Linux News Today features the latest news from the global Linux community. This site is updated daily. Click here to return to our homepage. Get the lowest cost and the best tech support on any Linux web hosting plan. Click here for details.
                                          home   |   news archives   |   advertise on our site   |   contact

Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

Plans begin at $24.95 a month. Get more details, click here.

Do it right this time. Click here and we will take good care of you!

Get all the details by clicking here!

Plans begin at $24.95 a month. Get more details, click here.

Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Click here to order our special clearance dedicated servers.

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

FreeBSD abandons hardware random number generators

Share on Twitter.

Get the most dependable SMTP service for your business. You wished you got it sooner!

December 10, 2013

In yet another of the numerous instances of the Edward Snowden security revelations going on at the NSA, the developers of the FreeBSD Unix operating system have decided to take some steps backwards in their cryptographic work, to stop using hardware random number generators (RNGs).

To be sure, the two hardware RNGs singled out by the FreeBSD team are identified as Intel's RDRAND (in Ivy Bridge processors), and VIA's Padlock system.

The decision was made at the FreeBSD Developer Summit, held in Malta in September 2013, but the decision to pull the hardware RNGs didn't attract any attention at the time. But now it does, and in a very big way.

“For FreeBSD 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random.

However, it will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more”, the post warned its users.

But one solution on offer from Polish developer Pawel Jakub Dawidek is to use the time it takes to attach devices at boot time, and feed these numbers into /dev/random-- “it turns out that one can get about 4 good bits of entropy from each device”.

And among the many things Edward Snowden's documents have suggested is that the NIST's crypto standardization efforts were nobbled by the NSA. This confirmed long-standing knowledge that the Dual Elliptic Curve Deterministic Random Bit Generator is weak, leading to RSA abandoning it in September.

However, not everybody believes that RDRAND falls into the same category. Linux OS founder Linus Torvalds, for example, dismissed concerns about the instruction, telling the author of an online petition to yank the command from Linux “we actually know what we're doing. You don't”.

In that debate, Torvalds pointed out that RDRAND isn't the only source of entropy for values streamed into /dev/random in a Linux implementation.

In late 2012, a paper was published by Cryptography assessing Intel's approach, and giving it a pass mark. We did contact Intel for their comments, but we are still awaiting a response from them. We will keep you updated.

In other Linux and open source news

Since Red Hat Enterprise Linux 6.5 is now shipping, so will soon its derivatives, with both CentOS and Oracle releasing newer versions of their respective Red Hat–alike Linux distributions. Red Hat released RHEL 6.5 a week ago as a minor update to its industry-leading enterprise Linux platform. Among its new features are support for Docker application containers, improved virtualization support, expanded storage capabilities, and support for the Precision Time Protocol (PTP).

Oracle has now taken Red Hat's source code and rolled it into its own distribution, Oracle Linux 6.5, adding a smattering of unique features of its own in the process.

The chief difference between Oracle Linux and RHEL is that Oracle Linux ships with a different kernel by default, although enterprise customers can still opt to switch to a kernel built from the same source code as RHEL's, if they prefer.

Called the Unbreakable Enterprise Kernel, Oracle's latest version is based on Linux kernel version 3.8.13, while every release in the RHEL 6 line has shipped with a kernel based on version 2.6.32.

Although the two kernels differ in their major version numbers, there's not a really vast difference between the two. The switch from 2.x to 3.x was made for version numbering purposes only, and both Red Hat and Oracle have continued to apply patches and bug fixes to their respective products.

With this release, however, Oracle has integrated its DTrace debugging technology – which was originally developed for the proprietary Solaris OS – into the Unbreakable Linux Kernel by default, making Oracle Linux the only distro to provide out-of-the-box support for DTrace.

Oracle Linux 6.5 also includes production support for Linux Containers, improvements to InfiniBand support, and the ability to run Oracle Linux as a Hyper-V guest on Windows Server 2008 and 2008 R2, among other updates.

Individual software packages are available for download from Oracle's public yum repository now, and full ISO installation images will be posted to the Oracle Software Delivery Cloud soon.

The code is available free of charge, but as usual, if you'd like commercial support for your servers, you'll need to work that out with Oracle.

Meanwhile, CentOS has also updated its distribution to version 6.5. "There are many fundamental changes in this release, compared with the past CentOS-6 releases," the CentOS team wrote in its launch announcement, "and we highly recommend everyone study the Release Notes as well as the upstream Technical Notes about the changes and how they might impact your installation."

Most of these changes are related to a few new features and fixes introduced in RHEL 6.5, but CentOS also makes some modifications to packages of its own, and it also removes some packages that are included in RHEL, so it's a bit of a mixed bag.

Installation images for CentOS 6.5 are available now from the project's website for x86 and x64. A third RHEL-derived Linux distro, dubbed Scientific Linux, has yet to update its sources to match RHEL 6.5, and no release date for Scientific Linux 6.5 has been announced as of yet.

