Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Yet To Push Patch For "Shellshock" Bug

timothy posted 3 days ago | from the everyone-has-their-reasons dept.

Bug 208

An anonymous reader writes "Open source operating systems vulnerable to the Shellshock bug have already pushed two patches to fix the vulnerability, but Apple has yet to issue one for Mac OS X. Ars Technica speculates that licensing issues may be giving Apple pause: "[T]he current [bash] version is released under the GNU Public License version 3 (GPLv3). Apple has avoided bundling GPLv3-licensed software because of its stricter license terms....Apple executives may feel they have to have their own developers make modifications to the bash code."" It's also worth noting that there are still flaws with the patches issued so far. Meanwhile, Fedora Magazine has published an easy-to-follow description of how Shellshock actually works. The Free Software Foundation has also issued a statement about Shellshock.

OpenMandriva Lx 2014.1 Released

timothy posted 3 days ago | from the tradition-of-heritage dept.

KDE 29

jrepin writes OpenMandriva is proud to announce the release of OpenMandriva Lx 2014.1 distribution of the GNU/Linux operating system. Most of developers efforts were focused on reducing system boot up time and memory usage. This version brings Linux kernel 3.15.10 (with special patches for desktop system performance, responsiveness, and realtime capabilities), KDE Software Compilation 4.13.3, Xorg 1.15.1, Mesa 10.2.6, LibreOffice 4.3.1, Firefox 32, GNU bash with latest security fixes, and many other updated software packages.

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

timothy posted 4 days ago | from the oy-oy-oy dept.

OS X 316

The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.

Remote Exploit Vulnerability Found In Bash

Soulskill posted 5 days ago | from the don't-bash-bash dept.

Security 399

kdryer39 sends this news from CSO: A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux, and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

Counter-Strike: Global Offensive Premieres On Linux, 2 Years After Windows

timothy posted about a week ago | from the man-this-is-a-long-party dept.

Upgrades 93

An anonymous reader writes Counter-Strike: Global Offensive has finally been released for Linux two years after its Windows debut. The game is reported to work even on the open-source Intel Linux graphics drivers, but your mileage may vary. When it comes to the AMD and NVIDIA drivers, NVIDIA continues dominating for Linux gaming over AMD with Catalyst where there's still performance levels and other OpenGL issues.

Fedora 21 Alpha Released

timothy posted about a week ago | from the every-release-represents-years-of-work dept.

Red Hat Software 37

An anonymous reader writes Fedora 21 Alpha has been released. After encountering multiple delays, the first development version is out for the Fedora.NEXT and Fedora 21 products. Fedora 21 features improved Wayland support, GNOME 3.14, many updated packages, greater server and cloud support, and countless other improvements with Fedora 20 already being nearly one year old.

Outlining Thin Linux

Soulskill posted about a week ago | from the tux-on-a-diet dept.

Operating Systems 221

snydeq writes: Deep End's Paul Venezia follows up his call for splitting Linux distros in two by arguing that the new shape of the Linux server is thin, light, and fine-tuned to a single purpose. "Those of us who build and maintain large-scale Linux infrastructures would be happy to see a highly specific, highly stable mainstream distro that had no desktop package or dependency support whatsoever, so was not beholden to architectural changes made due to desktop package requirements. When you're rolling out a few hundred Linux VMs locally, in the cloud, or both, you won't manually log into them, much less need any type of graphical support. Frankly, you could lose the framebuffer too; it wouldn't matter unless you were running certain tests," Venezia writes. "It's only a matter of time before a Linux distribution that caters solely to these considerations becomes mainstream and is offered alongside more traditional distributions."

Fork of Systemd Leads To Lightweight Uselessd

timothy posted about a week ago | from the not-big-and-fancy dept.

Open Source 468

An anonymous reader writes A boycott of systemd and other backlash around systemd's feature-creep has led to the creation of Uselessd, a new init daemon. Uselessd is a fork of systemd 208 that strips away functionality considered irrelevant to an init system like the systemd journal and udev. Uselessd also adds in functionality not accepted in upstream systemd like support for alternative C libraries (namely uClibc and musl) and it's even being ported to BSD.

Native Netflix Support Is Coming To Linux

Soulskill posted about two weeks ago | from the a-pittance-of-love dept.

Cloud 178

sfcrazy writes: Native support for Netflix is coming to Linux, thanks to their move from Silverlight to HTML5, Mozilla and Google Chrome. Paul Adolph from Netflix proposed a solution to Ubuntu developers: "Netflix will play with Chrome stable in 14.02 if NSS version 3.16.2 or greater is installed. If this version is generally installed across 14.02, Netflix would be able to make a change so users would no longer have to hack their User-Agent to play." The newer version of NSS is set to go out with the next security update.

Torvalds: No Opinion On Systemd

Soulskill posted about two weeks ago | from the linus-not-swearing-at-people dept.

Open Source 385

An anonymous reader writes:Linux creator Linus Torvalds is well-known for his strong opinions on many technical things. But when it comes to systemd, the init system that has caused a fair degree of angst in the Linux world, Torvalds is neutral. "When it comes to systemd, you may expect me to have lots of colorful opinions, and I just don't," Torvalds says. "I don't personally mind systemd, and in fact my main desktop and laptop both run it." Torvalds added, "I think many of the 'original ideals' of UNIX are these days more of a mindset issue than necessarily reflecting reality of the situation. There's still value in understanding the traditional UNIX "do one thing and do it well" model where many workflows can be done as a pipeline of simple tools each adding their own value, but let's face it, it's not how complex systems really work, and it's not how major applications have been working or been designed for a long time. It's a useful simplification, and it's still true at some level, but I think it's also clear that it doesn't really describe most of reality."

Digia Spins Off Qt As Subsidiary

Soulskill posted about two weeks ago | from the musical-overlords dept.

Open Source 33

DeviceGuru writes: Following through on an announcement from August, Digia has spun off a subsidiary called The Qt Company to unify Qt's commercial and open source efforts, and debuted a low-cost plan for mobile developers. The Linux-oriented Qt cross-platform development framework has had a tumultuous career, having been passed around Scandinavia over the years from Trolltech to Nokia and then from Nokia to Digia. Yet, Qt keeps rolling along in both commercial and open source community versions, continually adding support for new platforms and technologies, and gaining extensive support from mobile developers. Now Qt is its own company, or at least a wholly owned subsidiary under Digia. Finland-based Digia has largely been involved with the commercial versions of Qt since it acquired the platform from Nokia in 2012, but it has also sponsored the community Qt Project as a relatively separate project. Now, both efforts are being unified under one roof at The Qt Company and the new QT.io website, says Digia. Meanwhile, Digia will focus on its larger enterprise software business.

New Global Plan Would Crack Down On Corporate Tax Avoidance

Soulskill posted about two weeks ago | from the bring-our-benjamins-home dept.

Businesses 324

HughPickens.com writes: Reuters reports that plans for a major rewriting of international tax rules have been unveiled by the Organisation for Economic Co-operation and Development (OECD) that could eliminate structures that have allowed companies like Google and Amazon to shave billions of dollars off their tax bills. For more than 50 years, the OECD's work on international taxation has been focused on ensuring companies are not taxed twice on the same profits (and thereby hampering trade and limit global growth). But companies have been using such treaties to ensure profits are not taxed anywhere. A Reuters investigation last year found that three quarters of the 50 biggest U.S. technology companies channeled revenues from European sales into low tax jurisdictions like Ireland and Switzerland, rather than reporting them nationally.

For example, search giant Google takes advantage of tax treaties to channel more than $8 billion in untaxed profits out of Europe and Asia each year and into a subsidiary that is tax resident in Bermuda, which has no income tax. "We are putting an end to double non-taxation," says OECD head of tax Pascal Saint-Amans.For the recommendations to actually become binding, countries will have to encode them in their domestic laws or amend their bilateral tax treaties. Even if they do pass, these changes are likely 5-10 years away from going into effect.
Speaking of international corporate business: U.K. mainframe company Micro Focus announced it will buy Attachmate, which includes Novell and SUSE.

KDevelop 4.7.0 Released

samzenpus posted about two weeks ago | from the check-it-out dept.

KDE 48

KDE Community (3396057) writes "KDevelop team is proud to announce the final release of KDevelop 4.7.0. This release is special, as it marks the end of the KDE4 era for us. As such, KDevelop 4.7.0 comes with a long-term stability guarantee. The CMake support was improved and extended to ensure that all idioms needed for KF5 development are available. The unit test support UI was polished and several bugs fixed. In the same direction, some noteworthy issues with the QtHelp integration were addressed. KDevelop's PHP language support now handles namespaces better and can understand traits aliases. Furthermore, some first fruits of the Google summer of code projects are included in this release. These changes pave the path toward better support for cross compile toolchains. Feature-wise, KDevelop now officially supports the Bazaar (bzr) version control system. On the performance front, it was possible to greatly reduce the memory footprint when loading large projects with several thousand files in KDevelop. Additionally, the startup should now be much faster."

Robot Operating System To Officially Support ARM Processors

Soulskill posted about two weeks ago | from the more-cpu-options-for-your-terminator dept.

Operating Systems 33

DeviceGuru writes: The Open Source Robotics Foundation (OSRF), which maintains the open source Robot Operating System (ROS), has announced its first formal support for an ARM target. The organization will add support for the Qualcomm Snapdragon 600, a smartphone-oriented, quad-core, Cortex-A15-like system-on-chip running up to 1.7GHz. The Linux version of ROS for Snapdragon 600 will be available in Q4 of this year, with the Android version due in the first half of 2015. The OSRF will test, refine, and fully integrate support for the ARM instruction set architecture into ROS development efforts. OSRF will also perform ongoing maintenance to support ROS on the Snapdragon 600.

City of Turin To Switch From Windows To Linux and Save 6M Euros

Soulskill posted about two weeks ago | from the frugal-tux dept.

Government 249

jrepin writes: The municipality of Turin in Italy hopes to save 6 million Euro over five years by switching from Windows XP to Ubuntu Linux in all of its offices. The move will mean installing the open source operating system on 8,300 PCs, which will generate an immediate saving of roughly €300 per machine (almost €2.5m altogether, made up from the cost of Windows and Office licences) — a sum that will grow over the years as the need for the renewal of proprietary software licences vanishes, and the employees get used to the new machines.

Harvard's CompSci Intro Course Boasts Record-Breaking Enrollment

Soulskill posted about two weeks ago | from the i-bet-you-liked-programming-before-it-was-cool dept.

Education 144

alphadogg writes: Harvard College's CS50, the school's Introduction to Computer Science course for undergrads, has attracted about 1 in 8 students this fall — a new record for the school and yet another sign of just how hot this field is becoming for the job-hungry. Overall, 818 undergrads (or 12% of the student body) signed up for the challenging course this semester (PDF), and nearly 900 students are registered when factoring in graduate and cross-registered students. Topics on the syllabus include Linux, cryptography, HTML and JavaScript. David Malan, a Harvard CompSci grad, teaches the course.

The State of ZFS On Linux

Soulskill posted about three weeks ago | from the ready-for-the-big-show dept.

Data Storage 370

An anonymous reader writes: Richard Yao, one of the most prolific contributors to the ZFSOnLinux project, has put up a post explaining why he thinks the filesystem is definitely production-ready. He says, "ZFS provides strong guarantees for the integrity of [data] from the moment that fsync() returns on a file, an operation on a synchronous file handle is returned or dirty writeback occurs (by default every 5 seconds). These guarantees are enabled by ZFS' disk format, which places all data into a Merkle tree that stores 256-bit checksums and is changed atomically via a two-stage transaction commit.. ... Sharing a common code base with other Open ZFS platforms has given ZFS on Linux the opportunity to rapidly implement features available on other Open ZFS platforms. At present, Illumos is the reference platform in the Open ZFS community and despite its ZFS driver having hundreds of features, ZoL is only behind on about 18 of them."

Learning About Enea's Real Time Linux Embedded OS (Video)

Roblimo posted about three weeks ago | from the not-quite-real-time-but-almost dept.

Linux 27

Jon Aldama is the Product Marketing Manager for Enea A.B., but he prides himself on being a developer first and a marketer second -- a point he stresses early in today's video. Enea is behind Operating System Embedded, whose Wikipedia page, some say, "appears to be written like an advertisement," which an unkind person could also say about the Enea A.B. Wikipedia page. In any case, Enea works with the Linux Foundation's Yocto Project workgroup, whose main webpage says, "It's not an embedded Linux distribution – it creates a custom one for you." This is all open source, which Jon says is a big corporate principle at Enea -- and he should know, since his previous job was as an Open Source Compliance Officer and Software Analyst at Ericsson. (Alternate Video Link)

Is It Time To Split Linux Distros In Two?

samzenpus posted about three weeks ago | from the programming-of-solomon dept.

Programming 282

snydeq writes Desktop workloads and server workloads have different needs, and it's high time Linux consider a split to more adequately address them, writes Deep End's Paul Venezia. You can take a Linux installation of nearly any distribution and turn it into a server, then back into a workstation by installing and uninstalling various packages. The OS core remains the same, and the stability and performance will be roughly the same, assuming you tune they system along the way. Those two workloads are very different, however, and as computing power continues to increase, the workloads are diverging even more. Maybe it's time Linux is split in two. I suggested this possibility last week when discussing systemd (or that FreeBSD could see higher server adoption), but it's more than systemd coming into play here. It's from the bootloader all the way up. The more we see Linux distributions trying to offer chimera-like operating systems that can be a server or a desktop at a whim, the more we tend to see the dilution of both. You can run stock Debian Jessie on your laptop or on a 64-way server. Does it not make sense to concentrate all efforts on one or the other?"

Slashdot Login

Need an Account?

Forgot your password?