Language Selection

English French German Italian Portuguese Spanish

Security: Meltdown & Spectre, Critical CSRF Security Vulnerability, OpenVPN and More

Filed under
Security
  • Meltdown & Spectre
  • Meltdown and Spectre Linux Kernel Status

    By now, everyone knows that something “big” just got announced regarding computer security. Heck, when the Daily Mail does a report on it , you know something is bad…

    Anyway, I’m not going to go into the details about the problems being reported, other than to point you at the wonderfully written Project Zero paper on the issues involved here. They should just give out the 2018 Pwnie award right now, it’s that amazingly good.

    If you do want technical details for how we are resolving those issues in the kernel, see the always awesome lwn.net writeup for the details.

    Also, here’s a good summary of lots of other postings that includes announcements from various vendors.

  • Spectre and Meltdown: What you need to know going forward

    As you've likely heard by now, there are some problems with Intel, AMD, and ARM processors. Called Meltdown and Spectre, the discovered attack possibilities are rather severe, as they impact pretty much every technical device on the network or in your house (PCs, laptops, tablets, phones, etc.).

    Here's a breakdown of all the things you need to know. As things change, or new information becomes available, this article will be updated.

    The key thing to remember is not to panic, as the sky isn't about to come crashing down. The situation is one that centers on information disclosure, not code execution (a far more damning issue to deal with).

  • Open Source Leaders: Take Intel to Task

    I do not know Linus Torvalds or Theo de Raadt. I have never met either of them and have read very little about them. What I do know, gleaned from email archives, is when it comes to bum hardware: they both have pretty strong opinions. Both Linus and Theo can be a bit rough around the edges when it comes to giving their thoughts about hardware design flaws: but at least they have a voice. Also, Linus and Theo have often been at odds whether it be about how to approach OS design, licensing etc but I suspect, or I at least have to believe, the latest incident from intel (the Spectre and Meltdown flaws) is one area they agree on.

    Linus and Theo cannot possibly be the only Open Source leaders out there who are frustrated and tired of being jerked around by intel. What I hope comes out of this is not many different voices saying the same thing here and there but instead, perhaps, our various leaders could get together and take intel to task on this issue. Intel not only created a horrible design flaw they lied by omission about it for several months. During those months the Intel CEO quietly dumped his stock. What a hero.

  • Docker Performance With KPTI Page Table Isolation Patches

    Overall most of our benchmarks this week of the new Linux Kernel Page Table Isolation (KPTI) patches coming as a result of the Meltdown vulnerability have showed minimal impact overall on system performance. The exceptions have obviously been with workloads having high kernel interactions like demanding I/O cases and in terms of real-world impact, databases. But when testing VMs there's been some minor impact more broadly than bare metal testing and also Wine performance has been impacted. The latest having been benchmarked is seeing if the Docker performance has been impacted by the KPTI patches to see if it's any significant impact since overall the patched system overhead certainly isn't anything close to how it was initially hyped by some other media outlets.

  • Can We Replace Intel x86 With an Open Source Chip?
  • Critical CSRF Security Vulnerability in phpMyAdmin Database Tool Patched

    A "cross site request forgery" vulnerability in a popular tool for administrating MySQL and MariaDB databases that could lead to data loss has been patched.

  • 8 reasons to replace your VPN client with OpenVPN

    OpenVPN could be the answer. It's an ultra-configurable open source VPN client which works with just about any VPN provider that supports the OpenVPN protocol. It gives you new ways to automate, optimize, control and troubleshoot your connections, and you can use it alongside your existing client, or maybe replace it entirely – it's your call.

  • I’m harvesting credit card numbers and passwords from your site. Here’s how.

More in Tux Machines

RISC OS Liberated

  • Acorn Computer's RISC OS operating system finally goes fully open source
    RISC OS, the operating system that powered Acorn Computer's Archimedes computers in the 1980s and 1990s, has been fully released to open source. The move was welcomed by Raspberry Pi CEO Eben Upton: "RISC OS is a great demonstration of how much performance a well-tuned operating system and user interface can wring out of a platform. Moving to a free open source licence should bring a renewed interest to RISC OS." The shift to open source will enable the operating system to be used in new environments and markets, according to RISC OS Developments director Andrew Rawnsley. "This move unlocks a lot of opportunities for RISC OS that were previously inaccessible due to former licence restrictions. We look forward to seeing the exciting projects that this makes possible," said Rawnsley.
  • Roughly 30 years after its birth at UK's Acorn Computers, RISC OS 5 is going open source
    RISC OS was designed and developed by Acorn Computers, once dubbed the Apple of Britain, in the 1980s to run on the fledgling 32-bit Arm processor family, also designed by Acorn. Yes, the Arm that now powers the world's smartphones, embedded electronics, Internet-of-Things, and more, although it's come a long way since its mid-1980s genesis. The operating system, meanwhile, began life as the rough-around-the-edges Arthur 1.20 in 1987 for the ARM2-powered Archimedes A305 and A310, and by 1989, had morphed into the more slick RISC OS 2, written mostly in handcrafted assembly language for performance and memory-footprint reasons.

Android Leftovers

Qt 5.9.7 Released

Qt 5.9.7 is released today. As a patch release Qt 5.9.7 does not add any new functionality, but provides important bug fixes and other improvements. Compared to Qt 5.9.6, the new Qt 5.9.7 contains almost 60 bug fixes. In total there are around 180 changes in Qt 5.9.7 compared to Qt 5.9.6. For details of the most important changes, please check the Change files of Qt 5.9.7. Qt 5.9.7 can be updated to using the maintenance tool of the online installer. For new installations, please download latest online installer from Qt Account portal or from qt.io Download page. Offline packages are available for commercial users in the Qt Account portal and at the qt.io Download page for open-source users. Read more

Great News! Linus Torvalds is Back in Charge of Linux

Linus Torvalds is back in charge of Linux Kernel development. It remains to be seen whether he has improved his behavior and become a gentler person or not. Read more