Welcome to LWN.net

LWN featured content

It's hard to say why, but May appears to be the month where we look in on PyPy. Three years ago, we had a May 2010 introduction to PyPy, followed by an experiment using it in May 2011. This year, the PyPy 2.0 release was made on May 9—that, coupled with our evident tradition, makes for a good reason to look in on this Python interpreter written in Python. Subscribers can click below for our report on the release from this week's edition.

Full Story (comments: 9)

In Berkeley, California — the birthplace of PostgreSQL — it's spring: plum and cherry blossoms, courting finches and college students, new plans for the summer, and the first beta release of the database system. Every year, the first beta of the next PostgreSQL version comes out in April or May, for a final release in September. PostgreSQL 9.3 beta 1 was released to the public on May 13th, and contains a couple dozen new features both for database administrators and application developers. Subscribers can click below for a look at some of the new features by guest author Josh Berkus.

Full Story (comments: 29)

On a typical Linux system, each running CPU will be diverted between 100 and 1000 times each second by the periodic timer interrupt. That interrupt is the CPU's cue to reconsider which process should be running, catch up with read-copy-update (RCU) callbacks, and generally handle any necessary housekeeping. This periodic "tick" can be reasonably compared to the infamous big kernel lock (BKL): it is convenient to have around, but it also has an effect on performance that makes developers wish to abolish it. The key difference might be that getting rid of the timer tick has taken rather longer than was required to eliminate the BKL. The 3.10 kernel will take an important step in that direction, though, with the addition of the "full NOHZ" mode — but a lot of limitations still apply.

Full Story (comments: 23)

The Linux Foundation Collaboration Summit (LFCS) seems to be a likely venue for an update on the status of building the kernel with Clang/LLVM. Both in 2011 and 2012, we covered those updates. LFCS 2013 continued the trend as LLVMLinux project lead Behan Webster presented the status and plans for the project at LFCS. The gathering lived up to its name as well, since two problems faced by the project were solved through collaboration at the summit.

Full Story (comments: 18)

Since the advent of object-oriented programming languages around the time of Smalltalk in the 1970s, inheritance has been a mainstay of the object-oriented vision. It is therefore a little surprising that both "Go" and "Rust" — two relatively new languages which support object-oriented programming — manage to avoid mentioning it. In this subscriber-only article, Neil Brown looks at how this classic object-oriented concept has evolved in two recent languages.

Full Story (comments: 26)

As open source becomes more popular and mature, questions of formalizing the governance and corporate structures of projects are becoming of increasing importance, as can been seen by the rising visibility of various FOSS foundations. At the Linux Foundation Collaboration Summit in San Francisco, Tony Sebro shared his insights about the value that fiscal sponsors bring as umbrella organizations for FOSS projects. Sebro is the General Counsel of Software Freedom Conservancy, which is the home of about 30 free and open source projects, including Samba, Git, and BusyBox.

Click below (subscribers only) for the full report by Martin Michlmayr.

Full Story (comments: 8)

The 2013 Linux Storage, Filesystem, and Memory Management Summit was held April 18 and 19 in San Francisco, California, immediately after the Linux Foundation's Collaboration Summit. The first set of notes from that gathering is now available; at this point, we have most of the plenary sessions and the entire memory management track written up. The rest of our notes from the Summit will be added in the near future.

Full Story (comments: none)

Since the demise of core memory, there has been a fundamental dichotomy in data storage technology: memory is either fast and ephemeral, or slow and persistent. The situation is changing, though, and that leads to some interesting challenges for the Linux kernel. How will we adapt to the coming world where nonvolatile memory (NVM) devices are commonplace? Ric Wheeler led a session at the 2013 Linux Foundation Collaboration Summit to discuss this issue.

Full Story (comments: 24)

Rust, the new programming language being developed by the Mozilla project, has a number of interesting features. One that stands out is the focus on safety. There are clear attempts to increase the range of errors that the compiler can detect and prevent, and thereby reduce the number of errors that end up in production code.

Click below (subscribers only) for an overview of the Rust language by LWN contributor Neil Brown.

Full Story (comments: 81)

Given Eben Moglen's long association with the Free Software Foundation, his work on drafting the GPLv3, and his role as President and Executive Director of the Software Freedom Law Center, his talk at the 2013 Free Software Legal and Licensing Workshop promised to be thought-provoking. He chose to focus on two topics that he saw as particularly relevant for the free software ecosystem within the next five years: patents and the decline of copyleft licenses.

Full Story (comments: 56)

Current news

Sony has announced the availability of an Android Open Source Project distribution for its Xperia Tablet Z device. "For all you developers out there, of course this means you can now access the software and contribute to this project. And this is all before the tablet is even available in the US. A special thanks to our Sony Mobile team for helping us create the package early and a huge thanks to the Android developer community for all your support. We can’t wait to see what you’ll do with the code." Source is available on GitHub.

Comments (18 posted)

CentOS has updated kernel (C6; perf privilege escalation) and libvirt (denial of service).

Fedora has updated thunderbird (multiple vulnerabilities).

openSUSE has updated flash-player (multiple vulnerabilities).

Oracle has updated kernel (OL5, OL6; perf privilege escalation) and libvirt (denial of service).

Red Hat has updated kernel (RHEL 6, RHEL 6.3; perf privilege escalation) and libvirt (denial of service).

Scientific Linux has updated kernel (perf privilege escalation) and libvirt (denial of service).

Slackware has updated ruby (object taint bypassing) and thunderbird (multiple vulnerabilities).

SUSE has updated flash-player (multiple vulnerabilities).

Ubuntu has updated kernel-ec2 (10.04 LTS; multiple vulnerabilities), openstack-keystone (delayed token invalidation) and openstack-nova (denial of service).

Comments (none posted)

The New Yorker magazine has started a service called Strongbox that allows anonymous information to be sent to magazine. It is based on the DeadDrop free software project that was created by the late Aaron Swartz, which uses the Tor network to preserve anonymity. The magazine also has an article by Kevin Poulsen, who organized the project, about its history. "In New York, a computer-security expert named James Dolan persuaded a trio of his industry colleagues to meet with Aaron to review the architecture and, later, the code. We wanted to be reasonably confident that the system wouldn't be compromised, and that sources would be able to submit documents anonymously—so that even the media outlets receiving the materials wouldn't be able to tell the government where they came from."

Comments (25 posted)

Groklaw is celebrating its tenth anniversary. "Thank you for sticking to the job for ten years without giving out, and for funding the necessary activities that make Groklaw Groklaw. We made a difference in this old world. It's an achievement we can tell our grandchildren about some day. Not everyone can say that, but we actually made a difference. And nobody can take that away from us."

Comments (none posted)

CentOS has updated openswan (C5; C6: code execution).

Debian has updated kernel (many vulnerabilities).

Fedora has updated openvpn (F17; F18: possible plaintext recovery) and clamav (F18: multiple vulnerabilities).

Mageia has updated flash-player-plugin (many vulnerabilities).

Oracle has updated thunderbird (OL6: multiple vulnerabilities), firefox (OL5; OL6: multiple vulnerabilities), and openswan (OL5; OL6: code execution).

Red Hat has updated openswan (code execution).

Slackware has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).

Ubuntu has updated kernel (10.04: multiple vulnerabilities) and kernel (12.04; 12.10; 13.04; 12.04 Quantal hardware enablement kernel: perf privilege escalation).

Comments (2 posted)

Libre Graphics World looks at the use of Blender in 3D printing; the recent 2.67 release includes a "3D printing toolbox." "While Blender cannot help with making actual devices easier to use, it definitely could improve designing printable objects. And that's exactly what happened last week, when Blender 2.67 was released."

Comments (3 posted)

CentOS has updated firefox (C6; C5: multiple vulnerabilities) and thunderbird (C6; C5: multiple vulnerabilities). CentOS has also released a testing kernel that fixes CVE-2013-2094 (more information).

Debian has updated kernel (multiple vulnerabilities).

Fedora has updated tinc (F18; F17: code execution), xen (F18; F17: denial of service), and curl (F18: cookie information disclosure).

Mandriva has updated firefox (multiple vulnerabilities).

Red Hat has updated firefox (multiple vulnerabilities), thunderbird (multiple vulnerabilities), java-1.7.0-ibm (multiple vulnerabilities), java-1.6.0-ibm (multiple vulnerabilities), flash-plugin (multiple vulnerabilities), and acroread (multiple vulnerabilities).

Scientific Linux has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).

Ubuntu has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).

Comments (none posted)

Commit b0a873ebb, merged for the 2.6.37 kernel, included an out of bounds reference bug that went undetected until Tommi Rantala discovered it with the Trinity fuzzing tool this April. It wasn't seen as a security bug by the kernel developers until an exploit was posted; the problem is now known as CVE-2013-2094. Mainline kernels 2.6.37-3.9 are vulnerable, but Red Hat also backported the bug into the 2.6.32-based kernel found in RHEL6. Expect distributor updates shortly.

Comments (34 posted)

Canonical has announced that the Ubuntu kernel team will be providing stable updates for the 3.8 kernel now that Greg Kroah-Hartman has moved on. This support will last as long as support for the Ubuntu 13.04 release: through August 2014. "We welcome any feedback and contribution to this effort. We will be posting the first review cycle patch set in a week or two."

Full Story (comments: 21)

Ben Hutchings has released stable kernel 3.2.45 with lots of important fixes throughout the tree.

Comments (none posted)

--> More news items