LWN Headlines

A proposal for an always-releasable Debian

Lars Wirzenius and Russ Allbery have posted an essay calling for changes in how the Debian release cycle works; it is mostly aimed at reducing the length of freezes to something close to zero. "The fundamental change is to start keeping our "testing" branch as close to releasable as possible, at all times. For individual projects, this corresponds to keeping the master or trunk branch in version control ready to be released. Practitioners of agile development models, for example, do this quite successfully, by applying continuous integration, automatic testing, and by having a development culture that if there's a severe bug in master, fixing that gets highest priority."

PacketFence 4.0 released

PacketFence is a free network access control system — the system that decides whether you get to use the local WiFi network, for example. Version 4.0 is now available. "Packet Fence 4.0 introduces a brand new modern, fast and responsive web administrative interface. It also simplifies the definition of authentication sources in one place and allows dynamic computation of roles. The portal profiles can now be entirely managed from the web interface, simplifying their definitions and eliminating possible configuration mistakes."

Fedora account system (FAS) potential information disclosure

Fedora project leader Robyn Bergeron has announced an information disclosure bug in the Fedora account system that may have exposed certain types of information (hashed passwords, security questions and encrypted answers, etc.) from unapproved members. It has been present since 2008, but could only be exploited by authenticated users, furthermore: Review of logs has shown no cases where this bug was used in our production account system, however our staging version was also vulnerable and we are unable to confirm the information was not accessed there. Moving forward, additional logging will be added to our staging infrastructure.

We recommend (but do not require) that all users take this time to change their passwords, update their security questions/answers and review their other account information.

New Zealand Government Announces That Software Will No Longer Be Patentable (Forbes)

Forbes is reporting that the New Zealand government has banned patents on software. "In doing this, New Zealand is essentially taking the position that existing laws provides enough protection to software as it is; patents only serve to stifle innovation because of the ever-looming threat of being sued by so-called patent troll companies. [...] During its consideration of the bill, the committee received many submissions opposing the granting of patents for computer programs on the grounds it would stifle innovation and restrict competition. Internet New Zealand said [Commerce Minister Craig] Foss' decision to amend the Patents Bill drew to a close 'years of wrangling between software developers, ICT players and multinational heavyweights over the vexed issue of patentability of software'."

PyPy 2.0 released

The PyPy 2.0 release is available; PyPy is a performance-oriented reimplementation of the Python 2 interpreter. "This is a stable release that brings a swath of bugfixes, small performance improvements and compatibility fixes. PyPy 2.0 is a big step for us and we hope in the future we'll be able to provide stable releases more often." Headline features include stackless and greenlet support, a new interface to C modules, and more.

Raspberry Pi operating systems: 5 reviewed and rated (Techradar)

Those looking for alternative distributions (or even operating systems) for their Raspberry Pi may want to take a peek at Techradar's review of five choices for the diminutive ARM-based computer. The article looks at Raspbian, Risc OS, Plan 9, Android, and Arch; it evaluates and rates each one on a variety of criteria: The areas we're looking at are installation, default software, media playback (out-of-the-box), looks and usability, the community behind the OS and their respective attitudes toward software freedom. Basically, the very stuff that makes a Linux user decide on what system to use.

We also want to gauge this from the point of view of someone who's not as familiar with Linux as others are, so they can jump into the project without too much hassle, and not end up leaving it feeling disheartened.

"Click packages" for Ubuntu

Ubuntu is considering adopting a new package format for third-party applications that would be simpler for developers to work with. This format would not replace dpkg in the Ubuntu system itself. "So the scope of what I've been considering is purely leaf apps built on a fixed 'base system', which in the case of the initial target of the Ubuntu phone/tablet work would be the run-time part of the Ubuntu SDK."

[$] (Nearly) full tickless operation in 3.10

On a typical Linux system, each running CPU will be diverted between 100 and 1000 times each second by the periodic timer interrupt. That interrupt is the CPU's cue to reconsider which process should be running, catch up with read-copy-update (RCU) callbacks, and generally handle any necessary housekeeping. This periodic "tick" can be reasonably compared to the infamous big kernel lock (BKL): it is convenient to have around, but it also has an effect on performance that makes developers wish to abolish it. The key difference might be that getting rid of the timer tick has taken rather longer than was required to eliminate the BKL. The 3.10 kernel will take an important step in that direction, though, with the addition of the "full NOHZ" mode — but a lot of limitations still apply.

Garrett: A short introduction to TPMs

Matthew Garrett has posted an introduction to the trusted platform module (TPM) chip and what can be done with it. "I've been working on TPMs lately. It turns out that they're moderately awful, but what's significantly more awful is basically all the existing documentation. So here's some of what I've learned, presented in the hope that it saves someone else some amount of misery."

New stable kernels

A fresh batch of new stable kernels is now available. Greg Kroah-Hartman has released 3.8.9, 3.4.42, and 3.0.75, while Ben Hutchings has released 3.2.44. Each release includes the usual battery of important fixes and updates.

UPDATE: Greg Kroah-Hartman has subsequently released 3.8.10, which fixes a build error in 3.8.9 when compiling with user namespaces enabled.

Friday's security updates

CentOS has updated mysql (C6; multiple vulnerabilities).

Fedora has updated qemu (F18; host file disclosure).

Mandriva has updated curl (session hijacking) and subversion (ES5, BS1; multiple vulnerabilities).

openSUSE has updated icedtea-web (multiple vulnerabilities).

Oracle has updated mysql (multiple vulnerabilities).

Red Hat has updated mysql (multiple vulnerabilities).

Scientific Linux has updated mysql (SL6; multiple vulnerabilities).

Ubuntu has updated mysql (multiple vulnerabilities).

Development Update, Schedule, and Funds (OpenShot blog)

Hot on the heels of a successful Kickstarter campaign, the OpenShot video editor project has announced its schedule (still targeting December 2013, more detailed plan coming soon) and a switch to Qt 5. "One of the biggest decisions we have made so far is to switch the user interface toolkit that OpenShot uses from GTK+ to Qt. We have carefully considered our options, and our team believes it is the only reasonable path forward. A few big contributing factors to choosing Qt was the performance of embedding HTML and JavaScript (for our timeline and curve editing widgets), native-looking widget rendering (on Mac, Windows, and Linux), improved tools for designing interfaces, and the easy ability to use OpenGL to display our video preview widget."

Deloget: The SoC GPU driver interview

In a lengthy blog post, Emmanuel Deloget interviews nine developers of GPU drivers and tools for ARM system-on-chip (SoC) devices. Questions range from the status of various projects and how the projects got started to intra-project collaboration and the future of the ARM platform. The developers and projects are: Connor Abbot - Open GPU Tools, Eric Faye-Lund - grate (for Tegra GPUs), Herman H. Hermitage - Videocore (for Broadcom GPUs), Luc Verhaegen - lima (for MALI GPUs), Matthias Gottschlag - Videocore (for Broadcom GPUs), Rob Clark - freedreno (for Adreno GPUs), Thierry Reding - grate (for Tegra GPUs), Scott Mansell - Videocore (for Broadcom GPUs), and Wladimir J. van der Laan - etna_viv (for Vivante GPUs).

Shuttleworth: The Supercalifragilisticexpialidocious Scorpionfish. Not.

On his blog, Mark Shuttleworth dashes the hopes of those looking for a Mary Poppins-inspired release name for Ubuntu 13.10. "Slipping the phrase 'ring ring' into the codename of 13.04 was, frankly, a triumph of linguistic engineering. And I thought I might quit on a high ... For a while, there was the distinct possibility that Rick's Rolling Release Rodeo would absolve me of the twice-annual rite of composition that goes into the naming of a new release. That, together with the extent of my travels these past few months, have left me a little short in the research department." No spoilers here, other than: the name is two words, an adjective and an animal, both of which start with "S".

Pages