Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 25 perc 48 másodperc
The LWN.net Weekly Edition for September 5, 2014 is available.
CentOS has updated xulrunner (C7: two vulnerabilities), firefox (C7; C6; C5: two vulnerabilities), httpcomponents-client (C7: SSL server spoofing), kernel (C5: denial of service), squid (C6; C5: two denial of service flaws, one from 2013), squid (C7: denial of service), and thunderbird (C6; C5: two vulnerabilities).
Oracle has updated firefox (OL6: two vulnerabilities), httpcomponents-client (OL7: SSL server spoofing), squid (OL6; OL5: two denial of service flaws, one from 2013), squid (OL7: denial of service), and thunderbird (OL6: two vulnerabilities).
Red Hat has updated firefox (two vulnerabilities), httpcomponents-client (RHEL7: SSL server spoofing), kernel (RHEL5: denial of service), squid (RHEL5&6: two denial of service flaws, one from 2013), squid (RHEL7: denial of service), and thunderbird (RHEL5&6: two vulnerabilities).
Even the most dedicated watchers of mobile operating systems may have been surprised recently when a distribution called "LuneOS" announced its first release (code-named "Affogato"). LuneOS, it turns out, is a version of webOS, a mobile operating system originally created by Palm. WebOS has had a bit of a troubled history, but it still has a dedicated following of users and developers. LuneOS is another attempt to turn webOS into a useful system for those users. The effort is a noble one, but the LuneOS developers have a lot of ground to cover yet.
openSUSE has updated enigmail (11.4: information leak).
Red Hat has updated devtoolset-2-axis (RHDT2: incorrect certificate validation), glibc (RHEL5.6, 5.9, 6.2, 6.4: code execution), openstack-keystone (RHEL OSP5.0 for RHEL7; RHEL OSP5.0 for RHEL6: multiple vulnerabilities), and openstack-neutron (RHEL OSP5.0 for RHEL7; RHEL OSP5.0 for RHEL6: denial of service).
Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), firefox (14.04, 12.04: multiple vulnerabilities), kernel (14.04; 12.04; 10.04: multiple vulnerabilities), libreoffice (14.04: command injection), linux-lts-trusty (12.04: multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), lua5.1 (14.04, 12.04: code execution), and oxide-qt (14.04: multiple vulnerabilities).
Version 1.7 of the Django web framework has been released. New features include a mechanism for migrating between database schemas, a separation of applications from models, a new system checking framework, and more; see the release notes for details.
Firefox 32 has been released. This version adds a new HTTP cache for improved performance and crash recovery, public key pinning support has been enabled, and much more. See the release notes for details.
For a few years now, we have been told that upcoming non-volatile memory (NVM) devices are going to change how we use our systems. These devices provide large amounts (possibly terabytes) of memory that is persistent and that can be accessed at RAM speeds. Just what we will do with so much persistent memory is not entirely clear, but it is starting to come into focus. It seems that we'll run ordinary filesystems on it — but those filesystems will have to be tweaked to allow users to get full performance from NVM.
Click below (subscribers only) for the full article from this week's Kernel Page.
The GNOME Foundation has put out its annual report for 2013 as a 24-page PDF file. "As you will see when you read this annual report, there have been a lot of great things that have happened for the GNOME Foundation during this period. Two new companies joined our advisory board, the Linux Foundation and Private Internet Access. The work funded by our accessibility campaign was completed and we ran a successful campaign for privacy. During this period, there was a fantastic Board of Directors, a dedicated Engagement team (who worked so hard to put this report together), and the conference teams (GNOME.Asia, GUADEC and the Montreal Summit) knocked it out of the park. Most importantly, we’ve had an influx of contributors, more so than I’ve seen in some time."
Fedora has updated cas-client (F20: security constraints bypass), distcc (F20; F19: denial of service/possible code execution), gvfs (F20: file overwrite and device key access), httpcomponents-client (F20; F19: SSL server spoofing), ifuse (F20: file overwrite and device key access), kernel (F20: privilege escalation), libgpod (F20: file overwrite and device key access), libimobiledevice (F20: file overwrite and device key access), libplist (F20: file overwrite and device key access), libusbmuxd (F20: file overwrite and device key access), php (F20; F19: multiple vulnerabilities), pixman (F19: denial of service), ppp (F19: privilege escalation), smack (F20: man-in-the-middle attack), springframework-security (F20; F19: access control restrictions bypass), upower (F20: file overwrite and device key access), usbmuxd (F20: file overwrite and device key access), and zarafa (F20; F19: multiple vulnerabilities).
Gentoo has updated chromium (multiple vulnerabilities), jinja (privilege escalation), net-snmp (multiple vulnerabilities), nrpe (code execution), openoffice-bin (multiple vulnerabilities), postgresql-server (multiple vulnerabilities), qemu (multiple vulnerabilities), stunnel (private key leak), and wireshark (multiple vulnerabilities).
Mandriva has updated bugzilla (BS1.0: cross-site request forgery), catfish (BS1.0: privilege escalation), dhcpcd (BS1.0: denial of service), file (BS1.0: denial of service), gpgme (BS1.0: code execution), jakarta-commons-httpclient (BS1.0: SSL server spoofing), krb5 (BS1.0: multiple vulnerabilities), libvncserver (BS1.0: denial of service/possible code execution), phpmyadmin (BS1.0: multiple vulnerabilities), python-imaging (BS1.0: denial of service), serf (BS1.0: information leak), and subversion (BS1.0: information leak).
Red Hat has updated glibc (RHEL5,6,7: two vulnerabilities).
Scientific Linux has updated glibc (SL5,6: two vulnerabilities).
LuneOS is the new name for the mobile system once known as webOS; the first release is available for brave testers now. "The main focus of LuneOS is to provide an operating system which is driven by the community and continues what we love(d) about webOS. We’re not trying to reach feature comparison with Android or iOS but rather building a system to satisfy basic needs in the mobile environment." The Nexus 4 and HP TouchPad appear to be the best devices for those wanting to try LuneOS out on real hardware.
Clarification: LuneOS is not really a direct successor to webOS; it, instead, can be thought of as a sort of fork of the Open webOS project (managed by LG) focused on porting the system to other devices.
Lennart Poettering has posted a lengthy writeup of a plan put together by the "systemd cabal" (his words) to rework Linux software distribution. It is based heavily on namespaces and Btrfs snapshots. "Now, with the name-spacing concepts we introduced above, we can actually relatively freely mix and match apps and OSes, or develop against specific frameworks in specific versions on any operating system. It doesn't matter if you booted your ArchLinux instance, or your Fedora one, you can execute both LibreOffice and Firefox just fine, because at execution time they get matched up with the right runtime, and all of them are available from all the operating systems you installed. You get the precise runtime that the upstream vendor of Firefox/LibreOffice did their testing with. It doesn't matter anymore which distribution you run, and which distribution the vendor prefers."
The 3.17 development cycle continues with the release of 3.17-rc3. "As expected, it is larger than rc2, since people are clearly getting back from their Kernel Summit travels etc. But happily, it's not *much* larger than rc2 was, and there's nothing particularly odd going on, so I'm going to just ignore the whole 'it's summer' argument, and hope that things are just going that well."
Debian has updated squid3 (denial of service).
Fedora has updated glibc (F20: multiple vulnerabilities), GraphicsMagick (F20: code execution), gtk3 (F20: screen lock bypass), perl-Plack (F19; F20: information disclosure), phpMyAdmin (F19: multiple vulnerabilities), and subversion (F19; F20: credentials leak).
SUSE has updated MySQL (SLES/SLED 11: multiple vulnerabilities).
Ubuntu has updated eglibc (10.o4, 12.04, 14.04: denial of service).
The Linux Foundation has announced a new conference called "Vault" that will focus on storage and filesystems for Linux. It will be co-located with the annual invitation-only Linux Storage, Filesystem and Memory Management Summit and will be held March 11-12, 2015 at the Revere Hotel in Boston. "'90% of the world's data has been created in the last few years and most of that data is being stored and accessed via a Linux-based system,' said Linux Foundation Chief Marketing Officer Amanda McPherson. 'Now is the ideal time to bring the open source community together in this new forum, Vault, to collaborate on new methods of improving capacity, efficiency and security to manage the huge data volumes envisioned in the coming years. By bringing together the leading minds of Linux file systems and storage and our members who are pushing the limits of what is possible, Vault should expand the state of the art in Linux.'"
Russell Pavlicek looks at the rivalry between containers and hypervisors over at Linux.com. He outlines the arguments for and against each, and follows it up with a description of a new contender for a "cloud operating system": unikernels. "Unikernel systems create tiny VMs. Mirage OS from the Xen Project incubator, for example, has created several network devices that run kilobytes in size (yes, that's “kilobytes” – when was the last time you heard of any VM under a megabyte?). They can get that small because the VM itself does not contain a general-purpose operating system per se, but rather a specially built piece of code that exposes only those operating system functions required by the application. There is no multi-user operating environment, no shell scripts, and no massive library of utilities to take up room – or to subvert in some nefarious exploit. There is just enough code to make the application run, and precious little for a malefactor to leverage. And in unikernels like Mirage OS, all the code that is present is statically type-safe, from the applications stack all the way down to the device drivers themselves. It's not the “end-all be-all” of security, but it is certainly heading in the right direction."
On Red Hat's developer blog, Máirín Duffy has tips for developers on improving their application's user experience (UX). "Speaking of speeding things up for your users – one way you can do this is to limit the amount of choices users have to make while using your application. It’s you, my application developer friend, that users are relying on as an expert in the ways of whatever it is that your application does. Users trust you to make set sane defaults based on your domain expertise; when you set defaults, you are also alleviating users from having to make a choice that – depending on their level of expertise – may be quite hard for them to understand. This isn’t to say you should eliminate all choices and configuration options from your application! Let users ease into it, though. Give them a good default so that your application requires less of them to start, and as they gain expertise and confidence in using your app over time, they can explore the preferences and change those settings based on their needs when they are ready."
Debian has updated s3ql (code execution).
Mageia has updated x11vnc (code execution).
Ubuntu has updated squid3 (14.04, 12.04: denial of service).
Sarah Sharp has posted an update on the kernel internships managed through the Outreach Program for Women, with an emphasis on what past participants are doing now. "Many people may be disappointed that those three OPW alumni aren’t working on open source, but I’m overjoyed that these women have found jobs in the technology sector. This fact is heartening to me because many of the women that participate in OPW were working in retail before their internship. To be able to move into the technology sector is a giant step in the right direction, and I’m happy that the OPW program could be a part of that."
The PHP 5.6.0 release is available. There's a number of new features, including constant scalar expressions, a new "..." operator for both variadic functions and sequence unpacking, an exponentiation operator, an integrated interactive debugger, and more. See the PHP 5.6.0 migration guide for more information.
HUP napi hírlevél
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
IQ-m az online Mensa teszt alapján:
125-nél _NEM_ kevesebb
Csak az eredmény érdekel.
Összes szavazat: 304