The European Commission’s ‘EU Free and Open Source Software Auditing’ project (EU-Fossa) has sent its code review results to the developers of Apache HTTP server target and KeePass. The audit results are not yet made public, however, no critical vulnerabilities were found.
Docker, and containers in general, are hot technologies that have been getting quite a bit of attention over the past few years. Even Solomon Hykes, Founder, CTO, and Chief Product Officer at Docker started his keynote with the assumption that people attending LinuxCon Europe know that Docker does containers, so instead of focusing on what Docker does, Hykes used his time to talk about Docker’s purpose saying, “It really boils down to one small sentence. We're trying to make the Internet programmable.”
Hykes described this idea of making the Internet programmable with three key points. First, they are focused on building “tools of mass innovation” designed to allow people to create and innovate on a very large scale. Second, applications and cloud services are allowing the idea of the Internet as a programmable platform to be realized, and they want to make this accessible to more people. Third, they are accomplishing all of this by building the Docker stack with open standards, open infrastructure, and a development platform with commercial products on top of the stack.
The Software Center list will also include individual tests. These can be fine to use, but they can be tedious to open and configure manually. Keep your eye out for an entry called Phoronix Test Suite, or PTS for short. The Phoronix Test Suite is a powerful program that can run a single test, or an entire battery. PTS offers some built-in suites (collection of tests), or you can design your own suite. When tests are completed, you can choose to upload the test results to openbenchmarking.org, where other users can see your results and even run the exact same tests on their PC.
Missing Wunderlist on Linux? You don’t need to thanks to Wunderlistux, an Electron-based desktop app. It doesn’t claim to be anything more than a wrapper around the official Wunderlist web app (which, yes, you could just open in a new browser tab).
It’s an event organized in order to help first year students install a Linux distro on their laptops (here at our uni, we work almost entirely on Linux, so we need to help those that have never used it and set up their distros
A wise man once noted that only two things in life are inevitable: death and taxes.
Just how taxes and interactions with the tax authorities are handled vary widely from jurisdiction to jurisdiction, but in Norway, where I live, the default mode of contact with the tax authorities for most of us is via web forms protected by sometimes cumbersome authentication procedures and the occasional alert via SMS text message to your phone.
And we're used to that the things just work with only occasional and very minor technical embarrassments for the people who operate the thing.
Ask people about Google’s relationship to open source, and many of them will point to Android and Chrome OS — both very successful operating systems and both based on Linux. Android, in particular, remains one of the biggest home runs in open source history. But, as Josh Simmons from Google’s Open Source Programs Office will tell you, Google also contributes a slew of useful open source tools and programs to the community each year. Now, Google has issued its very first “Open Source Report Card,” as announced by Simmons on the Google Open Source Blog.
"We're sharing our first Open Source Report Card, highlighting our most popular projects, sharing a few statistics and detailing some of the projects we've released in 2016. We've open sourced over 20 million lines of code to date and you can find a listing of some of our best known project releases on our website," said Simmons.
“My name is Nino Vranešič and I am connecting IT and Society,” is what Nino says about himself on LinkedIn. The video is a little hard to understand in places due to language differences and (we think) a slow or low-bandwidth connection between the U.S.-based Zoom servers and Eastern Europe, a problem that crops up now and then in video conversation and VOIP phone calls with people in that part of the world, no matter what service you choose. But Vranešič is worth a little extra effort to hear, because it’s great to learn that open source is being used in lots of government agencies, not only in Slovenia but all over Europe. And aside from this, Vranešič himself is a tres cool dude who is an ardent open source volunteer (“Mozilla Rep” is an unpaid volunteer position), and I hope I have a chance to meet him F2F next time he comes to a conference in Florida — and maybe you’ll have a chance to meet him if he comes to a conference near you.
Dave Stokes has been using MySQL for more than 15 years and has served as its community manager since 2010. At All Things Open this year, he'll give a talk about database programming for newbies with MySQL.
In this interview, he previews his talk and shares a few helpful resources, required skills, and common problems MySQL beginners run into.
Microsoft chief executive Satya Nadella appears to have an incredibly short memory. Else he would be the last person who talks about trust being the most pressing issue in tech in our times.
Over the last year, we have been treated to a variety of cheap tricks by Microsoft, attempting to hoodwink Windows users left, right and centre in order to get them to upgrade to Windows 10. After that, talking about trust sounds odd. Very odd.
Microsoft does not have the best reputation among tech companies. It is known for predatory practices, for being convicted as a monopolist, and in recent times has been trying to cultivate a softer image as a company that is not as rapacious as it once was.
That has, in large measure, come about as its influence and rank in the world of computing have both slipped, with other companies like Apple, Facebook and Google coming to dominate.
DragonFlyBSD is now defaulting to LibreSSL throughout its operating system stack and is planning to completely remove OpenSSL in the near future.
Last month DragonFlyBSD began using LibreSSL by default while that effort has continued. OpenSSL is no longer being built by default and in about one month's time the OpenSSL support will be completely stripped from the DragonFly tree.
Ranking every URL on the web in a transparent and reproducible way is a core concept of the Common Search project, says Sylvain Zimmer, who will be speaking at the upcoming Apache: Big Data Europe conference in Seville, Spain.
The web has become a critical resource for humanity, and search engines are its arbiters, Zimmer says. However, the only search engines currently available are for-profit entities, so the Common Search project is creating a nonprofit engine that is open, transparent, and independent.
We spoke with Zimmer, who founded Jamendo, dotConferences, and Common Search, to learn more about why nonprofit search engines are important, why Apache Spark is such a great match for the job, and some of the challenges the project faces.
While looking at the this year's All Things Open event schedule, a talk on wearables and open hardware caught my eye: The world of the blinky flashy. Naturally, I dug deeper to learn what it was all about.
There has been a tendency amongst some companies to play a “wait and see” attitude towards Perl, but the Perl market appears to have stabilized in the past couple of years and more companies appear to be returning to Perl. As one of our clients explained to me when I asked why they chose Perl “We’re tired of being bitten by hype.”
Though the attack might have some merits with regards to KASLR, the attack on ASLR is completely debunked. The authors of the paper didn't release any supporting code or steps for independent analysis and verification. The results, therefore, cannot be trusted until the authors fully open source their work and the work is validated by trusted and independent third parties.
Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September. That attack came in apparent retribution for a story here which directly preceded the arrest of two Israeli men for allegedly running an online attack for hire service called vDOS. Turns out, the site where the Mirai source code was leaked had some very interesting things in common with the place vDOS called home.
A blockchain platform developed by a group that includes more than 70 of the world's biggest financial institutions is making its code publicly available, in what could become the industry standard for the nascent technology.
The Corda platform has been developed by a consortium brought together by New-York-based financial technology company R3. It represents the biggest shared effort among banks, insurers, fund managers and other players to work on using blockchain technology in the financial markets.
Founder Mark Shuttleworth announced the first public release of Ubuntu – version 4.10, or “Warty Warthog” – on Oct. 20, 2004. The idea behind what would become the most recognizable and widely used Linux distributions ever was simple – create a Linux operating system that anybody could use. Here’s a look back at Ubuntu’s history.
Yup, it’s twelve years to the day since Mark Shuttleworth sat down to tap out the first Ubuntu release announcement and herald in an era of “Linux for human beings”.
The de facto standard for Raspberry Pi operating systems is Raspbian–a Debian based distribution specifically for the diminutive computer. Of course, you have multiple choices and there might not be one best choice for every situation. It did catch our eye, however, that the RaspEX project released a workable Ubunutu 16.10 release for the Raspberry Pi 2 and 3.
RaspEX is a full Linux Desktop system with LXDE (a lightweight desktop environment) and many other useful programs. Firefox, Samba, and VNC4Server are present. You can use the Ubuntu repositories to install anything else you want. The system uses kernel 4.4.21. You can see a review of a much older version of RaspEX in the video below.
The Yakkety Yak 16.10 is released and now you can download the new wallpaper by clicking here. It’s the latest part of the set for the Ubuntu 2016 releases following Xenial Xerus. You can read about our wallpaper visual design process here.
We are delighted to announce the availability of a new service for Ubuntu which any user can enable on their current installations – the Canonical Livepatch Service.
This new live kernel patching service can be used on any Ubuntu 16.04 LTS system (using the generic Linux 4.4 kernel) to minimise unplanned downtime and maintain the highest levels of security.
Linux 4.0 introduced a wonderful feature for those that need insane up-time -- the ability to patch the kernel without rebooting the machine. While this is vital for servers, it can be beneficial to workstation users too. Believe it or not, some home users covet long up-time simply for fun -- bragging rights, and such.
If you are an Ubuntu 16.04 LTS user (with generic Linux kernel 4.4) and you want to take advantage of this exciting feature, I have good news -- it is now conveniently available for free! Unfortunately, this all-new Canonical Livepatch Service does have a catch -- it is limited to three machines per user. Of course, home users can register as many email addresses as they want, so it is easy to get more if needed. Businesses can pay for additional machines through Ubuntu Advantage. Want to give it a go? Read on.
"Since the release of the Linux 4.0 kernel about 18 months ago, users have been able to patch and update their kernel packages without rebooting. However, until now, no other Linux distribution has offered this feature for free to their users. That changes today with the release of the Canonical Livepatch Service", says Tom Callway, Director of Cloud Marketing, Canonical.
Earlier this week Canonical announced their Kernel Livepatching Service for Ubuntu 16.04 LTS users. Canonical's service is free for under three systems while another alternative for Ubuntu Linux users interested in a commercial service is CloudLinux's KernelCare.
The folks from CloudLinux wrote in to remind us of their kernel patching solution, which they've been offering since 2014 and believe is a superior solution to Canonical's service. KernelCare isn't limited to just Ubuntu 16.04 but also works with Ubuntu 14.04 and other distributions such as CentOS/RHEL, Debian, and other enterprise Linux distributions.
In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That’s particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. “Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down,” the UK based researcher concludes.
Andrea Limbago is interviewed by the CUBE at the Grace Hoper Celebration 2016 conference. She covers a number of interesting topics and I thought it was worth sharing. Enjoy!
It's easy to run benchmarks on Linux as well as Solaris, BSD, and other operating systems, using our own Phoronix Test Suite open-source benchmarking software.
For those that haven't had the opportunity to play with the Phoronix Test Suite for Linux benchmarking, it's really easy to get started. Aside from the official documentation, which is admittedly limited due to time/resource constraints, there are a few independent guides, Wiki pages, and other resources out there to get started.
The first alpha release of the upcoming LibreOffice 5.3 open-source office suite was tagged a short time ago in Git.
LibreOffice 5.3 is a major update to this distant fork of OpenOffice.org. LibreOffice 5.3.0 is planned to be officially released in late January or early February while this week's alpha one is just the first step of the process. The hard feature freeze on 5.3 is at the end of November followed by a series of betas and release candidates. Those interested in more details on the release schedule can see this Wiki page.
MPV Player 0.21 is now available as the latest version of this popular fork of MPlayer/MPlayer2.
MPV 0.21 adds support for CUDA and NVDEC (NVIDIA Decode) as an alternative to VDPAU. The NVIDIA decode support using CUDA was added to make up for VDPAU's current lack of HEVC Main 10 profile support. Those unfamiliar with NVDEC can see NVIDIA's documentation.
Today, October 20, 2016, MPV developer Martin Herkt proudly announced the release of another maintenance update of the very popular MPV open-source and cross-platform media player software based on MPlayer.
Looking at the release notes, which we've also attached at the end of the story for your reading pleasure, MPV 0.21.0 is a major update that adds a large amount of new features, options and commands, but also addresses dozens of bugs reported by users since the MPV 0.20.0 release, and introduces other minor enhancements.
Among the most important new features, we can mention the ability to allow profile forward-references in the default profile, as well as support for Nvidia CUDA and cuvid/NvDecode, which appears to be a welcome addition to GNU/Linux distributions where HEVC Main 10 support is missing.
A brand-new release of anytime is now on CRAN following the three earlier releases since mid-September. anytime aims to convert anything in integer, numeric, character, factor, ordered, ... format to POSIXct (or Date) objects -- and does so without requiring a format string. See the anytime page for a few examples.
One of the key points of Plasma is while giving a simple default desktop experience, not limiting the user to that single, pre-packed one size fits all UI.
Four weeks after the release of KDevelop 5.0.1, we are happy to announce the availability of KDevelop 5.0.2, a second stabilization release in the 5.0 series. We highly recommend to update to version 5.0.2 if you are currently using version 5.0.1 or 5.0.0.
Two weeks have passed since the Plasma 5.8 release and our Wayland efforts have seen quite some improvements. Some changes went into Plasma 5.8 as bug fixes, some changes are only available in master for the next release. With this blog post I want to highlight what we have improved since Plasma 5.8.
Plasma 5.8 was only released at the beginning of October but already there has been a number of Wayland improvements queuing up for the next milestone, Plasma 5.9.
KWin maintainer Martin Gräßlin wrote a blog post yesterday about some of the early Wayland changes coming for Plasma 5.9. Some of this early work for the next KDE Plasma 5 release includes resize-only borders, global shortcut handling, support for keyboard LEDs via libinput, relative pointer support, the color scheme syncing to the window decoration, window icon improvements, multi-screen improvements, panel imporvements, and more.
FOSDEM is one of the largest (5,000+ hackers!) gatherings of Free Software contributors in the world and happens each February in Brussels (Belgium, Europe).
Once again, one of the tracks will be the Desktops DevRoom (formerly known as “CrossDesktop DevRoom”), which will host Desktop-related talks.
We are now inviting proposals for talks about Free/Libre/Open-source Software on the topics of Desktop development, Desktop applications and interoperability amongst Desktop Environments. This is a unique opportunity to show novel ideas and developments to a wide technical audience.
Yesterday, Wednesday 19 oct, was the first day of LatinoWare thirteen edition hosted in the city of Foz do Iguaçu in Parana state with presence of 5155 participants and temperature of 36ºC. Currently this is the biggest event of free software in Brazil.
From my experience I will share my days at FUDcon 2016 held on Puno last week. There were 3 core days, and 2 more days to visit around.
Party driving game Can’t Drive This launched a Linux version of their game on October 13th, and they’re doing some charity work to celebrate.
From October 19th to November 1st 2016, all the money the developers would make from selling the game will instead go to the South African non-profit organisation SANCCOB.
Rogue Singularity [Steam, Official Site] is a pretty cool looking infinite obstacle course platformer that has released into Early Access with Linux support.
Seriously, what the heck Feral Interactive! First Dawn of War II, then Mad Max and very quickly after Deus Ex: Mankind Divided!
SDL 2.0.5 is now available as the latest version of this library used by many cross-platform games and is part of the Steam Runtime. SDL 2.0.5 brings many new features and improvements.
Intel has updated its currently out-of-tree Turbo Boost Max Technology 3.0 patches for compatibility against the Linux 4.9-rc1 kernel plus made other improvements to the code.
These patches have been worked on the past few months after Intel PR initially claimed no TBM 3.0 Linux support. The patches have gone through several public revisions but sadly didn't make it for integration into the mainline Linux 4.9 kernel.
Earlier this week I posted some benchmarks of a Core i7 6800K Broadwell-E system seeing performance boosts under Linux 4.9 and it turns out it's looking more widespread than just affecting a niche system or two. When testing a more traditional Intel Haswell desktop, Linux 4.9 Git is seeing more wins over Linux 4.8 and 4.7 kernels.
Following that earlier 4.9 Git benchmarking I set out to do a fairly large Linux kernel comparison on a Haswell system to go back three or so years worth of kernel releases. That big kernel comparison will be finished up and posted in the days ahead, but already from this Core i7 4790K Devil's Canyon system I am seeing some performance improvements with 4.9 Git to share over 4.7.0 and 4.8.0 stock kernels...
All jQuery Foundation projects will also be united within the JS Foundation including jQuery, Lodash, ESLint, Esprima, Grunt, RequireJS, jQuery UI, Globalize, Sizzle, Jed, and Dojo.
Mirantis continues to drive forward with new partnerships focused on the OpenStack cloud computing platform. The company and NTT Communications Corporation (NTT Com) have announced that they will partner to offer fully managed Private OpenStack as a service in NTT Com Enterprise Cloud and its data center services across the globe. NTT Com, in becoming Mirantis’ first data center services partner, says it will offer Mirantis Managed OpenStack on NTT Com Enterprise Cloud’s Metal-as-a-Service.
At the OpenStack summit taking place this month in Barcelona, Ildikó Váncsa will be speaking on metrics in her talk Metrics: Friends or Enemies? She will discuss OpenStack metrics and how they can be used in software development processes, both for the individual developer and manager.
I caught up with Ildikó before her talk to learn more about how metrics in OpenStack help guide developers and companies, and how they also drive evolution of the OpenStack community itself.
You may have heard of Linux (also known as GNU/Linux), but only as something that hackers use. It has a reputation for being unwieldy and hard. That reputation is deserved … sometimes.
But anyone can learn it. And if it’s good enough for Barbie, it should be good enough for you.
The best part: It’s free, free, free.
Linux is actually a kind of operating system, just as a mammal is a kind of animal. Linux systems are all similar or identical at the core (also known as the kernel). But they come in a lot of varieties, or distros. (Fun fact: Much of the Android operating system is based on Linux.)
The hard part about Linux isn’t learning. It’s choosing.
Dirty Cow is a local privilege vulnerability that can allow one to gain root access. Specifically, "race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." Linus signed off and pushed the patch to git a few days ago and distributions are currently updating their products. This is considered a critical bug and users are encouraged to update as soon as possible because researchers have found code in the wild to exploit it. Worse still, the exploit leaves little or no trace of being compromised. So, keep an eye on your update applets or security advisories over the next few days. Since this bug has been in existence for so long, Kees Cook had to revise his critical bug lifetime average from 3.3 to 5.2 years, while the overall average for all bugs increased only slightly.
Today, October 20, 2016, Linux kernel maintainer Greg Kroah-Hartman announced three new maintenance updates for the Linux 4.8, 4.7, and 4.4 LTS kernel series, patching a major security vulnerability.
Known as "Dirty COW," the Linux kernel vulnerability documented at CVE-2016-5195 is, in fact, a nasty bug that could have allowed local users to write to any file they can read. The worst part is that the security flaw was present in various Linux kernel builds since at least the Linux 2.6.x series, which reached end of life in February this year.
As reported earlier, three new Linux kernel maintenance releases arrived for various Linux-based operating systems, patching a critical and ancient bug popularly known as "Dirty COW."
We already told you that the kernel vulnerability could be used by a local attacker to run programs as an administrator, and it looks like it also affects all supported Ubuntu releases, including Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin), as well as all of their official or unofficial derivatives running the same kernel builds.
After teasing us earlier this month, today, October 20, 2016, Feral Interactive had the great pleasure of announcing the release of the Mad Max open world action-adventure video game for the SteamOS, Linux, and Mac platforms.
Feral Interactive is well known for bringing AAA titles to the Linux and Mac gaming world, and after porting the Tomb Raider 2013 reboot last year to our beloved platforms, which continue to get more fans by the day, now the UK-based video games publisher delights us with the superb Mad Max title developed by Avalanche Studios and published by Warner Bros.
Feral Interactive's port of Mad Max to Linux (and macOS) is now officially out and can be found on Steam.
Feral announced their Mad Max port at the beginning of October while today it's ready to ship. As mentioned in that original article, the Linux system requirements are fairly stiff with only listing NVIDIA hardware under Linux and the minimum being a GTX 660 while the recommendation is at least a GTX 970.
This morning's release of the Mad Max game for Linux lists only NVIDIA graphics as supported, but it does turn out at least for newer AMD GPUs using the RadeonSI Gallium3D driver things should work -- well, assuming you are using the latest open-source driver code.
Mad Max is the latest Linux port from Feral Interactive, probably one of the titles I have been most excited about so hopefully it lives up to the promise.
It has only been a few weeks since Feral Interactive released Dawn of War II, Chaos Rising and Retribution on Linux, and now we have a real whopper with Mad Max.
Something Linux lacks is a reasonable amount of high quality open-world story-based games. We started getting a few with Borderlands 2 and Shadow of Mordor, but another top quality game like this is a must for us to keep the interest up.