Linux News Today features the latest news from the global Linux community. This site is updated daily. Click here to return to our homepage. Get the lowest cost and the best tech support on any Linux web hosting plan. Click here for details.
                                          home   |   news archives   |   advertise on our site   |   contact

Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

Plans begin at $24.95 a month. Get more details, click here.

Do it right this time. Click here and we will take good care of you!

Get all the details by clicking here!

Plans begin at $24.95 a month. Get more details, click here.

Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Click here to order our special clearance dedicated servers.

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

Linus Torvalds says security issues need to be made public

Share on Twitter.

Get the most dependable SMTP service for your business. You wished you got it sooner!

January 19, 2015

Linux OS code originator Linus Torvalds has publicly given some of his views on internet security at the held last week and seems to be closer to Google's way of thinking than Microsoft's. Then again, he's been like that for a while now.

Torvalds, along with Debian representatives Bdale Garbee, Samba man Andrew Tridgell, and kernel coder Rusty Russell spent an hour answering conference attendees' questions last week.

During a discussion about Linux security, Torvalds said-- “I'm an avid believer in just disclosing responsibly. Security issues need to be made public. And there are people that will argue me on this and have argued for decades, that you never want to talk about security problems because that only helps the bad guys. The fact is that I think you absolutely need to report them and and you need to report them in a reasonable time frame.”

Torvalds says on the kernel security mailing list that the disclosure time is five working days, “which for some people is a bit extreme.”

“In other projects, it might be a month or a couple of months,” he continues. “But that's so much better than the years and years of silence which we used to have in the past, he added.”

Might Torvalds have been aware of Google's twin disclosures of as-yet-unpatched Windows flaws last week? Torvalds did seem to be more sympathetic to Google's approach of giving vendors 90 days to disclose a security bug than other approaches that see vendors sit on flaws until they are ready to release a fix.

Microsoft's regular Patch Tuesdays is one such example of that thinking at work and, we now know, can see the company hold back fixes for bugs it knows about if it can't prepare a remedy in time for a release.

For its part, Oracle releases security patches every ninety days or so. Torvalds' speech has also attracted much attention for his remarks on his infamous intemperance.

“I'm an unpleasant person and you probably know that about me. Some people think I am nice and some people are then shocked when they learn different. I'm not a nice person and I don't care about you,” he told the conference.

“I care about the technology and I care about the kernel,” he said, going on to say that disagreements will always erupt once discussions go beyond those topics.

Torvalds went on to make remarks about what he called “diversity in open source” in the Linux community, saying it is “not about gender, not about skin color” and that the Linux community is already very diverse as it comprises abrasive grumps like himself and others whose skills and personality types enable different types of contributions that advance the cause.

He then went on to say that his attitude comes from the fact that he likes arguing and that “I'm just not a huge believer in politeness and sensitivity being preferable over bluntly letting people know your feelings,” he told the audience.

Linux OS originator Linus Torvalds has released version 3.18 of his popular 32 and 64-bit kernel. It was released last night, after what Torvalds wrote was a tiny patch to get release candidate 7 done.

The new version's headline features for business users are better resumption for Linux servers, more support for the The Flash-Friendly File-System (FFFS) and some RAID-friendly tweaks to BTRFS.

There's also a lot more of support for graphics devices from NVIDIA and AMD, as well as a few other improvements.

Torvalds' announcement also says “I'd love to say that we've figured out the issue that plagues 3.17 for a couple of people, but we haven't.”

The problem Torvalds is referring to appears to be an occasional lockup in Linux 3.17, perhaps when running Xen.

Some testers of the Linux 3.18 release reported similar issues and the problem appears also to manifest itself in the last Linux release.

Whatever the source of the problem, it's not of sufficient magnitude to have stopped the release of the 3.18 kernel in the first place.

To be sure, Torvalds has now opened the merge window for Linux 3.19. Lately, new releases of the Linux kernel seem to appear about every six to eight weeks or so.

Torvalds is making his usual pilgrimage to, which this year takes place in Auckland, New Zealand in mid-January.

Between the festive season and that particular trip, the smart money would be on 3.19 landing sometime in mid-March or early April 2015.

In other Linux and open source news

The marked differences and the strong variations in opinion over Debian's future direction has prompted the group to launch a new fork of its Linux distribution over the weekend.

The disagreements centred on various plans to replace the sysvinit system management toolkit with systemd, a similar but less-Linux-specific set of tools.

The “No” camp complained that systemd is not well-aligned with Unix philosophies, reflects the rise of a “do-ocracy” whereby effort trumps quality and steers Debian in the direction of the desktop.

The “Yes” camp are said to largely come from the ranks of Gnome developers. Negotiations have considered making systemd optional, but those talks appear not to have gone well if this post are anything to go by-- it announces a fork called Devuan.

Devuan's backers call themselves the “Veteran Unix Admin Collective” and, on their new site offer the following rationale:

“Devuan aims to be a base distribution whose mission is protect the freedom of its community of users and developers. Its priority is to enable diversity, interoperability and backward compatibility for existing Debian users and downstream distributions willing to preserve Init's freedom.

The webpage goes on to explain that “Devuan will derive its own installer and package repositories from Debian, modifying them where necessary, with the first goal of removing systemd, still inheriting the Debian development workflow while continuing it on a different path-- free from bloat as a minimalist base distro should be.”

A target “spring of 2015” release will see users “be able to switch from Debian 7 to Devuan 1 smoothly, as if they would dist-upgrade to Jessie, and start using our package repositories.”

The group's intention to develop a distribution “free from bloat as a minimalist base distro should be” may also set some teeth grinding.

Whatever your position is on this issue, Devuan is now a real thing. A GitHub page is being populated, and it's possible to make donations.

Jeff Waugh, a former member of the Gnome Foundation board says he feels “The 'no systemd' stuff is a stupid premise, for an audience of a tiny, unpleasantly vocal minority.”

“There’s no way it will attract the kind of sustained maintenance that Debian has achieved for over 10 years,” he said. “For a fork or child distribution to work, it has to solve a real problem. Doesn’t include systemd is not a real problem,” he added.

Waugh also feels “it’s very early in the lifetime of systemd, so it would be wiser to see how it goes before throwing additional tools around as some folks have done already.”

Linux vendor Suse kicked off this year's Suse Conference in Orlando by announcing that it's getting into the software-defined storage business, starting early in 2015.

The company made a new offering, known simply as Suse Storage, available in private beta beginning on Tuesday, with general availability expected for the first half of next year.

That Suse should want a piece of the storage market should come as no surprise. In a statement announcing the new offering, Suse Storage product manager Larry Morris said the storage market is "poised for disruptive change, just like the server market was fifteen years ago."

And he might be right about that, but what is somewhat unexpected is that Suse has chosen to hitch its storage ambitions to the open source distributed block, object, and file storage system Ceph.

Inktank, the company behind Ceph, was acquired by Suse rival Red Hat in April of this year for $175 million and is now a wholly owned subsidiary.

But while Red Hat still offers Inktank Ceph Enterprise as a commercial product, the core Ceph software still remains open source, meaning that there's nothing preventing Suse or other companies from rolling distributions of their own.

A pure-software offering, Ceph is designed to run on commodity servers and disk arrays as an alternative to costly equipment from traditional storage vendors like EMC, Hitachi Data Systems, HP, IBM and NetApp.

In a recent report, Gartner said it expects Ceph and similar open source storage systems to reach 20 percent market share by 2018, as escalating enterprise data retention drives up demand for lower cost but reliable storage systems.

The first version of Suse Storage will be based on the Firefly release of Ceph, the company said. Pricing was not discussed and no shipping date was given, but companies that would like to participate in the beta program can contact Suse to get on the list.

Suse also added that it has teamed up with SAP to help lure Suse customers to the SAP HANA data analytics platform.

Under the new program, qualifying startups will be able to download a virtual machine that comes preloaded with a developer edition of HANA running on Suse Linux Enterprise Server and try it out for six months at no charge.

They'll also be eligible for free training from Suse's Certified Linux Administrator (CLA) Academy.

Suse threw a couple of bones to Suse Linux Enterprise customers during Tuesday's SuseCon keynotes. The first is that live kernel patching based on the kGraft project is now available on a subscription basis for every maintenance release of Suse Linux Enterprise Server 12 for the 64-bit Intel architecture.

The technology allows system admins to apply security patches to production servers without rebooting or stopping the system.

"It's a fully open source solution that features zero-interruption interaction with the system and a familiar deployment method," Suse product manager Matthias Eckerman said in a statement.

"It's ideal for mission-critical systems, in-memory databases, extended simulations or quick fixes in a large server farm," he added.

Overall, Suse has also adjusted its licensing terms to allow enterprise customers to migrate their existing Suse subscriptions to virtual machine instances running in the public cloud, at no additional cost.

The subscriptions can be used to migrate existing workloads to the cloud or to spin up entirely new ones. The only catch is that the bring-your-own-subscription option is only available with Suse Certified Cloud Providers.

The Linux Foundation is targeting second generation drones through a new initiative that will build a dependable open-source software platform for Unmanned Aerial Vehicles (UAVs).

Dubbed 'The Dronecode Project' the new initiative is due to be announced today at the Embedded Linux Conference in Dusseldorf, Germany.

The Dronecode Project is founded on the APM UAV software and code that had been hosted by project co-founding member 3D Robotics, until now that is.

Other founding members include Box, DroneDeploy and jDrones. The Linux Foundation said that the Dronecode project would help advance several technologies in data analysis, storage and display for drones and accelerate adoption of more affordable and reliable open-source software for UAVs.

Drones are enjoying a mainstream renaissance in acceptance and application thanks to unending automated war in Iraq, Pakistan and Afghanistan.

However, building drone systems often sees drone makers building their own software systems. This can mean greater cost and potential problems in the code while throwing up a hurdle to those building drone hardware and apps, not to mention the costly delays to the final product.

All this is a real problem not just for drone makers but also for customers looking for affordable and reliable flying machines.

The Linux Foundation is normally associated with its work on extending the presence of the Linux kernel and in more Earth-bound locations, so this is a big project that has several ramifications and in more directions than in the recent past.

Dronecode becomes a Linux Foundation Collaborative Project, same as the merged Mego and Tiezen efforts for Linux in devices, the Xen hypervisor, and Open Daylight for software-defined networking (SDN).

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

The Linux Foundation apparently believes that it can bring the same process, order and buy-in to drone software that it has on other projects.

To be sure, Dronecode will be governed by a Linux Foundation Technical Steering Committee, which will become the primary decision-making group.

Falling under the Linux Foundation means that Dronecode can scale and be developed in a vendor-neutral environment.

The project will be headed by Rsync author and Samba co-lead Andrew Tridgell – also lead maintainer in the development of APM.

Jim Zemlin, executive director at The Linux Foundation, said in a statement the Dronecode community would now “receive the support required of a massive project right at its moment of breakthrough.”

“The result will be even greater innovation and a common platform for drone and robotics open source projects,” he added.

In other Linux Foundation News

The Linux Foundation has added another element to its various offerings, with the launch of its OPNFV initiative, a project for an open-source network function virtualization (NFV) platform.

The project comes with a roster of high-profile vendors backing it-- AT&T, Brocade, Cisco, China Mobile, Huawei, IBM, Juniper and a few others.

The goal is to create a reference architecture for carrier-grade NFV, the abstraction of operations that usually reside on custom silicon into software objects built to run on VMs on standard, but usually Intel-based servers.

Rather than developing its own standards, OPNFV will be working with the ETSI group that's formulating the new NFV standards.

As the group explains in its launch announcement-- “Service provider applications have different demands than most IT applications, so an open platform integrating multiple open source components and ensuring continuous testing for carrier-grade service performance is essential to this transition.”

The project says it will draw from existing NVF building blocks that exist, pulling them into a framework under which it'll “coordinate continuous integration and testing”.

Its own code efforts will focus on filling various gaps in the architecture rather than re-creating functions that already exist.

New components will ship under the Apache License Version 2.0. Board officers include Verizon and HP veteran Prodip Sen as chairman, AT&T's Margaret Chiosi, Dell's Wenjing Chu, and China Mobile's Hui Deng.

Source: Linus Torvalds.

Get the most reliable SMTP service for your business. You wished you got it sooner!

All logos, trade marks or service marks on this website are the property of their respective companies or owners.

Article featured on Tech Blog and on Business 5.0

Get a best price and the most dependable server colocation reliability from the experts at Sun Hosting. Learn more. This article was featured on Tech Blog and Business 5.0.

Linux News is read by over 450,000 people involved in the field of Linux application development, professional Web hosting services, Linux security, Linux Web development, etc. Inquire about our reasonable advertising rates on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.

  Site powered by Linux Hosting      Sponsored by DMZ eMail and by Sun Hosting.      Linux news while they are still fresh.    ©   Linux is a registered trademark of Linus Torvalds.