Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux.

Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If you’ve migrated to Linux or Mac seeking refuge from the never-ending stream of threats that seems to target Windows, you can breath a lungful of fresh air—just don’t let your guard down. Continue reading “Why Linux users should worry about malware and what they can do about it”

Microsoft Will Bring Its SQL Database Software to Linux

microsoft-linuxNearly one quarter of all the servers running in Microsoft’s Azure cloud service are powered by the open source operating system Linux. But you can’t actually run much Microsoft software on those Linux servers.

That’s about to change. Companies will soon be able to run Microsoft’s database software SQL Server on Linux, Microsoft’s Scott Guthrie said in a blog post today.

Or at least part of it. A spokesperson clarified that Microsoft will offer at least SQL Server’s core capabilities. Other components will depends on customer demand and feedback.

Microsoft isn’t open sourcing SQL Server’s code, but making it run-able on Linux is a big change for the company. Microsoft has long offered a Mac version of its Office suite and has recently released versions for Android and iOS. Other than that, however, you generally need to run Windows if you want to use Microsoft software. Few Microsoft applications run on Linux today, and those that do were acquired from other companies, such as Skype, Revolution R Enterprise, and Wunderlist.

Love for Linux

But Microsoft has been warming to the idea of supporting software on other platforms. Just last month the company announced plans to acquire Xamarin, a company that develops a cross-platform version of Microsoft’s popular .NET programming framework—a tool that enables developers to use Microsoft’s C# programming language to build applications that run on Linux and Apple’s operating systems, not just Windows.

Microsoft’s newfound love for Linux was a long time coming. Back in 2001, former CEO Steve Ballmer famously called Linux a “cancer.” In 2007, Microsoft threatened to sue Linux companies such as Red Hat for patent infringement.

But over the years, as open source won over not just hackers but corporations and governments as well, Microsoft changed its tune. It partnered with Red Hat in 2009 to ensure compatibility between the two company’s products. In 2012, it announced support for Linux on Azure and now even uses the operating system to actuallyrun the cloud service. But for years, Microsoft’s main forays into open source were focused on bringing open source software that already ran on Linux to Windows, such as the data crunching platform Hadoop, the programming platform Node.js and the code management tool Git. Enabling users to run SQL Server on Linux, even if it isn’t open sourcing the underlying software, is another step in this new direction.

Whether users actually want to run SQL Server on Linux is another question entirely. Oracle’s flagship database software is still far more popular than Microsoft’s, and open source alternatives like MySQL and PostgreSQL are already enormously popular on Linux. But it is possible that more companies would pay for Microsoft SQL Server licenses if they could run it on Linux, thus avoiding having to pay for both a Windows Server license and a SQL Server license. That might end up being a wash for Microsoft’s bottom line. But more openness to open source could ultimately mean more techies are open to Microsoft.

Article Source
Picture source : www.linux.com

Linux Machines Can Be Hacked by Pressing Backspace 28 Times

Linux Machines Can Be Hacked

A Pair of Spanish cybersecurity researchers have discovered a Linux vulnerability that could allow anyone with physical access to a system to log in without a password and launch a variety of attacks. The vulnerability, found in versions of the commonly used Grub2 (GNU Grand Unified Bootloader) bootloader released since 2009, can be exploited by hitting the backspace key 28 times. Named CVE-2015-8370, the vulnerability has a medium severity rating, according to the National Institute of Standards and Technology’s National Cyber Awareness System notice. The bug can be easily fixed, according to the researchers who discovered it, and a number of patches are now available.

Introduced into the Grub coding in December 2009, the vulnerability has raised some suspicions that it might be the work of the National Security Agency or a similar organization. A commenter on reddit’s Linux thread, for instance, noted, “This is exactly the kind of highly-useful bug with plausible deniability that I’d expect to be introduced ‘accidentally by governmental agencies’s agents.”

‘Incalculable Number of Affected Devices’

Hector Marco-Gisbert and Ismael Ripoll, members of the cybersecurity group at Spain’s Polytechnic University of València, published their description of the Grub2 authentication bypass zero-day vulnerability on December 14, several days after disclosing it to CCN-CERT, the Spanish National Cryptologic Center.

“Grub2 is the bootloader used by most Linux systems including some embedded systems,” Marco-Gisbert and Ripoll said in their description of the vulnerability. “This results in an incalculable number of affected devices.”

The researchers said they were able to exploit the vulnerability using QEMU (short for Quick Emulator) running Debian 7.5. The bug allowed them to obtain a Grub rescue shell, from which they could gain entry to the system without a username or password, and potentially introduce malware, destroy data or launch a denial of service attack.

Easy Check for Bug

Users can quickly and easily check for the vulnerability in their systems by pressing the backspace key 28 times when Grub asks for a username, according to Marco-Gisbert and Ripoll. “If your machine reboots or you get a rescue shell then your Grub is affected,” they said.

In addition to fixes being made available by GNU/Linux vendors, an emergency patch was also posted by the researchers on the main Grub2 Git repository. Any GNU/Linux user with Grub2 using password protection should update to a patched version, even if the attack described by the researchers is not easily launched without physical access to a system and could require significantly different approaches on different systems.

“As can be seen, the successful exploitation depends on many things: the BIOS version, the GRUB version, the amount of RAM, and whatever that modifies the memory layout,” Marco-Gisbert and Ripoll noted. “And each system requires a deep analysis to build the specific exploit.”

Original Article

5 Key Steps to Ensuring Database Security

Databases often contain extremely sensitive information that must be protected from security vulnerabilities and exploits. All organizations need to work on a continual basis to identify and remediate those vulnerabilities using a variety of tools that are available. In addition to doing monitoring and security assessments constantly, it is vital that the results are analyzed and properly audited so that an organization can not only ensure that its database security posture is sound, but also demonstrate compliance with regulations that demand high levels of security be applied to sensitive data.


Almost all organizations use databases in some form for tracking information such as customer and transaction records, financial information, and human resources records. Much of the information contained in databases is sensitive and can be sold for cash or, such as in cases of theft by a disgruntled employee or by a hacker with political motivations, to cause the organization loss of business or reputation, especially if the organization is found to be in breach of regulations or industry standards that demand high levels of data security.

According to the 2012 data breach investigations report published by Verizon Business, 96% of records breached in 2011 were taken from database servers. Of these, 55% exploited default or guessable credentials and 40% the use of stolen login credentials. And, according to another study among data professionals conducted by Unisphere Research, a division of Information Today, Inc., for the IOUG little more than one-third of the 430 respondents install 37% critical patch updates within three months of their release.

According to technology vendor Application Security, Inc., the following are the top 10 threats related to databases:

  1. Default or weak passwords
  2. SQL injection
  3. Excessive user and group privileges
  4. Unnecessary DBMS features enabled
  5. Broken configuration management
  6. Buffer overflows
  7. Privilege escalation
  8. Denial of service
  9. Un-patched RDBMS
  10. Unencrypted data


There are 5 key steps to ensuring database security, according to Applications Security, Inc.

  1. Isolate sensitive databases—maintain an accurate inventory of all databases deployed across the enterprise and identify all sensitive data residing on those databases.
  2. Eliminate vulnerabilities—continually assess, identify and remediate vulnerabilities that expose the database.
  3. Enforce least privileges—identify user entitlements and enforce user access controls and privileges to limit access to only the minimum data required for employees to do their jobs.
  4. Monitor for deviations—implement appropriate policies and monitor any vulnerabilities that cannot be remediated for any and all activity the deviates from authorized activity.
  5. Respond to suspicious behavior—alert and respond to any abnormal or suspicious behavior in real time to minimize risk of attack.


The first step for ensuring database security is to develop a database security plan, taking into account regulations such as Sarbanes-Oxley and industry standards such as the Payment Card Industry Data Security Standards with which the organization must comply. The use of a standard checklist is to be advised, rather than trying to develop a security plan from scratch. Examples of such as checklist include those available from the information assurance support environment website, sponsored by the U.S. Defense Information Systems Agency or the Center for Internet Security.

As part of the development of this plan, the organization should take an inventory of all databases within the organization’s network environment, which can be done more efficiently through use of vulnerability management technology that can automatically discover all databases and run scans to identify which contain sensitive information, such as financial information and customer data. The scans performed by such technology will also be able to assess database vulnerabilities and misconfigurations, identifying issues such as default or weak passwords, missing patches and poor access controls, and will look to identify which vulnerabilities can be exploited so that remediation can be prioritized. Most tools available will include built-in templates that incorporate the requirements of many best practice frameworks and regulatory compliance initiatives. Such tools should be used not only when developing a database security program, but on a continuous basis to identify new threats and vulnerabilities.

Database activity monitoring (DAM) tools will also aid in the process of reducing vulnerabilities by providing visibility in real time into all database activity. Such tools collect data, aggregate it and analyze the data to look for activities that are in violation of security policy or that indicate anomalies have occurred. According to the Gartner Group, the primary reason for deploying DAM technologies is to monitor the activity of privileged users such as database and system administrators, developers, and help desk and outsourced personnel, many of whom typically have unfettered access to corporate databases. To ensure that threats are minimized and the requirements of regulations are being complied with, DAM tools should be used to identify anomalous activities such as privileged users viewing sensitive data, altering log records, making unauthorized configuration changes or creating new accounts with super user privileges. They can compare activities performed with those authorized by change requests. In general, it is considered to be best practice to implement access controls based on the principle of least privilege to ensure that no one user has excessive access rights and those rights should be regularly audited.

Click here for full Story

Linux Foundation Bundles SysAdmin Training Course, Certification Exam

Want to work as a Linux systems administrator? The Linux Foundation has added a way to gain the requisite knowledge and certification through a training course, Essentials of System Administration, that covers the key skills required for managing servers, clouds and other systems based on the open source OS.

The course takes place fully online and is designed to be distribution-agnostic, meaning it teaches core skills that apply to all of the various iterations of Linux currently available. It focuses on “under-the-hood” aspects of Linux systems, from kernel drivers and file systems to system processes and network configuration.

The Linux Foundation introduced the course to help meet growing demand within the enterprise for expertise in Linux and open source software, according to the group. “The best way to address the skills shortage in the Linux community is to provide a variety of ways for people to learn Linux and to access the knowledge they need to advance their careers,” Linux Foundation Executive Director Jim Zemlin said in a statement. “The Linux Foundation will continue to explore new ways to deliver Linux learning materials, and increase opportunities for professionals who want to advance the world’s largest collaborative development project.”

The training course, which has course number LFS201 under the Linux Foundation’s hierarchy of courses, will provide the knowledge necessary to complete the test for the Linux Foundation’s SysAdmin certification successfully, according to the organization. That certification was introduced last year, but the Linux Foundation is offering the opportunity to take the certification test free of charge to students who register for the training course, which currently costs $499.

The Linux Foundation is pitching the coupling of the training course with the certification exam as a particularly cost-effective opportunity for gaining Linux system-administration knowledge and certification. The course “is quite a bit more affordable than equivalent ones on the market by itself, and when bundled with the exam becomes an even better deal which we hope will help expand Linux education and opportunities to more people,” a Linux Foundation representative wrote in an email.

Click here for full Story

Top 10 most read: Xperia Z3 review, Ghost Linux bug, IBM job cut rumours

The smartphone market remains a confusing place for those seeking a new phone, with the likes of Apple, Samsung, Google, Sony and HTC all competing for attention.

So it’s no surprise that V3’s head-to-head reviews between the big boys of the smartphone arena are popular, and so it proved with our Nexus 6 v iPhone 6 v Xperia Z3 head-to-head. Check out the review to see which phone won.

Elsewhere, security hit the headlines once again. A Linux bug dubbed ‘Ghost’ was uncovered which could be exploited to hijack systems. Versions of Linux dating back as far as 2000 are affected.

As if this wasn’t bad enough, efforts by Google to improve security in popular products drew criticism from security researchers, who said that the firm is doing more harm than good with its disclosure policies.

Lastly, rumours that IBM was planning a giant jobs cull, possibly as high as 118,000 workers from around the world, also raised eyebrows. IBM flatly denied the reports, claiming that the firm is actually engaged in a hiring spree at present.

Click here for full Story

Will 2015 be the year of the Microsoft/Linux love fest?

Microsoft has finally embraced Linux — with a bit of passion. Jack Wallen reports why he believes the makers of Windows have finally come around to sidling up to the open-source platform.

There is one sentence that I swore I’d never write.

Microsoft loves Linux.

That’s right. During a webcast, new CEO Satya Nadella stood next to an image that said “Microsoft [heart symbol] Linux.” Understand, the presentation was all about Azure and the new services it has added to the system. Included with those new services were Linux-based systems (such as the Cloudera Hadoop package and the CoreOS Linux distribution) — so, it’s not like Microsoft is all of a sudden embracing Linux as a desktop OS.

Yet… sort of.

I believe Microsoft is finally gazing into the same crystal ball as everyone else has been and is seeing that “platform” is on the verge of complete irrelevancy. This isn’t 1999, where platform was King, and the King had a name — Windows. This is 2015, and the crow now rests squarely on the network — the cloud. And to make the cloud work, really work, the platform must become transparent. Otherwise, you suffer from lock-in, and that will be your death knell.


Numbers don’t lie. The majority of users get their content via mobile devices, like smartphones and tablets. As of a year ago, mobile use has exceeded desktop usage. That means the browsers and devices accessing servers, content, and SaaS are no longer tied to a desktop platform. That also means juggernauts like Microsoft have to completely reinvent the way they think and do business — otherwise, they’ll go the way of the desktop.

I’m constantly taken aback when people contact me about my author website and say, “Something’s wrong with your page. It doesn’t look right!” I open Chrome, and it looks fine. And then … I remember … they are most likely viewing the site with their phone.

Rethink. Retool. Refine.

That is why Microsoft has found itself in a position of having to “love Linux.” Microsoft needs Linux to achieve transparency for today’s market and user base. Without Linux, Microsoft’s Azure platform is not nearly as flexible as today’s tech landscape requires. Microsoft knows this, and that’s why it currently offers five Linux servers on Azure (CentOS, Ubuntu, CoreOS, OpenSuSE, and Oracle Linux). The one major Linux server missing is Red Hat, but I’m certain Microsoft will eventually open its arms and heart to one of the most powerful enterprise Linux distributions on the planet.

But let’s face it, the real competition Microsoft faces today is Google and Amazon — cloud services, not platforms (that game is done, over, kaput). And to be competitive in the cloud, Microsoft can’t, in any way, go it alone.

How times have changed.

To that end, Microsoft will find itself in a love fest with Linux this year. They will become best of friends, snap selfies together, and post on one another’s Facebook wall. Even once Windows 10 is released, this won’t change. I firmly believe that Microsoft has finally come to grips with the idea that the desktop is no longer the be-all end-all to their bottom line. Azure brings in roughly $5 billion in annual revenue for Microsoft — all the while sidling up to that which their one-time CEO called “a cancer.” Remove Linux from the picture, and that $5 billion in annual revenue shrinks drastically.

Fiction and reality have finally merged. Microsoft and Linux are sharing a spotlight that no one ever thought the penguin could possibly enjoy, all because the platform has become secondary to the new King — software and service.

Click here for full Story

A year in the life of OpenStack

What a year for OpenStack! With two shiny new releases, two excellent summits on opposite sides of the Atlantic, countless new features, and an ever-growing community of users and developers, it truly has been a year of progress for OpenStack.

Let’s take a look back at some of our coverage here on Opensource.com, and perhaps take a sneak peek at what might be in store for the new year.

OpenStack people

The best part of covering OpenStack here on Opensource.com has been getting to hear from the people who make it happen. At the beginning of the year, John Dickinson, leader of the OpenStack Swift project, took us through storage policiesand what they would mean for OpenStack’s object storage system. Anne Gentle, the documentation lead for OpenStack, shared with us here involvement in theWomen of OpenStack program and how it is bringing more female leaders to the project and to the open source community at large. And community manager Stefano Maffulli gave us some suggestions for how contributing to OpenStack could be made easier.

A little later in the year we heard from OpenStack release manager Thierry Carrez about the feature freeze and what it means for the project development cycle. We spoke to storage expert John Griffith about the Cinder block storage project. Doug Hellmann told us about his work leading the OpenStack Oslo project, where common pieces of code are stored. And we learned from Victoria Martinez de la Cruz about the translation efforts taking place to make OpenStack accessible to everyone.

After the first OpenStack Summit of the year in Atlanta, we heard some thoughts from Jim Haselmaier about OpenStack project management and what it means for driving the direction of a diverse project. DreamHost’s vice president of cloud Jonathan LaCour told us how his company is reinventing itself with OpenStack. Jesus Gonzalez-Barahona told us about some of the numbers behind OpenStack and how they compare to other open source cloud projects. And StackStorm CTO Dmitri Zimine brought us a three part series on tools for deploying and managing OpenStack and the workloads on top of it.

We ramped up our coverage even more before the Paris Summit, bringing you a full interview series. We learned from Everett Toews of Rackspace how Apache jclouds can help to simplify application development in the cloud. We spoke with OpenStack Neutron project lead Kyle Mestery about contributing effectively to that project. Sage Weil told us what software defined storage means for OpenStack, and Metacloud’s director of community evangelism Niki Acosta told us about her work in the community. Python guru Julien Danjou told us about Ceilometer, thetelemetry project for OpenStack. OpenStack board of directors member Tim Bell told us about how OpenStack powers the research at CERN. And former NASA CTO Chris Kemp told us about the early days of OpenStack.

OpenStack tutorials

This year, we launched a new tutorial series, featuring the best new guides published every month. We started in May by highlighting several excellent beginners’ guides, tips on managing floating IPs, security and server hardening guides, an introduction to multi-node installation, and an overview of what is new in the most recent release of OpenStack Heat. And in June, we linked to guides for getting OpenStack to play nice with firewalld and NetworkManager, using Test Kitchen with Puppet on an OpenStack deployment, Kerberos, Docker containers, and getting started with OpenStack on Solaris.

In July, we featured tutorials on monitoring features, metadata services, benchmarking, the Jumpgate library, logging, and even launching a Team Fortress 2 server through OpenStack, followed by August, where we looked at git tricks to make your OpenStack patches easier for others to digest, using Heat to manage Docker containers, how to delete compute instances directly from the database, and more.

When September rolled around, we gave tips for running OpenStack on FreeBSD, testing out OpenStack’s newest incubated project, building an elastic WordPress installation, and more. Then in October, we helped you with advice for building RPM packages, simplifying log files, running custom code with Nova hooks, and more.

In November, we investigated CPU topology, splitting up a Swift cluster, container orchestration, using affinity controls, sharing public images in Glance, and more. And finally in December, we highlighted tutorials for creating disk images for Glance in Ceph, deleting orphaned storage volumes, comparing patchsets in Gerrit, and more.

A cloudy world

We also covered a number of open source projects this year which might be interesting to an OpenStack user. We interviewed Frank Huerta, CEO of a company called TransLattice who is leading an open source project calledPostgres-XL designed to modernize the PostgreSQL database for clustered environments with big data. We spoke with Neela Jacques, executive director of the OpenDaylight project to learn how they are working to build an open platform for software defined networking. And we learned from Chris Hoge how to deploy OpenStack using Puppet, an open source system for automating IT operations.

In the container world, we had great success in getting started with Docker from Vincent Batts’ guide for beginners, and learned even more from Dan Walsh who taught us about Docker security in his two part series. Then, we learned aboutFlocker, Clocker, and more!

Noting the importance of big data in the cloud, we got an excellent introduction to Apache Hadoop for big data from Sachin Bappalige. Sachin also helped us to explore Apache Mesos and how it can be used as a cluster management tool in data centers.

In all, it was an exciting year for the open source cloud, and I can’t wait to see what 2015 will bring!

Click here for full Story

2015 will be the year Linux takes over the enterprise (and other predictions)

The crystal ball has been vague and fuzzy for quite some time. Every pundit and voice has opined on what the upcoming year will mean to whatever topic it is they hold dear to their heart. In my case, we’re talking Linux and open source.

In previous years, I’d don the rose-colored glasses and make predictions that would shine a fantastic light over the Linux landscape and proclaim 20** will be the year of Linux on the _____ (name your platform). Many times, those predictions were wrong, and Linux would wind up grinding on in the background.

This coming year, however, there are some fairly bold predictions to be made, some of which are sure things. Read on and see if you agree.

Linux takes over big data

This should come as no surprise, considering the advancements Linux and open source has made over the previous few years. With the help of SuSE, Red Hat, and SAP Hana, Linux will hold powerful sway over big data in 2015. In-memory computing and live kernel patching will be the thing that catapults big data into realms of uptime and reliability never before known. SuSE will lead this charge like a warrior rushing into a battle it cannot possibly lose.

This rise of Linux in the world of big data will have serious trickle down over the rest of the business world. We already know how fond enterprise businesses are of Linux and big data. What we don’t know is how this relationship will alter the course of Linux with regards to the rest of the business world.

My prediction is that the success of Linux with big data will skyrocket the popularity of Linux throughout the business landscape. More contracts for SuSE and Red Hat will equate to more deployments of Linux servers that handle more tasks within the business world. This will especially apply to the cloud, where OpenStack should easily become an overwhelming leader.

As the end of 2015 draws to a close, Linux will continue its take over of more backend services, which may include the likes of collaboration servers, security, and much more.

Smart machines

Linux is already leading the trend for making homes and autos more intelligent. With improvements in the likes of Nest (which currently uses an embedded Linux), the open source platform is poised to take over your machines. Because 2015 should see a massive rise in smart machines, it goes without saying that Linux will be a huge part of that growth. I firmly believe more homes and businesses will take advantage of such smart controls, and that will lead to more innovations (all of which will be built on Linux).

One of the issues facing Nest, however, is that it was purchased by Google. What does this mean for the thermostat controller? Will Google continue using the Linux platform — or will it opt to scrap that in favor of Android? Of course, a switch would set the Nest platform back a bit.

The upcoming year will see Linux lead the rise in popularity of home automation. Wink, Iris, Q Station, Staples Connect, and more (similar) systems will help to bridge Linux and home users together.

The desktop

The big question, as always, is one that tends to hang over the heads of the Linux community like a dark cloud. That question is in relation to the desktop. Unfortunately, my predictions here aren’t nearly as positive. I believe that the year 2015 will remain quite stagnant for Linux on the desktop. That complacency will center around Ubuntu.

As much as I love Ubuntu (and the Unity desktop), this particular distribution will continue to drag the Linux desktop down. Why?

Convergence… or the lack thereof.

Canonical has been so headstrong about converging the desktop and mobile experience that they are neglecting the current state of the desktop. The last two releases of Ubuntu (one being an LTS release) have been stagnant (at best). The past year saw two of the most unexciting releases of Ubuntu that I can recall. The reason? Because the developers of Ubuntu are desperately trying to make Unity 8/Mir and the ubiquitous Ubuntu Phone a reality. The vaporware that is the Ubuntu Phone will continue on through 2015, and Unity 8/Mir may or may not be released.

When the new iteration of the Ubuntu Unity desktop is finally released, it will suffer a serious setback, because there will be so little hardware available to truly show it off. System76 will sell their outstanding Sable Touch, which will probably become the flagship system for Unity 8/Mir. As for the Ubuntu Phone? How many reports have you read that proclaimed “Ubuntu Phone will ship this year”?

I’m now going on the record to predict that the Ubuntu Phone will not ship in 2015. Why? Canonical created partnerships with two OEMs over a year ago. Those partnerships have yet to produce a single shippable product. The closest thing to a shippable product is the Meizu MX4 phone. The “Pro” version of that phone was supposed to have a formal launch of Sept 25. Like everything associated with the Ubuntu Phone, it didn’t happen.

Unless Canonical stops putting all of its eggs in one vaporware basket, desktop Linux will take a major hit in 2015. Ubuntu needs to release something major — something to make heads turn — otherwise, 2015 will be just another year where we all look back and think “we could have done something special.”

Outside of Ubuntu, I do believe there are some outside chances that Linux could still make some noise on the desktop. I think two distributions, in particular, will bring something rather special to the table:

  • Evolve OS — a ChromeOS-like Linux distribution
  • Quantum OS — a Linux distribution that uses Android’s Material Design specs

Both of these projects are quite exciting and offer unique, user-friendly takes on the Linux desktop. This is quickly become a necessity in a landscape being dragged down by out-of-date design standards (think the likes of Cinnamon, Mate, XFCE, LXCE — all desperately clinging to the past).

This is not to say that Linux on the desktop doesn’t have a chance in 2015. It does. In order to grasp the reins of that chance, it will have to move beyond the past and drop the anchors that prevent it from moving out to deeper, more viable waters.

Linux stands to make more waves in 2015 than it has in a very long time. From enterprise to home automation — the world could be the oyster that Linux uses as a springboard to the desktop and beyond.

What are your predictions for Linux and open source in 2015? Share your thoughts in the discussion thread below.

Click here for full Story

Linux Continues to Grow in the Cloud Computing and Implementation of Enterprise Applications

The operating system of most famous open source is gaining ground in business particularly in cloud computing, according to a report from the Linux Foundation and Yeoman Technology Group.

The Linux Foundation has published a study called “2014 Enterprise End User Trends Report” that shows the steady growth of Linux in the market for large companies, especially in recent years driven by factors such as the growth of cloud computing, in addition to its known qualities in terms of safety, capacity deployment, costs or virtualization.

The study was carried out on large companies and government agencies with at least 500 employees or exceeding 500 million dollars in annual revenue show that in the last four years, the deployment of Linux systems has increased 14% while the windows has decreased by 9%.

Specifically, analysts found that enterprise server applications are being deployed at the expense of Windows and Unix in the past four years. Deploying Linux applications has increased during this period from 65% to 79%, while deploying Windows has fallen from 45% to 36%.

Linux drives business change to the cloud as it remains the top choice for the whole topic of cloud computing. The report found that 75 percent use it as main platform, compared with 24 percent using Windows and less than two percent using 2% using UNIX. Companies believe that Linux is superior in technical, safety and cost capacity. In fact, 78 percent of companies believe Linux is more secure than other operating systems.

In particular, private clouds are increasingly used by Linux environment. When it comes to adoption, 75% companies are using Linux for private clouds, 16% public clouds are using Linux and 25% use a mix of both private and public cloud.

Linux continues to grow year after year at the expense of other operating systems. Over 87% said they are planning to implement Linux servers this year, and 82% plan to add more in the next. In fact, the deployment on Linux has increased, while deploying Windows continues to fall. To date, more than half (51%) of large companies are running production systems in the cloud, and 39 percent are planning to increase their activities in cloud computing in the next 12 months, so it is likely the market share of Linux continues to increase thanks to solutions like KVM, Xen or the famous Linux Containers.

Linux Foundation also notes that one of the most stable trend in the growing use of Linux compared to other operating system is to support mission-critical workloads. This figure has increased dramatically, from 60% in 2011 to 72% this year.

This growth makes the need for trained personnel in Linux, which is the main concern of businesses. Some businesses are using hesitant to use Linux because of system (41%), surpassing aspects as fragmentation (32%), compatibility (29%) or availability of drivers (27%) issues.

Among the respondents are Morgan Stanley, Goldman Sachs, Bank of America, Bristol-Myers Squibb, NTT, Deutsche Bank, DreamWorks, ADP, NYSE, NASDAQ, Goodrich, MetLife and AIG. It is remarkable that the number of companies in the Fortune 500 list already rely on Linux to choose and support their most critical software.

Click here for full Story

Running mission-critical applications on Enterprise Linux servers

At the core of any organisation are important IT systems that are vital for continued successful operation. Mission-critical applications, such as ERP, CRM, business intelligence, data warehousing, and analytics, advance and support business in many fundamental ways. In the modern, global corporate landscape, it is almost certain that users will need to access these systems at any time of day, demanding around-the-clock, 24/7 availability. Any outage of mission-critical server infrastructure directly impacts revenue and profitability, so downtime must be avoided.

Mission-critical enterprise systems typically rely on expensive Unix or mainframe servers to fulfil high-availability and reliability requirements. Due in part to increasing budgetary constraints and initiatives promoting open standards, this situation has been changing recently. With a shift towards x86-based commodity server hardware, Intel has worked hard to develop reliability, availability, and serviceability (RAS) features in its Xeon processors, with recent hardware optimisations leading to better scalability and performance.

The Intel Xeon E7 processor family implements a powerful collection of RAS capabilities designed to minimize the frequency, cost, and duration of system downtime, which is vital for mission-critical services. Based on key concepts such as self-monitoring and self-healing, this technology enables servers to monitor key sub-systems for errors, and automatically repair known issues. Detecting and correcting problems (or isolating problems that cannot be immediately rectified) is important to maintain system integrity and protect mission-critical data. Support for multiple layers of system component redundancy and subsequent automated failover functionality ensures a higher level of availability. Servers powered by Intel Xeon E7 processors can take advantage of predictive failure analysis to identify problematic components before they fail, allowing them to be replaced during regular maintenance cycles, and ultimately minimising service costs.

Software support for hardware RAS features implemented by the Intel Xeon E7 processor family is included in the Linux operating system. With the largest subscription base in the industry, Red Hat Enterprise Linux has a proven track record of running mission-critical workloads, and can be deployed on either physical servers or in cloud environments. Red Hat’s Enterprise Linux High Availability Add-On offers failover clustering to further increase availability of mission-critical applications. The company also offers load balancing, a storage platform, and a scalable file system for improved system reliability.

To ensure the smooth operation of important business processes, mission-critical applications must run on highly reliable and available platforms. The emergence of Intel Xeon-powered commodity servers running Red Hat Enterprise Linux has provided a competitive alternative to traditional Unix systems for mission-critical tasks. This new approach to building infrastructure using standards-based hardware will allow organisations to re-architect their datacentre to become the foundation of next-generation private and hybrid cloud solutions.

Click here for full Story

Government transformation and demand for Linux expertise

IT is changing organizations across the globe, impacting enterprises, governments and the wider public sector. Open source in particular is a driver in innovation, giving organizations a competitive edge and an ability to scale and adapt to changing market demands.

According to the 2014 Linux Jobs Report, demand for Linux expertise continues to grow, with hiring managers across a number of industries citing Linux talents as one of the top recruitment priorities this year.

Governments also a key industry for Linux talents

Unsurprisingly, with more government IT transformation projects under way in Asia Pacific, the need to reinvest in government employees’ skills is also on the rise. This may be due to legacy systems, often built on proprietary platforms and supported by IT teams with skill sets limited by the technologies they had to maintain.

In an interview on this with Harish Pillay,he shared an example with the Lotus Notes system, which was adopted by governments throughout southeast Asia over the past 20 years. When the time came for these governments to move to a new and more capable platform, they had to conduct extensive staff retraining for a new tool. Of course, this led to climbing expenditures given the need for new training.

With proprietary systems like Lotus Notes, there is a need to keep learning fixed and limited skills to support proprietary, vendor-specific set ups. Open source knowledge (Linux training) is, generally, highly transferable and can be applied to almost any Linux platform.

This type of interoperability between systems and skills will become a key consideration, for governments and enterprises alike, to ensure that adopting new technologies is as simple and cost-efficient as possible.

Increasing demand for Linux jobs

Hiring managers in both governments and enterprises are bolstering Linux talent plans, according to the 2014 Linux Jobs Report. This report is assembled from a survey taken across 1,100 hiring managers and 4,000 professionals within the Linux space.

In fact, the demand for Linux expertise is so high that salaries are being driven above industry norms, in turn causing these Linux professionals to identify Linux knowledge as a career-advancing tool.

President of technology for professional website Dice, Shravan Goli, explained that enterprises are increasingly describing Linux as core to the business.

The Singaporean government appears to understand the need for local initiatives and frameworks, as the new fair consideration framework has led to increased competition for local IT talent.

“In turn, hiring managers are turning up the dial on the incentives offered to technology talent with Linux skills. These professionals are working on projects tightly aligned with a future vision of what enterprises look like,” he said.

Growth in APAC IT talent

The Singaporean government appears to understand the need for local initiatives and frameworks, as the new fair consideration framework has led to increased competition for local IT talent.

This is according to recruiting expert Hays, which also announced a list of the IT skills presently in demand.

“Due to a limited talent pool in the storage, security, cloud or hosted domains, the market is also facing a shortage of technically skilled pre-sales people,” said Regional Director of Hays in Singapore and Malaysia, Chris Mead. He explained that service management, cloud architecture and process and quality specialist roles were also in high demand.

“We expect the supply shortage of these professionals to continue as businesses are consistently evaluating their IT operations to enable optimal efficiency and a continual improvement of their IT services.”

Red Hat® performance-based classroom training provides the hands-on, real-world skills that IT professionals and developers require.



As governments and enterprises increasingly undertake transformation projects with new open source technologies, the demand for Linux expertise will no doubt mirror these trends.

It is important that IT professionals find the appropriate training that will prove to be a long term asset to them and their organizations. On the other side of this transformation governments should consider local initiatives to support Linux training programs, thus growing the skill base for Linux and other open source standards.

Click here for full Story