feed2list lesezeichen · · · · · ·
zurückVerzeichnis  |  zurückSuchliste bookmark
   
website LWN.net
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
text SSL fix flags forged certificates before they're accepted by browsers (Ars Technica)
2012-05-24T14:57:12+00:00

Over at Ars Technica, Dan Goodin writes about Trust Assertions for Certificate Keys (TACK), a proposed extension to SSL/TLS designed to discover fake certificates before they are accepted. "The opt-in system works by allowing SSL sites to sign valid SSL certificates, the domain name, and an expiration date with a TACK key. Once an end user has visited the site a few times using a TACK-compatible browser, a 'pin' for that site is activated on the user's computer. If the end user later encounters a forged certificate for that same site—as was the case when DigiNotar was breached—the browser will reject the session and return a warning to the user." One of TACK's co-creators is Moxie Marlinspike, who proposed the Convergence alternative certificate-management framework in 2011.


feed text Fedora 17 ARM Beta Release
2012-05-25T16:24:29+00:00
A Fedora 17 beta for ARM is now available. There are a number of images provided for various targets ("QEMU, Trimslice, Beagleboard XM and iMX based hardware platforms.") " We invite you to take part in making Fedora 17 for ARM a solid release by downloading, testing, and providing your valuable feedback. Please join us on the IRC in #fedora-arm on Freenode or send feedback and comments to the ARM mailing list. "
text Android Malware Genome Project launched (The H)
2012-05-24T22:34:50+00:00
The H covers the debut of the Android Malware Genome Project by researchers from North Carolina State University. The team "has already collected more than 1,200 samples of Android malware, including GingerMaster and DroidKungFu, and has organised them into various malware families. [Xuxian] Jiang told Dark Reading that 'the purpose is to engage the research community to better our understanding of mobile threats and develop effective solutions against them.'" Access to the data set, however, is restricted.
text RPM 4.10 released
2012-05-24T19:39:03+00:00
Panu Matilainen announces the release of RPM 4.10.0. Most of the changes targeted robustness and correctness, but a few new features crept in as well, including support for parsing the tilde (~) operator in package version numbers.
text Thursday's security updates
2012-05-24T18:18:21+00:00

Debian has updated sudo (privilege escalation) and libxml2 (arbitrary code execution).

Mandriva has updated ES 5.0 firefox (multiple vulnerabilities).

Ubuntu has updated net-snmp (denial of service).

text GCC Explorer - an interactive take on compilation
2012-05-24T13:23:00+00:00
Matt Godbolt announces GCC explorer, a web-based tool for exploring how code tweaks change the machine code emitted by the compiler. "Particularly with some of the newer features of C++11 — lambdas, move constructors, threading primitives etc — it’s nice to be able to see how your elegant code becomes beautiful (and maybe even fairly optimal) machine code." The GCC explorer code is on github for those who want to set up their own instance.
text [$] LWN.net Weekly Edition for May 24, 2012
2012-05-24T01:24:34+00:00
The LWN.net Weekly Edition for May 24, 2012 is available.
text Google wins patent case against Oracle
2012-05-23T18:22:40+00:00
Groklaw has the news: the jury in Oracle v. Google has found that Google did not infringe any of Oracle's patents.
text Simon Phipps is the new OSI President (The H)
2012-05-23T17:54:33+00:00
The H covers an announcement by the Open Source Initiative that Simon Phipps is the new president of the organization. "Phipps has already been spearheading an OSI reform process, working with the rest of the board to open up the organisation. That process has led to the creation of Open Source Initiative affiliation, bringing the Apache Software Foundation, FreeBSD, Eclipse, Mozilla, Debian, and Creative Commons, along with other organisations, on board as affiliates. "There will be further developments in that scheme soon, and we'll have much more to announce in other areas as the year progresses" said Phipps by email."
text Wednesday's security updates
2012-05-23T17:43:32+00:00
Mandriva has updated 2011.0: wireshark (denial of service).

Oracle has updated postgresql, postgresql84 (OL6; OL5: multiple vulnerabilities), OL5: postgresql (multiple vulnerabilities), OL5: kvm (multiple vulnerabilities), and OL6: bind-dyndb-ldap (denial of service).

Red Hat has updated RHEL5&6: flash-plugin (code execution).

SUSE has updated SLE10 SP4: openssl (exploitable vulnerabilities).

Ubuntu has updated 12.04: feedparser (denial of service).

text LLVM 3.1 released
2012-05-23T15:00:23+00:00
Version 3.1 of the LLVM compiler suite is out. "This release represents approximately 6 months of development over LLVM 3.0, delivers a vast range of improvements and new features. Some of the most visible features include greatly expanded C++'11 support in Clang (including lambdas, initializer lists, constexpr, user-defined literals, and atomics); AddressSanitizer, a fast memory error detection tool which uses instrumentation to find bugs; "instruction bundles" support in the late code generator, allowing much better support for VLIW targets; an ARM integrated assembler which speeds up ARM compile time and enables new features for the ARM target; major enhancements to the MIPS backend (including support for MIPS64); a new port for the Qualcomm Hexagon VLIW processor, Python bindings, and much much more." See the release notes for details.
text A Tale of Two Pwnies (Part 1)
2012-05-22T22:00:05+00:00
For those interested in complex exploits: the Chromium Blog describes how a sequence of six independent bugs was exploited to execute code within the Chromium browser. "Even though Chrome’s renderers execute inside a stricter sandbox than the GPU process, there is a special class of renderers that have IPC interfaces with elevated permissions. These renderers are not supposed to be navigable by web content, and are used for things like extensions and settings pages. However, Pinkie found another bug (117417) that allowed an unprivileged renderer to trigger a navigation to one of these privileged renderers, and used it to launch the extension manager. So, all he had to do was jump on the extension manager’s IPC channel before it had a chance to connect."
text Mageia 2 is out
2012-05-22T21:10:48+00:00
Mageia 2 has been released. "Mageia 2 is available as Live CDs, install DVDs and a netinstall CD, and is available in various languages for easy download, from FTP, HTTP, or torrents." The release notes are here. LWN previewed this release last April.
text Stable kernel 2.6.34.12
2012-05-22T21:10:37+00:00
Paul Gortmaker has released stable kernel 2.6.34.12. If you are running a 2.6.34.x kernel you'll want this release.
text [$] A uTouch architecture introduction
2012-05-22T19:50:36+00:00
[uTouch diagram] As the Linux desktop increases in popularity, the user interface experience has become increasingly important. For example, most laptops today have multitouch capabilities that have yet to be fully exposed and exploited in the free software ecosystem. Soon we will be carrying around multitouch tablets with a traditional Linux desktop or similar foundation. In order to provide a high-quality and rich experience we must fully exploit multitouch gestures. The uTouch stack developed by Canonical aims to provide a foundation for gestures on the Linux desktop.

Click below (subscribers only) for an overview of the architecture of uTouch contributed by uTouch hacker Chase Douglas.