Post Syndicated from coogle original https://lwn.net/Articles/835037/rss

Security updates have been issued by Gentoo (freetype), openSUSE (mailman), Red Hat (firefox, java-11-openjdk, OpenShift Container Platform 3.11.306 jenkins, and rh-maven35-jackson-databind), SUSE (kernel, mercurial, openldap2, python-pip, and xen), and Ubuntu (firefox, netty-3.9, and python-pip).

Post Syndicated from coogle original https://lwn.net/Articles/834973/rss

Security updates have been issued by Arch Linux (freetype2), Debian (bluez, firefox-esr, and freetype), Fedora (firefox), openSUSE (chromium), Oracle (kernel), Red Hat (java-11-openjdk), Slackware (kernel), SUSE (freetype2, gnutls, kernel, php7, and tomcat), and Ubuntu (flightgear, italc, libapache2-mod-auth-mellon, libetpan, and php-imagick).

Post Syndicated from coogle original https://lwn.net/Articles/834672/rss

Recently, PHP 8 release candidate 2 was posted by the
project. A lot of changes are coming with this release, including a just-in-time compiler, a good number of
backward-compatibility breaks, and new features that developers have been
requesting for years. Now that the dust has settled, and the community is
focusing on squashing bugs for the general-availability release scheduled for November 26, it’s a good
time to look at what to expect.

Post Syndicated from coogle original https://lwn.net/Articles/834502/rss

Security updates have been issued by Fedora (dnf, kernel, libdnf, python27, and python34), SUSE (blktrace, crmsh, php7, and php72), and Ubuntu (containerd, docker.io, firefox, htmlunit, and newsbeuter).

Post Syndicated from coogle original https://lwn.net/Articles/834416/rss

Security updates have been issued by Arch Linux (chromium), Debian (httpcomponents-client), Fedora (claws-mail), SUSE (bcm43xx-firmware, crmsh, libqt5-qtimageformats, libqt5-qtsvg, php53, php7, and rubygem-activesupport-4_2), and Ubuntu (php5, php7.0, php7.2, php7.4, python2.7, python3.4, python3.5, python3.6, and vim).

Post Syndicated from coogle original https://lwn.net/Articles/833717/rss

Recently, John Bafford
revived a years-long conversation on expanding the syntax of the PHP
foreach statement to include iterating solely over keys. Bafford,
who wrote a
patch and request for
comments (RFC) on the matter back in 2016, hopes to update his work and
convince the community to adopt the abbreviated syntax in PHP 8.1. The
community took Bafford’s general idea and expanded it into other areas of the
language.

Post Syndicated from coogle original https://lwn.net/Articles/833624/rss

A recent proposal on the python-ideas mailing list would add a new way to
represent floating-point infinity in the language. Cade Brown
suggested the change; he cited a few different reasons for it, including
fixing an inconsistency in the way the string representation of infinity is
handled in the language. The discussion that followed branched in a few
directions, including adding a constant for “not a number” (NaN) and a more
general discussion of the inconsistent way that Python handles expressions
that evaluate to infinity.

Post Syndicated from coogle original https://lwn.net/Articles/833560/rss

The first preview of Ruby version 3.0 was released
on September 25. It includes better support for type checking, additional
language features, and two new experimental features: a parallel execution
mechanism called Ractor, and
Scheduler,
which provides concurrency improvements.

Post Syndicated from coogle original https://lwn.net/Articles/832550/rss

Keeping device firmware up-to-date can be a challenge for end users. Firmware
updates are often important for correct behavior, and they can have security
implications as well. The Linux Vendor Firmware
Service (LVFS) project is playing an increasing role in making firmware
updates more straightforward for both end users and vendors; LVFS
just announced its 20-millionth firmware download. Since
even a wireless mouse dongle can pose a security threat, the importance
of simple, reliable, and easily applied firmware updates is hard to
overstate.

Post Syndicated from coogle original https://lwn.net/Articles/832111/rss

Recently, the Mercurial project has
been discussing its plans to migrate away from the compromised SHA-1 hashing algorithm in favor of
a more secure alternative. So far, the discussion is in the planning stages
of algorithm selection and migration strategy, with a general transition plan
for users. The project, for the moment, is favoring the BLAKE2 hashing algorithm.

Post Syndicated from coogle original https://lwn.net/Articles/831783/rss

Python
3.9.0rc2 was released on September 17, with the final version scheduled
for October 5, roughly a year after the release of Python 3.8. Python 3.9
will come with new operators for dictionary unions, a new parser, two string
operations meant to eliminate some longstanding confusion, as well as
improved time-zone handling and type hinting. Developers may need to do some
porting for code coming from Python 3.8 or earlier, as the new release has
removed several previously-deprecated features still lingering from Python
2.7.

