Welcome to LWN.net

LWN featured content

David Safford's talk for the 2013 Linux Security Summit was in two parts—with two separate sets of slides. That's because the US Department of Homeland Security (DHS), which sponsored IBM's work on hardware roots of trust for embedded devices—part one of the talk—was quite clear that it didn't want to be associated with any kind of device cracking. So part two, which concerned circumventing "verified boot" on a Samsung ARM Chromebook, had to be a completely separate talk. The DHS's misgivings notwithstanding, the two topics are clearly related; understanding both leads to a clearer picture of the security of our devices.

Subscribers can get the full report on the talk from this week's Security page.

Full Story (comments: 8)

NUMA balancing was a topic of fierce debate through much of 2012; that discussion culminated with the merging of Mel Gorman's NUMA balancing infrastructure patch set into the 3.8 kernel. Those patches provided the basic structure upon which a NUMA balancing solution could be built, but did not attempt to solve the problem in a comprehensive way. Since then, one might be forgiven for thinking that the developers involved have lost interest; not much NUMA-related code has found its way into the mainline. But, as can be seen in Mel's basic scheduler support for NUMA balancing patch set, which weighs in at 63 individual changesets, quite a bit of work has been happening in this area.

Full Story (comments: 13)

It is often said that the kernel developers are committed to avoiding ABI breaks at almost any cost. But ABI problems can, at times, be hard to avoid. Some have argued that the perf events interface is particularly subject to incompatible ABI changes because the perf tool is part of the kernel tree itself; since perf can evolve with the kernel, there is a possibility that developers might not even notice a break. So the recent discovery of a perf ABI issue is worth looking at as an example of how compatibility problems are handled in that code.

Full Story (comments: 38)

Planetary Resources is a company with a sky-high (some might claim "pie in the sky") goal: to find and mine asteroids for useful minerals and other compounds. It is also a company that uses Linux and lots of free software. So two of the engineers from Planetary Resources, Ray Ramadorai and Marc Allen, gave a presentation at LinuxCon North America to describe how and why the company uses FOSS—along with a bit about what it is trying to do overall. Subscribers can read the full account of the talk from this week's edition.

Full Story (comments: 21)

In the end, 9,479 non-merge changesets were pulled into the mainline repository for the 3.12 merge window; about 1,000 of those came in after the writing of last week's summary. Few of the changes merged in the final days of the merge window were hugely exciting, but there have been a number of new features and improvements. Click below (subscribers only) for the conclusion of LWN's 3.12 merge window summary series.

Full Story (comments: 18)

Most of the hand-wringing over the UEFI secure boot mechanism has long passed; those who want to run Linux on systems with secure boot enabled are, for the most part, able to do so. Things are quiet enough that one might be tempted to believe that the problem is entirely solved. As it happens, though, the core patches that implement the lockdown that some developers think is necessary for proper secure boot support still have not made their way into the mainline. The developer behind that work is still trying to get it merged though; in the process, he has brought back an old idea that was last rejected in 1998.

Full Story (comments: 35)

Reverting a patch, at least one that isn't causing a bug or regression, is often controversial. Normally, the patch has been technically vetted before it was merged, so there is—or can be—a non-technical reason behind its removal. That is the case with the recent reversion of a patch to add XMir support to the Intel video driver. As might be guessed, rejecting support for the X compatibility layer of the Mir display server resulted in a loud hue and cry—with conspiracy theories aplenty.

Subscribers can click below to read the whole article from this week's edition.

Full Story (comments: 155)

There was a period where it appeared that the smartphone industry would be dominated by closed products and non-free software. Android has done a lot to change that situation; it is now possible to own a hackable device that runs mostly free software. But it would be nice to have some viable alternatives, preferably even more free and more Linux-like. Among the many would-be contenders for the title of leading alternative, Firefox OS offers a special appeal. It is, after all, a Linux-based system built by an organization that has a history of looking out for the interests of its users. So when the opportunity came along to try out Firefox OS on real hardware, your editor did not hesitate for long.

Full Story (comments: 87)

The fifteenth annual TypeCon conference was held in Portland, Oregon on August 21–25, featuring a mix of session topics that encompassed type design, letterpress printing, and modern font software. Open source and open font licensing have become hot topics in recent years—largely due to the rise of CSS web fonts. But the signs are that open source is gaining even broader acceptance, as evidenced by Paul Hunt and Miguel Sousa's presentation on the Adobe Source Sans Pro and Source Code Pro fonts—and the ripple effects they triggered within the company.

Full Story (comments: 21)

File management does not seem to be a one-size-fits-all proposition. Thus, while general-purpose file managers exist, it often appears that much of the development effort goes into domain-specific management tools. We have a whole set of photo management applications, for example, and even more music managers. When it comes to electronic books, though, there seems to only be one viable project out there: Calibre. LWN last looked at Calibre almost exactly two years ago. The recent version 1.0 release provides an obvious opportunity to see what has been happening with this fast-moving utility.

Full Story (comments: 26)

Current news

The fourth 3.12 prepatch is out for testing. "Hmm. rc4 has more new commits than rc3, which doesn't make me feel all warm and fuzzy, but nothing major really stands out. More filesystem updates than normal at this stage, perhaps, but I suspect that is just happenstance. We have cifs, xfs, btrfs, fuse and nilfs2 fixes here."

Comments (none posted)

The latest set of stable updates is 3.11.4, 3.10.15, 3.4.65, and 3.0.99. Greg has included a warning that the long-lived 3.0 series will be coming to a close "within a few weeks," so users of that kernel should be thinking about moving on.

Comments (none posted)

Writing at The Guardian, Bruce Schneier explains in his latest Edward Snowden–related piece that the US National Security Agency (NSA) had tried unsuccessfully to mount an attack against the Tor network, in hopes of bypassing the service's anonymity protections. Nevertheless, the NSA is still able to identify Tor traffic and track individual Tor users (despite not knowing their identities), which can lead to further surveillance. "After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems." By targeting a Tor user, the agency could then leverage attacks like browser exploits to get into the user's system; nevertheless, so far the design of Tor itself seems to be functioning as planned.

Comments (23 posted)

Fedora has updated icedtea-web (F18; code execution) and rubygems (F18; F19: denial of service).

Gentoo has updated perl-Module-Signature (code execution).

openSUSE has updated boost (input validation bypass).

Comments (none posted)

Ars technica covers Intel's announcement of the Galileo development board, which contains a Quark 32-bit x86 CPU and is targeted at the "Internet of Things". It was designed in conjunction with Arduino and has connections for existing Arduino "shields" in addition to USB, Ethernet, RS-232 serial, and PCIe. "Intel will be donating 50,000 Galileo boards to universities around the world as part of the collaboration, and it will be available to hobbyists for $60 or less by November 29. That price makes Galileo quite competitive with existing Arduino boards, most of which aren't as feature complete. Intel promises full compatibility with Arduino software and existing hardware, which could make this a very attractive board for complex projects." Galileo is also open hardware, with schematics and other information available at its home page.

Comments (23 posted)

Fedora has updated kernel (F18: random number reuse in ansi_cprng).

Mandriva has updated proftpd (BS1.0, ES5.0: denial of service).

Oracle has updated ccid (OL5: code execution), kernel (OL5; OL6: denial of service), php53 (OL5: multiple vulnerabilities), sudo (OL5: three privilege escalation flaws), and xinetd (OL5: information leak).

Red Hat has discontinued updates for acroread because Adobe has stopped updating it. The "update" will disable the web browser plugin.

SUSE has updated icedtea-web (SLE11 SP2, SP3: two code execution flaws).

Comments (none posted)

Matthew Garrett has posted an assessment of where XMir development stands. "This is an unfortunate situation to be in. Ubuntu Desktop was told that they were switching to XMir, but Mir development seems to be driven primarily by the needs of Ubuntu Phone. XMir has to do things that no other Mir client will ever cope with, and unless Mir development takes that into account it's inevitably going to suffer breakage like this. Canonical management needs to resolve this if there's any hope of ever shipping XMir as the default desktop environment."

Comments (3 posted)

Fedora has updated libvirt (F19: multiple vulnerabilities), python-djblets (F18: multiple vulnerabilities), and ReviewBoard (F18: multiple vulnerabilities).

Red Hat has updated MRG Grid (RHEL6; RHEL5: denial of service).

Ubuntu has updated nas (13.04; 12.10; 12.04 LTS: multiple vulnerabilities) and python3.3 (13.04; 12.10: multiple vulnerabilities).

Comments (none posted)

Developers at Canonical have concluded that the Mir desktop server (or, more specifically, the XMir layer) will not be ready in time to be shipped as the default configuration in the 13.10 release — though they do still plan to go with Mir for Ubuntu Touch. "More specifically, the multi-monitor support in XMir is working, but not to the extent we'd like to see it for all of our users. The core of Mir is working reliable, but with XMir being a key component for our 13.10 goals, we didn't want to compromise overall Ubuntu quality by shipping it."

Full Story (comments: 51)

On his blog, Boudewijn Rempt has an interesting walk down memory lane about the history of the Krita digital painting program. It started its life in 1998 as a Qt wrapper around GIMP, called "kimp", though the first real Krita code came from a KOffice application called KImage, which changed to KImageShop, Krayon, and, finally, in 2002, Krita (Swedish for crayon). His account has controversies, flame wars, development setbacks, and more, resulting in the high-quality application that we have today. "I didn't know C++ back then, but neither was I a novice programmer. I'd been earning the daily bread for me and my family for about ten years, first as an Oracle PL/SQL developer, then Visual Basic, then Java. I had written and gotten published a book on Python and Qt, so I knew Qt as well. I had no experience with graphics, though... In October 2003 it was not possible to paint with Krita: all tools except for the layer move tool had been disabled. The paint tool was the first thing I worked on, and I was very proud when I had a tool that could place squares on the canvas -- and the size of the squares was sensitive to the tablet pressure!"

Comments (8 posted)

--> More news items