Brief items
Security
Bluetooth's Complexity Has Become a Security Risk (Wired)
Wired looks at the security issues stemming from the complexity of the Bluetooth standard. "Bluetooth has certainly been investigated to a degree, but researchers say that the lack of intense scrutiny historically stems again from just how involved it is to even read the standard, much less understand how it works and all the possible implementations. On the plus side, this has created a sort of security through obscurity, in which attackers have also found it easier to develop attacks against other protocols and systems rather than taking the time to work out how to mess with Bluetooth."
Security quote of the week
We have developed a new type of fingerprinting attack, the calibration
fingerprinting attack. Our attack uses data gathered from the
accelerometer, gyroscope and magnetometer sensors found in smartphones to
construct a globally unique fingerprint. Our attack can be launched by any
website you visit or any app you use on a vulnerable device without
requiring any explicit confirmation or consent from you. The attack takes
less than one second to generate a fingerprint which never changes, even
after a factory reset. This attack therefore provides an effective means to
track you as you browse across the web and move between apps on your
phone.
— Alastair R. Beresford
Kernel development
Kernel release status
The current development kernel is 5.2-rc1, released on May 19. Linus said: "Nothing particularly odd going on this merge window. I had some travel in the middle of it, but to offset that I had a new faster test-build setup, and most of the pull requests came in early (thank you) so my travels didn't actually end up affecting the merge window all that much."
Stable updates: 5.1.3, 5.0.17, 4.19.44, 4.14.120, 4.9.177, and 4.4.180 were released in May 17, followed by 5.1.4, 5.0.18, 4.19.45, 4.14.121, and 4.9.178 on May 22.
Also notable is the release of 3.18.140,
which is the end of the line for the official 3.18 updates.
"Note, this is the LAST 3.18.y release that I will be doing on
kernel.org. I know it has been marked as End-of-Life for quite some
time, but I have kept it alive due to a few million phones out there in
the wild that depend on it, and can not move to a new kernel base due to
them being stuck with a SoC vendor that does not work upstream.
But, this does not mean the tree is dead, oh no, if only it were that
easy...
" He and others will be updating the kernel in the Android
Open Source Project (AOSP) tree.
Mourning Martin Schwidefsky
The kernel mailing lists carry the sad news that longtime kernel contributor and subsystem maintainer Martin Schwidefsky has been killed in an accident. "Martin was the most significant contributor to the initial s390 port of the Linux Kernel and later the maintainer of the s390 architecture backend. His technical expertise as well as his mentoring skills were outstanding. Martin was well known for his positive mindset and his willingness to help. He will be greatly missed."
Quote of the week
Oh well Linus wrote the bug and then Linus fixed it and then Linus
fixed it.
— Linus
Walleij
What is good to know is that no matter which Linus you use, you will always get the right fix.
Distributions
openSUSE Leap 15.1 released
The openSUSE project has announced the release of openSUSE Leap 15.1. "Leap releases are scalable and both the desktop and server are equally important for professional’s workloads, which is reflected in the installation menu as well as the amount of packages Leap offers and hardware it supports. Leap is well suited and prepared for usage as a Virtual Machine (VM) or container guest, allowing professional users to efficiently run network services no matter whether it’s a single server or a data center."
Distribution quotes of the week
Also, we're kind of a victim of our success in general, as Linux distributions overall are so polished as to be boring. Working on a Linux distro isn't such a shiny project anymore compared to things up the stack like hacking on kubernetes or other container tech.
— Matthew
Miller
Today, we are announcing the end of this project. As many of you probably noticed over the past several months, we no longer have enough free time to properly maintain Antergos. We came to this decision because we believe that continuing to neglect the project would be a huge disservice to the community. Taking this action now, while the project’s code still works, provides an opportunity for interested developers to take what they find useful and start their own projects.
— Dustin Falgout
Development
Bison 3.4 released
Version 3.4 of the Bison parser generator is out. "A particular focus was put on improving the diagnostics, which are now colored by default, and accurate with multibyte input. Their format was also changed, and is now similar to GCC 9's diagnostics."
Firefox 67 released
The Mozilla blog takes a look at the Firefox 67 release. "Today’s new Firefox release continues to bring fast and private together right at the crossroads of performance and security. It includes improvements that continue to keep Firefox fast while giving you more control and assurance through new features that your personal information is safe while you’re online with us." See the release notes for more information.
Coverage from the Python Language Summit
Over the past four years, LWN has covered the Python Language Summit, but this year the Python Software Foundation (PSF) elected to go in a different direction, with coverage by A. Jesse Jiryu Davis on the PSF blog. Those reports are being gathered on a summit page; as of this writing there are two reports up with plenty more to come. "The Python Language Summit is a small gathering of Python language implementers, both the core developers of CPython and alternative Pythons, held on the first day of PyCon. The summit features short presentations from Python developers and community members, followed by longer discussions. The 2019 summit is the first held since Guido van Rossum stepped down as Benevolent Dictator for Life, replaced by a five-member Steering Council."
Tor Browser 8.5 released
Version 8.5 of the Tor Browser is out. "Tor Browser 8.5 is the first stable release for Android. Since we released the first alpha version in September, we've been hard at work making sure we can provide the protections users are already enjoying on desktop to the Android platform. Mobile browsing is increasing around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so we made it a priority to reach these users."
Development quotes of the week
Many of us live in capitalist societies. One of the ways you show respect for someone’s labor is by paying them for it. This isn’t to say I think all FOSS contributions should be paid (though some argue they ought to be!), but that certain things require levels of dedication that go significantly above and beyond that which is reasonable. Our free software leaders are incredible, and we need to change how we recognize that.
— Molly de Blanc
Of course, for the person who starts with the conclusion that "it's not possible," no amount of evidence is ever going to be enough—and to that person, I say: "What do you want to see now?" Not because it will change their mind, but because it's a fertile source of inspiration for me.
— Josh
Wulf
Page editor: Jake Edge
Next page:
Announcements>>