All posts by corbet

How Badlock was discovered and fixed

Post Syndicated from corbet original http://lwn.net/Articles/684194/rss

This
post on the Red Hat Enterprise Linux blog
describes the discovery and
repair of the “Badlock” vulnerability. One begins to understand a little
better why it took as long as it did. “The code was rewritten; in
March 2016 the changes needed to fix all eight CVEs amounted to about 200
individual patches against a development version of Samba, with about half
of those responsible for fixing CVE-2015-5370. When backported to previous
stable Samba versions, they needed additional hundred patches. To oldest
supported Samba version — about four hundred patches. What started as an
individual snowflake became an avalanche but it wasn’t finished
yet.

[$] Maru: a pocket desktop

Post Syndicated from corbet original http://lwn.net/Articles/684010/rss

It appears to be widely accepted that the Linux desktop has achieved
limited success at best, while the Linux palmtop — in the form of
Android — has been wildly successful. The two classes of systems are
generally thought of as being quite different, but it is worth remembering
that the handsets we carry now have more computing power than the desktop
systems we were using in the recent past. Given the right peripherals, an
Android handset should be more than capable of providing a reasonable
desktop experience. The Maru
distribution
is an experiment intended to prove that point by turning a
smartphone device into a portable Debian desktop.

CoreOS “Ignition” released

Post Syndicated from corbet original http://lwn.net/Articles/683718/rss

CoreOS has announced the
release of its “Ignition” provisioning tool. “At the the most basic
level, Ignition is a tool for manipulating disks during early boot. This
includes partitioning disks, formatting partitions, writing files, and
configuring users.
” It runs as the first process — before systemd —
to get the system into the proper shape before the ordinary boot process
takes over.

The “Badlock” vulnerability

Post Syndicated from corbet original http://lwn.net/Articles/683491/rss

The details for the “Badlock” vulnerability in the SMB protocol have finally been disclosed, along with the
obligatory logo and domain name; there is no word on the availability of
hats and T-shirts yet. It is a man-in-the-middle attack that can allow an
attacker to access files in an SMB share with the permissions of the
intercepted user. “Please update your systems. We are pretty sure that there will be exploits soon.

Engineers at Microsoft and the Samba Team worked together during the past months to get this problem fixed.”

Let’s Encrypt is no longer “beta”

Post Syndicated from corbet original http://lwn.net/Articles/683472/rss

The Let’s Encrypt project, which is
working to enable encrypted communications across the web, has announced
that it has gained more sponsors and no longer considers itself to be in a
“beta” state. “Since our beta began in September 2015 we’ve issued
more than 1.7 million certificates for more than 3.8 million
websites. We’ve gained tremendous operational experience and confidence in
our systems. The beta label is simply not necessary any more.

Moglen: How Should the Free Software Movement View the Linux Foundation?

Post Syndicated from corbet original http://lwn.net/Articles/683345/rss

Eben Moglen opines on
the role of the Linux Foundation, and on GPL enforcement in general.
LF will be as favorable to copyleft as its members are. Copyleft
licensing is easy for businesses to doubt: required sharing of work that
could be instead ‘owned’ by the capital investors seems to be mere loss in
conventional calculations. I have spent most of my adult lifetime not
telling businesses that copyleft was in their interest, but educating them
about copyleft and others’ experience with it, in order to allow them to
draw their own conclusions. Experience has taught me that this process,
though uncertain and unscalable, is absolutely crucial to the attainment of
the free software movement’s fundamental objectives. It is, however, all
too easily destroyed by any form of overly aggressive copyleft enforcement
that fully confirms businesspeople’s skepticism.

The linux-stable security tree project

Post Syndicated from corbet original http://lwn.net/Articles/683335/rss

Sasha Levin has announced the creation of the “linux-stable security tree”
project. The idea is to take the current stable updates and filter out
everything that isn’t identified as a security fix. “Quite a few
users of the stable trees pointed out that on complex deployments, where
validation is non-trivial, there is little incentive to follow the stable
tree after the product has been deployed to production. There is no
interest in ‘random’ kernel fixes and the only requirements are to keep up
with security vulnerabilities.

Hutterer: Why libinput doesn’t have a lot of config options

Post Syndicated from corbet original http://lwn.net/Articles/682923/rss

Peter Hutterer writes
about the cost of configuration options
.
You see, whenever you write ‘it’s just 5 lines of code to make this
an option’, what I think is ‘once the patch is reviewed and applied, I’ll
spend two days to write test cases and documentation. I’ll need to handle
any bug reports related to this, and I’m expected to make sure this option
works indefinitely. Any addition of another feature may conflict with this
option, so I need to make sure the right combination is possible and test
cases are written.’ So your work ends after writing a 5 line patch, my work
as maintainer merely starts.

Rkt 1.3.0 released

Post Syndicated from corbet original http://lwn.net/Articles/682857/rss

Version
1.3.0
of the rkt container system has been released. “rkt
version 1.3.0 improves handling of errors within app containers, tightens
security for rkt’s modular stage1 images, and provides a more compatible
handling of volumes when executing Docker container images rather than
rkt’s native ACI image format. This release further develops the essential
support for rkt as a component of the Kubernetes cluster
orchestrator.

[$] Early packet drop — and more — with BPF

Post Syndicated from corbet original http://lwn.net/Articles/682538/rss

The Berkeley packet filter (BPF) mechanism
has been working its way into various kernel subsystems since it was
rewritten and extended in 2014. There is, it turns out, great value in an
in-kernel virtual machine that allows for the implementation of arbitrary
policies without writing kernel code. A recent patch set pushing BPF into
networking drivers shows some of the potential of this mechanism — and the
difficulty of designing its integration in a way that will stand the test
of time. If it is successful, it may change the way high-performance
networking is done on Linux systems.

Garrett: There’s more than one way to exploit the commons

Post Syndicated from corbet original http://lwn.net/Articles/682519/rss

Matthew Garrett’s
take
on the Debian-XScreenSaver disagreement is worth a read.
“Free software doesn’t benefit from distributions antagonising their
upstreams, even if said upstream is a cranky nightclub owner. Debian’s
users are Debian’s highest priority, but those users are going to suffer if
developers decide that not using free licenses improves their quality of
life. Kneejerk reactions around specific instances aren’t helpful, but now
is probably a good time to start thinking about what value Debian bring to
its upstream authors and how that can be increased.”

Garrett: There’s more than one way to exploit the commons

Post Syndicated from corbet original http://lwn.net/Articles/682519/rss

Matthew Garrett’s
take
on the Debian-XScreenSaver disagreement is worth a read.
“Free software doesn’t benefit from distributions antagonising their
upstreams, even if said upstream is a cranky nightclub owner. Debian’s
users are Debian’s highest priority, but those users are going to suffer if
developers decide that not using free licenses improves their quality of
life. Kneejerk reactions around specific instances aren’t helpful, but now
is probably a good time to start thinking about what value Debian bring to
its upstream authors and how that can be increased.”

Ubuntu on Windows

Post Syndicated from corbet original http://lwn.net/Articles/681768/rss

Dustin Kirkland announces
the availability of the Ubuntu user space on Windows 10 — a
cooperative project with Microsoft. “Finally, I imagine some of you
— long time Windows and Ubuntu users alike — are still wondering,
perhaps, ‘Why?!?’ Having dedicated most of the past two decades of my
career to free and open source software, this is an almost surreal
endorsement by Microsoft on the importance of open source to developers.
Indeed, what a fantastic opportunity to bridge the world of free and open
source technology directly into any Windows 10 desktop on the
planet.”

Ubuntu on Windows

Post Syndicated from corbet original http://lwn.net/Articles/681768/rss

Dustin Kirkland announces
the availability of the Ubuntu user space on Windows 10 — a
cooperative project with Microsoft. “Finally, I imagine some of you
— long time Windows and Ubuntu users alike — are still wondering,
perhaps, ‘Why?!?’ Having dedicated most of the past two decades of my
career to free and open source software, this is an almost surreal
endorsement by Microsoft on the importance of open source to developers.
Indeed, what a fantastic opportunity to bridge the world of free and open
source technology directly into any Windows 10 desktop on the
planet.”