In a move to improve the cyber-security, EU has recommended its staff to use open source secure messaging app Signal instead of the popular apps like WhatsApp.
Signal is an open source secure messaging application with end to end encryption. It is praised by the likes of Edward Snowden and other privacy activists, journalists and researchers. We’ve recently covered it in our ‘open source app of the week‘ series. This is part of EU’s new cybersecurity strategy. There has been cases of data leaks and hacking against EU diplomats and thus policy is being put in place to encourage better security practices.
As an obstacle for upstreaming some particularly older NVIDIA Tegra devices (namely those running Android) is that they have GPT entry at the wrong location or lacking at all for boot support. That missing or botched GPT support is because those older devices make use of a NVIDIA proprietary/closed-source table format. As such, support for this proprietary NVIDIA Tegra Partition Table is being worked on for the Linux kernel to provide better upstream kernel support on these consumer devices.
NVIDIA Tegra devices primarily rely on a special partition table format for their internal storage while some also support traditional GPT partitions.
Fans of the PDA-inspired Cosmo Communicator can now run Linux on the handheld computer/smartphone from London-based company Planet Computers. Planet Computers announced general availability of the Cosmo Communicator in November after its crowdfunding campaign last year for the second iteration of a handheld computer inspired by the Psion Series 5 PDA from the 1990s. The Cosmo Communicator was promoted as being able to run Linux and Android but until now it didn’t have dual-OS functionality, leaving Android as the default OS and no option to switch to Linux.
The company has now announced that the Cosmo Communicator can run Debian Linux with KDE, which offers a full graphical interface.
SophosLabs has just published a detailed report about a malware attack dubbed Cloud Snooper. The reason for the name is not so much that the attack is cloud-specific (the technique could be used against pretty much any server, wherever it’s hosted), but that it’s a sneaky way for cybercrooks to open up your server to the cloud, in ways you very definitely don’t want, “from the inside out”.
The Cloud Snooper report covers a whole raft of related malware samples that our researchers found deployed in combination. It’s a fascinating and highly recommended read if you’re responsible for running servers that are supposed to be both secure and yet accessible from the outside world – for example, websites, blogs, community forums, upload sites, file repositories, mail servers, jump hosts and so forth.
SUSE is one of the oldest open source companies and the first to market Linux for the enterprise. Even though it has undergone several acquisitions and a merger, it remains a strong player in the business. It has maintained its integrity and core values around open source. It continues to rely on its tried-and-tested Linux business and European markets, and generally shies away from making big moves taking big risks.
Soon after taking the helm last year, Di Donato spent the first few months traveling around the globe to meet SUSE teams and customers and get a better sense of the perception of the market about the company.
Just like Red Hat CEO Jim Whitehurst, Di Donato didn’t come to the company from an open source background. She had spent the last 25 years of her career as a SUSE customer, so she did have an outsider’s perspective of the company.
“I am not interested in what SUSE was when I joined. I am more interested in what we want to become,” she said.
Innovating for customers
After her 100-day global tour, Di Donato had a much clearer picture of the company. She found that more than 80% of SUSE customers were still traditionalists, i.e., companies such as Walgreens and Daimler who have been around for a long time.
Over the years, these customers brought technologies into their environments to simplify things, but they ended up creating more complexities. It’s a tall order to weave through the legacy technical debt they incurred and embrace emerging technologies such as Cloud Foundry, Kubernetes and so on.
These customers want to modernize their legacy environments and workloads, but they can’t do that with the complex environments they have built. They can’t iterate faster; they can’t respond to new opportunities and new competitors faster.
They want to leverage cloud-native technologies like Kubernetes and containers, but it is overwhelming to evaluate technologies that are emerging at such a rapid pace. Which ones are just shiny new things and which ones do they really need them to accelerate their business goals?
“We have to help our customers simplify their infrastructure and environment so that they can start modernizing it and start leveraging new technologies,” Di Donato said.
While SUSE will continue to focus on core Linux OS, it will also invest in the next generation of Linux. It has been working on technologies like Kubic and MicroOS that change the way Linux is installed, managed, and operated.
She explains, “We are going to reinvent the way operating systems are used. We are going to make sure that we provide solutions that help our customers optimize their environment, automate components to help the applications run in a much more efficient and modern way. That’s what SUSE is going to be — an innovator. We’re not there quite yet, but that’s our focus.”.
Evolving the company
Historically, SUSE has been a fairly conservative company compared to other companies like Red Hat, which has been embracing emerging technologies at a much faster rate than any other open source software vendor.
“We have not been in a place where we’ve been considered the risk taker. We’re the steady, stable provider of the most comprehensive unbreakable solutions in the market,” Di Donato admitted. “But we need to take that strong foundation and begin to become a bit of a risk taker, and begin to become very innovative.”
