Welcome to LWN.net

[Press] Posted Aug 29, 2008 19:54 UTC (Fri) by ris

Harald Welte reports in a blog post that VIA has released an open source Xorg driver for their integrated graphics chips. "I am very happy to see this! It's one more step that VIA has been working on to improve and show their support for Free Software and Linux. Please notice that this driver (as opposed to VIA's proprietary binary-only Xorg driver) has no support for 3D, hardware video codec or TV encoder support. Nevertheless, it is a big step ahead."

Comments (10 posted)

[Press] Posted Aug 29, 2008 19:47 UTC (Fri) by ris

ZDNet UK covers the Intel acquisition of Opened Hand, a London-based company which specializes in mobile Linux development and services. "Opened Hand will focus on participating in the Moblin Software Platform community, which is developing a Linux software stack for Intel's Atom processors. The software will be optimised for low-power netbooks and 'mobile internet devices'."

Comments (1 posted)

[Press] Posted Aug 29, 2008 19:02 UTC (Fri) by ris

David Chisnall takes a look at the Linux-based iRex iLiad, a type of E-book device. "As a development platform, the iLiad is quite interesting. It has a fairly standard Linux kernel and X11 display, with slight modifications to the X protocol to allow for efficient partial updates of the screen. The included software uses GTK. If you register as a developer (it's free), your iLiad is unlocked, allowing you to run shell scripts as root. From here you can install third-party software easily."

Comments (5 posted)

[Security] Posted Aug 29, 2008 18:44 UTC (Fri) by ris

CentOS has updated tomcat (multiple vulnerabilities).

Mandriva has updated ipsec-tools (denial of service vulnerabilities).

Red Hat has updated libtiff (RHEL5, RHEL4, RHEL3 and 2.1: arbitrary code execution).

Slackware has updated amarok (temporary file vulnerability).

SUSE has updated powerdns, dnsmasq, python, mailman, ruby, Opera, neon, rxvt-unicode, perl, wireshark, namazu, gnome-screensaver, mysql (various issues).

Comments (none posted)

[Kernel] Posted Aug 29, 2008 0:11 UTC (Fri) by corbet

2.6.27-rc5 is out. "The most exciting (well, for me personally - my life is apparently too boring for words) was how we had some stack overflows that totally corrupted some basic thread data structures. That's exciting because we haven't had those in a long time. The cause turned out to be a somewhat overly optimistic increase in the maximum NR_CPUS value, but it also caused some introspection about our stack usage in general." More excitement can be found in the full changelog.

Comments (3 posted)

[Press] Posted Aug 28, 2008 20:03 UTC (Thu) by cook

Daniel Bartholomew reviews a number of Linux twitter clients on Linux Journal. "Micro-blogging sites are everywhere these days. There's Jaiku, FriendFeed, Pownce, Tumblr, and Identi.ca, to name a few. For many, though, the original micro-blogging site is the best: Twitter. It certainly has the biggest userbase, if nothing else. If you don't know what micro-blogging is and how it is different from regular blogging, check out one of the many online Twitter introductions. One thing that has helped Twitter become as popular as it has is the Twitter API. For users of Twitter, this ability for nearly any developer to create applications that work with the service means that in addition to posting via a browser or my cell phone, I can post from a score of different Desktop applications."

Comments (5 posted)

[Front] Posted Aug 28, 2008 20:01 UTC (Thu) by corbet

It's a relatively slow news day, so it seems like a perfect time to post an amusing picture of Jon "maddog" Hall, taken by Flickr user "blmurch" at the Jornadas Regionales de Software Libre 2008 in Buenos Aires. Click on the thumbnail for the full image.

Comments (5 posted)

[Press] Posted Aug 28, 2008 17:46 UTC (Thu) by cook

InfoWorld's Neil McAllister investigates a bug with Perl's object instantiation on Red Hat Linux. "To make a long story short, he got rid of the Perl executable that came with his CentOS installation, compiled a new one from stock source code, and the bug disappeared. Clearly, the Perl hackers are blameless in this case. The fault lies squarely with Red Hat for distributing a buggy version of the interpreter. What's more disturbing, however, is that it turns out that this Red Hat Perl performance issue is a known bug. It was documented and verified long before Prakash ever raised a stink about it. How long? Try 2006, according to Red Hat's own Bugzilla database."

Comments (45 posted)

[Security] Posted Aug 28, 2008 17:38 UTC (Thu) by cook

Ubuntu has updated yelp (format string vulnerability).

Comments (none posted)

[Development] Posted Aug 28, 2008 15:22 UTC (Thu) by cook

KDE.News covers some changes that are planned for the KDE development process. "At Akademy 2008, KDE Release Team members Sebastian Kügler and Dirk Müller discussed the future of KDE's development process. Describing the challenges KDE faces and proposing some solutions, they spawned a lot of discussion. Read on for a summary of what has been said and done around this topic at Akademy. Our current development model has served us for over 10 years now. We did a transition to Subversion some years ago, and we now use CMake, but basically we still work like we did a long time ago: only some tools have changed slightly. But times are changing."

Comments (4 posted)

[Distributions] Posted Aug 28, 2008 14:19 UTC (Thu) by corbet

For those who wonder how the Fedora project plans to migrate its users to a new set of package signing keys, a proposed plan has been posted. It involves an update to the fedora-release package (signed with the old key) which swaps in a new key and repository location, and a slow movement of older packages to the new repository. It should work, as long as one is sure that the old key can be trusted for a little longer.

Comments (7 posted)

Posted Aug 28, 2008 0:33 UTC (Thu)

The LWN.net Weekly Edition for August 28, 2008 is available.

