Language Selection

English French German Italian Portuguese Spanish

The (bad) deal with freebsd-update(8)

Filed under
BSD

The binary patches are quite a mysterious issue in FreeBSD, no matter freebsd-update( 8 ) is around since about 2005, and since FreeBSD 6.3-RELEASE it reached a new level of power. As I have had quarrels with FreeBSD aficionados on the issue of binary patches in FreeBSD, I thought I should clear a bit the mess.

Not only proprietary or closed-source operating systems come with binary security updates, but each and every Linux distribution which is supported by the issuer is provided with patched binaries when a security issue is identified and a solution is found. Unless you're running a source distribution (LFS, Gentoo, etc.), why would you prefer to build yourself from sources a patched binary, when an officially patched package can be made available? This one, the new package is only build once, not millions of times!

All the BSD flavors favor the source patches. When a security advisory is issued, you're supposed to apply the source patch and to rebuild the corresponding binary. Most people never considered this process as a bothersome one, as in real life, there is another issue taking even more time: rebuilding the vulnerable ports (when updated packages are not available).

More Here




More in Tux Machines

Firefox 57 coming soon: a Quantum leap

Over the past year, Mozilla has been working on a series of major changes to the Firefox browser, mainly for performance and security. These changes are referred to as Project Quantum. Some improvements arrived already with no major differences for its users. Last month the major changes landed in the developer channel. These changes mark a major deadline for how extensions work. This deadline gave third party developers a chance to look at their extensions and make changes to remain compatible. It was an important milestone date for the various Firefox add-ons. Firefox 57 marks an end to the legacy XUL based extensions. Starting with version 57, Firefox supports only a new type of extension, named WebExtension. Read more

3 Tools to Help You Remember Linux Commands

The Linux desktop has come a very long way from its humble beginnings. Back in my early days of using Linux, knowledge of the command line was essential—even for the desktop. That’s no longer true. Many users might never touch the command line. For Linux system administrators, however, that’s not the case. In fact, for any Linux admin (be it server or desktop), the command line is a requirement. From managing networks, to security, to application and server settings—there’s nothing like the power of the good ol’ command line. But, the thing is… there are a lot of commands to be found on a Linux system. Consider /usr/bin alone and you’ll find quite a lot of commands (you can issue ls /usr/bin/ | wc -l to find out exactly how many you have). Of course, these aren’t all user-facing executables, but it gives you a good idea of the scope of Linux commands. On my Elementary OS system, there are 2029 executables within /usr/bin. Even though I will use only a fraction of those commands, how am I supposed to remember even that amount? Read more

How Eclipse is advancing IoT development

Eclipse may not be the first open source organization that pops to mind when thinking about Internet of Things (IoT) projects. After all, the foundation has been around since 2001, long before IoT was a household word, supporting a community for commercially viable open source software development. September's Eclipse IoT Day, held in conjunction with RedMonk's ThingMonk 2017 event, emphasized the big role Eclipse is taking in IoT development. It currently hosts 28 projects that touch a wide range of IoT needs and projects. While at the conference, I talked with Ian Skerritt, who heads marketing for Eclipse, about Eclipse's IoT projects and how Eclipse thinks about IoT more broadly. Read more

Effective Strategies for Recruiting Open Source Developers

Experienced open source developers are in short supply. To attract top talent, companies often have to do more than hire a recruiter or place an ad on a popular job site. However, if you are running an open source program at your organization, the program itself can be leveraged as a very effective recruiting tool. That is precisely where the new, free online guide Recruiting Open Source Developers comes in. It can help any organization in recruiting developers, or building internal talent, through nurturing an open source culture, contributing to open source communities, and showcasing the utility of new open source projects. Why does your organization need a recruiting strategy? One reason is that the growing shortage of skilled developers is well documented. According to a recent Cloud Foundry report, there are a quarter-million job openings for software developers in the U.S. alone and half a million unfilled jobs that require tech skills. They’re also forecasting the number of unfillable developer jobs to reach one million within the next decade. Read more