Wednesday, July 24th, 2013

Time	Event
2:12p	Miller: Proposal for a more agile "Fedora.next" Fedora cloud architect Matthew Miller has posted some notes describing his vision for a more successful and widely used Fedora distribution. "This is a vision for the future. The Fedora Core idea can get started now, and the ideas beyond that are for development over a longer term. That doesn't mean never, and there are some specific things at the higher level to get started on now, but I'm not suggesting to change everything all crazily. We're not throwing out what have." (Comment on this)
4:22p	Security advisories for Wednesday CentOS has updated qemu-kvm (privilege escalation). Fedora has updated file-roller (F18: path traversal), kernel (F18: denial of service), libkdcraw (F18; F19: code execution), libzrtpcpp (F18; F17: multiple vulnerabilities), ortp (F18; F17: multiple vulnerabilities), and twinkle (F18; F17: multiple vulnerabilities). Today's update to Fedora 18 libkdcraw triggered a mass "security" update to over one hundred KDE packages, all pointing to, but not affected by, the libraw security issue. Mandriva has updated libxml2 (denial of service). openSUSE has updated java-1_6_0-openjdk (multiple vulnerabilities), libxml2 (denial of service), php5 (multiple vulnerabilities), and python-django (multiple vulnerabilities). Red Hat has updated ruby193-ruby (SSL server spoofing). SUSE has updated java-1_6_0-openjdk (multiple vulnerabilities). (Comment on this)
4:40p	Android 4.3 Google has announced the existence of Android 4.3. It includes a host of new features, some of which may be more welcome than others. "To meet the needs of the next generation of media services, Android 4.3 introduces a modular DRM framework that enables media application developers to more easily integrate DRM into their own streaming protocols, such as MPEG DASH (Dynamic Adaptive Streaming over HTTP, ISO/IEC 23009-1)." There is no word on general availability or when this code will be available through the Android Open Source Project. (Comment on this)
6:21p	Feds put heat on Web firms for master encryption keys (CNET) CNET is reporting that the US government has been requesting the private SSL/TLS keys of major internet firms. Without perfect forward secrecy (which is rarely used on today's internet), that would allow the US to decode HTTPS traffic—even retroactively. It's not clear which, if any, internet companies have turned over those keys. "It's not entirely clear whether federal surveillance law gives the U.S. government the authority to demand master encryption keys from Internet companies. 'That's an unanswered question,' said Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society. 'We don't know whether you can be compelled to do that or not.'" (Comment on this)
8:43p	[$] What's missing from our changelogs Having just worked through another merge window's worth of patches, your editor started wondering if our changelogs were always as good as they should be. A bit of scripting later, a picture of sorts has emerged; as one might expect, the results were not always entirely encouraging. Click below (subscribers only) for a Kernel Page article on where patch changelogs fall short. (Comment on this)

<< Previous Day

2013/07/24 [Calendar]

Next Day >>