Author Archive

LWN.net: ISC releases BIND 10 1.2, renames it, and turns it over to community

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Internet Systems Consortium, the non-profit behind the BIND DNS server, has released version 1.2 of BIND 10, which is the last release it will make of the “applications framework for Internet infrastructure, such as DNS“. That completes ISC’s development effort on BIND 10, so it has renamed the project to Bundy and turned it over to the community for updates and maintenance. “‘BIND 10 is an excellent software system,’ said Scott Mann, ISC’s Vice
President of Engineering, ‘and a huge step forward in open-source
infrastructure software. Unfortunately, we do not have the resources to
continue development on both projects, and BIND 9 is much more widely used.’
‘The BIND 10 software is open-source,’ Scott added, ‘so we are making it
available for anyone who wants to continue its development. The source
will be available from GitHub under the name Bundy, to mitigate the
confusion between it and ISC’s BIND 9 (a completely separate system).
The name ‘BIND’ is associated with ISC; we have changed its name as a
reminder that ISC is no longer involved with the project.’

LWN.net: Ubuntu 14.04 LTS (Trusty Tahr) released

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Ubuntu has announced the release of its latest long-term support
distribution: Ubuntu 14.04 LTS (aka “Trusty Tahr”). The release notes
have all the details. It comes in a multitude of configurations, for desktops,
servers, the cloud, phones, and tablets; also in many flavors: Kubuntu, Edubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, Ubuntu
Kylin, and Ubuntu Studio.
Ubuntu 14.04 LTS is the first long-term support release with support
for the new “arm64″ architecture for 64-bit ARM systems, as well as the
“ppc64el” architecture for little-endian 64-bit POWER systems. This
release also includes several subtle but welcome improvements to Unity,
AppArmor, and a host of other great software.

LWN.net: Plant Breeders Release First ‘Open Source Seeds’ (NPR)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

NPR has a look at the cross-pollination of open source software and agriculture, resulting in the release of the first “Open Source Seeds”. The new Open Source Seed Initiative was formed to put seeds, and, more importantly, their genetic material, into a protected commons, so they will be available in perpetuity.
At an event on the campus of the University of Wisconsin, Madison, backers of the new Open Source Seed Initiative will pass out 29 new varieties of 14 different crops, including carrots, kale, broccoli and quinoa. Anyone receiving the seeds must pledge not to restrict their use by means of patents, licenses or any other kind of intellectual property. In fact, any future plant that’s derived from these open source seeds also has to remain freely available as well.
(Thanks to Rich Brown.)

LWN.net: QEMU 2.0.0 released

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

The QEMU team has announced
the release of version 2.0.0 of the QEMU “open source machine
emulator and virtualizer
“. New features in the release include
support for KVM on AArch64 (64-bit ARM) systems, support for all 64-bit
ARMV8 instructions (other than the optional CRC and crypto extensions),
support for the Allwinner A10-based cubieboard, CPU hotplug for Q35 x86
systems, better Windows guest performance when doing many floating-point or
SIMD operations, live snapshot merging, new management interfaces for CPU
and virtio-rng hotplug, direct access to NFSv3 shares using libnfs, and
lots more. Detailed information about all of the changes can be found in
the changelog.

LWN.net: Security updates for Thursday

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Debian has announced that
regular security updates for Debian 6.0 (“squeeze”) will cease on May 31.
But there will be long-term support for most of the packages in squeeze on
just the i386
and amd64 architectures until February 2016.

Fedora has updated cacti (F20; F19:
multiple vulnerabilities), json-c (F20: two
denial of service flaws), and openstack-keystone (F20: access restriction bypass).

Mandriva has updated json-c
(BS1.0: two denial of service flaws).

Oracle has updated java-1.6.0-openjdk (OL6; OL5:
multiple vulnerabilities, most unspecified) and java-1.7.0-openjdk
(OL6; OL5:
multiple vulnerabilities, most unspecified).

Red Hat has updated java-1.6.0-sun (many vulnerabilities, lots
unspecified), java-1.7.0-oracle (RHEL; RHEL
Supplementary
: multiple vulnerabilities, most unspecified), and libyaml (RHEL6: two code execution flaws).

Scientific Linux has updated java-1.6.0-openjdk (multiple vulnerabilities,
most unspecified) and java-1.7.0-openjdk
(SL5: multiple vulnerabilities, most unspecified).

SUSE has updated flash-player
(SLE11SP3: multiple vulnerabilities) and kernel (SLERTE11SP3; SLE10SP4: multiple vulnerabilities).

LWN.net: Python Software Foundation opens membership to the entire Python community

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

During an April 13 keynote at PyCon, Van Lindberg, chair of the Python Software Foundation (PSF) board, announced that PSF membership would now be open to the entire community. It had previously been a self-sustaining membership, with current members nominating new members, but that has now changed. Community members can sign up as PSF members by way of a “Become a Member” button at the bottom of the Python home page. Filling out a a form and agreeing to the Code of Conduct is all that is required to join. Instead of the roughly 200 members reported at PyCon 2013, he would like to see 30,000 or more PSF members by the end of 2014. This is part of an effort to diversify the PSF in much the same way that the Python community itself has diversified over the years, Lindberg said.

LWN.net: Baker: Brendan Eich Steps Down as Mozilla CEO

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

On the Mozilla blog, Mitchell Baker, chair of the Mozilla foundation, announced the resignation of Brendan Eich as Mozilla Corporation CEO on April 3. That comes less than two weeks after Eich was appointed. It has been a tumultuous time at Mozilla, which felt the need to post a statement in support of LGBT equality on March 29. Eich came under fire for a donation he made to the anti-gay-marriage campaign (Proposition 8) in California.
We have employees with a wide diversity of views. Our culture of openness extends to encouraging staff and community to share their beliefs and opinions in public. This is meant to distinguish Mozilla from most organizations and hold us to a higher standard. But this time we failed to listen, to engage, and to be guided by our community.

While painful, the events of the last week show exactly why we need the web. So all of us can engage freely in the tough conversations we need to make the world better.

We need to put our focus back on protecting that Web. And doing so in a way that will make you proud to support Mozilla.”

LWN.net: Security advisories for Friday

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

CentOS has updated httpd (C6; C5:
multiple vulnerabilities).

Fedora has updated kernel (F20:
multiple vulnerabilities).

Mageia has updated a2ps (code
execution), moodle (multiple
vulnerabilities), php (M3: three
vulnerabilities), python-imaging (M3:two
tmpfile flaws), and python-pillow (M4: two
tmpfile flaws).

openSUSE has updated file (12.3:
denial of service), openssl (13.1, 12.3:
side-channel attack), and python-pyOpenSSL
(11.4: certificate spoofing).

Oracle has updated httpd (OL6; OL5:
multiple vulnerabilities).

Red Hat has updated httpd (RHEL6; RHEL5:
multiple vulnerabilities), openstack-keystone (OS3: access control bypass), openstack-nova (OS3: multiple vulnerabilities), openstack-swift (OS3: timing side-channel attack),
python-django-horizon (OS3: information
disclosure), and ruby193-libyaml (OS3: two
code execution flaws).

SUSE has updated lighttpd
(SLE11SP3: two vulnerabilities) and sudo
(SLE11SP3: privilege escalation).

Ubuntu has updated libyaml
(13.10, 12.10, 12.04: code execution) and libyaml-libyaml-perl (13.10, 12.10, 12.04: two
code execution flaws).

LWN.net: Stable kernels 3.13.9, 3.10.36, and 3.4.86

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Greg Kroah-Hartman has announced the release of the 3.13.9, 3.10.36, and 3.4.86 stable kernels. Users of those kernel
series should upgrade.

LWN.net: Newegg and friends crush a patent troll (Ars Technica)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Ars Technica reports on the victory that Newegg, Geico, and others have achieved over the patent troll Macrosolve. After extracting $4M in settlements with a patent that it claims covers mobile app questionnaires, Macrosolve has dismissed all pending cases and admitted it can’t go forward with a trial scheduled for June (in East Texas, of course). “‘Macrosolve is now trading at a smidge above $0.01 per share,’ noted [Newegg's Chief Legal Officer Lee] Cheng in his e-mail to allies, which he shared with Ars. ‘Why those asshats continue to trade at ANY value, I do not know. The world would be a better place without them and their advantage-taking ways. Please continue to support efforts to bring symmetry to patent law, legislatively, administratively, in the courts, and in the court of public opinion.’

