Brief items
Security
Security quotes of the week
In this paper, we reverse engineer the microcode semantics and inner
workings of its update mechanism of conventional COTS CPUs on the example
of AMD's K8 and K10 microarchitectures. Furthermore, we demonstrate how to
develop custom microcode updates. We describe the microcode semantics and
additionally present a set of microprograms that demonstrate the
possibilities offered by this technology. To this end, our microprograms
range from CPU-assisted instrumentation to microcoded Trojans that can even
be reached from within a web browser and enable remote code execution and
cryptographic implementation attacks.
— From the abstract of a paper by Philipp
Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik,
Christof Paar, and Thorsten Holz (Thanks to Paul Wise.)
Twenty years ago it cost over a thousand pounds a day to follow a suspect
around, and weeks of work to map his contacts; Ed Snowden told us how
nowadays an officer can get your location history with one click and your
address book with another. In fact, searches through the contact patterns
of whole populations are now routine.
— Ross Anderson
Kernel development
Kernel release status
The current development kernel is 4.13-rc6, released on August 20. "So everything still looks on target for a normal release schedule, which would imply rc7 next weekend, and then the final 4.13 the week after that. Unless something happens, of course."
Stable updates: none have been released in the last week. The 4.12.9, 4.9.45, 4.4.84, and 3.16.67 updates are in the review process as of this writing; they can be expected on or after August 24.
Quote of the week
Compared to IPv4, IPv6 in Linux doesn’t foster the same interest,
notably in term of optimizations. Hopefully, things are changing as
its adoption and use “at scale” are increasing.
Vincent
Bernat profiles kernel IPv6 route lookup (Thanks to Bart Knubben)
Distributions
The end of Gentoo's hardened kernel
Gentoo has long provided a hardened kernel package, but that is coming to an end. "As you may know the core of sys-kernel/hardened-sources has been the grsecurity patches. Recently the grsecurity developers have decided to limit access to these patches. As a result, the Gentoo Hardened team is unable to ensure a regular patching schedule and therefore the security of the users of these kernel sources. Thus, we will be masking hardened-sources on the 27th of August and will proceed to remove them from the package repository by the end of September."
Quotes of the week
If someone hypothetically joins, are they allowed to rename the FTP
team to something that doesn't include "FTP"?
— Jonathan Carter (Thanks to Josh Triplett)
I like "The Claw" -- responsible for picking up NEW packages, and
giving them to the kids, or dropping them.
— Philip Hands
Development
The D-Bus Broker project
The D-Bus Broker Project is an effort to rethink the D-Bus message bus and produce an implementation that addresses many of its longstanding problems; this project has now made its first public release. "Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for linux systems, and makes use of many modern features provided by recent linux kernel releases." See this post for an introduction to the project, or the GitHub page for source. This is a purely user-space implementation.
GnuTLS 3.6.0 released
Version 3.6.0 of the GnuTls TLS library is out. For details on this release, see this overview. "In short, this release introduces a new lock-free random generator and adds new TLS extensions shared by both TLS 1.2 and 1.3, such as Finite Field Diffie Hellman negotiation, Ed25519 and RSA-PSS signatures. These additions modernize the current TLS 1.2 support and pave the way for TLS 1.3 support in the library. Furthermore, tlsfuzzer is introduced in our continuous integration test suite. Tlsfuzzer, is a meticulous TLS test suite, which tests the behavior of the implementation on various corner (and not) cases, and acts complementary to the internal GnuTLS test suite and its unit testing."
Oracle considers letting go of Java EE
Oracle has announced that it is considering stepping back from management of the Java Enterprise Edition. "We are discussing how we can improve the Java EE development process following the delivery of Java EE 8. We believe that moving Java EE technologies including reference implementations and test compatibility kit to an open source foundation may be the right next step, in order to adopt more agile processes, implement more flexible licensing, and change the governance process. We plan on exploring this possibility with the community, our licensees and several candidate foundations to see if we can move Java EE forward in this direction."
Quotes of the week
If while reading these remarks, you feel that modules -- or
anything else I'm going to mention here -- are a "simple thing"
that's easy to get right, with obvious right answers, I'm going to
suggest you're likely suffering some mixture of Stockholm syndrome
induced by your current favourite language, Engineer syndrome,
and/or Dunning–Kruger effect. Literally thousands of extremely
skilled people have spent their lives banging their heads against
these problems, and every shipping system has Serious Issues they
simply don't deal with right.
— Graydon Hoare
I've wrangled volunteer contributors to open source projects for
long enough now to know that "because it's the right thing to do"
simply doesn't cut it as a motivational tool - there's need to be
some kind of actual benefit to the folks doing the work.
— Nick Coghlan
In short, the new operators are:
— The
Perl 6 approach to atomic operations
- $var ⚛= $value (aka atomic-assign($var,$value))
- my $a = ⚛$var (aka my $a = atomic-fetch($var))
- $var⚛++ (aka atomic-fetch-inc($var))
- $var⚛-- (aka (atomic-fetch-dec($var))
- ++⚛$var (aka atomic-inc-fetch($var))
- --⚛$var (aka (atomic-dec-fetch($var))
- $var ⚛+= $value (aka atomic-fetch-add($var,$value))
Page editor: Jake Edge
Next page:
Announcements>>