LWN.net Logo

Welcome to LWN.net

Headlines for May 21, 2013

(Nearly) full tickless operation in 3.10
[Kernel] Posted May 8, 2013 15:47 UTC (Wed) by corbet

On a typical Linux system, each running CPU will be diverted between 100 and 1000 times each second by the periodic timer interrupt. That interrupt is the CPU's cue to reconsider which process should be running, catch up with read-copy-update (RCU) callbacks, and generally handle any necessary housekeeping. This periodic "tick" can be reasonably compared to the infamous big kernel lock (BKL): it is convenient to have around, but it also has an effect on performance that makes developers wish to abolish it. The key difference might be that getting rid of the timer tick has taken rather longer than was required to eliminate the BKL. The 3.10 kernel will take an important step in that direction, though, with the addition of the "full NOHZ" mode — but a lot of limitations still apply.

Full Story (comments: 24)

Garrett: A short introduction to TPMs
[Security] Posted May 7, 2013 20:04 UTC (Tue) by corbet

Matthew Garrett has posted an introduction to the trusted platform module (TPM) chip and what can be done with it. "I've been working on TPMs lately. It turns out that they're moderately awful, but what's significantly more awful is basically all the existing documentation. So here's some of what I've learned, presented in the hope that it saves someone else some amount of misery."

Comments (8 posted)

Tuesday's security updates
[Security] Posted May 7, 2013 16:48 UTC (Tue) by ris

Red Hat has updated subscription-manager (man-in-the-middle attack).

Ubuntu has updated libxml2 (13.04: code execution) and mesa (12.04 LTS: code execution).

Comments (none posted)

LFCS: The LLVMLinux project
[Kernel] Posted May 7, 2013 16:14 UTC (Tue) by jake

[LLVMLinux logo]

The Linux Foundation Collaboration Summit (LFCS) seems to be a likely venue for an update on the status of building the kernel with Clang/LLVM. Both in 2011 and 2012, we covered those updates. LFCS 2013 continued the trend as LLVMLinux project lead Behan Webster presented the status and plans for the project at LFCS. The gathering lived up to its name as well, since two problems faced by the project were solved through collaboration at the summit.

Full Story (comments: 18)

A PyPy 2.0 alpha release for ARM
[Development] Posted May 7, 2013 14:13 UTC (Tue) by corbet

The PyPy project has announced an alpha release of its Python interpreter for the ARM architecture. "This is the first release that supports a range of ARM devices - anything with ARMv6 (like the Raspberry Pi) or ARMv7 (like Beagleboard, Chromebook, Cubieboard, etc.) that supports VFPv3 should work." Benchmark results are included in the announcement; it seems that, in many cases, PyPy speeds things up on ARM even more than on the x86 architecture, even in its current, unpolished state.

Comments (none posted)

Remote execution vulnerability in nginx
[Security] Posted May 7, 2013 13:49 UTC (Tue) by corbet

The nginx web server suffers from a remotely exploitable buffer overflow that can lead to the execution of arbitrary code. Versions 1.4.1 and 1.5.0 contain the fix; there is also a workaround in the announcement. This seems like a good one to apply quickly.

Comments (none posted)

VP8 Patent Cross-license Agreement
[Announcements] Posted May 6, 2013 21:26 UTC (Mon) by ris

The WebM Project looks at a draft of a VP8 patent agreement. "Google is in the process of preparing an agreement that will assist companies and developers with the adoption of VP8 technology by making available a royalty-free license to certain patents that are necessary for the implementation of VP8 and which are owned by Google and a number of other major technology companies." (Thanks to Mark Wielaard)

Comments (3 posted)

Stallman: The W3C's Soul at Stake
[Announcements] Posted May 6, 2013 21:12 UTC (Mon) by ris

Richard Stallman covers a proposal to specify standards for HTML extensions to implement Digital Restrictions Management (DRM). "Of course, the W3C cannot prevent companies from grafting DRM onto HTML. They do this through nonfree plug-ins such as Flash, and with nonfree Javascript code, thus showing that we need control over the Javascript code we run and over the C code we run. However, where the W3C stands is tremendously important for the battle to eliminate DRM. On a practical level, standardizing DRM would make it more convenient, in a very shallow sense. This could influence people who think only of short-term convenience to think of DRM as acceptable, which could in turn encourage more sites to use DRM." (Thanks to Paul Wise)

Comments (69 posted)

Mozilla: How to Spread The Word About Your Code
[Development] Posted May 6, 2013 16:46 UTC (Mon) by corbet

The Mozilla blog has some advice for developers trying to draw attention to their projects. "Before we get started, there’s a stumbling block we need to kick away. Terms like ‘marketing’ and ‘advertising’ are dirty words for many developers and it’s not uncommon for developers to be reluctant to do much promotion. ‘Build it and they will come’ used to work when exciting open source projects were few and far between but now everyone seems to be working on something and making a noise about it. Few of the successes you see come through pure luck but because developers are actively promoting their work or, at least, making it discoverable."

Comments (none posted)

Security advisories for Monday
[Security] Posted May 6, 2013 16:30 UTC (Mon) by ris

Fedora has updated xen (F18; F17: multiple vulnerabilities), python-pip (F18; F17: insecure tempdir usage), curl (F18: cookie information disclosure), gogoc (F18: violation of packaging guidelines), and kernel (F17: multiple vulnerabilities).

Mandriva has updated java-1.7.0-openjdk (multiple vulnerabilities).

Ubuntu has updated clamav (multiple vulnerabilities).

Comments (none posted)

Debian 7.0 Wheezy released
[Distributions] Posted May 5, 2013 4:53 UTC (Sun) by jake

Debian has announced the release of Debian 7.0 ("Wheezy"). "Multiarch support, one of the main release goals for "Wheezy", will allow Debian users to install packages from multiple architectures on the same machine. This means that you can now, for the first time, install both 32- and 64-bit software on the same machine and have all the relevant dependencies correctly resolved, automatically. [...] The installation process has been greatly improved: Debian can now be installed using software speech, above all by visually impaired people who do not use a Braille device. Thanks to the combined efforts of a huge number of translators, the installation system is available in 73 languages, and more than a dozen of them are available for speech synthesis too." More details can be found in the release notes.

Full Story (comments: 54)

Geary crowdfunding: What went wrong?
[Development] Posted May 3, 2013 19:48 UTC (Fri) by n8willis

At the Yorba blog, Jim Nelson has written up an examination of the recent Geary development fundraising campaign, in particular a response to the theories circulating about why the drive came up short. "First, it’s important to understand that the Geary campaign was a kind of experiment. We wanted to know if crowdfunding was a potential route for sustaining open-source development. We weren’t campaigining to create a new application; Geary exists today and has been under development for two years now. Unlike OpenShot and VLC, we weren’t porting Geary to Windows or the Mac, we wanted to improve the Linux experience. And we had no plans on using the raised money as capital to later sell a product or service, which is the usual route for most crowdfunded projects. Our pitch was simply this: donate money so we can make Geary on Linux even better than it is today." Nelson analyzes several of the publicly debated issues, such as the amount, the competition, and the fundraising platform used.

Comments (57 posted)

OSI Board Changes 2013
[Announcements] Posted May 3, 2013 19:25 UTC (Fri) by n8willis

Open Source Initiative (OSI) president Simon Phipps has posted a brief announcement on the OSI blog describing upcoming changes to the OSI governance process and the makeup of the board. "One of the ways we're turning OSI into a member organisation is to gradually replace the Board with member-selected directors. This process started last year when OSI's Affiliate members -- non-profit organizations themselves -- selected candidates for the Board." Two new vacancies on the board will be filled by election, and the OSI board is meeting in Washington DC next week to discuss further changes. Phipps notes: "If you would like to meet them, please come to OSI's DC Metro Open Source Community Summit on May 10."

Comments (none posted)

Friday's security updates
[Security] Posted May 3, 2013 15:47 UTC (Fri) by n8willis

Debian has updated stunnel4 (code execution).

Fedora has updated telepathy-idle (F17, F18; certificate validation error).

Mageia has updated apache-mod_security (information disclosure), clamav (multiple vulnerabilities), drupal (denial of service), java-1.7.0-openjdek (multiple vulnerabilities), krb5 (denial of service), phpmyadmin (multiple vulnerabilities), qemu (information disclosure), roundcubemail (information disclosure), subversion (multiple vulnerabilities), util-linux (information disclosure), and webmin (multiple vulnerabilities).

Mandriva has updated phpmyadmin (multiple vulnerabilities).

openSUSE has updated java-1_7_0-openjdk (multiple vulnerabilities) and krb5 (denial of service).

Ubuntu has updated kernel (multiple vulnerabilities).

Comments (none posted)

Linux Plumbers Conference news and deadlines
[Announcements] Posted May 2, 2013 17:48 UTC (Thu) by jake

This year's edition of the Linux Plumbers Conference (LPC) will be held September 18-20 in New Orleans, Louisiana, overlapping the last day of LinuxCon North America. Early registration for LPC ends on May 12 and the deadline for refereed paper proposals is June 17. The program committee has started approving microconference tracks, but it is not too late propose additional microconference topics.

Comments (none posted)

Security updates for Thursday
[Security] Posted May 2, 2013 15:20 UTC (Thu) by jake

openSUSE has updated icedtea-web (12.1: two vulnerabilities).

Ubuntu has updated kernel (12.04: multiple vulnerabilities), OMAP4 kernel (12.04: multiple vulnerabilities), Quantal HWE kernel (12.04: multiple vulnerabilities), kernel (12.10: multiple vulnerabilities), and OMAP4 kernel (12.10: multiple vulnerabilities).

Comments (none posted)

Adobe CFF rasterizer contributed to FreeType
[Development] Posted May 2, 2013 14:25 UTC (Thu) by corbet

The Google Open Source Blog announces the contribution of Adobe's Compact Font Format rasterizer to the FreeType project. "CFF fonts are capable of very high quality display but the technology places the burden for this display quality on the text rasterizer instead of on the font as is done in TrueType. The new Adobe CFF engine brings that high quality rasterizer support to FreeType." More information can also be found in Adobe's announcement.

Comments (14 posted)

LWN.net Weekly Edition for May 2, 2013
Posted May 2, 2013 1:42 UTC (Thu)

The LWN.net Weekly Edition for May 2, 2013 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Outreach Program for Women; Google Test Automation Conference; The value of FOSS fiscal sponsorship.
  • Security: Code authenticity checking; New vulnerabilities in clamav, kernel, qemu, strongswan, ...
  • Kernel: What's coming in 3.10, part 1; Wait/wound mutexes; LSFMM coverage complete.
  • Distributions: x32 ABI support by distributions; DragonFly, OpenBSD, Ubuntu, ...
  • Development: Go and Rust; GDB 7.6; Open Build Service 2.4; OpenShot fundraising update; ...
  • Announcements: SFC to create accounting software, FSF certifies ThinkPenguin, events.
Read more

OpenBSD 5.3 released
[Distributions] Posted May 1, 2013 19:42 UTC (Wed) by ris

OpenBSD 5.3 has been released. The release announcement (click below) contains a lengthy list of new features and improvements.

Full Story (comments: 8)

The SFC aims to create better non-profit accounting software
[Announcements] Posted May 1, 2013 18:43 UTC (Wed) by corbet

The Software Freedom Conservancy has announced a campaign to raise money and hire a developer to produce a useful, free-software accounting system aimed at the needs of non-profit organizations. "Indeed, Conservancy reached out into the broader fiscal sponsorship community beyond the FLOSS NPO community and discovered that many larger fiscal sponsors — even those willing to use proprietary components — have cobbled together their own unique systems, idiosyncratically tailored to their specific environments. Thus, good, well-designed, and reusable accounting software for non-profit fiscal sponsorship is not just missing in the software freedom community; it's missing altogether." The goal is to raise $75,000 for the first year's worth of work.

Comments (8 posted)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds