Vue normale
"run0" as a sudo replacement
So, in my ideal world, we'd have an OS entirely without SUID. Let's throw out the concept of SUID on the dump of UNIX' bad ideas. An execution context for privileged code that is half under the control of unprivileged code and that needs careful manual clean-up is just not how security engineering should be done in 2024 anymore.
Git 2.45.0 released
Security updates for Tuesday
McQueen: Update from the GNOME board
The Foundation has a reserves policy which specifies a minimum amount of money we have to keep in our accounts. This is so that if there is a significant interruption to our usual income, we can preserve our core operations while we work on new funding sources. We've now "hit the buffers" of this reserves policy, meaning the Board can't approve any more deficit budgets – to keep spending at the same level we must increase our income.
Kernel prepatch 6.9-rc6
Things continue to look pretty normal, and nothing here really stands out. The biggest single change that stands out in the diffstat is literally a documentation update, everything else looks pretty small and spread out.
[$] Giving Rust a chance for in-kernel codecs
[$] Support for the TSO memory model on Arm CPUs
Ubuntu 24.04 LTS (Noble Numbat) released
This release continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, together with the community and our partners, to introduce new features and fix bugs.
The list of changes and enhancements is long; click below for some details. More information can be found in the release notes; see also this page for a summary of security-related changes.
[$] The state of realtime and embedded Linux
[$] LWN.net Weekly Edition for April 25, 2024
QEMU 9.0 released
This release contains 2700+ commits from 220 authors." The list of improvements is long; see the announcement and the changelog for details.
[$] Rust for embedded Linux kernels
Security updates for Tuesday
The Open Home Foundation launches
We created the Open Home Foundation to fight for the fundamental principles of privacy, choice, and sustainability for smart homes. And every person who lives in one.Ahead of today, we've transferred over 240 projects, standards, drivers, and libraries—Home Assistant, ESPHome, Zigpy, Piper, Improv Wi-Fi, Wyoming, and so many more—to the Open Home Foundation. This is all about looking into the future. We've done this to create a bulwark against surveillance capitalism, the risk of buyout, and open-source projects becoming abandonware. To an extent, this protection extends even against our future selves—so that smart home users can continue to benefit for years, if not decades. No matter what comes.
Hutterer: udev-hid-bpf: quickstart tooling to fix your HID devices with eBPF
eBPF was originally written for network packet filters but as of kernel v6.3 and thanks to Benjamin, we have BPF in the HID subsystem. HID actually lends itself really well to BPF because, well, we have a byte array and to fix our devices we need to do complicated things like "toggle that bit to zero" or "swap those two values".
See this article for more information on the BPF-HID mechanism.
Kernel prepatch 6.9-rc5
But if you ignore those oddities, it all looks pretty normal and things appear fairly calm. Which is just as well, since the first part of the week I was on a quick trip to Seattle, and the second part of the week I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus.