EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Fedora 21 Release Just 7 Months Away

Posted in GNU/Linux, Red Hat at 9:12 am by Dr. Roy Schestowitz

Summary: Red Hat’s Fedora 21 will come out in the middle of October, according to a newly-published schedule

AFTER much anticipation and speculation [1] it turns out that the next release of Fedora will be in late autumn, some time in the middle of October [2]. Phoronix, which recently wrote some in-depth analysis (with a lot of links) about Fedora, also explained how Mesa 10 packages were made available for Fedora 20 [3].

The nice thing about the Fedora project, as we pointed out before, is not only its insistence on free/libre graphics drivers but also extensive work on such drivers. Without Fedora we would all be losing a lot.

Fedora does not need to look ‘ugly’ or ‘not polished’ (it got this reputation some years ago when poor releases were made). Fedora has no consistent ‘face’ because it’s highly customisable and unlike Ubuntu (which demotes “alternative” desktops/themes) it comes in several very different ‘flavours’ [4] which are all managed and distributed (as equal) by Red Hat. Fedora 20 looks like a solid option and half a year from now we will see another fine release of Fedora, which is always getting better. I have used many release of Fedora over the years and I was always mostly satisfied.

Related/contextual items from the news:

  1. Fedora 21′s Schedule Is Closer To Being Figured Out

    Fedora.Next is bringing lots of changes as the longstanding distribution seeks to effectively remake itself and move forward with greater vigor. When it comes to this next major distribution update, Fedora 21 already has lined up support for non-KMS drivers to be abandoned, other old GPU support removal, out of the box OpenCL support, Wayland support improvements, Hawkey usage, and many other changes, besides simply having updated upstream open-source Linux packages.

  2. Fedora 21 Being Planned For Mid-October Release

    The next Fedora Linux release is being postponed until October since if shipping in August they are left midway between GNOME 3.12 and 3.14. GNOME 3.14 will be released by late September and thus if shipping in mid-to-late October would allow time for a fresh GNOME 3.14 desktop to be incorporated into the release. October/November release targets have also been what’s long been sought after by Fedora (among other distributions) for nailing close to the GNOME release time-frame and other software projects.

  3. Mesa 10 Packages For Fedora 20

    While Fedora 20 is looking to land GNOME 3.12 as a stable release upgrade, the developers normally shipping a bleeding-edge Linux graphics stack haven’t sent down any stable release updates for the much-improved Mesa 10 drivers. Fortunately, there’s some unofficial choices.

  4. The Flat Owl Linux Desktop

    Lifehacker reader Royale with Cheese has a sharp-looking flat desktop that looks like OS X at first glance. It’s actually Fedora 20, and it’s smooth as butter. Here’s how he set it up.

Debian’s Importance is Growing

Posted in Debian, GNU/Linux, Red Hat at 8:48 am by Dr. Roy Schestowitz

Summary: Updates and news from the Debian camp, focusing on the silent or lesser-acknowledged role of this international project in computing

Linux Mint, which does not come with Amazon spyware (unlike Ubuntu, which fell behind Mint in DistroWatch), seems to be leaning more and more towards Debian with this new release [1] which was reviewed some hours ago (in the publication sense) [2] and surely has momentum [3]. Even the release candidate (RC) [4] received such coverage [5] (mind the UEFI ‘secure’ boot rant), proving that there is definitely some interest from users (Jim Lynch’s/IDG’s sensationalist headline merely links to screenshots like these [6]).

Debian recently added OpenRISC support [7,8] (Debian is perhaps best known for huge hardware diversity) and there is a new project for better security [9] (think of it like SELinux, except intervention of the criminal NSA, which wants back doors in Linux [1, 2, 3, 4]). Red Hat's Systemd may not be the only option [10], but we don’t know for sure yet. Someone needs to continue to offer alternatives to Systemd. Debian is very important with its many new derivatives [11], role in hardware [12] and embedded domination [13] (bar Android and closed Linux-based systems), hence the importance of its decision on init systems.

A strong Debian (and derivatives like Ubuntu) acts as an essential regulating force in the face of Red Hat/CentOS domination; lack of diversity, history teaches, limits security and increases vulnerability.

Related/contextual items from the news:

  1. Linux Mint Debian 201403 released!

    The team is proud to announce the release of LMDE 201403.

  2. Debian, Mint (LMDE), SolydX and Tanglu, compared and contrasted

    The four distributions obviously have a lot in common; Debian is well known as one of the oldest, best established and most respected Linux distributions, Linux Mint Debian Edition (LMDE) is derived from Debian, with a lot of the goodies which have been developed for the Linux Mint ‘main’ distribution added, and both SolydXK and Tanglu are derived from a combination of those two plus a good bit of work in packaging, repositories, updates, appearances and such.

  3. Are there enough users for Linux Mint Debian Edition to survive?

    The Linux Mint blog is reporting that Linux Mint Debian Edition 201403 has been released. LMDE is a semi-rolling distro that is based on Debian Testing. It is a good alternative for those who want the features of Linux Mint without having to use Ubuntu as its base.

  4. Linux Mint Debian 201403 RC released!

    We look forward to receiving your feedback. Thank you for using Linux Mint and have a lot of fun testing the release candidate!

  5. Hands-on with Linux Mint Debian Edition 201403 release candidate

    The installation was absolutely routine with the exception of the well-known difficulty with UEFI firmware configuration on the HP Pavilion. There was even good news on that system, though, because the very difficult wi-fi adapter (Ralink 3290) seems to work just fine.

  6. Linux Mint 201403 Debian Cinnamon
  7. Debian for OpenRISC
  8. Debian Ported To OpenRISC Architecture
  9. Debian Mempo Still Aiming For Better Security

    Mempo is a project started in H2’2013 that’s been trying to provide a secure yet robust Debian platform that currently classifies itself in a “pre-alpha” state. Mempo is patching Debian packages with better security and privacy, providing newer versions of packages than what’s found in Debian, using a hardened “GrSecurity” Linux kernel, and is working to support other work in and outside of Debian.

  10. Debian TC Won’t Pass Resolution Over Init System Coupling

    Since the Debian technical committee decided they will use systemd over Upstart, the latest vote on their agenda was over init system coupling and how Debian developers maintaining packages should deal with different init systems or what guidance the technical committee should send to these package maintainers.

  11. A look at Tanglu 1.0 ‘Aequorea Victoria’ GNOME

    Tanglu is a fairly young project and perhaps has flown under the radar somewhat. The 1.0 release is a major milestone for the distribution, which is based on a mixture of Debian Testing, Debian Unstable and in some cases even Debian Experimental.

  12. Debian 7: PCI Serial, at last
  13. Tiny ARM/FPGA Zynq COM does Debian

    PLDA has launched an SODIMM-like computer-on-module claimed to be the smallest Xilinx Zynq COM yet, supported with a carrier board and Debian Linux BSP


Skype Chief Executive Quits Microsoft Amid NSA Scandals

Posted in Red Hat at 8:36 am by Dr. Roy Schestowitz

Summary: A day or so after Yahoo was revealed to have been used to illegally spy on users’ webcams the former Skype chief executive resigns (effective immediately)

SOMETHING TRULY ugly is happening at Microsoft. Not only did Microsoft collude with the criminal NSA but it also turned Skype into a surveillance machine. To make matters worse, Microsoft is now shamelessly hoovering up personal data from Windows PCs (article in German) and executives are fleeing (can anyone blame them?).

“Tony Bates, the former Skype chief executive and currently head of Microsoft’s business development, is to leave the company immediately,” says this article (titled “Microsoft Loses Two Top Executives”), “while Reller, co-head of Microsoft’s Windows unit, will stay on board during a transition period” (damage control).

Yesterday we wrote about Microsoft’s Kinect as a target of surveillance (mentioned in the context of Yahoo). It doesn’t get any worse, does it? Even video of people who use Microsoft products seems to be intercepted and saved, obviously against the law (millions are affected, so there is no reasonable suspicion). The timing of this immediate resignation is interesting to say the very least because it overlaps reports about Yahoo video chats as targets of interception and mass violations (GCHQ is said to have watched and probably recorded hundreds of thousands of innocent people masturbating). Based on previous leaks (about Skype), it is reasonable to say that Skype is not exempted from this and its violations are no different. We just haven’t seen enough documents about it (yet).

Meanwhile, as Sam Varghese notes [1], Red Hat is failing to exploit these scandals to its own advantage, perhaps because Red Hat too has something to hide [1, 2, 3].

It would be nice if more people started to appreciate Free software, at the very least because of privacy (which a lot of people understand and value).

Related/contextual items from the news:

  1. Linux companies never miss an opportunity to miss an opportunity

    It would be heartening to see James Whitehurst, the head of Red Hat Linux, the biggest commercial Linux outfit, and one that has seen billing go above the billion-dollar mark, deliver a speech at some official forum that underlined the fact that his company’s product – and that of other commercial Linux companies – provides a guarantee against the insertion of backdoors.


Open Source Initiative, Free Software Foundation, SFLC, Red Hat and Others Fight Against Software Patents at SCOTUS Level

Posted in America, FSF, Law, OIN, OSI, Patents, Red Hat at 5:58 am by Dr. Roy Schestowitz

Summary: The debate about software patents in the United States is back because many Free software advocacy groups and companies (not Open Invention Network though) are getting involved in a Supreme Court (SCOTUS) case

OVER THE past 6 months or so there have not been many debates about software patents. There were debates about trolls and other such distracting debates; many of them were ‘pre-approved’ by corporations and covered by the corporate press. We had highlighted this appealing trend several dozens of times before pretty much abandoning this debate and giving up on involvement; generally speaking, providing coverage for these debates is basically helping those who create obstacles for small players (monopolies/oligopolies) just shift the public’s attention away from patent scope.

Debates about software patents returned about a week ago. The Open Invention Network (OIN) was mentioned in the article “Software patents should include source code”, but it’s such an offensive idea because it helps legitimise software patents, which is what the Open Invention Network often does anyway. To quote the article: “Computer-implemented inventions that are patented in Europe should be required to fully disclose the patented invention, for example by including working, compilable source code, that can be verified by others. This would be one way to avoid frivolous software patents, says Mirko Boehm, a Berlin-based economist and software developer working for the OpenInvention Network (OIN).”

Why on Earth does the Open Invention Network get involved in pushing the idea of software patents in Europe? Source code or not, software patents are not legal in Europe and the same goes in most of the world, including India where lawyers’ sites still try to legitimise them.

In another blog post, one from a proprietary software company, the ludicrous notion of “Intellectual Property” is mentioned in the context of Free software and patents. The author is actually pro-Free software, but the angle he takes helps warp the terminology and warp the discussion somewhat. To quote him: “My usual response to the question, “Do I have to worry about patent trolls and copyright infringement in open source software?” is another question, “Does your proprietary vendor offer you unlimited liability for patent trolls and copyright infringement and what visibility do you have into their source code?” In the proprietary world I think you’d be hard-pressed to find a vendor who provides unlimited liability for their products against IP infringement, or even much over the cost of the products or services rendered. How often do you review their source code and if given the opportunity are you able to share your findings with other users. In open source that’s simply table stakes.”

Contrary to all the above, the Software Freedom Law Center, together with the FSF and the OSI (Simon Phipps and Luis Villa) actually fight the good fight. To quote Phipps: “How important are software patents? We know they’re a threat to the freedom of developers to collaborate openly in communities, chilling the commercial use of shared ideas that fuels engagement with open source. We know that the software industry was established without the “incentive” of software patents. But the importance of the issue was spotlighted yesterday in a joint action by two leading open source organizations.”

Here is how Phipps concludes his article at IDG: “I endorse and welcome this joint position calling for firm clarity on software patents. (I was obviously party to the decision to take it, although I’m not writing on OSI’s behalf here.) With 15 years of history behind us, there’s far more that unites the FSF and the OSI than divides us. We’ve each played our part in the software freedom movement that has transformed computing. Now all of us in both communities need to unite to end the chilling threat of software patents to the freedom to innovate collaboratively in community.”

Red Hat too is joining this battle and announcing this to shareholders, making some press coverage in the process amid many articles about SCOTUS in the post-Bilski case era (see some coverage in [1, 2, 3, 4, 5, 6, 7, 8, 910]).

Software patents are finally in the headlines again (not much sympathy for them), but there is also some focus on trolls, courtesy of companies like Samsung and Apple. Other recent reporting about patents covered patent lawyers’ business, the role of universities in patents (they help feed trolls these days), and also USPTO reform (that was a fortnight ago). None of this dominated the news, however, as much as the debate was on software patents. So, perhaps it’s time to get back to covering patents on an almost daily basis.

Software patents are the most important issue as they are the biggest barrier to Free software. We just need to have the subject of software patents and their elimination publicly discussed.


Poll: Only 39% Trust Red Hat Over Back Doors

Posted in Red Hat, Security at 6:00 am by Dr. Roy Schestowitz

Red Hat poll

Summary: News about Red Hat, including renewed suspicions that the company is too close to the NSA, not merely a business partner

wE BEGAN writing about Red Hat and NSA as its major client only a few months ago [1,2], mainly because we had found a claim by Red Hat staff that patches from the NSA were being passed to Torvalds via Red Hat. We later had that confirmed by Red Hat staff. This definitely does not inspire confidence because we already know that the NSA wanted to put back doors in Linux.

The latest such post about Red Hat and the NSA comes from FOSS Force, where Christine concludes: “If Red Hat isn’t working hand-in-hand with the NSA in its efforts to spy on us, then this poll obviously represents a public relations problem for the Raleigh, North Carolina based company. Although it’s doubtful that many, if any, of those taking this poll are Red Hat customers, we can only assume that results such as we’re seeing here indicate a potential problem of perception even outside the free software community. It wouldn’t bode well for Red Hat if these sentiments were to spread to include it’s user base.”

Christine is being very kind to Red Hat. She may be right, but many of her readers seem to agree that Red Hat could have been used by the NSA for back doors. Less than 40% trust Red Hat.

In other news about Red Hat (more positive news), here are the latest press releases, which barely received any press coverage:

News about Red Hat also still revolves around CentOS (the CentOS news is old, but it’s still abound [1]), OpenStack [2,3,4], or ‘cloud’, which usually means surveillance-friendly setups, sometimes with CIA in the loop [5]. Virtualisation too is in Red Hat’s pitch [6,7,8], not to mention Red Hat staff [9]. There seems to be a recruitment drive in Red Hat’s OpenSource.com, with emphasis on women this month [10-17]. Only one other site [18] seems to have dedicated an article to women in FOSS/software in the same period of time. There is nothing wrong with that, it’s just an observation.

The bottom line is this: we need clarifications from Red Hat where it matters. The silence on this matter has been deafening and if Red Hat says nothing to alleviate these worries, then this may actually contribute further to distrust. Red Hat is developing many core components in GNU/Linux systems and when NSA is using Red Hat to submit patches (created by the NSA) we do need some reassurances. It’s not just SELinux. Red Hat should identify very clearly which patches have come from the NSA so that extra scrutiny can be applied. Knowing what the NSA has done to NIST, RSA etc. it would also be wise to ostracise the NSA when it comes to patches.

Related/contextual items from the news:

  1. Linux Top 3: CentOS Dons a Red Hat, SteamOS Gets Hardware, Kali Linux Nukes Security
  2. Red Hat’s Love-Hate Affair With The Cloud

    Among the several reasons for Red Hat to embrace CentOS, its erstwhile copycatting nemesis, one explanation has largely been overlooked: The cloud made them do it. More specifically, OpenStack made them do it.

    Red Hat had all but sewn up the market for Linux in the data center. But in the cloud, the market for Linux is both wide open—and perhaps nonexistent.

  3. Red Hat Upgrades OpenStack Cloud Infrastructure Platform
  4. Red Hat Promotes Open Source Software-Defined Storage

    If the advent of object-based storage à la OpenStack Swift is one sign of the decline of traditional storage technologies, the momentum of software-defined storage is yet more evidence that the future of data storage for the cloud and the enterprise is changing. And open source giant Red Hat (RHT) is the latest vendor to jump on board, with the announcement of new software-defined storage options for Red Hat partners that could have a wide impact across the channel.

  5. Red Hat, Partners Collaborate on AWS New Test Drive Demos
  6. Red Hat ups its virtualization and cloud game
  7. Red Hat shops get KVM updates, scalability in RHEL 6.5
  8. Red Hat Enterprise Virtualization 3.3 Gets Real

    The RHEV 3.3 release is built on top of the open-source oVirt project, which is led by Red Hat. The new release adds support for the Red Hat Enterprise Linux 6.5 platform, improves performance and supports a wider array of systems.

  9. Findings from working on Red Hat’s installer

    I believe that the open source community as a whole would benefit if more open source developers considered the API and associated bindings as primary and the CLI as of secondary importance. Ideally, applications would be designed from the start with a well-defined API, a set of bindings that evolved with the API, and a CLI (if one was necessary) that was defined in a scripting language that made use of the bindings. Not only would this make the application ripe for automation, but it would likely have the added benefit of making the API better defined and more robust.

  10. Engage women, have fun, get more out of your open source project

    There are few women developers and even proportionately less working in open source communities. However, a career in OSS is ideal for women who are seeking balance in their lives whether the balance is starting a family or maintaining balance with friends and a strenuous and engaging hobby. It’s well established that there’s a shortage of women pursuing careers in computer science. UCLA’s Higher Education Research Institute found that just 0.3% of students majoring in technology-related fields are female, despite the high demand for those skills. As few as 1.5% of open source contributors are women.

