37: Linux Action News
21 January 2018
A major open source milestone, some OnePlus users compromised, Google switches to Debian, and we have Spectre and Meltdown updates.
Hosts
Episode Links
- Wine 3.0 Released — This includes in particular Direct3D 12 and Vulkan support, as well as OpenGL ES support to enable Direct3D on Android.
- Oneplus pwned — One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.
- Google moves to Debian for in-house Linux desktop — Google has officially confirmed the company is shifting its in-house Linux desktop from the Ubuntu-based Goobuntu to a new Linux distro, the DebianTesting-based gLinux.
- Meltdown and Spectre Linux kernel status — Some “enterprise” distributions did not backport the changes for this reporting, so if you are running one of those types of kernels, go bug the vendor to fix that, you really want a unified way of knowing the state of your system.
- Red Hat pulls microcode update — Which, er, sounds like Red Hat has given up and, to avoid any blame, has told its customers to just get whatever firmware your CPU maker is offering. And if it works, it works, and if it makes your box fall over, uh, don’t look at Red Hat.
- Red Hat: We Didn’t Pull CPU Microcode Update — “It’s actually an encrypted, signed binary image, so we don’t have the capability, even if we wanted to produce microcode. It’s a binary blob that we cannot generate. The only people who can actually generate that are the CPU vendors.”
- Ubuntu almost ready to patch against Spectre — This week we published candidate Ubuntu kernels providing mitigation for CVE-2017-5715 and CVE-2017-5753 (ie, Spectre / Variants 1 & 2) to their respective -proposed pockets for Ubuntu 17.10 (Artful), 16.04 LTS (Xenial), and 14.04 LTS (Trusty).
- Skyfall and Solace: Meltdown and Spectre are just the beginning — Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre. Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches.
- NHoS shut down — The small team behind an ambitious NHoS Linux project are calling it a day, citing receipt of a trademark infringement warning from the UK Department of Health’s (DoH) “brand police” as the “final straw.”