Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 9 perc 14 másodperc

[$] Maru: a pocket desktop

h, 2016-04-18 13:50
It appears to be widely accepted that the Linux desktop has achieved limited success at best, while the Linux palmtop — in the form of Android — has been wildly successful. The two classes of systems are generally thought of as being quite different, but it is worth remembering that the handsets we carry now have more computing power than the desktop systems we were using in the recent past. Given the right peripherals, an Android handset should be more than capable of providing a reasonable desktop experience. The Maru distribution is an experiment intended to prove that point by turning a smartphone device into a portable Debian desktop.
Kategóriák: Linux

Kernel prepatch 4.6-rc4

h, 2016-04-18 13:17
The 4.6-rc4 kernel prepatch is out for testing. "So there really isn't anything particularly interesting here. Just like I like it in the rc series. Let's hope it stays that way."
Kategóriák: Linux

Brauch: Processing scientific data in Python and numpy, but doing it fast

p, 2016-04-15 22:56
On his blog, Sven Brauch has some suggestions on how to use NumPy to process scientific data and how to avoid some pitfalls that will ruin its performance. "In general, copying data is cheap. But if your program simulates 25 million particles, each having a float64 location in 3d, you already have 8*3*25e6 = 600 MB of data. Thus, if you write r = r + v*dt, you will copy 1.2 GB of data around in memory: once 600 MB to calculate v*dt, and again to calculate r+(v*dt), and only then the result is written back to r. This can really become a major bottleneck if you aren’t careful. Fortunately, it is usually easy to circumvent; instead of writing r = r+dv, write r += dv. Instead of a = 3*a + b, write a *= 3; a+= b. This avoids the copying completely. For calculating v*dt and adding it to r, the situation is a bit more tricky; one good idea is to just have the unit of v be such that you don’t need to multiply by dt. If that is not possible, it might even be worth it to keep a copy of v which is multiplied by dt already, and update that whenever you update v. This is advantageous if only few v values change per step of your simulation. I would not recommend writing it like this everywhere though, it’s often not worth the loss in readability; just for really large arrays and when the code is executed frequently."
Kategóriák: Linux

Costa: Designing a Userspace Disk I/O Scheduler for Modern Datastores: the Scylla example (Part 1)

p, 2016-04-15 19:22
Over at the Scylla blog, Glauber Costa looks at why a high-performance datastore application might want to do its own I/O scheduling. "If one is using a threaded approach for managing I/O, a thread can be assigned to a different priority group by tools such as ionice. However, ionice only allows us to choose between general concepts like real-time, best-effort and idle. And while Linux will try to preserve fairness among the different actors, that doesn’t allow any fine tuning to take place. Dividing bandwidth among users is a common task in network processing, but it is usually not possible with disk I/O without resorting to infrastructure like cgroups. More importantly, modern designs like the Seastar framework used by Scylla to build its infrastructure may stay away from threads in favor of a thread-per-core design in the search for better scalability. In the light of these considerations, can a userspace application like Scylla somehow guarantee that all actors are served according to the priorities we would want them to obey?"
Kategóriák: Linux

Friday's security advisories

p, 2016-04-15 17:10

Arch Linux has updated lhasa (code execution).

Debian has updated chromium-browser (multiple vulnerabilities).

Fedora has updated cryptopp (F24: information disclosure), libtasn1 (F24: denial of service), poppler (F23: code execution), qpid-proton (F23: TLS to plaintext downgrade), and samba (F24: multiple vulnerabilities).

openSUSE has updated java-1_7_0-openjdk (13.1: sandbox bypass).

Kategóriák: Linux

Gone In Six Characters: Short URLs Considered Harmful for Cloud Services (Freedom to Tinker)

cs, 2016-04-14 21:00
Over at the Freedom to Tinker blog, guest poster Vitaly Shmatikov, who is a professor at Cornell Tech, writes about his study [PDF] of what URL shortening means for the security and privacy of cloud services. "TL;DR: short URLs produced by bit.ly, goo.gl, and similar services are so short that they can be scanned by brute force. Our scan discovered a large number of Microsoft OneDrive accounts with private documents. Many of these accounts are unlocked and allow anyone to inject malware that will be automatically downloaded to users’ devices. We also discovered many driving directions that reveal sensitive information for identifiable individuals, including their visits to specialized medical facilities, prisons, and adult establishments."
Kategóriák: Linux

Security updates for Thursday

cs, 2016-04-14 16:55

Debian has updated samba (multiple vulnerabilities) and samba (regression in previous update).

Fedora has updated samba (F23; F22: multiple vulnerabilities).

