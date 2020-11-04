Kernel: WireGuard, Dell and Oracle WireGuard Brings Speed and Simplicity to VPN Technology VPN technology has become a critical part of our digital lives, serving a variety of purposes including securing wireless connections, resolving geographical limitations, reaching prohibited websites and protecting the privacy of sensitive data. However, the unfortunate reality is that many of the VPN protocols on the market today are comlex, slow, unstable and insecure. Luckily, the new, innovative Wireguard protocol has demonstrated significant promise in all of these areas - and has earned a place in the mainline Linux kernel as a result. This article will briefly explore VPN protocols and potential concerns when implementing a VPN, and will dive deeper into the unique benefits that Wireguard offers users. [...] With VPN technology becoming an increasingly important part of our online lives, selecting a VPN that uses a simple, efficient and secure tunneling protocol like Wireguard is highly beneficial. Because of its impressive performance and efficiency, Wireguard is run as a Linux kernel module (LKM) and is used by a wide array of VPN providers as a simpler, more secure alternative to OpenVPN and IPsec. We expect to see the use of Wireguard increase over the coming years as the Wireguard project continues to progress toward releasing a stable version of its innovative open-source VPN tunneling protocol.

Dell Adding Hardware Privacy Driver For Linux - Phoronix Beginning in Dell's 2021 laptop models they are providing hardware-based "privacy buttons" to disable microphone and camera support. In preparations for more Dell laptops coming to market with these buttons, a Dell privacy driver is being prepared for the Linux kernel. These new Dell privacy buttons are basically hardware kill switches for the microphone and web camera video stream. The Dell privacy driver sent out on Tuesday for the Linux kernel is about manipulating the relevant LEDs and tracking the status of the hardware-based controls where as the actual toggling of the audio/video support is handled by the hardware.

Multithreaded Struct Page Initialization During boot, the kernel needs to initialize all its page structures so they can be freed to the buddy allocator and put to good use. This became expensive as memory sizes grew into the terabytes, so in 2015 Linux got a new feature called deferred struct page initialization that brought the time down on NUMA machines. Instead of a single thread doing all the work, that thread only initialized a small subset of the pages early on, and then per-node threads did the rest later. This helped significantly on systems with many nodes, saving hundreds of seconds on a 24 TB server. However, it left some performance on the table for machines with many cores but not enough nodes to take full advantage of deferred init as it was initially implemented. One of the machines I tested had 2 nodes and 768 GB memory, and its pages took 1.7 seconds to be initialized, by far the largest component of the 4 seconds it took to boot the kernel.

Security Leftovers Malicious npm Package Created Backdoor On Target Devices [Ed: So malware with back doors was served by Microsoft and GitHub] Another malicious npm package appeared on the official repository that created a backdoor on users’ computers. The package impersonated an otherwise legit package to fool users.

The entirely predictable problems with the Vulnonym naming scheme Security researchers increasingly give security vulnerabilities they discover a unique and memorable name and logo. Names (and cute logos) generate more exposure for the vulnerability and the researchers who found it. The Computer Emergency Response Team Coordination Center (CERT/CC) believes this naming trend invokes “fear, uncertainty, and doubt for vendors, researchers, and the general public.” To address the situation, it has introduced Vulnonyms: a system for automatically naming vulnerabilities. What could possibly go wrong? Security vulnerabilities are often entered into the Common Vulnerabilities and Exposures (CVE) database and assigned a CVE ID number. These numbers are in the format CVE-YEAR-NUMBER (e.g. CVE-2020-12345). These identifiers, unlike the names assigned by researchers, aren’t memorable.

Security updates for Wednesday [LWN.net] Security updates have been issued by Arch Linux (chromium and firefox), Fedora (nss), openSUSE (pacemaker), Red Hat (bind, binutils, bluez, cloud-init, container-tools:rhel8, cryptsetup, cups, curl, cyrus-imapd, cyrus-sasl, dovecot, dpdk, edk2, evolution, expat, file-roller, fontforge, freeradius:3.0, freerdp and vinagre, freetype, frr, gd, glibc, GNOME, gnome-software and fwupd, gnupg2, grafana, httpd:2.4, idm:DL1 and idm:client, kernel, kernel-rt, libarchive, libexif, libgcrypt, libldb, libpcap, librabbitmq, libreoffice, librsvg2, libsolv, libssh, libtiff, libvpx, libX11, libxml2, libxslt, mailman:2.1, mingw-expat, nodejs:12, oddjob, oniguruma, opensc, openssl, openwsman, pcre2, pki-core:10.6 and pki-deps:10.6, poppler, prometheus-jmx-exporter, python-pip, python27:2.7, python3, python38:3.8, qt5-qtbase and qt5-qtwebsockets, resource-agents, SDL, spamassassin, sqlite, squid:4, subversion:1.10, sysstat, systemd, targetcli, tcpdump, thunderbird, varnish:6, vim, and virt:rhel and virt-devel:rhel), SUSE (apache-commons-httpclient, gnome-settings-daemon, gnome-shell, kernel, libvirt, opensc, ovmf, python, rmt-server, and sane-backends), and Ubuntu (accountsservice, gdm3, libytnef, python-cryptography, and spice-vdagent).

