3

Episode 003

Posted by Tony on October 30, 2011 in Show-mp3, Show-ogg |
Play

Download in Ogg format (for Freedom Lovers!)

Intro:

Tony Bemus and Mat Enders

Kernel News: Mat

The Current Development kernel 3.2

The 3.1 kernel is out, released by Linus on 10/24. Some of the big features in this slightly delayed release are improved Xen memory management, enhancements to process tracing (the PTRACE_SEIZE command), enhancements to lseek() to aid in finding holes in files, and OpenRISC architecture support. As of 10/26, around 4400 patches have been pulled into the mainline kernel tree for the 3.2 release. Trees pulled in so far include networking, USB, staging, and security; we will have full merge window summary next week.

Stable updates:
Kernel 3.0.8 was released on 10/25 with the usual load of important fixes. There where 37 files changed, 413 files insertions, and 194 files deleted.

Here’s what Linus has to say about it
What worries me more than the kernel summit is just that the 3.1 release cycle has dragged out longer than usual, so I’m a bit afraid that the 3.2 merge window will just be more chaotic than usual just because there might be more stuff there to be merged. But that’s independent of any KS issues, and I also suspect that the added time for development has been largely nullified by the productivity lost due to the k.org mess.

Distro News:

Distro of the Week:

  1. Mint
  2. Ubuntu
  3. openSUSE
  4. Fedora
  5. Debian

Other Distro News:

Tech News:

Update on secure boot – Mat

The “secure boot” “feature” that will appear in PC firmware shortly, due in large part to a mandate from Microsoft, has caused many reactions. On one side, there is the Free Software Foundation asking for signatures to “stand up for your freedom to install free software”. Then, you have stooges like Ed Bott accusing “Linux fanatics” of wanting to make Windows 8 less secure.

The problem started earlier this year. The Unified Extesible Firmware Interface (UEFI) specification has an optional “secure boot” “feature”. This has the potential to be a useful feature, since it could prevent malware from infecting signed components, however it is also a threat to open source operating systems (like Linux) by making it impossible to boot these on the secured systems.

In June, the concern was that “a fair amount of pressure” would be applied by Microsoft to enable this feature. This came to fruition when Microsoft said in order to get a Windows 8 logo secure boot will be required. Most OEMs will want to qualify for this, and the susequent marketing funds that will most likely come with the program, ipso facto Microsoft requiring secure boot makes it manditory for OEM’s.

The Problem
The obvious problem with secure boot is that it could only allow Microsoft operating systems to boot. As Matthew Garrett wrote,
“A system that ships with Microsoft’s signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft’s. No other vendor has the same position of power over the hardware vendors.”
In October, Garrett wrote a follow-up to his earlier posts on secure boot, where he says the real problem is whether the end user will be able to manage the keys on their machines. Even then only enterprise Linux vendors will have their own keys. What happens to all of the libre distros and hobiests running from scratch.
Matthew Garrett says, the workaround is to turn off secure boot. However it does not do anyone any good for Linux installation to require disabling a legitimate security feature. Then the on/off switch will not be in a standard location causing a support nightmare. The right fix according to Garrett is instead of requiring secure boot to be disabled we need to work on a way for the “feature” to be supported on Linux installations.

The Solution
According Garrett there is a proposal put forward to the UEFI Forum that lets users install their own keys from removable media. This avoids problems with booting untrusted binaries. Requiring removable media, prevents malware from installing as it won’t be able to install the key. Then secure boot would just fall back into system recovery. It is most probable that malware will infect USB keys or other removable media, however allowing users control is also allowing for some risk some risk.

In My Opinion (Mat)
The worst-case scenario, a flood of “restricted boot” machines incapable of booting Linux or anything other than signed Windows 8 seems unlikely. We are also far from Garrett’s proposal. Users who want complete control of their machines need to stay abreast of this process, to ensure that OEM’s know that being able to disable secure boot is not enough. To realy control our machines, we need to have the ability to install our own trusted keys.

Other stuff
Amazon cloud reader

Amazon Introduces New Ebook Format
The new file format, Kindle Format 8 (KF8), is based on HTML5, and with it, Amazon aims to bring some of the flexibility and power that HTML5 offers to the world of e-books. HTML5 features such as CSS3 formatting, nested tables, SVG graphics, embedded fonts, and borders are all now supported. The new format includes much richer layout options, including fixed layouts—essential for accurate reproduction of many children’s books—and panel-based layouts for comic books. Books can include sidebars and callouts, text overlaid on background images, boxes, drop caps, and more.

Open Source: You Know, For Kids!
Recently SCALE announced that the 2012 event, January 20-22 in Los Angeles, will include a SCALE Kids Conference

More about: ICANN is Taking Over the Olson Time Zone Database – Astrolabe not looking for money but just wanted to make a point about infringement.

Other Talk:

Apple Threatens Small, Family-Run Café Over Trademark
Apple is threatening to sue a small, family run café in Bonn because they are of the opinion that their logo infringes on Apple’s trademark. The owner of the café Apfelkind, Christin Römer, has registered her logo as a trademark for the service and fashion industry in June in Munich. Now Apple is claiming in a cease and desist letter that there could be confusion between the small café in Bonn and their global entertainment brand.

Linux Malware: Are We There Yet?
Untrusted package sources
Bots, rootkits and unknown commands

More Talk:

Tony’s Projects: XBMCbuntu – Fast Boot, Internet content, Local and network Content!

Mat’s Projects: PFsense

This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Copyright © 2011-2014 Sunday Morning Linux Review All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.2.4.1, from BuyNowShop.com.