LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Thursday, July 3rd, 2014
| Time |
Event |
| 12:35a |
[$] LWN.net Weekly Edition for July 3, 2014
The LWN.net Weekly Edition for July 3, 2014 is available. | | 2:22p |
Security updates for Thursday Debian has updated dbus (three
denial of service flaws).
Fedora has updated libreoffice
(F19: code execution), lzo (F20: denial of
service/possible code execution), and seamonkey (F20; F19:
multiple vulnerabilities).
openSUSE has updated gpg2 (13.1,
12.3: denial of service) and memcached
(13.1, 12.3: multiple vulnerabilities, one from 2011).
Ubuntu has updated nspr (code execution). | | 3:13p |
Schaller: Wayland in Fedora update Christian Schaller has posted an
update on Fedora's transition to the Wayland display manager. " So the summary is that while we expect to have a version of Wayland
in Fedora Workstation 21 that will be able to run a fully functional
desktop, there are some missing pieces we now know that will not make
it. Which means that since we want to ship at least one Fedora release with
a feature complete Wayland as an option before making it default, that
means that Fedora Workstation 23 is the earliest Wayland can be the
default." | | 4:49p |
OpenSSL speeds up development to avoid being “slow-moving and insular” (Ars Technica) Ars Technica reports on the OpenSSL project's new roadmap that describes a number of problems with the project and its code along with plans to address them. " The project has numerous problems, the roadmap says. These include a backlog of bug reports, incomplete and incorrect documentation, code complexity that causes maintenance problems, inconsistent coding style, a lack of code review, and having no clear release plan, platform strategy, or security strategy.
The plan is to fix all these problems. For example, bug reports should receive 'an initial response within four working days.' That goal can be met now, the roadmap says, but others will take longer. Defining a clear coding standard for the project is expected to take about three months. 'Review[ing] and revis[ing] the public API with a view to reducing complexity' will take about a year." | | 5:47p |
Schneier: NSA Targets Privacy Conscious for Surveillance Bruce Schneier has a good summary of recently reported information about the US National Security Agency (NSA) targeting of users searching for or reading information about Tor and The Amnesic Incognito Live System (Tails), which certainly could include readers of this site. " Jake Appelbaum et. al, are reporting on XKEYSCORE selection rules that target users -- and people who just visit the websites of -- Tor, Tails, and other sites. This isn't just metadata; this is "full take" content that's stored forever. [...] It's hard to tell how extensive this is. It's possible that anyone who clicked on this link -- with the embedded torproject.org URL above -- is currently being monitored by the NSA. It's possible that this only will happen to people who receive the link in e-mail, which will mean every Crypto-Gram subscriber in a couple of weeks. And I don't know what else the NSA harvests about people who it selects in this manner.
Whatever the case, this is very disturbing." Also see reports in Linux Journal (which was specifically noted in the XKeyscore rules) and Boing Boing. | | 9:10p |
3.14 to be the next longterm stable kernel
Greg Kroah-Hartman has announced that 3.14 will be the next longterm stable
kernel that he will be maintaining. It should continue to receive updates
until August 2016. | | 10:15p |
Python Foundation uncoils as membership opens up (Opensource.com) Opensource.com has an interview with Nick Coghlan, who is a newly elected Python Software Foundation (PSF) board member. In the interview, Coghlan discusses the new open membership model for the PSF, what makes Python special, how the huge investment in OpenStack is having an impact on CPython core development, and a look at the future for both Python and the PSF. " For me, the most fascinating thing about Python is the sheer breadth of the domains it competes in. In the projects I worked on at Boeing, Python became our "go to" glue language for getting different parts of a complex system to play nicely together, as well for writing simulation tools for testing environments. Linux distributions tend to use it in a similar fashion. In the scientific space it goes head to head with the likes of MATLAB for numeric computing, and R for statistical analysis. It was the original implementation language for YouTube, and the language of choice for OpenStack components, yet still simple enough to be chosen as the preferred programming language for the Raspberry Pi and One Laptop Per Child educational programs. With the likes of Maya and Blender using it as their embedded scripting engine, animation studios love it because animators can learn to handle tasks that previously had to be handled by the studios' development teams.
That diversity of use cases can make things fraught at times, especially in core development where the competing interests can often collide, but it's also a tremendous strength." | | 10:24p |
The CHERI capability model: Revisiting RISC in an age of risk (Light Blue Touchpaper) Over at the Light Blue Touchpaper blog, there is a summary of a paper [PDF] presented in late June at the 2014 International Symposium on Computer Architecture about Capability Hardware Enhanced RISC Instructions (CHERI). " CHERI is an instruction-set extension, prototyped via an FPGA-based soft processor core named BERI, that integrates a capability-system model with a conventional memory-management unit (MMU)-based pipeline. Unlike conventional OS-facing MMU-based protection, the CHERI protection and security models are aimed at compilers and applications. CHERI provides efficient, robust, compiler-driven, hardware-supported, and fine-grained memory protection and software compartmentalisation (sandboxing) within, rather than between, addresses spaces. We run a version of FreeBSD that has been adapted to support the hardware capability model (CheriBSD) compiled with a CHERI-aware Clang/LLVM that supports C pointer integrity, bounds checking, and capability-based protection and delegation. CheriBSD also supports a higher-level hardware-software security model permitting sandboxing of application components within an address space based on capabilities and a Call/Return mechanism supporting mutual distrust." |
|