Tech News Digest – March 23, 2025
Dallas SpohnTech News Digest - 2025-03-23
When you see the robot, drink!
Three Saturday stable kernels
Category: Linux
Tags: Linux
Published: Sat, 22 Mar 2025 20:29:38 +0000
TL;DR: Here is a 2-sentence summary:
Greg Kroah-Hartman has released stable kernels 6.13.8, 6.12.20, and 6.6.84, which contain important fixes throughout the kernel tree. Users of these kernel series are advised to upgrade to take advantage of these updates.
Greg Kroah-Hartman has announced the release of the 6.13.8, 6.12.20, and 6.6.84 stable kernels. Each contains a number of important fixes throughout the kernel tree; users of those series should upgrade.
[Read more](https://lwn.net/Articles/1015183/)
[$] OSI election ends with unsatisfying results
Category: Linux
Tags: General
Published: Fri, 21 Mar 2025 21:46:10 +0000
TL;DR: Here is a 2-sentence summary:
The Open Source Initiative (OSI) has announced the results of its recent board of directors election, with Ruth Suehle and McCoy Smith joining the board and Carlo Piana serving another term. However, the election has been marred by controversy, including the exclusion of three candidates who did not meet a requirement to sign the OSI board agreement after the election was already over.
The Open Source Initiative (OSI) has announced the results of its recent board of directors election. Ruth Suehle and McCoy Smith are new to the board, while Carlo Piana will serve another term. The results, however, seem tainted in the eyes of some participants and observers. The election has been plagued by missteps from the beginning. It has culminated with the exclusion of three candidates for failing to meet a requirement to sign the OSI board agreement, which was added after the election was over and before results were tallied or announced.
[Read more](https://lwn.net/Articles/1014603/)
[$] The guaranteed contiguous memory allocator
Category: Linux
Tags: Linux
Published: Fri, 21 Mar 2025 17:33:53 +0000
TL;DR: Here is a 2-sentence summary:
As a system's memory becomes fragmented, allocating large contiguous regions of memory becomes increasingly difficult, making it challenging to avoid situations where such allocations are necessary. The kernel's Contiguous Memory Allocator (CMA) subsystem attempts to make these allocations possible, but there are efforts underway to improve this situation with the "guaranteed contiguous memory allocator" patch set.
As a system runs and its memory becomes fragmented, allocating large, physically contiguous regions of memory becomes increasingly difficult. Much effort over the years has gone into avoiding the need to make such allocations whenever possible, but there are times when they simply cannot be avoided. The kernel's contiguous memory allocator (CMA) subsystem attempts to make such allocations possible, but it has never been a perfect solution. Suren Baghdasaryan is is trying to improve that situation with the guaranteed contiguous memory allocator patch set, which includes work from Minchan Kim as well.
Read more
Julien Malka proposes method for detecting XZ-like backdoors
Category: Linux
Tags: General
Published: Fri, 21 Mar 2025 16:54:21 +0000
TL;DR: Here is a 2-sentence summary:
Julien Malka has proposed that NixOS use build-reproducibility checks to detect when a program's maintainer-generated tarball produces different artifacts than building from source, which would have made it harder for the XZ backdoor to be hidden. The incident highlights the importance of auditing not just the code itself, but also the surrounding materials and binaries that are often not included in public repositories.
Julien Malka has called for the NixOS project to use build-reproducibility to detect when a program has a maintainer-generated tarball that results in a different artifact than building from source. There are good reasons for projects to release maintainer-generated tarballs, but since the materials included in them are usually documentation, extra build scripts, and so on, it makes sense to check that they don't influence the final build output. While this would not have stopped last year's XZ backdoor, it would have made it harder to hide.
People are often convinced that OSS is more trustworthy than closed-source software because the code can be audited by practitioners and security professionals in order to detect vulnerabilities or backdoors. In this instance, this procedure has been made difficult by the fact that part of the code activating the backdoor was not included in the sources available within the git repository but was instead present in the maintainer-provided tarball. While this was used to hide the backdoor out of sight of most investigating eyes, this is also an opportunity for us to improve our software supply chain security processes.
[Read more](https://lwn.net/Articles/1015095/)
[$] Multiple memory classes for address-space isolation
Category: Linux
Tags: Linux
Published: Fri, 21 Mar 2025 16:24:22 +0000
TL;DR: Here is a 2-sentence summary:
Brendan Jackman has been working on a patch set to introduce address-space isolation (ASI) to prevent future CPU vulnerabilities from leaking sensitive information. While the work is not yet ready for mainline kernel integration due to performance concerns, it will likely be discussed at the 2025 Linux Filesystem, Memory Management, and BPF Summit.
Brendan Jackman has been working to try to get ahead of the next hardware CPU vulnerability before it gets discovered. In January, he posted the second version of a patch set that introduces address-space isolation (ASI) as a way of preventing future CPU vulnerabilities from leaking important information. The core concept is to ensure that data that is not currently needed is not present in memory, so that speculative execution cannot leak it. The work is nowhere near ready to be incorporated into the mainline kernel — not least of all because it has a large performance impact in its current form — but it is likely to once again be a topic of discussion at the 2025 Linux Filesystem, Memory Management, and BPF Summit.
[Read more](https://lwn.net/Articles/1014440/)
Subscribe to my newsletter
Read articles from Dallas Spohn directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Dallas Spohn
Dallas Spohn
Dallas, a seasoned professional with a diverse background, transitions seamlessly between roles as a systems admin turned developer, technical writer, and curriculum developer at Red Hat. With a knack for unraveling complex concepts, he crafts engaging materials primarily in DocBook, guiding enthusiasts through the intricacies of Red Hat's certification courses. In his earlier days, Dallas's passion for Anime led him to contribute to Anime News Network, channeling his creativity and expertise into captivating content. His contributions extended beyond writing as he interviewed prominent figures in the Anime industry, offering insights into their creative processes and visions. Beyond his professional pursuits, he's a devoted husband and father, cherishing moments with his loved ones. Dallas's journey in the tech industry spans various roles, from a security developer at NTT Security to an operations architect overseeing Linux servers for commercial transcoding. His tenure at esteemed institutions like Goldman Sachs and Lockheed Martin has honed his skills as a systems engineer, instilling in him a deep-rooted understanding of complex systems. An avid FPV pilot, Dallas finds exhilaration in soaring through the skies with his drones, often contemplating the lessons learned from his aerial adventures. His diverse experiences, including serving as a naval submariner aboard the USS Alexandria and pursuing higher education in England, enrich his perspective and fuel his thirst for knowledge.