Mageia has updated apache-commons-collections (code execution), imlib2 (three vulnerabilities), mercurial (three vulnerabilities), optipng (two vulnerabilities), postgresql (two vulnerabilities), python-pillow (code execution), and thunderbird (unspecified).

openSUSE has updated lhasa (42.1; 13.2: code execution) and quagga (password disclosure).

SUSE has updated samba (SLE11SP2: multiple vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for April 14, 2016

cs, 2016-04-14 02:44
The LWN.net Weekly Edition for April 14, 2016 is available.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2016-04-13 19:40

CentOS has updated samba (C6; C5: multiple vulnerabilities), ipa (C7; C6: multiple vulnerabilities), libldb (C7; C6: multiple vulnerabilities), libtalloc (C7; C6: multiple vulnerabilities), libtdb (C7; C6: multiple vulnerabilities), libtevent (C7; C6: multiple vulnerabilities), openchange (C7; C6: multiple vulnerabilities), samba (C7: multiple vulnerabilities), samba4 (C6: multiple vulnerabilities), and samba3x (C5: multiple vulnerabilities).

Fedora has updated imlib2 (F23: two vulnerabilities), libreswan (F23: denial of service), and xerces-c (F23: code execution).

openSUSE has updated mercurial (13.2: three vulnerabilities) and samba (Leap42.1: multiple vulnerabilities).

Oracle has updated samba (OL6; OL5: multiple vulnerabilities), samba and samba4 (OL7; OL6: multiple vulnerabilities), and samba3x (OL5: multiple vulnerabilities).

Red Hat has updated samba (RHEL7.1; RHEL6; RHEL6.2,6.4,6.5,6.6; RHEL5; RHEL5.6,5.9; RHEL4: multiple vulnerabilities), samba, samba4 (RHEL6,7: multiple vulnerabilities), samba3x (RHEL5; RHEL5.6,5.9: multiple vulnerabilities), and samba4 (RHEL6.2,6.5,6.6: multiple vulnerabilities).

Scientific Linux has updated samba (SL6; SL5: multiple vulnerabilities), samba, samba4 (SL6,7: multiple vulnerabilities), and samba3x (SL5: multiple vulnerabilities).

SUSE has updated samba (SLE12-SP1; SLE12; SLE11-SP4,SP3: multiple vulnerabilities) and kernel (SLE12-SP1: multiple vulnerabilities).

Kategóriák: Linux

CoreOS "Ignition" released

sze, 2016-04-13 18:06
CoreOS has announced the release of its "Ignition" provisioning tool. "At the the most basic level, Ignition is a tool for manipulating disks during early boot. This includes partitioning disks, formatting partitions, writing files, and configuring users." It runs as the first process — before systemd — to get the system into the proper shape before the ordinary boot process takes over.
Kategóriák: Linux

[$] OpenBMC, a distribution for baseboard management controllers

sze, 2016-04-13 01:21

The Intelligent Platform Management Interface (IPMI) is a set of system-management-and-monitoring APIs typically implemented on server motherboards via an embedded system-on-chip (SoC) that functions completely outside of the host system's BIOS and operating system. While it is intended as a convenience for those who must manage dozens or hundreds of servers in a remote facility, IPMI has been called out for its potential as a serious hole in server security. At the 2016 Embedded Linux Conference in San Diego, Tian Fang presented Facebook's recent work on OpenBMC, a Linux distribution designed to replace proprietary IPMI implementations with an open-source alternative built around standard facilities like SSH.

Kategóriák: Linux

Stable kernel updates

k, 2016-04-12 23:51
Stable kernels 4.5.1, 4.4.7, and 3.14.66 have been released. All of them contain important fixes throughout the tree.
Kategóriák: Linux

The "Badlock" vulnerability

k, 2016-04-12 21:17
The details for the "Badlock" vulnerability in the SMB DCE-RPC protocol have finally been disclosed, along with the obligatory logo and domain name; there is no word on the availability of hats and T-shirts yet. It is a man-in-the-middle attack that can allow an attacker to access files in an SMB share, or gain access to Active Directory administrative tools, with the permissions of the intercepted user. "Please update your systems. We are pretty sure that there will be exploits soon. Engineers at Microsoft and the Samba Team worked together during the past months to get this problem fixed."
Kategóriák: Linux

Let's Encrypt is no longer "beta"

k, 2016-04-12 19:29
The Let's Encrypt project, which is working to enable encrypted communications across the web, has announced that it has gained more sponsors and no longer considers itself to be in a "beta" state. "Since our beta began in September 2015 we’ve issued more than 1.7 million certificates for more than 3.8 million websites. We’ve gained tremendous operational experience and confidence in our systems. The beta label is simply not necessary any more."
Kategóriák: Linux

Tuesday's security updates

k, 2016-04-12 17:53

Debian has updated didiwiki (regression in previous update) and imagemagick (multiple vulnerabilities).

openSUSE has updated cairo (13.2: denial of service), clamav-database (Leap42.1: database refresh), java-1_7_0-openjdk (Leap42.1: sandbox bypass), java-1_8_0-openjdk (Leap42.1: sandbox bypass), and kernel (Leap42.1: multiple vulnerabilities).

Red Hat has updated kernel (RHEL6.6: memory leak) and openvswitch (RHOSE3.1: code execution).

SUSE has updated mercurial (SLESDK12-SP1; SLESDK11-SP4: three vulnerabilities).

Ubuntu has updated linux-lts-utopic (14.04: regression in previous update).

Kategóriák: Linux

FSF: Interpreting, enforcing and changing the GNU GPL, as applied to combining Linux and ZFS

k, 2016-04-12 01:12
Richard Stallman looks at the GPL and how it is incompatible with the CDDL (Common Development and Distribution License), which is the license used by ZFS. "Likewise, the copyright holders of ZFS (the version that is actually used) can give permission to use it under the GNU GPL, version 2 or later, in addition to any other license. This would make it possible to combine that version with Linux without violating the license of Linux. This would be the ideal resolution and we urge the copyright holders of ZFS to do so. Some copyright holders choose not to enforce their licenses in specific situations. That enables users to operate as if permission were granted. However, this does not alter the meaning of the GNU GPL, and does not cause uses that the GPL disallows to either suddenly or slowly become permitted by the GPL. Such acquiescence is not the case in regard to linking Linux and ZFS; indeed, some Linux copyright holders have said they consider this copyright infringement. We have explained above the reasons why that is so."
Kategóriák: Linux

Moglen: How Should the Free Software Movement View the Linux Foundation?

h, 2016-04-11 22:57
Eben Moglen opines on the role of the Linux Foundation, and on GPL enforcement in general. "LF will be as favorable to copyleft as its members are. Copyleft licensing is easy for businesses to doubt: required sharing of work that could be instead 'owned' by the capital investors seems to be mere loss in conventional calculations. I have spent most of my adult lifetime not telling businesses that copyleft was in their interest, but educating them about copyleft and others’ experience with it, in order to allow them to draw their own conclusions. Experience has taught me that this process, though uncertain and unscalable, is absolutely crucial to the attainment of the free software movement’s fundamental objectives. It is, however, all too easily destroyed by any form of overly aggressive copyleft enforcement that fully confirms businesspeople’s skepticism."
Kategóriák: Linux

The linux-stable security tree project

h, 2016-04-11 20:21
Sasha Levin has announced the creation of the "linux-stable security tree" project. The idea is to take the current stable updates and filter out everything that isn't identified as a security fix. "Quite a few users of the stable trees pointed out that on complex deployments, where validation is non-trivial, there is little incentive to follow the stable tree after the product has been deployed to production. There is no interest in 'random' kernel fixes and the only requirements are to keep up with security vulnerabilities."
Kategóriák: Linux

Security advisories for Monday

h, 2016-04-11 17:59

Arch Linux has updated flashplugin (multiple vulnerabilities).

Fedora has updated fuse-encfs (F23; F22: cryptography issues), kernel (F23; F22: multiple vulnerabilities), latex2rtf (F23; F22: code execution), php (F23; F22: multiple vulnerabilities), python-pillow (F23; F22: buffer overflow), qemu (F22: multiple denial of service vulnerabilities), and xen (F23; F22: information disclosure).

openSUSE has updated flash-player (13.1: code execution) and xen (13.2: multiple vulnerabilities, some from 2013).

Kategóriák: Linux

Kernel prepatch 4.6-rc3

h, 2016-04-11 15:57
The 4.6-rc3 kernel prepatch has been released, but there does not appear to be an announcement from Linus to go with it. As he predicted, the pace of change has increased a bit; 298 changesets have been merged since -rc2, out of 491 total since the closing of the merge window.

Update: your editor has found the missing 4.6-rc3 announcement. It seems it went to the filesystems list only; Linus apparently had filesystems on his mind. "What _is_ surprising, though, is that about half the bulk of the rc3 patch is to filesystem code. I don't recall that before, and that surprised me - I had to go look for the reason. It turns out that while we have indeed got changes to several filesystems (btrfs, ext4, orangefs, f2fs), but the big reason was simply from us getting rid of the PAGE_CACHE_SIZE macro and just using PAGE_SIZE everywhere."

Kategóriák: Linux