LWN featured content
[$] XBMC 11 "Eden"
[Development] Posted Feb 8, 2012 17:01 UTC (Wed) by jake
XBMC, the open source media center, has
steadily grown from its humble origins as an X-Box only replacement
environment into the cross-platform, de facto playback front-end
for multimedia content. It merges the file-centric approach taken by
traditional video players with an add-on scripting environment that handles
remote web content. The project is currently finalizing its next major
release, version 11.0 (codenamed Eden), which includes updates
to the networking and video acceleration subsystems, broader hardware
support, and numerous changes to the APIs available to add-on developers.
Click below (subscribers only) for the full review.
Full Story (comments: 11)
A tempest in a toybox
[Front] Posted Feb 1, 2012 16:26 UTC (Wed) by corbet
The eLinux.org web site is currently promoting a project to write
a replacement for Busybox under a permissive license. Normally, the
writing of more free software is seen as a good thing, but, in this case,
there have been complaints about the
perceived motivation behind the project. What this
discussion shows is that there are some divisions within our community on
how our licenses should be enforced - and even what those licenses say.
Full Story (comments: 220)
Robots rampage (in a friendly way) at SCALE 10X
[Front] Posted Jan 25, 2012 19:50 UTC (Wed) by jake
"World domination" is a less prevalent theme in Linux and open source
discussions these days than it was some time ago, but it still comes up
regularly in one field of study: robots. At the 2012 Southern California
Linux Expo (SCALE) in Los Angeles, Willow Garage's Tully Foote
described the Robot Operating System
(ROS) project, an open source stack for state-of-the-art robotics. ROS is
in use by industry and academic research projects, often on hardware that
runs in the hundreds-of-thousands of dollars range, but it is capable of
running on low end and homebrew robots, too.
Click below (subscribers only) for the full report from SCALE 10x.
Full Story (comments: 4)
XFS: the filesystem of the future?
[Kernel] Posted Jan 20, 2012 20:01 UTC (Fri) by corbet
Linux has a lot of filesystems, but two of them (ext4
and btrfs) tend to get most of the attention. In his 2012 linux.conf.au
talk, XFS developer Dave Chinner served notice that he thinks more users
should be considering XFS. His talk covered work that has been done to
resolve the biggest scalability problems in XFS and where he thinks things
will go in the future. If he has his way, we will see a lot more XFS
around in the coming years.
Full Story (comments: 252)
LCA: Addressing the failure of open source
[Front] Posted Jan 17, 2012 22:05 UTC (Tue) by corbet
Bruce Perens wore a suit and tie for his linux.conf.au 2012 keynote for a
reason, he said: it reflects our community's need to think more about how
it appears to the rest of the world. Despite our many successes, he said,
we have failed to achieve the goals that our community set for itself many
years ago. We have failed to engage and educate our users, and are finding
ourselves pulled into an increasingly constrained world. To get out of
this mess, we will have to make some changes - and expand our scope beyond
software and culture.
Full Story (comments: 157)
LCA: A Samba 4 update
[Front] Posted Jan 16, 2012 19:18 UTC (Mon) by corbet
The systems
administration miniconf at the 2012 linux.conf.au hosted 'a
casual conversation' with a group of core Samba developers on the project's
near future roadmap and the plans for Samba 4. Andrew "Tridge"
Tridgell led off by saying that the last a lot of people had heard about
the project's plans came from "an article
in a disreputable web site." The discussion reported on there was "very
exciting," in that it moved the project's point of view on the Samba 4
release from "someday" to "let's get ready for a release." Since then,
things have gotten quiet, but that does not mean that nothing has been
happening.
Click below (subscribers only) for the full report from LCA 2012.
Full Story (comments: 13)
Denial of service via hash collisions
[Security] Posted Jan 11, 2012 20:23 UTC (Wed) by jake
Developers for several scripting language projects are currently scrambling
to fix a newly-disclosed denial of service vulnerability caused by
predictable hashing algorithms. As it happens, the term "newly disclosed"
does not quite apply here, though: the problem has been known since 2003.
Click below (subscribers only) for a description of this problem, its
history, and its solution from this week's Security Page.
Full Story (comments: 74)
The Nook Tablet and the GPL
[Front] Posted Jan 10, 2012 20:36 UTC (Tue) by corbet
Recently, certain corners of the net have carried the claim that Barnes
& Noble is refusing to release the source for the kernel shipped in its
"Nook Tablet" book reader device. That, of course, would be a violation of the
kernel's licensing. GPL violations are far from unheard of in the mobile
electronics market, but B&N is a company with a high-enough profile to attract
special attention. A look at what is going on suggests that there is less
to the story than meets the eye - but it still merits a look.
Click below
(subscribers only) for the full story.
