logo
logo
logo
logo
Abhishek Kashyap 2021-11-06

Fair Usage Digital Copy, also known as FUD, is a name that might interest you if you are looking for computer security.

Hackers use FUD as an antivirus protection tool to steal sensitive data from computers.

It was developed back in the 1990s and it was made possible through the implementation of the Linux kernel, a free operating system.

With the invention of the Linux-based operating system, it became feasible for FUD to be developed as well.

collect
0
Rex Canale 2018-01-02
img

Google's $1,000 laptop usually runs Chrome OS, but with the latest Fuchsia builds, you can swap out the browser-based OS for Google's experimental operating system.

The development documents describe the OS as targeting "modern phones and modern personal computers," which would seemingly put it in competition with both of Google's existing OSes.

Everything is up in the air given the early state of the project, but it seems like a from-scratch rewrite of a modern operating system.

The OS doesn't use the Linux kernel—Fuchsia uses a Google-developed microkernel formerly called "Magenta" and currently called "Zircon."

The "Escher" renderer is written in the Vulkan graphics API, and seems custom-built to run Google's shadow-heavy Material Design interface guidelines.

Apps are written in Google's "Flutter" SDK, which produces cross-platform code that also runs on Android and iOS.

collect
0
William Carter 2016-08-22
img

The vast majority of contributions come from paid developers

The Linux kernel was born on August 25, 1991. Credit: The Linux Foundation

The Linux kernel is improving faster than ever, gaining 7.8 patches per hour and 4,600 lines of new code every day.

Entitled Linux kernel development -- how fast it is going, who is doing it, what they are doing, and who is sponsoring it, the report is the seventh the nonprofit has published on the topic in roughly as many years.

This year s paper covers work completed through Linux kernel 4.7, with an emphasis on releases 3.19 to 4.7.

The last report was released March 2015 and focused on versions 3.11 to 3.18.

collect
0
Michael Fewell 2021-07-12
img

Please ignore pesky AMD GPU hardware description header files, says Linus Torvalds

Linus Torvalds has loosed the first release candidate for version 5.14 of the Linux kernel,…

collect
0
Sean Biro 2018-01-30
img

CPU security issues required the longest Linux kernel development cycle since 2011, as Linus Torvalds releases Linux 4.15

Linus Torvalds released the first new Linux kernel of 2018 on Jan. 28, after the longest development cycle for a new Linux kernel in seven years.

During the release Linux Kernel release cycle, Torvalds typically issues a release candidate once a week, with most cycles including six to eight release candidates.

The Linux 3.1 kernel was delayed in part due to the 2011 hack of the kernel.org development server.

As it turns out, the Linux 4.15 kernel release delay was also due to security related issues.

Linux developers had been quietly working since at least November 2017 on dealing with the Meltdown issue in particular through an effort known as Page Table Isolation (PTI).

collect
0
Frederick Jones 2018-02-05
img

The folk at OpenWall have called for assistance to create a security module to watch Linux kernels for suspicious activity.

In the company's explanation, the Linux Kernel Runtime Guard (LKRG) is described as a module that “attempts to post-detect and hopefully promptly respond to unauthorised modifications to the running Linux kernel (integrity checking) or to credentials (such as user IDs) of the running processes (exploit detection).”

Developed by Adam Zabrocki (@adam_pi3) and now championed by OpenWall, the first cut of the code landed last week.

Announcing our most controversial project ever: Linux Kernel Runtime Guard is an LKM that post-detects kernel exploits https://t.co/ncZibh0MZn

— Openwall (@Openwall) January 29, 2018

It's imperfect for now and OpenWall admits it: “While LKRG defeats many pre-existing exploits of Linux kernel vulnerabilities, and will likely defeat many future exploits (including of yet unknown vulnerabilities) that do not specifically attempt to bypass LKRG, it is bypassable by design (albeit sometimes at the expense of more complicated and/or less reliable exploits).”

collect
0
Bradley Liss 2017-09-17

Adobe's VP of Mobile (and a former intellectual property lawyer) sees "a very possible future where Microsoft doesn't merely accept a peaceful coexistence with Linux, but instead enthusiastically embraces it as a key to its future," noting Microsoft's many Linux kernel developers and arguing it's already innovating around Linux -- especially in the cloud.

An anonymous reader quotes InfoWorld: Even seemingly pedestrian work -- like making Docker containers work for Windows, not merely Linux -- is a big deal for enterprises that don't want open source politics infesting their IT.

Or how about Hyper-V containers, which marry the high density of containers to the isolation of traditional VMs?

That's a really big deal...

Microsoft has started hiring Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and (in mid-2016) Stephen Hemminger... Microsoft now employs 12 Linux kernel contributors.

As for what these engineers are doing, Linux kernel maintainer Greg Kroah-Hartman says, "Microsoft now has developers contributing to various core areas of the kernel (memory management, core data structures, networking infrastructure), the CIFS filesystem, and of course many contributions to make Linux work better on its Hyper-V systems."

collect
0
Edmond Garcia 2016-10-24
img

The technique comes courtesy of a Linux privilege-escalation bug that, as came to light last week, attackers are actively exploiting to hack Web servers and other machines.

Dirty Cow, as some people are calling the vulnerability, was introduced into the core Linux kernel in 2007.

Independent security researcher David Manouchehri told Ars that this proof-of-concept code that exploits Dirty Cow on Android gets devices close to root.

With a few additional lines, Manouchehri's script provides persistent root access on all five of the Android devices he has tested.

Android 1.0 started on Linux kernel version 2.6.25, and this exploit has been around since Linux kernel version 2.6.22."

A separate security researcher who asked to not be identified said he independently developed a separate rooting script.

collect
0
Jerry Anderson 2020-07-13
img

Torvalds worries about compiler bugs: 'Very rare, but incredibly hard to debug'

Rust language team lead Josh Triplett has promised to support its use in the Linux kernel, saying: "I'd be happy to have the Linux kernel feeding into Rust language development priorities. If building Rustic interfaces within the kernel requires some additional language features, we should see what enhancements to the language would best serve those requirements."…

collect
0
Harold Roscoe 2016-12-13

Linux kernel founder Linus Torvalds: "I'm pretty sure this is the biggest release we've ever had"

The Linux kernel has undergone what has been described as its "biggest release" ever, as part of a wide-reaching update.

The release of the Linux 4.9 will bring a range of new features to operating systems based on Linux.

"I'm pretty sure this is the biggest release we've ever had, at least in number of commits," said Linux kernel founder Linus Torvalds, in a post announcing the mammoth release, which spans more than 22 million lines of code.

"If you look at the number of lines changed, we've had bigger releases in the past, but they have tended to be due to specific issues.

In contrast, 4.9 is just big."

collect
0
Rex Canale 2016-08-15
img

Linux kernel dev Christoph Hellwig says court didn't even begin to consider code copying

Linux kernel developer Christoph Hellwig's bid to have VMware's knuckles rapped for breaching the GNU General Public Licence GPL has failed, for now, after the Landgericht Hamburg found in Virtzilla's favour.

The Software Freedom Conservancy backed Hellwig when he alleged that some of his contributions to the Linux kernel have found their way into VMware's very proprietary flagship ESXi product, in a component called vmklinux .

Hellwig and the Conservancy believe that as ESXi includes code licensed under the GPLv2, ESXi should itself be released as open source code under the same licence.

VMware has said it would prefer an amicable end to the case and has moved to have the case dismissed.

Hellwig and the Conservancy pressed on and into court in February 2016.

collect
0
Robert Rock 2017-12-22
img

Linux kernel security biz Grsecurity's defamation lawsuit against open-source stalwart Bruce Perens has been dismissed, although the door remains open for a revised claim.

In June, Perens opined in a blog post that advised companies to avoid Grsecurity's Linux kernel security patches because it might expose them to claims of contributory infringement under the Linux kernel license, GPLv2.

Grsecurity then accused Perens of fearmongering to harm the firm's business, and sued him in July.

On Thursday, the judge hearing the case, San Francisco magistrate judge Laurel Beeler, granted Peren's motion to dismiss the complaint while also denying – for now – his effort to invoke California's anti-SLAPP law.

SLAPP stands for Strategic Lawsuit Against Public Participation, and describes legal complaints aimed at silencing public discourse and free speech.

Many other states and countries have similar laws.

collect
0
Jeff Bautista 2021-04-20
img
Microsoft delivers the latest mainline LTS Linux kernel to WSL2 users.
collect
0
John Salmi 2019-04-17
img

Linux-loving hyperscale types at Euro startup Quobyte have pushed out a plug-in for its Data Centre File System, used in HPC-style workloads, that enables TensorFlow apps to access its files directly instead of having to traipse through the Linux kernel.

TensorFlow machine learning work can be read-intensive with lots of server cores and GPUs needing access to stored file data.

Shaving time off each access by avoiding passing through the Linux kernel storage stack can shorten the time needed for model training and inference.

Kernel bypassing has often been used with applications bound by filesystem and network IO.

WekaIO uses Linux kernel bypass technology to speed its filesystem.

It operates its own RTOS (real time operating system) in Linux user space, not kernel space, and runs its own scheduling and networking stack, with the latter talking directly to the host server's network interface card (NIC) through PCIe virtualisation.

collect
0
Jeremy Green 2018-08-01
img

Linux kernel supremo Linus Torvalds has taken the rare step of reverting a kernel release candidate – after it went sour.

All looked sunny enough on Sunday evening, when he set Linux 4.18-rc7 free to roam: “Unless something odd happens, this should be the last rc for 4.18,” the chief penguinista wrote.

Something odd did, indeed, happen, and after nearly two days of discussion on the Linux Kernel Mailing List, Torvalds made the decision to revert:

I think I'll do an rc8 with the revert, just so that we'll have some time to figure this out.

El Reg took a backwards walk through the mailing list to work out what went wrong – or rather, what primarily went wrong, since there are so many commits since the previous release candidate.

One large headache involves ashmem, an application-level virtual memory area type introduced to the Linux kernel to solve a problem arising from Android's security paranoia.

collect
0
Johnny Ament 2017-11-08

Catalin Cimpanu, reporting for BleepingComputer: USB drivers included in the Linux kernel are rife with security flaws that in some cases can be exploited to run untrusted code and take over users' computers.

The vast majority of these vulnerabilities came to light on Monday, when Google security expert Andrey Konovalov informed the Linux community of 14 vulnerabilities he found in the Linux kernel USB subsystem.

"All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine," Konovalov said.

The 14 flaws are actually part of a larger list of 79 flaws Konovalov found in Linux kernel USB drivers during the past months.

Not all of these 79 vulnerabilities have been reported, let alone patched.

Most are simple DoS (Denial of Service) bugs that freeze or restart the OS, but some allow attackers to elevate privileges and execute malicious code.

collect
0
Abhishek Kashyap 2021-11-06

Fair Usage Digital Copy, also known as FUD, is a name that might interest you if you are looking for computer security.

Hackers use FUD as an antivirus protection tool to steal sensitive data from computers.

It was developed back in the 1990s and it was made possible through the implementation of the Linux kernel, a free operating system.

With the invention of the Linux-based operating system, it became feasible for FUD to be developed as well.

William Carter 2016-08-22
img

The vast majority of contributions come from paid developers

The Linux kernel was born on August 25, 1991. Credit: The Linux Foundation

The Linux kernel is improving faster than ever, gaining 7.8 patches per hour and 4,600 lines of new code every day.

Entitled Linux kernel development -- how fast it is going, who is doing it, what they are doing, and who is sponsoring it, the report is the seventh the nonprofit has published on the topic in roughly as many years.

This year s paper covers work completed through Linux kernel 4.7, with an emphasis on releases 3.19 to 4.7.

The last report was released March 2015 and focused on versions 3.11 to 3.18.

Sean Biro 2018-01-30
img

CPU security issues required the longest Linux kernel development cycle since 2011, as Linus Torvalds releases Linux 4.15

Linus Torvalds released the first new Linux kernel of 2018 on Jan. 28, after the longest development cycle for a new Linux kernel in seven years.

During the release Linux Kernel release cycle, Torvalds typically issues a release candidate once a week, with most cycles including six to eight release candidates.

The Linux 3.1 kernel was delayed in part due to the 2011 hack of the kernel.org development server.

As it turns out, the Linux 4.15 kernel release delay was also due to security related issues.

Linux developers had been quietly working since at least November 2017 on dealing with the Meltdown issue in particular through an effort known as Page Table Isolation (PTI).

Bradley Liss 2017-09-17

Adobe's VP of Mobile (and a former intellectual property lawyer) sees "a very possible future where Microsoft doesn't merely accept a peaceful coexistence with Linux, but instead enthusiastically embraces it as a key to its future," noting Microsoft's many Linux kernel developers and arguing it's already innovating around Linux -- especially in the cloud.

An anonymous reader quotes InfoWorld: Even seemingly pedestrian work -- like making Docker containers work for Windows, not merely Linux -- is a big deal for enterprises that don't want open source politics infesting their IT.

Or how about Hyper-V containers, which marry the high density of containers to the isolation of traditional VMs?

That's a really big deal...

Microsoft has started hiring Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and (in mid-2016) Stephen Hemminger... Microsoft now employs 12 Linux kernel contributors.

As for what these engineers are doing, Linux kernel maintainer Greg Kroah-Hartman says, "Microsoft now has developers contributing to various core areas of the kernel (memory management, core data structures, networking infrastructure), the CIFS filesystem, and of course many contributions to make Linux work better on its Hyper-V systems."

Jerry Anderson 2020-07-13
img

Torvalds worries about compiler bugs: 'Very rare, but incredibly hard to debug'

Rust language team lead Josh Triplett has promised to support its use in the Linux kernel, saying: "I'd be happy to have the Linux kernel feeding into Rust language development priorities. If building Rustic interfaces within the kernel requires some additional language features, we should see what enhancements to the language would best serve those requirements."…

Rex Canale 2016-08-15
img

Linux kernel dev Christoph Hellwig says court didn't even begin to consider code copying

Linux kernel developer Christoph Hellwig's bid to have VMware's knuckles rapped for breaching the GNU General Public Licence GPL has failed, for now, after the Landgericht Hamburg found in Virtzilla's favour.

The Software Freedom Conservancy backed Hellwig when he alleged that some of his contributions to the Linux kernel have found their way into VMware's very proprietary flagship ESXi product, in a component called vmklinux .

Hellwig and the Conservancy believe that as ESXi includes code licensed under the GPLv2, ESXi should itself be released as open source code under the same licence.

VMware has said it would prefer an amicable end to the case and has moved to have the case dismissed.

Hellwig and the Conservancy pressed on and into court in February 2016.

Jeff Bautista 2021-04-20
img
Microsoft delivers the latest mainline LTS Linux kernel to WSL2 users.
Jeremy Green 2018-08-01
img

Linux kernel supremo Linus Torvalds has taken the rare step of reverting a kernel release candidate – after it went sour.

All looked sunny enough on Sunday evening, when he set Linux 4.18-rc7 free to roam: “Unless something odd happens, this should be the last rc for 4.18,” the chief penguinista wrote.

Something odd did, indeed, happen, and after nearly two days of discussion on the Linux Kernel Mailing List, Torvalds made the decision to revert:

I think I'll do an rc8 with the revert, just so that we'll have some time to figure this out.

El Reg took a backwards walk through the mailing list to work out what went wrong – or rather, what primarily went wrong, since there are so many commits since the previous release candidate.

One large headache involves ashmem, an application-level virtual memory area type introduced to the Linux kernel to solve a problem arising from Android's security paranoia.

Rex Canale 2018-01-02
img

Google's $1,000 laptop usually runs Chrome OS, but with the latest Fuchsia builds, you can swap out the browser-based OS for Google's experimental operating system.

The development documents describe the OS as targeting "modern phones and modern personal computers," which would seemingly put it in competition with both of Google's existing OSes.

Everything is up in the air given the early state of the project, but it seems like a from-scratch rewrite of a modern operating system.

The OS doesn't use the Linux kernel—Fuchsia uses a Google-developed microkernel formerly called "Magenta" and currently called "Zircon."

The "Escher" renderer is written in the Vulkan graphics API, and seems custom-built to run Google's shadow-heavy Material Design interface guidelines.

Apps are written in Google's "Flutter" SDK, which produces cross-platform code that also runs on Android and iOS.

Michael Fewell 2021-07-12
img

Please ignore pesky AMD GPU hardware description header files, says Linus Torvalds

Linus Torvalds has loosed the first release candidate for version 5.14 of the Linux kernel,…

Frederick Jones 2018-02-05
img

The folk at OpenWall have called for assistance to create a security module to watch Linux kernels for suspicious activity.

In the company's explanation, the Linux Kernel Runtime Guard (LKRG) is described as a module that “attempts to post-detect and hopefully promptly respond to unauthorised modifications to the running Linux kernel (integrity checking) or to credentials (such as user IDs) of the running processes (exploit detection).”

Developed by Adam Zabrocki (@adam_pi3) and now championed by OpenWall, the first cut of the code landed last week.

Announcing our most controversial project ever: Linux Kernel Runtime Guard is an LKM that post-detects kernel exploits https://t.co/ncZibh0MZn

— Openwall (@Openwall) January 29, 2018

It's imperfect for now and OpenWall admits it: “While LKRG defeats many pre-existing exploits of Linux kernel vulnerabilities, and will likely defeat many future exploits (including of yet unknown vulnerabilities) that do not specifically attempt to bypass LKRG, it is bypassable by design (albeit sometimes at the expense of more complicated and/or less reliable exploits).”

Edmond Garcia 2016-10-24
img

The technique comes courtesy of a Linux privilege-escalation bug that, as came to light last week, attackers are actively exploiting to hack Web servers and other machines.

Dirty Cow, as some people are calling the vulnerability, was introduced into the core Linux kernel in 2007.

Independent security researcher David Manouchehri told Ars that this proof-of-concept code that exploits Dirty Cow on Android gets devices close to root.

With a few additional lines, Manouchehri's script provides persistent root access on all five of the Android devices he has tested.

Android 1.0 started on Linux kernel version 2.6.25, and this exploit has been around since Linux kernel version 2.6.22."

A separate security researcher who asked to not be identified said he independently developed a separate rooting script.

Harold Roscoe 2016-12-13

Linux kernel founder Linus Torvalds: "I'm pretty sure this is the biggest release we've ever had"

The Linux kernel has undergone what has been described as its "biggest release" ever, as part of a wide-reaching update.

The release of the Linux 4.9 will bring a range of new features to operating systems based on Linux.

"I'm pretty sure this is the biggest release we've ever had, at least in number of commits," said Linux kernel founder Linus Torvalds, in a post announcing the mammoth release, which spans more than 22 million lines of code.

"If you look at the number of lines changed, we've had bigger releases in the past, but they have tended to be due to specific issues.

In contrast, 4.9 is just big."

Robert Rock 2017-12-22
img

Linux kernel security biz Grsecurity's defamation lawsuit against open-source stalwart Bruce Perens has been dismissed, although the door remains open for a revised claim.

In June, Perens opined in a blog post that advised companies to avoid Grsecurity's Linux kernel security patches because it might expose them to claims of contributory infringement under the Linux kernel license, GPLv2.

Grsecurity then accused Perens of fearmongering to harm the firm's business, and sued him in July.

On Thursday, the judge hearing the case, San Francisco magistrate judge Laurel Beeler, granted Peren's motion to dismiss the complaint while also denying – for now – his effort to invoke California's anti-SLAPP law.

SLAPP stands for Strategic Lawsuit Against Public Participation, and describes legal complaints aimed at silencing public discourse and free speech.

Many other states and countries have similar laws.

John Salmi 2019-04-17
img

Linux-loving hyperscale types at Euro startup Quobyte have pushed out a plug-in for its Data Centre File System, used in HPC-style workloads, that enables TensorFlow apps to access its files directly instead of having to traipse through the Linux kernel.

TensorFlow machine learning work can be read-intensive with lots of server cores and GPUs needing access to stored file data.

Shaving time off each access by avoiding passing through the Linux kernel storage stack can shorten the time needed for model training and inference.

Kernel bypassing has often been used with applications bound by filesystem and network IO.

WekaIO uses Linux kernel bypass technology to speed its filesystem.

It operates its own RTOS (real time operating system) in Linux user space, not kernel space, and runs its own scheduling and networking stack, with the latter talking directly to the host server's network interface card (NIC) through PCIe virtualisation.

Johnny Ament 2017-11-08

Catalin Cimpanu, reporting for BleepingComputer: USB drivers included in the Linux kernel are rife with security flaws that in some cases can be exploited to run untrusted code and take over users' computers.

The vast majority of these vulnerabilities came to light on Monday, when Google security expert Andrey Konovalov informed the Linux community of 14 vulnerabilities he found in the Linux kernel USB subsystem.

"All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine," Konovalov said.

The 14 flaws are actually part of a larger list of 79 flaws Konovalov found in Linux kernel USB drivers during the past months.

Not all of these 79 vulnerabilities have been reported, let alone patched.

Most are simple DoS (Denial of Service) bugs that freeze or restart the OS, but some allow attackers to elevate privileges and execute malicious code.