So whether Microsoft is truly to blame here is still an open question. At the very least, it does seem like Lenovo has some questions to answer -- and one hopes that the company will be more forthright and honest than it was back during the Superfish episode when it basically lied through its teeth until it couldn't lie any more.
The OPNFV project is somewhat unlike other collaborative projects hosted at Linux Foundation. Rather than being the home for a specific single piece of technology, OPNFV works with multiple upstream open-source communities in a bid to compose a complete Network Function Virtualization (NFV) platform.
The GNOME Community has just announced the official release of GNOME 3.22. GNOME 3.22 — which is slated to be used as the desktop environment for Fedora Workstation 25 — provides a multitude of new features, including a the updated Files application, and comprehensive Flatpak integration with the Software application.
Fedora users that want to try out the new features in GNOME 3.22 can install a pre-release version of Fedora 25, which currently contains a pre-release of GNOME 3.22, but will be updated to include the stable 3.22 release. Alternatively, if you are running Fedora 24, and want to try out individual applications from the GNOME 3.22 release, these can be installed via Flatpak.
Got a spare five minutes? You can help the Canonical design out by filling in a questionnaire. The team is looking to “gather information about how people perceive colours and use Scopes.” The short questionnaire is split into two sections: colour and Scopes.
Softpedia’s Marius Nestor notes that Black Lab Linux 7.7 arrives with security fixes and software updates released in the Ubuntu Linux repos.
In October 2014, as part of the Firefox 34 beta release, Mozilla introduced its Firefox Hello communications technology enabling users to make calls directly from the browser. On Sept. 20, 2016, Mozilla formally removed support for Firefox Hello as part of the new Firefox 49 release.
The Mozilla Bugzilla entry for the removal of Firefox Hello provides little insight as to why the communications feature is being pulled from the open-source browser. As it turns out, the Firefox Hello removal is related to shifting priorities at Mozilla.
I inherited a project coded in $programming_language when the original developer quit and no one else stepped forward. It is currently hosted on GitHub and has a GPL 3 license.
It's a tool I use every day and I don't want to see it die. I know very little $programming_language and very little GUI programming, so I can't maintain it myself.
During her part of the keynote address at IBM Edge 2016, Donna Dillenberger, IBM fellow, Watson Research Center, at IBM, demonstrated how analytics and transactions work together using The Linux Foundation’s version of blockchain, called Hyperledger.
Can Google bring peace to the web with machine learning? Jigsaw, a subsidiary of parent company Alphabet is certainly trying, building open-source AI tools designed to filter out abusive language. A new feature from Wired describes how the software has been trained on some 17 million comments left underneath New York Times stories, along with 13,000 discussions on Wikipedia pages. This data is labeled and then fed into the software — called Conversation AI — which begins to learn what bad comments look like.
Bringing the dead machines to life was my passion for decades. Via the FFII I learned that people are the real challenge. I began to move into community building, spending a while helping Wikidot.com build their community. Yet in the end, there is nothing quite like writing some code and seeing a light turn on, and turn off again.
Version 1.5.1 of the libjpeg-turbo library is now available. For those that have somehow managed to never hear of it, libjpeg-turbo is a BSD-licensed, faster JPEG image codec than libjpeg and has various other feature differences.
Taiga is one of the most popular open source project management tools out there right now. It is known for being usable and having a beautiful interface, and Opensource.com listed it in both the Top 5 open source project management tools in 2015 and the Top 11 project management tools for 2016.
I covered Taiga soon after it was released in October 2014, and two years later it's time to check in and see how things are going for the new company. I spoke with co-CEO Enrique Posner about their 150,000 users, developer community, and what's next.
The board wants to take the opportunity to thank all past and new members of the Membership Committee for their service to the community, and all candidates for running. Congratulations to the newly elected committee members and their deputies!
Drupal began as a forum for a few friends to monitor their shared Internet connection, which "was expensive and being spliced between them," according to Jared Whitehead's The rise of Drupal and the fall of closed source. Today, it's one of the most popular content management systems out there, competing with powerhouses like WordPress.
