| |||||||||||||
Welcome to LWN.netHeadlines for May 25, 2013Three Ubuntu releases reach end of life
[Distributions] Posted May 9, 2013 22:32 UTC (Thu) by jake
Three releases of Ubuntu reached their end of life on May 9, 2013, which means they will no longer receive updates of any kind. Users of Ubuntu 8.04 LTS ("Hardy Heron"), Ubuntu 10.04 LTS Desktop ("Lucid Lynx"), and Ubuntu 11.10 ("Oneiric Ocelot") should upgrade.
New Zealand Government Announces That Software Will No Longer Be Patentable (Forbes)
[Announcements] Posted May 9, 2013 21:04 UTC (Thu) by jake
Forbes is reporting that the New Zealand government has banned patents on software. "In doing this, New Zealand is essentially taking the position that existing laws provides enough protection to software as it is; patents only serve to stifle innovation because of the ever-looming threat of being sued by so-called patent troll companies. [...] During its consideration of the bill, the committee received many submissions opposing the granting of patents for computer programs on the grounds it would stifle innovation and restrict competition. Internet New Zealand said [Commerce Minister Craig] Foss' decision to amend the Patents Bill drew to a close 'years of wrangling between software developers, ICT players and multinational heavyweights over the vexed issue of patentability of software'."
PyPy 2.0 released
[Development] Posted May 9, 2013 20:04 UTC (Thu) by corbet
The PyPy 2.0 release is available; PyPy is a performance-oriented reimplementation of the Python 2 interpreter. "This is a stable release that brings a swath of bugfixes, small performance improvements and compatibility fixes. PyPy 2.0 is a big step for us and we hope in the future we'll be able to provide stable releases more often." Headline features include stackless and greenlet support, a new interface to C modules, and more.
Raspberry Pi operating systems: 5 reviewed and rated (Techradar)
[Distributions] Posted May 9, 2013 17:56 UTC (Thu) by jake
Those looking for alternative distributions (or even operating systems) for their Raspberry Pi may want to take a peek at Techradar's review of five choices for the diminutive ARM-based computer. The article looks at Raspbian, Risc OS, Plan 9, Android, and Arch; it evaluates and rates each one on a variety of criteria:
The areas we're looking at are installation, default software, media playback (out-of-the-box), looks and usability, the community behind the OS and their respective attitudes toward software freedom. Basically, the very stuff that makes a Linux user decide on what system to use.
We also want to gauge this from the point of view of someone who's not as familiar with Linux as others are, so they can jump into the project without too much hassle, and not end up leaving it feeling disheartened.
Security updates for Thursday
[Security] Posted May 9, 2013 15:36 UTC (Thu) by jake
Fedora has updated phpmyadmin (F17; F18: two remote code execution flaws). Mageia has updated ffmpeg (multiple vulnerabilities), wordpress (three vulnerabilities), ekiga, opal3, ptlib (denial of service), nrpe (code execution), x11-server (keystroke capture), glibc (two denial of service flaws), and libtiff (two vulnerabilities). Ubuntu has updated telepathy-idle (13.04, 12.10, 12.04: certificate validation botch).
LWN.net Weekly Edition for May 9, 2013
Posted May 9, 2013 1:46 UTC (Thu)The LWN.net Weekly Edition for May 9, 2013 is available. Inside this week's LWN.net Weekly Edition
"Click packages" for Ubuntu
[Distributions] Posted May 8, 2013 19:50 UTC (Wed) by corbet
Ubuntu is considering adopting a new package format for third-party applications that would be simpler for developers to work with. This format would not replace dpkg in the Ubuntu system itself. "So the scope of what I've been considering is purely leaf apps built on a fixed 'base system', which in the case of the initial target of the Ubuntu phone/tablet work would be the run-time part of the Ubuntu SDK."
Stable kernel updates
[Kernel] Posted May 8, 2013 16:32 UTC (Wed) by ris
Greg KH has updated stable kernels 3.9.1, 3.8.12, 3.4.44, and 3.0.77. All of them include important fixes.
Security advisories for Wednesday
[Security] Posted May 8, 2013 16:25 UTC (Wed) by ris
Fedora has updated rubygem-rack (F18; F17: multiple vulnerabilities) and rubygem-rdoc (F18; F17: cross-site scripting). Mandriva has updated glibc (ES 5.0: multiple vulnerabilities) and glibc (BS 1.0: denial of service). SUSE has updated kernel (some SLE 11 SP2 products; other SLE 11 SP2 products: multiple vulnerabilities). Ubuntu has updated openjdk-6 (multiple vulnerabilities).
(Nearly) full tickless operation in 3.10
[Kernel] Posted May 8, 2013 15:47 UTC (Wed) by corbet
On a typical Linux system, each running CPU will be diverted between 100 and 1000 times each second by the periodic timer interrupt. That interrupt is the CPU's cue to reconsider which process should be running, catch up with read-copy-update (RCU) callbacks, and generally handle any necessary housekeeping. This periodic "tick" can be reasonably compared to the infamous big kernel lock (BKL): it is convenient to have around, but it also has an effect on performance that makes developers wish to abolish it. The key difference might be that getting rid of the timer tick has taken rather longer than was required to eliminate the BKL. The 3.10 kernel will take an important step in that direction, though, with the addition of the "full NOHZ" mode — but a lot of limitations still apply.
Garrett: A short introduction to TPMs
[Security] Posted May 7, 2013 20:04 UTC (Tue) by corbet
Matthew Garrett has posted an introduction to the trusted platform module (TPM) chip and what can be done with it. "I've been working on TPMs lately. It turns out that they're moderately awful, but what's significantly more awful is basically all the existing documentation. So here's some of what I've learned, presented in the hope that it saves someone else some amount of misery."
Tuesday's security updates
[Security] Posted May 7, 2013 16:48 UTC (Tue) by ris
Red Hat has updated subscription-manager (man-in-the-middle attack). Ubuntu has updated libxml2 (13.04: code execution) and mesa (12.04 LTS: code execution).
LFCS: The LLVMLinux project
[Kernel] Posted May 7, 2013 16:14 UTC (Tue) by jake
The Linux Foundation Collaboration Summit (LFCS) seems to be a likely venue for an update on the status of building the kernel with Clang/LLVM. Both in 2011 and 2012, we covered those updates. LFCS 2013 continued the trend as LLVMLinux project lead Behan Webster presented the status and plans for the project at LFCS. The gathering lived up to its name as well, since two problems faced by the project were solved through collaboration at the summit.
A PyPy 2.0 alpha release for ARM
[Development] Posted May 7, 2013 14:13 UTC (Tue) by corbet
The PyPy project has announced an alpha release of its Python interpreter for the ARM architecture. "This is the first release that supports a range of ARM devices - anything with ARMv6 (like the Raspberry Pi) or ARMv7 (like Beagleboard, Chromebook, Cubieboard, etc.) that supports VFPv3 should work." Benchmark results are included in the announcement; it seems that, in many cases, PyPy speeds things up on ARM even more than on the x86 architecture, even in its current, unpolished state.
Remote execution vulnerability in nginx
[Security] Posted May 7, 2013 13:49 UTC (Tue) by corbet
The nginx web server suffers from a remotely exploitable buffer overflow that can lead to the execution of arbitrary code. Versions 1.4.1 and 1.5.0 contain the fix; there is also a workaround in the announcement. This seems like a good one to apply quickly.
VP8 Patent Cross-license Agreement
[Announcements] Posted May 6, 2013 21:26 UTC (Mon) by ris
The WebM Project looks at a draft of a VP8 patent agreement. "Google is in the process of preparing an agreement that will assist companies and developers with the adoption of VP8 technology by making available a royalty-free license to certain patents that are necessary for the implementation of VP8 and which are owned by Google and a number of other major technology companies." (Thanks to Mark Wielaard)
Stallman: The W3C's Soul at Stake
[Announcements] Posted May 6, 2013 21:12 UTC (Mon) by ris
Richard Stallman covers a proposal to specify standards for HTML extensions to implement Digital Restrictions Management (DRM). "Of course, the W3C cannot prevent companies from grafting DRM onto HTML. They do this through nonfree plug-ins such as Flash, and with nonfree Javascript code, thus showing that we need control over the Javascript code we run and over the C code we run. However, where the W3C stands is tremendously important for the battle to eliminate DRM. On a practical level, standardizing DRM would make it more convenient, in a very shallow sense. This could influence people who think only of short-term convenience to think of DRM as acceptable, which could in turn encourage more sites to use DRM." (Thanks to Paul Wise)
Mozilla: How to Spread The Word About Your Code
[Development] Posted May 6, 2013 16:46 UTC (Mon) by corbet
The Mozilla blog has some advice for developers trying to draw attention to their projects. "Before we get started, there’s a stumbling block we need to kick away. Terms like ‘marketing’ and ‘advertising’ are dirty words for many developers and it’s not uncommon for developers to be reluctant to do much promotion. ‘Build it and they will come’ used to work when exciting open source projects were few and far between but now everyone seems to be working on something and making a noise about it. Few of the successes you see come through pure luck but because developers are actively promoting their work or, at least, making it discoverable."
Security advisories for Monday
[Security] Posted May 6, 2013 16:30 UTC (Mon) by ris
Fedora has updated xen (F18; F17: multiple vulnerabilities), python-pip (F18; F17: insecure tempdir usage), curl (F18: cookie information disclosure), gogoc (F18: violation of packaging guidelines), and kernel (F17: multiple vulnerabilities). Mandriva has updated java-1.7.0-openjdk (multiple vulnerabilities). Ubuntu has updated clamav (multiple vulnerabilities).
Debian 7.0 Wheezy released
[Distributions] Posted May 5, 2013 4:53 UTC (Sun) by jake
Debian has announced the release of Debian 7.0 ("Wheezy"). "Multiarch support, one of the main release goals for "Wheezy", will allow Debian users to install packages from multiple architectures on the same machine. This means that you can now, for the first time, install both 32- and 64-bit software on the same machine and have all the relevant dependencies correctly resolved, automatically. [...] The installation process has been greatly improved: Debian can now be installed using software speech, above all by visually impaired people who do not use a Braille device. Thanks to the combined efforts of a huge number of translators, the installation system is available in 73 languages, and more than a dozen of them are available for speech synthesis too." More details can be found in the release notes.
|
|||||||||||||
![[LLVMLinux logo]](/images/2013/lfcs-llvmlinux.png)