LWN.net

Security updates have been issued by Arch Linux (chromium, lib32-openssl-1.0, openssl-1.0, and tor), Debian (kildclient, openafs, openssl1.0, otrs2, reportbug, rsync, and sensible-utils), Fedora (tor), Mageia (deluge, evince, lynx, openssl, and rsync), openSUSE (chromium, GraphicsMagick, kernel, mercurial, and openssl), Red Hat (chromium-browser), SUSE (openssl), and Ubuntu (php5).

Linus has released the 4.15-rc4 kernelprepatch. "I would like to say that I hope things will continue tocalm down, but I already know I have more stuff pending. That, togetherwith the holidays, makes me strongly suspect that this will be one of those'we'll do an rc8' releases, but we'll see."

The dreaded UnicodeDecodeError exception is one of the signature"features" of Python 3. It is raised when the language encounters a byte sequencethat it cannot decode into a string; strictly treating stringsdifferently from arrays of byte values was something that came withPython 3. Two Python Enhancement Proposals (PEPs) bound forPython 3.7 look toward reducing those errors (and the related UnicodeEncodeError) forenvironments where they are prevalent—and often unexpected.

One of the keys to fitting the Linux kernel into a small system is toremove any code that is not needed. The kernel's configuration systemallows that to be done on a large scale, but it still results in thebuilding of a kernel containing many smaller chunks of unused code anddata. With a bit of work, though, the compiler and linker can be made towork together to garbage-collect much of that unused code and recover thewasted space for more important uses.<p>Click below (subscribers only) for a detailed article from Nicolas Pitre onhow to use link-time garbage collection to create a smaller kernel image.

Security updates have been issued by Debian (erlang), Fedora (python-dulwich), Gentoo (curl, opencv, openssl, and webkit-gtk), openSUSE (libapr-util1 and php5), Red Hat (qemu-kvm-rhev), and Ubuntu (linux, linux-aws, linux-kvm, linux-raspi2 and linux-lts-xenial, linux-aws).

In a vote that was not any kind of surprise, the US Federal Communications Commission (FCC) voted to end the "net neutrality" rules that stop internet service providers (ISPs) and others from blocking or throttling certain kinds of traffic to try to force consumers and content providers to pay more for "fast lanes". Ars Technica covers the vote and the reaction to it, including the fact that the fight is not yet over: "Plenty of organizations might appeal, said consumer advocate Gigi Sohn, who was a top counselor to then-FCC Chairman Tom Wheeler when the commission imposed its rules.'I think you'll see public interest groups, trade associations, and small and mid-sized tech companies filing the petitions for review,' Sohn told Ars. One or two 'big companies' could also challenge the repeal, she thinks.Lawsuit filers can challenge the repeal on numerous respects, she said. They can argue that the public record doesn't support the FCC's claim that broadband isn't a telecommunications service, that 'throwing away all protections for consumers and innovators for the first time since this issue has been debated is arbitrary and capricious,' and that the FCC cannot preempt state net neutrality laws, she said."

Linux Foundation Director of IT infrastructure security, Konstantin Ryabitsev, has put together a lengthy guide to using Git and PGP to protect the integrity of source code. In a Google+ post, he called it "beta quality" and asked for help with corrections and fixes. "PGP incorporates a trust delegation mechanism known as the 'Web of Trust.' At its core, this is an attempt to replace the need for centralized Certification Authorities of the HTTPS/TLS world. Instead of various software makers dictating who should be your trusted certifying entity, PGP leaves this responsibility to each user.Unfortunately, very few people understand how the Web of Trust works, and even fewer bother to keep it going. It remains an important aspect of the OpenPGP specification, but recent versions of GnuPG (2.2 and above) have implemented an alternative mechanism called 'Trust on First Use' (TOFU).You can think of TOFU as 'the SSH-like approach to trust.' With SSH, the first time you connect to a remote system, its key fingerprint is recorded and remembered. If the key changes in the future, the SSH client will alert you and refuse to connect, forcing you to make a decision on whether you choose to trust the changed key or not.Similarly, the first time you import someone's PGP key, it is assumed to be trusted. If at any point in the future GnuPG comes across another key with the same identity, both the previously imported key and the new key will be marked as invalid and you will need to manually figure out which one to keep.In this guide, we will be using the TOFU trust model."

