Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 5 perc 25 másodperc
String handling is quite different between Python 2 and Python 3, largely because the latter is designed to handle Unicode natively. But those differences make it more difficult for Python-2-based projects to make the move to Python 3. A proposal to add a feature to the language that would make that transition easier has led to a series of massive threads on the python-dev mailing list. A seemingly simple idea has interesting ramifications, both technical and philosophical.
Michael Kerrisk announces that IEEE and the Open Group have agreed to allow the distribution of parts of the 2013 POSIX standard in the man page format; these pages will be most useful for developers who want to adhere to POSIX and avoid Linux-specific extensions. "Thanks to some excellent scripting work by Felix Janda, the source files supplied by IEEE and The Open Group have been cleanly converted to 'man' format. The result is that portions of the standard are now made available for easy reference as (1139!) manual pages."
Gentoo has updated activerecord (sql injection), cacti (multiple vulnerabilities, some from 2010), ccid (code execution from 2010), gmime (code execution from 2010), inn (man-in-the-middle attack from 2012), ldns (code execution from 2011), opensc (code execution from 2010), pcsc-lite (code execution from 2010), poppler (multiple vulnerabilities), and sudo (privilege escalation).
Mandriva has updated cups (information disclosure), elinks (does not properly verify SSL certificates), net-snmp (BS1.0; ES5.0: denial of service), php (multiple vulnerabilities, one from 2009), spice (denial of service), and x11-server (code execution).
The Linux Foundation has announced its schedule of events for 2014. "LinuxCon and CloudOpen North America will take place this year in Chicago and will be co-located with the Linux Kernel Summit. LinuxCon and CloudOpen Europe will be in Duesseldorf, Germany, along with Embedded Linux Conference, KVM Forum and Linux Plumbers Conference." Several other events appear on the schedule as well; the call for papers for all events is open now.
Debian has updated drupal7 (multiple vulnerabilities).
Fedora has updated libvirt (F20: denial of service), nss (F20: information disclosure), nss-softokn (F20: information disclosure), nss-util (F20: information disclosure), and rubygem-will_paginate (F19; F20: cross-site scripting).
Gentoo has updated asterisk (multiple vulnerabilities).
Mageia has updated cups (information disclosure), elinks (does not properly verify SSL certificates), java-1.7.0-openjdk (multiple vulnerabilities), libxfont (privilege escalation), memcached (multiple vulnerabilities), net-snmp (denial of service), nss (information disclosure), ruby-i18n (cross-site scripting), spice (denial of service), x11-server (code execution), and zabbix (multiple vulnerabilities).
openSUSE has updated quassel (13.1: information leak).
After years of development, the deadline scheduling class has finally been merged for the 3.14 kernel. This class allows processes to declare an amount of work needing to be done and a deadline by which it must happen; with care, it can guarantee that all processes will meet their deadlines. It has applications in the realtime world, in streaming media processing, and elsewhere.
The Fedora Workstation working group has come out with a proposal to ease Fedora's traditional "see no evil" approach to non-free software in the hope of making the distribution appealing to a wider group of users. "In order to keep with the Fedora policy of only shipping free software we will only make available 3rd party software that offers their own repository for their software. Examples here include Google Chrome and Adobe Acrobat."
When LWN last looked at the Debian Project's init system debate, the issue had just been referred to the project's Technical Committee for resolution. The hope was that a ruling from the committee would bring to an end a debate which has been long and acrimonious, even by Debian's standards. The committee has yet to call a vote as of this writing, but the early signs suggest that the project may not get the clear answer it was hoping for.
The FreeBSD Release Engineering Team has announced the release of FreeBSD 10.0. Some highlights include; clang has replaced GCC as the default compiler on some architectures, Unbound has been imported as the local caching DNS resolver, BIND has been removed, make has been replaced with bmake, ZFS improvements, major enhancements in virtualization, and more. See the release notes for more information.
Gentoo has updated curl (multiple vulnerabilities), gnustep-base (multiple vulnerabilities from 2010), libexif (multiple vulnerabilities from 2012), openswan (code execution), perl (multiple vulnerabilities), and virtualbox (multiple vulnerabilities).
SUSE has updated ntp (denial of service).
Linus has released the 3.13 kernel. "The release got delayed by a week due to travels, but I suspect that's just as well. We had a few fixes come in, and while it wasn't a lot, I think we're better off for it." Some of the headline features in 3.13 include the nftables packet filtering engine, a number of NUMA scheduling improvements, the multiqueue block layer work, ARM big.LITTLE switcher support, and more; see the KernelNewbies 3.13 page for lots of details.
LinuxGizmos is reporting on the Blackphone, a just-announced "ultra-secure" mobile phone to be jointly produced by Geeksphone (who released the Firefox OS developer phones) and security-conscious email vendor Silent Circle. The OS is advertised as "PrivatOS," a security-tuned derivative of Android. The phone is expected to be available in late February, in time to debut at Barcelona's Mobile World Congress. The Blackphone site calls it "the world's first smartphone which prioritizes the user's privacy and control, without any hooks to carriers or vendors," although as LinuxGizmos points out, few other details—including hardware details—are available yet.
Gentoo has updated ntp (denial of service).
Mandriva has updated bind (denial of service), ejabberd (information disclosure), librsvg (information disclosure), libxslt (denial of service), memcached (multiple vulnerabilities), nagios (multiple vulnerabilities), nrpe (code execution), openjpeg (multiple vulnerabilities), and openssl (denial of service).
Over at Linux.com, Libby Clark has an interview with CentOS project leader Karanbir Singh about the recent deal between Red Hat and CentOS. In it, he discusses how the deal came about, what it means for both CentOS and Red Hat, and why it is a good thing for all concerned. "The CentOS project as it was is going to stay intact, but we'll be working on infrastructure other projects need to be successful with us. We won't be delivering the features. We'll make it as trivial as possible to come in and do the build you need, without needing to learn everything about building CentOS images. People will come together to work on the same problems."
In something of a follow-up to our coverage of the kdbus talk given at linux.conf.au by Lennart Poettering, Greg Kroah-Hartman has written a blog post giving more kdbus background. In particular, he looks at why kdbus will not be replacing Android's binder IPC mechanism anytime soon—if at all. "The model of binder is very limited, inflexible in its use-cases, but very powerful and extremely low-overhead and fast. Binder ensures that the same CPU timeslice will go from the calling process into the called process’s thread, and then come back into the caller when finished. There is almost no scheduling involved, and is much like a syscall into the kernel that does work for the calling process. This interface is very well suited for cheap devices with almost no RAM and very low CPU resources."
Red Hat has updated java-1.7.0-oracle (many vulnerabilities).
The TkDocs weblog notes that the Tcl language is 25 years old. "For anyone under 40 years old, you can think of Tcl like Ruby or Python, if those languages didn't have objects, if absolutely everything in them was treated as a string, and if every syntax rule added to the language resulted in its creator being tortured for one year." The humor goes on, but the article also expresses serious appreciation for some of the ideas introduced by Tcl.
The LWN.net Weekly Edition for January 16, 2014 is available.
Greg Kroah-Hartman has released the 3.12.8, 3.10.27, and 3.4.77 stable kernels. Users of these kernel series should upgrade.
Debian has updated djvulibre (code execution).
openSUSE has updated chromium (13.1: multiple vulnerabilities), ibus-chewing (13.1: password disclosure), icinga (13.1: denial of service), libqt4 (12.3; 12.2: denial of service), libXfont (11.4; 13.1, 12.x: privilege escalation), lightdm-gtk-greeter (13.1, 12.x: denial of service), and lighttpd (13.1, 12.x; 11.4: multiple vulnerabilities).
IT Services Hungary
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
Hogyan viszonyul a főnököd / munkáltatód a Linkedin-en való jelenlét(ed)hez?
Nem érdekli / nincs rá semmilyen szabályozás
Támogatja / ösztönöz rá
Esetleg szóvá teszi, ha véletlenül megtalálna, de aktívan nem vadászik Rád
a HR aktívan vadászik a saját dolgozóira és a felettesed elbeszélget veled
Azonnali elbocsátás jár érte
Összes szavazat: 240