You are here

Planet Ubuntu

Subscribe to Feed Planet Ubuntu
Planet Ubuntu - http://planet.ubuntu.com/
Përditësimi: 8 orë 12 min më parë

The Fridge: Ubuntu Weekly Newsletter Issue 541

Mar, 21/08/2018 - 1:52pd

Welcome to the Ubuntu Weekly Newsletter, Issue 541 for the week of August 12 – 18, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Jono Bacon: Video: How to Manage and Work With Difficult Personalities

Hën, 20/08/2018 - 9:36md

Every organization, community, and family has difficult people in them. Some get overly agitated, some are not constructive in their criticism, some rub other people up the wrong way, some always commit but never deliver, and other traits.

In my new video I share some details for how to manage these types of personalities. I share some golden rules for handling them, how to analyze the situation well, and a method for building a resolution and solving problems.

Here it is:

Can’t see it? Watch it here.

The post Video: How to Manage and Work With Difficult Personalities appeared first on Jono Bacon.

Kees Cook: security things in Linux v4.18

Hën, 20/08/2018 - 8:29md

Previously: v4.17.

Linux kernel v4.18 was released last week. Here are details on some of the security things I found interesting:

allocation overflow detection helpers
One of the many ways C can be dangerous to use is that it lacks strong primitives to deal with arithmetic overflow. A developer can’t just wrap a series of calculations in a try/catch block to trap any calculations that might overflow (or underflow). Instead, C will happily wrap values back around, causing all kinds of flaws. Some time ago GCC added a set of single-operation helpers that will efficiently detect overflow, so Rasmus Villemoes suggested implementing these (with fallbacks) in the kernel. While it still requires explicit use by developers, it’s much more fool-proof than doing open-coded type-sensitive bounds checking before every calculation. As a first-use of these routines, Matthew Wilcox created wrappers for common size calculations, mainly for use during memory allocations.

removing open-coded multiplication from memory allocation arguments
A common flaw in the kernel is integer overflow during memory allocation size calculations. As mentioned above, C doesn’t provide much in the way of protection, so it’s on the developer to get it right. In an effort to reduce the frequency of these bugs, and inspired by a couple flaws found by Silvio Cesare, I did a first-pass sweep of the kernel to move from open-coded multiplications during memory allocations into either their 2-factor API counterparts (e.g. kmalloc(a * b, GFP...) -> kmalloc_array(a, b, GFP...)), or to use the new overflow-checking helpers (e.g. vmalloc(a * b) -> vmalloc(array_size(a, b))). There’s still lots more work to be done here, since frequently an allocation size will be calculated earlier in a variable rather than in the allocation arguments, and overflows happen in way more places than just memory allocation. Better yet would be to have exceptions raised on overflows where no wrap-around was expected (e.g. Emese Revfy’s size_overflow GCC plugin).

Variable Length Array removals, part 2
As discussed previously, VLAs continue to get removed from the kernel. For v4.18, we continued to get help from a bunch of lovely folks: Andreas Christoforou, Antoine Tenart, Chris Wilson, Gustavo A. R. Silva, Kyle Spiers, Laura Abbott, Salvatore Mesoraca, Stephan Wahren, Thomas Gleixner, Tobin C. Harding, and Tycho Andersen. Almost all the rest of the VLA removals have been queued for v4.19, but it looks like the very last of them (deep in the crypto subsystem) won’t land until v4.20. I’m so looking forward to being able to add -Wvla globally to the kernel build so we can be free from the classes of flaws that VLAs enable, like stack exhaustion and stack guard page jumping. Eliminating VLAs also simplifies the porting work of the stackleak GCC plugin from grsecurity, since it no longer has to hook and check VLA creation.

Kconfig compiler detection
While not strictly a security thing, Masahiro Yamada made giant improvements to the kernel’s Kconfig subsystem so that kernel build configuration now knows what compiler you’re using (among other things) so that configuration is no longer separate from the compiler features. For example, in the past, one could select CONFIG_CC_STACKPROTECTOR_STRONG even if the compiler didn’t support it, and later the build would fail. Or in other cases, configurations would silently down-grade to what was available, potentially leading to confusing kernel images where the compiler would change the meaning of a configuration. Going forward now, configurations that aren’t available to the compiler will simply be unselectable in Kconfig. This makes configuration much more consistent, though in some cases, it makes it harder to discover why some configuration is missing (e.g. CONFIG_GCC_PLUGINS no longer gives you a hint about needing to install the plugin development packages).

That’s it for now! Please let me know if you think I missed anything. Stay tuned for v4.19; the merge window is open. :)

© 2018, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Ubuntu Podcast from the UK LoCo: S11E23 – Twenty-Three Tales - Ubuntu Podcast

Pre, 17/08/2018 - 4:00md

We’ve been upgrading RAM and tooting in the fediverse. We discuss Hollywood embracing open source, a new release of LibreOffice, pacemakers getting hacked and fax machines becoming selfaware and taking over the planet. We also round up the community news and events.

It’s Season 11 Episode 23 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Valorie Zimmerman: Akademy: closing time

Pre, 17/08/2018 - 3:05md
Akademy is always a whirlwind which is my excuse for not blogging! Today we wrapped up the program which leaves us in a nearly-empty venue and a bit of time after lunch to catch up.
I did manage to gather photos together in Google Photos: https://photos.app.goo.gl/qHPwehW8C1zPGuav7
Thanks again to the KDE e.V. for sponsoring my hostel and the Ubuntu Community Fund for part of my travel expenses. This allowed me to attend. Meeting Popey from the Ubuntu community and the Limux team was great, although we didn't do as much Kubuntu work as in past years. However, attending the Distro BoF was a great experience; very friendly and collaborative.
As always, the talks were interesting, the "hall track" fascinating, BoFs engaging. The high point for me personally was being given an Akademy Award on Sunday after a blessedly-short e.V. meeting. I almost fainted from surprise! It feels wonderful to be not just appreciated but honored for my work for the KDE community. 
Thank you again!
I will update here with a photo when I can.
Yesterday and today were taken up with trainings, which while exhausting are extremely valuable. Along with the documentation work ahead, I look forward to integrating both the Non-Violent Communication and Tech Documentation trainings into my work.
In addition, I will be happy to see our documentation team re-group and gain strength over the next year as we work with the contractor on identifying pain points and fixing them.
I got lost yesterday, which one should always do in a strange city. Here is one of the beautiful windows I saw before finding the tram and a different way home:
Tomorrow we meet at 3:45 am to share an Uber to the airport and the beginning of the journey home. To KDE friends new and old: we'll meet next year at Akademy I hope, or at least in IRC.
Local friends and family, I'll see you soon!

Lubuntu Blog: Lubuntu Development Newsletter #9

Pre, 17/08/2018 - 3:53pd
This is the ninth issue of The Lubuntu Development Newsletter. You can read the last issue here. Changes General We’ve been polishing the desktop more, but work has been blocked by the still ongoing Qt transition. The 16.04 to 18.04 upgrade has now been enabled! Please do let us know if there’s any issues. Here’s […]

Andres Rodriguez: MAAS 2.4.1 released!

Mër, 15/08/2018 - 5:20md

Hello MAASTers

MAAS 2.4.1 has now been released and it is a bug fix release. Please see more details in discourse.maas.io [1].

[1]: https://discourse.maas.io/t/maas-2-4-1-released/148