Two new stable kernels have been released by Greg Kroah-Hartman: 4.14.6 and 4.9.69. As usual, they contain fixes all overthe kernel tree; users of those series should upgrade.

Security updates have been issued by Arch Linux (qt5-webengine and quagga), Debian (xrdp), Oracle (kernel), Red Hat (eap7-jboss-ec2-eap, go-toolset-7 and go-toolset-7-golang, and java-1.8.0-ibm), and SUSE (intel-SINIT and tomcat).

The LWN.net Weekly Edition for December 14, 2017 is available.

The MAP_FIXED option to the mmap()system call allows a process to specify that a mapping should be placedat a given virtual address if at all possible. It turns out, though, that"if at all possible" can involve a bit more collateral damage than somewould like, and can even lead to exploitable vulnerabilities. A new, saferoption is in the works but, as is often the case, it has run into a bit ofnon-technical difficulty.

The CloudNative Computing Foundation (CNCF) held its conference,KubeCon + CloudNativeCon, in December 2017. There were 4000 attendees at this gathering in Austin, Texas,more than all the previous KubeCons before, which shows the rapid growth of thecommunity building around the tool that was announced by Google in2014. Large corporations are also taking a larger part in the community, with major players in the industry joining the CNCF, which is a project of the Linux Foundation. The CNCF now features three of the largest cloudhosting businesses (Amazon, Google, and Microsoft), but also emergingcompanies from Asia like Baidu and Alibaba.

Linaro has announced the 17.12 release of its "Enterprise ReferencePlatform" distribution. "The goal of the Linaro Enterprise Reference Platform is to provide a fullytested, end to end, documented, open source implementation for ARM basedEnterprise servers. The Reference Platform includes kernel, a communitysupported userspace and additional relevant open source projects, and isvalidated against existing firmware releases."

Security updates have been issued by Debian (tiff), openSUSE (firefox, fossil, GraphicsMagick, and libheimdal), Red Hat (rh-java-common-lucene and rh-java-common-lucene5), and Ubuntu (libxml2).

For various reasons related to accounting and security, there is recurringinterest in having the kernel identify the container that holds any givenprocess. Attempts to implement that functionality tend to run into thesame roadblock, though: the kernel has no concept of what a "container" is,and there is seemingly little desire to change that state of affairs. A solution to this problem may exist in the form of a neglectedpatch called "ptags", which enables the attachment of arbitrary tags toprocesses.

<p>Social networking is often approached by the free-software community with acertain amount of suspicion—rightly so, since commercial social networksalmost always generate revenue by exploiting user data in one way oranother. While attempts at a free-software approach to social networking have so far not metwidespread success, the new ActivityPub federation protocol and itsimplementation in the free-software microblogging system Mastodon are gainingpopularity and already show some of the advantages of a community-drivenapproach.

Fedora 25 has reached its end of life. There will be no more updates.Users are advised to upgrade.

Security updates have been issued by Debian (chromium-browser, evince, pdns-recursor, and simplesamlphp), Fedora (ceph, dhcp, erlang, exim, fedora-arm-installer, firefox, libvirt, openssh, pdns-recursor, rubygem-yard, thunderbird, wordpress, and xen), Red Hat (rh-mysql57-mysql), SUSE (kernel), and Ubuntu (openssl).

Worth a read: thisAPNIC blog entry from Mark Nottingham on the near-term evolution ofvarious Internet protocols. "The newest change on the horizon is DOH — DNS over HTTP. A significant amount of research has shown that networks commonly use DNS as a means of imposing policy (whether on behalf of the network operator or a greater authority).Circumventing this kind of control with encryption has been discussed for a while, but it has a disadvantage (at least from some standpoints) — it is possible to discriminate it from other traffic; for example, by using its port number to block access.DOH addresses that by piggybacking DNS traffic onto an existing HTTP connection, thereby removing any discriminators."

