Linux 4.3 Released As Stable; Improves On Open-Source Graphics, SMP Performance (lkml.org)

← Back to Stories (view on slashdot.org)

Linux 4.3 Released As Stable; Improves On Open-Source Graphics, SMP Performance (lkml.org)

Posted by timothy on Sunday November 1, 2015 @01:52PM from the positive-externalities-galore dept.

An anonymous reader writes: The Linux 4.3 kernel was released as stable today. The Linux 4.3 kernel brings Intel Skylake support, reworked NVIDIA open-source graphics support, and many other changes with the code count hitting 20.6 million lines of code.

73 comments

Min score:

Reason:

Sort:

How much of it do I have to trust? by ka9dgx · 2015-11-01 14:00 · Score: 0

If I upgrade to this kernel, how many of those lines of code do I actually have to trust not to give away everything on my machine to a black hat? Hopefully less than 100k lines of code are actually critical.
1. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 14:05 · Score: 0
  
  With an average threat model, you only really need to worry about networked programs (your web browser, sshd, your web browser, ntpd, did I mention your web browser?, ...).
  Once you put those under a good Apparmor/SELinux profile, you only have to trust the 100k lines of code of the sandbox and you're safe against 99% of potential real world attacks. As long as you don't pick up that (Bad)USB key you found lying on the ground...
2. Re:How much of it do I have to trust? by cheater512 · 2015-11-01 14:09 · Score: 1
  
  This is Linux so putting in random USB sticks is largely a non-issue.
  Running stuff (especially as root) off random USB sticks is always a bad idea on any OS of course.
3. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 14:10 · Score: 0
  
  You need to trust all of the code in the kernel, that's the definition of a monolithic kernel, which Linux is.
  Or at least, all the code you selected when doing make config...
4. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 14:16 · Score: 2, Insightful
  
  I was reffering to BadUSB, which is for example the USB firmware suddendly adding a fake USB keyboard and running running curl | sh through ALT+F2, or maybe adding a USB network adapter that proxies your traffic through an attacker machine, or really all sorts of other fun things you could imagine.
  This isn't the things I'd worry about, but properly done rogue firmware is definitely among the 1% scary attacks.
5. Re:How much of it do I have to trust? by JoeMerchant · 2015-11-01 14:20 · Score: 1
  
  Most importantly, you have to trust those parts of the kernel code that you run and very few other people do.
  Big bad exploits get caught. Sneaky ones can hang around for awhile.
6. Re:How much of it do I have to trust? by zenlessyank · 2015-11-01 14:23 · Score: 5, Funny
  
  You have 11 choices. You can either 'Learn' the code, or you can 'Trust' the code, and lastly you can 'Not Use' the code.
7. Re:How much of it do I have to trust? by guruevi · 2015-11-01 14:24 · Score: 1
  
  Most of them are related to drivers for a host of peripherals as well as other architectures and features your computer may not even have. So most code is largely untouched.
  Here is a neat comparison: http://www.informationisbeauti...
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
8. Re:How much of it do I have to trust? by smittyoneeach · 2015-11-01 14:33 · Score: 4, Informative
  
  Hey, don't forget the microcode on the chip. Or, rather, do forget it. "They" insist.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
9. Re:How much of it do I have to trust? by Kjella · 2015-11-01 14:50 · Score: 2
  
  If I upgrade to this kernel, how many of those lines of code do I actually have to trust not to give away everything on my machine to a black hat? Hopefully less than 100k lines of code are actually critical.
  Depends on your threat model. If your "black hat" can plug malicious devices into your machine quite many but then your security is probably badly compromised anyway. If he's within wireless range then a few stacks like Bluetooth, WiFi, WiDi etc. if you have them enabled, but if that's a realistic fear I'd simply use wired accessories. If he's got a local user there might be many vectors for an escalation attack, but then he's already got a foot in the door. For packets coming down the wire from the Internet, there's some as the kernel does parsing, routing, firewalling and so on. But for the most part it's userspace clients like your browser or daemons like sshd that'll contain the primary exploits. Kernel bugs are mostly to go from limited access to full access.
  
