested. With that said, let’s take a look at some of the features that come with Kodi 14.0. Read more

KaOS ISO 2014.12

KaOS is very proud to announce the availability of the December release of a new stable ISO. This ISO marks two major milestones for this distribution. Since it’s inception almost two years ago, a need to be ready for UEFI installs has always been a priority. That was tied though to getting a modern Qt based installer that could handle such UEFI installs. With this ISO, both are implemented. Read more

Old FOSS Friend & Foe Represents Sony in Hack

Boies, along with three attorneys representing the States, brought Microsoft to it’s knees — or so it seemed at the time. On November 5, 1999, Judge Thomas Penfield Jackson found that Windows dominance on the PC made the company a monopoly and that the company had taken illegal actions against Apple, Java, Netscape, Lotus Notes, RealNetworks, Linux, and others in order to maintain that monopoly. He ordered Microsoft broken in two, with one company producing Windows and another handling all other Microsoft software. As we all know, Judge Jackson’s solution was never implemented. Although an appeals court upheld the verdict against Redmond, the breakup of the company was overturned and sent back to the lower court for a review by a new judge. Two years later, in September, 2001, under the Bush Administration, the DOJ announced that it was no longer seeking the breakup of Microsoft, and in November reached a settlement which California, Connecticut, Iowa, Florida, Kansas, Minnesota, Utah, Virginia and Massachusetts opposed. The settlement basically required Microsoft to share its APIs and appoint a three person panel that would have complete access to Microsoft’s systems, records, and source code for five years. The settlement didn’t require Microsoft to change any code or stop the company from tying additional software with Windows. Additionally, the DOJ did not require Microsoft to change any of its code. Read more

Study: ‘European Parliament should use open source’

The European Parliament should use free software and open standards for all of its ICT systems and data, concludes a study by the EP’s Greens/European Free Alliance: “That is the most appropriate way for the Parliament to meet its own standard of ‘utmost transparency’.” Read more