The collective noises of the interwebz
Author Archive
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
LinuxDevices.com is carrying a
brief note from the “outgoing editor-in-chief” stating that the site’s
owner has been acquired. “At this point, the future of
LinuxDevices.com is uncertain. What we can say for sure is that it has been
a pleasure serving our readers — the best in the business.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The PHP 5.3.10 release is out; it contains a fix for a remote code
execution bug introduced recently by another security fix. Anybody running
5.3.9 should probably upgrade as soon as possible.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Jim Gettys says: “If
people have heard of bufferbloat at all, it is usually just an abstraction
despite having personal experience with it. Bufferbloat can occur in your
operating system, your home router, your broadband gear, wireless, and
almost anywhere in the Internet. They still think that if experience poor
Internet speed means they must need more bandwidth, and take vast speed
variation for granted. Sometimes, adding bandwidth can actually hurt rather
than help. Most people have no idea what they can do about bufferbloat. So
I’ve been working to put together several demos to help make bufferbloat
concrete, and demonstrate at least partial mitigation.” Definitely
useful viewing for anybody who is concerned with the problem and how to
begin addressing it.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The LWN.net Weekly Edition for February 2, 2012 is available.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Bradley Kuhn has posted a lengthy
explanation of the Software Freedom Conservancy’s GPL enforcement
activities and the demands they make. “I started using this request
regularly around 2002 because violators express a concern that, if they
came into compliance due to my efforts, what was to stop others from coming
to complain, in sequence, and wasting their time? I suggested that if they
came into compliance all at once, on all FLOSS licenses involved, it would
be easy for me to be on their side, should someone else complain. Namely,
I’d come to their defense and say: ‘Yes, they were out of compliance, but
we’ve checked everything and they’re now in compliance throughout this
product. Those who are now complaining are being unfair, since — while this
violator had trouble initially — their compliance with all FLOSS licenses
is now adequate’.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The Document Foundation has announced that its long-awaited legal entity
will be based in Berlin. “‘After many months of work in close
cooperation with the authorities, we were able to keep the spirit of the
community bylaws, and incorporate them into legally binding statutes, that
ensure the promises that TDF has made in its manifesto’, says Michael
(Mike) Schinagl, a Berlin-based lawyer and contributor to various free
software projects, who has been driving the legal aspects of the foundation
set-up from the very beginning.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
CentOS has updated thunderbird (C4, C5,
C6: multiple vulnerabilities),
firefox (C4,
C5, C6:
multiple vulnerabilities) and seamonkey (C4: multiple vulnerabilities).
Fedora has updated smokeping (F15, F16:
cross-site scripting),
krb5 (F15: denial of service),
and sudo (F16: privilege
escalation).
Red Hat has updated thunderbird (RHEL4-5, RHEL6: multiple vulnerabilities),
firefox (RHEL4-6: multiple
vulnerabilities), and
seamonkey (RHEL4: multiple
vulnerabilities).
Ubuntu has updated usbmuxd (code
execution via hostile USB device).
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The eLinux.org web site is currently promoting a project to write
a replacement for Busybox under a permissive license. Normally, the
writing of more free software is seen as a good thing, but, in this case,
there have been complaints about the
perceived motivation behind the project. What this
discussion shows is that there are some divisions within our community on
how our licenses should be enforced – and even what those licenses say.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Version 2.2.22 of the Apache web server is out. The main point of this
release appears to be the fixing of six different CVE numbers, so people
with their own Apache builds probably want to grab the update.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The PyPy Status Blog has an
update on the status of the PyPy port to the ARM architecture.
“The current results on ARM, as shown in the graph below, show that
the JIT currently gives a speedup of about 3.5 times compared to CPython on
ARM. The benchmarks were run on the before mentioned BeagleBoard-xM with a
1GHz ARM Cortex-A8 processor and 512MB of memory. The operating system on
the board is Ubuntu 11.04 for ARM.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The Linux Foundation has announced
that Greg Kroah-Hartman has joined the organization as a fellow. “In
his role as Linux Foundation Fellow, Kroah-Hartman will continue his work
as the maintainer for the Linux stable kernel branch and a variety of
subsystems while working in a fully neutral environment. He will also work
more closely with Linux Foundation members, workgroups, Labs projects, and
staff on key initiatives to advance Linux.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The 3.3-rc2 prepatch is out, a little later
than would have ordinarily been expected. “The diffstat is pretty
flat – indicative of mostly small changes spread out. Which is what I like
seeing, and we don’t always see at this point. There’s some file movement
(8250-based serial and the arm mx5 -> imx merge), but otherwise really not
a lot of excitement. Good.” That said, there are quite a few
changes in this prepatch; see the short-form changelog in the announcement
for details. Thirteen of those changes are reverts for patches that didn’t
work out.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Matthew Garrett has posted a complaint about an
attempt to create a permissively-licensed busybox and calls for kernel
developers to be more aggressive in enforcing their copyrights. “The
real problem here is that the [Software Freedom Conservancy's] reliance on
Busybox means that they’re only able to target infringers who use that
Busybox code. No significant kernel copyright holders have so far offered
to allow the SFC to enforce their copyrights, with the result that
enforcement action will grind to a halt as vendors move over to this
Busybox replacement. So, if you hold copyright over any part of the Linux
kernel, I’d urge you to get in touch with them. The alternative is a
strangely ironic world where Sony are simultaneously funding lobbying for
copyright enforcement against individuals and tools to help large
corporations infringe at will.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Red Hat has sent out a
press release stating, in pure marketing style, that the support period
for versions 5 and 6 of Red Hat Enterprise Linux has been extended to ten
years. “Many of our customers have come to realize that
standardizing on Red Hat Enterprise Linux improves efficiency and helps
lower costs. With a ten-year life cycle, customers now have additional
choices when planning their Red Hat Enterprise Linux deployment and overall
IT strategy. We are pleased that customers are looking far into the future
with Red Hat.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The sudo utility (version 1.8.0 and later) suffers from a format string
vulnerability that can be easily shown to crash the program. There do
not appear to be any publicly-posted privilege escalation exploits at this
time, but that does not mean that such exploits do not exist. An update to
version 1.8.3p2 in the near future is probably a good idea; expect
advisories from the distributors in the near future.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Version 3 of the ownCloud personal cloud system has been announced.
New features include a browser-based text editor, an integrated PDF viewer,
a photo gallery application, an improved calendar application, and,
inevitably, an application store. “The browser based text editor
supports 35 programming languages for syntax highlighting, keyboard
shortcuts, drag and drop text, automatic indent and outdent,
unstructured/user code folding and Live syntax checker (for JavaScript,
Coffee and CSS). The editor is based on the ACE JavaScript Editor. The
editor supports basic text files. Editing more advanced formats like doc(x)
and ODT is planned for future releases.” LWN looked at ownCloud in early January.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Christoph Feck has announced
the first release of ImageZero, a lossless photo compression tool.
“Being twice as fast as PNG when decompressing (and more than 20
times faster when compressing) it achieves compression ratios that are near
or better than PNG for natural photos, sometimes even better than JPEG-LS
for very high quality photos.” The code is available on gitorious. (Thanks to Paul
Wise).
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
KDE developer Aaron Seigo writes about the
“Spark”, an upcoming unlocked €200 tablet that runs the KDE Plasma
Active system.
“This is more than just another piece of hardware on the market,
though. This is a unique opportunity for Free software. Finally we have a
device coming to market on our terms. It has been designed by and is usable
by us on our terms. We are not waiting for some big company to give us what
we desire, we’re going out there and making it happen together. Just as
important: the proceeds will be helping fuel the efforts that make this all
possible.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Lennart Poettering has announced the
posting of a
summary of the motivations for merging several root-level directories into
/usr. “A unified filesystem layout (as it results from
the /usr merge) is more compatible with UNIX than Linux’ traditional split
of /bin vs. /usr/bin. Unixes differ in where individual tools are
installed, their locations in many cases are not defined at all and differ
in the various Linux distributions. The /usr merge removes this difference
in its entirety, and provides full compatibility with the locations of
tools of any Unix via the symlink from /bin to /usr/bin.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The LWN.net Weekly Edition for January 26, 2012 is available.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
HP has announced
a roadmap for the open-sourcing of webOS that calls for the full code base
to be released by September. The Apache 2.0 license will be used.
“HP also announced it is releasing version 2.0 of webOS’s innovative
developer tool, Enyo. Enyo 2.0 enables developers to write a single
application that works across mobile devices and desktop web browsers, from
the webOS, iOS and Android platforms to the Internet Explorer and Firefox
browsers – and more. The source code for Enyo is available today, giving
the open source community immediate access to the acclaimed application
framework for webOS.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
CentOS has updated openssl (C5: multiple vulnerabilities),
kvm (C5: denial of service and
privilege escalation), and
kernel (C6: privilege escalation).
Debian has updated bip (remote code
execution).
Fedora has updated wireshark (F15: multiple vulnerabilities) and
kernel (F15: privilege escalation).
Oracle has updated
t1lib (EL6: multiple
vulnerabilities),
openssl (EL5, EL6: multiple vulnerabilities), and
glibc (EL6: code execution and
denial of service).
Red Hat has updated
t1lib (RHEL6: multiple
vulnerabilities),
kernel-rt (MRG2.1: privilege
escalation),
openssl (RHEL5, RHEL6: multiple vulnerabilities), and
glibc (RHEL6: code execution (from
2009) and denial of service).
Scientific Linux has updated
openssl (SL5: multiple
vulnerabilities).
Ubuntu has updated curl (data
injection),
kernel (information disclosure and denial
of service), and
kernel (10.04 LTS: denial of service).
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The KDE project has announced the release of
KDE Plasma
Workspaces, KDE
Applications, and KDE Platform
4.8. “KDE applications released today include Dolphin with its new
display engine and semantic goodies, new Kate features and improvements,
and Gwenview enhancements. Enjoy new Marble features such as interactive
Elevation Profile, satellite tracking and Krunner integration.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The third
set of interviews with speakers from the upcoming FOSDEM conference has been posted; featured
this time are Bdale Garbee, Finne Boonen, Guido Trotter, Wim Godden,
Garrett Serack, and Renzo Davoli. “The central role of computers and
interfaces has disappeared, services are the main focus now. The logical
structure of the internet must change as a consequence of this. By the IoTh
[Internet of Threads] we mean a structure where the addressable nodes of
the internet are, or can also be, processes or even concurrent threads of a
process. In the IoTh the definition of an independent networking stack,
with its own virtual interfaces, addresses, routing is as simple as the
creation of a PF_UNIX socket. It is an ‘ordinary business’ user-space
operation, not a structural and dangerous change, for system administrators
only.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Version 7.4 of the GDB debugger is out. New features include a Renesas
RL78 simulator, a number of Python scripting improvements, several new
debugging commands and options, and more.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Here’s a lengthy
posting from Mark Shuttleworth describing the “heads-up display”
concept that Ubuntu is pushing toward. “It’s smart, because it can
do things like fuzzy matching, and it can learn what you usually do so it
can prioritise the things you use often. It covers the focused app (because
that’s where you probably want to act) as well as system functionality; you
can change IM state, or go offline in Skype, all through the HUD, without
changing focus, because those apps all talk to the indicator system. When
you’ve been using it for a little while it seems like it’s reading your
mind, in a good way.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The “zx2c4″ weblog has a detailed
writeup of a local root vulnerability in /proc introduced in
2.6.39 and just fixed on January 17. “In 2.6.39, the
protections against unauthorized access to /proc/pid/mem were deemed
sufficient, and so the prior #ifdef that prevented write support for
writing to arbitrary process memory was removed. Anyone with the correct
permissions could write to process memory. It turns out, of course, that
the permissions checking was done poorly. This means that all Linux kernels
>=2.6.39 are vulnerable, up until the fix commit for it a couple days
ago. Let’s take the old kernel code step by step and learn what’s the
matter with it.” As of this writing, distributors do not yet appear
to have begun shipping updates for this vulnerability.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Linux has a lot of filesystems, but two of them (ext4
and btrfs) tend to get most of the attention. In his 2012 linux.conf.au
talk, XFS developer Dave Chinner served notice that he thinks more users
should be considering XFS. His talk covered work that has been done to
resolve the biggest scalability problems in XFS and where he thinks things
will go in the future. If he has his way, we will see a lot more XFS
around in the coming years.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Linus has announced the release of the
3.3-rc1 kernel prepatch and the closing of the merge window for this
development cycle. “Anyway, it’s out now, and I’m taking off early
for a weekend of beer, skiing and poker (not necessarily in that order:
‘don’t drink and ski’). No email.” See our merge window summaries
(part 1, part 2 for details on the features merged
for the 3.3 release.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The LWN.net Weekly Edition for January 19, 2012 is available.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
alt="[Bruce Perens]" border=0 hspace=2 align="right"/>
Bruce Perens wore a suit and tie for his linux.conf.au 2012 keynote for a
reason, he said: it reflects our community’s need to think more about how
it appears to the rest of the world. Despite our many successes, he said,
we have failed to achieve the goals that our community set for itself many
years ago. We have failed to engage and educate our users, and are finding
ourselves pulled into an increasingly constrained world. To get out of
this mess, we will have to make some changes – and expand our scope beyond
software and culture.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The systems
administration miniconf at the 2012 linux.conf.au hosted ‘a
casual conversation’ with a group of core Samba developers on the project’s
near future roadmap and the plans for Samba 4. Andrew “Tridge”
Tridgell led off by saying that the last a lot of people had heard about
the project’s plans came from “an article
in a disreputable web site.” The discussion reported on there was “very
exciting,” in that it moved the project’s point of view on the Samba 4
release from “someday” to “let’s get ready for a release.” Since then,
things have gotten quiet, but that does not mean that nothing has been
happening.
Click below (subscribers only) for the full report from LCA 2012.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The Software Freedom Law Center has taken a look at Microsoft’s
Windows 8 certification requirements for the ARM architecture (which
require that the system be fully locked down) and is
not amused.
“The new policy betrays the cynicism of Microsoft’s initial response
to concerns over Windows 8′s secure boot requirement. When kernel hacker
Matthew Garrett expressed his concern that PCs shipped with Windows 8 might
prevent the installation of GNU/Linux and other free operating systems,
Microsoft’s Tony Mangefeste replied, ‘Microsoft’s philosophy is to provide
customers with the best experience first, and allow them to make decisions
themselves.’ It is clear now that opportunism, not philosophy, is guiding
Microsoft’s secure boot policy.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The LWN.net Weekly Edition for January 12, 2012 is available.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Fedora has updated ruby (F15,
F16: denial of service),
openssl (F16: four denial of service
and information disclosure issues), and
tor (F16: remote code execution).
Red Hat has updated acroread (RHEL4-6: two code execution vulnerabilities),
kernel (RHEL5: eight CVE numbers),
and
kernel-rt (MRG2.0: 14 CVE numbers).
Scientific Linux has updated ipa (SL6: cross-site request forgery) and
qemu-kvm (SL6: two privilege
escalation vulnerabilities).
Ubuntu has updated nova (privilege
escalation),
linux-ec2 (two denial of service
vulnerabilities),
linux-ti-omap4 (denial of service and
information disclosure),
and kernel (denial of service and
information disclosure).
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The systemd v38 release is out; this is the first release to contain “the
journal.” “The journal is quite
complete at this time, but a small number of bigger features are still
missing. Documentation is currently terse and will be extended in the
coming versions. If you want to see the effect of the journal, try
‘systemctl status’ which is now hooked up with the journal and will show
the most recent log output of a service.” Note that v38 is a test
release; it will be good for those wanting to see what the journal looks
like, but probably should be kept far from production systems.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Recently, certain corners of the net have carried the claim that Barnes
& Noble is refusing to release the source for the kernel shipped in its
“Nook Tablet” book reader device. That, of course, would be a violation of the
kernel’s licensing. GPL violations are far from unheard of in the mobile
electronics market, but B&N is a company with a high-enough profile to attract
special attention. A look at what is going on suggests that there is less
to the story than meets the eye – but it still merits a look.
Click below
(subscribers only) for the full story.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Greg Kroah-Hartman has posted an update on
his plans for long-term kernel maintenance. As he announced before, the
3.1 series is almost at the end of its update period; he is also
approaching the end of his maintenance for the long-lived 2.6.32 release.
“It is approaching it’s end-of-life, and I think I only have another
month or so doing releases of this. After I am finished with it, it might
be picked up by someone else, but I’m not going to promise
anything.” As it happens, Tim Gardner has stated that Ubuntu will support 2.6.32 through
April 2015 – though whether that support will translate into kernel
releases outside of the Ubuntu distribution is not clear. Ubuntu also
plans to take on 3.2 as a long-term supported kernel.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The Tizen project has announced
the release of an initial set of
source repositories and an alpha
SDK. “Today we are posting a set of pre-release tools to give
application developers an early look at Tizen. These tools, together with
their corresponding documentation and source code, will provide developers
with information required to become familiar with Tizen
development.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
PC Pro has a brief
report on the “Ubuntu TV” offering revealed by Canonical at the Consumer
Electronics Show. “[Jane] Silber told us Canonical was in
discussions with a number of television manufacturers, but couldn’t confirm
any signed deals. It will face stiff competition from Google – which only
last week added LG to its roster of Google TV manufacturers – and Apple,
which is widely tipped to be working on an internet television after making
little impact with successive generations of its Apple TV hardware.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The 2.6.32.53, 3.0.16, and 3.1.8 stable kernel updates have been
released. Each contains the usual long list of important fixes (OK,
2.6.32.53 only has nine fixes, but the newer kernels have quite a few
more). Greg says
that there may only be one more 3.1 update after this one, so 3.1 users may
want to be thinking about moving on.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
OStatic reports
that Mandriva may be about to shut down. “On the Mandriva Forum,
Raphaël Jadot, a long-time contributor, wrote, ‘everything was fine, but
there is a big problem: a minor shareholder (Linlux) refuses the capital
injection required for Mandriva to continue, even though the Russian
investor had offered to bear it alone. Except turnaround Mandriva should
cease activity Jan. 16.’ No further details were made available there. But
as news crept around the various forums more did emerge.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
CouchDB creator Damien Katz appears to
be forking the project with the creation of “Couchbase.” “It’s
not that we think CouchDB isn’t awesome. It’s that we are creating the
successor to it: Couchbase Server. A product and project with similar
capabilities and goals, but more faster, more scalable, more customer and
developer focused. And definitely not part of Apache.”
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Linus has announced the release of the 3.2
kernel – just after the publication of the LWN Weekly Edition, as
predicted.
Among other things, this kernel adds the proportional rate reduction TCP algorithm, the
extended verification module, the CPU scheduler bandwidth controller, the cross-memory attach IPC mechanism, the Hexagon
DSP architecture, improved recovery of corrupted Btrfs filesystems, and the
I/O-less dirty throttling code. See the Kernelnewbies 3.2
page for lots more information.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The LWN.net Weekly Edition for January 5, 2012 is available.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Toward the end of December, LWN looked at the
new push to move various subsystems specific to Android kernels into
the mainline. There seems to be broad agreement that merging this code
makes sense, but that agreement becomes rather less clear once the
discussion moves to the merging of specific subsystems. Tim Bird’s request for comments on the Android “logger”
mechanism shows that, even with a relatively simple piece of code, there is
still a lot of room for disagreement and problems can turn out to be larger
than expected.
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
Debian has updated ffmpeg (multiple
code execution vulnerabilities).
Ubuntu has updated ghostscript
(multiple code execution vulnerabilities dating back to 2008).
This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net
The Apache Software Foundation has announced
the release of Hadoop 1.0. “A foundation of Cloud computing and at
the epicenter of “big data” solutions, Apache Hadoop enables data-intensive
distributed applications to work with thousands of nodes and exabytes of
data. Hadoop enables organizations to more efficiently and cost-effectively
store, process, manage and analyze the growing volumes of data being
created and collected every day. Apache Hadoop connects thousands of
servers to process and analyze data at supercomputing speed.”