  11. Heard of the GNOME Outreach Program for Women? Learn more today.

    Marie Nordin is one of the OPW interns for the Fedora Project. She is the visual designer currently in charge of badge design for Fedora Badges, an open badges based web application that helps to encourage contributors in the Fedora community by awarding them with badges for their efforts. (For example, Marie is the proud recipient of the “Pixel Ninja” badge for her work on the Fedora Design team.) I interviewed Marie, and she shared how she came to open source, what open source projects she’s currently involved with, and her advice for other young women interested in getting involved.

  12. The Women of OpenStack talk outreach, education, and mentoring

    In the open source world, a women-only event seems counter-intuitive. Yet I am finding reasons for such events the more I attend them.

    At the OpenStack Summit, a twice-a-year event where OpenStack contributors get together to plan the next release, the Women of OpenStack group has set up events where we invite the women first. Men aren’t excluded, but our hope is to get more OpenStack women together. I can hardly capture the value of getting together with other women in OpenStack at the Summit, but here goes.

  13. Make money and have fun in open source

    We’re familiar with the statistics, and we’ve seen the photos from the tech conferences. Seas full of men. It requires patience to scan for the odd female in those auditoriums. It’s a popular topic, this scarcity of women in technology, one of the hip things to whine about these days. It’s politically correct to blame the male “priesthood” in Silicon Valley. Ask Paul Graham. He took it in the ribs after a few reckless comments about the funding practices of his startup seed accelerator, Y Combinator. He was quoted as saying, “God knows what you would do to get 13 year old girls interested in computers. I would have to stop and think about that,” in a recent article. Ouch. But, really, is he so wrong?

  14. Advice from 5 Joomla! project leaders: Part 1

    The Joomla! community, inside and outside the company, is diverse and multi-cultural. It is made up of all sorts of people with two things in common: a love for Joomla! and a willingness to reach out and help others on the other side of the keyboard.

  15. Advice from 5 Joomla! project leaders: Part 2
  16. The participatory nature of the Internet strengthens fan communities

    Whether the big media producers like it or not, digital technologies have made it easier than ever for popular culture fans to create remixes or derivative works from their favorite movies, TV shows, books, and other media. And the participatory nature of the Internet has arguably helped broaden the popular definition of a “fan community” from something exclusive to comic and sci-fi fans to being inclusive of many genres and people. This includes giving wider exposure to a vast and yet often overlooked demographic in pop fandom—women—and their influence on mainstream media stories.

  17. Golden opportunity for public libraries to meet digital needs of women

    Women use the Internet 17% more than their male counterparts yet are underrepresented in programming and open source. Public libraries (and public schools) have a critical role to play with improving the dearth of diversity in coding and open source.

  18. Girls and Software

    December 2013′s EOF, titled “Mars Needs Women”, visited an interesting fact: that the male/female ratio among Linux Journal readers, and Linux kernel developers, is so lopsided (male high, female low) that graphing it would produce a near-vertical line. I was hoping the piece would invite a Linux hacker on the female side of that graph to step up and move the conversation forward. And sure enough, here we have Susan Sons aka @HedgeMage.


Debian Receives Prize from Valve But Becomes More Dependent on Red Hat

Posted in Debian, Red Hat, Security at 7:43 am by Dr. Roy Schestowitz

Summary: Debian is leaning towards systemd, which is developed by Red Hat (an NSA partner)

DEBIAN has got somewhat of a trophy now that Valve uses Debian GNU/Linux by default. It receives gratis proprietary games in return [1,2,3].

Debian recently made a lot of headlines because of the init debate [4-12]; Debian, being a dominant distribution (competing only with RHEL/CentOS for the #1 spot), is seemingly leaning in Red Hat’s direction and it is winning support from those whom Fedora let down [13]. As Sam Varghese put it, this “means that the future direction of Linux development will be determined by Red Hat, the company that is behind systemd, and the biggest commercial entity in the Linux game.”

It might actually be more beneficial to have Debian as the flag bearer, not Red Hat, which is working with the NSA. Debian has reported its share of flaws recently [14,18], but the problem is that by inheriting more code from Red Hat it is becoming more dependent on a company which admits (to me personally) that it sends to Linux patches that the NSA writes (not just SELinux) because the NSA is a major customer. We already know that the NSA wanted back doors in Linux [1, 2, 3, 4], e.g. through weak random number generators. Given what happened in RSA, NIST, etc. we found it rather hard to blindly trust RHEL, especially the binary build (Red Hat staff has admitted to me that they don’t do a thorough audit of the build process). If Debian gets compromised, the same problem gets inherited by Ubuntu and its derivatives.

Related/contextual items from the news:

  1. Valve Wants To Give You All Of Its Games On Steam (If You’re A Debian Linux Developer)
  2. Valve games for Debian Developers

    At $dayjob for Collabora, we’ve been working with Valve on SteamOS, which is based on Debian. Valve are keen to contribute back to the community, and I’m discussing a couple of ways that they may be able to do that [0].

  3. Valve Is Making All Their Games Free To Debian Developers

    Valve will be making all of their games — past, present, and future — available for free to Debian Linux developers.

  4. The Six Stages of systemd [linux.conf.au 2014]
  5. To Systemd Or Not To Systemd. That Is The Question
  6. Init wars: Shuttleworth’s copyright licensing hangs over debate

    As the debate on the default init system for the next Debian release winds down, one fact emerges: the copyright licensing model adopted by Canonical has been a decisive factor in the choice made by the technical committee.

  7. Which init system for Debian?

    The Debian project is no stranger to long, vehemently argued email threads, though, like the rest of us, Debian developers appear to be getting older and calmer as time goes by. If there were to be an intense thread now, one might think that the recent shift to XFCE as the default window system might be the cause. Indeed, there was some discussion of that topic, but that thread was easily buried by the hot-button issue that almost all distributions appear to need to debate at length: which init system to use. This is not the first time Debian has argued over init systems (see this 2011 article, for example), but, just maybe, it might be the last.

  8. Debian May Be Leaning Towards Systemd Over Upstart

    For months now the Debian Technical Committee has been tasked with deciding between systemd and Upstart for the future init system of the Linux distribution that also has a FreeBSD kernel port, etc. The debate has been long and ongoing. Among other opinions, Ian Jackson of the committee came out last month in favor of using Upstart while Russ Allberry came out in favor of systemd.

  9. A Major Music Company Now Backs Systemd In Debian
  10. Init wars: Debian tech panel may end up deadlocked

    The Debian technical committee may end up in a stalemate when it votes on which init system should be the default for the next release of its community GNU/Linux distribution.

  11. Red Hat must be rejoicing as Debian tilts towards systemd

    The Debian GNU/Linux Project’s technical committee appears to be split down the middle on the question of the default init system for the next release.

  12. Spotify uses Debian, endorses systemd instead of Upstart as default

    Debian is considering between Upstart and systemd – two competing daemons. While Upstart was developed solely by Canonical, systemd was developed by contributors from different distributions (edited, thanks to Jos Poortvliet).

  13. When life hands you lemons, go back to Debian

    To keep a short story short, the mantainer of the proprietary AMD Catalyst (aka fglrx) driver for the Fedora-focused RPM Fusion repository doesn’t want to do it anymore.

    And he made this decision not before the release of Fedora 20 with lots of notice — and not after with lots of notice BUT PRETTY MUCH DURING THE RELEASE with no notice.

  14. Debian: 2840-1: srtp: buffer overflow
  15. Debian: 2835-1: asterisk: buffer overflow
  16. Debian: 2832-1: memcached: Multiple vulnerabilities
  17. Debian: 2830-1: ruby-i18n: cross-site scripting
  18. Debian: 2828-1: drupal6: Multiple vulnerabilities


For Real Security, Use CentOS — Never RHEL — and Run Neither on Amazon’s Servers

Posted in GNU/Linux, Red Hat, Security at 9:27 am by Dr. Roy Schestowitz

Red Hat logo

Summary: Never run Red Hat’s “Enterprise Linux”, which cannot be trusted because of NSA involvement; Amazon, which pays Microsoft for RHEL and works with the CIA, should never be used for hosting

SEVERAL years ago CentOS almost died; now it’s being embraced by Red Hat and one pundit from tech tabloid ZDNet is moving to CentOS Linux on the desktop [1,2].

CentOS is still in the news [3], with the CentOS project leader (Karanbir Singh) giving an interview to the Linux Foundation [4]. We trust CentOS, whereas trusting Red Hat is hard. RHEL is binary and based on news from half a decade ago, the NSA is said to be involved in the building process, as well as SUSE’s, whereas CentOS is built from source (publicly visible). Microsoft and the NSA do the same thing with Windows and it’s now confirmed that Windows has NSA backdoors.

