| |||||||||||||
|
| |||||||||||||
Welcome to LWN.netHeadlines for May 27, 2012This Cadillac Is Powered by Linux (Wired)
[Announcements] Posted May 25, 2012 19:03 UTC (Fri) by jake
Wired is impressed with the Linux-powered in-vehicle infotainment (IVI) system in the most recent Cadillac XTS. "While the XTS’ spate of processors and controllers isn’t running the open source offspring of Linus Torvalds, the game-changing infotainment intender known as the Cadillac User Experience (CUE) is. [...] Buried deep within the dash is a three-core ARM 11 processor, powering two displays: one eight-inch capacitive touch screen — the first non-resistive display to come to a production car — and a second, 12.3-inch fully configurable instrument cluster mounted behind the steering wheel. Two of those cores adapt on the fly to handle voice commands powered by the same Nuance technology used by many automakers, along with Apple’s personal assistant, Siri. But with CUE, everything is processed on board."
Friday's security advisories
[Security] Posted May 25, 2012 18:21 UTC (Fri) by jake
Debian has updated request-tracker3.8 (multiple vulnerabilities). openSUSE has updated cobbler (two vulnerabilities). Ubuntu has updated openssl (multiple vulnerabilities).
Fedora 17 ARM Beta Release
[Distributions] Posted May 25, 2012 16:24 UTC (Fri) by jake
A Fedora 17 beta for ARM is now available. There are a number of images provided for various targets ("QEMU, Trimslice, Beagleboard XM and iMX based hardware platforms.") "We invite you to take part in making Fedora 17 for ARM a solid release by downloading, testing, and providing your valuable feedback. Please join us on the IRC in #fedora-arm on Freenode or send feedback and comments to the ARM mailing list."
Android Malware Genome Project launched (The H)
[Security] Posted May 24, 2012 22:34 UTC (Thu) by n8willis
The H covers the debut of the Android Malware Genome Project by researchers from North Carolina State University. The team "has already collected more than 1,200 samples of Android malware, including GingerMaster and DroidKungFu, and has organised them into various malware families. [Xuxian] Jiang told Dark Reading that 'the purpose is to engage the research community to better our understanding of mobile threats and develop effective solutions against them.'" Access to the data set, however, is restricted.
RPM 4.10 released
[Development] Posted May 24, 2012 19:39 UTC (Thu) by n8willis
Panu Matilainen announces the release of RPM 4.10.0. Most of the changes targeted robustness and correctness, but a few new features crept in as well, including support for parsing the tilde (~) operator in package version numbers.
Thursday's security updates
[Security] Posted May 24, 2012 18:18 UTC (Thu) by n8willis
Debian has updated sudo (privilege escalation) and libxml2 (arbitrary code execution). Mandriva has updated ES 5.0 firefox (multiple vulnerabilities). Ubuntu has updated net-snmp (denial of service).
SSL fix flags forged certificates before they're accepted by browsers (Ars Technica)
[Security] Posted May 24, 2012 14:57 UTC (Thu) by n8willis
Over at Ars Technica, Dan Goodin writes about Trust Assertions for Certificate Keys (TACK), a proposed extension to SSL/TLS designed to discover fake certificates before they are accepted. "The opt-in system works by allowing SSL sites to sign valid SSL certificates, the domain name, and an expiration date with a TACK key. Once an end user has visited the site a few times using a TACK-compatible browser, a 'pin' for that site is activated on the user's computer. If the end user later encounters a forged certificate for that same site—as was the case when DigiNotar was breached—the browser will reject the session and return a warning to the user." One of TACK's co-creators is Moxie Marlinspike, who proposed the Convergence alternative certificate-management framework in 2011.
GCC Explorer - an interactive take on compilation
[Development] Posted May 24, 2012 13:23 UTC (Thu) by corbet
Matt Godbolt announces GCC explorer, a web-based tool for exploring how code tweaks change the machine code emitted by the compiler. "Particularly with some of the newer features of C++11 — lambdas, move constructors, threading primitives etc — it’s nice to be able to see how your elegant code becomes beautiful (and maybe even fairly optimal) machine code." The GCC explorer code is on github for those who want to set up their own instance.
[$] LWN.net Weekly Edition for May 24, 2012
Posted May 24, 2012 1:24 UTC (Thu)The LWN.net Weekly Edition for May 24, 2012 is available. Inside this week's LWN.net Weekly Edition
Google wins patent case against Oracle
[Announcements] Posted May 23, 2012 18:22 UTC (Wed) by corbet
Groklaw has the news: the jury in Oracle v. Google has found that Google did not infringe any of Oracle's patents.
Simon Phipps is the new OSI President (The H)
[Announcements] Posted May 23, 2012 17:54 UTC (Wed) by ris
The H covers an announcement by the Open Source Initiative that Simon Phipps is the new president of the organization. "Phipps has already been spearheading an OSI reform process, working with the rest of the board to open up the organisation. That process has led to the creation of Open Source Initiative affiliation, bringing the Apache Software Foundation, FreeBSD, Eclipse, Mozilla, Debian, and Creative Commons, along with other organisations, on board as affiliates. "There will be further developments in that scheme soon, and we'll have much more to announce in other areas as the year progresses" said Phipps by email."
Wednesday's security updates
[Security] Posted May 23, 2012 17:43 UTC (Wed) by ris
Mandriva has updated 2011.0: wireshark (denial of service). Oracle has updated postgresql, postgresql84 (OL6; OL5: multiple vulnerabilities), OL5: postgresql (multiple vulnerabilities), OL5: kvm (multiple vulnerabilities), and OL6: bind-dyndb-ldap (denial of service). Red Hat has updated RHEL5&6: flash-plugin (code execution). SUSE has updated SLE10 SP4: openssl (exploitable vulnerabilities). Ubuntu has updated 12.04: feedparser (denial of service).
