In today's open source roundup: The Washington Post wonders if the Linux kernel needs better security. Plus: Does Linux need a more diverse range of distributions? And Ubuntu 16.04 LTS will drop the Ubuntu Software Center Washington Post questions Linux kernel security The Washington Post has been doing a series on the vulnerabilities of the Internet. Part five of the series focuses on Linus Torvalds and the state of security in the Linux kernel. Does Linus need to focus more on security? Craig Timberg reports for The Washington Post: But while Linux is fast, flexible and free, a growing chorus of critics warn that it has security weaknesses that could be fixed but haven’t been. Worse, as Internet security has surged as a subject of international concern, Torvalds has engaged in an occasionally profane standoff with experts on the subject. One group he has dismissed as “masturbating monkeys.” The rift between Torvalds and security experts is a particular source of worry for those who see Linux becoming the dominant operating system at a time when technology is blurring the borders between the online and offline worlds. Much as Windows long was the standard for personal computers, Linux runs on most of the Internet’s servers. Over several hours of conversation, Torvalds, 45, disputed suggestions that security is not important to him or to Linux, but he acknowledged being “at odds” with some security experts. His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs. This is a process, Torvalds suggested, poorly understood by his critics. When the interviewer asked whether Linux — designed in an era before hacking had become a major criminal enterprise, a tool of war and constant threat to the privacy of billions of people — was due for a security overhaul after 24 years, Torvalds replied, “You’re making sense, and you may even be right.” More at The Washington Post Readers of The Washington Post shared their thoughts about Linux and security: Ccppcsharp: ”Torvalds would never treat the security of his home as casually as he does the security of Linux.” Altizar: ”I have to say Linus Torvalds is right. No matter how many security features, walls, tunnels, etc you add. There are just that many more loop holes and breaches added that people can go through to bypass them. The true core should be the fastest, most optimal, and stable. If you want security, you can add it to everything before it gets to the computer. cause if you add it to the core, you do nothing but slow it down and get zero additional benefits.” Rmctwo: ”Yes, Linux did come from Unix and both are trash.” Roxe: ”As long as there are processes, semaphores, threads, and execution paths between the kernel and the rest of the OS, just baking in security code is never the right answer. The problem is the kernel and the rest of the OS all depend on memory, and the stack and heap memory is where the majority of exploits work at. There are some complex metamorphic malware that can easily hide its memory footprint and fool the best security researchers in the world (even though the “experts” claim otherwise). ” Art Schwartz: ”The Linux security issues must be considered against the backdrop of the filthy-rich, hole-ridden “operating system” called Windows. Securing the kernel is equivalent to circling the heart with prophylaxis and then living a self destroying life style – no exercise, calorie laden diet, etc. Torvalds, as usual, is dead right.” Dmarney: ”My take on all this is that it is a great mistake to think of security as one thing. Security is a mind-set that gets expressed in many layers of processes, techniques, and most importantly, human policies. What Linus is saying is that the kernel is just one part among many, and the absolutely best contribution we can make to a more secure system is to have the kernel be well-written.” Francois: ”Security barriers need to be built into multiple layers of defense in every level, including the microprocessor, motherboard, hypervisor, OS kernel, firewall software, network hardware, and personal prudence. Only when the failure of no single one of these can result in breach can you be safe. ” Skeptic1: ”This article is pretty unbalanced. It paints Professor Torvalds as uncaring about security. And it almost exclusively quotes security experts who have something to sell. ” Hanging Chad: ”Linux can be quite secure, but requires knowledge and skill to maintain. Most IT administrators are low paid babysitters, who have no clue how to use the vi editor, write scripts or recompile a new kernel.” Barraclough: ”Good for Linus. The industry that calls itself “IT security” is a pure racket–filled with charlatans, paranoid schizophrenics and outright frauds. The amount of money that’s been wasted on these crooks to maintain the fiction of “taking security seriously” is simply unfathomable.” More at The Washington Post Does Linux need a more diverse range of distributions? One of the best things about Linux is the range of choices users have in terms of desktop distributions. But is Linux becoming less diverse? One writer at Datamation laments this possibility. Bruce Byfield reports for Datamation: Last year, I wrote how the number of Linux distributions listed on Distrowatch seemed to be declining. Specifically, the number had dropped from 323 in 2011 to 285 in December 2014. Eleven months later, the decline seems to be continuing at about the same rate, with the number of active distributions down to 276, and the decline is starting to seem an actual trend. Critics might argue that the apparent trend might not be a trend at all. It could be a reflection of Distrowatch’s criteria for listing a distribution, or how quickly Distrowatch posts new distributions. However, given that the site regularly posts announcements of new releases for both new and established distros, there seems no reason for either to be a factor. But is the decline reason for alarm? That is harder to decide until you start looking at other evidence. More at Datamation Ubuntu 16.04 LTS will drop the Ubuntu Software Center The developers of Ubuntu are hard at work on Ubuntu 16.04 LTS, and that version will no longer use the Ubuntu Software Center. Instead it will include GNOME Software. Silviu Stahie reports for Softpedia: The new Ubuntu 16.04 will be an LTS release, and that means developers need to pay extra attention to what they are doing. One of their goals is to shed all the dead weight that’s been piling on for the past couple of years. One of the problems seems to be the Ubuntu Software Center, which is almost unmaintained, with the exception of a few security problems that have been dealt with. This problem is being solved by dropping the software completely. The replacement will be GNOME Software and Will Cooke, the Ubuntu Desktop Manager, said that they would be working on a way to keep all the reviews, ratings, and screenshots from the Ubuntu Software Center. More at Softpedia Did you miss a roundup? Check the Eye On Open home page to get caught up with the latest news about open source and Linux. Software DevelopmentOpen Source