  --
  Live today, because you never know what tomorrow brings
10. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 15:18 · Score: 1
  
  There's no way to quantitatively measure that. But I do know that between the 3 major monolithic kernels, it's in the top two in trust and competently-written code.
11. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 15:25 · Score: 0
  
  > Depends on your threat model. If your "black hat" can plug malicious devices into your machine quite many but then your security is probably badly compromised anyway.
  Compared to... what, exactly? A networked Windows box with the fefault CIFS client for printing and drive access enabled publishes the entire hard disk as the hidden crive \\ipaddress\c$, *always*, it's a nightmare to turn off.
  Plugging in peripherals is demanded for mice and keyboards and headphones and recharging cellphones: Filling in the USB slots with hot glue tends to really, rally piss off most laptop users, and many portable phones demand drivers to actually *enable* USB recharging. It's really, really hard to win without compiling your own personally tweaked kernels to entirely disable these features.
12. Re: How much of it do I have to trust? by Anonymous Coward · 2015-11-01 15:38 · Score: 0
  
  Pretty sure administrative shares like c$ haven't been enabled by default, since like Windows Vista.... (ya know, 8 or 9 years since you last touched windows.)
13. Re:How much of it do I have to trust? by Kjella · 2015-11-01 15:46 · Score: 1
  
  Depends on your threat model. If your "black hat" can plug malicious devices into your machine quite many but then your security is probably badly compromised anyway.
  Compared to... what, exactly? A networked Windows box with the fefault CIFS client for printing and drive access enabled publishes the entire hard disk as the hidden crive \\ipaddress\c$, *always*, it's a nightmare to turn off.
  Compared to... a secure system. If someone can plug in devices they can probably install hardware keyloggers, spy cams and anything else they need to compromise your credentials the next time you log in. You can't trust a machine that's been tampered with any more than you can trust software that's been patched, whether it runs Linux or some other OS.
  
  --
  Live today, because you never know what tomorrow brings
14. Re:How much of it do I have to trust? by nickweller · 2015-11-01 15:55 · Score: 1, Flamebait
  
  You're confusing all the Windows on here ..
15. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 16:09 · Score: 0
  
  Relatively few. Most of the 20 million lines are for drivers (you know, the thing people always complained Linux didn't have?).
  Do a git clone and run wc if for a very rough estimate. Exclude all drivers, filesystems and architectures you don't need. For a better estimate you'll have to use more advanced tools.
16. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 16:13 · Score: 0
  
  It's just 20M lines of easy code. If you start tomorrow you can go over it pretty quickly. It's about the same thing as perusing a landfill in search of an accidentally discarded item.
17. Re:How much of it do I have to trust? by OrangeTide · 2015-11-01 16:23 · Score: 1
  
  You have to assume it's compromised.
  
  --
  “Common sense is not so common.” — Voltaire
18. Re:How much of it do I have to trust? by OrangeTide · 2015-11-01 16:27 · Score: 2
  
  Firmware is just a fancy word for software. I write firmware for a living. Most of the fear around it is because many don't understand what firmware is.
  The very nature of having code that runs on a processor that is isolated from the rest of your system is generally considered a good thing in security, and that's all firmware really is. Now what your computer does with the output of that firmware is really what has been overlooked for years.
  
  --
  “Common sense is not so common.” — Voltaire
19. Re:How much of it do I have to trust? by OrangeTide · 2015-11-01 16:28 · Score: 1
  
  I don't have the intel graphics driver loaded on my sysem.
  
  --
  “Common sense is not so common.” — Voltaire
20. Re: How much of it do I have to trust? by i.r.id10t · 2015-11-01 16:44 · Score: 1
  
  The fact that it existed as a default for sooo long though... I mean, at what point in time did that seem like a Good Idea ?
  
  --
  Don't blame me, I voted for Kodos
21. Re:How much of it do I have to trust? by kervin · 2015-11-01 17:11 · Score: 2
  
  dude, you missed like 8 choices
22. Re:How much of it do I have to trust? by ka9dgx · 2015-11-01 17:25 · Score: 1
  
  Actually there are 100 choices..
  Trust the code
  Don't use it
  Write your own
  Use an OS that sandboxes it by default, and only gives it the capabilities you supply.
23. Re: How much of it do I have to trust? by Nkwe · 2015-11-01 17:46 · Score: 1
  
  The fact that it existed as a default for sooo long though... I mean, at what point in time did that seem like a Good Idea ?
  Probably at the same point in time that it seemed like a good idea to enable SSH to a box. I mean, oh my god, with the root password (or an account that has sudo privileges) someone could remote in and access the whole computer!
  
