Updates on technologies, trends, and tools.
Linux Pro Online
Off the Beat * Bruce Byfield
KDE Plasma 5: A New Awareness of Design The release of KDE Plasma 5 is mostly a technical event. However, one fact that is being mostly ignored is that Plasma 5 is the first release in which the KDE Visual Design Group has been at work attempting to improve Plasma visually.
Distro Hopping I know several people who make a habit of changing distributions every few weeks. They install a new distribution, and for a few days they have nothing but praise for it. But the honeymoon soon ends, the complaints start, and they are back hunting for the perfect version of Linux.
Fifteen years in free software Fifteen years ago this week, free software became a major part of my life. It was a change that took me to places I never imagined and introduced me to people I otherwise would never have met, almost none of which I regret.
Productivity Sauce * Dmitri Popov
Dillinger: Markdown Editor Done Right It seems that writing a markdown text editor is a popular pastime for many developers: Hardly a day goes by without yet another markdown editor popping up somewhere on the web.
Paw Prints * Jon "maddog" Hall
We are not programming in 1991 anymore! As I write this I am also copying a talk given in February 1996 at Digital Equipment Corporation (DEC) about the port of Linux to DEC's Alpha AXP processor.
Monitoring HPC Systems By Jeff Layton
Ganglia is probably the most popular monitoring framework and tool, in that HPC, Big Data, and even cloud systems are using it.
Metadata for Your Data By Jeff Layton
If you are reading this article, you likely have a Linux system or a Linux cluster somewhere – or even a *nix system.
Kickstack: OpenStack with Puppet By Martin Loschwitz
If you have tried a manual OpenStack installation before, you will have noticed that some configuration steps are identical among the various OpenStack components; that is, you perform the same operations several times.
Monitoring with collectd 4.3 By Martin Loschwitz
Collectd 4.3 is a comprehensive monitoring tool with a removable plug-in architecture.
Container Virtualization Comeback with Docker
By Martin Loschwitz Docker helps the Linux container achieve an appealing comeback and integrates some features missing from earlier container solutions.
HP Rolls Out Massive Cloud Network
HP has announced a new global cloud network. HP Vice President Martin Fink used his keynote address at the HP Discover 2014 event in Las Vegas to unveil the new HP Helion Network. The network will include service providers, partners, developers, system integrators, and value added resellers. Helion will offer cloud space, as well as network-driven services like secure cloud links. HP says the Helion Network will be "hardware agnostic."
According to the press release (http://www8.hp.com/us/en/hp-news/press-release.html?id=1695194#.U8572qizNTY), the Helion Network offers enterprise customers:
- An open, secure, and agile hybrid IT environment with no vendor lock-in, which enables workload portability between on- and off-premises environments.
- Access to an expanded enterprise-grade cloud services portfolio that includes horizontal and vertical applications, as well as network-enhanced services such as secure cloud networking, enabling customers to meet local and multinational hybrid requirements.
- The ability to meet country-specific data regulations regarding data sovereignty, retention, and protection.
At the core of the Helion Network is a collection of service providers. HP's "PartnerOne for Cloud" includes more than 110 service providers around the world. Other partners participating in the Helion Network include Intel and AT&T. Customers will use the network to transfer applications between different cloud environments. Users will also get access to a big cloud service portfolio, and the network will ensure compliance with national data security regulations.
Apple and IBM Sign Historic Partnership Agreement
IBM and Apple, who ignored each other in the 1970s and feuded intensely through the 1980s, have announced (https://www-03.ibm.com/press/us/en/pressrelease/44370.wss) a historic partnership that will support the integration of iOS systems with IBM cloud and infrastructure applications. The result of the deal is that IBM will distribute iPhones and iPads to corporate customers. Apple will provide phone support, and IBM will handle on-site support. IBM says the companies will create "more than a hundred industry-specific enterprise solutions, including native apps, developed exclusively from the ground up, for iPhone and iPad."
