Cutting-Edge Fedora 25 Released

The Fedora Project has announced the release of Fedora 25, the latest version of their fully open source Linux-based operating system. Fedora is known as a cutting edge Linux distribution, and this release comes with some of the latest open source technologies.

"The Fedora operating system seeks to deliver the latest innovations in the world of free and open source software to our users, from next-generation display servers to powerful application development tools," said Matthew Miller, Fedora Project Leader. "Fedora 25 helps to achieve this goal with the long-awaited debut of Wayland, the addition of a streamlined upgrade path, and a new edition designed to take advantage of Linux containers."

Fedora Workstation is targeted at developers and power users, although it is also suitable for average PC users. It's a preferred Linux distribution for many DevOps users, and the choice of packages that comes installed on the Workstation version is evidence of that fact. Fedora 25 Workstation comes with the latest version of Docker 1.12; Node.js 6.5, the latest version of the popular server-side JavaScript engine; multiple Python versions (2.6, 2.7, 3.3, 3.4, and 3.5) to help test across multiple Python configurations; and support for Rust, a programming language that aims to make development faster and more stable.

On the desktop side, Fedora 25 Workstation comes with Wayland, replacing the aging X11 system. Gnome 3.22 is the default desktop environment that includes much-awaited features like batch file renaming, a redesigned keyboard settings tool, and additional user interface improvements. Workstation users will also be pleased with the inclusion of decoding support for the MP3 media format. In addition to these changes, Fedora 25 comes with a wide range of pre-installed desktop applications.

Fedora comes in three versions: Workstation, Atomic Host (previously Cloud), and Server. All versions are available for free download. For more information on obtaining Fedora 25, see the Fedora website.

Say it Ain't So! Microsoft Joins the Linux Foundation

Microsoft has joined the Linux Foundation as a platinum member. Microsoft made the announcement today at the Microsoft Connect 2016 event in New York.

"The Linux Foundation is home not only to Linux, but many of the community's most innovative open source projects," said Scott Guthrie, Executive Vice President, Microsoft Cloud and Enterprise Group. "We are excited to join The Linux Foundation and partner with the community to help developers capitalize on the shift to intelligent cloud and mobile experiences."

Microsoft has also released the public preview of SQL Server for Linux, which allows customers to test SQL Server on Linux and Linux-based Docker containers.

Microsoft is also partnering with Samsung to introduce their Visual Studio Tools for Tizen, a Linux-based operating system that is hosted by the Linux Foundation. The tool allows developers to build .NET apps for the Tizen operating system, which runs on millions of devices, including TVs, wearables, mobile devices, and many IoT devices.

Despite its long-standing reputation as the archenemy of Linux, Microsoft has emerged in recent years as one of the leading contributors to open source projects; their contributions on GitHub are evidence of the fact that the company is investing heavily in Linux and open source technologies. Microsoft has developed an operating system for networking switches in Azure that runs on the Linux kernel and has released many of its core products as open source, including .NET and PowerShell.

How to Bypass Authentication on a Linux System

Researchers have discovered a flaw in the Cryptsetup utility that allows an attacker to bypass the authentication process on some Linux-based systems just by pressing and holding the Enter key for 70 seconds.

Debian/Ubuntu-based systems with encrypted system partitions are affected by this vulnerability. Researchers warn that other distributions using Dracut instead of initramfs are also vulnerable.

Hector Marco and Ismael Ripoll from the Cybersecurity Group explained in their security advisory that the vulnerability allows you to obtain a root initramfs shell on the affected system. "The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify, or destroy the hard disk as well as setup the network to exfiltrate data. This vulnerability is especially serious in environments like libraries, ATMs, airport machines, labs, etc., where the whole boot process is protected (password in BIOS and GRUB) and you only have a keyboard and/or a mouse," Marco and Ripol wrote.

The worst thing about this vulnerability is that you don't need physical access to the machine; it is possible to exploit the vulnerability remotely in cloud environments.

Last year, the same researchers discovered a bug in GRUB 2 that allowed an attacker to bypass all securities on a locked-down Linux machine by hitting the Enter key 28 times when asked for a username.