Brief items

Security quote of the week

The Justice Department today announced a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers in the United States running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level e-mail service.

Through January and February 2021, certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software to access e-mail accounts and place web shells (which are pieces of code or scripts that enable remote administration) for continued access. Other hacking groups followed suit starting in early March after the vulnerability and patch were publicized. Although many infected system owners successfully removed the web shells from thousands of computers, others appeared unable to do so, and hundreds of such web shells persisted unmitigated. Today’s operation removed one early hacking group’s remaining web shells, which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks. The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path).

— US Department of Justice

Comments (5 posted)

Kernel release status

The current development kernel is 5.12-rc7, released on April 11. "End result: I'm still waffling about the final 5.12 release. The fact that we have a big rc7 does make me think that I'll probably do an rc8 this time around. But it ends up depending a bit on how the upcoming week goes, and if things are deathly quiet, I may end up deciding that an rc8 doesn't really make sense."

Stable updates: 5.11.13, 5.10.29, 5.4.111, 4.19.186, 4.14.230, 4.9.266, and 4.4.266 were released on April 10, followed by 5.11.14, 5.10.30, 5.4.112, and 4.19.187 on April 14.

Comments (none posted)

Quotes of the week

Code is generally write once, read many times. Optimizing for writing at the cost of magic indirection is generally not the right tradeoff in the kernel, where any indirection could hide a major gotcha. In huge userspace applications fancy abstraction and polymorphism is often the right thing to do, but there you also have a real compiler with a real type system (generally at least) helping you out. Or it's yolo duct-taping with lots of tests, where the speed at which you can hack up something matters more than being able to read it quickly.

— Daniel Vetter

Some of you have noticed the past few weeks and months that a serious attempt to bring a second language to the kernel was being forged. We are finally here, with an RFC that adds support for Rust to the Linux kernel.

— Miguel Ojeda

Comments (1 posted)

FreeBSD 13.0 released

The FreeBSD 13 release is out. It includes a lot of updated software, the removal of a number of GNU tools (including the toolchain), and more, but not WireGuard. See the release notes for the details.

Full Story (comments: 30)

OpenStack Wallaby released

The OpenStack cloud-infrastructure project has made its 23rd release, Wallaby. "The Wallaby release strengthens open infrastructure for cloud native applications with enhanced security and integration with other open source technologies. More than 17,000 code changes authored by over 800 contributors from 140 different organizations and 45 countries were merged into the release. In addition to delivering a wide range of improvements to the stable and reliable OpenStack core and its highly flexible project integration capabilities, Wallaby delivers security enhancements including fallback permissions and RBAC improvements in Ironic [bare-metal provisioning service], Glance [image service] and Manila [shared filesystems], and the community focused this cycle on migrating the RBAC policy format from JSON to YAML. Additionally, the Ironic project has extended functionality for UEFI (Unified Extensible Firmware Interface), including secure erase for NVME."

Comments (13 posted)

HPVM v1.0 released

HPVM ("heterogeneous parallel virtual machine") is a compiler for targets like GPUs and FPGAs based on LLVM; the 1.0 release is available now. "This release is a major addition to our first release (version 0.5), adding support for linear algebra tensor operations, Pytorch and Keras frontends, approximations for convolution operators, and an efficient and flexible framework for approximation tuning. Our novel approximation-tuner automatically selects approximation knobs for individual tensor operations and selects configurations that maximize a (configurable) performance objective."

Full Story (comments: 5)

The FSF on Stallman's reinstatement

The Free Software Foundation has finally issued a statement on why the decision to return Richard Stallman to the organization's board of directors was taken.

We decided to bring RMS back because we missed his wisdom. His historical, legal and technical acumen on free software is unrivaled. He has a deep sensitivity to the ways that technologies can contribute to both the enhancement and the diminution of basic human rights. His global network of connections is invaluable. He remains the most articulate philosopher and an unquestionably dedicated advocate of freedom in computing.

RMS acknowledges that he has made mistakes. He has sincere regrets, especially at how anger toward him personally has negatively impacted the reputation and mission of FSF. While his personal style remains troubling for some, a majority of the board feel his behavior has moderated and believe that his thinking strengthens the work of the FSF in pursuit of its mission.

There is also a separate statement from Stallman.

Comments (59 posted)