Kali Linux 2018.1 Released For Ethical Hackers

In 2016, Offensive Security–the developer of Kali Linux ethical hacking distro–decided to switch to a rolling release model. However, from time to time, they keep releasing the Kali snapshots with all the latest patches, fixes, and updates. Following the same tradition, the developers have pushed the first snapshot for 2018.

Aptly named Kali Linux 2018.1, this release contains all the fixes and updates released since last November’s Kali 2017.3. The team faced challenges like Spectre and Meltdown exploits, whose patches can be found in Linux 4.15 kernel.

This release is powered by the new Linux 4.14.12 kernel, which brings support for newer hardware and improved performance. This will enable the ethical hackers and penetration testers to use Kali in a more efficient manner to safeguard the security.

Notable Kali 2018.1 features

2018.1 comes with the support for AMD Secure Memory Encryption. It’s a new feature of AMD processors that allows automatic DRAM encryption/decryption. This will, theoretically, prevent the machines from cold-boot attacks.

Kali 2018.1 also supports the increased memory limits. With kernel 4.14, the new CPUs will be able to support 128PB of virtual memory and 4PB of physical memory.

In case you’re running Hyper-V to run Kali VM images, there’s some more good news. In the new release, Hyper-V integration services are included, which support Network Monitoring, Replication, and Dynamic Memory.

Kali Linux 2018.1 update and download

It goes without saying that a number of packages have been updated. This list of updated tools includes reaver, dbeaver, seclist, zaproxy, burpsuite, etc.

In case you’re already running Kali, run this command to get all the updates:

The brand new torrent and ISO files for Kali Linux 2018.1 can be found on this download page. The links for a pre-made ARM and VM images are also provided there.

Red Hat to acquire CoreOS for $250 million

Red Hat has announced plans to acquire Kubernetes and container-native solution provider CoreOS. CoreOS is known for its enterprise Kubernetes platform Tectonic. Tectonic is designed to provide automated operations and portability across private and public cloud providers.

The acquisition is expected to close at $250 million.

“The next era of technology is being driven by container-based applications that span multi- and hybrid cloud environments, including physical, virtual, private cloud and public cloud platforms. Kubernetes, containers and Linux are at the heart of this transformation, and, like Red Hat, CoreOS has been a leader in both the upstream open source communities that are fueling these innovations and its work to bring enterprise-grade Kubernetes to customers. We believe this acquisition cements Red Hat as a cornerstone of hybrid cloud and modern app deployments,” said Paul Cormier, president of products and technologies for Red Hat.

Red Hat wil combine CoreOS’s capabilities with its Kubernetes and container-based portfolio, including Red Hat OpenShift.

Other CoreOS solutions include the enterprise container registry Quay, lightweight Linux distribution Container Linux, distributed data store for Kubernetes etcd, and application container engine rkt.

“Red Hat and CoreOS’s relationship began many years ago as open source collaborators developing some of the key innovations in containers and distributed systems, helping to make automated operations a reality. This announcement marks a new stage in our shared aim to make these important technologies ubiquitous in business and the world. Thank you to the CoreOS family, our customers, partners, and most of all, the free software community for supporting us in our mission to make the internet more secure through automated operations,” said Alex Polvi, CEO of CoreOS.

EdgeX Foundry launches first major code release

Linux Foundation open source project EdgeX Foundry has launched the first major code release of their common open framework for IoT edge computing, Barcelona, originally announced in April. The release features key API stabilization, better code quality, reference Device Services supporting BACNet, Modbus, Bluetooth Low Energy (BLE), MQTT, SNMP, and Fischertechnik, and double the test coverage across EdgeX microservices.

Barcelona is the result of collaboration between over 50 member organizations and aims to provide an ecosystem for Industrial IoT solutions. These members provide products that support analytics, visualization, security, and more. Over 150 across the globe have met to establish project goals, working groups, and project maintainers and committers.

EdgeX says that the complexity of the IoT landscape has caused issues among businesses looking to deploy their own IoT solutions. EdgeX Foundry hopes to solve these issues by building this open source framework. The framework will be built on plug-and-play components designed to accelerate the deployment of IoT solutions.

“Barcelona is a significant milestone that showcases the commercial viability of EdgeX and the impact that it will have on the global Industrial IoT Landscape,” said Philip DesAutels, senior director of IoT at The Linux Foundation.

EdgeX has established a bi-annual release roadmap and their next major release, “California,” is planned for next Spring. California will continue to expand the framework to support requirements for deployment in business-critical Industrial IoT applications. According to the company, “In addition to general improvements, planned features for the California release include baseline APIs and reference implementations for security and manageability value-add.”

