Security updates have been issued by Mageia (libreoffice, libtiff, spice, and spice-gtk), openSUSE (build, mosquitto, and nodejs6), Red Hat (firefox, flatpak, and systemd), Scientific Linux (firefox, flatpak, and systemd), SUSE (kernel-firmware and texlive), and Ubuntu (bind9 and ghostscript).
The Linux Foundation has announced the formation of the Enabling Linux in Safety Applications (ELISA) project to create tools and processes for companies to use to build and certify safety-critical Linux applications. “Building off the work being done by SIL2LinuxMP project and Real-Time Linux project, ELISA will make it easier for companies to build safety-critical systems such as robotic devices, medical devices, smart factories, transportation systems and autonomous driving using Linux. Founding members of ELISA include Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.
To be trusted, safety-critical systems must meet functional safety objectives for the overall safety of the system, including how it responds to actions such as user errors, hardware failures, and environmental changes. Companies must demonstrate that their software meets strict demands for reliability, quality assurance, risk management, development process, and documentation. Because there is no clear method for certifying Linux, it can be difficult for a company to demonstrate that their Linux-based system meets these safety objectives.”
Security updates have been issued by CentOS (firefox, flatpak, and systemd), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, docker, libcomps, libdnf, and runc), Mageia (giflib, irssi, kernel, kernel-linus, libexif, poppler, tcpreplay, and zziplib), and SUSE (php5, procps, and qemu).
On his blog, Karim Yaghmour writes about an experimental social network that he and a colleague cobbled together using Git. While it is simply a proof of concept at this point, he is looking for feedback and, perhaps, collaborators to take it further. “It turns out that git has practically everything that’s needed to act both as storage and protocol for a social network. Not only that, but it’s very well-known within and used, deployed and maintained in the circles I navigate, it scales very well (see github), it’s used for critical infrastructure (see kernel.org), it provides history, it’s distributed by nature, etc. It’s got *almost* everything, but not quite everything needed.
So what’s missing from git? A few basic things that it turns out aren’t very hard to take care of: ability to ‘follow’, getting followee notifications, ‘commenting’ and an interface for viewing feeds. And instead of writing a whole online treatise of how this could be done, I asked my colleague Francois-Denis Gonthier to implement a proof and concept of this that we called ‘gitgeist’ and just published on github [https://github.com/opersys/gitgeist-poc].”
These days applications are generally moving away from the desktop and
mobile space. But taking a multi-platform desktop application and adding
two mobile platforms into the mix is difficult to do, as Dirk Hohndel
2019 talk. Hohndel maintains the Subsurface dive log application,
added mobile support over the past few years; he wanted to explain the process
that the project went through to support all of those platforms.
As the subtitle of the talk, “Developing for multiple platforms without
losing your mind”, indicates, it is a hard problem to solve sanely.
When patents and free software crop up together, the
usual question is about patent licensing. Patent exhaustion —
the principle that patent rights don’t reach past the first
sale of a product — is much
less frequently discussed. At FOSDEM 2019,
US lawyer Van Lindberg argued that several US court
decisions related to exhaustion, most of them recent but some less so,
could come together
to have surprising beneficial effects for free software. He was clear that the
argument applied only in the US but, since court systems tend to
look to each other for consistency’s sake, and because Lindberg is an
engaging speaker, the talk was of great interest even in Brussels.
Bradley Kuhn works for the Software Freedom Conservancy (SFC)
and part of what that organization does is to think about the problems that
freedom may encounter in the future. SFC worries about what will happen
with the four
freedoms as things change in the world.
One of those changes is already upon us: the Internet of Things (IoT) has
become quite popular, but it has many dangers, he said. Copyleft
can help; his talk is meant to show how.
Matrix is an open platform
for secure, decentralized, realtime communication. Matthew Hodgson,
the Matrix project leader, came to FOSDEM to describe Matrix and report on
its progress. Attendees learned
that it was within days
a 1.0 release and found out how it got there. He also shed some light on
what happened when the French reached out to them to see if Matrix could
meet the internal messaging requirements of an entire national government.
Greg Kroah-Hartman has announced the release of the 4.4.174 stable kernel. The patches went out
for review on February 7; the kernel contains a backport of a fix
FragmentSmack denial-of-service vulnerability. “Many thanks to Ben Hutchings for this release, it’s pretty much just his
work here in doing the backporting of networking fixes to help resolve
“FragmentSmack” (i.e. CVE-2018-5391).” As usual, users of the
kernel series should upgrade.
Security updates have been issued by Debian (dovecot and libarchive), Fedora (gvfs and poppler), openSUSE (openssl-1_1 and subversion), Oracle (kernel), Slackware (php), SUSE (avahi, docker, libunwind, LibVNCServer, and spice), and Ubuntu (linux-azure and openssh).
Security updates have been issued by Debian (curl, golang, libthrift-java, mumble, netmask, python3.4, and rssh), openSUSE (python-python-gnupg), Oracle (kernel), Scientific Linux (thunderbird), Slackware (curl), SUSE (firefox, python, and rmt-server), and Ubuntu (curl, libarchive, and libreoffice).
At the start of his linux.conf.au
2019 talk, Kristoffer Grönlund said that he would be taking attendees
back 60 years or more. That is not quite to the dawn of computing history,
but it is close—farther back than most of us were alive to remember. He
encountered John McCarthy’s famous Lisp
paper [PDF] via Papers We Love
and it led him to dig deeply into the Lisp world; he brought back a report for
the LCA crowd.
Two members of the Cacophony
Project came to linux.conf.au
2019 to give an overview of what the project is doing to increase the
bird life in New Zealand. The idea is to use computer vision and machine
learning to identify and eventually eliminate predators in order to help
bird populations; one measure of success will be the volume and variety of
bird song throughout the
islands. The endemic avian species in New Zealand evolved without the
presence of predatory mammals, so many of them have been decimated by
the predation of birds and their eggs. The Cacophony Project is looking at
ways to reverse that.
After a two-week voting period, which followed a two-week nomination
window, Python now has its governance
back in place—with a familiar name in the mix.
As specified in PEP 13 (“Python
Language Governance”), five nominees were elected to the steering council,
which will govern the language moving forward.
It may come as a surprise to some that Guido van
Rossum, whose resignation as benevolent dictator for life (BDFL)
led to the need for a
new governance model and, ultimately, to
the vote for a
council, was one of the 17 candidates. It is perhaps much
less surprising that he was elected
to share the duties he once wielded
Version 2.29 of the GNU C
library (glibc) is now available. It includes a wrapper for the getcpu()
system call, optimized generic versions of multiple math functions
(e.g. exp(), log2(), sinf()), new functions to
allow posix_spawn() to run the new process in a different
directory, and more.
Security updates have been issued by Debian (agg, golang-1.7, golang-1.8, mariadb-10.0, and postgis), Fedora (kernel, kernel-headers, and kernel-tools), Mageia (gitolite and libvorbis), openSUSE (pdns-recursor and webkit2gtk3), Oracle (firefox, ghostscript, kernel, polkit, spice, and spice-server), Red Hat (etcd, ghostscript, polkit, spice, and spice-server), Scientific Linux (ghostscript, polkit, spice, and spice-server), SUSE (python3), and Ubuntu (libvncserver).
Security updates have been issued by Arch Linux (ghostscript), Debian (firefox-esr, libgd2, libvncserver, php-pear, rssh, and spice), Fedora (docker, docker-latest, firefox, moodle, and wireshark), Mageia (bluez, ghostscript, php-tcpdf, phpmyadmin, virtualbox, and zeromq), openSUSE (ghostscript), Red Hat (firefox), Scientific Linux (firefox), Slackware (kernel), and Ubuntu (avahi, firefox, and openjdk-8, openjdk-lts).
Serena Chen began her talk in the Security,
Identity & Privacy miniconf at linux.conf.au 2019 with a plan to
dispel a pervasive myth that “usability and security are mutually
exclusive”. She hoped that by the end of her talk, she could convince the
audience that the opposite is true: good user experience design and good
security cannot exist without each other. It makes sense, she said,
because a secure system must be reliable and controllable, which means it
must be usable, while a usable system must be less confusing, thus it is more
Dana Lewis said that her keynote at linux.conf.au 2019 would be about
her journey of learning about open source and how it could be applied in
the healthcare world. She hoped it might lead some attendees to use
their talents on solutions for healthcare. Her efforts and those of others
in the community have led to a much better quality of life for a number of
those who suffer from a chronic, time-consuming disease.