These are the ten most read articles on FOSS Force for the month of September, 2014. 1. Is Oracle Using Canonical to Counter Red Hat?…
FOSS Force
Three a.m. can be an interesting time to be in a 24 hour Denny’s Restaurant. The clientèle can range from graveyard shift workers on their lunch break to people who have spent all night partying. I never did understand the “Let’s go to Denny’s” mindset after a night of drinking. Why would I want to ruin a $100.00 drinking spree with a $4.00 pancake breakfast?
Of course, the closest thing to alcohol I put in my mouth most days is mouth wash. I honestly don’t miss the hangovers. Neither do I miss the round of apologies I usually had to make the next day for the dumb stuff I had done the night before.
So, sitting at the counter at 3:20 a.m. working on my third cup of coffee, I watched an older gentleman grow more and more frustrated with the laptop in front of him. After a bit, he pulled an old flip phone from his shirt pocket and left a message when the party did not answer.
“James, this is Ed. Give me a call when you get up. This laptop is going blue screen again.”
Editor’s note: This article was updated on 9/29/14 at approx. 5:30 p.m. to include update from Tux Machines publisher Roy Schestowitz.
Since sometime last week the popular Linux site Tux Machines has been under an apparent distributed denial-of-service (DDOS) attack. For the last several days, those trying to visit the site have been redirected to Tech Rights, another site operated by Roy Schestowitz, the owner of Tux Machines, to a post dated Saturday by Schestowitz which reads:
“Windows botnets have been hammering on Tux Machines for nearly a week. It got a lot of worse yesterday and the site became unaccessible much of the time. We don’t know who the attacker is and what the motivations are, but in the mean time the site can be read via the RSS feed. The RSS feed links to all the latest news and the pages ought to work as usual. We apologise for this issue and we are working hard to find a permanent solution.”
Patches are available to fix the bash vulnerability known as Shellshock, along with three additional security issues recently found in the bash shell. The patches are available for all major Linux distros as well as for Solaris, with the patches being distributed through the various distros.
After the patch is applied, there are a couple of commands that can be run from a terminal to ascertain that a system is no longer vulnerable. For details, see the article Steven J. Vaughan-Nichols has written for ZDNet. As yet, there is no patch available for OS X, although Apple says that one is on the way, while assuring its users that Mac systems aren’t vulnerable except for the most advanced users.
The good news about all this is that it demonstrates how quickly the Linux community can get the word out and then rally to engineer a solution when a security problem is discovered. The bad news is that not all Linux users listen. Too many users believe that the security features that are baked into Linux offer complete protection, no matter what. Unfortunately, that’s not the case. It never was, nor can it ever be.
My friend Andrew Wyatt, who spent time some years back as the founder and lead developer of the Fuduntu Linux distro, attempted to address this fact recently in a comment to an article on FOSS Force:
Earlier in the week, my FOSS Force colleague Ken Starks wrote a very poignant column on these pages about how there’s no room for the kind of bullying and other varieties of douchebaggery which seems to appear all too often in forums.
That’s something that really bugs me. Not the fact that Ken brought it up, of course, but the fact that people don’t have the common decency to act with civility in the public realm. When someone responded they way they did to Ken as he describes, I’m grabbing some popcorn because Ken has the unique ability to use words like a Ginsu knife to slice and dice such hapless assclowns before they know what hit them.
But back to my point: The lack of civility and reasonable goodwill that some malcontents show in the FOSS realm bothers me.
Do you know what else bothers me? Glad you asked.
Penguinistas now have another reason not to adopt Ubuntu as their operating system of choice. Canonical and Oracle have each announced, in separate blog posts, that the two companies are working together to insure the compatibility of each company’s Linux offering on the other’s OpenStack cloud implementation.
Such a collaboration isn’t surprising. To be successful in the cloud, Canonical will need to support any Linux distro that potential enterprise customers throw at them, just as they’ll need to support Windows, and to a lesser degree, OS X. What is surprising is that Canonical thought it best to advertise the fact that they’re now holding hands with Oracle, if not in fact dating.
In a PR piece posted on Tuesday, Ubuntu stated, “…Canonical will support Ubuntu as a guest OS on Oracle Linux OpenStack, and Oracle will support Oracle Linux as a guest OS on Ubuntu OpenStack. Canonical will test Oracle Linux as a guest OS in its OpenStack Interoperability Lab (OIL) program. This gives customers the assurance the configuration is tested and supported by both organisations.”
Again, this isn’t surprising, but it would seem to be an ill advised move of desperation by Canonical. Indeed, if the two companies’ relationship has already moved beyond hand holding and the two are contemplating going steady, Canonical would be well served to determine whether Oracle is truly interested in forming an alliance with Ubuntu, or whether Ubuntu is merely a way for Oracle to get around Red Hat.
I say this often – a little too often – and I’ve hammered home the point in various blogs, to say nothing of calling out people who “review” alpha or beta versions of distro releases: Reviewing an alpha or a beta version is akin to sticking your finger in a bowl of cake batter and writing about how a baked cake is going to turn out.
That said, this is not a review of the Fedora 21 Alpha, released yesterday, but rather a test drive of a version that is destined to be improved upon when it is released in December.
So now you can have your cake batter and eat it, too.
First, a moment of silence for the untimely demise of the Fedora Release Name, as Fedora 21 doesn’t have one. Fedora had the best process for release names, causing spirited debate and possibly fisticuffs along the way: $CURRENT_RELEASE_NAME is a ________ and so is $NEXT_RELEASE_NAME, with the blank being filled in with whatever the current name was. Fedora 20 Heisenbug was the last of the named Fedora releases.
Decency…it’s what’s for dinner forums.
It wasn’t but a few days ago that I approached the KDE community in Google Plus to ask a question. In asking that question, I included a screenshot to present a graphical representation of my problem. Three community members responded right away. The first two responses were legitimate queries: questions seeking to gather information needed to calculate an effective attack vector. The third response was…well, not so much.
“Stop, I can’t. My eyes are bleeding. x_x “
The remark about “eyes bleeding” was obviously a reaction to a perceived lack of aesthetics in the screenshot. And yeah, it pissed me off. I didn’t seek a critique on my icon set or color scheme. I was asking how to fix my friggin’ frappin’ problem.
With my verbal weapons cache set to full snark, I proceeded to dress the commenter down for the misplaced and unhelpful comment. I trimmed and honed every word so that my obvious displeasure at the opinion would not be mistaken for anything else.
There are specific and discrete techniques that can help you call someone a jerk. I used a method designed so that the target momentarily believes that you are a nice guy, while everyone else in proximity is checking their clothing for blood spatter. I have become a master of this technique. Whether that’s good or bad, I dunno. It is what it is.
That wasn’t the end of it, however.
FOSS Week in Review
Flamethrowers and a kumbaya that will probably never happen: Yep, that’s the kind of week it was this week in the land of free/open source software.
Wearing your fireproof underwear? KDE’s Aaron Seigo – never one to shy away from saying what he thinks – lit into community managers in a Google+ post on Monday, calling the community manager role in free/open source software projects “a fraud and a farce.”
Credit: Creative Commons Attribution (2.0) image from 8038433@N06’s photostream