Official x86 Zhaoxin Processor Support Is Coming With Linux 5.3

Zhaoxin is the company producing Chinese x86 CPUs created by a joint venture between VIA and the Shanghai government. The current Zhaoxin ZX CPUs are based on VIA's Isaiah design and making use of VIA's x86 license. With the Linux 5.3 kernel will be better support for these Chinese desktop x86 CPUs. Future designs of the Zhaoxin processors call for 7nm manufacturing, PCI Express 4.0, DDR5, and other features to put it on parity with modern Intel and AMD CPUs. It remains to be seen how well that will work out, but certainly seems to be moving along in the desktop/consumer space for Chinese-built x86 CPUs while in the server space there's the Hygon Dhyana EPYC-based processors filling the space for Chinese servers.

Security Leftovers

• OpenSSH adds protection against Spectre, Meltdown, RAMBleed

  OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private keys from memory.

• How to take the pain out of patching Linux and Windows systems at scale

  Patching can be manually intensive and time-consuming, requiring large amounts of coordination and processes. Tony Green gives the best tips.

• Removal of IBRS mitigation for Spectre Variant2

  As the Meltdown and Spectre attacks were published begin of January 2018, several mitigations were planned and implemented for Spectre Variant 2.

• Go and FIPS 140-2 on Red Hat Enterprise Linux

  Red Hat provides the Go programming language to Red Hat Enterprise Linux customers via the go-toolset package. If this package is new to you, and you want to learn more, check out some of the previous articles that have been written for some background. The go-toolset package is currently shipping Go version 1.11.x, with Red Hat planning to ship 1.12.x in Fall 2019. Currently, the go-toolset package only provides the Go toolchain (e.g., the compiler and associated tools like gofmt); however, we are looking into adding other tools to provide a more complete and full-featured Go development environment. In this article, I will talk about some of the improvements, changes, and exciting new features for go-toolset that we have been working on. These changes bring many upstream improvements and CVE fixes, as well as new features that we have been developing internally alongside upstream.

• Check your password security with Have I Been Pwned? and pass

  Password security involves a broad set of practices, and not all of them are appropriate or possible for everyone. Therefore, the best strategy is to develop a threat model by thinking through your most significant risks—who and what you are protecting against—then model your security approach on the activities that are most effective against those specific threats. The Electronic Frontier Foundation (EFF) has a great series on threat modeling that I encourage everyone to read. In my threat model, I am very concerned about the security of my passwords against (among other things) dictionary attacks, in which an attacker uses a list of likely or known passwords to try to break into a system. One way to stop dictionary attacks is to have your service provider rate-limit or deny login attempts after a certain number of failures. Another way is not to use passwords in the "known passwords" dataset.

SUSE: Release of SUSE CaaS Platform, SUSE Enterprise Storage, SUSE Linux Enterprise 15 Service Pack 1 and More

• SUSE CaaS Platform 4.0 Beta 3 is out!

  SUSE CaaS Platform 4.0 is built on top of SLE 15 SP1 and requires either the JeOS version shipped from the product repositories or a regular SLE 15 SP1 installation. Please note that SLE 15 SP1 is now officially out! Check out the official announcement for more information. Thus you should not use a SLES 15 SP1 environment with the SLE Beta Registration Code anymore. Because the SLE Beta Registration Code has expired now, but you can either use your regular SLE Registration Code or use a Trial.

• SUSE Enterprise Storage 6 Now Available

  With the current increase in data creation, increased costs and flat to lower budgets, IT organizations are looking for ways to deploy highly scalable and resilient storage solutions that manage data growth and complexity, reduce costs and seamlessly adapt to changing demands. Today we are pleased to announce the general availability of SUSE Enterprise Storage 6, the latest release of the award-winning SUSE software-defined storage solution designed to meet the demands of the data explosion.

• What’s New for SUSE Linux Enterprise Server for Arm 15 SP1

  Happy Birthday! It’s been 1 year since we introduced the world’s first multimodal OS supporting 64-bit Arm systems (AArch64 architecture), SUSE Linux Enterprise Server for Arm 15. Enterprise early adopters and developers of Ceph-based storage and industrial automation systems can gain faster time to market for innovative Arm-based server and Internet of Things (IoT) solutions. SUSE Linux Enterprise Server for Arm is tested with a broad set of Arm System-on-a-Chip (SoC) processors, enabling enterprise-class security and greater reliability. And with your choice of Standard or Premium Support subscriptions you can get the latest security patches and fixes, and spend less time on problem resolution as compared to maintaining your own Linux distribution.

• Are you ready for the world’s first Multimodal Operating System

  Today, SUSE releases SUSE Linux Enterprise 15 Service Pack 1, marking the one-year anniversary since we launched the world’s first multimodal OS. SUSE Linux Enterprise 15 SP1 advances the multimodal OS model by enhancing the core tenets of common code base, modularity and community development while hardening business-critical attributes such as data security, reduced downtime and optimized workloads.

• The future of OpenStack?

  Before we can answer these questions, let’s take a look at its past to give some context. Since its original release in 2010 as a joint venture by Rackspace and NASA, and its subsequent spin-off into a separate open source foundation in 2012, OpenStack has seen growth and hype that was almost unparalleled. I was fortunate enough to attend the Paris OpenStack Summit in 2014, where Mark Collier was famously driven onto stage for a keynote in one of the BMW electric sports cars. The event was huge and was packed with attendees and sponsors – almost every large technology company you can think of was there. Marketing budget had clearly been splurged in a big way on this event with lots of pizazz and fancy swag to be had from the various vendor booths. Cycle forward 4 years to the next OpenStack Summit I attended – Vancouver in May 2018. This was a very different affair – most of the tech behemoths were no longer sponsoring, and while there were some nice pieces of swag for attendees to take home, it was clear that marketing budgets had been reduced as the hype had decreased. There were less attendees, less expensive giveaways, but that ever-present buzz of open source collaboration that has always been a part of OpenStack was still there. Users were still sharing their stories, and developers and engineers were sharing their learnings with each other, just on a slightly smaller scale.

• SUSE Academic Program to be present at 2019 UCISA SSG Conference

  Engaging with the community has always been important for SUSE and this is no different for our Academic Program. That is why next week, the SUSE Academic Program is excited to attend and participate in a three day event hosted by one of the most respected networks in UK education.

Glen Barber: Statement regarding employment change and roles in the [FreeBSD] Project

Dear FreeBSD community:

As I have a highly-visible role within the community, I want to share
some news.  I have decided the time has come to move on from my role
with the FreeBSD Foundation, this Friday being my last day.  I have
accepted a position within a prominent company that uses and produces
products based on FreeBSD.

My new employer has included provisions within my job description that
allow me to continue supporting the FreeBSD Project in my current
roles, including Release Engineering.

There are no planned immediate changes with how this pertains to my
roles within the Project and the various teams of which I am a member.

FreeBSD 11.3 and 12.1 will continue as previously scheduled, with no
impact as a result of this change.

I want to thank everyone at the FreeBSD Foundation for providing the
opportunity to serve the FreeBSD Project in my various roles, and their
support for my decision.

I look forward to continue supporting the FreeBSD Project in my various
roles moving forward.

Glen