  The administrative shares on a Windows box really aren't all that different, you need an administrative account (root) to use them and if you have an administrative account you get full access. You could argue that they are "hidden" and not well known, but I would counter that are plenty things on the Linux side of the world that are not well known and can lead to serious security exposure (SSH port forwarding to bypass firewalls for example.)
  
  Security in any environment requires that those using and configuring systems understand how they work and assign the appropriate access to the appropriate actors. All environments have their security strengths and weaknesses.
24. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 17:55 · Score: 1
  
  This is Boolying.
25. Re:How much of it do I have to trust? by Gravis+Zero · 2015-11-01 18:19 · Score: 4, Funny
  
  dude, you missed like 8 choices
  there are 10 kinds of people: people that understand binary and people who don't.
  
  --
  Anons need not reply. Questions end with a question mark.
26. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 18:58 · Score: 0
  
  On the gripping hand...
27. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 19:00 · Score: 0
  
  You know all the smart old-timers really have left slashdot when someone with a 5-digit UID can't recognize a binary joke.
28. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 19:09 · Score: 0
  
  This is essentially why you should have complex enough passwords and place a post-it with them on you screen or under your keyboard if you are paranoid.
  Passwords are for protecting against remote bruteforcing. For local protection you lock the door.
29. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 19:15 · Score: 0
  
  There are 2 kinds of people: population bifurcators and non-population bifurcators.
30. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 19:19 · Score: 1
  
  > This is Boolying.
  .AND. ?
31. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 20:45 · Score: 0
  
  ... and those who didn't get that the joke is in trinary.
32. Re:How much of it do I have to trust? by stooo · 2015-11-01 20:54 · Score: 1
  
  >> You're confusing all the Windows on here ..
  Don't care, this is a Linux article :)
  
  --
  aaaaaaa
33. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 21:00 · Score: 0
  
  ... and those who didn't get that the joke is in trinary.
  ... or you who didn't get that the joke is in Binary, not trinary. 10=2 and 11=3 in Binary. Hand over your geek card.
34. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-01 21:11 · Score: 0
  
  There are two kinds of people: those who know which word to apply a prefix to, and those who don't.
  (You meant, "population non-bifurcators". No, really.)
35. Re:How much of it do I have to trust? by FlyHelicopters · 2015-11-01 21:54 · Score: 1
  
  Passwords are for protecting against remote bruteforcing. For local protection you lock the door.
  Yes, but you can put a password on your computer that I cannot brute force.
  You cannot put a lock on your door that I cannot bypass, likely without you even knowing it was bypassed.
36. Re:How much of it do I have to trust? by Crowd+Computing · 2015-11-02 00:55 · Score: 1
  
  > This is Boolying. .AND. ?
  You're obviously full of bool.
37. Re:How much of it do I have to trust? by ledow · 2015-11-02 00:58 · Score: 1
  
  All of the lines that you use.
  Same as ANY OTHER OPERATING SYSTEM OR APPLICATION.
  Were you expecting a different answer?
  And have you EVER inspected the code to any program fully enough to satisfy your curiosity that it doesn't do anything you don't trust? If so, are you aware of the Obfuscated C contests?
  Sorry, but for even a skilled coder, there is NO WAY you can audit this amount of code single-handedly and you have to take it on trust. Same as everything else.
  Even the TrueCrypt audit didn't catch all the problems and THE DAY AFTER there was a bug found in it. And that took years to arrange.
38. Re: How much of it do I have to trust? by Anonymous Coward · 2015-11-02 01:42 · Score: 0
  
  True, but you are not welcome to know where any of my computing equipment is located.
39. Re:How much of it do I have to trust? by c · 2015-11-02 01:43 · Score: 1
  
  Real programmers know there's one more option...
  
  --
  Log in or piss off.
40. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-02 02:10 · Score: 0
  
  "Population bifurcator" is an open compound. There's nothing wrong with attaching "non-" to it as a whole, although some style guides recommend hyphenating the compound as well in such cases.
41. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-02 04:52 · Score: 0
  
  Woosh, or at least you looked at the wrong joke or fell for it. 10=3 in trinary, hence the three kinds of people. No need to hand in your geek card, real geeks can void it remotely.
42. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-02 05:09 · Score: 0
  
  does not compute. I only use fuzzy logic.
43. Re: How much of it do I have to trust? by Anonymous Coward · 2015-11-02 06:07 · Score: 0
  
  I was reffering to BadUSB, which is for example the USB firmware suddendly adding a fake USB keyboard and running running curl | sh through ALT+F2, or maybe adding a USB network adapter that proxies your traffic through an attacker machine, or really all sorts of other fun things you could imagine.
  Nice ideas, but my terminal isn't on Alt+F2, and no sane configuration would automatically route traffic through a newly-discovered potentially rogue network adapter.
44. Re:How much of it do I have to trust? by HiThere · 2015-11-02 07:38 · Score: 1
  
  Is your firmware microcode? Otherwise I agree that firmware is just code stored on an ROM. Still, this doesn't mean it isn't something to be afraid of it you don't trust it.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
45. Re:How much of it do I have to trust? by HiThere · 2015-11-02 07:41 · Score: 1
  
  While that's generally true, there have been cases where common code has had potential exploits that have hung around for decades.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
46. Re:How much of it do I have to trust? by JoeMerchant · 2015-11-02 10:30 · Score: 1
  
  Heartbleed, for one, but once it's "outed" something like Heartbleed is addressed quickly.
  If you're running a bit of the kernel that applies to 1% of the users of an obscure 1% piece of hardware and that bug gets outed - response time to fix that bug will probably be less impressive.
  If an exploit exists in the code and nobody knows about it (or, more importantly, uses it), does it really matter?
47. Re:How much of it do I have to trust? by Anonymous Coward · 2015-11-02 11:46 · Score: 0
  
  > Woosh, or at least you looked at the wrong joke or fell for it. 10=3 in trinary,
  WTF is "trinary"?
  Are you trying to say "ternary"?
48. Re:How much of it do I have to trust? by Ash-Fox · 2015-11-02 13:51 · Score: 1
  
  networked Windows box with the fefault CIFS client for printing and drive access enabled publishes the entire hard disk as the hidden crive \\ipaddress\c$, *always*, it's a nightmare to turn off.
  On my network, the active directory sets the following registry key HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\AutoShareWks to 0. It's not really a nightmare to turn off, fairly trivial? If I can do it trivially at home, surely you can do it in your corporation.
  
  Filling in the USB slots with hot glue tends to really, rally piss off most laptop users, and many portable phones demand drivers to actually *enable* USB recharging. It's really, really hard to win without compiling your own personally tweaked kernels to entirely disable these features.
  You could use one of the numerous end point security solutions out there for windows? I've found Lumension to be quite difficult to bypass, even when you have administrative rights to a system.
  
  --
  Change is certain; progress is not obligatory.
49. Re: How much of it do I have to trust? by Ash-Fox · 2015-11-02 13:53 · Score: 1
  
  Pretty sure administrative shares like c$ haven't been enabled by default, since like Windows Vista
  They are enabled by default with Windows file sharing and fairly trivial to turn off through a registry entry.
  
  --
  Change is certain; progress is not obligatory.
50. Re:How much of it do I have to trust? by OrangeTide · 2015-11-03 05:03 · Score: 1
  
  I'm only concerned if I'm giving it sensitive information. Of course the classic hack is to have your exploited mouse or whatever act like a keyboard and type something, or a storage device and boot something. It doesn't take much effort either and nobody offers a software signing service for USB peripherals.
  Also when you say microcode, I don't think it means what you think it means.
  
  --
  “Common sense is not so common.” — Voltaire
51. Re:How much of it do I have to trust? by zeeclor · 2015-11-03 17:44 · Score: 1
  
  dude, you missed like 8 choices
  there are 10 kinds of people: people that understand binary and people who don't.
  The top poster was right.
  There are 11 kinds of people: people that understand binary and people who don't.
Re:SMP improvements? by eutychus · 2015-11-01 15:08 · Score: 5, Informative

"and the performance testing results are encouraging. Nevertheless we need to keep
an eye on potential regressions, since this potentially affects every SMP workload
in existence."
http://lkml.iu.edu/hypermail/linux/kernel/1508.3/04818.html
None by Anonymous Coward · 2015-11-01 15:33 · Score: 0

None of it.
It's open source, you can trust as much of the code as you want, you can review all of it yourself and anywhere in between.
Re:Anything can be stable with enough drugs by Stormwatch · 2015-11-01 15:45 · Score: 1

Drugs, violence, and duck tape. Any of them is the solution to anything.