So, what has the Drupal community done to ensure continued competitiveness, usability, and overall sustainability? In this article, I'll walk you through Drupal's evolution chronologically, including key design decisions and feature upgrades. My sources include the History of Drupal: from Drop 1.0 to Drupal 8.0 slideshow by WebSolutions HR and Drupal's CHANGELOG.txt.
GitHub, the source code repository software company with a website where people host and collaborate on open-source software projects, today announced a small but meaningful update to repository pages online — now they prominently display which open-source licenses are used. When you click on the name of the license, you’ll be brought to the license for the repository.
The change will be coming to GitHub Enterprise, just like the updated profiles, GitHub Projects tool, and pull request reviews that GitHub brought to the GitHub.com last week, GitHub product manager Ayman Nadeem wrote in a blog post.
With no disrespect intended to the other geomatics conferences around (and there are many with high-quality and extremely relevant programmes), the FOSS4G (‘Free and Open Source Software for Geospatial’) conferences are different. FOSS4G 2016 was held in the former plenary chamber of the German Bundestag in Bonn yet, despite this prestigious setting, the atmosphere was very laid-back. Participants dressed in shorts and FOSS4G T-shirts, a beer (or two) in the afternoon, a sense of humour throughout the whole event and a very vibrant social programme (the ice-breaker at the wonderful BaseCamp Hostel Bonn and the Rhine cruise were instant hits!) summed up the vibe at FOSS4G.
RISC-V was originally designed to support computer architecture research and education, but as concern has grown in the industry about the increasing dominance of one or two proprietary microprocessor architectures, the RISC-V ISA has aroused interest as a potential open architecture for commercial use. A strong development and debug infrastructure is essential to the success of any chip architecture, and UltraSoC’s vendor-neutral, partnership-based approach, the company believes, complements the RISC-V open ISA principles.
I want to talk to you about this article, and the claims it makes about open source software. I would have liked to chat to your cited expert, whom you’ve listed only as Neil Doyle. Sadly, the article fails to specify his area of expertise and both messages and emails to author Ryan Sabey asking for further information have gone unanswered. So I’m responding to it here, supported by some brilliant, contactable experts in security and open source.
After sitting open-mouthed at the misinformation in this article for some time, I began to reach out to fellow tech experts to see if they felt the same. I first contacted Dr. Jessica Barker, the independent cybersecurity authority behind cyber.uk. I asked if she could address the concerns you raised that use of open source software in the public sector would pose security risks.
“The Sun seems to be implying that open source software is more vulnerable to attack than closed source, which is a sweeping misunderstanding that fails to take the complex nature of cybersecurity into account.
Both open source and closed source software can be vulnerable to exploit, however these vulnerabilities are arguably more likely to be discovered in open source rather than closed source software as more people (including security researchers) are able to look at it. By its nature, it is publicly available and so it’s harder to hide malicious vulnerabilities”.
Well-developed software can make or break modern weapons systems. Software problems initially hindered F-35 production, for example. The Department of Defense (DOD) set up a Digital Service team last year to help the military solve its information technology problems. Future work on autonomous systems will heavily rely on software development. Most importantly, the DOD will have to protect its own data. To improve the DOD’s use of software, the Center for a New American Security (CNAS) looked at how the Pentagon could better use “open source software.” While the DOD uses some open source software, its full utilization for military software development will require deeper changes to how the DOD approaches code.
John Weathersby founded and ran the Open Source Software Institute to “promote the development and implementation of open source software solutions within U.S. federal, state, and local government agencies.” A worthy goal!
But why stick to nothing but software? In 2014, Weathersby founded The Open Technology Center at Camp Shelby Joint Forces Training Center (in Mississippi), which is a “non-profit research and development entity sponsored by the Mississippi National Guard and U.S. Department of Homeland Security whose mission is to innovate and integrate open source software technologies for use within national defense and security organizations.”
The OTC is doing some neat stuff, ranging from autonomous vehicles to making it easier for local governments to request, receive, and account for disaster recovery funds in the wake of an emergency. It’s all good! And it’s all about open source, which is why it’s worth listening to what Weathersby has to say.
Distributed Denial of Service (DDoS) attacks can be painful and debilitating. How can you defend against them? Originally, out-of-band or scrubbing-centre DDoS protection was the only show in town, but another approach, inline mitigation, provides a viable and automatic alternative.
DDoS attacks can be massive, in some cases reaching hundreds of Gbits/sec, but those mammoths are relatively rare. For the most part, attackers will flood companies with around 1 Gbit/sec of traffic or less. They’re also relatively short affairs, with most attacks lasting 30 minutes or less. This enables attackers to slow down computing resources or take them offline altogether while flying under the radar, making it especially difficult for companies to detect and stop them.
Linux has played a significant role in establishing IoT devices as increasingly important parts of our everyday lives, both at home and in the enterprise. Linux based OSes make it easy for developers to create applications that can run on anything, from a fridge to a car, and as a result 73 percent of IoT developers use Linux to run applications on.
Now, however, questions of security are arising. With IoT gesturing in a brave new world of connected devices, businesses must cope with a greater number of entry points and vulnerabilities, with security the top concern in the industry.
By placing such a burden on Linux’s security capabilities, there are now real fears that IoT devices will be left exposed and businesses will pay the price.
The US National Institute of Standards and Technology (NIST) has recently issued two draft reports on cybersecurity issues of interest to industrial IoT users, and is seeking industry comment before making their final revisions. One report describes the proposed manufacturing profile for NIST's Cybersecurity Framework. The other addresses cryptography standards and practices for resource-constrained processors.
Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, NIST created in 2014 a voluntary Cybersecurity Framework, which is a compendium of industry standards and best practices to help organizations manage cybersecurity risks. Created through collaboration between government and the private sector, the Framework helps guide cybersecurity activities and encourages organizations to consider cybersecurity risks as part of their risk management processes. Profiles, a key element of the Framework, help an organization align its cybersecurity activities with its business requirements, risk tolerances, and resources. A profile is intended both to help identify opportunities for improving cybersecurity as well as providing a touchstone to compare against in order to prioritize process improvement activities.
Over the last few years, we've well documented the abysmal security in the internet of things space. And while refrigerators that leak your Gmail credentials are certainly problematic, the rise in exploitable vehicle network security is exponentially more worrying. Reports emerge almost monthly detailing how easy it is for hackers to bypass vehicle security, allowing them to at best fiddle with in-car systems like air conditioning, and at worst take total control of a compromised vehicle. It's particularly problematic given these exploits may take years to identify and patch.
Yesterday I tried to summarize the things I know about Concurrent ML, and I came to the tentative conclusion that Go (and any Go-like system) was an acceptable CML. Turns out I was both wrong and right.
Peoples! Lately I've been navigating the guile-ship through waters unknown. This post is something of an echolocation to figure out where the hell this ship is and where it should go.
Concretely, I have been working on getting a nice lightweight concurrency system rolling for Guile. I'll write more about that later, but you can think of it as being modelled on Go, though built as a library. (I had previously described it as "Erlang-like", but that's just not accurate.)
GNOME 3.22 is the latest version of GNOME 3, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, as well as many smaller improvements and bug fixes. In total, the release incorporates 22980 changes, made by approximately 775 contributors.
3.22 has been named “Karlsruhe” in recognition of this year’s GUADEC organizing team. GUADEC is GNOME’s primary conference, which is held in Europe each year, and is only possible due to the amazing work of local volunteers.
A GNOME 3.22 release video has gone live on YouTube. It gives users a look at the key changes that feature in the latest update to the Linux desktop environment.
GNOME 3.22 is out, and it features comprehensive Flatpak support, file manager improvements, and a whole host more besides. Click through to read more.
Now that GTK+ 3.22.0 and GLib 2.50.0 have been released, it’s time to look back at this development cycle and see the contributions from people and companies that made these releases possible.
After all the tarballs for GNOME 3.22 the master branch of gnome-software is now open to new features. Along with the usual cleanups and speedups one new feature I’ve been working on is finally merging the age ratings work.
Stop the patent blackmail
Microsoft has been going to licensees of Android and threatening the licensees with suit if the licensees do not pay Microsoft money for using software that Microsoft says violates their patents. When the companies agree to settle out of court, Microsoft then requires them not to discuss publically which patents are claimed in violation or anything about the settlement. Of course this means that the FOSS community can not study the patents (to see if they are valid or not) or know which sections of code could be re-written to avoid the patents.
This is more important than Microsoft just getting their pound of flesh for some code that they did not write, which may have existed as “prior art” while Bill Gates was still getting speeding tickets in New Mexico.
When companies start to develop products they want to know about as many risks as possible. Therefore they worry about patents that exist in code that could be used to block their product, or make it more expensive than they thought the product would be.
Not knowing what the patents are, or how much Microsoft will charge for them, or even if they are valid, the companies can not make that decision easily. Therefore they might avoid a FOSS (particularly Android) solution.
Another problem with software patents is that it makes it expensive, difficult and/or dangerous for companies to distribute code over the Internet or on some media. If there is patent-bearing code in the distribution, a distribution could not afford even a penny royalty if there are going to be millions of copies of their code downloaded, with (perhaps) only 100,000 actually installed. This is why some distributions have a separate package for royalty bearing code (usually multimedia codecs), and others have a version for the USA and other countries that recognize software patents and another version for “the rest of the world”.
The problem with this technique being applied to Microsoft's claimed patents is that the patents claimed appear to be in the kernel, and the Linux community does not know which patents or to what code the patents apply.
For Microsoft to show their love for FOSS, I would recommend them joining the Open Invention Network, or simply agree to license these questionable patents free of charge to organizations using FOSS. Microsoft could still charge royalties for their patents used in closed, proprietary software. I have heard Apple has a lot of cash on hand.
Allow FOSS proponents to keynote at major Microsoft events.
Microsoft has been coming to FOSS events for many years now. At first there was always the question of whether a FOSS event should allow someone who has been calling you a “virus”, or “a communist” or talking about your “crappy software” to come to their events, but normally it was felt that for FOSS people to exclude Microsoft personnel from attending or to eliminate them from speaking, or even to refuse to take their sponsorship money was not being very “open”. So Microsoft started coming to FOSS events, having booths, speaking, and trying to hire FOSS programmers.
On the other hand I remember several times where I was chased out of a general purpose computer event by event managers because Microsoft had complained that we were handing out free CDROMs of GNU/Linux to show attendees. At one event I was even forbidden to hand them out on the street corner in front of the event because the side walk also belonged to the venue (or so they said).
One time we allowed a Microsoft product manager to participate in a panel with Linus, and about ten seconds before we went on the stage the Microsoft manager pulled out the results of software tests to prove that for some obscure function Microsoft Windows was some percentage faster than Linux. Linus, of course, could not refute this, but he did go home and investigate the issue, and in the next release of Linux that function was two or three times faster than Microsoft Windows.
Nevertheless, I do not remember Microsoft ever allowing a FOSS person to discuss the benefits of the FOSS model of software at a major Microsoft customer or developer event, and if Microsoft really “loved Linux” (and their customers) you would think Microsoft would want their developer and customer base to know about those values and benefits.
So for Microsoft to really show its love, I think they should invite recognized FOSS advocates to speak as keynote speakers at Convergence, //Build, the Worldwide Partner Conference and Microsoft Ignite. I am sure I could find the time in my schedule to attend one or two of them and there are other FOSS people who could also help out.
Red Hat, Inc. released the financial results for the second quarter ending August 31, 2016 in a press release today. Red Hat stock seems to be going in the right direction for them as well even as insiders sell off their shares. The top story today must have been the skirmish resulting from reports of Linux being blocked from certain Lenovo laptops under orders from Microsoft. Elsewhere, GNOME 3.22 was released as a new age rating system is planned for 3.23. And finally, The Document Foundation reported the results of its 2016 Membership Committee elections.
It was widely reported today that Lenovo laptops featuring Windows 10 lock the hard drive with proprietary code that Linux can not read - so in essence, blocking users from installing Linux. A user asking in a Lenovo support forum was told by an employee that Linux was blocked due to an agreement with Microsoft. The news traveled around the Intertubes with lightening speed making headlines at every tech site in existence. So, Lenovo and Microsoft jumped into damage control saying it was due to proprietary RAID software. Former kernel contributor Matthew Garrett addressed the issue on his blog today saying the sensational headlines are distracting from a real issue here. He said this is probably because "recent Intel hardware needs special setup for good power management and Microsoft could be insisting that Signature Edition systems ship in "RAID" mode in order to ensure that. Or it could be a misunderstanding regarding UEFI Secure Boot." He said it all boils down to Intel doing "very little to ensure that free operating systems work well on their consumer hardware." In any case, two major contributors to the Linux kernel and open source really couldn't care less about either. Today's sensational headlines might not be accurate, but they do point to a real problem, among many others.
One of the most rewarding things about being part of the learning industry is the visible ripples one professional can have throughout entire organizations. It helps when the organizations are primed for change, and Learning or Human Resources officers are regarded as boosters of knowledge, skill and innovation.
Before the decision to fork away, Totara HQ had already accounted for 450,000 lines of code on top of Moodle. Features, users and even the visual experience share less commonalities over time.
Open-source Moodle, already the most widely used LMS in the world, is continuing to gain traction. Join us to explore how Moodle has impacted the LMS market and continues to be a pioneer in emerging LMS technologies.
As a result, the cross-platform, malicious code-execution risk most recently visited users of browsers based on the Firefox Extended Release on September 3 and lasted until Tuesday, or a total of 17 days. The same Firefox version was vulnerable for an even longer window last year, starting on July 4 and lasting until August 11. The bug was scheduled to reappear for a few days in November and for five weeks in December and January. Both the Tor Browser and the production version of Firefox were vulnerable during similarly irregular windows of time.
Donald Ryan Austin of South Florida has been arrested on charges of hacking into the networks of Linux Kernel Organization and Linux Foundation and installing malicious software. A US Department of Justice (DoJ) release said Austin, who is a computer programmer, is now out on bail and could face a maximum sentence of 10 years if convicted.
According to the indictment, Austin stole the credentials of an employee to break into the Linux networks and installed rootkit and Trojan software apart from altering the servers. He has been charged with four counts of deliberate damage to a protected computer.
Linux has much to offer any computer user, but it has proven to be particularly popular with hackers. A writer at The Merkle recently considered the reasons why hackers have so much love for Linux.
A developer has created a command line utility which can give you the feel of Hollywood movie hacker. His tool replicates the decrypting text seen from the 1992 hacker movie Sneakers. The code is freely available on his GitHub page.
Application performance monitoring (APM) and network performance monitoring (NPM) are becoming increasingly important as businesses that have adopt cloud-based services and virtualized infrastructure.
In the recent SDxCentral report, “Network Performance Management Takes On Applications,” more than half of surveyed respondents are actively looking at APM and NPM systems, and more than one-third are in the testing and deployment phases of adoption. Another 16 to 20 percent are piloting these systems, and roughly 15 percent have already deployed them in their network.
You've made the switch to Linux containers. Now you're trying to figure out how to run containers in production, and you're facing a few issues that were not present during development. You need something more than a few well-prepared Dockerfiles to move to production. What you need is something to manage all of your containers: a container orchestration system.
Hopefully last week we piqued your interest in a career path in OpenStack. Adoption is growing and so is the number of OpenStack jobs. Like any other open source project, if you’re going to use it---professionally or personally—it’s important to understand its community and design/release patterns.
The industry consortium's fifth release of its SDN platform puts a focus on the cloud, NFV, performance and tools.
The OpenDaylight Project effort to create a common platform for network virtualization continues to mature with the unveiling of the group's fifth release, dubbed "Boron."
The industry consortium announced the Boron release Sept. 21, a week before the OpenDaylight Summit kicks off in Seattle Sept. 27. Project officials said the new release brings with it improvements around the cloud and network-functions virtualization (NFV), and is the result of contributions by consortium members in a range of areas, including performance and tools.
Blockchain, the technology that underlies the cryptocurrency Bitcoin, has been celebrated as a way to change the way transactions of all kinds are made. But a suggestion to make an editable version of the technology is now dividing opinion.
The consultancy firm Accenture is patenting a system that would allow an administrator to make changes to information stored in a blockchain. In an interview with the Financial Times (paywall), Accenture’s global head of financial services, Richard Lumb, said that the development was about “adapting the blockchain to the corporate world” in order to “make it pragmatic and useful for the financial services sector.”
I like practical application. Recently, I’ve been trying to expand my horizons through studying Linux operating systems. I’ll use this opportunity to reinforce some of what I’ve learned and hopefully shed a little light on exactly what open source software is and how it’s used. For the sake of clarity, there is a lot more to the topic than discussed below, but we can only stuff so much info into the column!
A common misconception is that open source software means free (as in beer). Open source software may be free to use or paid for, but the “free” in open source applies to the rights (as in speech) of the general public to use, distribute or modify the source software at will. Digging further, there are degrees of “openness” of open source software. As the term indicates, the source is open but generally the source is just the base element of the overall application. For instance, operating systems are typically comprised of a kernel and many other programs which work together, resulting in products like Microsoft Windows, macOS or Red Hat.
Alex Larsson from the Flatpak project, the universal binary format that aims to simplify application distribution across multiple GNU/Linux operating systems, announced the release of Flatpak 0.6.11.
Flatpak 0.6.11 is a small maintenance version that comes approximately one week after the release of the previous one, Flatpak 0.6.10, bringing a new FLATPAK_CHECK_VERSION macro in the libflatpak library to automatically check the installed Flatpak version, a new option to the flatpak-builder command, namely "--show-deps," to allow listing of all the files on which the manifest depends.
The list of changes continues with support for using dashes in application IDs, but app developers are being informed by Alex Larsson that to make them work with symbolic icon names, the IDs may not end with the "-symbolic" name attached. Also, it looks like PTYs are now correctly handled by the HostCommand component, which now outputs the correct PID instead of a bogus one.
Rust is a system programming language which runs blazingly fast, and prevents almost all crashes, segfaults, and data races. You might wonder exactly why yet another programming language is useful, since there are already so many of them. This article aims to explain why.
GNOME 3.22 is scheduled to be released today. Along with this release come brand new recommendations for distributions on which applications should be installed by default, and which applications should not. I’ve been steadily working on these since joining the release team earlier this year, and I’m quite pleased with the result.
Matthias Clasen announced the official GNOME 3.22.0 release a short time ago. He wrote in part, "This release brings comprehensive Flatpak support. GNOME Software can install and update Flatpaks, GNOME Builder can create them, and the desktop provides portal implementations to enable sandboxed applications. Improvements to core GNOME applications include support for batch renaming in Files, sharing support in GNOME Photos, an updated look for GNOME Software, a redesigned keyboard settings panel, and many more."
Immediately after announcing the final release of the GNOME 3.22 desktop environment, Matthias Clasen also had the pleasure of informing us about the availability of the GTK+ 3.22 GUI toolkit.
Most of you out there developing GTK+ apps know what this open source software is all about, and the latest stable build is now 3.22, released as part of the GNOME 3.22 desktop environment. However, it looks like this will be the last release in the GTK+ 3 series, as the developers are now preparing to bump the development builds to version 3.90.x towards GTK+ 4.0.