Sponsored link
Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Welcome to LWN.net
Headlines for May 17, 2008
David A. Wheeler has sent in a pointer to The Digital Standards Organization (Digistan); "The Digital Standards Organization was founded by open standards professionals in 2007 with the goal of promoting customer choice, vendor competition, and overall growth in the global digital economy through the understanding, development, and adoption of free and open digital standards."
Digistan will be presenting The Hague Declaration on May 21, 2008, to encourage governments to take open standards seriously. Take a look at the declaration and add your signature if you agree.
rPath has announced that rPath Linux 2 is now available. "rPath Linux is a base operating system platform on which you easily build customized virtual or software appliances, or even an entire operating system of your own. Building on the rPath Linux foundation, use rPath's tools to create and maintain your own minimal operating system stack, with "Just Enough OS" to support the applications and services you include."
CentOS has updated xen (multiple vulnerabilities).
Debian has updated openssh (predictable random number generator).
Rahul Sundaram takes a look at the Guidelines for Free System Distributions. "I have been spending the last couple of weeks talking to them about clarifying where exactly they are drawing the lines on what constitutes a free system beyond just software and today, FSF just again proved to be quite reasonable by publishing the free system distribution guidelines based on the Fedora licensing guidelines. While I just send my detailed list of feedback on these guidelines and we are not done just yet, I hope this proves to be a useful document to everyone involved and all hail the pragmatic extremists for that. The world is just better off with them in it despite all their own quirks."
CentOS looks at the impact of the Debian SSL vulnerability for CentOS users. "This vulnerability can affect CentOS machines through the use of keys that were generated with the OpenSSL package from Debian. For instance, if a user uses OpenSSH public key authentication to log on to a CentOS server, and this user generated the key pair with a vulnerable OpenSSL library, the server is at heavy risk because the key can be reproduced easily."
The Linux Foundation has posted a series of videos from the Collaboration Summit held in Austin. There's a bunch of interesting stuff there, but, unfortunately, the videos are in Flash format and, thus, will not collaborate well with a lot of Linux systems. The word from the Foundation is that the company hired to do the video work wasn't able to figure out how to produce the final result in an open format.
The One Laptop Per Child has finally sent out an official communication on its agreement with Microsoft, which involves the creation of a dual-boot version of the XO laptop. "OLPC is substantially increasing its engineering resources and all software development continues entirely on GNU/Linux. We will continue to work to make Sugar on Linux the best possible platform for education and to invest in our expanding Linux deployments in Peru, Uruguay, Mexico and elsewhere. No OLPC resources are going to porting Sugar to Microsoft Windows..."
Adobe Labs has announced a beta release of Flash Player 10. "Adobe® Flash® Player 10, code-named "Astro," introduces new expressive features and visual performance improvements that allow interactive designers and developers to build the richest and most immersive Web experiences. These new capabilities also empower the community to extend Flash Player and to take creativity and interactivity to a new level. This public prerelease is an opportunity for developers and consumers to test and provide early feedback to Adobe on new features, enhancements, and compatibility with previously authored content." See the release notes for more information.
InformationWeek examines the use of Red Hat Linux by the New York Stock Exchange. "Linux has been known to be in use at several New York financial services firms, but few have stepped up to the podium to testify on the value of their implementations. As a result of mergers and acquisitions, the New York Stock Exchange has migrated over the last few years from HP-UX to IBM AIX to Sun Solaris to Linux. NYSE Group CIO Steve Rubinow said the conversion to Linux followed the acquisition of the Euronext exchange in 2007. Unlike some trading companies that suggest Linux is running their secondary systems, Rubinow emphasized that Linux is running the NYSE's mission-critical trading systems."
Fedora 7 has updated blender (multiple vulnerabilities), libid3tag (infinite loop), libvorbis (multiple vulnerabilities), licq (multiple vulnerabilities), perl-imager (buffer overflow) and rdesktop (multiple vulnerabilities).
Fedora 8 has updated kernel (multiple vulnerabilities), blender (multiple vulnerabilities), libvorbis (multiple vulnerabilities), licq (denial of service), rdesktop (multiple vulnerabilities) and libid3tag (infinite loop).
Fedora 9 has updated rdesktop (multiple vulnerabilities), kernel (multiple vulnerabilities), clamav (multiple vulnerabilities) and libvorbis (multiple vulnerabilities).
Gentoo has updated openoffice.org (multiple vulnerabilities).
rPath has updated kernel (multiple vulnerabilities).
Ubuntu has updated openvpn (regression fix for USN-612-3).
The 2.6.25.4 stable kernel update is available. This one contains a fairly long list of fixes, one of which is security-related.
geek.com mentions the inclusion of the fast-booting Splashtop distribution on Asus motherboards. "DeviceVM, the makers of Splashtop, just made a big announcement though. Their technology will no longer be restricted to the top-shelf motherboards and will see a much wider release. At first it will be featured on Asus’ P5Q (high-efficiency design, Intel P45 chipset) family of motherboards, starting with the P5Q Deluxe, P5Q-WS, P5Q3 Deluxe, and P5Q-E. Later Splashtop will be featured on all the company’s motherboards, over a million units a month."
CrunchGear reports that Verizon has joined the LiMo Foundation. "Verizon has signed up as the final member on the board of directors of the LiMo Foundation, a group founded by Motorola, NEC, NTT DoCoMo, Panasonic, Samsung, and Vodafone “to deliver an open and globally consistent software platform based upon Mobile Linux for use by the whole industry to catalyze next-generation mobile consumer experiences.”"
The LWN.net Weekly Edition for May 15, 2008 is available.
Inside this week's LWN.net Weekly Edition
- Front: Debian, OpenSSL, and a lack of cooperation; Release synchronization; Distributed bug tracking.
- Security: Debian vulnerability has widespread effects; New vulnerabilities in bugzilla, openssl, php5, xen,...
- Kernel: The big kernel lock strikes again; Getting a handle on caching; Extending system calls.
- Distributions: A Talk with Fedora Project Leader Paul Frields; New releases: Fedora 9, BLFS-6.3-rc1; Red Hat Appointments Harald Hoyer to Fedora Board
- Development: The Freedom of Fork; new versions of LIRC, BusyBox, BencHTTP, OpenKM, YaMA, GNOME SlackBuild, LyX, Buddi, KMyMoney, Accelerator, Task Coach, Pyrex, Paver, Pydev.
- Press: Matthew Garrett on power saving, Sic Transit Gloria Laptopi, Microsoft cuts XP prices, Red Hat's JBoss ON 2.0, interviews with AbiWord team, Ian Murdock and Neil Young, small business on Linux, KDE 4 review, Mirth popularity.
- Announcements: US/EU patent treaty, GPL wins in Germany, OWASP sponsors projects, Adaptec RAID controllers, Wind River Joins OpenSAF, SourceForge adds OpenID, Zenoss sponsors Twisted, Akademy Embedded and Mobile cfp, ELC videos.
Red Hat Magazine reviews KDE 4 as seen on Fedora 9. "Those who remember the days of KDE or GNOME 2.0 won’t be disappointed at the current state. Today’s new audience might have different expectations, and it is unlikely the majority has the patience to deal with a major rewrite like this one. Even the Linux kernel has moved towards incremental progress over major rewrites in a development branch. The KDE project has taken a big risk, hoping to jump-start innovation. I hope they get it right. Along with the interesting acquisition of Trolltech by Nokia, the future is exciting and uncertain… and that’s just the way I like it."
CentOS has updated libvorbis (multiple vulnerabilities).
Debian has updated gforge (temporary file vulnerability) and openssh (openssl vulnerability fallout).
Gentoo has updated cdf (buffer overflow) and libid3tag (denial of service).
Mandriva has sent out a general advisory warning Mandriva users to be on the lookout for weak keys originating from Debian-based systems.
Red Hat has updated libvorbis (RHEL2, RHEL3-5: multiple vulnerabilities).
Ubuntu has updated openvpn (openssl vulnerability fallout), ssl-cert (more openssl fallout), and openssh (you guessed it: openssl fallout).
While distributed source code management tools are now in widespread use, bug tracking remains a highly centralized task. This article looks at some projects which are trying to change that situation through the creation of distributed bug tracking systems. Click below (subscribers only) for the full text.
InformationWeek reports on an increase in attacks against SSH servers. "The paper focuses on the vulnerability of Linux systems to brute-force SSH attacks... 'Linux systems face a unique threat of compromise from brute-force attacks against SSH servers that may be running without the knowledge of system owners/operators. Many Linux distributions install the SSH service by default, some without the benefit of an effective firewall.'"
Ivan Krstić has a strongly worded essay about OLPC, education, and free software. He has a great deal to say about the history and future of the project that could only come from an insider. "The whole 'we're investing into Sugar, it'll just run on Windows' gambit is sheer nonsense. Nicholas knows quite well that Sugar won't magically become better simply by virtue of running on Windows rather than Linux. In reality, Nicholas wants to ship plain XP desktops. He's told me so. That he might possibly fund a Sugar effort to the side and pay lip service to the notion of its 'availability' as an option to purchasing countries is at best a tepid effort to avert a PR disaster."
Late last week I had the pleasure of talking with Fedora Project Leader Paul Frields. Our conversation covered a range of Fedora Project topics, including Fedora 9, the latest Fedora release. Click below, subscribers only, to get the FPL view of Fedora.