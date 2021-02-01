Security Leftovers
Live Patching Ubuntu Server so That You Don't Have to Reboot it
Managing Linux servers can feel like a chore specially if you have to perform repeated tasks.
Updating the server is one of those tasks. While you can opt to automatically install security updates on your server, it doesn't make you completely free from the maintenance task.
Why? Because the security updates to the kernel require restarting Ubuntu server.
If you use Ubuntu server on one of the cloud services like Linode, you'll notice that it notifies you that your system requires restart.
Patch Raspberry Pi Linux Kernel With KernelCare For FREE!
Think nobody cares about your Raspberry Pi? Here’s why you must patch Raspberry Pi Linux Kernel with KernelCare live patching service.
The Raspberry Pi kicked off a computing revolution. In 2012 at Cambridge University, a small team envisioned a tiny, cheap computer that can help revive interest in computer sciences. The first version, Model B, launched for about $50 and had everything it needed to run a full computer operating system - support for Linux, on-board memory, and physical IO ports.
A fully functional computer that is that cheap was going to be revolutionary, and the Raspberry Pi has found a home with enthusiasts - but also with commercial users. In fact, the Raspberry Pi Foundation estimates that 44% of Raspberry Pi units are sold to industrial customers.
Python cryptography, Rust, and Gentoo
There is always a certain amount of tension between the goals of those using older, less-popular architectures and the goals of projects targeting more mainstream users and systems. In many ways, our community has been spoiled by the number of architectures supported by GCC, but a lot of new software is not being written in C—and existing software is migrating away from it. The Rust language is often the choice these days for both new and existing code bases, but it is built with LLVM, which supports fewer architectures than GCC supports—and Linux runs on. So the question that arises is how much these older, non-Rusty architectures should be able to hold back future development; the answer, in several places now, has been "not much".
The latest issue came up on the Gentoo development mailing list; Michał Górny noted that the Python cryptography library has started replacing some of its C code with Rust, which is now required to build the library. Since the Gentoo Portage package manager indirectly depends on cryptography, "we will probably have to entirely drop support for architectures that are not supported by Rust". He listed five architectures that are not supported by upstream Rust (alpha, hppa, ia64, m68k, and s390) and an additional five that are supported but do not have Gentoo Rust packages (mips, 32-bit ppc, sparc, s390x, and riscv).
[...]
Eventually, things boiled over and commenting was disallowed from anyone other than project contributors. Gaynor, in particular, felt that the problems were unavoidable for these, largely ancient, platforms. Once the thread had closed, he summarized what had been discussed and reiterated that the cryptography developers are not going to be held back by platforms that do not support Rust.
Back in Gentoo-land, it turned out that the cryptography dependency for Portage came because it was using urllib3 and requests. Those two packages in Gentoo are dependent on cryptography, but it turns out that they do not actually need it. A pull request to fix that was merged, so the problem for Portage, which is pretty fundamental to the operation of a Gentoo system, was averted.
