Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 10 másodperc

Day: A New Approach to GNOME Application Design

3 óra 33 perc
GNOME design team member Allan Day writes about ideas in GNOME 3 application design on his blog. In the article, he looks at the use of maximized windows, views, primary toolbars, and more. The design team is documenting these ideas in a new version of the GNOME Human Interface Guidelines (HIG). "There are many other application design patterns that we've been working on, including application menus, a new grid view for displaying collections of content, in-app notifications, new models for dialogs, nice full screen controls and a sidebar list pattern. Together, these provide the opportunity to create applications that efficient, modern, elegant, and a pleasure to use."
Kategóriák: Linux

Welte: Some comments on the heated debate on SFC / Busybox / Linux GPL enforcement

p, 2012-02-10 22:47
Over on his blog, Harald Welte comments on GPL enforcement in light of the Busybox/Toybox controversy. "In any kind of GPL enforcement, you of course not only want the complete corresponding source code to one program, but to all of the GPL/LGPL/AGPL or otherwise copyleft licensed programs contained in the product. We at gpl-violations.org have always been requesting the complete corresponding source code to all GPL licensed software during our communication with the infringing companies. This request was typically honored by everyone, without the need to apply any pressure onto it. After all, releasing only one bit of code causes the risk to get sued by somebody else who owns the other not-yet-compliant part of the code. [...] Now there have been rumors that SFC was not only requesting non-Busybox source code, but also making it a condition for the explicit re-instatement of the license on Busybox. Whether or not there was such a hard condition is subject to debate and there are different opinions on it. For those in the field of FOSS licensing, it has always known that there are different lines of thought with regard to the requirement to explicit reinstatement. We in Germany generally think that it is not required at all, and the existing preliminary injunctions at least implicitly acknowledge that as they enjoin companies from distributing a product as long as it is not in compliance with the license. In other (particularly the U.S.), it is generally assumed that explicit reinstatement is required."
Kategóriák: Linux

Friday's security updates

p, 2012-02-10 19:28
CentOS has updated C5: kernel (multiple vulnerabilities).

Fedora has updated F15: firefox (multiple vulnerabilities), F15: thunderbird (multiple vulnerabilities), F15: xulrunner (multiple vulnerabilities), F15: perl-gtk2-mozembed (multiple vulnerabilities), F15: gstreamer-plugins-bad-free (multiple vulnerabilities), F15: libvpx (multiple vulnerabilities), F15: gnome-python2-extras (multiple vulnerabilities), F15: thunderbird-lightning (multiple vulnerabilities), and F15: znc (denial of service).

Ubuntu has updated openssl (multiple vulnerabilities) and php (multiple vulnerabilities).

Kategóriák: Linux

Wayland and Weston 0.85.0 released

p, 2012-02-10 19:13
The first official releases of the Wayland display system, now split into two pieces called "Wayland" and "Weston," are now available. What's not immediately available is a lot of information about what capabilities are in this release or how usable it is. "Wayland is the protocol and IPC mechanism while Weston is the reference compositor implementation. The 0.85 branch in both repositories is going to be protocol and interface stable. We have a series of protocol changes on the table before 1.0 but this branch marks a stable point before we jump into that."
Kategóriák: Linux

The Chromium Blog on the future of JavaScript

p, 2012-02-10 18:08
The Chromium Blog has an overview of the new JavaScript features expected in a major revision of the language next year. "A proxy simulates a JavaScript object or function, and can customize just about any aspect of their behaviour that you can imagine. This is a real power feature, that takes reflection to a new level and can be used to implement various advanced abstractions and interfaces."
Kategóriák: Linux

Jury rules that Eolas's "interactive web" patent is invalid (ars technica)

p, 2012-02-10 00:40
Well, that was quick. The jury in a patent lawsuit against eight companies that use "interactive web" technologies has found the Eolas Technologies patent to be invalid, according to a report at ars technica. "[Tim] Berners-Lee took to Twitter to cheer the decision. 'Texas jury agreed Eolas 906 patent invalid,' he wrote. 'Good thing too!' [...] Companies that depend on the open Web hailed the verdict. 'We are pleased that the court found the patents invalid, as it affirms our assertion that the claims are without merit,' a Google spokesperson told Ars."
Kategóriák: Linux

Lima driver code for the Mali GPU released

p, 2012-02-10 00:24
The Lima driver project has released the code for its open source graphics driver supporting the Mali-200 and Mali-400 GPUs. "The aim of this driver is to finally bring all the advantages of open source software to ARM SoC graphics drivers. Currently, the sole availability of binary drivers is increasing development and maintenance overhead, while also reducing portability, compatibility and limiting choice. Anyone who has dealt with GPU support on ARM, be it for a linux with a GNU stack, or for an android, knows the pain of dealing with these binaries. Lima is going to solve this for you, but some time is needed still to get there." (Thanks to Paul Wise.)
Kategóriák: Linux

Security advisories for Thursday

cs, 2012-02-09 21:49

CentOS has updated squirrelmail (C4; C5: multiple vulnerabilities) and mysql (C6: multiple unspecified vulnerabilities).

Debian has updated icedove (multiple vulnerabilities) and cvs (remote code execution).

Fedora has updated ettercap (F15; F16: insecure settings file), mysql (F16: multiple unspecified vulnerabilities), maniadrive (F16: PHP remote code execution), php (F16: remote code execution), php-eaccelerator (F16: remote code execution), and samba (F16: denial of service).

Mandriva has updated wireshark (multiple vulnerabilities).

openSUSE has updated firefox (multiple vulnerabilities), curl (authentication bypass), powerdns (denial of service), kernel (11.3; 11.4: multiple vulnerabilities), kvm (two vulnerabilities), tomcat6 (multiple vulnerabilities), apache2 (11.3; 11.4: multiple vulnerabilities), squid3 (denial of service), gnutls (denial of service), dovecot20 (certificate spoofing), xorg-x11-server (two vulnerabilities), ruby (multiple vulnerabilities), curl (multiple vulnerabilities), firefox (multiple vulnerabilities), nginx (code execution), lighttpd (denial of service), sysconfig (code execution), and opera (multiple vulnerabilities).

Oracle has updated squirrelmail (OL4; OL5: multiple vulnerabilities) and mysql (OL6: multiple unspecified vulnerabilities).

Red Hat has updated squirrelmail (RHEL 4&5: multiple vulnerabilities), libxml2 (RHEL 5.6: code execution), mysql (RHEL 6: multiple unspecified vulnerabilities), and kernel (RHEL 5: multiple vulnerabilities).

Scientific Linux has updated squirrelmail (SL4&5: multiple vulnerabilities) and mysql (SL6: multiple unspecified vulnerabilities).

SUSE has updated xulrunner (SLE 11 SP1: multiple vulnerabilities) and firefox (SLE 10 SP4: multiple vulnerabilities).

Kategóriák: Linux

Trustwave admits issuing man-in-the-middle digital certificate (ComputerWorld)

cs, 2012-02-09 18:20
Here's a variant on the "untrustworthy SSL certificate authority" theme: this ComputerWorld story describes how Trustwave issued a "subordinate root" certificate to a private company. That allowed said company to stamp out certificates for any domains it liked and conduct man-in-the-middle attacks against SSL traffic from its internal network. "Trustwave defended itself by saying that the issuing of subordinate roots to private companies, so they can inspect the SSL-encrypted traffic that passes through their networks, is a common practice in the industry."
Kategóriák: Linux

Patent troll claims ownership of interactive Web—and might win (ars technica)

cs, 2012-02-09 17:40
Ars technica is reporting on a patent trial taking place in ... you guessed it ... East Texas that could have quite an impact on the web as we know it. Eolas Technologies is suing eight companies including Google and Yahoo for $600 million in a series of four trials, the first of which (to determine the validity of the patents) could go to the jury today. "Today, Doyle and his lawyers say he’s owed royalty payments for the use of a stunning array of modern Web technologies. Watching online video, having a "search suggestion" pop up in a search bar, or even rotating an image of a sweater you might want to buy on an online shopping site—all are said to infringe on the idea-space of Doyle and his company, Eolas Technologies."
Kategóriák: Linux

Btrfs: The Swiss army knife of storage (;login:)

cs, 2012-02-09 16:29
The February 2012 issue of ;login: has a detailed overview of Btrfs [PDF] written by developer Josef Bacik. "Btrfs’s snapshotting is simple to use and understand. The snapshots will show up as normal directories under the snapshotted directory, and you can cd into it and walk around like in a normal directory. By default, all snapshots are writeable in Btrfs, but you can create read-only snapshots if you so choose. Read-only snapshots are great if you are just going to take a snapshot for a backup and then delete it once the backup completes. Writeable snapshots are handy because you can do things such as snapshot your file system before performing a system update; if the update breaks your system, you can reboot into the snapshot and use it like your normal file system."
Kategóriák: Linux

Kernel prepatch 3.3-rc3

cs, 2012-02-09 15:23
The 3.3-rc3 prepatch is out. "No big surprises, which is just how I like it. About a third of the patches are in ARM, but the bulk of that is due to the removal of the unused DMA map code form the bcmring support. So no complaints."
Kategóriák: Linux

[$] LWN.net Weekly Edition for February 9, 2012

cs, 2012-02-09 02:34
The LWN.net Weekly Edition for February 9, 2012 is available.
Kategóriák: Linux

Intel's upcoming transactional memory feature

sze, 2012-02-08 21:11
Here is a posting on the Intel software network describing the "transactional synchronization extensions" feature to be found in the future "Haswell" processor.

With transactional synchronization, the hardware can determine dynamically whether threads need to serialize through lock-protected critical sections, and perform serialization only when required. This lets the processor expose and exploit concurrency that would otherwise be hidden due to dynamically unnecessary synchronization. At the lowest level with Intel TSX, programmer-specified code regions (also referred to as transactional regions) are executed transactionally. If the transactional execution completes successfully, then all memory operations performed within the transactional region will appear to have occurred instantaneously when viewed from other logical processors. A processor makes architectural updates performed within the region visible to other logical processors only on a successful commit, a process referred to as an atomic commit.

Needless to say, there should be interesting ways to use such a feature in the kernel if it works well, but other projects (PyPy, for example) have also expressed interest in transactional memory.

Kategóriák: Linux

Wednesday's security updates

sze, 2012-02-08 19:45
Today's update pile is gratifyingly small: Ubuntu has updated thunderbird (multiple vulnerabilities) and xulrunner (multiple vulnerabilities).
Kategóriák: Linux

[$] XBMC 11 "Eden"

sze, 2012-02-08 18:01
XBMC, the open source media center, has steadily grown from its humble origins as an X-Box only replacement environment into the cross-platform, de facto playback front-end for multimedia content. It merges the file-centric approach taken by traditional video players with an add-on scripting environment that handles remote web content. The project is currently finalizing its next major release, version 11.0 (codenamed Eden), which includes updates to the networking and video acceleration subsystems, broader hardware support, and numerous changes to the APIs available to add-on developers.

Click below (subscribers only) for the full review.

Kategóriák: Linux

Tratt: Fast Enough VMs in Fast Enough Time

sze, 2012-02-08 17:11
Laurence Tratt, the designer of the Converge language, has written a detailed introduction to RPython, the language used as the base of the PyPy project. "However, in addition to outputting optimised C code, RPython automatically creates a second representation of the user's program. Assuming RPython has been used to write a VM for language L, one gets not only a traditional interpreter, but also an optimising Just-In-Time (JIT) compiler for free. In other words, when a program written in L executes on an appropriately written RPython VM, hot loops (i.e. those which are executed frequently) are automatically turned into machine code and executed directly. This is RPython's unique selling point, as I'll now explain."
Kategóriák: Linux

Upton: Raspberry Pi: Two things you thought you weren’t going to get

k, 2012-02-07 21:15
Liz Upton reports that Raspberry Pi boards will be available by the end of the month. "There’s another big piece of news today. We’ve been leaning (gently and charmingly) on Broadcom, who make BCM2835, the SoC at the heart of the Raspberry Pi, to produce an abbreviated datasheet describing the ARM peripherals in the chip. If you’re a casual user, this won’t be of much interest to you, but if you’re wanting to port your own operating system or just want to understand our Linux kernel sources, this is the document for you." (Thanks to Paul Wise)
Kategóriák: Linux

Tuesday's security updates

k, 2012-02-07 19:59
CentOS has updated C5: openssl (multiple vulnerabilities).

Debian has updated php5 (remote code execution).

Mandriva has updated glpi (information disclosure).

Red Hat has updated condor (RHEL6 MRG; RHEL5 MRG: denial of service).

SUSE has updated kernel (multiple vulnerabilities) and tomcat6 (multiple vulnerabilities).

Ubuntu has updated OMAP kernel (denial of service/code execution).

Kategóriák: Linux

Langley: Revocation checking and Chrome's CRL

k, 2012-02-07 16:38
On his blog, Adam Langley writes about plans for removing online certificate revocation checking in the Chrome/Chromium browser. Instead of OCSP and CRL checks, Google will be pushing lists of revoked certificates to the browser. "While the benefits of online revocation checking are hard to find, the costs are clear: online revocation checks are slow and compromise privacy. The median time for a successful OCSP check is ~300ms and the mean is nearly a second. This delays page loading and discourages sites from using HTTPS. They are also a privacy concern because the CA learns the IP address of users and which sites they're visiting. [...] On this basis, we're currently planning on disabling online revocation checks in a future version of Chrome. (There is a class of higher-security certificate, called an EV certificate, where we haven't made a decision about what to do yet.)"
Kategóriák: Linux