All posts by jake

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/780543/rss

Security updates have been issued by Mageia (libreoffice, libtiff, spice, and spice-gtk), openSUSE (build, mosquitto, and nodejs6), Red Hat (firefox, flatpak, and systemd), Scientific Linux (firefox, flatpak, and systemd), SUSE (kernel-firmware and texlive), and Ubuntu (bind9 and ghostscript).

The Linux Foundation Launches ELISA Project Enabling Linux In Safety-Critical Systems

Post Syndicated from jake original https://lwn.net/Articles/780493/rss

The Linux Foundation has announced the formation of the Enabling Linux in Safety Applications (ELISA) project to create tools and processes for companies to use to build and certify safety-critical Linux applications. “Building off the work being done by SIL2LinuxMP project and Real-Time Linux project, ELISA will make it easier for companies to build safety-critical systems such as robotic devices, medical devices, smart factories, transportation systems and autonomous driving using Linux. Founding members of ELISA include Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.

To be trusted, safety-critical systems must meet functional safety objectives for the overall safety of the system, including how it responds to actions such as user errors, hardware failures, and environmental changes. Companies must demonstrate that their software meets strict demands for reliability, quality assurance, risk management, development process, and documentation. Because there is no clear method for certifying Linux, it can be difficult for a company to demonstrate that their Linux-based system meets these safety objectives.”

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/780454/rss

Security updates have been issued by CentOS (firefox, flatpak, and systemd), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, docker, libcomps, libdnf, and runc), Mageia (giflib, irssi, kernel, kernel-linus, libexif, poppler, tcpreplay, and zziplib), and SUSE (php5, procps, and qemu).

Yaghmour: gitgeist: a git-based social network proof of concept

Post Syndicated from jake original https://lwn.net/Articles/780365/rss

On his blog, Karim Yaghmour writes about an experimental social network that he and a colleague cobbled together using Git. While it is simply a proof of concept at this point, he is looking for feedback and, perhaps, collaborators to take it further. “It turns out that git has practically everything that’s needed to act both as storage and protocol for a social network. Not only that, but it’s very well-known within and used, deployed and maintained in the circles I navigate, it scales very well (see github), it’s used for critical infrastructure (see kernel.org), it provides history, it’s distributed by nature, etc. It’s got *almost* everything, but not quite everything needed.

So what’s missing from git? A few basic things that it turns out aren’t very hard to take care of: ability to ‘follow’, getting followee notifications, ‘commenting’ and an interface for viewing feeds. And instead of writing a whole online treatise of how this could be done, I asked my colleague Francois-Denis Gonthier to implement a proof and concept of this that we called ‘gitgeist’ and just published on github [https://github.com/opersys/gitgeist-poc].”

[$] Producing an application for both desktop and mobile

Post Syndicated from jake original https://lwn.net/Articles/780031/rss

These days applications are generally moving away from the desktop and
toward the
mobile space. But taking a multi-platform desktop application and adding
two mobile platforms into the mix is difficult to do, as Dirk Hohndel
described in
his linux.conf.au
2019
talk. Hohndel maintains the Subsurface dive log application,
which has
added mobile support over the past few years; he wanted to explain the process
that the project went through to support all of those platforms.
As the subtitle of the talk, “Developing for multiple platforms without
losing your mind”, indicates, it is a hard problem to solve sanely.

[$] Patent exhaustion and open source

Post Syndicated from jake original https://lwn.net/Articles/780078/rss

When patents and free software crop up together, the
usual question is about patent licensing. Patent exhaustion —
the principle that patent rights don’t reach past the first
sale of a product — is much
less frequently discussed. At FOSDEM 2019,
US lawyer Van Lindberg argued that several US court
decisions related to exhaustion, most of them recent but some less so,
could come together
to have surprising beneficial effects for free software. He was clear that the
argument applied only in the US but, since court systems tend to
look to each other for consistency’s sake, and because Lindberg is an
engaging speaker, the talk was of great interest even in Brussels.

[$] Avoiding the coming IoT dystopia

Post Syndicated from jake original https://lwn.net/Articles/779202/rss

Bradley Kuhn works for the Software Freedom Conservancy (SFC)
and part of what that organization does is to think about the problems that
software
freedom may encounter in the future. SFC worries about what will happen
with the four
freedoms
as things change in the world.
One of those changes is already upon us: the Internet of Things (IoT) has
become quite popular, but it has many dangers, he said. Copyleft
can help; his talk is meant to show how.

[$] France enters the Matrix

Post Syndicated from jake original https://lwn.net/Articles/779331/rss

Matrix is an open platform
for secure, decentralized, realtime communication. Matthew Hodgson,
the Matrix project leader, came to FOSDEM to describe Matrix and report on
its progress. Attendees learned
that it was within days
of having
a 1.0 release and found out how it got there. He also shed some light on
what happened when the French reached out to them to see if Matrix could
meet the internal messaging requirements of an entire national government.

Stable kernel 4.4.174 released

Post Syndicated from jake original https://lwn.net/Articles/779314/rss

Greg Kroah-Hartman has announced the release of the 4.4.174 stable kernel. The patches went out
for review
on February 7; the kernel contains a backport of a fix
for the
FragmentSmack denial-of-service vulnerability. “Many thanks to Ben Hutchings for this release, it’s pretty much just his
work here in doing the backporting of networking fixes to help resolve
“FragmentSmack” (i.e. CVE-2018-5391).
” As usual, users of the
kernel series should upgrade.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/779192/rss

Security updates have been issued by Debian (curl, golang, libthrift-java, mumble, netmask, python3.4, and rssh), openSUSE (python-python-gnupg), Oracle (kernel), Scientific Linux (thunderbird), Slackware (curl), SUSE (firefox, python, and rmt-server), and Ubuntu (curl, libarchive, and libreoffice).

[$] Lisp and the foundations of computing

Post Syndicated from jake original https://lwn.net/Articles/778550/rss

At the start of his linux.conf.au
2019
talk, Kristoffer Grönlund said that he would be taking attendees
back 60 years or more. That is not quite to the dawn of computing history,
but it is close—farther back than most of us were alive to remember. He
encountered John McCarthy’s famous Lisp
paper [PDF]
via Papers We Love
and it led him to dig deeply into the Lisp world; he brought back a report for
the LCA crowd.

[$] Saving birds with technology

Post Syndicated from jake original https://lwn.net/Articles/778429/rss

Two members of the Cacophony
Project
came to linux.conf.au
2019
to give an overview of what the project is doing to increase the
amount of
bird life in New Zealand. The idea is to use computer vision and machine
learning to identify and eventually eliminate predators in order to help
bird populations; one measure of success will be the volume and variety of
bird song throughout the
islands. The endemic avian species in New Zealand evolved without the
presence of predatory mammals, so many of them have been decimated by
the predation of birds and their eggs. The Cacophony Project is looking at
ways to reverse that.

[$] Python elects a steering council

Post Syndicated from jake original https://lwn.net/Articles/777997/rss

After a two-week voting period, which followed a two-week nomination
window, Python now has its governance
back in place
—with a familiar name in the mix.
As specified in PEP 13 (“Python
Language Governance”), five nominees were elected to the steering council,
which will govern the language moving forward.
It may come as a surprise to some that Guido van
Rossum
, whose resignation as benevolent dictator for life (BDFL)
led to the need for a
new governance model and, ultimately, to
the vote for a
council, was one of the 17 candidates. It is perhaps much
less surprising that he was elected
to share the duties he once wielded
solo.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/778285/rss

Security updates have been issued by Debian (agg, golang-1.7, golang-1.8, mariadb-10.0, and postgis), Fedora (kernel, kernel-headers, and kernel-tools), Mageia (gitolite and libvorbis), openSUSE (pdns-recursor and webkit2gtk3), Oracle (firefox, ghostscript, kernel, polkit, spice, and spice-server), Red Hat (etcd, ghostscript, polkit, spice, and spice-server), Scientific Linux (ghostscript, polkit, spice, and spice-server), SUSE (python3), and Ubuntu (libvncserver).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/778107/rss

Security updates have been issued by Arch Linux (ghostscript), Debian (firefox-esr, libgd2, libvncserver, php-pear, rssh, and spice), Fedora (docker, docker-latest, firefox, moodle, and wireshark), Mageia (bluez, ghostscript, php-tcpdf, phpmyadmin, virtualbox, and zeromq), openSUSE (ghostscript), Red Hat (firefox), Scientific Linux (firefox), Slackware (kernel), and Ubuntu (avahi, firefox, and openjdk-8, openjdk-lts).

[$] Design for security

Post Syndicated from jake original https://lwn.net/Articles/777828/rss

Serena Chen began her talk in the Security,
Identity & Privacy miniconf
at linux.conf.au 2019 with a plan to
dispel a pervasive myth that “usability and security are mutually
exclusive”. She hoped that by the end of her talk, she could convince the
audience that the opposite is true: good user experience design and good
security cannot exist without each other. It makes sense, she said,
because a secure system must be reliable and controllable, which means it
must be usable, while a usable system must be less confusing, thus it is more
secure.

[$] An open-source artificial pancreas

Post Syndicated from jake original https://lwn.net/Articles/777587/rss

Dana Lewis said that her keynote at linux.conf.au 2019 would be about
her journey of learning about open source and how it could be applied in
the healthcare world. She hoped it might lead some attendees to use
their talents on solutions for healthcare. Her efforts and those of others
in the community have led to a much better quality of life for a number of
those who suffer from a chronic, time-consuming disease.