From the 4.0 dept.:
Linus: "So I decided to release 4.0 as per the normal schedule, because there
really weren't any known issues, and while I'll be traveling during
the end of the upcoming week due to a college visit, I'm hoping that
won't affect the merge window very much. We'll see.
Linux 4.0 was a pretty small release both in linux-next and in final
size, although obviously "small" is all relative. It's still over 10k
non-merge commits. But we've definitely had bigger releases (and
judging by linux-next v4.1 is going to be one of the bigger ones)."
From the Oopsie dept.:
Google on Saturday let a digital certificate expire that was used to secure its smtp.google.com domain, the domain used by Gmail and Google Apps users to send outgoing email.
The certificate was issued by Google Internet Certificate Authority G2, which issues digital certificates for Google web sites and properties.
From the Grading dept.:
At his blog, cryptographer Matt Green announced that the Open Crypto Audit project's review of the now-abandoned TrueCrypt encryption tool is complete, and that "based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances."
From the Inconceivable! dept.:
The CIA led sophisticated intelligence agency efforts to undermine the encryption used in Apple phones, as well as insert secret surveillance back doors into apps, top-secret documents published by the Intercept online news site have revealed.
The newly disclosed documents from the National Security Agencyâs internal systems show surveillance methods were presented at its secret annual conference, known as the "jamboree".
From the Bugs dept.:
Amazon Web Services and Rackspace are warning their customers of upcoming reboots theyâre taking to address a new Xen hypervisor security issue.
In a premium support bulletin issued Thursday night, Amazon said fewer than 10 percent of all EC2 instances will require work but the affected instances must be updated by March 10. Rackspace also notified customers of the issue, which will affect a subset of a portion of its First and Next Generation Cloud Servers, Thursday night. Later on Friday, Linode also warned users of an upcoming Xen-related reboot.
From the Not Buffering.... dept.:
It's a good day for proponents of an open internet: The Federal Communications Commission just approved its long-awaited network neutrality plan, which reclassifies broadband internet as a Title II public utility and gives the agency more regulatory power in the process. And unlike the FCC's last stab at net neutrality in 2010, today's new rules also apply to mobile broadband. FCC Chairman Tom Wheeler laid out the basic gist of the plan earlier this month -- it'll ban things like paid prioritization, a tactic some ISPs used to get additional fees from bandwidth-heavy companies like Netflix, as well as the slowdown of "lawful content." But now Wheeler's vision is more than just rhetoric; it's something the FCC can actively enforce.
From the Backdoor dept.:
The US National Security Agency (NSA) has infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades, according to an analysis by Kaspersky Labs.
From the You First dept.:
You may never have to reboot your Linux machine ever again, even for kernel patching," and excerpts from the long (and nicely human-readable) description of newly merged kernel code that does what Ksplice has for quite a while (namely, offer live updating for Linux systems, no downtime required), but without Oracle's control. It provides a basic infrastructure for function "live patching" (i.e. code redirection), including API for kernel modules containing the actual patches, and API/ABI for userspace to be able to operate on the patches (look up what patches are applied, enable/disable them, etc). It's relatively simple and minimalistic, as it's making use of existing kernel infrastructure (namely ftrace) as much as possible. It's also self-contained, in a sense that it doesn't hook itself in any other kernel subsystem (it doesn't even touch any other code). It's now implemented for x86 only as a reference architecture, but support for powerpc, s390 and arm is already in the works (adding arch-specific support basically boils down to teaching ftrace about regs-saving).
From the Arm Wrestling dept.:
Over 720,000 Android Wear devices shipped in 2014 out of a total of 4.6 million smart wearable bands. Though the Moto 360 remained supply constrained through Q4, Motorola was the clear leader among Android Wear vendors. LGâs round G Watch R performed significantly better than its original G Watch, while Asus and Sony entered the market with their own Android Wear devices. Pebble meanwhile shipped a total of 1 million units from its 2013 launch through to the end of 2014. Continual software updates, more apps in its app store and price cuts in the fall helped maintain strong sales in the second half of the year. âSamsung has launched six devices in just 14 months, on different platforms and still leads the smart band market. But it has struggled to keep consumers engaged and must work hard to attract developers while it focuses on Tizen for its wearables.â said Canalys VP and Principal Analyst Chris Jones.
From the Hemi dept.:
Coming in at the same $35 price-point that has come to be expected from the Raspberry Pi, it looks like the new Model 2 will be packing a quad-core ARM processor with a GB of RAM. From the article: "The Raspberry Pi Foundation is likely to provoke a global geekgasm today with the surprise release of the Raspberry Pi 2 Model B: a turbocharged version of the B+ boasting a new Broadcom BCM2836 900MHz quad-core system-on-chip with 1GB of RAM â all of which will drive performance "at least 6x" that of the B+.
The easiest desktop operating system to use of all may be Ubuntu.
At first glance, there's little new in the next version of Ubuntu Linux. Under the hood, it's a different story.
HP reaffirms its commitment to its OpenStack-powered Helion public cloud.
From the ... back. Again. dept.:
Do you want a top-notch Linux developer laptop? Then Dell has several systems for you to consider.
From the Updates dept.:
An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.
The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed "Ghost" by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What's more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.
From the Google, Windows, or Security? dept.:
Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft's Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought.
Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix.
HP has invested billions in its cloud offerings. Now, out of the blue sky, HP is leaving the public cloud business behind.
Thanks to CoreOS, Kubernetes, Google's secret sauce for managing containers on its clusters, is on its way to your data center.
Ubuntu takes another step forward as a cloud operating system by incorporating Chef support into its enterprise Linux distributions.