Full Story (comments: 74)
The logger meets linux-kernel
[Kernel] Posted Jan 4, 2012 19:20 UTC (Wed) by corbet
Toward the end of December, LWN looked at the
new push to move various subsystems specific to Android kernels into
the mainline. There seems to be broad agreement that merging this code
makes sense, but that agreement becomes rather less clear once the
discussion moves to the merging of specific subsystems. Tim Bird's request for comments on the Android "logger"
mechanism shows that, even with a relatively simple piece of code, there is
still a lot of room for disagreement and problems can turn out to be larger
than expected.
Full Story (comments: 42)
Linux at the end of the world (our 2012 predictions)
[Front] Posted Jan 3, 2012 21:56 UTC (Tue) by corbet
Welcome to 2012. This is the first LWN Weekly Edition of the year, and
that can only mean one thing: it is time for your editor to go out on a
limb and make a number of predictions for the coming year that, by the end
of the year, will look thoroughly clueless and misguided. Even your editor
can foresee, though, that it is going to be an interesting and highly
political year. Click below (subscribers only) to see what foolishness has
been predicted for 2012.
Full Story (comments: 91)
| |
Current news
Day: A New Approach to GNOME Application Design
[Development] Posted Feb 11, 2012 4:57 UTC (Sat) by jake
GNOME design team member Allan Day writes about ideas in GNOME 3 application design on his blog. In the article, he looks at the use of maximized windows, views, primary toolbars, and more. The design team is documenting these ideas in a new version of the GNOME Human Interface Guidelines (HIG). "There are many other application design patterns that we've been working on, including application menus, a new grid view for displaying collections of content, in-app notifications, new models for dialogs, nice full screen controls and a sidebar list pattern. Together, these provide the opportunity to create applications that efficient, modern, elegant, and a pleasure to use."
Comments (50 posted)
Welte: Some comments on the heated debate on SFC / Busybox / Linux GPL enforcement
[Announcements] Posted Feb 10, 2012 21:47 UTC (Fri) by jake
Over on his blog, Harald Welte comments on GPL enforcement in light of the Busybox/Toybox controversy. "In any kind of GPL enforcement, you of course not only want the complete corresponding source code to one program, but to all of the GPL/LGPL/AGPL or otherwise copyleft licensed programs contained in the product. We at gpl-violations.org have always been requesting the complete corresponding source code to all GPL licensed software during our communication with the infringing companies. This request was typically honored by everyone, without the need to apply any pressure onto it. After all, releasing only one bit of code causes the risk to get sued by somebody else who owns the other not-yet-compliant part of the code. [...] Now there have been rumors that SFC was not only requesting non-Busybox source code, but also making it a condition for the explicit re-instatement of the license on Busybox. Whether or not there was such a hard condition is subject to debate and there are different opinions on it. For those in the field of FOSS licensing, it has always known that there are different lines of thought with regard to the requirement to explicit reinstatement. We in Germany generally think that it is not required at all, and the existing preliminary injunctions at least implicitly acknowledge that as they enjoin companies from distributing a product as long as it is not in compliance with the license. In other (particularly the U.S.), it is generally assumed that explicit reinstatement is required."
Comments (24 posted)
Friday's security updates
[Security] Posted Feb 10, 2012 18:28 UTC (Fri) by ris
CentOS has updated C5: kernel (multiple vulnerabilities).
Fedora has updated F15: firefox
(multiple vulnerabilities), F15:
thunderbird (multiple vulnerabilities), F15: xulrunner (multiple vulnerabilities), F15: perl-gtk2-mozembed (multiple
vulnerabilities), F15:
gstreamer-plugins-bad-free (multiple vulnerabilities), F15: libvpx (multiple vulnerabilities), F15: gnome-python2-extras (multiple
vulnerabilities), F15:
thunderbird-lightning (multiple vulnerabilities), and F15: znc (denial of service).
Ubuntu has updated openssl (multiple
vulnerabilities) and php (multiple vulnerabilities).
Comments (1 posted)
Wayland and Weston 0.85.0 released
[Development] Posted Feb 10, 2012 18:13 UTC (Fri) by corbet
The first official releases of the Wayland display system, now split into
two pieces called "Wayland" and "Weston," are now
available. What's not immediately available is a lot of information about
what capabilities are in this release or how usable it is. "Wayland
is the protocol and IPC mechanism while Weston is the reference compositor
implementation. The 0.85 branch in both repositories is going to be
protocol and interface stable. We have a series of protocol changes on the
table before 1.0 but this branch marks a stable point before we jump into
that."
Full Story (comments: 16)
The Chromium Blog on the future of JavaScript
[Development] Posted Feb 10, 2012 17:08 UTC (Fri) by corbet
The Chromium Blog has an
overview of the new JavaScript features expected in a major revision of
the language next year. "A proxy simulates a JavaScript object or
function, and can customize just about any aspect of their behaviour that
you can imagine. This is a real power feature, that takes reflection to a
new level and can be used to implement various advanced abstractions and
interfaces."
Comments (7 posted)
Jury rules that Eolas's "interactive web" patent is invalid (ars technica)
[Announcements] Posted Feb 9, 2012 23:40 UTC (Thu) by jake
Well, that was quick. The jury in a patent lawsuit against eight companies that use "interactive web" technologies has found the Eolas Technologies patent to be invalid, according to a report at ars technica. "[Tim] Berners-Lee took to Twitter to cheer the decision. 'Texas jury agreed Eolas 906 patent invalid,' he wrote. 'Good thing too!'
[...]
Companies that depend on the open Web hailed the verdict. 'We are pleased that the court found the patents invalid, as it affirms our assertion that the claims are without merit,' a Google spokesperson told Ars."
Comments (47 posted)
Lima driver code for the Mali GPU released
[Kernel] Posted Feb 9, 2012 23:24 UTC (Thu) by jake
The Lima driver project has released the code for its open source graphics driver supporting the Mali-200 and Mali-400 GPUs. "The aim of this driver is to finally bring all the advantages of open source software to ARM SoC graphics drivers. Currently, the sole availability of binary drivers is increasing development and maintenance overhead, while also reducing portability, compatibility and limiting choice. Anyone who has dealt with GPU support on ARM, be it for a linux with a GNU stack, or for an android, knows the pain of dealing with these binaries. Lima is going to solve this for you, but some time is needed still to get there." (Thanks to Paul Wise.)
Comments (9 posted)
Security advisories for Thursday
[Security] Posted Feb 9, 2012 20:49 UTC (Thu) by jake
CentOS has updated squirrelmail (C4; C5:
multiple vulnerabilities) and mysql (C6:
multiple unspecified vulnerabilities).
Debian has updated icedove (multiple
vulnerabilities) and cvs (remote code execution).
Fedora has updated ettercap (F15; F16:
insecure settings file), mysql (F16:
multiple unspecified vulnerabilities), maniadrive (F16:
PHP remote code execution), php (F16:
remote code execution), php-eaccelerator
(F16: remote code execution), and samba
(F16: denial of service).
Mandriva has updated wireshark
(multiple vulnerabilities).
openSUSE has updated firefox
(multiple vulnerabilities), curl
(authentication bypass), powerdns (denial
of service), kernel (11.3; 11.4: multiple
vulnerabilities), kvm (two
vulnerabilities), tomcat6 (multiple
vulnerabilities), apache2 (11.3; 11.4: multiple
vulnerabilities), squid3 (denial of
service), gnutls (denial of service), dovecot20 (certificate spoofing), xorg-x11-server (two vulnerabilities), ruby (multiple vulnerabilities), curl (multiple vulnerabilities), firefox (multiple vulnerabilities), nginx (code execution), lighttpd (denial of service), sysconfig (code execution), and opera (multiple vulnerabilities).
Oracle has updated squirrelmail (OL4; OL5:
multiple vulnerabilities) and mysql (OL6:
multiple unspecified vulnerabilities).
Red Hat has updated squirrelmail
(RHEL 4&5: multiple vulnerabilities), libxml2 (RHEL 5.6: code execution), mysql (RHEL 6: multiple unspecified vulnerabilities), and kernel (RHEL 5: multiple vulnerabilities).
Scientific Linux has updated squirrelmail (SL4&5: multiple
vulnerabilities) and mysql (SL6: multiple
unspecified vulnerabilities).
SUSE has updated xulrunner (SLE 11
SP1: multiple vulnerabilities) and firefox
(SLE 10 SP4: multiple vulnerabilities).
Comments (1 posted)
Trustwave admits issuing man-in-the-middle digital certificate (ComputerWorld)
[Security] Posted Feb 9, 2012 17:20 UTC (Thu) by corbet
Here's a variant on the "untrustworthy SSL certificate authority" theme: this
ComputerWorld story describes how Trustwave issued a "subordinate root"
certificate to a private company. That allowed said company to stamp out
certificates for any domains it liked and conduct man-in-the-middle attacks
against SSL traffic from its internal network. "Trustwave defended
itself by saying that the issuing of subordinate roots to private
companies, so they can inspect the SSL-encrypted traffic that passes
through their networks, is a common practice in the industry."
Comments (39 posted)
Patent troll claims ownership of interactive Web—and might win (ars technica)
[Announcements] Posted Feb 9, 2012 16:40 UTC (Thu) by jake
Ars technica is reporting on a patent trial taking place in ... you guessed it ... East Texas that could have quite an impact on the web as we know it. Eolas Technologies is suing eight companies including Google and Yahoo for $600 million in a series of four trials, the first of which (to determine the validity of the patents) could go to the jury today.
"Today, Doyle and his lawyers say he’s owed royalty payments for the use of a stunning array of modern Web technologies. Watching online video, having a "search suggestion" pop up in a search bar, or even rotating an image of a sweater you might want to buy on an online shopping site—all are said to infringe on the idea-space of Doyle and his company, Eolas Technologies."
Comments (3 posted)
--> More news items
|