Share on Twitter.
Get the most dependable SMTP service for your business. You wished you got it sooner!
January 19, 2015
Linux OS code originator Linus Torvalds has publicly given some of his views on internet
security at the linux.conf.au held last week and seems to be closer to Google's way of thinking
than Microsoft's. Then again, he's been like that for a while now.
Torvalds, along with Debian representatives Bdale Garbee, Samba man Andrew Tridgell, and kernel
coder Rusty Russell spent an hour answering conference attendees' questions last week.
During a discussion about Linux security, Torvalds said-- “I'm an avid believer in just
disclosing responsibly. Security issues need to be made public. And there are people that will
argue me on this and have argued for decades, that you never want to talk about security problems
because that only helps the bad guys. The fact is that I think you absolutely need to report them
and and you need to report them in a reasonable time frame.”
Torvalds says on the kernel security mailing list that the disclosure time is five working days,
“which for some people is a bit extreme.”
“In other projects, it might be a month or a couple of months,” he continues. “But that's so
much better than the years and years of silence which we used to have in the past, he added.”
Might Torvalds have been aware of Google's twin disclosures of as-yet-unpatched Windows flaws last
week? Torvalds did seem to be more sympathetic to Google's approach of giving vendors 90 days to
disclose a security bug than other approaches that see vendors sit on flaws until they are ready
to release a fix.
Microsoft's regular Patch Tuesdays is one such example of that thinking at work and, we now know,
can see the company hold back fixes for bugs it knows about if it can't prepare a remedy in time
for a release.
For its part, Oracle releases security patches every ninety days or so. Torvalds' speech has also
attracted much attention for his remarks on his infamous intemperance.
“I'm an unpleasant person and you probably know that about me. Some people think I am nice
and some people are then shocked when they learn different. I'm not a nice person and I don't care
about you,” he told the conference.
“I care about the technology and I care about the kernel,” he said, going on to say that disagreements
will always erupt once discussions go beyond those topics.
Torvalds went on to make remarks about what he called “diversity in open source” in the
Linux community, saying it is “not about gender, not about skin color” and that the Linux community
is already very diverse as it comprises abrasive grumps like himself and others whose skills and
personality types enable different types of contributions that advance the cause.
He then went on to say that his attitude comes from the fact that he likes arguing and that
“I'm just not a huge believer in politeness and sensitivity being preferable over bluntly letting
people know your feelings,” he told the audience.
Linux OS originator Linus Torvalds has released version 3.18 of his popular 32 and 64-bit kernel. It was
released last night, after what Torvalds wrote was a tiny patch to get release candidate
The new version's headline features for business users are better resumption for Linux servers,
more support for the The Flash-Friendly File-System (FFFS) and some RAID-friendly tweaks to BTRFS.
There's also a lot more of support for graphics devices from NVIDIA and AMD, as well as a few other
Torvalds' announcement also says “I'd love to say that we've figured out the issue that
plagues 3.17 for a couple of people, but we haven't.”
The problem Torvalds is referring to appears to be an occasional lockup in Linux 3.17, perhaps
when running Xen.
Some testers of the Linux 3.18 release reported similar issues and the problem appears also to
manifest itself in the last Linux release.
Whatever the source of the problem, it's not of sufficient magnitude to have stopped the release
of the 3.18 kernel in the first place.
To be sure, Torvalds has now opened the merge window for Linux 3.19. Lately, new releases of the Linux kernel seem
to appear about every six to eight weeks or so.
Torvalds is making his usual pilgrimage to Linux.conf.au, which this year takes place in Auckland,
New Zealand in mid-January.
Between the festive season and that particular trip, the smart money would be on 3.19 landing sometime in mid-March
or early April 2015.
In other Linux and open source news
The marked differences and the strong variations in opinion over Debian's future direction
has prompted the group to launch a new fork of its Linux distribution over the weekend.
The disagreements centred on various plans to replace the sysvinit system management toolkit
with systemd, a similar but less-Linux-specific set of tools.
The “No” camp complained that systemd is not well-aligned with Unix philosophies, reflects
the rise of a “do-ocracy” whereby effort trumps quality and steers Debian in the direction of
The “Yes” camp are said to largely come from the ranks of Gnome developers. Negotiations have
considered making systemd optional, but those talks appear not to have gone well if this post
are anything to go by-- it announces a fork called Devuan.
Devuan's backers call themselves the “Veteran Unix Admin Collective” and, on their new site offer
the following rationale:
“Devuan aims to be a base distribution whose mission is protect the freedom of its community
of users and developers. Its priority is to enable diversity, interoperability and backward
compatibility for existing Debian users and downstream distributions willing to preserve Init's
The webpage goes on to explain that “Devuan will derive its own installer and package repositories
from Debian, modifying them where necessary, with the first goal of removing systemd, still
inheriting the Debian development workflow while continuing it on a different path-- free from
bloat as a minimalist base distro should be.”
A target “spring of 2015” release will see users “be able to switch from Debian 7 to Devuan 1
smoothly, as if they would dist-upgrade to Jessie, and start using our package repositories.”
The group's intention to develop a distribution “free from bloat as a minimalist base
distro should be” may also set some teeth grinding.
Whatever your position is on this issue, Devuan is now a real thing. A GitHub page is
being populated, and it's possible to make donations.
Jeff Waugh, a former member of the Gnome Foundation board says he feels “The 'no systemd'
stuff is a stupid premise, for an audience of a tiny, unpleasantly vocal minority.”
“There’s no way it will attract the kind of sustained maintenance that Debian has achieved for
over 10 years,” he said. “For a fork or child distribution to work, it has to solve a real problem.
Doesn’t include systemd is not a real problem,” he added.
Waugh also feels “it’s very early in the lifetime of systemd, so it would be wiser to see
how it goes before throwing additional tools around as some folks have done already.”
Linux vendor Suse kicked off this year's Suse Conference in Orlando by announcing that it's
getting into the software-defined storage business, starting early in 2015.
The company made a new offering, known simply as Suse Storage, available in private beta
beginning on Tuesday, with general availability expected for the first half of next year.
That Suse should want a piece of the storage market should come as no surprise. In a statement
announcing the new offering, Suse Storage product manager Larry Morris said the storage
market is "poised for disruptive change, just like the server market was fifteen years ago."
And he might be right about that, but what is somewhat unexpected is that Suse has chosen to
hitch its storage ambitions to the open source distributed block, object, and file storage system
Inktank, the company behind Ceph, was acquired by Suse rival Red Hat in April of this year for
$175 million and is now a wholly owned subsidiary.
But while Red Hat still offers Inktank Ceph Enterprise as a commercial product, the core
Ceph software still remains open source, meaning that there's nothing preventing Suse or other
companies from rolling distributions of their own.
A pure-software offering, Ceph is designed to run on commodity servers and disk arrays as
an alternative to costly equipment from traditional storage vendors like EMC, Hitachi Data Systems,
HP, IBM and NetApp.
In a recent report, Gartner said it expects Ceph and similar open source storage systems to
reach 20 percent market share by 2018, as escalating enterprise data retention drives up demand
for lower cost but reliable storage systems.
The first version of Suse Storage will be based on the Firefly release of Ceph, the company said.
Pricing was not discussed and no shipping date was given, but companies that would like to participate
in the beta program can contact Suse to get on the list.
Suse also added that it has teamed up with SAP to help lure Suse customers to the SAP HANA
data analytics platform.
Under the new program, qualifying startups will be able to download a virtual machine that
comes preloaded with a developer edition of HANA running on Suse Linux Enterprise Server and try
it out for six months at no charge.
They'll also be eligible for free training from Suse's Certified Linux Administrator (CLA)
Suse threw a couple of bones to Suse Linux Enterprise customers during Tuesday's SuseCon
keynotes. The first is that live kernel patching based on the kGraft project is now available
on a subscription basis for every maintenance release of Suse Linux Enterprise Server 12 for
the 64-bit Intel architecture.
The technology allows system admins to apply security patches to production servers without
rebooting or stopping the system.
"It's a fully open source solution that features zero-interruption interaction with the system
and a familiar deployment method," Suse product manager Matthias Eckerman said in a statement.
"It's ideal for mission-critical systems, in-memory databases, extended simulations or quick
fixes in a large server farm," he added.
Overall, Suse has also adjusted its licensing terms to allow enterprise customers to migrate
their existing Suse subscriptions to virtual machine instances running in the public cloud, at
no additional cost.
The subscriptions can be used to migrate existing workloads to the cloud or to spin up entirely
new ones. The only catch is that the bring-your-own-subscription option is only available with
Suse Certified Cloud Providers.
The Linux Foundation is targeting second generation drones through a new initiative that will build a
dependable open-source software platform for Unmanned Aerial Vehicles (UAVs).
Dubbed 'The Dronecode Project' the new initiative is due to be announced today at the Embedded Linux Conference in Dusseldorf, Germany.
The Dronecode Project is founded on the APM UAV software and code that had been hosted by project co-founding
member 3D Robotics, until now that is.
Other founding members include Box, DroneDeploy and jDrones. The Linux Foundation said that the Dronecode project
would help advance several technologies in data analysis, storage and display for drones and
accelerate adoption of more affordable and reliable open-source software for UAVs.
Drones are enjoying a mainstream renaissance in acceptance and application thanks to unending
automated war in Iraq, Pakistan and Afghanistan.
However, building drone systems often sees drone makers building their own software systems.
This can mean greater cost and potential problems in the code while throwing up a hurdle to those
building drone hardware and apps, not to mention the costly delays to the final product.
All this is a real problem not just for drone makers but also for customers looking for affordable
and reliable flying machines.
The Linux Foundation is normally associated with its work on extending the presence of the
Linux kernel and in more Earth-bound locations, so this is a big project that has several ramifications and
in more directions than in the recent past.
Dronecode becomes a Linux Foundation Collaborative Project, same as the merged Mego and Tiezen efforts
for Linux in devices, the Xen hypervisor, and Open Daylight for software-defined networking (SDN).
The Linux Foundation apparently believes that it can bring the same process, order and buy-in to
drone software that it has on other projects.
To be sure, Dronecode will be governed by a Linux Foundation Technical Steering Committee,
which will become the primary decision-making group.
Falling under the Linux Foundation means that Dronecode can scale and be developed in a vendor-neutral
The project will be headed by Rsync author and Samba co-lead Andrew Tridgell – also lead maintainer in
the development of APM.
Jim Zemlin, executive director at The Linux Foundation, said in a statement the Dronecode community
would now “receive the support required of a massive project right at its moment of breakthrough.”
“The result will be even greater innovation and a common platform for drone and robotics open source
projects,” he added.
In other Linux Foundation News
The Linux Foundation has added another element to its various offerings, with the launch of
its OPNFV initiative, a project for an open-source network function virtualization (NFV) platform.
The project comes with a roster of high-profile vendors backing it-- AT&T, Brocade, Cisco,
China Mobile, Huawei, IBM, Juniper and a few others.
The goal is to create a reference architecture for carrier-grade NFV, the abstraction of
operations that usually reside on custom silicon into software objects built to run on VMs
on standard, but usually Intel-based servers.
Rather than developing its own standards, OPNFV will be working with the ETSI group that's
formulating the new NFV standards.
As the group explains in its launch announcement-- “Service provider applications have different
demands than most IT applications, so an open platform integrating multiple open source components
and ensuring continuous testing for carrier-grade service performance is essential to this transition.”
The project says it will draw from existing NVF building blocks that exist, pulling them into a
framework under which it'll “coordinate continuous integration and testing”.
Its own code efforts will focus on filling various gaps in the architecture rather than re-creating
functions that already exist.
New components will ship under the Apache License Version 2.0. Board officers include Verizon and HP
veteran Prodip Sen as chairman, AT&T's Margaret Chiosi, Dell's Wenjing Chu, and China Mobile's Hui Deng.
Source: Linus Torvalds.
Get the most reliable SMTP service for your business. You wished you got it sooner!
All logos, trade marks or service marks on this website are the property of their respective
companies or owners.
Linux News Today.org is read by over 450,000 people involved in the field of Linux application development,
professional Web hosting services, Linux
security, Linux Web development, etc.
Inquire about our reasonable advertising rates
on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn
about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.