FOSS Week in Review
FreeBSD rethinks encryption after Snowden leaks
Only three months after the Snowden leaks on NSA snooping began, we learn from Ars Technica that the developers at FreeBSD have decided to rethink the way they access random numbers to generate cryptographic keys. Starting with version 10.0, users of the operating system will no longer be relying solely on random numbers generated by Intel and Via Technologies processors. This comes as a response to reports that government spooks can successfully open some encryption schemes.
“‘For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random,’ FreeBSD developers said. ‘It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more.’”
RDRAND has been used to supply random numbers for Intel processors since Ivy Bridge and Padlock is used in chips from Via.
In September, shortly after it was leaked that the NSA and GCHQ had backdoor access to some encryption thecnologies, The Register reported that Linux developer Kyle Condon had petitioned Linus Torvalds to remove the use of RDRAND from the Linux kernel. The request was quickly declined.
“Torvalds argued…that the values from RdRand are combined with other sources of randomness, which would thwart any attempts to game the processor’s output – but it’s claimed that mix is trivial (involving just an exclusive OR) and can be circumvented by g-men.”
The fact that open source projects are examining their security precautions under a microscope might be one of the few good things that arise from the NSA’s dirty actions.Will Microsoft’s Nokia release Android phone?
If you think that Nokia is only concentrating on Windows handsets, think again. For a while now, the folks from Finland have been working on re-positioning Android to be used on their entry level line of phones called Asha. The project, with the code names Normandy and AoL (Asha on Linux), seeks to bring new life to the line by replacing the current operating system, Series 40, which is getting a little long of tooth.
Because Microsoft gets ownership of the Asha brand in their buyout of Nokia, it’s been presumed they’ll use the inexpensive line to gain some Windows Phone traction, meaning they’ll quash the Android project. However, according to Ina Fried writing for All Things D, folks within Nokia feel that Redmond might let the project survive.
“According to a Nokia source, the software has a look more similar to Windows Phone than to the “squircle” icons used on the Asha. Normandy would also serve as a way to deliver Microsoft services such as Bing and Skype.
“That is seen by some at Microsoft as a more palatable alternative than watching more of those first-time smartphone buyers sign up not just for Android but also for Google’s array of services.”
We’ll take a wait-and-see attitude on this. We have trouble believing the folks in Redmond would be willing to take the PR hit which would be inevitable if Microsoft were to be involved with the manufacturing of any open source handset, especially one running Linux. However, if they truly want to become a major player in mobile they’ll probably have more luck with Android than with Windows.
Which might be why MS is thinking of giving Windows away for free. On Wednesday The Verge reported that Microsoft’s OS chief, Terry Myerson, is considering releasing Windows Phone and Windows RT free of charge to OEMs. If it happens, this change of policy would most likely come with the release of Windows 8.2, code named Threshold, due in 2015.
“We understand that any decision to axe the license fees for Windows Phone and Windows RT would be backed by a push for revenue from Microsoft’s apps and services. Microsoft has been experimenting with ads in Windows 8 apps, and any associated revenue from those apps and the company’s built-in Bing search results would help offset the lack of license fees. Microsoft would also push consumers to subscribe to services like SkyDrive, Office, and Skype for additional revenue.”
It’s obvious this will be free beer and not free speech. The number of OEMs that’ll take them up on this offer, if it happens, is anyone’s guess.
HP says expect less from Microsoft in the future
Even before the release Microsoft branded Surface tablets and the purchase of Nokia, there was ample evidence that the OEMs were changing their relationships with Microsoft. That became very obvious yesterday at the HP Discover conference in Barcelona. CNET’s Brooke Crothers tells us that Sridhar Solur, HP’s director of Next Gen Computing and Cloud Services, had some choice words to say about the future of the Wintel confederation.
“In 2012 there were 300 million-plus PCs that were shipped. The big players were Intel and Microsoft. Think about the business models of those companies [in] 2012. The year now is 2014. The total number of mobile devices shipped is 3 billion. That’s a magnitude higher.
“Look at the major players. You have ARM. Look at the business model difference between Intel and ARM. Look at the operating systems. In today’s world, other than Microsoft there’s no one else who charges for an operating system. It’s vastly different.
“The next wave of computing [will be in] 2016. You’re talking about 30 billion connected devices. Look at who are the players. This is a total greenfield opportunity.”
Remember the old gray mare? She ain’t what she used to be.
RHEL 7 to default to MariaDB
Red Hat Enterprise Linux 7, now in beta and due to be released within the next three months, will no longer use Oracle’s MySQL for it’s default database management system (DBMS). Yup, RHEL has joined practically every other major Linux distro and has made the move to MariaDB, as we learned Wednesday from Steven J. Vaughan-Nichols at ZDNet.
“In an e-mail exchange, Ron Pacheco, Red Hat’s senior manager of platform product management, said, ‘In RHEL 7, MariaDB provides an outlet for database innovation, thanks to the rapid growth of the community and its adoption by many free and commercial offerings, with RHEL 7 being one of them. To meet the needs of the next-generation enterprise, IT needs a database that supports swift evolution and adaptation, both traits provided by MariaDB and the key rationale for its inclusion in RHEL 7.’”
This was pretty much a no-brainer for the folks at Red Hat, considering the fact that MariaDB is a drop-in replacement for MySQL, meaning no muss/no fuss for users. Those who aren’t yet ready to make the move need not worry.
“‘Red Hat will continue to support MySQL in the more mature editions of RHEL (including RHEL 6), but for Red Hat Enterprise Linux 7 we have selected a database technology for the future with MariaDB,’ said Pacheco.”
In addition to the database change, RHEL 7 adds new virtualization, cloud, and in-place system upgrading features.
The Supremes to decide on software patents
The U.S. Supreme Court has agreed to take a case that might offer some guidance to lower courts when it comes to judging the merits of software patents. We learned from Reuters that the court has agreed to take a case by patent holder Alice Corporation Pty Ltd against CLS Bank International. The latter company claims a patent being used against it should be invalidated because it merely addresses computerizing common business practices.
“With the rise of computer-based products in recent years, courts have struggled to apply patent law. Some legal experts, including the Electronic Frontier Foundation, a digital civil liberties group, say that courts are too keen to uphold patents on ideas that are too vague to deserve protection.
“Such vague patents can be used against big tech companies, which say they are forced to spend money defending lawsuits instead of investing in research and development. Technology companies are particularly concerned about litigation brought by so-called “patent trolls,” defined as companies that hold patents only for the purpose of suing other companies seeking to develop new products.”
Although we’d love for SCOTUS to rule on the patentability of software in general, we don’t expect that to happen. However, a sane and sensible ruling on the patenting of abstract ideas would be greatly appreciated.
Have a happy Friday the 13th, everybody! Until next time, may the FOSS be with you…