Tech News Digest – March 22, 2025
Dallas, a seasoned professional with a diverse background, transitions seamlessly between roles as a systems admin turned developer, technical writer, and curriculum developer at Red Hat. With a knack for unraveling complex concepts, he crafts engaging materials primarily in DocBook, guiding enthusiasts through the intricacies of Red Hat's certification courses. In his earlier days, Dallas's passion for Anime led him to contribute to Anime News Network, channeling his creativity and expertise into captivating content. His contributions extended beyond writing as he interviewed prominent figures in the Anime industry, offering insights into their creative processes and visions. Beyond his professional pursuits, he's a devoted husband and father, cherishing moments with his loved ones. Dallas's journey in the tech industry spans various roles, from a security developer at NTT Security to an operations architect overseeing Linux servers for commercial transcoding. His tenure at esteemed institutions like Goldman Sachs and Lockheed Martin has honed his skills as a systems engineer, instilling in him a deep-rooted understanding of complex systems. An avid FPV pilot, Dallas finds exhilaration in soaring through the skies with his drones, often contemplating the lessons learned from his aerial adventures. His diverse experiences, including serving as a naval submariner aboard the USS Alexandria and pursuing higher education in England, enrich his perspective and fuel his thirst for knowledge.
Tech News Digest - 2025-03-22
Mr. Spohnz Wardrobe By a 3D printer
[$] OSI election ends with unsatisfying results
Category: Linux
Tags: General
Published: Fri, 21 Mar 2025 21:46:10 +0000
TL;DR: Here is a 2-sentence summary:
The Open Source Initiative (OSI) has announced the results of its recent board of directors election, with Ruth Suehle and McCoy Smith joining Carlo Piana on the board. However, some have raised concerns about the integrity of the election, citing missteps throughout the process, including the exclusion of three candidates who didn't meet a new requirement to sign the OSI board agreement after the election was over.
The Open Source Initiative (OSI) has announced the results of its recent board of directors election. Ruth Suehle and McCoy Smith are new to the board, while Carlo Piana will serve another term. The results, however, seem tainted in the eyes of some participants and observers. The election has been plagued by missteps from the beginning. It has culminated with the exclusion of three candidates for failing to meet a requirement to sign the OSI board agreement, which was added after the election was over and before results were tallied or announced.
[Read more](https://lwn.net/Articles/1014603/)
[$] The guaranteed contiguous memory allocator
Category: Linux
Tags: Linux
Published: Fri, 21 Mar 2025 17:33:53 +0000
TL;DR: Here is a 2-sentence summary:
As a system runs, allocating large blocks of contiguous memory becomes increasingly difficult due to memory fragmentation. To address this issue, Suren Baghdasaryan and Minchan Kim are working on improving the kernel's contiguous memory allocator (CMA) subsystem with a new patch set that aims to make such allocations more reliable.
As a system runs and its memory becomes fragmented, allocating large, physically contiguous regions of memory becomes increasingly difficult. Much effort over the years has gone into avoiding the need to make such allocations whenever possible, but there are times when they simply cannot be avoided. The kernel's contiguous memory allocator (CMA) subsystem attempts to make such allocations possible, but it has never been a perfect solution. Suren Baghdasaryan is is trying to improve that situation with the guaranteed contiguous memory allocator patch set, which includes work from Minchan Kim as well.
Read more
Julien Malka proposes method for detecting XZ-like backdoors
Category: Linux
Tags: General
Published: Fri, 21 Mar 2025 16:54:21 +0000
TL;DR: Here is a 2-sentence summary:
Julien Malka has suggested that NixOS use build-reproducibility checks to detect when maintainer-generated tarballs result in different artifacts than building from source, which could have made it harder to hide the XZ backdoor. This incident highlights the importance of improving software supply chain security processes, including auditing code and verifying all components, to ensure the trustworthiness of open-source software.
Julien Malka has called for the NixOS project to use build-reproducibility to detect when a program has a maintainer-generated tarball that results in a different artifact than building from source. There are good reasons for projects to release maintainer-generated tarballs, but since the materials included in them are usually documentation, extra build scripts, and so on, it makes sense to check that they don't influence the final build output. While this would not have stopped last year's XZ backdoor, it would have made it harder to hide.
People are often convinced that OSS is more trustworthy than closed-source software because the code can be audited by practitioners and security professionals in order to detect vulnerabilities or backdoors. In this instance, this procedure has been made difficult by the fact that part of the code activating the backdoor was not included in the sources available within the git repository but was instead present in the maintainer-provided tarball. While this was used to hide the backdoor out of sight of most investigating eyes, this is also an opportunity for us to improve our software supply chain security processes.
[Read more](https://lwn.net/Articles/1015095/)
[$] Multiple memory classes for address-space isolation
Category: Linux
Tags: Linux
Published: Fri, 21 Mar 2025 16:24:22 +0000
TL;DR: Here is a 2-sentence summary:
Brendan Jackman has been working on a patch set to introduce address-space isolation (ASI) as a way to prevent future CPU vulnerabilities from leaking sensitive information. The goal of ASI is to ensure that unnecessary data isn't stored in memory, making it impossible for speculative execution to leak important information, and the work will likely be discussed at the 2025 Linux Filesystem, Memory Management, and BPF Summit.
Brendan Jackman has been working to try to get ahead of the next hardware CPU vulnerability before it gets discovered. In January, he posted the second version of a patch set that introduces address-space isolation (ASI) as a way of preventing future CPU vulnerabilities from leaking important information. The core concept is to ensure that data that is not currently needed is not present in memory, so that speculative execution cannot leak it. The work is nowhere near ready to be incorporated into the mainline kernel — not least of all because it has a large performance impact in its current form — but it is likely to once again be a topic of discussion at the 2025 Linux Filesystem, Memory Management, and BPF Summit.
[Read more](https://lwn.net/Articles/1014440/)
Introducing rpi-image-gen for customized Raspberry Pi images
Category: Linux
Tags: General
Published: Fri, 21 Mar 2025 14:27:33 +0000
TL;DR: Here is a 2-sentence summary:
Raspberry Pi has announced rpi-image-gen, a tool that allows users to create custom software images for its devices. The tool is a Bash-oriented scripting engine that can produce software images with different partition layouts, file systems, and profiles using metadata and a defined flow of execution.
Raspberry Pi has announced rpi-image-gen, a tool to create custom software images for its devices.
rpi-image-gen is a Bash orientated scripting engine capable of producing software images with different on-disk partition layouts, file systems and profiles using collections of metadata and a defined flow of execution. It provides the means to create a highly customised software image for your Raspberry Pi device. rpi-image-gen is human readable, auditable and easy to use.
The Git repository for rpi-image-gen has a number of examples to help users get started making their own custom images.
[Read more](https://lwn.net/Articles/1015059/)