Facebook zveřejnil na GitHubu zdrojové kódy ke své open source kameře pro nahrávání 360° videí Facebook Surround 360. Seznam potřebných součástek je uveden v pdf návodu na sestavení. Videa ke zhlédnutí na stránce Facebook 360.
V multiplatformním softwaru pro správu přihlašovacích údajů a hesel LastPass (Wikipedie) bylo nalezeno a opraveno několik vážných bezpečnostních problémů. Pokud například uživatel zadal do prohlížeče http://firstname.lastname@example.orgemail@example.com, webový prohlížeč se připojil na avlidienbrunn.se, pro webové rozšíření LastPass se ale jednalo o twitter.com a do útočníkova formuláře na avlidienbrunn.se bylo automaticky vyplněno uživatelovo jméno a heslo pro Twitter. Vyjádření společnosti LastPass v příspěvku na blogu.
Byla vydána verze 16.7 open source firewallové a routovací platformy, forku pfSense, OPNsense. Nejnovější verze OPNsense s kódovým názvem Dancing Dolphin je postavena na FreeBSD 10.3 a přináší například Suricatu 3.1.1, řízení provozu pomocí CoDel / FQ-CoDel nebo dvoufaktorovou autentizaci založenou na RFC 6238 (TOTP).
V únoru představili výzkumníci ze společnosti Bastille Networks zranitelnost s názvem MouseJack (zprávička), kdy útočník využívá toho, že u řady výrobců není komunikace mezi donglem zasunutým v počítači a bezdrátovou myší šifrována. Stejný tým teď představil zranitelnost, kterou pojmenoval KeySniffer. Někteří výrobci nešifrují ani komunikaci mezi donglem a bezdrátovou klávesnicí. Útočníkovi tak stačí například zařízení… více »
Mozilla.cz představuje L20n – nový a flexibilní formát pro lokalizaci Firefoxu. L20n je poměrně nový framework pro lokalizaci, který vyvinul lokalizačním tým Mozilly. Vznikl díky zkušenostem i zkoumání silných a slabých stránek dosud používaných řešení a formátů. Jeho cílem je dát do rukou překladatelů co největší možnosti překládat tak, aby text zněl v jejich jazyce přirozeně a nebylo potřeba se nijak přizpůsobovat technickým omezením.
Finská Jolla společně s indickým Intex Technologies představili (pdf) první licencovaný mobilní telefon Intex Aqua Fish s operačním systémem Sailfish OS 2.0. Telefon je dostupný na indickém eBay za 5 499 INR (2 000 Kč).
Otevřená certifikační autorita Let's Encrypt oznámila, že již plně podporuje IPv6. Dosud byl problém s infrastrukturou (GitHub). Současně byl na stránce pro sponzory aktualizován počet webů využívajících Let’s Encrypt (GitHub). Aktuálně je to více než 8 milionů webů.
MojeFedora.cz informuje, že webový prohlížeč Chromium je oficiálně ve Fedoře. Vývojář Tom "spot" Callaway dotáhl do cíle několikaleté úsilí o zabalíčkování tohoto prohlížeče. Chromium je webový prohlížeč, na kterém staví populární Google Chrome, akorát v Chromiu nejsou "nesvobodné" části.
Ve virtualizačním softwaru Xen byly nalezeny 2 závažné zranitelnosti XSA-182 a XSA-183. XSA-182 (CVE-2016-6258) umožňuje eskalaci privilegií a ovládnutí celého systému, tj. správce hostovaného systému se může stát správcem hostitelského systému. Zranitelný je i Qubes OS, operační systém postavený nad Xenem (QSB #24).
1) Have you given any more thought to changing the version numbering model of the kernel?
I'd actually like to change the version numbering because right now the 2.6 doesn't mean anything at all. Maybe you read the discussion, we had some discussion on the kernel mailing list. Just from the discussion my takeaway was that right now it's just not worth the pain. So, I think we'll revisit it in a year or two, and when we are 2.6.38 or whatever, we'll say “OK, we're still 2.6, maybe we should reset the numbering some way”. But nobody really came up with very strong arguments for or against any other numbering scheme. There were lots of people with different opinions, but there was no consensus. So, right now, no. In a couple of years maybe we'll revisit it.
2) If you were actually to go ahead with the change, would consider the “marketing” point of view? For example, 2009.06 being more...
No, no, what I find most disturbing about 2.6.29 is that when numbers get big they get hard to remember, and they get hard to associate. OK, was 29 three months ago or seven months ago? So, I'm interested in something that is date-related, so I wouldn't mind having 9.4 mean, for example, April 2009. It wouldn't be a marketing issue, it would be more of “OK, we can look back at old versions, and just the name of the version tells us how old it is”. That would be interesting. But as I mentioned, right now... enough people hate the date numbering, too. And there were actually people who had very valid points against that whole confusion about that. So I don't think we'll do it.
3) Andrew Morton is concerned that the quality of the kernel code deteriorates because of insufficient testing. Do you share that view?
No, but I think the worry is real and very valid. And I think we need to worry about it. Because if we don't worry about it, I guarantee you that the quality will go down. I don't think it has but,.. we get so much code so quickly. If we just look at one single release, it takes about two and a half to three months. And the patch size of most of those releases, I forget what it is, but I think it's like 12 megabytes. And we're talking about changing a million lines of code. If you don't worry about it, you will screw up. So Andrew does worry about it. I worry about it too.
I think, actually, our numbers show that we are not getting worse. So, if you look at the regression list, it's actually interesting to look at the regression numbers that we keep track of for every release. And they look very similar. We start out with something like 70 or 80 known regressions at around -rc2 time, and the regressions keep on growing because people find more bugs, but at the same time the regressions we fix do keep on growing. And they grow faster. So, by the time we have a release we always have a few regression that we just never figure out, maybe it was fleaky hardware, maybe it was something else. Maybe just one person saw it and nobody else could reproduce it. The point is, the numbers don't actually get worse over time. But it's something we have to be careful about. We need to worry about it. We need to have Andrew bring it up. Every three months we need to ask “Is our quality going down?”
4) If the licensing allowed to include OpenSolaris code in Linux, do you think it would be worth the effort? (People often talk about ZFS or DTrace.)
DTrace is probably really hard... I mean, one of the problems is that taking code from other projects is hard. You can't take the code as is, right? Solaris is very different in many areas from Linux, so if you take Solaris code you have to fix it for all the differences. Quite often it's actually more work to try to take code from another project than it would be to just write it yourself from the start, from scratch.
It's not always true. There are areas where the problems are abstract enough that the big bulk of code is very specific to that area and it doesn't have a lot of input to the rest of the kernel. Filesystems are one such area, so ZFS would probably be much easier to integrate than, say, DTrace. There's obviously a lot of interest in ZFS. I don't think it's going to happen, the license situation being what it is. Maybe Sun will change the license, I don't know, I don't think so.
5) Do you think, as many others seem to do, that the recently merged btrfs filesystem is the future for Linux?
It's certainly the most interesting of the new filesystems. It's the one I'm holding, personally, the most hope for. Ext4 isn't as interesting to me, I don't think it solves many of the problems btrfs solves. So, we merged it now. Realistically, filesystems are... I mean, you have to get them right. Because if you start losing data... So we're going to take it really slow and careful and I hope that a lot of people end up testing it. But right now I can't say how well it's going to work out. I am very optimistic, and I think btrfs has a really good chance of becoming the replacement for ext3, basically. And if it all works out it's going to solve a lot of our filesystem issues. But, we'll see how it goes.
6) So, you think btrfs will end up becoming the replacement for ext3, not ext4? Do you think the transition to btrfs will come sooner than the transition to ext4?
It's hard to tell. I think Ubuntu may have ext4 as an installation option right now. So, in that sense it could be that ext4 adoption I so fast that we actually go from ext3 to ext4 and then maybe btrfs. On the other hand, if I'm looking on my own pattern, for example, I was considering, on my laptop, just taking my ext3 partition and converting it to btrfs. And if I were to go through ext4, I couldn't do that. I don't think there is any ext4 to btrfs translator right now. But ext3 to btrfs I can do. So, I'm planning on trying to switch the laptop I have with me now from ext3 to btrfs after LCA. I'll try to see how much of a difference, if any, I notice. But, yeah, it could be that, from the distros' standpoint, maybe people go from ext3 to ext4 and then maybe btrfs if it all pans out.
7) Do you have any programmer heroes or models?
No, when I grew up my role models were scientists, not programmers. And that hasn't really changed. There is nobody I look up to as a programmer. There are lots of programmers that are doing a really good job, I think. For example, one of the programmers I admire is Larry Wall. Not because I think his code is beautiful, and not because I love Perl – I don't like Perl very much myself – but the thing about Larry Wall, he's several times done new things that really changed how people work. He did Perl, obviously, but before Perl he did the whole threaded newsreaders. And OK, people don't use them any more. But that really changed how people did things.
But if I were to name heroes I would do people like Newton; scientists, physicists.
8) Had you not become a successful programmer, what would you like to do?
Because of the whole 'growing up thinking about science' I believed, when I was younger, that I'd go into physics and do theoretical physics, and that never happened. I still read popular science things but I never got into it for real. The other thing I was interested in was biochemistry. So, if I wasn't doing programming I would probably be doing genetics, or biology at a cellular level, that kind of thing. That really interests me. Maybe neurochemistry, too.
9) You recently started a blog so perhaps it might be the right time ask whether you have considered writing a memoir.
Well, I did the “Just for Fun” thing. It was kind of a memoir, it was interesting writing a book together with David Diamond, and it was actually fun. At the same time... I come from a family of journalists; my dad, my mom, my uncle, they're all journalists. My dad wants to write books. For him, writing is what he does. And that was never the case for me. I didn't want to write a book, and I'm really happy I did. I mean, co-wrote with David. But it's one those things that are done right now and it feels OK. And then at once I feel I don't need to do it again. Even if it was something that I did on my own... I don't see myself doing it. But who knows? Five years from now maybe I say “Hey, maybe I could try another book”.
I actually find writing really hard. “Just for Fun” would never have happened if I hadn't had David to write. Just because I have a hard time starting. So, David was really the guy who said “OK, this is how we'll do it”. And if I hadn't had that kind of thing I would never have written a book. It's just one of those things. That's actually why I didn't stay at the university; I realized I couldn't write papers, I hated writing papers. If you can't write papers you can't do a university.
Thanks for your time.
Nástroje: Tisk bez diskuse