LWN featured content
[$] The 2013 Linux Filesystem, Storage, and Memory Management Summit
[Kernel] Posted Apr 23, 2013 21:45 UTC (Tue) by corbet
The 2013
Linux Filesystem, Storage, and Memory Management Summit was held
April 18 and 19 in San Francisco, California, immediately after the Linux
Foundation's Collaboration Summit. The first set of notes from that
gathering is now available; at this point, we have most of the plenary
sessions and the entire memory management track written up. The rest of
our notes from the Summit will be added in the near future.
Full Story (comments: none)
[$] LFCS: Preparing Linux for nonvolatile memory devices
[Kernel] Posted Apr 19, 2013 18:28 UTC (Fri) by corbet
Since the demise of core memory, there has been a fundamental dichotomy in
data storage technology: memory is either fast and ephemeral, or slow and
persistent. The situation is changing, though, and that leads to some
interesting challenges for the Linux kernel. How will we
adapt to the coming world where nonvolatile memory (NVM) devices are
commonplace? Ric Wheeler led a session at the 2013 Linux Foundation
Collaboration Summit to discuss this issue.
Full Story (comments: 15)
[$] A taste of Rust
[Development] Posted Apr 17, 2013 22:35 UTC (Wed) by jake
Rust,
the new programming language being
developed by the Mozilla project,
has a number of interesting features. One that stands out is the
focus on safety. There are clear attempts
to increase the range of errors that the compiler can detect and
prevent, and thereby reduce the number of errors that end up in
production code.
Click below (subscribers only) for an overview of the Rust language by LWN
contributor Neil Brown.
Full Story (comments: 60)
[$] Current challenges in the free software ecosystem
[Front] Posted Apr 17, 2013 8:54 UTC (Wed) by mkerrisk
Given Eben Moglen's long association with the Free Software
Foundation, his work on drafting the GPLv3, and his role as President and
Executive Director of the Software Freedom Law Center, his
talk at the 2013 Free Software Legal and Licensing
Workshop promised to be thought-provoking. He chose to focus on two
topics that he saw as particularly relevant for the free software ecosystem
within the next five years: patents and the decline of copyleft licenses.
Full Story (comments: 48)
Legal issues from a radical community angle
[Front] Posted Apr 10, 2013 9:00 UTC (Wed) by mkerrisk
The sixth Free Software Legal and Licensing Workshop, which took place
on 4-5 April 2013 in Amsterdam, opened with a keynote from Stefano "Zack"
Zacchiroli, the Debian Project Leader (DPL) for the last three
years. Zack's aim was to provide the assembled lawyers with an overview of
the kinds of legal issues that are faced by Debian and other free software
projects and provide suggestions about how lawyers can help free software
projects.
Full Story (comments: 13)
Vulnerability handling in the PostgreSQL project
[Front] Posted Apr 9, 2013 14:35 UTC (Tue) by jake
On April 4th, 2013, the PostgreSQL project announced a security
vulnerability (CVE-2013-1899)
and resulting patch for one of the worst security holes in project history.
According to the
project web page, "this is the first security issue of this
magnitude since 2006." Subscribers can click below for PostgreSQL
core developer Josh Berkus's look at the vulnerability, its impact, and
some questions raised by the project's handling of the vulnerability and
release.
Full Story (comments: 22)
A kernel change breaks GlusterFS
[Kernel] Posted Mar 27, 2013 20:33 UTC (Wed) by mkerrisk
Linus Torvalds has railed frequently and loudly against kernel
developers breaking user space. But that rule is not ironclad; there
are exceptions. The story of how a kernel change caused a GlusterFS
breakage shows that there are sometimes unfortunate twists to those
exceptions.
Full Story (comments: 30)
PyCon: Evangelizing Python
[Front] Posted Mar 27, 2013 16:50 UTC (Wed) by jake
Python core developer Raymond Hettinger's PyCon 2013 keynote had elements of a revival meeting
sermon, but it was also meant to spread the "religion" well beyond those
inside the meeting tent. Hettinger specifically tasked attendees to use
his "What makes Python awesome?" talk as a sales tool with
management and other Python
skeptics. Subscribers can get the full coverage of the talk from this
week's edition at the link below.
Full Story (comments: 81)
Multipath TCP: an overview
[Kernel] Posted Mar 26, 2013 22:36 UTC (Tue) by corbet
The world was a simpler place when the TCP/IP network protocol suite was
first designed. The net was slow and primitive and it was often a triumph
to get a connection to a far-away host at all. The machines at either end
of a TCP session normally did not have to concern themselves with how that
connection was made; such details were left to routers. As a result, TCP
is built around the notion of a (single) connection between two hosts. The
Multipath TCP (MPTCP) project looks
to change that view of networking by adding support for multiple transport
paths to the endpoints; it offers a lot of benefits, but designing a
deployable protocol for today's Internet is surprisingly hard.
Full Story (comments: 72)
Anatomy of a user namespaces vulnerability
[Kernel] Posted Mar 20, 2013 21:10 UTC (Wed) by mkerrisk
An exploit posted on March 13
revealed a rather easily exploitable security vulnerability (CVE 2013-1858)
in the implementation of user namespaces. That exploit enables an
unprivileged user to escalate to full root privileges. Although a fix was
quickly provided, it is nevertheless instructive to look in some detail at
the vulnerability, both to better understand the nature of this kind of
exploit and also to briefly consider how this vulnerability came to appear
inside the user namespaces implementation.
Full Story (comments: 30)
| |
Current news
FSFE: German Parliament says: Stop Granting Software Patents
[Announcements] Posted Apr 23, 2013 18:55 UTC (Tue) by ris
The Free Software Foundation Europe reports that the German Parliament has
adopted a joint motion against software patents. "In the resolution,
the Parliament says that patents on software restrict developers from
exercising their copyright privileges, including the right to distribute
their programs as Free Software. Patents help to create monopolies in the
software market, and hurt innovation and job creation. The Parliament calls
on the German government to make sure that Free Software development is not
restricted by patents."
Full Story (comments: 3)
Tuesday's security updates
[Security] Posted Apr 23, 2013 16:23 UTC (Tue) by ris
Debian has updated tinc (code
execution).
Mandriva has updated roundcubemail (ES 5.0; BS 1.0: cross-site scripting/file
disclosure) and mysql (multiple unspecified
vulnerabilities).
Comments (none posted)
Villa: Why feed reading is an open web problem, and what browsers could do about it
[Development] Posted Apr 23, 2013 15:31 UTC (Tue) by n8willis
At his blog, Luis Villa muses on the topic of RSS and what can be learned from Google's decision to kill Google Reader. Villa contends that "the widely perceived failure of RSS is not really a failure of RSS, but rather a failure of the user experience of discovering and subscribing to RSS." In other words, Mozilla and other browser vendors have dropped the ball by not treating feeds as "a first-class web citizen," which helps walled-in, proprietary solutions like Facebook and Twitter. Solving the problem is not simple, he admits, but he does float the idea that browsers "provide a minimum viable product for light web users – possibly by supplementing the current 'here are your favorite sites' links with a clean, light reader focused on only the current top headlines."
Comments (26 posted)
Fedora 19 Alpha released
[Distributions] Posted Apr 23, 2013 14:19 UTC (Tue) by corbet
The Fedora 19 alpha release is available for testers. "We need your help to make Fedora 19 the best release yet, so please
take a moment of your time to download and try out the Alpha and make
sure the things that are important to you are working." There is a
lot of new stuff in this release; see the announcement for an overview.
Full Story (comments: 7)
Security advisories for Monday
[Security] Posted Apr 22, 2013 16:40 UTC (Mon) by ris
Debian has updated curl (cookie
information disclosure).
Fedora has updated xorg-x11-server
(F18: information disclosure) and phpmyadmin (F18; F17:
cross-site scripting).
Mandriva has updated libarchive
(denial of service).
Slackware has updated xorg-server
(information disclosure).
Comments (none posted)
Kernel prepatch 3.9-rc8
[Kernel] Posted Apr 22, 2013 0:46 UTC (Mon) by corbet
The 3.9-rc8 prepatch is out. "Yes, I
was really hoping (and originally planning) to release 3.9 final this
weekend, but we had enough issues that I just didn't feel comfy about
it. It was borderline, and none of the issues were huge, and maybe I could
have called this just 3.9 and opened the merge window, but hey, another
week won't hurt."
Comments (1 posted)
Friday's security updates
[Security] Posted Apr 19, 2013 14:55 UTC (Fri) by n8willis
Fedora has updated icedtea-web
(F17, multiple vulnerabilities), java-1.7.0-openjdk (F17, multiple
vulnerabilities), and kernel (F18,
PAE pagetable corruption).
Mandriva has updated icedtea-web (multiple vulnerabilities)
and java-1.6.0-openjdk (multiple
vulnerabilities).
Oracle has updated java-1.7.0-openjdk (multiple vulnerabilities).
Red Hat has updated java-1.6.0-sun (multiple vulnerabilities)
and java-1.7.0-oracle (multiple
vulnerabilities).
Ubuntu has updated icedtea-web
(multiple vulnerabilities) and kernel
(10.04 LTS, multiple vulnerabilities).
Comments (3 posted)
Huang: The $12 Gongkai Phone
[Development] Posted Apr 18, 2013 19:21 UTC (Thu) by ris
Andrew "bunnie" Huang dissects a Chinese
phone. "However, if you know a bit of Chinese, and know the right
websites to go to, you can download schematics, board layouts, and software
utilities for something rather similar to this phone…”for free”. I could,
in theory, at this point attempt to build a version of this phone for
myself, with minimal cash investment. It feels like open-source, but it’s
not: it’s a different kind of open ecosystem." (Thanks to Paul Wise)
Comments (58 posted)
Thursday's security updates
[Security] Posted Apr 18, 2013 18:35 UTC (Thu) by ris
CentOS has updated java-1.7.0-openjdk (C6; C5:
multiple vulnerabilities) and icedtea-web
(C6: multiple vulnerabilities).
Debian has updated xorg-server
(information disclosure) and xen (denial of
service).
Fedora has updated krb5 (F18;
F17: denial of service), curl (F18: cookie information disclosure), libxslt (F18: denial of service), libuser (F18: multiple vulnerabilities), java-1.7.0-openjdk (F18: multiple
vulnerabilities), and icedtea-web (F18:
multiple vulnerabilities).
Mageia has updated bugzilla
(multiple vulnerabilities), mongodb (code
execution), libarchive (denial of service),
iceape (multiple vulnerabilities), curl (cookie information disclosure), phpmyadmin (cross-site scripting), icedtea-web (multiple vulnerabilities), and java-1.6.0-openjdk (multiple
vulnerabilities).
Oracle has updated kernel (OL5:
multiple vulnerabilities), kernel (OL5:
multiple vulnerabilities), java-1.7.0-openjdk (OL6: multiple
vulnerabilities), and icedtea-web (OL6:
multiple vulnerabilities).
Red Hat has updated java-1.7.0-openjdk (RHEL6; RHEL5:
multiple vulnerabilities) and icedtea-web
(RHEL6: multiple vulnerabilities).
Scientific Linux has updated kernel
(SL5: multiple vulnerabilities), java-1.7.0-openjdk (SL6; SL5:
multiple vulnerabilities), and icedtea-web
(SL6: multiple vulnerabilities).
SUSE has updated java-1_7_0-ibm
(multiple vulnerabilities).
Ubuntu has updated xorg-server
(information disclosure).
Comments (none posted)
Debian 7.0 "Wheezy" release planned for May 5
[Distributions] Posted Apr 18, 2013 16:03 UTC (Thu) by corbet
The (hopefully) final update for the Debian Wheezy release has gone out;
the current plan is to release on May 4 or 5. "The
intention is only to lift the date if something really critical pops up
that is not possible to handle as an errata, or if we end up technically
unable to release that weekend (e.g. a required machine crashes or d-i
explodes in a giant ball of fire)."
Full Story (comments: 12)
--> More news items
|