NEWS

NEWS

Article from Issue 220/2019

GitHub offers free private repositories, Linus Torvalds welcomes 2019 with Linux 5, SQLite database vulnerable, hacks abound, Kubernetes vulnerability found and fixed, and Dolphin announces new switch for composable architectures. 

GitHub Offers Free Private Repositories

GitHub has announced that it is now taking on players like GitLab and offering free private repositories. Anyone could always set up a free repository on GitHub; the condition was that the code had to be public, which meant that projects and organizations could not set up private repositories. If they wanted private repository, they had to pay.

Now anyone can create a private repository for free (https://techcrunch.com/2019/01/07/github-free-users-now-get-unlimited-private-repositories/). The only caveat is that there can be at most three collaborators to the project, which means big organizations can't exploit the free service to manage their mega projects.

A private repository lets developer communities work on the codebase internally, away from the public. GitHub competitors like GitLab already offer free private repositories.

Linus Torvalds Welcomes 2019 with Linux 5

Linus Torvalds has announced the release of Linux 5.0-rc1 (https://lkml.org/lkml/2019/1/6/178). The kernel was supposed to be 4.21, but he decided to move to the 5.x series. Torvalds has made it clear that the numbering of the kernel doesn't make much sense, so don't get too excited about this release.

Torvalds explained in the Linux Kernel Mailing List (LKML): "The numbering change is not indicative of anything special. If you want to have an official reason, it's that I ran out of fingers and numerology this time (we're about 6.5M objects in the git repo), and there isn't any major particular feature that made for the release numbering either," he said.

The release brings CPU and GPU improvements. In addition to support for AMD's FreeSync display, it also comes with support for Raspberry Pi Touchscreen.

Talking about the "content" of the kernel, Torvalds wrote: "The stats look fairly normal. About 50% is drivers, 20% is architecture updates, 10% is tooling, and the remaining 20% is all over (documentation, networking, filesystems, header file updates, core kernel code..)."

SQLite Database Vulnerable

The Tencent Blade security team has discovered a vulnerability in the immensely popular open source SQLite database engine. Tencent is one of the three Chinese giants known as BAT (Baidu, Alibaba, and Tencent).

"This vulnerability can be triggered remotely, such as accessing a particular web page in a browser, or any scenario that can execute SQL statements," said a Tencent blog post (https://blade.tencent.com/magellan/index_en.html).

Because SQLite is one of the most widely used databases, touching all modern applications, this vulnerability affects a wide range of the user base (https://www.zdnet.com/article/sqlite-bug-impacts-thousands-of-apps-including-all-chromium-based-browsers/).

According to ZDNet, "Firefox and Edge don't support this API, but the Chromium open source browser engine does. This means that Chromium-based browsers, like Google Chrome, Vivaldi, Opera, and Brave, are all affected." That said, Firefox is affected because it comes with a locally accessible SQLite database, allowing it to be exploited locally, but not remotely.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • News

    Dell kickstarts 2018 with a brand new Linux laptop, Linus Torvalds rips Intel for meltdown and Spectre flaws, LibreOffice-based CODE 3.0 released, Google announces Kubeflow to bring Kubernetes to machine learning, and a critical flaw in phpMyAdmin. 

  • News

    Fedora Project announces Fedora 30; the Apache Software Foundation completes migration to GitHub; Canonical combines its services in a single package; Black Hole Image has an open source connection; Ubuntu 19.04 released; Linux Mint founder calls for better developer support; and VMware patches critical vulnerabilities.

  • News

    This month in the news: KubeCon concludes in Austin, Texas, Dell to disable Intel’s insecure IME, Linus Torvalds’ advice to security experts, GPLv3 comes to the rescue of GPL violators, and Linux Kernel 4.14 released. 

  • Interview – {code} Project’s Josh Bernstein

    Dell’s expansive {code} project is a cornerstone of the company’s open source strategy. Dell Technologies VP Josh Bernstein talks about {code} and the value of open source.

  • NEWS

    This month: Linux Mint 19.2 “Tina” Released; Gnome and KDE Coming Together; Fedora CoreOS Preview Released; SUSE Appoints New CEO; GitHub Blocks Access to Private Repositories in Certain Countries; and A New Ransomware Targeting Linux-Based NAS Devices.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News