Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 27 min ago

[$] Debating the Cryptographic Autonomy License

5 hours 57 min ago
If one were to ask a group of free-software developers whether the community needs more software licenses, the majority of the group would almost certainly answer "no". We have the licenses we need to express a range of views of software freedom, and adding to the list just tends to create confusion and compatibility issues. That does not stop people from writing new licenses, though. While much of the "innovation" in software licenses in recent times is focused on giving copyright holders more control over how others use their code (while still being able to brand it "open source"), there are exceptions. The proposed "Cryptographic Autonomy License" (CAL) is one of those; its purpose is to give users of the code control over the data that is processed with it.

Security updates for Friday

12 hours 44 min ago
Security updates have been issued by Debian (cups, nginx, and openjdk-7), Fedora (httpd, mod_md, nghttp2, and patch), and SUSE (rubygem-loofah).

[$] Restricting path name lookup with openat2()

Thursday 22nd of August 2019 07:24:26 PM
Looking up a file given a path name seems like a straightforward task, but it turns out to be one of the more complex things the kernel does. Things get more complicated if one is trying to write robust (user-space) code that can do the right thing with paths that are controlled by a potentially hostile user. Attempts to make the open() and openat() system calls safer date back at least to an attempt to add O_BENEATH in 2014, but numerous problems remain. Aleksa Sarai, who has been working in this area for a while, has now concluded that a new version of openat(), naturally called openat2(), is required to truly solve this problem.

Backdoors in Webmin

Thursday 22nd of August 2019 01:14:22 PM
Anybody using Webmin, a web-based system-administration tool, will want to update now, as it turns out that the system has been backdoored for over a year. "At some time in April 2018, the Webmin development build server was exploited and a vulnerability added to the password_change.cgi script. Because the timestamp on the file was set back, it did not show up in any Git diffs. This was included in the Webmin 1.890 release."

Backdoor code found in 11 Ruby libraries (ZDNet)

Thursday 22nd of August 2019 01:08:49 PM
ZDNet reports on the discovery of a set of malicious libraries in the RubyGems repository. "The individual behind this scheme was active for more than a month, and their actions were not detected. Things changed when the hacker managed to gain access to the RubyGems account of one of the rest-client developers, which he used to push four malicious versions of rest-client on RubyGems. However, by targeting such a high-profile project that has over 113 million total downloads on RubyGems, the hacker also brought a lot of light to their operation, which was taken down within a few hours after users first spotted the malicious code in the rest-client library."

Security updates for Thursday

Thursday 22nd of August 2019 12:59:53 PM
Security updates have been issued by Fedora (nginx), openSUSE (ImageMagick and putty), Red Hat (Ansible, atomic-openshift-web-console, ceph, and qemu-kvm-rhev), SUSE (kvm, libssh2_org, postgresql96, qemu, and wavpack), and Ubuntu (libzstd and openjpeg2).

[$] LWN.net Weekly Edition for August 22, 2019

Thursday 22nd of August 2019 12:30:07 AM
The LWN.net Weekly Edition for August 22, 2019 is available.

[$] OpenPOWER opens further

Wednesday 21st of August 2019 08:25:11 PM
In what was to prove something of a theme throughout the morning, Hugh Blemings said that he had been feeling a bit like a kid waiting for Christmas recently, but that the day when the presents can be unwrapped had finally arrived. He is the executive director of the OpenPOWER Foundation and was kicking off the keynotes for the second day of the 2019 OpenPOWER Summit North America; the keynotes would reveal the "most significant and impressive announcements" in the history of the project, he said. Multiple presentations outlined a major change in the openness of the OpenPOWER instruction set architecture (ISA), along with various related hardware and software pieces; in short, OpenPOWER can be used by compliant products without paying royalties and with a grant of the patents that IBM holds on it. In addition, the foundation will be moving under the aegis of the Linux Foundation.

[$] Making containers safer

Wednesday 21st of August 2019 02:24:10 PM
On day one of the Linux Security Summit North America (LSS-NA), Stéphane Graber and Christian Brauner gave a presentation on the current state and the future of container security. They both work for Canonical on the LXD project; Graber is the project lead and Brauner is the maintainer. They looked at the different kernel mechanisms that can be used to make containers more secure and provided some recommendations based on what they have learned along the way.

Security updates for Wednesday

Wednesday 21st of August 2019 01:13:32 PM
Security updates have been issued by Fedora (ghostscript, pango, and squirrelmail), openSUSE (libcryptopp, squid, tcpdump, and wireshark), SUSE (flatpak), and Ubuntu (giflib and NLTK).

Announcing notqmail

Tuesday 20th of August 2019 11:17:21 PM
The notqmail project has announced its existence and shipped an initial release. It's a new fork of the venerable qmail mail transport system. "Our first release is informed, conservative, and careful — but bold. It reflects our brand-new team’s rapid convergence on where we’re going and how we’ll get there."

Open source POWER ISA takes aim at Intel and Arm (TechRepublic)

Tuesday 20th of August 2019 11:11:12 PM
TechRepublic reports on the opening of the POWER instruction-set architecture. "While the POWER ISA was itself licensable following the creation of the OpenPOWER Foundation in 2013, that came at a cost. Now, the POWER ISA is available royalty-free, inclusive of patent rights." The OpenPOWER Foundation is also being folded into the Linux Foundation.

Security updates for Tuesday

Tuesday 20th of August 2019 01:17:52 PM
Security updates have been issued by Debian (flask), openSUSE (clementine, dkgpg, libTMCG, openexr, and zstd), Oracle (kernel, mysql:8.0, redis:5, and subversion:1.10), SUSE (nodejs6, python-Django, and rubygem-rails-html-sanitizer), and Ubuntu (cups, docker, docker-credential-helpers, kconfig, kde4libs, libreoffice, nova, and openldap).

[$] On-disk format robustness requirements for new filesystems

Monday 19th of August 2019 11:17:00 PM
The "Extendable Read-Only File System" (or "EROFS") was first posted by Gao Xiang in May 2018; it was merged into the staging tree for the 4.19 release. There has been a steady stream of work on EROFS since then, and its author now thinks that it is ready to move out of staging and join the other official filesystems in the kernel. It would seem, though, that there is one final hurdle that it may have to clear: robustness in the face of a corrupted on-disk filesystem image. That raises an interesting question: to what extent do new filesystems have to exhibit a level of robustness that is not met by the filesystems that are currently in heavy use?

Stapelberg: distri: a Linux distribution to research fast package management

Monday 19th of August 2019 01:46:11 PM
Michael Stapelberg has announced the first release of "distri", a distribution focused on simplifying and accelerating package management. "distri’s package manager is extremely fast. Its main bottleneck is typically the network link, even at high speed links (I tested with a 100 Gbps link). Its speed comes largely from an architecture which allows the package manager to do less work."

Security updates for Monday

Monday 19th of August 2019 01:39:31 PM
Security updates have been issued by CentOS (kernel and openssl), Debian (ffmpeg, golang-1.11, imagemagick, kde4libs, openldap, and python3.4), Fedora (gradle, hostapd, kdelibs3, and mgetty), Gentoo (adobe-flash, hostapd, mariadb, patch, thunderbird, and vlc), Mageia (elfutils, mariadb, mythtv, postgresql, and redis), openSUSE (chromium, kernel, LibreOffice, and zypper, libzypp and libsolv), Oracle (ghostscript), Red Hat (rh-php71-php), SUSE (bzip2, evince, firefox, glib2, glibc, java-1_8_0-openjdk, polkit, postgresql10, python3, and squid), and Ubuntu (firefox).

A new chair for the openSUSE board

Monday 19th of August 2019 01:21:45 PM
Richard Brown has announced that he is stepping down as the chair of the openSUSE board. "I have absolute confidence in the openSUSE Board; Indeed, I don't think I would be able to make this decision at this time if I wasn't certain that I was leaving openSUSE in good hands. On that note, SUSE has appointed Gerald Pfeifer as my replacement as Chair. Gerald is SUSE's EMEA-based CTO, with a long history as a Tumbleweed user, an active openSUSE Member, and upstream contributor/maintainer in projects like GCC and Wine."

Kernel prepatch 5.3-rc5

Monday 19th of August 2019 01:17:34 PM
Linus has released the 5.3-rc5 kernel prepatch, saying: "It's been calm, and nothing here stands out, except perhaps some of the VM noise where we un-reverted some changes wrt node-local vs hugepage allocations."

Git v2.23.0 released

Sunday 18th of August 2019 03:06:10 PM
Version 2.23.0 of the Git source-code management system is out. There's a lot of new features, including a new "git merge --quit" option, new "git switch" and "git restore" commands, and more.

[$] Reconsidering unprivileged BPF

Friday 16th of August 2019 03:11:47 PM
The BPF virtual machine within the kernel has seen a great deal of work over the last few years; as that has happened, its use has expanded to many different kernel subsystems. One of the objectives of that work in the past has been to make it safe to allow unprivileged users to load at least some types of BPF programs into the kernel. A recent discussion has made it clear, though, that the goal of opening up BPF to unprivileged users has been abandoned as unachievable, and that further work in that direction will not be accepted by the BPF maintainer.

More in Tux Machines

Welcome to the August 2019 Friends of GNOME Update!

Neil, Molly, and Rosanna went to OSCON, in Portland, OR. While there, we met with people from other free software projects and companies developing open source, or with open source programs offices. Following OSCON, there was the West Coast Hackfest, during which the Documentation, GTK, and Engagement teams met and got a bunch of work done. There are some photos you can check out on our Twitter account. Molly attended FrOSCon, giving a keynote entitled “Open Source Citizenship for Everyone!” On September 17th, Molly will be at GitLab Commit in Brooklyn, NY. Federico Mena will be at CCOSS in Guadalajara, México, September 14 – 15th. There he will run a workshop on GNOME and deliver a keynote presentation. Read more

Cryptocurrency OS Makes It Easy to Buy and Spend Digital Cash

Cryptocurrency OS is a specialty Linux distribution that serves a niche user market destined to grow as the crypto economy continues to develop. This distro is packed with all the tools you need to create and manage your crypto accounts. It also is a fully functional Linux operating system. It is easy to use this distro as your daily computing platform. Read more

today's leftovers

  • Voyager Live 10 overview | The spirit of open source in the heart of the digital world

    In this video, I am going to show an overview of Voyager Live 10 and some of the applications pre-installed.

  • Cantor and the support for Jupyter notebooks at the finish line

    Hello everyone! It's been almost three weeks since my last post and this is going to be my my final post in this blog. So, I want to summarize all my work done in this GSoC project. Just to remember again, the goal of the project was to add the support for Jupiter notebooks to Cantor. This format is widely used in the scientific and education areas, mostly by the application Jupyter, and there is a lot of content available on the internet in this format (for example, here). By adding the support of this format in Cantor we’ll allow Cantor users access this content. This is short description, if you more intersted, you can found more details in my proporsal. [...] This is all for the limitations, I think. Let's talk about future plans and perspectives. In my opinion, this project has reached its initial goals, is finished now and will only need maintenance and support in terms of bug fixing and adjustment to potential format changes in future. When talking more generally, this project is part of the current overall development activities in Cantor to improve the usability and the stability of the application and to extend the feature set in order to enable more workflows and to reach to a bigger audience with this. See 19.08 and 18.12 release announcements to read more about the developments in the recent releases of Cantor. Support of the Jupyter notebook format is a big step into this direction but this not all. We have already many other items in our backlog like for the UX improvements, plots integration improvements going into this direction. Some of this items will be addressed soon. Some of them are something for the next GSoC project next year maybe? I think, that's all for now. Thank you for reading this blog and thank you for your interest in my project. Working on this project was a very interesting and pleasant period of my life. I am happy that I had this opportunity and was able to contribute to KDE and especially to Cantor with the support of my mentor Alexander Semke.

  • My Open-Source Activities from January to August 2019

    Debian is a general-purpose Linux distribution that is widely used on the planet. I am a Debian Developer who works on packages related to Android SDK and the Java ecosystem. I started a new package in an attempt to build the Android framework android.jar using the upstream build systems involving Ninja, Soong and others. Since the beginning we have been writing our own (very simple) makefiles to build the binaries in AOSP because their build logic tends to be simple and straightforward, until we worked on android.jar. Building it requires digging in so much code that it became incredibly hard to maintain, which is why we still haven’t brought in any newer version since android-framework-23. This is problematic as developers can’t build any apps that target Android 7+. After a month of work, this package is finally done. After all its dependencies are packaged in the future, it will be good to upload. This is where the students of Google Summer of Code (GSoC) come in!

  • iMars Black is an Inexpensive Bluetooth 5.0 USB Audio Transmitter & Receiver
  • This Linux computer plus router is the size of a ring box

    The VoCore2 Mini Linux Computer packs a wireless router and 16M of onboard storage into a cube about the size of a coin. Just hook it up to any display monitor through a standard USB2.0 port, and you're ready to put it to work. With 128MB of DDR2 memory and an MT7628AN MIPS processor, it's equally useful as a streaming station, VPN gateway, data storage - you name it.

  • Dive into the life and legacy of Alan Turing: 5 books and more

    Another well-known fact about Turing was his conviction for "gross indecency" because of his homosexuality, and the posthumous apology and pardon issued over more a half a decade after Turing’s death. But beyond all of this, who was Alan Turing? Here are six books that delve deeply into the life and legacy of Alan Turing. Collectively, these books cover his life, both professional and personal, and work others have done to build upon Turing’s ideas. Individually, or collectively, these works allow the reader to learn who Alan Turing was beyond just a few well-known, broad-stroke themes.

  • Security updates for Friday

    Security updates have been issued by Debian (cups, nginx, and openjdk-7), Fedora (httpd, mod_md, nghttp2, and patch), and SUSE (rubygem-loofah).

  • Epyc Encryption | TechSNAP 410

    It's CPU release season and we get excited about AMD's new line of server chips. Plus our take on AMD's approach to memory encryption, and our struggle to make sense of Intel's Comet Lake line. Also, a few Windows worms you should know about, the end of the road for EV certs, and an embarrassing new Bluetooth attack.

Android Leftovers