Language Selection

English French German Italian Portuguese Spanish

Beware of Suits Bearing Code

Filed under
OSS

While all the hoopla was taking place out in Portland at the Eight Annual O'Reilly Open Source Convention (OSCON) this week, some of us noted the ever-so-quiet death of what should have been a vibrant open source project: OpenDarwin.

Now, from a sheer Linux standpoint, we should not shed too many tears for the demise of OpenDarwin, the almost SourceForge-like project created in April 2002, ideally to develop open source software for OS X. They were also working on creating their own Darwin-based "distro." The project is (still) heavily referenced on Apple's own open source pages, and while not officially under Apple's control, it was clear that they were putting a lot of effort in steering open source developers through OpenDarwin's doors.

Still, c'mon, let's face it, if OpenDarwin kicks the bucket, it's just one less OS for Linux to compete with, right? From a purely pragmatic viewpoint, this is true. But we are not in a vacuum. The closing of OpenDarwin is an object lesson for us all.

Full Story.

More in Tux Machines

Security Leftovers

  • efail: Outdated Crypto Standards are to blame
    I have a lot of thoughts about the recently published efail vulnerability, so I thought I'd start to writeup some of them. I'd like to skip all the public outrage about the disclosure process for now, as I mainly wanted to get into the technical issues, explain what I think went wrong and how things can become more secure in the future. I read lots of wrong statements that "it's only the mail clients" and the underlying crypto standards are fine, so I'll start by explaining why I believe the OpenPGP and S/MIME standards are broken and why we still see these kinds of bugs in 2018. I plan to do a second writeup that will be titled "efail: HTML mails are to blame". I assume most will have heard of efail by now, but the quick version is this: By combining a weakness in cryptographic modes along with HTML emails a team of researchers was able to figure out a variety of ways in which mail clients can be tricked into exfiltrating the content of encrypted e-mails. Not all of the attack scenarios involve crypto, but those that do exploit a property of encryption modes that is called malleability. It means that under certain circumstances you can do controlled changes of the content of an encrypted message. [...] Properly using authenticated encryption modes can prevent a lot of problems. It's been a known issue in OpenPGP, but until know it wasn't pressing enough to fix it. The good news is that with minor modifications OpenPGP can still be used safely. And having a future OpenPGP standard with proper authenticated encryption is definitely possible. For S/MIME the situation is much more dire and it's probably best to just give up on it. It was never a good idea in the first place to have competing standards for e-mail encryption. For other crypto protocols there's a lesson to be learned as well: Stop using unauthenticated encryption modes. If anything efail should make that abundantly clear.
  • Comcast Leaked Customer Wi-Fi Logins in Plaintext, Change Your Passcode Now
    A Comcast Xfinity website was leaking Wi-Fi names and passwords, meaning now is a good time to change your Wi-Fi passcode. The site, intended to help new customers set up new routers, could easily be fooled into revealing the location of and password for any customer’s Wi-Fi network. A customer ID and a house or apartment number was all would-be attackers needed to get full access to your network, along with your full address.
  • Update Fedora Linux using terminal for latest software patches
  • Patch for New Spectre-Like CPU Bug Could Affect Your Performance
  • container_t versus svirt_lxc_net_t

today's howtos

Red Hat News

  • “Ultimate Private Cloud” Demo, Under The Hood!
    At the recent Red Hat Summit in San Francisco, and more recently the OpenStack Summit in Vancouver, the OpenStack engineering team worked on some interesting demos for the keynote talks. I’ve been directly involved with the deployment of Red Hat OpenShift Platform on bare metal using the Red Hat OpenStack Platform director deployment/management tool, integrated with openshift-ansible. I’ll give some details of this demo, the upstream TripleO features related to this work, and insight around the potential use-cases.
  • Discover the possibilities of hybrid cloud during a joint virtual event with Red Hat & Microsoft [Ed: [Ed: When Red Hat pus Microsoft executives at top positions inside Red Hat...]
  • Red Hat OpenStack Customer Survey 2018: containers, technical support top of mind
    In 2016, we surveyed our customer base on their use of OpenStack in production, getting a pulse-check on the top considerations, expectations, and benefits of a Red Hat OpenStack Platform deployment. With 2018 marking five years of Red Hat OpenStack Platform, we checked back in with our customers to see if their experiences or expectations of OpenStack have changed. Our survey found:
  • Red Hat CEO Jim Whitehurst On How He Plans To Win The Container Market
  • Juniper, Red Hat Tighten Integration to Fend Off VMware
    Juniper Networks and Red Hat have tightened their integration efforts in a move to help ease enterprise adoption of cloud-native platforms and bolster their own offerings against the likes of VMware and Cisco. The latest platform integration includes the Red Hat OpenStack Platform; Red Hat’s OpenShift Container Platform running as a platform-as-a-service (PaaS) on top of or next to the OpenStack platform depending on deployment architecture; and Juniper’s Contrail Enterprise Multi-Cloud platform running as the networking and security layer to unify those together. This integration is designed as a managed system to help deploy and run applications and services on any virtual machine (VM), container platform, and any cloud environment.
  • Red Hat OpenStack HCI Targets Telco Hybrid Cloud, 5G Deployments
    Red Hat today rolled out a hyperconverged infrastructure (HCI) platform based on OpenStack compute and Ceph storage. The new product targets service providers looking to deploy virtual network functions (VNFs) and 5G technologies on top of open source software. Launched at this week’s OpenStack Summit, the Red Hat Hyperconverged Infrastructure for Cloud combines Red Hat OpenStack Platform 13 and Red Hat Ceph Storage 3 into one product. Red Hat says it is the largest contributor to both open source projects.
  • Red Hat Hyperconverged Infrastructure for Cloud Bridges Datacenters and Edge Deployments
  • GSoC 2018: Week 1
    This time, I am working on improving the Fedora Community App with the Fedora project. It’s been a week since we started off our coding on may 14. The Fedora App is a central location for Fedora users and innovators to stay updated on The Fedora Project. News updates, social posts, Ask Fedora, as well as articles from Fedora Magazine are all held under this app.

Today in Techrights