LWN.net Logo

Welcome to LWN.net

Headlines for April 9, 2013

Security advisories for Monday
[Security] Posted Apr 1, 2013 16:46 UTC (Mon) by ris

Debian has updated bind9 (denial of service).

Fedora has updated rubygem-actionpack (F18; F17: multiple vulnerabilities), gajim (F18; F17: man-in-the-middle attack), drupal7-views (F18; F17: cross-site scripting), rubygem-activesupport (F18; F17: XML parsing vulnerability), mantis (F18; F17: multiple vulnerabilities), httpd (F18: cross-site scripting), rubygem-activerecord (F18: denial of service), glibc (F18: denial of service), sssd (F18: privilege violation), kernel (F17: multiple vulnerabilities), puppet (F17: multiple vulnerabilities).

openSUSE has updated privoxy (11.4: proxy spoofing).

Comments (none posted)

A look at C++14: Papers Part 2
[Development] Posted Apr 1, 2013 15:07 UTC (Mon) by corbet

Here's the second part in the C++14 papers series on the "Meeting C++" site. "A proposal for Executors, objects that can execute units of work packaged as function objects. So this is another possible approach to task based parallelism, where the executor object is used as a reusable thread, that can handled a queue of tasks. One possible implementation of an executor is a thread-pool, but other implementations are possible."

Comments (13 posted)

Kernel prepatch 3.9-rc5
[Kernel] Posted Apr 1, 2013 5:45 UTC (Mon) by mkerrisk

The 3.9-rc5 kernel prepatch is out. Linus says: "Nothing really peculiar stands out. Exynos DRM updates, IBM RamSan driver updates are a bit larger, l2tp update... The rest is pretty much small patches spread out all over. Mostly drivers (block, net, media, tty, usb), networking, and some filesystem updates (btrfs, nfs). Some arch updates (x86, arc). Things seem to be calming down a bit, and everything seems largely on track for a 3.9 release in a few weeks."

Comments (none posted)

Yorba crowdfunding Geary development
[Development] Posted Mar 29, 2013 17:24 UTC (Fri) by n8willis

Back in August 2012, Yorba Foundation founder Adam Dingle spoke at GUADEC about the complexities of crowdfunding development for open source applications. This week, the group officially launched a campaign at IndieGoGo to underwrite development of its open source email client Geary. The target is US $100,000, which, as executive director Jim Nelson explains, is a number chosen to support three full-time developers for the next release cycle. "I doubt there’s a widely-used desktop application out there developed for less than US$100,000 — it’s just that the price tag might be hidden from its users." The campaign runs for one month; among the many factors Dingle spoke of that differentiate between funding sites, IndieGoGo only distributes funds if the target is met.

Comments (23 posted)

Friday's security updates
[Security] Posted Mar 29, 2013 14:42 UTC (Fri) by n8willis

CentOS has updated bind (C6; denial of service) and bind97 (C5; denial of service).

Debian has updated rails (multiple vulnerabilities).

openSUSE has updated clamav (security hardening fixes).

Oracle has updated bind (OL6; denial of service) and bind97 (OL5; denial of service).

Red Hat has updated bind (denial of service) and bind97 (denial of service).

Scientific Linux has updated bind (denial of service) and bind97 (denial of service).

Slackware has updated libssh (denial of service).

Ubuntu has updated bind (denial of service).

Comments (1 posted)

PostgreSQL security update coming April 4
[Security] Posted Mar 29, 2013 14:12 UTC (Fri) by corbet

The PostgreSQL project has announced an update coming on April 4. "This release will include a fix for a high-exposure security vulnerability. All users are strongly urged to apply the update as soon as it is available." Pre-announcement of security updates is quite rare, as is the associated shutdown of repository updates and distribution of commit messages, so one assumes that it would be a good idea to be ready to apply this update when it arrives.

Full Story (comments: 3)

ZFS on Linux 0.6.1
[Kernel] Posted Mar 29, 2013 13:51 UTC (Fri) by corbet

On behalf of the ZFS-on-Linux project, Brian Behlendorf has announced the availability of version 0.6.1 of this Solaris-derived filesystem. "Over two years of use by real users has convinced us ZoL is ready for wide scale deployment on everything from desktops to super computers." The project's home page offers binary modules for a wide variety of distributions. (See the FAQ for the project's take on licensing issues.)

Comments (17 posted)

What is Open Source Cloud? (Linux.com)
[Development] Posted Mar 28, 2013 22:04 UTC (Thu) by jake

Over at Linux.com, Joe "Zonker" Brockmeier, community evangelist for CloudStack at Citrix, tries to disambiguate the term "cloud". He describes the attributes of clouds, using the US National Institute of Standards and Technology (NIST) definition of cloud computing, looks at the various "X as a service" offerings, how it all works, and why it's important to have open clouds. "Having an open cloud matters because we need to be able to continue the work that GNU and Linux folks have been doing for more than twenty years, at scale. It matters because we need the cloud to be bigger than Amazon or proprietary companies – and because users and organizations should have as much control over their computing destiny at scale as they have had on individual servers."

Comments (3 posted)

Stable kernels 3.8.5, 3.4.38, and 3.0.71
[Kernel] Posted Mar 28, 2013 19:41 UTC (Thu) by jake

Greg Kroah-Hartman has announced the release of the 3.8.5, 3.4.38, and 3.0.71 stable kernels. As always, there are lots of important changes throughout the tree.

Comments (1 posted)

How crowdfunding and the JOBS Act will shape open source companies (O'Reilly)
[Announcements] Posted Mar 28, 2013 15:00 UTC (Thu) by corbet

This O'Reilly Radar post makes the case that upcoming changes in how shares of companies can be sold in the US will facilitate the creation of a new flood of open-source companies. "Now, open source projects will be able to seek and find crowds of investors from within their own communities. These companies will have both the traditional advantages of proprietary companies (well-capitalized companies recruit armies of competent programmers and sales forces that can survive long sales cycles) and the advantages of the open source development model (open code review and the ability to integrate the insights of outsiders)."

Comments (1 posted)

Thursday's security advisories
[Security] Posted Mar 28, 2013 14:49 UTC (Thu) by jake

CentOS has updated pixman (C6: code execution).

Fedora has updated eucalyptus (F18: unauthorized snapshot manipulation).

openSUSE has updated libxml2 (11.4; 12.1, 12.2, 12.3: denial of service), sssd (12.3: access restriction bypass), and clamav (12.1, 12.2, 12.3: multiple hardening changes).

Oracle has updated pixman (OL6: code execution).

Red Hat has updated pixman (RHEL6: code execution).

Scientific Linux has updated pixman (SL6: code execution).

Ubuntu has updated libxml2 (denial of service).

Comments (none posted)

Google: Taking a stand on open source and patents
[Announcements] Posted Mar 28, 2013 14:35 UTC (Thu) by corbet

Google has announced an initiative to help protect open source software from patent claims. "Today, we’re taking another step towards that goal by announcing the Open Patent Non-Assertion (OPN) Pledge: we pledge not to sue any user, distributor or developer of open-source software on specified patents, unless first attacked. We’ve begun by identifying 10 patents relating to MapReduce, a computing model for processing large data sets first developed at Google—open-source versions of which are now widely used. Over time, we intend to expand the set of Google’s patents covered by the pledge to other technologies."

Comments (12 posted)

Hands-on with Mozilla’s Web-based “Firefox OS” (ars technica)
[Distributions] Posted Mar 28, 2013 14:16 UTC (Thu) by corbet

Ars technica has a detailed review of a Firefox OS handset. "So Mozilla has succeeded in building an HTML-based platform that allows Mozilla to build apps that 'feel' native. But the much harder task will be to provide third-party developers tools to build apps with the same level of polish and convince them to use them. So far, the Firefox OS app store seems to have few, if any, examples of third-party apps that meet the high bar Mozilla has set for its own apps."

Comments (none posted)

A look at C++14, part 1
[Development] Posted Mar 28, 2013 14:09 UTC (Thu) by corbet

The "Meeting C++" blog looks at some proposed changes to the C++ language to be considered in April. "It is proposed to add a library for pipelines to the C++ Standard, that such a pipeline could be implemented in C++ as such:

    (pipeline::from(input_queue) |
      bind(grep, "^Error") |
      bind(vgrep, "test@example.com") |
      bind(sed, "'s/^Error:.*Message: //") |
      output_queue).run(&threadpool);

Comments (79 posted)

Red Hat and Rackspace face down a patent troll
[Announcements] Posted Mar 28, 2013 13:28 UTC (Thu) by corbet

Red Hat and Rackspace Hosting have announced that they have won the dismissal of a patent suit by Uniloc USA. Uniloc was asserting patent #5,892,697, which relates to the handling of floating-point numbers. "In dismissing the case, Chief Judge Leonard Davis found that Uniloc's claim was unpatentable under Supreme Court case law that prohibits the patenting of mathematical algorithms. This is the first reported instance in which the Eastern District of Texas has granted an early motion to dismiss finding a patent invalid because it claimed unpatentable subject matter."

Update: see Groklaw for analysis and the text of the decision.

Comments (6 posted)

LWN.net Weekly Edition for March 28, 2013
Posted Mar 28, 2013 1:03 UTC (Thu)

The LWN.net Weekly Edition for March 28, 2013 is available.

Inside this week's LWN.net Weekly Edition

  • Front: StatusNet, Identi.ca, and transitioning to pump.io; Protecting communities; Evangelizing Python.
  • Security: OpenSSH 6.2; New vulnerabilities in gnome-online-accounts, kernel, libxml2, privoxy, ...
  • Kernel: Breaking GlusterFS; Widening ext4's readdir() cookie; Multipath TCP.
  • Distributions: GNOME, Fedora, and login-screen logos; Ubuntu, Slackware, Arch, ...
  • Development: Asynchronous I/O in Python; GNOME 3.8; C and C++ speed in GCC; replacing Google Reader; ...
  • Announcements: Awards for Bassel Khartabil and the TAZ, LF EEU report, videos for PyCon and devconf.cz, ...
Read more

GNOME 3.8 released
[Development] Posted Mar 27, 2013 21:19 UTC (Wed) by corbet

The GNOME 3.8 release is out. "The exciting new features and improvements in this release include a integrated application search, privacy and sharing settings, notification filtering, a new classic mode, OwnCloud integration, previews of clocks, notes, photos and weather applications, and many more." See the release notes for details.

Full Story (comments: 123)

A kernel change breaks GlusterFS
[Kernel] Posted Mar 27, 2013 20:33 UTC (Wed) by mkerrisk

Linus Torvalds has railed frequently and loudly against kernel developers breaking user space. But that rule is not ironclad; there are exceptions. The story of how a kernel change caused a GlusterFS breakage shows that there are sometimes unfortunate twists to those exceptions.

Full Story (comments: 29)

PyCon: Evangelizing Python
[Front] Posted Mar 27, 2013 16:50 UTC (Wed) by jake

Python core developer Raymond Hettinger's PyCon 2013 keynote had elements of a revival meeting sermon, but it was also meant to spread the "religion" well beyond those inside the meeting tent. Hettinger specifically tasked attendees to use his "What makes Python awesome?" talk as a sales tool with management and other Python skeptics. Subscribers can get the full coverage of the talk from this week's edition at the link below.

Full Story (comments: 74)

Stable kernel 3.2.42
[Kernel] Posted Mar 27, 2013 16:08 UTC (Wed) by ris

Ben Hutchings has released stable kernel 3.2.42 with important fixes throughout the tree.

Comments (none posted)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds