ArsTechnica-OpenSource

Subscribe to ArsTechnica-OpenSource feed ArsTechnica-OpenSource
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 14 min 29 sec ago

Microsoft quietly snuck an ssh client and server into latest Windows 10 update

Thu, 12/14/2017 - 12:38pm

Enlarge (credit: Liz West)

In 2015, Microsoft announced its intent to bring OpenSSH, the widely used implementation of the secure shell (ssh) protocol used for remote system access and administration throughout the UNIX world, natively to Windows. Without too many people noticing, it turns out that the company has now done this. The Windows 10 Fall Creators Update adds a couple of optional features, with both client and server now available for installation (via Serve The Home).

Add the feature from the Optional Features settings page and, well... I think it works, but I'm not entirely sure because I can't make it work. It can't use my RSA key—Microsoft's issues list on GitHub says that only ed25519 keys are supported at present—but my ed25519 key isn't working either. I have seen people successfully use it with password authentication, but I don't have a password-authenticated server to actually test with right now. Both my keys work fine from Windows Subsystem for Linux ssh, so I'm confident that they're fine; the native Win32 program just doesn't like them for reasons that aren't at all obvious at this time.

I'm sure that eventually the wrinkles will be fixed. This is a beta and it's not installed by default, so hiccups aren't a huge surprise. But it's another little sign that Microsoft is continuing to embrace the wider world beyond Windows. I don't expect that ssh will become the main tool for administration of Windows machines any time soon—though with the ssh server and PowerShell, even that isn't impossible to imagine—but when this works, it's going to make connecting to and using other systems from Windows that bit more convenient.

Read 1 remaining paragraphs | Comments

Chrome 63 offers even more protection from malicious sites, using even more memory

Thu, 12/07/2017 - 4:50pm

Enlarge / You might need more of this stuff if you want to use Chrome's new Site Isolation mode. Well, not this stuff exactly; it's RAM from a very obsolete VAX computer. (credit: Kevin Stanchfield)

To further increase its enterprise appeal, Chrome 63—which hit the browser's stable release channel yesterday—includes a couple of new security enhancements aimed particularly at the corporate market.

The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another.

Chrome's default model is, approximately, to use one process per tab. This more or less ensures that unrelated sites are kept in separate processes, but there are nuances to this set-up. Pages share a process if they are related through, for example, one opening another with JavaScript or iframes embedding (wherein one page is included as content within another page). Over the course of a single browsing session, one tab may be used to visit multiple different domains; they'll all potentially be opened within a single process. On top of this, if there are already too many Chrome processes running, Chrome will start opening new pages within existing processes, resulting in even unrelated pages sharing a process.

Read 5 remaining paragraphs | Comments

Ubuntu 17.10: Return of the GNOME

Mon, 11/27/2017 - 7:30am

Canonical's video introduction to Ubuntu 17.10


If you've been following the Linux world at all, you know this has been an entire year for spring cleaning. Early in 2017, Canonical stopped work on its homegrown Unity desktop, Mir display server, and its larger vision of "convergence"—a unified interface for Ubuntu for phones, tablets, and desktops.

And now almost exactly six years after Ubuntu first switched from GNOME 2 to the Unity desktop, that has been dropped, too. The distro is back to GNOME, and Canonical recently released Ubuntu 17.10, a major update with some significant changes coming to the popular Ubuntu Linux operating system.

In light of the GNOME switch, this release seems like more of a homecoming than an entirely new voyage. But that said, Ubuntu 17.10 simultaneously feels very much like the start of a new voyage for Ubuntu. The last few Ubuntu desktop releases have been about as exciting as OpenSSH releases—you know you need to update, but beyond that, no one really cares. Sure, there have been a few feature updates with each new numeric increment, perhaps some slightly more up-to-date GNOME and GTK components under the hood. But by and large, Ubuntu's Unity 7 desktop has been in maintenance mode for several years.

Read 34 remaining paragraphs | Comments

Microsoft and GitHub team up to take Git virtual file system to macOS, Linux

Thu, 11/16/2017 - 6:15pm

Enlarge (credit: Git)

One of the more surprising stories of the past year was Microsoft's announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client.

That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux.

Microsoft wanted to move to Git because of Git's features, like its easy branching and its popularity among developers. But the transition faced three problems. Git wasn't designed for such vast numbers of developers—more than 20,000 actively working on the codebase. Also, Git wasn't designed for a codebase that was so large, either in terms of the number of files and version history for each file, or in terms of sheer size, coming in at more than 300GB. When using standard Git, working with the source repository was unacceptably slow. Common operations (such as checking which files have been modified) would take multiple minutes.

Read 7 remaining paragraphs | Comments

New “Quad9” DNS service blocks malicious domains for everyone

Thu, 11/16/2017 - 5:05pm

Enlarge / All you really have to do is set your DNS to 9.9.9.9. (credit: GCA/ Quad9)

The Global Cyber Alliance (GCA)—an organization founded by law enforcement and research organizations to help reduce cyber-crime—has partnered with IBM and Packet Clearing House to launch a free public Domain Name Service system. That system is intended to block domains associated with botnets, phishing attacks, and other malicious Internet hosts—primarily targeted at organizations that don't run their own DNS blacklisting and whitelisting services. Called Quad9 (after the 9.9.9.9 Internet Protocol address the service has obtained), the service works like any other public DNS server (such as Google's), except that it won't return name resolutions for sites that are identified via threat feeds the service aggregates daily.

"Anyone anywhere can use it," said Phil Rettinger, GCA's president and chief operating officer, in an interview with Ars. The service, he says, will be "privacy sensitive," with no logging of the addresses making DNS requests—"we will keep only [rough] geolocation data," he said, for the purposes of tracking the spread of requests associated with particular malicious domains. "We're anonymizing the data, sacrificing on the side of privacy."

Intelligence on malicious domains comes from 19 threat feeds—one of which is IBM's X-Force. Adnan Baykal, GCA's Chief Technical Advisor, told Ars that the service pulls in these threat feeds in whatever format they are published in, and it converts them into a database that is then de-duplicated. Quad9 also generates a whitelist of domains never to block; it uses a list of the top one million requested domains. During development, Quad9 used Alexa, but now that Alexa's top million sites list is no longer being maintained, Baykal said that GCA and its partners had to turn to an alternative source for the data—the Majestic Million daily top-million sites feed.

Read 6 remaining paragraphs | Comments

Lunera turns lights into an “ambient cloud” of distributed Linux servers

Wed, 11/15/2017 - 3:25pm

Enlarge / We'll keep the cloud on for you. (credit: Lunera)

The Internet of Things is a powerful concept, especially in the industrial world—but it's also full of potential security disasters and hidden computing and networking costs. But what if all you had to do to create a secure network of distributed Linux systems—complete with location awareness and custom application support capable of supporting location-based applications like asset tracking, robotic delivery, and "smart rooms"—was to change the lightbulbs?

That's the concept behind Lunera's Smart Lamps. These LED-based replacements for fluorescent and other commercial lighting systems also have a full Linux server with Wi-Fi and Bluetooth, 2 gigabytes of RAM, and 2 gigabytes of Flash storage embedded in their end-caps. The Bluetooth capability includes iBeacon micro-location services—enabling retail, medical, and industrial location services. And the Wi-Fi "enables Wi-Fi network monitoring and also extending the Wi-Fi mesh," CEO John Bruggeman explained in an interview with Ars. "Wi-Fi and Bluetooth are like electricity and water for the digital experience."

Lunera had previously shipped LED replacements for commercial lighting system tubes and lamps, including fluorescent and high-pressure sodium (HPS) bulbs. But the new Smart Lamps carry quad-core, 700 MhZ ARM-based processors with memory and storage on the same die. Configurable with a mobile application and controlled through a cloud portal via a dedicated virtual private network, Lunera's smart lamps can sense each other and create a location-sensitive wireless network mesh using Bluetooth iBeacons—a mesh that can be mapped to CAD drawings of commercial facilities' lighting systems. And these lamps can run Docker containers, allowing anyone to develop applications that leverage location and Wi-Fi services and what Bruggeman describes as "ambient compute services."

Read 7 remaining paragraphs | Comments

MariaDB coming to Azure, as Microsoft joins the MariaDB Foundation

Wed, 11/15/2017 - 10:00am

Enlarge (credit: MariaDB Foundation)

NEW YORK CITY: On the first day of its Connect developer conference, Microsoft announced that it is joining the MariaDB Foundation, the group that oversees the development of the MariaDB database.

Connect is Microsoft's other annual developer conference. The big conference, Build, takes place each spring and covers the breadth of Microsoft-related development, from Windows to Azure to Office to HoloLens. Connect has tended to have something of an open source, database, and cloud spin to it. At Connect last year, Microsoft announced that it was joining the Linux Foundation. In years prior, the company has used the event to announce the open sourcing of Visual Studio Code and, before that, .net.

MariaDB is a fork of the MySQL database that's developed and maintained by many of the original MySQL contributors. In 2008, Sun Microsystems bought MySQL AB, the company that developed and created MySQL. In 2009, Oracle announced its plans to buy Sun, creating fear in the community about MySQL's future as a successful, community-developed, open-source project. To ensure that the database would continue development in spite of the purchase, the MariaDB fork was created in 2009. The subsequent development of MySQL arguably justifies those fears; while Oracle still publishes source code, the development itself happens behind closed doors, with minimal outside contributions.

Read 5 remaining paragraphs | Comments

Firefox’s faster, slicker, slimmer Quantum edition now out

Tue, 11/14/2017 - 9:00am

Firefox is fast now. (credit: Mozilla)

Mozilla is working on a major overhaul of its Firefox browser, and, with the general release of Firefox 57 today, has reached a major milestone. The version of the browser coming out today has a sleek new interface and, under the hood, major performance enhancements, with Mozilla claiming that it's as much as twice as fast as it was a year ago. Not only should it be faster to load and render pages, but its user interface should remain quick and responsive even under heavy load with hundreds of tabs.

Collectively, the performance work being done to modernize Firefox is called Project Quantum. We took a closer look at Quantum back when Firefox 57 hit the developer channel in September, but the short version is, Mozilla is rebuilding core parts of the browser, such as how it handles CSS stylesheets, how it draws pages on-screen, and how it uses the GPU.

This work is being motivated by a few things. First, the Web has changed since many parts of Firefox were initially designed and developed; pages are more dynamic in structure and applications are richer and more graphically intensive. JavaScript is also more complex and difficult to debug. Second, computers now have many cores and simultaneous threads, giving them much greater scope to work in parallel. And security remains a pressing concern, prompting the use of new techniques to protect against exploitation. Some of the rebuilt portions are even using Mozilla's new Rust programming language, which is designed to offer improved security compared to C++.

Read 1 remaining paragraphs | Comments

Firefox takes a Quantum leap forward with new developer edition

Tue, 09/26/2017 - 11:50am

Enlarge (credit: Aurich / Getty)

Earlier this year we wrote about Project Quantum, Mozilla's work to modernize Firefox and rebuild it to handle the needs of the modern Web.

Today, that work takes a big step toward the mainstream with the release of the new Firefox 57 developer edition. The old Firefox developer edition was based on the alpha-quality Aurora channel, which was two versions ahead of the stable version. In April, Mozilla scrapped the Aurora channel, and the developer edition moved to being based on the beta channel. The developer edition is used by a few hundred thousand users each month and is for the most part identical to the beta, except it has a different theme by default—a dark theme instead of the normal light one—and changes a few default settings in ways that developers tend to prefer.

That theme is a good place to start. The new user interface, named Photon, brings with it square tabs and a much more conventional main menu. The current curvy tabs were met with outrage on their introduction in 2014, so the reversion to square tabs will, frankly, probably be met with outrage, but the look is clean and precise. There's also a new tab page that adds recommended stories to the usual list of your most-visited sites.

Read 12 remaining paragraphs | Comments