ls -1TörténelemHUP adás-vételNépszerű témákNépszerű fórum témákHardverAjánlott böngésző FreeBSD Project NewsOpenBSD Journal |
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Webcím: http://lwn.net
Frissült: 18 perc 26 másodperc Security advisories for WednesdayCentOS has updated perl (C6;
C5: multiple vulnerabilities).
Debian has updated icinga (code execution). openSUSE has updated pigz (information disclosure). Oracle has updated perl (OL6; OL5: multiple vulnerabilities). Red Hat has updated perl (multiple vulnerabilities). Scientific Linux has updated perl (multiple vulnerabilities). Kategóriák: Linux
Garrett: Secure Boot and Restricted BootMatthew Garrett asserts that people
attacking UEFI secure boot are aiming at the wrong target. "Those
who argue against Secure Boot risk depriving us of the freedom to make a
personal decision as to who we trust. Those who argue against Secure Boot
while ignoring Restricted Boot risk depriving us of even more. The
traditional PC market is decreasing in importance. Unless we do anything
about it, free software will be limited to a niche group of enthusiasts
who've carefully chosen from a small set of devices that respect user
freedom. We should have been campaigning against Restricted Boot 10 years
ago. Don't delay it even further by fighting against implementations that
already respect user freedom."
Kategóriák: Linux
KASLR: An Exercise in Cargo Cult Security (grsecurity blog)Over at the grsecurity blog, Brad Spengler and the PaX Team have co-written a lengthy look at kernel address space layout randomization (KASLR) and its failures. "KASLR is an easy to understand metaphor. Even non-technical users can make sense of the concept of a moving target being harder to attack. But in this obsession with an acronym outside of any context and consideration of its limitations, we lose sight of the fact that this moving target only moves once and is pretty easy to spot. We forget that the appeal of ASLR was in its cost/benefit ratio, not because of its high benefit, but because of its low cost."
Kategóriák: Linux
[$] Multipath TCP: an overviewThe world was a simpler place when the TCP/IP network protocol suite was
first designed. The net was slow and primitive and it was often a triumph
to get a connection to a far-away host at all. The machines at either end
of a TCP session normally did not have to concern themselves with how that
connection was made; such details were left to routers. As a result, TCP
is built around the notion of a (single) connection between two hosts. The
Multipath TCP (MPTCP) project looks
to change that view of networking by adding support for multiple transport
paths to the endpoints; it offers a lot of benefits, but designing a
deployable protocol for today's Internet is surprisingly hard.
Kategóriák: Linux
Linux users file EU complaint against Microsoft (Reuters)The Spanish association Hispalinux has filed a complaint against Microsoft
to the European Commission, Reuters reports.
"In its 14-page complaint, Hispalinux said Windows 8 contained an
"obstruction mechanism" called UEFI Secure Boot that controls the start-up
of the computer and means users must seek keys from Microsoft to install
another operating system. The group said it was "a de facto technological
jail for computer booting systems ... making Microsoft's Windows platform
less neutral than ever"." (Thanks to Pat Read)
Kategóriák: Linux
Replacing Google Reader (The H)The H has an
extensive survey of available RSS reader applications, both open source
and proprietary. "ownCloud is a complete self-hosted service
platform that provides file sharing and collaboration features including
calendaring, to do lists, a document viewer, and integration with Active
Directory and LDAP. The software also includes a feed reader application,
which started as a Google Summer of Code effort and takes many design cues
from Google Reader."
Kategóriák: Linux
Tuesday's security updatesCentOS has updated axis (C5:
incorrect certificate validation).
Debian has updated libxml2 (denial of service). openSUSE has updated imagemagick (code execution) and graphicsmagick (denial of service). Oracle has updated axis (OL5: incorrect certificate validation). Red Hat has updated axis (RHEL5: incorrect certificate validation). Scientific Linux has updated axis (SL5: incorrect certificate validation). Ubuntu has updated ruby (denial of service) and OMAP4 kernel (12.04 LTS: multiple vulnerabilities). Kategóriák: Linux
GTK+ 3.8.0 releasedGTK+ 3.8.0 has been released. This version includes support for Wayland
1.0, and contains many new features and performance improvements.
Kategóriák: Linux
Security advisories for MondayFedora has updated krb5 (F18: denial
of service), euca2ools (F18; F17: insecure snapshots), kernel (F18: multiple vulnerabilities),
mimetex (F18; F17: multiple vulnerabilities), and tor (F17: denial of service).
openSUSE has updated nss-pam-ldapd (12.2, 12.1; 12.3; 11.4: code execution) and krb5 (11.4: denial of service). Scientific Linux has updated OpenIPMI (privilege escalation). Slackware has updated php (multiple vulnerabilities). SUSE has updated samba (multiple vulnerabilities in SWAT). Ubuntu has updated kernel (10.04 LTS: multiple vulnerabilities), EC2 kernel (10.04 LTS: multiple vulnerabilities), OMAP4 kernel (11.10: multiple vulnerabilities), openssl (multiple vulnerabilities), and gnome-online-accounts (information disclosure). Kategóriák: Linux
Calligra document viewer available on AndroidSebastian Sauer has announced
the availability of the first version of the Calligra office suite for Android
systems. For now, the focus is on providing a viewer for ODT documents.
"Since bringing a whole Office suite to another platform is a huge
task and I am a small team I had to focus. Later on I plan to add doc/docx
support, editing, saving and Calligra Sheets (spreadsheets) and Calligra
Stage (presentations)." The application can be installed from the
Play Store.
Kategóriák: Linux
Kernel prepatch 3.9-rc4The 3.9-rc4 kernel prepatch is out. Linus
says: "Another week, another -rc. And things haven't calmed down, meaning that the nice small and calm -rc2 was definitely the outlier so far.
… While it hasn't been as calm as I'd like things to be, it's not like
things have been hugely exciting either. Most of this really is
pretty trivial. It's all over, with the bulk in drivers (drm, md, net,
mtd, usb, sound), but also some arch updates (powerpc, arm, sparc,
x86) and filesystem work (cifs, ext4)."
Kategóriák: Linux
Regehr: GCC 4.8 Breaks Broken SPEC 2006 BenchmarksJohn Regehr explains how
new optimizations in GCC 4.8.0 can break code making use of undefined
behavior. "A C compiler, upon seeing d[++k], is permitted to assume
that the incremented value of k is within the array bounds, since otherwise
undefined behavior occurs. For the code here, GCC can infer that k is in
the range 0..15. A bit later, when GCC sees k<16, it says to itself: 'Aha--
that expression is always true, so we have an infinite loop.'"
Kategóriák: Linux
GCC 4.8.0 releasedThe GCC 4.8.0 release is out. "Extending the widest support for hardware architectures in the industry,
GCC 4.8 has gained support for the upcoming 64-bit ARM instruction set
architecture, AArch64. GCC 4.8 also features support for Hardware
Transactional Memory on the upcoming Intel Haswell CPU
architecture." There's a lot of new stuff in this release; see the changes file and LWN's GCC 4.8.0 coverage for details.
Kategóriák: Linux
OpenSSH 6.2 releasedOpenSSH 6.2 is out. New features include some new encryption modes, the
ability to require multiple authentication protocols (requiring both public
key and a password, for example), key revocation list support, better
seccomp-filter sandbox support, and more.
Kategóriák: Linux
Friday's security updatesCentOS has updated boost (code execution) and qt (information disclosure). Fedora has updated kernel (multiple vulnerabilities), mediawiki (F17, F18; session fixation flaw), perl (denial of service), and privoxy (F17, F18; proxy spoofing). openSUSE has updated telepathy-gabble (denial of service). Oracle has updated boost (code execution) and qt (information disclosure). Red Hat has updated boost (code execution), Django (multiple vulnerabilities), openstack-cinder (multiple vulnerabilities), openstack-nova (multiple vulnerabilities), openstack-packstack (insecure file handling), and qt (information disclosure). Scientific Linux has updated boost (code execution) and qt (information disclosure). Kategóriák: Linux
Blum: Adria Richards, PyCon, and How We All LostPerhaps the best description and analysis of the unfortunate events at
PyCon can be found in this post from
Amanda Blum. In short, she concludes that everybody lost in this
incident.
Any comments posted should, please, have something new to say and demonstrate the highest level of respect for others, whether or not you agree with them. See also: What really happened at PyCon. Kategóriák: Linux
Russell: GCC and C vs C++ Speed, MeasuredRusty Russell ran an
investigation to determine whether code compiled with the GCC C++
compiler is slower than code from the C compiler. "With this in
mind, and Ian Taylor’s bold assertion that 'The C subset of C++ is as
efficient as C', I wanted to test what had changed with some actual
measurements. So I grabbed gcc 4.7.2 (the last release which could do
this), and built it with C and C++ compilers." His conclusion is
that the speed of the compiler is the same regardless of how it was built;
using C++ does not slow things down.
Kategóriák: Linux
China to standardize on UbuntuCanonical has announced
a collaboration with the Chinese government to create a standard operating
system reference architecture based on the Ubuntu distribution. "The
initial work of the CCN Joint Lab is focused on the development of an
enhanced version of the Ubuntu desktop with features specific to the
Chinese market. The new version is called Ubuntu Kylin and the first
version will be released in April 2013 in conjunction with Ubuntu’s global
release schedule. Future work will extend beyond the desktop to other
platforms."
Kategóriák: Linux
PyCon US 2013 videos postedFor those who could not attend PyCon US 2013, videos from the
talks are now available.
Kategóriák: Linux
Security updates for ThursdayDebian has updated libapache2-mod-perl2 (regression in previous security fix) and smokeping (cross-site scripting). Fedora has updated firebird (F17; F18: remote code execution). openSUSE has updated typo3-cms (two vulnerabilities) and pidgin (multiple vulnerabilities). Red Hat has updated java-1.6.0-sun (Web Start and browser plugin EOL). Ubuntu has updated python-nova (two vulnerabilities), python-keystone (12.10: incorrect revocation checking), clamav (multiple unspecified vulnerabilities), and OMAP4 kernel (12.10: multiple vulnerabilities). Kategóriák: Linux
|
KeresésNavigációBelépésHupWikiÁllásajánlatokHWSWFriss blogbejegyzésekHUP napi hírlevélLegfrissebb HUP videókLegfrissebb HUP képekSzavazásNálunk rendszeresen van ISO audit és rendszeradminként ... nekem is van munkám vele. 20% engem nem érint. 16% nálunk nincs minőségirányítási rendszer bevezetve. 31% mi az az ISO audit? 29% Egyéb. Leírom. 4% Összes szavazat: 323
InformációKövess minket!Partnerünk |
Friss hozzászólások
4 perc 37 másodperc
7 perc 42 másodperc
8 perc
13 perc 6 másodperc
24 perc 15 másodperc
25 perc 17 másodperc
26 perc 24 másodperc
27 perc 8 másodperc
28 perc 21 másodperc
35 perc 4 másodperc