LWN featured content
[$] Integrity and embedded devices
[Security] Posted Oct 2, 2013 19:20 UTC (Wed) by jake
David Safford's talk for the 2013 Linux
Security Summit was in two parts—with two separate sets of slides.
That's because the US Department of Homeland Security (DHS), which sponsored
IBM's work on hardware roots of trust for embedded devices—part one of the talk—was quite clear
that it didn't want to be associated with any kind of device cracking. So
part two, which concerned circumventing "verified boot" on a Samsung
ARM Chromebook, had to be a completely separate talk. The DHS's misgivings
notwithstanding, the two topics are clearly related; understanding both
leads to a clearer picture of the security of our devices.
Subscribers can get the full report on the talk from this week's Security page.
Full Story (comments: 8)
[$] NUMA scheduling progress
[Kernel] Posted Oct 1, 2013 17:02 UTC (Tue) by corbet
NUMA balancing was a topic of fierce debate through much of 2012; that
discussion culminated with the merging of Mel Gorman's NUMA balancing
infrastructure patch set into the 3.8 kernel. Those patches provided the
basic structure upon which a NUMA balancing solution could be built, but
did not attempt to solve the problem in a comprehensive way. Since then,
one might be
forgiven for thinking that the developers involved have lost interest; not
much NUMA-related code has found its way into the mainline. But, as can be
seen in Mel's basic scheduler support for NUMA
balancing patch set, which weighs in at 63 individual changesets, quite
a bit of work has been happening in this area.
Full Story (comments: 13)
A perf ABI fix
[Kernel] Posted Sep 24, 2013 18:14 UTC (Tue) by corbet
It is often said that the kernel developers are committed to avoiding ABI
breaks at almost any cost. But ABI problems can, at times, be hard to
avoid. Some have argued that the perf events interface is particularly
subject to incompatible ABI changes because the perf tool is part
of the
kernel tree itself; since perf can evolve with the kernel, there
is a possibility that
developers might not even notice a break. So the recent discovery of a
perf ABI issue is worth looking at as an
example of how compatibility problems are handled in that code.
Full Story (comments: 38)
Asteroid "mining" with Linux and FOSS
[Front] Posted Sep 18, 2013 22:23 UTC (Wed) by jake
Planetary Resources is a
company with a sky-high (some might claim "pie in the sky") goal: to find and
mine asteroids for useful minerals and other compounds. It is also a
company that uses Linux and lots of free software. So two of the
engineers from Planetary Resources, Ray Ramadorai and Marc Allen, gave a
presentation at LinuxCon
North America to describe how and why the company uses FOSS—along with
a bit about what it is trying to do overall. Subscribers can read the full
account of the talk from this week's edition.
Full Story (comments: 21)
The end of the 3.12 merge window
[Kernel] Posted Sep 17, 2013 15:46 UTC (Tue) by corbet
In the end, 9,479 non-merge changesets were pulled into the mainline
repository for the 3.12 merge window; about 1,000 of those came in after
the writing of last week's summary.
Few of the changes merged in the final days of the merge window were hugely
exciting, but there have been a number of new features and improvements.
Click below (subscribers only) for the conclusion of LWN's 3.12 merge
window summary series.
Full Story (comments: 18)
BSD-style securelevel comes to Linux — again
[Kernel] Posted Sep 11, 2013 19:04 UTC (Wed) by corbet
Most of the hand-wringing over the UEFI secure boot mechanism has long
passed; those who want to run Linux on systems with secure boot enabled
are, for the most part, able to do so. Things are quiet enough that one
might be tempted to believe that the problem is entirely solved. As it
happens, though, the core patches that implement the lockdown that some
developers think is necessary for proper secure boot support still have not
made their way into the mainline. The developer behind that work is still
trying to get it merged though; in the process, he has brought back an old
idea that was last rejected in 1998.
Full Story (comments: 35)
Intel and XMir
[Front] Posted Sep 11, 2013 13:29 UTC (Wed) by jake
Reverting a patch, at least one that isn't causing a bug or regression, is
often controversial. Normally, the patch has been technically vetted
before it was merged, so there is—or can be—a non-technical reason behind its
removal. That is the case with the recent reversion
of a patch
to add XMir support to the Intel video driver. As might be guessed,
rejecting support for the X compatibility layer of the Mir display server
resulted in a loud hue and cry—with conspiracy theories aplenty.
Subscribers can click below to read the whole article from this week's edition.
Full Story (comments: 155)
Firefox OS on the ZTE Open
[Front] Posted Sep 4, 2013 16:54 UTC (Wed) by corbet
There was a period where it appeared that the smartphone industry would be
dominated by closed products and non-free software. Android has done a lot
to change that situation; it is now possible to own a hackable device that
runs mostly free software. But it would be nice to have some viable
alternatives, preferably even more free and more Linux-like. Among the
many would-be
contenders for the title of leading alternative, Firefox OS offers a
special appeal. It is, after all, a Linux-based system built by an
organization that has a history of looking out for the interests of its
users. So when the opportunity came along to try out Firefox OS on real
hardware, your editor did not hesitate for long.
Full Story (comments: 87)
Adobe's open source font experience
[Front] Posted Aug 28, 2013 22:34 UTC (Wed) by n8willis
The fifteenth annual TypeCon
conference was held in Portland,
Oregon on August 21–25, featuring a mix of session topics that
encompassed type design, letterpress printing, and modern font
software. Open source and open font licensing have become hot topics
in recent years—largely due to the rise of CSS web
fonts. But the signs are that open source is gaining even broader
acceptance, as evidenced by Paul Hunt and Miguel Sousa's presentation
on the Adobe Source Sans Pro and Source Code Pro fonts—and the
ripple effects they triggered within the company.
Full Story (comments: 21)
Calibrating Calibre 1.0
[Development] Posted Aug 27, 2013 18:30 UTC (Tue) by corbet
File management does not seem to be a one-size-fits-all proposition. Thus,
while general-purpose file managers exist, it often appears that much of
the development effort goes into domain-specific management tools. We
have a whole set of photo management applications, for example, and even more
music managers. When it comes to electronic books, though, there seems to
only be one viable project out there: Calibre. LWN last looked at Calibre almost exactly two years
ago. The recent version 1.0
release provides an obvious opportunity to see what has been happening
with this fast-moving utility.
Full Story (comments: 26)
| |
Current news
Kernel prepatch 3.12-rc4
[Kernel] Posted Oct 6, 2013 21:28 UTC (Sun) by corbet
The fourth 3.12 prepatch is out for
testing. "Hmm. rc4 has more new commits than rc3, which doesn't make
me feel all warm and fuzzy, but nothing major really stands out. More
filesystem updates than normal at this stage, perhaps, but I suspect that
is just happenstance. We have cifs, xfs, btrfs, fuse and nilfs2 fixes
here."
Comments (none posted)
Stable kernel updates
[Kernel] Posted Oct 5, 2013 17:49 UTC (Sat) by corbet
The latest set of stable updates is
3.11.4,
3.10.15,
3.4.65, and
3.0.99. Greg has included a warning that
the long-lived 3.0 series will be coming to a close "within a few
weeks," so users of that kernel should be thinking about moving on.
Comments (none posted)
Attacking Tor: how the NSA targets users' online anonymity (The Guardian)
[Security] Posted Oct 4, 2013 23:39 UTC (Fri) by n8willis
Writing at The Guardian, Bruce Schneier explains in his latest Edward Snowden–related piece that the US National Security Agency (NSA) had tried unsuccessfully to mount an attack against the Tor network, in hopes of bypassing the service's anonymity protections. Nevertheless, the NSA is still able to identify Tor traffic and track individual Tor users (despite not knowing their identities), which can lead to further surveillance. "After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems." By targeting a Tor user, the agency could then leverage attacks like browser exploits to get into the user's system; nevertheless, so far the design of Tor itself seems to be functioning as planned.
Comments (23 posted)
Friday's security updates
[Security] Posted Oct 4, 2013 14:18 UTC (Fri) by n8willis
Fedora has updated icedtea-web (F18; code execution) and
rubygems (F18; F19: denial of service).
Gentoo has updated perl-Module-Signature (code execution).
openSUSE has updated boost
(input validation bypass).
Comments (none posted)
Intel powers an Arduino for the first time with new “Galileo” board (ars technica)
[Announcements] Posted Oct 3, 2013 23:13 UTC (Thu) by jake
Ars technica covers Intel's announcement of the Galileo development board, which contains a Quark 32-bit x86 CPU and is targeted at the "Internet of Things". It was designed in conjunction with Arduino and has connections for existing Arduino "shields" in addition to USB, Ethernet, RS-232 serial, and PCIe. "Intel will be donating 50,000 Galileo boards to universities around the world as part of the collaboration, and it will be available to hobbyists for $60 or less by November 29. That price makes Galileo quite competitive with existing Arduino boards, most of which aren't as feature complete. Intel promises full compatibility with Arduino software and existing hardware, which could make this a very attractive board for complex projects." Galileo is also open hardware, with schematics and other information available at its home page.
Comments (23 posted)
Security advisories for Thursday
[Security] Posted Oct 3, 2013 15:35 UTC (Thu) by jake
Fedora has updated kernel (F18:
random number reuse in ansi_cprng).
Mandriva has updated proftpd
(BS1.0, ES5.0: denial of service).
Oracle has updated ccid (OL5:
code execution), kernel (OL5; OL6: denial of service), php53 (OL5: multiple vulnerabilities), sudo (OL5: three privilege escalation flaws),
and xinetd (OL5: information leak).
Red Hat has discontinued updates for acroread because Adobe has stopped updating
it. The "update" will disable the web browser plugin.
SUSE has updated icedtea-web
(SLE11 SP2, SP3: two code execution flaws).
Comments (none posted)
Garrett: The state of XMir
[Development] Posted Oct 3, 2013 6:57 UTC (Thu) by corbet
Matthew Garrett has posted an assessment of where XMir
development stands. "This is an unfortunate situation to be
in. Ubuntu Desktop was told that they were switching to XMir, but Mir
development seems to be driven primarily by the needs of Ubuntu Phone. XMir
has to do things that no other Mir client will ever cope with, and unless
Mir development takes that into account it's inevitably going to suffer
breakage like this. Canonical management needs to resolve this if there's
any hope of ever shipping XMir as the default desktop environment."
Comments (3 posted)
Security advisories for Wednesday
[Security] Posted Oct 2, 2013 16:18 UTC (Wed) by ris
Fedora has updated libvirt (F19:
multiple vulnerabilities), python-djblets
(F18: multiple vulnerabilities), and ReviewBoard (F18: multiple vulnerabilities).
Red Hat has updated MRG Grid (RHEL6; RHEL5: denial of service).
Ubuntu has updated nas (13.04;
12.10; 12.04 LTS: multiple vulnerabilities) and python3.3 (13.04; 12.10: multiple vulnerabilities).
Comments (none posted)
No Mir by default in Ubuntu 13.10
[Distributions] Posted Oct 2, 2013 6:21 UTC (Wed) by corbet
Developers at Canonical have concluded that the Mir desktop server (or,
more specifically, the XMir layer) will not be ready in time to be shipped
as the default configuration in the 13.10 release — though they do still
plan to go with Mir for Ubuntu Touch. "More specifically, the
multi-monitor support in XMir is working, but not to the extent we'd like
to see it for all of our users. The core of Mir is working reliable, but
with XMir being a key component for our 13.10 goals, we didn't want to
compromise overall Ubuntu quality by shipping it."
Full Story (comments: 51)
Rempt: Ten years of working on Krita
[Development] Posted Oct 1, 2013 23:44 UTC (Tue) by jake
On his blog, Boudewijn Rempt has an interesting walk down memory lane about the history of the Krita digital painting program. It started its life in 1998 as a Qt wrapper around GIMP, called "kimp", though the first real Krita code came from a KOffice application called KImage, which changed to KImageShop, Krayon, and, finally, in 2002, Krita (Swedish for crayon). His account has controversies, flame wars, development setbacks, and more, resulting in the high-quality application that we have today.
"I didn't know C++ back then, but neither was I a novice programmer. I'd been earning the daily bread for me and my family for about ten years, first as an Oracle PL/SQL developer, then Visual Basic, then Java. I had written and gotten published a book on Python and Qt, so I knew Qt as well. I had no experience with graphics, though...
In October 2003 it was not possible to paint with Krita: all tools except for the layer move tool had been disabled. The paint tool was the first thing I worked on, and I was very proud when I had a tool that could place squares on the canvas -- and the size of the squares was sensitive to the tablet pressure!"
Comments (8 posted)
--> More news items
|