Welcome to LWN.net

LWN featured content

An unfortunate drawback to the scratch-your-own-itch development model on which many free software projects depend is that creators can lose interest. Without a maintainer, code gets stale and users are either stranded or simply jump ship to a competing project. If the community is lucky, new developers pick up where the old ones left off, and a project may be revived or even driven to entirely new levels of success. On the other hand, it is also possible for multiple people to start their own forks of the code base, which can muddy the waters in a hurry—as appears to be happening at the moment with the 2D animation tool Pencil. Plenty of people want to see it survive, which has resulted in a slew of individual forks.

Full Story (comments: 4)

The Ubuntu desktop has been committed to the Unity shell for some time; more recently, Canonical also announced that Ubuntu will be moving over to the new, in-house Mir display server. That decision raised a number of eyebrows at the time, given that most of the desktop Linux community had long since settled on Wayland as its way forward. As time passes, though, the degree to which Canonical is breaking from the rest of the community is becoming increasingly clear. The Linux desktop could never be described as being "unified," but the split caused by projects like Mir and SurfaceFlinger may prove to be more profound than the desktop wars of the past.

Full Story (comments: 108)

This year's pgCon, which concluded May 25th, included an unusually high number of changes to the PostgreSQL community, codebase, and development. Contributors introduced multiple new major projects which will substantially change how people use PostgreSQL, including parallel query, a new binary document store type, and pluggable storage. In addition, Tom Lane switched jobs, four new committers were selected, pgCon had the highest attendance ever at 256 registrations, and held its first unconference after the regular conference. Subscribers can click below for the report by guest author Josh Berkus.

Full Story (comments: 6)

The designers of a new programming language are probably most interested in the big features — the things that just couldn't be done with whichever language they are trying to escape from. So they are probably thinking of the type system, the data model, the concurrency support, the approach to polymorphism, or whatever it is that they feel will affect the expressiveness of the language in the way they want. But there are lots of little things to consider too, and guest author Neil Brown looks at some of them in an article from next week's edition.

Full Story (comments: 147)

As mobile and embedded processors get more complex — and more numerous — the interest in improving the power efficiency of the scheduler has increased. While a number of power-related scheduler patches exist, none seem all that close to merging into the mainline. Getting something upstream always looked like a daunting task; scheduler changes are hard to make in general, these changes come from a constituency that the scheduler maintainers are not used to serving, and the existence of competing patches muddies the water somewhat. But now it seems that the complexity of the situation has increased again, to the point that the merging of any power-efficiency patches may have gotten even harder.

Full Story (comments: 26)

When one is trying to determine if there are compliance problems in a body of source code—either code from a device maker or from someone in the supply chain for a device—the sheer number of files to consider can be a difficult hurdle. A simple technique can reduce the search space significantly, though it does require a bit of a "leap of faith", according to Armijn Hemel. He presented his technique, along with a case study and a war story or two at LinuxCon Japan.

Full Story (comments: 6)

Linus Torvalds and Dirk Hohndel sat down at LinuxCon Japan 2013 for a "fireside chat" (sans fire), ostensibly to discuss where Linux is going. While they touched on that subject, the conversation was wide-ranging over both Linux and non-Linux topics, from privacy to diversity and from educational systems to how operating systems will look in 20-30 years. Subscribers can click below for the full story from this week's edition.

Full Story (comments: 100)

According to Btrfs developer Chris Mason, tuning Linux filesystems to work well on solid-state storage devices is a lot like working on an old, clunky car. Lots of work goes into just trying to make the thing run with decent performance. Old cars may have mainly hardware-related problems, but, with Linux, the bottleneck is almost always to be found in the software. It is, he said, hard to give a customer a high-performance device and expect them to actually see that performance in their application. Fixing this problem will require work in a lot of areas. One of those areas, supporting and using atomic I/O operations, shows particular potential.

Click below (subscribers only) for the full report from LinuxCon Japan.

Full Story (comments: 19)

Certain projects are known for disclosing a large number of vulnerabilities at once; such behavior is especially common in company-owned projects where fixes are released in batches. Even those projects, though, rarely turn up with 30 new CVE numbers in a single day. But, on May 23, the X.org project did exactly that when it disclosed a large number of security vulnerabilities in various X client libraries — some of which could be more than two decades old.

Click below (subscribers only) for the full article.

Full Story (comments: 64)

Designing an enumeration type (i.e. "enum") for a language may seem like a straightforward exercise, but the recently "completed" discussions over Python's PEP 435 show that it has a few wrinkles. The discussion spanned several long threads in two mailing lists (python-ideas, python-devel) going back to January in this particular iteration, but the idea is far older than that. Subscribers can click below for the full article from this week's edition.

Full Story (comments: 23)

Current news

In what might be seen as a harbinger of license changes to come for MySQL, the MariaDB blog is reporting that the man pages for MySQL 5.5.31 have changed licenses. Formerly covered by the GPLv2, the man pages are now under a more restrictive license, the crux of which seems to be: "You may create a printed copy of this documentation solely for your own personal use. Conversion to other formats is allowed as long as the actual content is not altered or edited in any way. You shall not publish or distribute this documentation in any form or on any media, except if you distribute the documentation in a manner similar to how Oracle disseminates it (that is, electronically for download on a Web site with the software) or on a CD-ROM or similar medium, provided however that the documentation is disseminated together with the software on the same medium. Any other use, such as any dissemination of printed copies or use of this documentation, in whole or in part, in another publication, requires the prior written consent from an authorized representative of Oracle."

Comments (12 posted)

Debian has updated wireshark (multiple vulnerabilities).

Fedora has updated perl-Module-Signature (F18; F17: code execution) and rrdtool (F18: denial of service).

Mageia has updated qemu (unauthorized file access), telepathy-gabble (man-in-the-middle attack), owncloud (cross-site scripting), php (code execution), and dbus (denial of service).

openSUSE has updated X client vulnerabilities in the following packages: libxres, libxrandr, libdmx, libXxf86dga, libxcursor, libxtst, libxi, and libFS.

SUSE has updated kernel (SLE 11 SP2; SLE-RT 11 SP2: multiple vulnerabilities).

Ubuntu has updated libraw (code execution) and libkdcraw (code execution).

Comments (none posted)

Version 3.3 of the LLVM compiler suite is out. It adds support for a number of new architectures, features a number of performance improvements, and more. "3.3 is also a major milestone for the Clang frontend: it is now fully C++'11 feature complete. At this point, Clang is the only compiler to support the full C++'11 standard, including important C++'11 library features like std::regex. Clang now supports Unicode characters in identifiers, the Clang Static Analyzer supports several new checkers and can perform interprocedural analysis across C++ constructor/destructor boundaries, and Clang even has a nice 'C++'11 Migrator' tool to help upgrade code to use C++'11 features and a 'Clang Format' tool that plugs into vim and emacs (among others) to auto-format your code." See the release notes for details.

Full Story (comments: 10)

The Apache Software Foundation has announced a new release of "the most popular and widely-used Open Source version control system" — Subversion 1.8.0. "Since their introduction in prior releases, Subversion’s merge tracking and tree conflict detection features have been critical to its ability to serve projects where branching and merging happens often. The 1.8.0 version improves these features, further automating the client-side merge functionality and improving both tree conflict detection during merge operations and tree conflict resolution during update operations. Additionally, the Subversion client now tracks moves of working copy items as first-class operations, which brings immediate benefit to users today and is a key step toward more thorough system-wide support for moved and renamed objects in a future release."

Comments (23 posted)

Debian has updated fail2ban (denial of service).

Fedora has updated kdeplasma-addons (F17: weak passwords generated by PasteMacroExpander) triggering a long list of KDE updates. See last Wednesday's security updates to see a similar list of packages.

Mandriva has updated owncloud (cross-site scripting).

openSUSE has updated libxvmc (multiple vulnerabilities) and libxinerama (multiple vulnerabilities).

SUSE has updated kernel (multiple vulnerabilities).

Comments (none posted)

Groklaw reports that the SCO lawsuit against IBM has officially been reopened. "The thing that makes predictions a bit murky is that there are some other motions, aside from the summary judgment motions, that were also not officially decided before SCO filed for bankruptcy that could, in SCO's perfect world, reopen certain matters. I believe they would have been denied, if the prior judge had had time to rule on them. Now? I don't know. There was a SCO motion for reconsideration pending and one objection to an earlier ruling, and a motion to supplement its list of allegedly misused materials. How any of this survives the Novell victory is unknown to me, but SCO are a clever, clever bunch."

Comments (48 posted)

Linus has announced the 3.10-rc6 kernel prepatch, noting that the patch rate (226 changes since -rc5) seems to be slowing a little bit. "But even if you're a luddite, and haven't yet learnt the guilty pleasures of a git workflow, you do want to run the latest kernel, I'm sure. So go out and test that you can't find any regressions. Because we have fixes all over..."

Comments (none posted)

The H looks at the recent 3.2 release of the Ardour digital audio workstation, highlighting the addition of video support. Specifically, Ardour does not edit video, but allows users to import it for synchronizing with audio content. "The new video feature can display imported video tracks with frame-by-frame granularity in a timeline and allows users to lock audio tracks to individual video frames. After the editing work is done, users can then export the mixed audio track into a new video file."

Comments (none posted)

Fedora has updated gallery3 (F17, F18; insecure URL handling) and xen (multiple vulnerabilities).

Mandriva has updated apache (multiple vulnerabilities) and subversion (denial of service).

openSUSE has updated libxcb (integer overflow), libXext (multiple vulnerabilities), libXfixes (integer overflow), libXt (multiple vulnerabilities), libXrender (integer overflow), libXv (multiple vulnerabilities), nfs-utils (12.2, 12.3; information disclosure), nginx (information disclosure), subversion (multiple vulnerabilities) and telepathy-gabble (TLS bypass).

Oracle has updated kernel (OL5, OL6; multiple vulnerabilities).

Scientific Linux has updated krb5 (denial of service).

Ubuntu has updated kernel (10.04, 10.04 EC2, 12.04, 12.04 OMAP4, 12.04 HWE, 12.10, 12.10 OMAP4, 13.04 OMAP4; multiple vulnerabilities), keystone (insecure authentication), and libdbus (denial of service).

Comments (none posted)

On his blog, Michael Meeks has a look at some of the less visible (to the user) changes to LibreOffice for 4.1. He describes changes like the completion of the switch to GNU make, code cleanup (including more German comment translation), eliminating bugs that result in crashes, refactoring the Calc spreadsheet core, and more. "One of the tasks that most irritates and has distracted new developers from doing interesting feature work on the code-base over many years has been our build system. At the start of LibreOffice, there was an incomplete transition to using GNU make, which required us to use both the horrible old dmake tool as well as gnumake, with configure using a Perl script to generate a shell script configuring a set of environment variables that had to be sourced into your shell in order to compile (making it impossible to re-configure from that shell), with a Perl build script that batched compilation with two layers of parallelism, forcing you to over- or undercommit on any modern builder."

Comments (94 posted)

--> More news items