LWN featured content
[$] A kernel change breaks GlusterFS
[Kernel] Posted Mar 27, 2013 20:33 UTC (Wed) by mkerrisk
Linus Torvalds has railed frequently and loudly against kernel
developers breaking user space. But that rule is not ironclad; there
are exceptions. The story of how a kernel change caused a GlusterFS
breakage shows that there are sometimes unfortunate twists to those
exceptions.
Full Story (comments: 2)
[$] PyCon: Evangelizing Python
[Front] Posted Mar 27, 2013 16:50 UTC (Wed) by jake
Python core developer Raymond Hettinger's PyCon 2013 keynote had elements of a revival meeting
sermon, but it was also meant to spread the "religion" well beyond those
inside the meeting tent. Hettinger specifically tasked attendees to use
his "What makes Python awesome?" talk as a sales tool with
management and other Python
skeptics. Subscribers can get the full coverage of the talk from this
week's edition at the link below.
Full Story (comments: 1)
[$] Multipath TCP: an overview
[Kernel] Posted Mar 26, 2013 22:36 UTC (Tue) by corbet
The world was a simpler place when the TCP/IP network protocol suite was
first designed. The net was slow and primitive and it was often a triumph
to get a connection to a far-away host at all. The machines at either end
of a TCP session normally did not have to concern themselves with how that
connection was made; such details were left to routers. As a result, TCP
is built around the notion of a (single) connection between two hosts. The
Multipath TCP (MPTCP) project looks
to change that view of networking by adding support for multiple transport
paths to the endpoints; it offers a lot of benefits, but designing a
deployable protocol for today's Internet is surprisingly hard.
Full Story (comments: 28)
[$] Anatomy of a user namespaces vulnerability
[Kernel] Posted Mar 20, 2013 21:10 UTC (Wed) by mkerrisk
An exploit posted on March 13
revealed a rather easily exploitable security vulnerability (CVE 2013-1858)
in the implementation of user namespaces. That exploit enables an
unprivileged user to escalate to full root privileges. Although a fix was
quickly provided, it is nevertheless instructive to look in some detail at
the vulnerability, both to better understand the nature of this kind of
exploit and also to briefly consider how this vulnerability came to appear
inside the user namespaces implementation.
Full Story (comments: 28)
[$] When does the FSF own your code?
[Front] Posted Mar 19, 2013 15:12 UTC (Tue) by corbet
Many pixels have been expended in the discussion of contributor agreements
that transfer copyright from developers to a company or
foundation. But, for developers in many projects, the discussion is moot,
in that the requirement for an agreement exists and the papers must be
signed before
contributions to the project can be made. But, even then, there are some
interesting details that merit attention. A recent discussion regarding
one developer's contributions to the Emacs Org mode project shows how
expansive and poorly understood such agreements can be in some cases.
Full Story (comments: 39)
The trouble with CAP_SYS_RAWIO
[Kernel] Posted Mar 13, 2013 14:34 UTC (Wed) by mkerrisk
A February linux-kernel mailing list discussion of a patch that extends
the use of the CAP_COMPROMISE_KERNEL capability soon evolved into
a discussion of the specific uses (or abuses) of the CAP_SYS_RAWIO
capability within the kernel. However, in reality, the discussion once
again exposes some general difficulties in the Linux capabilities
implementation—difficulties that seem to have no easy solution.
Full Story (comments: 37)
LC-Asia: An Android upstreaming update
[Kernel] Posted Mar 12, 2013 15:10 UTC (Tue) by corbet
Many people have talked about the Android kernel code and its relation
to the mainline. One of the people who has done the most to help bring
Android and the mainline closer together is John Stultz; at the 2013 Linaro
Connect Asia event, he
talked about the status of the Android code. The picture that emerged
shows that a lot of progress has been made, but there is still a lot of
work yet to be done.
Click below (subscribers only) for the full report.
Full Story (comments: 16)
Ubuntu unveils its next-generation shell and display server
[Distributions] Posted Mar 6, 2013 22:09 UTC (Wed) by n8willis
Ubuntu publicly announced its plan for the future of its Unity
graphical shell on March 4, a plan that includes a new compositing
window manager designed to run on the distribution's device platforms
as well as on desktop systems. The plan will reimplement the Unity
shell in Qt and replace Compiz with a new display stack called Mir that
will incorporate a compositor, input manager, and several other
pieces. Mir is not designed to use the Wayland display protocol
(although the Ubuntu specification suggests it could be added later),
a decision that raised the ire of developers in several other
projects.
Full Story (comments: 46)
Namespaces in operation, part 6: more on user namespaces
[Kernel] Posted Mar 6, 2013 17:32 UTC (Wed) by mkerrisk
In this article, we continue last week's
discussion of user namespaces. In particular, we look in more detail
at the interaction of user namespaces and capabilities as well as the
combination of user namespaces with other types of namespaces.
Full Story (comments: 23)
The conclusion of the 3.9 merge window
[Kernel] Posted Mar 5, 2013 16:37 UTC (Tue) by corbet
By the time that Linus released the 3.9-rc1
kernel prepatch and closed the merge window for this cycle, he had pulled a
total of 10,265 non-merge changesets into the mainline repository. That is
just over 2,000 changes since last week's
summary. Subscribers can click below for a look at the last merges for 3.9.
Full Story (comments: 42)
| |
Current news
GNOME 3.8 released
[Development] Posted Mar 27, 2013 21:19 UTC (Wed) by corbet
The GNOME 3.8 release is out. "The exciting new features and
improvements in this release include a integrated application search,
privacy and sharing settings, notification filtering, a new classic
mode, OwnCloud integration, previews of clocks, notes, photos and
weather applications, and many more." See the release notes
for details.
Full Story (comments: 2)
Stable kernel 3.2.42
[Kernel] Posted Mar 27, 2013 16:08 UTC (Wed) by ris
Ben Hutchings has released stable kernel 3.2.42 with important fixes throughout the tree.
Comments (none posted)
Security advisories for Wednesday
[Security] Posted Mar 27, 2013 16:05 UTC (Wed) by ris
CentOS has updated perl (C6;
C5: multiple vulnerabilities).
Debian has updated icinga (code
execution).
openSUSE has updated pigz
(information disclosure).
Oracle has updated perl (OL6;
OL5: multiple vulnerabilities).
Red Hat has updated perl (multiple
vulnerabilities).
Scientific Linux has updated perl
(multiple vulnerabilities).
Comments (none posted)
Garrett: Secure Boot and Restricted Boot
[Security] Posted Mar 27, 2013 14:16 UTC (Wed) by corbet
Matthew Garrett asserts that people
attacking UEFI secure boot are aiming at the wrong target. "Those
who argue against Secure Boot risk depriving us of the freedom to make a
personal decision as to who we trust. Those who argue against Secure Boot
while ignoring Restricted Boot risk depriving us of even more. The
traditional PC market is decreasing in importance. Unless we do anything
about it, free software will be limited to a niche group of enthusiasts
who've carefully chosen from a small set of devices that respect user
freedom. We should have been campaigning against Restricted Boot 10 years
ago. Don't delay it even further by fighting against implementations that
already respect user freedom."
Comments (18 posted)
KASLR: An Exercise in Cargo Cult Security (grsecurity blog)
[Security] Posted Mar 27, 2013 13:50 UTC (Wed) by jake
Over at the grsecurity blog, Brad Spengler and the PaX Team have co-written a lengthy look at kernel address space layout randomization (KASLR) and its failures. "KASLR is an easy to understand metaphor. Even non-technical users can make sense of the concept of a moving target being harder to attack. But in this obsession with an acronym outside of any context and consideration of its limitations, we lose sight of the fact that this moving target only moves once and is pretty easy to spot. We forget that the appeal of ASLR was in its cost/benefit ratio, not because of its high benefit, but because of its low cost."
Comments (4 posted)
Linux users file EU complaint against Microsoft (Reuters)
[Announcements] Posted Mar 26, 2013 20:06 UTC (Tue) by ris
The Spanish association Hispalinux has filed a complaint against Microsoft
to the European Commission, Reuters reports.
"In its 14-page complaint, Hispalinux said Windows 8 contained an
"obstruction mechanism" called UEFI Secure Boot that controls the start-up
of the computer and means users must seek keys from Microsoft to install
another operating system. The group said it was "a de facto technological
jail for computer booting systems ... making Microsoft's Windows platform
less neutral than ever"." (Thanks to Pat Read)
Comments (16 posted)
Replacing Google Reader (The H)
[Development] Posted Mar 26, 2013 19:59 UTC (Tue) by corbet
The H has an
extensive survey of available RSS reader applications, both open source
and proprietary. "ownCloud is a complete self-hosted service
platform that provides file sharing and collaboration features including
calendaring, to do lists, a document viewer, and integration with Active
Directory and LDAP. The software also includes a feed reader application,
which started as a Google Summer of Code effort and takes many design cues
from Google Reader."
Comments (7 posted)
Tuesday's security updates
[Security] Posted Mar 26, 2013 16:06 UTC (Tue) by ris
CentOS has updated axis (C5:
incorrect certificate validation).
Debian has updated libxml2 (denial
of service).
openSUSE has updated imagemagick
(code execution) and graphicsmagick (denial
of service).
Oracle has updated axis (OL5:
incorrect certificate validation).
Red Hat has updated axis (RHEL5:
incorrect certificate validation).
Scientific Linux has updated axis
(SL5: incorrect certificate validation).
Ubuntu has updated ruby (denial of
service) and OMAP4 kernel (12.04 LTS:
multiple vulnerabilities).
Comments (none posted)
GTK+ 3.8.0 released
[Development] Posted Mar 25, 2013 23:30 UTC (Mon) by ris
GTK+ 3.8.0 has been released. This version includes support for Wayland
1.0, and contains many new features and performance improvements.
Full Story (comments: 30)
Security advisories for Monday
[Security] Posted Mar 25, 2013 17:01 UTC (Mon) by ris
Fedora has updated krb5 (F18: denial
of service), euca2ools (F18; F17: insecure snapshots), kernel (F18: multiple vulnerabilities),
mimetex (F18; F17: multiple vulnerabilities), and tor (F17: denial of service).
openSUSE has updated nss-pam-ldapd (12.2, 12.1; 12.3; 11.4:
code execution) and krb5 (11.4: denial of
service).
Scientific Linux has updated OpenIPMI (privilege escalation).
Slackware has updated php (multiple
vulnerabilities).
SUSE has updated samba (multiple
vulnerabilities in SWAT).
Ubuntu has updated kernel
(10.04 LTS: multiple vulnerabilities), EC2
kernel (10.04 LTS: multiple vulnerabilities), OMAP4 kernel (11.10: multiple
vulnerabilities), openssl (multiple
vulnerabilities), and gnome-online-accounts
(information disclosure).
Comments (none posted)
--> More news items
|