Below you will find pages that utilize the taxonomy term “Red-Hat”
The XZ Utils Backdoor has (finally?) penetrated the non-tech press
Those of us who are deep in the tech world remember about 6 weeks ago when all our social media and news feeds were talking about the XZ Utils backdoor. ( Here’s a great writeup from my favorite tech site, Ars Technica)
Really quick, bulleted recap:
- XZ Utils is a really awesome compression format. (In fact, earlier this month I got some Linux image files to run off an SD card that were compressed in xz
- SSH uses XZ Utils
- Only one guy was effectively maintaining it
- Someone or some group pretending to be one person social engineered the maintainer to giving them commit access
- they used that to put some backdoors
- Because it’s in SSH it would have made every computer on the net vulnerable
- LUCKILY it was found (by accident - see the Ars Technica story) before it made it out of most (all?) Linux distro test repositories
I was incredibly surprised to hear about it today on Planet Money’s episode: The hack that almost broke the Internet. It’s a really great episode to share with your non-techie friends who want to understand what you were stressed about and which it matters to everyone, not just techies. Of all the Linux distros, they start off interviewing someone from Red Hat! (My favorite Linux distro family) The episode then goes back to the 1980s to explain the origins of open source (not FLOSS, there’s no rms here - it’s Bruce Perens they interview) before bringing it back to the present and explaining the how the social engineering attack happened and what it affected. (Also a quick moment that explained how MS went from hating OSS to supporting it) I thought it was an incredibly well-produced episode that brings everything into context for those who aren’t neck-deep in Linux and/or open source. Give it a listen and pass it along!
Red Hat and Family Release 9.4 and a Rocky Linux Take Down
Red Hat released version 9.4 today. Lots of jargon (including a mention of AI), but one of the big deals considering how long Red Hat support contracts go is the addition of ARM64 as a supported architecture. 9to5Linux also had a summary of the new features.
I remember back before CentOS became CentOS Stream there would always be a long lag time from RHEL releases until CentOS. That’s why I was so surprised to learn that Alma Linux 9.4 is also available today. What I found neatest about Alma is the way they’re distinguishing their distro. Why just go for another RHEL clone? Well, in this case Alma Linux is decided to support hardware that had been deprecated by Red Hat. So now they get to position their disto as a useful alternative, not just a free offering - more important now that you can have up to 16 free RHEL licenses.
Oracle's Virtualbox vs Red Hat's Virtual Machine Manager
I’ve been using Virtualbox for a long time to run virtual machines when I want to check out other distros before I install them on one of my computers or to review them. It’s MOSTLY open source, although some of the key parts like USB 2.0 are free to use, but not open source. So now that Red Hat’s Virtual Machine Manager is starting to look pretty useful I figured I should check it out. That way I could be using a FLOSS virtual machine program - assuming the features were good enough to match Oracle’s offerings. Also, Virtualbox requires a kernel module that has to be recompiled every time a new kernel is installed and that’s annoying. I figured I’d test out both programs by installed a VM of Centos.
A Quick Review: Windows 7
This is the first time in nearly 10 years that I’m moving to a new version of WIndows. I pop the CD in and boot up. I see a text screen as Windows “loads files”.
Nothing here different from a Linux distro. Then the Windows logo pops up.
Empathize!
Well, the latest craze to hit the Linux bloggers is talking about Empathy. Everyone is talking about it. It’s apparently going to be in the next version of Gnome and Ubuntu is considering replacing Pidgin with Empathy for the next release. First of all, depending on how much work is done on Empathy between now and then, I think this may be a bad idea. Ubuntu is the distro we give our Linux n00b friends to play with. Pidgin can do (more or less) everything Trillian can do (and definitely everything AIM can do - except voice/vid). Do we want them thinking that Linux is crap because they are using the feature incomplete Empathy?
Linux Tidbits
In an interesting game of Russian dolls Techalign released Pioneer Linux, based on Ubuntu, which in turn is based upon the venerable Debian Linux. Technically, they’ve based it off of Kubuntu which is a KDE spinoff of Ubuntu; they aren’t even using Ubuntu proper. So when they send patches upstream, are they sending them to Ubuntu or Debian? Check out their free version, live CD, or pay version.
Red Hat is moving from the Nasdaq to the New York Stock Exchange. Great for the bean counters, probably won’t mean much for us.