|
| LWN.net
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
GNOME design team member Allan Day writes about ideas in GNOME 3 application design on his blog. In the article, he looks at the use of maximized windows, views, primary toolbars, and more. The design team is documenting these ideas in a new version of the GNOME Human Interface Guidelines (HIG). "There are many other application design patterns that we've been working on, including application menus, a new grid view for displaying collections of content, in-app notifications, new models for dialogs, nice full screen controls and a sidebar list pattern. Together, these provide the opportunity to create applications that efficient, modern, elegant, and a pleasure to use."
Over on his blog, Harald Welte comments on GPL enforcement in light of the Busybox/Toybox controversy. "In any kind of GPL enforcement, you of course not only want the complete corresponding source code to one program, but to all of the GPL/LGPL/AGPL or otherwise copyleft licensed programs contained in the product. We at gpl-violations.org have always been requesting the complete corresponding source code to all GPL licensed software during our communication with the infringing companies. This request was typically honored by everyone, without the need to apply any pressure onto it. After all, releasing only one bit of code causes the risk to get sued by somebody else who owns the other not-yet-compliant part of the code. [...] Now there have been rumors that SFC was not only requesting non-Busybox source code, but also making it a condition for the explicit re-instatement of the license on Busybox. Whether or not there was such a hard condition is subject to debate and there are different opinions on it. For those in the field of FOSS licensing, it has always known that there are different lines of thought with regard to the requirement to explicit reinstatement. We in Germany generally think that it is not required at all, and the existing preliminary injunctions at least implicitly acknowledge that as they enjoin companies from distributing a product as long as it is not in compliance with the license. In other (particularly the U.S.), it is generally assumed that explicit reinstatement is required."
CentOS has updated C5: kernel (multiple vulnerabilities).
Fedora has updated F15: firefox
(multiple vulnerabilities), F15:
thunderbird (multiple vulnerabilities), F15: xulrunner (multiple vulnerabilities), F15: perl-gtk2-mozembed (multiple
vulnerabilities), F15:
gstreamer-plugins-bad-free (multiple vulnerabilities), F15: libvpx (multiple vulnerabilities), F15: gnome-python2-extras (multiple
vulnerabilities), F15:
thunderbird-lightning (multiple vulnerabilities), and F15: znc (denial of service).
Ubuntu has updated openssl (multiple
vulnerabilities) and php (multiple vulnerabilities).
The first official releases of the Wayland display system, now split into
two pieces called "Wayland" and "Weston," are now
available. What's not immediately available is a lot of information about
what capabilities are in this release or how usable it is. "Wayland
is the protocol and IPC mechanism while Weston is the reference compositor
implementation. The 0.85 branch in both repositories is going to be
protocol and interface stable. We have a series of protocol changes on the
table before 1.0 but this branch marks a stable point before we jump into
that."
The Chromium Blog has an
overview of the new JavaScript features expected in a major revision of
the language next year. "A proxy simulates a JavaScript object or
function, and can customize just about any aspect of their behaviour that
you can imagine. This is a real power feature, that takes reflection to a
new level and can be used to implement various advanced abstractions and
interfaces."
Well, that was quick. The jury in a patent lawsuit against eight companies that use "interactive web" technologies has found the Eolas Technologies patent to be invalid, according to a report at ars technica. "[Tim] Berners-Lee took to Twitter to cheer the decision. 'Texas jury agreed Eolas 906 patent invalid,' he wrote. 'Good thing too!'
[...]
Companies that depend on the open Web hailed the verdict. 'We are pleased that the court found the patents invalid, as it affirms our assertion that the claims are without merit,' a Google spokesperson told Ars."
The Lima driver project has released the code for its open source graphics driver supporting the Mali-200 and Mali-400 GPUs. "The aim of this driver is to finally bring all the advantages of open source software to ARM SoC graphics drivers. Currently, the sole availability of binary drivers is increasing development and maintenance overhead, while also reducing portability, compatibility and limiting choice. Anyone who has dealt with GPU support on ARM, be it for a linux with a GNU stack, or for an android, knows the pain of dealing with these binaries. Lima is going to solve this for you, but some time is needed still to get there." (Thanks to Paul Wise.)
CentOS has updated squirrelmail (C4; C5:
multiple vulnerabilities) and mysql (C6:
multiple unspecified vulnerabilities).
Debian has updated icedove (multiple
vulnerabilities) and cvs (remote code execution).
Fedora has updated ettercap (F15; F16:
insecure settings file), mysql (F16:
multiple unspecified vulnerabilities), maniadrive (F16:
PHP remote code execution), php (F16:
remote code execution), php-eaccelerator
(F16: remote code execution), and samba
(F16: denial of service).
Mandriva has updated wireshark
(multiple vulnerabilities).
openSUSE has updated firefox
(multiple vulnerabilities), curl
(authentication bypass), powerdns (denial
of service), kernel (11.3; 11.4: multiple
vulnerabilities), kvm (two
vulnerabilities), tomcat6 (multiple
vulnerabilities), apache2 (11.3; 11.4: multiple
vulnerabilities), squid3 (denial of
service), gnutls (denial of service), dovecot20 (certificate spoofing), (two vulnerabilities), ruby (multiple vulnerabilities), curl (multiple vulnerabilities), firefox (multiple vulnerabilities), nginx (code execution), lighttpd (denial of service), sysconfig (code execution), and opera (multiple vulnerabilities).
Oracle has updated squirrelmail (OL4; OL5:
multiple vulnerabilities) and mysql (OL6:
multiple unspecified vulnerabilities).
Red Hat has updated squirrelmail
(RHEL 4&5: multiple vulnerabilities), libxml2 (RHEL 5.6: code execution), mysql (RHEL 6: multiple unspecified vulnerabilities), and kernel (RHEL 5: multiple vulnerabilities).
Scientific Linux has updated squirrelmail (SL4&5: multiple
vulnerabilities) and mysql (SL6: multiple
unspecified vulnerabilities).
SUSE has updated xulrunner (SLE 11
SP1: multiple vulnerabilities) and firefox
(SLE 10 SP4: multiple vulnerabilities).
Here's a variant on the "untrustworthy SSL certificate authority" theme: this
ComputerWorld story describes how Trustwave issued a "subordinate root"
certificate to a private company. That allowed said company to stamp out
certificates for any domains it liked and conduct man-in-the-middle attacks
against SSL traffic from its internal network. "Trustwave defended
itself by saying that the issuing of subordinate roots to private
companies, so they can inspect the SSL-encrypted traffic that passes
through their networks, is a common practice in the industry."
Ars technica is reporting on a patent trial taking place in ... you guessed it ... East Texas that could have quite an impact on the web as we know it. Eolas Technologies is suing eight companies including Google and Yahoo for $600 million in a series of four trials, the first of which (to determine the validity of the patents) could go to the jury today.
"Today, Doyle and his lawyers say he?s owed royalty payments for the use of a stunning array of modern Web technologies. Watching online video, having a "search suggestion" pop up in a search bar, or even rotating an image of a sweater you might want to buy on an online shopping site?all are said to infringe on the idea-space of Doyle and his company, Eolas Technologies."
Newsfeed display by CaRP |