Linux News Today features the latest news from the global Linux community. This site is updated daily. Click here to return to our homepage. Get the lowest cost and the best tech support on any Linux web hosting plan. Click here for details.
                                          home   |   news archives   |   advertise on our site   |   contact









Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.





Plans begin at $24.95 a month. Get more details, click here.


Do it right this time. Click here and we will take good care of you!


Get all the details by clicking here!


Plans begin at $24.95 a month. Get more details, click here.


Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.








Click here to order our special clearance dedicated servers.


Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.


Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.


OpenBSD to fix buggy OpenSSL library, offers new fix

Share on Twitter.

Get the most dependable SMTP service for your business. You wished you got it sooner!

April 23, 2014

Since the recent discovery of the serious Heartbleed bug issue, members of the OpenBSD project have forked the popular OpenSSL library with the goal of creating a new version that they say will be a lot more trustworthy.

And even though OpenSSL is still open source software, for a full two years its entire development community managed to overlook the crucial bug that eventually triggered a global panic in the internet community.

The OpenSSL library has since been patched to address the security issue, but some fallouts from the crisis are still being felt, and the single programmer whose error caused all the problems says there just aren't enough people scrutinizing the OpenSSL code to clearly indentify difficult-to-find bugs such as Heartbleed.

However, the LibreSSL project wants to change all that, and fast. An actual fork of OpenSSL, LibreSSL was created by members of the highly security-conscious OpenBSD operating system community, including its founder Theo de Raadt, who has publicly criticized OpenSSL as a project "not developed by a responsible team." And we sure agree with him 100 percent.

The group's ultimate aim is to provide a drop-in replacement for OpenSSL that has been substantially rewritten and audited for potential security vulnerabilities. The API won't change, they say, but much of the current code will, and in a rather drastic manner, according to de Raadt.

But it's early days for the project yet, however, the group is moving rapidly. Its homepage says its contributors are currently "too busy deleting and rewriting code to make a decent web page."

Much of the early work involves refactoring and cleaning up the OpenSSL code so that it's more readable and easier to maintain. A quick glance at the code commits so far reveals a lot of "KNF" work meaning the individual source files are being rewritten in "kernel normal form," a standard C coding style used by BSD Unix operating systems.

Additionally, thousands of lines of unneeded and useless code have already been deleted as well. Much of that code was OS-specific, including workarounds for such ancient platforms as VMS, OS/2, NetWare, classic Mac OS, and of course, older versions of Windows.

The good news of all this, however, is that LibreSSL will be an OpenBSD-only library. The developers do plan to provide multi-OS support eventually, but only after they have rewritten enough of the code to make it stable and maintainable, and then find reliable developers to work on ports to other systems.

"Now we all know that you all want this tomorrow," the project's homepage states. "We are working as fast as we can but our primary focus is to deliver good software that we trust to run ourselves. We don't want to break your heart..."

As things stands now, the first version of LibreSSL is planned for inclusion in OpenBSD 5.6. If all goes according to plan, that iteration should get here by sometime in November 2014. The upcoming version of the OS, OpenBSD 5.5, is due to ship on May 1st, 2014.

In other Linux and open source news

Linux and open source vendor Red Hat is hoping it will make a lot of money out of its OpenStack project near the end of next year, and says it won't need the help of anybody to keep the project on track.

The company's remark as it refers to 'anybody' was meant as a jab to Linus Torvalds.

Red Hat said on Wednesday at its OpenStack summit that it will turn the data center management cloud technology into serious money toward the end of 2015.

Red Hat recently re-organized its business units to help it bring OpenStack to the next level in the enterprise segment, with the hope of creating the same lucrative market for the data center management and provisioning technology as it did for Linux five years ago.

"The next 1 1/2 year is paramount," explained Red Hat's general manager for OpenStack Radhesh Balakrishnan. "We already started ringing the cash register on OpenStack. What do we see on the horizon? A ten to fifteen x scaling potential."

For the most part, the majority of Red Hat's OpenStack deployment has been for testing and development so far, Balakrishnan added, but he expects major production, and with that major money, deployments to come along by the end of 2015.

Just like Linux itself, OpenStack will take several years to make money and Balakrishnan seemed to feel that the expectations by the press for insta-profitability are a bit unrealistic.

OpenStack launched in mid-2010 with technology donated by the NASA and Rackspace, and since then has signed up a small list of contributors including Intel, HP, Red Hat, and others.

"It's a three-plus year old startup," explained Dave Cahill, Solidfire's Director of Strategic Alliances when asked about what he saw in OpenStack's future.

VMware, he pointed out, was founded pre-2000 and didn't start to make serious money till around 2009. A lot rides on OpenStack's success as it gives company's a potentially cheap way of managing thousands upon thousands of servers without having to pay for the basic software.

