Brief items
Security
Security quote of the week
This article is specificaly about campaign security, or how to keep
candidates and their staff and families safe from people trying to break
into social media, read their email, or wire their campaign war chest to
Nauru. There are a lot of even more hopeless problems, like election
security, but as you will see there is plenty to lose hope about just in
this corner of the problem space.
— Maciej
Cegłowski (Thanks to Paul Wise.)
[...]
Practical campaign security is a wood chipper for your hopes and dreams. It sits at the intersection of 19 kinds of status quo, each more odious than the last. You have to accept the fact that computers are broken, software is terrible, campaign finance is evil, the political parties are inept, the DCCC [Democratic Congressional Campaign Committee] exists, politics is full of parasites, tech companies are run by arrogant man-children, and so on.
Kernel development
Kernel release status
The current development kernel is 5.2-rc2, released on May 26. Linus said: "Fairly normal rc2, no real highlights - I think most of the diff is the SPDX updates. Who am I kidding? The highlight of the week was clearly Finland winning the ice hockey world championships." The codename has been changed to "Golden Lions".
The "SPDX updates" mentioned are part of a large effort to replace most of the license boilerplate in kernel source files with SPDX tags. Nearly 300 changesets toward this goal have been merged since the 5.1 release.
Stable updates: 5.1.5, 5.0.19, 4.19.46, 4.14.122, and 4.9.179 were released on May 25.
Cook: security things in Linux v5.1
Kees Cook reviews the security-related enhancements in the 5.1 kernel release. "Now /proc/$pid can be opened and used as an argument for sending signals with the new pidfd_send_signal() syscall. This handle will only refer to the original process at the time the open() happened, and not to any later 'reused' pid if the process dies and a new process is assigned the same pid. Using this method, it’s now possible to racelessly send signals to exactly the intended process without having to worry about pid reuse. (BTW, this commit wins the 2019 award for Most Well Documented Commit Log Justification.)"
Reported-by as opt-in
The Reported-by tag is used to give credit to people who report bugs in the kernel. Developers tend to add it as a matter of course, at least when public reports are involved. Konstantin Ryabitsev is now asking that developers get explicit permission to include a Reported-by tag in a patch, since said tag includes some personal information that could be said to fall under the terms of the GDPR privacy regulations. The discussion of this suggestion has been surprisingly muted, but it is fair to say that there does not appear to be a consensus behind this idea at the moment, so it's not entirely clear what the rule will be for Reported-by going forward.A farewell to tmem
Ten years ago, transcendent memory was pushed as a way of enabling the system to make better use of available RAM. The developer of this concept left the kernel community years ago, though, and the concept has never quite taken off. In 5.3, it seems likely that most of the transcendent-memory code will be removed due to lack of maintainership. Some aspects of the frontswap mechanism are still used and will remain, though.Quote of the week
We've done a pretty good job of muddling the security landscape by
adding spiffy features to make life easier for particular use
cases. /proc is chock full of examples. Objects that can be viewed
in many different ways make for confusing security models. Try
explaining /proc/234/fd/2 to a security theory student.
— Casey
Schaufler
Distributions
Distribution quote of the week
If you don't find value in the things where we have high standards,
Debian doesn't make a lot of sense.
If you just want to get upstream's idea of their package onto a system
with their release schedule and their recommended dependency versions,
there are better ways than getting a package into Debian.
— Sam Hartman
Development
GParted 1.0.0 Released
Version 1.0 of the GParted GNOME Partition Editor has been released. "The GParted 1.0.0 release includes a significant undertaking to migrate the code base from gtkmm2 to gtkmm3 (our GTK3 port)."
Krita 4.2.0 released
Version 4.2.0 of the Krita paint tool is out. "New in Krita 4.2.0 is updated support for drawing tablets, support for HDR monitors on Windows, an improved color palette docker, scripting API for animation, color gamut masking, improved selection handling, much nicer handling of the interaction between opacity and flow and much, much, much more" See the release notes for more details.
Page editor: Jake Edge
Next page:
Announcements>>