|
|
Subscribe / Log in / New account

Brief items

Security

Google: Protecting Android users from 0-Day attacks

This Google blog entry looks at some zero-day Android exploits that were detected and makes it clear what the stakes are.

We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns discussed below. Consistent with findings from CitizenLab, we assess likely government-backed actors purchasing these exploits are operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.

Comments (18 posted)

The Linux Foundation's "security mobilization plan"

The Linux Foundation has posted an "Open Source Software Security Mobilization Plan" that aims to address a number of perceived security problems with the expenditure of nearly $140 million over two years.

While there are considerable ongoing efforts to secure the OSS supply chain, to achieve acceptable levels of resilience and risk, a more comprehensive series of investments to shift security from a largely reactive exercise to a proactive approach is required. Our objective is to evolve the systems and processes used to ensure a higher degree of security assurance and trust in the OSS supply chain.

This paper suggests a comprehensive portfolio of 10 initiatives which can start immediately to address three fundamental goals for hardening the software supply chain. Vulnerabilities and weaknesses in widely deployed software present systemic threats to the security and stability of modern society as government services, infrastructure providers, nonprofits and the vast majority of private businesses rely on software in order to function.

Comments (51 posted)

Kernel development

Kernel release status

The 5.18 kernel was released on May 22 (announcement). Some of the headline changes in this release include the DAMOS memory-management interface, a number of random-number-generator improvements, the Intel software-defined silicon driver, strict memcpy() bounds checking, a switch to the C11 standard, and more. Also, the Reiserfs filesystem has been deprecated and the last vestiges of a.out support have been removed. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 5.18 page for more details.

Stable updates: 5.17.10, 5.15.42, 5.10.118, 5.4.196, 4.19.245, 4.14.281, and 4.9.316 were released on May 25. They were followed a few microseconds later by 5.17.11 and 5.15.43, which contain a single MPTCP networking fix.

Comments (none posted)

Distributions

Alpine Linux 3.16.0 released

Version 3.16.0 of the Alpine Linux distribution has been released. Significant changes include a switch to tmpfs for the /tmp directory, the splitting out of a number of NetworkManager plugins into separate packages, the removal of Python 2, and a lot of updated packages; see the release notes for more information.

Comments (none posted)

F-Droid: Our build and release infrastructure, and upcoming updates

Here's an update from F-Droid regarding upcoming changes to its build and distribution infrastructure.

If you have an app on f-droid.org, you might have noticed that all builds happen on a 5 year old Debian release: stretch. We are in the midst of a big effort to upgrade to the latest bullseye release right now. This is not just a simple apt-get upgrade, we are also taking this opportunity to overhaul the build process so that app builds work with a relatively plain Debian install as the base OS. We have to provide a platform to build thousands of apps, so we cannot just upgrade the base image as often as we like.

Comments (15 posted)

Development

Huang: Rust: A Critical Retrospective

Andrew 'bunnie' Huang has posted an extensive review of the Rust language derived from the experience of writing "over 100k lines" of code.

Rust is a difficult language for authoring code because it makes these "cheats" hard – as long as you have the discipline of not using "unsafe" constructions to make cheats easy. However, really hard does not mean impossible – there were definitely some cheats that got swept under the rug during the construction of Xous.

This is where Rust really exceeded expectations for me. The language's structure and tooling was very good at hunting down these cheats and refactoring the code base, thus curing the cancer without killing the patient, so to speak. This is the point at which Rust’s very strict typing and borrow checker converts from a productivity liability into a productivity asset.

Comments (19 posted)

Rust 1.61.0 released

Version 1.61.0 of the Rust language has been released. Changes this time around include more flexibility in main-program exit codes, a number of new features for const functions, a number of newly stabilized APIs, and more.

Comments (14 posted)

Systemd 251 released

Systemd 251 is out. The list of changes includes an increase of the minimum kernel version to 4.15, use of C11 to build the program, increased use of filesystem ID mapping, and many other things; see the announcement for all the details.

Full Story (comments: none)

Miscellaneous

LWN is now on Mastodon

For readers who want to follow our article stream on Mastodon, LWN now (finally) has a presence in the Fosstodon community; you can find us at @LWN@fosstodon.org.

Comments (26 posted)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2022, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds