Linux

Linus Torvalds Says Linux Still Surprises and Motivates Him (linux.com) 65

Linus Torvalds: What I find interesting is code that I thought was stable continually gets improved. There are things we haven't touched for many years, then someone comes along and improves them or makes bug reports in something I thought no one used. We have new hardware, new features that are developed, but after 25 years, we still have old, very basic things that people care about and still improve. I really like what I'm doing. I like waking up and having a job that is technically interesting and challenging without being too stressful so I can do it for long stretches; something where I feel I am making a real difference and doing something meaningful not just for me. I occasionally have taken breaks from my job. The 2-3 weeks I worked on Git to get that started for example. But every time I take a longer break, I get bored. When I go diving for a week, I look forward to getting back. I never had the feeling that I need to take a longer break.
Education

University of Missouri To Use Open Source And Other Cheaper Alternatives For General Education Textbook (columbiatribune.com) 55

Rudi Keller, writing for Columbia Tribune: The University of Missouri will move quickly to use open source and other cheaper alternatives for general education textbooks, building on initiatives already in place, system President Mun Choi said. At an event with members of the Board of Curators, administrators, lawmakers, faculty from all four campuses and student representatives, Choi said the intent is to save money for students while providing up-to-date materials. Faculty, including graduate assistants, will be eligible for incentive payments of $1,000 to $10,000 for preparing and adopting materials that save students money, Choi said. Textbooks are sometimes overlooked as a contributor to the cost of attending college, Choi said. "We want to provide our students an opportunity to have a low cost, high-quality alternative," Choi said.
Open Source

Opus 1.2 Released 22

jmv writes: The Opus audio codec, used in WebRTC and now included in all major web browsers, gets another major upgrade with the release of version 1.2. This release brings quality improvements to both speech and music, while remaining fully compatible with RFC 6716. There are also optimizations, new options, as well as many bug fixes. This Opus 1.2 demo describes a few of the upgrades that users and implementers will care about the most. It includes audio samples comparing to previous versions of the codec, as well as speed comparisons for x86 and ARM.
Microsoft

Green Party Leaders Don't Want Windows In Munich (techrepublic.com) 139

Reader sqorbit writes: Munich spent a lot of time (9 years) and a lot of money in shifting some 15,000 staff to a Linux-based OS. The plan now is to move to Windows 10 by 2021. Munich's Green Party is citing the WannaCry virus as a valid reason not to switch to Windows. "As with many of the biggest attacks, the computers that were mainly hit were running the Windows operating system," the Green Party said in a statement.
Businesses

Why Women Devs Are Hard To Recruit and Even Harder To Keep (windowsitpro.com) 608

An anonymous reader writes: The results of a recent survey conducted by GitHub sheds light on the issue of why women developers are hard to recruit and keep in the business of tech. Windows IT Pro reports: "The 2017 Open Source Survey 'collected responses from 5,500 randomly sampled respondents sourced from over 3,800 open source repositories on GitHub.com, and over 500 responses from a non-random sample of communities that work on other platforms.' Although the survey focused on open source and asked 50 questions on a wide range of topics that were in no way focused on gender issues alone, some of the data collected offers insight into why the developer industry as a whole has trouble recruiting and keeping female devs. Indeed, the severity of the gender gap in open source is substantial. In the survey, 95 percent of respondents were men, with the response rate from women at only 3 percent -- a degree of under-representation that's not seen elsewhere in this study. Other groups show numbers that are more proportionate to their numbers in the general population, with 'ethnic or national minorities' representing 16 percent of the respondents, immigrants at 26 percent, and 'lesbian, gay, bisexual, asexual, or another minority sexual orientation' at 7 percent. The problems that women in tech face are pretty much what you might expect. Twenty-five percent of the women surveyed report 'encountering language or content that makes them feel unwelcome,' compared with 15 percent of men. Women are six times more likely to encounter stereotyping than men (12 versus 2 percent), and twice as likely to be subjected to unsolicited sexual advances (6 vs 3 percent)."
Media

OpenELEC 8.0.4 Kodi-Focused Linux Distro Now Available (openelec.tv) 43

BrianFagioli writes: Unfortunately, Kodi is not its own operating system, meaning it has to be run on top of an OS. Sure, you could use Windows 10, but that is overkill if you only want to run Kodi. Instead, a lightweight Linux distribution that only serves to run the media center is preferable. One of the most popular such distros is OpenELEC. It can run on traditional PC hardware, but also Raspberry Pi, and, my favorite — WeTek boxes. Today, version 8.0.4 achieves stable release. It is a fairly ho-hum update, focusing mostly on fixes and stability.

