The #linuxsecuritysummit Europe conference kicks off in Bilbao, Spain. Program chair Elena Reshetova with opening comments.
#opensourcesummit #linux #infosec #security

If you're here at the #OSSummit, I'll be on a panel about Demonstrating OSPO Value at 11:25 in room 3A - join us! https://sched.co/1OGdq

@pid_eins possible future Outreachy project ?

Reminder: we maintain a kernel feature wishlist here as part of the uapi group:

https://github.com/uapi-group/kernel-features

I just added a bunch of new entries to it (at the bottom). If you are looking for something to hack on (and have some kernel expertise, or would like to acquire it), would be more than excellent to work on those!

Saw a lot of Aurora flying over Greenland on the way to Linux Security Summit EU. This is the best I could do with an older iPhone #linux #linuxsecuritysummit #space #spaceweather #hamradio #amateurradio

We quietly released the code a little while ago but this is the official announcement of Capslock, our contribution to the supply-chain security conversation.

https://security.googleblog.com/2023/09/capslock-what-is-your-code-really.html

Capslock is a tool for understanding at high level what a given piece of (Golang) code is capable of and for detecting when an update to a library changes this capability set, to give users a chance to catch supply-chain attacks in progress.

1/2

@glent @tylermorganwall is Jervis Bay part of the ACT? I can never remember the exact details on it.

@mcdanlj a mill would be great but I currently have no room for one. Btw, I ended up brute force drilling the broken taps out with a solid tungsten carbide bit (which broke twice), then I was able to drill & tap for 6-32. There was enough slack in the copper spreader to handle some misalignment. The rest of the 4-40 were done very carefully with a form tap and tap magic. I’ll try the spiral flute next.

Finally, given I wasn't busy enough helping run the conference and herding cats in the main hall, and still had _some_ voice left, I also did a lightning talk on enabling PID FD support in various places:

https://www.youtube.com/watch?v=3IK5itYOOH0&list=PLWYdJViL9EioDNHn7xIqQJLyCayNPKeYf&index=27&pp=iAQB

#ASG

@ai6yr it seems to be a fairly common failure mode for these units, along with bad electrolytics and changes in some key resistors. The high voltage readings were out of whack which led to suspecting the PSU, but none of those voltages will be correct without all of the op amps etc. which depend on +/- 15v. Interestingly, all except one of the the electrolytics I removed and measured were well within spec for ESR (the outlier was ‘ok’ but not bad by any means). Says a lot about the quality of these 30 year old units (also that it still worked after I pulled it apart!)

The “2nd level of hell” starter kit for metalworking.

After many hours, including re-capping the power supply (no dice, but worthwhile in any case), and tracing through most of the upper section, I finally found the issue with this Tektronix spectrum analyzer. A tantalum cap on the horizontal storage board failed and shorted the +15v bus. Replaced it and the SA seems to be working ok so far. #hamradio #amateurradio #electronics

Azure Boost presented by @bluca at this week's All Systems Go! conference.

Includes a bit about #selinux

https://media.ccc.de/v/all-systems-go-2023-187-microsoft-azure-boost-image-based-linux-powering-the-azure-fleet-wait-what-really-yes-

I'm really excited about making Use-After-Free exploits much harder in the #Linux #kernel.

CONFIG_RANDOM_KMALLOC_CACHES has landed:
https://git.kernel.org/linus/3c6152940584

CONFIG_SLAB_VIRTUAL is coming:
https://lore.kernel.org/lkml/20230915105933.495735-15-matteorizzo@google.com/

The excellent CCC VOC people published the AllSystemsGo! videos from this week. Here's the UKI talk I did there:

https://media.ccc.de/v/all-systems-go-2023-185-unified-kernel-images-ukis-

Enjoy!

And here's my other talk, about TPM2 and Linux: https://media.ccc.de/v/all-systems-go-2023-186-linux-tpms

@purpleidea Nope, different person.

@pid_eins what's stopping you from commuting like this?

RE: https://mastodon.social/users/pid_eins/statuses/110060301906760480

Day 2 talks will kick off at 9:45 Berlin-time.
As a reminder, streams for both rooms can be found here: https://streaming.media.ccc.de/asg2023
And the schedule is here: https://cfp.all-systems-go.io/all-systems-go-2023/schedule/#

It's already been 8 years since @LIGO made its first gravitational wave detection! Happy birthday GW150914!