Wednesday, March 18th, 2020

Time	Event
2:43p	Security updates for Wednesday Security updates have been issued by Debian (libvncserver and twisted), Fedora (libxslt), Red Hat (kernel, kernel-rt, python-flask, python-pip, python-virtualenv, slirp4netns, tomcat, and zsh), Scientific Linux (kernel, python-pip, python-virtualenv, tomcat, and zsh), SUSE (apache2-mod_auth_openidc and skopeo), and Ubuntu (apport and dino-im). (Comment on this)
2:49p	Stable kernel updates Stable kernels 5.5.10, 5.4.26, and 4.19.111 have been released with important fixes. Users of those series should upgrade. (Comment on this)
3:04p	[$] Bringing encryption restrictions in through the back door Legislation recently proposed in the US Senate is ostensibly meant to combat "child sexual abuse material" (CSAM), but it does not actually do much to combat that horrible problem. Its target, instead, is the encryption of user communications, which the legislation—tellingly—never mentions. The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020, EARN IT for short, is an attempt to force online service providers (e.g. Facebook, Google, etc.) to follow a set of "best practices" determined by a commission, to combat the scourge of CSAM; the composition of that commission makes it clear that end-to-end encryption will not be one of those practices, but companies that do not follow the best practices will lose liability protection for their users' actions. It is, in brief, an attempt to force providers to either abandon true end-to-end encryption or face ruinous lawsuits—all without "seeming" to be about encryption at all. (Comment on this)
3:16p	DeVault: The reckless, infinite scope of web browsers Drew DeVault complains about the complexity of the web and the browsers that work with it. "The major projects are open source, and usually when an open-source project misbehaves, we’re able to to fork them to offer an alternative. But even this is an impossible task where web browsers are concerned. The number of W3C specifications grows at an average rate of 200 new specs per year, or about 4 million words, or about one POSIX every 4 to 6 months. How can a new team possibly keep up with this on top of implementing the outrageous scope web browsers already have now?" (Comment on this)
4:24p	Ryabitsev: Introducing b4 and patch attestation Konstantin Ryabitsev introduces the "b4" tool for kernel development. Developers and LWN readers will be familiar with b4 under its previous name: get-lore-mbox. "On top of that, b4 also introduces support for cryptographic patch attestation, which makes it possible to verify that patches (and their metadata) weren't modified in transit between developers. This is still an experimental feature, but initial tests have been pretty encouraging." See this article for early coverage of the attestation feature. (Comment on this)
10:52p	[$] Improving pretty-printing in Python The python-ideas mailing list is typically used to discuss new features or enhancements for the language; ideas that gain traction will get turned into Python Enhancement Proposals (PEPs) and eventually make their way to python-dev for wider consideration. Steve Jorgensen recently started a discussion of just that sort; he was looking for a way to add customization to the "pretty-print" module (pprint) so that objects could change the way they are displayed. The subsequent thread went in a few different directions that reflect the nature of the mailing list—and the idea itself. (Comment on this)

<< Previous Day

2020/03/18 [Calendar]

Next Day >>