User: Password:
|
Log in / New account

Welcome to LWN.net

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] Blurred boundaries in the storage stack
[Kernel] Posted Mar 24, 2016 22:55 UTC (Thu) by jake

It has been said that an important part of a maintainer's role is to say "no". Just how this "no" is said can define the style and effectiveness of a maintainer. Linus Torvalds recently displayed just how effective his style can be when saying "no" to a pair of fairly innocuous patches to add a new ioctl() command for block devices — patches in their fifth revision that had already received "Reviewed-by" tags from Christoph Hellwig.

Subscribers can click below to see Neil Brown's look at how this all played out.

Full Story (comments: 9)

Kernel prepatch 4.6-rc1
[Kernel] Posted Mar 27, 2016 8:42 UTC (Sun) by corbet

Linus has released the 4.6-rc1 kernel prepatch and closed the merge window for this development cycle. "So I'm closing the merge window a day early, partly because I have some upcoming travel, but partly because this has actually been one of the bigger merge windows in a while, and if somebody was planning on trying to sneak in any last-minute features, I really don't want to hear about it any more."

Comments (none posted)

[$] LWN.net Weekly Edition for March 24, 2016
Posted Mar 24, 2016 0:46 UTC (Thu)

The LWN.net Weekly Edition for March 24, 2016 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Firefox and cookie micromanagement; Fighting DRM in HTML, again; Bringing Signal to the desktop.
  • Security: A slow path to a fast fix; New vulnerabilities in jenkins, proftpd, webkitgtk, xen, ...
  • Kernel: 4.6 Merge window part 2; Variant symlinks; The new control group API.
  • Distributions: KubeCon EU 2016, part 1: Kubernetes 1.2; FreeNAS 9.10, Redox OS, ...
  • Development: Last branch records; KDE Plasma 5.6; Evergreen 2.10; Adjusting with Moore's Law; ...
  • Announcements: Library Freedom Project, Werner Koch win 2015 FSF awards, Andy Grove died, Designing with LibreOffice, ...
Read more

GStreamer 1.8 released
[Development] Posted Mar 25, 2016 22:26 UTC (Fri) by n8willis

Version 1.8 of the GStreamer multimedia framework is now available. New is support for hardware-accelerated zero-copy video decoding on Android, a new tracing system that will support more advanced debugging tools, initial support for the Vulkan API, and the debut of the new, simplified GstPlayer playback API (which we looked at in October). There are many other additions and improvement; see the release notes for full details.

Comments (none posted)

[$] KubeCon EU 2016, part 1: Kubernetes 1.2
[Distributions] Posted Mar 23, 2016 14:44 UTC (Wed) by jake

KubeCon EU, held in London March 10th, was the second conference dedicated to the Kubernetes container orchestration system. The sold-out attendance of 500 showed how popular the project has become since the release of version 1.0 by Google in July 2015. One week after the conference, version 1.2 was released, which included many long-awaited features.

Subscribers can click below for part 1 of our coverage—two talks about new 1.2 features—by guest author Josh Berkus.

Full Story (comments: none)

Friday's security updates
[Security] Posted Mar 25, 2016 17:32 UTC (Fri) by n8willis

Arch Linux has updated botan (multiple vulnerabilities) and expat (code execution).

CentOS has updated java-1.7.0-openjdk (C6; C5; C7: sandbox bypass) and java-1.8.0-openjdk (C6; C7: sandbox bypass).

Fedora has updated php-pecl-http (F23: multiple vulnerabilities) and torbrowser-launcher (F23: signature verification bypass).

Mageia has updated filezilla (M5: code execution), git (M5: code execution), iceape (M5: multiple vulnerabilities), krb5 (M5: null pointer dereference), libotr (M5: code execution), moodle (M5: multiple vulnerabilities), openafs (M5: multiple vulnerabilities), pidgin-otr (M5: code execution), webkit (M5: multiple vulnerabilities), and webkit2 (M5: multiple vulnerabilities).

openSUSE has updated quagga (Leap 42.1: code execution).

Oracle has updated java-1.7.0-openjdk (O7; O6; O5: sandbox bypass) and java-1.8.0-openjdk (O7; O6: sandbox bypass).

Red Hat has updated java-1.7.0-openjdk (RHEL6; RHEL7: sandbox bypass), java-1.7.0-oracle (RHEL7: sandbox bypass), java-1.8.0-openjdk (RHEL6, RHEL7: sandbox bypass), and java-1.8.0-oracle (RHEL7: sandbox bypass).

Scientific Linux has updated java-1.7.0-openjdk (SL6; SL7: sandbox bypass) and java-1.8.0-openjdk (SL6; SL7: sandbox bypass).

Ubuntu has updated openjdk-7 (14.04, 15.10: sandbox bypass).

Comments (none posted)

LWN.net Weekly Edition for March 17, 2016
Posted Mar 17, 2016 0:06 UTC (Thu)

The LWN.net Weekly Edition for March 17, 2016 is available.

Inside this week's LWN.net Weekly Edition

  • Front: The 2016 DPL election; ManageIQ; The Car Hacker's Handbook.
  • Security: Apple, iPhones, and encryption; New vulnerabilities in chromium, ffmpeg, firefox, git, ...
  • Kernel: The 4.6 merge window opens; Resource groups.
  • Distributions: Modularizing Fedora; CyanogenMod, Debian Astro, SunCamp, ...
  • Development: Reinventing IMAP with JMAP; Qt 5.6.0; FSF high-priority projects; LXD 2.0; ...
  • Announcements: Libre Graphics magazine ends, NetDev 1.1 videos now available, TP-Link blocks open source router firmware, ...
Read more

Hype Around the Mysterious ‘Badlock’ Bug Raises Criticism (WIRED)
[Security] Posted Mar 24, 2016 20:30 UTC (Thu) by jake

The security circus continues to get sillier, it seems. WIRED is reporting on the "Badlock" bug that is being "reported" by SerNet—with the requisite catchy name, logo, and web site—but without any details for three weeks. "But another bug is on the horizon that is setting a new bar for brand-name bug disclosures. It’s called Badlock and it’s already receiving a lot of controversial attention, even though the exact nature of the bug—and most importantly, the patches to fix it—won’t be disclosed for another three weeks. The bug affects unknown versions of the Windows operating system and Samba, free open-source software that integrates Linux or Unix servers and Windows computers across a network."

Josh Bressers's blog post also has some thoughts on the "disclosure": "The thing everyone always should remember in a situation like this is there are a lot of really smart people on the planet. If you think of something clever or discover something new, there are huge odds someone else did too. 3 weeks almost guarantees someone else can figure out whatever it is you found. It's especially interesting in this case since we have a name "Badlock" so we know it probably involves locking. We know it affects Samba and Windows. And we know who it was found by so we can look at which bits of Samba they've been working on lately. That's a lot of information for a clever person."

Comments (19 posted)

The Car Hacker's Handbook
[Front] Posted Mar 16, 2016 18:48 UTC (Wed) by n8willis

[Car Hacker's Handbook]

No Starch Press recently released a book about working with automotive software systems: The Car Hacker's Handbook: A Guide for the Penetration Tester, written by Craig Smith. The book is an expansion of Smith's popular and widely circulated e-book of the same title. The old version remains available online at no cost, but there is considerably more content in the new revision—enough to make it a tempting purchase not just for automotive-software fans in general, but for those interested in embedded-device security and in reverse engineering other classes of consumer product.


Full Story (comments: none)

Thursday's security updates
[Security] Posted Mar 24, 2016 18:21 UTC (Thu) by jake

CentOS has updated foomatic (C6: three vulnerabilities, one from 2010), git (C7; C6: two code execution flaws), kernel (C6: two vulnerabilities), krb5 (C6: two vulnerabilities), and tomcat6 (C6: Security Manager bypass from 2014).

Debian has updated inspircd (denial of service), pidgin-otr (?:), and redmine (multiple unspecified information disclosure flaws).

