LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, September 25th, 2014

    Time Event
    12:59a
    [$] LWN.net Weekly Edition for September 25, 2014
    The LWN.net Weekly Edition for September 25, 2014 is available.
    3:22p
    Thursday's security updates

    Debian has updated iceweasel (signature forgery) and nss (signature forgery).

    Fedora has updated bash (F20; F19: code injection), moodle (F20: multiple vulnerabilities), not-yet-commons-ssl (F20; F19: hostname verification botch), phpMyAdmin (F20; F19: privilege escalation), procmail (F19: code execution), wireshark (F20: yet another pile of dissector flaws), and xerces-j2 (F20; F19: denial of service from 2013).

    Gentoo has updated bash (code injection) and bash (fix to the previous update for the code injection vulnerability).

    Mageia has updated bash (code injection), curl (M4; M3: cookie handling), php-pear-CAS (privilege escalation), and wireshark (yet another pile of dissector flaws).

    Mandriva has updated bash (code injection), curl (two cookie-handling vulnerabilities), nss (signature forgery), and wireshark (yet another pile of dissector flaws).

    Oracle has updated bash (OL7; OL6; OL5 OL4: code injection).

    Scientific Linux has updated bash (code injection).

    Slackware has updated bash (code injection) and mozilla (signature forgery).

    SUSE has updated bash (SLE11SP3, SLE10SP4; SLE11SP1: code injection) and bash (SLE10SP3: two vulnerabilities, one from 2012).

    Ubuntu has updated bash (14.04, 12.04, 10.04: code injection), firefox (14.04, 12.04: signature forgery), nss (14.04, 12.04, 10.04: signature forgery), and thunderbird (14.04, 12.04: signature forgery).

    8:20p
    Bugging out: How rampant online piracy squashed one insect photographer (Ars Technica)
    As many in the free-software world know, copyright is, at best, a double-edged sword. Copyright law is what allows the various free and open-source licenses, but enforcing that copyright (i.e. adherence to the license) is expensive and time-consuming. Ars Technica has the tale of a bug photographer who details his woes in trying to protect his photographs. "While the stereotypical copyright story pits private users against large corporate rights-holders, real-world cases are often more complex. After all, most content creators are private, and many content users—as well as content infringers—are corporate. The corporate infringements are the most frustrating, as I live off photo licenses issued to corporations in the same sectors.

    Licensing only works in a world where commercial content users like these must obtain permission from content creators. As long as I have the right to dispense permission, I am in a position to earn back the roughly $50 I spend to create each photograph. Money is time; I use my time to invest in more images, and the cycle continues. This is how copyright is supposed to work, and most of my photographs could not exist without it.    "
    9:28p
    Mahinovs: Distributing third party applications via Docker?
    On his blog, Aigars Mahinovs considers an alternative to Lennart Poettering's recent thoughts about how Linux systems should be constructed. Mahinovs advocates a Docker-based approach.

    "Third party application developer writes a new game for Linux. As his target he chooses one of the "application runtime" Docker images on Docker Hub. Let's say he chooses the latest Debian stable release. In that case he writes a simple Dockerfile that installs his build-dependencies and compiles his game in "debian-app-dev:wheezy" container. The output of that is a new folder containing all the compiled game resources and another Dockerfile - this one describes the runtime dependencies of the game. Now when a docker image is built from this compiled folder, it is based on "debian-app:wheezy" container that no longer has any development tools and is optimized for speed and size. After this build is complete the developer exports the Docker image into a file. This file can contain either the full system needed to run the new game or (after #8214 is implemented) just the filesystem layers with the actual game files and enough meta-data to reconstruct the full environment from public Docker repos. The developer can then distribute this file to the end user in the way that is comfortable for them."

    << Previous Day 2014/09/25
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org