Brief items
Security
Security quotes of the week
The notion that software engineers are not responsible for things that go wrong will be laid to rest for good, and we will have to work out how to develop and maintain code that will go on working dependably for decades in environments that change and evolve. And as security becomes ever more about safety rather than just privacy, we will have sharper policy debates about surveillance, competition, and consumer protection.
On Tuesday, researchers reported attackers are abusing a previously obscure method that delivers attacks 51,000 times their original size, making it by far the biggest amplification method ever used in the wild. The vector this time is memcached, a database caching system for speeding up websites and networks. Over the past week, attackers have started abusing it to deliver DDoSes with volumes of 500 gigabits per second and bigger, DDoS mitigation service Arbor Networks reported in a blog post.
Kernel development
Kernel release status
The current development kernel is 4.16-rc4, released on March 4. Linus said simply: "Hmm. A reasonably calm week".
There are seven known problems listed in the latest 4.16 regression report.
Stable updates: 4.14.24, 4.9.86, 4.4.120, and 3.18.98 were released on March 5. The 4.15.8 and 4.14.25 stable updates are in the review process as of this writing; they are due on March 9.
Quotes of the week
Do you think that lack of safety is a _good_ thing?
Do you realize that most of the lack of safety is almost directly about flexibility, simplicity, and good code generation?
But what if I told you that some of the lack of safety doesn't actually add to flexibility, simplicity, _or_ good code generation? Wouldn't you say "we don't want it to be unsafe" then?
I'm literally telling you that lack of variable initialization is almost purely a bad thing. C would be a safer language, with less undefined behavior, if it just made the initialization of automatic variables be something you cannot avoid.
Distributions
What's New in Qubes 4 (Linux Journal)
Linux Journal has a look at Qubes 4, which is due to be released in the next month or so. It has undergone a refactoring of sorts. "Another major change in Qubes 4 relates to the GUI VM manager. In past releases, this program provided a graphical way for you to start, stop and pause VMs. It also allowed you to change all your VM settings, firewall rules and even which applications appeared in the VM's menu. It also provided a GUI way to back up and restore VMs. With Qubes 4, a lot has changed. The ultimate goal with Qubes 4 is to replace the VM manager with standalone tools that replicate most of the original functionality."
A site for reviews of Tumbleweed snapshots
As leading-edge rolling distributions go, OpenSUSE Tumbleweed is relatively stable, but it is still true that some snapshots are better than others. Jimmy Berry has announced the creation of a web site tracking the quality of each day's snapshot. "By utilizing a variety of sources of feedback pertaining to snapshots a stability score is estimated. The goal is to err on the side of caution and to allow users to avoid troublesome releases."
Ubuntu 16.04.4 LTS released
The fourth update to the Ubuntu 16.04 long-term support distribution has been released; it is available from the "Get Ubuntu" web page. "As usual, this point release includes many updates, and updated installation media has been provided so that fewer updates will need to be downloaded after installation. These include security updates and corrections for other high-impact bugs, with a focus on maintaining stability and compatibility with Ubuntu 16.04 LTS. Kubuntu 16.04.4 LTS, Xubuntu 16.04.4 LTS, Mythbuntu 16.04.4 LTS, Ubuntu GNOME 16.04.4 LTS, Lubuntu 16.04.4 LTS, Ubuntu Kylin 16.04.4 LTS, Ubuntu MATE 16.04.4 LTS and Ubuntu Studio 16.04.4 LTS are also now available." Information about what has changed can be found in the overall release notes and in the release notes for the various Ubuntu flavors.
Distribution quote of the week
Development
Khronos Group Releases Vulkan 1.1
The Khronos Group has announced the release of the Vulkan GPU API version 1.1 and SPIR-V 1.3 specifications. "Version 1.1 expands Vulkan’s core functionality with developer-requested features, such as subgroup operations, while integrating a wide range of proven extensions from Vulkan 1.0. Khronos will also release full Vulkan 1.1 conformance tests into open source and AMD, Arm, Imagination, Intel Corporation, NVIDIA and Qualcomm have implemented conformant Vulkan 1.1 drivers."
Exploring free and open web fonts (opensource.com)
Nathan Willis looks beyond open web fonts on opensource.com. "For starters, it's critical to understand that Google Fonts and Open Font Library offer a specialized service—delivering fonts in web pages—and they don't implement solutions for other use cases. That is not a shortcoming on the services' side; it simply means that we have to develop other solutions. There are a number of problems to solve. Probably the most obvious example is the awkwardness of installing fonts on a desktop Linux machine for use in other applications. You can download any of the web fonts offered by either service, but all you will get is a generic ZIP file with some TTF or OTF binaries inside and a plaintext license file. What happens next is up to you to guess."
Miscellaneous
Welte: Report from the Geniatech vs. McHardy GPL violation court hearing
Harald Welte attended a hearing in one of the Patrick McHardy GPL cases and wrote up what he saw.
On the other hand, such activities must always be oriented to compliance, and compliance only. Collecting huge amounts of contractual penalties is questionable. And if it was necessary to collect such huge amounts to motivate large corporations to be compliant, then this must be done in the open, with the community knowing about it, and the proceeds of such contractual penalties must be donated to free software related entities to prove that personal financial gain is not a motivation.
Page editor: Jake Edge
Next page:
Announcements>>