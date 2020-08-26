The Document Foundation (TDF) has announced the release of LibreOffice 7.0. This major release is a significant upgrade from version 6.4.6, focusing on interoperability with Microsoft Office, general performance, and support for OpenDocument Format (ODF) version 1.3. A complete list of new features and bug fixes can be found in the release notes. When talking about the latest LibreOffice release, one must also talk about ODF, the default format for LibreOffice documents. ODF version 1.3, which was approved as an OASIS Committee specification back in December 2019, offers several improvements to the format that LibreOffice can now take advantage of. For the security concerned, document encryption using OpenPGP (PGP) is a welcome addition. Further, while LibreOffice has supported digital signatures in past releases via SSL/TLS certificates, PGP keys can now be used to sign documents in LibreOffice 7.0.

Back during the Ubuntu 20.04 cycle there was an attempt to switch the iptables back-end to Nftables by default. That plan was ultimately foiled by LXD at the time running into issues and other fallout. But now t hat those issues should be addressed and Debian Buster has switched to Nftables, the move is being re-attempted next week for Ubuntu 20.10. Distributions like Fedora already switched to Nftables in the past, Debian is now on it, and Ubuntu 20.10 should be ready for it. Nftables as a packet filtering/classification framework for filtering network traffic is very stable at this point and addresses issues with IPTables. Nftables is generally regarded as being faster than IPTables, provide better rule-set handling, API benefits, more extensible, and other advantages. Ubuntu To Try Again In Switching IPTables To Use Nftables Backend

Leftovers: LWN on Kernel and More 5.9 Merge window, part 2 By the time Linus Torvalds released 5.9-rc1 and closed the merge window for this cycle, 12,866 non-merge changesets had been pulled into the mainline repository. Nearly 9,000 of those came in after the first 5.9 merge-window summary was written. Clearly the kernel-development community remains busy. Much of what was merged takes the form of cleanups and restructuring, as always, but there was also a substantial set of new features.

Theoretical vs. practical cryptography in the kernel Shortly before the release of the 5.8 kernel, a brief patch to a pseudo-random-number generator (PRNG) used by the networking stack was quietly applied to the kernel. As is the norm for such things, the changelog gave no indication that a security vulnerability had been fixed, but that turns out indeed to be the case. The resulting controversy had little to do with the original vulnerability, though, and everything to do with how cryptographic security is managed in the kernel. Figuring prominently in the discussion was the question of whether theoretical security can undermine security in the real world. Port numbers assigned to network sockets are not an especially secure item — they are only 16 bits, after all. That said, there is value in keeping them from being predictable; an attacker who can guess which port number will be assigned next can interfere with communications and, in the worst case, inject malicious data. Seemingly back in March, Amit Klein reported a port-guessing vulnerability to the kernel's security team; properly exploited, this vulnerability could be used to inject malicious answers to DNS queries, as one example. The source of the problem comes down to how the kernel selects port numbers, which should be chosen randomly so as to not be guessable by an attacker. The kernel is able to generate random numbers that, as far as anybody knows, are not predictable, but doing so takes time — more time than the network stack is willing to wait. So, instead, the networking code calls prandom_u32(), which is a much simpler PRNG; it is effectively a linear-feedback shift register. That makes it fast, but unsuited to cryptographic operations; its output is a relatively simple function of its state, so anybody who can figure out what its internal state is can predict its output going forward. Klein, it seems, was able to do exactly that by observing the port numbers assigned by the kernel.

PHP Debugging using Xdebug While PHP does not come with a full toolkit for debugging and profiling, an open-source project has existed almost as long as PHP to provide both: Xdebug. Created and maintained by PHP core developer Derick Rethans, it offers remote debugging, stack traces, profiling, and more. It is a project that anyone doing PHP development would benefit from using.

DigitalOcean & Others Still Working On Core Scheduling To Make Hyper Threading Safer With vulnerabilities like L1TF and Microarchitectural Data Sampling (MDS) prominently showing the insecurities of Intel Hyper Threading, DigitalOcean and other organizations continue spearheading a core scheduling implementation for Linux that could allow HT to remain enabled but with reducing the security risk. DigitalOcean has been working on Linux core scheduling for more than one year as a means of ensuring only trusted applications get scheduled to run on siblings of a core. At the same time, the scheduler aims to try to avoid using SMT/HT in areas where it could degrade the performance.

Andrei Lisita: GSoC 2020 Final Submission This summer is slowly coming to an end and with it the final month of Google Summer of Code. This blog post will serve as the final submission for my participation. I’ll go one by one over the Merge Requests that got accepted into Epiphany and give a short description of my work.

Voxel plotting with gnuplot 5.4 In this followup to our coverage of the release of gnuplot 5.4, we look more deeply at one of the new features: voxel plots. We only briefly touched on these plots in that article, but they are the most conspicuous addition in this release of the free-software graphing tool. Voxel plotting provides multiple ways to visualize 3D data, so it is worth looking at this new plot type in more detail. [...] The first six lines of the script set the ranges of the display bounding box, the angle of view, the position of the bottom plane, and set the borders to surround the box on all sides. The next line, beginning with $charges, defines a "data block" consisting of the following two lines. Each line contains x, y, z, coordinates and, in the fourth column, the magnitude of the charge. The final command, broken over two lines, plots the two charges using their positions, extracted with the using 1:2:3 piece, and the charge value from the fourth column, extracted with the :4. This value is used to decide which colors the plotted points should be, by mapping the value onto the color palette, which is what the "linecolor palette" tells gnuplot to do. The other clauses set the pointsize to be five character widths and the pointtype to a circle (7). Next, we will make a graph of the 3D structure of the potential field around these two charges. For this, we turn to the voxel grid. Just as a 2D image, such as a photograph, is a rectangular array of pixels, data in 3D can be represented as a 3D rectangular array of voxels, or volume pixels. Each voxel has x, y, and z coordinates, and a numerical value attached to it, so the voxel grid can represent a function of three variables, f(x, y, z). Note that this is completely new in gnuplot 5.4; previously, 3D plotting was confined to the plotting of surfaces or other representations of functions of two variables

Searching code with Sourcegraph Sourcegraph is a tool for searching and navigating around large code bases. The tool has various search methods, including regular-expression search, and "structural search", which is a relatively new technique that is language-aware. The open-source core of the tool comes with code search, go-to-definition and other "code intelligence" features, which provide ways for developers to make sense of multi-repository code bases. Sourcegraph's code-searching tools can show documentation for functions and methods on mouse hover and allow developers to quickly jump to definitions or to find all references to a particular identifier. The Sourcegraph server is mostly written in Go, with the core released under the Apache License 2.0; various "enterprise" extensions are available under a proprietary license. The company behind Sourcegraph releases a new version of the tool every month, with the latest release (3.18) improving C++ support and the 3.17 release featuring faster and more accurate code search as well as support for AND and OR search operators.