This month's News


Article from Issue 175/2015

Updates on technologies, trends, and tools

Windows Might Go Open Source

According to a report in Ars Technica and other sources, Microsoft technical fellow and Azure CTO Mark Russinovich told an audience at the ChefConf conference in Santa Clara, California, it is "definitely possible" that Redmond could open source Windows someday. The question comes on the heel of recent announcements about Microsoft open sourcing the code for various components of the .NET infrastructure. Russinovich adds it is a "new Microsoft," but also admits the complexity of the Windows codebase might not lend itself to open development in the way it is done with Linux and BSD.

A Microsoft technical fellow announcing the possibility of an open source Windows is really quite astonishing, considering Microsoft's stormy history with the open source movement. Still, one thing is certain: Microsoft is in business to make money, and they wouldn't take such a step unless they had a clear idea of how they would benefit. The financial benefits of giving away a product that is currently providing billions of dollars in revenue are currently unclear, so don't count on Windows turning up at GitHub anytime soon.

Linux Mint Will Stay with Ubuntu

Despite rumors to the contrary, the popular Linux Mint project will continue to base Mint on Ubuntu Linux. Mint currently maintains an Ubuntu-based main branch and a separate Debian-based version known as Linux Mint Debian Edition (LMDE). In response to a recent question from a reader, who asked, "Wasn't there a plan to make LMDE the main distro?" lead Mint developer Clem Lefebvre replied: "We maintain both Mint and LMDE … and we'll continue to maintain them as long as they are popular. In terms of popularity, Mint itself represents a big majority of our user base, and LMDE is just getting a brand new release so it's a little early to assess the size of its audience. I know fans can be quite vocal about their favorite package base, project, and/or desktop environments, and you might have heard some of them wishing for us to discontinue this or focus more on that. We're already reacting to feedback and popularity though, so I can confirm that we've no plans to do such thing."

This announcement means that, for the foreseeable future, the project will continue as it has in the past: primary attention on the Ubuntu-based Mint and LMDE as an auxiliary product. Missing from the exchange (but on the mind of every Linux watcher) is the Free vs. Open Source subtext. Debian is an all-Free Software distribution, whereas Ubuntu reserves the right to include drivers, codecs, and other elements that might not meet the Free Software definition. The Free Software faithful will continue to push for all-Free upstream source, but like Ubuntu, Mint has gained a reputation for out-of-the-box functionality that requires some compromises with non-Free components.

According to the Mint website, "LMDE is less mainstream than Linux Mint, it has a much smaller user base, it is not compatible with PPAs, and it lacks a few features. That makes it a bit harder to use and harder to find help for, so it is not recommended for novice users." On the other hand, according the Mint developers, LMDE is "slightly faster" and runs newer software.

Microsoft Frees Code for .NET Build Engine

Microsoft announcement that the MSBuild engine, which is part of the Visual Studio suite, is now available in open source form at GitHub. The announcement continues Redmond's gradual release of the .NET platform to open source. According to the announcement, "By invoking msbuild.exe on your project or solution file, you can orchestrate and build products in environments where Visual Studio isn't installed. For instance, MSBuild is used to build the .NET Core Libraries and .NET Core Runtime open source projects."

Microsoft says it will soon add Linux and Mac versions of MSBuild to support .NET development on alternative platforms. The company open sourced the CoreCLR execution engine last month, and many of the core .NET libraries have also been freed for open development. Open source .NET implementations such as the Mono project have been around for years, but they have always operated at a disadvantage, with Microsoft controlling the specification and evolution of .NET. Microsoft's embrace of the open source development model after years of opposition has helped its standing with developer communities – and will help to position .NET as the universal framework Microsoft always intended it to be, rather than a captive proprietary technology.

Researchers Demonstrate Hack by Heat

Several news sources report that scientists at Ben-Gurion University have discovered a new technique for computers in close proximity to communicate through heat pulses. The technique does not depend on any form of conventional wired or wireless networking. According to the report, two disconnected systems placed 15 inches (40 cm) apart can use heat pulses to communicate. The on-board temperature sensor in one unit can detect heat pulses from the other system. If the necessary malware were placed on the systems, they could successfully transmit data and commands without leaving a footprint on the network.

The attack technique is envisioned for situations in which a system on an internal network is located beside a second system with access to the Internet. Isolating the internal network in this way was once thought to provide the ultimate security; the method described by the Ben-Gurion scientists demonstrates that network isolation alone is not enough to guarantee security.

This method is similar to other recently discovered unconventional techniques for passing information between computers through FM signals and screen images. The article at Wired provides additional details.

DDoS Attacks Cost £100,000 per Hour

A recent study reveals a growing threat of DDoS attack and the losses associated with DDoS service interruptions. "The March 2015 Neustar DDoS Attacks and Protection Report" focuses on the UK and Europe and summarizes the responses from enterprise businesses that were interviewed regarding DDoS experiences and strategies. According to the report, nearly 40% of the companies would lose £100,000 (EUR140,000) of revenue per hour if their sites were subjected to a DDoS attack. Fifty percent of the companies said DDoS is a bigger risk this year than last year, and one in three previous attacks lasted one to two days.

You can download the report from the Neustar website. You'll need to provide some basic contact information to obtain the full report.

New SSL Attack Exploits an Old Problem

A new attack could be the final straw for the RC4 encryption method, which is still used on many systems despite some publicized vulnerabilities and stern warnings from security experts. The Bar Mitzvah attack, announced at the Black Hat Asia conference last week, affects SSL connections that use RC4 for encryption. According to security expert Itsik Mantin, Bar Mitzvah is "… the first practical attack on SSL that does not require man-in-the-middle techniques to steal sensitive data …."

The attack is actually based on a 13-year-old vulnerability that is "based on huge classes of RC4 weak keys …." Previous attacks based on the Invariance Weakness vulnerability required active communication with the target system. The Bar Mitzvah attack is thought to be the first passive attack on RC4.

Web admins should disable RC4 on all web servers, and all users should disable RC4 from their browser's SSL/TLS configuration. The recent IETF document RFC 7465 actually requires admins to disable RC4 for all TLS clients and servers.

Red Hat Rolls out RHEL 7.1 with Clones in Pursuit

Red Hat's release of Red Hat Enterprise Linux 7.1 earlier this month has started the usual progression of new releases from clone distros based on RHEL. This week, Oracle announced Oracle Linux 7.1. Although Oracle Linux uses a custom kernel, the source packages are based on RHEL, and Oracle Linux therefore comes with many of the same features and updates. CentOS, another leading RHEL clone now maintained by Red Hat showed up with a new release a couple weeks after the RHEL 7.1 announcement, although the new CentOS inexplicably avoids the 7.1 version number and goes instead with CentOS (1503).

Red Hat calls 7.1 a "minor release" of the RHEL 7 series. Still, the latest version does come with improved security, interoperability, and identity management tools. New features include CIFS filesystem support with the SSSD daemon and integrated client-side functionality for Ceph block storage.

Obama Announces Massive TechHire Initiative

President Barack Obama has announced a new program designed to empower and train more Americans for the IT marketplace. The new TechHire initiative offers more than $100 million in grants to promote training and active local leadership to connect qualified personal with job opportunities.

Several private sector companies have already agreed to participate by providing free training and expanding coding bootcamps to identify qualified employees. The TechHire initiative will operate at the community level. So far, 21 cities have agreed to participate in the program.

One of the goals of the TechHire program is to "expand models for training that prepare students in months and not years." The program, which comes on the heels of recent revelations about gender and ethnic imbalance in the IT sector, will make an effort to extend the benefits of IT training to women and ethic minorities.

See the fact sheet at the White House website for more information.

Oak Ridge Announces GPU Hackathons

The Oak Ridge Leadership Computing Facility (OLCF) has announced a collaboration with the National Center for Supercomputing Applications (NCSA) and the Swiss National Supercomputing Center (CSCS) to sponsor three GPU hackathon events in 2015. The events will provide time, expertise, and computing resources for developer teams looking for hands-on experience with optimizing their applications for GPU environments using the OpenACC Directives for Accelerators standard.

According to the announcement, "The goal of each hackathon is for current or prospective user groups of large hybrid CPU-GPU systems to send teams of 3-6 developers along with either (1) a (potentially) scalable application that needs to be ported to GPU accelerators, or (2) an application running on accelerators which needs optimization. There will be intensive mentoring during this 5-day hands-on workshop, with the goal that the teams leave with applications running on GPUs, or at least with a clear roadmap of how to get there. Our mentors come from national laboratories, universities and vendors, and besides having extensive experience in programming with OpenACC, many of them develop the OpenACC-capable compilers and help define the OpenACC standard."

Registration for the first (April) event has already passed. Upcoming events in the series include EuroHack in July 2015 and OLCFHack in October 2015. See the GPU Hackathon information page at the Oak Ridge National Laboratory website for additional information.

More Online

Linux Pro Magazine

Off the Beat * Bruce Byfield

Worrying about Crowdfunding

Having just submitted one book, I'm considering crowdfunding my next. That means I'm spending a lot of time reading about crowdfunding and worrying about what could go wrong with the idea.

What Will It Take to Merge LibreOffice and OpenOffice?

Ordinarily, I'm all for diversity in free software projects. However, I make an exception in the case of LibreOffice and OpenOffice. The sooner they become a single project, the better.

The Changing Face of Debian

Like a rite of spring, the annual campaign for Debian Project Leader has begun. I've been watching these elections since 1999, and reading the platforms of the current three candidates (headlined, inevitably, as apt install dpl-install), I'm reminded about how Debian has evolved over the years.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs