Language Selection

English French German Italian Portuguese Spanish

Security: Intel Management Engine (ME), Snyk FUD, and Latest Security Updates

Filed under
Security
  • Replacing x86 firmware with Linux and Go

    The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.

    He began by noting that most times he is talking about firmware, it is with his coreboot hat on. But he removed said "very nice hat", since his talk was "not a coreboot talk". He listed a number of people who had worked on the project to "replace your exploit-ridden firmware with a Linux kernel", including several from partner companies (Two Sigma, Cisco, and Horizon Computing) as well as several other Google employees.

    The results they achieved were to drop the boot time on an Open Compute Project (OCP) node from eight minutes to 20 seconds. To his way of thinking, that is "maybe the single least important part" of this work, he said. All of the user-space parts of the boot process are written in Go; that includes everything in initramfs, including init. This brings Linux performance, reliability, and security to the boot process and they were able to eliminate all of the ME and UEFI post-boot activity from the boot process.

  • Interview: Why are open-source security vulnerabilities rising? [Ed: Snyk is a FUD firm. It has been smearing Free software a lot lately in an effort to just sell its services.]
  • Security updates for Wednesday

More in Tux Machines

Events: OpenStack Summit Vancouver, IBM Index, Eclipse CheConf 2018

  • OpenStack Summit Vancouver '18: Vote for Speakers
    The next OpenStack Summit takes place again in Vancouver (BC, Canada), May 21-25, 2018. The "Vote for Presentations" period started. All proposals are up for community votes. The deadline for your vote is will end February 25 at 11:59pm PST (February 26th at 8:59am CET)
  • IBM Index: A Community Event for Open Source Developers
    The first-ever INDEX community event, happening now in San Francisco, is an open developer conference featuring sessions on topics including artificial intelligence, machine learning, analytics, cloud native, containers, APIs, languages, and more.
  • Eclipse CheConf 2018 – Join the live stream February 21st at 10 am EST
    2017 was a fantastic year for the Che project, with more contributors, more commits, and more usage – this solidified Che’s position as the leading developer workspace server and browser IDE. Eclipse Che users logged over 7 million hours of public Che usage (plus more in private installs). We’ll discuss the growing cloud development market, Che’s position in it, and the exciting changes we’re planning for 2018.

Kernel News and Linux Foundation

  • Linux Kernel Module Growth
    The Linux kernel grows at an amazing pace, each kernel release adds more functionality, more drivers and hence more kernel modules. I recently wondered what the trend was for kernel module growth per release, so I performed module builds on kernels v2.6.24 through to v4.16-rc2 for x86-64 to get a better idea of growth rates...
  • A Linux Kernel Driver Is Being Worked On For Valve's Steam Controller
    Right now to make most use of the Steam Controller on Linux you need to be using the Steam client while there have been independent user-space programs like SC-Controller to enable Steam Controller functionality without the Steam client running. A new and independent effort is a Linux kernel driver for the Steam Controller. Through reverse-engineering, Rodrigo Rivas Costa has been developing a kernel driver for the Valve Steam Controller. This driver supports both USB cable and USB wireless adapters for the Steam Controller. This driver is being developed as a proper HID kernel driver so it should work with all existing Linux programs and doesn't require the use of the proprietary Steam client.
  • AT&T Puts Smart City IoT 'Edge' Computing On Direct Dial
  • Linux Foundation, AT&T Launch Akraino

Red Hat News and New Fedora 27 Live ISOs

Software: funny-manpages, Nginx, Cockpit and More

  • Have a Laugh With Funny Linux Man Pages
    There is a package unsurprisingly called funny-manpages and it adds some witty entries to the man pages.
  • HTTP/2 Server Push Directives Land in Nginx 1.13.9
    The open source Nginx 1.13.9 web server debuted today, providing support for a new HTTP/2 standard feature known as Server Push. The HTTP/2 web standard was completed three years ago in February 2015, with Nginx ahead of the curve in terms of HTTP/2 standard adoption. The NGINX Plus R7 release in September 2015 featured the first commercially supported enterprise-grade support provided by Nginx for HTTP/2.
  • Cockpit 162
    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 162.
  • 6 Best Linux Music Players That Every User Must Try — (2018 Edition)
    Watching movies and playing music is one of the primary entertainment purposes served by our computers. So, when you move to a new operating system, it makes perfect sense if you look for useful media players. In the past, we’ve already told you about the best video players for Linux and, in this article, we’ll be telling you about the best music players for Linux-based operating systems. Let’s take a look at them:
  • CPod (formerly Cumulonimbus) – A Beautiful Podcast App
    Today, we introduce a somewhat new podcast application that is simple and yet delivers efficiently across all 3 desktop platforms. CPod, (formerly known as Cumulonimbus), is an electron-based podcast app player for audiobook and podcast lovers.
  • Apper 1.0.0 is out!
    Apper the package/apps manager based on PackageKit has got it’s 1.0.0 version on it’s 10th birthday!
  • VidCutter – Quickly Trim and Join Video Clips
    VidCutter is an open-source cross-platform video editor with which you can quickly trim and join video clips. It is Python and Qt5-based, uses FFmpeg for its encoding and decoding operations, and it supports all the popular video formats not excluding FLV, MP4, AVI, and MOV. VidCutter boasts a customizable User Interface that you can personalize using themes and a plethora of settings that you can tweak to make your video editing environment more appealing.
  • Weblate 2.19.1
  • Tusk Evernote Client Updated, Is Now Available as a Snap
    The Tusk Evernote client is now available as a Snap. We spotlighted the unofficial Evernote app last year, finding that it added to and improved on the standard Evernote web app in a number of ways.