Brief items
Security
Mozilla’s 2019 Internet Health Report
The Mozilla Blog introduces Mozilla's 2019 Internet Health Report. "In the Report’s three spotlight articles, we unpack three big issues: One examines the need for better machine decision making — that is, asking questions like Who designs the algorithms? and What data do they feed on? and Who is being discriminated against? Another examines ways to rethink the ad economy, so surveillance and addiction are no longer design necessities. The third spotlight article examines the rise of smart cities, and how local governments can integrate tech in a way that serves the public good, not commercial interests."
A year with Spectre: a V8 perspective
Here's an article on the V8 blog describing the work that was done to mitigate Spectre vulnerabilities in the V8 JavaScript engine. "Our research reached the conclusion that, in principle, untrusted code can read a process’s entire address space using Spectre and side channels. Software mitigations reduce the effectiveness of many potential gadgets, but are not efficient or comprehensive. The only effective mitigation is to move sensitive data out of the process’s address space."
Security quote of the week
There is a weird belief amongst policy makers that hacking an encryption
system's key management system is fundamentally different than hacking the
system's encryption algorithm. The difference is only technical; the effect
is the same. Both are ways of weakening encryption.
— Bruce
Schneier
Kernel development
Kernel release status
The current development kernel is 5.1-rc6, released on April 21. Linus said: "It's Easter Sunday here, but I don't let little things like random major religious holidays interrupt my kernel development workflow. The occasional scuba trip? Sure. But everybody sitting around eating traditional foods? No. You have to have priorities."
Stable updates: 5.0.9, 4.19.36, 4.14.113, and 4.9.170 were released on April 20. The 5.0.10, 4.19.37, 4.14.114, 4.9.171, 4.4.179, and 3.18.139 updates are all in the review process; they are due on April 26.
Quote of the week
Our build system is good, but it's good as in "clever and complex"
rather than necessarily good as in "very secure".
— Linus
Torvalds
So anybody who builds the kernel as root is doing something seriously wrong, in my opinion.
Distributions
Debian project leader election 2019 results
The election for the Debian project leader has concluded; the leader for the next year will be Sam Hartman. See this page for the details of the vote.The end of Scientific Linux
Fermilab has maintained Scientific Linux, a derivative of Red Hat Enterprise Linux, for many years. That era is coming to an end, though: "Toward that end, we will deploy CentOS 8 in our scientific computing environments rather than develop Scientific Linux 8. We will collaborate with CERN and other labs to help make CentOS an even better platform for high-energy physics computing." Maintenance of the SL6 and SL7 distributions will continue as scheduled.
Ubuntu 19.04 (Disco Dingo) released
Ubuntu 19.04, code named "Disco Dingo", has been released, along with the following flavors: Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu. "The Ubuntu kernel has been updated to the 5.0 based Linux kernel, our default toolchain has moved to gcc 8.3 with glibc 2.29, and we've also updated to openssl 1.1.1b and gnutls 3.6.5 with TLS1.3 support. Ubuntu Desktop 19.04 introduces GNOME 3.32 with increased performance, smoother startup animations, quicker icon load times and reduced CPU+GPU load. Fractional scaling for HiDPI screens is now available in Xorg and Wayland. Ubuntu Server 19.04 integrates recent innovations from key open infrastructure projects like OpenStack Stein, Kubernetes, and Ceph with advanced life-cycle management for multi-cloud and on-prem operations, from bare metal, VMware and OpenStack to every major public cloud." More information can be found in the release notes.
Development
OpenSSH 8.0 released
OpenSSH 8.0 has been released with a bunch of new features and some bug fixes, including one for a security problem: "This release contains mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111): when copying files from a remote system to a local directory, scp(1) did not verify that the filenames that the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files with attacker-controlled content. This release adds client-side checking that the filenames sent from the server match the command-line request, The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead."
Development quote of the week
So we did, and "Matrix" won the vote. And then all hell broke loose. Some team members argued we should be less predictable and geeky, that we could use some out-of-the-box thinking, choose something completely different, etc. What ensued was truly horrific. Geeks cursed each other, pizza boxes got thrown, beer was spilled, perfectly-formatted CSS insults flew, moms' basements destroyed all over the world. I mean, spilled beer! Utter madness.
— Cris Silva
Miscellaneous
A Goodbye to Joe Armstrong
The Erlang community mourns the loss of Joe Armstrong, known as the father of Erlang. "He was part of the Erlang landscape, always interested in what people had to say. His passion and enjoyment about the craft, even in his 60s, was still high up at levels I don't even know I ever had or will ever have, and I have to say I am envious of him for that. I don't know what it will be like to have this community without him around. He was humble. He was approachable. He was excited. He was creative. His legacy is not just in code, but in the communities in which he instantly became a central part. He will be missed."
Page editor: Jake Edge
Next page:
Announcements>>