Let’s take a look at 2019’s biggest Linux and open stories…

1. IBM buys Red Hat for $34-Billion

Exhibit number one is IBM acquiring Red Hat in the biggest software company acquisition ever. True, IBM was one of Linux’s earliest supporters and, as I predicted, rather than IBM consuming Red Hat, Red Hat has remained an independent barony in Big Blue’s corporate kingdom. But, the bottom line remains: The world’s leading Linux company now belongs to the company number 34 on the Fortune 500.

Read on for more…

[Source: ZDNet]

“We’re trying to create order out of chaos,” CEO Wayne Jackson of Sonatype told Forbes. By chaos, Jackson is referring to the avalanche of open source software code out there that’s used anonymously for some very important projects. GitHub.com alone hosts some 40 million developers, he pointed out.

“We are building the world’s critical infrastructure on software somebody else wrote, a stranger with unknown skills, motivations and desires, but the desire to innovate is so high, we’re willing to accept the risk of using some random person’s software invention,” Jackson said.

[Source: Forbes]

With open source software, we’ve grown accustomed to a certain level of trust that whatever we are running on our computers is what we expect it to actually be. Thanks to hashing and public key signatures in various parts in the development and deployment cycle, it’s hard for a third party to modify source code or executables without us being easily able to spot it, even if it travels through untrustworthy channels.

On his talk this year at the 36C3, [bunnie] showed a detailed insight of several attack vectors we could face during manufacturing. Skipping the obvious ones like adding or substituting components, he’s focusing on highly ambitious and hard to detect modifications inside an IC’s package with wirebonded or through-silicon via (TSV) implants, down to modifying the netlist or mask of the integrated circuit itself.

[Source: Hackaday]