Language Selection

English French German Italian Portuguese Spanish

Whither Fuchsia? Will the new OS be Google's way to avoid sharing Linux code?

Filed under

If Google decides to use its new operating system Fuchsia will it lead to the company abandoning Linux - the kernel is used in Android - and lead to what one security professional is claiming will be "withdrawal of resources, investment, and Linux's largest userbase"? If this happens at the same time as the rise of Fuchsia is it certain it "will have a devastating effect"?

Read more

Security Researchers Attacked Google’s Mysterious Fuchsia OS

  • Security Researchers Attacked Google’s Mysterious Fuchsia OS: Here’s What They Found

    A couple of things that Computer Business Review has widely covered are important context for the security probe. (These won’t be much surprise to Fuchsia’s followers of the past two years.)

    i.e. Fuschsia OS is based on a tiny custom kernel from Google called Zircon which has some elements written in C++, some in Rust. Device drivers run in what’s called “user mode” or “user land”, meaning they’re not given fully elevated privileges. This means they can be isolated better.

    In user land, everything that a driver does has to go via the kernel first before hitting the actually computer’s resources. As Quark Labs found, this is a tidy way of reducing attack surface. But with some sustained attention, its researchers managed to get what they wanted: “We are able to gain kernel code execution from a regular userland process.”

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Videos/Shows: Ubuntu Cinnamon Remix 21.04, Coder Radio, and KDE Breeze Redesign and Blue Ocean

NetBSD: aiomixer, X/Open Curses and ncurses, and other news

aiomixer is an application that I've been maintaining outside of NetBSD for a few years. It was available as a package, and was a "graphical" (curses, terminal-based) mixer for NetBSD's audio API, inspired by programs like alsamixer. For some time I've thought that it should be integrated into the NetBSD base system - it's small and simple, very useful, and many developers and users had it installed (some told me that they would install it on all of their machines that needed audio output). For my particular use case, as well as my NetBSD laptop, I have some small NetBSD machines around the house plugged into speakers that I play music from. Sometimes I like to SSH into them to adjust the playback volume, and it's often easier to do visually than with mixerctl(1). However, there was one problem: when I first wrote aiomixer 2 years ago, I was intimidated by the curses API, so opted to use the Curses Development Kit instead. This turned out to be a mistake, as not only was CDK inflexible for an application like aiomixer, it introduced a hard dependency on ncurses. Read more

Core Scheduling Looks Like It Will Be Ready For Linux 5.14 To Avoid Disabling SMT/HT

It looks like the years-long effort around CPU core scheduling that's been worked on by multiple vendors in light of CPU security vulnerabilities threatening SMT/HT security will see mainline later this summer with Linux 5.14. Linux core scheduling has been worked on by pretty much all of the hyperscalers and public cloud providers to improve security without disabling Hyper Threading. Core scheduling is ultimately about what resources can share a CPU core and ensuring potentially unsafe tasks don't run on a sibling thread of a trusted task. Read more

IBM/Red Hat/Fedora Leftovers

  • Automating RHEL for Edge image rollback with GreenBoot

    With the release of Red Hat Enterprise Linux (RHEL) 8.3, Red Hat announced an rpm-ostree version of RHEL targeted for Edge use cases called RHEL for Edge. One of the unique features of rpm-ostree is that when you update the operating system, a new deployment is created, and the previous deployment is also retained. This means that if there are issues on the updated version of the operating system, you can roll back to the previous deployment with a single rpm-ostree command, or by selecting the previous deployment in the GRUB boot loader. While this ability to manually roll back is very useful, it still requires manual intervention. Edge computing use case scenarios might be up in the tens or hundreds of thousands of nodes, and with this number of systems, automation is critical. In addition, in Edge deployments, these systems might be across the country or across the world, and it might not be practical to access a console on them in the event of issues with an updated image. This is why RHEL for Edge includes GreenBoot, which can automate RHEL for Edge operating system rollbacks. This post will cover an overview of how to get started with GreenBoot and will walk through an example of using GreenBoot.

  • Using Ansible to configure Podman containers

    In complex IT infrastructure, there are many repetitive tasks. Running those tasks successfully is not easy. Human error always presents a chance of failure. With help of Ansible, you perform all of the tasks through a remote host and, as the tasks are executed with playbooks, and those playbooks can be reused as many times as you need. In this article you will learn how to install and configure Ansible on Fedora Linux and describe how to use it to manage and configure Podman containers. Ansible Ansible is an open source infrastructure automation tool sponsored by Red Hat. It can deal with all the problems that come with large infrastructure, like installing & updating packages, taking backups, ensuring specific services are always running, and much more. You do this with a playbook which is written in YAML. Ansible playbooks can be used again and again, making the system administrator’s job less complex. Playbooks also eliminate repetitive tasks and can be easily modified. But we have many automation tools like Ansible, why use it? Unlike some other configuration management tools, Ansible is agentless: you don’t have to install anything on managed nodes. For more information about Ansible, see the Ansible tag in Fedora Magazine.

  • Getting better at counting rpm-ostree based systems

    Since the release of Fedora 32, a new mechanism has been in place to better count the number of Fedora users while respecting their privacy. This system is explicitly designed to make sure that no personally identifiable information is sent from counted systems. It also insures that the Fedora infrastructure does not collect any personal data. The nickname for this new counting mechanism is “Count Me”, from the option name. Details are available in DNF Better Counting change request for Fedora 32. In short, the Count Me mechanism works by telling Fedora servers how old your system is (with a very large approximation). This occurs randomly during a metadata refresh request performed by DNF.

  • Cockpit 244

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from Cockpit version 244 and Cockpit Machines 244.

  • A brief introduction to Ansible Vault

    Ansible Vault is an Ansible feature that helps you encrypt confidential information without compromising security.