News briefs for April 26, 2019.
The EFF asks you to tell Congress to end the Call Detail Records (CDR) program: "For nearly two decades, the NSA has searched millions of Americans' telephone call records—all without a warrant or, for the vast majority of these calls, any suspicion of wrongdoing. But there's a bill in Congress that would finally put an end to the Call Detail Records (CDR) program. Please tell your members of Congress to cosponsor the Ending Mass Collection of Americans' Phone Records Act (S. 936, H.R. 1942)."
The FreedomBox Foundation recently announced the launch of its Pioneer Edition FreedomBox Home Servers. From the announcement: "the product includes pocket-sized server hardware, an SD card with the operating system pre-installed, and a backup battery which can power the hardware for 4-5 hours in case of outages. It sells for 82 euros and ships globally. The FreedomBox community will be offering free technical support for owners of the Pioneer Edition FreedomBox servers on our support forum. The only thing users pay for is hardware." In addition, "FreedomBox is designed around the principle that the exploitation of user data and attention should be technologically impossible. To that end, it is a user-controlled device that enables almost anyone to decentralize the web by hosting their own corner of the internet at home. Its simple user interface empowers individuals to host their own Internet services without any expertise, like an encrypted chat server that can replace Whatsapp, a VoIP server, a personal website, file sharing, a metasearch engine, and much more. The FreedomBox software is fully free and open source, and it is supported by the non-profit FreedomBox Foundation." You can order one via Olimex.
The Polyverse Corporation announces it "is supporting and promoting cveapi.com, an online resource that makes the Common Vulnerabilities and Exposures (CVEs) database more accessible to the open source community." Archis Gore, Polyverse CTO, says "Polyverse is thrilled to support cveapi.com in our shared mission to democratize the cybersecurity industry and foster an environment that encourages collaboration. By encouraging open APIs such as the CVE API, we hope to do our small part in helping ideas flourish and creating usable data."
IBM developers are working on a "system call isolation" concept for the Linux kernel to help increase security. Phoronix reports that the concept was just announced, and some preliminary patches are in the works. The post quotes developer Mike Rapoport: "The idea here is to allow an untrusted user access to a potentially vulnerable kernel in such a way that any kernel vulnerability they find to exploit is either prevented or the consequences confined to their isolated address space such that the compromise attempt has minimal impact on other tenants or the protected structures of the monolithic kernel. Although we hope to prevent many classes of attack, the first target we're looking at is ROP gadget protection."
Scientific Linux is being discontinued. According to BetaNews, the RHEL-based distro maintained by the scientific community at The Fermi National Laboratory and CERN will no longer be developed, and the organizations will switch to CentOS. James Amundson, Head of Scientific Computing Division, Fermi National Accelerator Laboratory, says the change is driven by the need to unify their computing platform with collaborating labs and institutions: "Toward that end, we will deploy CentOS 8 in our scientific computing environments rather than develop Scientific Linux 8. We will collaborate with CERN and other labs to help make CentOS an even better platform for high-energy physics computing. Fermilab will continue to support Scientific Linux 6 and 7 through the remainder of their respective lifecycles. Thank you to all who have contributed to Scientific Linux and who continue to do so."