Linux Mint 19 "Tara" Cinnamon Beta Released, GNU Linux-libre 4.17-gnu Kernel Now Available, NVIDIA Isaac Launches and More

2 weeks 3 days ago

News briefs for June 4, 2018.

Linux Mint 19 "Tara" Cinnamon BETA released today. Version 19 is a long-term release with support until 2023. New features include Timeshift, a new welcome screen and a revamped software manager. See the Release Notes for more info about the release and important links. And remember, this is a BETA release, so use it only for testing and be sure to report bugs to the Linux Mint team.

GNU Linux-libre 4.17-gnu kernel, which removes all non-free components from Linux, is now available. See the announcement for all the details.

NVIDIA today announced the availability of NVIDIA Isaac. Isaac is "a new platform to power the next generation of autonomous machines, bringing artificial intelligence capabilities to robots for manufacturing, logistics, agriculture, construction and many other industries." At the heart of Isaac is NVIDIA Jetson Xavier, "an AI computer for autonomous machines, delivering the performance of a GPU workstation in an embedded module under 30W."

Helm became its own standalone project last week, TechCrunch reports. Previously, it was a subproject of Kubernetes, but it's now a separate program as it doesn't always follow the same release schedule as Kubernetes. Helm allows you to package up a set of requirements into "charts", so you can repeat the installation process in a consistent way, this helps developers "benefit from the community, who could build Charts for common installation scenarios".

FreeBSD 11.2-RC1 is now available. This is the first RC build of the 11.2 release cycle, it includes a "fix to flush caches before initiating a microcode update on Intel CPUs", "Wake On LAN features for Ice Lake and Cannon Lake devices has been activated" and more.

News Distributions Linux Mint GNU Linux NVIDIA AI Kubernetes Cloud FreeBSD
Jill Franklin

An Inside Look at OpenStack Security Efforts

2 weeks 3 days ago

eSecurityPlanet: OpenStack is a widely deployed open-source cloud platform, but isn't necessarily secure by default. Learn what leading OpenStack experts said is needed to help make your cloud secure.

Loading Arbitrary Executables as Kernel Modules

2 weeks 3 days ago
by Zack Brown

Alexei Starovoitov posted some patches to allow the kernel to load regular ELF binaries (aka plain executables) as kernel modules. These modules would be able to run user-mode helper routines instead of being absolutely confined to kernel space.

Alexei listed a variety of benefits for this. For one thing, as a user process, an ELF-based module could crash without bringing down the rest of the kernel. And although the ELF modules would run with root privileges, he said that a security breach would not lead directly into accessing the kernel's inner workings, but at least initially would be confined to userspace. The ELF module also could be terminated by the out-of-memory (OOM) killer, in case of need, or ended directly by a human administrator. It additionally would be feasible to subject ELF-based modules to regular userspace debugging and profiling, using the vast array of tools available for that.

Initially there were various technical questions and criticisms, but no one spoke out immediately against it. Linus Torvalds said he liked the feature, but he wanted one change: to make the type of module visible in the system logs. He said:

When we load a regular module, at least it shows in lsmod afterwards, although I have a few times wanted to really see module load as an event in the logs too. When we load a module that just executes a user program, and there is no sign of it in the module list, I think we *really* need to make that event show to the admin some way.

And he said specifically, "I do *not* want this to be a magical way to hide things."

Andy Lutomirski raised a pertinent question: why not just retool the modprobe program to handle ELF binaries as desired, rather than doing anything with kernel code at all? In other words, why couldn't this feature be implemented entirely outside the kernel?

But Linus replied:

The less we have to mess with user-mode tooling, the better.

We've been *so* much better off moving most of the module loading logic to the kernel, we should not go back in the old broken direction.

I do *not* want the kmod project that is then taken over by systemd, and breaks it the same way they broke firmware loading.

Keep modprobe doing one thing, and one thing only: track dependencies and mindlessly just load the modules. Do *not* ask for it to do anything else.

Right now kmod is a nice simple project. Lots of testsuite stuff, and a very clear goal. Let's keep kmod doing one thing, and not even have to care about internal kernel decisions like "oh, this module might not be a module, but an executable".

Go to Full Article
Zack Brown

Microsoft Reportedly Acquires GitHub

2 weeks 4 days ago

Today Bloomberg reports GitHub was acquired by Microsoft, the announcement being made as early as Monday. "GitHub preferred selling the company to going public and chose Microsoft partially because it was impressed by Chief Executive Officer Satya Nadella, said one of the people, who asked not to be identified discussing private information." Bloomberg goes on to say, "Terms of the agreement weren’t known on Sunday. GitHub was last valued at $2 billion in 2015."

Microsoft, who was once generally opposed to open-source development, is now one of the biggest contributors to GitHub. 

Story developing.

Updated 4:48am GMT June 3, 2018

For those interested, we're compiling a list of some open-source GitHub alternatives. Please write others in the comment section. We'll update the story as verified alternatives come in.

Updated 3:37pm GMT June 4, 2018

Microsoft Acquires GitHub For $7.5 Billion.



Microsoft GitHub
Carlie Fairchild