|
|
Log in / Subscribe / Register

Brief items

Security

Firefox adds tracking protection by default

The Mozilla blog announces a new Firefox feature: "One of those initiatives outlined was to block cookies from known third party trackers in Firefox. Today, Firefox will be rolling out this feature, Enhanced Tracking Protection, to all new users on by default, to make it harder for over a thousand companies to track their every move. Additionally, we’re updating our privacy-focused features including an upgraded Facebook Container extension, a Firefox desktop extension for Lockwise, a way to keep their passwords safe across all platforms, and Firefox Monitor’s new dashboard to manage multiple email addresses."

Comments (33 posted)

Security quotes of the week

Some day, perhaps, if the universe is less than maximally cruel, we'll have the option of server-class RISC-V systems with fully-documented, formally-verified designs. But that day is not yet here.
G. Branden Robinson (Thanks to Paul Wise.)

So far as I can tell, about the only thing that seems to correlate with being less likely to have side-channel attacks is less sophisticated scheduling pipelines and processor architecture (read: simpler, slower processors). And this area of security research is changing very rapidly. I would expect several more novel attacks to surface.

Processors that don't have a bunch of non-free, unauditable bullshit as a proprietary control plane would obviously be better, but you'd be paying a prohibitive performance price (not to mention other issues). There just aren't any good options right now. Buy (or accept donations of) whatever makes sense for other reasons, and expect there to be mandatory microcode updates, kernel and virtualization workarounds, and security bugs.

Russ Allbery

Comments (none posted)

Kernel development

Kernel release status

The current development kernel is 5.2-rc3, released on June 2. Linus said: "Anyway, even ignoring the SPDX changes, there's just a lot of small fixes spread all over, not anything that looks particularly scary or worrisome. Maybe next week is when the other shoe drops, but maybe this will just be a nice calm release. That would be lovely."

Stable updates: the huge 5.1.6, 5.0.20, 4.19.47, 4.14.123, and 4.9.180 updates were released on May 31, followed by 5.1.7, 5.0.21, and 4.19.48 on June 4. Note that 5.0.21 is the end of the line for the 5.0 series.

Comments (none posted)

Šabić: eBPF and XDP for Processing Packets at Bare-metal Speed

Nedim Šabić has written a tutorial article on using the eXpress Data Path for fast packet filtering. "Now comes the most relevant part of our XDP program that deals with packet’s processing logic. XDP ships with a predefined set of verdicts that determine how the kernel diverts the packet flow. For instance, we can pass the packet to the regular network stack, drop it, redirect the packet to another NIC and such. In our case, XDP_DROP yields an ultra-fast packet drop."

Comments (4 posted)

Quote of the week

For the longest time, the distributed nature of email was what made it possible for Linux development to remain truly decentralized, but email in 2019 is radically different from email in 2009. Running an independent email server that reliably sends and receives email is becoming more and more difficult now that most of email traffic goes through 5-6 major companies -- you must do SPF, DKIM, ARC/DMARC, TLS, and who knows what next, just to be reliably accepted by Gmail (maybe). And even if someone uses one of those major email providers doesn't mean the patches won't end up in someone's spam folder, show up a week late, or arrive mangled.
Konstantin Ryabitsev

Comments (6 posted)

Distributions

Distribution quote of the week

It's a real problem for the project that we don't have a better way of allocating resources, and it hampers us in some ways compared to, say, Ubuntu or Red Hat, where there is a single, stable funding stream to maintain the distribution and set firm priorities. There are some things we don't do as well as those distributions because of it. But, for instance, while I know a lot of people volunteer work for Ubuntu, I personally have very little desire to do anything with Ubuntu because people get paid to do that. Particularly now that my free time is rarer and more precious to me, doing unpaid work for an organization that also has paid staff is hugely demotivating. It's entirely plausible that paying for resources would mean that Debian would end up with *less* resources than we have now, if other volunteers feel the same way.
Russ Allbery

Comments (1 posted)

Development

CockroachDB relicensed

The CockroachDB database management system has been relicensed; the new license is non-free. "CockroachDB users can scale CockroachDB to any number of nodes. They can use CockroachDB or embed it in their applications (whether they ship those applications to customers or run them as a service). They can even run it as a service internally. The one and only thing that you cannot do is offer a commercial version of CockroachDB as a service without buying a license."

Comments (76 posted)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2019, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds