LWN featured content
[$] An "enum" for Python 3
[Development] Posted May 22, 2013 18:18 UTC (Wed) by jake
Designing an enumeration type (i.e. "enum") for a language may seem like a
straightforward exercise, but the recently "completed" discussions over
Python's PEP 435
show that it has a few wrinkles. The discussion spanned several long
threads in two mailing lists
(python-ideas, python-devel) going back to January in this particular
iteration, but the
idea is far older than that. Subscribers can click below for the full
article from this week's edition.
Full Story (comments: 13)
[$] An unexpected perf feature
[Kernel] Posted May 21, 2013 22:10 UTC (Tue) by jake
Local privilege escalations seem to be regularly found in the Linux kernel
these days, but they usually aren't quite so old—more than two years
since the release of 2.6.37—or backported into even earlier kernels.
But CVE-2013-2094
is just that kind of bug, with a now-public exploit that apparently dates
back to 2010.
Click below (subscribers only) for LWN's look at this vulnerability.
Full Story (comments: 38)
A look at the PyPy 2.0 release
[Front] Posted May 15, 2013 15:31 UTC (Wed) by jake
It's hard to say why, but May appears to be the month where we look in on PyPy.
Three
years ago, we had a May 2010 introduction to
PyPy,
followed by an experiment using it in May
2011. This year, the PyPy
2.0 release was made on May 9—that, coupled with our evident
tradition, makes for a good reason to look in on this Python
interpreter written in Python. Subscribers can click below for our report
on the release from this week's edition.
Full Story (comments: 9)
PostgreSQL 9.3 beta: Federated databases and more
[Development] Posted May 14, 2013 20:04 UTC (Tue) by jake
In Berkeley, California — the birthplace of PostgreSQL — it's spring: plum
and cherry blossoms, courting finches and college students, new plans for
the summer, and the first beta release of the database
system. Every year, the first beta of the next PostgreSQL version comes out
in April or May, for a final release in September. PostgreSQL
9.3 beta 1 was released to the public on May 13th, and contains a
couple dozen new features both for database administrators and application
developers. Subscribers can click below for a look at some of the new
features by guest author Josh Berkus.
Full Story (comments: 30)
(Nearly) full tickless operation in 3.10
[Kernel] Posted May 8, 2013 15:47 UTC (Wed) by corbet
On a typical Linux system, each running CPU will be diverted between 100
and 1000 times each second by the periodic timer interrupt. That interrupt
is the CPU's cue to reconsider which process should be running, catch up
with read-copy-update (RCU) callbacks, and generally handle any necessary
housekeeping. This periodic "tick" can be reasonably compared to the
infamous big kernel lock (BKL): it is convenient to have around, but it
also has an effect on performance that makes developers wish to abolish it.
The key difference might be that getting rid of the timer tick has taken
rather longer than was required to eliminate the BKL. The 3.10 kernel will
take an important step in that direction, though, with the addition of the
"full NOHZ" mode — but a lot of limitations still apply.
Full Story (comments: 26)
LFCS: The LLVMLinux project
[Kernel] Posted May 7, 2013 16:14 UTC (Tue) by jake
![[LLVMLinux logo]](/web/20130524034701im_/http://lwn.net/images/2013/lfcs-llvmlinux.png)
The Linux
Foundation Collaboration Summit (LFCS) seems to be a likely venue for an
update on the status of building the kernel with Clang/LLVM. Both in 2011 and 2012, we covered those updates. LFCS 2013
continued the trend as LLVMLinux
project lead Behan Webster presented the status and plans for the
project at LFCS. The gathering lived up to its name as well, since two
problems faced by the project were solved through collaboration at the summit.
Full Story (comments: 18)
Go and Rust — objects without class
[Development] Posted May 1, 2013 18:06 UTC (Wed) by jake
Since the advent of object-oriented programming languages around the
time of Smalltalk in the 1970s, inheritance has been a mainstay of the
object-oriented vision. It is therefore a little surprising that both
"Go" and "Rust" — two relatively new
languages which support
object-oriented programming — manage to avoid mentioning it.
In this subscriber-only article, Neil Brown looks at how this classic
object-oriented concept has evolved in two recent languages.
Full Story (comments: 31)
LFCS: The value of FOSS fiscal sponsorship
[Front] Posted Apr 30, 2013 19:21 UTC (Tue) by jake
![[Tony Sebro]](/web/20130524034701im_/http://lwn.net/images/2013/lfcs-sebro-sm.jpg)
As open source becomes more popular and mature, questions of
formalizing the governance and corporate structures of projects are
becoming of increasing importance, as can been seen by the rising
visibility of various
FOSS foundations. At the Linux Foundation Collaboration Summit in San
Francisco, Tony Sebro shared his insights about the value that fiscal
sponsors bring as umbrella organizations for FOSS projects. Sebro is the General Counsel of Software Freedom Conservancy, which is
the home
of about 30 free and
open source projects, including Samba, Git, and BusyBox.
Click below (subscribers only) for the full report by Martin Michlmayr.
Full Story (comments: 8)
The 2013 Linux Storage, Filesystem, and Memory Management Summit
[Kernel] Posted Apr 23, 2013 21:45 UTC (Tue) by corbet
The 2013
Linux Storage, Filesystem, and Memory Management Summit was held
April 18 and 19 in San Francisco, California, immediately after the Linux
Foundation's Collaboration Summit. The first set of notes from that
gathering is now available; at this point, we have most of the plenary
sessions and the entire memory management track written up. The rest of
our notes from the Summit will be added in the near future.
Full Story (comments: none)
LFCS: Preparing Linux for nonvolatile memory devices
[Kernel] Posted Apr 19, 2013 18:28 UTC (Fri) by corbet
![[Ric Wheeler]](/web/20130524034701im_/http://lwn.net/images/conf/2013/lf-collab/RicWheeler1-sm.jpg)
Since the demise of core memory, there has been a fundamental dichotomy in
data storage technology: memory is either fast and ephemeral, or slow and
persistent. The situation is changing, though, and that leads to some
interesting challenges for the Linux kernel. How will we
adapt to the coming world where nonvolatile memory (NVM) devices are
commonplace? Ric Wheeler led a session at the 2013 Linux Foundation
Collaboration Summit to discuss this issue.
Full Story (comments: 24)
| |
Current news
Numerous security issues in X Window System clients
[Security] Posted May 23, 2013 15:45 UTC (Thu) by corbet
X.Org has disclosed a long list of vulnerabilities that have been fixed in
the X Window System client libraries; most of them expose clients to
attacks by a hostile server. "Most of the time X clients & servers
are run by the same user, with the server more privileged from the clients,
so this is not a problem, but there are scenarios in which a privileged
client can be connected to an unprivileged server, for instance, connecting
a setuid X client (such as a screen lock program) to a virtual X server
(such as Xvfb or Xephyr) which the user has modified to return invalid
data, potentially allowing the user to escalate their privileges."
There are 30 CVE numbers assigned to these vulnerabilities; expect the
distributor updates to start flowing shortly.
Full Story (comments: 9)
Sharp: Linux Kernel Internships (OPW) Update
[Kernel] Posted May 23, 2013 15:37 UTC (Thu) by corbet
Sarah Sharp reports
on the response to the availability of a set of Outreach Program for
Women internships working on the Linux kernel. 『As coordinator for
the Linux kernel OPW project, I was really worried about whether applicants
would be able to get patches into the kernel. Everyone knows that kernel
maintainers are the pickiest bastards^Wperfectionists about coding style,
getting the proper Signed-off-by, sending plain text email, etc. I thought
a couple applicants would be able to complete maybe one or two patches,
tops. Boy was I wrong!』 In the end, 41 applicants submitted 374
patches to the kernel, of which 137 were accepted.
Comments (2 posted)
Introducing Boot to Qt
[Distributions] Posted May 23, 2013 14:26 UTC (Thu) by corbet
The Qt Blog introduces
"Boot to Qt", which is『a light-weight UI stack for embedded
linux, based on the Qt Framework - Boot to Qt is built on an Android
kernel/baselayer and offers an elegant means of developing beautiful and
performant embedded devices.』 Access is invitation-only currently;
a release is forecast for sometime around the end of the year.
Comments (2 posted)
Thursday's security updates
[Security] Posted May 23, 2013 13:57 UTC (Thu) by corbet
Debian has updated
request-tracker4 (eight CVE numbers), and
the kfreebsd kernel (code execution).
