Share on Twitter.
Get the most dependable SMTP service for your business. You wished you got it sooner!
December 10, 2013
In yet another of the numerous instances of the Edward Snowden security revelations going on at the NSA, the developers of the FreeBSD Unix
operating system have decided to take some steps backwards in their cryptographic work, to stop using hardware random number
To be sure, the two hardware RNGs singled out by the FreeBSD team are identified as Intel's RDRAND (in Ivy Bridge processors),
and VIA's Padlock system.
The decision was made at the FreeBSD Developer Summit, held in Malta in September 2013, but the decision to pull the hardware
RNGs didn't attract any attention at the time. But now it does, and in a very big way.
“For FreeBSD 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering
their output directly to /dev/random.
However, it will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline
assembly or by using OpenSSL from userland, if required, but we cannot trust them any more”, the post warned its users.
But one solution on offer from Polish developer Pawel Jakub Dawidek is to use the time it takes to attach devices at boot time,
and feed these numbers into /dev/random-- “it turns out that one can get about 4 good bits of entropy from each device”.
And among the many things Edward Snowden's documents have suggested is that the NIST's crypto standardization efforts were nobbled by
the NSA. This confirmed long-standing knowledge that the Dual Elliptic Curve Deterministic Random Bit Generator is weak, leading to
RSA abandoning it in September.
However, not everybody believes that RDRAND falls into the same category. Linux OS founder Linus Torvalds, for example, dismissed concerns
about the instruction, telling the author of an online petition to yank the command from Linux “we actually know what we're doing. You don't”.
In that debate, Torvalds pointed out that RDRAND isn't the only source of entropy for values streamed into /dev/random in a Linux
In late 2012, a paper was published by Cryptography assessing Intel's approach, and giving it a pass mark. We did contact Intel for their
comments, but we are still awaiting a response from them. We will keep you updated.
In other Linux and open source news
Since Red Hat Enterprise Linux 6.5 is now shipping, so will soon its derivatives, with both CentOS and Oracle releasing
newer versions of their respective Red Hat–alike Linux distributions. Red Hat released RHEL 6.5 a week ago as a minor update to its industry-leading enterprise Linux platform. Among its new features
are support for Docker application containers, improved virtualization support, expanded storage capabilities, and support for the
Precision Time Protocol (PTP).
Oracle has now taken Red Hat's source code and rolled it into its own distribution, Oracle Linux 6.5, adding a smattering of
unique features of its own in the process.
The chief difference between Oracle Linux and RHEL is that Oracle Linux ships with a different kernel by default, although
enterprise customers can still opt to switch to a kernel built from the same source code as RHEL's, if they prefer.
Called the Unbreakable Enterprise Kernel, Oracle's latest version is based on Linux kernel version 3.8.13, while every release
in the RHEL 6 line has shipped with a kernel based on version 2.6.32.
Although the two kernels differ in their major version numbers, there's not a really vast difference between the two. The switch
from 2.x to 3.x was made for version numbering purposes only, and both Red Hat and Oracle have continued to apply patches and bug
fixes to their respective products.
With this release, however, Oracle has integrated its DTrace debugging technology – which was originally developed for the proprietary
Solaris OS – into the Unbreakable Linux Kernel by default, making Oracle Linux the only distro to provide out-of-the-box support for DTrace.
Oracle Linux 6.5 also includes production support for Linux Containers, improvements to InfiniBand support, and the ability to
run Oracle Linux as a Hyper-V guest on Windows Server 2008 and 2008 R2, among other updates.
Individual software packages are available for download from Oracle's public yum repository now, and full ISO installation images
will be posted to the Oracle Software Delivery Cloud soon.
The code is available free of charge, but as usual, if you'd like commercial support for your servers, you'll need to work that
out with Oracle.
Meanwhile, CentOS has also updated its distribution to version 6.5. "There are many fundamental changes in this release, compared
with the past CentOS-6 releases," the CentOS team wrote in its launch announcement, "and we highly recommend everyone study the
Release Notes as well as the upstream Technical Notes about the changes and how they might impact your installation."
Most of these changes are related to a few new features and fixes introduced in RHEL 6.5, but CentOS also makes some modifications
to packages of its own, and it also removes some packages that are included in RHEL, so it's a bit of a mixed bag.
Installation images for CentOS 6.5 are available now from the project's website for x86 and x64. A third RHEL-derived Linux distro,
dubbed Scientific Linux, has yet to update its sources to match RHEL 6.5, and no release date for Scientific Linux 6.5 has been announced
as of yet.
Typically, Scientific Linux releases have lagged four to eight weeks behind the corresponding RHEL releases, so a new version is
doubtless coming soon.
In other Linux and open source news
After 38 1/2 months of intense development, Red Hat has finally released its version 1 of Ceylon, its open-source programming
language that's designed to be a direct replacement for Java.
During its development cycle, Ceylon was described as a Java killer by some, but lead programmer Gavin King has denied that doing
away with Oracle's platform was ever his intent.
As a matter of fact, even the earliest iterations of Ceylon produced some code that ran on the Java Virtual Machine (JVM).
Rather, King sought to create a new programming language that could run alongside Java but would be based on more modern class libraries
and would have syntax more amenable to defining user interfaces, something King believes there is no good way to do in Java.
In its current implementation, King describes Ceylon as a cross-platform language. The 1.0 release, announced at the Devox conference
code written in that specific language.
This first production-ready release, which follows a beta and six previous milestone releases, doesn't add any new language features.
Instead, the focus for version 1.0 was on squashing software bugs, of which King says that a very large number of bugs have been fixed
since the beta release in September 15, 2013.
In addition to the compilers, the Ceylon distribution includes an Eclipse-based IDE that supports code auto-completion and suggestions,
refactoring, incremental compilation, and other modern features.
The 1.0 IDE release includes a number of improvements, such as a type hierarchy view, better syntax highlighting, and improved
The Ceylon software development kit has also been updated to include newer modules for writing build scripts and outputting HTML
Going forward, King says Ceylon 1.1 will focus on improving the performance of the language and its compilers and expanding the
Ceylon SDK, while Ceylon 1.2 will likely introduce a number of new language features.
More information on the Ceylon road map is available on its website. More information on the Ceylon language itself, including documentation,
the full language specification, tutorials, and download links for the language tools and source code, is available at the Ceylon
In other Linux and open source news
API Trace has been around for a few years already and has evolved into the best open-source application for OpenGL debugging
and tracing (or replaying) of Open GL events.
Overall, APITrace also supports OpenGL ES and Direct3D / DirectDraw while new features continue to be added over time.
APITrace makes it easy to record and re-trace various graphics API command streams, inspect states upon any call, view frame-buffers
and textures, view the call data, further manipulate the data, profile the performance, and carry out various other tasks.
APITrace has been covered several times on Phoronix so if this is your first time hearing about it, please see our earlier articles
and visit apitrace.github.io.
While API Trace has made some improvements and is arguably a good open-source OpenGL tracer and debugger, there's still more work to
be done to bring it up to the proprietary competition and what's offered on Windows.
As covered last month on Phoronix, Linux still needs better OpenGL debugging support. The purpose of today's article is to give APITrace
another shout-out and to note some recent additions.
Committed now is support for the grouping of OpenGL calls. Some other work includes better tracing of GLX context attributes,
expanded support for dumping of object labels, additional support in trace for GL_KHR_debug/GL_ARB_debug_output, Direct3D retracing
improvements, a new surface viewer for the GUI, and much more.
In other Linux and open source news
MySQL's Percona Server is now into its 5.6 version, lifting most of the paid-for features found in Oracle MySQL 5.6 Enterprise
Edition and making them available for free.
The new distribution of the drop-in MySQL replacement was announced on Monday. "It's heavily focused on the operational needs of running
MySQL at scale," said Percona chief executive Peter Zaitsev.
The update draws on many technologies found in MySQL 5.6 Enterprise Edition, and wraps in improvements made in the recent general
MySQL 5.6 release.
New features include better scaling when dealing with large numbers of concurrent transactions for read-only and read-write operations,
Such improvements have been achieved by enhancing the performance of XtraDB by implementing priority refill for the buffer pool
list, adding to InnoDB to give more control over when threads flush, and changing locking on thread priorities, among others.
The company has also made the system get better performance out of flash storage by updating its page replacement policy for how it
Percona has "also relieved contention on a number of mutexes and hotspots inside the code," Zaitsev said, to increase stability. "We
have significant interest from people using a number of MySQL 5.6 features," he said.
Percona isn't the only MySQL fork. MariaDB garnered some attention recently after it was revealed that Google was migrating all of its
internal MySQL instances over to the technology.
But Zaitsev still believes that the shift by Google was a political move to reduce its exposure to technologies developed by rival
Oracle, rather than due to some inherent performance advantages.
"Google isn't having a very healthy or loving relationship with Oracle," Zaitsev said. "Supporting somebody who is as much
publicly against Oracle as possible certainly makes sense for Google. And I would in fact agree with them."
In other Linux and open source news
Released earlier this month, the beta preview of openSUSE version 13.1 reveals that this distribution is walking in the
footsteps of its Linux brother. Oddily codenamed Bottle, openSUSE v 13.1 has had work done that lays the groundwork for forthcoming
features. The lower levels have had major updates in this version, such as the move to G-Streamer 1.0 and new Ruby-powered admin tools.
Multimedia control system GStreamer 1.0 was released around this time in 2012, but openSUSE - a more conservative distribution - has yet
to bundle it.
The idea is to get GStreamer 1.0 into openSUSE 13.1, but a quick glance at the project status page reveals that there are quite
a few core apps in the openSUSE stack that are still not using the framework.
The biggest multimedia apps on the GNOME side, Rhythmbox and Shotwell, have both been ported over to it, but many others have
But openSUSE 13.1 isn't due to arrive in production release until November, giving its developers some time to finish up work on
the move to GStreamer 1.0.
Meanwhile, there’s YaST, the Linux system configuration Swiss army-knife of sorts. However, system admins who rely on YaST to administer large
networks have no reason to panic. OpenSUSE 13.1 isn't changing anything about how YaST works – it will look and behave just as before –
it’s just written in Ruby, that's the only difference, really.
A favourite of system admins and IT managers, YaST is like a control panel for software management, user administration, disk partitioning
and a variety of other admin and maintenance tasks.
YaST has GTK, Qt and command-line interfaces, which means that it functions more or less the same whether you use it on KDE, GNOME or
through the shell.
The latter is particularly handy if you're running openSUSE as a server since it allows you to perform the same tasks without
the overhead of running a graphical environment.
More recently, openSUSE added WebYaST to the mix, which, as the name suggests, brings the power of YaST to a web interface, allowing
you to remotely administer your servers using the familiar YaST graphical interface, but running in a web browser.
YaST also powers openSUSE's installation tools, which remain some of the nicest you'll find in a Linux distribution.
However, YaST had an Achilles heel-- it was written in YCP, a language created solely for YaST development. That limits the number
of people who can contribute to the project and who are working to extend and expand it as well.
Not only does development means learning a new language, it means that learning a new language is good for one thing. The new Ruby-based
YaST changes that.
The new YaST looks the same, and in our testing with the latest Factory builds, it functions the same as the old YaST. Using
Ruby behind the scenes opens the door to developers who might like to contribute or extend YaST without learning a new exotic language
just to do so.
And more contributors may well mean more useful tools and extensions for YaST. It also makes it easier for large organizations to
write their own customised YaST tools.
To be clear, this is not a ground-up rewrite of YaST - instead, a team of open source developers have translated YaST's YCP
code into Ruby. Judging by conversations on the openSUSE YaST mailing list, there may well be some rewriting in future releases,
but for now the goal is to make sure everything is translated and that the new Ruby version is as stable and reliable as the old
In the past, we've used openSUSE primarily with the KDE desktop, which is where the project has poured the majority of its resources.
For the final release, the plan is to ship KDE 4.11.x.
KDE 4.11 isn't a radical departure from its predecessor, which shipped with openSUSE 12.3, but it does bring some improvements
to KDE's NEPOMUK search tool, which should make it a little speedier when indexing your files.
As with the last release, the default KDE desktop theme for openSUSE is one of the nicest you're likely to find and even manages
to make non-KDE apps, such as Firefox or GIMP, feel like a natural part of the KDE desktop.
If you're a KDE fan, then and you don't want to spend a whole lot of time tricking out your desktop. openSUSE is worth at least a test
run. It's speedy, has pretty much everything the typical user is likely to need, and offers one of the best looking default KDE desktops
Overall, while KDE still seems to be the focus of the openSUSE project, some effort has been thrown in at giving GNOME the same
sort of openSUSE flavoring. For now, that means a green desktop theme rather than any significant customizations.
The plan is to ship GNOME 3.10 (due in a final format next week) with the final release of openSUSE 'Bottle' but the version we tested
had only GNOME 3.9.4, which is the current beta.
When it arrives, GNOME 3.10 will bring several new features, such as automatically updated extensions, new maps and video apps, and
support for the Wayland display server. Look for all that and more to be a part of openSUSE 13.1 when it's released.
Source: The FreeBSD Development Team.
Get the most reliable SMTP service for your business. You wished you got it sooner!
All logos, trade marks or service marks on this website are the property of their respective
companies or owners.
Linux News Today.org is read by over 450,000 people involved in the field of Linux application development,
professional Web hosting services, Linux
security, Linux Web development, etc.
Inquire about our reasonable advertising rates
on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn
about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.