All posts by jake

[$] OpenPGP signature spoofing using HTML

Post Syndicated from jake original https://lwn.net/Articles/767717/rss

Beyond just encrypting messages, and thus providing secrecy, the OpenPGP
standard also enables digitally signing messages to authenticate
the sender. Email applications and plugins usually verify these
signatures automatically and will show whether an email contains a valid
signature. However, with a surprisingly simple attack, it’s often possible
to fool
users by faking — or spoofing — the indication of a valid signature using
HTML email.

[$] A status update for virgl

Post Syndicated from jake original https://lwn.net/Articles/767970/rss

At the 2018 X.Org Developers
Conference
, Elie Tournier gave an update on the state of the Virgil (or virgl) virtual 3D GPU for
QEMU. He looked at the project’s history along with what has
happened with it over the last year or so. As is usual in a status update
talk, he finished with some thoughts about future plans for virgl. For the
last year, Tournier has been working on virgl for Collabora.

[$] Advances in Mesa continuous integration

Post Syndicated from jake original https://lwn.net/Articles/767556/rss

Continuous integration (CI) has become increasingly prevalent in open-source
projects over the last few years. Intel has been active in building CI
systems for graphics, both for the kernel
side
and for the Mesa-based
user-space side of the equation. Mark Janes and Clayton Craft gave a
presentation on Intel’s Mesa CI system at the 2018 X.Org Developers
Conference
(XDC), which was held in A Coruña, Spain in late September.
The Mesa CI system is one of the earliest successful CI initiatives in open
source that he
knows of, Janes said. It is a core component of Mesa development,
especially at Intel.

[$] What’s a CPU to do when it has nothing to do?

Post Syndicated from jake original https://lwn.net/Articles/767630/rss

It would be reasonable to expect doing nothing to be an easy, simple task
for a kernel, but it isn’t. At Kernel Recipes 2018, Rafael
Wysocki discussed what CPUs do when they don’t have anything to do, how
the kernel handles this, problems inherent in the current strategy, and
how his recent rework of the kernel’s idle loop has improved power
consumption on systems that aren’t doing anything.

Microsoft joins LOT Network, helping protect developers against patent assertions

Post Syndicated from jake original https://lwn.net/Articles/767650/rss

Microsoft has announced that it has joined the LOT Network, which is an organization set up to help thwart patent trolls by licensing any member’s patents to all members if they end up in the hands of a troll. “What does all of this mean for you if you’re a software developer or in the technology business? It means that Microsoft is taking another step to help stop patents from being asserted against you by companies running aggressive monetization campaigns. It also means that Microsoft is aligning with other industry leaders on this topic and committing to do more in the future to address IP risk. By joining the LOT network, we are committing to license our patents for free to other members if we ever transfer them to companies in the business of asserting patents. This pledge has immediate value to the nearly 300 members of the LOT community today, which covers approximately 1.35 million patents.

[$] Freedesktop.org: its past and its future

Post Syndicated from jake original https://lwn.net/Articles/767258/rss

At the 2018 X.Org Developers
Conference
(XDC) in A Coruña, Spain, Daniel Stone gave an update on the
status of freedesktop.org,
which serves multiple projects as a hosting site for code, mailing lists,
specifications,
and more. As its name would imply, it started out with a focus on free
desktops and cross-desktop interoperability, but it lost that focus—along
with its focus in general—along the
way. He recapped the journey of fd.o (as it is often known) and unveiled
some idea of where it may be headed in the future.

[$] Revenge of the modems

Post Syndicated from jake original https://lwn.net/Articles/766766/rss

Back in the halcyon days of the previous century, those with a technical
inclination
often became overly acquainted with modems—not just the strange sounds they
made
when connecting, but the AT
commands
that were used to control them. While the AT command set is
still in use (notably for GSM networks), it is generally
hidden these days. But some security researchers have found that Android phones
often make AT commands available via their USB ports, which is something
that can potentially be exploited by rogue USB devices of various sorts.

[$] Progress on Zinc (thus WireGuard)

Post Syndicated from jake original https://lwn.net/Articles/765965/rss

When last we looked at the WireGuard VPN code and its progress
toward mainline inclusion, said progress was impeded by disagreements about
the new “Zinc”
cryptographic library that is added by the WireGuard patches. Since that
August look, several more versions of
WireGuard and Zinc have been posted; it would seem that Zinc is getting
closer to being accepted. Once that happens, the networking developers are
poised to review that portion of the code, which likely will lead
to WireGuard in the kernel some time in the next development cycle or two.

[$] Archiving web sites

Post Syndicated from jake original https://lwn.net/Articles/766374/rss

I recently took a deep dive into web site archival for friends who
were worried about losing control over the hosting of their work
online in the face of poor system administration or hostile
removal.
This makes web site archival an essential instrument in the
toolbox of any system administrator.
As it turns out, some sites are much harder to archive than
others. This article goes through the process of archiving traditional
web sites and shows how it falls short when confronted with the latest
fashions in the single-page applications that are bloating the modern web.

Subscribers can read on for a look at web archiving by guest author Antoine Beaupré.

Mir 1.0 released

Post Syndicated from jake original https://lwn.net/Articles/766178/rss

The Ubuntu blog has announced the release of version 1.0.0 of the Mir display server. “Whether for building a device or for writing a shell for the desktop, Mir can give you a graphics stack that is fast, light, and secure. The Mir graphical stack works across different graphics platforms and driver models and is easy to integrate into your kiosk, digital signage, or purpose built graphical solution. It was first conceived over 6 years ago as part of an initiative by Canonical to unify the graphical environment across all devices, including desktop, TV, and mobile devices and continues to be developed with new features and modern standards.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/766112/rss

Security updates have been issued by Debian (hylafax, sympa, and texlive-bin), Fedora (curl and gitolite3), Mageia (bouncycastle, ghostscript, and libx11), openSUSE (webkit2gtk3), Oracle (spice and spice-gtk and spice-gtk and spice-server), Red Hat (rubygem-smart_proxy_dynflow, spice and spice-gtk, and spice-gtk and spice-server), Scientific Linux (spice and spice-gtk and spice-gtk and spice-server), and SUSE (ImageMagick, kernel, liblouis, openslp, and python-paramiko).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/765814/rss

Security updates have been issued by Debian (glusterfs, php5, reportbug, and suricata), openSUSE (chromium and exempi), Red Hat (openstack-rabbitmq-container), SUSE (couchdb, crowbar, crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack, crowbar-ui, gdm, OpenStack, pango, and webkit2gtk3), and Ubuntu (bind9, lcms, lcms2, and lcms2).

After Years of Abusive E-mails, the Creator of Linux Steps Aside (The New Yorker)

Post Syndicated from jake original https://lwn.net/Articles/765674/rss

A story in The New Yorker magazine may help explain some of the timing of the recent upheavals in kernel-land. Longtime followers of kernel development will find the article to be a mixed bag—over the top in spots, fairly accurate elsewhere. “Torvalds’s decision to step aside came after The New Yorker asked him a series of questions about his conduct for a story on complaints about his abusive behavior discouraging women from working as Linux-kernel programmers. In a response to The New Yorker, Torvalds said, ‘I am very proud of the Linux code that I invented and the impact it has had on the world. I am not, however, always proud of my inability to communicate well with others—this is a lifelong struggle for me. To anyone whose feelings I have hurt, I am deeply sorry.’

[$] Resource control at Facebook

Post Syndicated from jake original https://lwn.net/Articles/764761/rss

Facebook runs a lot of programs and it tries to pack as many as it can onto
each machine. That means running close to—and sometimes beyond—the
resource limits on any given machine. How the system reacts when, for example,
memory is exhausted, makes a big difference in Facebook getting its work
done. Tejun Heo came to 2018
Open Source Summit North America
to describe the resource control
work that has been done by the team he works on at Facebook.

Lights, Camera, Open Source: Hollywood Turns to Linux for New Code Sharing Initiative (Linux Journal)

Post Syndicated from jake original https://lwn.net/Articles/764855/rss

Linux Journal covers the new Academy Software Foundation (ASWF), which is a project aimed at open-source collaboration in movie-making software that was started by the
Academy of Motion Picture Arts and Sciences (AMPAS) and the Linux Foundation. “Still at the early stages, the ASWF has yet to develop any of its own projects, but there is interest in having them host a number of very popular projects, such as Industrial Light & Magic’s OpenEXR HDR image file format, color management solution OpenColorIO, and OPenVDB, which is used for working with those hard-to-handle objects like clouds and fluids.

Along with promoting cooperation on the development of a more robust set of tools for the industry, one of the goals of the organization moving forward is to put out a shared licensing template that they hope will help smooth the tensions over licensing. It follows that with the growth of projects, navigating the politics over usage rights is bound to be a tricky task.”