Fedora has updated python-virtualenv (F17, F18:
temporary file and information disclosure vulnerabilities),
krb5 (F17,『UDP ping-pong
vulnerability』from 2002), and
nginx (F18: denial of service and
information disclosure).
openSUSE has updated samba (CIFS
share attribute verification failure).
Oracle has updated kernel (EL5: denial of service).
Red Hat has updated java-1.5.0-ibm (RHEL5-6: 16 "unspecified" vulnerabilities).
Comments (none posted)
Google Code to deprecate downloads
[Announcements] Posted May 22, 2013 20:35 UTC (Wed) by corbet
Google has announced
that it will be phasing out the file download feature for projects hosted
on Google Code. "Downloads were implemented by Project Hosting on
Google Code to enable open source projects to make their files available
for public download. Unfortunately, downloads have become a source of abuse
with a significant increase in incidents recently. Due to this increasing
misuse of the service and a desire to keep our community safe and secure,
we are deprecating downloads."
Comments (30 posted)
How Google plans to rule the computing world through Chrome (GigaOM)
[Announcements] Posted May 22, 2013 19:58 UTC (Wed) by corbet
GigaOM asserts
that Google will be taking over the desktop (regardless of the underlying
operating system) with its Chrome browser. "For many Chrome is just
a browser. For others who use a Chromebox or Chromebook, like myself, it’s
my full-time operating system. The general consensus is that Chrome OS, the
platform used on these devices, can only browse the web and run either
extensions and web apps; something any browser can do. Simply put, the
general consensus is wrong and the signs are everywhere."
Comments (12 posted)
EFF: Vermont Is Mad as Hell at Patent Trolls
[Announcements] Posted May 22, 2013 19:15 UTC (Wed) by corbet
The Electronic Frontier Foundation has sent out a
release about how the US state of Vermont is going on the offensive
against patent trolls. "Not content to strike back against a single
troll, Vermont is also poised to pass a bill dealing with the problem as a
whole. The Vermont House and Senate recently passed a bill to combat 'bad
faith assertions of patent infringement'. And the latest word
is that Vermont's governor is about to sign it into law."
Comments (10 posted)
Security updates for Wednesday
[Security] Posted May 22, 2013 16:51 UTC (Wed) by ris
CentOS has updated kernel (C5:
denial of service).
Fedora has updated gallery3 (F18; F17:
cross-site scripting) and openstack-keystone (F18: multiple
vulnerabilities).
Mandriva has updated krb5 (UDP
ping-pong flaw in kpasswd).
Red Hat has updated kernel (RHEL5:
denial of service).
Scientific Linux has updated kernel
(SL5: denial of service).
SUSE has updated java-1_6_0-openjdk
(multiple vulnerabilities) and kernel
(privilege escalation).
Ubuntu has updated libtiff (two
vulnerabilities).
Comments (none posted)
Debian GNU/Hurd 2013 released
[Distributions] Posted May 22, 2013 2:36 UTC (Wed) by jake
While it is not an official Debian release, the Debian GNU/Hurd team has announced the release of Debian GNU/Hurd 2013. GNU Hurd is a Unix-style kernel based on the Mach microkernel and Debian GNU/Hurd makes much of the Debian system available atop that kernel.
Debian GNU/Hurd is currently available for the i386 architecture with more than 10.000 software packages available (more than 75% of the Debian archive, and more to come!).
Please make sure to read the configuration information, the FAQ, and the translator primer to get a grasp of the great features of GNU/Hurd.
Due to the very small number of developers, our progress of the project has not been as fast as other successful operating systems, but we believe to have reached a very decent state, even with our limited resources.
Comments (28 posted)
QEMU 1.5.0 released
[Development] Posted May 21, 2013 16:17 UTC (Tue) by corbet
Version 1.5.0 of the QEMU hardware emulator is out. 『This release
was developed in a little more than 90 days by over 130 unique authors
averaging 20 commits a day. This represents a year-to-year growth of over
38 percent making it the most active release in QEMU history.』 Some
of the new features include KVM-on-ARM support, a native GTK+ user
interface, and lots of hardware support and performance improvements. See
the change log for lots of
details.
Full Story (comments: 9)
--> More news items
|
