Brief items
Security
Google's effort to mitigate memory-safety issues
The Google Security Blog carries an announcement of a heightened effort to reimplement security-critical software in memory-safe languages. "The new Rust-based HTTP and TLS backends for curl and now this new TLS library for Apache httpd are an important starting point in this overall effort. These codebases sit at the gateway to the internet and their security is critical in the protection of data for millions of users worldwide."
Security quote of the week
Some observers of how the news organizations and their government
sycophants are pushing their demands have called these actions
blackmail. There is one universal rule when dealing with blackmailers — no
matter how much you pay them, they’ll always come back demanding more. In
the case of the news link wars, the end result if the current path is
continued, will be their demands for the entire Web — users be damned.
— Lauren
Weinstein
Kernel development
Kernel release status
The 5.12 merge window is open after having gotten to a late start due to winter storms in the U.S.Stable updates: the 5.11.1, 5.10.18, 5.4.100, 4.19.177, 4.14.222, 4.9.258, and 4.4.258 updates were all released on February 23.
Garrett: Making hibernation work under Linux Lockdown
Matthew Garrett recently posted a patch set enabling hibernation on systems that are running in the UEFI secure-boot lockdown mode. This blog entry gets into the details of how it all works. "When we encrypt material with the TPM, we can ask it to record the PCR state. This is given back to us as metadata accompanying the encrypted secret. Along with the metadata is an additional signature created by the TPM, which can be used to prove that the metadata is both legitimate and associated with this specific encrypted data. In our case, that means we know what the value of PCR 23 was when we encrypted the key. That means that if we simply extend PCR 23 with a known value in-kernel before encrypting our key, we can look at the value of PCR 23 in the metadata. If it matches, the key was encrypted by the kernel - userland can create its own key, but it has no way to extend PCR 23 to the appropriate value first. We now know that the key was generated by the kernel."
Distributions
A new Debian debuginfod service
Sergio Durigan Junior has announced the availability of a debuginfod server for Debian systems. "In a nutshell, by using a debuginfod service you will not need to install debuginfo (a.k.a. dbgsym) files anymore; the symbols will be served to GDB (or any other debuginfo consumer that supports debuginfod) over the network. Ultimately, this makes the debugging experience much smoother (I myself never remember the full URL of our debuginfo repository when I need it)."
Kodi 19 released
Version 19 of the Kodi "entertainment center" application is out with a long list of new features.
For audio and music lovers, there are significant improvements across the
board to metadata handling: library improvements, new tags, new displays,
improvements to how Kodi handles release dates, album durations, multi-disc
sets, and more. There's a new, Matrix-inspired visualisation, there are
improvements to display when fetching files from a web server, and several
changes to how audio decoder addons can pass information through to the
Kodi player.
For video, most of the changes are more technical, and may depend on your hardware: AV1 software decoding, HLG HDR and static HDR10 playback on Windows 10, static HDR10 and dynamic Dolby Vision HDR support on Android, and more OpenGL bicubic scalers.
Distribution quote of the week
And yeah, call me a hypocrite, but if I have the choice between
having no Internet at all or using some public DNS servers for DNS,
and leaking a tiny bit of information to those DNS server providers
then I am definitely preferring to have Internet, thank you very
much. [...]
— Lennart Poettering
Now, Fedora made its choice here, and I'll accept that, but I still think it's a bad one, that trades a misunderstood concept of privacy against a major step forward in userfriendliness. i.e. I am not sure it's a good choice to limit Fedora's userspace needlessly to people who can fix their DNS configuration. It's a pretty tiny elite group of people to be in after all...
Development
Firefox 86.0 released
The Firefox 86.0 release is out. New features this time include picture-in-picture video and "total cookie protection", which appears to be a way to allow third-party cookies while preserving some privacy.Development quote of the week
This the first time we'll be flying Linux on Mars. We're actually
running on a Linux operating system. The software framework that
we're using is one that we developed at JPL for cubesats and
instruments, and we open-sourced it a few years ago. So, you can
get the software framework that's flying on the Mars helicopter,
and use it on your own project. It's kind of an open-source
victory, because we're flying an open-source operating system and
an open-source flight software framework and flying commercial
parts that you can buy off the shelf if you wanted to do this
yourself someday.
— Tim
Canham, interviewed in IEEE Spectrum
Page editor: Jake Edge
Next page:
Announcements>>