By ris Over at Linux.com, John Mark Walker examines
why companies aren’t making money on pure open source ventures. “It is not that there is no money in selling open source software, but rather that the business models have shifted. Whereas, under the old proprietary world, a larger percentage of money went to pure software vendors, now that money has spread among a larger spectrum of companies and industries; lots of people get paid to work on or with open source software, but an increasing number of them don’t work for software vendors, per se. In addition to looking in all the wrong places, the current investment model is suspicious of an open source approach. The vast majority of venture capitalists, especially in Silicon Valley, are very risk averse and shy away from open source products that, in their view, will not give as large a return on their investment. In order to secure the funding required to scale a company, investors will frequently require that the startup company include proprietary bits as tools to increase revenue and margins. These two factors – diffusion of revenue and risk-averse investors – combine to both give a false impression and, in part due to the false impression, prevent pure open source software vendors from getting funding.”
CentOS has updated thunderbird (C6; C5: multiple vulnerabilities).
Debian has updated kfreebsd-9 (denial of service) and xen (code execution).
Debian-LTS has updated commons-httpclient (multiple vulnerabilities) and ruby1.8 (man-in-the-middle attack).
Mageia has updated avidemux (multiple vulnerabilities), firefox, thunderbird, sqlite3 (multiple vulnerabilities), moodle (multiple vulnerabilities), php (multiple vulnerabilities), phpmyadmin (two vulnerabilities), and xbmc (denial of service).
openSUSE has updated clamav
(13.2, 13.1: multiple vulnerabilities), docker (13.2: multiple vulnerabilities), and
flash-player (13.2, 13.1: multiple vulnerabilities).
Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities).
Scientific Linux has updated thunderbird (SL5,6,7: multiple vulnerabilities).
Ubuntu has updated thunderbird
(15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).
By ris Linux Journal takes a
look at the C.H.I.P. mini-computer, an open software and hardware
device that comes with a Debian-based OS. “The official public release is scheduled for next year, but crowdfunding backers will be able to land a “Kernel Hacker” package this September. This package is aimed at Linux developers who want to help to contribute to kernel modifications for the C.H.I.P. before its final release.”
By corbet Linus has released the 4.1-rc4 kernel
prepatch, saying: “So here it is, last-minute fix and all. The -rc4
patch is a bit bigger than the previous ones, but that seems to be mainly
due to normal random timing – just the fluctuation of when submaintainer
trees get pushed.”
By ris New stable kernels 4.0.4, 3.14.43, and 3.10.79 have been released. All of them
contain important fixes throughout the tree.
Arch Linux has updated thunderbird (multiple vulnerabilities).
CentOS has updated thunderbird
(C7: multiple vulnerabilities).
Debian has updated libmodule-signature-perl (multiple vulnerabilities).
Debian-LTS has updated dpkg (integrity-verification bypass), nbd (denial of service), and tiff (multiple vulnerabilities).
Fedora has updated java-1.8.0-openjdk (F21: unspecified
vulnerability), NetworkManager (F21: denial
of service), phpMyAdmin (F21; F20: two vulnerabilities), qemu (F21: code execution), and t1utils (F21; F20: multiple vulnerabilities).
Mageia has updated ruby-rest-client (two vulnerabilities) and virtualbox (code execution).
openSUSE has updated flash-player
(11.4: multiple vulnerabilities), qemu (13.2; 13.1:
code execution), and firefox (11.4: multiple vulnerabilities).
Red Hat has updated thunderbird
(RHEL5,6,7: multiple vulnerabilities).
Slackware has updated thunderbird (multiple vulnerabilities).
SUSE has updated KVM (SLE11SP3:
code execution), qemu (SLE12: two vulnerabilities), and spice (SLE12; SLESDK12: denial of service).
By corbet Guest author Arjan van de Ven writes: “Containers are hot. Everyone
loves them. Developers love the ease of creating a “bundle” of something
that users can consume; DevOps and information-technology departments love
the ease of management and deployment.” A group at Intel is working
on a new approach to containers called “Clear
Containers“; click below (subscribers only) for an introduction to how
these containers work.