Wednesday, August 18th, 2021

Time	Event
12:30a	[$] STARTTLS considered harmful The use of Transport Layer Security (TLS) encryption is ubiquitous on today's internet, though that has largely happened over the last 20 years or so; the first public version of its predecessor, Secure Sockets Layer (SSL), appeared in 1995. Before then, internet protocols were generally not encrypted, thus providing fertile ground for various types of "meddler-in-the-middle" (MitM) attacks. Later on, the STARTTLS command was added to some protocols as a backward-compatible way to add TLS support, but the mechanism has suffered from a number of flaws and vulnerabilities over the years. Some recent research, going by the name "NO STARTTLS", describes more, similar vulnerabilities and concludes that it is probably time to avoid using STARTTLS altogether. (Comment on this)
3:33p	Security updates for Wednesday Security updates have been issued by Debian (haproxy), Fedora (c-ares, hivex, kernel, libtpms, newsflash, python-django, rust-gettext-rs, and rust-gettext-sys), openSUSE (c-ares and libsndfile), Scientific Linux (cloud-init, edk2, exiv2, firefox, kernel, kpatch-patch, microcode_ctl, sssd, and thunderbird), SUSE (c-ares, fetchmail, haproxy, kernel, libmspack, libsndfile, rubygem-puma, spice-vdagent, and webkit2gtk3), and Ubuntu (exiv2, haproxy, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, and linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.11, linux-oracle, linux-raspi). (Comment on this)
3:38p	Three stable kernels Stable kernels 5.13.12, 5.10.60, 5.4.142 have been released. As usual, there are important fixes and users should upgrade. (Comment on this)
8:47p	[$] PEP 649 revisited Back in June, we looked at a change to Python annotations, which provide a way to associate metadata, such as type information, with functions. That change was planned for the upcoming Python 3.10 release, but was deferred due to questions about it and its impact on run-time uses of the feature. The Python steering council felt that more time was needed to consider all of the different aspects of the problem before deciding on the right approach; the feature freeze for Python 3.10 was only around two weeks off when the decision was announced on April 20. But now, there is most of a year before another feature freeze, which gives the council (and the greater Python development community) some time to discuss it at a more leisurely pace. (Comment on this)
9:04p	"The kernel report" online, August 26 As part of the ramp-up to the 2021 Linux Plumbers Conference, LWN editor Jonathan Corbet will be presenting a version of "The kernel report" at 9:00AM US/Mountain time (15:00 UTC) on Thursday, August 26. Registration for LPC is not required; all are welcome for an update on the state of kernel development and a perspective on 30 years of the Linux kernel. Please come for an interesting discussion and to help the LPC crew stress-test the 2021 infrastructure. The talk will be happening at meet.lpc.events; the more the merrier. (Comment on this)

<< Previous Day

2021/08/18 [Calendar]

Next Day >>