Earlier this month vulnerabilities in RHEL’s openssl and RHEL’s gnupg [5,6], contributed even less to trust. RHEL is so standard in the industry that it would probably be simpler than other distributions to exploit; the NSA may as well have off-the-shelf exploits for all major RHEL releases, which are deployed in many countries’ servers (even so-called ‘rogue’ countries). Based on the NSA leaks, Fedora — not RHEL — is being used by the NSA itself to run its spying operations (e.g. collecting radio signals from afar). Fedora is not truly binary-compatible and its source code makes secrets hard to keep.

Lastly, mind the latest of Red Hat’s Fog Computing hype [7,8], including the CIA’s partner Amazon that’s lumped onto Red Hat [9,10] as part of a conference [11,12]. Avoid Amazon at all costs. It’s a malicious trap for many reasons. Amazon also pays Microsoft for RHEL after a patent deal with Microsoft, as we pointed out years ago. Suffice to say, Microsoft's servers are as bad as Amazon's for privacy.

RHEL and its derivatives continue to be deployed in many large networks of systems [13], so it’s clear why the NSA would drool over the possibility of back doors in RHEL. Watch out for that. Given the way NSA infiltrated standards bodies and other institutions, it’s not impossible that there are even moles at Red Hat or Fedora. There used to be some at Microsoft (we know about those who got caught).

Red Hat’s CEO is now telling his story in a Red Hat site [14] and one needs to remember who he used to work for (close to Boeing, which is primarily an army company), not just the country he is based on (hence the rules that apply to him, especially when he wishes to appeal to government contractors, DoD/Pentagon etc. which are the most lucrative contracts).

It should be noted that my Web sites are mostly running CentOS and the same goes for the host of Techrights, who focuses on security. With CentOS you can get the source code and redistribute; with Red Hat’s RHEL you can’t (it’s sold as binary).

There is definitely a good reason to trust CentOS security more than RHEL security. As for Oracle (“Unbreakable”), well… just read Ellison’s public statements in support of the NSA (never mind the company’s roots and the CIA). That tells a lot.

The bottom line is, blind faith in binary distributions is a bad thing. Blind faith in NSA partners (Red Hat collaborates with the NSA not just in SELinux) is even worse.

Related/contextual items from the news:

  1. Taking the long view: Why I’m moving to CentOS Linux on the desktop
  2. Is CentOS ready for the Linux desktop?

    CentOS is a very interesting and different choice for a desktop distribution. I haven’t heard of many people using it that way. Whenever somebody brings it up it’s usually within the context of running a server.

  3. Fedora and CentOS Updates, Linux for Security, and Top Seven
  4. CentOS Project Leader Karanbir Singh Opens Up on Red Hat Deal

    In the 10 years since the CentOS project was launched there has been no board of directors, or legal team, or commercial backing. The developers who labored to build the community-led version of Red Hat Enterprise Linux (RHEL) worked largely unpaid (though some took a few consulting gigs on the side.) They had a few hundred dollars in their bank account to pay for event t-shirts and that was it. And the project’s direction was decided based on the developers’ immediate needs, not a grand vision of future technology.

  5. Red Hat: 2014:0015-01: openssl: Important Advisory
  6. Red Hat: 2014:0016-01: gnupg: Moderate Advisory
  7. Red Hat Invests in Open Source IaaS, Cloud Talent
  8. Red Hat Academy Expands Training, Includes OpenStack Coursework
  9. Red Hat Launches Test Drives on AWS

    At its annual Partner conference in Scottsdale, Arizona this week Red Hat (RHT) announced new Test Drives on Amazon Web Services (AWS) with three Red Hat partners – CITYTECH, Shadow-Soft, and Vizuri. Through the AWS Test Drive program, users can quickly and easily explore and deploy ready-made solutions built on Red Hat technologies.

  10. Why Red Hat Needs OpenStack … And AWS

    OpenStack, the cloud’s community darling, desperately needs leadership, and Red Hat seems the ideal leader. But OpenStack isn’t the only needy party here. As good as Red Hat’s growth has been over the last decade, it pales in comparison to that of VMware, a later entrant that has grown much faster than Red Hat. And the open source leader still trails well behind Microsoft.

  11. Google, Amazon Clouds Invade Red Hat Partner Conference

    Google Cloud Platform and Amazon Web Services executives are set to address Red Hat Partner Conference attendees on Jan. 13 in Arizona. No doubt, the keynotes will seek to ensure Linux resellers understand how to move customer workloads into the Google and AWS public clouds, respectively.

  12. 7 Surprises At Red Hat Partner Conference 2014
  13. How to deploy OSSEC across a large network of systems from RPMs
  14. Teens and their first job: How to get on the path to a happy career

    I grew up in the 1980s in Columbus, Georgia. You needed a car to get around, so I did not work until I could drive. Within months of getting my driver’s license, I got my first job as a part-time computer programmer for a stockbroker.


Indebted to Fedora, the GNU/Linux Factory

Posted in GNU/Linux, Red Hat at 1:29 pm by Dr. Roy Schestowitz


Summary: The contributions of Fedora to GNU/Linux put in some proper perspective

WHILE it is possible that Korora is better than Fedora, no project other than Debian contributes so much to GNU/Linux. Fedora is a contributions leader and its steward, Red Hat, employs a huge number of GNU/Linux developers.

A GTK3 version of Firefox is now coming through Fedora [1], a the aforementioned UX designer for GNOME is said to be working for Red Hat/Fedora [2], Fedora targets/tackles System z 64-bit [3] (kernel feature), and Fedora 21 has a lot of promise [4] (it is scheduled to be released later than expected [5,6]). Fedora is strong when it comes to hardware [7,8], software/repositories [9,10], and of course package/software management [11,12]. Fedora/Red Hat employed the inventor of Yum until he died and Yum got renamed.

To speak negatively about Fedora is to basically forget who it is that puts a lot of effort (and investment) into GNU/Linux development. Ubuntu (of Canonical), by contrast, mostly gets credit for gaining market share.

Related/contextual items from the news:

  1. GTK3 Version Of Firefox Up For Fedora Testing

    It’s taking a long time of the GTK3 port of Mozilla Firefox to be completed, but it’s now been made a bit easier for those wanting to test out GTK3 Firefox on Fedora Linux.

  2. openSUSE Forum Back, Allan Day Interview, and Fedora Tidbits

    Allan Day, UX Designer on GNOME for Red Hat, has given an interview to Steven Ovadia over at My Linux Rig. Fedora’s Program Manager blogged on the upcoming Fedora 21 release cycle.

  3. Fedora 20 Officially Released for IBM System z 64-Bit

    Dan Horák has announced on January 8 that the Fedora 20 (Heisenbug) Linux operating system is now available for download for the IBM System z (s390x) 64-bit systems.

  4. Nameless Fedora 21 Linux Is an Opportunity for Growth

    Typically, Red Hat’s Fedora Linux distribution has two colorfully named releases a year, but that likely won’t be the case in 2014. However, that’s no reason for concern.
    The Red Hat-sponsored Fedora Linux community recently celebrated its 10th anniversary, capping off a decade of releases and evolution. In 2014, Fedora could be in store for its biggest evolution since the project’s creation, with fewer releases and even a new naming strategy.

  5. Fedora 21 Won’t Be Released Before August
  6. Where’s Fedora 21 schedule?

    Is Fedora 21 going to be released in the old model way, or new one? Hard to answer right now. But there’s one date – F21 is not going to be released earlier than in August (and I’d say late August). See FESCo ticket. What’s the reason? As otherwise we would try to hit May timeframe? Short answe: we want to give the opportunity to the teams that are smashed by release windmills to work on tooling.

  7. AMD Radeon R9 270 in Fedora 20 experience

    A week ago I’ve bough MSI Radeon R9 270 GAMING 2G. It’s an upper mid-range card and most new games should run on it reasonably well on high details. In Fedora there are two choices – you can either use the default open-source radeonsi driver, or you can install proprietary catalyst driver. I have tried general system functionality and also a lot of games (through Steam) on both drivers.

  8. Ubuntu 13.10 vs. Fedora 20 Benchmarks
  9. Fedora Utils: An overview

    I was a happy Ubuntu user, until Gnome Shell arrived! It was new, it was shiny. And it provided all those things that I needed. I mostly used the compiz expo plugin to switch between tasks. I would set-up my top-left corner as a hot corner to trigger expo and use docky for my favourite apps. When I tried Gnome Shell 3.2, it was quite similar, expect the dock was on left. But that didn’t hamper my experience. I initially used docky and awn, but finally got rid of it.

  10. EPEL 7 Development
  11. Fedora’s Yum Replacement Ready For User Testing

    DNF, the next-generation yum package manager spearheaded by the Fedora project, is now ready for end-user testing ahead of its expected use out-of-the-box by Fedora 22.

  12. Fedora Users Still Have Mixed Feelings Over DNF

    While DNF isn’t the default package manager on Fedora Linux installations until at least Fedora 22, there’s still many mixed reservations about this intended replacement to Yum.

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts