As has recently been announced on the main kernel.org page, the main kernel.org server (known as “hera”) was recently compromised by an unknown intruder. This person was able to gain “root” access, meaning they had the full run of the system. Speaking as just one of many members of the kernel development community, I can say that this episode is disturbing and embarrassing. But I can also say that there is no need to worry about the integrity of the kernel source or of any other software hosted on the kernel.org systems.
Kernel.org is, of course, the home for the Linux kernel. Many other projects live there as well. On the face of it, that would make kernel.org a tempting target for an attack. What self-respecting cracker wouldn’t want an opportunity to place some special code into the Linux kernel? Such code would, over time, find its way into millions of machines worldwide. The injection of backdoors or other malware is a concern for any software maintainer – open source or otherwise – but it turns out that we are well protected against that sort of attack. If kernel developers worked by shipping simple files of source code around, they might well be vulnerable to malware added by an intruder. But that is not how kernel development is done. The code for the kernel (and for many other projects) is managed with the “git” source code management system. And git does not allow the code to be modified by third parties without people knowing about it.
It’s worth taking a moment to look at how that works. A cryptographic “hashing function” is a mathematical formula which boils the contents of a file down to a small number. “Small” is relative; git’s hash function produces 160-bit numbers, which are quite big by…
The main kernel.org page is currently
carrying a notice that the site has suffered a security breach.
“Earlier this month, a number of servers in the kernel.org
infrastructure were compromised. We discovered this August 28th. While we
currently believe that the source code repositories were unaffected, we are
in the process of verifying this and taking steps to enhance security
across the kernel.org infrastructure.” As the update mentions,
there’s little to be gained by tampering with the git repositories there
anyway.
Syllable OS lead developer Kaj de Vos has been interviewed by Techworld Australia. The full Q&A is also available (via Slashdot).
“My neighbor, Steve Jobs, has been in the news lately. The talk of the town is the recent announcement he will be stepping aside to let other seeds grow at Apple. The business press, the general press, the blogosphere, and just about everybody else has waxed poetic about the ‘greatest CEO of all time’ saying that this ‘boy wonder’ has shaped the very nature of our lives with his genius. It’s all true, but here in Palo Alto, Steve Jobs isn’t just an icon, he’s also the guy who lives down the street.” I like stories that put a human being behind a public figure. As much as I dislike Apple’s recent policies, Jobs is still just a regular person, like all of us. It’s easy to forget that when you’re sitting behind a glass desk 4000 kilometres away.
Over the past few days, Microsoft has been talking about improvements made to Windows 8 on its ‘Building Windows 8′ blog at MSDN. Strangely enough, the improvements mentioned were either dealing with the classic desktop, or were demonstrated using the classic desktop – and not the fancy Metro user interface which is supposed to be Windows 8′s big new thing. Today’s post finally gives a little more detail about how the classic and Metro UI work together, but questions still remain.
It will come as no surprise to regular LWN readers that the patent situation
for mobile Linux (and mobile devices in general) is an enormous mess. Open
Invention Network CEO Keith Bergelt spoke at LinuxCon to outline how he
sees the current landscape and to impart some thoughts on where he sees
things going from here. In addition, he described several ways that the
community can get involved to help beat back the patent threat, which is
most prominent in the mobile space, but certainly not limited to that
particular sphere.
There are new Firefox and SeaMonkey releases available; they remove
trust from DigiNotar certificates. Expect a bunch of distributor updates
shortly. One should also expect “untrusted certificate” warnings when
going to sites using DigiNotar certificates, though, one assumes, those
sites are scrambling for quick replacements.
Debian has updated ca-certificates
(evicting DigiNotar).
Fedora has updated xen (F15:
denial of service),
pidgin (F15: upgrade to 2.10.0,
apparently to get a bunch of proactive fixes for potential buffer overflows), and
freetype (F14: code execution via
hostile font file).
SUSE has updated vpnc (SLED10, SLED11: remote command injection).
Opera is a full-featured Internet tool, most
notably a fully standard conforming Web browser.
Opera includes pop-up blocking, tabbed browsing,
integrated searches, and advanced functions like a
password manager, mouse gestures, native Scalable
Vector Graphics (SVG) support, an email program,
RSS newsfeeds, and IRC chat. It is designed to be
fast and highly customizable.
Changes: A large number of minor bugs were fixed, including several crashes.
Release Tags: Stable, Minor bugfixes
Tags: Internet, Web, Browsers
Licenses: Other
Tor is a network of virtual tunnels that allows people and
groups to improve their privacy and security on the Internet.
It also enables software developers to create new
communication tools with built-in privacy features. It
provides the foundation for a range of applications that allow
organizations and individuals to share information over
public networks without compromising their privacy.
Individuals can use it to keep remote Websites from tracking
them and their family members. They can also use it to
connect to resources such as news sites or instant
messaging services that are blocked by their local Internet
service providers (ISPs).
Changes: This is the first stable release in the 0.2.2 branch. This release features improved client performance and hidden service reliability, better compatibility for Android, correct behavior for bridges that listen on more than one address, more extensible and flexible directory object handling, better reporting of network statistics, improved code security, and many other features and bugfixes.
Tags: Internet, Proxy Servers, Communications, Security, Networking, Utilities
Licenses: BSD Revised
The GNOME NetworkManager is a set of co-operative
tools that make networking simple and
straightforward. Whether wireless or wired,
NetworkManager allows you to quickly move from one
network to another: once a network has been
configured and joined once, it can be detected and
re-joined automatically at a later date. It was
designed to auto-detect as much information as
possible, seamlessly switches connections when
necessary, and provides immediate feedback of the
network state to users and applications. It
utilizes D-Bus and HAL.
Changes: Support was added for Fast User Switching. A new permissions model was introduced. Configuration was simplified. A more flexible API for new network applets was introduced, allowing for connectivity detection, portal auto-login, tied VPN connections, proxy and firewall handling, and much more. Support was added for Intel WiMAX devices for access to 4G WiMAX networks, and for optimized WiFi roaming through wpa_supplicant background scanning and nl80211. GObject Introspection support was added for libnm-util and libnm-glib. NetworkManager is now more friendly to embedded environments.
Release Tags: Stable, Major feature enhancements
Tags: Desktop Environment, tools, Networking, Installation/Setup, Internet
Licenses: GPLv2
