LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, February 9th, 2021

    Time Event
    3:15p
    Cook: security things in Linux v5.8
    Kees Cook catches
    up with the security-related changes     in the 5.8 kernel release.
    "With this in place, Jump-Oriented Programming (JOP, where code
    gadgets are chained together with jumps and calls) is no longer available
    to the attacker. An attacker’s code must make direct function calls. This
    basically reduces the 'usable' code available to an attacker from every
    word in the kernel text to only function entries (or jump targets). This is
    a 'low granularity' forward-edge Control Flow Integrity (CFI) feature,
    which is important (since it greatly reduces the potential targets that can
    be used in an attack) and cheap (implemented in hardware). It’s a good
    first step to strong CFI, but (as we’ve seen with things like CFG) it isn’t
    usually strong enough to stop a motivated attacker.    "
    4:44p
    Security updates for Tuesday
    Security updates have been issued by CentOS (flatpak), Debian (connman, golang-1.11, and openjpeg2), Fedora (pngcheck), Mageia (php, phppgadmin, and wpa_supplicant), openSUSE (privoxy), Oracle (flatpak and kernel), Red Hat (qemu-kvm-rhev), SUSE (kernel, python-urllib3, and python3), and Ubuntu (firefox).
    4:44p
    Pattern matching accepted for Python
    The Python steering council has, after some discussion, accepted the
    controversial proposal to add a
    pattern-matching primitive     to the language.
    "We acknowledge that
    Pattern Matching is an extensive change to Python and that reaching
    consensus across the entire community is close to impossible. Different
    people have reservations or concerns around different aspects of the
    semantics and the syntax (as does the Steering Council). In spite of this,
    after much deliberation, reviewing all conversations around these PEPs, as
    well as competing proposals and existing poll results, and after several
    in-person discussions with the PEP authors, we are confident that Pattern
    Matching as specified in PEP 634, et al, will be a great addition to the
    Python language.    "
    7:31p
    Jordan: ktest: Automated Testing For Kernel Programmers
    Daniel Jordan looks at
    ktest     on the Oracle Linux blog. "Where ktest is especially
    useful, though, is in its ability to do these things for each patch in a
    series, thereby freeing you from a significant amount of tedium. For your
    chosen configs, the series will be cleanly bisectable and won't trigger
    upstream build bots with easily avoided errors and warnings
    mid-series. (Those bots are nice for less common configs though.) Code
    reviewers' moods improve too because each patch will stand alone with all
    the necessary code.    "
    9:52p
    The 2021 Season of Docs application for organizations is open
    Google Open Source has announced
    the 2021 edition of Season of
    Docs    . "In 2021, the Season of Docs program will continue to
    support better documentation in open source and provide opportunities for
    skilled technical writers to gain open source experience. In addition,
    building on what we’ve learned from the successful 2019 and 2020 projects,
    we’re expanding our focus to include learning about effective metrics for
    evaluating open source documentation.    " Open source organizations may
    apply to take part in Season of Docs until March 26.

    << Previous Day 2021/02/09
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org