Language Selection

English French German Italian Portuguese Spanish

Android Leftovers

More in Tux Machines

Seven Concerns Open Source Should Worry About - Part 1

Not long ago, the Linux community celebrated the twenty-fifth anniversary of Linus Torvalds’ famous Internet post, and thus its birth. While Linux was not the first open source project (Richard Stallman announced his GNU Project eight years before), it soon became the poster child of a new way of collaborative development that changed not only how technology is created, but many other aspects of the world as well. Today, most critical software platforms and architectures are open source, and virtually all proprietary software is riddled with free and open source software (FOSS) as well. So, what could go wrong? Well, a lot, actually, unless we pause to think about where the potholes may emerge in the future, and how we can successfully navigate our way around them. That’s what I plan to do in a series of articles to which this is the introduction. Happily, all the potential concerns I will address can be addressed. That’s the good news. The bad news is that neither the commercial world nor the community of developers has a very good history of thinking about some types of risks that might be expensive, inconvenient, or just plain boring to manage or fix. Take security. That’s hardly a risk that’s unique to FOSS. But it is a concern that’s been around for a very long time. So long that we have a pretty compelling record of how both human and commercial nature act in response to security risks. Or, more to the point, don’t act. It would be impossible to find a single new wave of technology – and there have been very many – where security was not addressed as an after thought rather than designed in from the start. Almost always after multiple disasters had already occurred. The latest example is the Internet of Things. The IoT has been building out for going on a decade now, and none of the initial devices had any security features at all. Most of the latest devices still don’t. Some even have designed-in vulnerabilities, like factory programmed, unchangeable passwords. Other risks arise from a different type of complacency – assuming that because FOSS is “good” that it’s not possible to do anything “bad” when it’s created. That’s a dangerous attitude to have when you consider that there are increasing numbers of projects that are heavily funded by multiple head to head competitors. FOSS projects need concise antitrust policies - and then they need to follow them. Codes of Conduct, too. Other aspects of complacency relate to how effective FOSS licenses (as compared to what might be referred to as social pressures) are in a legal sense. Another is unquestioned assumption that the world will always be better with a single, dominant code base. Sometimes, competition between multiple architectures and platforms is a good thing. And while everybody wants to contribute to a rapidly expanding project that’s taking over the world, not everyone wants to do the boring maintenance work after its finished and becomes stable. If too many developers lose interest and drift away, still-crucial elements of the technology ecosystem can become dangerously vulnerable, stagnant and weak. Read more

Network Security Toolkit 30-11210

We are pleased to announce the latest NST release: "NST 30 SVN:11210". This release is based on Fedora 30 using Linux Kernel: "kernel-5.1.17-300.fc30.x86_64". This release brings the NST distribution on par with Fedora 30. Read more

Univention Corporate Server 4.4-1/Point Release UCS 4.4-1: performance improvements, app recommendations and UDM REST API Beta

There are significant performance improvements for managing the contents of the directory service via UDM, especially for application scenarios with complex structures. There have also been further minor improvements in DNS management, where the search for IP addresses is now enabled in further modules, as well as in the use of standard containers of domain controller objects. A brand new feature is the REST API for UDM, which considerably facilitates the integration of UDM with other applications. This REST API has been released as beta version for the time being. After further tests and improvements we plan to release a stable version in autumn. Read more

Proxmox VE 6.0 released!

We're excited to announce the final release of our Proxmox VE 6.0! It's based on the great Debian 10 codename "Buster" and the latest 5.0 Linux kernel, QEMU 4.0, LXC 3.1.0, ZFS 0.8.1, Ceph 14.2, Corosync 3.0, and more. This major release includes the latest Ceph Nautilus feautures and an improved Ceph management dashboard. We have updated the cluster communication stack to Corosync 3 using Kronosnet, and have a new selection widget for the network making it simple to select the correct link address in the cluster creation wizard. With ZFS 0.8.1 we have included TRIM support for SSDs and also support for native encryption with comfortable key-handling. Read more