I’m a big advocate of FOSS or Free and Open-Source Software. Although, is it really more stable and secure? We keep hearing the “Many eyes make bugs shallow” mantra, but it took how long for the Heartbleed bug in OpenSSL to be noticed?
The way I look at it is that all operating systems have tools by which they can be made more secure than their default “Just install it” state. It takes a knowledgeable and careful system administrator to use those tools. Done right, Linux and other free software can be made quite secure.
I am, however, a little concerned about the current level of churn in the free software space.
Red Hat Enterprise Linux 7 (or RHEL 7) is slowly coming along. It will be enormously different from RHEL 6, more so in my estimation than 6 was from 5. The move to Systemd completely changes the control of userspace processes, and it also reaches into kernel space in significant ways. Logging now focuses on the associated journalctl mechanism, traditional Syslog service seems neglected.
There are many Linux distributions, but RHEL is probably still the most influential in North America, the UK, and some other regions. With the evolution of RHEL 5 to 6 to 7 the userspace control of the
init daemon has gone through traditional System V
init, then the heavily modified Upstart
init, and now with Systemd there isn’t even an
init program any more!
Logging has gone through similar leaps, with traditional Syslog in RHEL 5 (with hints that Syslog-NG would be next), then Rsyslog in RHEL 6, and now Rsyslog is still around but
systemd-journald is the focus. I predict that the next big change will be a choice between the venerable X display server and Wayland, or even a shift to Wayland as the default.
With the Linux community seemingly unable to stay on a path, this requires most large organizations to support a menagerie of distributions. Some systems need the latest release to support new hardware or provide new improvements in performance and stability. But legacy systems will be one and possibly two major releases behind.
This is why Learning Tree’s Linux Administration and Support course was designed to be about enterprise-scale Linux in general as opposed to one version of one distribution.
It’s not just Linux. OpenBSD, a very conservative and rigorously audited free UNIX-family OS, is also going through significant changes. The recent OpenBSD 5.5 release changes the
time_t structure to a 64-bit value on all platforms. This solves the Year 2038 problem but pretty much requires a complete re-install as not only are old binaries incompatible with the new kernel, you can’t even log in to an incremental upgrade as some files are now in new formats.
OpenBSD updates every six months, and they already tell us that the next one coming this autumn will be a big one. They will finish their transition away from a customized version of Apache to the nginx web server. The BIND DNS server will be replaced with nsd. And, Sendmail will be replaced with OpenSMTPD.
At least OpenBSD is still conservative in the kernel, the core of the OS. A kernel build on OpenBSD takes 5 minutes on my laptop, while Wireshark takes over 30 minutes.