Hírolvasó

The SUSE Security Team Blog is carrying a detailed article on SUSE's review of the KDE6 release.

The SUSE security team restricts the installation of system wide D-Bus services and Polkit policies in openSUSE distributions and derived SUSE products. Any package that ships these features needs to be reviewed by us first, before it can be added to production repositories.

In November, openSUSE KDE packagers approached us with a long list of KDE components for an upcoming KDE6 major release. The packages needed adjusted D-Bus and Polkit whitelistings due to renamed interfaces or other breaking changes. Looking into this many components at once was a unique experience that also led to new insights, which will be discussed in this article.

Security updates have been issued by Debian (py7zr), Fedora (biosig4c++ and podman), Oracle (kernel, kernel-container, and ruby:3.1), Red Hat (.NET 7.0, bind9.16, curl, expat, grafana, grafana-pcp, kernel, kernel-rt, kpatch-patch, less, opencryptoki, and postgresql-jdbc), and Ubuntu (cacti).

The first stable release of Redict, a fork of the Redis in-memory database under a copyleft license, has been announced.

You may be wondering why Redict would be of interest to you, particularly when compared with Valkey, another Redis fork that was announced on Thursday.

In technical terms, we are focusing on stability and long-term maintenance, and on achieving excellence within our current scope. We believe that Redict is near feature-complete and that it is more valuable to our users if we take a conservative stance to innovation and focus on long-term reliability instead. This is in part a choice we've made to distinguish ourselves from Valkey, whose commercial interests are able to invest more resources into developing more radical innovations, but also an acknowledgement of a cultural difference between our projects, in that the folks behind Redict place greater emphasis on software with a finite scope and ambitions towards long-term stability rather than focusing on long-term growth in scope and complexity.

Instant, mindenféle fióktól mentes hozzáférést jelentett be az OpenAI.

Az idei év lesz a mélypont, már ami az öntödei üzletágban keletkező működési veszteséget illeti.

A Telekom után a másik nagy szolgáltató is belép a másodlagos piacra.

A dolgozók a magáncélra használt eszközökön továbbra is használhatják a generatív MI-szolgáltatást, de a hivatali gépeken nem.

Úgy tűnik, az AltStore lesz az, amit először használhatnak széles körben az európai iPhone-osok.

Versions 5.6.0 and 5.6.1 of the XZ compression utility and library were shipped with a backdoor that targeted OpenSSH. Andres Freund discovered the backdoor by noticing that failed SSH logins were taking a lot of CPU time while doing some micro-benchmarking, and tracking down the backdoor from there. It was introduced by XZ co-maintainer "Jia Tan" — a probable alias for person or persons unknown. The backdoor is a sophisticated attack with multiple parts, from the build system, to link time, to run time.

A common theme in early-days anti-Linux FUD was that, since anybody can contribute to the code, it cannot be trusted. Over two decades later, one rarely hears that line anymore; experience has shown that free-software communities are not prone to shipping overtly hostile code. But, as the backdooring of XZ has reminded us, the embedding of malicious code is, unfortunately, not limited to the proprietary realm. Our community will be busy analyzing this incident for some time to come, but clear conclusions may be hard to come by.

Security updates have been issued by Fedora (kernel and webkitgtk), Mageia (unixODBC and w3m), and SUSE (libvirt, netty, netty-tcnative, and perl-DBD-SQLite).

RIP, Google Podcasts!

Kiderültek az inkognitó mód félrevezető működése miatt indított, csoportos perben elért megállapodás részletei.

Viszonylag korán sikerült felfedni az XZ Utilsba csomagolt backdoort.

Tisztességtelen kereskedelmi gyakorlat tilalmának feltételezett megsértése miatt indul az újabb kör vizsgálat.

Tükrözve az Európai Unió szabályozóinak tett vállalást a Microsoft világszerte szétválasztja termékeit.

At SCALE this year Dan Schatzberg and Tejun Heo, both from Meta, gave back-to-back talks about some of the performance-engineering work that they do there. Schatzberg presented on the extensible BPF scheduler, which has been discussed extensively on the kernel mailing list. Heo presented on IOCost — a control group (cgroup) I/O controller optimized for solid-state disks (SSDs) — and the benchmark suite that is necessary to make it work well on different models of disk.

Version 10.0 of the NetBSD system has been released.

The netbsd-10 release branch is more than a year old now, so it is high time the 10.0 release makes it to the front stage. This matches the long time it took for the development branch to get ready for branching, a lot of development went into this new release.

This also caused the release announcement to be one of the longest we ever did.

As might be imagined, there are a lot of changes; see the above-mentioned release announcement for the details.

Security updates have been issued by Arch Linux (xz), Debian (libvirt, mediawiki, util-linux, and xz-utils), Fedora (apache-commons-configuration, cockpit, ghc-base64, ghc-hakyll, ghc-isocline, ghc-toml-parser, gitit, gnutls, pandoc, pandoc-cli, patat, podman-tui, prometheus-podman-exporter, seamonkey, suricata, and xen), Gentoo (XZ utils), Mageia (aide & mhash, emacs, microcode, opensc, and squid), Red Hat (ruby:3.1), and SUSE (kanidm and qpid-proton).

The 6.9-rc2 kernel prepatch is out for testing. "Neither snow nor rain nor heat nor gloom of night stays kernel rc releases. Nor does Easter."