Fedora has updated dropbear (F23; F22: information disclosure), kernel (F22; F23: three vulnerabilities), putty (F23; F22: code execution), and qemu (F23: multiple vulnerabilities).

openSUSE has updated dropbear (42.1, 13.2: information disclosure), graphite2 (42.1: three vulnerabilities), libssh (13.2: insecure sessions), perl (13.2: two vulnerabilities), pidgin-otr (42.1, 13.2: code execution), quagga (13.2: code execution), samba (42.1: ACL bypass), thunderbird (42.1, 13.2: multiple vulnerabilities), and tomcat (42.1: multiple vulnerabilities).

Oracle has updated git (OL7; OL6: two code execution flaws) and kernel 3.8.13 (OL7; OL6: two vulnerabilities).

Red Hat has updated python-django (RHOSP7OT for RHEL7; RHOSP7 for RHEL7; RHOSP6 for RHEL7; RHOSP5 for RHEL7; RHOSP5 for RHEL6: two vulnerabilities).

SUSE has updated rubygem-actionview-4_2 (OSC6, ES2.1: code execution) and xen (SLE12SP1: many vulnerabilities, some from 2014 and 2013).

Ubuntu has updated quagga (two vulnerabilities, one from 2013) and tiff (multiple vulnerabilities).

Comments (none posted)

Thread-level control with resource groups
[Kernel] Posted Mar 16, 2016 16:24 UTC (Wed) by corbet

The kernel's control-group mechanism allows processes to be divided into groups for the purposes of tracking and resource control. Both the API and underlying implementation of this mechanism have been going through considerable change in recent years. As part of that change, the newer control-group API has lost the ability to separately manage threads within a process, a loss that is not welcome in some quarters. Current work to replace that functionality is not finding an entirely warm reception either, though.

Full Story (comments: 1)

CitusDB open-sourced
[Development] Posted Mar 24, 2016 16:39 UTC (Thu) by corbet

Citus Data has announced that its CitusDB distributed database has been released, under an open-source license (AGPLv3), as a PostgreSQL extension. "First, Citus 5.0 now fully uses the PostgreSQL extension APIs. In other words, Citus becomes the first distributed database in the world that doesn't fork the underlying database. This means Citus users can immediately benefit from new features in PostgreSQL, such as semi-structured data types (json, jsonb), UPSERT, or when 9.6 arrives no more full table vacuums. Also, users can keep working with their existing Postgres drivers and tools."

Comments (8 posted)

LWN.net Weekly Edition for March 10, 2016
Posted Mar 10, 2016 0:26 UTC (Thu)

The LWN.net Weekly Edition for March 10, 2016 is available.

Inside this week's LWN.net Weekly Edition

  • Front: OpenShot 2.0; Outreachy: an intern's perspective.
  • Security: CVE woes and alternatives; Tor Browser fingerprinting; New vulnerabilities in chromium, gimp, kernel, mozilla, ...
  • Kernel: 4.5 Development statistics; In-band deduplication for Btrfs; Architecture emulation containers.
  • Distributions: Subgraph OS, a new security-centric desktop distribution; KDE community's Distribution Outreach Program, Debian "Stretch" delayed, ...
  • Development: Improving writing with proselint; Firefox OS IoT projects; ownCloud 9; LLVM 3.8; ...
  • Announcements: Microsoft announces SQL Server for Linux, MAME is now Free and Open Source Software, ...
Read more

GNOME 3.20
[Development] Posted Mar 23, 2016 18:30 UTC (Wed) by ris

GNOME 3.20 has been released. "This release brings significant improvements to many of our core applications, such as system upgrades and reviews in Software, simple photo editing in Photos and improved search in Files. Improvements to our platform include shortcut help windows which are now available in many applications, a refined font and better control of location services." See the release notes for details.

Full Story (comments: 19)

Outreachy: an intern's perspective
[Front] Posted Mar 9, 2016 19:05 UTC (Wed) by jake

Last year, guest author Linda Jacobson participated as an intern in the Outreachy program. She shares her experiences along with those of other participants in this project that is targeted at helping to increase diversity in the open-source world.

Subscribers can click below for the full article from this week's edition.

Full Story (comments: 32)

Security advisories for Wednesday
[Security] Posted Mar 23, 2016 18:09 UTC (Wed) by ris

Debian has updated libmatroska (information leak) and pixman (code execution).

Fedora has updated krb5 (F23: null pointer dereference), webkitgtk (F23: multiple vulnerabilities), and webkitgtk4 (F23: denial of service).

openSUSE has updated bind (Leap42.1: two vulnerabilities).

Oracle has updated foomatic (OL6: two vulnerabilities), kernel (OL6: memory leak), krb5 (OL6: two vulnerabilities), and tomcat6 (OL6: Security Manager bypass).

Red Hat has updated foomatic (RHEL6: three vulnerabilities), git (RHEL6,7: code execution), git19-git (RHSCL: code execution), kernel (RHEL6: memory leak), krb5 (RHEL6: two vulnerabilities), nss-util (RHEL6.2, 6.4, 6.5, 6.6, 7.1: code execution), RHOSE (multiple vulnerabilities), and tomcat6 (RHEL6: Security Manager bypass).

Scientific Linux has updated foomatic (SL6: three vulnerabilities), git (SL6,7: code execution), kernel (SL6: memory leak), krb5 (SL6: two vulnerabilities), and tomcat6 (SL6: Security Manager bypass).

SUSE has updated rubygem-actionview-4_1 (SOSC5: two vulnerabilities).

Comments (none posted)

LWN.net Weekly Edition for March 3, 2016
Posted Mar 3, 2016 0:55 UTC (Thu)

The LWN.net Weekly Edition for March 3, 2016 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Paperwork; Cyanogen deactivates WhisperPush; Tvheadend.
  • Security: TLS certificate management on Android; New vulnerabilities in kernel, openssl, openstack-glance, pcre, ...
  • Kernel: MAP_PMEM_AWARE; Airplane mode and rfkill; Syzkaller.
  • Distributions: Solus: focusing on desktop Linux; Calamares 2.0, Debian 6 eol, ...
  • Development: OpenStack and open core; OpenSSH 7.2; Embeddability for Gecko; A misleading-indentation warning for GCC 6; ...
  • Announcements: Raspberry Pi 3 is out, Garrett bought some awful light bulbs, LF partners with Women Who Code, SFC and SFLC on ZFS in Linux, ...l
Read more

KDE Plasma 5.6 Release
[Development] Posted Mar 22, 2016 19:16 UTC (Tue) by ris

KDE Plasma 5.6 has been released. This version brings many improvements to the task manager, KRunner, activities, and Wayland support. The look and feel has been enhanced with a slicker Plasma theme and smoother widgets. For those that missed having a weather widget, that feature has returned. See the changelog for details.

Comments (14 posted)

Coverage-guided kernel fuzzing with syzkaller
[Kernel] Posted Mar 2, 2016 0:02 UTC (Wed) by jake

If your software deals with untrusted user input, it's a good idea to run a fuzzer against the program. For the Linux kernel, the most effective fuzzer of recent years has been Dave Jones's Trinity system call tester. But there's a new system call fuzzer in town, Dmitry Vyukov's syzkaller, and early results from it look promising — over 150 bugs uncovered in the mainline kernel (plus several dozen in Google's internal kernels) in a few months of operation.

Click below (subscribers only) for the full article by David Drysdale.

Full Story (comments: 8)

Andy Grove——dead at 79 (Ars Technica)
[Announcements] Posted Mar 22, 2016 18:46 UTC (Tue) by ris

Ars Technica reports that former Intel CEO, chairman, and first employee hired Andy Grove has died. "Intel may have been a footnote in history were it not for Grove. The company started its life making DRAM chips. With this business under pressure from dumped Japanese DRAM, Grove changed the company's direction, deciding to build microprocessors instead. After a few early iterations, this work led to the development of the x86 processor line that made Intel a household name and one of the largest companies in the world. Grove was also instrumental in persuading IBM to use Intel's x86 processors for its newly invented Personal Computer."

Comments (20 posted)

--> More news items


Copyright © 2016, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds