Brief items
Security
Security quotes of the week
The first-of-its-kind system will be designed by an Oregon-based firm
called Galois, a longtime government contractor with experience in
designing secure and verifiable systems. The system will use fully open
source voting software, instead of the closed, proprietary software
currently used in the vast majority of voting machines, which no one
outside of voting machine testing labs can examine. More importantly, it
will be built on secure open source hardware, made from secure designs and
techniques developed over the last year as part of a special program at
DARPA. The voting system will also be designed to create fully verifiable
and transparent results so that voters don't have to blindly trust that the
machines and election officials delivered correct results.
— Kim
Zetter at Motherboard
But DARPA and Galois won't be asking people to blindly trust that their voting systems are secure—as voting machine vendors currently do. Instead they'll be publishing source code for the software online and bring prototypes of the systems to the Def Con Voting Village this summer and next, so that hackers and researchers will be able to freely examine the systems themselves and conduct penetration tests to gauge their security. They'll also be working with a number of university teams over the next year to have them examine the systems in formal test environments.
Switzerland is about to have a national election with electronic voting,
overseen by Swiss Post; e-voting is a terrible idea and the general
consensus among security experts who don't work for e-voting vendors is
that it shouldn't be attempted, but if you put out an RFP for magic beans,
someone will always show up to sell you magic beans, whether or not magic
beans exist.
— Cory
Doctorow
There is a rising tide of security breaches. There is an even faster
rising tide of hysteria over the ostensible reason for these breaches, namely
the deficient state of our information infrastructure. Yet the world is doing
remarkably well overall, and has not suffered any of the oft-threatened giant
digital catastrophes. This continuing general progress of society suggests that
cyber security is not very important. Adaptations to cyberspace of techniques
that worked to protect the traditional physical world have been the main means
of mitigating the problems that occurred. This "chewing gum and baling wire"
approach is likely to continue to be the basic method of handling problems that
arise, and to provide adequate levels of security.
— Andrew
Odlyzko [PDF] in an abstract for his "Cybersecurity is not very
important" paper
Kernel development
Kernel release status
The current development kernel is 5.1-rc1, released on March 17. Linus said: "A somewhat recent development is how the tools/testing/ updates have been quite noticeable lately. That's not new to the 5.1 merge window, it's been going on for a while, but it's maybe just worth a mention that we have more new selftest changes than we have architecture updates, for example. The documentation subdirectory is also quite noticeable."
Stable updates: 5.0.2, 4.20.16, 4.19.29, 4.14.106, and 4.9.163 were released on March 14; 5.0.3, 4.20.17, 4.19.30, 4.14.107, and 4.9.164 followed on March 19. The 4.20.x line ends with 4.20.17, so users should be looking at moving to 5.0.
Quote of the week
Rule #51 of kernel maintenance: when somebody makes it clear that
they know the code better than you did, stop arguing and just apply
the damn patch.
— Linus Torvalds
Distributions
Debian project leader candidates emerge
When Leaderless Debian was written, it seemed entirely plausible that there would still be no candidates for the project leader office even after the extended nomination deadline passed. It is now clear that there will be no need to extend the deadline further, since three candidates (Joerg Jaspert, Jonathan Carter, and Sam Hartman) have stepped forward. It seems likely that the wider discussion on the role of the Debian project leader will continue but, in the meantime, the office will not sit empty.Update: nominations from Martin Michlmayr and Simon Richter also came in before the deadline, so this year's election will be a five-way race.
KNOPPIX 8.5.0 released
Remember the KNOPPIX distribution? KNOPPIX 8.5.0 has been released. It includes a 4.20 kernel, several desktop environments, the ADRIANE audio desktop, UEFI secure boot support, and more.Solus 4 "Fortitude" released
Version 4 of the Solus distribution has been released. "We are proud to announce the immediate availability of Solus 4 Fortitude, a new major release of the Solus operating system. This release delivers a brand new Budgie experience, updated sets of default applications and theming, and hardware enablement." LWN reviewed Solus in 2016.
Distribution quotes of the week
With all the good and bad things on our radar, Debian is more relevant than ever. The world needs a fully free system with stable releases and security updates that puts its users first, that's commercially friendly but at the same time doesn't have any hidden corporate agendas. Debian is unique and beautiful and important, and we shouldn't allow that message to get lost in the noise that exists out there.
— Jonathan Carter
Debian plays a very special and important role in the FOSS ecosystem. We are respected and our contributions are appreciated. Debian contributors tend to be leaders in the FOSS space. We pride ourselves not only on packaging software from upstream but on maintaining good relationships. This often results in us getting involved upstream and taking on leadership roles there. You can also look at current and past board members of the Open Source Initiative (OSI) and again you'll see many Debian people.
