LAN 216: Linux Action News 216¶
- Air Date: 2021-11-21
- Duration: 17 mins 18 secs
About this episode¶
Just how severe is this DNS cache poisoning attack revealed this week? We'll break it down and explain why Linux is affected. Plus, the feature now removed from APT, more performance patches in the Kernel, and a big batch of project updates.
Your hosts¶
Sponsored by¶
- Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
- Ting: Save $25 off your first device, or $25 in service credit if you bring one!
Episode links¶
- Linux has a serious security problem that once again enables DNS cache poisoning — We can actually guess the ephemeral port in the embedded UDP packet and package it in an ICMP probe to a DNS resolver. If the guessed port is correct, it causes some global resource in the Linux kernel to change, which can be indirectly observed. This is how the attacker can infer which ephemeral port is used.
- Ubuntu Maker Canonical Planning To Vastly Improve Its Documentation — This is a permanent, on-going commitment. It’s work that will never end. It has already started, and will become part of the fundamental Canonical discipline of making software.
- The future of documentation at Canonical
- APT 2.3.12 package manager released, will no longer let you break everything — After the issues that happened with Linus from Linus Tech Tips breaking Pop!_OS during the switch to Linux challenge, the APT package manager has been upgraded to prevent future issues happening.
- KDE Discover gets update to prevent you breaking your Linux system — Another change to make things look a bit friendlier in Discover is if you have issues upgrading, it will instantly shove a load of technical details in your face. To normal consumers, that's clearly not going to do much to help and probably scare them away. Now, instead, it will provide a very clear and friendly message, with the option to get more details to report the issue.
- Add support for list issue - Jens Axboe — With the support in 5.16-rc1 for allocating and completing batches of IO, the one missing piece is passing down a list of requests for issue.
- Linux 5.17 To Continue With I/O Optimizations, 5~6% Improvement Pending For NVMe — With the merge window for 5.16 closed, time to submit for review some of the performance optimizations that didn't make this release. Here's batched issue for blk-mq with an NVMe implementation included. 5-6% improvement.
- Linux 5.17 To Boast A Big TCP Performance Optimization
- Linux 5.17 To Bring DRM Privacy-Screen Support, Intel VESA PWM Backlight Handling — The Linux 5.16 merge window now past, an initial batch of changes from drm-misc-next has been sent in to DRM-Next for queuing until the Linux 5.17 cycle kicks off around the start of the new year.
- Ubuntu Touch OTA-20 Released for Linux Phones, Here’s What’s New — The UBports Foundation released today the Ubuntu Touch OTA-20 software update for Ubuntu Phone devices with various improvements and more bug fixes.
- FWUPD 1.7.2 Released With Fixes, Faster & Smaller Daemon — FWUPD 1.7.2 adds support for handling exported MTD block devices, tweaking the compiler flags to reduce the install size by around 300 Kb, speeding up the FWUPD daemon startup by ~40% by postponing some work, and a variety of fixes. The fixes range from a possible DFU crash to DLI download troubles and other device-specific corrections.
- Alma and Rocky Linux release 8.5 builds, Rocky catches up with secure boot — AlmaLinux and Rocky Linux, both of which provide community builds of Red Hat Enterprise Linux (RHEL), have released builds matching RHEL 8.5, with Rocky's work catching up with Alma by being signed for secure boot.
- Proxmox VE 7.1 released! — Proxmox VE 7.1 is based on Debian 11 but uses a newer Linux kernel, 5.13, QEMU 6.1, and OpenZFS 2.1.
- Proxmox 7.1 release notes
- Proxmox Downloads
Tags¶
almalinux, apt 2.3.12, bind, canonical, dan kaminsky, daniele procida, dns cache poisoning, dns resolver, dnsmasq, entropy, ephemeral port, fwupd, halium 9, icmp, kernel 5.16, kernel 5.17, linux action news, linux news podcast, lvfs, mtd block devices, nvme optimizations, openzfs 2.1, port 53, proxmox ve 7.1, qemu 6.1, richard hughes, rocky linux, saddns, side channel attack, spoofed addresses, tcp performance optimization, transaction id, ubuntu documentation, ubuntu touch ota-20, udp packet, unbound, university of california