LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, August 26th, 2014

    Time Event
    12:28p
    Kernel prepatch 3.17-rc2
    Linus has released 3.17-rc2 a little later
    than might have been expected. "So I deviated from my normal Sunday
    schedule partly because there wasn't much there (I blame the KS and
    LinuxCon), but partly due to sentimental reasons: Aug 25 is the anniversary
    of the original Linux announcement ('Hello everybody out there using
    minix'), so it's just a good day for release announcements.    "
    1:15p
    The poisoned NUL byte, 2014 edition (Project Zero)
    For those interested in the gory details of a complex exploit, Google's
    Project Zero page describes
    the process     of getting arbitrary code execution from a single NUL byte
    written to the heap by glibc in an off-by-one error. "The main point of
    going to all this effort is to steer industry narrative away from quibbling
    about whether a given bug might be exploitable or not. In this specific
    instance, we took a very subtle memory corruption with poor levels of
    attacker control over the overflow, poor levels of attacker control over
    the heap state, poor levels of attacker control over important heap content
    and poor levels of attacker control over program flow. Yet still we were
    able to produce a decently reliable exploit! And there’s a long history of
    this over the evolution of exploitation: proclamations of
    non-exploitability that end up being neither advisable nor correct.    "
    3:54p
    Tuesday's security advisory
    Today we have only one security advisory.
    Ubuntu has updated openjdk-7 (14.04: fixes a regression in a
    previous update).
    11:13p
    Cluetrain at Fifteen (Linux Journal)
    Doc Searls looks
    back     over the fifteen years that have passed since he (along with Chris
    Locke, David Weinberger and Rick Levine) wrote "The Cluetrain Manifesto". "What we had in mind was much fresher to me in the Summer of 2000, when I worked with Jason Schumaker, another Linux Journal editor, on an interview about Cluetrain and its relevance to Linux. What we ended up with was too long for both the magazine and our website at the time, so the project got sidelined and eventually buried in archival directories, where it stayed until this morning, when I found it during a search for something else. Reading it, I realized that I had come across a kind of time capsule."

    << Previous Day 2014/08/26
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org