— Martin Michlmayr
While Debian people play important roles everywhere, they often don't represent the Debian project. We need to learn to develop and speak as a single voice. Overall, I believe we, as a project, need to be more vocal and take a more active role in influencing the FOSS ecosystem. Debian has an incredible reputation but we don't use our clout for important change.
I think that the project has grown to adulthood, and that we don't need
the DPL to tell us what to do. It's important to realize that, other
than having a larger floor to advertise your ideas and possibly recruit
people to help you, the DPL role doesn't bring any super-powers that
help with implementing them.
Also, given that many people in Debian are of the "talk is cheap, show
me the code" mindset, it's probably better, if you really have
super-cool ideas for Debian, that you don't run for DPL and instead work
on your ideas and advertise them when there's something to show and get
others to join you to maintain PPAs.
— Lucas Nussbaum
One area where I think we can improve is to remind teams within Debian
of their power especially when dealing with upstreams. Debian matters.
It's great if we have opinions on how the Linux community should work.
It's great if we constructively pursue those opinions with upstreams.
Sometimes I think we get too busy simply packaging to actually influence
the broader world.
— Sam Hartman
Development
Firefox 66 released
Mozilla has released Firefox 66.0. The release notes contain details. New in this release: Firefox now prevents websites from automatically playing sound, improved search experience, smoother scrolling, improved performance and better user experience for extensions, and more.GNOME 3.32 released
The GNOME project has released GNOME 3.32, which is code named "Taipei". "This release brings a refreshed visual style, new icons, the demise of the 'application menu' and a new on-screen keyboard, among other things. Improvements to core GNOME applications include a shell extension for desktop icons, improved automation and reader mode in GNOME Web, an 'Application Permissions' panel, and many more." In addition, there is an experimental option for fractional scaling, improvements to GNOME Software, and more. See the release notes for more information.
LLVM 8.0.0 released
Version 8.0.0 of the LLVM compiler suite is out. "It's the result of the LLVM community's work over the past six months, including: speculative load hardening, concurrent compilation in the ORC JIT API, no longer experimental WebAssembly target, a Clang option to initialize automatic variables, improved pre-compiled header support in clang-cl, the /Zc:dllexportInlines- flag, RISC-V support in lld." For details one can see separate release notes for LLVM, Clang, Extra Clang Tools, lld, and libc++.
Haller: WireGuard in NetworkManager
Thomas Haller writes about the WireGuard integration in NetworkManager 1.16. "NetworkManager provides a de facto standard API for configuring networking on the host. This allows different tools to integrate and interoperate — from cli, tui, GUI, to cockpit. All these different components may now make use of the API also for configuring WireGuard. One advantage for the end user is that a GUI for WireGuard is now within reach." (See this article for more information on WireGuard.)
Python 3.5.7 and 3.4.10 released
Python versions 3.5.7 and 3.4.10 have been released. Both are in "security fixes only" mode and are source-only releases. This is the final release in the Python 3.4 series. The 3.4 branch has been retired, "no further changes to 3.4 will be accepted, and no new releases will be made.Development quotes of the week
Ho ho ho, let's write libinput. No, of course I'm not serious, because no-one in their right mind would utter "ho ho ho" without a sufficient backdrop of reindeers to keep them sane. So what this post is instead is me writing a nonworking fake libinput in Python, for the sole purpose of explaining roughly how libinput's architecture looks like. It'll be to the libinput what a Duplo car is to a Maserati. Four wheels and something to entertain the kids with but the queue outside the nightclub won't be impressed.— Peter Hutterer (Thanks to Paul Wise)
We do not sell computers, Kodi boxes, Kodi sticks, carrot sticks or french fries. Actually, we don't recommend specific hardware, and we're certainly not interested in selling hardware. That's the manufacturer's job.— Cris SilvaThe only thing we're interested in is writing software, keeping Kodi in tip-top shape, and advising you about how to better use Kodi. We are not associated with any hardware companies, particular brand or site selling the so-called "Kodi boxes" or "Kodi sticks". There is no such thing. So, for the last time, we do not sell hardware.
Miscellaneous
SUSE completes its management transition
Here's a SUSE press release hyping its transition to being "the largest independent open-source company". "As it has for more than 25 years, SUSE remains committed to an open source development and business model and to actively participating in communities and projects to bring open source innovation to the enterprise as high-quality, reliable and usable solutions. This truly open, open source model refers to the flexibility and freedom of choice provided to customers and partners to create best-of-breed solutions that combine SUSE technologies with other products and technologies in their IT landscape through open standards and at different levels in their architecture, without forcing a locked-in stack."
Page editor: Jake Edge
Next page:
Announcements>>