Language Selection

English French German Italian Portuguese Spanish

Security: Meltdown and Spectre, Apple and More

Filed under
Security
  • Meltdown and Spectre Linux Kernel Status

    By now, everyone knows that something “big” just got announced regarding computer security. Heck, when the Daily Mail does a report on it , you know something is bad…

    Anyway, I’m not going to go into the details about the problems being reported, other than to point you at the wonderfully written Project Zero paper on the issues involved here. They should just give out the 2018 Pwnie award right now, it’s that amazingly good.

  • Linux Kernels 4.14.13, 4.9.76, and 4.4.111 Bring More Security Fixes, Update Now

    As promised, Linux kernel maintainer Greg Kroah-Hartman released today new versions of the Linux 4.14, 4.9, and 4.4 kernel series to address some of the regressions from previous builds and fix more bugs.

    Linux kernels 4.14.13, 4.9.76 LTS, and 4.4.111 LTS are now available for download from kernel.org, and they include more fixes against the Spectre security vulnerability, as well as some regressions from the Linux 4.14.12, 4.9.75 LTS, and 4.4.110 LTS kernels released last week, as some reported minor issues.

  • Red Hat Researchers: Spectre Chip Vulnerability Likely Worse For VMs Than Containers
  • Watching the meltdown.

    I have been watching Meltdown and Spectre unfold from the sidelines. Other than applying available updates, I'm just watching and absorbing the process of the disclosure. This one appears mid way along a long road.

    I teach mostly administrators. I teach some developers. I teach those in, or desiring to be in, infosec. I like teaching security topics. I think securing systems requires more people thinking about security from the beginning of design and as an everyday, no big deal part of life. A question I ask with these newsworthy issues is what normal practices can mitigate even part of the problems?  There are two big basics - least privilege and patch management - to always keep in mind. Issues like ShellShock and Venom were mostly mitigated from the beginning with SElinux enabled (least privilege) and WannaCry had little impact on those systems patched long ago when the SMB bug was first found and fixed.

    However, in some cases, both exploits and accidents come from doing something that no one else thought of trying. This is why I like open source. There is the option (not always used) for more people trying different things and finding better uses as well as potential flaws. Any type of cooperation and collaboration can be the source of some of these findings including pull requests, conference talks, or corporations working with academic research projects.

  • macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password

    A bug report submitted on Open Radar this week reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.

  • Open Source Security Podcast: Episode 77 - npm and the supply chain

    Josh and Kurt talk about the recent npm happenings. What it means for the supply chain, and we end with some thoughts on how maybe none of this matters.

More in Tux Machines

Ubuntu 18.10 (Cosmic Cuttlefish) Screenshot Tour and Statistics

  • Ubuntu 18.10 (Cosmic Cuttlefish) Screenshot Tour | What’s New
    Here we are going to take a screenshot tour of the latest release Ubuntu 18.10 (Cosmic Cuttlefish). Let’s go through the recent changes since the earlier long term support release Ubuntu 18.04 (Bionic Beaver). Ubuntu 18.10 (Cosmic Cuttlefish) introduces major user interface changes and more mature interface since Canonical decided ditching Unity desktop environment. Cosmic release ships with Gnome Shell 3.30.1 desktop environment for its main Desktop release and there are more variants of desktop environments you could choose from, check the release notes for further information. The default desktop and login screen “GDM” features the Cuttlefish background with the usual color scheme for Ubuntu desktop releases. It comes with multiple colorful and cheering desktop backgrounds. I will leave a link down below if you are interested to download the default Wallpapers for Ubuntu 18.10 (Cosmic Cuttlefish).
  • Canonical and Ubuntu – user statistics
    Then you arrive at the story of Canonical and Ubuntu and things aren’t quite so clear anymore, lines are blurred. Ubuntu appears everywhere, sometimes accompanied by Canonical, but frequently not. Then sometimes Canonical tries to make an appearance alone and everyone is left asking ‘what is Canonical?’ Well, no more. No more shall wondering what Canonical is be akin to a quiz question of who was the fourth Destiny’s Child. (Answer at the end) We all know Ubuntu, it’s the most popular open source operating system (OS) in the world, loved by developers for a multitude of reasons, it’s where innovation happens, and it’s everywhere. Canonical is described by Wikipedia (let’s face it that’s where your Google search takes you) as a UK-based, “privately held computer software company founded and funded by South African entrepreneur Mark Shuttleworth to market commercial support and related services for Ubuntu and related projects.” Well, that’s pretty accurate, but it doesn’t tell the whole story. You see, Canonical is passionate about Ubuntu. We love it. We all use it and we want everyone else to use the OS because we think it’s the best around and it’ll make your lives a lot easier. Canonical is full of people working on improving and adding to Ubuntu, from the OS to things that rely on the OS at the core but are more related to things such as Kubernetes, yes we really do Kubernetes, or OpenStack, AI/ML, and a whole host of technologies related to the internet of things (IoT).

today's howtos

Licensing in Kate and Other KDE News/Changes

  • MIT licensed KSyntaxHighlighting usage
    With the KDE Frameworks 5.50 release, the KSyntaxHighlighting framework was re-licensed to the MIT license. This re-licensing only covers the actual code in the library and the bundled themes but not all of the syntax highlighting definition data files. One of the main motivation points was to get QtCreator to use this, if possible, instead of their own implementation of the Kate highlighting they needed to create in the past due to the incompatible licensing of KatePart at that time (and the impossibility to do a quick split/re-licensing of the parts in question).
  • This week in Usability & Productivity, part 41
  • KDE Will Now Set Scale Factor For GTK Apps, Plasma Gets Other Scaling & UI Polishing Too
    KDE developer Nate Graham is out with his weekly recap of interesting development activities impacting Plasma, Frameworks, and the Applications stack. When the display scaling factor for KDE is set to an integer, KDE will now export that as well to the GNOME/GTK environment variables of GDK_SCALE/GDK_DPI_SCALE, for helping out GTK applications running on the KDE desktop so they should still scale appropriately. The Wayland behavior was already correct while this should help out GTK X11 applications. The GNOME/GTK scaling though only supports scaling by integer numbers.

Graphics: NVIDIA, Kazan, Sway and Panfrost

  • NVIDIA Developers Express Interest In Helping Out libc++/libstdc++ Parallel Algorithms
    NVIDIA developers have expressed interest in helping the open-source GCC libstdc++ and LLVM Clang libc++ standard libraries in bringing up support for the standardized parallel algorithms. C++17 brings parallelized versions for some of the algorithms exposed by the C++ standard library, but sadly GCC's libstdc++ and LLVM's libc++ do not yet support these parallel algorithms while the rest of their C++17 support is in great shape. Going back over a year Intel has been interested in contributing parallel support code to these C++ standard libraries that could be shared by both projects. The Intel path builds in abstractions for supporting different underlying thread/parallelism APIs.
  • The Rust-Written Kazan Vulkan Driver Lights Up Its Shader Compiler
    This week the Kazan project (formerly known as "Vulkan-CPU") celebrated a small but important milestone in its trek to having a CPU-based Vulkan software implementation. As a refresher, Kazan is the project born as Vulkan-CPU during the 2017 Google Summer of Code. The work was started by student developer Jacob Lifshay and he made good progress last summer on the foundation of the project and continued contributing past the conclusion of that Google-funded program. By the end of the summer he was able to run some simple Vulkan compute tests. He also renamed Vulkan-CPU to Kazan (Japanese for "volcano").
  • Sway 1.0 Beta Released - Offers 100% Compatibility With i3 Window Manager
    The Sway Wayland compositor inspired by X11's i3 window manager is now up to its beta ahead of the big 1.0 release. Sway 1.0 Beta offers "100%" compatibility with the i3 window manager. The Sway 1.0 release has also been working on many other changes including improved window handling, multi-GPU support, virtual keyboard protocol, real-time video capture, tablet support, and many other changes.
  • Panfrost Open-Source GPU Driver Continues Advancing For Mali GPUs
    The Panfrost open-source, community-driven, reverse-engineered graphics driver for ARM Mali graphics processors continues panning out pretty well. Alyssa Rosenzweig has provided an update this weekend on the state of Panfrost for open-source Mali 3D support. The developers involved have been working out some texture issues, various OpenGL / GLES issues around GLMark2, and support now for running Wayland's Weston reference compositor.