Noise

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

On his blog, Michael Meeks has a look at some of the less visible (to the user) changes to LibreOffice for 4.1. He describes changes like the completion of the switch to GNU make, code cleanup (including more German comment translation), eliminating bugs that result in crashes, refactoring the Calc spreadsheet core, and more. “One of the tasks that most irritates and has distracted new developers from doing interesting feature work on the code-base over many years has been our build system. At the start of LibreOffice, there was an incomplete transition to using GNU make, which required us to use both the horrible old dmake tool as well as gnumake, with configure using a Perl script to generate a shell script configuring a set of environment variables that had to be sourced into your shell in order to compile (making it impossible to re-configure from that shell), with a Perl build script that batched compilation with two layers of parallelism, forcing you to over- or undercommit on any modern builder.”

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

TechTarget has an interview with Denise Dumas, Red Hat’s director of software engineering, about RHEL 6.5 and 7. In it, Dumas outlines some changes coming in those releases, particularly in the areas of storage, networking, in-place upgrades from RHEL 6, and the default desktop:

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Greg Kroah-Hartman has announced the release of the
3.9.6, 3.4.49, and
3.0.82 stable kernels. Users of those
kernels should upgrade.

Update: As noted in this G+ post,
the code name for 3.9.6 has changed to “Black Squirrel Wakeup Call”.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

CentOS has updated krb5 (C5; C6: denial
of service from 2002).

Debian has updated dbus (denial of
service).

Fedora has updated perl-Dancer (F17; F18:
header injection), kernel (F18:
multiple vulnerabilities), and 389-ds-base
(F17: information disclosure).

openSUSE has updated kernel (12.1:
code execution). The distribution also announced that 12.1 has reached end of life
and will no longer be updated.

Oracle has updated kernel (OL5; OL6: two
vulnerabilities) and krb5 (OL5; OL6: denial of service from 2002)

Red Hat has updated krb5 (denial of
service from 2002) and python-keystoneclient
(RH OpenStack: PKI token expiration botch).

Scientific Linux has updated kernel
(SL6: multiple vulnerabilities).

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Linux.com interviews Wolfgang Denk, creator of the U-Boot bootloader, about two great things that embedded Linux has achieved: abstracting away hardware differences for application developers and the rapid adoption of the Yocto project. “But the really dramatic changes do not happen in Linux, but in the hardware. If you consider the landslide-like move from Power Architecture to ARM systems in the last two or three years it is highly notable that this happened without disconcertment for both developers and users: thanks to Linux, the low level hardware details are well abstracted away, and on application level it does not really matter at all which exact architecture or SoC you are working with. This is really a great achievement.”

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

This year’s pgCon, which concluded May 25th,
included an unusually high number of changes to the PostgreSQL community,
codebase, and development. Contributors introduced multiple new major
projects which will substantially change how people use PostgreSQL,
including parallel query, a new binary document store type, and pluggable
storage. In addition, Tom Lane switched jobs, four new committers were
selected, pgCon
had the highest attendance ever at 256 registrations, and held its first unconference after the
regular conference. Subscribers can click below for the report by guest
author Josh Berkus.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Over at Phoronix, Eric Griffith has attempted to set the record straight on X and Wayland, with assistance from X/Wayland developer Daniel Stone. He looks at the failings of X and the corresponding “fixings of Wayland”, along with some misconceptions about the two and some generic advantages for Wayland. “‘X is Network Transparent.’ Wrong. [It's] not. Core X and DRI-1 were network transparent. No one uses either one. Shared-Memory, DRI-2 and DRI-3000 are NOT network transparent, they do NOT work over the network. Modern day X comes down to synchronous, poorly done VNC. If it was poorly done, async, VNC then maybe we could make it work. But [it's] not. Xlib is synchronous (and the movement to XCB is a slow one) which makes networking a NIGHTMARE.”

