All posts by jake

The Licensing and Compliance Lab interviews AJ Jordon of gplenforced.org (FSF Blog)

Post Syndicated from jake original https://lwn.net/Articles/723828/rss

The Free Software Foundation’s blog is carrying an interview with AJ Jordon, who runs the gplenforced.org site to support GPL enforcement efforts and to help other projects indicate their support. “gplenforced.org is a small site I made that has exactly two purposes: host a badge suitable for embedding into a README file on GitLab or something, and provide some text with an easy and friendly explanation of GPL enforcement for that badge to link to.

Putting badges in READMEs has been pretty trendy for a while now — people add badges to indicate whether their test suite is passing, their dependencies are up-to-date, and what version is published in language package managers. gplenforced.org capitalizes on that trend to add the maintainer’s beliefs about license enforcement, too.”

[$] Progress on the Gilectomy

Post Syndicated from jake original https://lwn.net/Articles/723514/rss

At the 2016 Python Language Summit, Larry Hastings introduced Gilectomy, his project to remove
the global interpreter lock (GIL) from CPython. The GIL serializes access
to the Python interpreter, so it severely limits the performance of
multi-threaded Python programs. At the 2017 summit, Hastings was back to
update attendees on the progress he has made and where Gilectomy is headed.

[$] The state of bugs.python.org

Post Syndicated from jake original https://lwn.net/Articles/723513/rss

In a brief session at the 2017 Python Language Summit, Maciej Szulik gave
an update on the state and plans for bugs.python.org (bpo). It is the Roundup-based bug tracker for
Python; moving to GitHub has not changed that. He described the work that
two Google Summer of Code (GSoC) students have done to improve the bug
tracker.

[$] New CPython workflow issues

Post Syndicated from jake original https://lwn.net/Articles/723418/rss

As part of a discussion in 2014 about where to host some of
the Python repositories,
Brett Cannon was delegated the task of determining where they should end
up. In early 2016, he decided that Python’s
code and
other repositories (e.g. PEPs) should land at GitHub;
at last year’s language
summit, he gave an overview of where things
stood with a few repositories that had made the conversion. Since that
time, the CPython
repository has made the switch and he wanted to discuss some of the
workflow issues surrounding that move at this year’s summit.

[$] System monitoring with osquery

Post Syndicated from jake original https://lwn.net/Articles/723589/rss

Your operating system generates a lot run-time data and statistics that
are useful for monitoring system security and performance. How you get this
information depends on the operating system you’re running. It could be a
from report in a fancy GUI, or obtained via a specialized API, or simply text
values read from the filesystem in the case of Linux and
/proc. However, imagine if you could get this data via
an SQL query, and obtain the output as a database table or JSON
object. This is exactly what osquery lets
you do on Linux, macOS, and Windows.

[$] Python 3.6.x, 3.7.0, and beyond

Post Syndicated from jake original https://lwn.net/Articles/723252/rss

Ned Deily, release manager for the Python 3.6 and 3.7 series, opened
up the 2017
edition of the Python Language Summit
with a look at the release
process and where things stand. It was an “abbreviated update” to his talk at last year’s summit, he said. He
looked to the future for 3.6 and 3.7, but also looked a bit beyond those two.

This is the start of LWN’s coverage of the language summit; look for more articles over the next week or so.

[$] Vulnerability hoarding and Wcry

Post Syndicated from jake original https://lwn.net/Articles/722924/rss

A virulent ransomware worm attacked a wide swath of Windows
machines worldwide in mid-May. The malware, known as Wcry, Wanna, or
WannaCry, infected a number of systems at high-profile organizations as
well as striking at critical pieces of the infrastructure—like hospitals, banks,
and train stations. While the threat seems to have largely abated—for
now—the origin of some of its code, which is apparently the US National Security
Agency (NSA), should give one pause.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/722589/rss

Security updates have been issued by Debian (kde4libs), Fedora (elfutils, libplist, mediawiki, and xen), Red Hat (chromium-browser and ghostscript), Scientific Linux (ghostscript), SUSE (kernel and MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk), and Ubuntu (firefox, lightdm, openjdk-8, and openvpn).

Hashemi: The Many Layers of Packaging

Post Syndicated from jake original https://lwn.net/Articles/722508/rss

On his blog, Mahmoud Hashemi has an in-depth look at Python packaging, but much of it is applicable to packaging software in any language. “Python was designed to be cross-platform and runs in countless environments. But don’t take this to mean that Python’s built-in tools will carry you anywhere you want to go. I can write a mobile app in Python, does it make sense to install it on my phone with pip? As you’ll see, a language’s built-in tools only scratch the surface.

So, one by one, I’m going to describe some code you want to ship, followed by the simplest acceptable packaging process that provides that repeatable deployment process we crave.” (Thanks to Paul Wise.)

[$] Randomizing structure layout

Post Syndicated from jake original https://lwn.net/Articles/722293/rss

Kees Cook is working on a series of patches
for C structure randomization
to improve security in the Linux
kernel. This is an important part of obfuscating the internal binary layout
of a running kernel, making kernel exploits harder. The randstruct
plugin is a new GCC add-on that lets the compiler randomize the layout of C
structures. When
enabled, the plugin will scramble the layout of the kernel structures that
are specifically designated for randomization.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/722464/rss

Security updates have been issued by Arch Linux (flashplugin, freetype2, ghostscript, kauth, kdelibs, lib32-flashplugin, lib32-freetype2, lib32-libtirpc, libtirpc, rpcbind, and smb4k), Debian (git, qemu-kvm, and tomcat7), Mageia (feh, kernel, lxterminal, and thunderbird), openSUSE (swftools), and SUSE (flash-player, qemu, and tomcat).

[$] Free-software concerns with Europe’s radio directive

Post Syndicated from jake original https://lwn.net/Articles/722197/rss

At the 2017 Free
Software Legal and Licensing Workshop
(LLW), Max Mehl presented some
concerns about EU
radio equipment directive
(RED) that was issued in 2014. The worry is
that the directive will lead device makers to lock down their hardware,
which will preclude users from installing alternative free software on
it. The problem is reminiscent of a similar
situation in the US
, but that one has seemingly been resolved in favor of users—at least for now.

[$] License compliance in the open-source supply chain

Post Syndicated from jake original https://lwn.net/Articles/721698/rss

The supply chain in the open-source world is lengthy and global; it also
suffers from compliance problems with the GPL and other licenses. The OpenChain project was created
to help the companies in the supply chain with their compliance. At the
2017 Free
Software Legal and Licensing Workshop
(LLW), OpenChain program manager
Shane Coughlan described the project, some of its history, the release
of version 1.1 of its specification
, and more.

Android/Mobile microconference accepted into Linux Plumbers Conference

Post Syndicated from jake original https://lwn.net/Articles/721982/rss

The Android/Mobile microconference has been accepted for this year’s Linux Plumbers Conference (LPC), which will be held in Los Angeles, CA, US on 13-15 September in
conjunction with The Linux Foundation Open Source Summit. “Android continues to find interesting new applications and problems
to solve, both within and outside the mobile arena. Mainlining
continues to be an area of focus, as do a number of areas of core
Android functionality, including the kernel. Other areas where there
is ongoing work include eBPF, Lowmemory alternatives, the Android
emulator, and SDCardFS.