Language Selection

English French German Italian Portuguese Spanish

Security: Intel Management Engine (ME), Snyk FUD, and Latest Security Updates

Filed under
  • Replacing x86 firmware with Linux and Go

    The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.

    He began by noting that most times he is talking about firmware, it is with his coreboot hat on. But he removed said "very nice hat", since his talk was "not a coreboot talk". He listed a number of people who had worked on the project to "replace your exploit-ridden firmware with a Linux kernel", including several from partner companies (Two Sigma, Cisco, and Horizon Computing) as well as several other Google employees.

    The results they achieved were to drop the boot time on an Open Compute Project (OCP) node from eight minutes to 20 seconds. To his way of thinking, that is "maybe the single least important part" of this work, he said. All of the user-space parts of the boot process are written in Go; that includes everything in initramfs, including init. This brings Linux performance, reliability, and security to the boot process and they were able to eliminate all of the ME and UEFI post-boot activity from the boot process.

  • Interview: Why are open-source security vulnerabilities rising? [Ed: Snyk is a FUD firm. It has been smearing Free software a lot lately in an effort to just sell its services.]
  • Security updates for Wednesday

More in Tux Machines

Los Alamos Releases File Index Product to Open Source

Today Los Alamos National Laboratory released new open source software called the Grand Unified File Index. GUFI is designed using a new, heirarchical approach to storing file metada, allowing rapid parallel searches across many internal databases. Queries that would previously have taken hours or days can now be run in seconds. Read more Also: Buzzwords: Open Source

A side-by-side comparison of MongoDB and Cassandra databases

They're both databases, obviously. More importantly, they are both examples of NoSQL databases. NoSQL is a type of database architecture in which data is stored in a relatively unstructured fashion. Compared to more traditional SQL-style databases, NoSQL can be a more efficient way of storing the large quantities of unstructured data that organizations commonly use for big data operations. MongoDB and Cassandra are also both open source -- although commercial implementations are available, too. But even in that respect, they are not identical. MongoDB is governed by GNU Affero General Public License 3.0, whereas Cassandra is subject to Apache License 2.0. Read more

This is the New Ubuntu 18.04 Default Wallpaper

You’re gawping at the brand new Ubuntu 18.04 default wallpaper. Yes, seriously! The new background image will make its appearance of tens of millions of desktops with the Ubuntu 18.04 release on April 26, 2018. Like the Ubuntu 17.10 ‘Artful Aardvark’ background new wallpaper incorprates the release mascot (which for this release is a ‘Bionic Beaver’) and is drawn using a geometric-come-origami style. Read more

Node.js Is Now Available as a Snap on Ubuntu, Other GNU/Linux Distributions

Now that Linux is the preferred development platform for developers visiting Stack Overflow, the need for running the latest versions of your favorite programming languages, frameworks and development environments has become more and more important, and Canonical's Snappy technologies are the answer. NodeSource, the organization behind Node.js, announced today they made a Snap package to allow Linux developers to more easily install the popular JavaScript runtime environment on their operating systems. Snap is a containerized, universal binary package format developed by Canonical for Ubuntu Linux. Read more