Language Selection

English French German Italian Portuguese Spanish

Security: Updates, AMD, Intel, IBM/Power, Blender 3D, CES and More

Filed under
Security
  • Security updates for Friday
  • AMD processors: Not as safe as you might have thought

    In a posting. Mark Papermaster, AMD's CTO, admitted Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors. But, Papermaster wrote, "We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue."

  •  

  • AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2

    Last week in light of the Spectre disclosure. AMD believed they were at "near zero risk" to Variant Two / Branch Target Injection. But now the company confirmed last night that's not the case: they are at least potentially vulnerable.

  • AMD Confirms Its Chips Are Affected By Spectre Flaw, Starts Pushing Security Patches
  • Intel Releases Linux CPU Microcodes To fix Meltdown & Spectre Bugs

    On January 8th Intel released new Linux Processor microcode data files that can be used to mitigate the Spectre and and Meltdown vulnerabilities in Intel CPUs. Using microcode files, an operating system can fix known bugs in Intel CPU without having to perform a BIOS update on the computer.

  • Power Systems And The Spectre And Meltdown Threats

    Speculative execution is something that has been part of modern processors for well over a decade, and while it is hard to quantify how much of a performance benefit this collection of techniques have delivered, it is obviously significant enough that all CPUs, including IBM Power and System z chips, have them. And that, as the new Spectre and Meltdown security holes that were announced by Google on January 3 show, turns out to be a big problem.

    Without getting too deep into the technical details, there are many different ways to implement speculative execution, which is used to keep the many instruction pipelines and layers of cache in a processor busy doing what is hoped will be useful work. So much of what a computer does is an IF-THEN-ELSE kind of branch, and being able to pre-calculate the answers to multiple possible branches in an instruction stream is more efficient than following each path independently and calculating the answers in series. The speculative part of the execution involves using statistics to analyze patterns in data and instructions underneath an application and guessing which branches and data will be needed. If you guess right a lot of the time, then the CPU does a lot more work than it might otherwise. There are no modern processors (except for the PowerPC A2 chips used in the BlueGene/Q supercomputers from IBM) that we can find that don’t have speculative execution in some form or another, and there is no easy way to quantify how much of a performance boost it gives.

  • Blender 3D open source platform plagued with arbitrary code vulnerabilities

    Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.

  • Technologies That Secure the Home, WiFi and More Debut at CES 2018
  • What is the Future of Wi-Fi?
  • Spectre and Meltdown Attacks Against Microprocessors

    This is bad, but expect it more and more. Several trends are converging in a way that makes our current system of patching security vulnerabilities harder to implement.

  • Four Tips for a More Secure Website

    Security is a hot topic in web development with great reason. Every few months a major website is cracked and millions of user records are leaked. Many times the cause of a breach is from a simple vulnerability that has been overlooked. Here are a few tips to give you a quick overview of standard techniques for making your websites more secure. Note: I do not guarantee a secure website if you follow these suggestions, there are many facets to security that I don’t even touch in this article. This write-up is for increasing awareness about techniques used to correct some common vulnerabilities that appear in web applications.

  • What is DevSecOps? Developing more secure applications

    The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end). For example, this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.

More in Tux Machines

Graphics: XWayland, Ozone-GBM, Freedreno, X.Org, RadeonSI

  • The Latest Batch Of XWayland / EGLStream Improvements Merged
    While the initial EGLStreams-based support for using the NVIDIA proprietary driver with XWayland was merged for the recent X.Org Server 1.20 release, the next xorg-server release will feature more improvements.
  • Making Use Of Chrome's Ozone-GBM Intel Graphics Support On The Linux Desktop
    Intel open-source developer Joone Hur has provided a guide about using the Chrome OS graphics stack on Intel-based Linux desktop systems. In particular, using the Chrome OS graphics stack on the Linux desktop is primarily about using the Ozone-GBM back-end to Ozone that allows for direct interaction with Intel DRM/KMS support and evdev for input.
  • Freedreno Reaches OpenGL ES 3.1 Support, Not Far From OpenGL 3.3
    The Freedreno Gallium3D driver now supports all extensions required by OpenGL ES 3.1 and is also quite close to supporting desktop OpenGL 3.3.
  • X.Org Is Looking For A North American Host For XDC2019
    If software development isn't your forte but are looking to help out a leading open-source project while logistics and hospitality are where you excel, the X.Org Foundation is soliciting bids for the XDC2019 conference. The X.Org Foundation is looking for proposals where in North America that the annual X.Org Developers' Conference should be hosted in 2019. This year it's being hosted in Spain and with the usual rotation it means that in 2019 they will jump back over the pond.
  • RadeonSI Compatibility Profile Is Close To OpenGL 4.4 Support
    It was just a few days ago that the OpenGL compatibility profile support in Mesa reached OpenGL 3.3 compliance for RadeonSI while now thanks to the latest batch of patches from one of the Valve Linux developers, it's soon going to hit OpenGL 4.4. Legendary open-source graphics driver contributor Timothy Arceri at Valve has posted 11 more patches for advancing RadeonSI's OpenGL compatibility profile support, the alternative context to the OpenGL core profile that allows mixing in deprecated OpenGL functionality. The GL compatibility profile mode is generally used by long-standing workstation software and also a small subset of Linux games.

Software, KDE and GNOME Leftovers

  • Drawing Feynman Diagrams for Fun and Profit with JaxoDraw
    When first developed, theoretical physics was mostly done either with pen and paper or on a chalkboard. Not much thought was given as to how you could render these drawings within a document being written on a computer. JaxoDraw is meant to help fill in that gap in document layout and provide the ability to render these drawings correctly and give output you can use in your own documents. JaxoDraw is written in Java, so it should run under almost any operating system. Unfortunately, it isn't likely to be in the package repository for most distributions, so you'll need to download it from the project's website. But, because it's packaged as a jar file, it's relatively easy to run.
  • Kodi v18 Leia - Alpha 2
    We have been relatively quiet for a while and several months have past since the first pre-release Alpha build. Today we present you the second official Alpha build in this pre-release trilogy. It is a continuation of the first one which was released beginning of March and contains our continous battle against the dark side that consist of bugs and usability problems.
  • Kodi 18 Alpha 2 Released With Stability & Usability Improvements + New Wayland Code
    It's been a few months since the Kodi 18 Alpha while available today is the second alpha release of this major update to the open-source, cross-platform HTPC software. Kodi developers have been spending the past few months working on a range of stability and usability enhancements to this software formerly known as XBMC. Kodi 18's latest additions include live TV viewing improvements, Windows support improvements, continued Android integration enhancements, re-introducing Wayland protocol support, video player enhancements, and more.
  • LibreOffice color selector as GTK widgets
    Here's what the native GTK widget mode for the color picker looks like at the moment under Wayland. A GtkMenuButton displaying a color preview of the currently selected color and a GtkPopover containing the color selection widgetry.
  • TenFourFox FPR8 available
    TenFourFox Feature Parity Release 8 final is now available (downloads, hashes, release notes). There are no changes from the beta except for outstanding security patches. As usual, it will go live Monday night, assuming no changes.
KDE:
  • Latte Dock, Beta 1 for v0.8 (v0.7.95)
    Hello everyone Latte Dock v0.7.95 which is the first beta of v0.8 is here. Latte v0.8 is a huge release and one of its main goals is to make the user feel with it very natural and comfortable. [...] Important for contributors: Beta1 will last 10 days, during these days translators will be able to report string improvements at bugs.kde.org. English isnt my native language, (proof reading / simpler expanations) might be necessary. When Beta2 is released around 3 to 5 July the string freeze will take place. Beta2 period will last 10 more days. So v0.8 is scheduled for 13 to 15 Jully. During all these days improvements and fixes can be landed through review process at kde phabricator.
  • Musing About Communities Size And Activity
    If you remember my previous installment I raised a couple more questions which I pointed out as tougher to address and I'd keep on the side for a while. Well, I decided to look at something simpler in the meantime... which unexpectedly took more time than expected. First I thought I'd try to reproduce the cohesion graph from Paul's Akademy 2014 talk... but it looks like we have a reproducibility issue on that one. However hard I try I don't manage to reproduce it. What I get is very different, so either there's a bug in my tentative script or there was a bug in Paul's script or somehow the input data is different. So one more mysteries to explore, I'm at a loss about what's going on with that one so far.
  • Second Post and First Weekly
    Because of the last one, I have been refactoring related code in the last month. The refactoring is generally completed, with KisDlgInternalColorSelector being the last dependency that haven’t been moved to enable KisPaletteView to be used everywhere needed.
GNOME:
  • Ubuntu Developers Working On Improvements To GNOME Software Store
    Canonical/Ubuntu developers are working on improvements to the GNOME Software "app store" and recently held an in-person design sprint along with one upstream GNOME developer for coming up with improvements. The Ubuntu developers working on improvements to GNOME Software were joined by prolific GNOME contributor Richard Hughes for brainstorming improvements to better GNOME Software over the months to come.
  • App Launching From GNOME Shell Now More Robust Under Memory Pressure & Faster
    Right now on systems with low amounts of available system memory, GNOME Shell can sometimes fail to launch applications due to an error over not being able to allocate memory in the fork process. With the latest rounds of Glib optimizations, this should no longer be the case.
  • GNOME Web Browser is Adding a Reader Mode
    An experimental reader mode will ship in the next version of GNOME Web, aka Epiphany. The feature is already available to try in the latest development builds of the GTK Webkit-based web browser, released this week as part of the GNOME 3.29.3 milestone.

today's howtos

Wine 3.11 Released and Turok Remastered Roars on to Linux

  • Wine Announcement
    The Wine development release 3.11 is now available.
  • Wine 3.11 Brings Debugging Support For WoW64 Processes, Better Reporting Of HT CPUs
    Wine 3.11 is now available as the newest bi-weekly development release of this software for running Windows programs/games/applications on Linux and other operating systems. With Wine 3.11 there is better debugger support for WoW64 (Windows 32-bit on Windows 64-bit) processes, support for SHA256/SHA384 hashes inside ECDSA signatures, better reporting of virtual CPU cores via Hyper Threading / SMT, improvements to the standard Task Dialog, and a total of 12 known bug fixes.
  • Turok Remastered Roars on to Linux
    A remastered version of ‘Turok: Dinosaur Hunter’ has arrived on Linux. The game first found fame on the Nintendo 64 back way back in 1997, where it helped define the fledgling first-person shooter genre for an entire generation of gamers. Now a high-definition, remastered port is available to play on Linux, having stomped its way on to the Xbox One in May,