|
|
Log in / Subscribe / Register

Brief items

Security

Security quote of the week

UltraLoq eventually fixed the vulnerabilities, but not in a way that should give you any confidence that they know what they're doing.
Bruce Schneier commenting on vulnerabilities in an internet-connected door lock

Comments (none posted)

Kernel development

Kernel release status

The 5.9 merge window remains open as of this writing; it can be expected to close on August 16.

Stable updates: 5.7.14, 5.4.57, 4.19.138, and 4.14.193 were released on August 7, followed by 5.8.1, 5.7.15, 5.4.58, and 4.19.139 on August 11.

Comments (none posted)

Quotes of the week

In all these cases the best option for long term maintainability is to simplify the locking design, not reduce lockdep’s power by reducing the amount of false positives it reports. And that should be the general principle.
Daniel Vetter

random.c is filled with super suspicious things that are probably only correct by accident, or only correct in practice, but in theory it's just such a mess.
Jason Donenfeld

The fact is, nobody ever EVER had any practical issues with our "secure hash function" even back when it was MD5, which is today considered trivially breakable.

Thinking back on it, I don't think it was even md5. I think it was half-md5, wasn't it?

So what have people have had _real_ security problems with in our random generators - pseudo or not?

EVERY SINGLE problem I can remember was because some theoretical crypto person said "I can't guarantee that" and removed real security - or kept it from being merged.

Linus Torvalds

Comments (8 posted)

Distributions

Distribution quote of the week

A large hardware vendor wants to join the LVFS [Linux Vendor Firmware Service], but only on the agreement that every user has to agree to a English-only EULA text when deploying their firmware updates. This is the first vendor that's required this condition, and breaks all kinds of automated deployment.

Do we:
  10% Add the EULA screen
  69% Politely say "No thanks"
  21% Just show me the results

Richard Hughes (thanks Paul Wise)

Comments (none posted)

Development

Emacs 27.1 released

Version 27.1 of the Emacs editor is out. New features include support for arbitrary-sized integers, HarfBuzz support, improved drawing with Cairo, and the obligatory new JSON parser.

Full Story (comments: 3)

The GNU C Library version 2.32 is now available

Version 2.32 of the GNU C Library (glibc) has been released. It contains support for Unicode 13.0.0, a new Kurdish/Sorani locale (ckb_IQ), support for audit modules listed in ELF sections of the executable, support for Synopsys ARC HS cores, new signal abbreviation and descriptive text functions (sigabbrev_np() and sigdescr_np()), similar functions for errno values (strerrorname_np() and strerrordesc_np()), branch protection security hardening for arm64, and more. There are also lots of bug fixes, deprecations, and removals, as well as four security fixes. More information can be found in the release notes.

Full Story (comments: 11)

On Perl 7 and the Perl Steering Committee

For those who are wondering about the state of the proposed Perl 7 fork and the role of the newly formed Perl Steering Committee, Ricardo Signes has put together a detailed explanation that is worth a read. "You should not expect to see a stream of unjustified dictates issuing forth from some secret body on high. You should expect to see perl5-porters operating as it generally did: with proposals coming to the list, getting discussion, and then being thumbed up or down by the project manager. This is what has been happening for years, already. Some proposals were already discussed by the project manager and some were not. If you eliminated any named mailing list for doing this, it would still happen. The PSC is a means to say that there is a default group for such discussions. If you were wondering, its initial membership was formed from 'the people who came to or were invited to the Perl Core Summit' over the last few years."

Full Story (comments: 21)

Development quotes of the week

It doesn't take much work to make the code look nice. Writing pretty code is always a good idea because then people assume you know what you're doing.

Dan Carpenter (thanks to Gaston Gonzalez)

Make no mistake: no matter what programmers tell you or what people whisper in your ear, the behavior of C’s governing body is very clear. We will not introduce warnings into your old code, even if that old code could be doing something dangerous. We will not steer you away from mistakes, because that could shake the veneer that what your old code does is, in fact, wrong. We will not make it easier for new programmers to write better C code. We will not demand that your old code is held to any Standard. Every new feature we add we will make optional, because we cannot possibly imagine holding compiler writers to a higher standard nor expect more out of our Standard Library vendors.
JeanHeyd Meneide

Comments (7 posted)

Miscellaneous

Knauth elected Free Software Foundation president; Bénassy joins board

The Free Software Foundation (FSF) has announced that Geoffrey Knauth has been elected president, and free software activist and developer Odile Bénassy has been appointed to the board of directors. Knauth is replacing Richard Stallman who resigned last year. In Knauth's statement, he said: "The FSF board chose me at this moment as a servant leader to help the community focus on our shared dedication to protect and grow software that respects our freedoms. It is also important to protect and grow the diverse membership of the community."

Comments (none posted)

Baker: Changing World, Changing Mozilla

Mitchell Baker writes about changes at Mozilla, headlined by the laying-off of 250 people. "Recognizing that the old model where everything was free has consequences, means we must explore a range of different business opportunities and alternate value exchanges. How can we lead towards business models that honor and protect people while creating opportunities for our business to thrive? How can we, or others who want a better internet, or those who feel like a different balance should exist between social and public benefit and private profit offer an alternative?"

Comments (74 posted)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds