Categories
Opinions

RIP CentOS

How IBM and Red Hat are killing off CentOS

Opinions and views expressed in this post are entirely my own.

For those of you who don’t know, CentOS is a popular Linux distribution which is a binary compatible clone of Red Hat Enterprise Linux. The idea of Red Hat Enterprise Linux is that it offers a stable production-ready environment with Long Term Support (typically, a version of RHEL/CentOS will remain supported for years before you need to upgrade).

However, RHEL is a commercial product whereas CentOS is a free, community-supported operating system. As RHEL is open-source, it is perfectly permissible for projects such as CentOS to clone and re-release the source, as long as they remove any potential trademarks. After all, RHEL itself benefits from many free things, such as the Linux Kernel.

In January 2014, Red Hat Inc acquired the CentOS trademark and became a primary sponsor of the project. Ever since, they have been investing in the CentOS project and maintaining the project as a community driven operating system, mirroring RHEL. In July 2019, IBM acquired Red Hat. Can you see where this is going?

Concerns were naturally expressed by the community through these various acquisitions as to whether the CentOS project would continue as a community driven project. Time passes by, and a new product was announced (alongside CentOS Linux) called CentOS Stream. CentOS Stream is different to traditional CentOS Linux in the sense that it is considered a rolling release distribution, and will receive more regular updates than CentOS Linux, making it potentially unsuitable for production environments which need to retain stability. In essence, CentOS Stream sits upstream from RHEL (almost like a testing distribution/sandbox), whereas CentOS Linux sits downstream (and mirrors the same stability we know and love from RHEL).

Again, this raised concerns from the community over the future of the CentOS Linux project. The Chief Technology Officer of Red Hat provided reassurance to the community that CentOS as we know it isn’t going anywhere.

Old school CentOS isn’t going anywhere. Stream is available in parallel with the existing CentOS builds. In other words, “nothing changes for current users of CentOS.”

The lying words of Chris Wright, CTO of Red Hat, as seen on ZDNet.

Roll on the 8th December 2020, and Red Hat announce they are shifting all investment away from the CentOS Linux project and focusing entirely on CentOS Stream instead, ending the life of traditional CentOS Linux. Not only that, the already-published end of life date for CentOS 8 was changed from 2029, to 2021 – removing 8 years off of the product support life span. For those who have already migrated to CentOS 8, they now have until the end of 2021 to upgrade instead of the previously promised 2029.

This is a huge breach of trust and unsurprisingly has drawn huge criticism from the community (and rightly so!). It is a colossal dick move by IBM and Red Hat who clearly have no regard for the community which is built up of many people who ironically probably work for companies all over the world that lines their pockets.

Their motive? Who knows? Maybe they want people to shift from CentOS to RHEL and pay an arm and a leg for the privilege.

This is the day in which CentOS as we have known and loved for 16 years dies. Red Hat have truly found a way to make 2020 that little bit worse. Rest in peace.

Categories
Security

Picking my first lock

…and my second

Given my obvious interest in cyber security, I decided to give physical penetration testing a go. A lot of cyber security professionals use lock-picking skills when out in the field, so it’s an important to skill to learn.

Knowing absolutely nothing about lock picking, I decided to buy the first lock picking kit I could kind from a quick search online. I settled with a ‘Lokko’ Lock Pick Set from UK BumpKeys. I confess – I still know very little about lock-picking so please bare this in mind when reading this post. 🙂

The set consisted of a 12-piece lock set, two practice locks, a credit card concealed lock picking set, and a number of tension levers.

The set came with an e-book (though you can pay extra for a real book if you wish) which describes the basics of lock-picking. I haven’t actually read the book yet, as I watched a couple of basic lock-picking videos on YouTube before the set arrived in the post.

Before trying to pick a lock, we need to understand a few of the lock types. A common lock type (most often seen in padlocks) is a basic pin lock. Aside from the terrible background music, this video by DaveHax on YouTube is helpful in explaining the basic fundamentals of picking a pin-based lock. I recommend giving it a watch if you don’t already understand the basics.

What picks do we have?

As you can see, there are 12 picks in this set. I’m still yet to learn about the different types of picks myself, but from what I have learnt so far, you have a few picks designed to target individual lock pins (starting from the left), moving onto your rake style picks on the right which target several pins at once in a more brute-force style of picking. The one on the end is apparently called a snowman – I have no idea what this one is for?

I managed to pick both locks several times in the picking kit using a variety of different picks – the first attempt only took a few minutes. I found the practice locks fairly straight-forward. These locks have the obvious advantage that they are transparent, allowing you to see the individual pins as you pick them. This makes it far easier, but after a short-while, I found I was able to pick them without looking at the pins.

It’s really exciting when you manage to pick your first lock, but the effect quickly wears off when you realise the lock you have picked a lock that is designed to be picked. My next step was to buy a real lock.

I went onto eBay and ordered one of the first few locks I could find (a Master Lock M5). I picked two of these locks up for £12.99.

It was only after I purchased both locks I noticed the following wording in the product description:

“The 4-pin cylinder prevents picking”

As someone who has only picked a couple of practice locks, there’s no way I could pick a lock which “prevents picking”, right? Wrong!

The M5 lock is certainly a lot more difficult to pick and I need to give it some more practice, but I was relieved that I was able to successfully pick this despite the (rather inaccurate) product description. Picking a real lock gives far more satisfaction than picking a practice lock. I guess I’m going to have to order more to practice my new hobby on.