Brief items

Highlights from the schedule include the following refereed presentations:

• Landlock LSM: Toward Unprivileged Sandboxing — Mickaël Salaün, ANSSI
• The State of Kernel Self-Protection — Kees Cook, Google
• Making Security Invisible — Jessica Frazelle, Mesosphere
• ARMv8.3 Pointer Authentication — Mark Rutland, ARM
• Defeating Invisible Enemies: Firmware Based Security in the OpenPOWER Platform — George Wilson, IBM

There's also be the usual Linux kernel security subsystem updates, and BoF sessions (with LSM namespacing and LSM stacking sessions already planned).

So that's the real ethical question involved here: do you go to Apple and get your $50-200,000, knowing that Apple will give you credit for the bug, let you talk about it at the next conference, and seems to care enough to try to fix these things quickly...

...or do you sell your bug to a group that resells it to some government which then uses it to try to spy on people like Ahmed Mansoor, "an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a "Nobel Prize for human rights")".

To address this, Google developed a machine-learning algorithm for clustering mobile apps with similar capabilities. Our approach uses deep learning of vector embeddings to identify peer groups of apps with similar functionality, using app metadata, such as text descriptions, and user metrics, such as installs. Then peer groups are used to identify anomalous, potentially harmful signals related to privacy and security, from each app's requested permissions and its observed behaviors. The correlation between different peer groups and their security signals helps different teams at Google decide which apps to promote and determine which apps deserve a more careful look by our security and privacy experts. We also use the result to help app developers improve the privacy and security of their apps.

It has gotten to the point that even casually walking around Faro, Portugal last week, random German tourists would stop me in the street and ask if net-next was open or not.

I guess with all the other Linus'es around, I might as well go by "Linux".

Everybody who doesn't run LFS (Linux From Scratch) is "lazy" in that regard. Figuring out [dependencies] is the job of a package manager, not the end-user. I may be getting old, and my head may be slowly becoming like that of Captain Picard in STTNG (Star Trek The Next Generation). I do appreciate being able to decide I want something installed and telling Portage to "Make it so", and letting it take care of details.

There's an annoying side effect of open source communities that I've came to witness a lot: When you do your work too well, nobody feels the need to help by contributing, and you're essentially left alone.

It was exciting times, and there was a lot of pioneering spirit: Building a Linux based smartphone with a 100% FOSS software stack on the application processor, including all drivers, userland, applications - at a time before Android was known or announced. As history shows, we'd been working in parallel with Apple on the iPhone, and Google on Android. Of course there's little chance that a small taiwanese company can compete with the endless resources of the big industry giants, and the many Neo1973 delays meant we had missed the window of opportunity to be the first on the market.

It's sad that Openmoko (or similar projects) have not survived even as a special-interest project for FOSS enthusiasts. Today, virtually all options of smartphones are encumbered with way more proprietary blobs than we could ever imagine back then.