--
Circumcision is child abuse.
Re:Anything can be stable with enough drugs by davester666 · 2015-11-01 21:53 · Score: 1

All of them is the solution to anything.
FTFY

--
Sleep your way to a whiter smile...date a dentist!
We'll know that Linux has surpassed Windows... by Type44Q · 2015-11-02 00:07 · Score: 1

with the code count hitting 20.6 million lines of code

Linux' technical capabilities are all well and good but we'll know that it's truly surpassed Windows when it can claim just as many (if not more) lines of code...
I kid, I kid!
1. Re:We'll know that Linux has surpassed Windows... by Anonymous Coward · 2015-11-02 01:21 · Score: 0
  
  20.6 million lines of code ... and just imagine a beowulf cluster of those
2. Re:We'll know that Linux has surpassed Windows... by iggymanz · 2015-11-02 01:40 · Score: 1
  
  half of it at least is device drivers, windows keeps that in a separate pile
Re:Anything can be stable with enough drugs by Crowd+Computing · 2015-11-02 00:52 · Score: 1

Drugs, violence, and duck tape. Any of them is the solution to anything.
Especially if you cook the duck.
Stable .... by Anonymous Coward · 2015-11-02 01:17 · Score: 0

So this release is stable. Are there any (trojan) horses inside?
Re:Anything can be stable with enough drugs by Jax+Omen · 2015-11-02 07:51 · Score: 1

DUCT. TAPE. NOT DUCK.
It's not hard.
Fucking millenials.
Re:Anything can be stable with enough drugs by Anonymous Coward · 2015-11-02 07:56 · Score: 0

Oh really? Tell me more...
Re:Anything can be stable with enough drugs by jjbenz · 2015-11-02 08:43 · Score: 1

In his/her defense there is a brand of tape called "duck tape".
Re:Anything can be stable with enough drugs by Anonymous Coward · 2015-11-02 09:47 · Score: 0

Wrong, you ignorant fuck. It was originally called duck tape because it was made with duck cloth. The term "duct tape" didn't come until later and isn't even accurate because it was never intended to be used on ducts, but rather military supply cases.

duck
1.
a heavy, plain-weave cotton fabric for tents, clothing, bags, etc., in any of various weights and widths.

Fucking millenials.
Indeed, junior.
Re:Anything can be stable with enough drugs by deek · 2015-11-02 18:45 · Score: 1

s/Wrong, you ignorant fuck/Here's something you may be interested to learn/
Phew, now I can read your otherwise informative reply without bemoaning your inherent hostility. Yeah, I know, the OP was just as bad. Don't let that detract your response, though!
Something else to add to the discussion. The name "duck tape" _may_ be because of the duck cloth backing. Another theory on the name comes from the tape being waterproof like a duck. Even one more theory is that it was named after the DUKW amphibious vehicle.
http://www.abc.net.au/science/...
Re:Anything can be stable with enough drugs by Anonymous Coward · 2015-11-03 00:34 · Score: 0

Phew, now I can read your otherwise informative reply without bemoaning your inherent hostility. Yeah, I know, the OP was just as bad. Don't let that detract your response, though!
I see no reason to be polite to someone who talks shit, so save your condescension and lose the pretentious attitude.
Re:Anything can be stable with enough drugs by deek · 2015-11-03 13:16 · Score: 1

*shrug* I'm just trying to be helpful and point out that you're acting as bad as the original poster, therefore your response loses significant worth. That's a pretty good reason to be polite. It's up to you whether you want to take the point, or let loose with more ad hominem responses.
You also need to look up the definition of condescension and pretentious. I do not think they mean what you think they mean.
That's it from me. I'll respond no more on this topic, so feel free to have the last word.
Re:Anything can be stable with enough drugs by Anonymous Coward · 2015-11-03 22:38 · Score: 0

you're acting as bad as the original poster, therefore your response loses significant worth
Your opinion has been noted and ignored.