Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 54 min ago

Security updates for Tuesday

14 hours 42 min ago
Security updates have been issued by Debian (libav), Gentoo (chromium, firefox, libreoffice, mysql, and ruby), SUSE (kernel), and Ubuntu (bind9).

[$] BPF comes to firewalls

Monday 19th of February 2018 11:17:40 PM
The Linux kernel currently supports two separate network packet-filtering mechanisms: iptables and nftables. For the last few years, it has been generally assumed that nftables would eventually replace the older iptables implementation; few people expected that the kernel developers would, instead, add a third packet filter. But that would appear to be what is happening with the newly announced bpfilter mechanism. Bpfilter may eventually replace both iptables and nftables, but there are a lot of questions that will need to be answered first.

Security updates for Monday

Monday 19th of February 2018 04:03:07 PM
Security updates have been issued by Arch Linux (irssi), Debian (bind9, gcc-4.9, plasma-workspace, quagga, and tomcat-native), Fedora (p7zip), Mageia (nasm), openSUSE (exim, ffmpeg, irssi, mpv, qpdf, quagga, rrdtool, and rubygem-puppet), and SUSE (p7zip and xen).

SuiteCRM 7.10 released

Monday 19th of February 2018 02:25:41 PM
SuiteCRM is a fork of the formerly open-source SugarCRM customer relationship management system. The 7.10 release has been announced. "SuiteCRM 7.10 includes a long list of enhancements, improving user experience, adding new functionality and providing a new REST API. This edition of SuiteCRM also assists companies to be ready for GDPR, including opt-in functionality to track the consent of individuals."

Kernel prepatch 4.16-rc2

Monday 19th of February 2018 04:04:38 AM
The second 4.16 kernel prepatch is out. "Go out and test, it all looks fine."

Some weekend stable kernel updates

Sunday 18th of February 2018 09:15:44 PM
The 4.15.4, 4.14.20, 4.9.82, 4.4.116, and 3.18.95 stable kernel updates have all been released. These kernels contain a relatively large set of important fixes and updates.

[$] The boot-constraint subsystem

Friday 16th of February 2018 06:57:02 PM
The fifth version of the patch series adding the boot-constraint subsystem is under review on the linux-kernel mailing list. The purpose of this subsystem is to honor the constraints put on devices by the bootloader before those devices are handed over to the operating system (OS) — Linux in our case. If these constraints are violated, devices may fail to work properly once the kernel starts reconfiguring the hardware; by tracking and enforcing those constraints, instead, we can ensure that hardware continues to work properly until the kernel is fully operational.

Security updates for Friday

Friday 16th of February 2018 03:37:13 PM
Security updates have been issued by Debian (quagga), Mageia (freetype2, kernel-linus, and kernel-tmb), openSUSE (chromium, GraphicsMagick, mupdf, openssl-steam, and xen), Slackware (irssi), SUSE (glibc and quagga), and Ubuntu (quagga).

[$] Dynamic function tracing events

Thursday 15th of February 2018 11:12:11 PM
For as long as the kernel has included tracepoints, developers have argued over whether those tracepoints are part of the kernel's ABI. Tracepoint changes have had to be reverted in the past because they broke existing user-space programs that had come to depend on them; meanwhile, fears of setting internal code in stone have made it difficult to add tracepoints to a number of kernel subsystems. Now, a new tracing functionality is being proposed as a way to circumvent all of those problems.

FOSS Project Spotlight: LinuxBoot (Linux Journal)

Thursday 15th of February 2018 08:49:57 PM
Linux Journal takes a look at the newly announced LinuxBoot project. LWN covered a related talk back in November. "Modern firmware generally consists of two main parts: hardware initialization (early stages) and OS loading (late stages). These parts may be divided further depending on the implementation, but the overall flow is similar across boot firmware. The late stages have gained many capabilities over the years and often have an environment with drivers, utilities, a shell, a graphical menu (sometimes with 3D animations) and much more. Runtime components may remain resident and active after firmware exits. Firmware, which used to fit in an 8 KiB ROM, now contains an OS used to boot another OS and doesn't always stop running after the OS boots. LinuxBoot replaces the late stages with a Linux kernel and initramfs, which are used to load and execute the next stage, whatever it may be and wherever it may come from. The Linux kernel included in LinuxBoot is called the 'boot kernel' to distinguish it from the 'target kernel' that is to be booted and may be something other than Linux."

Security updates for Thursday

Thursday 15th of February 2018 03:24:41 PM
Security updates have been issued by Debian (jackson-databind, leptonlib, libvorbis, python-crypto, and xen), Fedora (apache-commons-email, ca-certificates, libreoffice, libxml2, mujs, p7zip, python-django, sox, and torbrowser-launcher), openSUSE (libreoffice), SUSE (libreoffice), and Ubuntu (advancecomp, erlang, and freetype).

[$] LWN.net Weekly Edition for February 15, 2018

Thursday 15th of February 2018 12:34:37 AM
The LWN.net Weekly Edition for February 15, 2018 is available.

[$] DIY biology

Wednesday 14th of February 2018 09:52:23 PM

A scientist with a rather unusual name, Meow-Ludo Meow-Meow, gave a talk at linux.conf.au 2018 about the current trends in "do it yourself" (DIY) biology or "biohacking". He is perhaps most famous for being prosecuted for implanting an Opal card RFID chip into his hand; the Opal card is used for public transportation fares in Sydney. He gave more details about his implant as well as describing some other biohacking projects in an engaging presentation.

Wielaard: dtrace for linux; Oracle does the right thing

Wednesday 14th of February 2018 08:04:07 PM
Mark Wielaard writes about the recently discovered relicensing of the dtrace dynamic tracing subsystem under the GPL. "Thank you Oracle for making everyone’s life easier by waving your magic relicensing wand! Now there is lots of hard work to do to actually properly integrate this. And I am sure there are a lot of technical hurdles when trying to get this upstreamed into the mainline kernel. But that is just hard work. Which we can now start collaborating on in earnest."

[$] A report from the Enigma conference

Wednesday 14th of February 2018 06:50:02 PM

The 2018 USENIX Enigma conference was held for the third time in January. Among many interesting talks, three presentations dealing with human security behaviors stood out. This article covers the key messages of these talks, namely the finding that humans are social in their security behaviors: their decision to adopt a good security practice is hardly ever an isolated decision.

Subscribers can read on for the report by guest author Christian Folini.

[$] Authentication and authorization in Samba 4

Wednesday 14th of February 2018 06:03:16 PM

Volker Lendecke is one of the first contributors to Samba, having submitted his first patches in 1994. In addition to developing other important file-sharing tools, he's heavily involved in development of the winbind service, which is implemented in winbindd. Although the core Active Directory (AD) domain controller (DC) code was written by his colleague Stefan Metzmacher, winbind is a crucial component of Samba's AD functionality. In his information-packed talk at FOSDEM 2018, Lendecke said he aimed to give a high-level overview of what AD and Samba authentication is, and in particular the communication pathways and trust relationships between the parts of Samba that authenticate a Samba user in an AD environment.

Security updates for Wednesday

Wednesday 14th of February 2018 04:11:31 PM
Security updates have been issued by Arch Linux (exim and mpv), Debian (advancecomp and graphicsmagick), Red Hat (collectd, erlang, httpd24-apr, openstack-aodh, and openstack-nova), SUSE (kernel and xen), and Ubuntu (libvorbis).

[$] Two FOSDEM talks on Samba 4

Tuesday 13th of February 2018 07:31:07 PM

Much as some of us would love never to have to deal with Windows, it exists. It wants to authenticate its users and share resources like files and printers over the network. Although many enterprises use Microsoft tools to do this, there is a free alternative, in the form of Samba. While Samba 3 has been happily providing authentication along with file and print sharing to Windows clients for many years, the Microsoft world has been slowly moving toward Active Directory (AD). Meanwhile, Samba 4, which adds a free reimplementation of AD on Linux, has been increasingly ready for deployment. Three short talks at FOSDEM 2018 provided three different views of Samba 4, also known as Samba-AD, and left behind a pretty clear picture that Samba 4 is truly ready for use.

Subscribers can read on for a report from guest author Tom Yates on the first two of those talks; stay tuned for another on the third soon.

Stable kernel updates

Tuesday 13th of February 2018 04:28:21 PM
Stable kernels 4.15.3, 4.14.19, and 4.9.81 have been released. They all contain important fixes and users should upgrade.

Security updates for Tuesday

Tuesday 13th of February 2018 04:18:32 PM
Security updates have been issued by Arch Linux (sthttpd), Debian (clamav, libreoffice, and pound), openSUSE (ipsec-tools and leptonica), SUSE (libreoffice), and Ubuntu (exim4, firefox, php5, puppet, and wavpack).

More in Tux Machines

Bang & Olufsen’s RPi add-on brings digital life to old speakers

B&O and HiFiBerry have launched an open source, DIY “Beocreate 4” add-on for the Raspberry Pi that turns vintage speakers into digitally amplified, wireless-enabled smart speakers with the help of a 180-Watt 4-channel amplifier, a DSP, and a DAC. Bang & Olufsen has collaborated with HiFiBerry to create the open source, $189 Beocreate 4 channel amplifier kit. The 180 x 140 x 30mm DSP/DAC/amplifier board pairs with your BYO Raspberry Pi 3 with a goal of upcycling vintage passive speakers. Read more

Gemini PDA will ship with Android, but it also supports Debian, Ubuntu, Sailfish, and Postmarket OS (crowdfunding, work in progress)

The makers of the Gemini PDA plan to begin shipping the first units of their handheld computer to their crowdfunding campaign backers any day now. And while the folks at Planet Computer have been calling the Gemini PDA a dual OS device (with Android and Linux support) from the get go, it turns out the first units will actually just ship with Android. Read more

Red Hat: CO.LAB, Kubernetes/OpenShift, Self-Serving 'Study' and More

Browsers: Mozilla and Iridium

  • Best Web Browser
    When the Firefox team released Quantum in November 2017, they boasted it was "over twice as fast as Firefox from 6 months ago", and Linux Journal readers generally agreed, going as far as to name it their favorite web browser. A direct response to Google Chrome, Firefox Quantum also boasts decreased RAM usage and a more streamlined user interface.
  • Share Exactly What You See On-Screen With Firefox Screenshots
    A “screenshot” is created when you capture what’s on your computer screen, so you can save it as a reference, put it in a document, or send it as an image file for others to see exactly what you see.
  • What Happens when you Contribute, revisited
    I sat down to write a post about my students' experiences this term contributing to open source, and apparently I've written this before (and almost exactly a year ago to the day!) The thing about teaching is that it's cyclic, so you'll have to forgive me as I give a similar lecture here today. I'm teaching two classes on open source development right now, two sections in an introductory course, and another two in a follow-up intermediate course. The students are just starting to get some releases submitted, and I've been going through their blogs, pull requests, videos (apparently this generation likes making videos, which is something new for me), tweets, and the like. I learn a lot from my students, and I wanted to share some of what I'm seeing.
  • Iridium Browser: A Browser for the Privacy Conscience
    Iridium is a web browser based on Chromium project. It has been customized to not share your data and thus keeping your privacy intact.