Live demonstrations of this platform will be taking place at IoT Solutions World Congress in Barcelona, Spain this week.

Linux kernel long term support extended to 6 years for Project Treble

Android runs on top of the Linux kernel. All of Android’s memory management, input/output, processes, locks, networking, etc happens through and via the Linux kernel. Each new release of Android uses a newer version of the Linux kernel. But it can’t just use any kernel version, there has to be a measure of stability and support. When serious bugs are found or security vulnerabilities are patched in the kernel, these fixes need to make it onto our devices. To make that easier Linux uses at its base what is called the Long Term Support (LTS) branch of the kernel. This is a stable version of the kernel which is guaranteed to be maintained for two years with fixes for serious bugs and security issues.

The problem is that two years isn’t enough. When a silicon vendor like Qualcomm or MediaTek design a processor they pick the latest and greatest LTS version of the kernel at some point during the processors design phase. Once that processor is released to OEMs like Samsung or LG, and then the OEM actually makes a device that uses that processor, then up to a year (or maybe even more) has passed since the LTS version was picked by the chip maker. The result is that the actual device can receive less than 1 years worth of kernel fixes and then the LTS period ends.

To help fix the problem is slow device updates, Android 8.0 Oreo includes Project Treble, a major re-work of Android to make it easier, faster, and less costly for OEMs to update their devices to a new version of Android. But that re-engineering of Android is partly negated by the two year window of LTS kernels.

Yesterday at Linaro Connect, Project Treble’s lead engineer Iliyan Malchev announced that Greg Kroah-Hartman, the current maintainer of the LTS kernels for the Linux Foundation, has agreed to extend the support period for LTS kernels from 2 years to 6 years. And this isn’t some far of in the future idea, the new Extended LTS (ELTS or XLTS) will start with Linux kernel 4.4.

This is a great change for everybody in the Linux community as it will not only apply to Android but to Linux on the desktop and more importantly to Linux servers. It will be interesting to see what companies like Ubuntu and Red Hat now do with the LTS versions of their distributions.

Microsoft’s quantum future, Red Hat launches Enterprise Linux for SAP Solutions and more

Microsoft reveals quantum computing progress

During their Ignite event in Orlando, Microsoft announced the current state of their quantum computing project led by mathematician Michael Freedman, which aims to develop the hardware and software foundation for future quantum computers.

So far, the project’s most prominent development is a Visual Studio-integrated programming language that is designed to work on both a quantum simulator and an eventual quantum computer.

In a post on Microsoft’s news blog, Allison Linn outlined how Freedman made the decision to design with topological qubits in mind rather than traditional trapped-particle qubits that are far more volatile.

“For the first time in 70 years we’re looking at a way to build a computing system that is just completely different,” said Craig Mundie, Microsoft’s chief research and strategy officer. “It’s not an incremental tune-up or improvement. It’s a qualitatively different thing.”

Dell Boomi launches Integration Accelerator for Workday and Microsoft Active Directory

Dell’s cloud integration and workflow automation development division, Boomi, announced the release of Integration Accelerator for Workday and Microsoft Active Directory this morning.

The release is meant to streamline the connection between Workday’s Human Capital Management employee management software with Microsoft’s Active Directory network monitoring.

From the press release: “With the Integration Accelerator for Workday and Microsoft Active Directory, organizations can automatically deliver access to key applications and corporate resources when onboarding new employees.”

Red Hat Enterprise Linux for SAP Solutions launched

Open source technologies provider Red Hat announced the launch of Red Hat Enterprise Linux for SAP Solutions this morning, a version of their operating system distribution optimized to run SAP software deployments.

This release aims to create a unified space to utilize SAP’s range of business and data analysis technologies.

“With Red Hat Enterprise Linux for SAP Solutions, we’re now able to provide a single, supported and open platform upon which enterprises can standardize their SAP deployments, all backed by Red Hat’s vast expertise in delivering enterprise-grade operating systems,” Jim Totton, vice president of platforms in Red Hat’s business unit, said in the announcement.

Ixia extends support in CloudLens Visibility Platform

Network visibility and security solution developer Ixia announced support for Microsoft Azure, Google Cloud Platform, IBM Bluemix and Alibaba Cloud for their CloudLens Visibility Platform for Windows and Linux.

The SaaS infrastructure visibility utility already supported Amazon Web Services, but aims for the extended support to streamline managing multi-cloud and hybrid environments.

“Ixia understands that IT decision makers need to implement and manage viable hybrid networks, and operate in a business environment where application performance is essential to generating revenue and maintaining customer relationships,” Bethany Mayer, president of Ixia, said in the announcement. “That’s why we developed CloudLens – a single cloud native visibility platform that eliminates blind spots throughout the entire spectrum from cloud to physical environment, enabling our customers to improve the effectiveness of monitoring tools, while delivering better intelligence to reduce mission-critical application downtime.”

KDE is partnering with Purism to create a Linux smartphone

Want a free-software smartphone? KDE and Purism have started a crowdfunding campaign to build one.

Most people are happy to use Android smartphones. Others love their Apple iPhones. But there’s some folks who really want a free-software smartphone without a trace of proprietary code or firmware. For these folks, Purism and KDE are partnering to create the Purism Librem 5 smartphone.

The Librem 5 is meant to be a secure smartphone with privacy protection by default. Its creators plan to do this by free and open-source software with a GNU/Linux operating system. This is likely to be based on Purist’s PureOS, a Debian Linux-based operating system. If you believe as Purism does that this will “create an open development utopia, rather than the walled gardens from all other phone providers,” than you may want to check this out.

Originally, Purism was going to use GNOME for its interface, but it’s not designed for smartphones. KDE’s Plasma Mobile, a version of the KDE desktop, is designed for phones.

Plasma Mobile already works on some off-the-shelf smartphones. But most smartphones include hardware that requires proprietary software to work. This clashes with KDE’s principles of freedom and openness. It also makes building difficult, since many hardware details are proprietary, thus preventing full access to the components.

“Building a Free Software and privacy-focused smartphone has been a dream of the KDE community for a long time. We created Plasma to not just run on desktops and laptops, but for the whole spectrum of devices,” said Lydia Pintscher, president of KDE e.V, in a statement. “Partnering with Purism will allow us to ready Plasma Mobile for the real world and integrate it seamlessly with a commercial device for the first time. The Librem 5 will make Plasma Mobile shine the way it deserves.”

“KDE has created an evolved, completely free platform in Plasma Mobile,” said Todd Weaver, CEO of Purism. “We feel that Plasma Mobile will become a serious contender that may break the current duopoly and bring a full-featured, fully free/libre and open-source mobile operating system to the market. We look forward to trying out Plasma Mobile on our test hardware and working with KDE’s community.”

That sounds good, but Purism has so far raised only $300,000 of its $1.5 million goal. In addition, smartphone operating system substitutes to Android and Apple iOS have had a terrible track record. Of the top six alternative mobile OSes I looked at in 2014 — Blackberry OS, Sailfish, Ubuntu Mobile, Firefox OS, Tizen, and Windows Phone — all of them are either dead or barely have a pulse.

Like it or not, it has become a two mobile OS world. We’ll see if KDE and Purism can break through.

Linux Foundation wants to promote sustainable open source development with new initiatives

During last week’s Open Source Summit North America in Los Angeles, the Linux Foundation announced a series of projects designed to promote sustainability and growth in open source development.

We wrote last week about their “Open Source Guides for the Enterprise,” which will see a series of guides by professionals from many different organizations released over the next few months.

Following that, the foundation announced the Community Health Analytics for Open Source Software, or CHAOSS, project. With CHAOSS, the Linux Foundation wants to provide a platform for measuring and analyzing open source projects.

The foundation also announced that it has granted a CII security badge to 100 projects through a voluntary process for open source projects to prove their security measures stack up professionally.

And finally, the foundation is involved in the Kubernetes Certified Service Provider project, which allows companies already versed in Kubernetes technology to become certified support for enterprises hopping on the rapidly growing container management system.

In a post on the foundation’s blog, Linux Foundation Executive Director Jim Zemlin explained why these projects will be important.

“The big question we ask ourselves at The Linux Foundation is: Of the 64 million open-source projects out there, which are the ones that really matter?” he wrote. “We think that projects with sustainable ecosystems are the ones that really matter. These are the open-source projects that will be supported. They provide the security and quality codebase that you can build future technologies on.”

Zemlin says that the many open source projects in active development at the Linux Foundation and influential projects coming from organizations like the Apache Software Foundation, the Eclipse Foundation and the OpenStack Foundation, all follow the sort of development principles that he believes will promote sustainability.

With these sorts of guidelines and support available, Zemlin says it will become clearer and easier for enterprises to evaluate which open-source projects are worth using and contributing to, which in turn will promote the growth of these worthwhile projects.

Linux kernel 4.13, OCF and OMA team up for IoT, and TypeScript 2.5

The Linux 4.13 kernel series was made official over the Labor Day weekend, and it urges all Linux users to start migrating to this version as soon as possible, especially since there are numerous improvements and support for hardware with this release.

Linux 4.13 includes Intel’s Cannon Lake and Coffee Lake CPUs, support for non-blocking buffered I/O operations, and better power management, according to a report.

“Linux kernel 4.13 is now the latest stable kernel branch for GNU/Linux distributions, but it’s currently tagged as “mainline” on kernel.org, from where you can download the source tarball if you want to compile it on your Linux OS. But it will take a couple of weeks until it is declared stable and ready for deployment, usually when the first maintenance update gets out, Linux 4.13.1.” – Softpedia News report

OCF and OMA announce liaison agreement
The Open Connectivity Foundation and Open Mobile Alliance announced a liaison agreement for working on device management for IoT, according to a statement today. With this agreement, both organizations will collaborate and explore OMA’s LightweightM2M standard, a device management protocol designed for sensor networks, with OCF Specifications.

“OCF had a need to address the standardization of device management to identify expertise in all connected verticals and create a comprehensive solution for the IoT,” said John Park, executive director of OCF. “We are excited to work with a well-established solution that addresses interconnectivity within the mobile industry, and continue our momentum toward unlocking the full potential of the IoT.”

TypeScript 2.5
TypeScript 2.5 is here with a few new items like the Extract Function and the Extract Method refactorings. Both of these new additions make complex rewrites trivial, according to a blog post from Microsoft.

For those that use Visual Studio Code, this refactoring will be available in the upcoming release (though you can try it now by using VS Code Insiders releases, according to Microsoft). The feature is still new so there is some room for improvement. TypeScript 2.5 also includes a few quick fixes. One new quick fix will get triggered when you try to use JSDoc-style types in TypeScript.

More information can be found here.

Red Hat has updated their Red Hat Development Suite to version 2.0, including updates to Red Hat JBoss Development Suite and Red Hat Container Development Kit.

“The general theme of this release is expanded usability, product integration, expanded support for Middleware products in Development Suite,” senior product manager of Developer Tools at Red Hat, Bob Davis said in the blog post announcing the updates.

The Red Hat Development Suite installer is available for Windows, macOS and Red Hat Enterprise Linux, and it will automatically download, install and configure selected tools such as EAP, Fuse and the Kompose 1.0 technical preview, a new addition to the suite.

Kompose is a tool that can be used to convert Docker Compose files to Kubernetes or Red Hat OpenShift artifacts. Kompose was conceived as an onboarding tool for Kubernetes users by Skippbox (since acquired by Bitnami) and it received contributions from Google and Red Hat early in development. It’s now a part of the Kubernetes Community Project as of version 1.0.0.

Kompose can be installed via YUM through another new addition, the Red Hat DevTools channel.

Red Hat, Inc., the world’s leading provider of open source solutions, today announced that it has acquired the assets and technology of Permabit Technology Corporation, a provider of software for data deduplication, compression and thin provisioning. With the addition of Permabit’s data deduplication and compression capabilities to the world’s leading enterprise Linux platform, Red Hat Enterprise Linux, Red Hat will be able to better enable enterprise digital transformation through more efficient storage options.

“With the addition of Permabit’s data deduplication and compression tools to Red Hat Enterprise Linux, Red Hat will be ready to support these organizations as they seek to derive a more efficient storage footprint to power business innovation,” said Jim Totton, vice president and general manager of Red Hat.

As more enterprises move towards adopting the efficiencies offered by digital technologies like Linux containers and cloud computing, being able to run these services and store the resulting data requires new storage needs outside of what is offered by traditional storage technologies. Storage efficiency is a key piece in addressing these needs, particularly with the emergence of hyperconverged infrastructure (HCI) which blends storage and compute onto a single x86 server. Enterprise-class, open source solutions can help to address the storage challenges posed by these digitally transformative technologies by using software to increase the amount of storage available to applications without increasing the amount of physical storage.

With Permabit’s technology, Red Hat can now bring powerful data deduplication and compression features into Red Hat Enterprise Linux itself, which will also enhance capabilities across Red Hat’s hybrid cloud and storage technologies, including Red Hat OpenStack Platform, Red Hat OpenShift Container Platform and Red Hat Storage. Consistent with its commitment to delivering fully open source solutions and upstream-first innovation, Red Hat plans to open source Permabit’s technology. This will enable customers to use a single, supported and fully-open platform to drive storage efficiency, without having to rely on heterogeneous tools or customized and poorly-supported operating systems.

The transaction is expected to have no material impact to Red Hat’s guidance for its second fiscal quarter ending Aug. 31, 2017, or fiscal year ending Feb. 28, 2018.