Ancient Kernel Hole in Linux fixed after Two Months of reporting

An ancient kernel hole in Linux, which has been present from 2003, was recently closed after constant nagging and bug reports. The problem was with the X server using a huge stack that has a good chance of running into an adjacent heap memory.

The same vulnerability was cited earlier and was brought to the notice of the Linux security team a number of times but they turned a deaf ear to it each time. Only recently, they have taken this seriously and Torvalds has finally fixed this bug. However, the bugfix itself requires a further fix and the complete change will appear in the next stable update of the Linux kernel. As for those running a development version, it is available for download  here.

Torvalds has implemented a guard between the stack and the heap so that the stack does not overrun the heap memory in any case. However, people everywhere are frowning upon the time of two months this problem took to be fixed, after the first citation and the first formal reporting. Linux has been held in high esteem for its security and this matter has earned Linux some bad name already.

Keith Packard, an hacker was also working on a fix for this but his code was rejected by Torvalds as it violated some internal VM rules. The vulnerability was of an extremely serious nature.  As Rutkowska puts it,

While it isn’t a direct remote exploit, it only takes one vulnerable X client (web browser, PDF viewer, etc.) to turn it into something that is remotely exploitable.


Microsoft Planning to License SDL under Creative Commons

Microsoft is planning to change its process of developing secure software. The current Security Development License (SDL), widely used at Microsoft will now be available under a Creative Commons License. This makes it easier for developers to integrate SDL into their products and for other users to use and distribute these products and the license. SDL is described as,

The Microsoft SDL is a security assurance process that is focused on software development. It is a collection of mandatory security activities, grouped by the phases of the traditional software development life cycle (SDLC). Combining a holistic and practical approach, the SDL introduces security and privacy throughout all phases of the development process with the goal of protecting end-users.

The SDL License will now be free from the earlier exclusive Microsoft license by virtue of which, will see more number of standard software out in the market. SDL is strictly followed by Microsoft itself from Windows Vista onwards. Many other papers from the SDL portal will also receive this update as pointed out by David Ladd, the Principal Security Program Manager at Microsoft.

SDL was proposed by Bill Gates in 2002 and this has held up for the last eight years. After these eight years, Microsoft has felt that it should share this standard with the world and has taken the right decision in doing so.


The Pentagon seeks protection against WikiLeaks

The Pentagon has been embarrassed  by WikiLeaks in more than one instance and it feels the immense need for a mechanism to prevent these leaks from the inside. Specifically for this purpose, the Pentagon has been working on a project by the name of Cinder that can identify the inside man who leaks information. Cinder stands for Cyber Insider Threat Program and aims to save the Pentagon from landing in awkward situations it is in right now.

Nextgov writes about the project saying,

While DARPA did not make any connection between the WikiLeaks case and Cinder, it said it wants to develop ways to detect actions on military networks and systems that could indicate someone is trying to copy classified files.

Its prime objective is protection from WikiLeaks. However, immense security measures will bring multiple people under scrutiny and will affect the workforce at the Pentagon. The security measures in place need to make sure that this matter is addressed.

The case of Bradley Manning, who transferred more than 90,000 Secret Army documents to WikiLeaks, is a serious breach of security and it needs proper access  privileges  to get hold of these files. However, if Manning had access rights, how secure will the security system be and who will have access to it?

This security measure is a necessity but I hope it is done in the right way and not like the Ubisoft DRM causing trouble for legit users.


Chromium Introduces GPU Rendering, Makes Chrome Better at Rendering Heavy Pages

Recently, a lot of work is being done to introduce GPU rendering into Google Chrome. New additions into web technologies like WebGL and 3D CSS has brought up a need for the web browser to be more CPU intensive. Most definitely, this is undesirable and Google Chrome is taking the right step in offloading the responsibility of rendering these components to the GPU. This will considerably improve the performance and responsiveness of Google Chrome.

Google Chrome will feature a new GPU process in future versions that will manage all graphics related responsibilities. The GPU process will take in all graphics rendering tasks from the renderer process and send it to OpenGL or Direct3D. This access was not available to the renderer process earlier and neither is it now. However, the GPU process in question is allowed to run in a sandbox and have access to these graphics components of the OS.

This feature will be available for color conversion and scaling of videos. This will lighten the overburdened renderer process and give Google Chrome a smooth performance.

The idea of GPU rendering has just been implemented and the Chromium team wants to develop and advance more in this matter.


Google Acquires Angstro, another Social Networking Startup

Google continues its acquisition drive with Angstro, which is a social networking startup. Angstro has a unique feature of pulling in data from various social networks and websites like Facebook, Twitter and LinkedIn. It was also a finalist in the Techcrunch 50. Angstro apps are specifically made for interoperability between various social networks and Google surely sees a bright future in this technology.

As more and more people join social networks, it becomes harder for them to set priorities for networks. Angstro makes managing multiple networks easier by aggregating them in a single location providing a considerable amount of functionality. The beta period of Angstro ended on the 20th of this month and it has proven to be extremely fruitful for Angstro.

Google has acquired  Jambool,  Slide: a social gaming market and Metaweb, a semantic search engine.  With these acquisitions, Google is either gathering a considerable amount of talent and technology or killing any possible uprising of competition. All these acquisitions give Google a considerable amount of entropy as they can pick any number of these acquired technologies and use it in their existing services to enhance them further.

We all are tired of seeing how Google is trying to  mimic  Bing search in visual appeal. Hopefully this acquisition will cook up something new at Google.


Linux will get Native ZFS Support from September this Year

ZFS is an excellent file system when we consider integrity. The first non-commercial availability of ZFS came with OpenSolaris and then, it was made available on some Linux distributions with FUSE technology. However, ZFS has not been natively available on Linux because it is released under the CDDL license while Linux is under the GNU GPL license. For going hand in hand, it would have to clear these licensing issues.

Up until now, it was possible to use ZFS only in user-space with compromised performance using FUSE technology. This method was reported to have an adverse effect on the lifetime of the hard disk in some circumstances. Very recently, there has been a drive to port ZFS to Linux and there are many companies working on this.

KQ Infotech is one such company, which is working on a fully functional port of ZFS on Linux that will be independent of FUSE. It is expected to run in the kernel and support more options than current implementations. The better news is that, they are close to reaching this goal and there is a good chance of seeing a Linux release with native ZFS.

This development will fire up a new area of development for application developers and we will probably see a Linux implementation of the extremely popular Time Machine of MAC OS-X that is based on DTrace. In short, the ZFS file system and its snapshot feature makes implementing DTrace easier in Linux.


Microsoft Develops a Soft Corner for Open Source and Linux

Microsoft has continuously been apprehensive about Open Source and Linux. It detests Open Source like anything and Steve Ballmer, the current CEO of Microsoft has gone to the extent of  calling Linux a “cancer”. However, that was ten years ago and as time changes, people change too.

Apparently, Microsoft has decided to change its outlook of Linux and has started spreading the message of “We love Open Source”!  The person behind this change is Jean Paoli, General Manager of Microsoft’s interoperability strategy team at Microsoft.

However, we should not forget that Microsoft also has 200 patent infringement lawsuits running against Linux. It cannot continue both these processes for sure.

Clear signs of this change can be seen from the fact that Microsoft already respects Mono developers and actively supports the development of oData and Azure. It has released Development environments for PHP and Java programmers as against earlier support only for .NET developers.

Clearly, Microsoft is trying to bring about some change. Whether it is in real or just for the namesake cannot be decided yet. However, we can surely speculate that if done correctly, this will bridge the gap between two software development communities at war and will make the software world a better place.


Why You Couldn’t Block Mark Zuckersberg on Facebook or Anyone for that Sake if it is done en Masse

Facebook users were quite annoyed a few days ago when they discovered that they cannot block Mark Zuckersberg. They speculated that it was a mechanism deliberately put into Facebook so that no-one could block Zuckersberg. As it turns out, this is not the case and Mashable has received a clarification from Facebook on this.

The response from Facebook says,

This error isn’t specific to any one account. It’s generated when a person has been blocked a certain large number of times. In very rare instances, a viral campaign will develop instructing lots of people to all wrongly block the same person. The purpose of this system is to protect the experience for people targeted by these campaigns. We’re constantly working to improve our systems and are taking a closer look at this one.

Clearly, it is a mechanism to save people from personalities being hit by viral blocking campaigns. The whole matter fired up when a website  Block Zuck launched a  campaign to block Zuckersberg.

This feature in Facebook was not seen or heard of until now. However, with Facebook’s shady methodology, it is not clear as to which came first. The mass-block protection feature or the blocking mechanism?

Apparently, Steam on Linux was just a Rumor, Says Valve Marketing VP

A few months ago, Phoronix posted an article saying that Valve is working on a  Steam version for Linux. This got the Linux community excited and people speculated about the development of state of the art games on the Linux platform too. However, this joy did not last long as Valve has now put an end to the rumor. Valve confirmed that there is no Steam for Linux being developed and has not mentioned of any future developments on this either.

Steam is a complete platform of flagship game technologies and Valve values its ownership of Steam. It has released two big hits Counter Strike and Half Life based on the same Valve engine. The engine is extremely customizable and powers the award winning game Portal.

However, Doug Lombardi, the Marketing VP of Valve has confirmed to that they are not working on any Linux version of steam.

Now, Linux users who were too excited about this will not get to play any Counter Strike or Half Life on their Linux powered rigs. On the other hand, Valve has planned to release Steam for Mac as it can generate good revenues.  However, when Phoronix reported this earlier; they posted  some evidence that cannot be ignored totally.

Did they start building for Linux and left it midway? Are those traces of changes made in some files? Clearly, something is cooking at Valve and it smells good. Just that, Mr. Lombardi is not ready to spill the beans about it yet.


Ubuntu Developer Summit for 11.04 Natty Narwhal Announced

The Ubuntu Fridge website has announced the next Ubuntu Developer Summit, which will be held from 25th to 29th of October this year. The Ubuntu Developer Summit (UDS) marks a gathering of innovative and bright minds who collectively, aim to make Ubuntu better.

The Ubuntu Developer Summit, as explained by  Ubuntu Fridge:

The Ubuntu Developer Summit one of the most important events in the Ubuntu calendar and at it we discuss, debate and design the next version of Ubuntu. We bring together the entire Canonical development team and sponsor a large number of community members across the wide range of areas in which people contribute to Ubuntu. This includes packaging, translations, documentation, testing, LoCo teams and more. UDS is an incredible experience, filled with smart and enthusiastic people, fast paced and exhausting, but incredibly gratifying to be part of the process that builds the next Ubuntu.

The developer summit is for anyone and everyone. If you are a developer, you should attend the summit to have an idea of the future developments and changes to focus your development work around that. Same goes for those who have a business based around Ubuntu. This summit is decisive for the future of Ubuntu and many of the changes and updates that are decided here decide the next course of actions.

If you are confident of your contribution to Ubuntu and want to attend the event but have some  monetary  problems, worry not. The event has provision for sponsoring a number of visitors as well. Apply for a sponsorship before the deadline of 8th of September.

The developer Summit this year; has a new website to promote the events. More details on this can be found at  this page.