| |||||||||||||
Welcome to LWN.netHeadlines for April 8, 2013MATE 1.6 released
[Development] Posted Apr 3, 2013 14:04 UTC (Wed) by corbet
Version 1.6 of the MATE desktop environment is available. "This release is a giant step forward from the 1.4 release. In this release, we have replaced many deprecated packages and libraries with new technologies available in GLib. We have also added a lot of new features to MATE." See the announcement for a list of those new features.
Baker: Celebrating 15 Years of a Better Web
[Announcements] Posted Apr 3, 2013 13:57 UTC (Wed) by corbet
Mitchell Baker looks back at Mozilla's first 15 years and ponders the years to come as well. "In the coming era both the opportunities and threats to the Web are just as big as they were 15 years ago. As the role of data grows and device capabilities expand, the Internet will become an even more central part of our lives. The need for individuals to have some control over how this works and what we experience is fundamental. Mozilla can — and must — play a key role again. We have the vision, the products and the technology to do this. We know how to enable people to participate, both by contributing to our specific activities and coming up with their own ideas that advance the bigger cause of enriching the Web."
Tuesday's security updates
[Security] Posted Apr 2, 2013 16:29 UTC (Tue) by ris
openSUSE has updated fail2ban (12.x; 11.4: unspecified vulnerability), openstack-keystone (revocation check bypass), and libxslt (12.x; 11.4: denial of service). Ubuntu has updated libxslt (denial of service) and poppler (multiple vulnerabilities).
McIntyre: Scanning for assembly code in Free Software packages
[Development] Posted Apr 2, 2013 3:04 UTC (Tue) by jake
On his blog, Steve McIntyre writes about work he has been doing to identify assembly code in Linux packages:
In the Linaro Enterprise Group, my task for the last several weeks was to work through a huge number of packages looking for assembly code. Why? So that we could identify code that would need porting to work well on AArch64, the new 64-bit execution state coming to the ARM world Real Soon Now.
Working with some Ubuntu and Fedora developers, we generated a list of packages included in each distribution that seemed to contain assembly code of some sort. Then I worked through that list, checking to see:
That work resulted in a report with his findings.
Subsurface mourns Jan Schubert
[Announcements] Posted Apr 1, 2013 21:29 UTC (Mon) by corbet
The Subsurface project mourns the loss of Jan Schubert. "It is with great sadness that we say a final 'Tschüss' to one of our most active and engaging developers. Without Jan, Subsurface would not support the needs of technical divers the way it does today."
Security advisories for Monday
[Security] Posted Apr 1, 2013 16:46 UTC (Mon) by ris
Debian has updated bind9 (denial of service). Fedora has updated rubygem-actionpack (F18; F17: multiple vulnerabilities), gajim (F18; F17: man-in-the-middle attack), drupal7-views (F18; F17: cross-site scripting), rubygem-activesupport (F18; F17: XML parsing vulnerability), mantis (F18; F17: multiple vulnerabilities), httpd (F18: cross-site scripting), rubygem-activerecord (F18: denial of service), glibc (F18: denial of service), sssd (F18: privilege violation), kernel (F17: multiple vulnerabilities), puppet (F17: multiple vulnerabilities). openSUSE has updated privoxy (11.4: proxy spoofing).
A look at C++14: Papers Part 2
[Development] Posted Apr 1, 2013 15:07 UTC (Mon) by corbet
Here's the second part in the C++14 papers series on the "Meeting C++" site. "A proposal for Executors, objects that can execute units of work packaged as function objects. So this is another possible approach to task based parallelism, where the executor object is used as a reusable thread, that can handled a queue of tasks. One possible implementation of an executor is a thread-pool, but other implementations are possible."
Kernel prepatch 3.9-rc5
[Kernel] Posted Apr 1, 2013 5:45 UTC (Mon) by mkerrisk
The 3.9-rc5 kernel prepatch is out. Linus says: "Nothing really peculiar stands out. Exynos DRM updates, IBM RamSan driver updates are a bit larger, l2tp update... The rest is pretty much small patches spread out all over. Mostly drivers (block, net, media, tty, usb), networking, and some filesystem updates (btrfs, nfs). Some arch updates (x86, arc). Things seem to be calming down a bit, and everything seems largely on track for a 3.9 release in a few weeks."
Yorba crowdfunding Geary development
[Development] Posted Mar 29, 2013 17:24 UTC (Fri) by n8willis
Back in August 2012, Yorba Foundation founder Adam Dingle spoke at GUADEC about the complexities of crowdfunding development for open source applications. This week, the group officially launched a campaign at IndieGoGo to underwrite development of its open source email client Geary. The target is US $100,000, which, as executive director Jim Nelson explains, is a number chosen to support three full-time developers for the next release cycle. "I doubt there’s a widely-used desktop application out there developed for less than US$100,000 — it’s just that the price tag might be hidden from its users." The campaign runs for one month; among the many factors Dingle spoke of that differentiate between funding sites, IndieGoGo only distributes funds if the target is met.
Friday's security updates
[Security] Posted Mar 29, 2013 14:42 UTC (Fri) by n8willis
CentOS has updated bind (C6; denial of service) and bind97 (C5; denial of service). Debian has updated rails (multiple vulnerabilities). openSUSE has updated clamav (security hardening fixes). Oracle has updated bind (OL6; denial of service) and bind97 (OL5; denial of service). Red Hat has updated bind (denial of service) and bind97 (denial of service). Scientific Linux has updated bind (denial of service) and bind97 (denial of service). Slackware has updated libssh (denial of service). Ubuntu has updated bind (denial of service).
PostgreSQL security update coming April 4
[Security] Posted Mar 29, 2013 14:12 UTC (Fri) by corbet
The PostgreSQL project has announced an update coming on April 4. "This release will include a fix for a high-exposure security vulnerability. All users are strongly urged to apply the update as soon as it is available." Pre-announcement of security updates is quite rare, as is the associated shutdown of repository updates and distribution of commit messages, so one assumes that it would be a good idea to be ready to apply this update when it arrives.
ZFS on Linux 0.6.1
[Kernel] Posted Mar 29, 2013 13:51 UTC (Fri) by corbet
On behalf of the ZFS-on-Linux project, Brian Behlendorf has announced the availability of version 0.6.1 of this Solaris-derived filesystem. "Over two years of use by real users has convinced us ZoL is ready for wide scale deployment on everything from desktops to super computers." The project's home page offers binary modules for a wide variety of distributions. (See the FAQ for the project's take on licensing issues.)
What is Open Source Cloud? (Linux.com)
[Development] Posted Mar 28, 2013 22:04 UTC (Thu) by jake
Over at Linux.com, Joe "Zonker" Brockmeier, community evangelist for CloudStack at Citrix, tries to disambiguate the term "cloud". He describes the attributes of clouds, using the US National Institute of Standards and Technology (NIST) definition of cloud computing, looks at the various "X as a service" offerings, how it all works, and why it's important to have open clouds. "Having an open cloud matters because we need to be able to continue the work that GNU and Linux folks have been doing for more than twenty years, at scale. It matters because we need the cloud to be bigger than Amazon or proprietary companies – and because users and organizations should have as much control over their computing destiny at scale as they have had on individual servers."
Stable kernels 3.8.5, 3.4.38, and 3.0.71
[Kernel] Posted Mar 28, 2013 19:41 UTC (Thu) by jake
Greg Kroah-Hartman has announced the release of the 3.8.5, 3.4.38, and 3.0.71 stable kernels. As always, there are lots of important changes throughout the tree.
How crowdfunding and the JOBS Act will shape open source companies (O'Reilly)
[Announcements] Posted Mar 28, 2013 15:00 UTC (Thu) by corbet
This O'Reilly Radar post makes the case that upcoming changes in how shares of companies can be sold in the US will facilitate the creation of a new flood of open-source companies. "Now, open source projects will be able to seek and find crowds of investors from within their own communities. These companies will have both the traditional advantages of proprietary companies (well-capitalized companies recruit armies of competent programmers and sales forces that can survive long sales cycles) and the advantages of the open source development model (open code review and the ability to integrate the insights of outsiders)."
Thursday's security advisories
[Security] Posted Mar 28, 2013 14:49 UTC (Thu) by jake
CentOS has updated pixman (C6: code execution). Fedora has updated eucalyptus (F18: unauthorized snapshot manipulation). openSUSE has updated libxml2 (11.4; 12.1, 12.2, 12.3: denial of service), sssd (12.3: access restriction bypass), and clamav (12.1, 12.2, 12.3: multiple hardening changes). Oracle has updated pixman (OL6: code execution). Red Hat has updated pixman (RHEL6: code execution). Scientific Linux has updated pixman (SL6: code execution). Ubuntu has updated libxml2 (denial of service).
Google: Taking a stand on open source and patents
[Announcements] Posted Mar 28, 2013 14:35 UTC (Thu) by corbet
Google has announced an initiative to help protect open source software from patent claims. "Today, we’re taking another step towards that goal by announcing the Open Patent Non-Assertion (OPN) Pledge: we pledge not to sue any user, distributor or developer of open-source software on specified patents, unless first attacked. We’ve begun by identifying 10 patents relating to MapReduce, a computing model for processing large data sets first developed at Google—open-source versions of which are now widely used. Over time, we intend to expand the set of Google’s patents covered by the pledge to other technologies."
Hands-on with Mozilla’s Web-based “Firefox OS” (ars technica)
[Distributions] Posted Mar 28, 2013 14:16 UTC (Thu) by corbet
Ars technica has a detailed review of a Firefox OS handset. "So Mozilla has succeeded in building an HTML-based platform that allows Mozilla to build apps that 'feel' native. But the much harder task will be to provide third-party developers tools to build apps with the same level of polish and convince them to use them. So far, the Firefox OS app store seems to have few, if any, examples of third-party apps that meet the high bar Mozilla has set for its own apps."
A look at C++14, part 1
[Development] Posted Mar 28, 2013 14:09 UTC (Thu) by corbet
The "Meeting C++" blog looks
at some proposed changes to the C++ language to be considered in
April. "It is proposed to add a library for pipelines to the C++
Standard, that such a pipeline could be implemented in C++ as such:
Red Hat and Rackspace face down a patent troll
[Announcements] Posted Mar 28, 2013 13:28 UTC (Thu) by corbet
Red Hat and Rackspace Hosting have announced that they have won the dismissal of a patent suit by Uniloc USA. Uniloc was asserting patent #5,892,697, which relates to the handling of floating-point numbers. "In dismissing the case, Chief Judge Leonard Davis found that Uniloc's claim was unpatentable under Supreme Court case law that prohibits the patenting of mathematical algorithms. This is the first reported instance in which the Eastern District of Texas has granted an early motion to dismiss finding a patent invalid because it claimed unpatentable subject matter." Update: see Groklaw for analysis and the text of the decision.
|
|||||||||||||