Julia 1.0 Released, 2018 State of Rust Survey, Samsung Galaxy Note 9 Launches Today, Margaret Dawson of Red Hat Named Business Role Model of the Year in Women in IT Awards and Creative Commons Awarded $800,000 from Arcadia

News briefs for August 9, 2018.

Julia 1.0 made
its debut
yesterday—the “culmination of nearly a decade of
work to build a language for greedy programmers”. The language’s
goal: “We want a language that’s open source, with a liberal license. We
want the speed of C with the dynamism of Ruby. We want a language that’s
homoiconic, with true macros like Lisp, but with obvious, familiar
mathematical notation like Matlab. We want something as usable for general
programming as Python, as easy for statistics as R, as natural for string
processing as Perl, as powerful for linear algebra as Matlab, as good at
gluing programs together as the shell. Something that is dirt simple to
learn, yet keeps the most serious hackers happy. We want it interactive and
we want it compiled.” You can download it here.

The Rust Community announced the 2018 State
of Rust Survey
, and they want your opinions to help them
establish future development priorities. The survey should take 10–15 minutes
to complete, and is available here.
And, you can see last year’s results here.

Samsung Galaxy Note 9 launches today at 11am ET. You can watch the
spectacle via Android
Central
, which will be streaming the live event.

Margaret Dawson, Vice President, Portfolio Product Marketing
at Red Hat, was named Business Role Model of the Year at the inaugural Women
in IT Awards USA
. The awards were organized by Information Age
to “redress the gender imbalance by showcasing the achievements of women in
the sector and identifying new role models”.

Creative
Commons was awarded $800,000
from Arcadia (a charitable fund of
Lisbet Rausing and Peter Baldwin) to support CC Search, which is “a Creative Commons
technology project designed to maximize discovery and use of openly licensed
content in the Commons”. CC Search, along with Commons Metadata Library and
the Commons API, plans to form the Commons Collaborative Archive and Library,
a suite of tools that will “make the global commons of openly licensed content
more searchable, usable, and resilient, and to provide essential
infrastructure for collaborative online communities”.

Source: Linux Journal

Astronomy on KDE

I recently switched to KDE and Plasma as my main desktop environment, so I
thought I’d start digging into some of the scientific software available on KDE.
First up is KStars, the desktop astronomy program.

KStars probably
won’t be installed with the standard KDE desktop, so you may need to install it. If
you’re using a Debian-based distribution, you can install KStars with the following
command:


sudo apt-get install kstars

When you first start it, KStars asks for your current location, and then it
gives you the option of installing several extra information files to add to
the list of objects that KStars knows about and can display. Once those steps are
finished,
KStars begins with the current sky at the location you entered earlier.

Figure 1. On startup, KStars shows you the current layout of the sky in your
location.

So, what can you do with KStars? If you’ve used programs like Stellarium before, you’ll
find that you can do the same types of tasks with KStars. You can use your
mouse to click and drag the display to change the direction you’re facing. The
cardinal directions are labeled along the outside of the circle of the sky, and you can
zoom in and out to change the field of view. If you see an object you want to examine
further, you can
double-click it to center it on the display and tag it as the current object of
interest.

Depending on what catalogs of data you installed, some of the objects
may have more or less information available. For example, selecting the planet
Uranus and zooming all the way in shows a reasonably detailed image of the planet,
including the ring orientation.

Figure 2. You can easily select and zoom in to objects of interest in KStars.

Quite a few options are available for
controlling what’s shown in the main window. The toolbar across the top of the window
allows you to toggle the following items: stars, deep sky objects, solar system objects,
supernovae, satellites, constellation lines, constellation names, constellation art,
constellation boundaries, Milky Way, equatorial coordinate grid, horizontal coordinate
grid and opaque ground. This allows you to customize the display so that it shows
only what you’re interested in at the time. The last display option is to toggle the “What’s
Interesting” pane.

Source: Linux Journal

LibreOffice 6.1 Now Available, Facebook Open-Sourcing Fizz, Firefox Advance Is Latest Test Pilot Experiment, Dart 2.0 Stable Released and KDE Neon Bionic Preview Images Available for Testing

News briefs for August 8, 2018.

The
Document Foundation announced
this morning that LibreOffice 6.1 is now
available. This is the second major release of the 6 family, and it has many
new features, such as Colibre (a new icon theme for Windows), a reworked
image handling feature, an improved EPUB export filter, improvements in all
modules of LibreOffice Online and much more. See this video for more on all
the new features. You can download LibreOffice 6.1 from here.

Facebook
announced
it is open-sourcing Fizz, a “robust, highly performant TLS
library written in C++ 14”. In addition, Facebook says that “Fizz now handles
millions of TLS 1.3 handshakes every second. We believe this makes it the
largest deployment of TLS 1.3—and early (0-RTT) data—on the
internet.” Fizz is now available on GitHub, and Facebook
hopes that open-sourcing it will “help speed up deployment of TLS 1.3 across the internet and help
others make their apps and services faster and more secure”.

Firefox’s latest Test
Pilot Experiment called Advance
is now available. Mozilla writes that
with Advance, “you can explore more of the web efficiently, with real-time
recommendations based on your current page and your most recent web history.”
Advance is a Web Extension that “works by analyzing content
you’re into right now in order to provide recommendations based on what
you may want to ‘Read Next’ through a sidebar in the browser.” You can
download it from here.

Google announced the release
of Dart 2 stable
yesterday, including a rewrite of the Dart web platform.
According to Google, “Dart 2 marks the rebirth of Dart as a mainstream
programming language focused on enabling a fast development and great user
experiences for mobile and web applications.” See the GitHub
page

for all the changes.

KDE
neon Bionic Preview images are now available
for testing. You can
download the ISO images from here and provide
feedback in the forum.

Source: Linux Journal

Good Lockdown vs. Bad

There’s an ongoing series of skirmishes between corporations who want to sell
products that users don’t fully control and the kernel developers who want
users to be the highest authority. Sometimes these skirmishes manifest in
the form of security patches intended to lock down the kernel. Do they lock
down the kernel against outside attackers? Or do they lock down the kernel
against change from anyone at all, including the user who owns the
device?

David Howells recently pushed a patch out of the
linux-next, submitting it
for inclusion in the main source tree. As he put it, the patch “adds kernel
lockdown support for EFI secure boot”. And a man page included in the patch
said:

The Kernel Lockdown feature is designed to prevent both direct and
indirect access to a running kernel image, attempting to protect against
unauthorized modification of the kernel image and to prevent access to
security and cryptographic data located in kernel memory, whilst still
permitting driver modules to be loaded.

The patch gave birth to an odd debate, but a familiar one by now. Matthew
Garrett
, ultimately the main proponent of the patch, kept defending it on
technical grounds that Linus Torvalds felt were meaningless and dishonest,
hiding a secret agenda that included helping companies like
Microsoft lock
users out of making changes to their own systems.

Andy Lutomirski was another critic of Matthew’s defense of the patch. The
debate circled around and around, with Linus and Andy trying to get Matthew
to admit the true motivation they believed he had and Matthew attempting to
give solid reasons why the patch should go into the kernel. Things got ugly.

James Morris initially accepted the patch, planning to send it up to Linus
for inclusion, and Andy reviewed the code. Among his comments, Andy said
the goal of the patch was not clearly stated. He said for the purpose of his
code review he would assume the goal was to prevent the root user from either
reading kernel memory or intentionally corrupting the kernel.

But, he didn’t think those were proper goals for a kernel, even a UEFI Secure
Boot
kernel. He said, “the kernel should try to get away from the idea that
UEFI Secure Boot should imply annoying restrictions. It’s really annoying
and it’s never been clear to me that it has a benefit.” He singled out the
idea of preventing the root user from accessing kernel memory as one of
these annoying restrictions.

Kees Cook replied with his overall justification for this
patch. He said:

Source: Linux Journal

SegmentSmack Kernel Bug Discovered, Android 9 Pie Now Available, Google’s August Security Bulletin for Android, Kernel 4.19 to Get STACKLEAK Feature and GNOME Releases Keysign 0.9.8

News briefs for August 7, 2018.

Security researchers have discovered a bug in kernel 4.9 called
SegmentSmack. Red
Hat comments
that “a remote attacker could use this flaw
to trigger time and calculation expensive calls to tcp_collapse_ofo_queue()
and tcp_prune_ofo_queue() functions by sending specially modified packets
within ongoing TCP sessions which could lead to a CPU saturation and hence
a denial of service on the system”. There’s no known workaround other than a fixed kernel at
this time. See also the story
on ZDNet
for more
information.

Android 9 “Pie” was
released yesterday. Android 9 uses AI to help it adapt to your preferences
as you use it. Other new features include an adaptive battery, gesture
navigation and tools to help you see how much time you’re spending on your
phone.

Google also released its August
security bulletin for Android
yesterday, and the most severe issue
“is a critical vulnerability that could enable a remote attacker
using a specially crafted file to execute arbitrary code within the context
of a privileged process”.

The upcoming 4.19 kernel will be getting the STACKLEAK feature, Phoronix
reports
. STACKLEAK provides further security as it “wipes out
the kernel stack before returning from system calls. By clearing the kernel
stack, it reduces possible leakage and can block some possible attack
vectors, including stack clash attacks and uninitialized stack variable
attacks.”

GNOME
Keysign 0.9.8
has been released. This update fixes several bugs and
now includes Bluetooth support so you can exchange keys without a network
connection. The app is also now on Flathub, and you can install it from here.

Source: Linux Journal

#geeklife: weBoost 4G-X OTR Review

Will a cellular booster help me stay connected on my epic working
road trip?

I’m a Linux geek, and I think I safely can assume everyone reading an article
in Linux Journal identifies themselves as Linux geeks as well.
Through
the years I’ve written about many of my geeky projects here in Linux
Journal
, such as my Linux-powered beer fermentation fridge or my 3D
printer that’s remotely controlled using a Raspberry Pi and Octoprint
software. The thing is, my interests don’t stop strictly at Linux,
and I doubt yours do either. While my homebrewing, 3D printing and
(more recently) RV interests sometimes involve Linux, often they don’t,
yet my background means I’ve taken a geek’s perspective and approach
to all of those interests. I imagine you take a similar approach to
your hobbies and side projects, and readers would find some of those
stories interesting, useful and inspirational.

We discussed this at Linux Journal and realized there should be a
space for Linux geeks to tell their geeky stories even if they don’t
directly involve Linux. This new series, #geeklife, aims to provide a
place where Linux geeks can talk about interests and projects even
if they might not be strictly Linux-related. We invite you to send proposals
for #geeklife articles to ljeditor@linuxjournal.com.

For this first #geeklife article, I’m telling the story of a geeky,
connected working road trip I just took in my RV, and within that context,
I also review a particular piece of hardware I hoped would make the trip possible,
the weBoost Drive
4G-X OTR
. In the interest of full disclosure, Wilson
Electronics provided me with this review unit, and I did not purchase
it independently.

Working Remotely

My job is 100% remote. It took me many years of braving multi-hour
California Bay Area commutes and turning down opportunities to
find a job where I finally could work completely from home. Smart
organizations are finally beginning to realize the many
advantages to having a remote workforce,
but I’ve found it works best if you have the right team,
the right tools and the bulk of the workforce is remote. When everyone is
distributed, everyone relies on the incredible modern collaboration tools
currently available, and you have focus and incredible productivity
when you need it while still being able to communicate with your peers.

My wife is a freelance writer and has worked from her home office long
before I also worked from home. Once I also landed a job where I was
completely remote, we posed the following question to ourselves: in
theory, we could work from anywhere with a decent internet connection,
but in practice, is that really something we could do? What would that
kind of working trip look like?

Source: Linux Journal

Thunderbird 60.0 Released, Lenovo Now in LVFS, Netrunner Rolling 2018.08 Now Available, HP Printer Security Vulnerabilities and New SteamOS Brewmaster Beta Update

News briefs for August 6, 2018.

Thunderbird
60.0 was released today
. You can download the new version from here (note, this is a direct
download, not an
upgrade). Changes include improvements for dealing with attachments, new light
and dark themes, WebExtension themes are now enabled, several new calendar
features and much more.

Richard Hughes welcomes
Lenovo to the LVFS
(Linux Vendor Firmware Service). He writes that he and
Peter Jones “have been working with partners of Lenovo and the
ThinkPad, ThinkStation and ThinkCenter groups inside Lenovo to get automatic
firmware updates working across a huge number of different models of
hardware.” And also that “Bringing Lenovo to the LVFS has been a lot of work.
It needed changes to the low level fwupdate library, fwupd, and even the LVFS
admin portal itself for various vendor-defined reasons.”

Netrunner
Rolling 2018.08 is now available
. Main updates include KDE Plasma 5.13.3,
KDE Frameworks 5.48, KDE Applications 18.04, Qt 5.11.1, Linux Kernel 4.17
Firefox Quantum 61.0 and much more. You can get the new release here.

More than 100 models of HP printers have critical vulnerabilities, ZDNet
reports
. From HP’s security bulletin: “Two security vulnerabilities have
been identified with certain HP Inkjet printers. A maliciously crafted file
sent to an affected device can cause a stack or static buffer overflow, which
could allow remote code execution.” To see the list of affected printers and
links to the patches, go here.

A new SteamOS beta update for the Brewmaster release is now available.
According to GamingOnLinux, “it’s not technically a major update in terms of
the overall system, it’s still rather mighty where it counts”. Updates include
Linux kernel 4.16, Mesa 18.1.5 with LLVM 7.0 snapshot and NVIDIA drivers
396.45.

Source: Linux Journal

Why the Failure to Conquer the Desktop Was Great for GNU/Linux

AI: open source’s next big win.

Canonical recently launched Ubuntu 18.04 LTS. It’s an
important release. In part, that’s because Canonical will
support it for five years, making it one of the relatively rare LTS products in Ubuntu’s history.
Ubuntu 18.04 also marks a high-profile return to GNOME as the default
desktop, after a few years of controversial experimentation with Unity.
The result is regarded by many as the best desktop Ubuntu so far (that’s my
view too, for what it’s worth). And yet, the emphasis at launch lay elsewhere. Mark
Shuttleworth, CEO of Canonical and founder of Ubuntu, said:

Multi-cloud operations are the new normal. Boot-time and
performance-optimised images of Ubuntu 18.04 LTS on every major public
cloud make it the fastest and most efficient OS for cloud computing,
especially for storage and compute-intensive tasks like machine
learning.

The bulk of the
official 18.04 LTS announcement
is about Ubuntu’s cloud
computing
features. On the main web site, Ubuntu claims
to be “The standard
OS for cloud computing
“, citing (slightly old) research
that shows “70% of public cloud workloads and 54% of OpenStack
clouds” use it. Since Canonical is a privately held company,
it doesn’t publish a detailed breakdown of its operations, just a
basic summary
. That means it’s hard to tell just how successful
the cloud computing strategy is proving. But, the fact that Shuttleworth
is now openly talking about an IPO
—not something to be undertaken
lightly—suggests that there is enough good news to convince
investors to throw plenty of money at Canonical when the prospectus
spells out how the business is doing.

Source: Linux Journal

New EdgeX Foundry “California” Released, Rust v. 1.28.0 Now Available, Humble Bundle’s Sports Bundle Has Games for Linux, Firefox 63 Will Have Out-of-Process Extensions for Linux and an Update on EFF’s Respects Your Freedom Certification Program

News briefs for August 3, 2018.

The Linux Foundation’s EdgeX Foundry announced its second major release,
“California”
. This new release of the EdgeX IoT middleware for edge
computing adds security features, such as reverse proxy and secure credentials
storage. In addition, it has been rewritten in Go, which makes it possible to
run on the Raspberry Pi 3, the official target platform for California.

The Rust programming language announced new version 1.28.0 stable
yesterday. New features include global allocators allowing you to change the
way memory is obtained, improved error messaging for formatting, library
stabilizations and more. See the release
notes on GitHub
for more information.

Humble Bundle has released a new Humble Sports Bundle that includes several
games for Linux if you pay more than the lowest tier, GamingOnLinux
reports. The games include Motorsport Manager, DiRT Rally,
Super Blood Hockey and 75% off Football Manager 2018. You
can check
out the Bundle here.

Firefox 63, which is due to be released later this year, will have
out-of-process extensions for Linux. According to
OMG Ubuntu
, once it’s turned on, all new WebExtensions that you add to
your browser will run in their own dedicated processes, which means if one
crashes, it won’t take your entire browser with it. This feature is already
available for Windows and macOS Firefox users.

The EFF
announces
that its Respects Your Freedom
certification program continues to grow. The most recent additions were the
Zerocat
Chipflasher
and Minifree Libreboot X200 Tablet (both certified in May
2018), and there currently are around 50 more devices working
their way through the certification program.

Source: Linux Journal

Extending Landlocked Processes

Mickaël Salaün posted a patch to improve communication
between landlocked processes. Landlock is a security module that creates an isolated “sandbox”
where a process is prevented from interacting with the rest of the system,
even if that process itself is compromised by a hostile attacker. The
ultimate goal is to allow regular user processes to isolate themselves in
this way, reducing the likelihood that they could be an entry point for an
attack against the system.

Mickaël’s patch, which didn’t get very far in the review process, aimed
specifically at allowing landlocked processes to use system calls to
manipulate other processes. To do that, he wanted to force the landlocked
process to obey any constraints that also might apply to the target process.
For example, the target process may not allow other processes to trace its
execution. In that case, the landlocked process should be prevented from
doing so.

Andy Lutomirski looked at the patch and offered some technical suggestions,
but on further reflection, he felt Mickaël’s approach was too complicated. He
felt it was possible that the patch itself was simply unnecessary, but that
if it did have a value, it simply should prevent any landlocked process from
tracing another process’ execution. Andy pointed to certain kernel features
that would make the whole issue a lot more problematic. He said, “If
something like Tycho’s notifiers goes in, then it’s not obvious that, just
because you have the same set of filters, you have the same privilege.
Similarly, if a feature that lets a filter query its cgroup goes in (and you
proposed this once!), then the logic you implemented here is wrong.”

Andy’s overall assessment of landlock was, “I take this as further evidence
that Landlock makes much more sense as part of seccomp than as a totally
separate thing. We’ve very carefully reviewed these things for seccomp.
Please don’t make us do it again from scratch.”

But Mickaël felt that landlock did have some valid use cases Andy hadn’t
mentioned—for example, “running a container constrained with some Landlock
programs”. Without his patch, Mickaël felt it would be impossible for users
in that situation to debug their work. As he put it, “This patch adds the
minimal protections which are needed to have a meaningful Landlock security
policy. Without it, they may be easily bypassable, hence useless.”

And as for folding landlock into seccomp, Mickaël replied, “Landlock is more
complex than seccomp, because of its different goal. seccomp is less
restrictive because it is more simple.”

Source: Linux Journal