The latest list of the top 500 supercomputers was announced at the Supercomputing 2014 Conference in New Orleans. China's Tianhe-2 supercomputer topped the list at 33.86 petaFLOPS for the fourth straight time. (The TOP500 list comes out twice per year.)

The most significant feature of this list is the lack of change since the last list. The only change in the top 10 was a new 3.57PFLOPS Cray system (for an undisclosed US government site) taking the Number 10 position.

The total performance of all 500 systems is 309PFLOPS, which is up from 274PFLOPS for the last list. Although the systems are indeed getting faster, many sources point to the fact that the overall growth rate in performance has slowed.

According to the TOP500 press release, "With the latest list, the overall list-by-list growth rates of performance continues to be at historically low values for the last two years. This lag in the overall average performance of all 500 systems is noticeably influenced by the very large systems at the top of the list. Recent installations of very large systems – up to June 2013 – have counteracted the reduced growth rate at the bottom of the list, but with few new systems at the top of the past few lists, the overall growth rate is now slowing. This offers an indication that the market for the very largest systems might currently behave differently from the market of mid-sized and smaller supercomputers."

The list features 50 computers with performance greater than 1PFLOPS, up from 37 six months ago. A total of 75 systems on the list use accelerator/coprocessor technology. For more information on the latest TOP500 list, see the press release at the TOP500 website.

A group of Debian developers have announced that they are forking the Debian source code to start a new Linux project, which they have dubbed Devuan (pronounced "DevOne" in English). The group, which calls itself the Veteran Unix Admin (VUA) collective, is alarmed about the drift of most major Linux distros toward the systemd service manager daemon. A service manager is the first process that starts on a Linux system, and it has the role of starting other processes. The init tool served as a universal service manager for Linux and for many Unix systems until recently, when several Linux vendors became concerned that the init code was too slow and not versatile enough for modern systems.

Fedora, Red Hat, and SUSE have all switched to using systemd instead of init. Ubuntu launched Upstart as an init alternative, but when the mainstream Debian project switched to systemd, Ubuntu, which is based on Debian code, adopted systemd also.

Many developers, however, are concerned that systemd places restrictions on freedom and flexibility by making too many assumptions about the environment. They also say systemd doesn't work well with core Linux components such as Xorg. According to the Devuan developers, "We believe this situation is also the result of a longer process leading to the take-over of Debian by the Gnome project."

Because so many other distros are built from the Debian codebase, changing Debian to systemd almost guarantees that many downstream distros will have to change with it. The Devuan developers say they want to offer an alternative for users, developers, and distributions that want to continue to support init.

Those who celebrate diversity and choice as important values for the Linux community will be happy to know that an init-based Debian alternative will continue. Those who express concern about the fragmentation and lack of standardization in Linux might be less enthusiastic.

According to a recent report in Wired magazine, the security firm Shape Security has discovered a new attack method that uses draft email messages to send commands to a compromised system. Most network security systems watch closely for command and control messages that might indicate an attack underway. By hiding the commands in email drafts, the attackers circumvent defense techniques that monitor TCP/IP traffic, and they even avoid defenses that look for attacks through regular email delivery.

Versions of the attack use a webmail system, such as Gmail. The attacker first installs Python on a compromised system and configures it to run scripts saved in the mail draft folder. After that, the attacker just needs to log in to the mail account and save a script within a draft message. When the account is accessed from the client, the script executes. Because the attack is triggered through an ordinary service that does not leave a trace of clandestine activity, it is very difficult to discover. This attack is apparently a variant of the Icoscrript attack, which was discovered last summer.

Wired points out that this attack is oddly reminiscent of the behavior of US Army General David Petraeus and his former lover Paula Broadwell, who apparently used the draft folder in a shared Gmail account to send each other secret love notes.

The openSUSE project announced the release of openSUSE 13.2. The latest version is the first release since the change to a rolling-release production format. OpenSUSE is a community distro based on the enterprise-grade SUSE Linux codebase, which has been around since the early days of Linux. According to openSUSE leader Ancor González Sosa, the new release provides "… the perfect balance between innovation and stability with the greatest level of freedom of choice that openSUSE users are used to."

The new edition offers Btrfs as the default filesystem, integrated with the Snapper tool for managing filesystem snapshots, and supports the innovative Dracut framework for shorter boot time. Also included are the KDE 4.14 and Gnome 3.14 desktops, along with MATE 1.8 and several other popular desktop alternatives. The release also comes with Docker 1.2 and many virtualization enhancements, along with improvements to SUSE's signature YaST management utility.

A new man-in-the-middle attack is reportedly allowing attackers to steal credentials and deliver malware to smartphone systems. The DoubleDirect technique works on mobile phones and tablets running Android or iOS. The technique is described in a blog post by mobile security firm Zimperium that also includes a link to a tool they developed to look for the presence of DoubleDirect. The post states that DoubleDirect lets the attacker redirect services from Google, Facebook, Twitter, Hotmail, Live.com, and other sites. Attacks have been documented in 31 countries.

Zimperium says the attack employs the ICMP Redirect feature routers use to notify mobile hosts that a better route is available. According to the blog post, "… an attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP. As a result, the attacker can launch a MITM attack, redirecting the victim's traffic to his device."

The Linux Mint team has announced the release of Mint 17.1 "Rebecca." The popular Mint is a desktop distro designed to work out of the box for most conventional PC hardware with strong multimedia support. The latest version is based on the Ubuntu 14.04 LTS edition, which will be supported until 2019.

