Linux Care, Testing, and Feeding
The top Linux story today is a new announcement on the PR wire heralding the coming of no downtime kernel updates. Jamie Watson has another new laptop and tested several Linux flavors on it. OpenSSL gets another long awaited security fix and a Heartbleed-like flaw has been found to be a hoax. And our final story today, Dr. Dobbs thinks he's identified the heart of the problem in the Open Source community.
The PR announcement read:
With KernelCare, now available from CloudLinux, scheduled outages for security patches on Linux servers are now a thing of the past, giving organizations real-time updates.
KernelCare automatically applies Linux server security updates without having to re-boot, freeing technical personnel from the laborious process that takes several minutes for every server, several times a year.
CloudLinux OS is a CentOS derivative for hosting providers and home cloud users. KernelCare isn't open source and there have been other programs before it, but it's another choice in toolbox.
ZDNet blogger Jamie Watson recently bought another little notebook and spent a bit getting Windows to work on it. So, now he's run a few Linux distributions on it and has published his report. Watson tested openSuSE 13.1, Fedora 20, and Linux Mint 16 and found that they all did really well on the Acer Aspire V5-131, but read his full post for all the details.
eWeek is reporting that a four year old bug has finally been fixed in OpenSSL. Another was patched at the same time and both were classified as medium severity. See Sean Michael Kerner's full coverage for all the details.
In related news, PCWorld is reporting on that hackers claiming to found a critical exploit in OpenSSH were trying to get folks to pony up for the details. Theo de Raadt, founder of OpenBSD, says there is no evidence that any such vulnerability exists and that these kinds of claims crop up about every six months or so.
The root cause is a fundamental conflict at the heart of open source: the opposing forces of building community vs. deriving a sustainable level of revenue from an open-source project.