LWN.net

[$] LWN.net Weekly Edition for September 2, 2010

corbet — 2010-09-02T01:12:11+00:00

The LWN.net Weekly Edition for September 2, 2010 is available.

Welte: More GPL enforcement work again.. and a very surreal but important case

jake — 2010-09-01T23:52:42+00:00

On his blog, Harald Welte writes about work he is doing as part of the gpl-violations.org project. "Right now I'm facing what I'd consider the most outrageous case that I've been involved so far: A manufacturer of Linux-based embedded devices (no, I will not name the company) really has the guts to go in front of court and sue another company for modifying the firmware on those devices. More specifically, the only modifications to program code are on the GPL licensed parts of the software. None of the proprietary userspace programs are touched! None of the proprietary programs are ever distributed either." If the manufacturer were to succeed with its claims, it could jeopardize many different projects that provide alternate code for devices, he says.

GNOME Journal Issue 21 released

corbet — 2010-09-01T20:29:14+00:00

Issue 21 of the GNOME Journal is out; topics covered include simple real-time games, Grilo, and an interview with Bradley Kuhn.

Security advisories for Wednesday

ris — 2010-09-01T17:48:19+00:00

CentOS has updated C5: httpd (multiple vulnerabilities) and C5: kernel (privilege escalation).

Debian has updated wireshark (arbitrary code execution).

Fedora has updated socat (F13, F12: arbitrary code execution).

Mandriva has updated libgdiplus (arbitrary code execution), perl-libwww-perl (unexpected download filename), and openssl (denial of service).

openSUSE has updated acroread (multiple vulnerabilities).

SUSE has updated kernel (multiple vulnerabilities) and acroread (multiple vulnerabilities).

Duffy: A story about updates and people

jake — 2010-09-01T17:18:12+00:00

On her blog, Máirín Duffy describes four archetypes of Fedora users (Caroline Casual-User, Pamela Packager, Connie Community, and Nancy Ninja) and how they relate to updates of the distribution. Fedora has been discussing its update policy for a bit and Duffy uses the user stories to present her thoughts on how to proceed. "Pamela wants updates to be constant throughout a release, no holds barred — she wants the latest Gimp and she wants it yesterday. Caroline just wants her computer to work — "please don't change a thing — it worked yesterday — if it breaks before my presentation I'm screwed!" Can both their needs be met? I think so! But it�s easy to completely miss where interests and needs can both be met when the language is so easily interpreted to mean the problem is untenable."

[$] LinuxCon Brazil: Q&A with Linus and Andrew

corbet — 2010-08-31T22:23:30+00:00

Linus Torvalds rarely makes appearances at conferences, and it's even less common for him to get up in front of the crowd and speak. He made an exception for LinuxCon Brazil, though, where he and Andrew Morton appeared in a question and answer session led by Linux Foundation director Jim Zemlin. The resulting conversation covered many aspects of kernel development, its processes, and its history. Click below (subscribers only) for the full report from São Paulo.

Debian Project mourns the loss of Frans Pop

corbet — 2010-08-31T19:48:12+00:00

The Debian Project has put up a brief notice on the passing of longtime contributor Frans Pop. "Frans was involved in Debian as a maintainer of several packages, a supporter of the S/390 port, and one of the most involved members of the Debian Installer team. He was a Debian Listmaster, editor and release manager of the Installation Guide and the release notes, as well as a Dutch translator."

PostgreSQL 9.0 Release Candidate 1

ris — 2010-08-31T18:57:35+00:00

The first release candidate for PostgreSQL 9.0 is available for testing. "No changes in commands, interfaces or APIs are expected between this release candidate and the final version. Applications which will deploy on 9.0 can and should test against 9.0rc1. Depending on bug reports, there may or may not be more release candidates before the final release."

KDE SC 4.5.1 Released

ris — 2010-08-31T17:29:10+00:00

KDE has updated the Applications, Platform and Plasma Workspaces to 4.5.1. "This release will make 4.5 users life more pleasant by adding a number of important bugfixes, bringing more stability and better functionality to the Plasma Desktop, and many applications and utilities."

Tuesday's security updates

ris — 2010-08-31T17:24:46+00:00

Debian has updated openssl (denial of service).

Fedora has updated bogofilter (F13, F12: denial of service) and php-pear-cas (F13, F12: multiple vulnerabilities).

Mandriva has updated libhx (arbitrary code execution).

Ubuntu has updated bogofilter (denial of service) and libwww-perl (unexpected download filename).

[$] A licensing change for syslog-ng

jake — 2010-08-31T16:35:42+00:00

Many have criticized syslog-ng, a replacement for the syslog logging daemon with many additional features, for not being open enough. Syslog-ng has a closed-source commercial version and keeps the entire code base under a single copyright by requiring copyright transfer for contributions, which has been a sore spot in the eyes of many people. This may be part of the cause for syslog-ng failing to become the default system-logging daemon of modern Linux distributions. Now the project seeks to relieve these concerns and attract a wider contributor base with a new licensing model. Subscribers can click below for the full article from this week's Development page.

Hold The Celebrations; H.264 Is Not The Sort Of Free That Matters (ComputerWorld UK)

jake — 2010-08-31T15:22:49+00:00

Over at ComputerWorld UK, Simon Phipps says there is nothing to celebrate in the recent announcement [PDF] that MPEG-LA will not charge royalties on "web uses" of the H.264 codec for the remaining life of the patents it administers. "First, the H.264-format video needs to be created - but that isn't free under this move. Then it needs to be served up for streaming - but that isn't free under this move. There then needs to be support for decoding it in your browser - but adding that isn't free under this move. Finally it needs to be displayed on your screen. [...] The only part of this sequence being left untaxed is the final one. Importantly, they are not offering to leave the addition of support for H.264 decoding in your browser untaxed. In particular, this means the Mozilla Foundation would have to pay to include the technology in Firefox." He also posits that MPEG-LA may try to join forces with Oracle and Paul Allen's Interval Research to create a three-way patent attack on Google—this time against WebM.

Chromium Graphics Overhaul (The Chromium Blog)

jake — 2010-08-31T15:07:28+00:00

The Chromium blog reports on some developments in graphics handling in the free Google Chrome-based browser. The intent is to speed up graphics rendering by taking advantage of the GPU. "At its core, this graphics work relies on a new process (yes, another one) called the GPU process. The GPU process accepts graphics commands from the renderer process and pushes them to OpenGL or Direct3D (via ANGLE). Normally, renderer processes wouldn�t be able to access these APIs, so the GPU process runs in a modified sandbox. Creating a specialized process like this allows Chromium�s sandbox to continue to contain as much as possbile: the renderer process is still unable to access the system�s graphics APIs, and the GPU process contains less logic."

Novell Disappoints as Ownership Concerns Continue (Datamation)

ris — 2010-08-30T18:03:41+00:00

Datamation looks at Novell's third quarter financial results, which have fallen short of the company's projections. "The decline in revenues in the third quarter extended across Novell's multiple product lines, including its security-management and operating platforms, as well as its Linux business. Novell's reported revenue of $108 million for its security-management and operating platforms, down 2 percent year-over-year. Earlier this week, Novell announced a new cloud security service to manage access, identity and compliance. Novell's SUSE Linux platform products revenue in the third quarter netted $36 million, a decline of 7 percent from the third quarter of 2009. " (Thanks to Don Marti)

Security advisories for Monday

ris — 2010-08-30T17:39:45+00:00

Debian has updated phpmyadmin (multiple vulnerabilities), typo3-src (multiple vulnerabilities), and openoffice.org (denial of service).

Mandriva has updated phpmyadmin (Corporate 4.0, Enterprise Server 5.0: multiple vulnerabilities).

MeeGo has updated emacs (symlink race), firefox (multiple vulnerabilities), ghostscript (arbitrary code execution), polkit (information disclosure), kernel (denial of service), python (multiple vulnerabilities), glibc (privilege escalation), mutter-moblin (denial of service), ruby (cross-site scripting), and libtiff (multiple vulnerabilities).

openSUSE has updated xorg-x11-server (privilege escalation).

Red Hat has updated httpd (multiple vulnerabilities) and kernel (RHEL 5.3, RHEL 5: privilege escalation).

Slackware has updated gnupg2 (code execution), httpd (denial of service), kdegraphics (memory corruption), php (multiple vulnerabilities), pidgin (denial of service), and xorg-server (privilege escalation).