Linux Journal

Debian 9.8 Released, Kernel 5.0-rc7 Is Out, Creative Commons Update on the EU Copyright Changes, Slax 9.8 Available and Mozilla Testing Picture-in-Picture Mode in Firefox

2 months ago

News briefs for February 18, 2019.

Debian 9.8 was released over the weekend. This release mostly addresses security issues and bug fixes. See the post for the full list of changes and visit the mirror list to upgrade an existing installation.

Linux kernel 5.0-rc7 was released yesterday. Linus writes "A nice and calm week, with statistics looking normal. Just under half drivers (gpu, networking, input, md, block, sound, ...), with the rest being architecture fixes (arm64, arm, x86, kvm), networking and misc (filesystem etc). Nothing particularly odd stands out, and everything is pretty small. Just the way I like it."

Creative Commons publishes update on the EU copyright changes that the European Parliament will vote on this spring. The final text of Articles 13 and 11 has been changed somewhat, but according to the Creative Commons post, "With Article 13, it's no exaggeration to say that it'll fundamentally change the way people are able to use the internet and share online. And the European copyright changes will affect how copyright develops in the rest of the world. Even with some of the minor improvements to other aspects of the copyright file, it's hard to see how the reform—taken as a whole—will be a net gain except for the most powerful special interests." If you live in Europe, visit for more information and to contact your MEPs before the vote.

Slax 9.8 was released yesterday. This point release updates some of the included packages; it doesn't include new features. To download the new version, go here.

Mozilla has started testing picture-in-picture mode in Firefox Nightly. According to Softpedia News, "the current implementation of picture-in-picture mode in Firefox is very limited, and I expect Mozilla to accelerate work on it as we approach its target release date. No specifics in this regard are available, however." Picture-in-picture mode is already available in other browsers, such as Google Chrome and Vivaldi.

News Debian Security kernel creative commons EU Copyright Law Slax Mozilla Firefox
Jill Franklin

Converting Decimals to Roman Numerals with Bash

2 months ago
by Dave Taylor

Decimals to Roman numerals—here we hit all the limitations of Bash shell scripting.

My last few articles have given me a chance to relive my undergraduate computer science degree and code a Roman numeral to decimal converter. It's quite handy when you're watching old movies (when was MCMLVII anyway?), and the basic coding algorithm was reasonably straightforward. (See Dave's "Roman Numerals and Bash" and "More Roman Numerals and Bash".)

The trick with Roman numerals, however, is that it's what's known as a subtractive notation. In other words, it's not a position → value or even symbol → value notation, but a sort of hybrid. MM = 2000, and C = 100, but MMC and MCM are quite different: the former is 2100, and the latter is 1000 + (–100 + 1000) = 1900.

This means that the conversion isn't quite as simple as a mapping table, which makes it a good homework assignment for young comp-sci students!

Let's Write Some Code

In the Roman numeral to decimal conversion, a lot of the key work was done by this simple function:

mapit() { case $1 in I|i) value=1 ;; V|v) value=5 ;; X|x) value=10 ;; L|l) value=50 ;; C|c) value=100 ;; D|d) value=500 ;; M|m) value=1000 ;; * ) echo "Error: Value $1 unknown" >&2 ; exit 2 ;; esac }

You'll need this function to proceed, but as a cascading set of conditional statements. Indeed, in its simple form, you could code a decimal to Roman numeral converter like this:

while [ $decvalue -gt 0 ] ; do if [ $decvalue -gt 1000 ] ; then romanvalue="$romanvalue M" decvalue=$(( $decvalue - 1000 )) elif [ $decvalue -gt 500 ] ; then romanvalue="$romanvalue D" decvalue=$(( $decvalue - 500 )) elif [ $decvalue -gt 100 ] ; then romanvalue="$romanvalue C" decvalue=$(( $decvalue - 100 )) elif [ $decvalue -gt 50 ] ; then romanvalue="$romanvalue L" decvalue=$(( $decvalue - 50 )) elif [ $decvalue -gt 10 ] ; then romanvalue="$romanvalue X" decvalue=$(( $decvalue - 10 )) elif [ $decvalue -gt 5 ] ; then romanvalue="$romanvalue V" decvalue=$(( $decvalue - 5 )) elif [ $decvalue -ge 1 ] ; then romanvalue="$romanvalue I" decvalue=$(( $decvalue - 1 )) fi done