"People want an easy-to-use tool to solve this and wish to get out of the VMware so-called tax," he explained. And OpenStack may just be that tool. Time will tell.

One reason why OpenStack has failed to pull in as much cash as its various corporate backers hope could be a lack of focus within the project that has led to feature-creep in some areas and a lack of development on key features like networking and scheduling elsewhere.

When we ask cloud insiders what could be done to give the project more focus, many argue that OpenStack needs a 'benevolent dictator' who would lead OpenStack development in the same way Linus Torvalds uses his opinionated persona to steer Linux development.

Though this isn't a particularly pleasant way to develop software, having a single opinionated individual dictate the direction of a project can give it focus. After all, besides Linux, many proprietary companies have grown successful by being led by a strong leader like Jeff Bezos (Amazon), Bill Gates (Microsoft) or Larry Ellison (Oracle).

Red Hat isn't convinced by this argument and argues that OpenStack's "Foundation" model of governance is sufficient. "We don't believe the need for a Linus figure," Balakrishnan said.

"Personally, if I had a choice between a reasonable set of customers and customer reasoning and someone who has a colorful personality, I'm more convinced by the other. There is also the other dimension-- Linux was just compute, now you're talking about storage and networking and compute and PaaS-- the scope gets really large for one single visionary," he added.

For OpenStack to be developed to the point of serious profitability "we need multitudes of leaders" Balakrishnan exclaimed.

For his part, Dave Cahill of Solidfire is optimistic as well, saying that the Foundation has "generally done a pretty good job" and that OpenStack won't suffer as long as the Foundation "doesn't become a standards body."

"The OpenStack Foundation gives the technical meritocracy and influencing ability to the ones driving it. If the best brains are driving it, then why worry about the personality?" argues Balakrishnan. And he might be right. We will see over time.

In other Linux and open source news

Canonical announced Wednesday that the latest long-term support release of its Ubuntu Linux distribution will be available Friday.

The South African company made the availability announcement of Ubuntu 14.04 LTS, codenamed Trusty Tahr yesterday, coincidentally alongside chief rival Red Hat holding its Red Hat Summit in San Francisco. And no, that's not a coincidence.

The server features where Canonical is keen to gain influence against Red Hat is that Ubuntu 14.04 offers new functionality such as support for the Icehouse OpenStack release, Containerization Technology Docker and ARM-64 chip support.

"We're seeing OpenStack more than anything," said Ubuntu server and cloud product manager Mark Baker. Canonical has also upgraded its Metal-as-a-Service deployment technology to add support for more dense servers, such as AMD-SeaMicro's SM-1500 and equipment from Cisco's UCS division.

There's also a series of incremental upgrades such as moving to support version 3 of the Puppet configuration management software, upgrading the Xen hypervisor to 4.4, moving to support for version 0.79 of the Ceph object storage gear, and finally supporting version 1.0 of LXC.

Non-x86 chip afficionados are also in for a surprise as well, with Ubuntu 14.04 supporting IBM's POWER 8 servers along with 64-bit ARM chips from Applied Micro.

Database system admins may be relieved to hear that Ubuntu is offering some choice here, and is wrapping in some support for MySQL 5.5 along with Maria DB 5.5, Percona XtraDB Cluster 5.5, and MySQL 5.6 into its distribution.

"Ubuntu is now the enterprise platform supported on the widest range of modern architectures- IBM POWER, ARM64, x86, and x64," Canonical said in its press release.

In other Linux and open source news

Red Hat said earlier this morning that it is lowering the price for accessing its publicly hosted OpenShift software as it struggles to come to terms with the unstable economics of the cloud. The new Bronze pricing scheme for OpenShift was announced by Red Hat in a blog post yesterday. It simply means that developers can now access an off-site version of the OpenShift PaaS (platform-as-a-service) without having to pay a monthly fee, and instead only pay for the storage that they actually use.

"Overall, Bronze brings the real power of platform as a service by making it even easier to only pay for the extra resources you want without a monthly platform fee," said Red Hat marketing VP John Poelstra.

Before the change, developers could either opt for a free version of OpenShift Online with limited amounts of infrastructure and storage, or a $20 per month Silver option.

The Bronze package provides a halfway-point between the two, giving greater infrastructure than free, but lacking the Red Hat support options of Silver, nevertheless.

"A segment of the users was either self sufficient or comfortable with the community based resources. We wanted to find a way to provide some flexibility to developers who want to purchase and consume extra resources while utilizing community based support," said Red Hat's Director of OpenShift Online, Sathish Balakrishnan.

"Overall, a large percentage of the applications (1.6 million applications deployed to date) we have running on OpenShift Online are found to have extra storage for both the application and/or database tiers.

Add-on storage gives these applications unlimited room to effectively scale and store data." OpenShift is a hosted platform-as-a-service, competing with other remotely provisioned software like Cloud Foundry, CloudBees, Amazon Elastic Beanstalk, Engine Yard, and others.

The technology behind all of this is powered by Red Hat Enterprise Linux, and incorporates a few elements of SELinux and cgroups to provide security and isolation for "gears", the containers in which all OpenShift apps run, and the fundamental unit of currency for sizing an OpenShift installation.

Under the new pricing scheme, developers can access 16 gears of any size within the Bronze tier, and will need to pay $1 per gigabyte per month for all storage they access above the 1 GB assigned to each gear.

In addition to this, users of Red Hat's Silver version, which costs from $20 a month, can now access more than 16 gears per OpenShift install.

Like Red Hat, OpenShift is built with a significant emphasis on open source and, because of this, competes with Pivotal's Cloud Foundry project for the attention of Linux programmers and application developers.

Pivotal formed the Cloud Foundry Foundation in February, a cross-industry program designed to bring in more companies to work on the technology. Some of the contributors include IBM, HP, SAP, Sun Hosting and Rackspace.

One thing that may cause developers to favor OpenShift is the open-source heritage of its creator. "From a developer trying to extend the platform, the OpenShift codebase provided much better documentation than Cloud Foundry, but was a bit more difficult to understand at first, because it's split into fewer components.

As engineers, we like smaller components of code when we can get them," wrote PaaS software consultants Uhuru Software. "OpenShift gives the user a bit more control and more predictability."

In other Linux and open source news

Cloud solutions provider Joyent said earlier this morning that it has partnered with Canonical's Ubuntu team to offer tailored images into its cloud.

This means that Linux and open source developers who want to run Ubuntu on Joyent's advanced Smart OS-based infrastructure can now do it with greater confidence in getting regular updates from Canonical, with additional performance guarantees.

By joining Canonical's Certified Public Cloud Program, Joyent will be guaranteed to get the latest Ubuntu features, security and compliance accreditations from Canonical, exhaustive testing by Canonical of the Ubuntu image on Joyent's cloud platform, access to the Ubuntu Cloud Suite including Juju orchestration, and Joyent-hosted archive mirrors that are monitored constantly by Canonical in an effort to push out urgent updates.

The partnership "gives people a vector for a first class Ubuntu experience in the Joyent cloud," explains the company's head of engineering Bryan Cantrill.

Click here to order the best dedicated server and at a great price.

"Canonical and Joyent are similar in a few ways since we're both taking on established giants. Joyent is taking on AWS and Canonical is taking on Red Hat," added Cantrill.

Overall, Joyent is mostly known for its technically innovative services, such as its ZFS-based object store and compute-storage cocktail "Manta", its "Content Delivery Cloud" which pairs Joyent DCs with Riverbed virtual appliances for a cut-price Akamai competitor, its eCommerce Package, and more.

These specific products are part of an initiative by the company to identify areas where Amazon is weak and build a product base there, rather than compete with it head-on in the cut-throat markets for main compute and storage projects.

"I don't want to be the Ryanair of cloud computing," he says. "Amazon is fundamentally a retailer and we are fundamentally a systems company. We believe in innovating deeper in the stack. You're never going to see a Manta come out of Amazon."

As part of this systems focus, the company will also work with Joyent to deploy a Node.js charm on its cloud. Charms are used by Joyent's "Juju" orchestration technology, which helps to configure, deploy, and manage Ubuntu-based infrastructure.

"We believe in Canonical and Ubuntu as an important development platform for certain classes of applications," Cantrill says. "I think that if you look at JuJu, you can view that as an intent from them to get upstack from the respect of the developer experience."

Overall, the Joyent partnership follows Canonical's embrace of the "Cloud Foundry" platform-as-a-service in November, as the company tries to get a lead on Red Hat in the world of Linux and open distributed systems.

Source: OpenBSD.

Get the most reliable SMTP service for your business. You wished you got it sooner!

All logos, trade marks or service marks on this website are the property of their respective companies or owners.

Article featured on Tech Blog and on Business 5.0

Get a best price and the most dependable server colocation reliability from the experts at Sun Hosting. Learn more. This article was featured on Tech Blog and Business 5.0.












ADVERTISERS:
Linux News Today.org is read by over 450,000 people involved in the field of Linux application development, professional Web hosting services, Linux security, Linux Web development, etc. Inquire about our reasonable advertising rates on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.




  Site powered by Linux Hosting      Sponsored by DMZ eMail and by Sun Hosting.      Linux news while they are still fresh.    LinuxNewsToday.org.   Linux is a registered trademark of Linus Torvalds.