Welcome to LWN.net

LWN featured content

The 2013 Linux Filesystem, Storage, and Memory Management Summit was held April 18 and 19 in San Francisco, California, immediately after the Linux Foundation's Collaboration Summit. The first set of notes from that gathering is now available; at this point, we have most of the plenary sessions and the entire memory management track written up. The rest of our notes from the Summit will be added in the near future.

Full Story (comments: none)

Since the demise of core memory, there has been a fundamental dichotomy in data storage technology: memory is either fast and ephemeral, or slow and persistent. The situation is changing, though, and that leads to some interesting challenges for the Linux kernel. How will we adapt to the coming world where nonvolatile memory (NVM) devices are commonplace? Ric Wheeler led a session at the 2013 Linux Foundation Collaboration Summit to discuss this issue.

Full Story (comments: 15)

Rust, the new programming language being developed by the Mozilla project, has a number of interesting features. One that stands out is the focus on safety. There are clear attempts to increase the range of errors that the compiler can detect and prevent, and thereby reduce the number of errors that end up in production code.

Click below (subscribers only) for an overview of the Rust language by LWN contributor Neil Brown.

Full Story (comments: 60)

Given Eben Moglen's long association with the Free Software Foundation, his work on drafting the GPLv3, and his role as President and Executive Director of the Software Freedom Law Center, his talk at the 2013 Free Software Legal and Licensing Workshop promised to be thought-provoking. He chose to focus on two topics that he saw as particularly relevant for the free software ecosystem within the next five years: patents and the decline of copyleft licenses.

Full Story (comments: 48)

The sixth Free Software Legal and Licensing Workshop, which took place on 4-5 April 2013 in Amsterdam, opened with a keynote from Stefano "Zack" Zacchiroli, the Debian Project Leader (DPL) for the last three years. Zack's aim was to provide the assembled lawyers with an overview of the kinds of legal issues that are faced by Debian and other free software projects and provide suggestions about how lawyers can help free software projects.

Full Story (comments: 13)

On April 4th, 2013, the PostgreSQL project announced a security vulnerability (CVE-2013-1899) and resulting patch for one of the worst security holes in project history. According to the project web page, "this is the first security issue of this magnitude since 2006." Subscribers can click below for PostgreSQL core developer Josh Berkus's look at the vulnerability, its impact, and some questions raised by the project's handling of the vulnerability and release.

Full Story (comments: 22)

Linus Torvalds has railed frequently and loudly against kernel developers breaking user space. But that rule is not ironclad; there are exceptions. The story of how a kernel change caused a GlusterFS breakage shows that there are sometimes unfortunate twists to those exceptions.

Full Story (comments: 30)

Python core developer Raymond Hettinger's PyCon 2013 keynote had elements of a revival meeting sermon, but it was also meant to spread the "religion" well beyond those inside the meeting tent. Hettinger specifically tasked attendees to use his "What makes Python awesome?" talk as a sales tool with management and other Python skeptics. Subscribers can get the full coverage of the talk from this week's edition at the link below.

Full Story (comments: 81)

The world was a simpler place when the TCP/IP network protocol suite was first designed. The net was slow and primitive and it was often a triumph to get a connection to a far-away host at all. The machines at either end of a TCP session normally did not have to concern themselves with how that connection was made; such details were left to routers. As a result, TCP is built around the notion of a (single) connection between two hosts. The Multipath TCP (MPTCP) project looks to change that view of networking by adding support for multiple transport paths to the endpoints; it offers a lot of benefits, but designing a deployable protocol for today's Internet is surprisingly hard.

Full Story (comments: 72)

An exploit posted on March 13 revealed a rather easily exploitable security vulnerability (CVE 2013-1858) in the implementation of user namespaces. That exploit enables an unprivileged user to escalate to full root privileges. Although a fix was quickly provided, it is nevertheless instructive to look in some detail at the vulnerability, both to better understand the nature of this kind of exploit and also to briefly consider how this vulnerability came to appear inside the user namespaces implementation.

Full Story (comments: 30)

Current news

The Free Software Foundation Europe reports that the German Parliament has adopted a joint motion against software patents. "In the resolution, the Parliament says that patents on software restrict developers from exercising their copyright privileges, including the right to distribute their programs as Free Software. Patents help to create monopolies in the software market, and hurt innovation and job creation. The Parliament calls on the German government to make sure that Free Software development is not restricted by patents."

Full Story (comments: 3)

Debian has updated tinc (code execution).

Mandriva has updated roundcubemail (ES 5.0; BS 1.0: cross-site scripting/file disclosure) and mysql (multiple unspecified vulnerabilities).

Comments (none posted)

At his blog, Luis Villa muses on the topic of RSS and what can be learned from Google's decision to kill Google Reader. Villa contends that "the widely perceived failure of RSS is not really a failure of RSS, but rather a failure of the user experience of discovering and subscribing to RSS." In other words, Mozilla and other browser vendors have dropped the ball by not treating feeds as "a first-class web citizen," which helps walled-in, proprietary solutions like Facebook and Twitter. Solving the problem is not simple, he admits, but he does float the idea that browsers "provide a minimum viable product for light web users – possibly by supplementing the current 'here are your favorite sites' links with a clean, light reader focused on only the current top headlines."

Comments (26 posted)

The Fedora 19 alpha release is available for testers. "We need your help to make Fedora 19 the best release yet, so please take a moment of your time to download and try out the Alpha and make sure the things that are important to you are working." There is a lot of new stuff in this release; see the announcement for an overview.

Full Story (comments: 7)

Debian has updated curl (cookie information disclosure).

Fedora has updated xorg-x11-server (F18: information disclosure) and phpmyadmin (F18; F17: cross-site scripting).

Mandriva has updated libarchive (denial of service).

Slackware has updated xorg-server (information disclosure).

Comments (none posted)

The 3.9-rc8 prepatch is out. "Yes, I was really hoping (and originally planning) to release 3.9 final this weekend, but we had enough issues that I just didn't feel comfy about it. It was borderline, and none of the issues were huge, and maybe I could have called this just 3.9 and opened the merge window, but hey, another week won't hurt."

Comments (1 posted)

Fedora has updated icedtea-web (F17, multiple vulnerabilities), java-1.7.0-openjdk (F17, multiple vulnerabilities), and kernel (F18, PAE pagetable corruption).

Mandriva has updated icedtea-web (multiple vulnerabilities) and java-1.6.0-openjdk (multiple vulnerabilities).

Oracle has updated java-1.7.0-openjdk (multiple vulnerabilities).

Red Hat has updated java-1.6.0-sun (multiple vulnerabilities) and java-1.7.0-oracle (multiple vulnerabilities).

Ubuntu has updated icedtea-web (multiple vulnerabilities) and kernel (10.04 LTS, multiple vulnerabilities).

Comments (3 posted)

Andrew "bunnie" Huang dissects a Chinese phone. "However, if you know a bit of Chinese, and know the right websites to go to, you can download schematics, board layouts, and software utilities for something rather similar to this phone…”for free”. I could, in theory, at this point attempt to build a version of this phone for myself, with minimal cash investment. It feels like open-source, but it’s not: it’s a different kind of open ecosystem." (Thanks to Paul Wise)

Comments (58 posted)

CentOS has updated java-1.7.0-openjdk (C6; C5: multiple vulnerabilities) and icedtea-web (C6: multiple vulnerabilities).

Debian has updated xorg-server (information disclosure) and xen (denial of service).

Fedora has updated krb5 (F18; F17: denial of service), curl (F18: cookie information disclosure), libxslt (F18: denial of service), libuser (F18: multiple vulnerabilities), java-1.7.0-openjdk (F18: multiple vulnerabilities), and icedtea-web (F18: multiple vulnerabilities).

Mageia has updated bugzilla (multiple vulnerabilities), mongodb (code execution), libarchive (denial of service), iceape (multiple vulnerabilities), curl (cookie information disclosure), phpmyadmin (cross-site scripting), icedtea-web (multiple vulnerabilities), and java-1.6.0-openjdk (multiple vulnerabilities).

Oracle has updated kernel (OL5: multiple vulnerabilities), kernel (OL5: multiple vulnerabilities), java-1.7.0-openjdk (OL6: multiple vulnerabilities), and icedtea-web (OL6: multiple vulnerabilities).

Red Hat has updated java-1.7.0-openjdk (RHEL6; RHEL5: multiple vulnerabilities) and icedtea-web (RHEL6: multiple vulnerabilities).

Scientific Linux has updated kernel (SL5: multiple vulnerabilities), java-1.7.0-openjdk (SL6; SL5: multiple vulnerabilities), and icedtea-web (SL6: multiple vulnerabilities).

SUSE has updated java-1_7_0-ibm (multiple vulnerabilities).

Ubuntu has updated xorg-server (information disclosure).

Comments (none posted)

The (hopefully) final update for the Debian Wheezy release has gone out; the current plan is to release on May 4 or 5. "The intention is only to lift the date if something really critical pops up that is not possible to handle as an errata, or if we end up technically unable to release that weekend (e.g. a required machine crashes or d-i explodes in a giant ball of fire)."

Full Story (comments: 12)

--> More news items