"Load tracking" refers to the kernel's attempts to track how much load eachrunning process will put on the system's CPUs. Good load tracking canyield reasonable predictions about the near-future demands on the system;those, in turn, can be used to optimize the placement of processes and theselection of CPU-frequency parameters. Obviously, poor load tracking willlead to less-than-optimal results. While achieving perfection in load trackingseems unlikely for now, it appears that it is possible to do better thancurrent kernels do. The utilization estimationpatch set from Patrick Bellasi is the latest in a series of efforts tomake the scheduler's load tracking work well with a wider variety ofworkloads.

Artifex Software, Inc. and Hancom, Inc. have announceda confidential agreement to settle their legal dispute. The case filed byArtifex concerned the use of Artifex’s GPL licensed Ghostscript in Hancom'soffice product. "While the parties had their differences in the interpretation of the open source license, the companies were able to reach an amicable resolution based on their mutual respect for and recognition of the copyright protection and the open source philosophy."

A very early alpha version of the Elisa music player has been released."Elisa allows to browse music by album, artist or all tracks. The music is indexed using either a private indexer or an indexer using Baloo. The private one can be configured to scan music on chosen paths. The Baloo one is much faster because Baloo is providing all needed data from its own database. You can build and play your own playlist."

The Debian project has released updates to oldstable "jessie" and stable"stretch". Debian 9.3 "stretch" and Debian 8.10 "jessie" are available with theusual set of corrections for security issues and adjustments for seriousproblems.

Stable kernels 4.14.5, 4.9.68, 4.4.105, and 3.18.87 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by CentOS (postgresql), Debian (firefox-esr, kernel, libxcursor, optipng, thunderbird, wireshark, and xrdp), Fedora (borgbackup, ca-certificates, collectd, couchdb, curl, docker, erlang-jiffy, fedora-arm-installer, firefox, git, linux-firmware, mupdf, openssh, thunderbird, transfig, wildmidi, wireshark, xen, and xrdp), Mageia (firefox and optipng), openSUSE (erlang, libXfont, and OBS toolchain), Oracle (kernel), Slackware (openssl), and SUSE (kernel and OBS toolchain).

The 4.15-rc3 kernel prepatch is out."I'm not thrilled about how big the early 4.15 rc's are, but rc3 isoften the biggest rc because it's still fairly early in thecalming-down period, and yet people have had some time to startfinding problems. That said, this rc3 is big even by rc3 standards.Not good." 489 changesets were merged since 4.15-rc2.

The Let's Encrypt project, workingto encrypt as much web traffic as possible, looksforward to the coming year. "First, we’re planning to introducean ACME v2 protocol API endpoint and support for wildcard certificatesalong with it. Wildcard certificates will be free and available globallyjust like our other certificates. We are planning to have a public test APIendpoint up by January 4, and we’ve set a date for the full launch:Tuesday, February 27."

The Fedora Project's currently underway elections for the Fedora Council,FESCo, and the Mindshare committee have been canceled due to some glitches inmaking the interview material available. The project plans to get its acttogether and retry the elections in early January.

Security updates have been issued by Arch Linux (chromium and vlc), Debian (erlang), Mageia (ffmpeg, tor, and wireshark), openSUSE (chromium, opensaml, openssh, openvswitch, and php7), Oracle (postgresql), Red Hat (chromium-browser, postgresql, rh-postgresql94-postgresql, rh-postgresql95-postgresql, and rh-postgresql96-postgresql), SUSE (firefox, java-1_6_0-ibm, opensaml, and xen), and Ubuntu (kernel, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-azure, linux-gcp, linux-hwe, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync).

High-bandwidthDigital Content Protection (or HDCP) is an Intel-designedcopy-protection mechanism for video and audio streams. It is a digitalrights management (DRM)system of the type disliked by many in the Linux community. But doesthat antipathy mean that Linux should not support HDCP? That question isbeing answered — probably in favor of support — in a conversation underwayon the kernel mailing lists.

