Welcome to LWN.net

LWN featured content

Designing an enumeration type (i.e. "enum") for a language may seem like a straightforward exercise, but the recently "completed" discussions over Python's PEP 435 show that it has a few wrinkles. The discussion spanned several long threads in two mailing lists (python-ideas, python-devel) going back to January in this particular iteration, but the idea is far older than that. Subscribers can click below for the full article from this week's edition.

Full Story (comments: 4)

Local privilege escalations seem to be regularly found in the Linux kernel these days, but they usually aren't quite so old—more than two years since the release of 2.6.37—or backported into even earlier kernels. But CVE-2013-2094 is just that kind of bug, with a now-public exploit that apparently dates back to 2010.

Click below (subscribers only) for LWN's look at this vulnerability.

Full Story (comments: 31)

It's hard to say why, but May appears to be the month where we look in on PyPy. Three years ago, we had a May 2010 introduction to PyPy, followed by an experiment using it in May 2011. This year, the PyPy 2.0 release was made on May 9—that, coupled with our evident tradition, makes for a good reason to look in on this Python interpreter written in Python. Subscribers can click below for our report on the release from this week's edition.

Full Story (comments: 9)

In Berkeley, California — the birthplace of PostgreSQL — it's spring: plum and cherry blossoms, courting finches and college students, new plans for the summer, and the first beta release of the database system. Every year, the first beta of the next PostgreSQL version comes out in April or May, for a final release in September. PostgreSQL 9.3 beta 1 was released to the public on May 13th, and contains a couple dozen new features both for database administrators and application developers. Subscribers can click below for a look at some of the new features by guest author Josh Berkus.

Full Story (comments: 30)

On a typical Linux system, each running CPU will be diverted between 100 and 1000 times each second by the periodic timer interrupt. That interrupt is the CPU's cue to reconsider which process should be running, catch up with read-copy-update (RCU) callbacks, and generally handle any necessary housekeeping. This periodic "tick" can be reasonably compared to the infamous big kernel lock (BKL): it is convenient to have around, but it also has an effect on performance that makes developers wish to abolish it. The key difference might be that getting rid of the timer tick has taken rather longer than was required to eliminate the BKL. The 3.10 kernel will take an important step in that direction, though, with the addition of the "full NOHZ" mode — but a lot of limitations still apply.

Full Story (comments: 26)

The Linux Foundation Collaboration Summit (LFCS) seems to be a likely venue for an update on the status of building the kernel with Clang/LLVM. Both in 2011 and 2012, we covered those updates. LFCS 2013 continued the trend as LLVMLinux project lead Behan Webster presented the status and plans for the project at LFCS. The gathering lived up to its name as well, since two problems faced by the project were solved through collaboration at the summit.

Full Story (comments: 18)

Since the advent of object-oriented programming languages around the time of Smalltalk in the 1970s, inheritance has been a mainstay of the object-oriented vision. It is therefore a little surprising that both "Go" and "Rust" — two relatively new languages which support object-oriented programming — manage to avoid mentioning it. In this subscriber-only article, Neil Brown looks at how this classic object-oriented concept has evolved in two recent languages.

Full Story (comments: 31)

As open source becomes more popular and mature, questions of formalizing the governance and corporate structures of projects are becoming of increasing importance, as can been seen by the rising visibility of various FOSS foundations. At the Linux Foundation Collaboration Summit in San Francisco, Tony Sebro shared his insights about the value that fiscal sponsors bring as umbrella organizations for FOSS projects. Sebro is the General Counsel of Software Freedom Conservancy, which is the home of about 30 free and open source projects, including Samba, Git, and BusyBox.

Click below (subscribers only) for the full report by Martin Michlmayr.

Full Story (comments: 8)

The 2013 Linux Storage, Filesystem, and Memory Management Summit was held April 18 and 19 in San Francisco, California, immediately after the Linux Foundation's Collaboration Summit. The first set of notes from that gathering is now available; at this point, we have most of the plenary sessions and the entire memory management track written up. The rest of our notes from the Summit will be added in the near future.

Full Story (comments: none)

Since the demise of core memory, there has been a fundamental dichotomy in data storage technology: memory is either fast and ephemeral, or slow and persistent. The situation is changing, though, and that leads to some interesting challenges for the Linux kernel. How will we adapt to the coming world where nonvolatile memory (NVM) devices are commonplace? Ric Wheeler led a session at the 2013 Linux Foundation Collaboration Summit to discuss this issue.

