This month's News
NEWS
Updates on technologies, trends, and tools
Windows Might Go Open Source
According to a report in Ars Technica and other sources, Microsoft technical fellow and Azure CTO Mark Russinovich told an audience at the ChefConf conference in Santa Clara, California, it is "definitely possible" that Redmond could open source Windows someday. The question comes on the heel of recent announcements about Microsoft open sourcing the code for various components of the .NET infrastructure. Russinovich adds it is a "new Microsoft," but also admits the complexity of the Windows codebase might not lend itself to open development in the way it is done with Linux and BSD.
A Microsoft technical fellow announcing the possibility of an open source Windows is really quite astonishing, considering Microsoft's stormy history with the open source movement. Still, one thing is certain: Microsoft is in business to make money, and they wouldn't take such a step unless they had a clear idea of how they would benefit. The financial benefits of giving away a product that is currently providing billions of dollars in revenue are currently unclear, so don't count on Windows turning up at GitHub anytime soon.
Linux Mint Will Stay with Ubuntu
Despite rumors to the contrary, the popular Linux Mint project will continue to base Mint on Ubuntu Linux. Mint currently maintains an Ubuntu-based main branch and a separate Debian-based version known as Linux Mint Debian Edition (LMDE). In response to a recent question from a reader, who asked, "Wasn't there a plan to make LMDE the main distro?" lead Mint developer Clem Lefebvre replied: "We maintain both Mint and LMDE … and we'll continue to maintain them as long as they are popular. In terms of popularity, Mint itself represents a big majority of our user base, and LMDE is just getting a brand new release so it's a little early to assess the size of its audience. I know fans can be quite vocal about their favorite package base, project, and/or desktop environments, and you might have heard some of them wishing for us to discontinue this or focus more on that. We're already reacting to feedback and popularity though, so I can confirm that we've no plans to do such thing."
This announcement means that, for the foreseeable future, the project will continue as it has in the past: primary attention on the Ubuntu-based Mint and LMDE as an auxiliary product. Missing from the exchange (but on the mind of every Linux watcher) is the Free vs. Open Source subtext. Debian is an all-Free Software distribution, whereas Ubuntu reserves the right to include drivers, codecs, and other elements that might not meet the Free Software definition. The Free Software faithful will continue to push for all-Free upstream source, but like Ubuntu, Mint has gained a reputation for out-of-the-box functionality that requires some compromises with non-Free components.
According to the Mint website, "LMDE is less mainstream than Linux Mint, it has a much smaller user base, it is not compatible with PPAs, and it lacks a few features. That makes it a bit harder to use and harder to find help for, so it is not recommended for novice users." On the other hand, according the Mint developers, LMDE is "slightly faster" and runs newer software.
Microsoft Frees Code for .NET Build Engine
Microsoft announcement that the MSBuild engine, which is part of the Visual Studio suite, is now available in open source form at GitHub. The announcement continues Redmond's gradual release of the .NET platform to open source. According to the announcement, "By invoking msbuild.exe on your project or solution file, you can orchestrate and build products in environments where Visual Studio isn't installed. For instance, MSBuild is used to build the .NET Core Libraries and .NET Core Runtime open source projects."
Microsoft says it will soon add Linux and Mac versions of MSBuild to support .NET development on alternative platforms. The company open sourced the CoreCLR execution engine last month, and many of the core .NET libraries have also been freed for open development. Open source .NET implementations such as the Mono project have been around for years, but they have always operated at a disadvantage, with Microsoft controlling the specification and evolution of .NET. Microsoft's embrace of the open source development model after years of opposition has helped its standing with developer communities – and will help to position .NET as the universal framework Microsoft always intended it to be, rather than a captive proprietary technology.
Researchers Demonstrate Hack by Heat
Several news sources report that scientists at Ben-Gurion University have discovered a new technique for computers in close proximity to communicate through heat pulses. The technique does not depend on any form of conventional wired or wireless networking. According to the report, two disconnected systems placed 15 inches (40 cm) apart can use heat pulses to communicate. The on-board temperature sensor in one unit can detect heat pulses from the other system. If the necessary malware were placed on the systems, they could successfully transmit data and commands without leaving a footprint on the network.
The attack technique is envisioned for situations in which a system on an internal network is located beside a second system with access to the Internet. Isolating the internal network in this way was once thought to provide the ultimate security; the method described by the Ben-Gurion scientists demonstrates that network isolation alone is not enough to guarantee security.
This method is similar to other recently discovered unconventional techniques for passing information between computers through FM signals and screen images. The article at Wired provides additional details.
DDoS Attacks Cost £100,000 per Hour
A recent study reveals a growing threat of DDoS attack and the losses associated with DDoS service interruptions. "The March 2015 Neustar DDoS Attacks and Protection Report" focuses on the UK and Europe and summarizes the responses from enterprise businesses that were interviewed regarding DDoS experiences and strategies. According to the report, nearly 40% of the companies would lose £100,000 (EUR140,000) of revenue per hour if their sites were subjected to a DDoS attack. Fifty percent of the companies said DDoS is a bigger risk this year than last year, and one in three previous attacks lasted one to two days.
You can download the report from the Neustar website. You'll need to provide some basic contact information to obtain the full report.
New SSL Attack Exploits an Old Problem
A new attack could be the final straw for the RC4 encryption method, which is still used on many systems despite some publicized vulnerabilities and stern warnings from security experts. The Bar Mitzvah attack, announced at the Black Hat Asia conference last week, affects SSL connections that use RC4 for encryption. According to security expert Itsik Mantin, Bar Mitzvah is "… the first practical attack on SSL that does not require man-in-the-middle techniques to steal sensitive data …."
The attack is actually based on a 13-year-old vulnerability that is "based on huge classes of RC4 weak keys …." Previous attacks based on the Invariance Weakness vulnerability required active communication with the target system. The Bar Mitzvah attack is thought to be the first passive attack on RC4.
Web admins should disable RC4 on all web servers, and all users should disable RC4 from their browser's SSL/TLS configuration. The recent IETF document RFC 7465 actually requires admins to disable RC4 for all TLS clients and servers.
Red Hat Rolls out RHEL 7.1 with Clones in Pursuit
Red Hat's release of Red Hat Enterprise Linux 7.1 earlier this month has started the usual progression of new releases from clone distros based on RHEL. This week, Oracle announced Oracle Linux 7.1. Although Oracle Linux uses a custom kernel, the source packages are based on RHEL, and Oracle Linux therefore comes with many of the same features and updates. CentOS, another leading RHEL clone now maintained by Red Hat showed up with a new release a couple weeks after the RHEL 7.1 announcement, although the new CentOS inexplicably avoids the 7.1 version number and goes instead with CentOS (1503).
Red Hat calls 7.1 a "minor release" of the RHEL 7 series. Still, the latest version does come with improved security, interoperability, and identity management tools. New features include CIFS filesystem support with the SSSD daemon and integrated client-side functionality for Ceph block storage.
Obama Announces Massive TechHire Initiative
President Barack Obama has announced a new program designed to empower and train more Americans for the IT marketplace. The new TechHire initiative offers more than $100 million in grants to promote training and active local leadership to connect qualified personal with job opportunities.
Several private sector companies have already agreed to participate by providing free training and expanding coding bootcamps to identify qualified employees. The TechHire initiative will operate at the community level. So far, 21 cities have agreed to participate in the program.
One of the goals of the TechHire program is to "expand models for training that prepare students in months and not years." The program, which comes on the heels of recent revelations about gender and ethnic imbalance in the IT sector, will make an effort to extend the benefits of IT training to women and ethic minorities.
See the fact sheet at the White House website for more information.
Oak Ridge Announces GPU Hackathons
The Oak Ridge Leadership Computing Facility (OLCF) has announced a collaboration with the National Center for Supercomputing Applications (NCSA) and the Swiss National Supercomputing Center (CSCS) to sponsor three GPU hackathon events in 2015. The events will provide time, expertise, and computing resources for developer teams looking for hands-on experience with optimizing their applications for GPU environments using the OpenACC Directives for Accelerators standard.
According to the announcement, "The goal of each hackathon is for current or prospective user groups of large hybrid CPU-GPU systems to send teams of 3-6 developers along with either (1) a (potentially) scalable application that needs to be ported to GPU accelerators, or (2) an application running on accelerators which needs optimization. There will be intensive mentoring during this 5-day hands-on workshop, with the goal that the teams leave with applications running on GPUs, or at least with a clear roadmap of how to get there. Our mentors come from national laboratories, universities and vendors, and besides having extensive experience in programming with OpenACC, many of them develop the OpenACC-capable compilers and help define the OpenACC standard."
Registration for the first (April) event has already passed. Upcoming events in the series include EuroHack in July 2015 and OLCFHack in October 2015. See the GPU Hackathon information page at the Oak Ridge National Laboratory website for additional information.
More Online
Linux Pro Magazine
http://www.linuxpromagazine.com
Off the Beat * Bruce Byfield
Worrying about Crowdfunding
Having just submitted one book, I'm considering crowdfunding my next. That means I'm spending a lot of time reading about crowdfunding and worrying about what could go wrong with the idea.
What Will It Take to Merge LibreOffice and OpenOffice?
Ordinarily, I'm all for diversity in free software projects. However, I make an exception in the case of LibreOffice and OpenOffice. The sooner they become a single project, the better.
The Changing Face of Debian
Like a rite of spring, the annual campaign for Debian Project Leader has begun. I've been watching these elections since 1999, and reading the platforms of the current three candidates (headlined, inevitably, as apt install dpl-install), I'm reminded about how Debian has evolved over the years.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.