News

Microsoft Buys GitHub: Three Weeks Later

Marcel Gagné — Tue, 26 Jun 2018 11:30:00 +0000

I heard that Microsoft would be buying GitHub just a couple days before it happened when Carlie Fairchild at Linux Journal told me about it. I replied to the news with a solid, “Get! Out!” Needless to say, I had my doubts. As someone who remembers all too well the “Embrace, extend and extinguish" days of Microsoft, the news of this latest embrace did, however briefly, bring back those old memories. When I was asked what I thought, I answered that the optics were bad.A lot of years have passed since, back in 2001, Steve Ballmer declared Linux to be a cancer. These days, Microsoft loves Linux. It says so right on its website. Two years ago, Steve Ballmer also proclaimed his love for Linux. In 2018, Microsoft has its own distribution that it uses in its Azure cloud. Microsoft includes several different flavors of Linux in its app store (the Windows Subsystem for Linux), all of which can be installed on Windows 10. Microsoft develops for Linux. Heck, Microsoft even contributes to the Linux kernel.

The reason I felt the optics were bad is that Microsoft has spent the last few years going out of its way to paint itself as a friend to Linux and open source. This, I thought, can only be seen as a bad move. Well, it’s been three weeks, more or less, since the the acquisition became official, to the tune of $7.5 billion US. What happened?

For starters, Jim Zemlin, the Executive Director of the Linux Foundation, praised the Microsoft acquisition of GifHub, suggesting that it could be a good thing for everyone. Former open-source star and the new CEO of GitHub, Nat Friedman, did an AMA on Reddit to reassure developers of open-source software that they had nothing to fear from the new landlords.

Linus Torvalds, the creator of the Linux kernel and git itself, didn’t comment directly, but he has been critical of GitHub in the past, so perhaps it doesn’t change anything for him. Besides, the kernel is primarily housed on a private git server, and GitHub is just a public mirror for the code.

That didn’t stop some number of open-source developers from swearing off GitHub and looking for other places to host their projects. GitLab, a minor competitor to GitHub, seemed poised to be the natural beneficiary of this move. In a Twitter post dated June 3rd, it cited that its GitHub to GitLab conversion rate was running at ten times normal.

Go to Full Article

Kernel patch releases, WineHQ, OpenIndiana project, FreeBSD Unix distribution, Xubuntu community contest

Petros Koutoupis — Mon, 19 Feb 2018 13:41:35 +0000

by Petros Koutoupis

News briefs for February 19, 2018

In the past couple of days, the Linux kernel saw quite a bit of patch releases. We have 4.15.4, 4.14.20, 4.9.82, 4.4.116 and even 3.18.95. More information can be found at the Linux Kernel Archives website.

WineHQ just announced the availability of Wine 3.2 with bug fixes, better gamepad support and more. Wine is an open source compatibility layer designed to run Microsoft Windows applications on top of Unix-like systems.

The OpenIndiana project is still alive and well with a recent announcement of migrating the project to GCC 6.4. Unfortunately, this version does not cover the Spectre/Meltdown vulnerabilities, although the next version planned is 7.3 which will cover these hot issues.

While on the topic, the FreeBSD Unix distribution finally patched and fixed their operating environment for both Spectre and Meltdown in revision 329462.

Attention all artists: the Xubuntu community is asking for submissions in a wallpaper contest for the upcoming 18.04 LTS release. Submission deadlines are March 15, 2018.

Go to Full Article

HiFive, LibreOffice, Meltdown and Spectre and more

Petros Koutoupis — Fri, 16 Feb 2018 14:30:59 +0000

by Petros Koutoupis

News briefs for February 16, 2018

Now available from SiFive is the HiFive Unleashed development board. Shipping with the first Linux-ready RISC-V microprocessor. Product specification and prices available on the company's official website.

We would like to congratulate the hard working folks behind the LibreOffice 6.0 application suite. Officially released on January 31, the site has counted almost 1 million downloads. An amazing accomplishment.

The engineers behind Ubuntu are now considering collecting more hardware statistics of machines running the operating system. This is an effort to provide users with better hardware support and stability.

While hardware vendors such as Intel continue to mitigate the effects of both the Meltdown and Spectre vulnerabilities, researchers have in the meanwhile discovered new variants of the attack which may force the same vendors to rethink their strategies.

The Fedora community is currently weighing the option of assigning managers to each release and help organize and facilitate everything involving a typical distribution release. You can read more and even share your opinions here.

Go to Full Article

Urgent Kernel Patch for Ubuntu

James Darvell — Tue, 12 May 2015 19:58:02 +0000

by James Darvell

Linux is engineered with security in mind. In fact, the most fundamental security mechanisms are built right in to the kernel itself, which makes it extremely hard for malicious code to bypass. Unfortunately, attackers always are looking for ways to break down security walls, and engineers constantly are patching security weaknesses.

Security holes often are caused by small bugs within the kernel. These can be exploited and used to execute code without the normal protection. When a serious hole is discovered, it's important to get a fix out as soon as possible. Unfortunately, rushed fixes sometimes cause problems of their own, such as the fix released by Canonical earlier this week.

Canonical discovered a security hole in the Linux kernel on May 4, 2014. The hole made it possible for programs to gain administrator privileges, opening the door to a number of serious exploits.

However, Canonical's new patch caused regressions in Ubuntu versions 14.10 and 14.04. A regression is a type of bug where previously working code becomes defective. In this case, the bugs were unrelated to the area of the kernel that had been repaired, they just managed to "creep in" to the release. These bugs are related to the auditing of some path names. This made the system unstable and could cause occasional crashes.

Canonical quickly repaired these issues and released a new update May 8, 2015.

The original problem was caused by a race condition in the kernel between two system calls. By exploiting this race condition, malicious code would be able to increase its privileges to admin level. Admin access allows a program to make sweeping changes to files and settings for the entire operating system. This is an extremely severe security risk, as malicious code can bypass the normal security barriers that safeguard the operating system.

Canonical's patch has been pushed to the upstream kernel, so it should be available to other distros that use the same kernel version.

The regressions were specific to the two versions of Ubuntu noted above. They are now repaired, and the correct patch will be installed for users who update their system as of now. For users who haven't applied these patches, it's essential to do so immediately. The patches can be applied through the "Software Updater" app.

There is one last wrinkle. In patching the security hole, Canonical has had to change the kernel's ABI. The ABI is the binary interface between different modules of the kernel. The result of this change is that custom modules no longer will work with the patched kernel unless they are recompiled or updated through the package manager.

Go to Full Article

A More Stable Future for Ubuntu

James Darvell — Fri, 08 May 2015 14:26:12 +0000

by James Darvell

Canonical has announced plans to switch all versions of Ubuntu to its new Snappy package manager. The new tool offers the promise of greater stability and security for the system and applications.

Snappy already is used in Ubuntu core, a minimal version of Ubuntu intended for use in the cloud, on mobile devices and in embedded systems.

The next step is rolling Snappy into "Ubuntu Desktop Next". Next is a special version of Ubuntu that acts as a test bed for new technology before it is included in the desktop version. Testers use Next to try out new features, such as Mir and Unity 8.

Currently, Ubuntu uses the Advanced Packaging Tool (apt) and the lower-level dpkg tool to manage packages. They are inherited from Debian and are used on a wide range of distros.

Snappy takes a radically different approach to package management. This means developers will need to replace all the existing Debian packages with Snappy packages. Of course, this will be a major undertaking. There are thousands of packages to switch, so we can expect a lengthy wait before Snappy makes it into the mainline version.

In light of the change, some people are concerned that Ubuntu will sever ties with Debian. The Next team leader has clarified that Canonical intends to maintain Ubuntu's relationship with Debian. The plan is to create Snappy packages based on the Debian equivalents.

Snappy is a new breed of package manager with a different approach to security, package contents and updating. It originally was designed for better performance on mobile devices, but it has a range of benefits for all users. Here are some of the features that make Snappy different:

Go to Full Article