This actually works, though the results are, um, a bit clunky:

$ sh 25 converts to roman numeral X X I I I I I

Or, more overwhelming:

Go to Full Article
Dave Taylor

SUSE OpenStack Cloud v9, Ubuntu 18.04.2 LTS Released, Happy Birthday Steam for Linux, WebKitGTK v 2.23.90 Released, Future Support of Virtual Desktops Hinted at in Chromium Codebase

2 months ago

SUSE OpenStack Cloud version 9 is out with its first release candidate.

After a bit of delay, Canonical just released the released Ubuntu 18.04.2 LTS (Bionic Beaver) packaged with a patched 4.18 Linux kernel to address the boot failure bug pushing its release by a week.

Yesterday (Valentine's Day) marked the 6 year anniversary of the release of Steam for Linux. Happy belated birthday Steam for Linux!!!

Just released is WebKitGTK version 2.23.90, adding better GTK integration, support for JPEG2000 and touchpad gestures and more.

A recent code commit to the Chromium codebase may hint to a near future support of virtual desktops; a definite plus for those who tend to run multiple programs all at once.

Petros Koutoupis

elementary 5 "Juno"

2 months ago
by Bryan Lunduke

A review of the elementary distribution and an interview with its founders.

In the spring of 2014 (nearly five years ago), I was preparing a regular presentation I give most years—where I look at the bad side (and the good side) of the greater Linux world. As I had done in years prior, I was preparing a graph showing the market share of various Linux distributions changing over time.

But, this year, something was different.

In the span of less than two years, a tiny little Linux distro came out of nowhere to become one of the most watched and talked about systems available. In the blink of an eye, it went from nothing to passing several grand-daddies of Linux flavors that had been around for decades.

This was elementary. Needless to say, it caught my attention.

Figure 1. elementary 5 "Juno"

In the years that followed, I've interviewed elementary's founders on a few occasions—for articles, videos or podcasts—and consistently found their vision, dedication and attitudes rather intriguing.

Then in 2016, I was at a Linux conference—SCaLE (the Southern California Linux Expo). One bright, sunshiny morning, I found myself heading from my hotel room down to the conference floor. On my way, I got it in my head that I really could use some French toast. I had a hankering—a serious one. And when Lunduke gets a hankering, no force in the cosmos can stop him (he says, switching to talking about himself in the third person seemingly at random).

Somehow or another, I ended up convincing the elementary crew (four of them, also at SCaLE, with a booth to promote their system) to join me on my French toast quest.

After searching the streets of downtown Pasadena, we found ourselves in a small, but packed, diner—solving French Toast Crisis 2016—and allowing us to chat and get to know each other, in person, a bit better.

These—in their mid-20s, practically wee babies.

But, I tell you, they impressed me. Their vision for what elementary was—and what it could be—was clear. Their passion was contagious. It was hard to sit with them, in that cramped little diner, and not feel excited and optimistic for what the future held.

And, what's more, they were simply nice people. They oozed goodness and kindness. Their spirit had not yet been crushed by a string of IT managers that make soul-crushing a hobby.

They were the future of desktop Linux (or at least a rather big part of it). This was evident, even back then. And, that wasn't just the French toast talking.

Go to Full Article
Bryan Lunduke

Modeling the Entire Universe

2 months ago
by Joey Bernard

For this article, I want to look at the largest thing possible, the whole universe. At least, that's the claim made by Celestia, the software package I'm introducing here. In all seriousness though, Celestia is a very well done astronomical simulator, similar to other software packages like Stellarium. Celestia is completely open source and is licensed under the GPL.

If Celestia isn't available via the package management system for your favorite distribution, you always can get the latest stable version from the Celestia's website as an installable binary package. If you really need the absolute latest version, you can grab it from the GitHub repository. Binaries also are available for Windows and Mac OS X, in case you need to travel on the dark side of computing.

Once you have installed Celestia, starting it provides a view of the Earth from space.

Figure 1. Celestia begins your exploration of space with a 3D view of Earth.

You're first placed on a track that follows the Earth through space. This is necessary, because Celestia is actually a real-time simulation. If you were in a fixed location in space, any object you were looking at quickly would leave your field of view. You can pause the simulation by pressing the spacebar. Once you are following an object, you can rotate your view by clicking the left mouse button and dragging left/right or up/down.

If you're more interested in observing a centered object, you can click the right mouse button, and then dragging will move you around the object instead, allowing you to see the object's details. You can zoom in or out by using the mouse wheel. All of these navigation actions also have keyboard shortcuts, for those who prefer that to using a mouse.

But, how do you select which object you are centered on? The easiest option is to click the Navigation→Solar System Browser menu item to pop up a selection window.

Figure 2. You can use the solar system browser to select objects to center on within the solar system.

From here, you can choose from planets, moons, asteroids and other solar system objects available by default within Celestia (I'll explain how to add even more items shortly).

If you're looking at items beyond the solar system, you can click the Navigation→Star Browser menu item to open a new window.

Go to Full Article
Joey Bernard

RIP Dr. Bernard L. Peuto, Porting Android 9 Pie Go Stack to Rpi 3, LibreOffice v6.2 Coming Soon, Red Hat Virtualization Platform 4.3 Beta Released, Deepin Desktop Environment

2 months ago

It is with a heavy heart that I write to inform you that the father and architect of the Zilog Z8000 processor, Dr. Bernard L. Peuto, has passed. Learn more about his contributions to tech and the legacy he has left here.

An independent group referring to themselves as the  RaspberryPi DevTeam have launched a Kickstarter campaign to help fund their efforts in porting Google’s Android 9 Pie Go stack (built for entry-level smartphones) to the Raspberry Pi 3.

LibreOffice version 6.2 is right around the corner and the killer feature it will be sporting is a new tabbed layout for the menu items, making it similar to the competitive Microsoft Office suite.

Red Hat officially announced the 4.3 Beta release of the software defined Red Hat Virtualization platform which has been built to virtualize both Linux and Windows workloads.

Zamir SUN and Bowen Li of the Fedora project have put together a proposal to port over the beautiful Deepin Desktop Environment over to the Fedora Linux distribution.

Petros Koutoupis

Plasma v5.15 Released, NetBSD Switching to GCC v7, Django Announces Important Bug Fix, Xen Project Developer and Design Summit

2 months ago

The KDE project launched the first stable release of Plasma in 2019 with version 5.15. The release boasts improvements in usability, notifications, eye candy and more.


The NetBSD Unix distribution has finally taken the plunge and will be switching to GCC version 7. It will initially start with amd64 and arm64 architectures. Other architectures haven't been thoroughly tested yet but are likely to be officially supported soon.


Django, the Python driven web framework, announced bugfix version 2.0.13, addressing bug number 30177 where format_number() crashes when the number has over 200 digits .


This years Xen Project's Developer and Design Summit will be held in Chicago on July 9. To register or learn more, visit the summit's official webpage .


It seems as if the developers working hard to bring you Ubuntu for the desktop are entertaining the idea of enabling the ZFS file system as the root file system.

Petros Koutoupis

A Line in the Sand

2 months ago
by Doc Searls

There's a new side to choose. It helps that each of us is already on it.

Linux Journal was born in one fight and grew through a series of others.

Our first fight was for freedom. That began in 1993, when Phil Hughes started work toward a free software magazine. The fight for free software was still there when that magazine was born as Linux Journal in April 1994. Then a second fight began. That one was against all forms of closed and proprietary software, including the commercial UNIX variants that Linux would eventually defeat. We got in the fight for open source starting in 1998. (In 2005, I got a ribbon for my own small part in that battle.) And last year, we began our fight against what Shoshana Zuboff calls surveillance capitalism, and Brett Frischmann and Evan Selinger call re-engineering humanity.

This new fight is against actual and wannabe corporate and government overlords, all hell-bent on maintaining the caste system that reduces each of us to mere "consumers" and "data subjects" in a world Richard Brautigan described perfectly half a century ago in his poem "All Watched Over By Machines of Loving Grace". You know, like The Matrix, only for real.

They'll fail, because no machine can fully understand human beings. Each of us is too different, too original, too wacky, too self-educating, too built for gaming every system meant to control us. (Discredit where due: we also suck in lots of ways. For example, Scott Adams is right that we're easy to hack with a good con.)

But why wait for nature to take its course when surveillance capitalists are busy setting civilization back decades or more—especially when we can obsolesce their whole business in the short term?

Here at Linux Journal, we're already doing our part by not participating in the surveillance business that digital advertising has mostly become, and by doing pioneering work in helping the online publishing business obey the wishes of its readers.

Go to Full Article
Doc Searls

PyPy v7.0.0, Vulernability Affecting runc and Container Technologies, Ubuntu for ARM-based Windows Laptops, antiX MX v18.1

2 months ago

PyPy, the alternative implementation to the Python programming language announced the release of version 7.0.0. It includes 3 different interpreters that support Python versions 2.7, 3.5 and 3.6-alpha.

A vulnerability was just discovered (CVE-2019-5736) affecting runc and the management of container technologies which include Docker, cri-o, containerd, Kubernetes, etc. Learn more about this security hole and the ways it is being patched here.

A small group of programmers and hackers are working diligently to bring support for Ubuntu on ARM-based Windows laptops. Prebuilt images for the Asus NovaGo TP370QL, HP Envy x2, and the Lenovo Mixx 630 can be found on the official GitHub project page.

The Debian-based Linux distribution, antiX MX, just announced the release of version 18.1. The release is based off of Debian 9.7 "Stretch." You can obtain the ISO image here.

Petros Koutoupis

Removing Profanity from the Source Tree

2 months ago
by Zack Brown

Warning: this article contains profanity.

Linus Torvalds recently stepped away from kernel development temporarily in order to think about how to be less harsh with developers in certain situations. Simultaneous with his departure was a patch introducing a new Code of Conduct into the kernel source tree. The effects of this are beginning to be felt.

Jarkko Sakkinen recently posted a patch to change a kernel comment containing the word "fuck" to use the word "hug" instead. So the code comment, "Wirzenius wrote this portably, Torvalds fucked it up" would become "Wirzenius wrote this portably, Torvalds hugged it up".

Steven Rostedt replied to this, saying that the code in question had changed so much that the original comment was out of date, and it should just be removed entirely. He said, "that will be an accurate change with or without CoC."

Jonathan Corbet remarked, "I'd much rather see either deletion or a rewrite over bleeping out words that somebody might not like." And Jiri Kosina agreed, saying, "turning comments into something that often doesn't make sense to anybody at all is hardly productive."

Sergey Senozhatsky pointed out that Linus was the author of the original self-deprecating comment. He asked, "Linus has made a comment, in his own words, about his own code. Why would anyone be offended by this?"

And Tobin C. Harding remarked of the original code comment, "This is my favourite comment to date in the kernel source tree. Surely there are still some people working on the kernel that do so for fun. I actually laughed out loud when I first stumbled upon this file."

In a different thread, Kees Cook said he agreed with removing "fuck" from the source tree, but felt that the word "hug" was not a good replacement, since it didn't maintain the original meaning. He said:

"This API is hugged" doesn't make any sense to me. "This API is hecked" is better, or at least funnier (to me). "Hug this interface" similarly makes no sense, but "Heck this interface" seems better. "Don't touch my hecking code", "What the heck were they thinking?" etc...."hug" is odd.

He added, "Better yet, since it's only 17 files, how about doing context-specific changes? 'This API is terrible', 'Hateful interface', 'Don't touch my freakin' code', 'What in the world were they thinking?' etc.?"

Go to Full Article
Zack Brown

Episode 15: Learning Python

2 months 1 week ago
Your browser does not support the audio element. Reality 2.0 - Episode 15: Learning Python

Katherine Druckman and Doc Searls talk to Linux Journal Senior Columnist, Reuven Lerner, about learning new languages such as Python.

Doc Searls

Linux 5.0, Canonical Update, openSUSE Board Elections, Woman and Girls in Science, European Astro-Pi Challenge

2 months 1 week ago

The release candidate 6 for the highly anticipated 5.0 Linux kernel was just released. You can view the changeset for 5.0-rc6 here.

Canonical issued an update (USN-3878-3) and a formal apology for a recent kernel update regression that prevented systems with certain graphics chipsets from booting.

A stable version of Chrome OS 72 was just released on Friday which introduces better access to external storage, touchscreen optimizations for tablet mode and more.

There are only a few days left to cast your ballot in the 2018-2019 openSUSE board elections. Be sure to get your vote in.

Today, the Raspberry Pi Foundation and ESA Education are celebrating the International Day of  Women and Girls in Science and to support the occasion, astronaut Jenni Sidey is helping to kick off the European Astro-Pi challenge. While the challenge itself is not limited to female contestants, it will hopefully encourage more to participate.

Petros Koutoupis

Easier Python paths with pathlib

2 months 1 week ago
by Reuven M. Lerner

A look at the benefits of using pathlib, the "object-oriented way of dealing with paths".

Working with files is one of the most common things developers do. After all, you often want to read from files (to read information saved by other users, sessions or programs) or write to files (to record data for other users, sessions or programs).

Of course, files are located inside directories. Navigating through directories, finding files in those directories, and even extracting information about directories (and the files within them) might be common, but they're often frustrating to deal with. In Python, a number of different modules and objects provide such functionality, including os.path, os.stat and glob.

This isn't necessarily bad; the fact is that Python developers have used this combination of modules, methods and files for quite some time. But if you ever felt like it was a bit clunky or old-fashioned, you're not alone.

Indeed, it turns out that for several years already, Python's standard library has come with the pathlib module, which makes it easier to work with directories and files. I say "it turns out", because although I might be a long-time developer and instructor, I discovered "pathlib" only in the past few months—and I must admit, I'm completely smitten.

pathlib has been described as an object-oriented way of dealing with paths, and this description seems quite apt to me. Rather than working with strings, instead you work with "Path" objects, which not only allows you to use all of your favorite path- and file-related functionality as methods, but it also allows you to paper over the differences between operating systems.

So in this article, I take a look at pathlib, comparing the ways you might have done things before to how pathlib allows you to do them now.

pathlib Basics

If you want to work with pathlib, you'll need to load it into your Python session. You should start with:

import pathlib

Note that if you plan to use certain names from within pathlib on a regular basis, you'll probably want to use from-import. However, I strongly recommend against saying from pathlib import *, which will indeed have the benefit of importing all of the module's names into the current namespace, but it'll also have the negative effect of importing all of the module's names into the current namespace. In short, import only what you need.

Now that you've done that, you can create a new Path object. This allows you to represent a file or directory. You can create it with a string, just as you might do a path (or filename) in more traditional Python code:

Go to Full Article
Reuven M. Lerner

Weekend Reading: Containers

2 months 1 week ago
by Carlie Fairchild

The software enabling this technology comes in many forms, with Docker as the most popular. The recent rise in popularity of container technology within the data center is a direct result of its portability and ability to isolate working environments, thus limiting its impact and overall footprint to the underlying computing system. To understand the technology completely, you first need to understand the many pieces that make it all possible. Join us this weekend as we learn about Containers.

Before we get started, many ask what the difference is between a container and virtual machines? Editor Petros Koutoupis explains: Both have a specific purpose and place with very little overlap, and one doesn't obsolete the other. A container is meant to be a lightweight environment that you spin up to host one to a few isolated applications at bare-metal performance. You should opt for virtual machines when you want to host an entire operating system or ecosystem or maybe to run applications incompatible with the underlying environment.

Everything You Need to Know about Linux Containers, Part I: Linux Control Groups and Process Isolation

Truth be told, certain software applications in the wild may need to be controlled or limited—at least for the sake of stability and, to some degree, security. Far too often, a bug or just bad code can disrupt an entire machine and potentially cripple an entire ecosystem. Fortunately, a way exists to keep those same applications in check. Control groups (cgroups) is a kernel feature that limits, accounts for and isolates the CPU, memory, disk I/O and network's usage of one or more processes.

Everything You Need to Know about Linux Containers, Part II: Working with Linux Containers (LXC)

Part I of this Deep Dive on containers introduces the idea of kernel control groups, or cgroups, and the way you can isolate, limit and monitor selected userspace applications. Here, I dive a bit deeper and focus on the next step of process isolation—that is, through containers, and more specifically, the Linux Containers (LXC) framework.

Go to Full Article
Carlie Fairchild

Microsoft Joins the OpenChain Project, Google Open-Sources ClusterFuzz, New Android Vulnerability, FSF Gives the Vikings D8 Mainboard and Workstation Its "Respect Your Freedom" Endorsement, and Fedora Is Redesigning Its Logo

2 months 1 week ago

News briefs for February 8, 2019.

Microsoft has joined the OpenChain Project, "which builds trust in open source by making open source license compliance simpler and more consistent". Uber, Google and Facebook joined it last month. According to the announcement, "By joining OpenChain, Microsoft will help create best practices and define standards for open source software compliance, so that its customers have even greater choice and opportunity to bridge Microsoft and other technologies together in heterogeneous environments."

Google today announced it is open-sourcing ClusterFuzz and making it available for anyone to use. Fuzzing is "an automated method for detecting bugs in software that works by feeding unexpected inputs to a target program", and it's "effective at finding memory corruption bugs". ClusterFuzz is "a fuzzing infrastructure running on over 25,000 cores" was written to aid in the Chrome development process. You can check it out at the ClusterFuzz GitHub repository.

A security vulnerability discovered in Android gives attackers access to your phone if you open a .png file. ZDNet reports that "All it takes to trigger the bug is for attackers to send a crafted, malicious Portable Network Graphic (.PNG) file to a victim's device. Should the user open the file, the exploit is triggered." This bug affects Android versions 7.0–9.0.

The Free Software Foundation has certified new hardware with its "Respect Your Freedom" endorsement: the Vikings D8 mainboard and D8 workstation. According to Phoronix, "The Vikings D8 is a re-branded ASUS KCMA-D8 but flashed with Libreboot+Coreboot to free the hardware down to the BIOS." In addition, "the D8 Workstation also ships with the FSF-approved Trisquel operating system that is free of any Linux binary blobs and proprietary software." See also the FSF post on the Respects Your Freedom certification.

Fedora is redesigning its logo due to issues with its current logo, including "the lack of a single colour variant", "the logo not working well on dark backgrounds", "confusion with other well-known brands, and the use of a proprietary font." See this article by Máirín Duffy for more on the history of the Fedora logo and other details on the change, and also see this post to join the discussion on the new options.

News Microsoft OpenChain Project Google ClusterFuzz Android Security FSF Hardware Fedora
Jill Franklin

The Taloflow Instance Manager (Tim)

2 months 1 week ago
by Petros Koutoupis

For years, modern workloads have shifted to the cloud, with AWS being the most popular. And although this shift has cut down operating costs significantly, millions, if not billions, of dollars still are wasted to maintain all those virtual instances—even when they are not in use.

To help alleviate both the burden and headache of managing your cloud-hosted virtual machines, Taloflow built the Taloflow Instance Manager (Tim), which can reduce your expenditures by as much as 40%. Tim monitors your AWS resources and suggests automations that effortlessly save you money in real time.

Taloflow is a Vancouver- and California-based startup, offering a Software-as-a-Service (SaaS) platform that seamlessly integrates into your preferred cloud service provider to set up alerts, capture metrics and automate a list of useful actions. The company is focused solely on bringing artificial intelligence (AI) automation and intelligence to cloud services. Currently, Taloflow is an operation of at least eight talented engineers coming from all business backgrounds (from startups to enterprises).

Figure 1. The Taloflow Team

One of the key differences with Tim is that it works in real time. Unlike its competition, which is focused primarily on accountants and finance departments, Tim takes a bottoms-up approach and shifts that focus onto the engineers and operators pulling the levers on these cloud virtual instances. Think of it as bot or tool helping developers manage their resources and monitor their workflows. Tim will provide recommendations to those same engineers on how to optimize the performance, as well as the cost in the cloud.

The current implementation of Tim is available under a freemium model. This is intended to encourage early adoption, and it also allows users to hit the ground running and get started quickly. Depending on usage, number of users and the required performance, a paid tier or Enterprise Model eventually will be offered by March 2019.

Tim's basic model runs on Taloflow's own cloud, and depending on the customer's security preferences, the company will offer and provision private instances for each user (under the Enterprise subscription model). This will look like a Kubernetes image running on-premises at the customer site.

Go to Full Article
Petros Koutoupis

LibreOffice 6.2 Officially Available, Raspberry Pi Opens a Store in the UK, Purism Announces Partnership with GDQuest to Create Games for the Librem 5, Three New Snapshots for openSUSE Tumbleweed and Document Your DNA with an RPi Gel Imager

2 months 1 week ago

News briefs for February 7, 2019.

The Document Foundation today announces the official release of LibreOffice 6.2 with NotebookBar. This is a major new release that "features a radical new approach to the user interface—based on the MUFFIN concept—and provides user experience options capable of satisfying all users'preferences, while leveraging all screen sizes in the best way." This version has many new and features, including substantial changes to icon themes, context menus are tidied up and interoperability with proprietary file formats has been improved. See this video for details on all the new features. Note that LibreOffice 6.1.5 also was released today for enterprise-class deployments. You can download LibreOffice 6.2 or LibreOffice 6.1.5 from here.

Raspberry Pi has opened a store in the Grand Arcade, Cambridge, UK. See this video for details and follow #RPiStore for more photos and info.

Purism recently announced a partnership with GDQuest to teach people how to create games for the Librem 5 smartphone using the free/libre Godot game engine. GDQuest founder and game design expert/teacher Nathan Lovato's video series will show how to create and release games on the Librem 5 and then submit them to the PureOS store. See also GDQuest's crowdfunding campaign for information on other tutorial videos and to help support the project.

Three new snapshots were released this week for openSUSE Tumbleweed with updates for ImageMagick, Mesa, Apache, Ceph, Flatpak Builder, Python and more. Bash, glusterfs, libvirt and openconnect got updates this week as well.

You can now document your DNA with a Raspberry Pi gel imager. Make magazine published a step-by-step how-to by Dr. Lindsay V. Clark, so you can make your own imager from a styrofoam box and RPi for around $150, because "Any genetics lab or DIY biohacker needs to be able to visualize DNA and RNA, and a common technique for doing so is agarose gel electrophoresis."

News LibreOffice Raspberry Pi Purism gaming Godot GDQuest openSUSE
Jill Franklin

Disk Encryption for Low-End Hardware

2 months 1 week ago
by Zack Brown

Eric Biggers and Paul Crowley were unhappy with the disk encryption options available for Android on low-end phones and watches. For them, it was an ethical issue. Eric said:

We believe encryption is for everyone, not just those who can afford it. And while it's unknown how long CPUs without AES support will be around, there will likely always be a "low end"; and in any case, it's immensely valuable to provide a software-optimized cipher that doesn't depend on hardware support. Lack of hardware support should not be an excuse for no encryption.

Unfortunately, they were not able to find any existing encryption algorithm that was both fast and secure, and that would work with existing Linux kernel infrastructure. They, therefore, designed the Adiantum encryption mode, which they described in a light, easy-to-read and completely non-mathematical way.

Essentially, Adiantum is not a new form of encryption; it relies on the ChaCha stream cipher developed by D. J. Bernstein in 2008. As Eric put it, "Adiantum is a construction, not a primitive. Its security is reducible to that of XChaCha12 and AES-256, subject to a security bound; the proof is in Section 5 of our paper. Therefore, one need not 'trust' Adiantum; they only need trust XChaCha12 and AES-256."

Eric reported that Adiantum offered a 20% speed improvement over his and Paul's earlier HPolyC encryption mode, and it offered a very slight improvement in actual security.

Eric posted some patches, adding Adiantum to the Linux kernel's crypto API. He remarked, "Some of these patches conflict with the new 'Zinc' crypto library. But I don't know when Zinc will be merged, so for now, I've continued to base this patchset on the current 'cryptodev'."

Jason A. Donenfeld's Zinc ("Zinc Is Not crypto/") is a front-runner to replace the existing kernel crypto API, and it's more simple and low-level than that API, offering a less terrifying coding experience.

Jason replied to Eric's initial announcement. He was very happy to see such a good disk encryption alternative for low-end hardware, but he asked Eric and Paul to hold off on trying to merge their patches until they could rework them to use the new Zinc security infrastructure. He said, "In fact, if you already want to build it on top of Zinc, I'm happy to work with you on that in a shared repo or similar."

He also suggested that Eric and Paul send their paper through various academic circles to catch any unanticipated problems with their encryption system.

But Paul replied:

Go to Full Article
Zack Brown

Vivaldi 2.3 Has Arrived, Security Flaw Discovered in LibreOffice and OpenOffice, Firefox 66 to Stop Loud Videos from Playing Automatically, Red Hat CodeReady Workspaces Released and Flowblade 2.0 Is Now Available

2 months 1 week ago

News briefs for February 6, 2019.

Vivaldi's first release of 2019 arrived this morning. Version 2.3 introduces "a unique way to 'auto-stack' tabs that streamline your workflow even more. We've also added new ways to access websites in the Address Field and made overall improvements to navigate and interact with the Web quicker". You can download Vivaldi from here.

Security researchers have discovered a remote code execution vulnerability in LibreOffice on both Linux and Windows, Softpedia News reports. Evidently "the flaw can be exploited with just a malicious ODT document that includes code for running a macro with a mouse-hover action." Patches have been released, so update to the latest versions now (6.0.7 and 6.1.3). OpenOffice is vulnerable to the attack as well—specifically OpenOffice 4.1.6, and according to the Softpedia post, there is no fix yet.

Firefox 66 will stop videos containing audio from playing automatically. According to Ars Technica, "by default, any site that tries to play video with audio will have that video playback blocked", and "Firefox users will be able to override this block on a site-by-site basis, so those sites where autoplay is inoffensive can have it re-enabled." Mozilla plans to release Firefox 66 on March 19th.

Red Hat has released Red Hat CodeReady Workspaces, "a Kubernetes-native, browser-based IDE". ZDNet reports that "CodeReady is based on the open-source Eclipse Che IDE. It also includes formerly proprietary features from Red Hat's Codenvy acquisition." In addition, the IDE is optimized for Red Hat OpenShift, and Red Hat claims that "CodeReady Workspaces is the first IDE, which runs inside a Kubernetes cluster."

Flowblade 2.0, the open-source GTK3-based Linux video editor, was released this week. According to Phoronix, version 2.0 comes with "a new custom GTK3 theme and configurable workflow items to better cater to different users, a number of tools from keyframes to cut. Flowblade 2.0 also features better tool-tip coverage, various GUI updates, a transform compositor, and other changes." See the release notes and the GitHub repo for more information.

News Vivaldi Security LibreOffice OpenOffice Firefox Red Hat Kubernetes Flowblade multimedia
Jill Franklin