Typically, Scientific Linux releases have lagged four to eight weeks behind the corresponding RHEL releases, so a new version is doubtless coming soon.

In other Linux and open source news

After 38 1/2 months of intense development, Red Hat has finally released its version 1 of Ceylon, its open-source programming language that's designed to be a direct replacement for Java.

During its development cycle, Ceylon was described as a Java killer by some, but lead programmer Gavin King has denied that doing away with Oracle's platform was ever his intent.

As a matter of fact, even the earliest iterations of Ceylon produced some code that ran on the Java Virtual Machine (JVM).

Rather, King sought to create a new programming language that could run alongside Java but would be based on more modern class libraries and would have syntax more amenable to defining user interfaces, something King believes there is no good way to do in Java.

In its current implementation, King describes Ceylon as a cross-platform language. The 1.0 release, announced at the Devox conference in Belgium earlier this week, includes compilers that can output either Java bytecode or JavaScript natively.

That simply allows the same Ceylon source modules to run on either the JVM or a JavaScript execution environment such as Node.js, interchangeably.

A Ceylon program can be written to target only one instance of Java or JavaScript, in which case it can interoperate with native code written in that specific language.

This first production-ready release, which follows a beta and six previous milestone releases, doesn't add any new language features. Instead, the focus for version 1.0 was on squashing software bugs, of which King says that a very large number of bugs have been fixed since the beta release in September 15, 2013.

In addition to the compilers, the Ceylon distribution includes an Eclipse-based IDE that supports code auto-completion and suggestions, refactoring, incremental compilation, and other modern features.

The 1.0 IDE release includes a number of improvements, such as a type hierarchy view, better syntax highlighting, and improved search results.

The Ceylon software development kit has also been updated to include newer modules for writing build scripts and outputting HTML content.

Going forward, King says Ceylon 1.1 will focus on improving the performance of the language and its compilers and expanding the Ceylon SDK, while Ceylon 1.2 will likely introduce a number of new language features.

More information on the Ceylon road map is available on its website. More information on the Ceylon language itself, including documentation, the full language specification, tutorials, and download links for the language tools and source code, is available at the Ceylon community website.

In other Linux and open source news

API Trace has been around for a few years already and has evolved into the best open-source application for OpenGL debugging and tracing (or replaying) of Open GL events.

Overall, APITrace also supports OpenGL ES and Direct3D / DirectDraw while new features continue to be added over time.

APITrace makes it easy to record and re-trace various graphics API command streams, inspect states upon any call, view frame-buffers and textures, view the call data, further manipulate the data, profile the performance, and carry out various other tasks.

APITrace has been covered several times on Phoronix so if this is your first time hearing about it, please see our earlier articles and visit

While API Trace has made some improvements and is arguably a good open-source OpenGL tracer and debugger, there's still more work to be done to bring it up to the proprietary competition and what's offered on Windows.

As covered last month on Phoronix, Linux still needs better OpenGL debugging support. The purpose of today's article is to give APITrace another shout-out and to note some recent additions.

Committed now is support for the grouping of OpenGL calls. Some other work includes better tracing of GLX context attributes, expanded support for dumping of object labels, additional support in trace for GL_KHR_debug/GL_ARB_debug_output, Direct3D retracing improvements, a new surface viewer for the GUI, and much more.

In other Linux and open source news

MySQL's Percona Server is now into its 5.6 version, lifting most of the paid-for features found in Oracle MySQL 5.6 Enterprise Edition and making them available for free.

The new distribution of the drop-in MySQL replacement was announced on Monday. "It's heavily focused on the operational needs of running MySQL at scale," said Percona chief executive Peter Zaitsev.

The update draws on many technologies found in MySQL 5.6 Enterprise Edition, and wraps in improvements made in the recent general MySQL 5.6 release.

New features include better scaling when dealing with large numbers of concurrent transactions for read-only and read-write operations, Zaitsev added.

Such improvements have been achieved by enhancing the performance of XtraDB by implementing priority refill for the buffer pool list, adding to InnoDB to give more control over when threads flush, and changing locking on thread priorities, among others.

The company has also made the system get better performance out of flash storage by updating its page replacement policy for how it caches information.

Percona has "also relieved contention on a number of mutexes and hotspots inside the code," Zaitsev said, to increase stability. "We have significant interest from people using a number of MySQL 5.6 features," he said.

Percona isn't the only MySQL fork. MariaDB garnered some attention recently after it was revealed that Google was migrating all of its internal MySQL instances over to the technology.

But Zaitsev still believes that the shift by Google was a political move to reduce its exposure to technologies developed by rival Oracle, rather than due to some inherent performance advantages.

"Google isn't having a very healthy or loving relationship with Oracle," Zaitsev said. "Supporting somebody who is as much publicly against Oracle as possible certainly makes sense for Google. And I would in fact agree with them."

In other Linux and open source news

Released earlier this month, the beta preview of openSUSE version 13.1 reveals that this distribution is walking in the footsteps of its Linux brother. Oddily codenamed Bottle, openSUSE v 13.1 has had work done that lays the groundwork for forthcoming features. The lower levels have had major updates in this version, such as the move to G-Streamer 1.0 and new Ruby-powered admin tools.

Multimedia control system GStreamer 1.0 was released around this time in 2012, but openSUSE - a more conservative distribution - has yet to bundle it.

The idea is to get GStreamer 1.0 into openSUSE 13.1, but a quick glance at the project status page reveals that there are quite a few core apps in the openSUSE stack that are still not using the framework.

The biggest multimedia apps on the GNOME side, Rhythmbox and Shotwell, have both been ported over to it, but many others have not.

But openSUSE 13.1 isn't due to arrive in production release until November, giving its developers some time to finish up work on the move to GStreamer 1.0.

Meanwhile, there’s YaST, the Linux system configuration Swiss army-knife of sorts. However, system admins who rely on YaST to administer large networks have no reason to panic. OpenSUSE 13.1 isn't changing anything about how YaST works – it will look and behave just as before – it’s just written in Ruby, that's the only difference, really.

A favourite of system admins and IT managers, YaST is like a control panel for software management, user administration, disk partitioning and a variety of other admin and maintenance tasks.

Click here to order the best dedicated server and at a great price.

YaST has GTK, Qt and command-line interfaces, which means that it functions more or less the same whether you use it on KDE, GNOME or through the shell.

The latter is particularly handy if you're running openSUSE as a server since it allows you to perform the same tasks without the overhead of running a graphical environment.

More recently, openSUSE added WebYaST to the mix, which, as the name suggests, brings the power of YaST to a web interface, allowing you to remotely administer your servers using the familiar YaST graphical interface, but running in a web browser.

YaST also powers openSUSE's installation tools, which remain some of the nicest you'll find in a Linux distribution.

However, YaST had an Achilles heel-- it was written in YCP, a language created solely for YaST development. That limits the number of people who can contribute to the project and who are working to extend and expand it as well.

Not only does development means learning a new language, it means that learning a new language is good for one thing. The new Ruby-based YaST changes that.

The new YaST looks the same, and in our testing with the latest Factory builds, it functions the same as the old YaST. Using Ruby behind the scenes opens the door to developers who might like to contribute or extend YaST without learning a new exotic language just to do so.

And more contributors may well mean more useful tools and extensions for YaST. It also makes it easier for large organizations to write their own customised YaST tools.

To be clear, this is not a ground-up rewrite of YaST - instead, a team of open source developers have translated YaST's YCP code into Ruby. Judging by conversations on the openSUSE YaST mailing list, there may well be some rewriting in future releases, but for now the goal is to make sure everything is translated and that the new Ruby version is as stable and reliable as the old YaST.

In the past, we've used openSUSE primarily with the KDE desktop, which is where the project has poured the majority of its resources. For the final release, the plan is to ship KDE 4.11.x.

KDE 4.11 isn't a radical departure from its predecessor, which shipped with openSUSE 12.3, but it does bring some improvements to KDE's NEPOMUK search tool, which should make it a little speedier when indexing your files.

As with the last release, the default KDE desktop theme for openSUSE is one of the nicest you're likely to find and even manages to make non-KDE apps, such as Firefox or GIMP, feel like a natural part of the KDE desktop.

If you're a KDE fan, then and you don't want to spend a whole lot of time tricking out your desktop. openSUSE is worth at least a test run. It's speedy, has pretty much everything the typical user is likely to need, and offers one of the best looking default KDE desktops out there.

Overall, while KDE still seems to be the focus of the openSUSE project, some effort has been thrown in at giving GNOME the same sort of openSUSE flavoring. For now, that means a green desktop theme rather than any significant customizations.

The plan is to ship GNOME 3.10 (due in a final format next week) with the final release of openSUSE 'Bottle' but the version we tested had only GNOME 3.9.4, which is the current beta.

When it arrives, GNOME 3.10 will bring several new features, such as automatically updated extensions, new maps and video apps, and support for the Wayland display server. Look for all that and more to be a part of openSUSE 13.1 when it's released.

Source: The FreeBSD Development Team.

Get the most reliable SMTP service for your business. You wished you got it sooner!

All logos, trade marks or service marks on this website are the property of their respective companies or owners.

Article featured on Tech Blog and on Business 5.0

Get a best price and the most dependable server colocation reliability from the experts at Sun Hosting. Learn more. This article was featured on Tech Blog and Business 5.0.

Linux News is read by over 450,000 people involved in the field of Linux application development, professional Web hosting services, Linux security, Linux Web development, etc. Inquire about our reasonable advertising rates on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.

  Site powered by Linux Hosting      Sponsored by DMZ eMail and by Sun Hosting.      Linux news while they are still fresh.    ©   Linux is a registered trademark of Linus Torvalds.