Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 19 min 11 sec ago

An enforcement clarification from the kernel community

Monday 16th of October 2017 02:26:20 PM
The Linux Foundation's Technical Advisory board, in response to concerns about exploitative license enforcement around the kernel, has put together this patch adding a document to the kernel describing its view of license enforcement. This document has been signed or acknowledged by a long list of kernel developers. In particular, it seeks to reduce the effect of the "GPLv2 death penalty" by stating that a violator's license to the software will be reinstated upon a timely return to compliance. "We view legal action as a last resort, to be initiated only when other community efforts have failed to resolve the problem. Finally, once a non-compliance issue is resolved, we hope the user will feel welcome to join us in our efforts on this project. Working together, we will be stronger."

See this blog post from Greg Kroah-Hartman for more information.

"KRACK": a severe WiFi protocol flaw

Monday 16th of October 2017 01:55:49 PM
The "krackattacks" web site discloses a set of WiFi protocol flaws that defeat most of the protection that WPA2 encryption is supposed to provide. "In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol".

Kernel prepatch 4.14-rc5

Monday 16th of October 2017 01:50:56 AM
The 4.14-rc5 kernel prepatch is out. "We've certainly had smaller rc5's, but we've had bigger ones too, and this week finally felt fairly normal in a release that has up until now felt a bit messier than it perhaps should have been. So assuming this trend holds, we're all good. Knock wood."

Bottomley: Using Elliptic Curve Cryptography with TPM2

Sunday 15th of October 2017 04:16:10 PM
James Bottomley describes the use of the trusted platform module with elliptic-curve cryptography, with a substantial digression into how the elliptic-curve algorithm itself works. "The initial attraction is the same as for RSA keys: making it impossible to extract your private key from the system. However, the mathematical calculations for EC keys are much simpler than for RSA keys and don’t involve finding strong primes, so it’s much simpler for the TPM (being a fairly weak calculation machine) to derive private and public EC keys."

Stable kernel 4.13.7

Saturday 14th of October 2017 02:08:39 PM
The 4.13.7 stable kernel update has been released; it contains a fix for an unpleasant local vulnerability that affects only 4.13 kernels.

[$] unsafe_put_user() turns out to be unsafe

Friday 13th of October 2017 09:19:03 PM
When a veteran kernel developer introduces a severe security hole into the kernel, it can be instructive to look at how the vulnerability came about. Among other things, it can point the finger at an API that lends itself toward the creation of such problems. And, as it turns out, the knowledge that the API is dangerous at the outset and marking it as such may not be enough to prevent problems.

Security updates for Friday

Friday 13th of October 2017 02:42:23 PM
Security updates have been issued by Arch Linux (botan, flyspray, go, go-pie, pcre2, thunderbird, and wireshark-cli), Fedora (chromium and mingw-poppler), Red Hat (Red Hat JBoss BPM Suite 6.4.6 and Red Hat JBoss BRMS 6.4.6), SUSE (git and kernel), and Ubuntu (libffi and xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial).

[$] The trouble with text-only email

Thursday 12th of October 2017 03:11:49 PM
Mozilla's manifesto commits the organization to a number of principles, including support for individual privacy and an individual's right to control how they experience the Internet. As a result, when Mozilla recently stated its intent to remove the "text only" option from its mailing lists — for the purpose of tracking whether recipients are reading its emails — the reaction was, to put it lightly, not entirely positive. The text-only option has been saved, but the motivation behind this change is indicative of the challenges facing independent senders of email.

Four new stable kernels

Thursday 12th of October 2017 03:07:04 PM
Greg Kroah-Hartman has announced the release of the 4.13.6, 4.9.55, 4.4.92, and 3.18.75 stable kernels. As usual, they contain fixes throughout the tree, so users should upgrade.

Update: Kroah-Hartman released 4.9.56: "It fixes a networking bug in 4.9.55. Don't use 4.9.55, it's busted, sorry about that, I should have held off and gotten more testing on it, my fault :("

Security updates for Thursday

Thursday 12th of October 2017 02:41:06 PM
Security updates have been issued by CentOS (httpd and thunderbird), Debian (nss), Fedora (git), openSUSE (krb5, libvirt, samba, and thunderbird), Oracle (httpd and thunderbird), Red Hat (httpd, rh-mysql57-mysql, and thunderbird), Scientific Linux (httpd and thunderbird), and Ubuntu (ceph).

[$] LWN.net Weekly Edition for October 12, 2017

Thursday 12th of October 2017 02:46:37 AM
The LWN.net Weekly Edition for October 12, 2017 is available.

