Linux Journal

openSUSE's Kubic Distro Is Now a Certified Kubernetes Distribution, ModemManager 1.10 Released, The Linux Foundation Announces LF Edge, Creative Commons and the Cleveland Museum of Art and Kexi 3.2 Beta Ships

2 months 3 weeks ago

News briefs for January 24, 2019.

openSUSE's Kubic team announced that the Kubic distribution is now a Certified Kubernetes Distribution, making it the "first open source Kubernetes distribution to be certified using the CRI-O container runtime". The Cloud Native Computing Foundation validates the Kubernetes Conformance Certifications to ensure that "versions, APIs, and such are all correct, present, and working as expected so users and developers can be assured their Kubernetes-based solutions will work with ease, now and into the future."

Modem Manager 1.10 has been released. Phoronix reports that this new version of the project for controlling mobile broadband devices/connections "improvements for fwupd integration, support for parallel enable/disable calls to the modem interface, support for exposing the network Protocol COnfiguration Options (PCO), allowing to configure the initial LTE default bearer settings, LTE Tracking Area Code (TAC) in 3GPP location information, support for injecting assistance data into the GNSS engine, fixes and improvements to voice call management, new MBIM features, the Dell plug-in now supports XMM-based devices and the DW5821e, and other new modem support". For the full list of changes, see the Git commit.

The Linux Foundation this morning announced LF Edge, an "umbrella organization to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system". From the press release: "LF Edge includes Akraino Edge Stack, EdgeX Foundry, and Open Glossary of Edge Computing, formerly stand-alone projects at The Linux Foundation. The initiative also includes a new project contributed by Samsung Electronics, which will create a hub for real-time data collected through smart home devices, and another project from ZEDEDA, which is contributing a new agnostic standard edge architecture."

Creative Commons yesterday announced that 30,000 high-quality digital images from the Cleveland Museum of Art are now available. The free and open digital images are now under the CC0 and available via their API. The "CC0 allows anyone to use, re-use, and remix a work without restriction." Museum Director William M. Griswold said "Open Access with Creative Commons will provide countless new opportunities to engage with works of art in our collection. With this move, we have transformed not only access to the CMA's collection, but also its usability—inside as well as outside the walls of our museum."

Kexi 3.2 Beta shipped earlier this week, with a focus on "improving stability of KEXI and KEXI frameworks, KDb, KProperty, KReport". Date/time support was greatly improved with this release, and there are several bug-fixes. Documentation for the frameworks also has been improved and is available here.

News openSUSE Kubic Kubernetes Cloud Native Computing Foundation ModemManager The Linux Foundation Edge Computing creative commons Kexi
Jill Franklin

Introductory Go Programming Tutorial

2 months 3 weeks ago
by Jay Ts

How to get started with this useful new programming language.

You've probably heard of Go. Like any new programming language, it took a while to mature and stabilize to the point where it became useful for production applications. Nowadays, Go is a well established language that is used in web development, writing DevOps tools, network programming and databases. It was used to write Docker, Kubernetes, Terraform and Ethereum. Go is accelerating in popularity, with adoption increasing by 76% in 2017, and there now are Go user groups and Go conferences. Whether you want to add to your professional skills or are just interested in learning a new programming language, you should check it out.

Go History

A team of three programmers at Google created Go: Robert Griesemer, Rob Pike and Ken Thompson. The team decided to create Go because they were frustrated with C++ and Java, which through the years have become cumbersome and clumsy to work with. They wanted to bring enjoyment and productivity back to programming.

The three have impressive accomplishments. Griesemer worked on Google's ultra-fast V8 JavaScript engine used in the Chrome web browser, Node.js JavaScript runtime environment and elsewhere. Pike and Thompson were part of the original Bell Labs team that created UNIX, the C language and UNIX utilities, which led to the development of the GNU utilities and Linux. Thompson wrote the very first version of UNIX and created the B programming language, upon which C was based. Later, Thompson and Pike worked on the Plan 9 operating system team, and they also worked together to define the UTF-8 character encoding.

Why Go?

Go has the safety of static typing and garbage collection along with the speed of a compiled language. With other languages, "compiled" and "garbage collection" are associated with waiting around for the compiler to finish and then getting programs that run slowly. But Go has a lightning-fast compiler that makes compile times barely noticeable and a modern, ultra-efficient garbage collector. You get fast compile times along with fast programs. Go has concise syntax and grammar with few keywords, giving Go the simplicity and fun of dynamically typed interpreted languages like Python, Ruby and JavaScript.

The idea of Go's design is to have the best parts of many languages. At first, Go looks a lot like a hybrid of C and Pascal (both of which are successors to Algol 60), but looking closer, you will find ideas taken from many other languages as well.

Go is designed to be a simple compiled language that is easy to use, while allowing concisely written programs that run efficiently. Go lacks extraneous features, so it's easy to program fluently, without needing to refer to language documentation while programming. Programming in Go is fast, fun and productive.

Go to Full Article
Jay Ts

Security Vulnerability Found in APT, Wine 4.0 Release, GPU Acceleration for Linux Apps on Chrome OS, Kickstarter Campaign for Polished Game Creation Tutorials for the Godot Free Game Engine, TUXEDO Computers Launch Two New High-Performance Laptops

2 months 3 weeks ago

News briefs for January 23, 2019.

All Debian and Ubuntu users (as well as users of their derivatives, such as Linux Mint, Ubuntu MATE, Kubuntu, Lubuntu and Xubuntu) should update APT immediately. Softpedia News reports that Max Justicz discovered a vulnerability in the APT package that could "allow a remote attacker to trick APT into installing malicious packages that pose as valid ones, but which could be used for code execution with administrative (root) privileges after installation to gain control of the vulnerable machine." See CVE-2019-3462 for the details.

Wine 4.0 was released, representing a year of development and more than 6,000 changes. The main highlights include Vulkan support, Direct3D 12 support, game controller support and High-DPI support on Android. You can get the source here, or go here for binaries. See the release notes for more information.

GPU acceleration for Linux apps on Chrome OS is happening. According to IoT Gadgets, "Chromebooks with 'Eve' and 'Nami' baseboard should now, or very soon, be able to try GPU hardware acceleration." The article notes that "GPU acceleration for Linux apps should hit the Chrome OS Dev Channel soon. While it's not expected to run the most intense of games smoothly, some simpler games, and apps like photo/video editor should work better once given the full access to GPU."

Nathan Lovato from the Krita team is launching a Kickstarter "to create your own games with Godot, the free game engine". The campaign is to create "polished game creation tutorials" for the free 2D and 3D Godot game engine. With your pledge, they will create "free and accessible video series for the official Godot manual" and "a premium course to learn more advanced techniques that you will get as a Kickstarter reward". In addition, they plan to "produce a minimum of 60 high-quality video tutorials, on top of the Free game demos."

TUXEDO Computers announced the new XUX508 and XUX708 (XUX stands for Xtreme User Xperience) high-performance laptops. These gaming laptops have "a desktop processor that can be configured up to Intel's i7-9700K and i9-9900K. In addition, a GeForce GTX graphics card can be used as a 1060, 1070, or 1080 model from NVIDIA. They also feature a sophisticated cooling system with two extra-large fans and two additional synchronized heatpipes". Other specs include 15.6 and 17.3 inch displays (matt/anti-reflective), space for up to 64GB of RAM, two large 2.5" hard drives and two M.2 NVMe SSDs, Soundsystem of Onkyo 2.0 and SOUND BLASTER X-FI MB5 and USB 3.1 Typ-C incl. Thunderbolt 3. Plus, "all components are easy to maintain, clean or replace after removing the underside of the housing". Note: "TUXEDO Computers does not offer its customers standard Linux PCs, but systems specially designed for the customer. These are individually built computers/PCs and notebooks that are fully compatible with Linux and Windows."

News Security Debian Ubuntu Distributions Wine Chrome OS Krita gaming Tuxedo Computers Hardware
Jill Franklin

Is Privacy a Right?

2 months 3 weeks ago
by Doc Searls

Good question.

That's what people say when they don't have an answer yet.

And such is the case with the question in the headline.

I started wondering about it following  a tweeted response by Raouf Eldeeb (@raouf777) to Privacy is Personal:

It is also a fundamental right, not a privilege to be bestowed on anyone. The individual should have the right to determine the extent of his privacy.

While I agreed automatically with both of Raouf's points, I began to wonder about all kinds of rights, including privacy. That's because I was haunted by what Yuval Noah Harari says about rights in his book Sapiens—A Brief History of Humankind (Harper, 2011, 2104):

Sapiens rule the world, because we are the only animal that can cooperate flexibly in large numbers….We cooperate effectively with strangers because we believe in things like gods, nations, money and human rights. Yet none of these things exists outside the stories that people invent and tell one another. There are no gods in the universe, no nations, no money and no human rights—except in the common imagination of human beings….

That's in Chapter 2. In Chapter 6, he also challenges the concept of equality, which informs much of our thinking and lawmaking around rights:

Is there any objective reality, outside the human imagination, in which we are truly equal? Are all humans equal to one another biologically? … Equally, there is no such thing as rights in biology. There are only organs, abilities and characteristics. Birds fly not because they have a right to fly, but because they have wings.

And yet, while Harari says rights are a collection of stories we tell ourselves, he also credits the role of belief in rights for holding civilization together and for advancing it. He points out, for example, that the story of rights America's founders told in the Declaration of Independence was a helluva lot more civilized than the Code of Hammurabi, which applied the death penalty to a huge roster of crimes (including lying), and codified women and slaves as forms of property. Harari also adds that the United States "would not have lasted 250 years if the majority of presidents and congressmen failed to believe in human rights". 

Go to Full Article
Doc Searls

Canonical Announces Ubuntu Core 18 for IoT, Red Hat JBoss Enterprise Application Platform 7.2 Now Available, Parrot 4.5 Officially Released, HP Launching Two New Chromebooks for Schools and Google Hit with $57 Million GDPR Fine

2 months 3 weeks ago

News briefs for January 22, 2019.

Canonical announced the release of Ubuntu Core 18 "for secure, reliable IoT devices" this morning. The Canonical blog notes that "Immutable, digitally signed snaps ensure that devices built with Ubuntu Core are resistant to corruption or tampering. Any component can be verified at any time." In addition, "The attack surface of Ubuntu Core has been minimized, with very few packages installed in the base OS, reducing the size and frequency of security updates and providing more storage for applications and data." Ubuntu Core also "enables a new class of app-centric things, which can inherit apps from the broader Ubuntu and Snapcraft ecosystems or build unique and exclusive applications that are specific to a brand or model." You can download it from here.

Red Hat today announced that Red Hat JBoss Enterprise Application Platform 7.2 is now generally available. This new version of the open-source Java EE 8-compliant application server "brings greater compliance with Java Enterprise Edition (EE) 8, JDK 11/Java SE 11, and further support for Microsoft Windows and enterprise Java microservices. With this release, Red Hat is continuing our commitment to Java EE 8 and Jakarta EE, the new home for cloud-native Java, a community-driven specification under the Eclipse Foundation." See the JBoss EAP 7.2 documentation for more information.

Parrot 4.5 was officially released yesterday with some major changes. Parrot 4.5 no longer provides live ISO files for the i386 architecture. With this version, Parrot has released "desktop virtual appliances in the OVA format that can be imported in VirtualBox, VMware and other famous virtualization environments". The default kernel is 4.19, and Parrot plans to support two branches: a stable kernel and a testing kernel, and it will provide updates for both. In addition, Parrot includes recently released Metasploit 5.0, that Parrot "immediately imported and tested". There are many more updates, so be sure to see the release notes for details and download links.

HP is releasing two new Chromebooks for schools. Engadget reports that the Chromebook x360 11 G2 Education Edition is an 11.6" update of HP's G1 convertible tablet that has options for a Wacom pen and a 5-megapixel rear-facing camera. It also sports "a much newer 1.1GHz Celeron chip, up to 8GB of RAM (not so common in budget Chromebooks) and as much as 64GB of expandable storage". HP also is launching the Chromebook 11 G7 Education Edition, which is an 11.6" touchscreen laptop with the same storage options as the Chromebook x360. HP plans to ship both Chromebooks in April, and "There's no listed pricing, but it's safe to say you're not buying one in a store. This is for institutions that will likely be purchasing in bulk, and you're more likely to see it in a kid's backpack than anywhere else."

Google is being slapped with a $57 million GDPR fine. According to BGR, "France's data protection authority has announced a $57 million fine against Google in the first such GDPR penalty levied against a US technology company. In a statement explaining the action, the French agency known as the CNIL noted that the fine is a result of deficiencies that include Google not being clear enough about the way user data is handled to present personalized ads." From the CNIL's statement: "the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations." The BGR article also notes that Google hasn't yet decided whether to appeal.

News Canonical Ubuntu Core Embedded IOT Red Hat Java Jakarta Eclipse Parrot Metasploit Security Distributions HP Chromebooks Google GDPR Privacy
Jill Franklin

Command-Line Tip: Put Down the Pipe

2 months 3 weeks ago
by Kyle Rankin

Learn a few techniques for avoiding the pipe and making your command-line commands more efficient.

Anyone who uses the command line would acknowledge how powerful the pipe is. Because of the pipe, you can take the output from one command and feed it to another command as input. What's more, you can chain one command after another until you have exactly the output you want.

Pipes are powerful, but people also tend to overuse them. Although it's not necessarily wrong to do so, and it may not even be less efficient, it does make your commands more complicated. More important though, it also wastes keystrokes! Here I highlight a few examples where pipes are commonly used but aren't necessary.

Stop Putting Your Cat in Your Pipe

One of the most common overuses of the pipe is in conjunction with cat. The cat command concatenates multiple files from input into a single output, but it has become the overworked workhorse for piped commands. You often will find people using cat just to output the contents of a single file so they can feed it into a pipe. Here's the most common example:

cat file | grep "foo"

Far too often, if people want to find out whether a file contains a particular pattern, they'll cat the file piped into a grep command. This works, but grep can take a filename as an argument directly, so you can replace the above command with:

grep "foo" file

The next most common overuse of cat is when you want to sort the output from one or more files:

cat file1 file2 | sort | uniq

Like with grep, sort supports multiple files as arguments, so you can replace the above with:

sort file1 file2 | uniq

In general, every time you find yourself catting a file into a pipe, re-examine the piped command and see whether it can accept files directly as input first either as direct arguments or as STDIN redirection. For instance, both sort and grep can accept files as arguments as you saw earlier, but if they couldn't, you could achieve the same thing with redirection:

sort < file1 file2 | uniq grep "foo" < file Remove Files without xargs

The xargs command is very powerful on the command line—in particular, when piped to from the find command. Often you'll use the find command to pick out files that have a certain criteria. Once you have identified those files, you naturally want to pipe that output to some command to operate on them. What you'll eventually discover is that commands often have upper limits on the number of arguments they can accept.

Go to Full Article
Kyle Rankin

Orange Pi 3 SBC Now Available, New Malware Targeting Linux Servers to Mine Cryptocurrency, Chrome OS 73 for the Dev Channel Released, Inkscape Nearing Version 1.0 Milestone and Linux 5.0-rc3 Is Out

2 months 4 weeks ago

News briefs for January 21, 2019.

Orange Pi 3 SBC is now available. Linux Gizmos reports that the open-source hardware platform, Allwinner H6-based Orange Pi 3 SBC is now available for $30, or for $40 with 2GB of RAM and 8GB eMMC. Also, other highlights include "GbE, HDMI 2.0, 4x USB 3.0, WiFi-ac, and mini-PCIe." For more info, visit the Orange Pi 3 AliExpress page.

Security researchers at Palo Alto Networks' Unit 42 have discovered malware that targets Linux servers to mine cryptocurrency. According to the Softpedia News post, this malware was launched by a group named "Rocke" to "infiltrate into Linux systems and look for five different cloud security products that could block further malicious activities on the compromised hosts". The article mentions that "Flaws in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion are being used."

Google recently released Chrome OS 73 for the Dev Channel, and the new version has "quite a few new items related to Project Crostini, for Linux app support", according to the About Chromebooks post. One new feature is the "choice of running Linux apps in either high or low density", and another is "a new flag that will enable backups of your Crostini container data files". And, you now can "share Android's Google Play Files, My Files and even Google Drive with Linux in the native Chrome OS Files app." See also the changelog for more details.

Inkscape is finally reaching the 1.0 milestone after 15 years of development. Softpedia News reports that Inkscape 1.0 will feature "an updated user interface that offers better support for 4K/HiDPI screens and theming support, the ability to rotate and mirror canvases, new options for exporting to the PNG image format, variable fonts (requires pango 1.41.1 or higher), as well as much faster path operations and deselection of a large amounts of paths." You can download the pre-release alpha as an Appimage from here and see the release notes here.

Linux 5.0-rc3 was released yesterday. Linus writes that "This rc is a bit bigger than usual. Partly because I missed a networking pull request for rc2, and as a result rc3 now contains _two_ networking pull updates. But part of it may also just be that it took a while for people to find and then fix bugs after the holiday season." He concludes his release message with "Nothing particularly odd strikes me."

News Orange Pi 3 SBC Security cryptomining Google Chrome Crostini Inkscape kernel
Jill Franklin

A Use Case for Network Automation

2 months 4 weeks ago
by Eric Pearce

Use the Python Netmiko module to automate switches, routers and firewalls from multiple vendors.

I frequently find myself in the position of confronting "hostile" networks. By hostile, I mean that there is no existing documentation, or if it does exist, it is hopelessly out of date or being hidden deliberately. With that in mind, in this article, I describe the tools I've found useful to recover control, audit, document and automate these networks. Note that I'm not going to try to document any of the tools completely here. I mainly want to give you enough real-world examples to prove how much time and effort you could save with these tools, and I hope this article motivates you to explore the official documentation and example code.

In order to save money, I wanted to use open-source tools to gather information from all the devices on the network. I haven't found a single tool that works with all the vendors and OS versions that typically are encountered. SNMP could provide a lot the information I need, but it would have to be configured on each device manually first. In fact, the mass enablement of SNMP could be one of the first use cases for the network automation tools described in this article.

Most modern devices support REST APIs, but companies typically are saddled with lots of legacy devices that don't support anything fancier than Telnet and SSH. I settled on SSH access as the lowest common denominator, as every device must support this in order to be managed on the network.

My preferred automation language is Python, so the next problem was finding a Python module that abstracted the SSH login process, making it easy to run commands and gather command output.

Why Netmiko?

I discovered the Paramiko SSH module quite a few years ago and used it to create real-time inventories of Linux servers at multiple companies. It enabled me to log in to hosts and gather the output of commands, such as lspci, dmidecode and lsmod.

The command output populated a database that engineers could use to search for specific hardware. When I then tried to use Paramiko to inventory network switches, I found that certain switch vendor and OS combinations would cause Paramiko SSH sessions to hang. I could see that the SSH login itself was successful, but the session would hang right after the login. I never was able to determine the cause, but I discovered Netmiko while researching the hanging problem. When I replaced all my Paramiko code with Netmiko code, all my session hanging problems went away, and I haven't looked back since. Netmiko also is optimized for the network device management task, while Paramiko is more of a generic SSH module.

Go to Full Article
Eric Pearce

openSUSE Announces Three New Tumbleweed Snapshots for 2019, Malware in Google Play Using Motion Sensors to Avoid Detection, Leaked Android Q Features, deepen 5.9 Released and ZFS On Linux 0.8 Coming Soon

3 months ago

News briefs for January 18, 2019.

openSUSE announces three new Tumbleweed snapshots to start of 2019, which include updates for KDE Plasma, Vim, RE2, QEMU, curl and much, much more. The openSUSE blog post notes that, "all snapshots have either logged or are treading as moderately stable with a rating of 83 or above, according to the Tumbleweed snapshot reviewer. There are more than 300 packages in staging that will likely be released in several snapshots over the coming weeks."

Malware in Google Play used motion sensors in phones to hide itself, triggering only when the phones moved. According to Ars Technica, the malicious apps avoid detection by monitoring "the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers—and possibly Google employees screening apps submitted to Play—are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant." Trend Micro found the malware in two apps: BatterySaverMobi and Currency Converter.

XDA Developers got their hands on a Google Pixel 3 XL with a leaked version of Android Q, giving them a first look at what Google has been working on. First is a system-wide Dark Theme. In addition, it has a huge permissions revamp "in the Settings app that allows you to get an overview of permission access by apps and restrict certain permissions like location only while the app is in use". It also includes new Developer Options, accessibility settings and other miscellaneous changes.

deepin 5.9 has been released. This release fixes several bugs and "adds support for touchscreen gestures and onscreen keyboard, optimizes the using frequency algorithm for application sequence in Launcher mini mode, and introduces a new function - Smart Mirror Switch, hoping to bring users more stable and efficient experiences." You can download the ISO from here.

ZFS On Linux 0.8 is coming soon, and it's expected to be a huge release. Phoronix reports that this update will include "native encryption support, device removal, direct I/O, sequential scrub, pool checkpoints, and a lot of other new features for the first time with this Linux port of the Sun/Oracle ZFS file-system."

News openSUSE Google Mobile Android Security Deepin ZFS
Jill Franklin

Some Thoughts on Open Core

3 months ago
by Kyle Rankin

Why open core software is bad for the FOSS movement.

Nothing is inherently anti-business about Free and Open Source Software (FOSS). In fact, a number of different business models are built on top of FOSS. The best models are those that continue to further FOSS by internal code contributions and that advance the principles of Free Software in general. For instance, there's the support model, where a company develops free software but sells expert support for it.

Here, I'd like to talk a bit about one of the more problematic models out there, the open core model, because it's much more prevalent, and it creates some perverse incentives that run counter to Free Software principles.

If you haven't heard about it, the open core business model is one where a company develops free software (often a network service intended to be run on a server) and builds a base set of users and contributors of that free code base. Once there is a critical mass of features, the company then starts developing an "enterprise" version of the product that contains additional features aimed at corporate use. These enterprise features might include things like extra scalability, login features like LDAP/Active Directory support or Single Sign-On (SSO) or third-party integrations, or it might just be an overall improved version of the product with more code optimizations and speed.

Because such a company wants to charge customers to use the enterprise version, it creates a closed fork of the free software code base, or it might provide the additional proprietary features as modules so it has fewer problems with violating its free software license.

The first problem with the open core model is that on its face it doesn't further principles behind Free Software, because core developer time gets focused instead of writing and promoting proprietary software. Instead of promoting the importance of the freedoms that Free Software gives both users and developers, these companies often just use FOSS as a kind of freeware to get an initial base of users and as free crowdsourcing for software developers that develop the base product when the company is small and cash-strapped. As the company get more funding, it's then able to hire the most active community developers, so they then can stop working on the community edition and instead work full-time on the company's proprietary software.

Go to Full Article
Kyle Rankin

Oracle Releases First Critical Patch Update of 2019, Red Hat Enterprise Linux and Fedora to Drop MongoDB, The Linux Foundation Announces Its 2019 Event Lineup, Firefox Closing Its Test Pilot Program and GoDaddy to Support AdoptOpenJDK

3 months ago

News briefs for January 17, 2019.

Oracle released its first Critical Patch Update of the year this week, which addresses 284 vulnerabilities. eWeek reports that "Thirty-three of the vulnerabilities are identified as being critical with a Common Vulnerabilities Scoring System (CVSS) score of 9.0 or higher."

Red Hat Enterprise Linux and Fedora are dropping MongoDB. ZDNet reports that the decision is due to MongoDB's new Server Side Public License (SSPL), which, according to Red Hat's Technical and Community Outreach Program Manager Tom Callaway, is "intentionally crafted to be aggressively discriminatory towards a specific class of users." ZDNet explains that "specific objection is that SSPL requires, if you offer services licensed under it, that you must open-source all programs that you use to make the software available as a service."

The Linux Foundation has announced its event schedule for 2019. New events for this year include include Cephalocon and gRPC Conf. See the full lineup here.

Firefox is closing its Test Pilot program and moving to a new model. From the announcement: "Migrating to a new model doesn't mean we're doing fewer experiments. In fact, we'll be doing even more! The innovation processes that led to products like Firefox Monitor are no longer the responsibility of a handful of individuals but rather the entire organization. Everyone is responsible for maintaining the Culture of Experimentation Firefox has developed through this process. These techniques and tools have become a part of our very DNA and identity. That is something to celebrate. As such, we won't be uninstalling any experiments you're using today, in fact, many of the Test Pilot experiments and features will find their way to Addons.Mozilla.Org, while others like Send and Lockbox will continue to take in more input from you as they evolve into stand alone products."

GoDaddy recently announced support for AdoptOpenJDK, which provides prebuilt open-source OpenJDK binaries. Charles Beadnall, GoDaddy CTO, says "GoDaddy supports an open access Internet because our 18 million customers depend on the open and equal nature of the Internet to compete with enterprises and corporations with more resources. With this sponsorship, we're proud to provide further support for open-source software and our community of entrepreneur customers."

News Oracle Security Red Hat Fedora MongoDB licensing The Linux Foundation Firefox GoDaddy AdoptOpenJDK
Jill Franklin

Ditching Out-of-Date Documentation Infrastructure

3 months ago
by Zack Brown

Long ago, the Linux kernel started using 00-Index files to list the contents of each documentation directory. This was intended to explain what each of those files documented. Henrik Austad recently pointed out that those files have been out of date for a very long time and were probably not used by anyone anymore. This is nothing new. Henrik said in his post that this had been discussed already for years, "and they have since then grown further out of date, so perhaps it is time to just throw them out."

He counted hundreds of instances where the 00-index file was out of date or not present when it should have been. He posted a patch to rip them all unceremoniously out of the kernel.

Joe Perches was very pleased with this. He pointed out that .rst files (the kernel's native documentation format) had largely taken over the original purpose of those 00-index files. He said the oo-index files were even misleading by now.

Jonathan Corbet was more reserved. He felt Henrik should distribute the patch among a wider audience and see if it got any resistance. He added:

I've not yet decided whether I think this is a good idea or not. We certainly don't need those files for stuff that's in the RST doctree, that's what the index.rst files are for. But I suspect some people might complain about losing them for the rest of the content. I do get patches from people updating them, so some folks do indeed look at them.

Henrik told Jonathan he was happy to update the 00-index files if that would be preferable. But he didn't want to do that if the right answer was just to get rid of them.

Meanwhile, Josh Triplett saw no reason to keep the 00-index files around at all. He remarked, "I was *briefly* tempted, reading through the files, to suggest ensuring that the one-line descriptions from the 00-INDEX files end up in the documents themselves, but the more I think about it, I don't think even that is worth anyone's time to do."

Paul Moore also voiced his support for removing the 00-index files, at least the ones for NetLabel, which was his area of interest.

The discussion ended there. It's nice that even for apparently obvious patches, the developers still take the time to consider various perspectives and try to retain any value from the old thing to the new. It's especially nice to see this sort of attention given to documentation patches, which tend to get left out in the cold when it comes to coding projects.

Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to

Go to Full Article
Zack Brown

Keep Smart Assistants from Spying on You with Alias, Security Advisory for Old scp Clients, Major Metasploit Framework Release, Mozilla Working on a New Browser for Android and VirtualBox 6.0.2 Is Out

3 months ago

News briefs for January 16, 2019.

A new open-source hardware project called Alias will keep Amazon and Google smart assistants from spying on you. According to the project's GitHub page, "Alias is a teachable 'parasite' that is designed to give users more control over their smart assistants, both when it comes to customisation and privacy. Through a simple app the user can train Alias to react on a custom wake-word/sound, and once trained, Alias can take control over your home assistant by activating it for you."

A security advisory from Harry Sintonen was issued this week concerning the scp clients in OpenSSH, PuTTY and more. LWN quotes the advisory: "Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output."

A new major release of the open-source Metasploit Framework is now available. According to the Rapid7 blog post, version 5.0 of the penetration-testing tool is the first milestone update since version 4.0 came out in 2011. Along with a new release cadence, "Metasploit's new database and automation APIs, evasion modules and libraries, expanded language support, improved performance, and ease-of-use lay the groundwork for better teamwork capabilities, tool integration, and exploitation at scale."

Mozilla is working on a new Android browser called Fenix. According to ZDNet, this "new non-Firefox browser for Android is apparently targeted at younger people, with Mozilla developers on GitHub tagging the description, 'Fenix is not your parents' Android browser'." In addition, mockups suggest that Fenix developers are "currently toying with the idea of putting the URL bar and home button down at the bottom of user interface."

VirtualBox 6.0.2 was released yesterday, the first maintenance release of the 6.0 series. This release fixed a conflict between Debian and oracle build desktop files, fixed building drivers on SLES 12.4, fixed building shared folder driver with older kernels and much more. See the changelog for all the details.

News Security Metasploit Mozilla Android Fenix VirtualBox Privacy Alias
Jill Franklin

Where There's No Distance or Gravity

3 months ago
by Doc Searls

The more digital we become, the less human we remain.

I had been in Los Angeles only a few times in my life before the October day in 1987 when I drove down from our home in the Bay Area with my teenage son to visit family. The air was unusually clear as we started our drive back north, and soon the San Gabriel Mountains—Los Angeles' own Alps (you can ski there!)—loomed over the region like a crenelated battlement, as if protecting its inhabitants from cultures and climates that might invade from the north. So, on impulse, I decided to drive up to Mount Wilson, the only crest in the range with a paved road to the top.

I could see from the maps I had already studied that the drive was an easy one. Our destination also was easily spotted from below: a long, almost flat ridge topped by the white domes of Mount Wilson Observatory (where Hubble observed the universe expanding) and a bristle of towers radiating nearly all the area's FM and TV signals. The site was legendary among broadcast engineering geeks, and I had longed to visit it ever since I was a ham radio operator as a boy in New Jersey.

After checking out the observatory and the towers, my son and I stood on a promontory next to a parking lot and surveyed the vast spread of civilization below. Soon four visiting golfers from New York came over and started asking me questions about what was where.

I answered like a veteran docent, pointing out the Rose Bowl, Palos Verdes Peninsula, Santa Catalina and other Channel Islands, the Hollywood Hills, the San Fernando Valley, the Jet Propulsion Laboratory, Santa Anita Park and more. When they asked where the Whittier Narrows earthquake had happened a few days before, I pointed at the Puente Hills, off to the southeast, and filled them in on what I knew about the geology there as well.

After a few minutes of this, they asked me how long I had lived there. I said all this stuff was almost as new to me as it was to them. "Then how do you know so much about it?", they asked. I told them I had studied maps of the area and refreshed my knowledge over lunch just before driving up there. They were flabbergasted. "Really?", one guy said. "You study maps?"

Indeed, I did. I had maps of all kinds and sizes at home, and the door pockets of my car bulged with AAA maps of everywhere I might drive in California. I also added local and regional Southern California maps to my mobile inventory before driving down.

Go to Full Article
Doc Searls

Participate in Fedora Test Day Today, Netrunner Announces Netrunner 19.01 Blackbird, Security Patch for GNOME Bluetooth Tools in Ubuntu 18.04, New Giant Board SBC from Groboard and Linspire Posts Development Roadmap for 2019-2020

3 months ago

News briefs for January 15, 2019.

Today is Fedora Test Day for kernel 4.20. To participate, you just need to be able to download the test materials (which include some large files) and read and follow directions. See the wiki page for more information on how to participate.

Netrunner yesterday announced the release of Netrunner 19.01 Blackbird. This desktop distro is based on Debian Testing, and updates with this version include KDE Plasma 5.14.3, KDE Frameworks 5.51, KDE Applications 18.08, Qt 5.11.3 and many more. It also sports a new look and feel called "Netrunner Black" among other changes. You can get the Netrunner 19.01 ISO from here.

Canonical yesterday released a security patch for the GNOME Bluetooth tools to address a security vulnerability with Ubuntu 18.04. Softpedia News reports that security researcher Chris Marchesi discovered the vulnerability in the BlueZ Linux Bluetooth stack, "which made it incorrectly handle disabling Bluetooth visibility, allowing a remote attacker to possibly pair to Bluetooth devices." All Ubuntu 18.04 LTS users should update immediately to the gnome-bluetooth 3.28.0-2ubuntu0.1 and libgnome-bluetooth13 3.28.0-2ubuntu0.1 packages from the official repos. See the wiki for detailed instructions.

Groboards has launched a new "tiny, Adafruit Feather form-factor 'Giant Board' SBC that runs Linux on Microchip's SiP implementation of its Cortex-A5-based SAMA5D SoC and offers 128MB RAM, micro-USB, microSD and I/O including ADC and PWM", Linux Gizmos reports. There's no pricing or availability information yet, but see the OSH Park blog and the Groboards site for specs and more info.

Linspire recently posted its development roadmap for Linspire and Freespire releases for 2019 and 2020. The Linspire CE 8.0 Office 365 Edition is planned for February 21, 2019, with Linspire Server on April 14, 2019. Freespire 4.5 is planned for May 5, 2019 and Freespire 5.0 is scheduled for November 15, 2019.

News Fedora Netrunner Distributions Canonical Security GNOME Ubuntu SBCs Linspire Freespire
Jill Franklin

Purism Announces Version 4 of Its Laptops, KDE Frameworks 5.54.0 Now Available, Debian 10 Default Theme Chosen, Linux Kernel 5.0-rc2 Is Out and Mozilla to Disable Flash in Firefox 69

3 months ago

News briefs for January 14, 2019.

Purism announced the fourth version of its Librem laptops today. The Librem 13 and 15 will be "now be upgraded with a 7th Gen Intel Core i7-7500U Processor with integrated HD Graphics that still works with coreboot. In addition, the Librem 15 display will be upgraded to 4K resolution. Upgraded models are available now for purchase whether you pick Librem 13: the road warrior or Librem 15: the desktop replacement." Note that the base cost will remain the same despite these updates (the Librem 15 is $1599, and the Librem 13 is $1399).

KDE announced the release of KDE Frameworks 5.54.0. This release is part of a series of planned releases for the 80 addon libraries for Qt that make up KDE Frameworks. See the announcement for the full list of changes/fixes and download links.

The Debian team announced that "futurePrototype" by Alex Makas will be the default theme for Debian 10 "Buster". The theme was selected via survey from 11 submitted themes; 3,646 people participated in the voting.

Linux kernel 5.0-rc2 is out. Linus wrote, "Were there some missing commits that missed the merge window? Yes. But no more than usual. Things look pretty normal." For the full message, see the LKML.

Mozilla plans to disable Adobe Flash Player in Firefox 69, which should launch in September 2019. According to Softpedia, "The next step for Mozilla is then to remove support for Flash Player entirely, so starting with early 2020, consumer versions of Firefox would no longer work with Adobe's plugin."

News Purism Librem Laptops KDE KDE Frameworks Debian kernel Mozilla Firefox Flash
Jill Franklin

Python Testing with pytest: Fixtures and Coverage

3 months ago
by Reuven M. Lerner

Improve your Python testing even more.

In my last two articles, I introduced pytest, a library for testing Python code (see "Testing Your Code with Python's pytest" Part I and Part II). pytest has become quite popular, in no small part because it's so easy to write tests and integrate those tests into your software development process. I've become a big fan, mostly because after years of saying I should get better about testing my software, pytest finally has made it possible.

So in this article, I review two features of pytest that I haven't had a chance to cover yet: fixtures and code coverage, which will (I hope) convince you that pytest is worth exploring and incorporating into your work.


When you're writing tests, you're rarely going to write just one or two. Rather, you're going to write an entire "test suite", with each test aiming to check a different path through your code. In many cases, this means you'll have a few tests with similar characteristics, something that pytest handles with "parametrized tests".

But in other cases, things are a bit more complex. You'll want to have some objects available to all of your tests. Those objects might contain data you want to share across tests, or they might involve the network or filesystem. These are often known as "fixtures" in the testing world, and they take a variety of different forms.

In pytest, you define fixtures using a combination of the pytest.fixture decorator, along with a function definition. For example, say you have a file that returns a list of lines from a file, in which each line is reversed:

def reverse_lines(f): return [one_line.rstrip()[::-1] + '\n' for one_line in f]

Note that in order to avoid the newline character from being placed at the start of the line, you remove it from the string before reversing and then add a '\n' in each returned string. Also note that although it probably would be a good idea to use a generator expression rather than a list comprehension, I'm trying to keep things relatively simple here.

If you're going to test this function, you'll need to pass it a file-like object. In my last article, I showed how you could use a StringIO object for such a thing, and that remains the case. But rather than defining global variables in your test file, you can create a fixture that'll provide your test with the appropriate object at the right time.

Here's how that looks in pytest:

Go to Full Article
Reuven M. Lerner