Full Story (comments: 24)

Current news

Google has announced that it will be phasing out the file download feature for projects hosted on Google Code. "Downloads were implemented by Project Hosting on Google Code to enable open source projects to make their files available for public download. Unfortunately, downloads have become a source of abuse with a significant increase in incidents recently. Due to this increasing misuse of the service and a desire to keep our community safe and secure, we are deprecating downloads."

Comments (10 posted)

GigaOM asserts that Google will be taking over the desktop (regardless of the underlying operating system) with its Chrome browser. "For many Chrome is just a browser. For others who use a Chromebox or Chromebook, like myself, it’s my full-time operating system. The general consensus is that Chrome OS, the platform used on these devices, can only browse the web and run either extensions and web apps; something any browser can do. Simply put, the general consensus is wrong and the signs are everywhere."

Comments (4 posted)

The Electronic Frontier Foundation has sent out a release about how the US state of Vermont is going on the offensive against patent trolls. "Not content to strike back against a single troll, Vermont is also poised to pass a bill dealing with the problem as a whole. The Vermont House and Senate recently passed a bill to combat 'bad faith assertions of patent infringement'. And the latest word is that Vermont's governor is about to sign it into law."

Comments (2 posted)

CentOS has updated kernel (C5: denial of service).

Fedora has updated gallery3 (F18; F17: cross-site scripting) and openstack-keystone (F18: multiple vulnerabilities).

Mandriva has updated krb5 (UDP ping-pong flaw in kpasswd).

Red Hat has updated kernel (RHEL5: denial of service).

Scientific Linux has updated kernel (SL5: denial of service).

SUSE has updated java-1_6_0-openjdk (multiple vulnerabilities) and kernel (privilege escalation).

Ubuntu has updated libtiff (two vulnerabilities).

Comments (none posted)

While it is not an official Debian release, the Debian GNU/Hurd team has announced the release of Debian GNU/Hurd 2013. GNU Hurd is a Unix-style kernel based on the Mach microkernel and Debian GNU/Hurd makes much of the Debian system available atop that kernel.

Comments (21 posted)

Version 1.5.0 of the QEMU hardware emulator is out. "This release was developed in a little more than 90 days by over 130 unique authors averaging 20 commits a day. This represents a year-to-year growth of over 38 percent making it the most active release in QEMU history." Some of the new features include KVM-on-ARM support, a native GTK+ user interface, and lots of hardware support and performance improvements. See the change log for lots of details.

Full Story (comments: 6)

Fedora has updated tomcat (F18; F17: information disclosure) and krb5 (F18: UDP ping-pong flaw in kpasswd).

openSUSE has updated tiff (12.2; 12.1: buffer overflows) and clamav (12.2; 12.1: multiple vulnerabilities).

Red Hat has updated kernel-rt (multiple vulnerabilities) and kernel (RHEL 6.2 EUS; RHEL 6.1 EUS: privilege escalation).

Slackware has updated kernel (privilege escalation).

Comments (none posted)

A new kernel tracing tool called "ktap" has made its first release. "KTAP have different design principles from Linux mainstream dynamic tracing language in that it's based on bytecode, so it doesn't depend upon GCC, doesn't require compiling a kernel module, safe to use in production environment, fulfilling the embedded ecosystem's tracing needs." It's in an early state; the project is looking for testers and contributors.

Comments (10 posted)

The second 3.10 kernel prepatch is out for testing. "For being an -rc2, it's not unreasonably sized, but I did take a few pulls that I wouldn't have taken later in the rc series. So it's not exactly small either. We've got arch updates (PPC, MIPS, PA-RISC), we've got driver fixes (net, gpu, target, xen), and we've got filesystem updates (btrfs, ext4 and cepth - rbd)."

Comments (none posted)

Fedora has updated mediawiki (F18; F17: multiple vulnerabilities) and libtiff (F17: buffer overflows).

Mageia has updated kernel (multiple vulnerabilities), kernel-linus (multiple vulnerabilities), kernel-tmb (multiple vulnerabilities), kernel-rt (multiple vulnerabilities), and kernel-vserver (multiple vulnerabilities).

openSUSE has updated telepathy-idle (certificate validation error) and gnutls (plaintext recovery).

SUSE has updated acroread (multiple vulnerabilities), and oracle-update (SM 1.7; SM 1.2: multiple vulnerabilities).

Comments (none posted)

--> More news items