The first release of OpenSSL alternative LibreSSL is out, and already a researcher says he has found a “catastrophic failure” in the version for Linux.
The problem resides in the pseudo random number generator (PRNG) that LibreSSL relies on to create keys that can’t be guessed even when an attacker uses extremely fast computers. When done correctly, the pool of numbers supplied is so vast that the numbers will almost never be repeated in subsequent requests, and there should be no way for adversaries to accurately predict which numbers are more likely than others to be chosen. Generators that don’t produce an extremely large pool of truly random numbers can undermine an otherwise robust encryption scheme. The Dual EC_DRBG influenced by the National Security Agency and used by default in RSA’s BSAFE toolkit, for instance, is reportedly so predictable that it can undermine the security of applications that rely on it.
Canonical is a 650-employee software company best known for its version of the Linux operating system. Now its rich-and-famous, daredevil founder, Mark Shuttleworth, is trying to re-create Canonical into the next Apple, knocking Google Android out along the way.
Shuttleworth made his money in 1999 when he sold his first company, Thawte, to VeriSign for a reported $570 million. He gained worldwide fame 2002 when he paid to fly into space with the Russian cosmonauts. (Rumor is, it cost him $20 million.)
For many years, Linux Foundation research has pointed out that companies have a hard time finding enough skilled applicants for their Linux-related technical positions, especially in development. At The Linux Foundation, we have created a number of programs to address this: from Linux technical training to a free Linux MOOC to a training scholarship program to inclusivity programs at our LinuxCon and Cloud events. If there is a shortage of skilled applicants, we want to invite everyone to join the party.
Yet in the past few years, numerousstudieshave shown that the percentage of women open source coders is dismal. It’s dismal when you compare it to proprietary coders or computer science students or the population as a whole. No matter how you look at it, the number is shockingly low. Time and again, studies have shown that diversity increases innovation. If people have a different background than you, or live a different life than you, they solve problems in new ways that help projects grow. There is power and stability in diversity. At The Linux Foundation we are committed to encouraging all parties to get involved in the Linux ecosystem and community.
That’s why we started hosting the Women in Open Source networking luncheons at LinuxCon + CloudOpen North America and Europe and offering travel funds to women who wanted to attend but would otherwise not be able to contribute to these events. LinuxCon + CloudOpen allow people of all backgrounds and interests to come together and learn from the leading maintainers and developers in important open source projects that make up the foundation of enterprise, web and cloud infrastructure. The next Women in OSS luncheon will take place opening day of LinuxCon + CloudOpen in Chicago, Wednesday, August 20. You can find more details and register on our website.
We’re also introducing more opportunities for both men and women to increase the diversity of the community. I am thrilled at the line up of resources we have this year and encourage you all to take advantage of them.
* Women’s Resume Writing Workshop, Wednesday, August 20, 2014
Former Linux kernel engineer recruiter for Google, Leslie Hawthorn will lead this collaborative workshop with specific strategies and tips to help women present their skills and experience to potential employers. Bring your resume and work with other women to learn ways to showcase your contributions to the community and industry while hearing and sharing stories with others that can inspire. For more details and to register, pleaseclick here.
* Ally Skills Workshop, Thursday, August 21, 2014
The Ally Skills Workshop, hosted by theAda Initiative, is an important resource that helps men understand simple, everyday ways to support women in their workplace and communities. In an industry where men make up the majority, this workshop can do a lot to bring men and women to together to accomplish so much more. For more details and to register, pleaseclick here.
We will also again host our First Time Attendee Reception to encourage people new to LinuxCon + CloudOpen to get to know others and start networking before opening day is even under way. It takes place Tuesday, August 19 at 5 p.m. at the Sheraton. You can register byclicking here.
I’d also like to encourage LinuxCon + CloudOpen attendees to take advantage of the opportunity to learn about community management directly from one of the industry’s leading experts on the topic, Jono Bacon. Jono, former Ubuntu Community Manager and author of “The Art of Community,” will host a workshop on Friday, August 22, where he will share how to build and grow a community, define governance structure, planning, marketing and more. For more information and to register pleaseclick here.
It is our goal to make LinuxCon and CloudOpen inclusive forums where anyone can learn, network and contribute. We hope these resources can make a difference in achieving that goal. We hope to see you in August.
The Khronos Group has shared details about their BoF sessions to be hosted next month during SIGGRAPH and it includes detailing the next-generation OpenGL / OpenGL ES specifications…
Those dependent upon AMD’s Linux binary blob can rejoice that today there’s an updated driver available after a rather quiet June for Catalyst Linux development…
Artyom Zorin has announced the release of Zorin OS 9, a new version of the Ubuntu-based user-friendly distribution designed for newcomers to Linux: “We are excited to announce the release of Zorin OS 9 Core and Ultimate. The main focus for Zorin OS 9 has been on stability…
Samsung, Google-owned Nest Labs, and five other companies have partnered to create Thread Group, which will focus on developing a new wireless networking protocol for smart homes. Thread uses both the same frequency and radio chips as Zigbee, a standards-based wireless technology utilized by products like Phillips’ customizable Hue LED light bulbs. It can connect more than 250 devices to a low-power, mesh network equipped with internet and cloud access. The new protocol is intended to address some of the issues present within the competition, including lack of interoperability, high power requirements, and hardware dependencies.
