- A new major version of the Alpine Linux is out, and it is worth checking out.
- The security-oriented Linux distribution is bringing refreshed packages and support for Big Endian.
- Alpine has a special way to help users protect the system from the exploitation of zero-day bugs.
Alpine Linux has announced the release of major version 3.12.0, which is the first of the “3.12” stable series. Alpine is a Linux distribution that focuses on security, and it’s designed for routers, firewalls, VPNs, VoIP boxes, and servers. Moreover, it is particularly lightweight, small in size (130 Mb), simple to use, independent, and non-commercial. All in all, Alpine is a security-oriented OS designed for power users who want to use a solid basis upon which to build a robust system for whatever purpose they may have.
The 3.12.0 release brings support for “mips64” (big-endian), and also the D programming language (Dlang). D is used in projects like Facebook, eBay, and Netflix, and generally, it is deployed in virtual machines, OS kernels, GPU programming, machine learning, web development, numerical analysis, and more. As for the big-endian architecture, this is the system of storing the most-significant byte of a word of digital data at the lower memory address of the storage location.
Other significant updates in the Alpine’s packages include the following:
- Linux 5.4.43
- GCC 9.3.0
- LLVM 10.0.0
- Git 2.24.3
- Node.js 12.16.3
- Nextcloud 18.0.3
- PostgreSQL 12.3
- QEMU 5.0.0
- Zabbix 5.0.0
One key attribute of the Alpine Linux from the perspective of security is the way that it is protected against the exploitation of zero-day bugs. All packages are compiled with stack-smashing protection (as “Position Independent Executables”), so the effects of any userland buffer overflows are actively mitigated. This proactive security measure prevents the exploitation of entire classes of zero-days as well as other flaws. Moreover, Alpine comes with a hardened kernel, deploys DMVPN patches for meshed VPNs, and can even be installed and run directly from the RAM, which would enable it to survive disk failures.
In terms of the lightness of Alpine, there’s some serious work that has taken place in this field too. For example, the distribution uses its own feather-light init system called “OpenRC” instead of the “systemd” that is so extensively used in the Linux world. Moreover, Alpine is deploying the BusyBox suite, which is something like a Swiss Army knife of embedded Linux, supporting over 300 commands and basic functions. The C standard library used by Alpine Linux right now is “musl,” which is a lighter alternative for the typically used “glibc.” Finally, Alpine uses small (8 Mb) containers to provide the user with enough versatility.