January 26, 2022
Once upon a time in the 2000s and 2010s, Patrick McHardy was the chair of Linux’s Netfilter core development team. Netfilter is a Linux kernel utility that handles various network functions, such as facilitating Network Address Translation (NAT) and Linux’s IPTables firewall. All was fine. But, then it was discovered that McHardy had made millions of Euros from threatening over 50 companies with legal action for using “his” code. That will never happen again.
McHardy was suspended from the Netfilter team in 2016. The Netfilter team released a document on how to deal with his attempts to extract money from vendors. This move by McHardy, who had been a leading Linux developer in the 2000s, came as a complete surprise at the time. Now, years later, the issue has finally been resolved.
On January 24, 2022, the Netfilter project announced a legally binding settlement with McHardy. This settlement has been ratified in a German court decision. This settlement governs any legal enforcement activities concerning all programs and program libraries published by the Netfilter/IPTables project and the Linux kernel.
Attempt to shake down Linux users for Netfilter code use resolved. More>
January 25, 2022
On the Reddit SysAdmin group, I recently read a horror story. A car dealership had been using a 14-year-old desktop for its one and only business server. On it, the company was running two business’ customer-relation management (CRM) programs and their inventory management systems. They also—brace yourself—didn’t have an automatic backup system.
The consultant told them that “they should automate backups to a separate system, or use a RAID1 at least. Something!”
Their response? “Nope, too expensive, we can’t afford a new desktop, and we can’t afford new drives.”
A year later, almost to the day, the call came. The drive had failed. Their $20-million business had lost the last six months of data, the client database, client forms, banking documents—everything. “The only reason they even have anything is because I convinced the owner to at least let me come in and do a manual backup six months ago.”
I wish this example were unique. It’s certainly terrible. Indeed, it might even be a business killer—the verdict’s still out on that—but there’s nothing unique about it.
Don’t cheap out on essential hardware. More>
January 25, 2022
People die because of cyber wars, even if no bullets are ever fired. Instead, they die in emergency rooms that no longer have power, from broken medical communication networks, and from riots. All of this has happened before. It will happen again. And now, with Russia poised to invade Ukraine and Russian cyberattacks already in motion, we can only hope and pray that what promises to be the first major European war since World War II doesn’t spark the next World War.
If it does, I fear the proximate cause won’t be Russian T-90 main battle tanks trying to smash their way into Ukraine’s capital, Kyiv. It will be the Russian GRU Sandworm hacking group launching a cyberattack that perhaps wrecks the European Union power grid; or knocks out major US internet sites such as Google, Facebook, and Microsoft; or stops 4G and 5G cellular services in their tracks.
Will World War III begin in cyberspace? More>
January 24, 2022
Want a good-paying programming job? By ZipRecruiter‘s count, the average annual pay for an open-source developer in the United States is $123,411. That’s not bad.
There’s also a lot of demand for Linux and open-source pros. The Linux Foundation and edX, the leading massive open online course (MOOC) provider, reported in their 2021 Open Source Jobs Report that the pair found more demand for top open-source workers than ever.
That’s why the Linux Foundation has released three new training courses on the edX platform: Open Source Software Development: Linux for Developers (LFD107x), Linux Tools for Software Development (LFD108x), and Git for Distributed Software Development (LFD109x). The three courses can be taken individually or combined to earn a Professional Certificate in Open Source Software Development, Linux, and Git.
Linux Foundation launches Open Source Software Development, Linux, and Git certification. More>
January 21, 2022
Most reported Linux “security” bugs actually aren’t Linux bugs. For example, security vendor CrowdStrike‘s report on the biggest Linux-based malware families was really about system administration security blunders with telnet, SSH, and Docker, not Linux at all. But, that doesn’t mean Linux doesn’t have security holes. For example, a new nasty Linux kernel problem has just popped up.
In this one, there’s a heap overflow bug in the legacy_parse_param in the Linux kernel’s fs/fs_context.c program. This parameter is used in Linux filesystems during superblock creation for mount and superblock reconfiguration for a remount. The superblock records all of a filesystem’s characteristics such as file size, block size, empty and filled storage blocks. So, yeah, it’s important.
Nasty Linux kernel bug found and fixed. More>
January 20, 2022
Even if you’re not a frequent flyer, you’ve probably heard that the Federal Aviation Administration (FAA) and numerous airlines are claiming that AT&T and Verizon Wireless’s recently approved C-Band 5G will dangerously interfere with airplanes take offs and landings.
Will this new 5G be dangerous? Can a 5G call knock a plane out of the sky? Here’s what we know:
FAQ: What’s happening with 5G and airport safety? More>