Hírolvasó

A Severance S02E08-ról trey 2025. 03. 13., cs – 14:59

Ezzel egy ernyő alá kerül a CNCF Kubernetes és az OpenStack.

A Gemini Robotics által vezérelt robotkarok jól bánnak a zippzárral, elrendezik a gyümölcsöket sőt, origamit is hajtogatnak, ha kell.

A Pokémon Go fejlesztője a Scopely-hoz kerül.

A tavaly indult antitröszt-vizsgálat az új adminisztrációval sem került parkolópályára.

Lezárult a helyi versenyfelügyelet vizsgálata, ami főként az Apple és a Google gyakorlataira nézett rá.

Aláírta, nem írta alá, zsírleszívás TB-re, Heti Cringe Nagydíj nyertese ... trey 2025. 03. 13., cs – 09:47

A céget március 18-tól Lip-Bu Tan irányítja, aki korábban többek között az Intel bürokratikus cégkultúráját bírálta.

Inside this week's LWN.net Weekly Edition:

• Front: PyPI terms of service; Zig 0.14; Matrix; Timer IDs and ABI; Module integrity checking; Capability analysis.
• Briefs: Path traversal; Below vulnerability; Ubuntu 25.04; Flang; Gstreamer 1.26.0; Framework Mono 6.14.0; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

On February 25, the Python Software Foundation (PSF), which runs the Python Package Index (PyPI), announced new terms of service (ToS) for the repository. That has led to some questions about the new ToS, and the process of coming up with them. For one thing, the previous terms of use for the service were shorter and simpler, but there are other concerns with specific wording in the new agreement.

Damien Neil has written an article for the Go Blog about path traversal vulnerabilities and the os.Root API added in Go 1.24 to help prevent them.

Root permits relative path components and symlinks that do not escape the root. For example, root.Open("a/../b") is permitted. Filenames are resolved using the semantics of the local platform: On Unix systems, this will follow any symlink in "a" (so long as that link does not escape the root); while on Windows systems this will open "b" (even if "a" does not exist).

Megjött a cucc! trey 2025. 03. 12., sze – 15:55

The Zig project has announced the release of the 0.14 version of the language, including changes from more than 250 contributors. Zig is a low-level, memory-unsafe programming language that aims to compete with C instead of depending on it. Even though the language has not yet had a stable release, there are a number of projects using it as an alternative to C with better metaprogramming. While the project's release schedule has been a bit inconsistent, with the release of version 0.14 being delayed several times, the release contains a number of new convenience features, broader architecture support, and the next steps toward removing Zig's dependency on LLVM.

The SUSE Security Team blog has a post with a detailed analysis of a vulnerability (CVE-2025-27591) in the below tool for recording and displaying system data.

In January 2025, Below was packaged and submitted to openSUSE Tumbleweed. Below runs as a systemd service with root privileges. The SUSE security team monitors additions and changes to systemd service unit files in openSUSE Tumbleweed, and through this we noticed problematic log directory permissions applied in Below's code.

The LLVM project's Fortran compiler, which has for many years gone by the name "flang-new", will now simply be "flang", starting from LLVM's 20.1.0 release on March 4. The announcement, which includes details about the history of flang, comes after a long period of development and discussion. The community has considered renaming flang several times before now, but has always held off out of a feeling that the compiler was not yet ready. Now, the members of the project believe that flang has become stable and complete enough to earn its name.

We are almost 10 years from the first announcement of what would become LLVM Flang. In the LLVM monorepo alone there have been close to 10,000 commits from around 400 different contributors. Undoubtedly more in Classic Flang before that.

Szégyeldd magad, ha az utolsó sorban állsz! trey 2025. 03. 12., sze – 14:55

Ti hogy fizettek gépjárműadót? trey 2025. 03. 12., sze – 14:42

Az uniós régióban elsőként a spanyolok követnék a gyakorlatban is az AI Act nyomát.

Version 1.26.0 of the GStreamer cross-platform multimedia framework has been released. Notable changes in this release include support for the H.266 Versatile Video Coding (VVC) codec, Low Complexity Enhancement Video Coding (LCEVC) support, closed caption improvements, and JPEG XS image codec support.

Security updates have been issued by Debian (libmodbus), Fedora (thunderbird and vyper), Mageia (firefox, nss, python-django, python-jinja2, and thunderbird, thunderbird-l10n), Oracle (bind, kernel, rsync, and tigervnc), Red Hat (.NET 8.0, .NET 9.0, and libxml2), SUSE (iniparser and kernel), and Ubuntu (dotnet8, dotnet9, freerdp2, jinja2, libreoffice, linux, linux-hwe, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle, linux-kvm, and opensc).