Brief items
Security
Security quotes of the week
Here's how IRM [Information
Rights Management] works: companies make a locked-down version of a product
that checks documents for flags like "don't allow printing" or "don't allow
forwarding" and, if it finds these flags, the program disables the
corresponding features. To prevent rivals from making their own
interoperable products that might simply ignore these restrictions, the
program encrypts the user's documents, and hides the decryption keys where
users aren't supposed to be able to find them.
— Gennie
Gebhart and Cory Doctorow comment on Gmail's new "confidential mode"
This is a very brittle sort of security: if you send someone an email or a document that they can open on their own computer, on their own premises, nothing prevents that person from taking a screenshot or a photo of their screen that can then be forwarded, printed, or otherwise copied.
This is serious. Update your software now, and try not to think about all
of the Bluetooth applications that can't be updated.
— Bruce
Schneier on a major
Bluetooth vulnerability
Kernel development
Kernel release status
The current development kernel is 4.18-rc6, released on July 22. Linus said: "So this was the week when the other shoe dropped ... The reason the two previous rc releases were so nice and small was that David hadn't sent me much networking fixes, and they came in this week. That said, it's not really a huge rc this week either, so it's all good."
Stable updates: 4.4.142 came out on July 19. 4.17.9, 4.14.57, 4.9.114, 4.4.143, and 3.18.116 were released on July 22, and 4.17.10, 4.14.58, 4.9.115, and 4.4.144 followed on July 25.
Quote of the week
The difference between engineering and theory is that engineering
makes trade-offs. Good software is well *engineered*, not
theorized.
— Linus Torvalds
Distributions
Announcing NetBSD 8.0
NetBSD 8.0 has been released. This version features USB stack rework with USB3 support added, an in-kernel audio mixer, reproducible builds, full userland debug information, and much more.
Development
Hutterer: Why it's not a good idea to handle evdev directly
Peter Hutterer writes about why libinput exists. It turns out that, like most other hardware, input devices have no end of obnoxious quirks to deal with. "All this is just handling features that users have come to expect. Examples for non-features that you'll have to implement: on some Lenovo series (*50 and newer) you will get a pointer jump after a series of of events that only have pressure information. You'll have to detect and discard that jump. The HP Pavilion DM4 touchpad has random jumps in the slot data. Synaptics PS/2 touchpads may 'randomly' end touches and restart them on the next event frame 10ms later. If you don't handle that you'll get ghost taps. And so on and so forth."
Open sourcing oomd, a new approach to handling OOMs
Over on the Facebook code site, Daniel Xu announces the release of oomd under the GPLv2. Oomd is a user-space "out of memory" killer that was mentioned in our recent article on the block I/O latency controller and it uses the pressure stall information covered in an even more recent article. "Oomd constantly monitors PSI [Pressure Stall Information] metrics to assess whether a system is under unrecoverable load. PSI alone is insufficient, so oomd also monitors the system holistically. This is in contrast to Linux’s OOM killer, which focuses primarily on the kernel’s concerns. Since OOM detection criteria can vary depending on workload, the plugin system supports customization to both the detection and process kill strategies. Thanks to this new ability to monitor key system resource indicators, oomd is able to take corrective action in userspace before a system-wide OOM occurs. Corrective action is configured via a flexible plugin system that is capable of executing custom code. Thus, in addition to oomd’s default process SIGKILL behavior, application developers can customize their plugin with alternate strategies, such as sending a 'back off' RPC to the main workload or dumping system logs to a remote service."
Python has brought computer programming to a vast new audience (Economist)
Here is the Economist's take on the state of the Python language and community. "Mr Van Rossum, though delighted by this enthusiasm for his software, has come to find the rigours of supervising it, in his role as 'benevolent dictator for life', unbearable. He fears he has become something of an idol. 'I’m uncomfortable with that fame,' he says, sounding uncannily like Brian trying to drive away the crowds of disciples. 'Sometimes I feel like everything I say or do is seen as a very powerful force.' On July 12th he resigned, leaving the Pythonistas to manage themselves."
Development quote of the week
If you make a product to which a large part of the potential customer population has a moral objection, you should expect that objection, and it's reasonable for that to happen. To admonish those people because they don't want to promote your product really is akin to a butcher annoyed that vegans won't promote their prime cuts of meat.
— Bradley
Kuhn (Thanks to Paul Wise)
One of the things that puzzles me about the "Who will set the
direction of the language if Guido doesn't do it?" concern is that
from my perspective, this is something that Guido mostly *didn't* do
(and I'm OK with that). Python has never had a clear road map in the
15+ years I've been part of the core development community - it's just
had assorted projects that different individuals have driven to
varying levels of completion based on the strength of their
convictions about the topic, and the time they've had available to
devote to driving it (along with a few "definitely not" issues written
down in the form of rejected PEPs).
— Nick Coghlan
Page editor: Jake Edge
Next page:
Announcements>>