paroneayea writes: GNU Guix, the functional package manager (and with GuixSD, distribution) got a nice feature yesterday: timely delivery of security updates with grafts. Guix's new grafts feature recursively produces re-linked packages as dependencies without waiting for all to compile when a time-sensitive security upgrade is an issue. This came just in time for this week's OpenSSL security issues, and has been successfully tested by the community. It worked so well that it was able to reproduce the ABI break issue that other traditional distributions experienced also!
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's now on IFTTT. Check it out! Check out the new SourceForge HTML5 Internet speed test! ×
An anonymous reader writes: Today Google's online security team publicly disclosed a severe vulnerability in the Gnu C Library's DNS client. Due to the ubiquity of Glibc, this affects an astounding number of machines and software running on the internet, and raises questions about whether Glibc ought to still be the preferred C library when alternatives like musl are gaining maturity. As one example of the range of software affected, nearly every Bitcoin implementation is affected. Reader msm1267 adds some information about the vulnerability, discovered independently by security researchers at Red Hat as well as at Google, which has since been patched: The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory. "A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches," Red Hat said in an advisory. It's likely that all Linux servers and web frameworks such as Rails, PHP and Python are affected, as well as Android apps running glibc.
Bruce66423 points out an analysis at The Guardian of North Korea's Red Star Linux-based OS, based on a presentation Sunday to the Chaos Communication Congress in Berlin : The features of their Fedora based OS include a watermarking system to enable tracking of files — even if unopened. The operating system is not just the pale copy of western ones that many have assumed, said Florian Grunow and Niklaus Schiess of the German IT security company ERNW, who downloaded the software from a website outside North Korea and explored the code in detail. ... This latest version, written around 2013, is based on a version of Linux called Fedora and has eschewed the previous version’s Windows XP feel for Apple’s OS X – perhaps a nod to the country’s leader Kim Jong-un who, like his father, has been photographed near Macs. The OS, unsurprisingly, allowed only tightly fettered access to web sites, using a whitelist approach that gives access to government-controlled or approved sites.
An anonymous reader writes: Satya Nadella has made some interesting reforms to Microsoft. Today, Red Hat and Microsoft announced that they will partner to deliver Red Hat's product suite in Azure. Red Hat will also support .NET core in RHEL. Additionally, Red Hat's CloudForms product will now work with Hyper-V/Azure, RHEV, VMware, and AWS. Microsoft has certainly come a long way from the Halloween Memos. Here are Red Hat's blog post and Microsoft's blog post about the announcement
An anonymous reader writes: Today marks the release of Fedora 23 for all three main editions: Workstation, Cloud, and Server. This release brings GNOME 3.18, Libre Office 5.0, and Fedora Spins — alternate desktops that provide a different experience. Fedora 23 also includes a version optimized for running on ARM-based systems. You can read the full release notes on their website. "Fedora 23 also has important under-the-hood security improvements, with increased hardening for all compiled software and with insecure SSL3 and RC4 protocols disabled. We've also updated all of the software installed by default in Fedora Cloud Base Image and Fedora Workstation to use Python version 3, and the Mono .NET compatible framework is now at version 4. Perhaps most importantly, Unicode 8.0 support now enables the crucial U1F32D character."
An anonymous reader writes: According to VentureBeat Red Hat Inc is about to buy the company behind the automation and orchestration software Ansible. The move is seen as a good acquisition, since Ansible, other than being almost universally expanding, is also used by Red Hat's own cloud and system platforms. It could probably use some strong backing for the extra services it wishes to offer. The question remains whether this will have consequences in the future direction of the Python-based, open source platform itself (on GitHub). It's one of the most trivial to implement (compared to cfengine, ever-changing puppet or Chef) yet very powerful, and Red Hat may want to optimize it for their own purposes. Update: 10/16 15:39 GMT by S : Red Hat has confirmed the acquisition and explained their reasons for doing so.
An anonymous reader writes: Updating a full OS distribution is no small task so it is usually no surprise that even a 5-6 month schedule may tend to get pushed back to address issues. However, the Fedora 23 release schedule made it through the Alpha, Beta and Final freeze periods so far on time. This has been accomplished despite having to address plenty of Alpha Blocker and Beta Blocker bugs. Now all that is left is to clear existing and future Final Blocker bugs in the next two weeks. The release of Fedora 23 will provide some nice incremental updates and should result in the end of life of Fedora 21 around the end of November.
New submitter alexvoica writes: Today Fedora contributor Michal Toman has announced that the first Fedora 22 image for 32-bit MIPS CPUs is available for testing; this version of the operating system was developed using our Creator CI20 microcomputer, which includes a 1.2 GHz dual-core MIPS processor. In addition, Michal announced he is working on a 64-bit version designed to run on MIPS-based Cavium OCTEON III processors.
ectoman writes: Red Hat CEO Jim Whitehurst has just published The Open Organization, a book that chronicles his tenure as leader of the world's largest open source company. The book aims to show other business leaders how open source principles like transparency, authenticity, access, and openness can enhance their organizations. It's also filled with information about daily life inside Red Hat. Whitehurst joined Red Hat in 2008 after leaving Delta Airlines, and he says his time working in open source has changed him. "I thought I knew what it took to manage people and get work done," he writes in The Open Organization. "But the techniques I had learned, the traditional beliefs I held for management and how people are taught to run companies and lead organizations, were to be challenged when I entered the world of Red Hat and open source." All proceeds from the book benefit the Electronic Frontier Foundation, and Opensource.com is hosting free book club materials.
New submitter PFMABE writes The Naval Oceanographic Office (NAVO) has spent 16 years developing the Pure File Magic Area Based Editor (PFMABE) software suite to edit the huge volumes of lidar and sonar data they collect every year. In accordance with 17 USC 105, copyright protection is not available to any work of the US government. Originally developed to run on RedHat OS with network distributed storage, it has been migrated to Windows 7. This software, and accompanying source code (Win & Linux), has been released to the public domain at pfmabe.software, free for download with registration.
angry tapir writes Reacting to the surging popularity of the Docker virtualization technology, Red Hat has customized a version of its Linux distribution to run Docker containers. The Red Hat Enterprise Linux 7 Atomic Host strips away all the utilities residing in the stock distribution of Red Hat Enterprise Linux (RHEL) that aren't needed to run Docker containers. Removing unneeded components saves on storage space, and reduces the time needed for updating and booting up. It also provides fewer potential entry points for attackers. (Product page is here.)
An anonymous reader writes: ZDNet reports that the latest changes to the Linux kernel include the ability to apply patches without requiring a reboot. From the article: "Red Hat and SUSE both started working on their own purely open-source means of giving Linux the ability to keep running even while critical patches were being installed. Red Hat's program was named kpatch, while SUSE' is named kGraft. ... At the Linux Plumbers Conference in October 2014, the two groups got together and started work on a way to patch Linux without rebooting that combines the best of both programs. Essentially, what they ended up doing was putting both kpatch and kGraft in the 4.0 Linux kernel." Note: "Simply having the code in there is just the start. Your Linux distribution will have to support it with patches that can make use of it."
theodp writes Maybe Bill Gates' Summer Reading this year will include The Art of R Programming. Pushing further into Big Data, Microsoft on Friday announced it's buying Revolution Analytics, the top commercial provider of software and services for the open-source R programming language for statistical computing and predictive analytics. "By leveraging Revolution Analytics technology and services," blogged Microsoft's Joseph Sirosh, "we will empower enterprises, R developers and data scientists to more easily and cost effectively build applications and analytics solutions at scale." Revolution Analytics' David Smith added, "Now, Microsoft might seem like a strange bedfellow for an open-source company [RedHat:Linux as Revolution Analytics:R], but the company continues to make great strides in the open-source arena recently." Now that it has Microsoft's blessing, is it finally time for AP Statistics to switch its computational vehicle to R?
jones_supa writes: Siddhesh Poyarekar from Red Hat has taken a professional look into mathematical functions found in Glibc (the GNU C library). He has been able to provide an 8-times performance improvement to slowest path of pow() function. Other transcendentals got similar improvements since the fixes were mostly in the generic multiple precision code. These improvements already went into glibc-2.18 upstream. Siddhesh believes that a lot of the low hanging fruit has now been picked, but that this is definitely not the end of the road for improvements in the multiple precision performance. There are other more complicated improvements, like the limitation of worst case precision for exp() and log() functions, based on the results of the paper Worst Cases for Correct Rounding of the Elementary Functions in Double Precision (PDF). One needs to prove that those results apply to the Glibc multiple precision bits.
itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.
linuxscreenshot writes: The Fedora Project has announced the release of Fedora 21. "As part of the Fedora.next initiative, Fedora 21 comes in three flavors: Cloud, Server, and Workstation. Cloud is now a top-level deliverable for Fedora 21, and includes images for use in private cloud environments like OpenStack, as well as AMIs for use on Amazon, and a new "Atomic" image streamlined for running Docker containers. The Fedora Server flavor is a common base platform that is meant to run featured application stacks, which are produced, tested, and distributed by the Server Working Group. The Fedora Workstation is a new take on desktop development from the Fedora community. Our goal is to pick the best components, and integrate and polish them. This work results in a more polished and targeted system than you've previously seen from the Fedora desktop." Here are screenshots for Fedora 21: GNOME, KDE, Xfce, LXDE, and MATE.
An anonymous reader writes: The Fedora Project has been critical to the development Red Hat Enterprise Linux — RHEL version 7 was largely based off Fedora version 19. Fedora is continuing to evolve with the announcement of Fedora 21 Beta, now available from the Fedora Project website. To make the release ready for Beta testing required addressing 50 beta blocker bugs. If the Fedora Project developers are able to keep up with the final release blocker bugs, then Fedora 21 is expected to be released on December 9th. As a result, support for Fedora 19 is expected to end around the beginning of 2015. Released back in July 2013, Fedora 19 will have been supported for over 540 days by 2015. Previously, the longest a Fedora release was supported was Fedora Core 5 at 469 days. Users of Fedora 19 will be encouraged to upgrade to Fedora 20 or 21 to continue to get critical updates.
jones_supa writes: A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.
An anonymous reader writes Fedora 21 Alpha has been released. After encountering multiple delays, the first development version is out for the Fedora.NEXT and Fedora 21 products. Fedora 21 features improved Wayland support, GNOME 3.14, many updated packages, greater server and cloud support, and countless other improvements with Fedora 20 already being nearly one year old.
sfcrazy writes Developer Vratislav Podzimek has announced the next-gen partition manager for Fedora, blivet-gui. It is eventually going to replace GParted, the most popular GUI based partition manager, found in all major distros. The new tool is named blivet-gui after the blivet python library (originally Anaconda's storage management and configuration tool). The need of a new partition manager stems from the fact that none of the existing GUI partitioning tools supports all modern storage technologies. Fedora's Anaconda base supports all, though, and is hence chosen as the back-end for this new tool. The application is only a few months old but is already looking nice and useful. Features like RAID and BTRFS support are being worked on. Vojtech Trefny is the other developer working with Vratislav on blivet-gui. Here's the announcement.