Richard Stallman Resigns from Free Software Foundation

The outspoken founder of Free Software Foundation (FSF) and the GNU project, Richard Stallman, has resigned from his post as President of the FSF. Stallman came under fire for his comments in defense of the late Marvin Minsky, co-founder of MIT's Artificial Intelligence lab, who was implicated in the Jeffrey Epstein sex trafficking scandal. Although Stallman did not defend Epstein, his comments regarding Minsky's involvement were regarded as insensitive at best and came across as an inappropriate logical exercise in the face of growing concern over Minsky's actions (https://medium.com/@selamjie/remove-richard-stallman-fec6ec210794).

Reaction from the Free Software community was swift. The Free Software Conservancy (SFC) said in a blog post (https://sfconservancy.org/news/2019/sep/16/rms-does-not-speak-for-us/), "The fight for diversity, equality, and inclusion is the fight for software freedom; our movement will only be successful if it includes everyone. With these as our values and goals, we are appalled at recent statements made by the President and founder of the Free Software Foundation, Richard Stallman, in his recent email to the MIT CSAIL mailing list."

The SCF then called for Stallman to step down from positions of leadership in the free software movement. A few hours later Stallman announced that he has resigned from his positions at MIT and FSF.

Oracle Announces Autonomous Linux

At the Oracle OpenWorld event, Larry Ellison announced Oracle Autonomous Linux, (https://www.youtube.com/watch?v=1fbM6mP9Kl0&t=15s) an addition to Oracle Linux that lifts the burden of managing and maintaining the operating system off the shoulders of operators and sysadmins.

Oracle Autonomous Linux can provision, patch, tune, and scale the system automatically. Oracle is offering the feature for free to Oracle Linux customers.

In an exclusive interview to TFiR, Wim Coekaerts, Senior Vice President, Software Development at Oracle, explained that Autonomous Linux is built on top of Oracle Linux. The genesis of it is Oracle Autonomous database, which takes away mundane tasks from admins to keep the database secure and do upgrades for users. However, the OS running underneath the database was its Achilles heel, and an unpatched and poorly tuned system may have adverse effects on the database itself. So Oracle borrowed the ideas from an autonomous database and brought them to Oracle Linux.

"As a developer or sysadmin, you push a button and we provision the VM on bare-metal for you and we do the online patching so you don't have to worry about downtime," said Coekaerts.

Attackers Find a New Way to Install Cryptominers

This year in June, F5 researchers found a new malware campaign exploiting a Jenkins dynamic routing vulnerability to install a cryptominer (https://www.f5.com/labs/articles/threat-intelligence/attackers-use-new--sophisticated-ways-to-install-cryptominers).

F5 explained that the vulnerability bypasses specific access control lists and leverages the Groovy plugin metaprogramming to download and remotely execute a malicious cryptominer.

The cryptominer consumes valuable computing resources, raising bills and leading to slower performance. In the case of enterprise applications, it could means hundreds and thousands of dollars in bills and lost revenues due to the performance hit.

F5 suggests the following steps to protect users: Implement web fraud protection to detect customers logging into your applications with infected clients designed to engage in fraud. Notify your clients of the malware you detected on their system while logging into your application (which can result in them being blocked from carrying out a transaction), so they can take steps to clean their systems; and provide security awareness training to employees and clients.