Alpine 3.10.2 released

The Alpine Linux project is pleased to announce the immediate availability of version 3.10.2 of its Alpine Linux operating system.

Security: Updates, Linux "Lockdown" Patches, Webmin FUD (Mischaracterisation) and Dawn for Security Vulnerabilities in HPC

• Security updates for Tuesday

  Security updates have been issued by Debian (flask), openSUSE (clementine, dkgpg, libTMCG, openexr, and zstd), Oracle (kernel, mysql:8.0, redis:5, and subversion:1.10), SUSE (nodejs6, python-Django, and rubygem-rails-html-sanitizer), and Ubuntu (cups, docker, docker-credential-helpers, kconfig, kde4libs, libreoffice, nova, and openldap).

• Linux "Lockdown" Patches Hit Their 40th Revision

  The long-running Linux "Lockdown" patches were sent out again overnight for their 40th time but it remains to be seen if these security-oriented patches will be pulled in for the upcoming Linux 5.4 cycle. The Linux Lockdown functionality is for restricting access to the kernel and underlying hardware by blocking writes to /dev/mem, restricting PCI BAR and CPU MSR access, disabling system hibernation support, limiting Tracefs, and restricting or outright disabling other functionality that could alter the hardware state or running Linux kernel image. Linux Lockdown has been opt-in only and designed for use-cases like honoring UEFI SecureBoot for ensuring nothing nefarious could happen once booted into the operating system by bad actors. Most end-users won't voluntarily want the lockdown mode due to all the restrictions in place, but could be a favor for enterprises and very security conscious users.

• Backdoor Found in Webmin Utility [Ed: It is not a back door but a bug inserted by a malicious entity rather than the project developers themselves; this incident demonstrates or classically highlights the need for reproducible builds.]

  On August 17, the developer of the popular Webmin and Usermin Unix tools pushed out an update to fix a handful of security issues. Normally that wouldn’t generate an avalanche of interest, but in this case, one of those vulnerabilities was introduced intentionally by someone who was able to compromise the software build infrastructure used by the developers.

• A New Dawn for Security Vulnerabilities in HPC

  In February 2018, Russian nuclear scientists at the Federal Nuclear Center were arrested for using their supercomputer resources to mine the crypto-currency, Bitcoin. Previously, high-performance computing (HPC) security breaches like this tended to be few and far between. However, recent trends are increasing the vulnerabilities and threats faced by HPC systems. Previously, compute clusters enjoyed a level of security through obscurity due to their idiosyncratic architectures in terms of both hardware, with different CPU architectures and networking, and software of often home-grown applications running on Unix-like operating systems. In addition, the reward for compromising a cluster wasn’t all that great. Although hacking into HPC data generated by atomic weapons research and pharmaceutical modelling does present a valuable outcome; meteorological institutes, astrophysics laboratories or other mathematical research is less so.

Lauterbach to support JTAG debug for RISC-V Linux

The Linux Kernel Awareness adaptation for the TRACE32 debugger is MMU aware. This allows symbols to be loaded for each process, kernel module or shared library in the target system and assigns them to the correct memory partition. This approach gives developers the ability to view and control all components of a target system from within the TRACE32 environment: kernel, kernel modules, device drivers, interrupt service routines, processes, threads and shared libraries. In addition to all standard JTAG features, some unique special extensions are provided, such as process aware breakpoints that can be set to trigger when a piece of shared code is executed by a particular thread or process, ability to read the kernel logs and to inspect the /proc and /sys filesystems and all mountpoints. The system is also fully SMP aware and supports multi-core designs where the kernel is able to schedule processes dynamically across a number of processor cores, providing users with complete system visibility in a system which is self-managing according to real-world demands.

Raspberry Pi gets MIT's Scratch 3 programming language for Raspbian

Ever since Scratch 3 was released this January, a team at the Raspberry Pi Foundation has been working with MIT to develop an offline, installable version for the Raspberry Pi. That offline version is now available, offering students and beginners an easy environment to begin coding with the language's visual 'code blocks', as well as paint and sound-editing tools. Scratch 3 requires installing the latest version of Raspbian known as 'Buster', the latest version of Debian Linux that was released alongside the Raspberry Pi 4 in June. Due to the memory requirements of Scratch 3, the Raspberry Pi Foundation is recommending it is installed on a Raspberry Pi 4 with at least 2GB of RAM. The 2GB model costs $45. Also: GCC 10 Lands Support For -march=tigerlake & -march=cooperlake