LibreSignage Looking for Beta Testers, OpenNebula v. 5.8 "Edge" Now Available, New SPOILER Attack Affecting Intel CPUs Discovered, Bug Found in Android TV OS and GNU Linux-libre 5.0-gnu Released
News briefs for March 5, 2019.
LibreSignage, "a FOSS digital signage solution for managing a network of
digital signage clients...anything from small advertisement displays to
larger commercial billboards", is looking for beta testers for LibreSignage
v1.0.0: "If you'd like to try out the latest and greatest of LibreSignage
development, you can pull the LibreSignage Docker image by pulling
libresignage:v1.0.0-beta-1
from Docker Hub. The readme in the GIT
repository contains further instructions on setting up and starting a
container.
Alternatively you can pull the v1.0.0-beta-1 tag from the GIT repository at
https://github.com/eerotal/LibreSignage and build LibreSignage yourself."
OpenNebula recently released version 5.8 "Edge". This version is the fifth major release of the open-source cloud management software. New major features include support for LXD, automatic NIC selection, distributed data centers and scalability improvements. See the release notes for more information, and go here to download.
New "SPOILER" attack discovered affecting Intel's CPUs. Phoronix reports that researchers from Worcester Polytechnic Institute and University of Lubeck discovered the speculative attack and that "Intel was notified of this issue a few months ago but no software/hardware fix appears ready yet, while the researchers claim there might not be an effective software solution available at least anytime soon—and any mitigation would likely come at a performance cost, as we've seen with Spectre and Meltdown over the past year. AMD and ARM CPUs aren't believed to be impacted by SPOILER." See also "SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks".
A bug in the Android TV OS has been found that could expose personal photos to others who own the same Android TV. According to Appuals, when Twitter user @wothadei "tried to access his Vu Android TV through the Google Home app, he could see the linked accounts of several other individuals who owned the same television. Unfortunately, however, this is not the only bug that he has discovered. The Twitter user found that he could view personal photos linked to the accounts of other owners of the Android TV device on Google Photos through the Ambient Mode screensaver settings."
GNU Linux-libre 5.0-gnu was released yesterday. Sources and tarballs are here.