Jacob Kaplan-Moss is known for his work on Django but, as he would describein his PyCon 2015 keynote, manythink he had more to do with its creation than he actually did. While his talkranged quite a bit, the theme covered something that software developmentorganizations—and open source projects—may be grappling with: amyth about developer performance and how it impacts the industry. It was athought-provoking talk that was frequently punctuated by applause; theseare the kinds of issues that the Python community tries to confront head on, sothe talk was aimed well.
KDE has announced therelease of Plasma 5.3. This release features improved powermanagement, better Bluetooth capabilities, improved Plasma widgets, a techpreview of the Plasma Media Center, big steps towards Wayland support, andmore.
Matthew Garrett looked into why Linux systems consume too much power onrecent Intel chipsets and wrote up his results —a reduction of idle power use on his laptop from 8.5W to 5W. "Thistrend is likely to continue. As systems become more integrated we're goingto have to pay more attention to the interdependencies in order to obtainthe best possible power consumption, and that means that distributionvendors are going to have to spend some time figuring out what thesedependencies are and what the appropriate default policy is for theirusers."
The 4.1-rc1 prepatch is out. Linus says:"No earth-shattering new features come to mind, even if initialsupport for ACPI on arm64 looks funny. Depending on what you care about,your notion of 'big new feature' may differ from mine, of course. There's alot of work all over, and some of it might just make a big difference toyour use cases." What he doesn't mention is that, in the end, kdbuswas not merged for this development cycle.
Debian 8, codenamed "Jessie", has been released. It comes with a wide array of upgraded packages including GNOME 3.14, KDE Plasma Workspaces and KDE Applications 4.11.13, Python 2.7.9 and 3.4.2, Perl 5.20.2, PHP 5.6.7, PostgreSQL 9.4.1, MariaDB 10.0.16 and MySQL 5.5.42, Linux 3.16.7-ctk9, and lots more. "With this broad selection of packages and its traditional widearchitecture support, Debian once again stays true to its goal of beingthe universal operating system. It is suitable for many different usecases: from desktop systems to netbooks; from development servers tocluster systems; and for database, web, or storage servers. At the sametime, additional quality assurance efforts like automatic installationand upgrade tests for all packages in Debian's archive ensure that"Jessie" fulfills the high expectations that users have of a stableDebian release."
The Rust blog has posted a guideto using Rust's foreign function interface (FFI) with C code.Highlighted in particular are Rust's safe abstractions, which are saidto impose no costs. "Most features in Rust tie into its coreconcept of ownership, and the FFI is no exception. When binding a Clibrary in Rust you not only have the benefit of zero overhead, butyou are also able to make it safer than C can! Bindings can leveragethe ownership and borrowing principles in Rust to codify commentstypically found in a C header about how its API should beused."
The Ubuntu 15.04 release is out. "Ubuntu Server 15.04 includes the Kilo release of OpenStack, alongsidedeployment and management tools that save devops teams time whendeploying distributed applications - whether on private clouds, publicclouds, x86 or ARM servers, or on developer laptops. Several key servertechnologies, from MAAS to Ceph, have been updated to new upstreamversions with a variety of new features.This release also includes the first release of snappy Ubuntu Core, anew distribution model based on transactional updates." LWN looked at Snappy in January.
Ars Technica reportson a wpa_supplicant bugthat might leave Linux and other systems open to remote code execution."That's because the code fails to check the length of incoming SSIDinformation and writes information beyond the valid 32 octets of data tomemory beyond the range it was allocated. SSID information 'is transmittedin an element that has a 8-bit length field and potential maximum payloadlength of 255 octets,' [wpa_supplicant maintainer Jouni] Malinen wrote,and the code 'was not sufficiently verifying the payload length on one ofthe code paths using the SSID received from a peer device. This can resultin copying arbitrary data from an attacker to a fixed length buffer of 32bytes (i.e., a possible overflow of up to 223 bytes). The overflow canoverride a couple of variables in the struct, including a pointer that getsfreed. In addition, about 150 bytes (the exact length depending onarchitecture) can be written beyond the end of the heapallocation.'"
Arch Linux has updated glibc(code execution).Fedora has updated chrony (F21:three vulnerabilities), gnupg2 (F20: denialof service), java-1.7.0-openjdk (F20:unspecified), java-1.8.0-openjdk (F21:unspecified), kernel (F21; F20: denial of service), ntp (F20: two vulnerabilities), python (F20: denial of service from 2013), spatialite-tools (F21: three vulnerabilities),and sqlite (F21: three vulnerabilities).Oracle has updated kvm (OL5: two vulnerabilities).
Few readers will have failed to notice by now that the attempted merging ofthe kdbus interprocess communication system into the 4.1 kernel has failedto go as well as its proponents would have liked. As of this writing, thediscussion continues and nothing has been merged. This article constitutesan attempt to derive a bit of light from the massive amounts of heat thathave been generated so far, with a specific focus on the issue of metadataand capabilities.
Opensource.com introducesSourcegraph. "Sourcegraph is a code search engine and browsing tool that semantically indexes all the open source code available on the web. You can search for code by repository, package, or function and click on fully linked code to read the docs, jump to definitions, and instantly find usage examples. And you can do all of this in your web browser, without having to configure any editor plugin."
Version 5.1 of the GNU Compiler Collection is out. "GCC 5.1 is amajor release containing substantial new functionality not available in GCC4.9.x or previous GCC releases." Some of that new functionalityincludes full C++14 language support, quite a few optimizationimprovements, partial OpenACC support, OpenMP 4.0 support, anexperimental JIT library, and more; see the changelog for details.
The Daily Dot reportsthat the Tor project is receiving some funding from the US Defense AdvancedResearch Projects Agency (DARPA) to improve Tor's hidden services. "The Dark Net road map moving forward is ambitious. Tor plans to double the encryption strength of hidden service’s identity key and to allow offline storage for that key, a major security upgrade.Next-generation hidden services may be run from multiple hosts to better deal with denial of service attacks and high traffic in general, a potentially big power boost that further closes the gap between the Dark Net and normal websites."
Fedora 22 Beta has been released. It comes in Workstation, Server, andCloud editions, as well as several spins. This version replaces yum withDNF for package management, as discussed in this recent LWN article. The Cloud edition features thelatest versions of rpm-ostree and rpm-ostree-toolbox and introduces theAtomic command line tool. The Server edition features a new database serverrole based on PostgreSQL, an updated Cockpit, and XFS as the defaultfilesystem. The Workstation product has also seen a number of enhancementsand improvements, including a redesigned GNOME Shell notification system,transitional Wayland support, and much more.
Arch Linux has updated jdk8-openjdk (multiple vulnerabilities), jre8-openjdk (multiple vulnerabilities), jre8-openjdk-headless (multiple vulnerabilities), and tcpdump (denial of service).CentOS has updated glibc (C6: twovulnerabilities).Debian-LTS has updated python-django-markupfield (information leak).Red Hat has updated glibc (RHEL6:two vulnerabilities) and kernel (RHEL6: multiple vulnerabilities).Scientific Linux has updated glibc (SL6: two vulnerabilities).SUSE has updated Real Time LinuxKernel (SLERTE11 SP3: multiple vulnerabilities).Ubuntu has updated mysql-5.5(14.10, 14.04, 12.04: multiple vulnerabilities), openjdk-6 (12.04, 10.04: multiplevulnerabilities), openjdk-7 (14.10, 14.04:multiple vulnerabilities), and php5 (14.10,14.04, 12.04, 10.04: multiple vulnerabilities).
O'Reilly has posted anexcerpt from Puppet Best Practices, an upcoming book about thePuppet system configuration tool. It's a good place to look for thosewanting an introduction to how Puppet works. "Puppet can be somewhatalien to technologists who have a background in automation scripting. Wheremost of our scripts scripts are procedural, Puppet is declarative. While adeclarative language has many major advantages for configurationmanagement, it does impose some interesting restrictions on the approacheswe use to solve common problems."
NetworkWorld takesa look at two VMWare projects that are aimed at running containersinside the VM. "VMware has created Photon as an OS that can run in vSphere. VMware says it’s a “lightweight†Linux OS that has only the basic elements required to package applications in containers and run them inside virtual machines. Because of its minimalist feature set, Project Photon is meant to boot up quickly, which is a key advantage of using containers.Project Photon supports many container image platforms, including thosefrom Docker (which is both an open source container runtime and the name ofthe company that is commercializing it), as well as container images fromCoreOS (called “rktâ€) and Pivotal (named “Gardenâ€)." VMWare alsoannounced a beta version of Project Lightwave, "which is an identity and access management tool meant to provide an extra security layer for containers."
Version 4.0 of theArdour audio editing system is available. This release features Windowssupport, more flexible audio support (JACK is no longer required), a lot ofuser-interface work, and official OS X and Windows support.
PacketFence is a free network accesscontrol system; the 5.0release is now available. Changes include a new active clusteringmode, better device fingerprinting, better performance monitoring, theelimination of plaintext passwords, and more.
At his blog, Christian Schaller announcesthat Red Hat has joined the KhronosGroup, the consortium behind (among other things) the OpenGLstandard. Schaller notes that "the reason we are joining isbecause of all the important changes that are happening in Graphicsand GPU compute these days and our wish to have more direct input ofthe direction of some of these technologies. Our efforts are likely tofocus on improving the OpenGL specification by proposing some newextensions to OpenGL, and of course providing input and help withmoving the new Vulkan standard forward."
It has been roughly a year and a half since the last release of the GNU Hurd operatingsystem, so it may be of interest to some readers that GNU Hurd 0.6 has beenreleased along withGNU Mach 1.5 (the microkernel that Hurdruns on) and GNU MIG 1.5 (the Mach Interface Generator, whichgenerates code to handle remote procedure calls). New features includeprocfs and random translators; cleanups and stylistic fixes, some of whichcame from static analysis; message dispatching improvements; integerhashing performance improvements; a split of the init server into astartup server and an init program based on System V init; and more. "GNU Hurd runs on 32-bit x86 machines. A version running on 64-bit x86(x86_64) machines is in progress. Volunteers interested in ports toother architectures are sought; please contact us (see below) if you'dlike to help.To compile the Hurd, you need a toolchain configured to target i?86-gnu;you cannot use a toolchain targeting GNU/Linux. Also note that youcannot run the Hurd "in isolation": you'll need to add further componentssuch as the GNU Mach microkernel and the GNU C Library (glibc), to turnit into a runnable system."
On his blog, Josh Boyer looks at the choice of the 4.0 kernel for Fedora 22. While the underpinnings of the live kernel patching feature have been merged, even when it is fully operational it is probably not something that Fedora (and perhaps other distributions) will use often (or at all). "In reality, we might not ever really leverage the live patching functionality in Fedora itself. It is understandable that people want to patch their kernel without rebooting, but the mechanism is mostly targeted at small bugfixes and security patches. You cannot, for example, live patch from version 4.0 to 4.1. Given that the Fedora kernel rebases both from stable kernel (e.g. 3.19.2 to 3.19.3) and major release kernels over the lifetime of a Fedora release, we don't have much opportunity to build the live patches."
In the first two installments in this series on plotting tools(which covered gnuplot and matplotlib), we introduced tools for creating plots and graphs, and used the termsinterchangeably to refer to the typical scientific plot relating oneset of quantities to another. In this article we use the term "graph"in its mathematical, graph-theory context, meaning a set of nodes connected byedges. There is a strong family resemblance among graph-theory graphs,flowcharts, and network diagrams—so much so that some of the sametools can be coerced into creating all of them. We will now surveyseveral mature free-software systems for building these typesof visualizations. At least one of these tools will likely be useful if youare ever in need of an automated way to diagram source-codeinterdependencies, make an organizational chart, visualize a computernetwork, or organize a sports tournament. We will start with agraphical charting tool and a flexible graphing system that can easily be called by other programs.
The first half of our report from the Python LanguageSummit is now available. Subscribers can click below to access reports from five sessions held before lunch covering topics like the atomicity of Python operations, making Python 3 more attractive to developers, PyParallel, infrastructure for Python development, and Python 3 adoption. We will be adding more reports to this page as they become available.
Open Invention Network (OIN) has announced that it hasupdated its Linux System patent non-aggression coverage. "For thisupdate, 115 new packages will be added to the Linux System, out of almost 800 proposed by various parties. Key additions are the referenceimplementations of the popular Go and Lua programming languages, Nginx,Openshift, and development tools like CMake and Maven. This update willrepresent an increase of approximately 5% of the total number of packagescovered in the Linux System, a reflection of the incremental and disciplinednature of the update process."
A beta version of Plasma 5.3 has been released.This release features enhanced power management, better Bluetoothcapabilities, improved Plasma widgets, a tech preview of Plasma MediaCenter, big steps towards Wayland support, and lots of bug fixes.
Arch Linux has updated ruby (man-in-the-middle attack).CentOS has updated openssl (C5: multiple vulnerabilities).Debian-LTS has updated ia32-libs (multiple vulnerabilities).Oracle has updated openssl (OL5: multiple vulnerabilities).Red Hat has updated kernel(RHEL6.4: privilege escalation).Scientific Linux has updated xorg-x11-server (SL7, SL6: information leak/denial of service).Ubuntu has updated apport (14.10,14.04: privilege escalation), libx11,libxrender (14.10, 14.04, 12.04: code execution), and ntp (14.10, 14.04, 12.04: multiple vulnerabilities).
The Document Foundation's project Document Liberation looks at its progressduring the past year. "During 2014, members of the project released a new framework library,called librevenge, which contains all the document interfaces and helpertypes, in order to simplify the dependency chain. In addition, they starteda new library for importing Adobe PageMaker documents, libpagemaker,written as part of Google Summer of Code 2014 by Anurag Kanungo.Existing libraries have also been extended with the addition of moreformats, like libwps with the addition of Microsoft Works Spreadsheet andDatabase by Laurent Alonso. He is now working on adding support for Lotus1-2-3, which is one of the most famous legacy applications for personalcomputers. Laurent has also added support for more than twenty legacy Macformats to libmwaw."
Jan HubiÄka has posted a lengthydiscussion of the optimization improvements found in the upcomingGCC 5.0 release. "Identical code folding is a new pass(contributed by Martin LiÅ¡ka, SUSE) looking for functions with the samecode and variables with the same constructors. If some are found, one copyis removed and replaced one by an alias to another where possible. This isespecially important for C++ code bases that tend to contain duplicatedfunctions as a result of template instantiations."
Linus has released the 4.0 kernel right onschedule. "Feature-wise, 4.0 doesn't have all that muchspecial. Much have been made of the new kernel patching infrastructure, butrealistically, that not only wasn't the reason for the version numberchange, we've had much bigger changes in other versions. So this is verymuch a 'solid code progress' release." Beyond the (incomplete)live-patching mechanism, this release includes the removal of theremap_file_pages() system call, improved persistent memory support, the lazytime mount option, and thekernel address sanitizer.
Aaron Turon has posted alengthy introduction to concurrency in the Rust programming language."Every data type knows whether it can safely be sent between oraccessed by multiple threads, and Rust enforces this safe usage; there areno data races, even for lock-free data structures. Thread safety isn't justdocumentation; it's law."
Arch Linux has updated mediawiki (multiple vulnerabilities).CentOS has updated xorg-x11-server (C7: information leak/denial of service).Debian has updated dpkg(integrity-verification bypass).Fedora has updated arj (F21:multiple vulnerabilities),echoping (F20; F21: multiple vulnerabilities), and python-dulwich (F20; F21:code execution).Mageia has updated batik(M4: information leak), chromium-browser-stable (M4: multiple vulnerabilities), jakarta-taglibs-standard (M4: code execution), less (M4: information leak), mediawiki (M4: multiple vulnerabilities), openldap (M4: denial of service), qt-creator (M4: key-verification failure), suricata (M4: denial of service), and xerces-c (M4: denial of service).Mandriva has updated arj(BS1: multiple vulnerabilities), less(BS1,2: information leak), mediawiki (BS1: multiple vulnerabilities), and ntp (BS1,2: multiple vulnerabilities).Oracle has updated xorg-x11-server (O6; O7: information leak/denial of service).Red Hat has updated qemu-kvm-rhev (RHEL OSP: privilege escalation) and xorg-x11-server (RHEL6,7: information leak/denial of service).Scientific Linux has updated krb5 (SL6: multiple vulnerabilities).SUSE has updated libXfont(SLE12: multiple vulnerabilities).Ubuntu has updated dpkg (integrity-verification bypass).
As was discussed in this LWN article, theX.Org Foundation recently held an election to choose four board members anddecide whether to change the organization's by-laws to enable it to becomea member of Software in the Public Interest (SPI). The resultsare now available. The board members elected are Peter Hutterer, MartinPeres, Rob Clark, and Daniel Vetter. The measure to change the by-laws didnot pass, though, despite receiving only two "no" votes, because therequired two-thirds majority was not reached.
The Linux Foundation (LF) has announcedthat it will serve as host of the Let's Encryptproject, as well as the Internet Security Research Group (ISRG).Let's Encrypt is the free, automated SSL/TLS certificate authoritythat was announced in November 2014 by the Electronic Frontier Foundation(EFF) to provide TLS certificates for every domain on the web. ISRG isthe non-profit organization created to spearhead efforts like Let'sEncrypt (which, as of now, is ISRG's only public project). In the LFannouncement, executive director Jim Zemlin notes that "byhosting this important encryption project in a neutral forum we canaccelerate the work towards a free, automated and easy securitycertification process that benefits millions of people around theworld."
LWN.net