LLVM 3.1 released
[Development] Posted May 23, 2012 15:00 UTC (Wed) by corbet
Version 3.1 of the LLVM compiler suite is out. "This release represents approximately 6 months of development over LLVM 3.0, delivers a vast range of improvements and new features. Some of the most visible features include greatly expanded C++'11 support in Clang (including lambdas, initializer lists, constexpr, user-defined literals, and atomics); AddressSanitizer, a fast memory error detection tool which uses instrumentation to find bugs; "instruction bundles" support in the late code generator, allowing much better support for VLIW targets; an ARM integrated assembler which speeds up ARM compile time and enables new features for the ARM target; major enhancements to the MIPS backend (including support for MIPS64); a new port for the Qualcomm Hexagon VLIW processor, Python bindings, and much much more." See the release notes for details.
A Tale of Two Pwnies (Part 1)
[Security] Posted May 22, 2012 22:00 UTC (Tue) by corbet
For those interested in complex exploits: the Chromium Blog describes how a sequence of six independent bugs was exploited to execute code within the Chromium browser. "Even though Chrome’s renderers execute inside a stricter sandbox than the GPU process, there is a special class of renderers that have IPC interfaces with elevated permissions. These renderers are not supposed to be navigable by web content, and are used for things like extensions and settings pages. However, Pinkie found another bug (117417) that allowed an unprivileged renderer to trigger a navigation to one of these privileged renderers, and used it to launch the extension manager. So, all he had to do was jump on the extension manager’s IPC channel before it had a chance to connect."
Mageia 2 is out
[Distributions] Posted May 22, 2012 21:10 UTC (Tue) by ris
Mageia 2 has been released. "Mageia 2 is available as Live CDs, install DVDs and a netinstall CD, and is available in various languages for easy download, from FTP, HTTP, or torrents." The release notes are here. LWN previewed this release last April.
Stable kernel 2.6.34.12
[Kernel] Posted May 22, 2012 21:10 UTC (Tue) by ris
Paul Gortmaker has released stable kernel 2.6.34.12. If you are running a 2.6.34.x kernel you'll want this release.
[$] A uTouch architecture introduction
[Front] Posted May 22, 2012 19:50 UTC (Tue) by corbet
Click below (subscribers only) for an overview of the architecture of
uTouch contributed by uTouch hacker Chase Douglas.
Security advisories for Tuesday
[Security] Posted May 22, 2012 17:47 UTC (Tue) by ris
CentOS has updated C5: kvm (multiple vulnerabilities), C5: postgresql (multiple vulnerabilities), C5: postgresql84 (multiple vulnerabilities), C6: postgresql (multiple vulnerabilities), and C6: bind-dyndb-ldap (denial of service). Fedora has updated perl-config-inifiles (F16; F15: insecure temporary files) and F16: moodle (many vulnerabilities). Oracle has updated enterprise kernel (OL6; OL5: denial of service), enterprise kernel (OL6; OL5: denial of service), and OL6: kernel (denial of service). Red Hat has updated RHEL5: kvm (multiple vulnerabilities), RHEL5: postgresql (multiple vulnerabilities), RHEL5: postgresql84 & RHEL6: postgresql (multiple vulnerabilities), and RHEL6: bind-dyndb-ldap (denial of service). Scientific Linux has updated SL5: kvm (multiple vulnerabilities), SL5: postgresql (multiple vulnerabilities), SL5: postgresql84 & SL6: postgresql (multiple vulnerabilities), and SL6: bind-dyndb-ldap (denial of service). Ubuntu has updated libxml2 (code execution) and 12.04: kernel (multiple vulnerabilities).
ownCloud 4 released
[Development] Posted May 22, 2012 13:40 UTC (Tue) by corbet
Version 4 of the ownCloud "personal cloud" system is out. "ownCloud 4 – built through active community support – adds innovative features like file versioning, – which actively saves files, allowing users to “rollback” to previous versions – and a new API — giving developers an easy, stable and supported way to develop applications on top of ownCloud capabilities." It also adds support for direct opening of ODF documents and mounting of external filesystems like Dropbox or an FTP server. See the release announcement for more information.
Announcing printerd
[Development] Posted May 22, 2012 13:25 UTC (Tue) by corbet
Tim Waugh has announced (on May 10) the existence of the printerd project, meant to be a new print spooling subsystem for Linux. "It is a polkit-enabled D-Bus system service, written using the GLib object system. Although modeled on concepts from IPP (Internet Printing Protocol), printerd is not in itself an IPP server. Its only interface is D-Bus, although the aim is to be able to implement an IPP server on top of the D-Bus API as a separate process. Having a D-Bus interface means that applications wanting to print automatically get to use printerd asynchronously."
|
|
||||||||||||
![[uTouch diagram]](/images/2012/utouch-grail-sm.png)
As the Linux desktop increases in popularity, the user interface experience
has become increasingly important. For example, most laptops today have
multitouch
capabilities that have yet to be fully exposed and exploited in the free
software ecosystem. Soon we will be carrying around multitouch tablets with
a traditional Linux desktop or similar foundation. In order to provide a
high-quality and rich experience we must fully exploit multitouch gestures. The
uTouch stack developed by Canonical aims to provide a foundation for
gestures on the Linux desktop.