Linus Torvalds pulls pin, tosses in grenade: x86 won, forget about Arm in server CPUs, says Linux kernel supremo

Linux kernel king Linus Torvalds this week dismissed cross-platform efforts to support his contention that Arm-compatible processors will never dominate the server market. Responding to interest in Arm's announcement of its data center-oriented Neoverse N1 and E1 CPU cores on Wednesday, and a jibe about his affinity for native x86 development, Torvalds almost abandoned his commitment to civil discourse while doing his best to dampen enthusiasm for a world of heterogeneous hardware harmony. "Some people think that 'the cloud' means that the instruction set doesn't matter," Torvalds said in a forum post. "Develop at home, deploy in the cloud. That's bullshit. If you develop on x86, then you're going to want to deploy on x86, because you'll be able to run what you test 'at home' (and by 'at home' I don't mean literally in your home, but in your work environment)."

Linus on why x86 won for servers

Responding to a forum post on upcoming ARM server offerings, Linus Torvalds makes a compelling case for why Linux and x86 completely overwhelmed commercial Unix and RISC...

ARM announces Ares

I can pretty much guarantee that as long as everybody does cross-development, the platform won't be all that stable. Or successful. Some people think that "the cloud" means that the instruction set doesn't matter. Develop at home, deploy in the cloud. That's bullshit. If you develop on x86, then you're going to want to deploy on x86, because you'll be able to run what you test "at home" (and by "at home" I don't mean literally in your home, but in your work environment). Which means that you'll happily pay a bit more for x86 cloud hosting, simply because it matches what you can test on your own local setup, and the errors you get will translate better. This is true even if what you mostly do is something ostensibly cross-platform like just run perl scripts or whatever. Simply because you'll want to have as similar an environment as possible, Which in turn means that cloud providers will end up making more money from their x86 side, which means that they'll prioritize it, and any ARM offerings will be secondary and probably relegated to the mindless dregs (maybe front-end, maybe just static html, that kind of stuff). Guys, do you really not understand why x86 took over the server market?

Redis Labs drops Commons Clause for a new license

Redis Labs is dropping its Commons Clause license in favor of its new "available-source" license: Redis Source Available License (RSAL). This is not an open-source license. Redis Labs had used Commons Clause on top of the open-source Apache License to protect its rights to modules added to its 3-Clause-BSD-licensed Redis, the popular open-source in-memory data structure store. But, as Manish Gupta, Redis Labs' CMO, explained, "It didn't work. Confusion reigned over whether or not the modules were open source. They're not open-source." So, although it hadn't wanted to create a new license, that's what Redis Labs ended up doing. RSAL covers some Redis Modules, which run on top of open-source Redis. The current modules covered by RSAL are: RedisSearch, RedisGraph, RedisJSON, RedisML, and RedisBloom. Redis remains under the BSD license.

Redis Labs changes its open-source license — again

Redis Labs, fresh off its latest funding round, today announced a change to how it licenses its Redis Modules. This may not sound like a big deal, but in the world of open-source projects, licensing is currently a big issue. That’s because organizations like Redis, MongoDB, Confluent and others have recently introduced new licenses that make it harder for their competitors to take their products and sell them as rebranded services without contributing back to the community (and most of these companies point directly at AWS as the main offender here). “Some cloud providers have repeatedly taken advantage of successful opensource projects, without significant contributions to their communities,” the Redis Labs team writes today. “They repackage software that was not developed by them into competitive, proprietary service offerings and use their business leverage to reap substantial revenues from these open source projects.”

Redis Labs Changing Its Licensing for Redis Modules Again, Raspberry Pi Rolling Out the Linux 4.19 Kernel, Windows Subsystem for Linux Updates Coming, Facebook Removing Its Spyware Onavo VPN from the Google Store and openSUSE Leap 15.1 Beta Pizza Party

Redis Labs has changed its licensing for Redis Modules again. According to TechCrunch, the new license is called the Redis Source Available license, and as with the previous Commons Clause license, applies only to certain Redis Modules created by Redis Labs. With this license, "Users can still get the code, modify it and integrate it into their applications—but that application can't be a database product, caching engine, stream processing engine, search engine, indexing engine or ML/DL/AI serving engine." The TechCrunch post notes that by definition, an open-source license can't enforce limitations, so this new license technically isn't open source. It is, however, similar to other "permissive open-source licenses", which "shouldn't really affect most developers who use the company's modules".

Swim Open Sources Its Machine Learning Platform for Edge Computing [Ed: "Taking the "open core" route" means proprietary software or 'free' bait, so this headline is a tad misleading to say the least]

Taking the "open core" route, the startup wants the open source community to take its platform in more directions than it's been able to so far.

Major 9.8 vulnerability affects multiple Linux kernels— CVE-2019-8912 (af_alg_release())

Our assessment is that the cause is this commit, the introduction of a "sockfs_setattr()" function. This function neglects to null-out values in a structure, making their values usable after exiting from the function (a so-called ‘use-after-free’ error).

Linux use-after-free vulnerability found in Linux 2.6 through 4.20.11

Last week, a Huawei engineer reported a vulnerability present in the early Linux 2.6 kernels through version 4.20.11. The Kernel Address Sanitizer (KASAN) that detects dynamic memory errors within the Linux kernel code was used to uncover the use-after-free vulnerability which was present since early Linux versions. The use-after-free issue was found in the networking subsystem’s sockfs code and could lead to arbitrary code execution as a result.

Taking Care of Your Personal Online Security (For Paranoids)

So, use Linux, and preferably coreboot or Libreboot (open source BIOS). You can buy hardware based on the recommendations of well-known and respected (still a bit paranoid) cypherpunk Richard Stallman.

Why do PAM projects fail? Tales from the trenches

Privileged accounts hold the keys to highly sensitive company information and once these credentials are targeted, they can easily lead to a breach of a company’s most valuable assets; from databases to social media and unstructured data. Most enterprises have implemented some form of Privileged Access Management (PAM), but many find these initiatives fail to live up to expectations. Below are some common reasons why a PAM project might fail to meet the initial expectations; coupled with practical insights on how to prevent it from becoming a dud.

Sailfish OS: Security and Data Privacy

Mobile World Congress is back again! Like every single year during the Jolla journey, we are excited to take part in this event. We have had great experiences in the past MWC’s, our main drivers for attending are the current and relevant topics discussed during the congress. One of this year’s core themes is Digital Trust; “Digital trust analyses the growing responsibilities required to create the right balance with consumers, governments and regulators.” It makes us happy that these topics are being discussed, especially since several scandals have recently affected trust in digital solutions. At Jolla we work constantly towards providing a secure and transparent solution. Our value towards our customer’s privacy is reflected in our values and actions. Back in May of 2018 our CEO Sami Pienimäki wrote a blog post on the GDPR laws passed within the European Union and stated the cornerstones on how Jolla views data privacy. This stand on privacy is not rocket science – the core idea is to respect our customers’ privacy and allow them to be in control of their data.

Security updates for Friday

Which is More Secure: Windows, Linux, or macOS? [Ed: security is not an OS feature but a separate product, insists company that sells "security" as a proprietar ysoftware product]

BATTLETECH is having a free weekend on Steam, plus a look at other good Linux game deals

The weekend is about to crash into our lives once again, you're sat staring at your screen wondering what to play and we're here to help. First up, BATTLETECH is having a free weekend so you have around 1 day and 22 hours to download it on Steam and try it out for free. If you decide you like it, there's 40% off the price right now too. Steam also has a Square Enix sale going on, where you can grab a number of interesting titles for super cheap including Life is Strange, Life is Strange: Before the Storm, Rise of the Tomb Raider and more.

Tesla vs Lovecraft, another good top-down shooter from 10tons is now available on GOG

GOG have another good Linux game now available, with Tesla vs Lovecraft from 10tons now up on their DRM-Free digital shelves.

Planetary Annihilation: TITANS has a new test build out, improved AI and Coherent UI update

Planetary Annihilation Inc continue to make big improvements to Planetary Annihilation: TITANS, the massive-scale RTS that has Linux support.

Rise of Industry has another huge update, full release date announced

I was very impressed with Rise of Industry last time I took a look at this strategic tycoon game from Dapper Penguin Studios. They have another big update out along with an announcement about leaving Early Access. First, to get the biggest news out of the way, it's going to leave Early Access on May 2nd. Just before that, there's going to be another huge update which will add in AI competition.

Space Rabbits in Space, a 2d skill-based parkour platformer will be coming to Linux

Ventilator Shark's great looking parkour platformer, Space Rabbits in Space will be coming to Linux. I spoke directly to the developer, who (slightly amusingly) said "There will be a Linux version, we just don't have ETA on that yet (2 people, 1 dog, exhausted to heck [we are, the dog is fine])".

The Talos Principle has a new beta with an upgraded Serious Engine, removes OpenGL in favour of Vulkan

The Talos Principle, Croteam's fantastic first-person puzzle game has a fresh beta available to test with some major changes. It includes massive changes under the hood, including a much more up to date version of their Serious Engine. This brings with it 64bit by default, OpenGL removed in favour of Vulkan along with "various other optimizations, fixes, and tweaks that will make your gameplay experience better without you knowing why that is". I did a few benchmarks this morning just to see how it's working now and unsurprisingly the Linux version remains incredibly smooth. With the performance options cranked to Ultra, rendering at 1080p and MSAA x4 on it was hitting an average of 112 FPS.

Undead Horde, the latest action game from 10tons is to enter Early Access next month

10tons, who are well known for their top-down shooters are unleashing their latest title 'Undead Horde' in Early Access on March 6th.