Hands-on with Mozilla’s Web-based “Firefox OS” (ars technica)
[Distributions] Posted Mar 28, 2013 14:16 UTC (Thu) by corbet
Ars technica has a
detailed review of a Firefox OS handset. "So Mozilla has
succeeded in building an HTML-based platform that allows Mozilla to build
apps that 'feel' native. But the much harder task will be to provide
third-party developers tools to build apps with the same level of polish
and convince them to use them. So far, the Firefox OS app store seems to
have few, if any, examples of third-party apps that meet the high bar
Mozilla has set for its own apps."
Comments (none posted)
A look at C++14, part 1
[Development] Posted Mar 28, 2013 14:09 UTC (Thu) by corbet
The "Meeting C++" blog looks
at some proposed changes to the C++ language to be considered in
April. "It is proposed to add a library for pipelines to the C++
Standard, that such a pipeline could be implemented in C++ as such:
(pipeline::from(input_queue) |
bind(grep, "^Error") |
bind(vgrep, "test@example.com") |
bind(sed, "'s/^Error:.*Message: //") |
output_queue).run(&threadpool);
Comments (68 posted)
Red Hat and Rackspace face down a patent troll
[Announcements] Posted Mar 28, 2013 13:28 UTC (Thu) by corbet
Red Hat and Rackspace Hosting have announced
that they have won the dismissal of a patent suit by Uniloc USA. Uniloc
was asserting patent
#5,892,697, which relates to the handling of floating-point numbers.
"In dismissing the case, Chief Judge Leonard Davis found that
Uniloc's claim was unpatentable under Supreme Court case law that prohibits
the patenting of mathematical algorithms. This is the first reported
instance in which the Eastern District of Texas has granted an early motion
to dismiss finding a patent invalid because it claimed unpatentable subject
matter."
Update: see Groklaw
for analysis and the text of the decision.
Comments (5 posted)
[$] LWN.net Weekly Edition for March 28, 2013
Posted Mar 28, 2013 1:03 UTC (Thu)
The LWN.net Weekly Edition for March 28, 2013 is available.
Inside this week's LWN.net Weekly Edition
- Front: StatusNet, Identi.ca, and transitioning to pump.io; Protecting communities; Evangelizing Python.
- Security: OpenSSH 6.2; New vulnerabilities in gnome-online-accounts, kernel, libxml2, privoxy, ...
- Kernel: Breaking GlusterFS; Widening ext4's readdir() cookie; Multipath TCP.
- Distributions: GNOME, Fedora, and login-screen logos; Ubuntu, Slackware, Arch, ...
- Development: Asynchronous I/O in Python; GNOME 3.8; C and C++ speed in GCC; replacing Google Reader; ...
- Announcements: Awards for Bassel Khartabil and the TAZ, LF EEU report, videos for PyCon and devconf.cz, ...
Read more
GNOME 3.8 released
[Development] Posted Mar 27, 2013 21:19 UTC (Wed) by corbet
The GNOME 3.8 release is out. "The exciting new features and
improvements in this release include a integrated application search,
privacy and sharing settings, notification filtering, a new classic
mode, OwnCloud integration, previews of clocks, notes, photos and
weather applications, and many more." See the release notes
for details.
Full Story (comments: 105)
[$] A kernel change breaks GlusterFS
[Kernel] Posted Mar 27, 2013 20:33 UTC (Wed) by mkerrisk
Linus Torvalds has railed frequently and loudly against kernel
developers breaking user space. But that rule is not ironclad; there
are exceptions. The story of how a kernel change caused a GlusterFS
breakage shows that there are sometimes unfortunate twists to those
exceptions.
Full Story (comments: 26)
[$] PyCon: Evangelizing Python
[Front] Posted Mar 27, 2013 16:50 UTC (Wed) by jake
Python core developer Raymond Hettinger's PyCon 2013 keynote had elements of a revival meeting
sermon, but it was also meant to spread the "religion" well beyond those
inside the meeting tent. Hettinger specifically tasked attendees to use
his "What makes Python awesome?" talk as a sales tool with
management and other Python
skeptics. Subscribers can get the full coverage of the talk from this
week's edition at the link below.
Full Story (comments: 46)
Stable kernel 3.2.42
[Kernel] Posted Mar 27, 2013 16:08 UTC (Wed) by ris
Ben Hutchings has released stable kernel 3.2.42 with important fixes throughout the tree.
Comments (none posted)
Security advisories for Wednesday
[Security] Posted Mar 27, 2013 16:05 UTC (Wed) by ris
CentOS has updated perl (C6;
C5: multiple vulnerabilities).
Debian has updated icinga (code
execution).
openSUSE has updated pigz
(information disclosure).
Oracle has updated perl (OL6;
OL5: multiple vulnerabilities).
Red Hat has updated perl (multiple
vulnerabilities).
Scientific Linux has updated perl
(multiple vulnerabilities).
Comments (none posted)
Garrett: Secure Boot and Restricted Boot
[Security] Posted Mar 27, 2013 14:16 UTC (Wed) by corbet
Matthew Garrett asserts that people
attacking UEFI secure boot are aiming at the wrong target. "Those
who argue against Secure Boot risk depriving us of the freedom to make a
personal decision as to who we trust. Those who argue against Secure Boot
while ignoring Restricted Boot risk depriving us of even more. The
traditional PC market is decreasing in importance. Unless we do anything
about it, free software will be limited to a niche group of enthusiasts
who've carefully chosen from a small set of devices that respect user
freedom. We should have been campaigning against Restricted Boot 10 years
ago. Don't delay it even further by fighting against implementations that
already respect user freedom."
Comments (44 posted)
KASLR: An Exercise in Cargo Cult Security (grsecurity blog)
[Security] Posted Mar 27, 2013 13:50 UTC (Wed) by jake
Over at the grsecurity blog, Brad Spengler and the PaX Team have co-written a lengthy look at kernel address space layout randomization (KASLR) and its failures. "KASLR is an easy to understand metaphor. Even non-technical users can make sense of the concept of a moving target being harder to attack. But in this obsession with an acronym outside of any context and consideration of its limitations, we lose sight of the fact that this moving target only moves once and is pretty easy to spot. We forget that the appeal of ASLR was in its cost/benefit ratio, not because of its high benefit, but because of its low cost."
Comments (13 posted)
[$] Multipath TCP: an overview
[Kernel] Posted Mar 26, 2013 22:36 UTC (Tue) by corbet
The world was a simpler place when the TCP/IP network protocol suite was
first designed. The net was slow and primitive and it was often a triumph
to get a connection to a far-away host at all. The machines at either end
of a TCP session normally did not have to concern themselves with how that
connection was made; such details were left to routers. As a result, TCP
is built around the notion of a (single) connection between two hosts. The
Multipath TCP (MPTCP) project looks
to change that view of networking by adding support for multiple transport
paths to the endpoints; it offers a lot of benefits, but designing a
deployable protocol for today's Internet is surprisingly hard.
Full Story (comments: 50)
Linux users file EU complaint against Microsoft (Reuters)
[Announcements] Posted Mar 26, 2013 20:06 UTC (Tue) by ris
The Spanish association Hispalinux has filed a complaint against Microsoft
to the European Commission, Reuters reports.
"In its 14-page complaint, Hispalinux said Windows 8 contained an
"obstruction mechanism" called UEFI Secure Boot that controls the start-up
of the computer and means users must seek keys from Microsoft to install
another operating system. The group said it was "a de facto technological
jail for computer booting systems ... making Microsoft's Windows platform
less neutral than ever"." (Thanks to Pat Read)
Comments (18 posted)
Replacing Google Reader (The H)
[Development] Posted Mar 26, 2013 19:59 UTC (Tue) by corbet
The H has an
extensive survey of available RSS reader applications, both open source
and proprietary. "ownCloud is a complete self-hosted service
platform that provides file sharing and collaboration features including
calendaring, to do lists, a document viewer, and integration with Active
Directory and LDAP. The software also includes a feed reader application,
which started as a Google Summer of Code effort and takes many design cues
from Google Reader."
Comments (7 posted)
Tuesday's security updates
[Security] Posted Mar 26, 2013 16:06 UTC (Tue) by ris
CentOS has updated axis (C5:
incorrect certificate validation).
Debian has updated libxml2 (denial
of service).
openSUSE has updated imagemagick
(code execution) and graphicsmagick (denial
of service).
Oracle has updated axis (OL5:
incorrect certificate validation).
Red Hat has updated axis (RHEL5:
incorrect certificate validation).
Scientific Linux has updated axis
(SL5: incorrect certificate validation).
Ubuntu has updated ruby (denial of
service) and OMAP4 kernel (12.04 LTS:
multiple vulnerabilities).
Comments (none posted)
GTK+ 3.8.0 released
[Development] Posted Mar 25, 2013 23:30 UTC (Mon) by ris
GTK+ 3.8.0 has been released. This version includes support for Wayland
1.0, and contains many new features and performance improvements.
Full Story (comments: 35)
Security advisories for Monday
[Security] Posted Mar 25, 2013 17:01 UTC (Mon) by ris
Fedora has updated krb5 (F18: denial
of service), euca2ools (F18; F17: insecure snapshots), kernel (F18: multiple vulnerabilities),
mimetex (F18; F17: multiple vulnerabilities), and tor (F17: denial of service).
openSUSE has updated nss-pam-ldapd (12.2, 12.1; 12.3; 11.4:
code execution) and krb5 (11.4: denial of
service).
Scientific Linux has updated OpenIPMI (privilege escalation).
Slackware has updated php (multiple
vulnerabilities).
SUSE has updated samba (multiple
vulnerabilities in SWAT).
Ubuntu has updated kernel
(10.04 LTS: multiple vulnerabilities), EC2
kernel (10.04 LTS: multiple vulnerabilities), OMAP4 kernel (11.10: multiple
vulnerabilities), openssl (multiple
vulnerabilities), and gnome-online-accounts
(information disclosure).
Comments (none posted)
Calligra document viewer available on Android
[Development] Posted Mar 24, 2013 16:12 UTC (Sun) by corbet
Sebastian Sauer has announced
the availability of the first version of the Calligra office suite for Android
systems. For now, the focus is on providing a viewer for ODT documents.
"Since bringing a whole Office suite to another platform is a huge
task and I am a small team I had to focus. Later on I plan to add doc/docx
support, editing, saving and Calligra Sheets (spreadsheets) and Calligra
Stage (presentations)." The application can be installed from the
Play Store.
Comments (7 posted)
Kernel prepatch 3.9-rc4
[Kernel] Posted Mar 24, 2013 9:47 UTC (Sun) by mkerrisk
The 3.9-rc4 kernel prepatch is out. Linus
says: "Another week, another -rc. And things haven't calmed down, meaning that the nice small and calm -rc2 was definitely the outlier so far.
… While it hasn't been as calm as I'd like things to be, it's not like
things have been hugely exciting either. Most of this really is
pretty trivial. It's all over, with the bulk in drivers (drm, md, net,
mtd, usb, sound), but also some arch updates (powerpc, arm, sparc,
x86) and filesystem work (cifs, ext4)."
Comments (none posted)
Regehr: GCC 4.8 Breaks Broken SPEC 2006 Benchmarks
[Development] Posted Mar 23, 2013 13:32 UTC (Sat) by corbet
John Regehr explains how
new optimizations in GCC 4.8.0 can break code making use of undefined
behavior. "A C compiler, upon seeing d[++k], is permitted to assume
that the incremented value of k is within the array bounds, since otherwise
undefined behavior occurs. For the code here, GCC can infer that k is in
the range 0..15. A bit later, when GCC sees k<16, it says to itself: 'Aha--
that expression is always true, so we have an infinite loop.'"
Comments (63 posted)