She is also gunning for explosive growth. “We’re going to double in size by 2023. We have to go from just under half-a-billion in revenue to a billion.”
To achieve that, SUSE will be looking at both organic and inorganic growth, including acquisition of companies, talent and technologies. “We are going to be the default choice for innovation. We are going to be the default choice for highly innovative technologies that really change the landscape,” Di Donato said.
Refining the brand
Aside from making significant changes within the company, Di Donato is working on refining the SUSE brand. She hired seasoned Ivo Totev to lead Product and Marketing and showcase the company’s differentiation.
“We’re trying to get into the psychology of reinventing the brand,” Di Donato said. Her goal is to allocate 30-40% of SUSE’s total revenue outside of the core Linux OS towards emerging markets and develop the technologies that they’ve already built.
SUSE is home to many innovative technologies that are being used by other open source communities, even its competitors. It just didn’t market them the way Red Hat would market its technologies and projects. Even though SUSE started before Red Hat, the latter has much more visibility around the globe.
“It’s a matter of getting the word out. We build things, but we don’t talk about it or do anything about it. We actually have to put a package around it and start selling it so people can see who we are and what value we bring to them.”
In Di Donato’s eyes, though, good marketing isn’t everything. She argued that customers are going to demand flexibility and they are going to demand innovation that is not tied to the stack of a company. “Red Hat has a very locked-in stack that doesn’t allow them to be agnostic at all.”
It’s quite true that unlike Red Hat, SUSE is known as an “open open-source company”, one that believes in working with partners to create an ecosystem around open source, instead of creating a tightly integrated stack that locks everyone out.
She believes that eventually, customers would want the freedom and flexibility of picking and choosing the components they want in their stack.
Conclusion
Expect some big moves from SUSE in the near future. Less than a year into the company, new CEO Di Donato has developed a very clear vision. “We’re going to build this company based on an innovative and agile mindset. We’re not going to give up the stability and the quality of our core. What we are going to do is surround the core with really innovative thought-leading technologies that are going to set us apart from our competition… You are going to feel and experience a very different sense of excitement because we’re going to be talking much, much louder than we’ve ever talked about it before.”
As a Linux system administrator, there are times when you might need to create a user who doesn’t have the ability to log in. When would that type of user be necessary? Say, for instance, you have to create a user for an application to function properly, but you don’t want that user to either have a home directory or the ability to log in.
Why? Security. The more users you have on your Linux system, the higher the chances malicious actors can break in and wreak havoc. This is especially true when we’re talking about a user account that won’t be used by an actual human, so it won’t be monitored in any way. There are a number of ways to take care of this task, but here is the correct way to do it.
Open source security approaches enable organizations to secure their applications and networks while avoiding expensive proprietary security offerings. An open source approach allows organizations to secure their applications across cloud providers and other platforms using platform-agnostic APIs. These APIs are written by contributors to the open source software code while cloud providers may use open source code that allows the open APIs to connect to the cloud.
Open source approaches, for security or not, also bring in collaboration across an industry. It isn’t just one organization that benefits from a program or technology, but everyone who contributes to and uses it.
Companies looking to make money in the world of Linux went out and took the core, bundled it up with their best practices and their favorite applications, and then sold it as a “distribution.” You see this with Red Hat Linux, Ubuntu, etc. — even the open-source versions took the base system and then built significantly above and beyond that to the point where each had its own default windowing interface, and some were massively different experiences for the user even though what was underneath was basically the same.
The business model was opinions, applications, user experience, security and support, all wrapped around the Linux Kernel. This worked great, and at least a few companies built large, successful businesses on top of this model. It worked so well that there are several companies looking to do the same thing with Kubernetes.
Huawei has stopped sidestepping the unavoidable question – no Google, what next? After suggesting it could (eventually) make its own smartphone operating system, built on Harmony OS in 2019, Huawei is now unequivocal – for the foreseeable future, it’s all in with its Google Mobile Services (GMS) free version of Android.
The long term partnership with Google saw Huawei launch the jewel in its crown, the P30 Pro, which, a year on, is still an easy phone to recommend. But, there’s a big question mark over its more recent, arguably better-specced devices like the Mate 30 Pro and upcoming Huawei Mate Xs, given the fact they don’t support essential features like access to the Google Play Store.
The Free Software Foundation is planning to launch their own public code hosting and collaboration platform in 2020. The Free Software Foundation “Forge” will complement their existing and aging Savannah servers used for code hosting. The Free Software Foundation isn’t looking to develop their own hosting/collaboration platform as an original GNU project but looking at an existing free software solution they can adapt for their purposes.
The Free Software Foundation team is currently evaluating options based on practical and ethical criteria such as whether the JavaScript is deemed free software with LibreJS, and other stringent free software requirements.
