Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 13 perc 10 másodperc
The TensorFlow 1.0 release is available, bringing an API stability guarantee to this machine-learning library from Google. "TensorFlow 1.0 introduces a high-level API for TensorFlow, with tf.layers, tf.metrics, and tf.losses modules. We've also announced the inclusion of a new tf.keras module that provides full compatibility with Keras, another popular high-level neural networks library."
Tom Callaway seems to be a very nice person who has been overclocked to about 140% normal human speed. In only 20 minutes he gave an interesting and highly-amusing talk that could have filled a 45-minute slot on the legal principles that underpin Fedora, how they got that way, and how they work out in practice.
Subscribers can click below for the full report from FOSDEM by guest author Tom Yates.
Greg KH has released stable kernels 4.9.10 and 4.4.49. Both contain the usual set of important fixes.
CentOS has updated bind (C7: denial of service).
Debian has updated libevent (three vulnerabilities).
Debian-LTS has updated libevent (three vulnerabilities).
Oracle has updated bind (OL7: denial of service).
Scientific Linux has updated bind (SL7: denial of service).
Ubuntu has updated php5 (14.04, 12.04: multiple vulnerabilities).
TechRepublic reports that the Munich, Germany city council has voted to begin the move back to proprietary desktop software. "Under a proposal backed by the general council, the administration will investigate how long it will take and how much it will cost to build a Windows 10 client for use by the city's employees. Once this work is complete, the council will vote again on whether to replace LiMux, a custom version of the Linux-based OS Ubuntu, across the authority from 2021."
David Malcolm takes a look at the testing going into the upcoming GCC 7.0 release. "The other new approach is in unit-testing: GCC’s existing testing was almost all done by verifying the externally-visible behavior of the program, but we had very little direct coverage of specific implementation subsystems; this was done in a piecemeal fashion using testing plugins. To address this, I’ve added a unit-testing suite to GCC 7, which is run automatically during a non-release build. Compilers use many data structures, so the most obvious benefit is that we can directly test corner-cases in these. As a relative newcomer to the project, one of my “pain points” learning GCC’s internals was the custom garbage collector it uses to manage memory. So, I’m very happy that the test suite now has specific test coverage for various aspects of the collector, which should make the compiler more robust when handling very large input files."
Debian-LTS has updated tomcat7 (denial of service).
Fedora has updated bind (F25: denial of service), kernel (F25; F24: two vulnerabilities), netpbm (F25: three vulnerabilities), tcpdump (F25: multiple vulnerabilities), vim (F25: buffer overflow), and w3m (F25: unspecified).
For some years, OpenWrt has arguably been the most active router-oriented distribution. Things changed in May of last year, though, when a group of OpenWrt developers split off to form the competing LEDE project. While the LEDE developers have been busy, the project has yet to make its first release. That situation is about to change, though, as evidenced by the LEDE v17.01.0-rc1 release candidate, which came out on February 1.
Fedora has updated epiphany (F24: password extraction sweep attack).
Red Hat has updated java-1.7.0-openjdk (RHEL5,6,7: multiple vulnerabilities).
Scientific Linux has updated java-1.7.0-openjdk (SL5,6,7: multiple vulnerabilities).
Linus has released one more kernel prepatch, 4.10-rc8, rather than the final 4.10 release that had been expected. He said that 4.10 could have come out this week, but he thought better of it. "But I decided that there's also no huge overriding reason to do so (other than getting back to the usual "rc7 is the last rc" schedule, which would have been nice), and with travel coming up, I decided that I didn't really need to open the merge window. I've done merge windows during travel before, but I just prefer not to."
Sailfish OS 2.1.0 Iijoki has been released. "Iijoki brings major architectural changes to Sailfish OS by introducing Qt 5.6 UI framework, BlueZ 5 Bluetooth stack and basic implementations of 64-bit architecture. It also brings improvements to the camera software with faster shutter speeds, initial support for Virtual Private Networks (VPN), option to enlarge UI fonts to different levels and last but not least, a large number of bug and error fixes mostly reported by our community." The release notes contain additional details.
Arch Linux has updated bind (denial of service).
Debian has updated jasper (multiple vulnerabilities).
Fedora has updated bitlbee (F24: denial of service), gnome-boxes (F24: password disclosure), gtk-vnc (F25: two vulnerabilities), iio-sensor-proxy (F24: authentication bypass), java-1.8.0-openjdk-aarch32 (F25; F24: multiple vulnerabilities), libwmf (F25: multiple vulnerabilities), mariadb (F24: multiple vulnerabilities), openssl (F24: three vulnerabilities), quagga (F25: denial of service), spice (F25; F24: two vulnerabilities), viewvc (F24: cross-site scripting), and wireshark (F25: two denial of service flaws).
Gentoo has updated firejail (incomplete fix for previous vulnerability).
The 4.9.9 and 4.4.48 stable kernel updates are available. As usual, each contains a set of important fixes.
Red Hat has updated java-1.8.0-ibm (RHEL7&6: multiple vulnerabilities).
The LWN.net Weekly Edition for February 9, 2017 is available.
High-speed networking was once, according to Andy Wingo in his 2017 linux.conf.au presentation, the domain of "the silicon people". But that situation is changing, and now any hacker can work with networking at the highest speeds. There is one little catch: one must dispense with the kernel's network stack and do the work in user space. Happily, not all of the solutions in this area are proprietary; he was there to talk about the Snabb networking toolkit and what can be done with it.
Debian-LTS has updated php5 (multiple vulnerabilities).
Greg Kroah-Hartman has released an unexpected 3.18 kernel update, despite the fact that 3.18 is no longer supported. "Turns out there was a bug in 3.18.47 in one of the backports. And a bug in 3.18.27 as well, with one of the backports there. And a very minor issue in the 3.18.28 release, but no one cares about the debug messages for a specific scsi driver, so you can just ignore that issue..."
Michael Catanzaro looks at how distributors have improved (or not) their security support for the WebKit browser engine in the last year. "So results are clearly mixed. Some distros are clearly doing well, and others are struggling, and Debian is Debian. Still, the situation on the whole seems to be much better than it was one year ago. Most importantly, Ubuntu’s decision to start updating WebKitGTK+ means the vast majority of Linux users are now receiving updates."
Kenton Varda reports that Sandstorm, as a company, is no more, but community development lives on. LWN covered the Sandstorm personal cloud platform in June 2014.
Many people also know that Sandstorm is a for-profit startup, with a business model centered on charging for enterprise-oriented features, such as LDAP and SAML single-sign-on integration, organizational access control policies, and the like. This product was called “Sandstorm for Work”; it was still open source, but official builds hid the features behind a paywall. Additionally, we planned eventually to release a scalable version of Sandstorm for big enterprise users, based on the same tech that powers Sandstorm Oasis, our managed hosting service.
As an open source project, Sandstorm has been successful: We have a thriving community of contributors, many developers building and packaging apps, and thousands of self-hosted servers running in the wild. This will continue.
However, our business has not succeeded. To date, almost no one has purchased Sandstorm for Work, despite hundreds of trials and lots of interest expressed. Only a tiny fraction of Sandstorm Oasis users choose to pay for the service – enough to cover costs, but not much more.
HUP napi hírlevél