James Morris has a blog post announcing that the schedule for this year's Linux Security Summit (LSS) is now available. It starts with a keynote from James Bottomley of Parallels, then there are seven refereed talks, as well as other sessions: "Discussion session topics include Trusted Kernel Lock-down Patch Series, led by Kees Cook; and EXT4 Encryption, led by Michael Halcrow & Ted Ts’o.
Ars Technica reports
that a security researcher has found what he calls a "catastrophic failure"
in the Linux version of LibreSSL. "The failure results in cases where the same 16-bit PID is used to designate two or more processes. Linux ensures that a process can never have the same ID as the child process it spawned, but it remains possible for a process to have the same PID as its grandparent process.
KDE has announced the
release of Plasma 5.0. "Plasma 5.0 introduces a new major version of KDE's workspace offering. The new Breeze artwork concept introduces cleaner visuals and improved readability. Central work-flows have been streamlined, while well-known overarching interaction patterns are left intact. Plasma 5.0 improves support for high-DPI displays and ships a converged shell, able to switch between user experiences for different target devices.
Google's newly announced
Project Zero is focused on making the net as a whole safer from attackers.
"We're not placing any particular bounds on this project and will
work to improve the security of any software depended upon by large numbers
of people, paying careful attention to the techniques, targets and
motivations of attackers. We'll use standard approaches such as locating
and reporting large numbers of vulnerabilities.
In the first article in this series, we briefly looked at the original Linux filesystem notification API, dnotify, and noted a number of its limitations. We then turned our attention to its successor, inotify, and saw how the design of the newer API addressed various problems with the dnotify API while providing a number of other benefits as well. At first glance, inotify seems to provide a complete solution for the task of creating an application that reliably monitors the state of a filesystem.
[Michael] Mapbox is "running a business like you would run an open source
project." Can you elaborate on what that means?
[Justin] This is the meat of my talk, but basically, the organization is flat and open.
Linus has sent out the 3.16-rc5 prepatch.
"Things are looking normal, and as usual, I _wish_ there was a bit
less churn going on since it's getting fairly late in the rc cycle, but
honestly, it's not like there is anything that really raises any eyebrows
OpenBSD Journal is reporting
that the first release of LibreSSL Portable is available for download from
OpenBSD project servers. LibreSSL is the OpenSSL fork
started in April by members of the OpenBSD development community after the
"Heartbleed" vulnerability; the "Portable" version is designed to run
on operating systems other than OpenBSD itself, including Linux.