Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 27 perc 30 másodperc
CentOS has updated libxml2 (C6: multiple vulnerabilities).
openSUSE has updated thunderbird (Leap42.1: multiple vulnerabilities).
SUSE has updated java-1_7_0-ibm (SLE11SP3: many vulnerabilities).
Ubuntu has updated libsndfile (multiple vulnerabilities).
Version 3.6.0 of the NetHack dungeon adventure game has been released. This is the first official release in over ten years. "Unlike previous releases, which focused on the general game fixes, this release consists of a series of foundational changes in the team, underlying infrastructure and changes to the approach to game development. Those of you expecting a huge raft of new features will probably be disappointed. Although we have included a number of new features, the focus of this release was to get the foundation established so that we can build on it going forward." There has been enough change, though, that old save files will not work with this version.
For a far-outside view, it's hard to beat this VentureBeat article, wherein a venture capitalist talks about how "open-source companies" are taking over. "The OSS companies that will be pillars of IT in the future are the companies that leverage a successful OSS project for sales, marketing, and engineering prioritization but have a product and business strategy that includes some proprietary enhancements. They’ve figured out that customers are more than happy to pay for an enterprise-grade version of the complete product, which may have security, management, or integration enhancements and come with support. And they also understand that keeping this type of functionality proprietary won’t alienate the community supporting the project the way something such as a performance enhancement would."
Apple has released its Swift programming language under the Apache 2.0 license, and it's available for Linux. The code can be found on GitHub. "Swift makes it easy to write software that is incredibly fast and safe by design. Now that Swift is open source, you can help make the best general purpose programming language available everywhere."
Version 17.3 of the Ubuntu-based Linux Mint Cinnamon distribution has been released. This is a long-term support release, with support planned until 2019. There is a long list of new features for this release, many of which come with the Cinnamon 2.8 desktop environment.
Fedora has updated lxdm (F23: two vulnerabilities), openssl (F23: multiple vulnerabilities), p7zip (F23: directory traversal), php-symfony (F23; F22: two vulnerabilities), php-twig (F23; F22: two vulnerabilities), and rubygem-flexmock (F23: unspecified vulnerability).
Scientific Linux has updated libxml2 (SL6: multiple vulnerabilities).
Day 7 in the ongoing Perl 6 advent calendar is concerned with how the language handles Unicode. "However, Perl 6 does this work for you, keeping track of these collections of codepoints internally, so that you just have to think in terms of what you would see the characters as. If you’ve ever had to dance around with substring operations to make sure you didn’t split between a letter and a diacritic, this will be your happiest day in programming."
The 4.4-rc4 prepatch is out. "Another week, another rc. We had a few more commits than last week (mostly due to the networking fixes merge), but on the whole it's been pretty calm."
Arch has updated nodejs (two denial-of-service vulnerabilities), openssl (four CVEs), and python-django (information disclosure).
The OpenSSL project has released versions 0.9.8zh, 1.0.0t, 1.0.1q, and 1.0.2e with fixes for a number of "moderate" security issues. The announcement also notes that this will be the last update for the 0.9.8 and 1.0.0 branches, so users of those versions are advised to upgrade.
Version 2.1.10 of the GNU Privacy Guard is out. There are a number of new features in this release; they include a trust-on-first-use key acceptance mechanism and the ability to fetch public keys anonymously via Tor.
Debian-LTS has updated openssl (memory leak).
This lengthy paper from Phillip Rogaway tries to describe the moral responsibilities of the cryptographic community — responsibilities that, he believes, that community has failed to live up to. Worth a read. "We need to erect a much expanded commons on the Internet. We need to realize popular services in a secure, distributed, and decentralized way, powered by free software and free/open hardware. We need to build systems beyond the reach of super-sized companies and spy agencies. Such services must be based on strong cryptography. Emphasizing that prerequisite, we need to expand our cryptographic commons."
On his blog, Lubomir Rintel discusses IPv6 privacy issues and how they are being handled by NetworkManager. "Creation of a privacy stable address relies on a pseudo-random key that’s only known the the host itself and never revealed to other hosts in the network. This key is then hashed using a cryptographically secure algorithm along with values specific for a particular network connection. It includes an identifier of the network interface, the network prefix and possibly other values specific to the network such as the wireless SSID. The use of the secret key makes it impossible to predict the resulting address for the other hosts while the network-specific data causes it to be different when entering a different network. This also solves the duplicate address problem nicely. The random key makes collisions unlikely. If, in spite of this, a collision occurs then the hash can be salted with a DAD failure counter and a different address can be generated instead of failing the network connectivity. Now that’s clever."
PHP 7 has been released. Along with some new language features, the biggest change is said to be much better performance and reduced memory use. "PHP 7.0 brings you unprecedented levels of real-world performance and throughput by utilizing the new and advanced Zend Engine 3.0, designed and refactored for speed and reduced memory consumption. This translates to real-world benefits: greatly decreased response times, superior user experiences, and the ability to serve more users with fewer servers to maximize the power of your PHP 7.0 deployment." We looked at the new features in PHP 7 in an article in this week's edition.
The Electronic Frontier Foundation has announced the public beta test of the Let's Encrypt initiative, which aims to make encrypted web traffic the norm. "There are a number of flaws in the CA system, but when it comes to encrypting the Web, two in particular stand out: cost and difficulty. Most CAs today charge for certificates. While some are very cheap, every dollar of expense means a large swath of people who can't afford to host a secure website. The larger barrier, though, is difficulty. Once someone has purchased a certificate, they need to install it on their website, a time consuming and error-prone process that requires significant technical skill, which is a cost in itself. Let's Encrypt is not only free but also automated, in order to make HTTPS encryption more accessible than ever."
Debian has updated cups-filters (code execution).
The LWN.net Weekly Edition for December 3, 2015 is available.
While the event had a certain amount of drama surrounding it, the announcement of the end for the Debian Live project seems likely to have less of an impact than it first appeared. The loss of the lead developer will certainly be felt—and the treatment he and the project received seems rather baffling—but the project looks like it will continue in some form. So Debian will still have tools to create live CDs and other media going forward, but what appears to be a long-simmering dispute between project founder and leader Daniel Baumann and the Debian CD and installer teams has been "resolved", albeit in an unfortunate fashion.
Subscribers can click below for the full story from this week's Distributions page.
Arch Linux has updated chromium (multiple vulnerabilities).
HUP napi hírlevél
Legfrissebb HUP képek
Melyik online zene streamelő szolgáltatást használod legszívesebben?
Google Play Music
Többet is egyformán szívesen használok
Egyebet, leírom hozzászólásban
Nem hallgatok zenét ilyenekről
Összes szavazat: 349