snydeq writes Desktop workloads and server workloads have different needs, and it's high time Linux consider a split to more adequately address them, writes Deep End's Paul Venezia. You can take a Linux installation of nearly any distribution and turn it into a server, then back into a workstation by installing and uninstalling various packages. The OS core remains the same, and the stability and performance will be roughly the same, assuming you tune they system along the way. Those two workloads are very different, however, and as computing power continues to increase, the workloads are diverging even more. Maybe it's time Linux is split in two. I suggested this possibility last week when discussing systemd (or that FreeBSD could see higher server adoption), but it's more than systemd coming into play here. It's from the bootloader all the way up. The more we see Linux distributions trying to offer chimera-like operating systems that can be a server or a desktop at a whim, the more we tend to see the dilution of both. You can run stock Debian Jessie on your laptop or on a 64-way server. Does it not make sense to concentrate all efforts on one or the other?"

David Klann works with Driftless Radio, call letters WDRT, in Wisconsin. This is community radio, with no huge advertisers or morning shock jocks with names like Bobba the Fet Sponge. They use open source software for just about everything except accounting, and that includes processing their audio for both OTA (Over the Air) and online streaming. Their transmitter runs a "stripped down" version of Debian, and David is proud that they had 3 1/2 years of uptime -- that only ended when David did a kernel upgrade that forced a reboot. (Alternate Video Link)

DeviceGuru (1136715) writes "In a bid to harness the energy and enthusiasm swirling around today's open, hackable single board computers, Imagination Technologies, licensor of the MIPS ISA, has unveiled the Creator C120 development board, the ISA's counter to ARM's popular Raspberry Pi and BeagleBone Black SBCs. The MIPS dev board is based on a 1.2GHz dual-core MIPS32 system-on-chip and has 1GB RAM and 8GB flash, and there's also an SD card slot for expansion. Ports include video, audio, Ethernet, both WiFi and Bluetooth 4.0, and a bunch more. OS images are already available for Debian 7, Gentoo, Yocto, and Arch Linux, and Android v4.4 is expected to be available soon. Perhaps the most interesting feature of the board is that there's no pricing listed yet, because the company is starting out by giving the boards away free to developers who submit the most interesting projects."

jjoelc (1589361) writes One year after their last release "Luna", Elementary OS (a Linux distribution with a very heavy emphasis on design and usability which draws a lot of comparisons to Mac OS X) Has released the public beta of their latest version "Freya." Using core components from Ubuntu 14.04, "Freya" sports many improvements including the usual newer kernel, better hardware support and newer libraries.Other updates include a GSignon-based online accounts system, improved searches, Grub-free uEFI booting, GTK+ 3.12, an updated theme, and much more. This being a beta, the usual warnings apply, but I would also point out that the Elementary OS Team also has over $5,000 worth of bugs still available on Bountysource which can be a great way to contribute to the project and make a little dough while you are at it.

hypnosec (2231454) writes to point out a pointed critique from Linus Torvalds of GCC 4.9.0. after a random panic was discovered in a load balance function in Linux 3.16-rc6. in an email to the Linux kernel mailing list outlining two separate but possibly related bugs, Linus describes the compiler as "terminally broken," and worse ("pure and utter sh*t," only with no asterisk). A slice: "Lookie here, your compiler does some absolutely insane things with the spilling, including spilling a *constant*. For chrissake, that compiler shouldn't have been allowed to graduate from kindergarten. We're talking "sloth that was dropped on the head as a baby" level retardation levels here .... Anyway, this is not a kernel bug. This is your compiler creating completely broken code. We may need to add a warning to make sure nobody compiles with gcc-4.9.0, and the Debian people should probably downgrate their shiny new compiler."

New submitter I Ate A Candle (3762149) writes Tails OS, the Tor-reliant privacy-focused operating system made famous by Edward Snowden, contains a number of zero-day vulnerabilities that could be used to take control of the OS and execute code remotely. At least that's according to zero-day exploit seller Exodus Intelligence, which counts DARPA amongst its customer base. The company plans to tell the Tails team about the issues "in due time", said Aaron Portnoy, co-founder and vice president of Exodus, but it isn't giving any information on a disclosure timeline. This means users of Tails are in danger of being de-anonymised. Even version 1.1, which hit public release today (22 July 2014), is affected. Snowden famously used Tails to manage the NSA files. The OS can be held on a USB stick and leaves no trace once removed from the drive. It uses the Tor network to avoid identification of the user, but such protections may be undone by the zero-day exploits Exodus holds.

An anonymous reader writes VolksPC who developed MicroXwin as a lightweight X Window Server has come up with their own Linux distribution. Setting apart VolksPC's distribution from others is that it's based on both Debian and Android and has the capability to run Debian/Ubuntu/Android apps together in a native ARM experience. The implementation doesn't depend on VNC or other similar solutions of the past that have tried to join desktop apps with mobile Android apps. This distribution is also reportedly compatible with all Android applications. The distribution is expected to begin shipping on an ARM mini-PC stick.

Qbertino (265505) writes I've been rummaging around on old backups and cleaning out my stuff and have once again run into my expert-like paranoid backups and keepsakes from back in the days (2001). I've got, among other things, a full set of Debian 3 CDs, an original StarOffice 6.0 CD including a huge manual in mint condition, Corel Draw 9 for Linux, the original box & CDs — yes it ran on a custom wine setup, but it ran well, I did professional design and print work with it.

I've got more of other stuff lying around, including the manuals to run it. Loki Softs Tribes 2, Kohan, Rune, and the original Unreal Tournament for Linux have me itching too. :-)

I was wondering if it would be possible to do an old 2001ish setup of a Linux workstation on some modern super cheap, super small PC (Raspberry Pi? Mini USB PC?), install all the stuff and give it a spin. What problems should I expect? VESA and Soundblaster drivers I'd expect to work, but what's with the IDE HDD drivers? How well does vintage Linux software from 2003 play with todays cheap system-on-board MicroPCs? What's with the USB stuff? Wouldn't the install expect the IO devices hooked on legacy ports? Have you tried running 10-15 year old Linux setups on devices like these and what are your experiences? What do you recommend?

A while ago you had the chance to ask programmer and open source advocate Bruce Perens about the future of open source, its role in government, and a number of other questions. Below you'll find his answers and an update on what he's doing now.

An anonymous reader writes "Valve left many OEMs hanging when they delayed Steam machines until sometime next year to work out their controller issues. Many of these companies excitedly showed off new Steam machine hardware that they cannot ship, so Alienware has been the first to re-purpose its Debian-based Steam machine to be a Windows-based Steam machine bundled with an Xbox controller. While Windows 8.x has not been particularly well-received it does support a lot more games than Linux and when configured to boot straight into Steam Big Picture mode the influence of the underlying OS is visible only in the larger game library."

An anonymous reader writes "You might recall the Debian port that is coming to OpenRISC (which is by the way making good progress with 5000 packages building) — Olof, a developer on the OpenRISC project, recently posted a lengthy status update about what's going on with OpenRISC. A few highlights are upstreamed binutils support, multicore becoming a thing, atomic operations, and a new build system for System-on-Chips."

First time accepted submitter systemDead (3645325) writes "I looked mostly with disinterest at Debian's decision last February to switch to systemd as the default init system for their future operating system releases. The Debian GNU/Linux distribution is, after all, famous for allowing users greater freedom to choose what system components they want to install. This appeared to be the case with the init system, given the presence of packages such as sysvinit-core, upstart, and even openrc as alternatives to systemd.

Unfortunately, while still theoretically possible, installing an alternative init system means doing without a number of useful, even essential system programs. By design, systemd appears to be a full-blown everything-including-the-kitchen-sink solution to the relatively simple problem of starting up a Unix-like system. Systemd, for example, is a hard-coded dependency for installing Network Manager, probably the most user-friendly way for a desktop Linux system to connect to a wireless or wired network. Just this week, I woke up to find out that systemd had become a dependency for running PolicyKit, the suite of programs responsible for user privileges and permissions in a typical Linux desktop.

I was able to replace Network Manager with connman, a lightweight program originally developed for mobile devices. But with systemd infecting even the PolicyKit framework, I find myself faced with a dilemma. Should I just let systemd take over my entire system, or should I retreat to my old terminal-based computing in the hope that the horde of the systemDead don't take over the Linux kernel itself?

What are your plans for working with or working around systemd? Are there any mainstream GNU/Linux distros that haven't adopted and have no plans of migrating to systemd? Or is migrating to one of the bigger BSD systems the better and more future-proof solution?"

Eben Moglen's FreedomBox concept (personal servers for everyone to enable private communication) is getting closer to being an easy-to-install reality: all packages needed for FreedomBox are now in Debian's unstable branch, and should be migrating to testing in a week or two. Quoting Petter Reinholdtsen: "Today, the last of the packages currently used by the project to created the system images were accepted into Debian Unstable. It was the freedombox-setup package, which is used to configure the images during build and on the first boot. Now all one need to get going is the build code from the freedom-maker git repository and packages from Debian. And once the freedombox-setup package enter testing, we can build everything directly from Debian. :) Some key packages used by Freedombox are freedombox-setup, plinth, pagekite, tor, privoxy, owncloud, and dnsmasq. There are plans to integrate more packages into the setup. User documentation is maintained on the Debian wiki." You can create your own image with only three commands, at least if you have a DreamPlug or Raspberry Pi (you could also help port it to other platforms).

bennyboy64 (1437419) writes "Ever since the Heartbleed flaw in OpenSSL was made public there have been various questions about who knew what and when. The Sydney Morning Herald has done some analysis of public mailing lists and talked to those involved with disclosing the bug to get the bottom of it. The newspaper finds that Google discovered Heartbleed on or before March 21 and notified OpenSSL on April 1. Other key dates include Finnish security testing firm Codenomicon discovering the flaw independently of Google at 23:30 PDT, April 3. SuSE, Debian, FreeBSD and AltLinux all got a heads up from Red Hat about the flaw in the early hours of April 7 — a few hours before it was made public. Ubuntu, Gentoo and Chromium attempted to get a heads up by responding to an email with few details about it but didn't, as the guy at Red Hat sending the disclosure messages out in India went to bed. By the time he woke up, Codenomicon had reported the bug to OpenSSL."

An anonymous reader writes "For the last 6 weeks the Debian developers have had an election to determine the new Debian Project Leader. The election is now over and Lucas Nussbaum was re-elected. As always in Debian, the result of the voting was found using the Condorcet method."

Bismillah (993337) writes "A potentially very serious bug in OpenSSL 1.0.1 and 1.0.2 beta has been discovered that can leak just about any information, from keys to content. Better yet, it appears to have been introduced in 2011, and known since March 2012." Quoting the security advisory: "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server." The attack may be repeated and it appears trivial to acquire the host's private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian's fix is in incoming and should hit mirrors soon, Fedora is having some trouble applying their patches, but a workaround patch to the package .spec (disabling heartbeats) is available for immediate application.

According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple's iOS (and which Apple has since fixed). Says the article:"The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical 'goto fail' flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug." And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

Bruce Perens is a computer programmer and one of the most important advocates for the open source community. He co-founded the Open Source Initiative with ESR and has worked towards reforms of national and international technology policies. He is an amateur radio enthusiast, and has pushed for open radio communication standards. He is also our interview guest today. As usual, ask as many questions as you'd like, but please, one per post.

An anonymous reader writes "My eastern European tech-support job will be outsourced in 6 months to a nearby country. I do not wish to move, having relationship and roots here, and as such I stand at a crossroads. I could take my current hobby more seriously and focus on Java development. I have no degree, no professional experience in the field, and as such, I do not hold much market value for an employer. However, I find joy in the creative problem solving that programming provides. Seeing the cogs finally turn after hours invested gives me pleasures my mundane work could never do. The second option is Linux system administration with a specialization in VMware virtualisation. I have no certificates, but I have been around enterprise environments (with limited support of VMware) for 21 months now, so at the end of my contract with 27 months under my belt, I could convince a company to hire me based on willingness to learn and improve. All the literature is freely available, and I've been playing with VDIs in Debian already.

My situation is as follows: all living expenses except food, luxuries and entertainment is covered by the wage of my girlfriend. That would leave me in a situation where we would be financially alright, but not well off, if I were to earn significantly less than I do now. I am convinced that I would be able to make it in system administration, however, that is not my passion. I am at an age where children are not a concern, and risks seem to be, at first sight, easier to take. I would like to hear the opinion and experience of fellow readers who might have been in a similar situation."

Via Bits from Debian, comes news that the security team is considering adding a Long Term Support suite for Squeeze (Debian 6) after Jessie (Debian 8) is released sometime next year. From the mailing list post: "At the moment it seems likely that an extended security support timespan for squeeze is possible. The plan is to go ahead, sort out the details as as it happens, and see how this works out and whether it is going to be continued with wheezy. The rough draft is that updates will be delivered via a separate suite (e.g. squeeze-lts), where everyone in the Debian keyring can upload in order to minimise bottlenecks and allow contributions by all interested parties. Some packages will be exempted upfront due to their volatile nature (e.g. some web applications) and others might be expected to see important changes. The LTS suite will be limited to amd64 and i386. The exact procedures will be sorted out soon and announced in a separate mail. ... It needs to be pointed out that for this effort to be sustainable actual contributions by interested parties are required. squeeze-lts is not something that will magically fall from the sky. If you're dependent/interested in extended security support you should make an effort to contribute." If successful, the LTS idea would possibly be carried over to Wheezy. With all of the changes coming in Jessie and its aggressive release schedule, this sysadmin really likes the idea of having a bit more breathing room for updating infrastructure between releases. The email also contains a bunch of other info on changes coming to the security process.

In related news, the Debian Installer team announced the first alpha of debian-installer for Jessie. Just the installer, not the distro as a whole (Jessie will be frozen in November). XFCE remains the default desktop, ia64 was kicked out of the archive, and a few new ARM variants are supported.