Inside this week's LWN.net Weekly Edition

• Front: Django nears 1.0 milestone; Fedora, Red Hat, and distributor security; EFF continues fight for rights and freedoms.
• Security: Firefox 3 SSL certificate warnings; New vulnerabilities in java, kernel, openoffice, tomcat,...
• Kernel: AXFS; Sysfs and namespaces; TALPA moves forward.
• Distributions: A new "contrib" repository for openSUSE; new released from AntiX, BLFS-6.3, Debian Live, Fedora Unity, Mandriva and openSUSE
• Development: The SCons build tool reaches the 1.0 milestone, KOffice Summer of Code Ends, Mozilla Ubiquity, new versions of BusyBox, Samba, Pyro, mod_wsgi, Quixote, Tinyproxy, Ecasound, pyspread, YaMA, jCAE, yPlot, KDE, GNU Radio, Kicad, ESS, LedgerSMB, Wine, Elisa, Amuc, Pyrex, Emacs, Pydev, VXL, Bazaar.
• Press: Linux photographic tools, A compilation of Linux text editors, SCO fined in Germany, interviews with Richard Hulse and Jim Zemlin, the kerneloops project, reviews of Acer Aspire One and Intel's Classmate PC.
• Announcements: FSFE on KDE's switch to FLA, Essentia joins OSA, Aptana acquires Pydev, Linux growth rate slows in China, analysis of global Linux usage, Antonio Pizzigati prize nominations, OpenVAS vulnerability contest, Hackers 2 Hackers Conf cfp, IMF cfp, PacSec cfp, Novell Hack Week, Launchpad hosting service, Microsoft patents Page Up/Page Down.

Read more

[Development] Posted Aug 27, 2008 18:49 UTC (Wed) by corbet

Xen.org has sent out a rather long-winded press release announcing the availability of the Xen 3.3 hypervisor. "With a full 64-bit address space, Xen can take advantage of massive amounts of physical memory, including new flash-memory based stores, and Xen's memory ballooning features permit dynamic reallocation of memory between guest Virtual Machines (VMs), to guarantee performance, and permit greater density of VMs per server. Xen 3.3 now offers CPU portability to allow live relocation of VMs across different CPU feature sets, active power optimization, to reduce power consumption on Xen-based servers and maximize data center power savings, and significantly enhanced security." More information is available on Xen.org.

Full Story (comments: 21)

[Security] Posted Aug 27, 2008 17:59 UTC (Wed) by corbet

CentOS has updated ipsec-tools (denial of service) and libxml2 (denial of service).

Debian has updated libxml2 (denial of service).

Mandriva has updated libxml2 (denial of service).

Red Hat has updated the kernel (for Enterprise MRG: multiple vulnerabilities), tomcat (multiple vulnerabilities), openoffice.org ("numeric truncation error"), and ipsec-tools (denial of service).

Comments (2 posted)

[Security] Posted Aug 27, 2008 15:19 UTC (Wed) by corbet

CERT has sent out an advisory on key-based attacks being used against Linux systems. "The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as 'phalanx2' is installed." There's no talk of where the original stolen keys come from. CERT's advice includes disabling key-based authentication, which, of course, runs counter to the advice given to those trying to defend against brute-force password-guessing attacks.

Comments (19 posted)

[Development] Posted Aug 27, 2008 15:16 UTC (Wed) by corbet

Mozilla Labs has announced the first release (an "early experimental prototype") of "Ubiquity," a Firefox plugin intended to add a high-level command-line language to the browser. The best place to see what Ubiquity is trying to do may be the Ubiquity user tutorial. "Let's say I've found an interesting fact on a web page and I want to send it to Chris. I can select part of the page, including links, pictures, and anything else, and then issue 'email this to chris'. Ubiquity understands 'this' to refer to my selection."

Comments (5 posted)

[Distributions] Posted Aug 27, 2008 13:32 UTC (Wed) by corbet

The Debian Live project has released its first product in the form of a set of beta Debian Lenny live CDs. "Although live-helper is a toolkit to produce your very own live systems with only a few steps, we also provide prebuilt images that are meant to be used as reference systems for end-users. Currently, this consists of the three major desktop environments (GNOME, KDE and Xfce), as well as a small 'standard' image without a graphical environment." They are looking for testers to help find the inevitable glitches.

Full Story (comments: none)

[Security] Posted Aug 27, 2008 1:17 UTC (Wed) by jake

Wired covers a talk given at DefCon about vulnerabilities in the Border Gateway Protocol (BGP) which is the protocol used to advertise routes for internet traffic. The attack can hijack packets bound for a particular IP address, then silently send them on to the proper destination—possibly after modifying them. "The issue exists because BGP's architecture is based on trust. To make it easy, say, for e-mail from Sprint customers in California to reach Telefonica customers in Spain, networks for these companies and others communicate through BGP routers to indicate when they're the quickest, most efficient route for the data to reach its destination. But BGP assumes that when a router says it's the best path, it's telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic."

Comments (17 posted)

[Press] Posted Aug 26, 2008 19:09 UTC (Tue) by ris

LinuxLinks has compiled a list of "the best" text editors for Linux. "Whatever the level of sophistication of the editor, they typically have a common set of functionality, such as searching/replacing text, formatting text, undo/redo, importing files, as well as moving text within the file. However, many of the editors included in this article are feature-rich, and can be further extended using plugins and libraries."

Comments (63 posted)

[Security] Posted Aug 26, 2008 18:45 UTC (Tue) by ris

Debian has updated tiff (arbitrary code execution).

Ubuntu has updated the kernel (several vulnerabilities).

Comments (none posted)

• Next 20 items