LWN.net

Stable kernel 2.6.25.3 released

jake — 2008-05-10T11:02:13+00:00

The 2.6.25.3 stable kernel has been released. It was a bit earlier than expected due to "two security bugs fixed in here that just recently were made public". The release note is not clear which of the updates are the security fixes, but "all users of the 2.6.25 series are strongly encouraged to upgrade, and anyone running 2.6.24 should also move up to 2.6.25 at this time if possible." Click below for more details.

AbiWord team interview (Red Hat Magazine)

ris — 2008-05-09T14:59:32+00:00

Red Hat Magazine has an interview with the AbiWord team. "AbiWord just had a great 2.6 release and the developers took several hours of their spare time over a few weeks period answering questions and providing information. Thanks to the team and especially MarcMaurer for his time and patience. We present you a detailed interview with the AbiWord team on a broad range of topics."

Running a small business on desktop Linux (DesktopLinux)

ris — 2008-05-09T14:38:38+00:00

DesktopLinux has an article by guest author Howard Fosdick. "This paper surveys Linux's suitability for use by owners of very small businesses and the self-employed. It was written by Howard Fosdick, a self-employed database consultant who finds Linux fairly well-suited to his needs, and reckons it has saved him thousands of dollars in recent years."

Security advisories for Friday

ris — 2008-05-09T13:45:41+00:00

CentOS has updated thunderbird (denial of service), gpdf (arbitrary code execution), the kernel (multiple vulnerabilities).

Foresight has updated firefox (denial of service).

Gentoo has updated firebird (information disclosure), ltsp (multiple vulnerabilities), inspircd (buffer overflow).

Mandriva has updated imagemagick (heap-based buffer overflows).

SUSE has updated rsync, MozillaFirefox, poppler, nagios, lighttpd, sarg, squid, bzip2, kdelibs3, texlive-bin, kdelibs4, Sun Java (various issues).

Ubuntu has updated speex (insufficient boundary checks), vorbis-tools (speex related), gst-plugins-good (speex related).

Matthew Garrett on the race to idle

corbet — 2008-05-09T12:48:06+00:00

Matthew Garrett talks about power saving strategy in his unique manner. "Some people write software that lets you choose different power profiles depending on whether you're on AC or battery. Typically, one of the choices lets you reduce the speed of your processor when you're on battery. This is bad. It is wrong. The people who implement these programs are dangerous. Do not listen to them. Do not endorse their product and/or newsletter. Do not allow your eldest child to engage in conjugal acts with them. Doing this will reduce your battery life. It will heat up your home. It will kill baby seals. The sea will rise and your car will float away. If you are already running it, make sure that it always sets your cpufreq governor to ondemand and does not limit the frequencies in use. Failure to do so will result in me setting you on fire."

Interview with Neil Young on Music Piracy, MP3 Hell and Finding Freaks on the Web (ReadWriteWeb)

ris — 2008-05-09T12:00:28+00:00

Marshall Kirkpatrick had a chance to talk to Neil Young at the JavaOne conference in San Francisco. "Here at the JavaOne conference in San Francisco Neil Young just announced that his whole life's work will be made available on in a dynamically updating collection delivered on Blu-ray disk. After his Keynote announcement I was fortunate enough to participate in a small group interview with a handful of other bloggers. Young offered interesting replies to questions about Trent Reznor and music piracy, about MP3 sound quality and about the way the web enables his extensive work on electric cars." (Thanks to Norman Gaywood)

The GPL wins in Germany - again

corbet — 2008-05-08T14:23:08+00:00

Harald Welte has posted an update on the GPL-compliance case hearing held on May 8. In the end, Skype dropped all of its arguments and gave up its appeal. "This means that the previous court decision is legally binding to Skype, and we have successfully won what has probably been the most lengthy and time consuming case so far."

Red Hat releases software for Windows, Linux management (BetaNews)

cook — 2008-05-08T12:18:11+00:00

BetaNews covers Red Hat's release of the JBoss Operations Network 2.0 management platform. "Made generally available during this week's JavaOne conference, JBoss ON 2.0 is designed for managing cross-platform application development, testing, deployment and monitoring. Its modular architecture includes components for inventory, administration, and software updates, plus an optional monitoring module. Although some developers find that the JBoss ON Software Update feature works in a similar way to Microsoft's Windows Update service, the feature is used for distributing patches and other updates to JBoss Enterprise Platform software. But the inventory module enables cataloging of IT assets spanning Windows, Linux, Sun Solaris, HP-UX, and IBM AIX, along with a range of middleware services and servers."

Thursday Security Updates

cook — 2008-05-08T12:12:46+00:00

Gentoo has updated x11 terminal programs (multiple vulnerabilities), egroupware (multiple vulnerabilities) and wireshark (denial of service).

Red Hat Enterprise Linux has updated gpdf (denial of service).

Slackware has updated php (PATH_TRANSLATED miscalculation) and thunderbird (multiple vulnerabilities).

HIEs consider move to Mirth (HealthIT)

cook — 2008-05-08T10:09:54+00:00

HealthIT looks at the increasing popularity of Mirth in the health care world. "Mirth, an open source middleware solution, is gaining ground among health information exchanges. WebReach, a health information technology consultancy in Irvine, Calif., rolled out Mirth 1.0 as HL7-supporting messaging middleware in July 2006. Jon Teichrow, president of WebReach, refers to Mirth as a standards-based interface engine for transferring information among systems. The list of supported standards now includes HL7 v2 and v3, X12, EDI, XML, and the National Council for Prescription Drug Programs." (Found on LinuxMedNews).

LWN.net Weekly Edition for May 8, 2008

corbet — 2008-05-07T21:40:35+00:00

The LWN.net Weekly Edition for May 8, 2008 is available.

Mozilla ships a compromised extension

corbet — 2008-05-07T18:58:09+00:00

From the Mozilla security blog: "The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but may be used for more malicious actions. Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy." Presumably this is only an issue for Windows users, but it is still scary. More information can be found in bugzilla.

Blizzard tests the reach of copyright law

jake — 2008-05-07T14:27:56+00:00

Free software users rarely, if ever, need to be concerned about the license that governs the applications they use. Unlike developers or distributors, users are unlikely to pay attention to whether a program is released under a BSD, GPL, or some other license—not so with proprietary software. If Blizzard Entertainment has its way, it could get a whole lot worse, with proprietary vendors controlling the behavior of its users and enforcing it by way of the Copyright Act. Click below (subscribers only) for the full article.

Wednesday's security updates

corbet — 2008-05-07T12:46:45+00:00

CentOS has updated the kernel (multiple vulnerabilities).

Debian has updated kazehakase (multiple vulnerabilities from old version of PCRE library).

Mandriva has updated emacs (temporary file vulnerability), kdelibs (local code execution if somebody installs the wrong thing setuid root), and openssh (command restriction bypass).

Red Hat has updated the kernel (RHEL3, RHEL4, RHEL5: multiple vulnerabilities, one from 2005).

rPath has updated the kernel (race condition in filesystem lock code).

Ubuntu has updated thunderbird (multiple vulnerabilities), OpenOffice.org (multiple vulnerabilities), and ltsp (open X server).

Welte v. Skype going to trial

corbet — 2008-05-07T12:19:14+00:00

Harald Welte lets it be known that there will be a hearing on May 8 in his GPL-enforcement case against Skype, which is shipping Linux-based phones without making source available. "Interestingly, Skype is arguing against the validity of the GPL as a whole, asserting that it is violating anti-trust regulation and similarly strange claims."