LWN featured content
[$] Allowing small allocations to fail
[Kernel] Posted Mar 11, 2015 0:47 UTC (Wed) by corbet
As Michal Hocko noted at the beginning of his session at the 2015 Linux
Storage, Filesystem, and Memory Management Summit, the news that the
memory-management code will normally retry small allocations indefinitely
rather than returning a failure status came as a surprise to many
developers. In this session, the assembled group attempted to come up with
ways to safely change this behavior. Click below (subscribers only) for
the full report from LSFMM 2015.
Full Story (comments: 5)
[$] A GPL-enforcement suit against VMware
[Front] Posted Mar 5, 2015 17:05 UTC (Thu) by corbet
When Karen Sandler, the executive director of the Software Freedom Conservancy, spoke
recently at the Linux Foundation's Collaboration
Summit, she spent some time on the Linux Compliance Project, an effort
to improve compliance with the Linux kernel's licensing rules. This
project, launched with some fanfare in 2012,
has been relatively quiet ever since. Karen neglected to mention that this
situation was about to change; that had to wait for the
announcement on March 5 of the filing of a lawsuit
against VMware alleging copyright infringement for its use of kernel code.
Subscribers can click below for the full story.
Full Story (comments: 84)
[$] A look at EasyNAS
[Distributions] Posted Mar 4, 2015 18:24 UTC (Wed) by corbet
Thus far, this series on network-attached storage (NAS) distributions has
looked at three different approaches to the problem. OpenMediaVault
provides a NAS server using traditional Linux filesystems, Rockstor bases
everything on the Btrfs filesystem, and FreeNAS is a FreeBSD-based system
using ZFS. This fourth (and probably final) installment in this series goes
back to Btrfs with a look at EasyNAS,
which is another attempt to make the
unique features of Btrfs available in a dedicated NAS distribution.
Full Story (comments: 1)
What's new in Krita 2.9
[Front] Posted Feb 25, 2015 23:56 UTC (Wed) by n8willis
The newest update to the Krita digital
painting application has been released.
Version 2.9 introduces several new user-interface features, updates to the
layers system, and a variety of tool and rendering improvements. The 2.9
development cycle was also the project's first to be centered around a
crowdfunding campaign.
Full Story (comments: none)
A GNU C Library update
[Development] Posted Feb 24, 2015 18:17 UTC (Tue) by corbet
A traditional feature of the tools track at the Linux Foundation's
Collaboration
Summit is an update from the developers of the GNU C Library
(glibc); that tradition was upheld in fine form at the 2015 event. Glibc
developer Roland McGrath noted that while the project is a critical
component in vast numbers of Linux installations, it does not have a lot of
developers working on it. Still, even with a relatively small developer
base, some real progress has been made over the last year.
Full Story (comments: 47)
Scalar typing in the PHP world
[Front] Posted Feb 13, 2015 23:07 UTC (Fri) by corbet
When one thinks about the PHP language, terms like "strong typing" and
"strict checking" do not normally come to mind. But, as the project works
toward its next major release (to be called PHP 7), it has become
embroiled in a fierce debate over the proposed addition of some simple
typing features to the language. To some, PHP is growing up into a safer,
better-defined language, while others see the changes as possibly
destroying the character of a historically freewheeling language.
Click below (subscribers only) for the full article.
Full Story (comments: 147)
Matrix: a new specification for federated realtime chat
[Front] Posted Feb 11, 2015 21:38 UTC (Wed) by n8willis
The free-software community has frequently advocated the
development of new decentralized, federated network services—for
example, promoting XMPP as an alternative to AOL Instant Messenger,
StatusNet as an alternative to Twitter, or Diaspora as an alternative
to Facebook. The recently launched Matrix project
takes on a different service: IRC-like multi-user chat.
Full Story (comments: 45)
A look at Inkscape 0.91
[Front] Posted Feb 4, 2015 19:20 UTC (Wed) by n8willis
The Inkscape project released version 0.91 at the end of January,
a release culminating more than four years of development. The
new release incorporates a lengthy list of improvements from that time
period: new tools, performance enhancements, and fixes to several
longstanding bugs. Just as importantly, though, it also lays the
groundwork for a 1.0 release that will signify an important milestone:
full SVG 1.1 support. Over
the years, though, Inkscape has evolved to be more than just an SVG
editor—as version 0.91 demonstrates.
Full Story (comments: 11)
FreeNAS — network-attached storage with ZFS
[Distributions] Posted Feb 3, 2015 22:34 UTC (Tue) by corbet
Thus far, this series has looked at Linux distributions that are optimized
for network-attached storage (NAS) deployments. This installment will take
a slightly different turn: the system under review (FreeNAS) is indeed a free distribution for
NAS applications, but it is based on FreeBSD rather than Linux. In many
ways it looks like the Linux-based systems reviewed previously, but there
are some interesting differences.
Full Story (comments: 105)
Pettycoin and sidechaining
[Front] Posted Jan 28, 2015 22:16 UTC (Wed) by n8willis
At linux.conf.au 2015 in
Auckland, Rusty Russell presented a talk
about his personal side-project, Pettycoin. Russell had announced
Pettycoin at LCA 2014; at that time it represented an untested
concept: a way to attach a separate, Bitcoin-like network to the
existing Bitcoin blockchain. Pettycoin's goal was originally to offer
a simpler and faster "side network" that periodically reconnected to
Bitcoin. In the intervening year, Russell made a lot of progress, but
other new innovations in the Bitcoin arena have led him to question
parts of the Pettycoin approach and consider a reimplementation.
Full Story (comments: 7)
| |
Current news
Exploiting the DRAM rowhammer bug to gain kernel privileges
[Security] Posted Mar 10, 2015 21:21 UTC (Tue) by ris
The Project Zero blog looks
at the "Rowhammer" bug. "“Rowhammer” is a problem with some
recent DRAM devices in which repeatedly accessing a row of memory can cause
bit flips in adjacent rows. We tested a selection of laptops and found that
a subset of them exhibited the problem. We built two working privilege
escalation exploits that use this effect. One exploit uses
rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when
run as an unprivileged userland process. When run on a machine vulnerable
to the rowhammer problem, the process was able to induce bit flips in page
table entries (PTEs). It was able to use this to gain write access to its
own page table, and hence gain read-write access to all of physical
memory." (Thanks to Paul Wise)
Comments (11 posted)
VMware update to GPL-enforcement suit
[Announcements] Posted Mar 10, 2015 20:04 UTC (Tue) by ris
VMware has published
a statement on the lawsuit filed by Christoph Hellwig alleging
copyright infringement. "On March 5, 2015, Software Freedom Conservancy (SFC) announced a lawsuit in Germany, filed by Christoph Hellwig against VMware, alleging a failure to comply with the General Public License (GPL). We believe the lawsuit is without merit, and we are disappointed that the SFC and plaintiff have resorted to litigation given the considerable efforts we have made to understand and address their concerns.
We see huge value in supporting multiple development methodologies, including free and open source software, and we appreciate the crucial role of free and open source software in the data center. In particular, VMware devotes significant effort supporting customer usage of Linux and F/OSS based software stacks and workloads."
LWN recently covered the lawsuit. (Thanks
to Emmanuel Seyman)
Comments (6 posted)
Fedora 22 Alpha released
[Distributions] Posted Mar 10, 2015 19:12 UTC (Tue) by ris
The Fedora Project has announced the release of Fedora 22 Alpha.
"The Alpha release contains all the exciting features of Fedora 22's
editions in a form that anyone can help test. This testing, guided by
the Fedora QA team, helps us target and identify bugs. When these bugs
are fixed, we make a Beta release available. A Beta release is
code-complete and bears a very strong resemblance to the third and
final release. The final release of Fedora 22 is expected in May."
Full Story (comments: 2)
Tuesday's security updates
[Security] Posted Mar 10, 2015 17:19 UTC (Tue) by ris
Mandriva has updated kernel (multiple vulnerabilities).
Oracle has updated 389-ds-base
(OL7: multiple vulnerabilities), glibc
(OL7: multiple vulnerabilities), hivex
(OL7: privilege escalation), openssh (OL7:
two vulnerabilities), and pcre (OL7: information leak).
Red Hat has updated qpid-cpp (RHE MRG for RHEL7; RHE MRG for RHEL6; RHE MRG for RHEL5: multiple vulnerabilities).
Scientific Linux has updated 389-ds-base (SL6: information disclosure).
Ubuntu has updated apache2
(multiple vulnerabilities), oxide-qt
(14.10, 14.04: multiple vulnerabilities), and firefox (14.10, 14.04, 12.04: regression in
previous update).
Comments (none posted)
The kernel's code of conflict
[Kernel] Posted Mar 9, 2015 17:41 UTC (Mon) by corbet
A brief "code
of conflict" was merged into the kernel's documentation
directory for the 4.0-rc3 release. The idea is to describe the parameters
for acceptable discourse without laying down a lot of rules; it also names
the Linux Foundation's technical advisory board as a body to turn to in
case of unacceptable behavior. This document has been explicitly
acknowledged by a large number of prominent kernel developers.
Comments (40 posted)
Security advisories for Monday
[Security] Posted Mar 9, 2015 17:06 UTC (Mon) by ris
Debian-LTS has updated konversation (information disclosure), libarchive (directory traversal), and redcloth (cross-site scripting).
Fedora has updated cabextract (F21; F20:
privilege escalation), kernel (F21: denial
of service), krb5 (F20: multiple
vulnerabilities), lftp (F20: automatically
accepting ssh keys), libpng10 (F21;
F20: two vulnerabilities), and qt3 (F21; F20: denial of service).
Gentoo has updated dbus (denial of service), freetype (multiple vulnerabilities), glibc (multiple vulnerabilities), and php (multiple vulnerabilities).
Mageia has updated apache (denial
of service), jython (code execution), librsvg (multiple vulnerabilities), mapserver (command execution), and putty, filezilla (information disclosure).
Mandriva has updated rpm (code execution).
openSUSE has updated libmspack
(13.2, 13.1: denial of service), thunderbird (13.2, 13.1: multiple
vulnerabilities), and tiff (13.2, 13.1: multiple vulnerabilities).
SUSE has updated firefox (SLE11 SP3; SLE11 SP2,SP1, SLES10 SP4: multiple vulnerabilities).
Ubuntu has updated icu (12.04:
regression in previous update).
Comments (none posted)
Kernel prepatch 4.0-rc3
[Kernel] Posted Mar 9, 2015 13:17 UTC (Mon) by corbet
The 4.0-rc3 prepatch is out. "Back
on track with a Sunday afternoon release schedule, since there was nothing
particularly odd going on this week, and no last-minute bugs that I knew of
and wanted to get fixed holding things up."
Comments (none posted)
Three Debian technical committee appointments
[Distributions] Posted Mar 9, 2015 13:10 UTC (Mon) by corbet
Debian project leader Lucas Nussbaum has confirmed the appointment of three
new members to the Debian technical committee. The new members are Didier
Raboud, Tollef Fog Heen, and Sam Hartman; they will be replacing Ian
Jackson, Russ Allbery, and Colin Watson.
Full Story (comments: none)
A pile of stable kernel updates
Edmundson: High DPI Progress
[Development] Posted Mar 6, 2015 21:30 UTC (Fri) by n8willis
At his blog, David Edmundson writes
about the state of high-DPI support in KDE. "For some
applications supporting high DPI has been easy. It is a single one
line in KWrite, and suddenly all icons look spot on with no
regressions. For applications such as Dolphin which do a lot more
graphical tasks, this has not been so trivial. There are a lot of
images involved, and a lot of complicated code around caching these
which conflicts with the high resolution support without some further
work." He is personally tracking
the progress of many applications, but notes that there are many
unsolved issues. "There are still many applications without a frameworks release even in the upcoming 15.04 applications release. Even in the next applications release in 15.08 August we are still unlikely to see a released PIM stack.
Is it a good idea to add an option into our UIs that improves some applications at the cost of consistency? It's not an easy answer."
This update is Edmunsdon's second post on the subject; the first, from
November 2014, is also quite informative.
Comments (33 posted)
--> More news items
|