Linux Kernel 6.10 Released
Plus, like in all kernel releases, there’s a glut of groundwork to offer “initial support” for upcoming CPUs, GPUs, NPUs, Wi-Fi, and other hardware (that most of us don’t use yet, but require Linux support to be in place for when devices that use them filter out)…
Linux 6.10 adds (after much gnashing) the mseal() system call to prevent changes being made to portions of the virtual address space. For now, this will mainly benefit Google Chrome, which plans to use it to harden its sandboxing. Work is underway by kernel contributors to allow other apps to benefit, though. A similarly initially-controversial change merged is a new memory-allocation profiling subsystem. This helps developers fine-tune memory usage and more readily identify memory leaks. An explainer from LWN summarizes it well.
Elsewhere, Linux 6.10 offers encrypted interactions with trusted platform modules (TPM) in order to “make the kernel’s use of the TPM reasonably robust in the face of external snooping and packet alteration attacks”. The documentation for this feature explains: “for every in-kernel operation we use null primary salted HMAC to protect the integrity [and] we use parameter encryption to protect key sealing and parameter decryption to protect key unsealing and random number generation.” Sticking with security, the Linux kernel’s Landlock security module can now apply policies to ioctl() calls (Input/Output Control), restricting potential misuse and improving overall system security.
On the networking side there’s significant performance improvements to zero-copy send operations using io_uring, and the newly-added ability to “bundle” multiple buffers for send and receive operations also offers an uptick in performance…
A couple of months ago Canonical announced Ubuntu support for the RISC-V Milk-V Mars single-board computer. Linux 6.10 mainlines support for the Milk-V Mars, which will make that effort a lot more viable (especially with the Ubuntu 24.10 kernel likely to be v6.10 or newer). Others RISC-V improvements abound in Linux 6.10, including support for the Rust language, boot image compression in BZ2, LZ4, LZMA, LZO, and Zstandard (instead of only Gzip); and newer AMD GPUs thanks to kernel-mode FPU support in RISC-V.
Phoronix has their own rundown of Linux 6.10, plus a list of some of the highlights, which includes:
The initial DRM Panic infrastructure
The new Panthor DRM driver for newer Arm Mali graphics
Better AMD ROCm/AMDKFD support for “small” Ryzen APUs and new additions for AMD Zen 5.
AMD GPU display support on RISC-V hardware thanks to RISC-V kernel mode FPU
More Intel Xe2 graphics preparations
Better IO_uring zero-copy performance
Faster AES-XTS disk/file encryption with modern Intel and AMD CPUs
Continued online repair work for XFS
Steam Deck IMU support
TPM bus encryption and integrity protection
Read more of this story at Slashdot.
How Will AI Transform the Future of Work?
In March, after analysing 22,000 tasks in the UK economy, covering every type of job, a model created by the Institute for Public Policy Research predicted that 59% of tasks currently done by humans — particularly women and young people — could be affected by AI in the next three to five years. In the worst-case scenario, this would trigger a “jobs apocalypse” where eight million people lose their jobs in the UK alone…. Darrell West, author of The Future of Work: AI, Robots and Automation, says that just as policy innovations were needed in Thomas Paine’s time to help people transition from an agrarian to an industrial economy, they are needed today, as we transition to an AI economy. “There’s a risk that AI is going to take a lot of jobs,” he says. “A basic income could help navigate that situation.”
AI’s impact will be far-reaching, he predicts, affecting blue- and white-collar jobs. “It’s not just going to be entry-level people who are affected. And so we need to think about what this means for the economy, what it means for society as a whole. What are people going to do if robots and AI take a lot of the jobs?”
Nell Watson, a futurist who focuses on AI ethics, has a more pessimistic view. She believes we are witnessing the dawn of an age of “AI companies”: corporate environments where very few — if any — humans are employed at all. Instead, at these companies, lots of different AI sub-personalities will work independently on different tasks, occasionally hiring humans for “bits and pieces of work”. These AI companies have the potential to be “enormously more efficient than human businesses”, driving almost everyone else out of business, “apart from a small selection of traditional old businesses that somehow stick in there because their traditional methods are appreciated”… As a result, she thinks it could be AI companies, not governments, that end up paying people a basic income.
AI companies, meanwhile, will have no salaries to pay. “Because there are no human beings in the loop, the profits and dividends of this company could be given to the needy. This could be a way of generating support income in a way that doesn’t need the state welfare. It’s fully compatible with capitalism. It’s just that the AI is doing it.”
Read more of this story at Slashdot.
The World’s Population Is Projected To Peak At 10.3 Billion In the 2080s
The estimated world population at the end of the century (2100) is now expected to be 6% less than estimates from a decade ago.
However, calculating the number of future people is not a perfect science, with “many sources of uncertainty in estimating the global population,” according to the U.S. Census Bureau. It estimated the world reached 8 billion people last September, while the U.N. timed the milestone nearly one year earlier.
Read more of this story at Slashdot.
YouTube Investigators Say MSI Exposed 600K+ Warranty Records Via an Open Server
Friday the hardware review site Gamers Nexus filed a YouTube video report alleging some serious claims: that PC component manufacturer MSI left their internal warranty and RMA processing web site accessible to the open Internet, with no authentication. Virtually the entire history of MSI warranty claims going back to at least 2017 were searchable and accessible for the browsing, including customer names, email addresses, phone numbers, and serial numbers of MSI devices.
This event follows closely on the heels of a video report just a few days earlier alleging PC component manufacturer Zotac left their warranty/RMA and B2B records server open to indexing by Google.
Gamers Nexus posted their reports after informing Zotac and MSI of their open servers and verifying they were no longer accessible. However, the data from MSI’s server could have been fully scraped at this point, giving scammers a gold mine of data permitting them to impersonate MSI personnel and defraud customers. Anyone who’s filed a warranty or RMA claim with MSI in the past seven years should exercise caution when receiving unsolicited emails or phone calls purporting to be from MSI.
Read more of this story at Slashdot.
After Criticism, Signal Agrees to Secure Plain-Text Encryption Keys for Users’ Message Databases
When BleepingComputer contacted Signal about the flaw in 2018, we never received a response. Instead, a Signal Support Manager responded to a user’s concerns in the Signal forum, stating that the security of its database was never something it claimed to provide. “The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide,” responded the Signal employee…
[L]ast week, mobile security researchers Talal Haj Bakry and Tommy Mysk of Mysk Inc warned on X not to use Signal Desktop because of the same security weakness we reported on in 2018… In April, an independent developer, Tom Plant, created a request to merge code that uses Electron’s SafeStorage API “…to opportunistically encrypt the key with platform APIs like DPAPI on Windows and Keychain on macOS,” Plant explained in the merge request… When used, encryption keys are generated and stored using an operating system’s cryptography system and secure key stores. For example, on Macs, the encryption key would be stored in the Keychain, and on Linux, it would use the windows manager’s secret store, such as kwallet, kwallet5, kwallet6, and gnome-libsecret… While the solution would provide additional security for all Signal desktop users, the request lay dormant until last week’s X drama.
Two days ago, a Signal developer finally replied that they implemented support for Electron’s safeStorage, which would be available soon in an upcoming Beta version. While the new safeStorage implementation is tested, Signal also included a fallback mechanism that allows the program to decrypt the database using the legacy database decryption key…
Signal says that the legacy key will be removed once the new feature is tested.
“To be fair to Signal, encrypting local databases without a user-supplied password is a problem for all applications…” the article acknowledges.
“However, as a company that prides itself on its security and privacy, it was strange that the organization dismissed the issue and did not attempt to provide a solution…”
Read more of this story at Slashdot.