Nothing stops you from running an X server on top of Wayland. That's what the Mac people are doing with XQuartz, they don't run X for their local apps but nothing stops them from running remote X apps. Sure GNU/Linux users should be able to do the same under Wayland.
Some distro might have used it, in that case that distro will have the choice of either maintaining their own branch themselves or move to a new release. Most kernel releases are only supported for a couple of months. About one or two releases per year is supported for longer than that, usually between two and five years.
Well if more people used current kernels instead of old kernels then these problems would be caught quicker with more people testing them. And it's not like the old distro kernels never fail. I have plenty of examples where both Ubuntu and Red Hat have introduced bugs in their kernel that the upstream kernel never had.
Ubuntu backports the kernels for the next four releases after each LTS. If you're on trusty you can simply install kernel 4.2 by installing the linux-generic-lts-wily package. http://packages.ubuntu.com/tru...
Once 16.04 has been released the 16.04 kernel will be backported to 14.04, then the cycle repeats and we start getting backported kernels to 16.04 every six months.
Lastly, as others have pointed out, where does one get a "server" with less then 16GB ram?
I have an old Sun Ultra 2 server still running. I think it's close to 20 years old now. It has 512 MB of RAM, runs ZFS on Solaris 10. It's doing just fine.
RHEL/CentOS 7 used to have GNOME 3.8 and I agree that was far from perfect. Red Hat recently updated it to GNOME 3.14 in the RHEL/CentOS 7.2 update, so that should have fixed most of the issues. Sure if GNOME just isn't for you then that's a matter of taste, it's not something wrong with GNOME by itself.
By the way, try sudo yum groupinstall 'KDE Desktop' if that's what you want.
The first iterations of GNOME 3 was perhaps a bit rough but that's understandable when you're fixing so much at once. Around GNOME 3.8 things got better and since 3.14 it has been really good. If you haven't tried GNOME in a while then now is a good time to look at it with fresh eyes.
They already do that. The 2.6.32 kernel that you get in RHEL 6 is not exactly the same 2.6.32 that you get from kernel.org. There are many backported features already implemented that the upstream kernel does not include.
What about European surveillance then? I don't know if there is anything going on on the EU level but some member states (Sweden in particular) already does the same kind of mass surveillance that the NSA is doing. I would not be surprised if other states does the same thing as well.
Most Android kernels have quite a lot of backported features from newer kernels so I wouldn't be sure just by looking at the version number. I've seen another Android system running on 3.4 which was vulnerable for that reason, not sure how many others are affected.
Debian and many other GNU/Linux distros tend to backport patches rather than updating to the new upstream release directly. That's because upstream releases often include other changes that might disrupt the way users use the software. Debian may also include a number of local patches in their version and these might break when rebasing onto a new version. So when they backport a patch they typically don't update the version number except for the last part, in this case the -6 at the end which is a Debian add-on. So it's the sixth Debian patch to the 7.1p1 upstream release that you have there, not 7.1p1 as released by upstream.
Not necessarily. If the attacker only has access to that one server then that's just one server. If the attacker was able to get my private ssh key then the attacker now has access to all servers. Neither situations are great but that's a pretty big difference.
“Its exploitation requires two non-default options: a ProxyCommand, and either ForwardAgent (-A) or ForwardX11 (-X),” Qualys said. “This buffer overflow is therefore unlikely to have any real-world impact.”
99.9% of all *nix servers on the planet with SSH on them do not use either option. Good that they patched it, but otherwise, I don't think I'm going to be in a massive hurry to do a crash-patching this weekend.
It's a client-side bug, and both agent and X11 forwarding are fairly common there.
I have a Sun Ultra 2 from 1996 still running as a production server. I belive the hard drives have been replaced but apart from that it's still running just fine.
The Gnome Tweak Tool has been around since GNOME 3.0, it's not particularly new.
Settings are stored in dconf and can easily be exported from there. The tweak tool is just a fancy GUI on top of dconf.
I guess the problem is that no everyone agrees on what Linux behavior is.
What makes you think that every user wants to change things like color or font? I don't think most users want has any need to do that. There is a universal access pane in the settings app where users can enable larger fonts and higher contrast for accessibility reasons.
Slashdot Mirror
Nothing stops you from running an X server on top of Wayland. That's what the Mac people are doing with XQuartz, they don't run X for their local apps but nothing stops them from running remote X apps. Sure GNU/Linux users should be able to do the same under Wayland.
Some distro might have used it, in that case that distro will have the choice of either maintaining their own branch themselves or move to a new release. Most kernel releases are only supported for a couple of months. About one or two releases per year is supported for longer than that, usually between two and five years.