LWN.net: Huang: Crowdfunding the Novena Open Laptop

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Andrew “bunnie” Huang has announced an effort to crowdfund an open laptop. They are ARM-based “hacker laptops” (and desktops) where the display opens “the wrong way” to facilitate access to the hardware inside. It runs Linux, of course, and all of the hardware design is freely available. “To be clear, this is not a machine for the faint of heart. It’s an open source project, which means part of the joy – and frustration – of the device is that it is continuously improving. This will be perhaps the only laptop that ships with a screwdriver; you’ll be required to install the battery yourself, screw on the LCD bezel of your choice, and you’ll get the speakers as a kit, so you don’t have to use our speaker box design – if you have access to a 3D printer, you can make and fine tune your own speaker box.” (Thanks to Paul Wise.)

LWN.net: Security updates for Thursday

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Fedora has updated maradns (F19:
denial of service).

Mageia has updated curl (three
vulnerabilities), libyaml (code execution),
mediawiki (cross-site request forgery), perl-YAML-LibYAML (two code execution
vulnerabilities), php-ZendFramework
(multiple vulnerabilities), ruby-rack-ssl
(cross-site scripting), springframework
(two vulnerabilities), tomcat (M4;
M3: multiple vulnerabilities), and xalan-j2 (code execution).

Red Hat has updated libyaml (OS4; OS3: two
code execution
vulnerabilities) and ruby193-libyaml
(RHEL6: two code execution vulnerabilities).

Ubuntu has updated nss (incorrect
wildcard certificate handling).

LWN.net: Linux Storage, Filesystem, and Memory Management Summit coverage

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Somewhat more than half of LWN’s coverage of this year’s LSFMM Summit is
now available. Subscribers can have a
look at a wide range of topics that were discussed on March 24 and 25 in
Napa, California. More coverage will be
added to the page as it becomes available.

LWN.net: [$] Facebook and the kernel

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

As one of the plenary sessions on the first day of the Linux Storage, Filesystem, and
Memory Management (LSFMM) Summit,
Btrfs developer Chris Mason presented on how his new employer, Facebook,
uses the Linux kernel. He shared some of the eye-opening numbers that
demonstrate just how much processing Facebook does using Linux, along with
some of the “pain points” the company has with the kernel.

Subscribers can click below for a report on the talk from this week’s edition.

LWN.net: Full Disclosure Mailing List: A Fresh Start

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

The full-disclosure mailing list is back. Nmap developer Fyodor has announced that he is resurrecting the list after its abrupt closure in mid-March. “The new list must be run by and for the security community in a vendor-neutral fashion. It will be lightly moderated like the old list, and a volunteer moderation team will be chosen from the active users. As before, this will be a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature, light (versus restrictive) moderation, and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts won’t be tolerated!

LWN.net: Fedora Present and Future: a Fedora.next 2014 Update (Part I, “Why?”)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

In Fedora Magazine, Matthew Miller has an extensive look at why there is a need for Fedora.next. He links to a number of talks he and others have given as background, but the basic idea is that (at least in Miller’s view) open source development has moved beyond the concept of distributions—they have just become boring infrastructure.
Well, actually all of the major distributions that work basically in the way Fedora does are on the decline. Slackware peaked before Fedora; openSUSE and Fedora seem to have peaked in terms of the buzz/popularity measure around 2006 or 2007. But Ubuntu has the same peak, just a bit later in 2009. If we count the years from now… that’s a long trend of decline for all of us. Ubuntu is still very popular, of course, but, they’re not cool. None of us are cool anymore.

We want to be cool. How can we do that?” (Thanks to Paul Wise.)

LWN.net: Security updates for Friday

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Debian has updated extplorer
(multiple cross-site scripting flaws).

Fedora has updated asterisk (F20; F19: two
vulnerabilities), libmodplug (F20;
F19: two code execution flaws), python-swiftclient (F20: add SSL certificate
checking by default), and springframework-security (F20; F19:
authentication bypass).

Mageia has updated nss, firefox, and
thunderbird
(multiple vulnerabilities).

Mandriva has updated nss (ES5:
incorrect wildcard certificate handling).

LWN.net: [$] Debian and CAcert

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

CAcert is an SSL/TLS certificate
authority (CA) that seeks to be community driven and to provide
certificates for free (gratis), which stands in sharp contrast to the other
existing
CAs. But, in order for CAcert-signed certificates to be accepted by web
browsers and other TLS-using applications, the CAcert root certificate must
be included
in the “trusted certificate store” that operating systems use to determine
which CAs to trust. For the most part, CAcert has found it difficult to
get included in the distribution-supplied trusted root stores; the
discussion in a recently
closed
Debian bug highlights the problem.

Subscribers can click below for the full article from this week’s Distributions page.

LWN.net: Python 3.4.0 released

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

After around 18 months of development, Python 3.4 has been released. There were no new language changes for this release, but there were many new features in the standard library and CPython implementation, some of which we looked at recently. The “What’s new in Python 3.4” page looks at the changes in even greater detail. Beyond the new features, there were also “hundreds of small improvements and bug fixes“. You can get Python 3.4 from the download page or from distribution repositories before too long.

LWN.net: Stable kernel 3.12.14

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Jiri Slaby has announced the release of the 3.12.14 stable kernel. Slaby took over
maintenance of the 3.12 series starting with this release. As would be
expected, it has fixes throughout the tree; users should upgrade.

LWN.net: Applications 4.13 Coming Soon, Help Us Test! (KDE.news)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

In conjunction with the KDE community’s second beta release of Applications and Platform 4.13, Jos Poortvliet has put together a guide to helping test the Applications piece of the release. He looks at the improvements that are going into the Applications to give ideas about what to test. There are also some more formal testing resources that he mentions. “Testing is a matter of trying out some scenarios you decide to test, for example, pairing your Android phone to your computer with KDE Connect. If it works – awesome, move on. If it doesn’t, find out as much as you can about why it doesn’t and use that for a bug report.

LWN.net: Ubuntu’s Mir display server may not be default on desktop until 2016 (ars technica)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Ars technica reports on the virtual Ubuntu Developer Summit (vUDS) keynote from Canonical’s Mark Shuttleworth. “On the desktop, users can install Mir themselves, but it won’t be turned on by default for everyone just yet. ‘My expectation is that within the next 12 months you will see lots of people running Mir as their default display server, and by 16.04 it will be the default display server,’ Shuttleworth said. ‘There’s lots of reasons why that will let us support more hardware, let us get much better performance, and let us do great things with some of the software companies we care about, who want to squeeze every bit of performance out of the hardware you’ve got.’

LWN.net: Thursday’s security updates

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Debian has updated cups (three
vulnerabilities) and lighttpd (two vulnerabilities).

Fedora has updated mantis (F20; F19:
three SQL injection flaws) and net-snmp (F20; F19:
denial of service).

Mageia has updated flash-player-plugin (two vulnerabilities) and
imapsync (information leak).

Mandriva has updated apache-commons-fileupload (BS1.0: denial of
service), file (BS1.0: two
vulnerabilities), libssh (BS1.0: private
key leak), net-snmp (BS1.0: two denial of
service flaws), otrs (BS1.0: code
execution), and owncloud (BS1.0: multiple
unspecified vulnerabilities).

openSUSE has updated otrs (12.3,
13.1: code execution).

Red Hat has updated flash-plugin
(two vulnerabilities), gnutls (certificate
validation botch), and kernel (RHEL5:
multiple vulnerabilities).

Slackware has updated mutt (code execution).

LWN.net: [$] A false midnight

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Interpreted, “duck typing” languages often have some idiosyncrasies in
their definitions of “truth” and Python is no exception. But Python goes a
bit further than some other languages in interpreting the True or
False status of non-Boolean values. Even so, it often comes as a
big surprise for programmers to find (sometimes by way of a
hard-to-reproduce bug) that, unlike any other time value, midnight
(i.e. datetime.time(0,0,0)) is False. A long discussion
on the python-ideas mailing list shows that, while surprising, that behavior
is desirable—at least in some quarters.

LWN.net: Linux Foundation teams up with edX to build free online Linux course

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

The Linux Foundation has announced that it is building a massive open online course (MOOC) with edX, the non-profit learning platform created by Harvard University and Massachusetts Institute of Technology (MIT). “The Linux Foundation and edX are partnering to develop a MOOC program that will help address this issue by making basic Linux training materials available to all for free. Previously a $2,400 course, Introduction to Linux will be the first class available as a MOOC and will be free to anyone, anywhere. The Linux Foundation is among a new group of member organizations edX announced today who will contribute courses to the platform.

EdX’s MOOC’s are an increasingly popular way to provide for unlimited participation and open access to learning material to people anywhere in the world via the web. These programs also provide interactive users forums where students and professors can build communities, similar to the way in which the Linux community collaborates. MOOCs have recently generated enrollments for individual classes of 60,000 or more students.”