Security

OSS NEWS

Linux Lingers, Anbox Cloud Smartphone Brain Booty, Critical Census Supports Security

Linux operating system

Old-time Linux is back again. It is not uncommon for open-source software to stop in its tracks. Community and team-based projects sometimes lose developers, enthusiasm, or funding. Hundreds of Linux distributions exist. Some come and go all the time, often unnoticed.

Usually, others take their place and the open-source software world goes on. It is much rarer, however, to see fading distributions return in full glory. That scenario happened at least three times in February. They’re back: Slackware, Peppermint, and Slax Linux.

A new development in open source-powered mobile phones (think Android and Linux) is in the works. It is a two-part development plan. Local hardware goes in the handheld device. The processing power and feature services are cloud-based.

Just released, an OSS census shows the extent of software deployment. It also tracks what is broken and needs Fixing. Be sure to check out the new support for OpenSSF and see what is new with the Alpha-Omega Project.

Linux Not Slacking Off

If you used Linux years ago, you no doubt recall the Slackware distribution. It is among the oldest active Linux distributions, and its innovations early on were legendary.

Back in 2016, the last new release happened until now. Well, Slackware Linux 15 has a new, invigorating, stable version release as of February.

Check out the Slackware Live Edition, a completely updated Slackware installation that runs from a DVD or USB stick.

Peppermint Returns Minty Options

More Linux oldies are joining the ranks of missing but now returned distros as well. Welcome back to Peppermint Linux.

Based on Ubuntu, the Peppermint operating system was built around a concept not found in most Linux distros. Its hybrid combination of traditional Linux desktop applications and cloud-based infrastructure melded the best components from other desktop environments It integrated them into a solid operating system.

First released as a new Linux OS in May 2010, the distro’s progress ground to a near halt with the release of version 10 in December 2019. Less than one month later, its lead developer, Mark Greaves, died.

Last month, Peppermint 11 arrived under the guidance of the new lead developer Tommy McGee. Clearly, it is not a stagnant upgrade with a new base code, Debian Linux, instead of Ubuntu.

Other big changes include the full XFCE desktop with no LXDE components to provide the previous hybrid desktop experience, along with the modern Calamares installer. Say hello to a revamped Welcome Tour App to learn about using the system components and how to install the software needed to get started.

The settings and control panels are combined. A terminal-based ad blocker is included for easy on/off needs, and lots more.

Slax, No Longer Still Gone Too Long

Lightweight Slax Linux up until 2018 was a popular choice for low-powered computers. After that, all progress seemed to stop except for a testing version based on Debian.

Slax, a minimalist distribution formerly based on Slackware Linux prior to version 9.x in 2018, was a Slackware-based live CD featuring the KDE desktop and a wide collection of pre-installed software for daily use together with useful recovery tools for system administrators.

The update released in February 2022 was redesigned and built on top of Debian’s stable branch. Its operating environment uses the Fluxbox window manager for a desktop. That comes with a small collection of applications with the Chromium web browser, a text editor, and a calculator. It is available for both 64-bit and 32-bit systems.

New Smartphone Coming to a Cloud Near You

Canonical, publisher of Ubuntu Linux, on Feb. 28 at the Mobile World Congress (MWC) in Barcelona announced its collaboration with telecom giant Vodafone on a prototype that demonstrates the concept of a smartphone running entirely on the cloud. The new concept leaves basic functionality on the device while powering features and services in the cloud.

The new technology uses Anbox Cloud, and the power of smart mobile networks, to transform TVs, computers, wearables, and other everyday objects into “cloud smartphones.” The system runs the Android OS in the cloud by moving all the processing to a virtual machine. The “cloud phone” will only need to use basic video-decoding capabilities.

This enables simple objects to take care of basic smartphone tasks. The integration with functions remaining on the physical device like camera, location, or available sensors, provides the user with an environment that shows no difference to what they are regularly used to having.

The ability to offload compute, storage, and energy-intensive applications from x86 and Arm devices to the cloud enables end-users to consume advanced workloads by streaming them directly to their device.

Anbox Cloud also allows developers to deliver an on-demand application experience through a platform that provides more control over performance and infrastructure costs, with the flexibility to scale based on user demand.

This could be a boon to both mobile game players and enterprise users. Anbox Cloud allows for the ease of cloud gaming adoption by enabling graphic and memory-intensive mobile games to be scaled to vast amounts of users while retaining responsiveness and ultra-low latency.

It can also deliver workplace applications directly to employees’ devices while maintaining the assurance of data privacy and compliance.

Census Counts Critical OSS Source Application Libraries

The Linux Foundation on March 2 announced the final release of “Census II of Free and Open Source Software – Application Libraries.”

This study tracks open-source packages, components, and projects that warrant proactive operations and security support. The original Census Project (“Census I”) was conducted in 2015 to identify which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security.

Census II picks up where Census I left off and further tracks open-source software most widely deployed within applications developed by private and public organizations.

It also allows for a more complete picture of free and open-source software (FOSS) adoption by analyzing usage data provided by partner Software Composition Analysis (SCA) companies Snyk, the Synopsys Cybersecurity Research Center (CyRC), and FOSSA. It is based on their scans of codebases at thousands of companies.

“Understanding what FOSS packages are the most critical to society allows us to proactively support projects that warrant operations and security support,” said Brian Behlendorf, executive director at OpenSSF.

“Open-source software is the foundation upon which our day-to-day lives run, from our banking institutions to our schools and workplaces. Census II provides the foundational detail we need to support the world’s most critical and valuable infrastructure.”

New Supporters Line Up Behind OpenSSF

The OpenSSF, hosted by the Linux Foundation, on March 1 announced that 19 new organizations have joined OpenSSF to help identify and fix security vulnerabilities in open-source software.

Further, OpenSSF is committed to developing improved tooling, training, research, best practices, and vulnerability disclosure practices.

The organization also announced progress in a variety of its technology initiatives. The cross-industry momentum resulted in the wake of recent cybersecurity incidents and the White House Open Source Security Summit and congressional hearings.

“The time is clearly now for this community to make real progress on software security. Since open source is the foundation on which all software is built, the work we do at OpenSSF with contributions from companies and individuals from around the world is fundamental to that progress,” said Behlendorf.

“We’ve never had more support or focus on building, sustaining and securing the software that underpins all of our lives, and we’re happy to be the neutral forum where this can happen.”

New premier members include 1Password, Citi, Coinbase, Huawei Technologies, JFrog and Wipro.

New general members are Accuknox, Alibaba Cloud, Block, Inc., Blockchain Technology Partners, Catena Cyber, Chainguard, DeployHub, Gravitational Inc., MongoDB, NCC Group, ReversingLabs, Spotify, and Wingtecher Technology.

New Associate Members include the Institute of Software, the Chinese Academy of Science (ISCAS), MITRE, and OpenUK.

See the complete OpenSSF member roster here.

Alpha-Omega Project Gains Support for OSS Security

In addition, OpenSSF reported Microsoft and Google’s $5 million initial investment to help the Alpha-Omega Project improve the security posture of open source software.

The goal is to foster direct engagement of software security experts and automated security testing. This builds on previous industry-wide investments to improve OSS security.

Alpha will be collaborative in nature, targeting and evaluating the most critical open-source projects to improve their security postures. These will include standalone projects and core ecosystem services.

Omega will use automated methods and tools to identify critical security vulnerabilities across at least 10,000 widely-deployed open-source projects. It will use a combination of technology (cloud-scale analysis), people (security analysts triaging findings), and process (confidentially reporting critical vulnerabilities to the right OSS project stakeholders).

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels