Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 6 perc 45 másodperc
CAcert is an SSL/TLS certificate authority (CA) that seeks to be community driven and to provide certificates for free (gratis), which stands in sharp contrast to the other existing CAs. But, in order for CAcert-signed certificates to be accepted by web browsers and other TLS-using applications, the CAcert root certificate must be included in the "trusted certificate store" that operating systems use to determine which CAs to trust. For the most part, CAcert has found it difficult to get included in the distribution-supplied trusted root stores; the discussion in a recently closed Debian bug highlights the problem.
Subscribers can click below for the full article from this week's Distributions page.
Ars technica takes a look at an ongoing criminal operation infecting more than 10,000 Unix and Linux servers with malware that sends spam and redirects end users to malicious Web pages. "Windigo, as the attack campaign has been dubbed, has been active since 2011 and has compromised systems belonging to the Linux Foundation's kernel.org and the developers of the cPanel Web hosting control panel, according to a detailed report published Tuesday by researchers from antivirus provider Eset. During its 36-month run, Windigo has compromised more than 25,000 servers with robust malware that sends more than 35 million spam messages a day and exposes Windows-based Web visitors to drive-by malware attacks. It also feeds people running any type of computer banner ads for porn services." See Eset's white paper [PDF] for details.
Debian has updated python2.7 (multiple vulnerabilities).
SUSE has updated flash-player (SLED11 SP3: multiple vulnerabilities).
Version 2.0.10 of the GNU Guile language, an implementation of the "Scheme" Lisp dialect, is out. New features include better GDB integration, HTTP proxy support, better runtime error reporting, a new vector operations library, and a lot of changes to support the upcoming "R7RS" version of the Scheme language (information about which can be found on scheme-reports.org).
openSUSE has updated flash-player (13.1, 12.3; 11.4: multiple vulnerabilities), libyaml (13.1, 12.3: code execution), python (13.1: multiple vulnerabilities), and wireshark (13.1, 12.3; 11.4: multiple vulnerabilities).
Slackware has updated php (denial of service).
Ubuntu has updated freetype (13.10: code execution), librsvg (13.10, 12.10, 12.04 LTS: unauthorized file access), and gtk+ (12.10, 12.04 LTS: compatibility fix for GTK+ to work with the librsvg security update).
After around 18 months of development, Python 3.4 has been released. There were no new language changes for this release, but there were many new features in the standard library and CPython implementation, some of which we looked at recently. The "What's new in Python 3.4" page looks at the changes in even greater detail. Beyond the new features, there were also "hundreds of small improvements and bug fixes". You can get Python 3.4 from the download page or from distribution repositories before too long.
The 3.14-rc7 prepatch is out, and Linus is feeling better about things. "What a difference a week makes. In a good way. A week ago, cutting rc6, I was not a happy person: the release had much too much noise in it, and I felt that an rc8 and even an rc9 might well be a real possibility. Now it's a week later, and rc7 looks much better." He is now saying this might be the last -rc for 3.14.
Mark Shuttleworth argues against the use of ACPI in "next-generation devices" on the basis that it is a huge security hole. "If you read the catalogue of spy tools and digital weaponry provided to us by Edward Snowden, you’ll see that firmware on your device is the NSA’s best friend. Your biggest mistake might be to assume that the NSA is the only institution abusing this position of trust – in fact, it’s reasonable to assume that all firmware is a cesspool of insecurity courtesy of incompetence of the worst degree from manufacturers, and competence of the highest degree from a very wide range of such agencies."
Jiri Slaby has announced the release of the 3.12.14 stable kernel. Slaby took over maintenance of the 3.12 series starting with this release. As would be expected, it has fixes throughout the tree; users should upgrade.
The Blender Institute has announced its next open movie project, codenamed Gooseberry. As with Blender's preceding open movie (and game) projects, Gooseberry will drive feature development in Blender as is required by the film team's workflow. This time, however, the end product will be a feature-length animation rather than a short. "Targets will include asset and project management, new hair and cloth simulation, advanced animation/simulation dependency handling, and work on rendering and compositing." The complete project is expected to take 18 months, and will involve collaboration between 12 independent animation studios. More details, including both sheep-related plot points and a technical overview, are available at the site.
openSUSE has updated file (11.4; 12.3, 13.1: multiple vulnerabilities), ImageMagick (11.4; 12.3, 13.1: multiple vulnerabilities), libssh (11.4; 12.3, 13.1: private key leak), percona-toolkit (12.3: code execution), postgresql (11.4: multiple vulnerabilities), roundcubemail (12.3, 13.1: code execution), and xtrabackup (13.1: information leak).
Slackware has updated samba (multiple vulnerabilities).
In conjunction with the KDE community's second beta release of Applications and Platform 4.13, Jos Poortvliet has put together a guide to helping test the Applications piece of the release. He looks at the improvements that are going into the Applications to give ideas about what to test. There are also some more formal testing resources that he mentions. "Testing is a matter of trying out some scenarios you decide to test, for example, pairing your Android phone to your computer with KDE Connect. If it works – awesome, move on. If it doesn't, find out as much as you can about why it doesn't and use that for a bug report."
Ars technica reports on the virtual Ubuntu Developer Summit (vUDS) keynote from Canonical's Mark Shuttleworth. "On the desktop, users can install Mir themselves, but it won't be turned on by default for everyone just yet. 'My expectation is that within the next 12 months you will see lots of people running Mir as their default display server, and by 16.04 it will be the default display server,' Shuttleworth said. 'There's lots of reasons why that will let us support more hardware, let us get much better performance, and let us do great things with some of the software companies we care about, who want to squeeze every bit of performance out of the hardware you've got.'"
Mandriva has updated apache-commons-fileupload (BS1.0: denial of service), file (BS1.0: two vulnerabilities), libssh (BS1.0: private key leak), net-snmp (BS1.0: two denial of service flaws), otrs (BS1.0: code execution), and owncloud (BS1.0: multiple unspecified vulnerabilities).
openSUSE has updated otrs (12.3, 13.1: code execution).
Slackware has updated mutt (code execution).
The LWN.net Weekly Edition for March 13, 2014 is available.
The Free Software Foundation has put out a release claiming that developers working on the Replicant fork of Android have found a backdoor on Samsung Galaxy handsets. "While working on Replicant, a fully free/libre version of Android, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a back-door that lets the modem perform remote file I/O operations on the file system. This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write and delete files on the phone's storage. On several phone models, this program runs with sufficient rights to access and modify the user's personal data."
Interpreted, "duck typing" languages often have some idiosyncrasies in their definitions of "truth" and Python is no exception. But Python goes a bit further than some other languages in interpreting the True or False status of non-Boolean values. Even so, it often comes as a big surprise for programmers to find (sometimes by way of a hard-to-reproduce bug) that, unlike any other time value, midnight (i.e. datetime.time(0,0,0)) is False. A long discussion on the python-ideas mailing list shows that, while surprising, that behavior is desirable—at least in some quarters.
Greg Kroah-Hartman has released stable kernel 3.4.83 with important fixes throughout the tree.
openSUSE has updated libpng16 (13.1: denial of service).
Red Hat has updated kernel (RHEL6.4 EUS: multiple vulnerabilities).
Impressive amounts of effort have gone into optimizing the kernel's low-level locking mechanisms over the years, but that does not mean that there is no room for improving their performance further. Some work that will be in the 3.14 3.15 kernel, with more likely to come later, has the potential to speed up kernel locking considerably, especially in situations where there are significant amounts of contention.
Click below (subscribers only) for the full article from this week's Kernel Page.
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP dokumentumok
Hallottál már a FidoNetről?
Valami dereng, de nem tudnám megmondani mi az
Igen, használtam is
Igen, üzemeltettem ilyen infrastruktúrát
Igen, de nem használtam
Összes szavazat: 483