Welcome to LWN.net

• Previous 20 items

[Distributions] Posted Mar 28, 2013 14:16 UTC (Thu) by corbet

Ars technica has a detailed review of a Firefox OS handset. "So Mozilla has succeeded in building an HTML-based platform that allows Mozilla to build apps that 'feel' native. But the much harder task will be to provide third-party developers tools to build apps with the same level of polish and convince them to use them. So far, the Firefox OS app store seems to have few, if any, examples of third-party apps that meet the high bar Mozilla has set for its own apps."

Comments (none posted)

[Development] Posted Mar 28, 2013 14:09 UTC (Thu) by corbet

The "Meeting C++" blog looks at some proposed changes to the C++ language to be considered in April. "It is proposed to add a library for pipelines to the C++ Standard, that such a pipeline could be implemented in C++ as such:

    (pipeline::from(input_queue) |
      bind(grep, "^Error") |
      bind(vgrep, "test@example.com") |
      bind(sed, "'s/^Error:.*Message: //") |
      output_queue).run(&threadpool);

Comments (68 posted)

[Announcements] Posted Mar 28, 2013 13:28 UTC (Thu) by corbet

Red Hat and Rackspace Hosting have announced that they have won the dismissal of a patent suit by Uniloc USA. Uniloc was asserting patent #5,892,697, which relates to the handling of floating-point numbers. "In dismissing the case, Chief Judge Leonard Davis found that Uniloc's claim was unpatentable under Supreme Court case law that prohibits the patenting of mathematical algorithms. This is the first reported instance in which the Eastern District of Texas has granted an early motion to dismiss finding a patent invalid because it claimed unpatentable subject matter."

Update: see Groklaw for analysis and the text of the decision.

Comments (5 posted)

Posted Mar 28, 2013 1:03 UTC (Thu)

The LWN.net Weekly Edition for March 28, 2013 is available.

Inside this week's LWN.net Weekly Edition

• Front: StatusNet, Identi.ca, and transitioning to pump.io; Protecting communities; Evangelizing Python.
• Security: OpenSSH 6.2; New vulnerabilities in gnome-online-accounts, kernel, libxml2, privoxy, ...
• Kernel: Breaking GlusterFS; Widening ext4's readdir() cookie; Multipath TCP.
• Distributions: GNOME, Fedora, and login-screen logos; Ubuntu, Slackware, Arch, ...
• Development: Asynchronous I/O in Python; GNOME 3.8; C and C++ speed in GCC; replacing Google Reader; ...
• Announcements: Awards for Bassel Khartabil and the TAZ, LF EEU report, videos for PyCon and devconf.cz, ...

Read more

[Development] Posted Mar 27, 2013 21:19 UTC (Wed) by corbet

The GNOME 3.8 release is out. "The exciting new features and improvements in this release include a integrated application search, privacy and sharing settings, notification filtering, a new classic mode, OwnCloud integration, previews of clocks, notes, photos and weather applications, and many more." See the release notes for details.

Full Story (comments: 105)

[Kernel] Posted Mar 27, 2013 20:33 UTC (Wed) by mkerrisk

Linus Torvalds has railed frequently and loudly against kernel developers breaking user space. But that rule is not ironclad; there are exceptions. The story of how a kernel change caused a GlusterFS breakage shows that there are sometimes unfortunate twists to those exceptions.

Full Story (comments: 26)

[Front] Posted Mar 27, 2013 16:50 UTC (Wed) by jake

Python core developer Raymond Hettinger's PyCon 2013 keynote had elements of a revival meeting sermon, but it was also meant to spread the "religion" well beyond those inside the meeting tent. Hettinger specifically tasked attendees to use his "What makes Python awesome?" talk as a sales tool with management and other Python skeptics. Subscribers can get the full coverage of the talk from this week's edition at the link below.

Full Story (comments: 46)

[Kernel] Posted Mar 27, 2013 16:08 UTC (Wed) by ris

Ben Hutchings has released stable kernel 3.2.42 with important fixes throughout the tree.

Comments (none posted)

[Security] Posted Mar 27, 2013 16:05 UTC (Wed) by ris

CentOS has updated perl (C6; C5: multiple vulnerabilities).

Debian has updated icinga (code execution).

openSUSE has updated pigz (information disclosure).

Oracle has updated perl (OL6; OL5: multiple vulnerabilities).

Red Hat has updated perl (multiple vulnerabilities).

Scientific Linux has updated perl (multiple vulnerabilities).

Comments (none posted)

[Security] Posted Mar 27, 2013 14:16 UTC (Wed) by corbet

Matthew Garrett asserts that people attacking UEFI secure boot are aiming at the wrong target. "Those who argue against Secure Boot risk depriving us of the freedom to make a personal decision as to who we trust. Those who argue against Secure Boot while ignoring Restricted Boot risk depriving us of even more. The traditional PC market is decreasing in importance. Unless we do anything about it, free software will be limited to a niche group of enthusiasts who've carefully chosen from a small set of devices that respect user freedom. We should have been campaigning against Restricted Boot 10 years ago. Don't delay it even further by fighting against implementations that already respect user freedom."

Comments (44 posted)

[Security] Posted Mar 27, 2013 13:50 UTC (Wed) by jake

Over at the grsecurity blog, Brad Spengler and the PaX Team have co-written a lengthy look at kernel address space layout randomization (KASLR) and its failures. "KASLR is an easy to understand metaphor. Even non-technical users can make sense of the concept of a moving target being harder to attack. But in this obsession with an acronym outside of any context and consideration of its limitations, we lose sight of the fact that this moving target only moves once and is pretty easy to spot. We forget that the appeal of ASLR was in its cost/benefit ratio, not because of its high benefit, but because of its low cost."

Comments (13 posted)

[Kernel] Posted Mar 26, 2013 22:36 UTC (Tue) by corbet

The world was a simpler place when the TCP/IP network protocol suite was first designed. The net was slow and primitive and it was often a triumph to get a connection to a far-away host at all. The machines at either end of a TCP session normally did not have to concern themselves with how that connection was made; such details were left to routers. As a result, TCP is built around the notion of a (single) connection between two hosts. The Multipath TCP (MPTCP) project looks to change that view of networking by adding support for multiple transport paths to the endpoints; it offers a lot of benefits, but designing a deployable protocol for today's Internet is surprisingly hard.

Full Story (comments: 50)

[Announcements] Posted Mar 26, 2013 20:06 UTC (Tue) by ris

The Spanish association Hispalinux has filed a complaint against Microsoft to the European Commission, Reuters reports. "In its 14-page complaint, Hispalinux said Windows 8 contained an "obstruction mechanism" called UEFI Secure Boot that controls the start-up of the computer and means users must seek keys from Microsoft to install another operating system. The group said it was "a de facto technological jail for computer booting systems ... making Microsoft's Windows platform less neutral than ever"." (Thanks to Pat Read)

Comments (18 posted)

[Development] Posted Mar 26, 2013 19:59 UTC (Tue) by corbet

The H has an extensive survey of available RSS reader applications, both open source and proprietary. "ownCloud is a complete self-hosted service platform that provides file sharing and collaboration features including calendaring, to do lists, a document viewer, and integration with Active Directory and LDAP. The software also includes a feed reader application, which started as a Google Summer of Code effort and takes many design cues from Google Reader."

Comments (7 posted)

[Security] Posted Mar 26, 2013 16:06 UTC (Tue) by ris

CentOS has updated axis (C5: incorrect certificate validation).

Debian has updated libxml2 (denial of service).

openSUSE has updated imagemagick (code execution) and graphicsmagick (denial of service).

Oracle has updated axis (OL5: incorrect certificate validation).

Red Hat has updated axis (RHEL5: incorrect certificate validation).

Scientific Linux has updated axis (SL5: incorrect certificate validation).

Ubuntu has updated ruby (denial of service) and OMAP4 kernel (12.04 LTS: multiple vulnerabilities).

Comments (none posted)

[Development] Posted Mar 25, 2013 23:30 UTC (Mon) by ris

GTK+ 3.8.0 has been released. This version includes support for Wayland 1.0, and contains many new features and performance improvements.

Full Story (comments: 35)

[Security] Posted Mar 25, 2013 17:01 UTC (Mon) by ris

Fedora has updated krb5 (F18: denial of service), euca2ools (F18; F17: insecure snapshots), kernel (F18: multiple vulnerabilities), mimetex (F18; F17: multiple vulnerabilities), and tor (F17: denial of service).

openSUSE has updated nss-pam-ldapd (12.2, 12.1; 12.3; 11.4: code execution) and krb5 (11.4: denial of service).

Scientific Linux has updated OpenIPMI (privilege escalation).

Slackware has updated php (multiple vulnerabilities).

SUSE has updated samba (multiple vulnerabilities in SWAT).

Ubuntu has updated kernel (10.04 LTS: multiple vulnerabilities), EC2 kernel (10.04 LTS: multiple vulnerabilities), OMAP4 kernel (11.10: multiple vulnerabilities), openssl (multiple vulnerabilities), and gnome-online-accounts (information disclosure).

Comments (none posted)

[Development] Posted Mar 24, 2013 16:12 UTC (Sun) by corbet

Sebastian Sauer has announced the availability of the first version of the Calligra office suite for Android systems. For now, the focus is on providing a viewer for ODT documents. "Since bringing a whole Office suite to another platform is a huge task and I am a small team I had to focus. Later on I plan to add doc/docx support, editing, saving and Calligra Sheets (spreadsheets) and Calligra Stage (presentations)." The application can be installed from the Play Store.

Comments (7 posted)

[Kernel] Posted Mar 24, 2013 9:47 UTC (Sun) by mkerrisk

The 3.9-rc4 kernel prepatch is out. Linus says: "Another week, another -rc. And things haven't calmed down, meaning that the nice small and calm -rc2 was definitely the outlier so far. … While it hasn't been as calm as I'd like things to be, it's not like things have been hugely exciting either. Most of this really is pretty trivial. It's all over, with the bulk in drivers (drm, md, net, mtd, usb, sound), but also some arch updates (powerpc, arm, sparc, x86) and filesystem work (cifs, ext4)."

Comments (none posted)

[Development] Posted Mar 23, 2013 13:32 UTC (Sat) by corbet

John Regehr explains how new optimizations in GCC 4.8.0 can break code making use of undefined behavior. "A C compiler, upon seeing d[++k], is permitted to assume that the incremented value of k is within the array bounds, since otherwise undefined behavior occurs. For the code here, GCC can infer that k is in the range 0..15. A bit later, when GCC sees k<16, it says to itself: 'Aha-- that expression is always true, so we have an infinite loop.'"

Comments (63 posted)

• Next 20 items