Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 8 perc 50 másodperc

BitKeeper's open source release

sze, 2016-05-11 00:30
BitKeeper, the inspiration behind Git and Mercurial, has been released under the Apache 2.0 License. Larry McVoy is answering questions on Hacker News, posting as 'luckydude'. In one comment he says: "Git/Github has all the market share. Trying to compete with that just proved to be too hard. So rather than wait until we were about to turn out the lights, we decided to open source it while we still had money in the bank and see what happens. We've got about 2 years of money and we're trying to build up some additional stuff that we can charge for. We're also open to being doing work for pay to add whatever it is that some company wants to BK, that's more or less what we've been doing for the last 18 years. Will it work? No idea. We have a couple of years to find out. If nothing pans out, open sourcing it seemed like a better answer than selling it off." (Thanks to Josh Triplett)
Kategóriák: Linux

65% of companies are contributing to open source projects (Opensource.com)

k, 2016-05-10 23:21
The Future of Open Source Survey aims to examine trends in open source. It's hosted by Black Duck and North Bridge. Opensource.com looks at the results. "The 2016 Future of Open Source Survey analyzed responses from nearly 3,400 professionals. Developers made their voices heard in the survey this year, comprising roughly 70% of the participants. The group that showed exponential growth were security professionals, whose participation increased by over 450%. Their participation shows the increasing interest in ensuring that the open source community pays attention to security issues in open source software and securing new technologies as they emerge."
Kategóriák: Linux

Ubuntu 16.04 proves even an LTS release can live at Linux’s bleeding edge (Ars Technica)

k, 2016-05-10 22:00
Ars Technica likes Ubuntu's latest release, and thinks it may be the best release Canonical has presented to date. Snap packaging is part of that appeal, but Snaps have competition. "While something like Snap packages have the potential to completely change the way distros work, it remains to be seen if Snap specifically will be what ends up reaching critical mass. It's certainly possible that Snap may prove popular enough to warrant other distros incorporating it, but it's also possible that there may end up being more than one way to handle self-contained packages. Looking at Canonical's track record does not inspire confidence. Upstart gave way to systemd, the software center gave way to GNOME Software, and even simple things like scrollbars get abandoned for upstream solutions. How Snap packages end up over the long term will be fascinating for Ubuntu users to watch, but even in the worst-case scenario, fans shouldn't have anything to worry about. If one day Ubuntu does abandon Snap in favor of another system, all the changes will likely be behind the scenes. In the shorter term, Snap packages should be a boon to Ubuntu, allowing users to stick with a stable base system while still leaving them free to try just-released software packages without fear of wrecking the system."
Kategóriák: Linux

Security updates for Tuesday

k, 2016-05-10 18:25

CentOS has updated ImageMagick (C7; C6: multiple vulnerabilities), java-1.6.0-openjdk (C7; C6; C5: multiple vulnerabilities), and qemu-kvm (C7: code execution).

Debian has updated qemu (two vulnerabilities) and websvn (cross-site scripting).

Debian-LTS has updated ikiwiki (cross-site scripting), libav (code execution), and websvn (cross-site scripting).

Oracle has updated ImageMagick (OL7; OL6: multiple vulnerabilities), java-1.6.0-openjdk (OL7; OL6; OL5: multiple vulnerabilities), and qemu-kvm (OL7: code execution).

Red Hat has updated ImageMagick (RHEL6,7: multiple vulnerabilities), openssl (RHEL6: multiple vulnerabilities), qemu-kvm (RHEL7; RHEL6: code execution), and qemu-kvm-rhev (RHOSP8; RHELOSP7 for RHEL7; RHELOSP6 for RHEL7; RHELOSP5 for RHEL7: code execution).

Scientific Linux has updated ImageMagick (SL6,7: multiple vulnerabilities) and qemu-kvm (SL7: code execution).

Ubuntu has updated kernel (15.10; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), linux-lts-wily (14.04: multiple vulnerabilities), linux-raspi2 (15.10: multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), and openssh (15.10, 14.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

Announcing The Journal of Open Source Software

h, 2016-05-09 22:52
The Journal of Open Source Software (JOSS) has been announced. JOSS is an open source, developer-friendly journal for research software packages. "As academics, it's important for us to be able to measure the impact of our work, but available tools & metrics are woefully lacking when it comes to tracking research output that doesn't look like a paper. A 2009 survey of more than 2000 researchers found that > 90% of them consider software important or very important to their work — but even if you've followed this GitHub guide for archiving a GitHub repository with Zenodo (and acquired a DOI in the process), citations to your work probably aren't being counted by the people that matter." (Thanks to Paul Wise)
Kategóriák: Linux

Security advisories for Monday

h, 2016-05-09 19:00

Arch Linux has updated gd (code execution), latex2rtf (code execution), mencoder (denial of service), mercurial (two vulnerabilities), and mplayer (denial of service).

CentOS has updated openssl (C7: multiple vulnerabilities).

Debian has updated ikiwiki (cross-site scripting).

Debian-LTS has updated file (buffer over-write), mercurial (code execution), and nagios3 (denial of service, from 2014).

Fedora has updated firefox (F22: multiple vulnerabilities), kernel (F22: multiple vulnerabilities), libecap (F22: multiple vulnerabilities), openvas-cli (F22: cross-site scripting), openvas-gsa (F22: cross-site scripting), openvas-libraries (F22: cross-site scripting), openvas-manager (F22: cross-site scripting), openvas-scanner (F22: cross-site scripting), perl (F22: denial of service), quassel (F23; F22: denial of service), and squid (F22: multiple vulnerabilities).

Mageia has updated openssl (multiple vulnerabilities) and vlc (multiple vulnerabilities).

openSUSE has updated ImageMagick (Leap42.1; 13.2: multiple vulnerabilities), java-1_7_0-openjdk (Leap42.1: multiple vulnerabilities), java-1_8_0-openjdk (Leap42.1: multiple vulnerabilities), and subversion (Leap42.1; 13.2: two vulnerabilities).

Oracle has updated openssl (OL7: multiple vulnerabilities).

Red Hat has updated java-1.6.0-openjdk (RHEL5,6,7: multiple vulnerabilities) and openssl (RHEL7: multiple vulnerabilities).

Scientific Linux has updated java-1.6.0-openjdk (SL5,6,7: multiple vulnerabilities) and openssl (SL7: multiple vulnerabilities).

SUSE has updated compat-openssl098 (SLE12-SP1: multiple vulnerabilities), firefox (SLE12-SP1: multiple vulnerabilities), and ImageMagick (SLE12-SP1: multiple vulnerabilities).

Ubuntu has updated kernel (16.04: multiple vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.04: multiple vulnerabilities), and linux-snapdragon (16.04: multiple vulnerabilities).

Kategóriák: Linux

Second Oracle v. Google trial could lead to huge headaches for developers (ars technica)

h, 2016-05-09 09:30
Ars technica reports on the restart of Oracle v.Google, the fight over Google's use of the Java APIs in Android. "So now, it's back to a jury. Oracle has won its bid to be able to use copyright as a powerful legal sword. But Google can still dodge that sword by convincing a jury that Android's use of APIs constitutes fair use—in other words, relatively small and justified."
Kategóriák: Linux

Kernel prepatch 4.6-rc7

h, 2016-05-09 08:51
Linus has released the 4.6-rc7 kernel prepatch. "Nothing particularly scary, and the more people who test this out, the more confident we can be that the final 4.6 is all good. So please take a moment to try it out."
Kategóriák: Linux

Klumpp: Adventures in D programming

szo, 2016-05-07 00:18

At his blog, Matthias Klumpp reflects on his experience writing the asgen tool for AppStream metadata generation using, of all things, the D programming language. "I started to implement the same examples in D just for fun, as I didn’t plan to use D (I was aiming at Go back then), but the language looked interesting. The D language had the huge advantage of being very familiar to me as a C/C++ programmer, while also having a rich standard library, which included great stuff like std.concurrency.Generator, std.parallelism, etc." What follows is a "huge braindump of things" Klumpp found enjoyable, including built-in unit-test support, safe functions, scope blocks, and documentation generation. After that, however, comes Klumpp's list of complaints—starting with the proprietary reference compiler and the not-quite-complete free-software compilers.

Kategóriák: Linux

Friday's security updates

p, 2016-05-06 17:38

Arch Linux has updated chromium (multiple vulnerabilities), imagemagick (code execution), and quassel-core (denial of service).

Debian has updated mercurial (code execution) and openafs (multiple vulnerabilities).

Debian-LTS has updated mplayer2 (code execution).

Fedora has updated firefox (F23: ) and libreoffice (F23: information leak).

Mageia has updated ansible (M5: code execution), jenkins-remoting (M5: code execution), owncloud (M5: undisclosed vulnerabilities), quagga (M5: denial of service), quassel (M5: denial of service), and xstream (M5: enabled processing of external entities).

openSUSE has updated firefox (13.1: multiple vulnerabilities), libopenssl0_9_8 (13.2, Leap 42.1: multiple vulnerabilities), and openssl (Leap 42.1: multiple vulnerabilities).

Oracle has updated kernel 3.8.13 (O7; O6: denial of service), kernel 2.6.39 (O5; O6: denial of service), kernel 2.6.32 (O6; O5: denial of service), and kernel 4.1.12 (O7; O6: denial of service).

SUSE has updated java-1_7_0-openjdk (SLE12: multiple vulnerabilities), java-1_8_0-openjdk (SLE12: multiple vulnerabilities), and ntp (SLE12: multiple vulnerabilities).

Kategóriák: Linux

Hutterer: The difference between uinput and evdev

p, 2016-05-06 02:05
On his blog, Peter Hutterer answers an oft-asked question: "A recurring question I encounter is the question whether uinput or evdev should be the approach [to] implement some feature the user cares about. This question is unfortunately wrongly framed as uinput and evdev have no real overlap and work independent of each other. This post outlines what the differences are. Note that "evdev" here refers to the kernel API, not to the X.Org evdev driver. First, the easy flowchart: do you have to create a new virtual device that has a set of specific capabilities? Use uinput. Do you have to read and handle events from an existing device? Use evdev. Do you have to create a device and read events from that device? You (probably) need two processes, one doing the uinput bit, one doing the evdev bit."
Kategóriák: Linux

Pennington: Professional corner-cutting

p, 2016-05-06 01:36
In a blog post that likens software development to cabinetmaking, Havoc Pennington makes the case for cutting corners—but only the right corners: "Software remains a craft rather than a science, relying on the experience of the craftsperson. Like cabinetmakers, we proceed one step at a time, making judgments about what’s important and what isn’t at each step. A professional developer does thorough work when it matters, and cuts irrelevant corners that aren’t worth wasting time on. Extremely productive developers don’t have supernatural coding skills; their secret is to write only the code that matters. How can we do a better job cutting corners? I think we can learn a lot from people building tables and dressers."
Kategóriák: Linux

Boehm: How to campaign for the cause of software freedom

p, 2016-05-06 01:29
On his blog, Mirko Boehm reports on a multi-day workshop where the Free Software Foundation Europe (FSFE) and the Peng! Collective teamed up to look at new and innovative ways to get out the message about free software. "These campaigns translate abstract, distant risks or worries into concrete, tangible calls to action. By being provocative, they break the mold and reach a wide audience online and through traditional media. They are “cat content for social change”, as our tutors put it. Campaigners are being urged to stop preaching or complaining, and to start using positive communication combined with subversive PR work instead. Such messaging needs punchlines, which requires some kind of hyperbole – dadaism, hijacking attention, or provocation." (Thanks to Paul Wise.)
Kategóriák: Linux

Security updates for Thursday

cs, 2016-05-05 16:15

Debian has updated libpam-sshauth (privilege escalation) and libtasn1-6 (denial of service).

Debian-LTS has updated mplayer (code execution).

Fedora has updated dhcp (F23: denial of service), obs-signd (F23: improper user ID matching), and openssl (F23: multiple vulnerabilities).

Mageia has updated subversion (two vulnerabilities).

openSUSE has updated java-1_7_0-openjdk (13.1: multiple vulnerabilities), libopenssl0_9_8 (13.1; 11.4: multiple vulnerabilities), and openssl (13.2; 13.1; 11.4: multiple vulnerabilities).

SUSE has updated compat-openssl097g (SLE11: multiple vulnerabilities) and openssl (SLE12: multiple vulnerabilities).

Ubuntu has updated lcms2 (14.04: denial of service from 2013), openjdk-7 (15.10, 14.04: multiple vulnerabilities), openjdk-8 (16.04: multiple vulnerabilities), and samba (regression in previous security fix).

Kategóriák: Linux

[$] LWN.net Weekly Edition for May 5, 2016

cs, 2016-05-05 02:11
The LWN.net Weekly Edition for May 5, 2016 is available.
Kategóriák: Linux

New stable kernels

cs, 2016-05-05 00:29
Greg Kroah-Hartman has released stable kernels 4.5.3, 4.4.9, and 3.14.68. All contain important fixes throughout the tree.
Kategóriák: Linux

[$] Caravel data visualization

sze, 2016-05-04 22:51

One aspect of the heavily hyped Internet of Things (IoT) that can easily get overlooked is that each of the Things one hooks up to the Internet invariably spews out a near non-stop stream of data. While commercial IoT users—such as utility companies—generally have a well-established grasp of what data interests them and how to process it, the DIY crowd is better served by flexible tools that make exploring and transforming data easy. Airbnb maintains an open-source Python utility called Caravel that provides such tools. There are many alternatives, of course, but Caravel does a good job at ingesting data and smoothly molding it into nice-looking interactive graphs—with a few exceptions.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2016-05-04 18:49

Arch Linux has updated imlib2 (multiple vulnerabilities), jasper (multiple vulnerabilities), lib32-openssl (multiple vulnerabilities), and openssl (multiple vulnerabilities).

CentOS has updated kernel (C6: two vulnerabilities).

Debian has updated openssl (multiple vulnerabilities).

Debian-LTS has updated asterisk (multiple vulnerabilities), extplorer (cross-site scripting), minissdpd (denial of service), and openssl (multiple vulnerabilities).

Fedora has updated cacti (F23; F22: three vulnerabilities).

openSUSE has updated Chromium (SPH for SLE12; Leap42.1; 13.2: multiple vulnerabilities), giflib (Leap42.1: denial of service), java-1_7_0-openjdk (13.2: multiple vulnerabilities), java-1_8_0-openjdk (13.2: multiple vulnerabilities), jq (Leap42.1; 13.2: heap buffer overflow), libgcrypt (Leap42.1: key leak), firefox, nss (Leap42.1, 13.2: multiple vulnerabilities), wireshark (Leap42.1, 13.2: multiple vulnerabilities), xerces-j2 (13.2: denial of service), and yast2-users (Leap42.1: empty passwords fields in /etc/shadow).

Oracle has updated kernel (OL6: two vulnerabilities).

Red Hat has updated java-1.8.0-ibm (RHEL7: multiple vulnerabilities), jenkins (RHOSE3.1: multiple vulnerabilities), and kernel (RHEL6: two vulnerabilities).

Scientific Linux has updated kernel (SL6: two vulnerabilities).

Slackware has updated openssl (multiple vulnerabilities).

SUSE has updated openssl (SLE12: multiple vulnerabilities), openssl1 (SLES11: multiple vulnerabilities), and kernel (SLE11-SP3, SOSC5, SMP2.1: multiple vulnerabilities).

Kategóriák: Linux

[$] task_diag and statx()

sze, 2016-05-04 11:24
The interfaces supported by Linux to provide access to information about processes and files have literally been around for decades. One might think that, by this time, they would have reached a state of relative perfection. But things are not so perfect that developers are deterred from working on alternatives; the motivating factor in the two cases studied here is the same: reducing the cost of getting information out of the kernel while increasing the range of information that is available.

Click below (subscribers only) for the full article from this week's Kernel Page.

Kategóriák: Linux

De Maré: Mercurial 3.7 and 3.8

sze, 2016-05-04 11:12
Mercurial revision-control system developer Mathias De Maré summarizes the changes in the 3.7 and 3.8 releases. "Mercurial 3.7 had a major focus on performance. This is — to a large degree — due to large users like Facebook and Mozilla working on both performance and scalability."
Kategóriák: Linux