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

The designers of a new programming language are probably most interested in
the big features — the things that just couldn’t be done with whichever
language they are trying to escape from. So they are probably
thinking of the type system, the data model, the concurrency support,
the approach to polymorphism, or whatever it is that they feel will
affect the expressiveness of the language in the way they want. But there
are lots of little things to consider too, and guest author Neil Brown
looks at some of them in an article from next week’s edition.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Version 7.4 of the rsyslog system logger has been released. This is the first version of the new 7.4 stable branch and it joins version 7.2.7 as supported versions of the tool. New headline features include support for the systemd journal (both as input and output) along with log file encryption, signatures, and anonymization.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Fedora has updated cgit (F17;
F18: directory traversal),
mod_security (F17; F18: denial of service), pki-tps (F17: two vulernabilities), libxcb (F18: code execution), libXfixes (F18: code execution), libXt (F18: two vulnerabilities), libXtst (F18: code execution), libXv (F18: two code execution flaws), and libXxf86dga (F18: two code execution flaws).

openSUSE has updated Mesa (12.2:
code execution).

Ubuntu has updated a bunch of X libraries for the recent X client vulnerabilities: libdmx, libfs, libx11, libxcb, libxcursor, libxext, libxfixes, libxinerama, libxp, libxrandr, libxrender, libxres, libxt, libxtst, libxv, libxvmc, libxxf86dga, libxxf86vm, and libxi.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

alt="[Armijn Hemel]" width=116 height=150/>

When one is trying to determine if there are compliance problems in a body
of
source code—either code from a device maker or from someone in the supply chain
for a device—the sheer number of files to consider can be a difficult
hurdle. A simple technique can reduce the search space
significantly, though it does require a bit of a “leap of faith”, according
to Armijn Hemel. He presented his technique, along with a
case study and a war story or two at LinuxCon
Japan.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

On his blog, Andy Grover has some thoughts on how to make Fedora more relevant for servers. Because of the 13-month supported lifespan of a Fedora release, administrators are typically wary of using it, but new deployment schemes make it more viable. “Let’s come back to the odd fact that Fedora is both a precursor to RHEL, and yet almost never used in production as a server OS. I think this is going to change. In a world where instances are deployed constantly, instances are born and die but the herd lives on. Once everyone has their infrastructure encoded into a configuration management system, Fedora’s short release cycle becomes much less of a burden. If I have service foo deployed on a Fedora X instance, I will never be upgrading that instance. Instead I’ll be provisioning a new Fedora X+1 instance to run the foo service, start it, and throw the old instance in the proverbial bitbucket once the new one works.”

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

align="right" alt="[Linus Torvalds and Dirk Hohndel]" width=200 height=164/>

Linus Torvalds and Dirk Hohndel sat down at LinuxCon Japan
2013 for a “fireside chat” (sans fire), ostensibly to discuss where
Linux is going. While they touched on that subject, the conversation was
wide-ranging over both Linux and non-Linux topics, from privacy to
diversity and from educational systems to how operating systems will look in
20-30 years. Subscribers can click below for the full story from this
week’s edition.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

align="right" alt="[Linus Torvalds and Dirk Hohndel]" width=200 height=164/>

Linus Torvalds and Dirk Hohndel sat down at LinuxCon Japan
2013 for a “fireside chat” (sans fire), ostensibly to discuss where
Linux is going. While they touched on that subject, the conversation was
wide-ranging over both Linux and non-Linux topics, from privacy to
diversity and from educational systems to how operating systems will look in
20-30 years. Subscribers can click below for the full story from this
week’s edition.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Designing an enumeration type (i.e. “enum”) for a language may seem like a
straightforward exercise, but the recently “completed” discussions over
Python’s PEP 435
show that it has a few wrinkles. The discussion spanned several long
threads in two mailing lists
(python-ideas, python-devel) going back to January in this particular
iteration, but the
idea is far older than that. Subscribers can click below for the full
article from this week’s edition.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

While it is not an official Debian release, the Debian GNU/Hurd team has announced the release of Debian GNU/Hurd 2013. GNU Hurd is a Unix-style kernel based on the Mach microkernel and Debian GNU/Hurd makes much of the Debian system available atop that kernel.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Local privilege escalations seem to be regularly found in the Linux kernel
these days, but they usually aren’t quite so old—more than two years
since the release of 2.6.37—or backported into even earlier kernels.
But CVE-2013-2094
is just that kind of bug, with a now-public exploit that apparently dates
back to 2010.

Click below (subscribers only) for LWN’s look at this vulnerability.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Greg Kroah-Hartman has announced the release of the 3.9.3, 3.4.46,
and 3.0.79 stable kernels. As always, they
contain important fixes throughout the tree, so users should upgrade.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

The New Yorker magazine has started a service called Strongbox that allows anonymous information to be sent to magazine. It is based on the DeadDrop free software project that was created by the late Aaron Swartz, which uses the Tor network to preserve anonymity. The magazine also has an article by Kevin Poulsen, who organized the project, about its history. “In New York, a computer-security expert named James Dolan persuaded a trio of his industry colleagues to meet with Aaron to review the architecture and, later, the code. We wanted to be reasonably confident that the system wouldn’t be compromised, and that sources would be able to submit documents anonymously—so that even the media outlets receiving the materials wouldn’t be able to tell the government where they came from.”

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

CentOS has updated openswan (C5; C6: code
execution).

Debian has updated kernel (many
vulnerabilities).

Fedora has updated openvpn (F17; F18:
possible plaintext recovery) and clamav
(F18: multiple vulnerabilities).

Mageia has updated flash-player-plugin (many vulnerabilities).

Oracle has updated thunderbird (OL6:
multiple vulnerabilities), firefox (OL5; OL6:
multiple vulnerabilities), and openswan (OL5; OL6: code
execution).

Red Hat has updated openswan (code
execution).

Slackware has updated firefox
(multiple vulnerabilities) and thunderbird
(multiple vulnerabilities).

Ubuntu has updated kernel (10.04:
multiple vulnerabilities) and kernel (12.04; 12.10;
13.04; 12.04 Quantal
hardware enablement kernel: perf privilege escalation).

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

It’s hard to say why, but May appears to be the month where we look in on PyPy.
Three
years ago, we had a May 2010 introduction to
PyPy,
followed by an experiment using it in May
2011. This year, the PyPy
2.0 release was made on May 9—that, coupled with our evident
tradition, makes for a good reason to look in on this Python
interpreter written in Python. Subscribers can click below for our report
on the release from this week’s edition.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

It’s hard to say why, but May appears to be the month where we look in on PyPy.
Three
years ago, we had a May 2010 introduction to
PyPy,
followed by an experiment using it in May
2011. This year, the PyPy
2.0 release was made on May 9—that, coupled with our evident
tradition, makes for a good reason to look in on this Python
interpreter written in Python. Subscribers can click below for our report
on the release from this week’s edition.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

In Berkeley, California — the birthplace of PostgreSQL — it’s spring: plum
and cherry blossoms, courting finches and college students, new plans for
the summer, and the first beta release of the database
system. Every year, the first beta of the next PostgreSQL version comes out
in April or May, for a final release in September. PostgreSQL
9.3 beta 1 was released to the public on May 13th, and contains a
couple dozen new features both for database administrators and application
developers. Subscribers can click below for a look at some of the new
features by guest author Josh Berkus.

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Fedora project leader Robyn Bergeron has announced an information disclosure bug in the Fedora account system that may have exposed certain types of information (hashed passwords, security questions and encrypted answers, etc.) from unapproved members. It has been present since 2008, but could only be exploited by authenticated users, furthermore:

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Three releases of Ubuntu reached their end of life on May 9, 2013, which
means they
will no longer receive updates of any kind. Users of Ubuntu 8.04 LTS (“Hardy Heron”), Ubuntu 10.04 LTS Desktop (“Lucid Lynx”), and Ubuntu 11.10 (“Oneiric Ocelot”) should upgrade.