Articles about Kernel

Penguin with video photo via Shutterstock

Linux 4.7 lands

Linus Torvalds has loosed version 4.7 of the Linux kernel on an impatient world. This time around the headline features include the addition of the schedutil cpufreq governor, code that makes it possible to change the frequency at which a CPU operates. There's also support for the new-ish Radeon RX 480 GPU and the ability to …
Simon Sharwood, 25 Jul 2016
linux_tux_cloud_648

Intel's SGX tiptoes towards Linux

Intel has fulfilled a promise made in April to open-source a Linux driver for its SGX technology. SGX – Software Guard Extensions – first landed in 2013, and allows programmers to lock up code and data inside containers enforced by the CPU. The idea is to create an environment to assure people "clouding" their enterprise …
Man looking up spiral staircase inside deltalis mountain data centre

Your next storage will be invisible (for a while)

In the last two or three years I've talked a lot about "Flash & Trash." A two-tier storage strategy to best cope with the increasing demand of high IOPS and low latency from primary applications on the one hand, and high capacity, associated with throughput at times, on the other. This kind of need depends on the type of …
Docker logo

Containers rated more secure than conventional apps

Containers are more secure than apps running on a bare OS and organisations that like not being hacked therefore need to seriously consider a move, according to analyst firm Gartner. Analyst Jeorg Fritsch, in a new document titled How to Secure Docker Containers in Operation says “Gartner asserts that applications deployed in …
Simon Sharwood, 15 Jul 2016
Patchwork

Juniper's bug hunters fire out eight patches

Juniper has fired off fixes for eight security vulnerabilities. The company has been running Junos OS through the security mill since late last year, when its now-notorious backdoor hit the headlines. Junos OS systems running either generic routing encapsulation (GRE) or IP-in-IP (IPIP) tunnels are vulnerable to a kernel …
VirtualBox 5

VirtualBox 5.1 debuts

Well that was quick. Mere days after announcing a release candidate, Oracle has emitted VirtualBox 5.1 Big Red reckons the following new features are worth getting excited about: Improved Performance: Significantly improved performance for multi-CPU virtual machines and networking. Bug Reporting Tool: New utility able to …
Simon Sharwood, 14 Jul 2016
Cthulu emerges from a printer. Image created by illustrator Andy Davies. Copyright: The Register

Webpages, Word files, print servers menacing Windows PCs – yup, it's Patch Tuesday

Microsoft will fix critical holes in Internet Explorer, Edge, Office and Windows with this month's Patch Tuesday security bundle. Meanwhile, Adobe has patched dozens of exploitable vulnerabilities in its Flash player. Redmond's July release includes 11 sets of patches, six rated as "critical" and five classified as "important …
Shaun Nichols, 12 Jul 2016

Linus Torvalds in sweary rant about punctuation in kernel comments

Linus Torvalds has unleashed a sweary rant on the Linux Kernel Mailing List, labelling some members “brain-damaged” for their preferred method of punctuating comments. “Can we please get rid of the brain-damaged stupid networking comment syntax style, PLEASE?” the Linux Lord asked last Friday. “If the networking people cannot …
Simon Sharwood, 11 Jul 2016
Newsroom

Linux 4.7 delayed

Linus Torvalds' travel plans mean version 4.7 of the Linux kernel will be delayed by a week. “We've had a nicely calm week, which is what I expected - the last rc really was bigger just due to random timing issues, and not some worrying pattern about this release cycle,” Torvalds wrote on Sunday.” “Anyway, there's a couple of …
Simon Sharwood, 11 Jul 2016
Qualcomm Snapdragon 820

Huge double boxset of Android patches lands after Qualcomm disk encryption blown open

Google has released two bundles of Android security patches this month: a smaller one to handle bugs in the operating system, and a larger package that tackles a raft of driver-level issues, particularly with Qualcomm's hardware. The first tranche of patches includes eight critical, 11 high severity, and nine fixes that are …
Iain Thomson, 06 Jul 2016
Tupperware image via Shutterstock

One container to rule them all? No. Um, a plastic box* refresher

Analysis Containers are the cool toy meaning two things: new technology and hype. At heart, containers are simple: group the minimum set of files needed to run a particular program into a single directory tree, then run it with some kind of isolation mechanism, so that as far as that process is concerned, it's the only thing on the …
Liam Proven, 05 Jul 2016
Gold Plate My BlackBerry Passport

New phones rumoured as BlackBerry cans BB10 production

Federal government staff in Washington DC have their own private underground metro system but they might not be getting any more BlackBerrys. A recently uncovered memo appears to tell United States Senate staff they’ll no longer be equipped with the once ubiquitous BlackBerry phones because they are to be discontinued. The …
Andrew Orlowski, 04 Jul 2016

Cracking Android's full-disk encryption is easy on millions of phones – with a little patience

Android's full-disk encryption on millions of devices can be cracked by brute-force much more easily than expected – and there's working code to prove it. Essentially, if someone seizes your Qualcomm Snapdragon-powered phone, they can potentially decrypt its file system's contents with a friendly Python script without knowing …
Iain Thomson, 01 Jul 2016
The Incredible Shrinking Man

Permabit offers deduplication to Linux masses – almost

Permabit has moved beyond OEMs, making the latest release of its dedupe technology available as a Linux software package so that ISVs, professional services folks and systems integrators in its Hybrid Cloud Professional Services partners programme can use it. Previously it was available to OEMs in Albireo (dedupe) and Virtual …
Chris Mellor, 29 Jun 2016
Image: Serazetdinov http://www.shutterstock.com/fr/pic-114819721/stock-vector-illustration-of-a-strong-blast-of-brain.html

Zero-interaction remote wormable hijack hole blasts Symantec kit

Scores (or thousands, or millions) of enterprise and home Symantec users are open to remote compromise through multiple now-patched (where possible) wormable remote code execution holes described by Google as 'as bad as it gets'. The flaws are "100 percent" reliable against Symantec's Norton Antivirus and Endpoint according to …
Darren Pauli, 29 Jun 2016
Plastic_Logic

Apple kernel security

Apple has confirmed it has left some parts of the iOS kernel open to third parties, but the Cupertino idiot tax racket says that the move will not compromise security. A recent report from MIT Technology Review shows that Apple is okay with exposing some of the guts of its mobile OS if it allows third parties to find flaws and …
Shaun Nichols, 23 Jun 2016
Diver, image via Shutterstock

Fedora 24 is here. Go ahead – dive in

Review Fedora 24 is here, packing not just the standard group of changes familiar to any distro update, but also changes to fundamental elements. The biggest news in the default desktop version that I looked at – called Fedora Workstation 24 – is GNOME 3.20 and the continuing improvements to support for Wayland, the graphic stack …

Docker taps unikernel brains to emit OS X, Windows public betas

DockerCon Docker will kick off its DockerCon 2016 conference in Seattle this morning with a bunch of announcements: its OS X and Windows Docker clients will be made publicly available as beta software for anyone to try out; out-of-the-box orchestration is coming to Docker 1.12; and integration with Amazon's AWS and Microsoft's Azure is in …
Chris Williams, 20 Jun 2016

Google to shower 50%+ more gold on code-bearing bug hunters

Google will pay out potentially 50 per cent or more cash to bug hunters who couple software vulnerability reports with proof-of-concept exploit code or patches. Example exploits alone will bump critical bug payments by 33 per cent from US$3,000 (£2,101, A$4,060) to US$4,000 (£2,802, A$5,413). A "high quality" bug report with …
Darren Pauli, 17 Jun 2016
Oprah

Linux devs open up universal Ubuntu Snap packages to other distros

Analysis The Snap application container system released in April with Ubuntu 16.04 is now going to be opened up to many other Linux distros after a surprise discovery by developers. In a press call to journalists, Canonical founder Mark Shuttleworth (accompanied at times by a rather excitable Labrador) explained that shortly after the …
Iain Thomson, 14 Jun 2016

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Intel is pushing a neat technique that could block malware infections on computers at the processor level. That's the 40,000ft view of the new safety mechanism, the details of which were published on Thursday. What's really going on is this: Intel's so-called Control-flow Enforcement Technology (CET) [PDF] attempts to thwart …
Chris Williams, 10 Jun 2016
FreeBSD logo

Microsoft has created its own FreeBSD image. Repeat. Microsoft has created its own FreeBSD image

Microsoft has created its own cut of FreeBSD 10.3 in order to make the OS available and supported in Azure. Jason Anderson, principal PM manager at Microsoft's Open Source Technology Center says Redmond “took on the work of building, testing, releasing and maintaining the image” so it could “ensure our customers have an …
Simon Sharwood, 09 Jun 2016

You've got a patch, you've got a patch ... almost every Android device has a patch

It's the first Monday of the month, and that means another batch of patches for Android, fixing flaws that can be exploited by apps and webpages to hijack devices. As usual, if you're not using a Google Nexus device, you're at the mercy of your manufacturer and phone carrier to approve and distribute these updates, which may …
Iain Thomson, 06 Jun 2016

Intel reveals Xeon E7 v4: Is that 24TB in your pocket or are... oh, it is

As expected, following the announcement of the Xeon E5 v4 server chips, here comes Intel's Xeon E7-8800 and E7-4800 v4 processors. While the E5 v4 CPUs are specced for scale-out systems, the E7 v4 family – announced today – is aimed at scale-up work: think analytics and in-memory database software that need lots and lots of …
Chris Williams, 06 Jun 2016
Linux on multiple devices

Latin-quoting Linus Torvalds plays God by not abusing mortals

Linus Torvalds has loosed release candidate 2 of version 4.7 of the Linux kernel on the waiting world. "Things are looking fairly normal, and there are fixes all over, with drivers and architecture code leading the charge as usual, but there's stuff spread out all over the place, including filesystems, networking, mm, library …
Simon Sharwood, 06 Jun 2016

Is a $14,000 phone really the price of privacy?

A US$14,000 (£9,706, or A$19,352) Android phone has been launched pitching 'military-grade encryption' at privacy-conscious executives. Little information can be found on the Solarin handset's specific security chops other than it will use "chip-to-chip 256-bit AES encryption" for phone calls. That technology is built by …
Darren Pauli, 02 Jun 2016
SQL Server 2016 supports hybrid cloud as well as on premises deployment

SELECT features FROM bumf... What's new in MS SQL Server 2016

Microsoft has released SQL Server 2016, adding new security features, improved query profiling, Hadoop integration, hybrid cloud capabilities, and R analytics to its database server, along with numerous other improvements. Calling SQL Server a "database server" does not do justice to its scope. The main components are: …
Tim Anderson, 01 Jun 2016
cloud

Cumulus Linux 3.0 NOS now in the wild

Cumulus Linux is touting a bunch of heavyweights as supporting the latest iteration of its white-box Linux. On board for the launch of the Cumulus Linux 3.0 network operating system are Dell, EdgeCore Networks, Mellanox, Penguin Computing, and Supermicro. For Cumulus, one of the biggest aspects of the launch is that version 3 …
AS/400

Scale Computing is a tiny fish in a small pond. Fancy its chances?

Comment Scale Computing is one of 13 suppliers attacking the hyper-converged infrastructure market. Not all will survive. What has it got that makes it distinctive and gives it the potential for success? Scale’s difference is based on its SMB customer approach, meaning low-cost and simplified admin, and cleaned up IO stack. This, it …
Chris Mellor, 31 May 2016

KNOX knocked three times by Israeli infosec boffins

A pair of Israeli researchers has detailed their discovery of three Android / KNOX vulnerabilities in older Samsung phones, and it makes for depressing reading. In this paper at Arxiv, Tel Aviv University's Uri Kanonov and Avishai Wool dissect KNOX for your enjoyment. In particular, they write that in sharing KNOX services …
Containers

The B-side of storage containerisation

Blog B as in back-end, of course... My attraction to this technology started when it was first introduced on Sun Solaris and I had the opportunity to work with it. Now, of course, it is more appealing and portable than back in 2005. Indeed containers are quickly becoming one of the most compelling revolutions to hit IT in the last …

The Windows Phone story: From hope to dusty abandonware

Special Report We stroll down Memory Lane and ask: was this The Ultimate Curse of Fry? Spring cleaning the other day, my wife found a Windows wristband. It was in a box where ten year old 4MB MMC cards went to die, along with paperclips, odd screws and a lot of dust. Keep or chuck? Chuck, I said, before looking closer, and realising that it …
Andrew Orlowski, 27 May 2016
Runner photo, via Shutterstock

Dropbox gets all up in your kernel with Project Infinite. Cue uproar

Dropbox is on the defensive after revealing its file-sharing service will in future tap into the very heart of your computer’s operating system. Project Infinite, unveiled in April, will take Dropbox out of the browser on the PC or Macs and integrate it directly with your machine’s local file storage. Items stored in your …
Gavin Clarke, 26 May 2016
stack of newspapers with a pair of ethernet cables next to them

CentOS Linux 6.8 lands

The CentOS Linux project has unleashed version 6.8 on the world. In line with the Red Hat code-base it's cut from, CentOS 6.8 gets 300 TB XFS filesystem support, and uses the Linux 2.6.32 kernel. There's a slew of security changes in the release: libreswan instead of openswan for VPN endpoint functionality; TLSv1.2 support in …
stack of newspapers view from the side

Norton bans kernel.org

Bad news for Linux users: security suite Norton thinks that the Linux repository kernel.org is rife with threats. Norton Linux.org page Er, no Symantec's automated analysis system claims to have identified four threats to Norton users on the site and has red flagged it for anyone thinking of visiting. That will come as a …
Iain Thomson, 24 May 2016

Apple: Another bug fix. Er, thanks, GCHQ

GCHQ’s CESG (Communications-Electronics Security Group) assurance arm was behind the report of an OS X bug to Apple that the consumer electronics giant patched last week. The UK’s signals intelligence is perhaps better known in security circles for finding and exploiting software vulnerabilities in order to spy on foreign …
John Leyden, 23 May 2016
Apple Watch

Apple Watch leaks data

Apple has issued a slew of patches for all of its devices, among them one that quashes a flaw that means "A malicious application may be able to leak sensitive user information" from the Apple Watch. Other Watch flaws allows arbitrary code execution. CVE-2016-1802 also impacts other iOS devices. Apple says "An issue existed …
Simon Sharwood, 17 May 2016

Symantec antivirus bug allows utter exploitation of memory

British white hat hacker and Google Project Zero chap Tavis Ormandy is making life miserable for Symantec again: the bug-hunter has turned up an exploitable overflow in “the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products”. Described here, the problem is in how the antivirus products …

ZFS comes to Debian, thanks to licensing workaround

The ZFS file system has come to popular Linux distribution Debian, but in a way the distro's backers think won't kick up another row over compatibility of open source licences. Ubuntu 16.04 added ZFS, despite pre-release grumblings from Richard Stallman to the effect that anything licensed under the GNU GPL v2 can only be …
Simon Sharwood, 16 May 2016
LInux nutella

Linus Torvalds releases Linux 4.6

Linus Torvalds has loosed version 4.6 of the Linux kernel on the waiting world. “It's just as well I didn't cut the rc cycle short, since the last week ended up getting a few more fixes than expected,” wrote the Linux overlord. “Since rc7, there's been small noise all over, with driver fixes being the bulk of it, but there is …
Simon Sharwood, 16 May 2016
band_aid_648

IE and Graphics head Microsoft's Patch Tuesday critical list

There's 15 flaw fixes covering 36 vulnerabilities in this month's patch bundle from Microsoft. Microsoft's browsers need a lot of work – Internet Explorer gets five fixes and the new Edge code has four. Both applications' patches have been named as critical by Redmond. There's also a five-fix bundle for Microsoft's graphics …
Iain Thomson, 10 May 2016
stack of newspapers view from the side

Ubuntu kernel patches land

Canonical has pushed a bunch of important kernel security updates. In the aging Ubuntu 12.04 LTS, the fixes are described here. Only one of the vulnerabilities is remotely exploitable – CVE-2015-8767, a race condition when handling heartbeat timeouts, and can be exploited to cause a system crash. There are three local crash …
dumb_and_dumber_648

This is what a root debug backdoor in a Linux kernel looks like

A root backdoor for debugging ARM-powered Android gadgets managed to end up in shipped firmware – and we're surprised this sort of colossal blunder doesn't happen more often. The howler is the work of Chinese ARM SoC-maker Allwinner, which wrote its own kernel code underneath a custom Android build for its devices. Its Linux …
Android for cars

Android's security patch quagmire probed by US watchdogs

Mobile carriers and gadget makers will be investigated over how slow they push important software security patches to people. The probe will be carried out by US trade watchdog the FTC and America's internet mall cop the FCC. The two agencies will work together to scrutinize manufacturers of phones, tablets and other gear, …
Shaun Nichols, 09 May 2016

Debian farewells Pentium

Debian is farewelling a bunch of legacy processors, including Pentium. While Linux may still be touted as the best way to keep an ancient PC on life support, there are limits, it seems. As kernel developer Ben Hutchings explains in this post, Debian is inheriting the change from gcc, which no longer supports pre-686 …
lg_rolly_keyboard_648

CII badge program live

The Linux CII has handed out its first security badges. Foreshadowed last year at LinuxCon 2015, the CII (Core Infrastructure Initiative) Best Practises Badge is pitched as an alternative to high-price commercial certifications. It's a self-assessment process, in which the project's personnel check that they're following the …
android_toys_648

3-in-4 Android phones, slabs, gizmos menaced by fresh hijack flaws

Google has today issued a bundle of 40 security patches for its Android operating system. A dozen of the fixes correct critical vulnerabilities in versions 4.4.4 of the operating system and above. About 74 per cent of in-use Android devices run Android 4.4.4 or higher. These critical bugs can be potentially exploited by …
Iain Thomson, 02 May 2016
shutterstock_225964027-pizz

'Charred Weasel' Linux

Linus Torvalds has honoured the LHC-frying weasel that died last week. The Linux lord paid his respects by naming this week's version of Linux, 4.6 rc6, "Charred Weasel" in this Git commit. Torvalds rates this week's effort, rc6 of Linux 4.6, as offering "nothing particularly scary". The only change he bothers to note in …
Simon Sharwood, 02 May 2016
Linus Torvalds flips the bird

Linux infosec outfit does a Torvalds, rageblocks innocent vuln spotter

An open source security firm has blocked a security researcher who reported flaws in a recently issued patch in an apparent fit of pique. Hector Martin took to Twitter on Tuesday to note a trivial crashing vulnerability in a recently issued patch by Grsecurity. “I literally crashed my box by pasting a bunch of text into a …
John Leyden, 27 Apr 2016

Carders cash out hundreds of millions before USA adopts EMV

A hacker group has stolen some 10 million credit cards, putting itself in a position to score US$400 million (£279 million, A$516 million) by infecting 2000 payment terminals with the Trinity point of sales malware. Security firm FireEye and subsidiaries iSIGHT Partners and Mandiant examined the "Fin6" group last year after it …
Darren Pauli, 22 Apr 2016