[$] Resurrecting the SuperH architecture

By n8willis Processor architectures are far from trivial; untold millions of
dollars and many thousands of hours have likely gone into the creation
and refinement of the x86 and ARM architectures that dominate the
CPUs in Linux boxes today. But that does not mean that x86 and ARM are the only
architectures of value, as Jeff Dionne, Rob Landley, and Shumpei
Kawasaki illustrated in their LinuxCon Japan session “Turtles all the
way down: running Linux on open hardware.” The team has been working
on breathing new life into a somewhat older architecture that offers
comparable performance to many common system-on-chip (SoC)
designs—and which
can be produced as open hardware.

Click below (subscribers only) for the full report from LinuxCon Japan.

From: LWN

Share

Huston: Multipath TCP

By corbet Geoff Huston has written a lengthy
column
on multipath TCP. “For many scenarios there is little
value in being able to use multiple addresses. The conventional behavior is
where each new session is directed to a particular interface, and the
session is given an outbound address as determined by local
policies. However, when we start to consider applications where the binding
of location and identity is more fluid, and where network connections are
transient, and the cost and capacity of connections differ, as is often the
case in todays mobile cellular radio services and in WiFi roaming services,
then having a session that has a certain amount of agility to switch across
networks can be a significant factor.
” (See also: LWN’s look at the Linux multipath TCP
implementation from 2013).

From: LWN

Share

Inside NGINX: How We Designed for Performance & Scale

By corbet The folks behind the NGINX web server have put up a
highly self-congratulatory article
on how the system was designed.
NGINX scales very well to support hundreds of thousands of
connections per worker process. Each new connection creates another file
descriptor and consumes a small amount of additional memory in the worker
process. There is very little additional overhead per connection. NGINX
processes can remain pinned to CPUs. Context switches are relatively
infrequent and occur when there is no work to be done.

From: LWN

Share

Security updates for Wednesday

By ris

Arch Linux has updated cups (two vulnerabilities).

Debian has updated cups (two vulnerabilities).

Debian-LTS has updated libapache-mod-jk (information disclosure) and libraw (denial of service).

Oracle has updated abrt (OL7:
multiple vulnerabilities) and kernel (OL6: multiple vulnerabilities).

Red Hat has updated abrt (RHEL7:
multiple vulnerabilities), flash-plugin
(RHEL5,6: multiple vulnerabilities), and kernel (RHEL6; RHEL6.2: multiple vulnerabilities).

Scientific Linux has updated kernel (SL6: multiple vulnerabilities).

Ubuntu has updated cups (15.04,
14.10, 14.04, 12.04: two vulnerabilities) and qemu, qemu-kvm (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

From: LWN

Share

[$] Obstacles to contribution in embedded Linux

By corbet Tim Bird has worked with embedded Linux for many years; during this time he
has noticed an unhappy pattern: many of the companies that use and modify
open-source software are not involved with the communities that develop
that software. That is, he said, “a shame.” In an attempt to determine
what is keeping companies from contributing to the kernel in particular,
the Consumer Electronics Linux
Forum
(a Linux Foundation workgroup) has run
a survey of embedded kernel developers. The resulting picture highlights
some of the forces keeping these developers from engaging with the
development community and offers some ideas for improving the situation.

From: LWN

Share

Tuesday’s security advisories

By ris

Debian-LTS has updated cups (two vulnerabilities).

Fedora has updated fuse (F21:
privilege escalation), mbedtls (F22: code
execution), python-tornado (F22:
side-channel attack), and thermostat (F22: code execution).

Mageia has updated ipsec-tools (denial of service), jackrabbit (information leak), php-ZendFramework (CRLF injection), and rabbitmq-server (multiple vulnerabilities).

Ubuntu has updated strongswan
(15.04, 14.10, 14.04: information disclosure).

From: LWN

Share

As open source code, Apple’s Swift language could take flight (ITWorld)

By ris ITWorld reports
that Apple will release its Swift programming language under an open source
license. “When Swift becomes open source later this year, programmers will be able to compile Swift programs to run on Linux as well as on OS X and iOS, said Craig Federighi, Apple’s head of software engineering, during the opening keynote of Apple’s Worldwide Developers Conference Monday in San Francisco.

The source code will include the Swift compiler and standard library, and community contributions will be “accepted—and encouraged,” Apple said.”

From: LWN

Share

Security advisories for Monday

By ris

Debian has updated php5 (multiple vulnerabilities), redis (code execution), and strongswan (information disclosure).

Debian-LTS has updated fuse (privilege escalation).

Fedora has updated dcraw (F22; F21; F20: denial of service), fuse (F22: privilege escalation),
ipsec-tools (F21; F20: denial of service), less (F22: information leak), ntfs-3g (F21: privilege escalation), php-symfony (F22; F21; F20: restriction bypass), ufraw (F22; F21; F20: denial of service), and zarafa (F21; F20: file overwrites).

Scientific Linux has updated openssl (SL6,7: cipher-downgrade attacks).

SUSE has updated cups (SLE11SP3: privilege escalation).

From: LWN

Share

Some stable kernel updates

By corbet The 4.0.5,
3.14.44, and
3.10.80
stable kernels have been released. These contain a number of important bug
fixes, including the fixes for the ext4 and RAID 0 data corruption issues
discussed in this article.

At LinuxCon Japan last week it was announced that the next long-term stable
release, to be maintained for two years, will be 4.1.

From: LWN

Share