Hírolvasó
Eclipse Foundation announces collaboration for CRA compliance
The Eclipse Foundation, the organization behind the Eclipse IDE and many other software projects, announced a collaboration between several different open-source-software foundations to create a specification describing secure software development best practices. This work is motivated by the European Union's Cyber Resilience Act (CRA).
The leading open source communities and foundations have for years developed and practised secure software development processes. These are processes that have often defined or set industry best practices around things such as coordinated disclosure, peer review, and release processes. These processes have been documented by each of these communities, albeit sometimes using different terminology and approaches. We hypothesise that the cybersecurity process technical documentation that already exists amongst the open source communities can provide a useful starting point for developing the cybersecurity processes required for regulatory compliance.(Thanks to Martin Michlmayr.)
FFmpeg 7.0 released
Security updates for Friday
Első helyre repítette a Samsungot a Galaxy S24
Akár meg is sérthette az OpenAI a YouTube szabályzatát
Itt az Apple újabb nagy rejtélyes ötlete a lefújt elektromos autó után
Olcsón megúszta a TSMC a tajvani földrengést
Dobják egy német tartományban a Microsoftot a Linuxért
Eljő az első AI programozó, káprázat netán absztrakció?
OpenBSD 7.5 released
The OpenBSD project has released OpenBSD 7.5, the project's 56th release, with numerous improvements and support for 14 hardware platforms.
Notable enhancements and new features include
- clang(1)/llvm updated to version 16 [see earlier report]
- malloc(3) leak detection now supports backtraces [see earlier report]
- syscall(2) has been removed [see earlier report]
- TSO for em(4) [see earlier report]
- KMS for Apple silicon machines
- pinsyscalls(2) and related work [see earlier report]
- Soft updates (softdep) support removed [see earlier report]
- New wi-fi driver qwx(4) [see earlier report]
- New code for SIGILL faults to help identify misbranches [see earlier report]
- New wi-fi driver mwx(4) [see earlier report]
- IPv6 support in ppp(4) [see earlier report]
- Improved auto-index in httpd(8) [see commit]
- Updated versions of LibreSSL (version 3.9.0). OpenSSH (version 9.7), OpenSMTPD (version 7.5), rpki-client and more
All this along with added support for various new hardware, numerous performance improvements and of course security enhancements.
See the OpenBSD 7.5 release page for a more detailed list, or the daily changelog for even more day to day detail.
As usual, the Installation Guide details how to get the system up and running with a fresh install, while those who already run earlier releases should follow the Upgrade Guide, in most cases using sysupgrade(8) to upgrade their systems.
In addition to the base system, the new release comes with a number of prebuilt packages. The number of binary packages available for the more popular architectures are:
amd64: 12309
aarch64: 12145
i386: 10830
sparc64: 9432
Thanks to the developers for all the great work!
And to all OpenBSD users: Happy hacking!
Stable kernels 6.8.4 and 6.6.25
V8 incorporates new sandbox
V8, the JavaScript engine used in Chrome, announced that its memory sandbox is no longer experimental.
Chrome 123 could therefore be considered to be a sort of "beta" release for the sandbox. This blog post uses this opportunity to discuss the motivation behind the sandbox, show how it prevents memory corruption in V8 from spreading within the host process, and ultimately explain why it is a necessary step towards memory safety.[$] A focus on FOSS funding
Among the numerous approaches to funding the development and advancement of open-source software, corporate sponsorship in the form of donations to umbrella organizations is perhaps the most visible. At SCALE21x in Pasadena, California, Duane O'Brien presented a slice of his recent research into the landscape of such sponsorship arrangements, with an overview of the identifiable trends of the past ten years and some initial insights he hopes are valuable for sponsors and community members alike.