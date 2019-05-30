Security: Patches, Holes, 2FA, Linux FUD, Fedora 28 EoL and More
Red hat has released important security update and bug fix for pacemaker package.
The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures.
Security researcher Tavis Ormandy, who is a part of the Google Project Zero team, has already unearthed some serious bugs and threats in the past. This time, he found a new zero-day vulnerability in the Notepad app which affects users of the Windows operating system.
The zero-day exploit can be used to open a Windows CMD window from within the Notepad app. Ormandy explains that this is clearly a exploit because the attacker can’t correctly click dialogs, which means it’s not a security bug.
To increase the security of Python package downloads, we're beginning to introduce two-factor authentication (2FA) as a login security option on the Python Package Index. This is thanks to a grant from the Open Technology Fund; coordinated by the Packaging Working Group of the Python Software Foundation.
Starting today, the canonical Python Package Index at PyPI.org and the test site at test.pypi.org offer 2FA for all users. We encourage project maintainers and owners to log in and go to their Account Settings to add a second factor. This will help improve the security of their PyPI user accounts, and thus reduce the risk of vandals, spammers, and thieves gaining account access.
HiddenWasp malware seizes control of Linux systems [Ed: Not the fault of "Linux" but something which merely runs on top of it, leaving the system open to intruders]
This week, we’re discussing secure configurations, and why they matter. Our friends at the Center for Internet Security (CIS) listed “Secure Configurations” as the No. 5 most important security control on this year’s Top 20 hit list.
IT security is all about staying on top of vulnerabilities. Many of those could be fixed through a simple patch management program, and yet many noteworthy data breaches happen because known vulnerabilities were never patched. Each month we list some of those biggest flaws -- along with their fixes -- to keep you on top of vulnerabilities.
Kernel: Linux and EFI, Qualcomm Adreno 540 Support, AMD Is Aiming For Radeon RX 5700 "Navi" Support In Linux 5.3 + Mesa 19.2
EFI Special Memory (EFI_MEM_SP) succeeds the earlier ACPI HMAT (Heterogeneous Memory Attribute Table) for indicating if a memory pool is general purpose memory or intended for application-specific usage. If it is and the kernel obeys this new attribute, the kernel will avoid allocating to that region and reserve it for use by applications specifically looking for this specialized memory. For the most part it's intended for cases like HBM (High Bandwidth Memory) on a chip that may be addressable by the system itself but given its performance heuristics and limited capacity should be reserved for application-specific purposes rather than inadvertently being used by the kernel for mundane memory storage.
Support for Qualcomm's Adreno 540 series display/graphics could potentially be on the table for the Linux 5.3 kernel series. Patches are at least being reviewed for this A540 open-source support.
Jeffrey Hugo of the Qualcomm-aligned Code Aurora posted on Wednesday their latest patches on A540 enablement as found in the MSM8998 SoC. These patches are enough to get the MSM DRM/KMS driver lighting up for the Adreno 540 hardware though some user-space bits for the Mesa Freedreno/Turnip drivers might still be needed.
As I've been saying for weeks now since the initial AMDGPU LLVM compiler back-end support was posted and based upon the release cadences for the various projects: AMD's next-gen "Navi" GPU support is likely to come with Linux 5.3 and Mesa 19.2. That's now been further firmed up and does appear AMD will be posting those kernel and Mesa/OpenGL driver changes in early to mid June for meeting those release windows.
A beginner's guide to Silverblue
At Red Hat Summit 2019, I became fascinated with Fedora Silverblue, an immutable (i.e., unchangeable) variant of Fedora Workstation that primarily uses Flatpak to install apps. I've used Fedora for nearly three years (and Linux for about 22 years) and recently upgraded my machines (home and work) to Fedora 30. But I liked the idea of an immutable desktop and resolved to try it out when I got home.
According to the Fedora Silverblue User Guide:
"Fedora Silverblue is an immutable desktop operating system. It aims to be extremely stable and reliable. It also aims to be an excellent platform for developers and for those using container-focused workflows."
The day I returned from Red Hat Summit, I downloaded the latest image of Silverblue from the main Silverblue website. I burned it to a USB drive (do you really "burn" to a USB drive?) and tried to install it. The process failed, but I was jet-lagged, so I headed to bed suspecting that the problem might lie with the USB drive—I've found that about 50% of USB drives have problems when you try to install Linux from them. I woke up early (jet lag still), found a new USB drive, and tried again.
Also: PHP version 7.1.30, 7.2.19 and 7.3.6
Games: Space Mercs, Slime Rancher, The Colonist, Doom, Breaking Ground Expansion, Godhood
Developed as part of the "Linux First Initiative" from Bearded Giant Games, Linux is a true first-class citizen for the arcade space combat game Space Mercs.
Slime Rancher remains as one of the sweetest games available on Linux and it's getting bigger again next month.
Monomi Park has announced Viktor's Experimental Update, which is going to be released free for everyone on June 18th and it sounds quite amusing. You will need to help Viktor Humphries capture some glitches, which have taken on the form of slimes in his simulated reality. You will need to be fast, as this simulation degrades over time and the more you catch the better your rewards will be.
Love building up a city and watching it all come to life? Good news for you then, as The Colonists has now been released for Linux. Set in the far future, you follow a group of self-replicating robots that have escaped from Earth. As they search for somewhere to call home, they're also trying to achieve their dream goal: to become human.
Romero Games have now released the big free content pack for classic Doom, which can be run on Linux quite easily.
Are you ready to do some science?! Kerbal Space Program's rather large Breaking Ground Expansion is now out.
This expansion will see you land on the surface of various celestial bodies, deploy your tools like a central station, booster antenna, solar panel, weather station, active seismometer and more and begin doing some serious science. The task where you actually have to smash something into the ground particularly sounds like fun, especially as it's the one thing in KSP I'm actually good at.
Abbey Games (Renowned Explorers, Reus) are getting ready to launch their new strategy sim Godhood, with it now having a release date set for July 10th. As a reminder, they delayed the Early Access release originally and they mentioned the good news about the delay is that it would see same-day Linux support!
