Welcome to LWN.net

LWN featured content

Linus Torvalds has railed frequently and loudly against kernel developers breaking user space. But that rule is not ironclad; there are exceptions. The story of how a kernel change caused a GlusterFS breakage shows that there are sometimes unfortunate twists to those exceptions.

Full Story (comments: 26)

Python core developer Raymond Hettinger's PyCon 2013 keynote had elements of a revival meeting sermon, but it was also meant to spread the "religion" well beyond those inside the meeting tent. Hettinger specifically tasked attendees to use his "What makes Python awesome?" talk as a sales tool with management and other Python skeptics. Subscribers can get the full coverage of the talk from this week's edition at the link below.

Full Story (comments: 49)

The world was a simpler place when the TCP/IP network protocol suite was first designed. The net was slow and primitive and it was often a triumph to get a connection to a far-away host at all. The machines at either end of a TCP session normally did not have to concern themselves with how that connection was made; such details were left to routers. As a result, TCP is built around the notion of a (single) connection between two hosts. The Multipath TCP (MPTCP) project looks to change that view of networking by adding support for multiple transport paths to the endpoints; it offers a lot of benefits, but designing a deployable protocol for today's Internet is surprisingly hard.

Full Story (comments: 62)

An exploit posted on March 13 revealed a rather easily exploitable security vulnerability (CVE 2013-1858) in the implementation of user namespaces. That exploit enables an unprivileged user to escalate to full root privileges. Although a fix was quickly provided, it is nevertheless instructive to look in some detail at the vulnerability, both to better understand the nature of this kind of exploit and also to briefly consider how this vulnerability came to appear inside the user namespaces implementation.

Full Story (comments: 28)

Many pixels have been expended in the discussion of contributor agreements that transfer copyright from developers to a company or foundation. But, for developers in many projects, the discussion is moot, in that the requirement for an agreement exists and the papers must be signed before contributions to the project can be made. But, even then, there are some interesting details that merit attention. A recent discussion regarding one developer's contributions to the Emacs Org mode project shows how expansive and poorly understood such agreements can be in some cases.

Full Story (comments: 48)

A February linux-kernel mailing list discussion of a patch that extends the use of the CAP_COMPROMISE_KERNEL capability soon evolved into a discussion of the specific uses (or abuses) of the CAP_SYS_RAWIO capability within the kernel. However, in reality, the discussion once again exposes some general difficulties in the Linux capabilities implementation—difficulties that seem to have no easy solution.

Full Story (comments: 38)

Many people have talked about the Android kernel code and its relation to the mainline. One of the people who has done the most to help bring Android and the mainline closer together is John Stultz; at the 2013 Linaro Connect Asia event, he talked about the status of the Android code. The picture that emerged shows that a lot of progress has been made, but there is still a lot of work yet to be done. Click below (subscribers only) for the full report.

Full Story (comments: 17)

Ubuntu publicly announced its plan for the future of its Unity graphical shell on March 4, a plan that includes a new compositing window manager designed to run on the distribution's device platforms as well as on desktop systems. The plan will reimplement the Unity shell in Qt and replace Compiz with a new display stack called Mir that will incorporate a compositor, input manager, and several other pieces. Mir is not designed to use the Wayland display protocol (although the Ubuntu specification suggests it could be added later), a decision that raised the ire of developers in several other projects.

Full Story (comments: 46)

In this article, we continue last week's discussion of user namespaces. In particular, we look in more detail at the interaction of user namespaces and capabilities as well as the combination of user namespaces with other types of namespaces.

Full Story (comments: 23)

By the time that Linus released the 3.9-rc1 kernel prepatch and closed the merge window for this cycle, he had pulled a total of 10,265 non-merge changesets into the mainline repository. That is just over 2,000 changes since last week's summary. Subscribers can click below for a look at the last merges for 3.9.

Full Story (comments: 42)

Current news

On his blog, Steve McIntyre writes about work he has been doing to identify assembly code in Linux packages:

That work resulted in a report with his findings.

Comments (none posted)

The Subsurface project mourns the loss of Jan Schubert. "It is with great sadness that we say a final 'Tschüss' to one of our most active and engaging developers. Without Jan, Subsurface would not support the needs of technical divers the way it does today."

Comments (none posted)

Debian has updated bind9 (denial of service).

Fedora has updated rubygem-actionpack (F18; F17: multiple vulnerabilities), gajim (F18; F17: man-in-the-middle attack), drupal7-views (F18; F17: cross-site scripting), rubygem-activesupport (F18; F17: XML parsing vulnerability), mantis (F18; F17: multiple vulnerabilities), httpd (F18: cross-site scripting), rubygem-activerecord (F18: denial of service), glibc (F18: denial of service), sssd (F18: privilege violation), kernel (F17: multiple vulnerabilities), puppet (F17: multiple vulnerabilities).

openSUSE has updated privoxy (11.4: proxy spoofing).

Comments (none posted)

Here's the second part in the C++14 papers series on the "Meeting C++" site. "A proposal for Executors, objects that can execute units of work packaged as function objects. So this is another possible approach to task based parallelism, where the executor object is used as a reusable thread, that can handled a queue of tasks. One possible implementation of an executor is a thread-pool, but other implementations are possible."

Comments (2 posted)

The 3.9-rc5 kernel prepatch is out. Linus says: "Nothing really peculiar stands out. Exynos DRM updates, IBM RamSan driver updates are a bit larger, l2tp update... The rest is pretty much small patches spread out all over. Mostly drivers (block, net, media, tty, usb), networking, and some filesystem updates (btrfs, nfs). Some arch updates (x86, arc). Things seem to be calming down a bit, and everything seems largely on track for a 3.9 release in a few weeks."

Comments (none posted)

Back in August 2012, Yorba Foundation founder Adam Dingle spoke at GUADEC about the complexities of crowdfunding development for open source applications. This week, the group officially launched a campaign at IndieGoGo to underwrite development of its open source email client Geary. The target is US $100,000, which, as executive director Jim Nelson explains, is a number chosen to support three full-time developers for the next release cycle. "I doubt there’s a widely-used desktop application out there developed for less than US$100,000 — it’s just that the price tag might be hidden from its users." The campaign runs for one month; among the many factors Dingle spoke of that differentiate between funding sites, IndieGoGo only distributes funds if the target is met.

Comments (17 posted)

CentOS has updated bind (C6; denial of service) and bind97 (C5; denial of service).

Debian has updated rails (multiple vulnerabilities).

openSUSE has updated clamav (security hardening fixes).

Oracle has updated bind (OL6; denial of service) and bind97 (OL5; denial of service).

Red Hat has updated bind (denial of service) and bind97 (denial of service).

Scientific Linux has updated bind (denial of service) and bind97 (denial of service).

Slackware has updated libssh (denial of service).

Ubuntu has updated bind (denial of service).

Comments (1 posted)

The PostgreSQL project has announced an update coming on April 4. "This release will include a fix for a high-exposure security vulnerability. All users are strongly urged to apply the update as soon as it is available." Pre-announcement of security updates is quite rare, as is the associated shutdown of repository updates and distribution of commit messages, so one assumes that it would be a good idea to be ready to apply this update when it arrives.

Full Story (comments: 1)

On behalf of the ZFS-on-Linux project, Brian Behlendorf has announced the availability of version 0.6.1 of this Solaris-derived filesystem. "Over two years of use by real users has convinced us ZoL is ready for wide scale deployment on everything from desktops to super computers." The project's home page offers binary modules for a wide variety of distributions. (See the FAQ for the project's take on licensing issues.)

Comments (10 posted)

Over at Linux.com, Joe "Zonker" Brockmeier, community evangelist for CloudStack at Citrix, tries to disambiguate the term "cloud". He describes the attributes of clouds, using the US National Institute of Standards and Technology (NIST) definition of cloud computing, looks at the various "X as a service" offerings, how it all works, and why it's important to have open clouds. "Having an open cloud matters because we need to be able to continue the work that GNU and Linux folks have been doing for more than twenty years, at scale. It matters because we need the cloud to be bigger than Amazon or proprietary companies – and because users and organizations should have as much control over their computing destiny at scale as they have had on individual servers."

Comments (3 posted)

--> More news items