At Opensource.com, Mike Bursell looks at blockchain security from the angle of trust. Unlike cryptocurrencies, which are pseudonymous typically, other kinds of blockchains will require mapping users to real-life identities; that raises the trust issue. "What's really interesting is that, if you're thinking about moving to a permissioned blockchain or distributed ledger with permissioned actors, then you're going to have to spend some time thinking about trust. You're unlikely to be using a proof-of-work system for making blocks—there's little point in a permissioned system—so who decides what comprises a "valid" block that the rest of the system should agree on? Well, you can rotate around some (or all) of the entities, or you can have a random choice, or you can elect a small number of über-trusted entities. Combinations of these schemes may also work.If these entities all exist within one trust domain, which you control, then fine, but what if they're distributors, or customers, or partners, or other banks, or manufacturers, or semi-autonomous drones, or vehicles in a commercial fleet? You really need to ensure that the trust relationships that you're encoding into your implementation/deployment truly reflect the legal and IRL [in real life] trust relationships that you have with the entities that are being represented in your system.And the problem is that, once you've deployed that system, it's likely to be very difficult to backtrack, adjust, or reset the trust relationships that you've designed."

Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, kernel, liblouis, qemu-kvm, sssd, and thunderbird), Debian (heimdal and nova), openSUSE (shibboleth-sp), Oracle (java-1.7.0-openjdk), Red Hat (Red Hat OpenShift Enterprise), Scientific Linux (openafs), SUSE (kernel), and Ubuntu (rsync).

The LWN.net Weekly Edition for December 7, 2017 is available.

Voice computing has long been a staple of science fiction, but it hasonly relatively recently made its way into fairly common mainstream use.Gadgets like mobile phones and "smart" home assistant devices (e.g. Amazon Echo, Google Home)have brought voice-based user interfaces to the masses. The voiceprocessing for those gadgets relies on various proprietary services "in thecloud", which generally leaves the free-software world out in the cold.There have been FOSS speech-recognition efforts overthe years, but Mozilla's recentannouncement of the release of its voice-recognition code and voicedata set should help further the goal of FOSS voice interfaces.

As all Python developers discover sooner or later, Python is a rapidlyevolving language whose community occasionally makes changes that can breakexisting programs. The switch to Python 3 is the most prominentexample, but minor releases can include significant changes as well. TheCPython interpreter can emit warnings for upcoming incompatible changes,giving developers time to prepare their code, but those warnings aresuppressed and invisible by default. Work is afoot to make them visible,but doing so is not as straightforward as it might seem.

Linux containers are something of an amorphous beast, at least withrespect to the kernel. There are lots of facilities that the kernelprovides (namespaces, control groups, seccomp, and so on) that can becomposed by user-space tools into containers of various shapes andcolors; the kernel is blissfully unaware of how user space views thatcomposition. But there is interest in having the kernel be more aware ofcontainers and for it to be able to distinguish what user space considersto be a single container. One particular use case for the kernel managingcontainer identifiers is the auditsubsystem, which needs unforgeable IDs for containers that can beassociated with audit trails.

The Debian project has announced the launch of sources.debian.org, a site thatenables browsing of the source code for every package shipped with theDebian distribution. "You may already know this service aspreviously hosted at sources.debian.net . We took the move to Debianhardware as the opportunity to officially announce it here."

Security updates have been issued by CentOS (samba4), Mageia (libxcursor and libxfont/libxfont2), openSUSE (exim, GraphicsMagick, graphviz, pdns, and pdns-recursor), Oracle (firefox and liblouis), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), SUSE (firefox, shibboleth-sp, and xen), and Ubuntu (linux-firmware).

The quest to find a free-softwarereplacement for the QuickBooks accounting tool continues. In this episode,your editor does his best to put Tryton through its paces. Running Trytonproved to be a trying experience, though; this would not appear to be theaccounting tool we are searching for.

Stable kernels 4.14.4, 4.9.67, 4.4.104, and 3.18.86 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (libextractor), Fedora (java-9-openjdk, kernel, python, and qt5-qtwebengine), Oracle (sssd and thunderbird), Red Hat (firefox, liblouis, and sssd), Scientific Linux (firefox, liblouis, and sssd), and Ubuntu (libxml2).

Stephen Diehl looks backat what happened in Haskell during the past year."Haskell has had a great year and 2017 was defined by vast quantities of new code, including 14,000 new Haskell projects on Github . The amount of writing this year was voluminous and my list of interesting work is eight times as large as last year. At least seven new companies came into existence and many existing firms unexpectedly dropped large open source Haskell projects into the public sphere. Driven by a lot of software catastrophes, the intersection of security, software correctness and formal methods have been become quite an active area of investment and research across both industry and academia. It’s really never been an easier and more exciting time to be programming professionally in the world’s most advanced (yet usable) statically typed language."

Mozilla has announcedthe initial releases from its "Project DeepSpeech" and "Project CommonVoice" efforts. "I’m excited to announce the initial release ofMozilla’s open source speech recognition model that has an accuracyapproaching what humans can perceive when listening to the samerecordings. We are also releasing the world’s second largest publiclyavailable voice dataset, which was contributed to by nearly 20,000 peopleglobally."

The kernel's module mechanism allows the building of a kernel with a widerange of hardware and software support without requiring that all of thatcode actually be loaded into any given running system. The availability of all ofthose modules in a typical distributor kernel means that a lot of featuresare available — but also, potentially, a lot of exploitable bugs. Therehave been numerous cases where the kernel's automatic module loader hasbeen used to bring buggy code into a running system. An attempt to reducethe kernel's exposure to buggy modules shows how difficult some kinds ofhardening work can be.

Security updates have been issued by Arch Linux (cacti, curl, exim, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, lib32-libxcursor, libcurl-compat, libcurl-gnutls, libofx, libxcursor, procmail, samba, shadowsocks-libev, and thunderbird), Debian (tor), Fedora (kernel, moodle, mupdf, python-sanic, qbittorrent, qpid-cpp, and rb_libtorrent), Mageia (git, lame, memcached, nagios, perl-Catalyst-Plugin-Static-Simple, php-phpmailer, shadowsocks-libev, and varnish), openSUSE (binutils, libressl, lynx, openssl, tor, wireshark, and xen), Red Hat (thunderbird), Scientific Linux (kernel, qemu-kvm, and thunderbird), SUSE (kernel, ncurses, openvpn-openssl1, and xen), and Ubuntu (curl, evince, and firefox).

The second 4.15 kernel prepatch is out fortesting. "One thing I'll point out is that I'm trying to get some kernel ASLRleaks plugged, and as part of that we now hash any pointers printed by'%p' by default. That won't affect a lot of people, but where it is adebugging problem (rather than leaking interesting kernel pointers),we will have to fix things up."

Version 2.0of the Django web framework has been released. This version dropssupport for Python 2.x, and adds a long list of new features; see theannouncement for details.

In his linux.conf.au2017 talk [YouTube] on the eBPF in-kernel virtual machine, Brendan Greggproclaimed that "super powers have finally come to Linux". GettingeBPF to that point has been a long road of evolution and design. WhileeBPF was originally used for network packet filtering, it turns outthat running user-space code inside a sanity-checking virtual machineis a powerful tool for kernel developers and production engineers.Over time, new eBPF users have appeared to take advantage of itsperformance and convenience. This article explains how eBPF evolvedhow it works, and how it is used in the kernel.

We were sad to encounter theannouncement that Linux Journal will be shutting down."The simple fact is that we’ve run out of money, and options alongwith it. We never had a wealthy corporate parent or deep pockets of ourown, and that made us an anomaly among publishers, from start tofinish. While we got to be good at flying close to the ground for a longtime, we lost what little elevation we had in November, when the scalefinally tipped irrevocably to the negative." Linux Journal was out there tracking what was happening in ourcommunity long before anybody else; it will be missed.

Security updates have been issued by Debian (curl, libxml2, optipng, and sox), Fedora (kernel, mediawiki, moodle, nodejs-balanced-match, nodejs-brace-expansion, and python-werkzeug), openSUSE (optipng), Oracle (kernel and qemu-kvm), Red Hat (kernel, kernel-rt, qemu-kvm, and qemu-kvm-rhev), SUSE (kernel), and Ubuntu (thunderbird).