Article from Issue 217/2018

Red Hat reports $823 revenue for second quarter 2019; Debian, Ubuntu, and other Distros are leaving users vulnerable; Nextcloud 14 arrives; Linus Torvalds takes a break, apologizes; Chinese spy chip in US servers?; Is North Korea hacking US ATM machines?

Red Hat Reports $823 Revenue for Second Quarter 2019

Red Hat has evolved beyond its original role as a Linux vendor and is now positioned as a cloud player that offers complete solutions to enterprise customers. The company has been expanding its product portfolio to help customers embark on their cloud native and digital transformation journey.

Red Hat's aggressive repositioning is reflected in its revenue. The company earned $823 million in total revenue, up 14% year-over-year, in the second quarter of the fiscal year 2019.

"The expansion of our technology portfolio has increased our strategic importance with customers, which is evidenced by the number of deals over five million dollars in the second quarter more than doubling year-over-year," said Jim Whitehurst, president and chief executive officer of Red Hat. "Customers continue to prioritize their digital transformation initiatives, and they are adopting Red Hat's hybrid cloud enabling technologies to modernize their applications and drive greater efficiency and effectiveness in their business."

Which technologies segments are growing within Red Hat is apparent from the breakout of the revenue. Subscription revenue remains the largest earnings at $527 million, but it registered a mere 8% in year-over-year growth. On the other hand, revenue from emerging technologies (read cloud and containers) was $196 million for over 31% year-over-year growth.

If Red Hat keeps up this pace, it might touch the $4 billion annual revenue mark in 2019.

Debian, Ubuntu, and Other Distros Are Leaving Users Vulnerable

Linux is known for a rapid response on fixing problems with the kernel, but the individual distros often take their time with pushing changes to users. Now, one of the researchers for Google Project Zero, Jann Horn, is warning that major distros like Debian and Ubuntu are leaving their users vulnerable.

"Linux distributions often don't publish distribution kernel updates very frequently. For example, Debian stable ships a kernel based on 4.9, but as of 2018-09-26, this kernel was last updated 2018-08-21. Similarly, Ubuntu 16.04 ships a kernel that was last updated 2018-08-27," he wrote in a blog post.

According to Horn, the delay means that users of these distributions remain vulnerable to known exploits. Horn describes a case in which, "a security issue was announced on the oss-security mailing list on 2018-09-18, with a CVE allocation on 2018-09-19, making the need to ship new distribution kernels to users more clear. Still: As of 2018-09-26, both Debian and Ubuntu (in releases 16.04 and 18.04) track the bug as unfixed."

Horn is also critical of Android, which only ships security updates once a month. "…When a security-critical fix is available in an upstream stable kernel, it can still take weeks before the fix is actually available to users – especially if the security impact is not announced publicly," he wrote.

Greg Kroah-Hartman has also been critical of distributions that don't push these changes to users. Horn warned, "The fix timeline shows that the kernel's approach to handling severe security bugs is very efficient at quickly landing fixes in the Git master tree, but leaves a window of exposure between the time an upstream fix is published and the time the fix actually becomes available to users – and this time window is sufficiently large that a kernel exploit could be written by an attacker in the meantime."

Nextcloud 14 Arrives

Nextcloud has released Nextcloud 14, a fully open source enterprise file sync and storage (EFSS) solution. The new release brings many new features, including an even tighter focus on security.

Unlike its closest competitor Dropbox, Nextcloud is more of a platform than just a sync and storage solution. Nextcloud comes with online collaborative software, secure web chat, secure voice and video conferencing, calendering, contacts, and more.

Now Nextcloud is using a combination of its services to offer tighter security. It's now using Video Verification for sharing sensitive data. While sending a document, a user can choose to add a Talk verification feature (Talk is Nextcloud's video chat service).

The recipient would have to appear online via video chat and confirm their identity in order for the file to be transferred. The sender would send a password for the file, and the receiver would receive the password verbally through the video chat.

Another security-centric feature of Nextcloud 14 is a new two-factor authentication. The feature allows users to use third-party messaging apps like Signal, Telegram, and SMS as a second factor to secure their authentication.

Hypothetically, Nextcloud can take it to the next level by introducing a three-factor authentication, by asking the recipient to verify the QR code sent via SMS during the video chat.

Nextcloud 14 is available for free download.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More