|
|
Log in / Subscribe / Register

Brief items

Security

Source-code management system security updates

It turns out that even rather different source-code management systems can have similar vulnerabilities. This can be seen in the Git v2.14.1, Mercurial 4.3, and Subversion 1.9.7 releases (plus updates of older releases). In each case, it's possible to provide a malicious repository URL that ends up executing code; these URLs can be buried out of sight in existing repositories. Updating would be a good idea, regardless of which system you use.

Comments (16 posted)

Security quotes of the week

DNA stores standard nucleotides—the basic structural units of DNA—as letters such as A, C, G, and T. After sequencing, this DNA data is processed and analyzed using many computer programs. It is well known in computer security that any data used as input into a program may contain code designed to compromise a computer. This lead us to question whether it is possible to produce DNA strands containing malicious computer code that, if sequenced and analyzed, could compromise a computer.

To assess whether this is theoretically possible, we included a known security vulnerability in a DNA processing program that is similar to what we found in our earlier security analysis. We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand. When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.

Peter Ney, Karl Koscher, Lee Organick, Luis Ceze, Tadayoshi Kohno

This year's Defcon security conference in Las Vegas sports a "Voter Hacking Village" where surplus voting machines (purchased in secondary markets like Ebay) were made available to security researchers who'd never had an opportunity to examine them, who were then invited to hack them in a timed trial.

The winning team hacked their machine in minutes.

Also, organizers revealed that many of these machines arrived with their voter records intact, sold on by county voting authorities who hadn't wiped them first.

Cory Doctorow

Comments (7 posted)

Kernel development

Kernel release status

The current development kernel is 4.13-rc5, released on August 13.

The August 14 regression report lists 11 known problems in the 4.13-rc5 kernel.

Stable updates: It was a busy week for stable releases. 4.12.6, 4.9.42, 4.4.81, and 3.18.64 were released on August 11, followed quickly by 4.12.7, 4.9.43, 4.4.82, and 3.18.65 on August 13. On August 16, the 4.12.8, 4.9.44, 4.4.83, and 3.18.66 stable kernels were released.

Comments (none posted)

Quote of the week

To my fellow maintainers: stay harsh on code and don't be afraid to say "No" or "Why?"; there really are more bad ideas than good ones, and complexity is such a bright candle for us hacker-moths. But be gentle, kind and forgiving of your peers: respect from people you respect is really the only reward that sticks.

Farewell all, and I look forward to crossing your paths again!

Rusty Russell

Comments (1 posted)

Distributions

Bassi: Dev v Ops

Emmanuele Bassi writes about the mismatch between the traditional distribution packaging model and what the world seems to actually want. "The more I think about it, the less I understand how that ever worked in the first place. It is not a mystery, though, why it’s a dying model. When I say that 'nobody develops applications like the Linux distributions encourages and prefers' I’m not kidding around: Windows, macOS, iOS, Electron, and Android application developers are heavily based on the concept of a core set of OS services; a parallel installable blocks of system dependencies shipped and retired by the OS vendor; and a bundling system that allows application developers to provide their own dependencies, and control them."

Comments (150 posted)

Solus 3 released

The Solus distribution project has announced the availability of Solus 3. "This is the third iteration of Solus since our move to become a rolling release operating system. Unlike the previous iterations, however, this is a release and not a snapshot. We’ve now moved away from the 'regular snapshot' model to accommodate the best hybrid approach possible - feature rich releases with explicit goals and technology enabling, along with the benefits of a curated rolling release operating system." Headline features include support for the Snap packaging format, a lot of desktop changes, and numerous software updates. (LWN looked at Solus in 2016).

Comments (none posted)

Development

GNOME turns 20

The GNOME project was founded by Miguel de Icaza and Federico Mena Quintero on August 15, 1997, so today the project celebrates its 20th birthday. "There have been 33 stable releases since the initial release of GNOME 1.0 in 1999. The latest stable release, GNOME 3.24 “Portland,” was well-received. “Portland” included exciting new features like the GNOME Recipes application and Night Light, which helps users avoid eyestrain. The upcoming version of GNOME 3.26 “Manchester,” is scheduled for release in September of this year. With over 6,000 contributors, and 8 million lines of code, the GNOME Project continues to thrive in its twentieth year."

Comments (40 posted)

Thank you from Krita

Earlier this month we reported that the Krita Foundation was having some financial difficulties. The Krita Foundation has an update with thanks to all who donated. "So, even though we’re going to get another accountant’s bill of about 4500 euros, we’ve still got quite a surplus! As of this moment, we have €29,657.44 in our savings account! That means that we don’t need to do a fund raiser in September. Like we said, we’ve still got some features to finish."

Comments (19 posted)

Wirzenius: Retiring Obnam

Lars Wirzenius announces that he is ending development of the Obnam backup system. "After some careful thought, I fear that the maintainability problems of Obnam can realistically only be solved by a complete rewrite from scratch, and I'm not up to doing that. If you use Obnam, you should migrate to some other backup solution. Don't worry, you have until the end of the year. I will be around and I intend to fix any serious bugs in Obnam; in particular, security flaws. But you should start looking for a replacement sooner rather than later." LWN looked at Obnam in 2012.

Comments (25 posted)

Development quote of the week

Burning out is a leading cause of people having to retire from F/LOSS projects and as such, it's really important that you know when to step away from F/LOSS and have a break. You might prefer to spend a few days entirely away from your computer or just spend it immersed in a game. If you're particularly lucky/unlucky then you might just be able to work on a different project for a little while instead. Whatever you do to relax, be sure to increase your explicit relaxation time along with time you're spending on F/LOSS to keep yourself happy and healthy, and able to contribute for a nice long time to come.

Your homework this week is to just think about what you enjoy doing which isn't work or F/LOSS related at all, and go do it. Just shoo!

Daniel Silverstone

Comments (none posted)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds