Hírolvasó

The mainline kernel has just received a set of commits mitigating the latest x86 hardware vulnerability, known as "branch history injection". From this commit:

Branch History Injection (BHI) attacks may allow a malicious application to influence indirect branch prediction in kernel by poisoning the branch history. eIBRS isolates indirect branch targets in ring0. The BHB can still influence the choice of indirect branch predictor entry, and although branch predictor entries are isolated between modes when eIBRS is enabled, the BHB itself is not isolated between modes.

See this commit for documentation on the command-line parameter that controls this mitigation. There are stable kernel releases (6.8.5, 6.6.26, 6.1.85, and 5.15.154) in the works that also contain the mitigations.

On February 20, Linaro held the initial get-together for what is intended to be a regular Linux Kernel Forum for the Arm-focused kernel community. This gathering aims to convene approximately a few weeks prior to the merge window opening and prior to the release of the current kernel version under development. Topics covered in the first gathering include preparing 64-bit Arm kernels for low-end embedded systems, memory errors and Compute Express Link (CXL), devlink objectives, and scheduler integration.

Version 3.3.0 of the OpenSSL SSL/TLS implementation has been released. Changes include a number of additions to its QUIC protocol support, some year-2038 improvements for 32-bit systems, and a lot of cryptographic features with descriptions like "Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes." See the release notes for details.

There are many mechanisms for deferred work in the Linux kernel. One of them, workqueues, has seen increasing use as part of the move away from software interrupts. Alison Chaiken gave a talk at SCALE about how they compare to software interrupts, the new challenges they pose for system administrators, and what tools are available to kernel developers wishing to diagnose problems with workqueues as they become increasingly prevalent.

Security updates have been issued by Debian (expat), Oracle (less and nodejs:20), Slackware (libarchive), SUSE (kubernetes1.23, nghttp2, qt6-base, and util-linux), and Ubuntu (python-django).

Elindult az Apple lokátorához hasonló Google-készülékkereső hálózat.

A tegnapi napfogyatkozás látható nyomot hagyott a netes forgalomban egész Észak-Amerikában.

Több mint 1,2 millió követője volt egy hamis AI-szolgáltatással rászedő oldalnak, ami után gombamód nőtt ki egy másik.

Fokozódhat a nagy cégek közti feszültség a legújabb feltáró riport után.

Legalábbis a Microsoft szerint. A cég szerint idén a Qualcomm olyat gurít majd, amit mindenki megirigyelhet.

Az eladások ismét a pandémia előtti szinten állnak, de Kína továbbra is szenved.

It's been 20 years since the first undeadly.org post appeared.

At that point in our history, we had been enjoying frequent updates to the OpenBSD Journal at the deadly.org site for more than four years, and most of us thought it was an April's Fool prank when the the editors announced that they were ceasing publication, effective immediately on April 1st, 2004.

Fortunately, Daniel Hartmeier quickly realized the announcement was not a joke, and went to work on a functionally equivalent CGI binary written in C and negotiated to take over the archive of existing articles. The rescued (resurrected?) site went live at undeadly.org on April 9th, 2004.

At the time, the eagerly anticipated upcoming release was OpenBSD 3.5 (which we covered on April 30th of that year). As the release song strongly hints, the introduction of the CARP redundancy protocol was a major item in that release. The release also introduced the OpenBSD/amd64 platform, and included a number of improvements in hardware support and security, with privilege separation introduced in several daemons and important utilities. All the details can be had at the OpenBSD 3.5 release page.

It's been 20 years, what have we got to show for it?

We hope you have been enjoying the site's updates, and we hope that undeadly.org has been a positive factor in promoting all things OpenBSD. The site and its editors have every intention of going on running the site.

If you want to help out, please submit items about OpenBSD that you find noteworthy.

We value your submissions even more than your comments.

All the best from the undeadly.org editors.

Version 4.2.0 of the Rivendell radio automation system has been released. Changes include a new data feed for 'next' data objects, improvements to its podcast system, numerous bug fixes, and more.

The Google Open Source Blog is carrying an announcement for a new JPEG library called "Jpegli". There are a number of advantages claimed, including:

Jpegli can be encoded with 10+ bits per component. Traditional JPEG coding solutions offer only 8 bit per component dynamics causing visible banding artifacts in slow gradients. Jpegli's 10+ bits coding happens in the original 8-bit formalism and the resulting images are fully interoperable with 8-bit viewers. 10+ bit dynamics are available as an API extension and application code changes are needed to benefit from it.

The library is BSD-licensed.

Sometimes the smallest patches create the biggest discussions. A case in point would be the process by which the PostgreSQL community — not a group normally prone to extended, strongly worded megathreads — resolved the question of whether to merge a brief patch adding a new configuration parameter. Sometimes, a proposal that looks like a security patch is not, in fact, intended to be a security patch, but getting that point across can be difficult.

Version 2.4.0 of the GNU Stow symbolic-link manager has been released. This marks the first release for GNU Stow since 2019. Maintainer Adam Spires wrote:

I would like to sincerely apologise to all Stow users for this incredibly overdue release, the cadence of which is perhaps vaguely reminiscent of releases by the great Donald Knuth, except with none of the grace and deliberate planning.

Spires notes that this release "makes considerable efforts to make the internals more understandable and easy to maintain", and has put out a call for a co-maintainer.

Security updates have been issued by Debian (jetty9, libcaca, libgd2, tomcat9, and util-linux), Fedora (chromium, micropython, and upx), Mageia (chromium-browser-stable, dav1d, libreswan, libvirt, nodejs, texlive-20220321, and util-linux), Red Hat (less, nodejs:20, and varnish), Slackware (tigervnc), and SUSE (buildah, c-ares, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, curl, expat, go1.21, go1.22, guava, helm, indent, krb5, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, libcares2, libvirt, ncurses, nghttp2, podman, postfix, python-Django, python-Pillow, python310, qemu, rubygem-rack, thunderbird, ucode-intel, and xen).

The 6.9-rc3 kernel prepatch is out for testing.

Ok, so this rc3 looks a bit different than the usual ones, because there's a large series to bcachefs to do filesystem repair after corruption. Not normally something we'd see in an rc kernel, but hey, if you had a corrupted bcachefs filesystem you'd probably want this, and if you thought bcachefs was stable already, I have a bridge to sell you. Special deal only for you, real cheap.

A Shutterstock az összes nagyobb AI-üzemeltetőt ráengedi a képi adatbázisára.

A tesztelési időszak után elindult a lejátszási lista készítői AI-funkció szélesebb körű bevezetése.