Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 46 min 17 sec ago

A set of weekend stable kernel updates

Saturday 28th of July 2018 08:32:26 PM
There is a new set of stable kernel updates available: 4.17.11, 4.14.59, 4.9.116, 4.4.145, and 3.18.117. Each contains another collection of important fixes.

[$] Teaching the OOM killer about control groups

Friday 27th of July 2018 10:03:06 PM
The kernel's out-of-memory (OOM) killer is summoned when the system runs short of free memory and is unable to proceed without killing one or more processes. As might be expected, the policy decisions around which processes should be targeted have engendered controversy for as long as the OOM killer has existed. The 4.19 development cycle is likely to include a new OOM-killer implementation that targets control groups rather than individual processes, but it turns out that there is significant disagreement over how the OOM killer and control groups should interact.

What Are Machine Learning Models Hiding? (Freedom to Tinker)

Friday 27th of July 2018 08:21:58 PM
Over on the Freedom to Tinker blog, Vitaly Shmatikov reports on some research he and others have been doing on machine-learning models—and what can be hidden inside them. "Federated learning, where models are crowd-sourced from hundreds or even millions of users, is an even juicier target. In a recent paper [PDF], we show that a single malicious participant in federated learning can completely replace the joint model with another one that has the same accuracy but also incorporates backdoor functionality. For example, it can intentionally misclassify images with certain features or suggest adversary-chosen words to complete certain sentences. When training ML [machine learning] models, it is not enough to ask if the model has learned its task well. Creators of ML models must ask what else their models have learned. Are they memorizing and leaking their training data? Are they discovering privacy-violating features that have nothing to do with their learning tasks? Are they hiding backdoor functionality? We need least-privilege ML models that learn only what they need for their task – and nothing more."

Remote Spectre exploits demonstrated

Friday 27th of July 2018 02:40:35 PM
This paper from four Graz University of Technology researchers [PDF] describes a mechanism they have developed to exploit the Spectre V1 vulnerability over the net, with no local code execution required. "We show that memory access latency, in general, can be reflected in the latency of network requests. Hence, we demonstrate that it is possible for an attacker to distinguish cache hits and misses on specific cache lines remotely, by measuring and averaging over a larger number of measurements. Based on this, we implemented the first access-driven remote cache attack, a remote variant of Evict+ Reload called Thrash+Reload. Our remote Thrash+Reload attack is a significant leap forward from previous remote cache timing attacks on cryptographic algorithms. We facilitate this technique to retrofit existing Spectre attacks to our network-based scenario. This NetSpectre variant is able to leak 15 bits per hour from a vulnerable target system." Other attacks described in the paper are able to achieve higher rates.

Security updates for Friday

Friday 27th of July 2018 02:05:35 PM
Security updates have been issued by CentOS (java-1.8.0-openjdk and thunderbird), Debian (busybox, chromium-browser, intel-microcode, mailman, and vim-syntastic), Fedora (NetworkManager-vpnc), SUSE (exempi, java-1_8_0-ibm, libofx, libsndfile, microcode_ctl, ntfs-3g, ovmf, rpm, util-linux, webkit2gtk3, and xen), and Ubuntu (clamav and evolution-data-server).

Financial woes for Slackware's Patrick Volkerding

Thursday 26th of July 2018 08:31:36 PM
Patrick Volkerding, who is the founder and benevolent dictator for life of the Slackware Linux distribution, posted a note at LinuxQuestions.org detailing some financial problems. It appears they mostly stem from a deal that he made with the Slackware Store that has gone badly awry. "Still not sure how to move forward, but I have some hope that the community might think that my work is and has been worth supporting. If at all possible I'd like to get away from replicating physical media which seems to be a lost cause. T-shirts? Well, maybe, but I don't see that providing a reasonable income either. I'm wondering how Patreon would do. It would at least be better than nothing, which is where I am now. Through all of this I have continued to work hard towards getting Slackware 15.0 released because I believe it will be by far the best release we've ever had, and because I'm dedicated to my work and the community that uses it. I've never really been in this for the money. " Note that there is at least one person out there soliciting Bitcoin who is not affiliated with Volkerding, in what looks like a scam of some sort; it is particularly sad because that is similar to what he alleges has happened with Slackware Store as well. No word, yet, on how to go about helping out. [Thanks to Ken Dawson for a heads-up about this.]

[Update: Volkerding has posted his PayPal link for donations.]

Security updates for Thursday

Thursday 26th of July 2018 02:01:53 PM
Security updates have been issued by Arch Linux (jenkins), CentOS (java-1.8.0-openjdk, openslp, and thunderbird), Fedora (dcraw and httpd), Oracle (java-1.8.0-openjdk and thunderbird), Red Hat (procps), Scientific Linux (thunderbird), SUSE (kernel), and Ubuntu (clamav and tomcat7, tomcat8).

[$] LWN.net Weekly Edition for July 26, 2018

Thursday 26th of July 2018 12:44:59 AM
The LWN.net Weekly Edition for July 26, 2018 is available.

[$] PostgreSQL and patents

Wednesday 25th of July 2018 10:28:37 PM

Patents and open-source projects are always a messy combination it seems. A recent discussion on the pgsql-hackers mailing list highlights some of the problems that can result even when a patent holder wants to make their patents available to a project like PostgreSQL. Software patents are a minefield in many ways—often projects want to just avoid the problems entirely by staying completely away from code known to be covered by patents.

[$] A kernel event notification mechanism

Wednesday 25th of July 2018 07:55:37 PM
The kernel has a range of mechanisms for notifying user space when something of interest happens. These include dnotify and inotify for filesystem events, signals, poll(), tracepoints, uevents, and more. One might think that there would be little need for yet another, but there are still events of interest that user space can only learn about by polling. In an attempt to fix this problem, David Howells, not content with his recent attempt to add seven new system calls for filesystem mounting, has put forward a proposal for a general-purpose event notification mechanism for Linux.

[$] Replacing AWK with Python in GCC?

Wednesday 25th of July 2018 05:45:58 PM

GCC has a lot of command-line options—so many, in fact, that its build process does a fair amount of processing using AWK to generate the option-parsing code for the compiler. But some find the AWK code to be difficult to work with. A recent post to the GCC mailing list proposes replacing AWK with Python in the hopes of more maintainable option-parsing generation in the future.

Stable kernel updates

Wednesday 25th of July 2018 03:05:42 PM
Stable kernels 4.17.10, 4.14.58, 4.9.115, and 4.4.144 have been released. They all contain important fixes throughout the tree and users should upgrade.

Security updates for Wednesday

Wednesday 25th of July 2018 02:58:46 PM
Security updates have been issued by Debian (ant, evolution-data-server, libarchive-zip-perl, mailman, resiprocate, slurm-llnl, and sympa), Mageia (firmware, kernel, microcode, and wesnoth), openSUSE (Chromium), Oracle (openslp and thunderbird), Red Hat (java-1.7.0-oracle, java-1.8.0-oracle, kernel, qemu-kvm-rhev, and thunderbird), SUSE (kernel, nautilus, and xen), and Ubuntu (ant and clamav).

Hutterer: Why it's not a good idea to handle evdev directly

Wednesday 25th of July 2018 02:33:00 PM
Peter Hutterer writes about why libinput exists. It turns out that, like most other hardware, input devices have no end of obnoxious quirks to deal with. "All this is just handling features that users have come to expect. Examples for non-features that you'll have to implement: on some Lenovo series (*50 and newer) you will get a pointer jump after a series of of events that only have pressure information. You'll have to detect and discard that jump. The HP Pavilion DM4 touchpad has random jumps in the slot data. Synaptics PS/2 touchpads may 'randomly' end touches and restart them on the next event frame 10ms later. If you don't handle that you'll get ghost taps. And so on and so forth."

More in Tux Machines

Security: X.Org Server, USBHarpoon, Kubernetes Penetration Testing

  • Three New Security Advisories Hit X.Org's X11 Library
    It's been a while since last having any big security bulletins for the X.Org Server even though some of the code-base dates back decades and security researchers have said the security is even worse than it looks and numerous advisories have come up in recent years. But it's not because X11 is bug-free as today three more security bulletins were made public affecting libX11. Today's security advisory pertains to three different functions in libX11 that are affected by different issues. The security issues come down to off-by-one writes, a potential out of boundary write, and a crash on invalid reply.
  • USBHarpoon: How “Innocent” USB Cables Can Be Manipulated To Inject Malware
    Back in 2014 Black Hat Conference, crypto specialists Karsten Nohl and Jakob Lell introduced the concept of BadUSB — a USB security flaw which allows attackers to turn a USB into a keyboard which can be used to type in commands. Now, a researcher from SYON Security has managed to build a modified USB charging cable that will enable hackers to transfer malware on your PC without you even noticing it. Behind the hood is the BadUSB vulnerability. [...] While BadUSB is gradually climbing the ladder towards the mainstream cyber attacks, people are also coming up with the corresponding firewalls to tackle the new age attacks.
  • Open Source 'Kube-Hunter' Does Kubernetes Penetration Testing
    Aqua Security released the open source kube-hunter tool for penetration testing of Kubernetes clusters, used for container orchestration. "You give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues -- it's like automated penetration testing," the company said in an Aug. 15 blog post. The tool -- with source code available on GitHub -- is also packaged by the company in a containerized version, which works with the company's kube-hunter Web site where test results can be seen and shared.

Linux-Friendly Hardware From Tranquil PC and Aaeon

  • Rugged, Linux-ready mini-PC showcases Ryzen V1000
    Tranquil PC open pre-orders on a fanless, barebones “Mini Multi Display PC” mini-PC with AMD’s Ryzen Embedded V1000 SoC, 4x simultaneous 4K DisplayPort displays, 2x GbE, and up to 32GB DDR4 and 1TB storage. Manchester, UK based Tranquil PC has launched the first mini-PC based on the AMD Ryzen Embedded V1000. The Mini Multi Display PC is named for the Ryzen V1000’s ability to simultaneously drive four 4K displays, a feature supported here with 4x DisplayPorts. The NUC-like, aluminum frame system is moderately rugged, with 0 to 40°C support and IP50 protection.
  • Apollo Lake Pico-ITX SBC has dual GbE ports and plenty of options
    Aaeon’s Apollo Lake powered “PICO-APL4” SBC offers a pair each of GbE, USB 3.0, and M.2 connections plus HDMI, SATA III, and up to 64GB eMMC. Aaeon has spun another Pico-ITX form-factor SBC featuring Intel Apollo Lake processors, following the PICO-APL3 and earlier PICO-APL1. Unlike those SBCs, the new PICO-APL4 has dual Gigabit Ethernet ports, among other minor changes.

State Certifies LA County’s New Open-Source Vote Tally System

Los Angeles County’s open-source vote tally system was certified by the secretary of state Tuesday, clearing the way for redesigned vote-by-mail ballots to be used in the November election. “With security on the minds of elections officials and the public, open-source technology has the potential to further modernize election administration, security and transparency,” Secretary of State Alex Padilla said. “Los Angeles County’s VSAP vote tally system is now California’s first certified election system to use open-source technology. This publicly-owned technology represents a significant step in the future of elections in California and across the country.” The system — dubbed Voting Solutions for All People (VSAP) Tally Version 1.0 — went through rigorous security testing by staffers working with the secretary of state as well as an independent test lab, according to county and state officials. Read more

Mesa and NVIDIA Graphics on Linux

  • Collabora's Mesa EGLDevice Work To Better Support Multiple GPUs
    As covered earlier this month, Emil Velikov at Collabora has been working on EGLDevice support for Mesa. These EGL extensions originally developed by NVIDIA are being pursued by Mesa developers for better dealing with the enumeration and querying of multiple GPUs on a system. Right now there is the DRI_PRIME environment variable to allow toggling between systems primarily with two GPUs (namely, Optimus notebooks have been the main use-case) but using EGLDevice support by the Mesa drivers the matter of GPU selection for OpenGL rendering can be made by the application/toolkit developer and for other scenarios like multi-GPU systems running without a display server.
  • NVIDIA 396.54 Linux Driver Released To Fix A OpenGL/Vulkan Performance Bug
    One day after announcing the GeForce RTX 2070/2080 series, NVIDIA has released a new Linux driver. But it's not a major new driver branch at this time (that's presumably coming closer to the 20 September launch date) with the Turing GPU support, but is a point release delivering a practical bug fix. The sole change listed in today's NVIDIA 396.54 driver update is, "Fixed a resource leak introduced in the 390 series of drivers that could lead to reduced performance after starting and stopping several OpenGL and/or Vulkan applications."