Debian: DSA-4487-1: neovim security update User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features:
Debian LTS: DLA-1863-1: linux-4.9 security update Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.
[$] Accessing zoned block devices with zonefs Zoned block devices are quite different than the block devices most peopleare used to. The concept came from shingledmagnetic recording (SMR) devices, which allow much higher densitystorage, but that extra capacity comes with a price: less flexibility. Zoneddevices have regions (zones) that can only be written sequentially; thereis no random access for writes to those zones. Linux already supports thesedevices, and filesystems are adding support as well, but some applicationsmay want a simpler, more straightforward interface; that's what a newfilesystem, zonefs, is targeting.
Security updates for Tuesday Security updates have been issued by Debian (libsdl2-image and libxslt), Oracle (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (bzip2, microcode_ctl, and ucode-intel), and Ubuntu (clamav, evince, linux-hwe, linux-gcp, linux-snapdragon, and squid3).
[$] 5.3 Merge window, part 2 At the end of the 5.3 merge window, 12,608 non-merge changesets had beenpulled into the mainline repository. Nearly 6,000 of those were pulledafter the first-half summary was written.As expected, there was still a lot of material yet to be merged for thisdevelopment cycle.
Security updates for Monday Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red Hat (java-1.8.0-openjdk, java-11-openjdk, rh-maven35-jackson-databind, rh-nodejs8-nodejs, and rh-redis5-redis), Slackware (kernel), and SUSE (ucode-intel).
Kernel prepatch 5.3-rc1 Linus has released 5.3-rc1 and closed themerge window for this development cycle. "Anyway, despite the rockystart, and the big size, things mostly smoothed out towards the end of themerge window. And there's a lot to like in 5.3".
[$] Improving communities through documentation Documentation, said Riona MacNamara at the beginning of her OpenSourceSummit Japan 2019 talk, is the superpower that we can use to energize usersand developers; it is an important part of the creation of a vibrant andinclusive community. While there are a number of roadblocks that can impedeparticipation in a development community, many of those can be addressedwith better documentation. The talk was a call for all projects to thinkabout what they are trying to accomplish and to ensure that theirdocumentation is helping to get there.
Security updates for Friday Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3).
Cook: security things in Linux v5.2 Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2. "While the SLUB and SLAB allocator freelists have been randomized for a while now, the overarching page allocator itself wasn’t. This meant that anything doing allocation outside of the kmem_cache/kmalloc() would have deterministic placement in memory. This is bad both for security and for some cache management cases. Dan Williams implemented this randomization under CONFIG_SHUFFLE_PAGE_ALLOCATOR now, which provides additional uncertainty to memory layouts, though at a rather low granularity of 4MB (see SHUFFLE_ORDER). Also note that this feature needs to be enabled at boot time with page_alloc.shuffle=1 unless you have direct-mapped memory-side-cache (you can check the state at /sys/module/page_alloc/parameters/shuffle)."
[$] Kernel analysis with bpftrace At the 2019 Linux Storage, Filesystem,and Memory-Management Summit (LSFMM) Brendan Gregg gave a keynote on BPF observability that included a kernel issue he had debugged on Netflixproduction servers using bpftrace. In thisarticle, he provides a crash course on bpftrace for kernel developers—to help them moreeasily analyze their code. Subscribers can read on for a look at kernel analysis usingbpftrace from the upcoming weekly edition.
How to Install Bludit CMS with NGINX on Fedora 30 Bludit is a simple, fast, secure, flat-file CMS that allows you to create your own website or blog in seconds. In this tutorial, we will go through the Bludit CMS installation and setup on Fedora 30 system by using NGINX as a web server.
The best Kde package manager that can replace Synaptic In Linux you need an advanced package manager to: Manage applications and libraries installed on your system to the package level. Search, install and remove packages and inspect their versions and their dependencies.In Debian based distributions (Debian-Ubuntu-Linuxmint ...), i installed Synaptic which is a GTK based app that do the job, but it's look ugly on Kde, so i searched for a Qt based alternative and finally i find a great tool.
Quick Change in CEOs at SUSE Linux The company behind SUSE Linux Enterprise Server and related software suddenly announced a new CEO, just months after becoming independent.
Install WordPress with Docker Compose using Nginx Install WordPress with Docker Compose using Nginx, PHP7.2-FPM. In this article you are going to learn how to install and configure WordPress with Nginx, PHP-FPM with Docker, Docker Compose and connect to remote MySQL database. We will also install PhpMyAdmin and connect it with Cloud SQL
What Does It Take to Make a Kernel? The kernel this. The kernel that. Peopleoften refer to one operating system's kernel or another withouttruly knowing what it does or how it works or what it takes to makeone. What does it take to write a custom (and non-Linux) kernel?
Neon: A Wannabe Linux Distro For KDE Lovers KDE Neon is a bit of an oddball Linux thing. Linuxland has an impressive collection of oddball things. Neon looks and feels much like a Linux distribution, but its developers assert quite openly on their website that Neon is not a real Linux distro. It just installs and functions like one -- sort of. That can make deciding to use it a little confusing.
Code Cracker Turing to Be on 50-Quid Notes Alan Turing, the British mathematician known for his World War II code-breaking exploits and for a test to distinguish between human and machine intelligence, will be on 50-pound notes in the UK by the end of 2021. The Bank of England, which made the announcement, explained that Turing, who died in 1954, was chosen from a field of 989 eligible characters after a public nomination period.
Social Media, Crafters, Gamers and the Online Censorship Debate Ravelry, an online knitting community that has more than 8 million members, last month announced that it would ban forum posts, projects, patterns and even profiles from users who supported President Trump or his administration. "We cannot provide a space that is inclusive of all and also allow support for open white supremacy," the administrators of Ravelry posted on the site.
Debian Linux 10 'Buster' Places Stability Ahead of Excitement After 25 months of development, the makers of the granddaddy of the Linux OSes released an upgrade that updates many of the software packages and plays general catch-up with modern Linux trends. However, Debian Linux 10 Buster is a boring upgrade. It does little to draw attention to its merits. For serious Linux users, though, boring can be endearing.
The Router's Obstacle-Strewn Route to Home IoT Security It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device. IoT device owners aren't the only ones fed up, though.
Mageia 7 Pushes Linux Desktop Boundaries Mageia 7 redefines the concept of traditional Linux. It is a solid operating system well suited to both newcomers and seasoned Linux users alike. The Mageia distro is a powerhouse Linux OS filled with features and options unmatched in other Linux versions. Mageia Linux is a fork of the now-defunct Mandriva Linux. The first Mageia version was released in September 2010.
Can You Hear Me Now? Staying Connected During a Cybersecurity Incident While good communication is pretty much universally beneficial, there are times when it's more so than others. One such time? During a cybersecurity incident. Incident responders know that communication is paramount. Even a few minutes might mean the difference between closing an issue vs. allowing a risky situation to persist longer than it needs to.
Escuelas Linux Is Much More Than an Enlightened Linux Retread Escuelas Linux caught me by surprise. This Linux distro is a prime example of how a programmer can take an open source operating system that matches his own developmental strategy and turn it into a much different product with an identical look and feel. What makes the surprise so appealing is how effectively one distro becomes another while both continue to coexist equally.
Next-Gen Raspberry Pi 4 Packs Power Plus Potential The next big Raspberry Pi thing is now here, with lots more computing power and more options. The Raspberry Pi Foundation has announced the availability of Raspberry Pi 4, a comprehensive upgrade that touches nearly every element of the computing platform. Users have a choice of three memory capacities. The entry-level 1 GB RAM retains the signature $35 price; 2 GB costs $45; 4 GB sells for $55.
With Regolith, i3 Tiling Window Management Is Awesome, Strange and Easy Regolith Linux brings together three unusual computing components that make traipsing into the i3 tiling window manager world out-of-the-box easy. Much of the focus and attraction -- as well as confusion -- for newcomers to the Linux OS is the variety of desktop environments available. Some Linux distributions offer a range of desktop types. Others come only with a choice of one desktop. i3 provides yet another option.
A New Report Documents Two Years of Science Being Scrubbed From .Gov Sites An anonymous reader quotes a report from Motherboard: A report published by the Environmental Data & Governance Initiative (EDGI) on Monday found that language related to climate change has disappeared at an alarming pace since Trump took office in 2016. Across 5,301 pages -- ranging from websites belonging to the Environmental Protection Agency (EPA) to the U.S. Geological Survey (USGS) -- the use of the terms "climate change," "clean energy," and "adaptation" plummeted by 26 percent between 2016 and 2018. Of the pages where "climate change" was stricken, more than half belong to the EPA. The EPA homepage was the 1,750th most-visited website in the U.S. in early 2019, according to the report, giving it more reach than Whitehouse.gov. But "unlike the much-discussed White House effort to question climate change findings, website changes go unannounced and are often beyond immediate public recognition," the report argues. "They insidiously undermine publicly-funded infrastructure for knowledge dissemination." According to the report, clear scientific terminology on government websites was often replaced with politicized language such as "energy independence," a buzzword ripped directly from Trump's "America First Energy Plan" which demands an increase in fossil fuel production. The watchdog also found evidence of "diminished connections" between climate change and its effects on government websites, or quite literally, the breaking of links between public information about the topic.
IBM Gives Cancer-Killing Drug AI Project To the Open Source Community IBM has released three artificial intelligence (AI) projects tailored to take on the challenge of curing cancer to the open-source community. ZDNet reports: The first project, dubbed PaccMann -- not to be confused with the popular Pac-Man computer game -- is described as the "Prediction of anticancer compound sensitivity with Multi-modal attention-based neural networks." IBM is working on the PaccMann algorithm to automatically analyze chemical compounds and predict which are the most likely to fight cancer strains, which could potentially streamline this process. The ML algorithm exploits data on gene expression as well as the molecular structures of chemical compounds. IBM says that by identifying potential anti-cancer compounds earlier, this can cut the costs associated with drug development. The second project is called "Interaction Network infErence from vectoR representATions of words," otherwise known as INtERAcT. This tool is a particularly interesting one given its automatic extraction of data from valuable scientific papers related to our understanding of cancer. INtERAcT aims to make the academic side of research less of a burden by automatically extracting information from these papers. At the moment, the tool is being tested on extracting data related to protein-protein interactions -- an area of study which has been marked as a potential cause of the disruption of biological processes in diseases including cancer. The third and final project is "pathway-induced multiple kernel learning," or PIMKL. This algorithm utilizes datasets describing what we currently know when it comes to molecular interactions in order to predict the progression of cancer and potential relapses in patients. PIMKL uses what is known as multiple kernel learning to identify molecular pathways crucial for categorizing patients, giving healthcare professionals an opportunity to individualize and tailor treatment plans.
UPS Is Launching a Drone Delivery Service In the US The United Parcel Service (UPS) announced it has submitted an application to the FAA to operate commercial delivery drones in the U.S., through a new subsidiary called UPS Flight Forward. Quartz reports: The company has been working closely with the FAA over the last year; in 2018, the agency launched a program to test out drones in a range of autonomous flying situations, and UPS was one of the accepted applicants. It's been couriering lab samples around the WakeMed hospital campus in Raleigh, North Carolina, in partnership with the drone startup Matternet. Bala Ganesh, head of UPS's advanced technology group, says that once the FAA has certified the new company, it plans to build upon the work it's been doing in healthcare deliveries. UPS is hoping to get its certification later this year, at which point Ganesh says the company will expand its drone activities in three ways. First, it wants to replicate the work it's done at WakeMed at other large medical facilities that need lab work ferried around as quickly as possible. It then wants to begin flying farther, using autonomous drones to potentially fly between five and ten miles from their point of origin. (Right now, most drone operations in the US need to be conducted within the line of sight of a pilot.) After that's been mastered, UPS wants to fly its drones at night. UPS doesn't plan, at least for the near future, to offer drone deliveries to regular customers, so don't expect to be getting your next online order delivered to your house by drone. For now, it's concentrating on small payloads for healthcare
Air Travelers May Have To Pay Carbon Charge To Offset Emissions Air passengers may have to pay an extra "carbon charge" on flights as part of a UK government initiative to reduce CO2 emissions and tackle the climate crisis. From a report: Passengers could choose to pay more for travel tickets, which would then be used to offset greenhouse gas emissions. Or the scheme could work on an "opt-out" basis and also be applied to trains, buses and ferries. Ministers hope the plans will raise awareness about the effects of public transport on the environment. The extra funds could be used to spearhead eco-friendly projects such as planting trees to reduce the carbon footprint. The government said it hoped the initiative would "drive consumer choices towards less polluting journey options." However, the transport secretary, Chris Grayling, has launched a call for evidence on offsetting carbon emissions produced by public transport. In addition, the government has expressed concerns consumers may not trust that their payments are supporting worthwhile causes. Grayling said on Thursday: "Climate change affects every one of us and we are committed to ensuring that transport plays its part in delivering net zero greenhouse gas emissions by 2050."
Ford Teases All-Electric F-150 Pickup Truck By Pulling a Million-Pound Train An anonymous reader quotes a report from The Verge: In 2017, Ford announced that it would sell an all-electric version of its best-selling F-150 pickup truck. It plans to start selling a hybrid version in 2020, and as a way to start priming the pump (or plug, as it were) for a vehicle that will no doubt be a very big deal, the company released a video Tuesday demonstrating the electric truck's remarkable towing capacity. The electric prototype is seen pulling 10 double-decker rail cars over 1,000 feet. It does it once when the rail cars are empty and a second time with them loaded with 42 regular, gas-burning F-150s. The latter stunt puts the entire load at 1.25 million pounds, according to Linda Zhang, chief engineer on the electric truck project. In the fine print, Ford describes the towing stunt as a "one-time short event demonstration" and claims it is "far beyond any production truck's published capacity." Right now, Tesla holds the record for pulling the heaviest load, when a Model X towed a 287,000-pound Boeing 787-9 Dreamliner nearly 1,000 feet on a taxiway at the Melbourne Airport in Australia last year. In June, Elon Musk teased Tesla's upcoming Pickup truck and took a swipe at Ford and other truck companies, saying: "It's going to be a truck that is more capable than other trucks. The goal is to be a better truck than a [Ford] F-150 in terms of truck-like functionality and be a better sports car than a standard [Porsche] 911. That's the aspiration." He also said in a tweet that the towing capacity would be 300,000 pounds.
Ask Slashdot: Why Does Suicide Seem To Be More Common Among Tech Workers? tripleevenfall writes: At numerous points during my career in the tech industry, my workplaces have been affected by the suicide of an employee. Usually beginning with the receipt of a vague email that management has been "saddened" that someone had "passed away" recently, the truth soon becomes known and the questions begin circulating again. Why does suicide seem to be more common among tech workers? Is it due to lifestyle choices commonly associated with tech workers that lead to isolation? Are the personality types that choose tech work more prone to mental illnesses?
Facial Recognition May Be Banned From Public Housing Thanks To Proposed Law Lawmakers in Congress are expected to introduce landmark legislation this week that will ban facial recognition technology from public housing. Called the No Biometric Barriers to Housing Act, the proposed bill would prohibit housing units that receive funding from the Department of Housing and Urban Development from using technology like facial recognition. It would also require HUD to submit a report on facial recognition, detailing its impact on public housing units and their tenants. CNET reports: This would be the first federal bill that looks at what technology landlords can impose on tenants. While the law would only affect HUD housing, it could raise awareness for a broader set of landlords and tenants, and it comes as people are increasingly questioning the threats to privacy that stem from facial recognition. The only other federal bill on facial recognition is the Commercial Facial Recognition Privacy Act, introduced in March by Sens. Roy Blunt, a Republican from Missouri, and Brian Schatz, a Democrat from Hawaii. There also aren't any laws on technology that landlords can impose on tenants. More than 20,000 homes in the last two years have been converted into smart homes by landlords, even as tenants complain about privacy concerns and issues with faulty locks.
Dropbox Irks Mac Users With Annoying Dock Icon, Offers Clueless Support An anonymous reader quotes a report from Ars Technica: Dropbox now opens a new file browser and an associated Dock icon every time it starts, even if you don't want it to. If you're not familiar with Macs, the Dock is the line of applications on the bottom of the screen (or the side, if you've moved it in the settings) and serves the same function as the Windows Taskbar. If my computer restarts or if Dropbox restarts, the new Dropbox window that I don't want pops up in the Dock. This isn't a huge deal, as I can quit Dropbox's new file browser and get rid of that Dock icon each time my computer starts up. I'm not going to stop using Dropbox -- I've been paying the company $138 a year for 2TB of storage and for 12 months' worth of file history, which saves all deleted files and revisions to files. (It's going up to $158 next time I get billed, in February.) It's worth it to me because Dropbox still works great, while the alternatives have always been unreliable or disappointing in other ways when I've tried them. I'll get into that more later in this article. But the Dock icon and window is a major change in how Dropbox presents itself to users. Dropbox has always been the kind of application that is there when you need it and gets out of the way when you don't. Dropbox's syncing and file-sharing features are integrated with the Finder (the Mac file manager), and there's a little icon in the Mac's Menu Bar at the top of the screen for when you need to change a setting. But now, Dropbox wants to be front and center at all times. The company built its own file browser to replace what's already available in the Mac Finder, and it opens that new file manager every time Dropbox starts. We wrote about it last week when Dropbox started rolling it out to more users. I've had it for more than a month since I somehow ended up in Dropbox's Early Access program. Ars' Jon Brodkin, the author of the article, also discovered that "there are numerous Dropbox support employees who apparently have never used their company's Mac application and do not understand how it works." Specifically, the employees Brodkin talked to didn't know "that it's possible for Mac applications to run without a Dock icon even though that's exactly how Dropbox worked for a decade... And they've been giving bad advice to users who want to change back to the old way of doing things."
BMW To Treat Apple CarPlay as a Subscription Service and Charge Customers an Annual Fee BMW will turn Apple CarPlay into a subscription service beginning with its 2019-model-year vehicles. From a report: The German automaker currently charges a one-time $300 to add Apple CarPlay capability to navigation-equipped BMW models. Going forward, though, navigation-equipped BMWs will come with CarPlay at no charge for one year. Following that first year, customers will need to pay an annual fee of $80 to maintain the relationship between their Apple device and their BMW's infotainment system. BMWs currently are not compatible with Android Auto, although the company did announce its plans to integrate Google Assistant and Amazon Alexa services into its vehicles. [...] Regardless, BMW's decision to charge a yearly fee for CarPlay is contrary to industry norms, as all other automakers include the service as a standard or optional feature that spans the life of the vehicle, similar to a sunroof or AM/FM radio. We'll see if other manufacturers follow BMW's lead in the future or whether the market will force the automaker to fall back into line and provide it at no extra cost.
Justice Department To Open Broad, New Antitrust Review of Big Tech Companies schwit1 shares a report from The Wall Street Journal: The Justice Department is opening a broad antitrust review into whether dominant technology firms are unlawfully stifling competition (Warning: source paywalled; alternative source), according to department officials, adding a new Washington threat for companies such as Facebook, Google, Amazon and Apple. The review is geared toward examining the practices of online platforms that dominate internet search, social media and retail services, the officials said. The new antitrust inquiry is the strongest signal yet of Attorney General William Barr's deep interest in the tech sector, and it could ratchet up the already considerable regulatory pressures facing the top U.S. tech firms. The review is designed to go above and beyond recent plans for scrutinizing the tech sector that were crafted by the department and the Federal Trade Commission. Justice Department officials said they would use the new antitrust review to seek extensive input and information from industry participants, and eventually from the dominant tech firms themselves. It isn't yet known whether much of the information-gathering will be done on a voluntary basis or if companies eventually could be compelled by the government to turn over materials. "There is no defined end-goal yet for the Big Tech review other than to understand whether there are antitrust problems that need addressing, but a broad range of options are on the table," the report adds. "The department's inquiry could eventually lead to more focused investigations of specific company conduct."
Lancaster Uni data breach hits at least 12,500 wannabe students Must have been the cyber security course's day off Lancaster University - which offers a GCHQ-accredited degree in security - has been struck by a "sophisticated and malicious phishing attack" that resulted in the leak of around 12,500 wannabe students' personal data.…
RADV's Navi Support Gets Patches For Vulkan Transform Feedback The excitement over the open-source AMD Radeon Navi graphics driver support for Linux gamers/users continues. On Tuesday the RADV driver saw support land for binning to boost performance but while Bas was doing that, Samuel Pitoiset of Valve posted patches allowing GFX10/Navi to support Vulkan transform feedback...
GCC vs. Clang Compiler Benchmarks On POWER9 With Raptor's Blackbird While for Intel x86_64 with the latest compilers it's a very competitive race between LLVM Clang and GCC, how is that battle playing out on the IBM POWER9 front? Using the interesting Raptor Blackbird with IBM POWER9 4-core / 16-thread CPU, here are some recent benchmarks I did between GCC 9, GCC 10, and LLVM Clang 8.
GCC 10 Compiler Picks Up New Scheduler Model & Cost Tables For AMD Zen 2 Processors While AMD developers published their "Znver2" compiler patches for Zen 2 originally back in November, months ahead of the recent Ryzen 3000 series launch, this compiler support was incomplete as it re-used the existing scheduler model and costs table of Znver1. Now though one of SUSE's compiler experts who often works in cooperation with AMD has published the new Znver2 scheduler model and costs table for Zen 2...
Nintendo has reportedly instructed customer support representatives to offer free Joy-Con repairs with "drift" issues for free. According an internal memo obtained by facing a class-action lawsuit in the US, accusing the gaming giant of selling Joy-Cons despite knowing that they're defective. The company is being sued for violating California's fraud laws as well as state- and federal-level warranty laws.
Earlier this year, news reports exposed that not only did DoorDash (and others, like Instacart) sometimes lower its payout to delivery workers when customers tipped, its payment system didn't make clear that this was happening. Last month it changed payouts to show how much of "Dashers" income came from the company vs. tips, but it still used customer tips to account for some of the guaranteed fee it would otherwise pay for a delivery, instead of simply adding them on to an already set rate.
Tonight, after a July 24, 20194/ Going forward, we're changing our model - the new model will ensure that Dashers' earnings will increase by the exact amount a customer tips on every order. We'll have specific details in the coming days. — Tony Xu (@t_xu) July 24, 2019 Source: Tony Xu (Twitter)
Scientists are still unsure of why a group of US diplomats in Cuba experienced mysterious neurological symptoms, but they're still looking for answers. A new study published today in JAMA by the University of Pennsylvania reveals that brain changes were found in US government officials who were stationed in Havana. But there's still no proof to the theory that the diplomats were attacked by a sonic weapon.
The study performed advanced brain imaging on 40 government personnel who were stationed in Cuba. A group of 48 healthy patients were used as a control. Compared to the control group, the brains of the Cuba patients showed distinct differences in brain volume and connectivity. There was reduced white matter in the affected patients. Changes in tissue volume particularly impacted the cerebellum -- the region of the brain responsible for executive functioning.
"The areas implicated in the patients' brains, namely the cerebellum as well as the visuospatial and auditory networks, align with the neurological symptoms that were observed in the patients," said lead author Ragini Verma, PhD, professor of radiology and head of the imaging lab at the University of Pennsylvania. Verma said the changes were evident even after scientists excluded the results of patients with a history of brain injuries.
Still, outside scientists cast doubt on the study; arguing that its techniques are far from iron-clad. First off, the imaging methods used on the patients aren't meant to find disease, neuroscientist Douglas Fields told Gizmodo. In an editor's note, JAMA senior editor Christopher Muth and executive editor Phil Fontanarosa admitted that the paper didn't provide clear proof of impairment. "However, despite the differences in advanced neuroimaging metrics between patients and controls reported in this study, the clinical relevance of these differences is uncertain, and the exact nature of any potential exposure and the underlying etiology of the patients' symptoms still remain unclear," they wrote.
The study is a follow-up to a smaller trial the team performed back in 2016 with a group of 20 diplomats, which concluded that there were signs of neurological injury. That work was met with some backlash from the rest of the scientific community. Three years later, it appears that the mystery of Havana Syndrome still hasn't been solved. But given how tricky investigating the phenomenon has been for scientists, it's probably best for the average person to avoid jumping to unlikely conclusions.
With HomeKit support, LG TVs can be controlled via Siri or the Home app in iOS, with control of power, volume and input selection. Plus, like other accessories, it can become a part of scenes and automations to prep things for movie night, or whatever else you have in mind. The update with Apple's features is "starting" this week, so even if you have a 2019 model TV, it could take a few weeks before it's actually available.
LG 2019 TVs with AirPlay (from Apple's list): LG OLED LG NanoCell SM9X series LG NanoCell SM8X series LG UHD UM7X series Source: LG
It's not always as quick as you might like to pick up a pizza on the way home, but Pizza Hut might have a solution: borrow a page from the online shopping world. Its Hollywood restaurant (6660 Sunset Boulevard) has started testing Amazon Locker-like "cubbies" for carryout orders purchased through any method. Each cubby includes a display that shows your partial name as well as a lining that keeps your food hot and your drinks cold. You won't have to wait for someone at the counter -- once you've paid, you just double-tap the screen and grab your meal.
And in case you're wondering: the cubby doors remain locked until you're in the store and have paid, so someone won't make off with your Veggie Lover's before you arrive.
Whatever happens with the pilot program, though, it's just the start. Pizza Hut said it plans more "completely frictionless" locations in other West Coast cities in 2020. Much like its rivals, then, the chain sees a future where you won't have to wait long for dinner (or interact with humans, for that matter) unless you're grabbing a seat. That's not unexpected. Online ordering has made the carryout and delivery processes more important than they used to be, and a speedy pick-up could mean the difference between keeping a customer and losing them to faster-moving competition.
More Americans will be able to take advantage of on-demand Frappuccinos. Starbucks announced today that it's expanding its partnership with Uber Eats, aiming for nationwide delivery by early 2020. Currently, only 11 cities offer the service; Boston, Chicago, Dallas, Houston, Los Angeles, Miami, New York City, Orange County, San Francisco, Seattle and Washington, DC.
Delivery coffee may have once been a novel concept, but not anymore. Starbucks first began offering delivery via Uber Eats in 2018 with pilots in Miami and Tokyo. Back in January, the company expanded to London and more US cities. The company already offers delivery in China with Ele.me, an Alibaba-backed platform, and hopes to expand to 3,000 stores across 50 cities by the fall.
"Partnering with Uber Eats helps us take another step towards bringing Starbucks to customers wherever they are," Starbucks Group President and COO Roz Brewer said in a statement. Major metropolises already have a Starbucks on every corner, but expanding Uber Eats to other regions makes sense. And it's a timely move, given that Uber Eats recently expanded as well. The rideshare giant announced last year that it would offer deliver to more suburban and sparsely populated areas, aiming to reach 70 percent of the US in 2019. The company this month unveiled a pass that offers free Eats deliveries. With such widespread coverage and the lure of free delivery, you'll have no excuse to leave the house.
The US is intensifying its already stepped-up scrutiny of the tech industry. The Department of Justice is launching a comprehensive antitrust review of "market-leading online platforms" to see if they're abusing their leading positions. There's no definite goal beyond determining whether or not there are any anti-competitive practices. The review will focus on internet platforms involving search, shopping and social networking, however.
Officials vowed to "seek redress" if they found any lawbreaking. Wall Street Journal sources claimed that the DOJ wouldn't ignore violations of other laws if discovered during the review.
The Department didn't name specific targets, but it's not hard to guess which tech giants are likely to come under the crosshairs. Amazon, Apple, Facebook, Google and Microsoft all exert tremendous influences on the internet, even if they don't always have a monopoly in a given area.
You know these firms will put up stiff opposition, too. Apple has already denied that its App Store is a monopoly, and companies like Google have typically argued that you're not locked into using their web services the way you might be with software. They're determined to maintain the status quo, and they know the consequences of losing could be severe.
Snap appears to be working its way out of a downturn. In the company's Q2 earnings release that just dropped. Snap revealed that it had 203 million daily active Snapchat users in the last quarter, up eight percent year-over-year and seven percent quarter-over-quarter. That came after several quarters of declining users, something that was clearly troubling to investors.
Not coincidentally, the redesigned Snapchat app that rolled out to all Android users last quarter has made an impact as well. Snap says that users are sending seven percent more Snaps with the new app, though it comes with the confusing caveat that this represents "the majority of Android devices used by new users." Likely, that's an acknowledgement that there are Android users with older devices not running the updated app. Snap also say that new users are more likely to stick with the Snapchat app these days -- the company "saw more than a ten percent increase in the retention rate of people who open Snapchat for the first time."
As for its financial performance, Snap still isn't profitable -- but it's slowly inching closer to that day. The company pulled in $388 million in revenue, a big 48 percent increase over Q2 one year ago. But the company still lost $255 million in the quarter; that's 28 percent less money than it lost in Q2 2018.
Somewhat surprisingly, Snap's Discover platform is also getting more engagement than it has in the past. The audience of people watching content on Discover daily grew 35 percent in the last year -- though Snap didn't provide any numbers to quantify how big (or small) that audience is. Total daily time spent watching Discover is also up to the tune of 60 percent year-over-year.
As for the host of partner-focused announcements Snap made back in April, it's a bit too early for much of them to have come to fruition. But we'll be listening in to today's earnings call to see if CEO Evan Spiegel has any other details to share and we'll update this post with anything we hear.
Now that facial recognition is more common, so are the laws aiming to limit its scope. San Francisco, Oakland, Calif. and Somerville, Mass. have all passed laws prohibiting city use of facial recognition. Now, a group of Congresswomen hope to pass the first federal legislation to limit the technology. the right to have physical keys to access their New York City apartment building, rather than smart locks. As more landlords look to install smart home tech, legislation and cases like these could become more common.
When Amazon Prime Video series Homecoming returns for its second season, it'll have a new star. Actor and musician Janelle Monáe is taking over the lead role from Julia Roberts. She'll play a woman who wakes up a canoe with no idea how she got there or who she is.
It's Monáe's first major role in a TV series. Along with her successful music career, she's putting together an impressive screen résumé. She starred in the excellent NASA drama Hidden Figures and Oscar winner Moonlight. Later this year, Monáe will appear in the Harriet Tubman biopic Harriett and a live-action remake of Lady and the Tramp, which'll be a Disney+ exclusive. Homecoming is her second Prime Video project after an episode of the reports, with a bevy of new characters onboard. It remains to be seen how many of the original cast will return to the psychological thriller.
Apple dominates App Store search results, thwarting competitors Apple’s mobile apps routinely appear first in search results ahead of competitors in its App Store, a powerful advantage that skirts some of the company’s rules on such rankings, according to a Wall Street Journal analysis. The company’s apps ranked first in more than 60% of basic searches, such as for “maps,” the analysis showed. Apple apps that generate revenue through subscriptions or sales, like Music or Books, showed up first in 95% of searches related to those apps. This dominance gives the company an upper hand in a marketplace that generates $50 billion in annual spending. Services revenue linked to the performance of apps is at the center of Apple’s strategy to diversify its profits as iPhone sales wane. This should surprise absolutely nobody. Apple has a lot riding on becoming a successful services company, and its doing a lot of sleazy things already to try and convert iPhone buyers into wallets on legs from whom Cupertino can siphon monthly amounts. Its only natural that the company would use its Appe Store search engine to promote its own services something that will surely turn some heads in Europe. The article also has this fascinating little tidbit: Phillip Shoemaker, who led the App Store review process until 2016, said Apple executives were aware of Podcasts’ poor ratings. Around 2015, his team proposed to senior executives that it purge all apps rated lower than two stars to ensure overall quality. “That would kill our Podcasts app,” an Apple executive said, according to Mr. Shoemaker, who has advised some independent apps on the App Store review process since leaving Apple. The proposal was eventually rejected, Mr. Shoemaker said. So Apple pondered purging all apps with two stars or lower from the App Store0 Only to realise a number of its own apps would be purged, too. Oh and in what Im sure is entirely unrelated, many Apple apps inside the App Store no longer show a rating at all special treatment only Apple apps get. If even 50% of this story is true, antitrust lawyers and investigators are going to have a field day with this.
Unikernels: the next stage of Linux’s dominance Unikernels have demonstrated enormous advantages over Linux in many important domains, causing some to propose that the days of Linux’s dominance may be coming to an end. On the contrary, we believe that unikernels’ advantages represent the next natural evolution for Linux, as it can adopt the best ideas from the unikernel approach and, along with its battle-tested codebase and large open source community, continue to dominate. In this paper, we posit that an up-streamable unikernel target is achievable from the Linux kernel, and, through an early Linux unikernel prototype, demonstrate that some simple changes can bring dramatic performance advantages. A scientific paper on the subject.
Files are fraught with peril In this talk, were going to look at how file systems differ from each other and other issues we might encounter when writing to files. Were going to look at the file stack! starting at the top with the file API, which well see is nearly impossible to use correctly and that supporting multiple filesystems without corrupting data is much harder than supporting a single filesystem; move down to the filesystem, which well see has serious bugs that cause data loss and data corruption; and then well look at disks and see that disks can easily corrupt data at a rate five million times greater than claimed in vendor datasheets. Deeply technical, but well-written and pleasant to read.
A tale of pointlessness: retro 5″ black and white TV as a computer monitor When my brother’s old 1980s 5″ black and white TV was recently discovered during a “I wonder what’s under here?” exercise and amazingly seemed to still be working my first thought was, of course, “Nice!! 3rd monitor for my PC”. I knew that wouldn’t be exactly simple as the TV only appeared to have a 3.5mm “EXT. ANT” socket. 0I cant do anything but applaud this.
A new motherboard for Amiga, the platform that refuses to die In the early years of personal computing there were a slew of serious contenders. A PC, a Mac, an Atari ST, an Amiga, and several more that all demanded serious consideration on the general purpose desktop computer market. Of all these platforms, the Amiga somehow stubbornly refuses to die. The Amiga 1200+ from is the latest in a long procession of post-Commodore Amigas, and as its name suggests it provides an upgrade for the popular early-1990s all-in-one Amiga model. If I ever get filthy rich, one of the things Ill be doing with my money is using it to support platforms like the Amiga. Try and buy up as much IP, fund people and companies trying to make hardware and software, try to attract developers with financial incentives, and so on. Not a sound investment by any stretch of the imagination, but still a fun little diversion to daydream about.
Apple releases round of iOS, macOS updates Today, Apple released a round of minor updates for all of its supported devices, including iOS 12.4, macOS 10.14.6, watchOS 5.3, and tvOS 12.4 . As it turns out though, some older devices devices that arent supported by the latest updates anymore are getting some love as well. According to MacRumors, iOS 9.3.6 and iOS 10.3.4 are now available. The report states that the former is only available for cellular models of the iPad mini, iPad 2, and iPad 3, all devices that used an A5 processor or a variant of it. Its worth noting that the third-generation Apple TV also got an update today, as that also included an A5 chipset. Always a nice surprise to see older devices getting some love.
How many kinds of USB-C to USB-C cables are there? Classic USB from the 1.1, 2.0, to 3.0 generations using USB-A and USB-B connectors have a really nice property in that cables were directional and plugs and receptacles were physically distinct to specify a different capability. A USB 3.0 capable USB-B plug was physically larger than a 2.0 plug and would not fit into a USB 2.0-only receptacle. For the end user, this meant that as long as they have a cable that would physically connect to both the host and the device, the system would function properly, as there is only ever one kind of cable that goes from one A plug to a particular flavor of B plug. Does the same hold for USB-C? We all know the answer to this mess.
This could be our first look at an Android-powered feature phone from Nokia Kyle Bradshaw at 9To5Google: For the past few months, we’ve been tracking developments in Chrome that point to Android becoming a competitor to KaiOS by entering the feature phone market. Today, the first purported image of an Android feature phone has come to light, with Nokia stylings. Thus far, everything we’ve learned about the likelihood of Android coming to feature phones has come from tidbits within public Chrome code. From the code, we know that Android feature phones will be distinctly different from Android Go, as the feature phones will not have a touchscreen. Instead, the phones will be navigated using a traditional d-pad, shoulder buttons, and the number keys. Feature phones are far from dead, and it seems Google really wants a piece of this pie. KaiOS is kind of an unsung hero here in the west, but its quite popular on feature phones all over the world.
Google claims to have cancelled its censored Chinese search engine project At a Senate Judiciary Committee hearing Tuesday, Google’s vice president of public policy, Karan Bhatia, said that the tech giant’s much-criticized effort to launch a search engine in China had been abandoned. “We have terminated Project Dragonfly,” Bhatia said of the controversial search app for the Chinese market that Google had reportedly been working on last year. He was responding to a series of questions from Republican Sen. Josh Hawley about Google’s business with China. Google employees were decidedly not happy with this project, so internal pressure certainly seems to have made an impact.
Feral Interactive yesterday announced Company of Heroes 2 for macOS and Linux: Commanders update is now available. This update of the WWII strategy game has five new commanders. See the game's official blog for more details. If you already have Company of Heroes 2, you can update for free; otherwise, you can purchase it from the Feral Store for $19.99.
coreboot 4.10 has been released This release comes eight months following the 4.9 release, and includes 2538 commit changes from 198 authors. From the announcement: "Most of the changes were to mainboards, and on the chipset side, lots of activity concentrated on x86. However compared to previous releases activity (and therefore interest, probably) increased in vboot and in non-x86 architectures. However it's harder this time to give this release a single topic like the last: This release accumulates some of everything."
ESET launches version 7 of its File Security for Linux product, which Help Net Security says "provides advanced protection to organisations' general servers, network file storage and multipurpose servers". The article notes that ESET File Security for Linux is "powered by the latest ESET LiveGrid technology and eliminates all types of threats, including viruses, rootkits, worms and spyware. Version 7.0 offers a host of advanced features, including real-time file system protection, tighter security and a real-time web graphical user interface (GUI)." NewsFeral InteractivegamingFedorakernelcorebootGNU ParallelSecurityESETServers
What Does It Take to Make a Kernel? by Petros Koutoupis The kernel this. The kernel that. People often refer to one operating system's kernel or another without truly knowing what it does or how it works or what it takes to make one. What does it take to write a custom (and non-Linux) kernel?
So, what am I going to do here? In June 2018, I wrote a guide to build a complete Linux distribution from source packages, and in January 2019, I expanded on that guide by adding more packages to the original guide. Now it's time to dive deeper into the custom operating system topic. This article describes how to write your very own kernel from scratch and then boot up into it. Sounds pretty straightforward, right? Now, don't get too excited here. This kernel won't do much of anything. It'll print a few messages onto the screen and then halt the CPU. Sure, you can build on top of it and create something more, but that is not the purpose of this article. My main goal is to provide you, the reader, with a deep understanding of how a kernel is written.
Once upon a time, in an era long ago, embedded Linux was not really a thing. I kno that sounds a bit crazy, but it's true! If you worked with a microcontroller, you were given (from the vendor) a specification, a design sheet, a manual of all its registers and nothing more. Translation: you had to write your own operating system (kernel included) from scratch. Although this guide assumes the standard generic 32-bit x86 architecture, a lot of it reflects what had to be done back in the day.
The exercises below require that you install a few packages in your preferred Linux distribution. For instance, on an Ubuntu machine, you will need the following: binutils gcc grub-common make nasm xorriso An Extreme Crash Course into the Assembly Language Note: I'm going to simplify things by pretending to work with a not-so-complex 8-bit microprocessor. This doesn't reflect the modern (and possibly past) designs of any commercial processor. Go to Full Article
Linux kernel 5.3-rc1 has been released. Linus Torvalds writes, "This is a pretty big release, judging by the commit count. Not the biggest ever (that honor still goes to 4.9-rc1, which was exceptionally big), and we've had a couple of comparable ones (4.12, 4.15 and 4.19 were also big merge windows), but it's definitely up there." He also notes that "...there's a lot to like in 5.3."
German cybersecurity watchdog CERT-Bund recently discovered a security flaw in the VLC media player 184.108.40.206. Softpedia News reports that "a successful exploit of the vulnerability allows for unauthorized disclosure of information, unauthorized modification of files, and disruption of service." See CVE-2019-13615 for specifics. A patch is in the works.
Melissa Di Donato has been appointed CEO of SUSE. From the press release: "Accomplished technology executive and former SAP leader, Melissa Di Donato, has been named chief executive officer of SUSE in a move that will herald the next phase of growth and momentum for the world's largest independent open source software company....Di Donato is highly regarded for her forward-thinking leadership style and is a passionate advocate for workplace diversity. This includes her role as Technology Group chair of the 30% Club—an organization with the goal of achieving 30 percent female directors on S&P 100 boards by 2020. She also holds prominent positions in other organizations, including Notion Capital, and is a trustee for charity Founders4Schools."
Dropbox brings back support for ZFS, XFS, Btrfs and eCryptFS. According to Linux Uprising, "it appears that this change has made it into the stable Dropbox client for Linux. This isn't directly mentioned on the Dropbox website, but after a fresh Dropbox installation that I performed on Ubuntu, the reported version is 77.4.131, which is a higher version number than the Dropbox beta version for which it was reported that it now supports ZFS and XFS on 64-bit Linux systems, and eCryptFS and Btrfs on all Linux systems. I also gave it a try on a Btrfs filesystem and folder syncing ran without running into any issues."
Oracle Linux 7 has been released for the Raspberry Pi 3. The release packages Btrfs as the root filesystem on the UEK-branded Linux 4.14 Long Term Support (LTS) kernel. A bootable disk image with a minimal install is provided along with a standard ISO installer.
CentOS appears to support only the "Mustang" Applied Micro X-Gene for AArch64, and it provides the older AArch32 environment for all models of the Raspberry Pi. Oracle Linux is a compelling option among RPM distributions in supporting AArch64 for the Pi Model 3.
This is not to say that Oracle AArch64 Linux is without flaw, as Oracle warns that this is "a preview release and for development purposes only; Oracle suggests these not be used in production." The non-functional WiFi device is missing firmware and documentation, which Oracle admits was overlooked. No X11 graphics are included in the image, although you can install them. The eponymous database client (and server) are absent. Oracle has provided a previous example of orphaned software with its Linux for SPARC project, which was abandoned after two minor releases. There's no guarantee that this ARM version will not suffer the same fate, although Oracle has responded that "our eventual target is server class platforms". One possible hardware target is the Fujitsu A64FX, a new server processor that bundles 48 addressable AArch64 cores and 32GB of RAM on one die, asserted to be the "fastest server processor" that exists. AArch64 on the Pi You'll need a Raspberry Pi Model 3 to run Oracle Linux. The 3B+ is the best available device, and you should choose that over the predecessor Model 3B and all other previous models. Both Model 3 boards retain the (constraining) 1GB of RAM—a SODIMM socket would be far more practical. The newer board has a CPU that is 200MHz faster and a Gigabit-compatible Ethernet port (that is limited to 300Mbit due to the USB2 linkage that connects it). A Model A also exists, but it lacks many of the ports on the 3B. More important, the Model 3 platform introduces a 64-bit CPU. Go to Full Article
Oracle yesterday announced the release of Oracle Linux 8. New features include Application Streams, a "Dandified Yum", RPM improvements and much more. From the announcement: "With Oracle Linux 8, the core operating environment and associated packages for a typical Oracle Linux 8 server are distributed through a combination of BaseOS and Applications Streams. BaseOS gives you a running user space for the operating environment. Application Streams provides a range of applications that were previously distributed in Software Collections, as well as other products and programs, that can run within the user space."
Microsoft this week announced it was giving away software to help secure American voting machines. According to NBC News, "The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to 'enable a new era of secure, verifiable voting.' The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post."
Linux Mint 19.2 "Tina" Cinnamon beta was released this week. Some highlights in version 19.2 include improved kernel support in the update manager, improved software manager and a new look and layout for system reports. Go here to read about all the new features, and read the release notes here.
But what does the future of memory technologies look like? With traditional Flash technologies that are enabled via NVMe, you should continue to expect higher capacities. For instance, what comes after QLC or Quad-Level Cells NAND technology? Only time will tell. The next-generation NVMe specification will introduce a protocol standard operating across more PCI Express lanes and at a higher bandwidth. As memory technologies continue to evolve, the method in which you plug that technology into your computers will evolve with it.
Remember, the ultimate goal is to move closer to the CPU and reduce access times (that is, latencies). Figure 1. The Data Performance Gap as You Move Further Away from the CPU Storage Class Memory For years, vendors have been developing a technology in which you are able to plug persistent memory into traditional DIMM slots. Yes, these are the very same slots that volatile DRAM also uses. Storage Class Memory (SCM) is a newer hybrid storage tier. It's not exactly memory, and it's also not exactly storage. It lives closer to the CPU and comes in two forms: 1) traditional DRAM backed by a large capacitor to preserve data to a local NAND chip (for example, NVDIMM-N) and 2) a complete NAND module (NVDIMM-F). In the first case, you retain DRAM speeds, but you don't get the capacity. Typically, a DRAM-based NVDIMM is behind the latest traditional DRAM sizes. Vendors such as Viking Technology and Netlist are the main producers of DRAM-based NVDIMM products.
The second, however, will give you the larger capacity sizes, but it's not nearly as fast as DRAM speeds. Here, you will find your standard NAND—the very same as found in modern Solid State Drives (SSDs) fixed onto your traditional DIMM modules. Go to Full Article
New Linux malware has been discovered that masquerades as a GNOME shell extension and spies on users. Bleeping Computer reports that Intezer Labs' researchers made the discovery earlier this month, and they say that "EvilGnome's functionalities include desktop screenshots, file stealing, allowing capturing audio recording from the user's microphone and the ability to download and execute further modules. The implant contains an unfinished keylogger functionality, comments, symbol names and compilation metadata which typically do not appear in production versions." See Intezer's blog for more on EvilGnome.
Fedora recently announced the first preview release of Fedora CoreOS. From the announcement: "Fedora CoreOS is built to be the secure and reliable host for your compute clusters. It's designed specifically for running containerized workloads without regular maintenance, automatically updating itself with the latest OS improvements, bug fixes, and security updates. The initial preview release of Fedora CoreOS runs on bare metal, QEMU, VMware, and AWS, on x86_64 only." Go here to download and get started with Fedora CoreOS.
Germany has banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple, because the companies weren't meeting the country's privacy requirements. Naked Security reports, that the statement from the Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) said, "The digital sovereignty of state data processing must be guaranteed. With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, whose content has not been finally clarified despite repeated inquiries to Microsoft. Such data is also transmitted when using Office 365." The HBDI also stressed that "What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensible set out. Therefore, it is also true that for schools, privacy-compliant use is currently not possible."
VirtualBox 6.0.10 was released this week. According to Linux Uprising, it's a maintenance release with mostly bug fixes, but it does have one main new addition: "support for UEFI secure boot driver signing on Ubuntu and Debian 10+ hosts". See the full Changelog for more details.
Sparky 5.8 "Nibiru" has new live/install media available to download. This is the first release of the stable line based on Debian 10 "Buster". Changes include Linux kernel 4.19.37-5 (i686 and amd64) and 4.19.57-v7 (ARMHF), Calamares installer updated to 3.2.11, old third party repositories have been removed and much more. Go here to download the Sparky stable edition. NewsSecurityGNOMEFedoraGermanyMicrosoftGoogleAppleVirtualBoxUEFISparky Linux
Shrinking Linux Attack Surfaces by Zack Brown Often, a kernel developer will try to reduce the size of an attack surface against Linux, even if it can't be closed entirely. It's generally a toss-up whether such a patch makes it into the kernel. Linus Torvalds always prefers security patches that really close a hole, rather than just give attackers a slightly harder time of it.
Matthew Garrett recognized that userspace applications might have secret data that might be sitting in RAM at any given time, and that those applications might want to wipe that data clean so no one could look at it.
There were various ways to do this already in the kernel, as Matthew pointed out. An application could use mlock() to prevent its memory contents from being pushed into swap, where it might be read more easily by attackers. An application also could use atexit() to cause its memory to be thoroughly overwritten when the application exited, thus leaving no secret data in the general pool of available RAM.
The problem, Matthew pointed out, came if an attacker was able to reboot the system at a critical moment—say, before the user's data could be safely overwritten. If attackers then booted into a different OS, they might be able to examine the data still stored in RAM, left over from the previously running Linux system.
As Matthew also noted, the existing way to prevent even that was to tell the UEFI firmware to wipe system memory before booting to another OS, but this would dramatically increase the amount of time it took to reboot. And if the good guys had won out over the attackers, forcing them to wait a long time for a reboot could be considered a denial of service attack—or at least downright annoying.
Ideally, Matthew said, if the attackers were only able to induce a clean shutdown—not simply a cold boot—then there needed to be a way to tell Linux to scrub all data out of RAM, so there would be no further need for UEFI to handle it, and thus no need for a very long delay during reboot.
Matthew explained the reasoning behind his patch. He said:
Unfortunately, if an application exits uncleanly, its secrets may still be present in RAM. This can't be easily fixed in userland (eg, if the OOM killer decides to kill a process holding secrets, we're not going to be able to avoid that), so this patch adds a new flag to madvise() to allow userland to request that the kernel clear the covered pages whenever the page reference count hits zero. Since vm_flags is already full on 32-bit, it will only work on 64-bit systems.
Matthew Wilcox liked this plan and offered some technical suggestions for Matthew G's patch, and Matthew G posted an updated version in response. Go to Full Article
Page last modified on October 08, 2013, at 07:08 PM