Also included: Remembering Vernon Adams, Red Hat vs. VMware, a new distro release, openSUSE Leap and ransomware that deletes files.
FOSS Week in Review
The summer of ’16 is all but over. Good riddance. Here in my piece of the woods we’ve seen all of the 90 plus days with high humidity I can take. Time to get out the long sleeves and sweaters.
It’s also time to look at this week’s FOSS news.
Building Tor to a next new level: Tor is still safe, but there are cracks in it’s armor. You can still safely cruise the net through The Onion Router with your identity kept secret — most of the time but not always. Thankfully, for the time being that “not always” stands at about one in several million, but organizations like the NSA and the Brit’s GCHQ have been working at chipping away at those odds to turn them more in their favor.
In Feburary we learned that in 2014 researchers at the Software Engineering Institute at Carnegie Mellon University had been hired by the Department of Defense to research cracking Tor. In July, at least 110 Tor relay computers, the backbone of the Tor system, were found probing Tor’s hidden websites seeking to identify the operators and visitors, as well as attempting to attack Tor sites using tactics such as SQL injection, cross-site scripting, user enumeration and others.
Then Ars Technica told us this week that some of Tor’s vulnerabilities have been known from the beginning. Others, such as the “poisoned relay attack,” are new. However, Ars reports that they were told by Aaron Johnson of the US Naval Research Laboratory, the organization that helped create Tor, that the system is not broken. As Ars put it: “It was never designed to be secure against the world’s most powerful adversaries in the first place.”
The good news is that people are on top of it. Currently there are at least five projects at work to develop stronger anonymity. Eventually one or more of these will replace Tor as we know it now. For the time being, however, all of these remain in research. Real-life deployment won’t happen in the immediate future.
In the meantime, your anonymity when using Tor is good enough.
Goodbye OpenOffice? New Windows computers are still being delivered with OpenOffice pre-installed. This is probably the result of both laziness and a lack of awareness about what’s available in the open source world. I’ve been constantly surprised to find Windows using friends still using OpenOffice. Not a one, when I’ve asked why they’re not using LibreOffice instead, had even heard of LibreOffice. Yet every single one took my advice and downloaded and installed LibreOffice to take it for a test drive. And every single one thanked me for the heads up, nuked OpenOffice and continued to use LibreOffice after they did.
Maybe soon Windows vendors will be forced to discover LibreOffice. It appears that the folks at Apache are considering retiring OpenOffice. This would be good, as the project hasn’t been being properly maintained since The Document Foundation forked OpenOffice and ran the ball into the end zone. It’s time to retire OpenOffice. It serves no purpose, and in its current neglected state is a security liability.
Red Hat taking on VMware: Did you notice Red Hat playing all nice and kissy-kissy with VMware at last week’s LinuxCon? It was all a show, of course. On the last day of the conference, Red Hat announced the rebranding — and upgrading — of it’s virtualization product as Red Hat Virtualization, or RHV. By Friday, they were making sure that everyone in the tech press knew that it was targeting VMware’s customers. War has been declared.
Passing thoughts: Open-source font developer Vernon Adams has passed away in California at the age of 49 as a result of injuries received in a 2014 automobile accident.
Another day, another distro: Based on Slackware, Salix 14.2 Xfce Edition has been released and is available for download.
Quick takes: Those who like openSUSE but don’t like bleeding edge can look forward to the planned November release of openSUSE Leap, which promises to be more stable and with a more conservative approach. The first beta release is available for download now… A new ransomware threat targeting Linux web servers actually deletes files instead of encrypting them. Consider this a warning to keep your backups current.
That’s it for this week. Have a great Labor Day everybody. Until next time, may the FOSS be with you…