|
|
Subscribe / Log in / New account

Brief items

Security

OpenSSH 8.7 released

OpenSSH 8.7 has been released. Changes include steps toward deprecating scp and using the SFTP protocol for file transfers instead, changes to remote-to-remote copies (they go through the local host by default now), a stricter configuration-file parser, and more.

Full Story (comments: 24)

Security quote of the week

Suffice it to say, if you work someplace with enough machines, there's probably some way for you to get root on all of them if you can hit them with a handful of packets. I've seen it happen far too many times at enough companies to expect things to stay secure. I'm not talking about buffer overflows and stuff like that, although those exist too. I mean just straight up asking a service to please run a command for you (as root), and it gladly complies.

Maybe this is our version of the "infinite monkeys" thing: given enough software people, enough computers, and enough time, someone at a company will eventually grant universal remote root access to anyone who knows how to read some source code.

Rachel Kroll

Comments (7 posted)

Kernel development

Kernel release status

The current development kernel is 5.14-rc7, released on August 22. "So things continue to look normal, and unless there is any last-minute panic this upcoming week, this is likely the last rc before a final 5.14."

Stable updates: none have been released in the last week. The 5.13.13, 5.10.61, 5.4.143, 4.19.205, 4.14.245, 4.9.281, and 4.4.282 stable updates are all in the review process; they are due on August 26.

Comments (none posted)

Linux Foundation Technical Advisory Board election: nominees sought

The call for nominees for the 2021 Linux Foundation Technical Advisory Board election has gone out.

The TAB serves as the interface between the kernel development community and the Linux Foundation, advising the Foundation on kernel-related matters, helping member companies learn to work with the community, and working to resolve community-related problems (preferably before they get out of hand). We also support the Code of Conduct committee in their mission.

The election itself will be held during the Linux Plumbers Conference, September 20 to 24. Note that the election procedures have changed this year with an eye toward broadening the community that is eligible to vote.

Comments (1 posted)

Quote of the era

I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things).

I've currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I'll get something practical within a few months, and I'd like to know what features most people would want. Any suggestions are welcome, but I won't promise I'll implement them :-)

Linus (torvalds@kruuna.helsinki.fi)

PS. Yes - it's free of any minix code, and it has a multi-threaded fs. It is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(.

Linus Torvalds, August 25, 1991

Comments (3 posted)

Distributions

Distributions quotes of the week

Which which witches wish to which with will wildly wander. We wish welcome to witches which which with weird whichs, which will want whiches which witches who were wasted winds when we were whelks used. Which which any witch uses is a decision whence the heart, which we wish to watch each which make.
Calum McConnell on having different implementations of which in Debian

Well, quite -- we seem to have had predictions of the sky falling as a result of usrmerge and/or merged-/usr, but if it is falling it's doing it remarkably slowly.
Philip Hands

I also agree with your reading of the history that there were process problems in how we interacted with the dpkg team. I agree with you that is water under the bridge in terms of our technical decision today. I hope we choose to learn from that for better future decision making, but I do not think either our users or the free software community would be served by letting those process concerns stop technical progress.
Sam Hartman

Comments (4 posted)

Development

LibreOffice 7.2 Community released

The Document Foundation has announced the latest release of LibreOffice:
LibreOffice 7.2 Community, the new major release of the volunteer-supported free office suite for desktop productivity, is available from https://www.libreoffice.org/download. Based on the LibreOffice Technology platform for personal productivity on desktop, mobile and cloud, it provides a large number of interoperability improvements with Microsoft’s proprietary file formats. In addition, LibreOffice 7.2 Community offers numerous performance improvements in handling large files, opening certain DOCX and XLSX files, managing font caching, and opening presentations and drawings that contain large images. There are also drawing speed improvements when using the Skia back-end that was introduced with LibreOffice 7.1.

[...] LibreOffice 7.2 Community’s new features have been developed by 171 contributors: 70% of code commits are from 51 developers employed by three companies sitting in TDF’s Advisory Board – Collabora, Red Hat and allotropia – or other organizations (including The Document Foundation), and 30% are from 120 individual volunteers.

See the release notes for more information on the changes and new features in the LibreOffice 7.2.

Comments (2 posted)

Development quote of the week

Emacs switched to git (from bzr) in 2014 to get… more contributors. But… It didn't really seems that that had much of an effect — perhaps we just lost a lot of people who really hate git?

Of course, Emacs still has a fleet of people responsible for various sub-systems, and they’re working away efficiently on those, and co-maintainer Eli Zaretskii is handling all the difficult internal Emacs things that I don't quite know how actually work, even after all these years…

But what I really, really want to see happening is that we get an increase in the number of "drive by" contributions: That is, contributions from people who aren't living on the emacs-devel mailing list, but just see some problem, fix it, and then submit a patch or two.

Lars Ingebrigtsen

Comments (1 posted)

Miscellaneous

Villa: Setting new expectations for open source maintainers

Luis Villa writes about increasing demands on open-source maintainers on opensource.com.

Second, these new and increasingly specialized requirements primarily benefit a specific class of open source users—large enterprises. That isn't necessarily a bad thing—big enterprises are essential in many ways, and indeed, the risks to them deserve to be taken seriously.

But in a world where hundreds of billions of dollars in enterprise value have been created by open source, and where small educational/hobby projects (and even many small companies) don't really benefit from these new unfunded mandates, developers will likely focus on other things, since few of them got into open source primarily to benefit the Fortune 500.

Comments (40 posted)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds