Noise

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Messages from the kernel are created by humans, usually using one of the
many variants of the printk() function. But, increasingly, those
messages are read by machines in the form of log file parsers, automated
management systems, and so on. The machines have, for some time, struggled
to make sense out of those human-created messages which, often as not, are
unpredictable in their organization, lacking important information, and
subject to change. So it is not surprising that there has been ongoing
interest in adding some structure to kernel log messages; the subject was
recently raised by the audience at the Collaboration Summit kernel panel.
At about the same time, a new attempt to improve kernel logging was posted
to the linux-kernel mailing list; click below (subscribers only) for a
report from next week’s Kernel Page.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Version 2.4 of the Calligra office suite has been released.
The version number notwithstanding, this is Calligra’s first release in
this form; there is a lot of interesting stuff to be found therein.
“Calligra now has a completely rewritten text layout engine that can
handle most of the advanced layout features of ODF. This includes tables
that can now span more than one page, footnotes and endnotes and correct
run-around around other objects such as pictures. This text layout engine
is used all over the suite. The Words application itself is also largely
rewritten but this is not as visible to the user.”

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The LWN.net Weekly Edition for April 12, 2012 is available.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The Python project has released updated versions of Python 2.6, 2.7, 3.1,
and 3.2; in each case, the objective is to close the hash collision denial of service
vulnerability. It’s worth noting, though, that the fix needs to be
enabled explicitly: “Historically, dict iteration order has not changed very often across
releases and has always remained consistent between successive executions of
Python. Thus, some existing applications may be relying on dict or set ordering.
Because of this and the fact that many Python applications which don’t accept
untrusted input are not vulnerable to this attack, in all stable Python releases
mentioned here, HASH RANDOMIZATION IS DISABLED BY DEFAULT.” It can
be enabled with a command-line option or through an environment variable.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

CentOS has updated freetype (C5, C6: 14 CVE numbers),
libtiff (C5, C6: code execution),
samba3x (C5: remote code execution), and
samba (C5, C6: remote code execution).

Fedora has updated gnutls (F15: two code execution vulnerabilities) and
openssl (F16: denial of service).

Gentoo has updated chromium (12 2011
CVE numbers).

Mandriva has updated samba (remote
code execution).

openSUSE has updated postgresql
(multiple vulnerabilities).

Red Hat has updated samba (RHEL5-6: remote code execution),
samba3x (RHEL5: remote code
execution),
freetype (RHEL5-6: 14 CVE numbers),
libtiff (RHEL5-6: code execution),
and
acroread (RHEL5-6: code execution).

Scientific Linux has updated
samba (SL5-6: remote code execution),
samba3x (SL5: remote code execution),
freetype (SL5-6: 14 CVE numbers), and
libtiff (SL5-6: code execution).

Ubuntu has updated puppet (multiple
vulnerabilities) and
NVIDIA proprietary drivers (privilege
escalation).

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The Samba team has announced the release of versions 3.6.4, 3.5.14 and
3.4.16 containing a fix for a remote code
execution vulnerability. “As this does not require an
authenticated connection it is the most serious vulnerability possible in a
program, and users and vendors are encouraged to patch their Samba
installations immediately.” Distributor updates should start
showing up in the near future.

Update: the Samba 4 alpha releases are vulnerable as well; 4.0alpha19 has been released with a fix.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The Kubuntu project recently lost its
sponsorship from Canonical, which is
pursuing its fortunes in other areas. The project has now announced
that it will be sponsored by Blue Systems instead. “Blue Systems
sponsors a number of KDE projects and will encourage Kubuntu to follow the
same successful formula as it has always had – community led, KDE focused,
Ubuntu flavour.” The actual extent of this sponsorship is not clear
at this time.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

More than eight years after the 2.6.0 release, Willy Tarreau has announced
that he will no longer be releasing updates to the 2.4 series. For those
who really are unable to move on, he may maintain a git tree with an
occasional fix, “but with no guarantees.”

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

After a fairly typical Debian-style discussion, the project appears to have
settled on the wording of a diversity statement for the project:

Stefano Zacchiroli has declared an apparent end to the discussion, but is
holding off until after the project leader election to give the new leader
(assuming it’s somebody different) a chance to express an opinion.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

For those following the development of the Wayland display system, a new,
concise summary of the
state of Wayland has been posted. “GTK+ 3.4.1 and Qt5 appear to
have complete Wayland support except for client side decorations (CSD).
EFL and Clutter appear to have complete support. So any application should
work with Wayland as long as it uses one of these four toolkits, and it
doesn’t call any Xlib functions. Unfortunately a number of GTK+
applications do call Xlib, through gdk_x11_* functions, and they need to be
wrapped in build-time and run-time backend checks.”

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The 3.4-rc2 prepatch is out. It includes a
lot of fixes; Linus also decided to pull the
DMA mapping rework. That should be the end of the significant merges
for this development cycle, though: “I’m going to be stricter about
pulls from here on out, there was a lot of ‘noise’, not just pure
fixes.” The short-form changelog can be found in the announcement.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

For those in a hurry, the Economist has a brief and mostly negative
summary of a report on the benefits of the One Laptop Per Child program
in Peru. “An evaluation of the laptop programme by the
Inter-American Development Bank (IDB) found that the children receiving the
computers did not show any improvement in maths or reading. Nor did it find
evidence that access to a laptop increased motivation, or time devoted to
homework or reading.”

For those with more time, the
actual report is more nuanced. “Results indicate limited effects
on academic achievement but positive impacts on cognitive skills and
competences related to computer use. Cognitive abilities may arise through
using the programs included in the laptops, given that they are aimed at
improving thinking processes. However, to improve learning in Math and
Language, there is a need for high-quality instruction. From previous
studies, this does not seem the norm in public schools in Peru, where much
rote learning takes place.”

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The obligatory Fedora release schedule slip has been announced. Due to
some upgrade difficulties, the Fedora 17 beta has been pushed back to
April 17; the final release is now expected on May 22.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Version 2.0.0 of the PostGIS geographical database system is
out. There is a long list of new features, including raster data and
raster/vector analysis support, the ability to handle objects with shared
boundaries, 3D and 4D indexing, and more.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Debian has updated libpng (code
execution) and
tiff (code execution).

Mandriva has updated libtiff (code
execution).

openSUSE has updated nginx
(information disclosure).

Ubuntu has updated tiff (two code
execution vulnerabilities, one from 2010) and libpng (code execution).

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The FailOverflow site has an amusing
look inside an AT&T microcell box which, naturally, runs Linux.
“The backdoor uses simple UDP packets to transmit requests and
receive responses. There are a number of operations supported, but the most
useful one is called ‘BackdoorPacketCmdLine’. Yes. It’s actually called
‘Backdoor’. This command lets you execute any linux command. Execution is
performed using the backticksh function.” This port turns out to be
globally accessible. (Thanks to Paul Wise).

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The LWN.net Weekly Edition for April 5, 2012 is available.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Leo is an
interesting combination of text editor, integrated development environment,
project management tool, music player, and more. The 4.10 release is now
available; it includes a lot of new commands, better abbreviation
capabilities, and more.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

CentOS has updated rpm (C5,
C6: code execution prior to package
signature validation).

Mandriva has updated ocsinventory
(cross-site scripting).

openSUSE has updated chromium (nine
CVE numbers).

Oracle has updated rpm (OL5,
OL6: code execution prior to signature
validation).

Red Hat has updated rpm (RHEL3-6: code execution prior to
signature validation).

Scientific Linux has updated rpm (SL5-6: code execution prior to signature
validation).

Ubuntu has updated thunderbird (fix
regressions from previous update).

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The first alpha
release of the Qt5 toolkit is available, showing the direction that Qt
is taking. A lot of the work appears to be under-the-hood restructuring,
but there’s a number of new features as well. “There was one basic vision driving a lot of the Qt 5 work:
‘Qt 5 should be the foundation for a new way of developing
applications. While offering all of the power of native Qt using C++, the
focus should shift to a model, where C++ is mainly used to implement
modular backend functionality for Qt Quick.’” (Thanks to Paul Wise).

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Kay Sievers has sent out an announcement that the udev and systemd projects
will be merging into a single source tree. “Today, ‘Init’ needs to
be fully hotplug-capable; udev device management and knowledge about device
lifecycles is an integral part of systemd and not an isolated logic. Due to
this, and to minimize our administrative workload, as well as to minimize
duplication of code, and to resolve cyclic build dependencies in the core
OS, we have decided to merge the two projects.” What the developers
will not do is remove the ability to build and run udev on a system
that is not using systemd.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

This year’s edition of the Linux Storage, Filesystem, and Memory Management
Summit took place in San Francisco April 1-2, just prior to the Linux
Foundation Collaboration Summit. Ashvin Goel of the University of Toronto
was invited to the summit to discuss the work that he and others at the
university had done on consistency checking as filesystems are updated,
rather than doing offline checking using tools like fsck. The
result was an interesting discussion on how to keep filesystems from
suffering corruption in the first place. Click below (subscribers only)
for the full report.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

alt="[plot]" border=0 align="right" hspace=5/>

The Open Source Automation Development Lab has posted a press
release celebrating a full year’s worth of testing of latencies on
several systems running the realtime preemption kernel. “Each graph
consists of more than 730 latency plots put before one another with the
time scale running from back to front. A latency plot displays the number
of samples within a given latency class (resolution 1 µs). The logarithmic
frequency values at the y-scale ensure that even a single outlier would be
displayed (for details of the test procedures and the load scenarios please
refer to this description). The absence of any outlier in all the very
different systems clearly demonstrates that the perfect determinism of the
mainline Linux real-time kernel is a generic feature; it is not restricted
to any particular architecture.” OSADL is an industry consortium
dedicated to encouraging the development and use of Linux in automated
systems.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The Linux Foundation has posted a cute video
describing (at a very high level) how the kernel development process
works. There will be few surprises there for LWN readers, but it may be
useful for a wider audience.

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

width-110 height=140 alt="[Epiphany]" border=0 hspace=3 align="right"/>

When one talks about web browsers for desktop Linux systems, there are
usually two options on the table: Firefox or Chromium. There are a number
of other browsers out there, though, including Epiphany, the GNOME project’s
official web browser. In past years, development of Epiphany appears to
have slowed considerably, and it has not drawn much in the way of
attention. Recently, though, there have been indications
of a new burst of activity around Epiphany, so your editor decided to take
a fresh look.

Click below (subscribers only) for the full review.