The benefits for both companies are clear: IBM has no mobile system and needs a way to extend its vast portfolio of business applications into the mobile age. Apple rules the consumer space but has no realistic means for breaking into the business realm. Beyond the immediate benefits, some experts speculate that IBM sees this partnership as a means for delivering the services of its new-age Watson analytical system, with human-like abilities for solving problems in fields such as medicine and finance, directly into the hands of consumers. Bringing a 21st century human-like intelligence to the iPhone and iPad is very much in Apple's vision for building a supernatural device that attends to the owner's every need.
According to most commentators, the big loser in this deal is Blackberry, which has already lost much of the consumer market to Apple and Android vendors but is still holding a strong position with corporate mobile users.
Google Creates Extension for PGP Encryption in Webmail
Google has released a extension for the Chrome browser that simplifies email encryption for webmail users. The End-to-End extension is designed to let Gmail users implement email encryption through the Pretty Good Privacy (PGP) program.
The standard webmail system handles user interaction through a browser-based HTTP session. However, an email message is sent through a chain of mail servers on its way to the destination address. Google estimates that only half of the email that passes through Gmail to other providers is actually encrypted all the way from the starting server to the destination. The new End-to-End extension will ensure that the message will be encrypted as it passes through the chain of mail servers.
The End-to-End extension is currently in an alpha pre-release version. The source code is available for security experts and testers to experiment. As Google developer Stephan Somogyi explains in a blog entry, Google wants to receive comments and improvements from the community before releasing a final version that will then be available in the Chrome web store.
RHEL Climbs Higher into the Cloud
Red Hat recently unveiled Red Hat Enterprise Linux (RHEL) 7. New features include enhanced support for Docker containers and a cross-realm trust system to ease access for Active Directory users across RHEL domains. The new release also comes with several performance and security improvements.
As with previous RHEL versions, the latest edition is not something you can just download and use; rather, it is available through a subscription service with Red Hat. RHEL 7 is the first major Red Hat release since the RHEL clone CentOS officially joined forces with Red Hat. CentOS 7 was released soon after RHEL 7
Microsoft Grabs No-IP.com Domains
In a dramatic move, Microsoft obtained a court order to seize 22 domains from dynamic DNS provider No-IP.com because the domains were allegedly used by attackers to propagate the Bladabindi and Jenxcus malware tools. No-IP.com, one of the most popular dynamic DNS services, allows a customer to maintain a static DNS name even when using a dynamic IP address. Millions of customers use No-IP.com to maintain a permanent web presence while using an ordinary DHCP-based temporary IP address.
"Seizing" within the DNS system means the authoritative name server for the domain was changed to a name server under Microsoft's control. Internet attackers like dynamic DNS services for the same reason other customers like them: They can hard code a permanent logical name into their intrusion scripts without revealing a permanent location associated with an IP address.
Microsoft accuses Vitalwerks of violating the Anticybersquatting Consumer Protection Act and other laws designed to combat the malware epidemic, stating that Vitalwerks and No-IP are not doing enough to prevent abuses. The Microsoft complaint states that No-IP "… functions as a major hub for 245 different types of malware circulating on the Internet."
Vitalwerks expressed shock, stating that they have "a long history of proactively working with other companies when cases of alleged malicious activity is reported to us." Company officials said Microsoft didn't bother to reach out to them before moving to block the offending domains through a court order. The action was supposed to only affect a few targeted subdomains, but Vitalwerks says Microsoft's actions have interrupted service for millions of customers.
The implications for the dynamic DNS industry will depend on the details of the case. Is the whole concept of dynamic DNS risky by nature, or, as Microsoft alleges, did No-IP.com have a lackadaisical attitude toward preventing abuses? So far, neither the judge nor the many lawyers have addressed the irony of the world's leader in insecure, virus-laden software accusing another company of providing a safe environment for malware.
Firefox Steps into 3D
Vladimir Vukicevic, Mozilla's director of engineering, has announced an effort to integrate virtual reality (VR) technologies into the Firefox browser. According to Vukicevic, Firefox developers will begin adding support for virtual reality devices, such as Oculus Rift, to experimental Firefox builds "so that Web developers can start experimenting with adding VR interactivity to their websites and content."
Other changes will follow as the developers continue to prepare Firefox for a 3D future. Vukicevic's blog post outlines the following goals for Firefox's VR initiative:
- Rendering Canvas (WebGL or 2D) to VR output devices.
- Rendering 3D video to VR output devices (as directly as possible).
- Rendering HTML (DOM+CSS) content to VR output devices, using existing CSS features (e.g., 3D transforms).
- Mixing WebGL-rendered 3D content with DOM-rendered 3D-transformed content in a single 3D space.
- Receiving input from orientation and position sensors, with a focus on reducing latency from input/render to final presentation.
Vukicevic points out that the experimental VR version of Firefox is not currently in the main Firefox source tree. The immediate goal is to get feedback from developers and VR device vendors that will help set the direction and priorities for the work ahead. Ultimately, the team hopes to integrate VR functionality fully with mainstream Firefox versions.
New Raspberry Pi Adds Two USB Ports
Raspberry Pi scion Eben Upton has announced an important new revision of the Raspberry Pi board. The new board is a revision of the popular Raspberry Pi B and is known as the Raspberry Pi B+. The most noticable change is the presence of four (rather than two) USB ports. The shortage of USB ports was a common complaint with Raspberry Pi users. Once you plugged in a keyboard and mouse, the two-port design left no room for additional USB devices. Most instruction manuals recommended a separate powered USB hub, which added complication and significant expense to the cost of the ultra-inexpensive Raspberry Pi.
The B+ board also brings other changes, including more GPIO pins (40 instead of 24) and a micro-SD memory card instead of the previous friction-fit SD card. Notably absent is the RCA video connector found on previous Rasp Pi designs.
The new board is similar in size to the previous model, but it is 2 millimeters wider, meaning that the old cases probably won't fit. Aside from these changes, most of the other specs are quite similar to the previous Model B boards (which is why this one is B+ instead of Raspberry Pi C). The system uses the same Broadcom processor with 512MB of RAM. The retail price is also the same, with a recommended price of US$ 35, EUR 29.9, or UK£ 26.
Upton said the Raspberry Pi Foundation will continue to support the Model B board "to ensure continuity of supply for our industrial customers." Although the Raspberry Pi was developed for educational purposes, it has gained an unexpected following as a tool for industrial prototypes and small-volume manufacturing.
Password Management Services Vulnerable to Attack
According to a study at the University of California, Berkeley, web-based password manager services have significant flaws and are vulnerable to attack. A paper, titled "The Emperor's New Password Manager: Security Analysis of Web-based Password Managers" by Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song, details the study of five popular password management services.
The report states, "… in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites. We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords."
Password managers have gained popularity as a means for avoiding the proliferation of many different passwords for many different websites. Authentication with the password manager service opens all the user's online accounts. Unfortunately, an intruder who gains access to the password manager thus gains access to the user's entire Internet presence.
Most of the services tested in the study responded quickly to the feedback, patching vulnerabilities discovered in the research; however, the authors of the study point out that their investigation was by no means comprehensive, and other vulnerabilities might also exist. Further study will lead to an automated solution that will lead to more complete vulnerability testing. In the meantime, if you decide to go without the services of a password manager, keep in mind that the age-old practices such tools were developed to prevent, such as using the same password for all your accounts or writing your password on a Post-it note stuck to your desk, probably will not offer a greater degree of protection.
Criminal Crypto Defeated Cops Nine Times in 2013
According to a report in the Register (http://www.theregister.co.uk), the US government reported nine cases in which they were prevented from eavesdropping due to cryptography in 2013. This total is more than double the four successful criminal crypto episodes in 2012. Before 2012, there were no reported cases of police failing to recover original text. The report covers wiretaps executed under a warrant approved by federal or state judges. Cryptography is still used in only a small percentage of surveillance cases. The increase in unsuccessful taps could indicate that criminals are becoming more savvy about cryptographic technology.
Buy this article as PDF
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm