Open Source

Linux 4.10 Kernel Reaches End of Life ( 56

prisoninmate quotes Softpedia: As it's not an LTS (Long Term Support) branch, the Linux 4.10 kernel series was doomed to reach end of life sooner or later, and it happened this weekend with the release of the Linux kernel 4.10.17 patch, which is a major one changing a total of 103 files, with 981 insertions and 538 deletions. Therefore, users are now urged to move to the Linux 4.11 kernel series. If you're using a GNU/Linux distribution powered by a kernel from the Linux 4.10 series you need to update to version 4.10.17 as soon as it makes its way into the stable repositories. However, please inform your OS vendor that they need to upgrade the kernel packages to the Linux 4.11 series immediately.
Open Source

Court Allows Case Over Violating Open Source License ( 156

Slashdot reader destinyland writes: The District Court for the Northern District of California recently issued an opinion that is being hailed as a victory for open source software. In this case, the court denied a motion to dismiss a lawsuit alleging violation of an open source software license, paving the way for further action enforcing the conditions of the GNU General Public License... As part of its motion to dismiss, Hancom argued that using open source code offered under open source licensing terms does not form a contract... The District Court ruled that Artifex's breach of contract claim could proceed, finding that the GPL, by its express terms, requires that third parties agree to the GPL's obligations if they distribute the open-source-licensed software [and] concluded that royalty-free licensing under open source conditions does not preclude a claim for damages...

In denying a motion to dismiss, the District Court only holds that the claims may proceed on the theories enunciated by Artifex, not necessarily that they will ultimately succeed. Still, the case represents a significant step forward for open source plaintiffs... In the past decade, while enforcement of open source licensing violations has become more common, few enforcement cases result in published law. The open source community will be watching this case carefully, and this initial decision vindicates the rights of the open source authors to enforce GPL terms on both breach of contract and copyright theories.

GNU is Not Unix

How Psychology Today Sees Richard Stallman ( 247

After our article about Richard Stallman's new video interview, Slashdot reader silverjacket shared this recent profile from Psychology Today that describes Richard Stallman's quest "to save us from a web of spyware -- and from ourselves." By using proprietary software, Stallman believes, we are forfeiting control of our computers, and thus of our digital lives. In his denunciation of all nonfree software as inherently abusive and unethical, he has alienated many possible allies and followers. But he is not here to make friends. He is here to save us from a software industry he considers predatory in ways we've yet to recognize... for Stallman, moralism is the whole point. If you write or use free software only for practical reasons, you'll stop when it's inconvenient, and freedom will disappear.
Stallman collaborator Eben Moglen -- a law professor at Columbia, as well as the FSF's general counsel -- assesses Stallman's legacy by saying "the idea of copyleft and the proposition that social and political freedom can't happen in a society without technological freedom -- those are his long-term meanings. And humanity will be aware of those meanings for centuries, whatever it does about them." The article also includes quotes from Linus Torvalds and Eric S. Raymond -- along with some great artwork.

In addition to insisting the reporter refer to Linux as "GNU/Linux," Stallman also required that the article describe free software without using the term open source, a phrase he sees as "a way that people who disagree with me try to cause the ethical issues to be forgotten." And he ultimately got Psychology Today to tell its readers that "Nearly all the software on our phones and computers, as well as on other machines, is nonfree or 'proprietary' software and is riddled with spyware and back doors installed by Apple, Google, Microsoft, and the like."

Debian 8.8 Released ( 65

prisoninmate quotes Softpedia: The Debian Project announced today Debian GNU/Linux 8.8, the most advanced stable version of the Jessie series, which brings corrections for numerous packages and various security flaws discovered and patched since the release of the Debian GNU/Linux 8.7 maintenance update back in mid-January 2017... "This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available," reads today's announcement.

"Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old 'jessie' CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated."

Debian 8.8 contains more than 150 bug fixes and security updates.
Open Source

Linux Kernel 4.11 Officially Released ( 55

prisoninmate quotes Softpedia: Linux kernel 4.11 has been in development for the past two months, since very early March, when the first Release Candidate arrived for public testing. Eight RCs later, we're now able to download and compile the final release of Linux 4.11 on our favorite GNU/Linux distributions and enjoy its new features. Prominent ones include scalable swapping for SSDs, a brand new perf ftrace tool, support for OPAL drives, support for the SMC-R (Shared Memory Communications-RDMA) protocol, journalling support for MD RAID5, all new statx() system call to replace stat(2), and persistent scrollback buffers for VGA consoles... The Linux 4.11 kernel also introduces initial support for Intel Gemini Lake chips, which is an Atom-based, low-cost computer processor family developed using Intel's 14-nanometer technology, and better power management for AMD Radeon GPUs when the AMDGPU open-source graphics driver is used.

Debian Developer Imprisoned In Russia Over Alleged Role In Riots ( 93

An anonymous reader writes: "Dmitry Bogatov, Debian developer and Tor node admin, is still being held in a Moscow jail," tweeted the EFF Saturday. IT Wire reports that the 25-year-old math teacher was arrested earlier this month "on suspicion of organizing riots," and is expected to be held in custody until June 8. "The panel investigating the protests claims Bogatov posted several incitory messages on the forum; for example, one claim said he was asking people to bring 'bottles, fabric, gasoline, turpentine, foam plastic' to Red Square, according to a post at Hacker News. The messages were sent in the name of one Airat Bashirov and happened to be transmitted through the Tor node that Bogatov was running. The Hacker News post said Bogatov's lawyer had produced surveillance video footage to show that he was elsewhere at the time when the messages were posted.
"After Dmitry's arrest," reports the Free Bogatov site, "Airat Bashirov continue to post messages. News outlets 'Open Russia' and 'Mediazona' even got a chance to speak with him."

Earlier this month the Debian GNU/Linux project also posted a message of support, noting Dmitry maintains several packages for command line and system tools, and saying their group "honours his good work and strong dedication to Debian and Free Software... we hope he is back as soon as possible to his endeavours... In the meantime, the Debian Project has taken measures to secure its systems by removing Dmitry's keys in the case that they are compromised."
GNU is Not Unix

Richard Stallman Interviewed By Bryan Lunduke ( 172

Many Slashdot readers know Bryan Lunduke as the creator of the humorous "Linux Sucks" presentations at the annual Southern California Linux Exposition. He's now also a member of the OpenSUSE project board and an all-around open source guy. (In September, he released every one of his books, videos and comics under a Creative Commons license, while his Patreon page offers a tip jar and premiums for monthly patrons). But now he's also got a new "daily computing/nerd show" on YouTube, and last week -- using nothing but free software -- he interviewed the 64-year-old founder of the Free Software Foundation, Richard Stallman. "We talk about everything from the W3C's stance on DRM to opinions on the movie Galaxy Quest," Lunduke explains in the show's notes.

Click through to read some of the highlights.

GNOME 3.24 Released ( 118

prisoninmate quotes a report from Softpedia: GNOME 3.24 just finished its six-month development cycle, and it's now the most advanced stable version of the modern and popular desktop environment used by default in numerous GNU/Linux distributions. It was developed since October 2016 under the GNOME 3.23.x umbrella, during which it received numerous improvements. Prominent new features of the GNOME 3.24 desktop environment include a Night Light functionality that promises to automatically shift the colors of your display to the warmer end of the spectrum after sunset, and a brand-new GNOME Control Center with redesigned Users, Keyboard and Mouse, Online Accounts, Bluetooth, and Printer panels. As for the GNOME apps, we can mention that the Nautilus file manager now lets users browse files as root (system administrator), GNOME Photos imitates Darktable's exposure and blacks adjustment tool, GNOME Music comes with ownCloud integration and lets you edit tags, and GNOME Calendar finally brings the Week view. New apps like GNOME Recipes are also part of this release. The full release notes can be viewed here. Softpedia notes in conclusion: "As mentioned before, it will take at least a couple of weeks for the new GNOME 3.24 packages to land on the stable repositories of your favorite distro, which means that you'll most probably be able to upgrade from GNOME 3.22 when the first point release, GNOME 3.24.1, is out on April 12, 2017."

Notepad++ Update Fixes 'CIA Hacking' Issue ( 82

Free software Notepad++ (released under the GNU General Public License) received a new update this week which was announced under the headline "Fix CIA Hacking Notepad++ Issue". The CIA documents in WikiLeaks' 'Vault 7' included a "Notepad++ DLL Hijack" document which affected the popular Windows editor for text and source code. "It's not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it," reads the announcement. From the Notepad++ web site: If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch. Checking the certificate of DLL makes it harder to hack.

Note that once users' PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.

The update also includes "a lot of enhancements and bug-fixes," and if no critical issues are found, "Auto-updater will be triggered in few days."

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018 ( 91

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.

After 19 Years, DMOZ Will Close, Announces AOL 60

Its volunteer-edited web directory formed the basis for early search offerings from Netscape, AOL, and Google. But 19 years later, there's some bad news. koavf writes: As posted on the DMOZ homepage, the Open Directory Project's web listing will go offline on March 14, 2017. Founded in 1998 as "Gnuhoo", the human-curated directory once powered Google and served as a model for Wikipedia.
A 1998 Slashdot editorial prompted Richard Stallman and the Free Software Foundation to complain about how "Gnu" was used in the site's name. "We renamed GnuHoo to NewHoo," a blog post later explained, "but then Yahoo objected to the 'Hoo' (and our red letters, exclamation point, and 'comical font')." After being acquired for Netscape's "Open Directory Project," their URL became, which was shortened to DMOZ. Search Engine Land predicts the memory of the Open Directory Project will still be kept alive by the NOODP meta tag.

The site was so old that its hierarchical categories were originally based on the hierarchy of Usenet newsgroups. As it nears its expiration date, do any Slashdot readers have thoughts or memories to share about DMOZ?

Mozilla Thunderbird Finally Makes Its Way Back Into Debian's Repos ( 47

prisoninmate quotes a report from Softpedia: A year ago, we told you that, after ten long years, the Debian Project finally found a way to switch their rebranded Iceweasel web browser back to Mozilla Firefox, both the ESR (Extended Support Release) and normal versions, but one question remained: what about the Mozilla Thunderbird email, news, and calendar client? Well, that question has an official answer today, as the Mozilla Thunderbird packages appear to have landed in the Debian repositories as a replacement for Icedove, the rebranded version that Debian Project was forced to use for more than ten years due to trademark issues. "Thunderbird is back in Debian! We also renamed other related packages to use official names, e.g. iceowl-extension -> lightning. For now, we need testers to catch existing issues and things we haven't seen until now," said Christoph Goehre in the mailing list announcement. You can find out how to migrate your Icedove profiles to Thunderbird via Softpedia's report.
GNU is Not Unix

KDE Plasma 5.9 Released ( 89

KDE has announced the release and general availability of the KDE Plasma 5.9 desktop environment for GNU/Linux operating systems. While it only took a few months to develop and isn't a long-term supported (LTS) version like KDE Plasma 5.8, the update does have several new features and improving Wayland support. Softpedia reports: Probably the most important one, which will make many KDE users upgrade from KDE Plasma 5.8 LTS or previous versions, is the return of Global Menus, a feature that was available in the KDE 4 series of the desktop environment. Only now, after numerous requests from users, did the KDE developers manage to implement Global Menus again in KDE Plasma 5.9. Quite a multitude of improvements have landed in the KDE Plasma 5.9 desktop environment for those who use the next-generation Wayland display server. These include the ability to take screenshots, support for using the color picker, implementation of borderless maximized windows for full-screen support, and support for dragging apps by clicking on an empty area of the user interface using the Breeze style. KDE Plasma Wayland support allows users to set color schemes for windows, which may come in handy for accessibility, implements auto-hide support for panels, and properly displays the window icon on the panel when using X11 apps. Moreover, there's now a new settings tool for configuring touchpads, which you can see in action in the second video attached below. Wayland users can also set up gestures and relative motions. KDE Plasma 5.9 also adds several cool new tools that promise to enhance your productivity. For example, you'll be able to drag a screenshot taken with the Spectacle utility from the notification pop-up straight into a web browser form, chat window, or email composer. There's also a brand-new drag and drop functionality that lets you add widgets directly to the system tray area, and it's now possible to add widgets directly from the full-screen Application Dashboard launcher. KRunner actions like "Open containing folder" and "Run in Terminal" are now displayed in the application launchers for search results powered by KRunner, of course, and there's now a new applet that lets users group multiple widgets together in a single one. You can read the announcement and download KDE Plasma 5.9 via their website.

C++ Creator Wants To Solve 35-Year-Old Generic Programming Issues With Concepts ( 339

C++ creator Bjarne Stroustrup is arguing that we can improve code by grounding generic programming in concepts -- what's required by a template's arguments. An anonymous reader quotes Paul Krill's report on a new paper by Stroustrup: In concepts, Stroustrup sees the solution to the interface specification problem that has long dogged C++, the language he founded more than 35 years ago. "The way we write generic code today is simply too different from the way we write other code," Stroustrup says... Currently an ISO technical specification, concepts provide well-specified interfaces to templates without runtime overhead. Concepts, Stroustrup writes, are intended to complete C++'s support for generic programming as initially envisioned. "The purpose of concepts is to fundamentally simplify and improve design. This leads to fewer bugs and clearer -- often shorter -- code"...

Concepts, Stroustrup believes, will greatly ease engineers' ability to write efficient, reliable C++ code... The most obvious effect will be a massive improvement in the quality of error messages, but the most important long-term effect will be found in the flexibility and clarity of code, Stroustrup says. "In particular, having well-specified interfaces allows for simple, general and zero-overhead overloading of templates. That simplifies much generic code"

Concepts are already available in GNU C Compiler 6.2, and Stroustrup wants them to be included in C++ 20. "In my opinion, concepts should have been part of C++ 17, but the committee couldn't reach consensus on that."
Open Source

Free Software Foundation Shakes Up Its List of Priority Projects ( 103

alphadogg quotes Network World: The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas. The foundation has maintained the High Priority Projects list since 2005, when it contained just four free software projects. [That rose to 12 projects by 2008, though the changelog shows at least seven projects have since been removed.] Today's version mostly identifies priority areas, along with a few specific projects in key areas.
The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many."

And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.
Operating Systems

Richard Stallman Acknowledges Libreboot Is No Longer A Part of GNU ( 397

Libreboot became an official GNU project in May. Now an anonymous Slashdot reader writes: Richard Stallman has officially announced that Libreboot is no longer a GNU package. The maintainer of Libreboot had tried to leave the GNU project in September 2016, but the departure was not acknowledged until January 2017. Libreboot is a replacement for proprietary BIOS systems, effectively a distribution of coreboot without any binary blobs and adding an automated build/install process.
In the post titled "Goodbye to GNU Libreboot," Stallman wrote that "When a package's maintainer steps down, that doesn't by itself break the relationship between GNU and the package. If it is left without a maintainer but is still useful, the GNU Project will usually look for new maintainers to work on it. However, we can instead drop ties with the package, if that seems the right thing to do.

"A few months ago, the maintainer of GNU Libreboot decided not to work on Libreboot for the GNU Project any more. That was her decision to make. She also asserted that Libreboot was no longer a GNU package -- something she could not unilaterally do. The GNU Project had to decide what to do in regard to Libreboot. We have decided to go along with the former GNU maintainer's wishes in this case, for a combination of reasons: (1) it had not been a GNU package for very long, (2) she was the developer who had originally made it a GNU package, and (3) there were no major developers who wanted to continue developing Libreboot under GNU auspices."
Desktops (Apple)

Raspberry Pi's Linux-Based PIXEL Desktop Now Available For PC and Mac ( 50

From a report on BetaNews: If you own a Raspberry Pi, you're probably familiar with PIXEL. The desktop environment is included in the Raspbian OS. The Raspberry Pi Foundation describes PIXEL as the "GNU/Linux we would want to use" and understandably so. It offers a smart, clean interface, a decent selection of software, the Chromium web browser with plug-ins, and more -- and from today it's available for PC and Mac. The version of Debian+PIXEL for x86 platforms is described as "experimental" but having taken it for a spin, it seems pretty stable to me. To run PIXEL on your PC or Mac, download the image, burn it onto a DVD or flash it onto a USB memory stick, and boot from it. The desktop environment will load ready for use.

Does Code Reuse Endanger Secure Software Development? ( 148

msm1267 quotes ThreatPost: The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It's a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off approach with the code they host. This scenario allows attackers to target one overlooked component flaw used in millions of applications instead of focusing on a single application security vulnerability.

The real-world consequences have been demonstrated in the past few years with the Heartbleed vulnerability in OpenSSL, Shellshock in GNU Bash, and a deserialization vulnerability exploited in a recent high-profile attack against the San Francisco Municipal Transportation Agency. These are three instances where developers reuse libraries and frameworks that contain unpatched flaws in production applications... According to security experts, the problem is two-fold. On one hand, developers use reliable code that at a later date is found to have a vulnerability. Second, insecure code is used by a developer who doesn't exercise due diligence on the software libraries used in their project.

That seems like a one-sided take, so I'm curious what Slashdot readers think. Does code reuse endanger secure software development?

Mozilla Releases Firefox 50 ( 127

Mozilla has begun seeding the binary and source packages of the final release of Firefox 50 web browser on all supported platforms, including GNU/Linux and macOS. From a report on Softpedia: We have to admit that we expected to see some major features and improvements, but that hasn't happened. The biggest new feature of the Firefox 50.0 release appears to be emoji for everyone. That's right, the web browser now ships with built-in emoji for GNU/Linux distributions, as well as other operating systems that don't include native emoji fonts by default, such as Windows 8.0 and previous versions. Also new, Firefox 50.0 now shows lock icon strikethrough for web pages that offer insecure password fields. Another interesting change that landed in the Mozilla Firefox 50.0 web browser is the ability to cycle through tabs in recently used order using the Ctrl+Tab keyboard shortcut. Moreover, it's now possible to search for whole words only using the "Find in page" feature. Last but not the least, printing was improved as well by using the Reader Mode, which now uses the accel-(opt/alt)-r keyboard shortcut, the Guarana (gn) locale is now supported, the rendering of dotted and dashed borders with rounded corners (border-radius) has been fixed as well.

Slashdot Top Deals