Welcome to LWN.net

LWN featured content

When one is trying to determine if there are compliance problems in a body of source code—either code from a device maker or from someone in the supply chain for a device—the sheer number of files to consider can be a difficult hurdle. A simple technique can reduce the search space significantly, though it does require a bit of a "leap of faith", according to Armijn Hemel. He presented his technique, along with a case study and a war story or two at LinuxCon Japan.

Full Story (comments: none)

Linus Torvalds and Dirk Hohndel sat down at LinuxCon Japan 2013 for a "fireside chat" (sans fire), ostensibly to discuss where Linux is going. While they touched on that subject, the conversation was wide-ranging over both Linux and non-Linux topics, from privacy to diversity and from educational systems to how operating systems will look in 20-30 years. Subscribers can click below for the full story from this week's edition.

Full Story (comments: 74)

According to Btrfs developer Chris Mason, tuning Linux filesystems to work well on solid-state storage devices is a lot like working on an old, clunky car. Lots of work goes into just trying to make the thing run with decent performance. Old cars may have mainly hardware-related problems, but, with Linux, the bottleneck is almost always to be found in the software. It is, he said, hard to give a customer a high-performance device and expect them to actually see that performance in their application. Fixing this problem will require work in a lot of areas. One of those areas, supporting and using atomic I/O operations, shows particular potential.

Click below (subscribers only) for the full report from LinuxCon Japan.

Full Story (comments: 13)

Certain projects are known for disclosing a large number of vulnerabilities at once; such behavior is especially common in company-owned projects where fixes are released in batches. Even those projects, though, rarely turn up with 30 new CVE numbers in a single day. But, on May 23, the X.org project did exactly that when it disclosed a large number of security vulnerabilities in various X client libraries — some of which could be more than two decades old.

Click below (subscribers only) for the full article.

Full Story (comments: 59)

Designing an enumeration type (i.e. "enum") for a language may seem like a straightforward exercise, but the recently "completed" discussions over Python's PEP 435 show that it has a few wrinkles. The discussion spanned several long threads in two mailing lists (python-ideas, python-devel) going back to January in this particular iteration, but the idea is far older than that. Subscribers can click below for the full article from this week's edition.

Full Story (comments: 23)

Local privilege escalations seem to be regularly found in the Linux kernel these days, but they usually aren't quite so old—more than two years since the release of 2.6.37—or backported into even earlier kernels. But CVE-2013-2094 is just that kind of bug, with a now-public exploit that apparently dates back to 2010.

Click below (subscribers only) for LWN's look at this vulnerability.

Full Story (comments: 56)

It's hard to say why, but May appears to be the month where we look in on PyPy. Three years ago, we had a May 2010 introduction to PyPy, followed by an experiment using it in May 2011. This year, the PyPy 2.0 release was made on May 9—that, coupled with our evident tradition, makes for a good reason to look in on this Python interpreter written in Python. Subscribers can click below for our report on the release from this week's edition.

Full Story (comments: 10)

In Berkeley, California — the birthplace of PostgreSQL — it's spring: plum and cherry blossoms, courting finches and college students, new plans for the summer, and the first beta release of the database system. Every year, the first beta of the next PostgreSQL version comes out in April or May, for a final release in September. PostgreSQL 9.3 beta 1 was released to the public on May 13th, and contains a couple dozen new features both for database administrators and application developers. Subscribers can click below for a look at some of the new features by guest author Josh Berkus.

Full Story (comments: 32)

On a typical Linux system, each running CPU will be diverted between 100 and 1000 times each second by the periodic timer interrupt. That interrupt is the CPU's cue to reconsider which process should be running, catch up with read-copy-update (RCU) callbacks, and generally handle any necessary housekeeping. This periodic "tick" can be reasonably compared to the infamous big kernel lock (BKL): it is convenient to have around, but it also has an effect on performance that makes developers wish to abolish it. The key difference might be that getting rid of the timer tick has taken rather longer than was required to eliminate the BKL. The 3.10 kernel will take an important step in that direction, though, with the addition of the "full NOHZ" mode — but a lot of limitations still apply.

Full Story (comments: 29)

The Linux Foundation Collaboration Summit (LFCS) seems to be a likely venue for an update on the status of building the kernel with Clang/LLVM. Both in 2011 and 2012, we covered those updates. LFCS 2013 continued the trend as LLVMLinux project lead Behan Webster presented the status and plans for the project at LFCS. The gathering lived up to its name as well, since two problems faced by the project were solved through collaboration at the summit.

Full Story (comments: 18)

Current news

CentOS has updated qemu-kvm (C6: unauthorized file access) and mesa (C6; C5: multiple vulnerabilities).

Debian has updated telepathy-gabble (man-in-the-middle attack).

Oracle has updated qemu-kvm (OL6: unauthorized file access) and mesa OL6; OL5: multiple vulnerabilities).

Red Hat has updated qemu-kvm (RHEL6: unauthorized file access) and mesa (RHEL6; RHEL5: multiple vulnerabilities).

Scientific Linux has updated qemu-kvm (unauthorized file access) and mesa (SL6; SL5: multiple vulnerabilities).

Ubuntu has updated python-keystoneclient (13.04: denial of service).

Comments (none posted)

The H looks at the Processing 2.0 release. "The new version of the language, which has been in development since mid-2011, brings OpenGL rendering to the core of the platform, replacing the older software-based P2D and P3D renderers with new OpenGL-accelerated P2D and P3D renderers. A new OpenGL library, based on work done on the Android version of Processing, has also been incorporated and OpenGL is now part of the core of Processing." For some background on Processing, see this LWN article from last October.

Comments (none posted)

Version 4.0 of the PulseAudio audio server is out. Changes include better low-latency request handling, improved JACK integration, a new role-based audio "ducking" module, various performance improvements, and more; see the release notes for details.

Full Story (comments: 7)

On his blog, Andy Grover has some thoughts on how to make Fedora more relevant for servers. Because of the 13-month supported lifespan of a Fedora release, administrators are typically wary of using it, but new deployment schemes make it more viable. "Let's come back to the odd fact that Fedora is both a precursor to RHEL, and yet almost never used in production as a server OS. I think this is going to change. In a world where instances are deployed constantly, instances are born and die but the herd lives on. Once everyone has their infrastructure encoded into a configuration management system, Fedora's short release cycle becomes much less of a burden. If I have service foo deployed on a Fedora X instance, I will never be upgrading that instance. Instead I'll be provisioning a new Fedora X+1 instance to run the foo service, start it, and throw the old instance in the proverbial bitbucket once the new one works."

Comments (22 posted)

Debian has updated iceweasel (multiple vulnerabilities), wireshark (multiple vulnerabilities), and krb5 (UDP ping-pong flaw in kpasswd).

Fedora has updated nagios-plugins (F18: should be built with PIE flags), transifex-client (F18; F17: invalid HTTPS server certificate), xorg-x11-drv-openchrome (F18; F17: multiple vulnerabilities), thunderbird (F17: multiple vulnerabilities), glibc (F17: denial of service), libXinerama (F18: multiple vulnerabilities), libXrender (F18: multiple vulnerabilities), libXext (F18: multiple vulnerabilities), libXres (F18: multiple vulnerabilities), libXi F18: multiple vulnerabilities), libXvMC (F18: multiple vulnerabilities), libXxf86vm (F18: multiple vulnerabilities), libXrandr (F18: multiple vulnerabilities), libXcursor (F18: multiple vulnerabilities), libdmx (F18: multiple vulnerabilities), and libFS (F18: multiple vulnerabilities).

openSUSE has updated kernel (multiple vulnerabilities), wireshark (multiple vulnerabilities), and gpg2 (memory access violations).

SUSE has updated firefox (multiple vulnerabilities) and icedtea-web (multiple vulnerabilities).

Comments (8 posted)

The GCC 4.8.1 release is out. It is primarily a bug-fix release, but it is not limited to that: "Support for C++11 ref-qualifiers has been added to GCC 4.8.1, making G++ the first C++ compiler to implement all the major language features of the C++11 standard."

Full Story (comments: 24)

The fourth 3.10 prepatch is available for testing. 『Anyway, rc4 is smaller than rc3 (yay!). But it could certainly be smaller still (boo!). There's the usual gaggle of driver fixes (drm, pinctrl, scsi target, fbdev, xen), but also filesystems (cifs, xfs, with small fixes to reiserfs and nfs).』 Note that it is only available via git for now; patches and tarballs will follow eventually.

Comments (none posted)

CIOL reports that Atul Chitnis has passed away. 『His was a name that was synonymous with open source. He championed its cause for a major part of his life. Finally, his fruitful existence, touching millions of lives, was to be stolen away by cancer.』 Your editor had a number of encounters with Atul over the years, including one visit to FOSS.in; he will be much missed.

Comments (2 posted)

Ben Hutchings has released kernel 3.2.46, containing the usual array of updates and fixes.

Comments (none posted)

CentOS has updated gnutls (denial of service) and libtirpc (denial of service).

Fedora has updated xmp (F17, F18; code execution).

Mandriva has updated gnutls (denial of service).

Oracle has updated gnutls (OL5, OL6; denial of service) and libtirpc (denial of service).

Red Hat has updated gnutls (denial of service), kernel (multiple vulnerabilities), and libtirpc (denial of service).

Scientific Linux has updated gnutls (denial of service) and libtirpc (denial of service).

SUSE has updated kernel (code execution).

Ubuntu has updated kernel (12.04, 12.04 Quantal hwe, 12.04 Raring hwe, 12.10, 13.04; code execution).

Comments (2 posted)

--> More news items