Posts

 

Open Source Summit livestream

The Linux Foundation is pleased to offer free live video streaming of all keynote sessions at Open Source Summit and Embedded Linux Conference Europe, Oct. 23 to Oct. 25, 2017.

Join 2000 technologists and community members next week as they convene at Open Source Summit Europe and Embedded Linux Conference Europe in Prague. If you can’t be there in person, you can still take part, as The Linux Foundation is pleased to offer free live video streaming of all keynote sessions on Monday, Oct. 23 through Wednesday, Oct. 25, 2017.  So, you can watch the event keynotes presented by Google, Intel, and VMware, among others.

The livestream will begin on Monday, Oct. 23 at 9 a.m. CEST (Central European Summer Time). Sign up now! You can also follow our live event updates on Twitter with #OSSummit.

All keynotes will be broadcasted live, including talks by Keila Banks, 15-year-old Programmer, Web Designer, and Technologist with her father Philip Banks; Mitchell Hashimoto, Founder, HashiCorp Founder of HashiCorp and Creator of Vagrant, Packer, Serf, Consul, Terraform, Vault and Nomad; Jan Kizska, Senior Key Expert, Siemens AG; Dirk Hohndel, VP & Chief Open Source Officer, VMware in a Conversation with Linux and Git Creator Linus Torvalds; Michael Dolan, Vice President of Strategic Programs & The Linux Foundation; and Jono Bacon, Community/Developer Strategy Consultant and Author.

Other featured conference keynotes include:

  • Neha Narkhede — Co-Founder & CTO of Confluent will discuss Apache Kafka and the Rise of the Streaming Platform
  • Reuben Paul — 11-year-old Hacker, CyberShaolin Founder and cybersecurity ambassador will talk about how Hacking is Child’s Play
  • Arpit Joshipura — General Manager, Networking, The Linux Foundation who will discuss Open Source Networking and a Vision of Fully Automated Networks
  • Imad Sousou — Vice President and General Manager, Software & Services Group, Intel
  • Sarah Novotny — Head of Open Source Strategy for GCP, Google
  • And more

View the full schedule of keynotes.

And sign up now for the free live video stream.

Once you sign up to watch the event keynotes, you’ll be able to view the livestream on the same page. If you sign up prior to the livestream day/time, simply return to this page and you’ll be able to view.

 

All Things Open

Join The Linux Foundation at All Things Open; check out conference highlights below. (Image: All Things Open)

Going to All Things Open in Raleigh? While you’re there, be sure stop by The Linux Foundation training booth for fun giveaways and a chance to win one of two Raspberry Pi kits. Two winners will be chosen onsite on the last day of the conference, Oct. 24, at 3:05pm.

Other booth giveaways include The Linux Foundation branded webcam covers, The Linux Foundation projects’ stickers, Tux stickers, Linux.com stickers, as well as free ebooks: The SysAdmin’s Essential Guide to Linux Workstation Security, Practical GPL Compliance, A Guide to Understanding OPNFV & NFV, and the Open Source Guide Volume 1.

Be sure to check out these featured conference talks, including the Linux on the Mainframe session where John Mertic and Len Santalucia discuss how they’ve worked to create an open source, technical community where industry participants can collaborate around the use of the Linux and open source in a mainframe computing environment. And don’t miss ODPi’s session on the simplification and standardization of the Big Data ecosystem with common reference specifications and test suites.

Session Highlights

  • Accelerating Big Data Implementations For the Connected World – John Mertic
  • Advancing the Next-Generation Open Networking Stack – Phil Robb
  • Flatpak: The Portable, Secure Distribution of Desktop ApplicationsOwen Taylor
  • Intel: Core Linux Enabling Case Study and Demo
  • Integrating Linux Systems With Active Directory Using Open Source Tools – Dmitri Pal
  • Linux On the Mainframe: Linux Foundation and The Open Mainframe Project – John Mertic & Len Santalucia
  • Polyglot System Administration AKA: Don’t Fear the Other Language – Jakob Lorberblatt
  • The Next Evolution of The Javascript Ecosystem – Kris Borchers
  • The Revolution Will Not Be Distributed – Michael Hall
  • You Think You’re Not A Target? A Tale Of Three Developers – Chris Lamb

ODPi and Open Mainframe will also a have booth at All Things Open. Get your pass to All Things Open and stop by to learn more!

 

Reuben Paul, co-founder of CyberShaolin, will speak at Open Source Summit in Prague, highlighting the importance of cybersecurity awareness for kids.

Reuben Paul is not the only kid who plays video games, but his fascination with games and computers set him on a unique journey of curiosity that led to an early interest in cybersecurity education and advocacy and the creation of CyberShaolin, an organization that helps children understand the threat of cyberattacks. Paul, who is now 11 years old, will present a keynote talk at Open Source Summit in Prague, sharing his experiences and highlighting insecurities in toys, devices, and other technologies in daily use.

Reuben Paul, co-founder of CyberShaolin

We interviewed Paul to hear the story of his journey and to discuss CyberShaolin and its mission to educate, equip, and empower kids (and their parents) with knowledge of cybersecurity dangers and defenses.  

Linux.com: When did your fascination with computers start?
Reuben Paul: My fascination with computers started with video games. I like mobile phone games as well as console video games. When I was about 5 years old (I think), I was playing the “Asphalt” racing game by Gameloft on my phone. It was a simple but fun game. I had to touch on the right side of the phone to go fast and touch the left side of the phone to slow down. I asked my dad, “How does the game know where I touch?”

He researched and found out that the phone screen was an xy coordinate system and so he told me that if the x value was greater than half the width of the phone screen, then it was a touch on the right side. Otherwise, it was a touch on the left side. To help me better understand how this worked, he gave me the equation to graph a straight line, which was y = mx + b and asked, “Can you find the y value for each x value?” After about 30 minutes, I calculated the y value for each of the x values he gave me.

“When my dad realized that I was able to learn some fundamental logics of programming, he introduced me to Scratch and I wrote my first game called “Big Fish eats Small Fish” using the x and y values of the mouse pointer in the game. Then I just kept falling in love with computers.Paul, who is now 11 years old, will present a keynote talk at Open Source Summit in Prague, sharing his experiences and highlighting insecurities in toys, devices, and other technologies in daily use.

Linux.com: What got you interested in cybersecurity?
Paul: My dad, Mano Paul, used to train his business clients on cybersecurity. Whenever he worked from his home office, I would listen to his phone conversations. By the time I was 6 years old, I knew about things like the Internet, firewalls, and the cloud. When my dad realized I had the interest and the potential for learning, he started teaching me security topics like social engineering techniques, cloning websites, man-in-the-middle attack techniques, hacking mobile apps, and more. The first time I got a meterpreter shell from a test target machine, I felt like Peter Parker who had just discovered his Spiderman abilities.

Linux.com: How and why did you start CyberShaolin?
Paul: When I was 8 years old, I gave my first talk on “InfoSec from the mouth of babes (or an 8 year old)” in DerbyCon. It was in September of 2014. After that conference, I received several invitations and before the end of 2014, I had keynoted at three other conferences.

So, when kids started hearing me speak at these different conferences, they started writing to me and asking me to teach them. I told my parents that I wanted to teach other kids, and they asked me how. I said, “Maybe I can make some videos and publish them on channels like YouTube.” They asked me if I wanted to charge for my videos, and I said “No.” I want my videos to be free and accessible to any child anywhere in the world. This is how CyberShaolin was created.

Linux.com: What’s the goal of CyberShaolin?
Paul: CyberShaolin is the non-profit organization that my parents helped me found. Its mission is to educate, equip, and empower kids (and their parents) with knowledge of cybersecurity dangers and defenses, using videos and other training material that I develop in my spare time from school, along with kung fu, gymnastics, swimming, inline hockey, piano, and drums. I have published about a dozen videos so far on the www.CyberShaolin.org website and plan to develop more. I would also like to make games and comics to support security learning.

CyberShaolin comes from two words: Cyber and Shaolin. The word cyber is of course from technology. Shaolin comes from the kung fu martial art form in which my dad and are I are both second degree black belt holders. In kung fu, we have belts to show our progress of knowledge, and you can think of CyberShaolin like digital kung fu where kids can become Cyber Black Belts, after learning and taking tests on our website.

Linux.com: How important do you think is it for children to understand cybersecurity?
Paul: We are living in a time when technology and devices are not only in our homes but also in our schools and pretty much any place you go. The world is also getting very connected with the Internet of Things, which can easily become the Internet of Threats. Children are one of the main users of these technologies and devices.  Unfortunately, these devices and apps on these devices are not very secure and can cause serious problems to children and families. For example, I recently (in May 2017) demonstrated how I could hack into a smart toy teddy bear and turn it into a remote spying device.
Children are also the next generation. If they are not aware and trained in cybersecurity, then the future (our future) will not be very good. 

Linux.com: How does the project help children?
Paul:As I mentioned before, CyberShaolin’s mission is to educate, equip, and empower kids (and their parents) with knowledge of cybersecurity dangers and defenses.

As kids are educated about cybersecurity dangers like cyber bullying, man-in-the-middle, phishing, privacy, online threats, mobile threats, etc., they will be equipped with knowledge and skills, which will empower them to make cyber-wise decisions and stay safe and secure in cyberspace.
And, just as I would never use my kung fu skills to harm someone, I expect all CyberShaolin graduates to use their cyber kung fu skills to create a secure future, for the good of humanity.

At Open Source Summit in Prague, Giovanni Bechis will discuss tools that improve software security by blocking unwanted syscalls.

At the upcoming Open Source Summit Europe + ELC Europe 2017, to be held in Prague, Czech Republic, Giovanni Bechis will be delivering a talk focused on tools that help improve software security by blocking unwanted syscalls.  

Giovanni Bechis

Bechis is CEO and DevOps engineer at SNB s.r.l., a hosting provider and develops web applications based on Linux/BSD operating systems that is mainly focused on integrating web applications with legacy softwares. In this interview, Bechis explained more about his approach to software security.

Linux.com: What’s the focus of your talk?

Giovanni Bechis: The talk will focus on two similar solutions implemented in Linux and OpenBSD kernels, designed to prevent a program from calling syscalls they should not call to improve security of software.

In both kernels (Linux and OpenBSD), unwanted syscalls can be blocked and the offending program terminated, but there are some differences between Linux and OpenBSD’s solution of the problem.

During my talk, I will analyze the differences between two similar techniques that are present in Linux and OpenBSD kernels that are used to mitigate security bugs (that could be used to attack  software and escalate privileges on a machine).

Linux.com: Who should attend?

Bechis: The scope of the talk is to teach developers how they can develop better and more secure software by adding just few lines to their code. The target audience is mainly developers interested in securing applications.

Linux.com: Can you please explain both solutions and what problems they actually solve?

Bechis: The main problem that these solutions are trying to solve is that bugs can be exploited to let software do something that it is not designed to do. For example, with some crafty parameters or some crafty TCP/IP packet, it could be possible to let a program read a password file; it should not read or delete some files that it should not delete.

This is more dangerous if the program is running as root instead of a dedicated user because it will have access to all files of the machine if proper security techniques have not been applied.

With these solutions, if a program tries to do something it is not designed for, it will be killed by the kernel and the execution of the program will terminate.

To do that, the source code of the program should be modified with some “more or less” simple lines of code that will “describe” which system calls the program is allowed to request.

A system call is the programmatic way in which a computer program requests a service from the kernel of the operating system it is executed on, by allowing only a subset of the system calls we can mitigate security bugs.

Last year, for example, memcached, a popular application designed to speed up dynamic web applications, has suffered by a remote code execution bug that could be exploited to remotely run arbitrary code on the targeted system, thereby compromising the many websites that expose Memcache servers accessible over the Internet.

With a solution like seccomp(2) or pledge(2), a similar bug could be mitigated, the remote code would never be executed, and the memcached process would be terminated.

Linux.com: What’s the main difference between the two solutions?

Bechis: The main difference (at least the more visible one without viewing under the hood) between Linux and OpenBSD implementation is that, with Linux seccomp(2), you can instruct the program in a very granular way, and you can create very complex policies, while on OpenBSD pledge(2) permitted syscalls have been grouped so policies will be simpler.

On the other hand, using seccomp(2) in Linux could be difficult, while OpenBSD pledge(2) is far easier to use.

On both operating systems, every program should be studied in order to decide which system call the application could use, and there are some facilities that can help understand how a program is operating, what it is doing, and which operations it should be allowed to do.

Learn more at Open Source Summit, taking place in Prague, Czech Republic Oct. 23- 26. Register now!

Since its inception the CII has considered network time, and implementations of the Network Time Protocol, to be “core infrastructure.” Correctly synchronising clocks is critical both to the smooth functioning of many services and to the effectiveness of numerous security protocols; as a result most computers run some sort of clock synchronization software and most of those computers implement either the Network Time Protocol (NTP, RFC 5905) or the closely related but slimmed down Simple Network Time Protocol (SNTP, RFC 4330).

There are several different implementations of NTP and SNTP, including both open source and proprietary versions. For many years the canonical open source implementation has been ntpd, which was started by David Mills and is now developed by Harlan Stenn at the Network Time Foundation. Parts of the ntpd code date back at least 25 years and the developers pride themselves in having the most complete implementation of the protocol and having a wide set of supported platforms. Over the years forks of the ntpd code have been made, including the NTPSec project that seeks to remove much of the complexity of the ntpd code base, at the expense of completeness of the more esoteric NTP features and breadth of platform support. Others have reimplemented NTP from scratch and one of the more complete open source alternatives is Chrony, originally written by Richard Curnow and currently maintained by Miroslav Lichvar.

The CII recently sponsored a security audit of the Chrony code, carried out by the security firm Cure53 (here is the report). In recent years, the CII has also provided financial support to both the ntpd project and the NTPSec project. Cure53 carried out security audits of both ntpd and NTPSec earlier this year and Mozilla Foundation’s Secure Open Source (SOS) project funded those two audits. SOS also assisted the the CII with the execution of the Chrony audit.

Since the CII has offered support to all three projects and since all three were reviewed by the same firm, close together in time, we thought it would be useful to present a direct comparison of their results.

ntpd

Full report PDF

The ntpd code base is the largest and most complex of the three and it carries a lot of legacy code. As a result, unsurprisingly, it fared the worst of the three in security testing with the report listing 1 Critical, 2 High, 1 Medium and 8 Low severity issues along with 2 Informational comments. It should be noted that these issues were largely addressed in the 4.2.8p10 release back in March 2017. That said, the commentary in the report is informative, with the testers writing:

“The general outcome of this project is rooted in the fact that the code has been left to grow organically and had aged somewhat unattended over the years. The overall structure has thus become very intricate, while also yielding a conviction that different styles and approaches were used and subsequently altered. The seemingly uncontrolled inclusion of variant code via header files and complete external projects engenders a particular problem. Most likely, it makes the continuous development much more difficult than necessary.”

As a result, it seems quite likely that there are more lurking issues and that it will be difficult for the authors to avoid introducing new security issues in the future without some substantial refactoring of the code.

As mentioned above, ntpd is the most complete implementation of NTP and as a result is the most complex. Complexity is the enemy of security and that shows up in this report.

NTPSec

Full report PDF

As mentioned previously, the NTPSec project started as a fork of ntpd with the specific aim of cleaning up a lot of the complexity in ntpd, even if that meant throwing out some of the less-used features. The NTPSec project is still in its early days; the team has not yet made a version 1.0 release, but has already thrown out nearly 75% of the code from ntpd and refactored many other parts. Still, the security audit earlier this year yielded 3 High, 1 Medium and 3 Low severity issues as well as raising 1 Informational matter. The testers comments again were telling:

“On the one hand, much cruft has been removed successfully, yet, on the other hand, the code shared between the two software projects bears tremendous similarities. The NTPsec project is still relatively young and a major release has not yet occurred, so the expectations are high for much more being done beforehand in terms of improvements. It must be mentioned, however, that the regression bug described in NTP-01-015 is particularly worrisome and raises concerns about the quality of the actions undertaken.

In sum, one can clearly discern the direction of the project and the pinpoint the maintainers’ focus on simplifying and streamlining the code base. While the state of security is evidently not optimal, there is a definite room for growth, code stability and overall security improvement as long as more time and efforts are invested into the matter prior to the official release of NTPsec.”

The NTPSec has made some significant technical progress but there is more work to do before the developers get to an official release. Even then, the history of the code may well haunt them for some time to come.

Chrony

Full report PDF

Unlike NTPSec, Chrony is not derived from the ntpd code but was implemented from scratch. It implements both client and server modes of the full NTPv4 protocol (as opposed to the simplified SNTP protocol), including operating as a Stratum 1 reference server, and was specifically designed to handle difficult conditions such as intermittent network connections, heavily congested networks and systems that do not run continuously (like laptops) or which run on a virtual machine. The development is currently supported by Red Hat Software and it is now the default NTP implementation on their distributions.

In the 20+ years that I’ve worked in the security industry I’ve read many security audits. The audit that the CII sponsored for Chrony was the first time that I’d used Cure53, and I had not seen any previous reports from them, so when I received the report on Chrony I was very surprised. So surprised that I stopped to email people who had worked with Cure53 to question their competence. When they assured me that the team was highly skilled and capable, I was astounded. Chrony withstood three skilled security testers for 11 days of solid testing and the result was just 2 Low severity issues (both of which have since been fixed). The test report stated:

“The overwhelmingly positive result of this security assignment performed by three Cure53 testers can be clearly inferred from a marginal number and low-risk nature of the findings amassed in this report. Withstanding eleven full days of on-remote testing in August of 2017 means that Chrony is robust, strong, and developed with security in mind. The software boasts sound design and is secure across all tested areas. It is quite safe to assume that untested software in the Chrony family is of a similarly exceptional quality. In general, the software proved to be well-structured and marked by the right abstractions at the appropriate locations. While the functional scope of the software is quite wide, the actual implementation is surprisingly elegant and of a minimal and just necessary complexity. In sum, the Chrony NTP software stands solid and can be seen as trustworthy.”

The head of Cure53, Dr. Mario Heiderich, indicated that it was very rare for the firm to produce a report with so few issues and that he was surprised that the software was so strong.

Of course just because the software is strong does not mean that it is invulnerable to attack, let alone free from bugs. What it does mean however is that Chrony is well designed, well implemented, well tested and benefits from the hindsight of decades of NTP implementation by others without bearing the burden of legacy code.

Conclusions

From a security standpoint (and here at the CII we are security people), Chrony was the clear winner between these three NTP implementations. Chrony does not have all of the bells and whistles that ntpd does, and it doesn’t implement every single option listed in the NTP specification, but for the vast majority of users this will not matter. If all you need is an NTP client or server (with or without reference clock), which is all that most people need, then its security benefits most likely outweigh any missing features.

Acknowledgements

The security audit on Chrony was funded by the CII but the Mozilla SOS project handled many of the logistics of getting the audit done and we are very grateful to Gervase Markham for his assistance. Mozilla SOS funded the audits of ntpd and NTPSec. All three audits were performed by Cure53.

This article originally appeared on the Core Infrastructure Initiative (CII) website.

This week in Linux and open source, Microsoft’s new CNCF membership represents the company’s ongoing love for open source, Adobe Flash is the subject of enthusiast rescue mission, and much more

1) Microsoft continues its Linux lovefest with new CNCF membership.

Microsoft Further Pledges Linux Loyalty by Joining Cloud Native Computing Foundation– Beta News

2) While Adobe is “mercy killing” Flash, enthusiasts are hoping for an open source lifeboat.

Adobe Flash Fans Want a Chance to Fix Its One Million Bugs Under an Open Source License– Gizmodo

3) A project intended to “develop open source technology and standards for “computational contracting” for the legal world that deploys blockchain technology” is getting ready for liftoff

Accord Project’s Consortium Launching First Legal ‘Smart Contracts’ With Hyperledger– Forbes

4) Version 60 of Google Chrome has been released for Linux and features security fixes, developer-related changes, and more

Google Chrome 60 Released for Linux, Mac, and Windows– Bleeping Computer

5) SambaCry doesn’t just favor Linux…

Creators Of SambaCry Linux Malware Also Have A Windows Backdoor Program– Forbes

The upcoming Open Source Summit NA — Sept. 11-14 in Los Angeles — offers many exciting keynote presentations and technical talks covering a wide array of topics, including cloud computing, containers, networking, diversity, and more. And, it’s also host to several co-located events that provide even more opportunities for collaboration and learning. Here are some of the events taking place.

Hacking for Humanity — A Social Innovation Hackathon with Girls in Tech

The Linux Foundation has teamed up with Girls in Tech Los Angeles for a unique two-day hackathon program to tackle global challenges. We invite women and men across all fields, including developers, designers, product developers, and entrepreneurs to participate.

Date/Time: Thursday, September 14, 10:00 am – Friday, September 15, 6:00 pm

Location: Plaza I/II, JW Marriott LA Live

Registration Cost: Complimentary. Register Here!

How to Build Habit-Forming Products Workshop

Learn how to build repeat engagement in this in-depth product development strategy workshop presented by Nir Eyal, author of Hooked: How to Build Habit-Forming Products. Eyal has constructed a practical framework and process for designing better products that gives product managers, designers, and marketers a new way for thinking of the necessary components of changing user behavior. Although no previous background is required, attendees are encouraged to come to the workshop with a product or business idea in mind.

Date: Thursday, September 14

Time: 6:30 – 9:30 pm

Location: Georgia I-II, JW Marriott LA Live

Registration Cost: $199 USD. Click here to register!

Kubernetes Core Concepts Live Training

This one-day course presented by Sebastien Goasguen serves as a crash course to learn the basics of Kubernetes. It is suitable for beginners and aimed at developers and system administrators who want to get started with Kubernetes. You will discover the Kubernetes architecture and how to install it. You will then learn how to use its basic primitives (i.e., pods, deployments and services) to build your own distributed application.

The course will be a mix of lectures, demos and hands-on exercises aimed at administrators and application developers who want to understand the overall architecture of a Kubernetes cluster and learn how to use Docker images in a Kubernetes cluster.

Date: Thursday, September 14

Time: 8:30 am – 5:00 pm

Location: Olympic 1, JW Marriott LA Live

Registration Cost: $429 USD. Pre-registration is required. Add this training to your existing Open Source Summit NA registration here.

Linux Security Summit

The Linux Security Summit (LSS) is a technical forum for collaboration between Linux developers, researchers, and end users. Its primary aim is to foster community efforts in analyzing and solving Linux security challenges.

Date: Thursday, September 14 – Friday, September 15

Time: 9:00 am – 5:00 pm (subject to change)

Location: Gold 4, JW Marriott LA Live

Registration Cost: $100 USD. You can add Linux Security Summit to your existing registration here. If you would like to attend Linux Security Summit only, please register here.

Moby Summit

The Moby Summit is a small collaborative event taking place on Thursday, September 14 alongside Open Source Summit North America. This summit is for container users who are actively maintaining, contributing or generally involved in the design and development of the Moby Project and its components: runC/ containerd, LinuxKit, Infrakit, SwarmKit, HyperKit, DataKit, VPNKit, Notary, libnetwork, etc.

Date: Thursday, September 14

Time: 8:00 am – 7:00 pm

Location: Diamond Ballroom 8/9/10, JW Marriott LA Live

Registration Cost: Purchase tickets for Moby Summit here! All revenue from ticket sales will be donated to a non-profit organization promoting diversity in the tech industry.

Open Source Entrepreneur Network Symposium

This one-day symposium is presented by John Mark Walker, Founder, Open Source Entrepreneur Network. Everyone uses open source now. It’s not so much a question of whether you use open source but how you optimize your usage and contributions. In this symposium, we will discuss the myriad of business models for selling open source-based products and services, investigate potential legal landmines around contributing to and using open source software, and look at best practices for incorporating the best of upstream open source innovation into your organization.

Date: Thursday, September 14

Time: 9:00 am – 4:00 pm

Location: Georgia I-II, JW Marriott LA Live

Registration Cost: $150 USD. Pre-registration is required. Add this symposium to your existing Open Source Summit NA registration here.

You can see the full schedule for Open Source Summit here.

Save $150 through July 30. Linux.com readers save an additional $47 with discount code LINUXRD5. Register now!

This week in open source and Linux news, GitHub takes their Friday enthusiasm beyond casual Friday in creating a weekly “Open Source Day”, a new Linux Foundation Project was announced, and much more! Read on, stay open-source-informed.

1) GitHub encourages companies to devote time every Friday for their employees to work on open source projects. 

GitHub Declares Every Friday Open Source Day– VentureBeat

2) New Linux Foundation Project focuses on centralizing security services orchestration for multi-cloud environments.

Open Security Controller: Security Service Orchestration for Multi-Cloud Environments– HelpNetSecurity

3) Linux Foundation Projects top list of open source networking projects

10 Most Important Open Source Networking Projects– NetworkWorld

4) “Dan Cauchy, Executive Director of Automotive Grade Linux explains how open source can be key to establishing future industry standards.”

The Linux Foundation Explains the Importance of Open Source in Autonomous, Connected Cars– Digit

5) Hackers have turned their attention towards attacking IoT devices running open-source operating systems.

Linux Malware Gaining Favor Among Cybercriminals– SCMagazine

This week in Linux and open source news, The Linux Foundation’s ever-popular “Intro to Linux” MOOC is selected as one of the top courses of 2017, Cloud Foundry gains new Gold Member in Microsoft, and more! Read on and stay in the open source know!

1) Linux Foundation Training’s “Intro to Linux” edX course picked as one of TechRadar’s top Linux training providers, 2017.

The Best Linux Training Providers 2017– TechRadar

2) Cloud Foundry announces new Microsoft membership, giving the former as the opportunity to offer an executive candidate for one of two gold seats on the Cloud Foundry board of directors.

Microsoft Joins Cloud Foundry Foundation as Gold Member, Strengthens Open Source Push– Cloud Tech

3) A new strain called Linux.MulDrop.14 is infecting Raspberry Pi devices, allowing attackers to take advantage of poor security to “generate money from nothing.”

Raspberry Pi Devices Transformed into Cryptocurrency Miners by Linux Malware– betanews

4) “Munich’s Green Party says the recent WannaCry ransomware attacks on Windows machines worldwide highlight the danger of the city abandoning its Linux-based OS.”

Swapping Linux for Windows in Munich Too Risky After WannaCry Attacks, Warn Greens– TechRepublic

5) While enterprises continue the positive shift towards open source, management efficacy and security isn’t keeping pace.

Open-Source Software Management Fails to Meet Security Concerns– ZDNet

This week in open source and Linux news, Toyota’s 2018 Camry to feature Automotive Grade Linux (AGL) infotainment system, older Raspberry Pis risk vulnerability without updating, and more. Read on!

1) Toyota has adopted the Automotive Grade Linux (AGL) platform for its infotainment systems. The 2018 Toyota Camry will be their first vehicle to have it preinstalled.

Toyota Moves to Automotive Grade Linux for Infotainment – BlackBerry Hits Back– IoTNews

2) Older Raspberry Pi devices may be more vulnerable to the malware if they haven’t been updated in a while.

Linux Malware Enslaves Raspberry Pi to Mine Cryptocurrency– ZDNet

3) Toyota’s decision not to offer Apple CarPlay or Andriod Auto, favoring a Linux system. What will this mean for proprietary software fans?

Toyota owners to get Linux system instead of Apple CarPlay, Android Auto. Hooray?– The Car Connection

4) “[Red Hat Summit & OpenStack Summit] brought unique open source perspectives as a business and as a community.”

Red Hat Summit And OpenStack Summit: Two Weeks Of Open Source Software In Boston– Forbes

5) Eric S Raymond has brought back Colossal Cave Adventure as an open source program.

​One of the First Computer Games Is Born Again in Open Source– ZDNet