by Paul Arnote (parnote)
Linus Releases 5.0-rc1 Kernel
On January 6, 2019, Linus Torvalds announced the release of the 5.0-rc1 Linux kernel.
Here is Linus's post to the Linux Kernel Mailing List:
So this was a fairly unusual merge window with the holidays, and as a result I'm not even going to complain about the pull requests that ended up coming in late. It all mostly worked out fine, I think. And lot of people got their pull requests in early, and hopefully had a calm holiday season. Thanks again to everybody.
The numbering change is not indicative of anything special. If you want to have an official reason, it's that I ran out of fingers and toes to count on, so 4.21 became 5.0. There's no nice git object numerology this time (we're _about_ 6.5M objects in the git repo), and there isn't any major particular feature that made for the release numbering either. Of course, depending on your particular interests, some people might well find a feature _they_ like so much that they think it can do as a reason for incrementing the major number.
So go wild. Make up your own reason for why it's 5.0.
Because as usual, there's a lot of changes in there. Not because this merge window was particularly big - but even our smaller merge windows aren't exactly small. It's a very solid and average merge window with just under 11k commits (or about 11.5k if you count merges).
The stats look fairly normal. About 50% is drivers, 20% is architecture updates, 10% is tooling, and the remaining 20% is all over (documentation, networking, filesystems, header file updates, core kernel code..). Nothing particular stands out, although I do like seeing how some ancient drivers are getting put out to pasture (*cough* isdn *cough*).
As usual even the shortlog is much too big to post, so the summary below is only a list of the pull requests I merged.
Go test. Kick the tires. Be the first kid on your block running a 5.0 pre-release kernel.
The Linux and computing media did go to great lengths to offer up an explanation for the version numbering change, provided no less than by Linus himself. "The numbering change is not indicative of anything special. If you want to have an official reason, it's that I ran out of fingers and toes to count on, so 4.21 became 5.0," wrote Torvalds.
Initially, there doesn't appear to be much of anything in the new kernel that anyone would consider "earth shattering" or huge -- at least, at this early date. If you want to see a nice rundown of the new features in the 5.0-rc1 kernel, check out this Phoronix article by Phoronix founder and principal author Michael Larabel.
Given the history of other Linux kernel releases, you can probably expect to see the new kernel to hit some distributions (such as Fedora and Ubuntu) in either late February or early March.
Firefox Can Help Save You From Embarrassing Browsing History
It might be hard to find someone around who hasn't browsed to sites that they probably wouldn't want others to know about. With privacy under attack from all sides, the last thing you need is to have your web browser displaying "adult" sites or "piracy" sites you might have visited.
Most of today's browsers display a "new tab page" when you open a new tab, with icons or tiles representing frequently visited sites, mixed with tiles for sponsored sites. Owners of "sponsored" content don't want their tile appearing next to a tile representing a "steamier" site.
According to an article on Ars Technica, this feature has been in Firefox for about four years, starting with Firefox 40. Originally touted on Reddit as a Firefox Easter Egg, Firefox has a hardcoded list of over 2900 sites, where if that site appears on the list, Firefox prevents tiles of those sites from appearing on the new tab page. The list isn't in a normal URL format that you can view. Rather, the list consists of MD5 checksums or hashes of the sites. You can view them by entering resource://activity-stream/lib/FilterAdult.jsm into the address bar of a new tab. If a site hash matches one that is in the hardcoded list, that site does not get a tile on the new tab page.
While no one at Mozilla has divulged the actual list of sites, it is known that it isn't just porn sites that are listed. Piracy sites, such as Pirate Bay, are included, as well. If you paid for sponsored content to sell your DVD release of a movie, you probably wouldn't be too happy if your tile appeared next to one from a piracy site, where you could download it for free.
According to the Ars Technica article:
Even though Mozilla's monetization plans have changed over the years and suggested tiles are no longer part of the browser, the blacklisting is still there. It now prevents the forbidden sites from being included in the "top sites" and "highlights" buttons on the new-tab page.
If your computer is private, and you're the only user, you can also turn off the blacklisting of these sites. Open a new tab, enter about:config on the address bar, agree to be careful, and search for "adult" in the search bar. Change the value from the default value of true, to false, by double clicking on the "true" value.
New Security Holes Discovered In Systemd
All PCLinuxOS users ... take a collective big breath ... and repeat after me ... PHEW!
As users one of the few Linux distros around that has purposefully shunned and avoided systemd, PCLinuxOS users have dodged this bullet.
I won't write here about all the things that are wrong with systemd. That would take much more room than we have here. MUCH MORE ROOM! As for the things that are right about systemd ... well, those things are listed in the whitespace between the paragraphs of this magazine. There is no need to debate the merits and demerits of systemd here. Gauging by the posts in the PCLinuxOS forum, the views among PCLinuxOS users are pretty much universal: they are glad that systemd has no home here.
A January 10, 2019 article on ZDNet blew the whistle on the latest security holes to be found in systemd. It pointed to an email to the oss-security mailing list from Qualys Security Advisory about three security holes in systemd.
Most Linux distros that use systemd are affected. I say most, because only a very small handful are exempted (Fedora 28, OpenSuse Leap 15.0, and SUSE Linux Enterprise 15), due to the fact that their userspace is compiled with GCC's -fstack-clash-protection. The compiler option offers protection, because it helps protect against a stack clash.
Specifically, CVE-2018-16864 and CVE-2018-16865 are memory corruptions, while CVE-2018-16866 performs an out-of-bounds memory read. Any of the three allow multiple command line arguments (as in megabytes) to cause systemd-journald to crash. Once that happens, a local user can easily gain root access to the system.
RedHat has already issued patches for the first two, which are considered to be the most critical security holes.
These are not the first security flaws to be found in systemd. One, in 2017, exploited a flaw in the way that TCP packets were handled, potentially causing a DnS attack. Another one was discovered in 2015 that granted unauthorized local users root access.
Just Who Is Watching Your Ring Doorbell Video?
Do you have one of those new, fancy doorbells sold by Amazon, called Ring? (Amazon purchased the company that makes Ring in 2018 for a reported $1 billion.) If so, you're not going to like this news. Due to Ring's lax security measures, there's no telling who may have been watching your Ring's video feed in the cloud. For what it's worth, Ring has expanded from just doorbells to offering cameras in users' homes.
Ring takes a three-strike approach to compromising your privacy, according to an article that appeared on The Intercept_ on January 10, 2019.
Strike one: None of the videos, which are stored on an Amazon S3 server, are encrypted. That means that anyone who gains access has full access to those videos. You'll love the reason the videos are left unencrypted: the added cost of encryption, and lost revenue opportunities because of the restricted access to those videos. Hmmm. Just who are they intending to sell the videos to?
Strike two: Ring gave its Ukrainian based R&D people unfettered access not only to every video ever recorded by every Ring device, but it also gave them full and complete access to an accompanying database that links up every video with its user/owner.
Strike three: Ring allowed unnecessary and privileged support to customer videos by company executives and engineers in the U.S., via the company's tech support video portal. This portal gives those company executives and engineers complete, unfiltered access to users live feed video, around the clock. Only a user's email address was necessary to be able to watch the live feed from the cameras at that users house. Some company engineers even went so far as to tease other Ring engineers about who they brought home the night before, after a date. A Ring spokesperson has denied that employees have ever had access to the live stream from users, despite that claim being corroborated by multiple inside sources.
This is the last thing users with any sense of privacy and privacy issues wants to hear, during a time when attacks on privacy are at an all time high. Ring touts providing security for its users, via the video that is captured at your front door or inside your home. Ring executives claim that they can create a passive and encompassing "neighborhood watch" to combat crime. But it doesn't seem to be a two way street when it comes to the videos that they capture -- and apparently save for all eternity.
Home Wireless Routers Don't Leverage Linux Higher Security Levels
It is probably no secret to most Linux users that Linux runs many things that we use in our daily lives. This is especially true when it comes to the firmware that runs our wireless routers.
What may come as a surprise is that, despite using Linux as the basis for their firmware, virtually none of them leverage the improved security features found in Linux for networking.
A January 4, 2019 article on ZDNet highlights the results of a study/report (PDF) by Cyber-ITL. That study reviewed the safety of the software in 28 popular home routers. The article states:
Security hardening features such as ASLR (Address Space Layout Randomization), DEP (Data Execution Prevention), RELRO (RELocation Read-Only), and stack guards have been found to be missing in a recent security audit of 28 popular home routers.
Security experts from the Cyber Independent Testing Lab (Cyber-ITL) analyzed the firmware of these routers and mapped out the percentage of firmware code that was protected by the four security features listed above.
"The absence of these security features is inexcusable," said Parker Thompson and Sarah Zatko, the two Cyber-ITL researchers behind the study.
"The features discussed in this report are easy to adopt, come with no downsides, and are standard practices in other market segments (such as desktop and mobile software)," the two added.
The authors of the study compared their results to those of Consumer Reports. While the latter found the Netgear r7000 wireless router to be best overall when it came to implementation of security features, it came in second or third in the Cyber-ITL study. The Linksys WRT32x appeared to be one of the top performers in the study. It featured 100 percent DEP coverage for all firmware binaries, 95 percent RELRO coverage, 82 percent stack guard coverage, but only a mere four percent ASLR protection. None of the routers in the study implemented all of the security hardening methods available.
Curiously, here is an excerpt from the study:
None of these safety features are difficult to enable, so the message the market should take from this is that the easiest step any brand can take to move towards a hardened and "safe" software build is to do the basics in safety and security practices for building and compiling software. At the moment, the field appears wide open.
Also, don't assume that just because one model in a vendor's offerings performed well, that other models in their line offer similar protection. For example, while the Linksys WRT32x was the top security performer, four other current Linksys models fared especially poorly in the tests.
This study only looked at the "stock" firmware that shipped with the routers. No mention was made of the open source router firmware replacements, such as DD-WRT, TomatoUSB, OpenVPN, and OpenWRT. All of the open source router firmware replacements offer not only better security, but also significant performance enhancements ... if your router is compatible.
Your Old Tweets May Leak More Private Information Than You Realized
If you're a Twitter user, you may be inadvertently leaking more information than you realize about your whereabouts through your old tweets. Starting in 2009, Twitter allowed users to geotag their tweets with their precise GPS location. In 2015, Twitter revised its geolocation policy requiring users to opt in to precision geotagging. Otherwise, under the revised Twitter policy, the GPS coordinates saved with a tweet are more generalized. There's quite a big difference between divulging that you are in Dallas, TX, and exactly where your house or place of employment is in Dallas.
A January 10, 2019 Wired article reported on a study (PDF) called "Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data" done by a group of international researchers. The researchers plan to present their findings at the Network and Distributed System Security Symposium in February, 2019. They created a tool, called LPAuditor (L=Location, P=Privacy), to scan the precise GPS coordinates that are stored in the metadata headers of all tweets between the time Twitter started allowing geotagging and the policy change in April, 2015. Even if the coordinates are not visible to the Twitter user, or their followers, they are present in the metadata headers of every tweet during the previously specified time period. The Twitter API still allows access to the GPS coordinates stored in the metadata of those tweets.
So why is this so problematic? Well, not only can it reveal (with astounding accuracy, sometimes exceeding 90%) where a Twitter user lives, but also where they work, where they worship, which physician they see (which can reveal a LOT of information, depending on what kind of physician it is), who they see or meet up with, where they eat, where they go for drinks, and even if they frequent a particular strip club. It's easy to see why some users may want to keep this information private.
Twitter has refused to remove the geolocation data from the metadata of the tweets in the specified time range. Their explanation is that they don't want to go back and "change" tweets from years ago.
Given Twitter's history and track record, this wouldn't even come close to the worse that they have done or been accused of doing.
Firefox Cutting Off Flash Support After 2020
Just as Google and Microsoft have made similar announcements, Mozilla announced that the Adobe Flash plugin will no longer be supported after 2020. In fact, after 2020, Firefox will refuse to run the notorious plugin.
In fact, Mozilla has a schedule for eliminating Flash from Firefox. Below is an excerpt from that schedule.
Plugins are a security and performance problem for Firefox users. NPAPI plugins are an obsolete technology, and Mozilla has been moving toward a Web which doesn't need plugins. The last remaining NPAPI plugin, Adobe Flash, has announced an end-of-life plan. To support the transition away from Flash, Firefox is working with other browsers to progressively and carefully make Flash usage less common. Below is the roadmap of past and future support for plugins in Firefox.
2019: Firefox will disable the Flash plugin by default. Users will not be prompted to enable Flash, but it will still be possible to activate Flash on certain sites using browser settings.3
2020: In early 2020, Flash support will be completely removed from consumer versions of Firefox. The Firefox Extended Support Release (ESR) will continue to support for Flash until the end of 2020.
2021: When Adobe stops shipping security updates for Flash at the end of 2020, Firefox will refuse to load the plugin.
Starting with the Nightly Builds of Firefox 69, Adobe Flash will be disabled by default. Flash has long outlived its usefulness, especially with the emergence of HTML5, WebAssembly, and WebGL able to deliver a richer, more stable user experience. Because Flash runs in userspace and externally from the browser, the security nightmares are rampant. Just look back at all the security updates from Adobe over the past years for affirmation and validation of the nightmare it has caused users. With the newer technologies, things will be more secure for the end user, since everything is built into the browser to enable playback of multimedia elements.
Hooray! Hooray! Hooray! Flash cannot go away fast enough.
U.S. Police Can't Force You To Unlock Your Phone Via ANY Means
Yes, I know that laws vary widely and wildly from country to country. What may be legal in one country could possibly land you in serious trouble in another country. In the U.S., we have the Bill of Rights, which are the first 10 Amendments to the U.S. Constitution. Specifically, in this instance, people are afforded the protections of the 4th Amendment against illegal search and seizure, and the protections of the 5th Amendment, which offers protection against self incrimination.
Due to various court rulings, users are already protected from being "commanded" by police to unlock their phone (or other electronic device) using passcodes, thus a user risking self incrimination and being subjected to an illegal search of their property. Previous court rulings did not extend biometric locking devices and techniques (fingerprints, facial recognition, irises, etc.) the same protections of passcodes. Now, however, U.S. District Court Judge Kandis Westmore (Northern District of California) has extended the protections of passcodes to ALL methods of logging in.
Revealed in a January 14, 2019 article from Forbes, the change comes about because:
The order came from the U.S. District Court for the Northern District of California in the denial of a search warrant for an unspecified property in Oakland. The warrant was filed as part of an investigation into a Facebook extortion crime, in which a victim was asked to pay up or have an "embarrassing" video of them publicly released. The cops had some suspects in mind and wanted to raid their property. In doing so, the feds also wanted to open up any phone on the premises via facial recognition, a fingerprint or an iris.
The court ruling (PDF) makes these points about the case:
There are sufficient facts in the affidavit to believe that evidence of the crime will be found at the Subject Premises, so the Government has probable cause to conduct a lawful search, so long as it comports with the Fourth Amendment, If, however, law enforcement violates another constitutional right in the course of executing a warrant, it inherently renders the search and seizure unreasonable.
In addition to the search of the premises, the Government seeks an order that would allow agents executing this warrant to compel "any individual, who is found at the Subject Premises and reasonably believed by law enforcement to be a user of the device, to unlock the device using biometrie features...." (Aff. 117h.) This request is overbroad. There are two suspects identified in the affidavit, but the request is neither limited to a particular person nor a particular device.
Thus, the Court finds that the Application does not establish sufficient probable cause to compel any person who happens to he at the Subject Premises at the time of the search to provide a finger, thumb or other biometric feature to potentially unlock any unspecified digital device that may be seized during the otherwise lawful search.
Furthermore, the Government's request to search and seize all digital devices at the Subject Premises is similarly overbroad. The Government cannot be permitted to search and seize a mobile phone or other device that is on a non-suspect's person simply because they are present during an otherwise lawful search.
While the warrant is denied, any resubmission must be limited to those devices reasonably believed by law enforcement to be owned or controlled by the two suspects identified in the affidavit.
B. The Fifth Amendment Privilege
Even if probable cause exists to seize devices located during a lawful search based on a reasonable belief that they belong to a suspect, probable cause does not permit the Government to compel a suspect to waive rights otherwise afforded by the Constitution, including the Fifth Amendment right against self-incrimination.
The Fifth Amendment provides that no person "shall be compelled in any criminal case to be a witness against himself." U.S. Const, amend. V. The proper inquiry is whether an act would require the compulsion of a testimonial communication that is incriminating. See Fisher v. United States, 425 U.S. 391, 409 (1976). Here, the issue is whether the use of a suspect's biometric feature to potentially unlock an electronic device is testimonial under the Fifth Amendment.
Courts have an obligation to safeguard constitutional rights and cannot permit those rights to be diminished merely due to the advancement of technology.
For the reasons set forth above, the Government's search warrant application is DENIED. The Government may not compel or otherwise utilize fingers, thumbs, facial recognition, optical/iris, or any other biometric feature to unlock electronic devices. Furthermore, the Government may only seize those digital devices that law enforcement reasonably believes are owned and/or possessed by the two suspects named in the affidavit. The Government may submit a new search warrant application consistent with this order.
So, finally, the legal system is catching up to extend protections to technology that wasn't present or even thought of when the Constitution was originally written and ratified over 230 years ago. These protections cover the end user's rights, whether a valid search warrant is present or not.
In and of itself, this may not seem like a big case. But throughout history, seemingly trivial cases have set the tone for interpretation of laws for years and years to come. These precedents, while not linked to a huge case, become huge because of their fallout.