Welcome to LWN.net

LWN featured content

[Front] Posted Feb 15, 2012 20:21 UTC (Wed) by jake

The recently released Open Advice has much to offer those who are new to free software and its communities, but there is plenty of interest to veterans as well. It is a collection of essays from an auspicious number of contributors (42) to free and open source software (FOSS) that centers around the idea of "what we wish we had known when we started". As might be guessed, the book encompasses more than that—it ranges all over the FOSS map—including recollections, war stories, philosophical musings, academic research, and good advice. Subscribers can click below for the full review from this week's edition.

Full Story (comments: 2)

[Kernel] Posted Feb 15, 2012 14:39 UTC (Wed) by jake

ARM Ltd recently announced the big.LITTLE architecture consisting of a twist on the SMP systems that we've all gotten accustomed to. Instead of having a bunch of identical CPU cores put together in a system, the big.LITTLE architecture is effectively pushing the concept further by pulling two different SMP systems together: one being a set of "big" and fast processors, the other one consisting of "little" and power-efficient processors. Subscribers can click below for a look at supporting this architecture in Linux from guest author Nicolas Pitre.

Full Story (comments: 22)

[Development] Posted Feb 8, 2012 17:01 UTC (Wed) by jake

XBMC, the open source media center, has steadily grown from its humble origins as an X-Box only replacement environment into the cross-platform, de facto playback front-end for multimedia content. It merges the file-centric approach taken by traditional video players with an add-on scripting environment that handles remote web content. The project is currently finalizing its next major release, version 11.0 (codenamed Eden), which includes updates to the networking and video acceleration subsystems, broader hardware support, and numerous changes to the APIs available to add-on developers.

Click below (subscribers only) for the full review.

Full Story (comments: 18)

[Front] Posted Feb 1, 2012 16:26 UTC (Wed) by corbet

The eLinux.org web site is currently promoting a project to write a replacement for Busybox under a permissive license. Normally, the writing of more free software is seen as a good thing, but, in this case, there have been complaints about the perceived motivation behind the project. What this discussion shows is that there are some divisions within our community on how our licenses should be enforced - and even what those licenses say.

Full Story (comments: 227)

[Front] Posted Jan 25, 2012 19:50 UTC (Wed) by jake

"World domination" is a less prevalent theme in Linux and open source discussions these days than it was some time ago, but it still comes up regularly in one field of study: robots. At the 2012 Southern California Linux Expo (SCALE) in Los Angeles, Willow Garage's Tully Foote described the Robot Operating System (ROS) project, an open source stack for state-of-the-art robotics. ROS is in use by industry and academic research projects, often on hardware that runs in the hundreds-of-thousands of dollars range, but it is capable of running on low end and homebrew robots, too.

Click below (subscribers only) for the full report from SCALE 10x.

Full Story (comments: 4)

[Kernel] Posted Jan 20, 2012 20:01 UTC (Fri) by corbet

Linux has a lot of filesystems, but two of them (ext4 and btrfs) tend to get most of the attention. In his 2012 linux.conf.au talk, XFS developer Dave Chinner served notice that he thinks more users should be considering XFS. His talk covered work that has been done to resolve the biggest scalability problems in XFS and where he thinks things will go in the future. If he has his way, we will see a lot more XFS around in the coming years.

Full Story (comments: 254)

[Front] Posted Jan 17, 2012 22:05 UTC (Tue) by corbet

Bruce Perens wore a suit and tie for his linux.conf.au 2012 keynote for a reason, he said: it reflects our community's need to think more about how it appears to the rest of the world. Despite our many successes, he said, we have failed to achieve the goals that our community set for itself many years ago. We have failed to engage and educate our users, and are finding ourselves pulled into an increasingly constrained world. To get out of this mess, we will have to make some changes - and expand our scope beyond software and culture.

Full Story (comments: 157)

[Front] Posted Jan 16, 2012 19:18 UTC (Mon) by corbet

The systems administration miniconf at the 2012 linux.conf.au hosted 'a casual conversation' with a group of core Samba developers on the project's near future roadmap and the plans for Samba 4. Andrew "Tridge" Tridgell led off by saying that the last a lot of people had heard about the project's plans came from "an article in a disreputable web site." The discussion reported on there was "very exciting," in that it moved the project's point of view on the Samba 4 release from "someday" to "let's get ready for a release." Since then, things have gotten quiet, but that does not mean that nothing has been happening.

Click below (subscribers only) for the full report from LCA 2012.

Full Story (comments: 13)

[Security] Posted Jan 11, 2012 20:23 UTC (Wed) by jake

Developers for several scripting language projects are currently scrambling to fix a newly-disclosed denial of service vulnerability caused by predictable hashing algorithms. As it happens, the term "newly disclosed" does not quite apply here, though: the problem has been known since 2003. Click below (subscribers only) for a description of this problem, its history, and its solution from this week's Security Page.

Full Story (comments: 74)

[Front] Posted Jan 10, 2012 20:36 UTC (Tue) by corbet

Recently, certain corners of the net have carried the claim that Barnes & Noble is refusing to release the source for the kernel shipped in its "Nook Tablet" book reader device. That, of course, would be a violation of the kernel's licensing. GPL violations are far from unheard of in the mobile electronics market, but B&N is a company with a high-enough profile to attract special attention. A look at what is going on suggests that there is less to the story than meets the eye - but it still merits a look.

Click below (subscribers only) for the full story.

Full Story (comments: 74)

Current news

[Security] Posted Feb 15, 2012 20:10 UTC (Wed) by ris

CentOS has updated libvorbis (C6; C5; C4: code execution) and C6: java (multiple vulnerabilities).

Debian has updated devscripts (multiple vulnerabilities).

Fedora has updated cvs (F16; F15: remote code execution).

Mandriva has updated phpldapadmin (cross-site scripting).

openSUSE has updated firefox (code execution).

Red Hat has updated kernel (multiple vulnerabilities), java (multiple vulnerabilities), libvorbis (code execution), and texlive (multiple vulnerabilities).

Scientific Linux has updated SL4: glibc (multiple vulnerabilities), SL6: java (multiple vulnerabilities), SL6: texlive (multiple vulnerabilities), and SL4,5,6: libvorbis (multiple vulnerabilities).

Ubuntu has updated devscripts (multiple vulnerabilities).

Comments (1 posted)

[Announcements] Posted Feb 14, 2012 21:30 UTC (Tue) by ris

Karsten Gerloff, President of the Free Software Foundation Europe, warns that the approval of two deals involving large patent portfolios could cause problems for free software. The first deal, recently approved by the US Department of Justice (DoJ), involves the sale of Nortel's patent portfolio to a consortium led by Apple and Microsoft. The second deal involves the sale of Motorola Mobility patents to Google, which has been approved by both the DoJ and the European Commission. "'We appreciate that competition authorities in the US and Europe continue to take software patents seriously as a risk to competition,' says Karsten Gerloff, President of the Free Software Foundation Europe. 'However, we believe that the commitments made by Google, Microsoft and Apple regarding their patent licensing policies are not sufficient to allow everyone to compete on equal terms.'"

Full Story (comments: 3)

[Development] Posted Feb 14, 2012 20:09 UTC (Tue) by ris

The Document Foundation has announced LibreOffice 3.5. Some of the new features in this release include: a built-in grammar checker for English and several other languages (Writer); an improved importer of custom shapes and Smart Art from PPT/PPTX and a feature for embedding multimedia/colour palettes into ODF documents (Draw); a new multi-line input area and new Calc functions conforming to the ODF OpenFormula specifications (Calc); and a new integrated PostgreSQL native driver (Base).

Full Story (comments: 11)

[Security] Posted Feb 14, 2012 18:45 UTC (Tue) by ris

CentOS has updated glibc (C4; C5: multiple vulnerabilities), C5: mysql (multiple unspecified vulnerabilities), and C6: httpd (multiple vulnerabilities).

Fedora has updated phpldapadmin (F16; F15: cross-site scripting), F15: php (remote code execution), F15: phpeaccelerator (remote code execution), and F15: maniadrive (remote code execution).

Mandriva has updated apr (denial of service).

Oracle has updated glibc (OL4; OL5: multiple vulnerabilities), OL6: httpd (multiple vulnerabilities), and OL5: mysql (multiple unspecified vulnerabilities).

Red Hat has updated glibc (RHEL5; RHEL4: multiple vulnerabilities), RHEL5: mysql (multiple unspecified vulnerabilities), and RHEL6: httpd (multiple vulnerabilities).

Scientific Linux has updated SL6: selinux-policy (policy enhancements), SL6: httpd (multiple vulnerabilities), SL5: mysql (multiple unspecified vulnerabilities), and SL5: glibc (multiple vulnerabilities).

Ubuntu has updated 11.10: linux-ti-omap4 (multiple vulnerabilities) and puppet (unintended access to resources).

Comments (none posted)

[Security] Posted Feb 14, 2012 17:39 UTC (Tue) by jake

The H is reporting that a backdoor was inserted into installation packages of the Horde groupware. The affected versions are "Horde 3.3.12, Groupware 1.2.10 and the webmail edition of the groupware product". An intrusion into the FTP server back in November led to the problem. "Users who have installed a hacked version onto a server have thrown their systems wide open to the hackers – the backdoor enables them to execute arbitrary PHP code. By exploiting additional vulnerabilities, attackers could use this to gain complete control of the server."

Comments (none posted)

[Development] Posted Feb 13, 2012 20:58 UTC (Mon) by corbet

The H has posted a lengthy introduction to the Wayland display server project. "Wayland is only as useful as the applications and toolkits it supports. Applications built for Xfce, GNOME and LXDE use the GTK+ toolkit. Porting the toolkit to Wayland makes the use of Wayland transparent to the application. From an application's point of view, it is still using the common UI elements, buttons, scrollbars, text areas, sliders and checkboxes, that it has always used; but further down the graphics stack, in the backend, these are now translated so they are rendered with an appropriate graphics library into Wayland buffers."

Comments (350 posted)

[Kernel] Posted Feb 13, 2012 20:54 UTC (Mon) by ris

Stable kernels 3.0.21, 3.2.6 and 2.6.32.57 are out, all with important fixes in many areas.

Comments (none posted)

[Security] Posted Feb 13, 2012 19:55 UTC (Mon) by ris

Debian has updated php (multiple vulnerabilities).

Fedora has updated F16: znc (denial of service), F16: znc-infobot (denial of service), F15: pdns (denial of service), F15: curl (data injection), F15: mysql (multiple unspecified vulnerabilities), kernel (F16; F15: denial of service), bugzilla (F16; F15: multiple vulnerabilities), and xchat-ruby (F16; F15: null pointer dereference, remote DoS).

Mandriva has updated glpi (file inclusion vulnerability), thunderbird (code execution), and firefox (code execution).

Oracle has updated OL5: kernel (multiple vulnerabilities).

Scientific Linux has updated kernel (multiple vulnerabilities).

Slackware has updated httpd (multiple vulnerabilities), php (remote code execution), glibc (heap overflow), proftpd (remote code execution), and vsftpd (heap overflow).

Ubuntu has updated tomcat (multiple vulnerabilities), firefox (code execution), php (fixes a regression from the previous update), and kernel (10.10; 11.04; 11.10: multiple vulnerabilities).

Comments (none posted)

[Kernel] Posted Feb 13, 2012 14:19 UTC (Mon) by corbet

For those still using the 2.6.27 kernel, 2.6.27.60 has been released, quickly followed by 2.6.27.61 to fix the inevitable build error. There's lots of fixes that have gone in since 2.6.27.59 was released last April.

Comments (1 posted)

[Development] Posted Feb 11, 2012 4:57 UTC (Sat) by jake

GNOME design team member Allan Day writes about ideas in GNOME 3 application design on his blog. In the article, he looks at the use of maximized windows, views, primary toolbars, and more. The design team is documenting these ideas in a new version of the GNOME Human Interface Guidelines (HIG). "There are many other application design patterns that we've been working on, including application menus, a new grid view for displaying collections of content, in-app notifications, new models for dialogs, nice full screen controls and a sidebar list pattern. Together, these provide the opportunity to create applications that efficient, modern, elegant, and a pleasure to use."

Comments (153 posted)

--> More news items