[$] Continuous-integration testing for Intel graphics

Wednesday 11th of October 2017 04:01:48 PM

Two separate talks, at two different venues, give us a look into the kinds of testing that the Intel graphics team is doing. Daniel Vetter had a short presentation as part of the Testing and Fuzzing microconference at the Linux Plumbers Conference (LPC). His colleague, Martin Peres, gave a somewhat longer talk, complete with demos, at the X.Org Developers Conference (XDC). The picture they paint is a pleasing one: there is lots of testing going on there. But there are problems as well; that amount of testing runs afoul of bugs elsewhere in the kernel, which makes the job harder.

Security updates for Wednesday

Wednesday 11th of October 2017 03:06:31 PM
Security updates have been issued by Arch Linux (lame, salt, and xorg-server), Debian (ffmpeg, imagemagick, libxfont, wordpress, and xen), Fedora (ImageMagick, rubygem-rmagick, and tor), Oracle (kernel), SUSE (kernel, SLES 12 Docker image, SLES 12-SP1 Docker image, and SLES 12-SP2 Docker image), and Ubuntu (curl, glance, horizon, kernel, keystone, libxfont, libxfont1, libxfont2, libxml2, linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-gcp, linux-hwe, linux-lts-xenial, nova, openvswitch, swift, and thunderbird).

Plasma 5.11

Tuesday 10th of October 2017 11:08:21 PM
KDE Plasma 5.11 has been released. "Plasma 5.11 brings a redesigned settings app, improved notifications, a more powerful task manager. Plasma 5.11 is the first release to contain the new “Vault”, a system to allow the user to encrypt and open sets of documents in a secure and user-friendly way, making Plasma an excellent choice for people dealing with private and confidential information."

[$] Cramming features into LTS kernel releases

Tuesday 10th of October 2017 07:25:03 PM
While the 4.14 development cycle has not been the busiest ever (12,500 changesets merged as of this writing, slightly more than 4.13 at this stage of the cycle), it has been seen as a rougher experience than its predecessors. There are all kinds of reasons why one cycle might be smoother than another, but it is not unreasonable to wonder whether the fact that 4.14 is a long-term support (LTS) release has affected how this cycle has gone. Indeed, when he released 4.14-rc3, Linus Torvalds complained that this cycle was more painful than most, and suggested that the long-term support status may be a part of the problem. A couple of recent pulls into the mainline highlight the pressures that, increasingly, apply to LTS releases.

Purism Meets Its $1.5 Million Goal for Security Focused Librem 5 Smartphone

Tuesday 10th of October 2017 05:05:45 PM
Purism has reached its crowdfunding goal to create the Librem 5, an encrypted, open smartphone ecosystem that gives users complete device control. "Reaching the $1.5 million milestone weeks ahead of schedule enables Purism to accelerate the production of the physical product. The company plans to move into hardware production as soon as possible to assemble a developer kit as well as initiate building the base software platform, which will be publicly available and open to the developer community." LWN looked at the privacy features planned for the phone in an article for this week's edition.

[$] An update on GnuPG

Tuesday 10th of October 2017 04:02:39 PM

The GNU Privacy Guard (GnuPG) is one of the fundamental tools that allows a distributed group to have trust in its communications. Werner Koch, lead developer of GnuPG, spoke about it at Kernel Recipes: what's in the new 2.2 version, when older versions will reach their end of life, and how development will proceed going forward. He also spoke at some length on the issue of best-practice key management and how GnuPG is evolving to assist. Subscribers can click below for a report on the talk by guest author Tom Yates.

Security updates for Tuesday

Tuesday 10th of October 2017 03:06:34 PM
Security updates have been issued by Fedora (WebCalendar), openSUSE (mpg123 and openjpeg2), Red Hat (kernel), and SUSE (firefox, nss).

[$] Improving the kernel timers API

Monday 9th of October 2017 11:01:20 PM
The kernel's timer interface has been around for a long time, and its API shows it. Beyond a lack of conformance with current in-kernel interface patterns, the timer API is not as efficient as it could be and stands in the way of ongoing kernel-hardening efforts. A late addition to the 4.14 kernel paves the way toward a wholesale change of this API to address these problems.

Linux Foundation Technical Advisory Board election call for nominations

Monday 9th of October 2017 09:03:26 PM
The next election for members of the Linux Foundation's Technical Advisory Board will be held on October 25 at the Kernel Summit in Prague. The call has gone out for candidates to fill the five available seats. "The Linux Foundation Technical Advisory Board (TAB) serves as the interface between the kernel development community and the Foundation. The TAB advises the Foundation on kernel-related matters, helps member companies learn to work with the community, and works to resolve community-related problems before they get out of hand. The board has ten members, one of whom sits on the LF board of directors."

More in Tux Machines

KDE Events: Akademy 2017 and KDE Edu Sprint

  • Hey Mycroft, Drive Me to our Goals!
    Almost three months after Akademy 2017, I finally found the time to write a blog post about how I experienced it. Akademy is where I learn again about all the amazing things happening in our community, where I connect the dots and see the big picture of where all the effort in the various projects together can lead. And of course, I meet all the wonderful people, all the individual reasons why being in KDE is so amazing. This year was no different. Some people voiced their concern during the event that those who are not at Akademy and see only pictures of it on social media might get the feeling that it is mostly about hanging out on the beach and drinking beer, instead of actually being productive. Everyone who was ever at Akademy of course knows this impression couldn’t be further from the truth, but I’ll still take it as a reason to not talk about any of the things that were “just” fun, and focus instead on those that were both fun and productive.
  •  
  • KDE Edu sprint 2017 in Berlin
    I had the privilege to attend the KDE Edu sprint in Berlin that happened from the 6th to the 9th of October.

Software: Narabu, ucaresystem, Telegram Messenger

  • Introducing Narabu, part 2: Meet the GPU
    Narabu is a new intraframe video codec. You may or may not want to read part 1 first. The GPU, despite being extremely more flexible than it was fifteen years ago, is still a very different beast from your CPU, and not all problems map well to it performance-wise. Thus, before designing a codec, it's useful to know what our platform looks like.
  • ucaresystem Core v4.0 : Added option to upgrade Ubuntu to the next release
    Since Ubuntu 17.10 has just been released, I have added new feature to the ucaresystem Core that can be used by the user to upgrade his distribution to the next stable version or optionally to the next development version of Ubuntu. For those who are not familiar with the ucaresystem app it is an automation script that automatically and without asking for your intervention performs some crucial Ubuntu maintenance processes, which otherwise would be done one by one and pressing Y / N each time.
  • 10 Reasons Why I Switched To Telegram Messenger
    Whatsapp may be the best player in the game when it comes to instant messaging apps, but Telegram Messenger is the entire game itself. Because Telegram is not just an app, it is an entire communication platform. It is not bound by restrictions or limitations like other apps.

Graphics and Games: RandR and AMDGPU, Opus Magnum

  • "NonDesktop" Proposed For RandR: Useful For VR & Apple Touch Bar Like Devices
    Besides Keith Packard working on the concept of resource leasing for the X.Org Server and resource leasing support for RandR, he's also now proposing a "NonDesktop" property for the Resize and Rotate protocol. The resource leasing has already been worked out as a candidate for the next update, RandR 1.6, while now this veteran X11 developer is proposing a new "NonDesktop" property for identifying outputs that are not conventional displays.
  • More AMDGPU Changes Queue For Linux 4.15
    Adding to the excitement of Linux 4.15, AMD has queued some more changes that were sent in today for DRM-Next. Already for Linux 4.15, the AMDGPU Direct Rendering Manager driver should have the long-awaited "DC" display stack that brings Vega/Raven display support, HDMI/DP audio, atomic mode-setting and more. Other pull requests have also brought in a new ioctl, UVD video encode ring support on Polaris, transparent huge-pages DMA support, PowerPlay clean-ups, and many fixes, among other low-level improvements.
  • Opus Magnum, the latest puzzle game from Zachtronics, is released into Early Access
    The developers behind the challenging puzzle games TIS-100 and SHENZEN I/O are at it again and have released their latest title into Steam’s Early Access today.
  • Open your wallets, there's some great Linux games on sale right now
    It's time to throw your wallet at your screen, as we're going to take a look at some awesome Linux games on sale.

System 76 and Purism Laptops

  • POP!_OS is a developer-focused minimalist Linux distro from System 76
    There aren’t that many Linux hardware manufacturers around. Of the few that exist, System 76 is amongst the most well-known. It offers a slew of laptops and desktops, all shipping with the popular Ubuntu distro pre-installed, saving customers hours of wasted time dealing with driver hell. But it recently announced it’s changing gears and creating its own Linux distro, which will replace Ubuntu on its systems, called POP!_OS.
  • Purism’s Linux laptops now ship with Intel Management Engine disabled
    Most computers that ship with recent Intel processors include something called Intel Management Engine, which enables hardware-based security, power management, and remote configuration features that are not tied to the operating system running on your PC. For free software proponents, this has been a pain in the behind, because it’s a closed-source, proprietary feature designed to provide remote access to a computer even when it’s turned off. While it’s designed to provide security, it also poses a potential security and privacy threat, since it’s a proprietary system that can only be patched by Intel
  • Purism Now Shipping Their Laptops With Intel ME Disabled
    Purism has announced today all laptops to be shipping from their company will now have the Intel Management Engine (ME) disabled. Thanks to work done by security researches in recent years for finding ways to disable ME, especially in light of recent security vulnerabilities, Purism's Coreboot-equipped laptops are now shipping with ME disabled out-of-the-box. Those already with a Librem laptop are able to apply a firmware update to also disable it.