Post Syndicated from coogle original https://lwn.net/Articles/831664/rss

As the PHP project nears its 8.0 release, which is currently slated for late
November, there are a number of interesting things to report from its
development mailing list. For one, the syntax of the attributes feature has
finally been settled on after an acrimonious debate largely over the minutiae
of the voting process. In addition, some releases were made and a new
proposal to add any() and all() as core library functions
was discussed.

Post Syndicated from coogle original https://lwn.net/Articles/831556/rss

Moment.js, the de facto standard
JavaScript library for date and time manipulation, has announced that “we
would like to discourage Moment from being used in new projects going
forward.” The project cited multiple reasons for the recommendation.
The first is that moment objects are mutable; another is the
unnecessarily large size of the library when compared to other
internationalization and time-zone support options available to modern
browsers. According to the post, “we now generally consider Moment to
be a legacy project in maintenance mode. It is not dead, but it is indeed
done.” The project offers multiple recommendations of alternative
options, including “the evolution of Moment“, Luxon, authored by long-time Moment.js
contributor Isaac Cambron.

Post Syndicated from coogle original https://lwn.net/Articles/830902/rss

In 2018, three former GnuPG developers began
work on Sequoia, a new implementation
of OpenPGP in Rust. OpenPGP is an open standard for data
encryption, often used for secure email; GnuPG is an implementation of that
standard. The GPLv2-licensed Sequoia is heading
toward version 1.0, with a handful
of issues remaining to be addressed. The project’s founders believe that
there is much to be desired in GnuPG, which is the de facto standard
implementation of OpenPGP today. They hope to fix this with a
reimplementation of the specification using a language with features that
will help protect users from common types of memory bugs.

Post Syndicated from coogle original https://lwn.net/Articles/830411/rss

Back in 2014, a Raspberry Pi
enthusiast by the name of Michael Teeuw
shared his build of a “magic mirror” with the world in a six-part series.
The system consisted of a Raspberry Pi and monitor running a web browser in
kiosk mode, with a web server that provided a dashboard interface — all
stored in a custom-built case with a one-way mirror. Since his
post, others around
the world have built these devices for their home (including myself),
forming both a community and an interesting open-source project. The recent
release of MagicMirror² (MM2) version 2.12.0 gives us an
opportunity to learn more about where the project started and where it is
today.

Post Syndicated from coogle original https://lwn.net/Articles/830206/rss

New to the forthcoming PHP 8.0 release is a feature called match
expressions, which is a construct designed to address several shortcomings in
PHP’s switch statement. While it took three separate
request-for-comment (RFC) proposals in order to be accepted, the new
expression eventually received broad support for inclusion.

Post Syndicated from coogle original https://lwn.net/Articles/829622/rss

Our previous article explored
the fundamentals of Flutter, a
cross-platform open-source user-interface (UI) toolkit. We complete our
introduction of Flutter by returning to the simple LWN RSS feed headline viewer that was
introduced in part one. We will be adding several new features to that
application in part two, including interactive elements to demonstrate some
of the UI features of Flutter.

Post Syndicated from coogle original https://lwn.net/Articles/829636/rss

The X.Org project has announced the release of xorg-server version 1.20.9. Among other improvements are numerous fixes to XWayland, including a bug that could cause an infinite loop at startup as well as other potential crash fixes. The release also addresses several security issues that can “lead to local privileges elevation on systems where the X server is running privileged.” Users of xorg-server are encouraged to upgrade.

Post Syndicated from coogle original https://lwn.net/Articles/829489/rss

OpenSCAD is a GPLv2-licensed 3D computer-aided design (CAD) program
best described as a “programmer’s CAD”; it is available for
Linux, Windows, several flavors of BSD, and macOS. Unlike the majority of 3D-modeling software packages which are
point-and-click, the OpenSCAD website describes the project as
“something like a 3D compiler“, where models are generated using
a scripting language. It is a unique way of approaching CAD and has many
real-world applications that may be of interest.

Post Syndicated from coogle original https://lwn.net/Articles/829204/rss

CAELinux is a distribution focused on
computer-aided
engineering (CAE) maintained by Joël Cugnoni. Designed with students and
academics in mind, the distribution is loaded with open-source software that
can be used to model everything from pig livers to airfoils. Cugnoni’s latest
release, CAELinux
2020, was made on August 11; readers with engineering interests may want
to take a look.