NEWS

Gone in a Flash

Adobe Flash, which has been the subject of many security alerts during the past two years, is getting a new start, with rewritten code and a new name. Adobe announced that it is renaming the Flash Professional tool included in its Creative Cloud suite Adobe Animate CC.

Adobe's announcement does not mention the numerous security problems associated with Flash; however, it does point out the need to incorporate native HTML5 support.

The Canvas feature of the new HTML standard offers a means for developers to create animations without the need for tools like Flash. The new Adobe Animate edition will leverage HTML5 features while still providing "first-class" support for Flash SWF and AIR formats.

Rasp Pi Generates Weak SSH Keys

The Debian-based Raspbian Linux system, which runs on the tiny and popular Raspberry Pi single-board computer systems, appears to have a problem generating potentially weak SSH keys. Because the Rasp Pi doesn't come with a monitor, many Rasp Pi owners use SSH as a primary means of communicating with the system. And, although many consumer-end Pis are sitting behind firewalls on small home networks (uh, how safe are those home firewalls?), Internet-connected Raspberry Pis have started to appear as web servers, weather stations, remote photography experiments, and security cameras.

The Register quotes a Rasp Pi message board note, "Many Linux distributions stockpile random seed data during installation, and then use that to prime the pool during first boot-up, but Raspbian doesn't work that way – it starts up ready to go straight from the SD card, and thus suffers from low entropy."

On current Raspbian systems, hardware random number generation isn't enabled by default. The system uses the random data in the /dev/urandom pool to generate a host key, but the pool doesn't have enough entropy at the early stage where the keys are created. The Raspbian developers say they will fix the issue in the next release. In the meantime, users who are concerned about SSH security should use the Pi's onboard hardware random number generator to see the /dev/urandom file and regenerate SSH host keys.

Photon Controller Goes Open Source

Virtualization giant VMware continues its effort to embrace the container business with the announcement that its Photon Controller tool has been officially released as open source. According to VMware, Photon Controller, which was officially announced in August of this year, is "… a new infrastructure stack optimized for containers and cloud-native apps."

The container revolution has added complications to VMware's market position as a leading virtualization alternative. Photon Controller will make it easier to integrate container support with VMware's virtualization management infrastructure, and it should put the company in a better position to compete with container management technologies from Docker, Google, and other vendors.

Open sourcing the Photon Controller should stir up activity among developers and integrators, which VMware hopes will lead to adoption of its complete virtualization and cloud management stack.