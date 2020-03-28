Security and FUD
Surviving the Frequency of Open Source Vulnerabilities
One hurdle in any roll-your-own Linux platform development project is getting the necessary tools to build system software, application software, and the Linux kernel for your target embedded device. Many developers use a set of tools based on the GNU Compiler Collection, which requires two other software packages: a C library used by the compiler; and a set of tools required to create executable programs and associated libraries for your target device. The end result is a toolchain.
In preference to working on features or product differentiation, developers often spend valuable time supporting, maintaining, and updating a cross-compilation environment, Linux kernel, and root file system. All of which, requires a significant investment of personnel and wide range of expertise.
Netgate® Extends Free pfSense® Support and Lowers pfSense Support Subscription Pricing to Aid in COVID-19 Relief
Free zero-to-ping support, free VPN configuration and connection support, free direct assistance for first responder | front line healthcare agencies, and reduced pfSense TAC support subscription prices all introduced
How the hackers are using Open Source Libraries to their advantage [Ed: Conflating hackers with crackers]
Ben Porter, Chief Product Officer at Instaclustr, writes about how the potential of Open Source Libraries must be balanced with the growing risk of library jacking by hackers.
Three Cases Where the Open Source Model Didn't Work [Ed: Lots of anti-GPL FUD and not taking any account of Microsoft crimes, monopoly abuse, bribes and blackmail]
So, why didn’t the open source model work in these three cases?
The main reason is that in all of these cases, data structure specs and the description of algorithms are not the most important piece of the picture.
The root of the problem is in the variety of real-life situations where bugs and failures may occur and lead to a data-loss situations, which is a total no-go in the real world.
The open source community is successful, though it has been in create open source programs and platforms, is still no guarantee of industrial-grade software development(3). The core to success in developing a highly reliable solution is a carefully nurtured auto-test environment. This assures a careful track record and in-depth analysis for every failure, as well as effective work-flow, making sure any given bug or failure never repeats. It’s obvious that building such an environment can take years, if not decades, and the main thing here is not to know how something should work according to specs, but to know how and where exactly it fails. In other words, the main problem is not the resources needed to develop the code, the main problem is time needed to build up a reliable test-coverage that will provide a sufficient barrier for data-loss bugs.
Another problem with open source is that it is usually accompanied by a GPL license. This limits the contribution to such projects almost solely to the open source community itself. One of the major requirements of the GPL license is to disclose changes to source code in case of further distribution, making it pointless for commercial players to participate.
Linux Kernel: Linux 5.7, Linux Security and Intel Gen9 Graphics On Linux
Android Leftovers
Ubuntu 18.04 vs. 20.04 LTS Performance Preview With Intel Xeon Scalable
There is less than one month to go until the official release of Ubuntu 20.04 LTS "Focal Fossa" but we've already begun experimenting with it for weeks across a variety of platforms. For the most part we have found Ubuntu 20.04 slated to offer some nice performance improvements, especially if upgrading from the existing LTS series, Ubuntu 18.04. In this article are our initial benchmarks looking at the Intel Xeon Scalable from Ubuntu 18.04 LTS to the current 20.04 near-final state.
Linux 5.6
So I'll admit to vacillating between doing this 5.6 release and doing another -rc. This has a bit more changes than I'd like, but they are mostly from davem's networking fixes pulls, and David feels comfy with them. And I looked over the diff, and none of it looks scary. It's just slightly more than I'd have preferred at this stage - not doesn't really seem worth delaying a release over. So about half the diff from the final week is network driver fixlets, and some minor core networking fixes. Another 20% is tooling - mostly bpf and netfilter selftests (but also some perf work). The rest is "misc" - mostly random drivers (gpio, rdma, input) and DTS files. With a smattering of fixes elsewhere (a couple of afs fixes, some vm fixes, etc). The shortlog is appended, nothing really looks all that exciting, and most of the discussions I've seen are already about things for the next merge window. Which obviously opens now as of the release, and I'll start doing pulls tomorrow. I already have a couple of pull requests in pending in my inbox - thank you. And while I haven't really seen any real sign of kernel development being impacted by all the coronavirus activity - I suspect a lot of us work from home even normally, and my daughter laughed at me and called me a "social distancing champ" the other day - it may be worth just mentioning: I think we're all reading the news and slightly distracted. I'm currently going by the assumption that we'll have a fairly normal 5.7 release, and there doesn't seem to be any signs saying otherwise, but hey, people may have better-than-usual reasons for missing the merge window. Let me know if you know of some subsystem that ends up being affected. So we'll play it by ear and see what happens. It's not like the merge window is more important than your health, or the health of people around you. Linus
