Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 26 min ago

[$] Teaching Python to kids

Tuesday 26th of June 2018 03:22:47 PM

The combination of an "unsuspecting library employee" and a bunch of bored children has created a popular program using the Raspberry Pi and other tools to teach coding to kids. Qumisha Goss is a librarian at the Parkman branch of the Detroit Public Library; she started the "Parkman Coders" program and came to PyCon 2018 in Cleveland, Ohio to tell the assembled Pythonistas all about it. She also had some thoughts on ways to make the Python community a more diverse place, along with some concerns for her students that are much bigger than the diversity topic.

Security updates for Tuesday

Tuesday 26th of June 2018 02:03:38 PM
Security updates have been issued by Slackware (firefox), SUSE (gpg2 and zlib), and Ubuntu (openssl, openssl1.0).

Another set of stable kernel updates

Tuesday 26th of June 2018 02:27:41 AM
The latest set of stable kernel updates consists of 4.17.3, 4.16.18, 4.14.52, and 4.9.110. Each contains a fair number of important updates. Note that 4.16.18 is the end of the line for the 4.16 series.

[$] Kernel support for control-flow enforcement

Monday 25th of June 2018 11:36:40 PM
As attackers have lost the easy ability to execute code stored in writable memory, they have increasingly turned to return-oriented programming (ROP) and related techniques to compromise vulnerable systems. ROP attacks use the code that is present in the program under attack and are hard to defend against in software. In response, hardware vendors are developing ways to defeat ROP-like techniques at a lower level. One of the results is Intel's Control-Flow Enforcement Technology (CET) [PDF], which adds two mechanisms (shadow stacks and indirect-branch tracking) that are intended to resist these attacks. Yu-cheng Yu recently posted a set of patches showing how this technology is to be used to defend Linux systems.

SUSE Linux Enterprise 15

Monday 25th of June 2018 11:13:36 PM
SUSE has announced the release of SUSE Linux Enterprise 15, SUSE Manager 3.2, and SUSE Linux Enterprise High Performance Computing 15. "SUSE Linux Enterprise 15 is a modern, modular operating system that helps simplify multimodal IT, makes traditional IT infrastructure more efficient and provides an engaging platform for developers. As a result, customers can easily deploy and transition business-critical workloads across on-premise and public cloud environments."

Security updates for Monday

Monday 25th of June 2018 03:10:17 PM
Security updates have been issued by CentOS (git), Debian (bouncycastle and lava-server), Fedora (ansible, epiphany, kernel, kernel-tools, matrix-synapse, mingw-podofo, pass, podofo, python-prometheus_client, redis, rubygem-sinatra, and thunderbird-enigmail), Gentoo (file and pnp4nagios), Mageia (file, glibc, kernel, librsvg, and libvorbis), openSUSE (go1.9, mariadb, phpMyAdmin, and redis), and SUSE (firefox, kernel modules packages, and python).

Systemd v239 released

Monday 25th of June 2018 12:08:23 AM
Systemd v239 has been released with a long list of changes; click below for the full set. "A new system.conf setting NoNewPrivileges= is now available which may be used to turn off acquisition of new privileges system-wide (i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also for all its children). Note that turning this option on means setuid binaries and file system capabilities lose their special powers. While turning on this option is a big step towards a more secure system, doing so is likely to break numerous pre-existing UNIX tools, in particular su and sudo."

Perl 5.28.0 released

Sunday 24th of June 2018 11:57:10 PM
Version 5.28.0 of the Perl language has been released. "Perl 5.28.0 represents approximately 13 months of development since Perl 5.26.0 and contains approximately 730,000 lines of changes across 2,200 files from 77 authors". The full list of changes can be found over here; some highlights include Unicode 10.0 support, string- and number-specific bitwise operators, a change to more secure hash functions, and safer in-place editing.

Kernel prepatch 4.18-rc2

Sunday 24th of June 2018 06:14:31 PM
The second 4.18 kernel prepatch is out for testing. "Anyway, it's early in the rc series yet, but things look fairly normal."

LKML archives on lore.kernel.org

Friday 22nd of June 2018 07:34:38 PM
A new archive of linux-kernel mailing list (LKML) posts going back to 1998 is now available at lore.kernel.org. It is based on public-inbox (which we looked at back in February. Among other things, public-inbox allows retrieving the entire archive via Git: "Git clone URLs are provided at the bottom of each page. Note, that due to its volume, the LKML archive is sharded into multiple repositories, each roughly 1GB in size. In addition to cloning from lore.kernel.org, you may also access these repositories on git.kernel.org." The full announcement, which includes information about a new Patchwork instance as well as ways to link into the new archive, can be found on kernel.org.

Security updates for Friday

Friday 22nd of June 2018 01:41:10 PM
Security updates have been issued by Debian (php-horde-image), openSUSE (kernel), Scientific Linux (git), SUSE (bluez, kernel, mariadb, and mariadb, mariadb-connector-c, xtrabackup), and Ubuntu (openjdk-7).

Bottomley: Containers and Cloud Security

Thursday 21st of June 2018 06:49:57 PM
On his blog, James Bottomley looks at the value proposition for various types of cloud deployments. In particular, he compares the vertical and horizontal attack profile (VAP and HAP) of four different models: separate servers, separate logins on a single server, virtual machines, and containers. He finds the container story to be compelling: "The total VAP here is identical to that of physical infrastructure. However, the Tenant component is much smaller (the kernel accounting for around 50% of all vulnerabilities). It is this reduction in the Tenant VAP that makes containers so appealing: the CSP [cloud service provider] is now responsible for monitoring and remediating about half of the physical system VAP which is a great improvement for the Tenant. Plus when the CSP remediates on the host, every container benefits at once, which is much better than having to crack open every virtual machine image to do it. Best of all, the Tenant images don’t have to be modified to benefit from these fixes, simply running on an updated CSP host is enough. However, the cost for this is that the HAP is the entire linux kernel syscall interface meaning the HAP is much larger than then hypervisor virtual infrastructure case because the latter benefits from interface narrowing to only the hypercalls (qualitatively, assuming the hypercall interface is ~30 calls and the syscall interface is ~300 calls, then the HAP is 10x larger in the container case than the hypervisor case); however, thanks to protections from the kernel namespace code, the HAP is less than the shared login server case. Best of all, from the Tenant point of view, this entire HAP cost is borne by the CSP, which makes this an incredible deal: not only does the Tenant get a significant reduction in their VAP but the CSP is hugely motivated to keep on top of all vulnerabilities in their part of the VAP and remediate very fast because of the business implications of a successful horizontal attack."

Security updates for Thursday

Thursday 21st of June 2018 02:15:12 PM
Security updates have been issued by openSUSE (cobbler and matrix-synapse), Oracle (git), Red Hat (git), SUSE (java-1_7_1-ibm, nagios-nrpe, and ntp), and Ubuntu (AMD microcode).

[$] LWN.net Weekly Edition for June 21, 2018

Thursday 21st of June 2018 12:09:34 AM
The LWN.net Weekly Edition for June 21, 2018 is available.

Two stable kernel updates

Wednesday 20th of June 2018 09:41:53 PM
Stable kernels 4.16.17 and 4.14.51 have been released with lots of fixes throughout the tree. Users should upgrade.

[$] Mentoring and diversity for Python

Wednesday 20th of June 2018 09:38:38 PM

A two-part session at the 2018 Python Language Summit tackled the core developer diversity problem from two different angles. Victor Stinner outlined some work he has been doing to mentor new developers on their path toward joining the core development ranks; he has also been trying to document that path. Mariatta Wijaya gave a very personal talk that described the diversity problem while also providing some concrete action items that the project and individuals could take to help make Python more welcoming to minorities.

More in Tux Machines

Today in Techrights

Security: SSL, Microsoft Windows TCO, Security Breach Detection and SIM Hijackers

  • Why Does Google Chrome Say Websites Are “Not Secure”?
    Starting with Chrome 68, Google Chrome labels all non-HTTPS websites as “Not Secure.” Nothing else has changed—HTTP websites are just as secure as they’ve always been—but Google is giving the entire web a shove towards secure, encrypted connections.
  • Biggest Voting Machine Maker Admits -- Ooops -- That It Installed Remote Access Software After First Denying It [Ed: Microsoft Windows TCO]
    We've been covering the mess that is electronic voting machines for nearly two decades on Techdirt, and the one thing that still flummoxes me is how are they so bad at this after all these years? And I don't mean "bad at security" -- though, that's part of it -- but I really mean "bad at understanding how insecure their machines really are." For a while everyone focused on Diebold, but Election Systems and Software (ES&S) has long been a bigger player in the space, and had just as many issues. It just got less attention. There was even a brief period of time where ES&S bought what remained of Diebold's flailing e-voting business before having to sell off the assets to deal with an antitrust lawsuit by the DOJ. What's incredible, though, is that every credible computer security person has said that it is literally impossible to build a secure fully electronic voting system -- and if you must have one at all, it must have a printed paper audit trail and not be accessible from the internet. Now, as Kim Zetter at Motherboard has reported, ES&S -- under questioning from Senator Ron Wyden -- has now admitted that it installed remote access software on its voting machines, something the company had vehemently denied to the same reporter just a few months ago.
  • Bringing cybersecurity to the DNC [Ed: Microsoft Windows TCO. Microsoft Exchange was used.]
    When Raffi Krikorian joined the Democratic National Committee (DNC) as chief technology officer, the party was still reeling from its devastating loss in 2016 — and the stunning cyberattacks that resulted in high-level officials’ emails being embarrassingly leaked online.
  • Getting Started with Successful Security Breach Detection
    Organizations historically believed that security software and tools were effective at protecting them from hackers. Today, this is no longer the case, as modern businesses are now connected in a digital global supply ecosystem with a web of connections to customers and suppliers. Often, organizations are attacked as part of a larger attack on one of their customers or suppliers. They represent low hanging fruit for hackers, as many organizations have not invested in operationalizing security breach detection. As this new reality takes hold in the marketplace, many will be tempted to invest in new technology tools to plug the perceived security hole and move on with their current activities. However, this approach is doomed to fail. Security is not a "set it and forget it" type of thing. Defending an organization from a breach requires a careful balance of tools and operational practices -- operational practices being the more important element.
  • The SIM Hijackers

    By hijacking Rachel’s phone number, the hackers were able to seize not only Rachel’s Instagram, but her Amazon, Ebay, Paypal, Netflix, and Hulu accounts too. None of the security measures Rachel took to secure some of those accounts, including two-factor authentication, mattered once the hackers took control of her phone number.

GNU/Linux Desktops/Laptops and Windows Spying

  • Changes [Pop!_OS]

    For the last 12 years, my main development machine has been a Mac. As of last week, it’s a Dell XPS 13 running Pop!_OS 18.04.

    [...]

    Take note: this is the first operating system I’ve used that is simpler, more elegant, and does certain things better than macOS.

  • System76 Opens Manufacturing Facility to Build Linux Laptops
    As it turns out, System76 is making the transition from a Linux-based computer seller, into a complete Linux-based computer manufacturer. The Twitter photos are from their new manufacturing facility. This means that System76 will no longer be slapping their logo on other company’s laptops and shipping them out, but making their own in-house laptops for consumers.
  • Extension adding Windows Timeline support to third-party browsers should have raised more privacy questions
    Windows Timeline is a unified activity history explorer that received a prominent placement next to the Start menu button in Windows 10 earlier this year. You can see all your activities including your web browser history and app activity across all your Windows devices in one place; and pickup and resume activities you were doing on other devices. This is a useful and cool feature, but it’s also a privacy nightmare. You may have read about a cool new browser extension that adds your web browsing history from third-party web browsers — including Firefox, Google Chrome, Vivaldi, and others — to Windows Timeline. The extension attracted some media attention from outlets like MSPoweruser, Neowin, The Verge, and Windows Central.

Public money, public code? FSFE spearheads open-source initiative

Last September, the non-profit Free Software Foundation Europe (FSFE) launched a new campaign that calls for EU-wide legislation that requires publicly financed software developed for the public sector to be made publicly available under a free and open-source software license. According to the ‘Public Money, Public Code’ open letter, free and open-source software in the public sector would enable anyone to “use, study, share, and improve applications used on a daily basis”. The initiative, says the non-profit, would provide safeguards against public sector organizations being locked into services from specific companies that use “restrictive licenses” to hinder competition. The FSFE also says the open-source model would help improve security in the public sector, as it would allow backdoors and other vulnerabilities to fixed quickly, without depending on one single service provider. Since its launch, the Public Money, Public Code initiative has gained the support of 150 organizations, including WordPress Foundation, Wikimedia Foundation, and Tor, along with nearly 18,000 individuals. With the initiative now approaching its first anniversary, The Daily Swig caught up with FSFE spokesperson Paul Brown, who discussed the campaign’s progress. Read more