LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Thursday, March 5th, 2020
| Time |
Event |
| 1:06a |
[$] LWN.net Weekly Edition for March 5, 2020
The LWN.net Weekly Edition for March 5, 2020 is available. | | 2:10p |
Security updates for Thursday
Security updates have been issued by CentOS (http-parser and xerces-c), Debian (tomcat7), Fedora (opensmtpd), openSUSE (openfortivpn and permissions), Red Hat (http-parser, openstack-octavia, python-waitress, and sudo), Slackware (ppp), and SUSE (kernel). | | 2:54p |
KubeCon EU postponed; KubeCon China canceled KubeCon + CloudNativeCon Europe 2020, which was originally scheduled for March 30-April 2 in Amsterdam, has been postponed until July or August due to COVID-19 concerns. In addition, KubeCon + CloudNativeCon China 2020, scheduled for July in Shanghai, has been canceled " due to the uncertainty around travel to China and our ability to assemble the speakers, sponsors, and attendees necessary for a successful event". It seems likely that these are not the last conferences that will be affected in our communities. | | 4:05p |
[$] openSUSE's board turmoil Like many larger free-software projects, openSUSE has an elected board that is charged with handling various non-technical tasks: organizing events, dealing with conduct issues, managing the project's money, etc. Sitting on such a board is usually a relatively low-profile activity; development communities tend to pay more attention to technical contributions than other types of service. Every now and then, though, board-related issues burst into prominence; that is the case now in the openSUSE project, which will be holding a special election after the abrupt resignation of one-third of its board. | | 9:27p |
Stable kernels 5.5.8, 5.4.24, and 4.19.108 Greg Kroah-Hartman has announced the release of the 5.5.8, 5.4.24, and 4.19.108 stable kernels. There are fixes throughout the tree, as usual; users should upgrade. | | 11:02p |
Intel x86 Root of Trust: loss of trust The Positive Technologies blog is reporting on an unfixable flaw the company has found in Intel x86 hardware that has the potential to subvert the hardware root of trust for a variety of processors. " The EPID [Enhanced Privacy ID] issue is not too bad for the time being because the Chipset Key is stored inside the platform in the One-Time Programmable (OTP) Memory, and is encrypted. To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS). However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time. When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted." Intel has said that it is aware of the problem ( CVE-2019-0090), but since it cannot be fixed in the ROM, Intel is " trying to block all possible exploitation vectors"; the fix for CVE-2019-0090 only blocks one such vector, according to the blog post. | | 11:54p |
Bouzas: PipeWire, the media service transforming the Linux multimedia landscape Over on the Collabora blog, Julian Bouzas writes about PipeWire, which is a relatively new multimedia server for the Linux desktop and beyond. " PipeWire was originally created to only handle access to video resources and co-exist with PulseAudio. Earlier versions have already been shipping in Fedora for a while, allowing Flatpak applications to access video cameras and to implement screen sharing on Wayland. Eventually, PipeWire has ended up handling any kind of media, to the point of planning to completely replace PulseAudio in the future. The new 0.3 version is marked as a preview for audio support.
But why replace PulseAudio? Although PulseAudio already provides a working intermediate layer to access audio devices, PipeWire has to offer more features that PulseAudio was not designed to deliver, starting with a better security model, which allows isolation between applications and secure access from within containers.
Another interesting feature of PipeWire is that it unifies the two audio systems used on the desktop, JACK for low-latency professional audio and PulseAudio for normal desktop use-cases. PipeWire was designed to be able to accommodate both use cases, delivering very low latency, while at the same time not wasting CPU resources. This design also makes PipeWire a much more efficient solution than PulseAudio in general, making it a perfect fit for embedded use cases too." |
|