LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly edition

Current [$]: Jacob Appelbaum • An LCA 2012 summary • Rampaging Robots • /proc/pid/mem • Automotive Linux • XFS • ...

Previous: Samba 4 • Tizen • Addressing the failure of open source • SOPA and PIPA • System call filtering • Ubuntu ARM • Multi-touch • ...

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Welcome to LWN.net

LWN featured content

[$] Robots rampage (in a friendly way) at SCALE 10X
[Front] Posted Jan 25, 2012 19:50 UTC (Wed) by jake

[Flying robot shark] "World domination" is a less prevalent theme in Linux and open source discussions these days than it was some time ago, but it still comes up regularly in one field of study: robots. At the 2012 Southern California Linux Expo (SCALE) in Los Angeles, Willow Garage's Tully Foote described the Robot Operating System (ROS) project, an open source stack for state-of-the-art robotics. ROS is in use by industry and academic research projects, often on hardware that runs in the hundreds-of-thousands of dollars range, but it is capable of running on low end and homebrew robots, too.

Click below (subscribers only) for the full report from SCALE 10x.

Full Story (comments: 3)

[$] XFS: the filesystem of the future?
[Kernel] Posted Jan 20, 2012 20:01 UTC (Fri) by corbet

Linux has a lot of filesystems, but two of them (ext4 and btrfs) tend to get most of the attention. In his 2012 linux.conf.au talk, XFS developer Dave Chinner served notice that he thinks more users should be considering XFS. His talk covered work that has been done to resolve the biggest scalability problems in XFS and where he thinks things will go in the future. If he has his way, we will see a lot more XFS around in the coming years.

Full Story (comments: 126)

LCA: Addressing the failure of open source
[Front] Posted Jan 17, 2012 22:05 UTC (Tue) by corbet

[Bruce Perens] Bruce Perens wore a suit and tie for his linux.conf.au 2012 keynote for a reason, he said: it reflects our community's need to think more about how it appears to the rest of the world. Despite our many successes, he said, we have failed to achieve the goals that our community set for itself many years ago. We have failed to engage and educate our users, and are finding ourselves pulled into an increasingly constrained world. To get out of this mess, we will have to make some changes - and expand our scope beyond software and culture.

Full Story (comments: 128)

LCA: A Samba 4 update
[Front] Posted Jan 16, 2012 19:18 UTC (Mon) by corbet

The systems administration miniconf at the 2012 linux.conf.au hosted 'a casual conversation' with a group of core Samba developers on the project's near future roadmap and the plans for Samba 4. Andrew "Tridge" Tridgell led off by saying that the last a lot of people had heard about the project's plans came from "an article in a disreputable web site." The discussion reported on there was "very exciting," in that it moved the project's point of view on the Samba 4 release from "someday" to "let's get ready for a release." Since then, things have gotten quiet, but that does not mean that nothing has been happening.

Click below (subscribers only) for the full report from LCA 2012.

Full Story (comments: 13)

Denial of service via hash collisions
[Security] Posted Jan 11, 2012 20:23 UTC (Wed) by jake

Developers for several scripting language projects are currently scrambling to fix a newly-disclosed denial of service vulnerability caused by predictable hashing algorithms. As it happens, the term "newly disclosed" does not quite apply here, though: the problem has been known since 2003. Click below (subscribers only) for a description of this problem, its history, and its solution from this week's Security Page.

Full Story (comments: 74)

The Nook Tablet and the GPL
[Front] Posted Jan 10, 2012 20:36 UTC (Tue) by corbet

Recently, certain corners of the net have carried the claim that Barnes & Noble is refusing to release the source for the kernel shipped in its "Nook Tablet" book reader device. That, of course, would be a violation of the kernel's licensing. GPL violations are far from unheard of in the mobile electronics market, but B&N is a company with a high-enough profile to attract special attention. A look at what is going on suggests that there is less to the story than meets the eye - but it still merits a look.

Click below (subscribers only) for the full story.

Full Story (comments: 74)

The logger meets linux-kernel
[Kernel] Posted Jan 4, 2012 19:20 UTC (Wed) by corbet

Toward the end of December, LWN looked at the new push to move various subsystems specific to Android kernels into the mainline. There seems to be broad agreement that merging this code makes sense, but that agreement becomes rather less clear once the discussion moves to the merging of specific subsystems. Tim Bird's request for comments on the Android "logger" mechanism shows that, even with a relatively simple piece of code, there is still a lot of room for disagreement and problems can turn out to be larger than expected.

Full Story (comments: 42)

Linux at the end of the world (our 2012 predictions)
[Front] Posted Jan 3, 2012 21:56 UTC (Tue) by corbet

Welcome to 2012. This is the first LWN Weekly Edition of the year, and that can only mean one thing: it is time for your editor to go out on a limb and make a number of predictions for the coming year that, by the end of the year, will look thoroughly clueless and misguided. Even your editor can foresee, though, that it is going to be an interesting and highly political year. Click below (subscribers only) to see what foolishness has been predicted for 2012.

Full Story (comments: 91)

Bringing Android closer to the mainline
[Kernel] Posted Dec 20, 2011 20:18 UTC (Tue) by corbet

The agenda for the 2011 Kernel Summit did not include Android as a topic, but Android came up anyway. In a conclusion that surprised many, the group agreed that the bulk of the Android kernel code should probably be merged into the mainline. The past couple of years have made it clear that Android will not be going away; it has, in particular, done a good job of outlasting the resistance to merging its code. After the Summit things got quiet again on the Android front, but that does not mean that nothing has been happening. Click below (subscribers only) for an update on the work to get the Android kernel code into the mainline.

Full Story (comments: 54)

An update on the Ada Initiative
[Front] Posted Dec 13, 2011 20:50 UTC (Tue) by jake

The Ada Initiative is a non-profit dedicated to increasing the participation of women in open technology and culture. In other words, we want more women in open source, Wikipedia, and the rest of our brave new Internet world. A lot of people agree with that goal - at least that's what our first Ada Initiative survey told us. Guest author and Ada Initiative co-founder Valerie Aurora has an update on the status and plans for the organization; subscribers can click below to see the full article from this week's edition.

Full Story (comments: 64)

What is LWN.net?

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

Current news

Opponents protest signing of ACTA without adequate debate (ars technica)
[Announcements] Posted Jan 27, 2012 20:21 UTC (Fri) by ris

ACTA (Anti-Counterfeiting Trade Agreement) was called "more dangerous than SOPA" by US Sen. Ron Wyden (D-OR), as ars technica reports. "Kader Arif, a French member of the European Parliament from the Socialist Party, had been assigned to be a rapporteur on ACTA, meaning that he was asked to study the issue and deliver a report on the subject. But he resigned in protest on Thursday. ”I want to denounce in the strongest possible manner the entire process that led to the signature of this agreement," he said, according to one translation. "No inclusion of civil society organisations, a lack of transparency from the start of the negotiations, repeated postponing of the signature of the text without an explanation being ever given, exclusion of the EU Parliament's demands that were expressed on several occasions in our assembly.”"

Comments (11 posted)

Security advisories for Friday
[Security] Posted Jan 27, 2012 18:45 UTC (Fri) by ris

Debian has updated libxml2 (code execution/denial of service) and wireshark (multiple vulnerabilities).

Fedora has updated F15: php (denial of service and information disclosure), F15: php-eaccelerator (denial of service and information disclosure), and F15: maniadrive (denial of service and information disclosure).

Gentoo has updated ktsuss (privilege escalation).

openSUSE will be updating the certificates for all openSUSE hosts located Nuremberg. Click below for details.

Comments (none posted)

The case for the /usr merge
[Distributions] Posted Jan 26, 2012 23:56 UTC (Thu) by corbet

Lennart Poettering has announced the posting of a summary of the motivations for merging several root-level directories into /usr. "A unified filesystem layout (as it results from the /usr merge) is more compatible with UNIX than Linux’ traditional split of /bin vs. /usr/bin. Unixes differ in where individual tools are installed, their locations in many cases are not defined at all and differ in the various Linux distributions. The /usr merge removes this difference in its entirety, and provides full compatibility with the locations of tools of any Unix via the symlink from /bin to /usr/bin."

Comments (165 posted)

Thursday's security updates
[Security] Posted Jan 26, 2012 20:01 UTC (Thu) by jake

Fedora has updated rubygem-actionpack (F15; F16: cross-site scripting).

Oracle has updated kernel (OL6: privilege escalation) and kernel-uek (OL5; OL6: privilege escalation and improved CVE-2010-2962 fix).

Scientific Linux has updated kernel (SL6: privilege escalation), glibc (SL6: multiple vulnerabilities), openssl (SL6: multiple vulnerabilities), t1lib (SL6: multiple vulnerabilities), and qemu-kvm (SL6: privilege escalation).

SUSE has updated java-1_4_2-ibm (SLE 10 SP4: multiple vulnerabilities).

Ubuntu has updated evince (code execution), linux-lts-backport-oneiric (privilege escalation), icu (code execution), and xorg (access restriction bypass).

Comments (3 posted)

Three new stable kernel updates
[Kernel] Posted Jan 26, 2012 2:38 UTC (Thu) by corbet

The 2.6.32.55, 3.0.18, and 3.2.2 stable updates have been released; each contains the usual long list of important fixes

Comments (1 posted)

HP: webOS to be fully released by September
[Announcements] Posted Jan 25, 2012 20:46 UTC (Wed) by corbet

HP has announced a roadmap for the open-sourcing of webOS that calls for the full code base to be released by September. The Apache 2.0 license will be used. "HP also announced it is releasing version 2.0 of webOS’s innovative developer tool, Enyo. Enyo 2.0 enables developers to write a single application that works across mobile devices and desktop web browsers, from the webOS, iOS and Android platforms to the Internet Explorer and Firefox browsers – and more. The source code for Enyo is available today, giving the open source community immediate access to the acclaimed application framework for webOS."

Comments (5 posted)

Wednesday's security updates
[Security] Posted Jan 25, 2012 18:56 UTC (Wed) by corbet

CentOS has updated openssl (C5: multiple vulnerabilities), kvm (C5: denial of service and privilege escalation), and kernel (C6: privilege escalation).

Debian has updated bip (remote code execution).

Fedora has updated wireshark (F15: multiple vulnerabilities) and kernel (F15: privilege escalation).

Oracle has updated t1lib (EL6: multiple vulnerabilities), openssl (EL5, EL6: multiple vulnerabilities), and glibc (EL6: code execution and denial of service).

Red Hat has updated t1lib (RHEL6: multiple vulnerabilities), kernel-rt (MRG2.1: privilege escalation), openssl (RHEL5, RHEL6: multiple vulnerabilities), and glibc (RHEL6: code execution (from 2009) and denial of service).

Scientific Linux has updated openssl (SL5: multiple vulnerabilities).

Ubuntu has updated curl (data injection), kernel (information disclosure and denial of service), and kernel (10.04 LTS: denial of service).

Comments (none posted)

KDE 4.8 released
[Development] Posted Jan 25, 2012 16:51 UTC (Wed) by corbet

The KDE project has announced the release of KDE Plasma Workspaces, KDE Applications, and KDE Platform 4.8. "KDE applications released today include Dolphin with its new display engine and semantic goodies, new Kate features and improvements, and Gwenview enhancements. Enjoy new Marble features such as interactive Elevation Profile, satellite tracking and Krunner integration."

Comments (13 posted)

FOSDEM interviews, part 3
[Announcements] Posted Jan 25, 2012 16:07 UTC (Wed) by corbet

The third set of interviews with speakers from the upcoming FOSDEM conference has been posted; featured this time are Bdale Garbee, Finne Boonen, Guido Trotter, Wim Godden, Garrett Serack, and Renzo Davoli. "The central role of computers and interfaces has disappeared, services are the main focus now. The logical structure of the internet must change as a consequence of this. By the IoTh [Internet of Threads] we mean a structure where the addressable nodes of the internet are, or can also be, processes or even concurrent threads of a process. In the IoTh the definition of an independent networking stack, with its own virtual interfaces, addresses, routing is as simple as the creation of a PF_UNIX socket. It is an 'ordinary business' user-space operation, not a structural and dangerous change, for system administrators only."

Comments (none posted)

Tuesday's security updates
[Security] Posted Jan 24, 2012 19:09 UTC (Tue) by ris

CentOS has updated C6: qemu-kvm (code execution).

Debian has updated rails (fixes a regression introduced in the previous update) and openssl (denial of service).

Fedora has updated emacs (F16; F15: privilege escalation), F16: kernel (privilege escalation/restriction bypass), F15: openssl (denial of service), and F15: xkeyboard-config (screensaver lock bypass).

Gentoo has updated freetype (multiple vulnerabilities), jasper (two code execution flaws), fwbuilder (symlink attack/privilege escalation), tor (code execution/information disclosure), mit-krb5 (multiple vulnerabilities), and mit-krb5-appl (privilege escalation/code execution).

Oracle has updated OL6: qemu-kvm (code execution/restriction bypass) and OL5: kvm (denial of service/code execution).

Red Hat has updated qemu-kvm (code execution), kvm (denial of service/code execution), and kernel (privilege escalation).

Scientific Linux has updated SL5: kvm (denial of service/code execution).

SUSE has updated libxml2 (code execution).

Ubuntu has updated linux-lts-backport-natty (denial of service/information leak), linux-lts-backport-oneiric (multiple vulnerabilities), 10.10 (denial of service/information leak), rsyslog (denial of service), qemu-kvm (code execution), and thunderbird (multiple vulnerabilities).

Comments (4 posted)

--> More news items

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds