Posts

Google funds Linux project to fix vulnerabilities and enhance security

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Linux

Source: Computerworld

Google, the search engine company and the Android-maker, has recently announced to be backing a project by Linux to make the Operating System harder to hack by fixing its vulnerabilities and enhancing its security. Google mentioned in a report on Thursday that it is funding a project to increase the security of Linux by re-writing the core parts “Kernel” of the Linux Operating System in Rust programming language which is basically a modernization effort to make it harder for the hackers to attack Linux-based devices.

Linux has been around for quite a while, and the Operating System is written on C Programming language which was developed back in 1972, and now with the modern advancements of the 21st century where the hackers have got all the skills and tools required for major hacking, anything written in C programming language can easily be entered into. We can say that time has outgrown Linux’s security, and now, Google will fund the project to modernise Linux and increase its overall security.

Making changes in the Kernel of Linux by replacing the written software with Rust programming language will mark a significant cultural shift in the open-source software project which is a substantial foundation to Google’s Android Operating System and Chrome OS along with other resources on the internet, as mentioned in a report by CNET.

Rust is a programming language developed by Mozilla, the developer of Firefox. The programming language is now run independently by Rust Foundation and it is known to be the most popular programming language for over five years. Rust makes it safer for software developers to write in memory as it continuously checks for hiding malicious problems or viruses in and around the memory area. According to a survey, Rust is considered to be the best alternative to decades-old C and C++ programming languages.

Linux and Google have pitched in Miguel Ojeda, whose written parts of the software used in the Large Hadron Collider particle accelerator, for writing the software for Linux in Rust programming language. As sources suggest, Google is funding the contract and the project which is being extended through the Internet Security…

Source…

Google backs Linux project to make Android, Chrome OS harder to hack

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Google said Thursday it’s funding a project to increase Linux security by writing parts of the operating system’s core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones .



icon: Miguel Ojeda


© Provided by CNET
Miguel Ojeda

If the project succeeds, it’ll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that’s become foundational to Google’s Android and Chrome operating systems as well as vast swaths of the internet. 

Miguel Ojeda, who’s written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that’s also made it easier to secure website communications through the Let’s Encrypt effort.



icon


© Miguel Ojeda


Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages.

Loading...

Load Error

Better security for Linux is good news for everyone but hackers. In addition to the Android and Chrome OSes, Google services like YouTube and Gmail all rely on servers running Linux. It also powers Amazon and Facebook, and is a fixture in cloud computing services.

It isn’t clear if Linux kernel leaders will accommodate Rust. Linus Torvalds, the founder of Linux, has said he’s open to change if Rust for Linux champions prove its worth. Ojeda has proposed 13 changes needed to allow Rust modules in Linux to get things started.

Google already has taken some early steps to make it possible to use Rust for Linux Android. Getting buy-in at the highest levels of the Linux kernel project means many other software projects could benefit, too.

Google credits the…

Source…

Internal docs reveal project ‘Columbus’, Apple’s huge push to improve App Review


New internal documents filed as part of the Epic Games vs Apple trial have revealed Apple made a huge push in 2015 to improve its app review process for the App Store dubbed project ‘Columbus’.

Apple’s Trystan Kosmynka was asked about Columbus during day five of the trial, describing it as a move to “heavily invest in App Review automation and efficiency.”

In a presentation from late 2015 seen by iMore, Apple spoke about to the need to automate app review, making the process more efficient. The presentation begins with a quote from Pinterest’s Mike Beltzner that states anything Apple could do to reduce review times “would be perhaps the single most impactful change to our ability to ship great apps.”

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

Apple highlighted that at the time it was receiving more than 60,000 submissions a week from 155 different countries and 24 different app categories. Apple listed a staggering 910 different types of rejection reasons given for apps. Notes from the presentation state:

Here’s the problem, the volume is immense and continues to grow. The complexity is insane… 155 countries and 910 different types rejection reasons today. They are looked at manually everytime starting from scratch and by different people (inconsistent). And all of this results in an SLA longer than developers should expect and even worse creates a great deal of anxiety and ill will between Apple and developers.

The presentation notes that in 2015 Apple recognized there were a “ton of scam apps” in the App Store, as noted by reviews. The goal of Columbus was to tackle this, reducing the number of manual reviews and the perceived review time for developers whilst improving quality and consistency.

The presentation highlights some big impact areas such as the top ten reasons for rejection. For example, 14% of apps were rejected because more information was needed, the biggest single reason for rejection. Apps were also rejected for exhibiting bugs (10%), having poor interfaces, crashing, and more.

The notes reveal 60% of app review submissions were updates rather than new apps, and that 20% were the stock ‘bug fixes and performance’ updates that really…

Source…

The Linux Foundation’s demands to the University of Minnesota for its bad Linux patches security project

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


To say that Linux kernel developers are livid about a pair of University of Minnesota (UMN) graduate students playing at inserting security vulnerabilities into the Linux kernel for the purposes of a research paper “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits” is a gross understatement. 

Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch and well-known for being the most generous and easy-going of the Linux kernel maintainers, exploded and banned UMN developers from working on the Linux kernel. That was because their patches had been “obviously submitted in bad faith with the intent to cause problems.” 

The researchers, Qiushi Wu and Aditya Pakki, and their graduate advisor, Kangjie Lu, an assistant professor in the UMN Computer Science & Engineering Department of the UMN then apologized for their Linux kernel blunders. 

That’s not enough. The Linux kernel developers and the Linux Foundation’s Technical Advisory Board via the Linux Foundation have asked UMN to take specific actions before their people will be allowed to contribute to Linux again. We now know what these demands are.

The letter, from Mike Dolan, the Linux Foundation’s senior VP and general manager of projects, begins:

It has come to our attention that some University of Minnesota (U of MN) researchers appear to have been experimenting on people, specifically the Linux kernel developers, without those developers’ prior knowledge or consent. This was done by proposing known-vulnerable code into the widely-used Linux kernel as part of the work “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits”; other papers and projects may be involved as well. It appears these experiments were performed without prior review or approval by an Institutional Review Board (IRB), which is not acceptable, and an after-the-fact IRB review approved this experimentation on those who did not consent.

This is correct. Wu and Lu opened their note to the UMN IRB by stating: “We recently finished a work that studies the patching process…

Source…