Collection of Linux related news hopefully!
It's been a "calm" release cycle, according to Linus Torvalds, but the 3.4 Linux kernel released on Sunday still has plenty of interesting new features. Top of the bill? A X32 application binary interface (ABI) that will help provide better performance for applications that don't really need huge chunks of memory or 64-bit variables.
"Openness" is not a term that jumps to mind when describing the Chinese government. Yet on Sunday when Chinese regulators approved Google's acquisition of Motorola Mobility, they applied a surprising caveat: Google must keep Android free and open source for the next five years.
The approval lifted the last obstacle to the $12.5 billion merger and is resulting today in the completed Google/Motorola deal. As part of the announcement and as anticipated, Larry Page is naming Dennis Woodside as Motorola's CEO.
China's demand for openness is an ironic sequel to the 2010 disagreement with Google over another openness issue: Internet search. In 2010, Google refused to let China filter its search results, and was forced to retreat from the Chinese search market, leaving the homegrown, filter-friendly Baidu as the dominant leader. The rift may have led China to delay its verdict until several months after U.S. and EU regulatory bodies announced their restriction-free approvals in February.
While China's demands mean OEMs and developers can breathe a little easier about Android's future, few expected Google would soon discard its successful open-source strategy. Google has repeatedly vowed to keep Android open, to provide timely updates to all Android vendors without favoring Motorola Mobility, and to maintain Motorola as a separate, independent company.
Some speculate that Google may even spin off Motorola once it has plundered the U.S.-based Android device manufacturer's 17,000-plus technology patents. The patents, which should help Google fend off Android-related legal attacks, were widely seen as the main goal of the acquisition. Google will likely keep Motorola, however, as a means to project its own vision of Android devices, free from UI skins and bloatware. In addition, Motorola's set-top box division could help revive Google TV.
Google's five-vendor Nexus strategy
Google's open source commitment was far from a given. Some analysts advised the company to go proprietary as a way to eliminate fragmentation and better compete with Apple. In August, Piper Jaffray projected Google could earn $10.5 billion in profits by 2015 following the proprietary path.
Others suggested Google might pursue a middle ground by giving Motorola a head-start with new Android code before releasing code to others. Google has always denied the possibility, however, and China's approval would appear to prohibit this. In fact, a May 15 Wall Street Journal article claims that Google will debut the upcoming Android "Jelly Bean" release in November on unlocked devices from up to five manufacturers.
Previously, Google had released such Google-branded "Nexus" devices with only a single partner. HTC built the original Android phone and first "Nexus" phone, and Samsung built the next two Nexus models. Last year, Motorola's Xoom acted as an unofficial showcase model for Android 3.0 "Honeycomb" tablets.
According to the Journal's unnamed source, Google will once again attempt direct sales with the devices, as it did with the HTC Nexus One in 2010. Although participating Android vendors won't likely be permitted to add UI layers, they will enjoy early access to the latest code.
Presumably, Samsung, HTC, and Google's other major Android partners have been given a shot at a Nexus device, in addition to Motorola. Asustek has also been rumored to be working on a co-branded tablet with Google. China's Huawei or ZTE, both of which are rapidly building Android market share, may well share in the Jelly Bean debut, according to the story.
Mobile carriers, on the other hand, will likely be miffed, as the unlocked phones and tablets will work on multiple networks. The carriers can only hope that Google will fail to learn the lessons from its unsuccessful direct-sales scheme with the Nexus One.
Unlocked bootloaders aside, an open source Android is arguably as much in the interests of the carriers as it is with Android vendors, developers, and consumers. Google no doubt realized that a proprietary "Googarola" would further fragment rather than coalesce Android, and that the company might struggle to compete with Apple in its own proprietary hardware game.
FOSS purists would say Android isn't really open source at all, especially due to Google's lack of transparent governance. Yet, the company has finally stepped up its contribution of Android code back to the Linux mainline. More importantly, after protests about its nine-month hold-out on releasing Honeycomb code in 2011, it promptly released Android 4.0 code in November, along with the Honeycomb code.
Pure FOSS or not, Android is open enough to inspire a growing number of open source projects. According to a May 15 Black Duck Software study, 76 percent of the roughly 10,000 new open source mobile open source projects launched in 2011 were based on Android. In other words, Android is beginning to achieve enough open source momentum to ensure that no organization -- including Google, Amazon, Samsung, Verizon, AT&T, or even China -- will be able to fully control it.
As this classic xkcd cartoon reminds us, sudo is very powerful indeed
Linux and Mac OS X users and system administrators, and long before them, Unix users and sysadmins, have used sudo as an essential computer management tool. With it, users are given the power to make essential, but sometimes dangerous, changes to their systems. Recently a fundamental security bug in sudo was discovered, In some network this security hole could allow a cracker unlimited control of Linux, Mac OS X, and Unix systems. Fortunately, the bug has now been fixed.
Sudo, which system operators (sysops) use all the time, has been around for almost as long as Unix has been. People often think sudo stands for “do as superuser.” That’s because it’s most commonly used by trusted ordinary users to run a single command as if they were the “superuser” aka the root user or system administrator. Actually, it stands for “substitute user identity and do.” It’s commonly used to let an ordinary users do extraordinary things like call the shots with your Web server or database with the powers of the appropriate management account.
The idea in all cases is to keep people from, during their ordinary run of the mill work, mistakebly make fundamental changes to the system or core services. Of course, any problem with sudo can easily lead to an escalation-of-privilege exploit. If you can break into sudo there’s really very little you can’t do to a system.
Of course, as powerful as sudo it is, it’s much better than simply allowing users to use the root account all the time for all their work. That way leads to almost certain disaster.
For years, decades, sudo has been used with little trouble. Recently, however, it was found that on a networked system that uses both IPv4 and IPv6-which is becoming increasingly common-it was found that if you also used a sudo configuration file, sudoers, on a network that used LDAP (Lightweight Directory Access Protocol) to manage sudo accounts sudo accounts weren’t being properly regulated. What was happening was that, if sudo use was managed by their network addresses and network masks, a user with an invalid IPv4 Internet address would still be passed through to the IPv6 check… which would then approve them automatically. Whoops!
The problem, which existed in sudo versions 1.6.9p3 through 1.8.4p4, has since been fixed. System administrators should upgrade to 1.8.4p5 or higher as soon as possible.
To exploit the bug, a would-be cracker needs to be in the sudoers file (or sudoers LDAP data) and be granted access to commands on hosts on one or more IPv4 networks. If sudoers doesn’t include IP networks in the host specification portion of the sudoers rules, the bug has no effect. So, if for some reason you can’t fix the problem immediately, you can still block it by removing IP network addresses from your sudoers rules host specification settings.
To my knowledge, no one has exploited this bug yet. Still, any bug that has the potential to give untrusted users absolute power over a system has to be taken seriously and eradicated as soon as possible.
The xkcd cartoon is used under the xkcd License.
Related Stories:
Kaspersky denied iOS app: Apple buries its head in the security sand
Apple releases QuickTime 7.7.2 for Windows, fixes 17 flaws
Avira Antivirus update cripples millions of Windows PCs
Windows malware: are you safer today than you were 10 years ago?
Google’s CEO announced today that it has closed on its $12.5 billion purchase of Motorola and named former Americas chief Dennis Woodside to take the helm.
Anytime a company spends almost $13 billion for a company, it’s news. And anytime Larry Page writes a blog, it’s news. But today’s announcement, made possible after Google finally cleared government scrutiny in the U.S. and China, is huge news. It is how Google aims to compete against Apple.
In his blog, Page predicts that mobile devices will replace desktop PCs, namely smartphones, including Motorola’s hugely successsful Droid line, and tablets, where Motorola has failed to elevate Google’s Android to the same stature. (Hence the buy)
See also: CNET: Google closes $12.5B deal | A daunting to-do list ahead | Google: We now own Motorola Mobility | Android tablet surge will be led by Google-Motorola, HP, Dell | The tablet revolution is coming
“We all remember Motorola’s StarTAC, which at the time seemed tiny and showed the real potential of these devices. And as a company who made a big, early bet on Android, Motorola has become an incredibly valuable partner to Google,” Larry Page wrote today in an announcement. “It’s a well known fact that people tend to overestimate the impact technology will have in the short term, but underestimate its significance in the longer term. Many users coming online today may never use a desktop machine, and the impact of that transition will be profound–as will the ability to just tap and pay with your phone.”
No one underestimates the importance of this buy to Google’s future.
Google is now a hardware company. Its decision to marry its massive software business with hardware, a model championed by Apple and passed over by Microsoft, will have long term ramifications for the company and indeed the entire ecosystem around Android and Chrome.
Compared to Apple’s iPad, Motorola’s Xoom has been a market flop. Google’s next, next generation Android tablet has to be much better.
The combined company has been making some improvements in the sales and marketing of the tablet, such as the “Ice Cream Sandwich” of Android now available on Motorola’s Xoom, and devising a strong, comprehensive strategy that melds Google’s Chrome and Android software (and enterprise applications) with Motorola Droid and Xoom lines. The $449 price cut on the Xoom also helped.
I am a longtime Droid owner and occasional iPad user who has longed for a viable Motorola tablet that can compete head on against Apple. I have hesitated on a tablet buy in part because I am awaiting a blockbuster next generation Xoom that runs a much better Android, in more elegant fashion, the way the iPad does. I want it to run Chrome well, enterprise apps well and to see some amazing innovations in the Google software space, due to the additional points of integration enabled by the marriage of Google’s software with Motorola’s mobile hardware.
I was also an early owner of Motorola’s StarTAC. I like my Droid but continue to run into snags that sometimes require a phone reboot. That may have been acceptable in the early days of the PC but they’re not in the mobile device era.
Becoming a smartphone and tablet manufacturer will have a huge impact on Google’s OEM relationships, and probably not for the better.
I would argue that it’s critical for Google to raise its stature in the open source side of the business. Getting developer buy-in for the next round of competition, in the cloud era, is huge. It appears the company is working harder to become a better citizen in this community. The Android code is back in the Linux kernel. Google continues to invest in leading open source projects such as Firefox. But the company has a ways to go to shed its proprietary image in the pure open source community.
Open source continues to make big strides, and leads in key growth segments including cloud, big data, mobile applications and enterprise mobility, according to a survey published yesterday.
At the launch of the Open Source Business Conference, two key backers in the open source space, Black Duck Software and North Bridge Venture Partners, issued their sixth annual survey results including key findings and challenges for open source in 2012.
Open source is driving innovation not solely because of low cost but because of its perceived high quality, the survey of 700 respondents found. That’s due to the open source development model itself, the survey’s creators opine. “”The quality of open source, and the ability to continuously improve, is now one of the top reasons for its adoption,” according to a statement of findings released yesterday.
The results indicate that more than 50 percent of software acquired in the next five years will be open source and that an increasing number of non-technical segments such as health care, automotive and government as well as stronger enterprise adoption will drive high growth.
Nearly 50 percent of the respondents identified data management as the segement to be most affected by open source in the coming year and roughly half also pointed to project maturity as the most significant factor considered when selecting open source.
The big challenges continue to be finding skilled open source technical talent, management of open source software and figuring out how to engage with the open source community. “The complexity associated with OSS use, from choosing the right project from the over 600,000 available to managing the acquisition, integration, maintenance and support needs off OSS,” continues to be a big challenge, the survey found.
No review is ever written in isolation, absent from context. Usually, you can guess the reviewer's bias within a few paragraphs, and compensate accordingly. He hates LCD display quality, she dislikes proprietary software, they yearn for the days of full bandwidth vinyl. You get the idea.
IBM is gussying up its SmartCloud public cloud to make it more useful for enterprise-class customers, in the hope it can lure them away from Amazon Web Services, Hewlett-Packard, Dell and others. Big Blue is also promising to put its System z mainframes on its cloud.
System maker Oracle has upgraded its version of the Xen server virtualization hypervisor with its own variant of the Linux kernel to bring it in synch with its Enterprise Linux server operating system distro.
Chinese handset manufacturer ZTE has confirmed the presence of a backdoor in one of its Android smartphones.
Read more of this story at Slashdot.
