Welcome to LWN.net

LWN featured content

XBMC, the open source media center, has steadily grown from its humble origins as an X-Box only replacement environment into the cross-platform, de facto playback front-end for multimedia content. It merges the file-centric approach taken by traditional video players with an add-on scripting environment that handles remote web content. The project is currently finalizing its next major release, version 11.0 (codenamed Eden), which includes updates to the networking and video acceleration subsystems, broader hardware support, and numerous changes to the APIs available to add-on developers.

Click below (subscribers only) for the full review.

Full Story (comments: 11)

The eLinux.org web site is currently promoting a project to write a replacement for Busybox under a permissive license. Normally, the writing of more free software is seen as a good thing, but, in this case, there have been complaints about the perceived motivation behind the project. What this discussion shows is that there are some divisions within our community on how our licenses should be enforced - and even what those licenses say.

Full Story (comments: 220)

"World domination" is a less prevalent theme in Linux and open source discussions these days than it was some time ago, but it still comes up regularly in one field of study: robots. At the 2012 Southern California Linux Expo (SCALE) in Los Angeles, Willow Garage's Tully Foote described the Robot Operating System (ROS) project, an open source stack for state-of-the-art robotics. ROS is in use by industry and academic research projects, often on hardware that runs in the hundreds-of-thousands of dollars range, but it is capable of running on low end and homebrew robots, too.

Click below (subscribers only) for the full report from SCALE 10x.

Full Story (comments: 4)

Linux has a lot of filesystems, but two of them (ext4 and btrfs) tend to get most of the attention. In his 2012 linux.conf.au talk, XFS developer Dave Chinner served notice that he thinks more users should be considering XFS. His talk covered work that has been done to resolve the biggest scalability problems in XFS and where he thinks things will go in the future. If he has his way, we will see a lot more XFS around in the coming years.

Full Story (comments: 252)

Bruce Perens wore a suit and tie for his linux.conf.au 2012 keynote for a reason, he said: it reflects our community's need to think more about how it appears to the rest of the world. Despite our many successes, he said, we have failed to achieve the goals that our community set for itself many years ago. We have failed to engage and educate our users, and are finding ourselves pulled into an increasingly constrained world. To get out of this mess, we will have to make some changes - and expand our scope beyond software and culture.

Full Story (comments: 157)

The systems administration miniconf at the 2012 linux.conf.au hosted 'a casual conversation' with a group of core Samba developers on the project's near future roadmap and the plans for Samba 4. Andrew "Tridge" Tridgell led off by saying that the last a lot of people had heard about the project's plans came from "an article in a disreputable web site." The discussion reported on there was "very exciting," in that it moved the project's point of view on the Samba 4 release from "someday" to "let's get ready for a release." Since then, things have gotten quiet, but that does not mean that nothing has been happening.

Click below (subscribers only) for the full report from LCA 2012.

Full Story (comments: 13)

Developers for several scripting language projects are currently scrambling to fix a newly-disclosed denial of service vulnerability caused by predictable hashing algorithms. As it happens, the term "newly disclosed" does not quite apply here, though: the problem has been known since 2003. Click below (subscribers only) for a description of this problem, its history, and its solution from this week's Security Page.

Full Story (comments: 74)

Recently, certain corners of the net have carried the claim that Barnes & Noble is refusing to release the source for the kernel shipped in its "Nook Tablet" book reader device. That, of course, would be a violation of the kernel's licensing. GPL violations are far from unheard of in the mobile electronics market, but B&N is a company with a high-enough profile to attract special attention. A look at what is going on suggests that there is less to the story than meets the eye - but it still merits a look.

Click below (subscribers only) for the full story.

Full Story (comments: 74)

Toward the end of December, LWN looked at the new push to move various subsystems specific to Android kernels into the mainline. There seems to be broad agreement that merging this code makes sense, but that agreement becomes rather less clear once the discussion moves to the merging of specific subsystems. Tim Bird's request for comments on the Android "logger" mechanism shows that, even with a relatively simple piece of code, there is still a lot of room for disagreement and problems can turn out to be larger than expected.

Full Story (comments: 42)

Welcome to 2012. This is the first LWN Weekly Edition of the year, and that can only mean one thing: it is time for your editor to go out on a limb and make a number of predictions for the coming year that, by the end of the year, will look thoroughly clueless and misguided. Even your editor can foresee, though, that it is going to be an interesting and highly political year. Click below (subscribers only) to see what foolishness has been predicted for 2012.

Full Story (comments: 91)

Current news

GNOME design team member Allan Day writes about ideas in GNOME 3 application design on his blog. In the article, he looks at the use of maximized windows, views, primary toolbars, and more. The design team is documenting these ideas in a new version of the GNOME Human Interface Guidelines (HIG). "There are many other application design patterns that we've been working on, including application menus, a new grid view for displaying collections of content, in-app notifications, new models for dialogs, nice full screen controls and a sidebar list pattern. Together, these provide the opportunity to create applications that efficient, modern, elegant, and a pleasure to use."

Comments (50 posted)

Over on his blog, Harald Welte comments on GPL enforcement in light of the Busybox/Toybox controversy. "In any kind of GPL enforcement, you of course not only want the complete corresponding source code to one program, but to all of the GPL/LGPL/AGPL or otherwise copyleft licensed programs contained in the product. We at gpl-violations.org have always been requesting the complete corresponding source code to all GPL licensed software during our communication with the infringing companies. This request was typically honored by everyone, without the need to apply any pressure onto it. After all, releasing only one bit of code causes the risk to get sued by somebody else who owns the other not-yet-compliant part of the code. [...] Now there have been rumors that SFC was not only requesting non-Busybox source code, but also making it a condition for the explicit re-instatement of the license on Busybox. Whether or not there was such a hard condition is subject to debate and there are different opinions on it. For those in the field of FOSS licensing, it has always known that there are different lines of thought with regard to the requirement to explicit reinstatement. We in Germany generally think that it is not required at all, and the existing preliminary injunctions at least implicitly acknowledge that as they enjoin companies from distributing a product as long as it is not in compliance with the license. In other (particularly the U.S.), it is generally assumed that explicit reinstatement is required."

Comments (24 posted)

CentOS has updated C5: kernel (multiple vulnerabilities).

Fedora has updated F15: firefox (multiple vulnerabilities), F15: thunderbird (multiple vulnerabilities), F15: xulrunner (multiple vulnerabilities), F15: perl-gtk2-mozembed (multiple vulnerabilities), F15: gstreamer-plugins-bad-free (multiple vulnerabilities), F15: libvpx (multiple vulnerabilities), F15: gnome-python2-extras (multiple vulnerabilities), F15: thunderbird-lightning (multiple vulnerabilities), and F15: znc (denial of service).

Ubuntu has updated openssl (multiple vulnerabilities) and php (multiple vulnerabilities).

Comments (1 posted)

The first official releases of the Wayland display system, now split into two pieces called "Wayland" and "Weston," are now available. What's not immediately available is a lot of information about what capabilities are in this release or how usable it is. "Wayland is the protocol and IPC mechanism while Weston is the reference compositor implementation. The 0.85 branch in both repositories is going to be protocol and interface stable. We have a series of protocol changes on the table before 1.0 but this branch marks a stable point before we jump into that."

Full Story (comments: 16)

The Chromium Blog has an overview of the new JavaScript features expected in a major revision of the language next year. "A proxy simulates a JavaScript object or function, and can customize just about any aspect of their behaviour that you can imagine. This is a real power feature, that takes reflection to a new level and can be used to implement various advanced abstractions and interfaces."

Comments (7 posted)

Well, that was quick. The jury in a patent lawsuit against eight companies that use "interactive web" technologies has found the Eolas Technologies patent to be invalid, according to a report at ars technica. "[Tim] Berners-Lee took to Twitter to cheer the decision. 'Texas jury agreed Eolas 906 patent invalid,' he wrote. 'Good thing too!' [...] Companies that depend on the open Web hailed the verdict. 'We are pleased that the court found the patents invalid, as it affirms our assertion that the claims are without merit,' a Google spokesperson told Ars."

Comments (47 posted)

The Lima driver project has released the code for its open source graphics driver supporting the Mali-200 and Mali-400 GPUs. "The aim of this driver is to finally bring all the advantages of open source software to ARM SoC graphics drivers. Currently, the sole availability of binary drivers is increasing development and maintenance overhead, while also reducing portability, compatibility and limiting choice. Anyone who has dealt with GPU support on ARM, be it for a linux with a GNU stack, or for an android, knows the pain of dealing with these binaries. Lima is going to solve this for you, but some time is needed still to get there." (Thanks to Paul Wise.)

Comments (9 posted)

CentOS has updated squirrelmail (C4; C5: multiple vulnerabilities) and mysql (C6: multiple unspecified vulnerabilities).

Debian has updated icedove (multiple vulnerabilities) and cvs (remote code execution).

Fedora has updated ettercap (F15; F16: insecure settings file), mysql (F16: multiple unspecified vulnerabilities), maniadrive (F16: PHP remote code execution), php (F16: remote code execution), php-eaccelerator (F16: remote code execution), and samba (F16: denial of service).

Mandriva has updated wireshark (multiple vulnerabilities).

openSUSE has updated firefox (multiple vulnerabilities), curl (authentication bypass), powerdns (denial of service), kernel (11.3; 11.4: multiple vulnerabilities), kvm (two vulnerabilities), tomcat6 (multiple vulnerabilities), apache2 (11.3; 11.4: multiple vulnerabilities), squid3 (denial of service), gnutls (denial of service), dovecot20 (certificate spoofing), xorg-x11-server (two vulnerabilities), ruby (multiple vulnerabilities), curl (multiple vulnerabilities), firefox (multiple vulnerabilities), nginx (code execution), lighttpd (denial of service), sysconfig (code execution), and opera (multiple vulnerabilities).

Oracle has updated squirrelmail (OL4; OL5: multiple vulnerabilities) and mysql (OL6: multiple unspecified vulnerabilities).

Red Hat has updated squirrelmail (RHEL 4&5: multiple vulnerabilities), libxml2 (RHEL 5.6: code execution), mysql (RHEL 6: multiple unspecified vulnerabilities), and kernel (RHEL 5: multiple vulnerabilities).

Scientific Linux has updated squirrelmail (SL4&5: multiple vulnerabilities) and mysql (SL6: multiple unspecified vulnerabilities).

SUSE has updated xulrunner (SLE 11 SP1: multiple vulnerabilities) and firefox (SLE 10 SP4: multiple vulnerabilities).

Comments (1 posted)

Here's a variant on the "untrustworthy SSL certificate authority" theme: this ComputerWorld story describes how Trustwave issued a "subordinate root" certificate to a private company. That allowed said company to stamp out certificates for any domains it liked and conduct man-in-the-middle attacks against SSL traffic from its internal network. "Trustwave defended itself by saying that the issuing of subordinate roots to private companies, so they can inspect the SSL-encrypted traffic that passes through their networks, is a common practice in the industry."

Comments (39 posted)

Ars technica is reporting on a patent trial taking place in ... you guessed it ... East Texas that could have quite an impact on the web as we know it. Eolas Technologies is suing eight companies including Google and Yahoo for $600 million in a series of four trials, the first of which (to determine the validity of the patents) could go to the jury today. "Today, Doyle and his lawyers say he’s owed royalty payments for the use of a stunning array of modern Web technologies. Watching online video, having a "search suggestion" pop up in a search bar, or even rotating an image of a sweater you might want to buy on an online shopping site—all are said to infringe on the idea-space of Doyle and his company, Eolas Technologies."

Comments (3 posted)

--> More news items