From the Bugs dept.:
Amazon Web Services and Rackspace are warning their customers of upcoming reboots theyâre taking to address a new Xen hypervisor security issue.
In a premium support bulletin issued Thursday night, Amazon said fewer than 10 percent of all EC2 instances will require work but the affected instances must be updated by March 10. Rackspace also notified customers of the issue, which will affect a subset of a portion of its First and Next Generation Cloud Servers, Thursday night. Later on Friday, Linode also warned users of an upcoming Xen-related reboot.
From the Not Buffering.... dept.:
It's a good day for proponents of an open internet: The Federal Communications Commission just approved its long-awaited network neutrality plan, which reclassifies broadband internet as a Title II public utility and gives the agency more regulatory power in the process. And unlike the FCC's last stab at net neutrality in 2010, today's new rules also apply to mobile broadband. FCC Chairman Tom Wheeler laid out the basic gist of the plan earlier this month -- it'll ban things like paid prioritization, a tactic some ISPs used to get additional fees from bandwidth-heavy companies like Netflix, as well as the slowdown of "lawful content." But now Wheeler's vision is more than just rhetoric; it's something the FCC can actively enforce.
From the Backdoor dept.:
The US National Security Agency (NSA) has infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades, according to an analysis by Kaspersky Labs.
From the You First dept.:
You may never have to reboot your Linux machine ever again, even for kernel patching," and excerpts from the long (and nicely human-readable) description of newly merged kernel code that does what Ksplice has for quite a while (namely, offer live updating for Linux systems, no downtime required), but without Oracle's control. It provides a basic infrastructure for function "live patching" (i.e. code redirection), including API for kernel modules containing the actual patches, and API/ABI for userspace to be able to operate on the patches (look up what patches are applied, enable/disable them, etc). It's relatively simple and minimalistic, as it's making use of existing kernel infrastructure (namely ftrace) as much as possible. It's also self-contained, in a sense that it doesn't hook itself in any other kernel subsystem (it doesn't even touch any other code). It's now implemented for x86 only as a reference architecture, but support for powerpc, s390 and arm is already in the works (adding arch-specific support basically boils down to teaching ftrace about regs-saving).
From the Arm Wrestling dept.:
Over 720,000 Android Wear devices shipped in 2014 out of a total of 4.6 million smart wearable bands. Though the Moto 360 remained supply constrained through Q4, Motorola was the clear leader among Android Wear vendors. LGâs round G Watch R performed significantly better than its original G Watch, while Asus and Sony entered the market with their own Android Wear devices. Pebble meanwhile shipped a total of 1 million units from its 2013 launch through to the end of 2014. Continual software updates, more apps in its app store and price cuts in the fall helped maintain strong sales in the second half of the year. âSamsung has launched six devices in just 14 months, on different platforms and still leads the smart band market. But it has struggled to keep consumers engaged and must work hard to attract developers while it focuses on Tizen for its wearables.â said Canalys VP and Principal Analyst Chris Jones.
From the Hemi dept.:
Coming in at the same $35 price-point that has come to be expected from the Raspberry Pi, it looks like the new Model 2 will be packing a quad-core ARM processor with a GB of RAM. From the article: "The Raspberry Pi Foundation is likely to provoke a global geekgasm today with the surprise release of the Raspberry Pi 2 Model B: a turbocharged version of the B+ boasting a new Broadcom BCM2836 900MHz quad-core system-on-chip with 1GB of RAM â all of which will drive performance "at least 6x" that of the B+.
From the ... back. Again. dept.:
From the Updates dept.:
An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.
The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed "Ghost" by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What's more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.
From the Google, Windows, or Security? dept.:
Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft's Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought.
Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix.
From the What time is it? dept.:
Here is a CERT advisory warning of a number of code-execution vulnerabilities in the network time protocol (NTP) implementation. "These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available." Most distributors already have updates available; applying them seems like a good idea.
But 88 percent of hiring managers report that it's "very difficult" or "somewhat difficult" to find qualified candidates.
With the new Linux 4.0 kernel, you'll need to reboot Linux less often than ever.
From the More, Faster dept.:
he PostgreSQL Global Development Group announces the release of PostgreSQL 9.4, the latest version of the world's leading open source database system. This release adds many new features which enhance PostgreSQL's flexibility, scalability and performance for many different types of database users, including improvements to JSON support, replication and index performance.
Intelligence agencies do more than just spy on you in the cloud. Some, like the CIA, use the cloud for their own purposes.
Can a Linux company and a networking power join forces to make an open-source cloud and software defined network that's good enough for telecommunications data-centers? Canonical and Juniper think so.
Red Hat's OpenShift Commons invites open-source programmers and users to work on its OpenShift Platform-as-a-Service cloud.
From the Why not both? dept.:
Streem is a concurrent scripting language based on a programming model similar to shell, with influences from Ruby, Erlang and other functional programming languages.
Google won't confirm it, but it's clear that there's a new version of the Chromebook Pixel on its way.
Linus Torvalds has decided to move the Linux kernel release from 3.19.x to 4.0 more from whimsy then from a serious need.
Ubuntu Linux aims to become the glue that holds the Internet of Things together with its new partnerships.