Brief items
Security
Security quotes of the week
NSA has some incredibly damn intrusive laws that they've rammed or
blackmailed through Congress. But even NSA could never get a law
passed that would require the level of detailed tracking that Google
has managed to create, merely by offering "free" stuff to webmasters
(fonts, captchas, searches, analytics, ...) and to users (browsers,
searches, shopping, translation, hosting, email, ...).
— John Gilmore
In world filled with insecurity, adding security to your product isn't a
feature anyone really cares about. I've been doing research about topics
such as pollution, mine safety, auto safety, airline safety, and a number
of other problems from our past. There are no good examples where humans
decided to be proactive and solve a problem before it became absolutely
horrible. People need a reason to care, there isn't a reason for IoT
security.
— Josh
Bressers
Yet.
Someday something might happen that makes people start to care. As we add compute power to literally everything my security brain says there is some sort of horrible doom coming without security. But I've also been saying this for years and it's never really happened. There is a very real possibility that IoT security will just never happen if things never get bad enough.
Most of the people in this community see their role as dispelling
ignorance, or motivating the slothful. Yet in most of the cases we
discussed, the public get risk wrong because powerful interests make a
serious effort to scare them about some of life's little hazards, or to
reassure them about others. When this is put to the risk communication
folks in a question – whether after a talk or in the corridor – they
readily admit they're up against a torrent of misleading marketing. But
they don't see what they're doing as adversarial, and I strongly suspect
that many risk interventions are less effective as a result.
— Ross
Anderson
Kernel development
Kernel release status
The current development kernel is 4.12-rc5, released on June 11. It is rather larger than others in this cycle, Linus Torvalds said. "It's not like rc5 is *huge*, but it definitely isn't the nice and small one I was hoping for. There's nothing in [particular] that looks very worrisome, and it may well just be random timing - the rc sizes do fluctuate a lot depending on just which subsystem gets synced up that particular rc, and we may just have hit that "everybody happened to sync up this week" case."
Stable updates: 4.11.5, 4.9.32, 4.4.72, and 3.18.57 were released on June 14.
Elixir Cross Referencer: new way to browse kernel sources
Free electrons has released the initial version of the Elixir Cross-Referencer, a Linux source code cross-referencing online tool. Elixir uses a new engine written in Python that replaces LXR, the engine used in free electron's previous online tool. "Another reason that motivated a complete rewrite was that we wanted to provide an up-to-date reference (including the latest revisions) while keeping it immutable, so that external links to the source code wouldn’t get broken in the future. As a direct consequence, we would need to index many different revisions for each project, with potentially a lot of redundant information between them. That’s when we realized we could leverage the data model of Git to deal with this redundancy in an efficient manner, by indexing Git blobs, which are shared between revisions. In order to make sure queries under this strategy would be fast enough, we wrote a proof-of-concept in Python, and thus Elixir was born."
2017 Maintainer and Kernel Summit planning
The Kernel Summit is undergoing some changes this year; the core developers' gathering from previous events will be replaced by a half-day "maintainers summit" consisting of about 30 people. The process of selecting those people, and of selecting topics for the open technical session, is underway now; interested developers are encouraged to submit their topic ideas.The end for fedfs-utils
Chuck Lever has announced that the fedfs-utils project, which created utilities for the Federated Filesystem, will no longer be developed. The most interesting part, for many, may be this discussion of why this project ground to a halt. (Thanks to Neil Brown).Quotes of the week
The reality though is that Linux is a volunteer effort, and so all
a maintainer can control is (a) is personal time, (b) whatever
resources his company may have entrusted him with, (c) trying to
pursuade others in the development community to do things (for
which this e-mail is an example :-), and ultimately, (d) the
maintainer can say NO to a patch. I try as much as possible to do
(c), but the reality is that /dev/random is sexiest thing, and to
be honest, I suspect that there are many more sources of
vulnerability which are easier for an attacker than attacking the
random number generator. So it may in fact be _rational_ for
people who are working on hardening the kernel to focus on other
areas.
— Ted Ts'o
And because it is rather easy to write a new OS from scratch for
such a small environment (and who didn't dream of writing his own
OS, right?) then about every company in that field did so. That's
not counting most Open Source ones which usually are close to
single-person projects. So you get a lot of fragmentation, very
very little peer review, and no incentive for proper maintenance
because the cost saving simply isn't significant enough.
— Nicolas Pitre
It is just like asteroids. Some of them collapse to form bigger objects like planets, while others have too weak a gravitational field to gather more matter. My vision is about leveraging the Linux gravitational power to bring the tiny embedded space together because, on its own, the tiny embedded space simply has not enough community power to actually organize itself.
Distributions
Fedora 26 Beta released
Fedora Magazine announced the release of Fedora 26 Beta. A final release is expected in July. The beta is available for Workstation, Server, Atomic Host, Spins, Labs, and ARM products. Fedora 26 brings many changes which can be seen in the change set.Tails 3.0 is out
Tails 3.0 has been released. Tails, the amnesic incognito live system, is a Debian-based live system aimed at preserving privacy and anonymity. Version 3.0 is based on Debian 9 (stretch). "It brings a completely new startup and shutdown experience, a lot of polishing to the desktop, security improvements in depth, and major upgrades to a lot of the included software."
Distribution quote of the week
Of course, what makes DebConf great is the people who come together to work on Debian, share their achievements, and help draft our cunning plans to take over the world. Also cheese. Lots and lots of cheese.
— Nicolas Dandrimont
Development
Firefox 54 released
Firefox 54.0 has been released. The release notes are somewhat sparse, however this blog post contains more information about some changes under-the-hood. "To make Firefox run even complex sites faster, we’ve been changing it to run using multiple operating system processes. Translation? The old Firefox used a single process to run all the tabs in a browser. Modern browsers split the load into several independent processes. We named our project to split Firefox into multiple processes ‘Electrolysis (E10S)’ after the chemical process that divides water into its core elements. E10S is the largest change to Firefox code in our history. And today we’re launching our next big phase of the E10S initiative."
G'MIC 2.0
G'MIC is a generic, extensible framework for image processing, often used as a plug-in for GIMP. Version 2.0 has been released. "One of the major new features of this version 2.0 is the re-implementation of the plug-in code, from scratch. The repository G’MIC-Qt developed by Sébastien (an experienced member of the team) is a Qt-based version of the plug-in interface, being as independent as possible of the widget API provided by GIMP." The announcement has much more details about G'MIC and how it can be used. LWN looked at G'MIC in August 2014.
Announcing Rust 1.18
Version 1.18 of the Rust programming language has been released. "One of the largest changes is a long time coming: core team members Carol Nichols and Steve Klabnik have been writing a new edition of “The Rust Programming Language”, the official book about Rust. It’s being written openly on GitHub, and has over a hundred contributors in total. This release includes the first draft of the second edition in our online documentation. 19 out of 20 chapters have a draft; the draft of chapter 20 will land in Rust 1.19."
Development quotes of the week
It was hard to deal with when we have to orchestrate, choreograph, and
compose all the coarse-grained services together, and imagine letting
[tinier], smaller and more refined services talk to each other. Yeah, trying
to get an oversized heavyweight strong bull to co-ordinate and communicate
is one thing.
— Christina Lin
I don’t think to have to conduct thousands of small cute ducklings, (I know, they are now smaller to handle one by one, light and easy to replace) is going be any easier.
"nobody will use your code if it's GPL, make it permissive" is the open source version of "we won't pay you, but you'll get exposure"
— Michael
F. Lamb (Thanks to Paul Wise)
Page editor: Jake Edge
Next page:
Announcements>>