Bad Code, Licenses, Software Milestones Showcase Linux Wins and Losses

Linux

Linux patents are getting more defensive as the Open Invention Network expands its licensing options. Meanwhile, are you ready for mandated options for a software bill of materials (SOBM)? Government and industry support is growing for this requirement.

One of the newest free Linux options for enterprise use has a successful first. Read on to learn what AlmaLinux is celebrating. Plus, an open-source multiplatform staple just released a new improvement-packed edition. LibreOffice continues to perfect performance and productivity.

Find out about the latest cloud container breakout vulnerability reported by Red Hat and Canonical. A dangerous Linux kernel element is the culprit. Also, if you want to sharpen your coding and IT skills, learn what the Linux Foundation has new to offer with free and paid training.

Defending the Free Linux World

The Open Invention Network, or OIN, is expanding its global campaign to keep Linux out of harm’s way in patent litigation. OIN, a patent non-aggression organization, announced last month that it has increased its patent non-aggression coverage through an update to its definition of the Linux System.

To keep pace with innovation, the network regularly revises and expands its Linux System coverage. This is the ninth expansion of the software packages and libraries protected under the Open Invention Network cross-license.

It continues OIN’s policy of applying a conservative, consensus-driven, community-informed approach to the addition of core open-source functionality to the Linux System definition.

The expansion includes 337 new software components, bringing the total number of protected packages to 3,730.

Software packages or components include .Net, ONNX, tvm, Prometheus, Helm, Notary, Istio, Nix, OpenEmbedded, CoreOS, uClibc-ng, mbed-tls, musl, SPDX, AGL Services, OVN, FuseSoc, Verilator, Flutter, Jasmine, Weex, NodeRED, Eclipse Paho, Californium, Cyclone and Wakaama, among others.

“Linux and open source collaboration continue to thrive as they accelerate the pace of transformation across a spectrum of industries. With this update, we have addressed expansion in key software platforms and projects. Additionally, we have added protection for strategic packages that enable hardware design and embedded applications,” said Keith Bergelt, CEO of OIN.

Major LibreOffice Upgrade

The LibreOffice Community on Feb. 2 announced the release of a major upgrade to version 7.3, a volunteer-supported free office suite for cross-platform productivity on desktop computers and laptops.

The open-source suite includes a word processor, spreadsheet, database, presentation, and drawing components based on the LibreOffice technology platform for personal computing productivity. It brings a large number of improvements targeting users migrating from Microsoft Office to LibreOffice, or exchanging documents between the two office suites.

This latest release features three kinds of interoperability upgrades: development of new features, speed improvements when opening large Microsoft Office files and rendering operations, and improvements to import/export filters. Plus, LibreOffice’s help system focuses on those switching from Microsoft Office.

LibreOffice editions for Linux, macOS, and Windows computers offer the highest level of compatibility in the office suite market segment, starting with native support for the OpenDocument Format (ODF). In addition, LibreOffice provides filters for a large number of legacy document formats to return ownership and control to users.

This video demonstrates the new features of LibreOffice 7.3.

AlmaLinux Celebrates One Great First Year

To put it mildly, the AlmaLinux community has had a banner first year filled with numerous advancements and milestones.

Developers pulled together people from all over the world to unite and unify everyone while breathing new life into the CentOS ecosystem, according to an anniversary blog commemorating Year One published Feb. 2.

The accomplishments include delivering three releases with download counts in the millions, nearly one million Docker pulls, a beta release for AlmaLinux 8.5 for PowerPC, a first Platinum sponsor (Codenotary), and the release of AlmaLinux 8.5 within 48 hours of the Red Hat Enterprise Linux (RHEL) release.

AlmaLinux was released Jan. 14, 2021. Igor Seletskiy kickstarted this initiative as an alternative to CentOS. The distribution’s name Alma means “soul” in many Latin languages.

The name both acknowledges the history of Linux and ties into the community’s core belief that AlmaLinux’s community of individuals and organizations is the soul that powers and drives them forward. The word “alma” is also derived from “almus,” which means “nourishing, kind.”

Alma also means leap in Greek, which seems appropriate as the developers look to the future of the AlmaLinux distribution.

Upcoming goals, according to the AlmaLinux OS Foundation, include open elections to foster greater diversity and expand the board or directors. Another target is to continue increasing transparency by extending that to financial information.

“Ultimately, we intend to move to become a public charity and classified as a 501(c)(3) non-profit organization. This classification reflects our mission to serve anyone without discrimination, allowing contribution and use openly and equally. To achieve this will mean increasing the number of paid sponsors and growing our membership from across society,” noted the foundation.

The community saw exponential demand for AlmaLinux during 2021, which meant scaling out and supplying new and improved mirrors at various stages, according to a press release from the AlmaLinux OS Foundation.

Linux web-hosting platform CloudLinux as an early sponsor, committed to supporting AlmaLinux by investing a minimum of $1 million per year to its development. The AlmaLinux open-source organization plans to eventually be self-sustaining.

Other initiatives in its inaugural year saw the release of AlmaLinux 8 as Live Media versions in July packaged for use with popular desktops, such as GNOME, KDE, and Xfce. One month later, the developers announced that AlmaLinux was available on Microsoft Azure, and Azure joined us as a sponsor.

Dangerous Kernel Code Exposes Linux Cloud Containers

Red Hat and Canonical on Jan. 18 announced the discovery of a vulnerability affecting the Linux kernel tracked as CVE-2022-0185 that can be used to escape containers in Kubernetes, giving access to resources on the host system.

Container breakouts are specialized cyberattacks that can pave the way to deeper infiltration and lateral movement on the compromised network. Security researchers warn that it is relatively easy to exploit this security issue. Patching is an urgent matter since the exploit code will soon become public.

This is a heap-based buffer overflow vulnerability in the File System Context Linux kernel component that can lead to an out-of-bounds write, denial of service, and arbitrary code execution. It enables an attacker to change values in the kernel memory and access any process running on the same node.

“Container security has been improving, but many of the benefits of containers come from the very flexibility that limits the security they provide, and containers continue to lag behind virtual machines in securely isolating workloads from each other on the same hardware,” Casey Bisson, head of Product Growth at code security solutions firm BluBracket, told LinuxInsider.

SBOM Report Signals Serious Study of Supply Chains

The Linux Foundation on Feb. 2 announced the results of an initial study on software bill of materials readiness and adoption tied to cybersecurity efforts.

It is the first in a series of research projects LF is undertaking to understand the challenges and opportunities for securing software supply chains. The report’s release coincides with increasing recognition around the globe of the importance of identifying software components and helping accelerate response to newly discovered software vulnerabilities.

An SBOM is formal and machine-readable metadata. It uniquely identifies a software component and its contents. Copyright and license data as well are then shared across organizations to provide transparency of components in a software supply chain.

The State of Software Bill of Materials and Cybersecurity Readiness report is the result of a partnership with OpenSSF, SPDX, and OpenChain. The study comes on the heels of both the U.S. Administration’s Executive Order on Improving the Nation’s Cybersecurity and the recent White House Open-Source Security Summit.

The Linux Fondation SBOM  infographic


“SBOMs are no longer optional. Our Linux Foundation Research team revealed 78 percent of organizations expect to produce or consume SBOMs in 2022,” said Jim Zemlin, executive director at the Linux Foundation.

“Businesses accelerating SBOM adoption following the publication of the new ISO standard (5962) or the White House Executive Order, are not only improving the quality of their software, but they are also better preparing themselves to thwart adversarial attacks following new open-source vulnerability disclosures like those tied to log4j,” he added.

The full survey report is available for download.

Learning Linux Training Addressing Talent Shortages

IT job hunters and software developers are enrolling in The Linux Foundation (LF) certification courses in droves.

LF on Jan. 26 announced that 2021 was a record year in helping address the open-source talent shortage with more individuals being trained and certified by the organization than ever.

This included a 50 percent increase in individuals passing certification exams across all technology focus areas, as LF grew its catalog of expertly designed and curated training courses by 30 titles.

Paid course enrollments grew 30 percent year-over-year while free LF online courses surpassed two million all-time enrollments. Certifications were also top of mind for the open-source developer community, as evidenced by 50 percent year-over-year growth in hot topics such as Linux and Kubernetes.

LF launched new certification exams, too. The Kubernetes project under the Cloud Native Computing Foundation (CNCF) recorded a 42 percent increase in Kubernetes contributors from across 168 countries. Some geographies witnessed even greater growth, with certifications jumping 60 percent over 2020 levels.

The Linux Foundation also awarded 500 scholarships for training courses and certification exams through its LiFT Scholarship program. The  Foundation also partnered with other non-profit organizations to provide hundreds more training and certification scholarships to their communities.

LF’s new professional certificate program on the edX learning platform offers developers with experience working on any operating system an introduction to understanding the basics of open-source software development. Three online training courses explore how open-source software works. Topics include advantages of using it, methods of working in OSS communities, governance models, and licensing choices.

Each of the three training courses is free. But those wishing to earn a verified professional certificate pay $149 per course to edX.

The results reinforced a key theme for businesses in today’s labor market: you cannot hire your way out of a talent shortage, noted Clyde Seepersad, LF senior vice president and general manager of training and certification.

“You need to up-skill existing staff and hire under-qualified but promising individuals, then provide them with the training to fill the knowledge gaps in your organization, he said.”

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Software

Which review ratings influence your decision to purchase a product or service?
- select any that apply -
Loading ... Loading ...

LinuxInsider Channels