All posts by corbet

Keen: The case against upstream packaging

Post Syndicated from corbet original

Arch maintainer Kyle Keen speaks out against direct
delivery of software by upstream projects. “Maintainers’ greatest
power is the ability to outright say ‘This is not good enough for our
users’ and consequently punish an ISV by either patching out the offensive
part or in extreme cases removing the software from the repositories. ISVs
know this and so don’t act out. After 20 years of enforced good behavior
this has lead to the idea of ISVs as ‘the benevolent upstream developer.’
This is why Linux doesn’t have spyware, doesn’t come with browser toolbars,
doesn’t bundle limited trials, doesn’t nag you to purchase and doesn’t
pummel you with advertising.

[$] Kernel building with GCC plugins

Post Syndicated from corbet original

It has long been understood that static-analysis tools can be useful in
finding (and defending against) bugs and security problems in code. One of
the best places to implement
such tools is in the compiler itself, since much of the work required to
analyze a program is already done in the compilation process. Despite the
fact that GCC has had the ability to support security-oriented plugins for
some years, the mainline kernel has never adopted any such plugins. That
situation looks likely to change with the 4.8 kernel release, though.

Lortie: Gtk 4.0 is not Gtk 4

Post Syndicated from corbet original

Allison Lortie writes
about a new proposed GTK release scheme
that may take some getting used
Meanwhile, Gtk 4.0 will not be the final stable API of what we would
call ‘Gtk 4’. Each 6 months, the new release (Gtk 4.2, Gtk 4.4, Gtk 4.6)
will break API and ABI vs. the release that came before it. These
incompatible minor versions will not be fully parallel installable; they
will use the same pkg-config name and the same header file directory. We
will, of course, bump the soname with each new incompatible release — you
will be able to run Gtk 4.0 apps alongside Gtk 4.2 and 4.4 apps, but you
won’t be able to build them on the same system. This policy fits the model
of how most distributions think about libraries and their ‘development
” Only the last release in each major number series
(expected every two years) would have a stable API. Read the whole thing
to fully understand what is being proposed.

Mourning Hans-Jürgen Koch

Post Syndicated from corbet original

Thomas Gleixner wrote the following to us: The Linux Kernel community is
mourning the passing of Hans-Jürgen Koch. Hans
was a free-software enthusiast and an active contributor. He worked on Radio
Data System support both in kernel and user space and was the main author and
maintainer of the UIO subsystem and contributed in various ways to the Linux
kernel as a professional and hobbyist. He authored a UIO book, gave
talks at various open-source conferences, and served as a member of the
Linuxtag program committee.

His calm and modest nature made it a pleasure to work with him. Meeting him in
person was always a enjoyable experience. His interests spanned a broad range
from literature, music and history to politics and engagement for the german
branch of Friends of the Earth. His wicked sense of humor along with his
always ready to be told bag of anecdotes enlivened quite some social events.

He will be sorely missed and our thoughts are with his family and friends.

Kernel prepatch 4.7-rc3

Post Syndicated from corbet original

The third 4.7 prepatch is out for testing.
Linus says: “The diffstat looks fairly normal and innocuous. There’s
more of a filesystem component to it than usual, but that’s mostly some
added new btrfs tests, and if you ignore that part it’s all the normal
stuff: drivers dominate (gpu and networking drivers are the bulk, but
there’s i2c, rdma, …) with some arch updates, and general networking
code. And the usual random stuff all over.

Tschacher: Typosquatting programming language package managers

Post Syndicated from corbet original

Nikolai Tschacher demonstrates
how easy it is
to run arbitrary code by way of “typosquatting” uploads
to programming language download sites. “Because everybody can
upload any package on PyPi, it is possible to create packages which are
typo versions of popular packages that are prone to be mistyped. And if
somebody unintentionally installs such a package, the next question comes
intuitively: Is it possible to run arbitrary code and take over the
computer during the installation process of a package?
” He tried an
experiment and was able to run a little program that phoned home from
thousands of systems.

Maru OS now freely available

Post Syndicated from corbet original

The Maru OS handset distribution (reviewed
in April) has moved out of the beta-test period and is now freely
downloadable without an invitation. Maru functions as both an Android
handset and an Ubuntu desktop (when connected to an external monitor). For
now, it remains limited to Nexus 5 handsets.
Now that the beta program is over, I’m finally turning my attention
to the open-source project so we can expand device support with the help of
the community. Let’s get Maru in the hands of a lot more people!

The Qt Automotive Suite launches

Post Syndicated from corbet original

The Qt Blog announces
the launch
of the Qt Automotive Suite. “With cumulative
experience from over 20 automotive projects it was noted how Qt is really
well suited to the needs of building IVIs and Instrument Clusters, that
there were already millions of vehicles on the road with Qt inside, and
that there were a lot of ongoing projects. There was though a feeling that
things could be even better, that there were still a few things holding
back the industry, contributing to the sense that shipped IVI systems could
be built faster, cheaper and with a higher quality.

[$] Distributors ponder a systemd change

Post Syndicated from corbet original

Linux users tend to pride themselves on their position at the leading edge
of a fast-moving development community. But, in truth, much of what we do
is rooted in many decades of Unix tradition, and we tend to get grumpy when
young developers show up and start changing things around. A recent change of
default in systemd represents such a change and the kind of response that
it brings out; as a result, Linux distributors are going to have to make a
decision on whether they should preserve the way things have always worked
or make a change that, while potentially disruptive to users, is arguably a
step toward more predictable, controllable, and secure behavior.

Kernel prepatch 4.7-rc2

Post Syndicated from corbet original

The second 4.7 prepatch is now available
for testing. Linus says: “There’s a late non-fix I took even though
the merge window is over, because I’ve been wanting it for a while. I doubt
anybody notices the actual effects of a pty change/cleanup that means that
our old disgusting DEVPTS_MULTIPLE_INSTANCES kernel config option is gone,
because the cleanup means that it is no longer needed.
” For details
on this change, see this article from last
week’s Kernel Page.

Nextcloud launches

Post Syndicated from corbet original

For those who have been wondering about the exodus from ownCloud, the announcement of a company called
“Nextcloud” should make things clear. “Started by the well known
open source file sync and share developer Frank Karlitschek and joined by
the most active contributors to his previous project, building on its
mature code base, we offer a more reliable and sustainable solution for
users and customers. We will develop a drop-in replacement for that legacy
code base over the coming weeks, providing the bug fixes and security
hardening all users need and the Enterprise Subscription capabilities
enterprise customers require.

See also this
blog post
from Jos Poortvliet.

[$] Containers, pseudo TTYs, and backward compatibility

Post Syndicated from corbet original

There is no doubt that the addition of container
technologies to Linux has created a lot of value,
allowing workloads to be effectively and efficiently isolated from each other.
Implementing these technologies presents a number of challenges,
particularly as much of Linux and Unix was designed to use singletons:
objects of which there could never ever be more than one, such as
host names, network routing tables, or process-ID namespaces.
Containers require this design approach to be revised as they need
multiple instances of these objects. A
singleton that has been causing problems recently is the set of pseudo
terminals (TTYs).

Click below (subscribers only) for the full article from Neil Brown.

Hertz: Abusing privileged and unprivileged Linux containers

Post Syndicated from corbet original

white paper by Jesse Hertz [PDF]
examines various ways to compromise and
escape from containers on Linux systems. “A common configuration for
companies offering PaaS solutions built on containers is to have multiple
customers’ containers running on the same physical host. By default, both
LXC and Docker setup container networking so that all containers share the
same Linux virtual bridge. These containers will be able to communicate
with each other. Even if this direct network access is disabled (using the
–icc=false flag for Docker, or using iptables rules for LXC), containers
aren’t restricted for link-layer traffic. In particular, it is possible
(and in fact quite easy) to conduct an ARP spoofing attack on another
container within the same host system, allowing full middle-person attacks
of the targeted container’s traffic.

The CoreOS “Torus” distributed storage system

Post Syndicated from corbet original

CoreOS has announced
a new project called Torus which is creating a distributed storage system
for containers. “At its core, Torus is a library with an interface
that appears as a traditional file, allowing for storage manipulation
through well-understood basic file operations. Coordinated and checkpointed
through etcd’s consensus process, this distributed file can be exposed to
user applications in multiple ways. Today, Torus supports exposing this
file as block-oriented storage via a Network Block Device (NBD). We also
expect that in the future other storage systems, such as object storage,
will be built on top of Torus as collections of these distributed files,
coordinated by etcd.
” The project is quite young, and the current
release is a “prototype version.”

Rutkowska: Security challenges for the Qubes build process

Post Syndicated from corbet original

Qubes founder Joanna Rutkowska writes about how Qubes
works to avoid building compromised software
into its distribution.
Ultimately, we would like to introduce a multiple-signature scheme,
in which several developers (from different countries, social circles,
etc.) can sign Qubes-produced binaries and ISOs. Then, an adversary would
have to compromise all the build locations in order to get backdoored
versions signed. For this to happen, we need to make the build process
deterministic (i.e. reproducible). Yet, this task still seems to be years
ahead of us.