Brief items
Security
Huang: Spectre/Meltdown Pits Transparency Against Liability
Here's a blog post from "bunnie" Huang on the tension between transparency and product liability around hardware flaws. "The open source community could use the Spectre/Meltdown crisis as an opportunity to reform the status quo. Instead of suing Intel for money, what if we sue Intel for documentation? If documentation and transparency have real value, then this is a chance to finally put that value in economic terms that Intel shareholders can understand. I propose a bargain somewhere along these lines: if Intel releases comprehensive microarchitectural hardware design specifications, microcode, firmware, and all software source code (e.g. for AMT/ME) so that the community can band together to hammer out any other security bugs hiding in their hardware, then Intel is absolved of any payouts related to the Spectre/Meltdown exploits."
Security quotes of the week
Note, this author has audited many SoC kernel trees that attempt to
cherry-pick random patches from the upstream LTS releases. In every case,
severe security fixes have been ignored and not applied.
— Greg
Kroah-Hartman
As proof of this, I demoed at the Kernel Recipes talk referenced above how trivial it was to crash all of the latest flagship Android phones on the market with a tiny userspace program. The fix for this issue was released 6 months prior in the LTS kernel that the devices were based on, however none of the devices had upgraded or fixed their kernels for this problem. As of this writing (5 months later) only two devices have fixed their kernel and are now not vulnerable to that specific bug.
They can tell where your vision is directed and automatically bring up
search engine results using advanced machine learning. The only problem is
this predictive execution can occur across protection domains, which means
its vulnerable to Meltdown attacks that would allow someone to read your
inner thoughts every time you stare at a cup of coffee.
— "JoeyRox"
(Thanks to Paul Wise.)
The conceit of Humans Not
Invited is essentially a reverse
CAPTCHA. Visitors to the site are greeted with a vision test not unlike the
ones you've done before, but instead it's filled with seemingly
indistinguishable blue and gray blurry boxes. When I tried, prompted to
"select all squares with selfie sticks."
Most humans, like me, will fail to decipher the hidden selfie sticks and
will be shown a message that says "YOU'RE A HUMAN. YOU'RE NOT INVITED."
— Mack DeGeurin
Kernel development
Kernel release status
The 4.16 merge window is still open. As of this writing, nearly 11,000 non-merge changesets have been pulled into the mainline, ensuring that this will be yet another busy development cycle.Stable updates: 4.15.1, 4.14.17, 4.9.80, and 4.4.115 were released on February 4, followed by 4.15.2, 4.14.18, and 3.18.94 on February 7.
Distributions
Distribution quotes of the week
In short, "photo of Fedora-branded cupcake on a wooden surface" is good for
the end goal, "creepy monster-filled island" isn't.
— Bastien Nocera
That would completely ruin my plan to only ever release version 1.0 of
all of my future projects, but increase the epoch instead.
— Lars Wirzenius
Development
GNU C Library 2.27 released
Version 2.27 of the GNU C Library is out. This release includes support for static PIE executables, a number of security-oriented improvements (and fixes for several CVE numbers), support for memory protection keys, and much more.2018 in perspective (Libre Graphics World)
Here's a look at what's coming on the desktop in Libre Graphics World. "After almost 6 years of work, the GIMP team is finalizing the next big update. The plan is to cut a beta of v2.10 once the amount of critical bugs falls further down: it's currently stuck at 20, as new bugs get promoted to blockers, while old blockers get fixed. It's a bit of an uphill battle."
KMyMoney 5.0.0 released
Version 5.0.0 of the KMyMoney personal finance manager is out. "The largest amount of work has gone towards basing this version on KDE Frameworks. Many of the underlying libraries used by the application have been reorganized and improved, but most of that is behind the scenes, and not directly visible to the end user. Some of the general look and feel may have changed, but the basic functionality of the program remains the same, aside from intentional improvements and additions." Enhancements include improved reports and better multiple-currency support.
Nextcloud 13 is out
Nextcloud 13 has been released. "This release brings improvements to the core File Sync and Share like easier moving of files and a tech preview of our end-to-end encryption for the ultimate protection of your data. It also introduces collaboration and communication capabilities, like auto-complete of comments and integrated real-time chat and video communication. Last but not least, Nextcloud was optimized and tuned to deliver up to 80% faster LDAP, much faster object storage and Windows Network Drive performance and a smoother user interface."
Plasma 5.12.0
KDE has released Plasma 5.12.0. "Plasma 5.12 LTS is the second long-term support release from the Plasma 5 team. We have been working hard, focusing on speed and stability for this release. Boot time to desktop has been improved by reviewing the code for anything which blocks execution. The team has been triaging and fixing bugs in every aspect of the codebase, tidying up artwork, removing corner cases, and ensuring cross-desktop integration. For the first time, we offer our Wayland integration on long-term support, so you can be sure we will continue to provide bug fixes and improvements to the Wayland experience."
First Linux-Based RISC-V Board Prepares for Take-Off (Linux.com)
Eric Brown takes a look at the SiFive "HiFive Unleashed" SBC that runs Linux on its RISC-V based, quad-core, 1.5GHz U540 SoC. "The open spec HiFive Unleashed board integrates a U540 SoC, 8GB of DDR4 RAM, and 32MB quad SPI flash. The only other major features include a microSD slot, a Gigabit Ethernet port, and an FMC connector for future expansion. A SiFive rep confirmed to Linux.com that the board will be open source hardware, with freely available schematics and layout files."
Development quotes of the week
If you thought the superbowl thingy was exciting, that's nothing compared to libinput 1.10rc2. No half-time show, sorry, wasn't in the budget. But at least the test suite doesn't shut down your host anymore, so I guess there's that :)
— Peter Hutterer
I am really glad to hear that cross compilers have been
simplified. Walking 10 miles to school in deep snow, up hill
both ways, is best left in the past.
— Dale Amon (Thanks to Paul Wise)
Miscellaneous
Free Electrons becomes Bootlin
Longtime embedded Linux development company Free Electrons has just changed its name to Bootlin due to a trademark dispute (with "FREE SAS, a French telecom operator, known as the owner of the free.fr website"). It is possible that Free Electrons may lose access to its "free-electrons.com" domain name as part of the dispute, so links to the many resources that Free Electrons hosts (including documentation and conference videos) should be updated to use "bootlin.com". "
The services we offer are different, we target a different audience (professionals instead of individuals), and most of our communication efforts are in English, to reach an international audience. Therefore Michael Opdenacker and Free Electrons’ management believe that there is no risk of confusion between Free Electrons and FREE SAS. However, FREE SAS has filed in excess of 100 oppositions and District Court actions against trademarks or name containing “free”. In view of the resources needed to fight this case, Free Electrons has decided to change name without waiting for the decision of the District Court. This will allow us to stay focused on our projects rather than exhausting ourselves fighting a long legal battle."
Meet India’s women Open Source warriors (Factor Daily)
The Factor Daily site has a look at work to increase the diversity of open-source contributors in India. "Over past two months, we interviewed at least two dozen people from within and outside the open source community to identify a set of women open source contributors from India. While the list is not conclusive by any measure, it’s a good starting point in identifying the women who are quietly shaping the future of open source from this part of the world and how they dealt with gender biases."
How I coined the term 'open source' (Opensource.com)
Over at Opensource.com, Christine Peterson has published her account of coining the term "open source". Originally written in 2006, her story on the origin of the term has now been published for the first time. The 20 year anniversary of the adoption of "open source" is being celebrated this year by the Open Source Initiative at various conferences (recently at linux.conf.au, at FOSDEM on February 3, and others). "Between meetings that week, I was still focused on the need for a better name and came up with the term "open source software." While not ideal, it struck me as good enough. I ran it by at least four others: Eric Drexler, Mark Miller, and Todd Anderson liked it, while a friend in marketing and public relations felt the term "open" had been overused and abused and believed we could do better. He was right in theory; however, I didn't have a better idea, so I thought I would try to go ahead and introduce it. In hindsight, I should have simply proposed it to Eric Raymond, but I didn't know him well at the time, so I took an indirect strategy instead. Todd had agreed strongly about the need for a new term and offered to assist in getting the term introduced. This was helpful because, as a non-programmer, my influence within the free software community was weak. My work in nanotechnology education at Foresight was a plus, but not enough for me to be taken very seriously on free software questions. As a Linux programmer, Todd would be listened to more closely."
John Perry Barlow 1947-2018
The Electronic Frontier Foundation mourns the loss of John Perry Barlow, one of its founders. "It is no exaggeration to say that major parts of the Internet we all know and love today exist and thrive because of Barlow’s vision and leadership. He always saw the Internet as a fundamental place of freedom, where voices long silenced can find an audience and people can connect with others regardless of physical distance."
Page editor: Jake Edge
Next page:
Announcements>>