All posts by jake

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/838469/rss

Security updates have been issued by Arch Linux (go, libxml2, postgresql, and wireshark-cli), Debian (drupal7 and lxml), Fedora (drupal7, java-1.8.0-openjdk-aarch32, libxml2, pacemaker, slurm, and swtpm), openSUSE (c-ares, ceph, chromium, dash, firefox, go1.14, java-1_8_0-openjdk, kernel, krb5, perl-DBI, podman, postgresql10, postgresql12, rclone, slurm, ucode-intel, wireshark, wpa_supplicant, and xen), SUSE (ceph, firefox, kernel, LibVNCServer, and python), and Ubuntu (freerdp, poppler, and xdg-utils).

[$] Mutt releases version 2.0

Post Syndicated from jake original https://lwn.net/Articles/837960/rss

The venerable email client Mutt
has just reached version 2.0. Mutt is different from
the type of client that has come to dominate the email landscape—for one
thing, it has no graphical interface. It has a long history that is worth a bit of a look,
as are its feature set and extensive customizability. Version 2.0 brings
several enhancements to Mutt’s interface, configurability, and convenience,
as well. In this article, readers who are
unfamiliar with Mutt will learn about a different way to deal with the
daily chore of wrangling their inboxes, while Mutt experts may discover
some new sides to an old friend.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/837915/rss

Security updates have been issued by CentOS (firefox), Fedora (chromium, microcode_ctl, mingw-libxml2, seamonkey, and xen), openSUSE (slurm_18_08 and tor), Oracle (thunderbird), SUSE (buildah, firefox, go1.14, go1.15, krb5, microcode_ctl, perl-DBI, podman, postgresql12, thunderbird, ucode-intel, wireshark, wpa_supplicant, and xen), and Ubuntu (firefox and phpmyadmin).

Paalanen: Developing Wayland Color Management and High Dynamic Range

Post Syndicated from jake original https://lwn.net/Articles/837844/rss

Over on the Collabora blog, Pekka Paalanen writes
about adding color management and high dynamic range (HDR) support to the
Wayland display server
protocol. X11 already has support for color management tools and workflow, but not HDR, and
Wayland currently doesn’t support either, but Paalanen and others are working
to change that. “As color management is all about color spaces and
gamuts, and high dynamic range (HDR) is also very much about color spaces
and gamuts plus extended luminance range, Sebastian [Wick] and I decided that
Wayland color management extension should cater for both from the
beginning. Combining traditional color management and HDR is a fairly new
thing as far as I know, and I’m not sure we have much prior art to base
upon, so this is an interesting research journey as well. There is a lot of
prior art on HDR and color management separately, but they tend to have
fundamental differences that makes the combination not obvious.

GCompris releases version 1.0 to celebrate 20 years

Post Syndicated from jake original https://lwn.net/Articles/837843/rss


The GCompris project,
which provides a “high quality educational software suite, including
a large number of activities for children aged 2 to 10
“, has announced its 1.0
release
, which celebrates the 20th anniversary of the project. It
includes more than 100 activities, a new Dataset selection in the Activity
Settings menu for more than 50 activities, and four new activities,
including an Analog Electricity activity to simulate and learn about circuits.
KDE.news covered
the release
: “We have built the activities to follow the
principles of ‘nothing succeeds like success’ and that children, when
learning, should be challenged, but not made to feel threatened. Thus,
GCompris congratulates, but does not reprimand; all the characters the
child interacts with are friendly and supportive; activities are brightly
colored, contain encouraging voices and play upbeat, but soothing music.

The hardware requirements for running GCompris are extremely low and it
will run fine on older computers or low-powered machines, like the
Raspberry Pi. This saves you and your school from having to invest in new
and expensive equipment and it is also eco-friendly, as it reduces the
amount of technological waste that is produced when you have to renew
computers to adapt to more and more power-hungry software. GCompris works
on Windows, Android and GNU/Linux computers, and on desktop machines,
laptops, tablets and phones.”

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/837767/rss

Security updates have been issued by Arch Linux (chromium and firefox), CentOS (bind, curl, fence-agents, kernel, librepo, libvirt, microcode_ctl, python, python3, qt and qt5-qtbase, resource-agents, and tomcat), Debian (drupal7, firefox-esr, jupyter-notebook, packer, python3.5, and rclone), Fedora (firefox), Mageia (firefox, nss), openSUSE (gdm, kernel-firmware, and moinmoin-wiki), Oracle (net-snmp), SUSE (libzypp, zypper), and Ubuntu (c-ares).

[$] OpenWrt and self-signed certificates

Post Syndicated from jake original https://lwn.net/Articles/837491/rss

The move to secure most or all of web traffic using HTTPS is generally a
good thing; lots of personal information is exchanged via web browsers,
after all. Using HTTPS requires web sites to have TLS certificates,
however, which has sometimes been an impediment, though Let’s Encrypt has generally solved that
problem for many. But there are systems out there that may need the HTTPS
protection before their owners even have a chance to procure a certificate,
IoT devices and home routers, for example. An October discussion among OpenWrt developers explored this problem a bit.

[$] Changed-block tracking and differential backups in QEMU

Post Syndicated from jake original https://lwn.net/Articles/837053/rss

The block layer of QEMU, the open-source
machine emulator and virtualizer, forms the backbone of many storage
virtualization features
: the QEMU Copy-On-Write (QCOW2) disk-image file format,
disk image chains, point-in-time snapshots, backups, and more. At the
recently concluded 2020 KVM Forum
virtual event, Eric Blake gave a talk
on the current work in QEMU and libvirt
to make differential backups more powerful. As the name implies,
“differential backups” address the efficiency problems of full disk
backups: space usage and speed of backup creation.

youtube-dl repository restored at GitHub

Post Syndicated from jake original https://lwn.net/Articles/837343/rss

The GitHub repository
for the youtube-dl
utility, which is used to download video content from various web sites
(including YouTube, thus the name), has been restored. As we reported in last week’s
edition, GitHub had taken the repository down due to a DMCA
notice
from the Recording Industry Association of America (RIAA). The
only change
made to youtube-dl
is the removal of some tests that downloaded a few seconds of certain music videos; those
videos were specifically targeted by the RIAA in its complaint.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/837105/rss

Security updates have been issued by Debian (libproxy, pacemaker, and thunderbird), Fedora (nss), openSUSE (kernel), Oracle (curl, librepo, qt and qt5-qtbase, and tomcat), Red Hat (firefox), SUSE (firefox, java-1_7_0-openjdk, and openldap2), and Ubuntu (apport, libmaxminddb, openjdk-8, openjdk-lts, and slirp).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/836994/rss

Security updates have been issued by Debian (codemirror-js, firefox-esr, and pacemaker), Fedora (firefox, java-latest-openjdk, and xen), openSUSE (sddm), Oracle (bind, curl, fence-agents, kernel, librepo, libvirt, python3, qt and qt5-qtbase, and tomcat), SUSE (firefox), and Ubuntu (intel-microcode, openldap, and raptor2).

[$] The RIAA, GitHub, and youtube-dl

Post Syndicated from jake original https://lwn.net/Articles/836830/rss

Toward the end of October, GitHub removed the repository for the youtube-dl utility, which provides a means to
download video content from various streaming sites, such as YouTube.
The repository was replaced
with a cheery notice that it had been
removed due to a DMCA
takedown
. It will likely come as no surprise that the DMCA action came
from the Recording Industry Association of America (RIAA) or that the
complaint was that the program circumvented the “technological
protection measures
” used on the videos by YouTube and other authorized sites.

[$] KVM for Android

Post Syndicated from jake original https://lwn.net/Articles/836693/rss

A Google project aims to bring the Linux kernel virtualization
mechanism, KVM, to Android systems. Will Deacon leads that effort and he
(virtually) came to KVM Forum to
discuss the project, its goals, and some of the challenges it has faced.
Unlike some Android projects of the past, though, “protected KVM” is being
worked on in the open, with code going upstream along the way.

OSS EU and ELC EU videos available

Post Syndicated from jake original https://lwn.net/Articles/836505/rss

The 2020 editions of Open Source Summit Europe (OSS EU) and Embedded Linux Conference Europe (ELC EU) were held virtually October 26-30, along with some other events (KVM Forum, Linux Security Summit, and more). The videos, Q&A, and presentations from those conferences are now available to all at the event site through the month of November. The videos will also be posted to YouTube during the month so that they will be available for the future. The schedule is available as well.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/836467/rss

Security updates have been issued by Debian (sddm and wordpress), Fedora (blueman, chromium, pngcheck, and salt), openSUSE (chromium, salt, tiff, tigervnc, tmux, tomcat, transfig, and xen), Oracle (freetype, kernel, libX11, thunderbird, and xorg-x11-server), SUSE (bluez, ImageMagick, java-1_8_0-openjdk, rmt-server, salt, and u-boot), and Ubuntu (dom4j, firefox, netqmail, phpldapadmin, and tmux).