The Mint developers typically release separate editions for the various supported desktops. Mint is famous for its efforts to develop desktop alternatives, such as Mate (based on Gnome 2) and Cinnamon (based on Gnome 3 and the Gnome Shell). The team typically releases separate editions for the different desktops. The Mint 17.1 Mate and Cinnamon editions have both appeared over the past few days.

Mint 17.1 Cinnamon includes many small desktop refinements and also adds support for single-button touchpads. Cinnamon 2.4 also comes with improvements for managing themes, backgrounds, and networks. The Mate edition supports both the Marco and Compiz window managers and includes new options for managing graphical settings and switching between workspaces.

Both editions include enhancements to the underlying system, such as a better update manager, support for additional kernels, and a revised kernel selection screen. A new pastebin command makes it easy to post digital images, video, and other files online.

See the Mint project website for more information on Mint 17.1 (http://www.linuxmint.com/).

The CeBIT 2015 Open Source Forum features a comprehensive daily program of more than 60 presentations, illuminating all aspects of Linux, open source, and free software from systemd to Raspberry Pi.

The Call for Papers is aimed at practitioners, developers, and strategists from the open source, business, and government communities. Issues of specific interest are systems administration/automation, security/privacy, drivers/kernel, the future of Linux, open hardware/Raspberry Pi, and much more.

Application and Contact

To submit your presentation for CeBIT Open Source Forum, please complete the application form (http://www.linux-magazin.de/Special/Cebit-2015/CeBIT-Open-Source-Forum-2015-Call-For-Papers) or send a short description of your proposal with your name and a telephone number (for potential questions) to mailto:callforpapers@linux-magazin.de. Presentations should be either 30 or 45 minutes long (including a short Q&A session) in either English or German.

Presentation slots are allocated by an international jury of open source experts, with a small number of slots reserved for sponsors. Please contact Petra Jaser (mailto:petra.jaser@computec.de) if you are interested.

The adjacent joint exhibition area Open Source Park features open source-based IT solutions from small and medium-sized companies (contact Bettina Koch at: mailto:b.koch@pluspol.de).

CeBIT 2015 takes place in Hannover, Germany, from March 16 to 20, 2015. The deadline for submissions for the Open Source Forum is Sunday, January 25, 2015.

A recent research project claims it is possible for a well-funded and powerful entity such as a nation-state to identify up to 81% of people using the so-called TOR anonymity network.

The technique relies on traffic analysis and depends on injecting a traffic pattern, such as an HTML file, and then monitoring traffic at the exit node. The study was conducted by a team led by Sambuddho Chakravarty (now with Indraprastha Institute of Information Technology in Delhi, India) while he was a student at Columbia University, New York.

According to the paper, costly and time-consuming packet-level traffic analysis is the most accurate means for unmasking anonymous users, but the 81% accuracy is actually achievable using the less accurate but more time-efficient NetFlow monitoring technology built into Cisco routers.

The full methodology requires a well-funded and powerful organization such as the NSA or another government-funded agency, but according to the paper, a single autonomous system was able to monitor 39% of randomly generated TOR circuits.

It is unclear at this point whether the TOR creators will have a fix for this ploy or if another anonymity tool will rise to replace the popular TOR.

Microsoft has announced that it is releasing the .NET Core Runtime and libraries as open source code under an MIT license.

Microsoft VP for Cloud and Enterprise Scott Guthrie writes in his blog that Redmond is open-sourcing the .NET Core Runtime, which includes "the CLR, Just-in-Time Compiler (JIT), Garbage Collector (GC), and core .NET base class libraries."

The news follows a series of earlier announcements this year, marking a significant shift in the company's relationship with the world of open source.

In April, Microsoft launched the .NET Foundation, which is a non-profit group that would guide future development of .NET technologies. Leading open source developer (and creator of the Mono framework) Miguel de Icaza was even added to the .NET Foundation board.

Additionally, the company has recently open-sourced code for ASP.NET, EF, Web API, NuGet, and the "Roslyn" C# and VB compilers.

The recent moves to embrace open source should help build better collaboration between Microsoft and community-based programmers. The company is also hoping that eliminating restrictions on the use of its technologies will lead to more widespread acceptance.

As many commentators have pointed out, Microsoft has significantly changed its stance on open source since 2001, when then-CEO Steve Ballmer called Linux "… a cancer that attaches itself in an intellectual property sense to everything it touches." However, Redmond figured out several years ago that it couldn't squelch open source software, and the change to better cooperation has been gradual.

Acceptance picked up steam when Satya Nadella took over as the new Microsoft CEO; he even appeared recently beneath a giant projection of the words "Microsoft" and "Linux," with a big red heart between them to affirm that "Microsoft Loves Linux."

The US Department of Energy has announced that IBM will provide a next-generation supercomputer for the Oak Ridge National Laboratory (ORNL). The new "Summit" supercomputer, which will go online in 2017, will "… provide at least five times the performance of Titan, the OLCF's current leadership system, for a wide range of scientific applications." ORNL's Titan system is listed as the second fastest supercomputer in the world on the latest edition of the TOP500 list.

Summit will include 3,400 nodes, each with multiple IBM Power9 processors and multiple Nvidia Volta GPUs. Every node will also offer more than 512GB of combined DDR4 and high-bandwidth memory and an additional 800GB of NVRAM to serve as either a burst buffer or as extended memory.

According to Summit project director Buddy Bland, "Summit builds on the hybrid multi-core architecture that the Oak Ridge Leadership Computing Facility (OLCF) successfully pioneered with Titan. The large, powerful nodes allow applications to achieve very high performance without have to scale to hundreds or thousands of Message Passing Interface (MPI) tasks."

ORNL says it will use the Summit system to study combustion science, climate change, energy storage, and nuclear power.