Tutanota, the First Encrypted Email Service with an App on F-Droid (Linux Journal)

Here’s a
Linux Journal article
from one of the creators of the Tutanota
encrypted email client. “That’s why we decided to build Tutanota: a secure email service that is so easy to use, everyone can send confidential email, not only the tech-savvy. The entire encryption process runs locally on users’ devices, and it’s fully automated. The automatic encryption also enabled us to build fully encrypted email apps for Android and iOS.

Finally, end-to-end encrypted email is starting to become the standard: 58% of all email sent from Tutanota already are end-to-end encrypted, and the percentage is constantly rising.“

Source: LWN

Security updates for Thursday

Security updates have been issued by Debian (dnsruby, gnulib, and jekyll), Fedora (calamares, fawkes, git, kernel-headers, librime, and pdns), openSUSE (ImageMagick), Oracle (kernel), Scientific Linux (glusterfs, kernel, and nss), Slackware (git), SUSE (ImageMagick), and Ubuntu (tomcat7, tomcat8).

Source: LWN

[$] A status update for virgl

At the 2018 X.Org Developers
Conference
, Elie Tournier gave an update on the state of the Virgil (or virgl) virtual 3D GPU for
QEMU. He looked at the project’s history along with what has
happened with it over the last year or so. As is usual in a status update
talk, he finished with some thoughts about future plans for virgl. For the
last year, Tournier has been working on virgl for Collabora.

Source: LWN

Control Flow Integrity in the Android kernel (Android Developers)

The Android Developers Blog describes
the control-flow integrity work
that is shipping on the Pixel 3
handset. “LLVM’s CFI implementation adds a check before each
indirect branch to confirm that the target address points to a valid
function with a correct signature. This prevents an indirect branch from
jumping to an arbitrary code location and even limits the functions that
can be called. As C compilers do not enforce similar restrictions on
indirect branches, there were several CFI violations due to function type
declaration mismatches even in the core kernel that we have addressed in
our CFI patch sets for kernels 4.9 and 4.14.

Source: LWN

Microsoft joins Open Invention Network

Microsoft has announced
that it has joined the Open Invention Network (OIN). “We know Microsoft’s decision to join OIN may be viewed as surprising to some, as it is no secret that there has been friction in the past between Microsoft and the open source community over the issue of patents. For others who have followed our evolution as a company, we hope this will be viewed as the next logical step for a company that is listening to its customers and is firmly committed to Linux and other open source programs.

Source: LWN

Security updates for Wednesday

Security updates have been issued by Arch Linux (patch), CentOS (firefox, glusterfs, kernel, and nss), Debian (net-snmp), Oracle (firefox, glusterfs, kernel, and nss), Red Hat (glusterfs, kernel, and nss), Scientific Linux (firefox), SUSE (kernel), and Ubuntu (webkit2gtk).

Source: LWN

[$] Advances in Mesa continuous integration

Continuous integration (CI) has become increasingly prevalent in open-source
projects over the last few years. Intel has been active in building CI
systems for graphics, both for the kernel
side
and for the Mesa-based
user-space side of the equation. Mark Janes and Clayton Craft gave a
presentation on Intel’s Mesa CI system at the 2018 X.Org Developers
Conference
(XDC), which was held in A Coruña, Spain in late September.
The Mesa CI system is one of the earliest successful CI initiatives in open
source that he
knows of, Janes said. It is a core component of Mesa development,
especially at Intel.

Source: LWN

Gregg: bpftrace (DTrace 2.0) for Linux 2018

Brendan Gregg introduces
the bpftrace tracing tool. “bpftrace was created as an even
higher-level front end for custom ad-hoc tracing, and can serve a similar
role as DTrace. We’ve been adding bpftrace features as we need them, not
just because DTrace had them. I can think of over a dozen things that
DTrace can do that bpftrace currently cannot, including custom aggregation
printing, shell arguments, translators, sizeof(), speculative tracing, and
forced panics
.”

Source: LWN