|
|
Subscribe / Log in / New account

Brief items

Security

Huang: The Plausibly Deniable DataBase

Andrew 'bunnie' Huang introduces PDDB, a database meant to allow users to (plausibly) deny the existence of specific data within it.

Precursor is a device we designed to keep secrets, such as passwords, wallets, authentication tokens, contacts and text messages. We also want it to offer plausible deniability in the face of an attacker that has unlimited access to a physical device, including its root keys, and a set of “broadly known to exist” passwords, such as the screen unlock password and the update signing password. We further assume that an attacker can take a full, low-level snapshot of the entire contents of the FLASH memory, including memory marked as reserved or erased. Finally, we assume that a device, in the worst case, may be subject to repeated, intrusive inspections of this nature.

We created the PDDB (Plausibly Deniable DataBase) to address this threat scenario.

Comments (17 posted)

Security quote of the week

Adding knobs to disable features for unactionable security concerns gives a feel good in terms of security theatre, but it causes system unpredictability in that any given application now has to check if a feature is usable before it uses it and figure out what to do if it isn't available. The more we do it, the bigger the combinatoric explosion of possible missing features and every distro ends up having a different default combination.

The bottom line is it's much better to find and fix actual security bugs than create a runtime configuration nightmare.

James Bottomley

Comments (none posted)

Kernel development

Kernel release status

The current development kernel is 5.17-rc3, released on February 6. Linus said: "Things look fairly normal so far, with a pretty average number of commits for an rc3 release".

Stable updates have, once again, been readily available this week. 4.4.302, the final 4.4.x release, started the flood on February 3. Thereafter, we saw 5.16.6, 5.15.20, 5.10.97, and 5.4.177 on February 5, but a problem was reported almost immediately after those releases, leading to the reversion of a broken patch and the subsequent releases of 5.16.7, 5.15.21, and 5.10.98. The 5.16.8, 5.15.22, 5.10.99, 5.4.178, 4.19.228, 4.14.265, and 4.9.300 releases then came out on February 8.

The (tiny) 5.16.9, 5.15.23, 5.10.100, 5.4.179, 4.19.229, 4.14.266, and 4.9.301 updates are in the review process; they are due on February 11.

Comments (none posted)

Distributions

Slackware 15 released

Version 15 of the venerable Slackware distribution has been released.

The challenge this time around was to adopt as much of the good stuff out there as we could without changing the character of the operating system. Keep it familiar, but make it modern. And boy did we have our work cut out for us. We adopted PAM (finally) as projects we needed dropped support for pure shadow passwords. We switched from ConsoleKit2 to elogind, making it much easier to support software that targets that Other Init System and bringing us up-to-date with the XDG standards. We added support for PipeWire as an alternate to PulseAudio, and for Wayland sessions in addition to X11.

A bit more information can be found in the release notes. Many of us got our start with Slackware; it is good to see that it's still out there and true to form.

Comments (38 posted)

Qubes OS 4.1.0 released

Version 4.1.0 of the secure-desktop-oriented Qubes OS distribution has been released. "The culmination of years of development, this release brings a host of new features, major improvements, and numerous bug fixes". New features an experimental GUI domain separate from dom0, the "Qrexec" policy system, progress toward a reproducible build, and more. See below and this article for more information.

Full Story (comments: none)

Distributions quote of the week

If the [Debian] project continues to believe that it is of primary importance for us to be the copyright notice and license catalog review system for the entire free software ecosystem (which is honestly what it feels like we've currently decided to volunteer to do on top of our goal of building a distribution), then I will do my part with the packages that I upload so that I don't put unnecessary load on the folks doing NEW review. But when we've collectively been doing something for so long, we can lose track of the fact that it's a choice, and other choices are possible. It's worth revisiting those choices consciously from time to time.
Russ Allbery

Comments (none posted)

Development

GNU Binutils 2.38 released

Version 2.38 of the GNU Binutils tool set has been released. Changes include new hardware support (including for the LoongArch architecture), various Unicode-handling improvements, a new --thin option to ar for the creation of thin archives, and more.

Full Story (comments: 1)

GNU C Library 2.35 released

Version 2.35 of the GNU C Library has been released. New features include Unicode 14.0.0 support, support for the C.UTF-8 locale, a bunch of new math functions, support for restartable sequences, and much more; see the announcement for details.

Comments (6 posted)

GStreamer 1.20.0 released

Version 1.20.0 of the GStreamer multimedia system is out. Changes include a new high-level playback library replacing GstPlayer, decoding support for WebM Alpha, updated Rust bindings, and more; see the announcement for lots of details.

Comments (none posted)

Plasma 5.24 released

Version 5.24 of the KDE-based Plasma desktop is out; this is a long-term-support release. Changes include various task-manager improvements, a new overview mode, fingerprint-reader support, improved Wayland support, and more.

Comments (10 posted)

Miscellaneous

Ryabitsev: Cross-fork object sharing in git (is not a bug)

This is a few days old, but evidently there is still need for this message: Konstantin Ryabitsev explains how it is easy to cause a commit to appear falsely to be part of a GitHub repository:

With all the benefits of object sharing comes one important downside — namely, you can access any shared object through any of the forks. So, if you fork linux.git and push your own commit into it, any of the 41.1k forks will have access to the objects referenced by your commit. If you know the hash of that object, and if the web ui allows to access arbitrary repository objects by their hash, you can even view and link to it from any of the forks, making it look as if that object is actually part of that particular repository (which is how we get the links at the start of this article).

A failure to understand this point is how the net fills up with articles like this one.

Comments (55 posted)

Page editor: Jonathan Corbet
Next page: Announcements>>


Copyright © 2022, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds