All posts by corbet

Chamberlain v. Home Assistant

Post Syndicated from corbet original https://lwn.net/Articles/950696/

The developers of Home Assistant, which has recently been covered here, have announced
that they will be removing support for Chamberlain and Liftmaster
garage-door openers after being locked out by the company.

Because we cannot continue to work around Chamberlain Group if they
keep blocking access to third parties, the MyQ integration will be
removed from Home Assistant in the upcoming 2023.12 release on
December 6, 2023. We are very disappointed that it has come to this
and sincerely hope that Chamberlain Group is willing to reconsider
its position.

Longtime readers may remember that Chamberlain tried to use the DMCA to block the use of
third-party remotes nearly 20 years ago.

Canonical reveals more details about Ubuntu Core Desktop (Register)

Post Syndicated from corbet original https://lwn.net/Articles/950695/

The Register attended
a talk about Ubuntu’s upcoming Core Desktop immutable distribution.

We suspect that Core Desktop might yet be the tool that validates
Canonical’s Snap format and helps to overcome some of the
resistance it faces. Snap’s single-file distribution format is
simple and enables transactional installation – including,
critically, rollback – without a fancy filesystem underneath, or
elaborate distribution methods such as libostree.

Security updates for Wednesday

Post Syndicated from corbet original https://lwn.net/Articles/950694/

Security updates have been issued by Debian (python-urllib3 and tang), Fedora (chromium, mlpack, open-vm-tools, and salt), Red Hat (avahi, binutils, buildah, c-ares, cloud-init, containernetworking-plugins, cups, curl, dnsmasq, edk2, flatpak, frr, gdb, ghostscript, glib2, gmp, grafana, haproxy, httpd, mod_http2, java-21-openjdk, kernel, krb5, libfastjson, liblouis, libmicrohttpd, libpq, libqb, librabbitmq, LibRaw, libreoffice, libreswan, libssh, libtiff, libvirt, libX11, linux-firmware, mod_auth_openidc, ncurses, nghttp2, opensc, pcs, perl-CPAN, perl-HTTP-Tiny, podman, procps-ng, protobuf-c, python-cryptography, python-pip, python-tornado, python-wheel, python3.11, python3.11-pip, python3.9, qemu-kvm, qt5 stack, runc, samba, samba, evolution-mapi, openchange, shadow-utils, skopeo, squid, sysstat, tang, tomcat, toolbox, tpm2-tss, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (sudo), SUSE (squid), and Ubuntu (python-urllib3).

Sponsorship for the Openwall lists

Post Syndicated from corbet original https://lwn.net/Articles/950538/

Alexander “Solar Designer” Peslyak, the longtime maintainer of the
oss-security and linux-distros mailing lists, has announced
that this work has gained a sponsor:

After 15+ years of being a 100% volunteer effort, Openwall’s
maintenance of oss-security and (linux-)distros is finally
sponsored by the OpenSSF, a project of the Linux Foundation. This
sponsorship does not provide the Linux Foundation with the ability
to set policies for community resources managed by Openwall. I am
grateful for the support, which will help ensure continued
operation of these resources on a new level while retaining
independence.

As part of this arrangement, Peslyak is now producing statistics on
vulnerability handling; the first
set for 2023 has been posted.

Fedora 39 released

Post Syndicated from corbet original https://lwn.net/Articles/950524/

Fedora
39 has been released, one day after the Fedora project’s 20th
anniversary. See the list of
approved changes and this Fedora
Magazine article for more information.

As always, we’ve updated many, many other packages as we work to
bring you the best of everything the free and open source software
world has to offer. Fedora Linux 39 includes gcc 13.2, binutils
2.40, glibc 2.38, gdb 13.2, and rpm 4.19. It also has updates to
popular programming language stacks, including Python 3.12 and Rust
1.73.

Security updates for Tuesday

Post Syndicated from corbet original https://lwn.net/Articles/950523/

Security updates have been issued by Debian (trapperkeeper-webserver-jetty9-clojure), Mageia (libsndfile, packages, thunderbird, and x11-server), Oracle (.NET 6.0), SUSE (kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, redis, and squid), and Ubuntu (gsl).

[$] The BPF-programmable network device

Post Syndicated from corbet original https://lwn.net/Articles/949960/

Containers and virtual machines on Linux communicate with the world via
virtual network devices. This arrangement makes the full power of the
Linux networking stack available, but it imposes the full overhead of that
stack as well. Often, the routing of this networking traffic can be
handled with relatively simple logic; the BPF-programmable network device,
which was merged for the 6.7 kernel release, makes it possible to avoid
expensive network processing, in at least some cases.

First handset with MTE on the market (Project Zero)

Post Syndicated from corbet original https://lwn.net/Articles/950123/

The Google Project Zero blog celebrates
the launch of the Pixel 8 handset, the first to make use of Arm’s
Memory Tagging Extension (MTE). Linux has supported MTE since the 5.10 release in 2020,
but that support has only now shown up (in experimental form) in an
available handset.

I think this is a huge improvement for the general security of the
device – many zero-click attack surfaces involve large amounts of
unsafe C/C++ code, whether that’s WebRTC for calling, or one of the
many media or image file parsing libraries. MTE is not a silver
bullet for memory safety – but the release of the first production
device with the ability to run almost all user-mode applications
with synchronous-MTE is a huge step forward, and something that’s
worth celebrating!

The article includes detailed instructions for how to turn the MTE feature
on.

OpenELA’s first code drop

Post Syndicated from corbet original https://lwn.net/Articles/950104/

The Open Enterprise Linux Association, a
joint venture founded by CIQ, Oracle, and SUSE, has announced
its first code release.

OpenELA is excited to announce that the source code for all
packages necessary for anyone to build a derivative Enterprise
Linux operating system is now available. The initial focus is on
EL8 and EL9, and packages for EL7 are forthcoming. The project is
committed to ensuring the continued availability of EL sources to
the community indefinitely.

The organization has also announced a technical
steering committee made up of “highly experienced individuals from
the founding companies“.

[$] The first half of the 6.7 merge window

Post Syndicated from corbet original https://lwn.net/Articles/949294/

As of this writing, 9,842 non-merge changesets have found their way into
the mainline repository since the 6.7 merge window opened. Nearly a third
of those consist of the entire bcachefs development history but, even
discounting that, there has been a lot of material landing for the next
release. Read on for a summary of the most interesting changes pulled so
far in this development cycle.

[$] Guest-first memory for KVM

Post Syndicated from corbet original https://lwn.net/Articles/949277/

One of the core objectives of any confidential-computing implementation is
to protect a guest system’s memory from access by actors outside of the
guest itself. The host computer and hypervisor are part of the group that
is to be excluded from such access; indeed, they are often seen as
threat in their own right. Hardware vendors have added features like memory
encryption to make memory inaccessible to the host, but such features can
be difficult to use and are not available on all CPUs, so there is ongoing
interest in software-only solutions that can improve confidentiality. The
guest-first
memory patch set, posted by Sean Christopherson and containing work by
several developers, looks poised to bring some software-based protection to
an upcoming kernel release.

Evans: Confusing git terminology

Post Syndicated from corbet original https://lwn.net/Articles/949833/

Julia Evans has posted a list of
confusing Git terms and behavior along with explanations of what is
actually going on.

“Your branch is up to date with ‘origin/main’”

This message seems straightforward – it’s saying that your main branch is
up to date with the origin!

But it’s actually a little misleading. You might think that this means that
your main branch is up to date. It doesn’t. What it actually means is – if
you last ran git fetch or git pull 5 days ago, then your main branch is up
to date with all the changes as of 5 days ago.

So if you don’t realize that, it can give you a false sense of security.

Help wanted at LWN

Post Syndicated from corbet original https://lwn.net/Articles/949461/

LWN.net is looking to hire a full-time writer/editor to help us keep the
news flowing and to expand our content in areas of interest to our readers.
We are certain that the person we need is out there somewhere, and are
counting on help from LWN readers to find them. Read on for details on who
we are looking for and how we see them fitting in here.

Garrett: Why ACPI?

Post Syndicated from corbet original https://lwn.net/Articles/949625/

Matthew Garrett explains
why ACPI exists and why it is not as bad a thing as some think.

There’s an alternative universe where we decided to teach the
kernel about every piece of hardware it should run on. Fortunately
(or, well, unfortunately) we’ve seen that in the ARM world. Most
device-specific simply never reaches mainline, and most users are
stuck running ancient kernels as a result. Imagine every x86 device
vendor shipping their own kernel optimised for their hardware, and
now imagine how well that works out given the quality of their
firmware. Does that really seem better to you?