LWN.net

Registration for Linux Plumbers Conference is now open

jake — 2017-04-14T21:42:59+00:00

Registration for the 2017 Linux Plumbers Conference is now open. "Registration prices and cutoff dates are published in the ATTEND page of the web site. A reminder that we are following a quota system to release registration slots. Therefore the early registration rate will remain in effect until early registration closes on June 18 2017, or the quota limit (150) is reached, whatever comes earlier." LPC will be held in Los Angeles, CA, US on 13-15 September in conjunction with The Linux Foundation Open Source Summit.

Security updates for Friday

jake — 2017-04-14T15:38:18+00:00

Security updates have been issued by Oracle (kernel) and Slackware (bind).

The new Fedora Project mission statement

corbet — 2017-04-14T15:17:32+00:00

The Fedora Project has come up with a new mission statement: "Fedora creates an innovative platform that lights up hardware, clouds, and containers for software developers and community members to build tailored solutions for their users." See the full text for a description of what it means and how they arrived at it.

[$] New approaches to network fast paths

corbet — 2017-04-13T18:52:22+00:00

With the speed of network hardware now reaching 100 Gbps and distributed denial-of-service (DDoS) attacks going in the Tbps range, Linux kernel developers are scrambling to optimize key network paths in the kernel to keep up. Many efforts are actually geared toward getting traffic out of the costly Linux TCP stack. We have already covered the XDP (eXpress Data Path) patch set, but two new ideas surfaced during the Netconf and Netdev conferences held in Toronto and Montreal in early April 2017.

Ubuntu 17.04 (Zesty Zapus) released

jake — 2017-04-13T15:56:44+00:00

The most recent version of the Ubuntu Linux distribution, 17.04 or Zesty Zapus, has been released with multiple flavors (Kubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, Xubuntu, and the most recent addition, Ubuntu Budgie) and several editions (server, desktop, cloud). "Under the hood, there have been updates to many core packages, including a new 4.10-based kernel, and much more. Ubuntu Desktop has seen incremental improvements, with newer versions of GTK and Qt, updates to major packages like Firefox and LibreOffice, and stability improvements to Unity. Ubuntu Server 17.04 includes the Ocata release of OpenStack, alongside deployment and management tools that save devops teams time when deploying distributed applications - whether on private clouds, public clouds, x86, ARM, or POWER servers, z System mainframes, or on developer laptops. Several key server technologies, from MAAS to juju, have been updated to new upstream versions with a variety of new features." See the release notes for more information.

Security updates for Thursday

jake — 2017-04-13T14:00:36+00:00

Security updates have been issued by CentOS (389-ds-base, httpd, kernel, libreoffice, tomcat, and util-linux), Fedora (libpng15, php-horde-Horde-Crypt, and python-sleekxmpp), openSUSE (gimp, lxc, and phpMyAdmin), Oracle (389-ds-base, httpd, kernel, libreoffice, tomcat, and util-linux), Red Hat (389-ds-base, flash-plugin, httpd, libreoffice, python-defusedxml and python-pysaml2, tomcat, and util-linux), Scientific Linux (389-ds-base, httpd, kernel, libreoffice, tomcat, and util-linux), and SUSE (bind and flash-player).

[$] LWN.net Weekly Edition for April 13, 2017

corbet — 2017-04-13T01:25:47+00:00

The LWN.net Weekly Edition for April 13, 2017 is available.

Anbox - Android in a Box

ris — 2017-04-12T19:35:54+00:00

Simon Fels introduces his Anbox (Android in a Box) project, which uses LXC containers to bring Android applications to your desktop. "Anbox uses Linux namespaces (user, network, cgroup, pid, ..) to isolate the Android operating system from the host. For Open GL ES support Anbox takes code parts from the Android emulator implementation to serialize the command stream and send it over to the host where it is mapped on existing Open GL or Open GL ES implementations." Anbox is still pre-alpha so expect crashes and instability.

[$] Network security in the microservice environment

corbet — 2017-04-12T19:31:39+00:00

We have seen that a microservice architecture is intimately tied to the use of a TCP/IP network as the interconnecting fabric, so when Bernard Van De Walle from Aporeto gave a talk at CloudNativeCon and KubeCon Europe 2017 on why we shouldn't bother securing that network, it seemed a pretty provocative idea.

Nginx 1.12 Released

ris — 2017-04-12T19:27:08+00:00

The Nginx web server version 1.12 has been released, "incorporating new features and bug fixes from the 1.11.x mainline branch - including variables support and other improvements in the stream module, HTTP/2 fixes, support for multiple SSL certificates of different types, improved dynamic modules support, and more." The changelog has more details.

Silber: A new vantage point

corbet — 2017-04-12T16:57:10+00:00

Jane Silber announces the end of her tenure as CEO of Canonical. "Over the next three months I will remain CEO but begin to formally transfer knowledge and responsibility to others in the executive team. In July, Mark [Shuttleworth] will retake the CEO role and I will move to the Canonical Board of Directors. In terms of a full-time role, I will take some time to recharge and then seek new challenges."

[$] A report from Netconf: Day 2

corbet — 2017-04-12T16:46:34+00:00

This article covers the second day of the informal Netconf discussions, held on on April 4, 2017. Topics discussed this day included the binding of sockets in VRF, identification of eBPF programs, inconsistencies between IPv4 and IPv6, changes to data-center hardware, and more.

Stable kernel updates

ris — 2017-04-12T15:43:58+00:00

Greg KH has released stable kernels 4.10.10, 4.9.22, and 4.4.61. All of them contain important fixes and users should upgrade.

Security updates for Wednesday

ris — 2017-04-12T15:39:27+00:00

Security updates have been issued by Debian (bouncycastle), Fedora (flatpak), openSUSE (php7 and slrn), Oracle (389-ds-base and kernel), Red Hat (kernel and kernel-rt), Scientific Linux (389-ds-base and kernel), SUSE (xen), and Ubuntu (dovecot).

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2) (Project Zero)

corbet — 2017-04-11T23:21:49+00:00

Here's the second part in the detailed Google Project Zero series on using the Broadcom WiFi stack to compromise the host system. "In this post, we’ll explore two distinct avenues for attacking the host operating system. In the first part, we’ll discover and exploit vulnerabilities in the communication protocols between the Wi-Fi firmware and the host, resulting in code execution within the kernel. Along the way, we’ll also observe a curious vulnerability which persisted until quite recently, using which attackers were able to directly attack the internal communication protocols without having to exploit the Wi-Fi SoC in the first place! In the second part, we’ll explore hardware design choices allowing the Wi-Fi SoC in its current configuration to fully control the host without requiring a vulnerability in the first place."