Brief items
Security
Security quotes of the week
The vulnerabilities described in amdflaws.com could give an attacker that
has already gained initial
foothold into one or more computers in the enterprise a significant
advantage against IT and security
teams.
— CTS-Labs
[PDF] clarifies its report of serious AMD
processor flaws
Play Protect's core objective is to shield users from Potentially Harmful
Apps, or PHAs. Every day, it automatically reviews more than 50 billion
apps, other potential sources of PHAs, and devices themselves and takes
action when it finds any.
— Dave
Kleidermacher on the Google Security Blog
Play Protect uses a variety of different tactics to keep users and their data safe, but the impact of machine learning is already quite significant: 60.3% of all Potentially Harmful Apps were detected via machine learning, and we expect this to increase in the future.
Kernel development
Kernel release status
The current development kernel is 4.16-rc6, released on March 18. It would appear that this cycle is on track to complete in nine weeks. "Go test, things are stable and there's no reason to worry, but all the usual reasons to just do a quick build and verification that everything works for everybody. Ok?"
There are seven problems listed in the 4.16-rc6 regression report.
Stable updates: 4.15.10 and 4.14.27 were released on March 18, followed by 4.9.88, 4.4.122, and 3.18.100 on March 18. 4.15.11 and 4.14.28 showed up on March 19, and 4.15.12 and 4.14.29 came on March 21.
Introducing the syzbot dashboard
"Syzbot" is an automated system that runs the syzkaller fuzzer on the kernel and reports the resulting crashes. Dmitry Vyukov has announced the availability of a web site displaying the outstanding reports. "The dashboard shows info about active bugs reported by syzbot. There are ~130 active bugs and I think ~2/3 of them are actionable (still happen and have a reproducer or are simple enough to debug)."
Quotes of the week
First rule of shrinkers: Shrinkers *aren't easy to understand.*
Second rule of shrinkers: See the first rule.
— Dave Chinner
Second rule of shrinkers: See the first rule.
Here is an idea: a test for integer constant expressions which returns
an integer constant expression itself which should be suitable
for passing to __builtin_choose_expr might be:
— Martin Uecker hasn't given up on max()
#define ICE_P(x) (sizeof(int) == sizeof(*(1 ? ((void*)((x) * 0l)) : (int*)1)))
Development
Malcolm: Usability improvements in GCC 8
Over on the Red Hat Developer Program blog, David Malcolm describes a number of usability improvements that he has made for the upcoming GCC 8 release. Malcolm has made a number of the C/C++ compiler error messages much more helpful, including adding hints for integrated development environments (IDEs) and other tools to suggest fixes for syntax and other kinds of errors. "[...] the code is fine, but, as is common with fragments of code seen on random websites, it’s missing #include directives. If you simply copy this into a new file and try to compile it as-is, it fails. This can be frustrating when copying and pasting examples – off the top of your head, which header files are needed by the above? – so for gcc 8 I’ve added hints telling you which header files are missing (for the most common cases)." He has various examples showing what the new error messages and hints look like in the blog post.
Stone: A new era for Linux's low-level graphics - Part 1
Daniel Stone begins a series on how the Linux graphic stack has improved in recent times. "This has made mainline Linux much more attractive: the exact same generic codebases of GNOME and Weston that I'm using to write this blog post on an Intel laptop run equally well on AMD workstations, low-power NXP boards destined for in-flight entertainment, and high-end Renesas SoCs which might well be in your car. Now that the drivers are easy to write, and applications are portable, we've seen over ten new DRM drivers merged to the upstream kernel since atomic modesetting was merged."
GStreamer 1.14 released
The GStreamer team has announced a major feature release of the GStreamer cross-platform multimedia framework. Highlights include WebRTC support, experimental support for the next-gen royalty-free AV1 video codec, support for the Secure Reliable Transport (SRT) video streaming protocol, and much more. The release notes contain more details.RawTherapee 5.4 released
Version 5.4 of the RawTherapee image-processing tool is out. New features include a new histogram-matching tool, a new HDR tone-mapping tool, a number of user-interface and performance improvements, and quite a bit more.Development quotes of the week
In order to enjoy full freedom, you should also have the legal
permission to mess with the data and produce an inconsistent result.
Free software is not (only) about reasonable modifications.
Unreasonable ones should also be allowed.
— Francesco Poli
Software defined storage would be where you are using the cocktail straws with coke bottles but you have spread them around the building. Each time coke gets put on one, a hose spreads that coke around so each block of systems is equivalent. In this case the costs per system have gone down, but there needs to be a larger investment in the networking technology tying the servers together. [A 1 gbit backbone network is like a cocktail straw between systems, A 10 gbit backbone is like a regular straw and the 40G/100G are the hoses.]
— Stephen
Smoogen
We live in a golden age of open source, and it can sometimes be easy to forget the privileges that this affords us. I’m writing this article with vim, in a terminal emulator called urxvt, listening to music with mpv, in a Sway desktop session, on the Linux kernel. Supporting this are libraries like glibc or musl, harfbuzz, and mesa. I also have the support of the AMDGPU video driver, libinput and udev, alsa and pulseaudio.
— Drew
DeVault (Thanks to Paul Wise)
All of this is open source. I can be reading the code for any of these tools within 30 seconds, and for many of these tools I already have their code checked out somewhere on my filesystem. It gets even better, though: these projects don’t just make their code available - they accept patches, too! Why wouldn’t we take advantage of this tremendous opportunity?
I often meet people who are willing to contribute to one project, but not another. Some people will shut down when they’re faced with a problem that requires them to dig into territory that they’re unfamiliar with. In Sway, for example, it’s often places like libinput or mesa. These tools might seem foreign and scary - but to these people, at some point, so did Sway. In reality these codebases are quite accessible.
Miscellaneous
Six more companies adopt GPLv3 termination language
Red Hat has announced that six more companies (CA Technologies, Cisco, HPE, Microsoft, SAP, and SUSE) have agreed to apply the GPLv3 termination conditions (wherein a violator's license is automatically restored if the problem is fixed in a timely manner) to GPLv2-licensed code. "GPL version 3 (GPLv3) introduced an approach to termination that offers distributors of the code an opportunity to correct errors and mistakes in license compliance. This approach allows for enforcement of license compliance consistent with a community in which heavy-handed approaches to enforcement, including for financial gain, are out of place."
Page editor: Jake Edge
Next page:
Announcements>>