| |||||||||||||
Welcome to LWN.netHeadlines for September 2, 2010[$] LWN.net Weekly Edition for September 2, 2010
Posted Sep 2, 2010 1:12 UTC (Thu)The LWN.net Weekly Edition for September 2, 2010 is available. Inside this week's LWN.net Weekly Edition
Welte: More GPL enforcement work again.. and a very surreal but important case
[Announcements] Posted Sep 1, 2010 23:52 UTC (Wed) by jake
On his blog, Harald Welte writes about work he is doing as part of the gpl-violations.org project. "Right now I'm facing what I'd consider the most outrageous case that I've been involved so far: A manufacturer of Linux-based embedded devices (no, I will not name the company) really has the guts to go in front of court and sue another company for modifying the firmware on those devices. More specifically, the only modifications to program code are on the GPL licensed parts of the software. None of the proprietary userspace programs are touched! None of the proprietary programs are ever distributed either." If the manufacturer were to succeed with its claims, it could jeopardize many different projects that provide alternate code for devices, he says.
GNOME Journal Issue 21 released
[Development] Posted Sep 1, 2010 20:29 UTC (Wed) by corbet
Issue 21 of the GNOME Journal is out; topics covered include simple real-time games, Grilo, and an interview with Bradley Kuhn.
Security advisories for Wednesday
[Security] Posted Sep 1, 2010 17:48 UTC (Wed) by ris
CentOS has updated C5: httpd (multiple vulnerabilities) and C5: kernel (privilege escalation). Debian has updated wireshark (arbitrary code execution). Fedora has updated socat (F13, F12: arbitrary code execution). Mandriva has updated libgdiplus (arbitrary code execution), perl-libwww-perl (unexpected download filename), and openssl (denial of service). openSUSE has updated acroread (multiple vulnerabilities). SUSE has updated kernel (multiple vulnerabilities) and acroread (multiple vulnerabilities).
Duffy: A story about updates and people
[Distributions] Posted Sep 1, 2010 17:18 UTC (Wed) by jake
On her blog, Máirín Duffy describes four archetypes of Fedora users (Caroline Casual-User, Pamela Packager, Connie Community, and Nancy Ninja) and how they relate to updates of the distribution. Fedora has been discussing its update policy for a bit and Duffy uses the user stories to present her thoughts on how to proceed. "Pamela wants updates to be constant throughout a release, no holds barred — she wants the latest Gimp and she wants it yesterday. Caroline just wants her computer to work — "please don't change a thing — it worked yesterday — if it breaks before my presentation I'm screwed!" Can both their needs be met? I think so! But it’s easy to completely miss where interests and needs can both be met when the language is so easily interpreted to mean the problem is untenable."
[$] LinuxCon Brazil: Q&A with Linus and Andrew
[Front] Posted Aug 31, 2010 22:23 UTC (Tue) by corbet
Debian Project mourns the loss of Frans Pop
[Distributions] Posted Aug 31, 2010 19:48 UTC (Tue) by corbet
The Debian Project has put up a brief notice on the passing of longtime contributor Frans Pop. "Frans was involved in Debian as a maintainer of several packages, a supporter of the S/390 port, and one of the most involved members of the Debian Installer team. He was a Debian Listmaster, editor and release manager of the Installation Guide and the release notes, as well as a Dutch translator."
PostgreSQL 9.0 Release Candidate 1
[Development] Posted Aug 31, 2010 18:57 UTC (Tue) by ris
The first release candidate for PostgreSQL 9.0 is available for testing. "No changes in commands, interfaces or APIs are expected between this release candidate and the final version. Applications which will deploy on 9.0 can and should test against 9.0rc1. Depending on bug reports, there may or may not be more release candidates before the final release."
KDE SC 4.5.1 Released
[Development] Posted Aug 31, 2010 17:29 UTC (Tue) by ris
KDE has updated the Applications, Platform and Plasma Workspaces to 4.5.1. "This release will make 4.5 users life more pleasant by adding a number of important bugfixes, bringing more stability and better functionality to the Plasma Desktop, and many applications and utilities."
Tuesday's security updates
[Security] Posted Aug 31, 2010 17:24 UTC (Tue) by ris
Debian has updated openssl (denial of service). Fedora has updated bogofilter (F13, F12: denial of service) and php-pear-cas (F13, F12: multiple vulnerabilities). Mandriva has updated libhx (arbitrary code execution). Ubuntu has updated bogofilter (denial of service) and libwww-perl (unexpected download filename).
[$] A licensing change for syslog-ng
[Development] Posted Aug 31, 2010 16:35 UTC (Tue) by jake
Many have criticized syslog-ng, a replacement for the syslog logging daemon with many additional features, for not being open enough. Syslog-ng has a closed-source commercial version and keeps the entire code base under a single copyright by requiring copyright transfer for contributions, which has been a sore spot in the eyes of many people. This may be part of the cause for syslog-ng failing to become the default system-logging daemon of modern Linux distributions. Now the project seeks to relieve these concerns and attract a wider contributor base with a new licensing model. Subscribers can click below for the full article from this week's Development page.
Hold The Celebrations; H.264 Is Not The Sort Of Free That Matters (ComputerWorld UK)
[Announcements] Posted Aug 31, 2010 15:22 UTC (Tue) by jake
Over at ComputerWorld UK, Simon Phipps says there is nothing to celebrate in the recent announcement [PDF] that MPEG-LA will not charge royalties on "web uses" of the H.264 codec for the remaining life of the patents it administers. "First, the H.264-format video needs to be created - but that isn't free under this move. Then it needs to be served up for streaming - but that isn't free under this move. There then needs to be support for decoding it in your browser - but adding that isn't free under this move. Finally it needs to be displayed on your screen. [...] The only part of this sequence being left untaxed is the final one. Importantly, they are not offering to leave the addition of support for H.264 decoding in your browser untaxed. In particular, this means the Mozilla Foundation would have to pay to include the technology in Firefox." He also posits that MPEG-LA may try to join forces with Oracle and Paul Allen's Interval Research to create a three-way patent attack on Google—this time against WebM.
Chromium Graphics Overhaul (The Chromium Blog)
[Development] Posted Aug 31, 2010 15:07 UTC (Tue) by jake
The Chromium blog reports on some developments in graphics handling in the free Google Chrome-based browser. The intent is to speed up graphics rendering by taking advantage of the GPU. "At its core, this graphics work relies on a new process (yes, another one) called the GPU process. The GPU process accepts graphics commands from the renderer process and pushes them to OpenGL or Direct3D (via ANGLE). Normally, renderer processes wouldn’t be able to access these APIs, so the GPU process runs in a modified sandbox. Creating a specialized process like this allows Chromium’s sandbox to continue to contain as much as possbile: the renderer process is still unable to access the system’s graphics APIs, and the GPU process contains less logic."
Novell Disappoints as Ownership Concerns Continue (Datamation)
[Announcements] Posted Aug 30, 2010 18:03 UTC (Mon) by ris
Datamation looks at Novell's third quarter financial results, which have fallen short of the company's projections. "The decline in revenues in the third quarter extended across Novell's multiple product lines, including its security-management and operating platforms, as well as its Linux business. Novell's reported revenue of $108 million for its security-management and operating platforms, down 2 percent year-over-year. Earlier this week, Novell announced a new cloud security service to manage access, identity and compliance. Novell's SUSE Linux platform products revenue in the third quarter netted $36 million, a decline of 7 percent from the third quarter of 2009. " (Thanks to Don Marti)
Security advisories for Monday
[Security] Posted Aug 30, 2010 17:39 UTC (Mon) by ris
Debian has updated phpmyadmin (multiple vulnerabilities), typo3-src (multiple vulnerabilities), and openoffice.org (denial of service). Mandriva has updated phpmyadmin (Corporate 4.0, Enterprise Server 5.0: multiple vulnerabilities). MeeGo has updated emacs (symlink race), firefox (multiple vulnerabilities), ghostscript (arbitrary code execution), polkit (information disclosure), kernel (denial of service), python (multiple vulnerabilities), glibc (privilege escalation), mutter-moblin (denial of service), ruby (cross-site scripting), and libtiff (multiple vulnerabilities). openSUSE has updated xorg-x11-server (privilege escalation). Red Hat has updated httpd (multiple vulnerabilities) and kernel (RHEL 5.3, RHEL 5: privilege escalation). Slackware has updated gnupg2 (code execution), httpd (denial of service), kdegraphics (memory corruption), php (multiple vulnerabilities), pidgin (denial of service), and xorg-server (privilege escalation).
Kernel prepatch 2.6.36-rc3
[Kernel] Posted Aug 29, 2010 17:53 UTC (Sun) by corbet
The 2.6.36-rc3 kernel prepatch is out. "Nothing in particular stands out that I can recall. As usual, it's mostly driver updates (65%), of which a large piece (by line count) is just the removal of a staging driver that isn't really ready nor making any progress. But on the 'somewhat more likely to cause excitement' front, there's some radeon/nouveau drm updates too." See the full changelog for all the details.
CyanogenMod 6.0 released
[Distributions] Posted Aug 28, 2010 19:45 UTC (Sat) by corbet
The long-awaited CyanogenMod 6.0 release is out, bringing a bunch of new features to several different Android platforms. "This is our first stable release based on Android 2.2, and we’ve hit our target list of devices. I’m completely amazed at what this project has become and the community that has developed around it, and it’s only just getting started."
[$] Some numbers and thoughts on the stable kernels
[Kernel] Posted Aug 27, 2010 20:18 UTC (Fri) by corbet
Much attention goes toward mainline kernel releases, but relatively few users are actually running those kernels. Instead, they run kernels provided by their distributors, and those kernels, in turn, are based off the stable kernel series. The practice of releasing stable kernels has been going for well over five years now, so perhaps it's time to look back at how it has been going. Click below (subscribers only) for the full article.
GCC - 'We make free software affordable' (The H)
[Announcements] Posted Aug 27, 2010 19:14 UTC (Fri) by ris
Richard Hillesley delves into the history of GCC over at the H. "GCC began life as the GNU C Compiler and achieved its first release on March 22, 1987. Michael Tiemann, who contributed as much as anyone to the later development of GCC, and who had dreamed of writing the perfect compiler, said that the day of GCC's release was "the most thrilling and most terrifying day of my life (up to that point).""
Google bails out of JavaOne
[Announcements] Posted Aug 27, 2010 18:39 UTC (Fri) by corbet
It should probably surprise nobody that Google has announced that its employees will not be attending JavaOne this year. "So we’re sad to announce that we won't be able to present at JavaOne this year. We wish that we could, but Oracle’s recent lawsuit against Google and open source has made it impossible for us to freely share our thoughts about the future of Java and open source generally."
|
|||||||||||||
![[Andrew Morton and Linus Torvalds]](/images/conf/2010/lc-brazil/Linus+Andrew-sm.jpg)
Linus Torvalds rarely makes appearances at conferences, and it's even
less common for him to get up in front of the crowd and speak. He made an
exception for LinuxCon Brazil, though, where he and Andrew Morton appeared
in a question and answer session led by Linux Foundation director Jim
Zemlin. The resulting conversation covered many aspects of kernel
development, its processes, and its history. Click below (subscribers
only) for the full report from São Paulo.