Backlogs in bug triage, code review, and other elements of the development
process are nothing new for free-software projects; there is clearly a lot
more interest in creating new features (and the bugs that go with them, of
course) than in taki…
[$] A look forward to Linux Plumbers 2021
The annual Linux Plumbers Conference (LPC) is a gathering of a relatively
small subset of the developers working on the low-level (plumbing) details
of Linux systems. It covers topics from below the kernel through the user-space
components that…
Security updates for Friday
Security updates have been issued by Arch Linux (chromium, curl, impacket, jdk11-openjdk, jre-openjdk, jre-openjdk-headless, jre11-openjdk-headless, kernel, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, …
Security updates for Thursday
Security updates have been issued by Debian (pillow and redis), Fedora (kernel-headers, kernel-tools, kernelshark, libbpf, libtraceevent, libtracefs, nextcloud, and trace-cmd), Gentoo (chromium and singularity), Mageia (kernel, kernel-linus, and…
[$] The Sequoia seq_file vulnerability
A local root hole in the Linux kernel, called Sequoia, was disclosed
by Qualys on July 20. A full system compromise is possible until
the kernel is patched (or mitigations that may not be fully effective are applied). At
its core, the vul…
[$] Tor gets financial support for Arti development
There is a lot of buzz around the Rust programming language these
days—which strikes some folks as irritating, ridiculous, or both. But the
idea of a low-level language that can replace C, with
fewer built-in security pitfalls, is
attractive f…