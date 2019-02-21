Kernel: Linux 5.1, Linux 5.0, LVFS and Elisa A Number Of Additional Graphics Drawing Tablets To Be Supported By Linux 5.1 For those interested in using graphics drawing tablets on Linux, a number of devices will now be supported with the upcoming Linux 5.1 kernel cycle. A number of updates are pending to the "uclogic" HID driver for supporting various UC-Logic graphics tablet devices. This work for Linux 5.1 includes supporting a new version of the company's device protocol and going on to add support for the Ugee 2150, Ugee M540, XP-Pen Star G540, XP-Pen Star G640, XP-Pen Deco 01, and Ugee G5.

Looking At Why Linux 5.0 Is Running Slower For Apache & PostgreSQL On Some Systems Last week I reported on some slowdowns when running on the Linux 5.0 development kernel for both Intel and AMD systems. As a few days passed and the regression didn't seem to be figured out and addressed by upstream, and several inquiries from Phoronix readers, I spent some time looking at some of the slowdowns encountered when running on this bleeding-edge code. The slowdowns when encountered so far on a few different systems were some of the most sizable regressions since the Linux 4.14 to 4.15 transition when Spectre and Meltdown mitigations began rolling out. But with the 5.0 regressions, they haven't been across the board and range from a few percent to about 10% or so.

Making ATA updates just work The fwupd project has supported updating the microcode on ATA devices for about a month, and StarLabs is shipping firmware on the LVFS already. More are coming, but as part of the end-to-end testing with various deliberately-unnamed storage vendors we hit a thorny issue. Most drives require the firmware updater to use the so-called 0xE mode, more helpfully called ATA_SUBCMD_MICROCODE_DOWNLOAD_CHUNKS in fwupd. This command transfers chunks of firmware to the device, and then the ATA hardware waits for a COMRESET before switching to the new firmware version. On most drives you can also use 0x3 mode which downloads the chunks and switches to the new firmware straight away using ATA RESET. As in, your drive currently providing your root filesystem disconnects from your running system and then reconnects with the new firmware version running.

New Elisa Project Focuses on Linux In Safety-Critical Systems The project is called Elisa, for "Enabling Linux in Safety Applications," and it's aim is to create a shared set of tools and processes for building Linux-based systems that will operate without surprises in situations where failure could cause injury, loss of life, or result in significant property or environmental damage. These days computers are being used to perform a long and growing list of tasks that can have serious consequences if something goes wrong. This includes light rail systems where the trains often drive themselves, robotic devices, medical devices, and smart factories where potentially dangerous tasks are directed by single board computers spitting out X's and O's.

Security: VFEmail Incident, Spectre Mitigation, Open Source Voting and More VFEmail As this issue goes to print, news is circulating about a catastrophic hack on the mail provider VFEmail. According to reports, two decades of saved data for all US users is lost – totally wiped out. Email providers are accustomed to getting attacked, and most of the attacks are stopped at the front door. Attackers sometimes get through, in which case, the most common scenario is that they encrypt some data and ask for a ransom. In this case, however, the attacker didn't seem to really want anything, other than a chance to go on a rampage and destroy all the data. No attempt was made to deliver ransom demands. The crime did not look like extortion or theft but resembled something more like ordinary vandalism. The attacker careened around the network, reformatting disks and destroying data. Mail servers, file servers, VM servers, database servers, and even backup servers were lost. Although vandalism tends to appear random, this attack seems to have been carefully planned. According to reports, the attacker needed multiple passwords to access all these servers and therefore must have been lurking and listening on the network for some time to acquire the necessary access information. I won't solve the mystery in the time it takes to write this column. Too much is unknown at this time. Was the attack from a disturbed loner who just wanted to destroy something? Was it a disgruntled customer or a former employee out for revenge? Was it an inside job? Another possible scenario is that the attacker was a customer with a secret who decided to destroy the evidence by destroying every account, rather than just deleting personal emails and risking leaving a trail. The VFEmail attack caught the imagination of the high tech press because it was just so weird. Nefarious as ransomware attacks might be, we are at least able to classify them as being somehow related to the quest for money (which we all secretly understand). A wanton attack of vengeance or vandalism scares us the way we are scared by a tornado or a madman with a knife. This attack underscores the dark reality that the Internet really is an unsafe place. Criminals and sociopaths from all over the world can ride a magic carpet to your front door, and the onus is on you to find the right kind of lock – and to continually change the lock as new techniques render old locks ineffective. It is actually profoundly strange that our whole economy and trillions of dollars in business interests are based on this model.

Linux Kernel Continues to Offer Mitigation for Spectre Mitigation

Open Source Voting Attempts by Russia to interfere with US elections have been headline news in the last year. But the problems with the election process in the United States goes deeper than the public generally realizes and includes obsolete, proprietary systems, a lack of funds for upgrades, and near monopolies on voting machines. As the 2020 US elections near, academics are working to provide solutions to these issues – and open source software and hardware are at the core of these solutions, together with modern interface design.

OpenShift Commons Briefing: State of Open Source Security Report Review with Liran Tal (Snyk) [Ed: Red Hat is entertaining anti-FOSS and Microsoft-connected FUDsters from Snyk]

When an internet emergency strikes Research shows that we spend more time on phones and computers than with friends. This means we’re putting out more and more information for hackers to grab. It’s better to be safe than sorry in an internet emergency, but how you prepare depends on the type of emergency you’re facing.

Critical WinRAR Flaw Found Actively Being Exploited A critical 19-year-old WinRAR vulnerability disclosed last week has now been spotted actively being exploited in a spam campaign spreading malware. The campaign, discovered by researchers with 360 Threat Intelligence Center, takes advantage of a path-traversal WinRAR vulnerability, which could allow bad actors to remotely execute malicious code on victims’ machines simply by persuading them to open a file.

WinRAR Flaw Being Actively Used To Load Malware In Windows PCs