The team shares the following changes in the release.

- fix crash in WeTek DVB driver on WeTek Play (1st gen).
- enable Kernel NEON mode for RPi2 builds.
- enable some more SOC sound drivers for RPi/RPi2 builds.
- enable Regulator support on all builds.
- enable Extcon support on all builds.
- fix loading for some I2C sound modules on RPI/RPi2 builds.
- fix loading splash screen on systems with Nvidia GPUs.
- fix speed problems on Nvidia ION systems.
- fix problems loading dvbhdhomerun addons.
- fix using user created sleep scripts.
- build PNG support with SSE support for x86_64 builds.
- update to linux-4.9.30, mesa-17.0.7, alsa-lib-1.1.4.1, alsa-utils-1.1.4, kodi-17,3, mariadb-10.1.23, samba-4.6.4.

Databases

Insecure Hadoop Servers Expose Over 5 Petabytes of Data (bleepingcomputer.com) 51

An anonymous reader quotes the security news editor at Bleeping Computer: Improperly configured HDFS-based servers, mostly Hadoop installs, are exposing over five petabytes of information, according to John Matherly, founder of Shodan, a search engine for discovering Internet-connected devices. The expert says he discovered 4,487 instances of HDFS-based servers available via public IP addresses and without authentication, which in total exposed over 5,120 TB of data.

According to Matherly, 47,820 MongoDB servers exposed only 25 TB of data. To put things in perspective, HDFS servers leak 200 times more data compared to MongoDB servers, which are ten times more prevalent... The countries that exposed the most HDFS instances are by far the US and China, but this should be of no surprise as these two countries host over 50% of all data centers in the world.

AT&T

ESR Shares A Forgotten 'Roots Of Open Source' Moment From 1984 (ibiblio.org) 79

Eric S. Raymond recently documented one of the first public calls for free software, which happened immediately after AT&T's fateful decision commercialize Unix: [I]n October 1984 I was in a crowd of people watching a presentation by a woman from Bell Labs describing the then-new getopt(3) library, written by AT&T as a way to regularize the processing of command-line arguments in C programs... Everybody thought this was a fine idea, and several people asked questions probing whether AT&T was going to let anyone else use the getopt code they had written. These questions related to the general anxiety about Unix source code distributions drying up. Frustration mounted as the woman gave evasive answers which seemed to add up to "No, we refuse to commit to allowing general access to this code." Which seemed to confirm everyone's worst fears about what was going to happen to Unix source code access in general. At which point Henry Spencer stands up and says (not in these exact words) "I will write and share a conforming implementation." -- and got a cheer from the assembled.

If you're thinking "That's not a big deal, we do this sort of thing all the time," my actual point is that in October 1984 this was indeed a big deal. It took an actual imaginative leap for Henry Spencer to, in effect, say "Screw AT&T and its legalisms and evasions, if they're going to cut off source access we hackers are gonna do it for ourselves"... [H]e got an actual cheer exactly because he was pushing forward, exposing the possibility of doing not just small projects and demos and quirky little tools but at competing with the likes of AT&T itself at software production.

Raymond also remembers this as an important moment for him. "I was a young, unknown programmer then -- just 27, still figuring out what I wanted. I watched Henry make that promise. I heard the cheer, and felt the change in the air as culturally, we realized what the solution to AT&T fscking us over had to be. And I thought 'I want to be like that guy.'"
The Courts

Bruce Perens Explains That 'GPL Is A Contract' Court Case (perens.com) 179

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3,872. Bruce Perens writes: There's been a lot of confusion about the recent Artifex v. Hancomcase, in which the court found that the GPL was an enforceable contract. I'm going to try to explain the whole thing in clear terms for the legal layman.
Two key quotes:
  • "What has changed now is that for the purposes of the court, the GPL is both a license, which can be enforced through a claim of copyright infringement, and a contract, which can be enforced through a claim of breach of contract. You can allege both in your court claim in a single case, and fall back on one if you can't prove the other. Thus, the potential to enforce the GPL in court is somewhat stronger than before this finding, and you have a case to cite rather than spending time in court arguing whether the GPL is a contract or not..."
  • "Another interesting point in the case is that the court found Artifex's claim of damages to be admissible because of their use of dual-licensing. An economic structure for remuneration of the developer by users who did not wish to comply with the GPL terms, and thus acquired a commercial license, was clearly present."

Android

Andy Rubin Says Essential's Ambient OS Will Be Open Source, Hints at Better Update Cycle (theverge.com) 28

An anonymous reader shares a report: Playground CEO Andy Rubin, whose new company Essential unveiled a new premium Android smartphone and Amazon Echo competitor yesterday, says his company's Ambient OS smart home platform will be open source. That means that Rubin, who rose to fame in the tech industry for co-founding Android, essentially wants to apply the same open source philosophy that made Android the most dominant mobile operating system to the smart home. [...] Rubin did agree that Android's upgrade rate was much lower, but said that his new venture's Ambient OS had "a solution for that." He stopped short of describing what that solution was, however, noting only that it was "more of a managed service on the back-end."
Classic Games (Games)

ESR Announces The Open Sourcing Of The World's First Text Adventure (ibiblio.org) 118

An anonymous reader writes: Open source guru Eric S. Raymond added something special to his GitHub page: an open source version of the world's first text adventure. "Colossal Cave Adventure" was first written in 1977, and Raymond remembers it as "the origin of many things; the text adventure game, the dungeon-crawling D&D (computer) game, the MOO, the roguelike genre. Computer gaming as we know it would not exist without ADVENT (as it was known in its original PDP-10 incarnation...because PDP-10 filenames were limited to six characters of uppercase)...

"Though there's a C port of the original 1977 game in the BSD game package, and the original FORTRAN sources could be found if you knew where to dig, Crowther & Woods's final version -- Adventure 2.5 from 1995 -- has never been packaged for modern systems and distributed under an open-source license. Until now, that is. With the approval of its authors, I bring you Open Adventure."

Calling it one of the great artifacts of hacker history, ESR writes about "what it means to be respectful of an important historical artifact when it happens to be software," ultimately concluding version control lets you preserve the original and continue improving it "as a living and functional artifact. We respect our history and the hackers of the past best by carrying on their work and their playfulness."

"Despite all the energy Crowther and Woods had to spend fighting ancient constraints, ADVENT was a tremendous imaginative leap; there had been nothing like it before, and no text adventure that followed it would be innovative to quite the same degree."
Open Source

Alpine Linux 3.6.0 Released (alpinelinux.org) 59

An anonymous reader quotes DistroWatch: Natanael Copa has announced the release of Alpine Linux 3.6.0. Alpine Linux is an independent, minimal operating system that is well suited to running servers, routers and firewalls. Version 3.6.0 introduces support for 64-bit POWER machines, 64-bit IBM z Systems computers and features many up to date packages, including PHP 7.1, LLVM 4.0 and version 6.3 of the GNU Compiler.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."
Bug

Wormable Code-Execution Bug Lurked In Samba For 7 Years (arstechnica.com) 83

Long-time Slashdot reader williamyf was the first to share news of "a wormable bug [that] has remained undetected for seven years in Samba verions 3.5.0 onwards." Ars Technica reports: Researchers with security firm Rapid7...said they detected 110,000 devices exposed on the internet that appeared to run vulnerable versions of Samba. 92,500 of them appeared to run unsupported versions of Samba for which no patch was available... Those who are unable to patch immediately can work around the vulnerability by adding the line nt pipe support = no to their Samba configuration file and restart the network's SMB daemon. The change will prevent clients from fully accessing some network computers and may disable some expected functions for connected Windows machines.
The U.S. Department of Homeland Security's CERT group issued an anouncement urging sys-admins to update their systems, though SC Magazine cites a security researcher arguing this attack surface is much smaller than that of the Wannacry ransomware, partly because Samba is just "not as common as Windows architectures." But the original submission also points out that while the patch came in fast, "the 'Many eyes' took seven years to 'make the bug shallow'."
Encryption

10 Years Later: FileZilla Adds Support For Master Password That Encrypts Your Logins (bleepingcomputer.com) 82

An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.
Open Source

Linux 4.10 Kernel Reaches End of Life (softpedia.com) 58

prisoninmate quotes Softpedia: As it's not an LTS (Long Term Support) branch, the Linux 4.10 kernel series was doomed to reach end of life sooner or later, and it happened this weekend with the release of the Linux kernel 4.10.17 patch, which is a major one changing a total of 103 files, with 981 insertions and 538 deletions. Therefore, users are now urged to move to the Linux 4.11 kernel series. If you're using a GNU/Linux distribution powered by a kernel from the Linux 4.10 series you need to update to version 4.10.17 as soon as it makes its way into the stable repositories. However, please inform your OS vendor that they need to upgrade the kernel packages to the Linux 4.11 series immediately.
Open Source

Why The US Government Open Sources Its Code (opensource.com) 58

He's been the White House technology advisor since 2015, and this month Alvand Salehi delivered a keynote address at OSCON about the U.S. government's commitment to open source software. An anonymous reader quotes OpenSource.com: The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government... All new custom source code developed by or for the federal government must be available to all other federal agencies for sharing and reuse; and at least 20% of new government custom-developed code must be released to the public as open source. It also established Code.gov as a platform for access to government-developed open source code and a way for other developers to participate.

Before this policy was released, agencies were spending a lot of money to redevelop software already in use by other government agencies. This initiative is expected to save the government millions of dollars in wasteful and duplicative spending on software development. Because of this, Salehi said, open source is not a partisan issue, and "Code.gov is here to stay." Another benefit: Releasing open source code allows the government to benefit from the brainpower of developers across the country to improve their code.

Code.gov points potential contributors to their code repository on GitHub.
Data Storage

Endless OS Now Ships With Steam And Slack FlatPak Applications (endlessos.com) 95

An anonymous reader writes: Steam and Slack are now both included as Flatpak applications on the Endless OS, a free Linux distribution built upon the decades of evolution of the Linux operating system and the contributions of thousands of volunteers on the GNOME project. The beauty of Flatpak is the ability to bridge app creators and Linux distributions using a universal framework, making it possible to bring this kind of software to operating systems that encourage open collaboration...

As an open-source deployment mechanism, Flatpak was developed by an independent cohort made up of volunteers and contributors from supporting organizations in the open-source community. Alexander Larsson, lead developer of Flatpak and principal engineer at Red Hat, provided comment saying, "We're particularly excited about the opportunity Endless affords to advance the benefits of open-source environments to entirely new audiences."

Education

Open Source Educators 'OpenHatch' Close, Leaving Void For Campus Events (openhatch.org) 13

Long-time Slashdot reader paulproteus writes: OpenHatch was a non-profit that organized free tutorials with college computer science groups to learn how to teach how to get involved in open source, covered previously on Slashdot. It has run more than 50 events so far. On Friday, it announced it is closing its doors due to board members moving on to other projects, leaving open the door for other people to organize future Open Source Comes to Campus events.
If you have any stories to share about Open Hatch -- or other campus outreach groups -- feel free to leave them in the comments. Are any Slashdot readers involved with Open Source outreach efforts?
Open Source

Open Source SQL Database CockroachDB Hits 1.0 (infoworld.com) 80

An anonymous reader quotes InfoWorld: CockroachDB, an open source, fault-tolerant SQL database with horizontal scaling and strong consistency across nodes -- and a name few people will likely forget -- is now officially available. Cockroach Labs, the company behind its development, touts CockroachDB as a "cloud native" database solution -- a system engineered to run as a distributed resource. Version 1.0 is available in both basic and for-pay editions, and both boast features that will appeal to enterprises.

The company is rolling the dice with its handling of the enterprise edition by also making those components open source and trusting that enterprises will pay for what they use in production.

Bug

Google Found Over 1,000 Bugs In 47 Open Source Projects (helpnetsecurity.com) 55

Orome1 writes: In the last five months, Google's OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects... So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg -- and the list goes on...
Google launched the program in December and wants more open source projects to participate, so they're offering cash rewards for including "fuzz" targets for testing in their software. "Eligible projects will receive $1,000 for initial integration, and up to $20,000 for ideal integration" -- or twice that amount, if the proceeds are donated to a charity.

Slashdot Top Deals