Category Archives: Stiri iT & C

Newcomer EndeavourOS Offers a Friendlier Arch Linux Experience | Reviews

By Jack M. Germain

Aug 8, 2019 5:00 AM PT

Newcomer EndeavourOS Offers a Friendlier Arch Linux Experience

Good-bye Antergos Linux. Welcome to the Arch neighborhood, EndeavourOS. Here’s hoping that you are well received!

That may seem like a strange way to begin this week’s Linux review discussion. After all, Linux distributions come and go far too often. However, the handoff from Antergos to EndeavourOS is significant.

EndeavourOS rolled out its first stable release on July 15. It is a new Arch-based Linux distro that picks up where Antergos left off, in terms of seeking an easy-to-use online installer and modern user-friendlier Arch environment.

Antergos, a popular distro among Arch enthusiasts, shut down in May when its developer team members declared they no longer had time for it. Distros coming and going is an all-too-familiar story in LinuxLand — but it is also the saga that keeps the Linux community thriving with fresh open source participants.

Bryan Poerwoatmodjo (Bryanpwo), project leader and founder of EndeavourOS, was the Antergos community forum moderator. His goal for the new distro — which is not an Antergos clone — is to make the terminal an integral part of the new OS while also providing a GUI for software installation as a small layer of convenience.

EndeavourOS promises something sorely needed. A key component of this new distro is a nontoxic community environment where users actually can get friendly technical help.

The need for a more supportive community is not limited to Arch Linux — other distros could benefit by following EndeavourOS’ lead.

Feature Prospects

EndeavourOS offers users interested in learning about Arch Linux a mixed bag of opportunities. Arch Linux distros tend to be challenging. The EndeavourOS community wants to make Arch a little less so.

EndeavourOS comes with a fairly nice set of system tools menus

EndeavourOS comes with a fairly nice set of system tools. Other menu categories are a few applications, leaving you the choice of what to add to your computing platform.

Still, the new distro comes with a learning curve. Just because the developers state that they want to make this new distro user-friendly does not mean you can jump right in and find a simple-to-use system waiting for you. Arch ain’t like that!

This first stable release comes with a lightly themed Xfce Desktop environment. It also packs some subtle encouragement to use Arch’s Pacman app for package management needs.

No graphical package manager is included by default. Instead, EndeavourOS uses the familiar Calamares installer to automate the normally complex and command line-based Arch installation process.

There is much more that makes EndeavourOS a good follow-up to Antergos Linux, but before I go any further into telling you what the developers want to do differently, let’s reminisce about the things that stand out about Antergos that might make choosing a replacement upsetting for its orphaned adopters.

Antergos Obituary

Antergos was one of the better Arch Linux options. It was a powerful and modern computing platform that was designed elegantly and brought power users almost all they could desire.

Antergos had a significant history. It was initially the Cinnarch distro, until 2013 when it morphed into Antergos.

One of the biggest challenges in getting started with any Arch distro is surviving the installation. Requiring manual installation routines that rely on a command-line process is the Arch Linux norm. Other Arch-based distros use a combination of scripts to semi-automate the installation routine.

A secondary challenge with Arch-based distros is the software management process. Arch newcomers who get beyond these two factors gain a solid-performing Linux desktop with more layers of security, and a computing system with little or no software bloat.

Common Ground for Something Better

A popular alternative to Antergos was
Manjaro Linux. According to Linux folklore, many users adopt Manjaro because it is designed a bit differently than other Arch-based options.

Antergos provided a less frustrating user experience through the installation process. The support options and easy-to-use desktops made Antergos Linux a good fit for most users from that point forward.

Another thing that can trip up users with Arch-based distros is how to start the installation. Most Arch-based ISOs are for direct installation. Typically, Arch distros do not have fully functional live session environments. Those that do require you to exit the live session environment to start the install process externally.

You will not find a live session environment with EndeavourOS, but the distro’s dev team eases the installation pain nonetheless.

The Scoop On EndeavourOS

The Arch software philosophy mostly toes the line, but EndeavourOS is not a strict follower of the entire line. The developers keep the golden Linux and Arch prime directive of freedom of choice in mind, however.

This new distro provides a basic installation process that lets you explore choices such as installing GUI apps like Pacman and software sandbox solutions like Flatpak or Snaps. It is up to the user what gets installed to make EndeavourOS work. Unlike other Arch-based distros, the main difference with this distro is the push to help users who have trouble.

EndeavourOS does not ship with an office suite, an email client or GUI installers like Octopi or Pacman by default. The developers intention in excluding those packages/apps is not to be elitist or Arch purists.

Rather, doing it yourself with the terminal gives you a better understanding of what Pacman or Arch is all about, according to the Wiki on the new distro. In fact, that notion reinforces the basic Arch design philosophy.

Despite that reasoning, the distro includes the yay app by default. Yay is “Yet Another Yogurt,” a common name game for Arch-based packaging tools.

Put simply, Yay is an Arch User Repository, or AUR — a helper for managing packages on Arch Linux. That is a finger in the eye as far as Arch purists are concerned.

Desktop Maven

EndeavourOS ships with the Xfce desktop, but the distro is not limited to Xfce. Again, this is Arch World, so you have choices galore.

Not yet ready is an online installer tool to provide nine more desktop environments: Base, i3-wm, Openbox, Mate, KDE, Cinnamon, Gnome, Deepin and Budgie. Meanwhile, you can install your choice of desktops using the command line.

EndeavourOS Xfce desktop

The default Xfce desktop is a classic Linux layout. Once you install EndeavourOS, you can install one of the other nine desktop environments to replace Xfce.

Again, welcome to Arch. Learn to do the Linux basic things with the keyboard, not the mouse. These commands are fairly straightforward.

Find the
commands here. This link takes you to a basic EndeavourOS wiki manual that the developers plan to grow as the distro

Fear No Command-Line Evil

Do not fear the need to use the command line in EndeavourOS. If you are going to use an Arch-based Linux distro, you need to get well acquainted with it. Arch distros rely on the terminal window more than other Linux distro families.

See a
list here of the basic Pacman terminal commands to maintain the EndeavourOS system. That will get you started.

Or just click on the Wiki tab on the top of the developer’s website.

Download and Install

Click the Download tab on the EndeavourOS website for a direct link to the distro’s repository. You also can find links there to torrent download locations and other software centers.

The best place to go for the installation ISO is
Sourceforge if you are downloading from outside Europe.

Another fast
direct download spot is GitHub: direct download, mostly fast.

Either way, you are looking for a file named “endeavouros-2019.07.15-x86_64.iso,” which is 1.4 GB. The file takes about three minutes to download, depending on your source.

I did not find the installation to be difficult. The credit for that is not due to my skill set. The credit goes to the Calamares installer.

EndeavourOS Calamares installer

EndeavourOS uses the Calamares installer. This simplifies the process and replaces having to use the command line manual method.

Many Arch-based distros still rely fully on the manual installation. Calamares automates most of the installation routines.

Even with Calarames, though, the main stumbling block for novice users will be the fourth step in the process — hard drive partitions.

Calamares creates a graphical look and click approach. It provides options — but you still need to know what the options mean. If that is a potential problem for you, search the Internet for helpful videos.

Bottom Line

EndeavourOS has a lot of potential. It is an impressive addition to the shortlist of distros that want to make using Arch a more rewarding experience.

For a Linux distro built around one of the more challenging Linux families, EndeavourOS is a stable, solid performer with few, if any, noticeable quirks. That shouts volumes, given the relative youth of the first stable release following beta development.

EndeavourOS is not an easy choice for Linux users with no hands-on experience with the Arch Linux ecosystem. Despite its newness, though, it is a better Arch Linux choice than other Arch variants.

It is a great choice for those willing to roll up their sleeves and learn Arch Linux’s inner workings. Hopefully, EndeavourOS succeeds in making the Arch-based neighborhood a more inviting place for new users and seasoned Arch users as well.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Source link

Microsoft, OpenAI Shoot for the Stars | Emerging Tech

Microsoft wants to empower its Azure cloud computing service with yet-to-exist artificial general intelligence (AGI) technologies to create new goals for supercomputing.

Microsoft on Monday announced a US$1B investment through a partnership with
OpenAI to build new AI technologies. The two companies hope to extend Microsoft Azure’s capabilities in large-scale AI systems.

Microsoft and OpenAI want to accelerate breakthroughs in AI and power OpenAI’s efforts to create artificial general intelligence. The resulting enhancements to Microsoft’s Azure platform will help developers build the next generation of AI applications.

The partnership was motivated in part by OpenAI’s pursuit of enormous computational power. Based on a recently released analysis, the amount of compute used in the largest AI training runs grew by more than 300,000 times from 2012 to 2018, with a 3.5-month doubling time, far exceeding the pace of Moore’s Law, according to OpenAI cofounder Greg Brockman.

“We chose Microsoft as our cloud partner because we’re excited about Azure’s supercomputing roadmap. We believe we can work with Microsoft to develop a hardware and software platform within Microsoft Azure which will scale to AGI,” he told TechNewsWorld.

“The partnership will allow OpenAI to significantly increase the amount of compute it uses for training neural networks,” he noted.

Microsoft and OpenAI also are very aligned in their values, Brockman said. Both firms believe the technology should be used to empower everyone, and be deployed in a trustworthy way that is safe and secure.

“OpenAI believes they can work with Microsoft to develop hardware and software platform within Microsoft Azure which will scale to AGI,” a Microsoft spokesperson said in comments provided to TechNewsWorld by company rep Joel Gunderson.

What the Deal Delivers

Microsoft and OpenAI will collaborate on new Azure AI supercomputing technologies. OpenAI will port its services to run on Microsoft Azure.

OpenAI will use the Azure platform to create new AI technologies. OpenAI will license some of its technologies to Microsoft, which will commercialize them and sell them to as-yet-unnamed partners. It’s hoped that the result will deliver on the promise of artificial general intelligence.

Microsoft will become OpenAI’s preferred partner for commercializing new AI technologies. OpenAI will enter into an exclusivity agreement with Microsoft to extend large-scale AI capabilities.

Both companies will focus on building a computational platform of unprecedented scale on the Azure cloud platform. They will train and run increasingly advanced AI models, including hardware technologies that build on Microsoft’s supercomputing technology.

The development teams will adhere to the companies’ shared principles concerning ethics and trust. This focus will create the foundation for advancements in AI to be implemented in a safe, secure and trustworthy way, and it is a critical reason the companies chose to partner.

AGI a Work in Progress

Innovative applications of deep neural networks coupled with increasing computational power have led to AI breakthroughs over the past decade. That progress occurred in areas such as vision, speech, language processing, translation, robotic control and even gaming, according to Microsoft.

Modern AI systems work well for the specific problems they have been trained to address. However, building systems that can tackle some of the biggest challenges facing the world today requires generalization and deep mastery of multiple AI technologies.

OpenAI and Microsoft’s vision is for artificial general intelligence to work with people to help solve currently intractable multidisciplinary problems, including global challenges such as climate change, personalized healthcare and education.

“This is truly going to help Microsoft. It has more technology in its marketplace to allow the rapid ascension of tools in the business workplace,” noted Chris Carter, CEO of

Combining these two entities to support the growth that is needed is “an absolute game-changer,” he told TechNewsWorld.

Chasing Computing Dragons?

A larger neural network is a more capable neural network, according to Brockman. Making larger systems will allow the two companies to solve more difficult problems going forward.

“We plan to keep doing this until we reach AGI,” he said.

The resulting enhancements to the Azure platform will help developers build the next generation of AI applications.

“The creation of AGI will be the most important technological development in human history, with the potential to shape the trajectory of humanity,” said Sam Altman, CEO of OpenAI.

It must be deployed “safely and securely with its economic benefits widely distributed,” he added.

“AI is one of the most transformative technologies of our time,” noted Microsoft’s CEO, Satya Nadella, with the “potential to help solve many of our world’s most pressing challenges.”

Grabbing for Powerful Straws

The most likely results of this partnership are that AI technology will grow faster and be utilized in more enterprise and business spaces. This partnership will enable the rapid indoctrination of AI technologies in the workplace, according to Approyo’s Carter.

“This will allow businesses to flourish. Individual workers will boost their productivity. They will also be able to support themselves on a day-to-day basis with technology rather than to be hindered by it,” he explained.

The partnership could hinder development of Cloud AI technologies, though, because Microsoft is prioritizing OpenAI over other emerging AI technologies that might be better, suggested Marty Puranik, CEO of

If the AI technologies are kept proprietary or work best only on Microsoft Azure, it will lead to Azure platform lock-in, he said.

“Many developers may develop services that use this technology, thereby forcing all their customers to use Microsoft. Microsoft historically has a huge advantage when it comes to enterprise development work, so this could be seen as a way they are trying to cement the position they had in enterprise software into the cloud,” he told TechNewsWorld.

It boils down to Microsoft trying to leverage new technologies, like AI, to be a leader in the cloud, Purani, maintained, similar to when Microsoft would make minority investments and take seats on the boards of hot companies a long time ago.

Ultimately, from Microsoft’s point of view, it would be ideal to have extensions for OpenAI that either would be exclusive or work best on Microsoft’s platform, similar to the “embrace and extend” ideas once applied to APIs, said Puranik.

Win-Win for Both

Microsoft is all about collaboration and open source since Satya Nadella took the reins. He recognizes that AI is the latest and greatest arms race, observed Rob Enderle, principal analyst at the Enderle Group.

“As a result, they are embracing Open AI to increase the speed of development for their projects largely with an IT focus,” he told TechNewsWorld.

Both partners in this deal can learn and benefit from this effort, which is collaborative by design. Participating allows not only earlier access to the result but also a deeper understanding of it, Enderle said.

A Large Promise to Fulfill

In promising to deliver on artificial general intelligence’s potential, the two companies are not dreaming small, noted Arle Lommel, senior analyst for
CSA Research, but that dream may be a reach too far.

“They intend to solve something that nobody has solved yet and that we aren’t remotely close to solving today,” he told TechNewsWorld, “but beyond that, accomplishing that will mean ‘solving’ language as well.”

That means having computers really understand language and use it on par with humans. Despite press release claims about getting near-human quality, that goal is as far beyond present capabilities as a moon landing is beyond a Roman chariot, Lommel quipped.

“That said, I suspect they will get much further along with machine vision, categorization, diagnostics, etc.,” he said. “In other words, I expect this could result in improved versions of what AI already does well. But unless there is some fundamentally different secret sauce, I don’t expect that it will ‘solve’ language and human intelligence.”

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Source link

Social Media, Crafters, Gamers and the Online Censorship Debate | Social Networking

Ravelry, an online knitting community that has more than
8 million members, last month announced that it would ban forum posts,
projects, patterns and even profiles from users who supported President
Trump or his administration.

“We cannot provide a space that is inclusive of all and also allow
support for open white supremacy,” the administrators of Ravelry
posted on the site on June 23.

“Support of the Trump administration is undeniably support for white
supremacy,” the post added.

The administrators have maintained that they aren’t endorsing
Democrats or banning Republicans. Users who do support the
administration have been told they can still participate — they just can’t voice their support on Ravelry.

Ravelry’s move was met with both an outpouring
of support from those who opposed the administration’s policies and condemnation from those who support the president.

Ravelry is not the first online community to issue such an ultimatum
to users. The roleplaying game portal RPGnet last fall issued a
decree that support for President Trump would be banned on its forums.

“Support for elected hate groups aren’t welcome here,” the
administrators posted. “We can’t save the world, but we can protect
and care for the small patch that is this board.”

Is It Censorship?

The banning of conservative groups hasn’t been limited to Ravelry or
RPGnet. Facebook last fall announced that it had
purged more than 800 U.S. accounts that it identified as flooding users with politically oriented spam.

However, some conservatives — including Sen. Ted Cruz, R-Texas — have argued that Facebook has unfairly targeted those expressing conservative opinions. Cruz this spring raised his concerns with representatives from Facebook and Twitter during the Senate Judiciary Subcommittee on Constitution’s hearing, “Stifling Free Speech:
Technological Censorship and the Public Discourse.”

The threat of political censorship could be problematic due to the
lack of transparency Cruz noted during the April hearing.

“If Big Tech wants to be partisan political speakers it has that
right,” he said, “but it has no entitlement to a special immunity
from liability under Section 230 that The New York Times doesn’t enjoy, that The Washington Post doesn’t enjoy — that nobody else enjoys other than Big Tech.”

Understanding Section 230

Much of the debate revolves around Section 230 of the Communications
Decency Act of 1996, the common name for Title V of the
Telecommunications Act of 1996. As part of a landmark piece of
Internet legislation in the United States, it provides immunity from
liability for providers and users of an “interactive computer service”
that publishes information provided by third-party users.

The law basically says that those who host or republish speech are not
legally responsible for what others say and do. That includes not only
Internet service providers (ISPs) such as Comcast or Verizon, but also
any services that publish third-party content, which would include
the likes of Facebook and Ravelry.

One of Section 230’s authors, Sen. Ron Wyden, D-Ore., has
countered that the law was intended to make sure that companies could moderate their respective websites without fear of lawsuits.

Striking a Balance

The divide online is of course just a mirror of the deep political
divide in the U.S., and it is unlikely that legal wording
will do much to heal it. Battle lines have been drawn, and both sides
continue to dig in. The question is whether banning those with
differing opinions actually helps or hurts matters.

There is an argument that this is simply defusing controversy and
silencing the most extreme voices.

“It was once shared with me that intolerance of intolerance is
intolerance,” said Nathaniel Ivers, associate professor and
chairman of the department of counseling at
Wake Forest University.

“We often think of intolerance as an inherently negative thing;
however, there are instances in which communities, groups and
organizations are justified in establishing zero tolerance clauses for
certain behaviors and ideologies,” he told TechNewsWorld.

“The challenge, however, is that these clauses are innately rigid and
may at times exclude ideas, attitudes and behaviors that are
benign,” Ivers added.

Then there is the concern of whether this is an issue of censorship.
However, those who understand media law know that in the legal sense, censorship applies to the government and media. Private companies actually are within their rights to determine what is appropriate for their audiences.

In most cases users also agree to terms of use, and
violating those terms — which can include the posting of what is considered inappropriate content — can result in removal of content or
termination of membership to a group or site.

“Does Ravelry, have the right to censor?” pondered social media
consultant Lon Safko.

“Sure they do. It’s their site, and they can do anything they want
short of child pornography,” he told TechNewsWorld.

Extreme Decisions

Facebook’s and Ravelry’s decisions to ban some content have been based
on what each views as “extremist” in nature. This may reflect the deep divide in the nation, but is the action inappropriate?

“Generally speaking, social media companies — like other companies —
have significant leeway in running their business in the manner of
their choosing, as long as they do not violate applicable laws,” said
Robert Foehl, executive in residence for the business law and ethics
department at the
Ohio University Online Master of Business

“When making all kinds of business decisions, companies are
increasingly considering the impacts, both positive and negative, on
the various stakeholders of the company —
owners/investors/shareholders, for sure, but also other important
stakeholders, such as customers, employees, and communities/society,”
he told TechNewsWorld.

This is why Facebook last year began following the lead of eBay and
other online sites that have banned the sale of items of a
questionable nature. Among them are items of the Third Reich. While some legitimate collectors who see the historical value in such items have
voiced concern, Facebook’s decision was based in part on how they could be linked to extremist groups.

“Social media companies have long maintained content policies that
govern what is deemed acceptable content for their product and users
can freely choose whether they want to agree with those policies and
use the product, or disagree and not become a customer of the
company,” Foehl suggested.

“This trend signals a tipping point in the Internet’s 30-year history,
and in particular the data ecosystem it has brought forth with its
growing encroachment into people’s private lives,” added Chris Olson,
CEO of
The Media Trust.

“There is a fine line between hate speech and the right to free
speech,” Olson told TechNewsWorld. “As with all rights, there comes responsibility — like the
responsibility not to ruin people’s lives nor start a riot.”

Political Debate

A greater concern than whether personal opinions — even those that some
may find distasteful — are being silenced is what this means for the
political debate. Is one side, notably the conservative voice, being
cut out of the debate?

“Over the last few years, concerns about freedom of speech,
censorship, and social media’s role in political communication have
come to the forefront,” noted Ohio University’s Foehl.

“Given the pervasiveness and importance of social media platforms as a
means of communication and connection in today’s societies, these
concerns are timely and legitimate,” he added.

It is important not to inadvertently conflate issues, Foehl noted.

“It is important to remember that the constitutional right to freedom
of speech in the United States protects against inappropriate
restrictions on speech by state actors — in essence, the government
and related institutions,” he explained. “So, citizens are free to
express ideas through speech in the town square without governmental
interference. In the United States, social media companies are not
state actors; thus the freedom of speech protections afforded by the
Constitution do not apply to speech contained in their platforms.”

The Ethics Question

One question then is whether Facebook or other social media
companies — as well as firms like Ravelry and — actually have
acted unethically. That could depend in large part on their intentions
in disallowing certain content.

“If the intent is to remove content that could reasonably be seen to
cause harm to, or if the content does not respect the dignity or
autonomy of, individuals or a group of people, then it is very likely
that the company acted ethically when removing the content,” said

“On the other hand, if content was removed in order to attempt to
impose the ideology of the company’s executives, political or
otherwise, on others, then the content removal would be ethically
suspect,” he added.

“Of course, this is the rub — those whose content has been removed
many times feel it is because of ideological conflicts with the
content decision makers; and President Trump has been especially vocal
about his view that political bias is the basis for many content
decisions,” Foehl noted.

However, social media companies may not have overstepped any
existing authority, given their role in society today.

“Companies are not state actors, and they have the authority to develop
their products as they see fit, as long as they comply with applicable
laws,” emphasized Foehl.

“The development, implementation, and
enforcement of clearly communicated content guidelines are a [requirement]
of customer trust. Customers have the autonomy to decide whether they
want to do business with the company,” he added.

Equal Time and Fairness

Some conservatives could argue that they are being shut out of the
dialogue online, but there are precedents to consider. The first is the
equal time rule, which is specific to elections. It requires that U.S. radio and
television broadcast stations must provide an equivalent opportunity
to any opposing political candidates who request it.

However, that applies to elections and to the broadcast
medium, so those who suggest that Ravelry’s ban is a violation
misunderstand the law.

The other law is the FCC’s fairness doctrine, a policy introduced in
1949 that requires the holders of broadcast licenses to present both
sides of controversial issues. The FCC eliminated the policy in 1987 —
and that move may have been instrumental in leading to the proliferation of conservative
talk radio.

As the Internet is now maturing, this issue may need to be reconsidered.

“The government, industry and Internet public will have to agree to a
set of standards — all of which are still being hammered out and
tried,” said The Media Trust’s Olson.

“This industry attempt is merely the result of a larger set of
problems, like pointing fingers at outdated laws and regulations,
social media platforms, or people’s uncontrolled impulses,” he added.

“The solution lies in everyone working together in crafting better
governance policies that can be applied as a minimum around the
world,” said Olson. “With technology outpacing laws and norms, the
path forward is a rocky one until the base standards are hammered

Consequences of the Discourse

In the end this banning of conservatives — whether for
legitimate concerns or petty grievances — could fracture communities and ultimately be bad for business.

“Censorship is bad for Ravelry’s business,” said Safko.
“If they don’t allow pro-Trump, then as a business site, they should not allow anti-Trump or any political postings.”

Failure to do so could result in legislation and strict rules —
something that isn’t good for a free and open discussion of issues and
civil debate.

“A potential issue with rigid laws, policies, or regulations, is that
they can, over time, create a very homogeneous community,” said Wake
Forest University’s Ivers.

“In such communities, people may, for a time, feel more comfortable;
however, these groups also may become fertile ground for stereotypes
and xenophobia,” he warned.

“It is important to clarify that the social media sites like Ravelry
and RPGnet that have banned content related specifically to President
Trump have made the decision that he is inextricably linked to hate
speech — speech that attacks a person or group based on protected
characteristics such as race, religion, disability and sexual
orientation,” explained Foehl.

“They have not banned content based on where such content falls on the
political spectrum,” he added.

As a result, social media companies find themselves in a very difficult
situation when it comes to removing content.

“This situation is exacerbated by social media’s prevalence and
importance in the exchange of ideas in the modern world,” said

“The decision to remove content should not be taken lightly and must
pass ethical scrutiny,” he added. “Employing a sound and formal
governance structure that allows content removal decisions to be made
quickly — but not hastily — and independently [from company
executives] is advisable. The criteria for content removal should be
developed with a mind toward ensuring doing no harm and treating
others with respect and dignity, while allowing for the exercise of
personal autonomy.”

Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and
Email Peter.

Source link

Debian Linux 10 ‘Buster’ Places Stability Ahead of Excitement | Reviews

By Jack M. Germain

Jul 12, 2019 5:00 AM PT

Debian Linux 10 'Buster' Places Stability Ahead of Excitement

After 25 months of development, the makers of the granddaddy of the Linux OSes released an upgrade that updates many of the software packages and plays general catch-up with modern Linux trends.

Debian Linux 10 Buster, released July 9, is a boring upgrade. It does little to draw attention to its merits.

For serious Linux users, though, boring can be endearing. It reinforces Debian’s reliability and ultimate stability. Debian by design is more conservative in upgrading application packages and venturing into new technologies.

Debian 10 Buster Xfce desktop layout

Debian 10 Buster does the basics on a traditional Xfce desktop layout.

– click image to enlarge –

Debian is the foundation of dozens of offshoot Linux distros, but it lags behind other distros in pushing cutting-edge features.

For instance, Buster ships with Linux kernel 4.19, released last October. The latest version of the Linux kernel is version 5.1, which other Linux distros will include long before Debian 11 arrives.

Debian Linux is the base for Ubuntu, Linux Mint and countless other distros. It has been around since 1993. It is one of the first operating systems to use a Linux kernel.

Debian 10 Buster includes thousands of new software packages, a new display manager enabled by default, support for UEFI Secure Boot and many other changes.

Case in Point

I last reviewed a Debian Linux June 2013 when
Debian 7 Wheezy arrived. My first disappointment was that it did not have enough hardware support to recognize the Broadcom wireless in my not-so-old laptop.

That was a sore spot then and nixed any personal consideration for using it as my daily driver. That release was three years in the making.

I have not looked at a major Debian upgrade since then. Guess what?

I still have that now-aging laptop on my test bench. It was a high-end model when new. Even today it out-powers many of the economy models on store shelves.

Debian 10 still does not work with the Broadcom wireless. A number of my other test rigs, several of them much newer, also present the same dilemma.

Good With the Bad

Debian Buster has much going for it, nonetheless. Despite the conservative nature of the Debian community, the latest release has numerous positives.

A big trend in Linux land is developers dropping support for some older hardware technologies. Debian 10 continues to support a wide variety of chip architectures, including 32-bit and 64-bit x86, ARM and MIPS processors.

Buster supports 10. This extends the shelf life of aging legacy computers. Still supported are 64-bit PC; Intel EM64T; x86-64 (amd64) and 32-bit PC; and Intel IA-32 (i386) processors. The list includes 64-bit Motorola; IBM PowerPC (ppc64el); 64-bit IBM S/390 (s390x); and ARM, armel and armhf for older and more recent 32-bit hardware.

Also on the support list are arm64 for the 64-bit AArch64 architecture. For MIPS there’s support for mips and mipsel architectures for 32-bit hardware, and mips64el architecture for 64-bit little-endian hardware.

Buster also supports devices with Allwinner processors. That hardware includes Olimex and Pine64 single-board computers and laptops from FriendlyARM, which makes the NanoPi line of devices.

Software Titles Make Upgrade

Debian Linux is not known for pushing the latest versions of popular applications into its repositories. Buster tries to improve that score with some essential titles.

The developers claim that more than 62 percent of all software packages in Buster are updated from the previous release. However, that does not mean the upgrades are the newest versions. Some are just newer.

More than 59,000 other ready-to-use software packages are available from the Debian repository, which are built from nearly 29,000 source packages, according to the developers.

Compared to other Linux family software stores, Debian Linux tends to be smaller and less up-to-date. That is not necessarily a bad thing, especially if you crave safety and stability from well-worn, proven code.

Debian tends to prefer skimpy over shoddy. Fewer things break if devs shy away from cutting-edge versions. Debian Linux prefers stability over cutting-edge features.

To that end, Debian Linux releases fall into three categories: a stable version, an unstable version and a testing version.

Why Use Buster?

Reliability from stability is a starting point for choosing Buster. A second reason is better security, partly from being a few steps away from cutting-edge.

Debian 10 has a special focus on security. AppArmor, a mandatory access control framework for restricting programs’ capabilities, is installed and enabled by default. The UEFI (Unified Extensible Firmware Interface) support continues to be greatly improved in Debian 10 Buster as well.

Secure Boot support is included in this release for amd64, i386 and arm64 architectures. It should work out of the box on most Secure Boot-enabled machines, according to developers. Users should not need to disable Secure Boot support in the firmware configuration.

Another reason for using Debian 10 is the added convenience from driverless printing. Common UNIX Printing System (CUPS) and cups-filters packages are installed by default in Debian 10 Buster.

This gives you everything needed to take advantage of driverless printing. Network print queues and IPP printers automatically set up and manage the process. You can forget about the hassle of using non-free vendor printing drivers and plugins.

What You Get

Buster 10 defaults to the Wayland display server instead of Xorg. Wayland, with its simpler and more modern design, has security advantages. Yet the Xorg display server remains installed by default. The default display manager lets you choose Xorg as the display server for the next session.

Debian 10 Buster ships with seven major desktop applications and environments. The choices — Cinnamon 3.8, GNOME 3.30, KDE Plasma 5.14, LXDE 0.99.2, LXQt 0.14, MATE 1.20 and Xfce 4.12 — reinforce the notion that Debian maintains the traditional Linux OS model.

Debian 10 GNOME 3.30 display

A pure GNOME 3.30 display makes Debian 10 a comfortable computing experience.

– click image to enlarge –

LXQt is perhaps the newest “old school Linux desktop” in the mix. Cinnamon, developed by Linux Mint devs, is the newest well-established desktop option. Still, its version number is what you would expect from Debian: several release versions behind.

The other available desktop options are in line with the Debian philosophy of putting reliability and nothing cutting-edge into the OS. That approach is likely to appeal to veteran Linux users, but it also gives Linux newbies the assurance of dependability and ease-of-use processes.

Testing Familiarity

If you are a regular Linux Picks and Pans reader, you no doubt know that I have a preference for the Cinnamon desktop. Its plethora of features and productivity tools are concentrated on the panel.

That affinity used to extend to the Linux Mint distro that developed the Cinnamon desktop as well. Linux Mint is based on Ubuntu, which is based on Debian Linux.

My growing dissatisfaction with Linux Mint performance prompted my quest for other distros that offer the Cinnamon desktop. My test list includes even the Linux Mint Debian Edition (LMDE).

So it made sense to see how well the Debian Buster Cinnamon edition performs. Space does not permit a rundown on all seven desktop options. Rather, the scope of this Debian 10 buster review is to highlight how this latest Debian release fits into the overall Linux landscape as one of the oldest distros.

That said, Debian Buster in concert with the Cinnamon desktop showed solid worth as a longtime Linux performer. Of course, that assessment is tempered by the drawbacks detailed above.

Debian 10 Cinnamon 3.8 desktop

The latest Debian release includes an unadulterated integration of the Cinnamon 3.8 desktop.

– click image to enlarge –

The balancing act between software upgrades and maintaining stability, plus the wireless connectivity fail, hold this Debian upgrade back from qualifying as a must-have computing platform for all users.

Bottom Line

If you are relatively new to using Linux, Debian’s design decisions will not pose obstacles to using it. If you insist on speedier application updates, you might spend excessive time grabbing newer versions from .deb repositories that are outside Buster’s reach.

Get Debian 10 Buster ISO downloads

You will have plenty of time to resolve those issues. The developers have a long slog to the release of Debian 11, aka “Bullseye.”

I can only hope that the next Debian upgrade comes a lot closer to hitting an improved bull’s-eye that is less boring.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Source link

The Router’s Obstacle-Strewn Route to Home IoT Security | Software

It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of Internet of Things security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device.

IoT device owners aren’t the only ones fed up, though. Right behind them is Eldridge Alexander, manager of Duo Labs at
Duo Security. Even better, he has a plan, and the experience to lend it some credibility.

Before assuming his current role at Duo Security, Alexander held various IT posts at Google and Cloudflare. For him, the through-line that ties together his past and present IT work is the security gains that accrue from aligning all of a network’s security controls with the principle of zero-trust.

“I’ve basically been living and breathing zero-trust for the last several years,” Alexander told LinuxInsider.

Simply put, “zero-trust” is the idea that to the furthest extent possible, devices should not be trusted to be secure, and they should be treated as such. There are many ways zero-trust can manifest, as it is not so much a singular technique as a guiding principle, but the idea is to leave yourself as invulnerable to the compromise of any one device as possible.

A recurring theme among his past few employers, this understandably has left its mark on Alexander, to the point where it positively permeates his plan for IoT security on home networks. His zeal for zero-trust comes to home networks at just the right time.

Although consumer IoT adoption
has been accelerating, zero-trust has yet to factor into most consumer networking tech, Alexander observed, and we’re getting to the point where we can’t afford for it not to.

“Investigating not really new threats but increased amount of threats in IoT and home networks, I’ve been really interested in seeing how we could apply some of these very enterprise-focused principles and philosophies to home networks,” he noted.

Network Segmentation

In Alexander’s home IoT security schema, which he unveiled at Chicago’s THOTCON hacking conference this spring, zero-trust chiefly takes the form of network segmentation, a practice which enterprise networks long have relied on.

In particular, he advocates for router manufacturers to provide a way for home users to create two separate SSIDs (one for each segment) either automatically or with a simple user-driven GUI, akin to the one already included for basic network provisioning (think your Web GUI).

One would be the exclusive host for desktop and mobile end-user devices, while the other would contain only the home’s IoT devices, and never the twain shall meet.

Critically, Alexander’s solution largely bypasses the IoT manufacturers themselves, which is by design. It’s not because IoT manufacturers should be exempted from improving their development practices — on the contrary, they should be expected to do their part. It’s because they haven’t proven able to move fast enough to meet consumer security needs.

“My thoughts and talk here is kind of in response to our current state of the world, and my expectations of any hope for the IoT manufacturers is long term, whereas for router manufacturers and home network equipment it is more short term,” he said.

Router manufacturers have been much more responsive to consumer security needs, in Alexander’s view. However, anyone who has ever tried updating router firmware can point to the minimal attention these incremental patches often receive from developers as a counterclaim.

Aside from that issue, router manufacturers typically integrate new features like updated 802.11 and WPA specifications fairly quickly, if for no other reason than to give consumers the latest and greatest tech.

“I think a lot of [router] companies are going to be open to implementing good, secure things, because they know as well as the security community does … that these IoT devices aren’t going to get better, and these are going to be threats to our networks,” Alexander said.

So how would home routers actually implement network segmentation in practice? According to Alexander’s vision, unless confident consumers wanted to strike out on their own and tackle advanced configuration options, their router simply would establish two SSIDs on router setup. In describing this scenario, he dubbed the SSIDs “Eldridge” and “Eldridge IoT,” along the lines of the more traditional “Home” and “Home-Guest” convention.

The two SSIDs are just the initial and most visible (to the consumer) part of the structure. The real power comes from the deployment of VLANs respective to each SSID. The one containing the IoT devices, “Eldridge IoT” in this case, would not allow devices on it to send any packets to the primary VLAN (on “Eldridge”).

Meanwhile, the primary VLAN either would be allowed to communicate with the IoT VLAN directly or, preferably, would relay commands through an IoT configuration and management service on the router itself. This latter management service also could take care of basic IoT device setup to obviate as much direct user intervention as possible.

The router “would also spin up an app service such as Mozilla Web Things or Home Assistant, or something custom by the vendor, and it would make that be the proxy gateway,” Alexander said. “You would rarely need to actually talk from the primary Eldridge VLAN over into the Eldridge IoT VLAN. You would actually just talk to the Web interface that would then communicate over to the IoT VLAN on your behalf.”

By creating a distinct VLAN exclusively for IoT devices, this configuration would insulate home user laptops, smartphones, and other sensitive devices on the primary VLAN from compromise of one of their IoT devices. This is because any rogue IoT device would be blocked from sending any packets to the primary VLAN at the data link layer of the OSI pyramid, which it should have no easy way to circumvent.

It would be in router manufacturers’ interests to enable this functionality, said Alexander, since it would offer them a signature feature. If bundled in a home router, it would provide consumers with a security feature that a growing number of them actually would benefit from, all while asking very little of them in the way of technical expertise. It ostensibly would be turned on along with the router.

“I think that’s a valuable incentive to the router manufacturers for distinguishing themselves in a crowded marketplace,” Alexander said. “Between Linksys and Belkin and some of the other manufacturers, there’s not a whole lot of [distinction] between pricing, so offering home assistant and security is a great [distinction] that they could potentially use.”

IoT Security Standards?

There is some promise in these proposed security controls, but it’s doubtful that router manufacturers actually would equip consumer routers to deliver them, said Shawn Davis, director of forensics at
Edelson and adjunct industry professor at the Illinois Institute of Technology.

Specifically, VLAN tagging is not supported in almost any home router devices on the market, he told LinuxInsider, and segmenting IoT from the primary network would be impossible without it.

“Most router manufacturers at the consumer level don’t support reading VLAN tags, and most IoT devices don’t support VLAN tagging, unfortunately,” Davis said.

“They both could easily bake in that functionality at the software level. Then, if all IoT manufacturers could agree to tag all IoT devices with a particular VLAN ID, and all consumer routers could agree to route that particular tag straight to the Internet, that could be an easy way for consumers to have all of their IoT devices automatically isolated from their personal devices,” he explained.

VLAN tagging is not restricted by any hardware limitations, as Davis pointed out, but is merely a matter of enabling the software to handle it. Just because the manufacturers can switch on VLAN tagging in software, that doesn’t mean it will be an easy matter to convince them to do so.

It’s unlikely that router manufacturers will be willing to do so for their home router lines and, unsurprisingly, it has to do with money, he said.

“A lot of the major companies produce consumer as well as corporate routers,” Davis noted. “I think they could easily include VLAN functionality in consumer routers but often don’t in order to justify the cost increase for feature-rich business level hardware.”

Most router manufacturers see advanced functionality like VLAN tagging as meriting enterprise pricing due to the careful development that it requires to meet businesses’ stricter operational requirements. On top of that, considering the low average technical literacy of home users, router manufacturers have reason to think that power user features in home routers simply wouldn’t be used, or would be misconfigured.

“Aside from the pricing tier differences,” Davis said, “they also might be thinking, ‘Well, if we bake in VLANs and other enterprise-based features, most consumers might not even know how to configure them, so why even bother?'”

Beyond cajoling router makers to enable VLAN tagging and any other enterprise-grade features needed to realize Alexander’s setup, success also would hinge on each manufacturer’s implementation of the features, both in form and function, Davis emphasized.

“I think each manufacturer would have different flows in their GUIs for setting up isolated VLANs, which wouldn’t be the easiest for consumers to follow when switching across different brands,” he said. “I think if IoT security was more standards-based or automatic by default between devices and routers, overall security in consumer devices would greatly improve.”

Securing both of these concessions from router manufacturers would likely come down to ratifying standards across the industry, whether formally or informally, as Davis sees it.

“The different standards boards could potentially get together and try to pitch an IoT security standard to the router and IoT device manufacturers, and try to get them to include it in their products,” he said. “Aside from a new standard, there could potentially be a consortium where a few of the major manufacturers include advanced IoT device isolation in the hopes that others would follow suit.”

Risk Reduction

Alexander’s THOTCON presentation touched on the 5G connectivity that
many predict IoT will integrate, but in exploring the viability of alternatives to his setup, Davis quickly gravitated toward Alexander’s proposal.

Connecting to IoT devices via 5G certainly would keep them away from home users’ laptop- and smartphone-bearing networks, Davis acknowledged, but it would present other challenges. As anyone who has ever browsed
Shodan can tell you, always-on devices with seldom-changed default credentials connected directly to the public Internet have their downsides.

“Having your IoT devices isolated with your home-based devices is great, but there is still the possibly of the IoT devices being compromised,” Davis said. “If they are publicly accessible and have default credentials, they could then be used in DDoS attacks.”

Enabling IoT for direct 5G Internet connections doesn’t necessarily improve the security of end-user devices, Davis cautioned. IoT owners will still need to send commands to their IoT devices from their laptops or smartphones, and all 5G does is change the protocol that is employed for doing so.

“IoT devices using cellular 4G or 5G connections are another method of isolation,” he said, “but keep in mind, then the devices are relying even more on ZigBee, Z-Wave or Bluetooth Low Energy to communicate with other IoT devices in a home, which can lead to other security issues within those wireless protocols.”

Indeed, Bluetooth Low Energy

has its share of flaws, and at the end of the day protocols don’t impact security as much as the security of the devices that speak it.

Regardless of how the information security community chooses to proceed, it is constructive to look to other points in the connectivity pipeline between IoT devices and user access to them for areas where attack surfaces can be reduced. Especially when weighed against the ease of inclusion for the necessary software, router manufacturers undoubtedly can do more to protect users in cases where IoT largely hasn’t so far.

“I think a lot of the security burden is falling on the consumer who simply wants to plug in their device and not have to configure any particular security features,” Davis said. “I think the IoT device manufacturers and the consumer router and access point manufacturers can do a lot more to try to automatically secure devices and help consumers secure their networks.”

Jonathan Terrasi has been an ECT News Network columnist since 2017. His main interests are computer security (particularly with the Linux desktop), encryption, and analysis of politics and current affairs. He is a full-time freelance writer and musician. His background includes providing technical commentaries and analyses in articles published by the Chicago Committee to Defend the Bill of Rights.

Source link