Well if more people used current kernels instead of old kernels then these problems would be caught quicker with more people testing them. And it's not like the old distro kernels never fail. I have plenty of examples where both Ubuntu and Red Hat have introduced bugs in their kernel that the upstream kernel never had.
Ubuntu backports the kernels for the next four releases after each LTS. If you're on trusty you can simply install kernel 4.2 by installing the linux-generic-lts-wily package.
http://packages.ubuntu.com/tru...
Once 16.04 has been released the 16.04 kernel will be backported to 14.04, then the cycle repeats and we start getting backported kernels to 16.04 every six months.
Lastly, as others have pointed out, where does one get a "server" with less then 16GB ram?
I have an old Sun Ultra 2 server still running. I think it's close to 20 years old now. It has 512 MB of RAM, runs ZFS on Solaris 10. It's doing just fine.
They didn't build it, they just switched to GNOME Software.
Doesn't the operating system already have one?
Yeah it has one, the one in the C library.
CentOS has to wait until Red Hat releases their source RPMs, then they have to rebuild them, test them and distribute to all their mirrors.
Pay for a RHEL subscriptions if you want your patches fast.
RHEL/CentOS 7 used to have GNOME 3.8 and I agree that was far from perfect. Red Hat recently updated it to GNOME 3.14 in the RHEL/CentOS 7.2 update, so that should have fixed most of the issues. Sure if GNOME just isn't for you then that's a matter of taste, it's not something wrong with GNOME by itself.
By the way, try sudo yum groupinstall 'KDE Desktop' if that's what you want.
The first iterations of GNOME 3 was perhaps a bit rough but that's understandable when you're fixing so much at once. Around GNOME 3.8 things got better and since 3.14 it has been really good. If you haven't tried GNOME in a while then now is a good time to look at it with fresh eyes.
They already do that. The 2.6.32 kernel that you get in RHEL 6 is not exactly the same 2.6.32 that you get from kernel.org. There are many backported features already implemented that the upstream kernel does not include.
What about European surveillance then? I don't know if there is anything going on on the EU level but some member states (Sweden in particular) already does the same kind of mass surveillance that the NSA is doing. I would not be surprised if other states does the same thing as well.
For women that are affected by this problem it's not just a joke, it's how they are treated every single day that is the problem.
Yep, this is the case if you're for example using AFS or NFS with Kerberos authentication, which is fairly common in enterprise environments.
Most Android kernels have quite a lot of backported features from newer kernels so I wouldn't be sure just by looking at the version number. I've seen another Android system running on 3.4 which was vulnerable for that reason, not sure how many others are affected.
A local exploit has no "remote exploitation risk" by its very definition. Your statement just shows that you have no clue what you are talking about.
Except if combined with a remote vulnerability, perhaps in the web app running locally on the server, or your web browser running on your laptop.
Debian and many other GNU/Linux distros tend to backport patches rather than updating to the new upstream release directly. That's because upstream releases often include other changes that might disrupt the way users use the software. Debian may also include a number of local patches in their version and these might break when rebasing onto a new version. So when they backport a patch they typically don't update the version number except for the last part, in this case the -6 at the end which is a Debian add-on. So it's the sixth Debian patch to the 7.1p1 upstream release that you have there, not 7.1p1 as released by upstream.
Not necessarily. If the attacker only has access to that one server then that's just one server. If the attacker was able to get my private ssh key then the attacker now has access to all servers. Neither situations are great but that's a pretty big difference.
99.9% of all *nix servers on the planet with SSH on them do not use either option. Good that they patched it, but otherwise, I don't think I'm going to be in a massive hurry to do a crash-patching this weekend.
It's a client-side bug, and both agent and X11 forwarding are fairly common there.
I have a Sun Ultra 2 from 1996 still running as a production server. I belive the hard drives have been replaced but apart from that it's still running just fine.
I've seen it on GNU/Linux with Nvidia cards and their non-free driver for several years. This is not new and its not just Chrome.
The Gnome Tweak Tool has been around since GNOME 3.0, it's not particularly new.
Settings are stored in dconf and can easily be exported from there. The tweak tool is just a fancy GUI on top of dconf.
I guess the problem is that no everyone agrees on what Linux behavior is.
Desktop icons are still supported in GNOME 3, it's just not enabled by default. There's a setting for it in the tweak tool.
Gnome Tweak Tool is not third party. It's an official GNOME app developed as part of GNOME and hosted on the GNOME git service.
What makes you think that every user wants to change things like color or font? I don't think most users want has any need to do that. There is a universal access pane in the settings app where users can enable larger fonts and higher contrast for accessibility reasons.