LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Thursday, May 21st, 2020
Time |
Event |
1:16a |
[$] LWN.net Weekly Edition for May 21, 2020 The LWN.net Weekly Edition for May 21, 2020 is available. | 2:12p |
Security updates for Thursday Security updates have been issued by Arch Linux (keycloak, qemu, and thunderbird), Debian (dovecot), Fedora (abcm2ps and oddjob), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and kernel-rt), SUSE (ant, bind, and freetype2), and Ubuntu (bind9 and linux, linux-aws, linux-aws-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3,linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2 ). | 2:13p |
A review of open-source software supply chain attacks Here's a preprint paper from Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier looking at attacks on language-specific repositories. " Recent years saw a number of supply chain attacks that leverage the increasing use of open source during software development, which is facilitated by dependency managers that automatically resolve, download and install hundreds of open source packages throughout the software life cycle. This paper presents a dataset of 174 malicious software packages that were used in real-world attacks on open source software supply chains, and which were distributed via the popular package repositories npm, PyPI, and RubyGems. Those packages, dating from November 2015 to November 2019, were manually collected and analyzed. The paper also presents two general attack trees to provide a structured overview about techniques to inject malicious code into the dependency tree of downstream users, and to execute such code at different times and under different conditions." | 2:18p |
GNOME resolves Rothschild patent suit The patent suit filed against the GNOME Foundation last September has now been resolved. " In this walk-away settlement, GNOME receives a release and covenant not to be sued for any patent held by Rothschild Patent Imaging. Further, both Rothschild Patent Imaging and Leigh Rothschild are granting a release and covenant to any software that is released under an existing Open Source Initiative approved license (and subsequent versions thereof), including for the entire Rothschild portfolio of patents, to the extent such software forms a material part of the infringement allegation." There is no mention of what the foundation had to give — if anything — for this settlement, | 2:19p |
[$] The pseudo cpuidle driver The purpose of a cpuidle governor is to decide which idle state a CPU should go into when it has no useful work to do; the cpuidle driverthen actually puts the CPU into that state. But, at the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), Abhishek Goel presented a new cpuidle driver that doesn't actually change the processor's power state at all. Such a driver will clearly save no power, but it can be quite useful as a tool for evaluating and debugging cpuidle policies. | 5:04p |
[$] Saving frequency scaling in the data center Frequency scaling — adjusting a CPU's operating frequency to save power when the workload demands are low — is common practice across systems supported by Linux. It is, however, viewed with some suspicion in data-center settings, where power consumption is less of a concern and there is a strong emphasis on getting the most performance out of the hardware. At the 2020 Power Management and Scheduling in the Linux Kernel summit (OSPM), Giovanni Gherdovich worried that frequency scaling may be about to go extinct in data centers; he made a plea for improving its behavior for such workloads while there is still time. |
|