LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, April 23rd, 2019

    Time Event
    1:29p
    A year with Spectre: a V8 perspective
    Here's an article on the V8 blog
    describing the work that was done to mitigate Spectre vulnerabilities in
    the V8 JavaScript engine. "Our research reached the conclusion that,
    in principle, untrusted code can read a process’s entire address space
    using Spectre and side channels. Software mitigations reduce the
    effectiveness of many potential gadgets, but are not efficient or
    comprehensive. The only effective mitigation is to move sensitive data out
    of the process’s address space.    "
    3:00p
    [$] SGX: when 20 patch versions aren't enough
    Intel's "Software Guard
    Extensions    " (SGX) feature allows the creation of
    encrypted "enclaves" that cannot be accessed from the rest of the system.
    Normal code can call into an enclave, but only code running inside the
    enclave itself can access the data stored there. SGX is pitched as a way
    of protecting data from a hostile kernel; for example, an encryption key
    stored in an
    enclave should be secure even if the system as a whole is compromised.
    Support for SGX has been under development for over three years; LWN covered it in 2016. But, as can be seen from
    the response to the
    latest revision of the SGX patch set    , all that work has still not
    answered an important question: what protects the kernel against a hostile
    enclave?
    3:01p
    Security updates for Tuesday
    Security updates have been issued by CentOS (java-1.7.0-openjdk), Debian (ghostscript and wget), Gentoo (apache, glib, opendkim, and sqlite), Red Hat (kernel, kernel-alt, kernel-rt, ovmf, polkit, and python27-python), Scientific Linux (java-1.7.0-openjdk), and SUSE (php72).
    3:50p
    [$] The sustainability of open source for the long term

    The problem of "sustainability" for open-source software is a common topic of conversation in our community these days. We covered a talk by Bradley Kuhn on sustainability a month ago. Another longtime community member, Luis Villa, gave his take on the problem of making open-source projects sustainable at the 2019 Legal and Licensing Workshop (LLW) in Barcelona. Villa is one of the co-founders of Tidelift, which is a company dedicated to helping close the gap so that the maintainers of open-source projects get paid in order to continue their work.

    << Previous Day 2019/04/23
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org