Linux Journal

Open Source--It's in the Genes

1 month 2 weeks ago
by Glyn Moody

What happens when you release 500,000 human genomes as open source? This.

DNA is digital. The three billion chemical bases that make up the human genome encode data not in binary, but in a quaternary system, using four compounds—adenine, cytosine, guanine, thymine—to represent four genetic "digits": A, C, G and T. Although this came as something of a surprise in 1953, when Watson and Crick proposed an A–T and C–G pairing as a "copying mechanism for genetic material" in their famous double helix paper, it's hard to see how hereditary information could have been transmitted efficiently from generation to generation in any other way. As anyone who has made photocopies of photocopies is aware, analog systems are bad at loss-free transmission, unlike digital encodings. Evolution of progressively more complex structures over millions of years would have been much harder, perhaps impossible, had our genetic material been stored in a purely analog form.

Although the digital nature of DNA was known more than half a century ago, it was only after many years of further work that quaternary data could be extracted at scale. The Human Genome Project, where laboratories around the world pieced together the three billion bases found in a single human genome, was completed in 2003, after 13 years of work, for a cost of around $750 million. However, since then, the cost of sequencing genomes has fallen—in fact, it has plummeted even faster than Moore's Law for semiconductors. A complete human genome now can be sequenced for a few hundred dollars, with sub-$100 services expected soon.

As costs have fallen, new services have sprung up offering to sequence—at least partially—anyone's genome. Millions have sent samples of their saliva to companies like 23andMe in order to learn things about their "ancestry, health, wellness and more". It's exciting stuff, but there are big downsides to using these companies. You may be giving a company the right to use your DNA for other purposes. That is, you are losing control of the most personal code there is—the one that created you in the boot-up process we call gestation. Deleting sequenced DNA can be hard.

Go to Full Article
Glyn Moody

It's World Press Freedom Day, Tutanota Launches Secure Connect for Journalists and Whistleblowers, Private Internet Access Offers Discounts for Journalists, GCC 9.1 Released, Freespire 4.8 Now Available, and Toradex's New Torizon Embedded Linux Distro

1 month 3 weeks ago

News briefs for May 3, 2019.

In honor of World Press Freedom Day, today Tutanota announces the launch of Secure Connect, "an open source encrypted contact form for news sites. Secure Connect can be easily added to any news site for free so that whistleblowers can get in touch with journalists securely." From the press release: "'To support the crucial work of journalists and whistleblowers, Tutanota's Secure Connect will be free for journalists to place on their websites', says Matthias Pfau, co-founder and developer of Tutanota. 'We believe in the Human Right to Privacy and Freedom of Speech—a secure and private form to communicate online is critical to achieve free speech. With Secure Connect we want to support journalists, activists and whistleblowers for the important work they are doing for all of us.'" Journalists can get Secure Connect for free by contacting press@tutao.de and supplying a link to their website. The standard price for Secure Connect (for lawyers, financial institutions, etc.) is 24 euros per month.

Private Internet Access is celebrating World Press Day with a discount on yearly and biyearly plans for journalists. If you are a member of the press and you would like to trial PIA's apps, or you are reporting high-risk topics or from a high-risk area, please email press@privateinternetaccess.com.

GCC 9.1 has been released. From the release announcement (posted on LWN): "GCC 9.1 is a major release containing substantial new functionality not available in GCC 9.x or previous GCC releases. In this release C++17 support is no longer marked experimental. The C++ front-end implements the full C++17 language (already previous GCC major version implemented that) and the C++ standard library support is almost complete. The C++ front-end and library also have numerous further C++2a draft features [1]. GCC has a new front-end for the D language. GCC 9.1 has newly partial OpenMP 5.0 support and almost complete OpenACC 2.5 support." Go here to see all the changes.

Freespire 4.8 was released yesterday. From the announcement: "It is our FOSS solution, with no binary-only drivers, multimedia codecs and strictly libre applications, nothing proprietary included. Freespire is released bi-annually and showcases the best of the FOSS and KDE communities." New features include KDE Plasma 5.12.7, KDE Frameworks 5.44.0, kernel 4.18.0-18, Chromium browser, Geary and much more. See the announcement for download links or to purchase install media.

A beta version of Toradex's Torizon embedded Linux distro is now available at the Toradex GitHub page. Toradex describes the open-source distro as "a new Linux-based software platform that simplifies the process of developing and maintaining embedded software. It allows you to configure the system for your use case quickly and easily, so you can focus on application development instead of Linux builds." See also this Linux Gizmos article for more information on the distro for embedded newbies that "features Visual Studio integration, security features, OTA updates, and an optional Docker runtime."

News Tutanota Secure Connect Security Privacy Freedom Private Internet Access GCC Freespire Embedded
Jill Franklin

Password Manager Roundup

1 month 3 weeks ago
by Shawn Powers

If you can remember all of your passwords, they're not good passwords.

I used to teach people how to create "good" passwords. Those passwords needed to be lengthy, hard to guess and easy to remember. There were lots of tricks to make your passwords better, and for years, that was enough.

That's not enough anymore.

It seems that another data breach happens almost daily, exposing sensitive information for millions of users, which means you need to have separate, secure passwords for each site and service you use. If you use the same password for any two sites, you're making yourself vulnerable if any single database gets compromised.

There's a much bigger conversation to be had regarding the best way to protect data. Is the "password" outdated? Should we have something better by now? Granted, there is two-factor authentication, which is a great way to help increase the security on accounts. But although passwords remain the main method for protecting accounts and data, there needs to be a better way to handle them—that's where password managers come into play.

The Best Password Manager

No, I'm not burying the lede by skipping all the reviews. As Doc Searls, Katherine Druckman and myself discussed in Episode 8 of the Linux Journal Podcast, the best password manager is the one you use. It may seem like a cheesy thing to say, but it's a powerful truth. If it's more complicated to use a password manager than it is to re-use the same set of passwords on multiple sites, many people will just choose the easy way.

Sure, some people are geeky enough to use a password manager at any cost. They understand the value of privacy, understand security, and they take their data very seriously. But for the vast majority of people, the path of least resistance is the way to go. Heck, I'm guilty of that myself in many cases. I have a Keurig coffee machine, not because the coffee is better, but because it's more convenient. If you've ever eaten a Hot Pocket instead of cooking a healthy meal, you can understand the mindset that causes people to make poor password choices. If the goal is having smart passwords, it needs to be easier to use smart passwords than to type "password123" everywhere.

Go to Full Article
Shawn Powers

Game Review: Guard Duty

1 month 3 weeks ago
by Marcel Gagné

Guard Duty from Sick Chicken Studios launches today! You can get it from Steam for $9.99.

It's a thousand years ago in the kingdom of Wrinklewood and you are Tondbert, a dwarf/huma-halfling palace guard. After a night of heavy drinking, most of which you're happy not to remember, not only do you wake up to discover you may have been responsible for getting the princess kidnapped by an evil wizard, but also your clothes and armor are missing, and after you fall from the tower where your tiny bedroom sits, you get stung by a swarm of angry wasps, your face is all swelled up, and nobody can understand the mumbles coming out of your mouth, so you get no respect from anyone—not that you ever did.

Welcome to Guard Duty and oddly enough, that's not where the game starts—a thousand years ago, I mean. It actually starts out in our future, in 2074 to be precise, a mostly unremarkable day except for that whole part about the destruction of the Earth and all.

I've spent several hours now, enjoying the sometimes frustrating new game, Guard Duty, from Sick Chicken Studios. Did I say "frustrating"? Because I meant it, but in a good way. The Sick Chicken people have spent way too many hours watching Monty Python and reading Terry Pratchett novels, and it shows. They also have a thing for golden-age point-and-click games, classic 320x240 resolution pixel art, all combined with comedic and sometimes touching storytelling.

Figure 1. Castle Wrinklewood and the Surrounding Countryside

As I said at the beginning of this review, the story starts, strangely enough, in our future where a demonic monstrosity sets out to bring the end of the world and the destruction of our planet. Like our hero of ancient times, named Tondbert, there's another knight of sorts, embarked on a quest to save what is left of mankind before there's nothing more to save. You get to meet him later, I'm told, though I'm still trying to get my halfling's ghost to stop feeling sorry for himself.

Figure 2. The Future, Right before the World Ends

What makes this particularly interesting is that your actions (or Tondbert's actions) in the past, will have an effect on what happens in the future, when you finally get there. How the threads of centuries wind their way into hero number two's battle is something I have yet to discover, but I'm seriously looking forward to working with him—once I rescue the princess, that is.

Go to Full Article
Marcel Gagné

GNU Guix 1.0.0 Released, Season of Docs Announces 50 Participating Open-Source Organizations, Docker Enterprise 3.0 Beta Now Available, Nvidia and Red Hat Join the Academy Software Foundation and Red Hat Announces New Version of Red Hat Process Automation

1 month 3 weeks ago

News briefs for May 2, 2019.

GNU Guix 1.0.0 was released today. This big 1.0 release is the result of seven years of development and contributions by more than 260 people. If you're not familiar with GNU Guix, "GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the kernel Linux, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, and AArch64 machines." This version brings many new features, including a new VM image, a new "first-class, uniform mechanism to configure keyboard layout" and more than 1,100 packages added. From the announcement: "The release comes with ISO-9660 installation images, a virtual machine image, and with tarballs to install the package manager on top of your GNU/Linux distro, either from source or from binaries. Guix users can update by running guix pull."

Season of Docs announces 50 participating open-source organizations. The full list is here. From the Google Open Source blog: "Season of Docs brings together technical writers and open source projects to foster collaboration and improve documentation in the open source space. You can find out more about the program on the introduction page of the website. During the program, technical writers spend a few months working closely with an open source community. They bring their technical writing expertise to the project's documentation and, at the same time, learn about the open source project and new technologies." Technical writer applications open May 29, 2019.

The beta version of Docker Enterprise 3.0 made its debut yesterday at DockerCon. ItPro Today reports that "Being a major point release, the software previewed today arrives with plenty of new features under the hood, such as integration with Docker Desktop, expanded Kubernetes capabilities, and a system for rolling multi-container applications into a single package deployable to any infrastructure." The article notes that "Most of the improvements made to this release of Docker Enterprise are aimed at streamlining the process of building and managing containers to make things easier for DevOps teams. In addition, the company is making it possible for developers with limited command line skills to take full advantage of the platform's capabilities with the integration of Docker Enterprise Desktop."

Nvidia and Red Hat have joined the Academy Software Foundation, "a consortium that aims to help Hollywood with the adoption and development of open source tools". Variety reports that the foundation also has accepted OpenEXR and OpenCue, two open-source projects. OpenEXR was developed by Industrial Light and Magic originally as a "high-dynamic range file format", first used in Harry Potter and the Sorcerer's Stone and Men in Black II. OpenCue is an "open source render manager developed by Google Cloud in partnership with Sony Pictures Imageworks". The Linux Foundation and the Academy of Motion Arts and Sciences founded the Academy Software Foundation last summer.

Red Hat announced the latest release Red Hat Process Automation today at Red Hat Summit. This new release introduces "new capabilities designed to address functional and knowledge gaps between IT developers and business analysts, enabling them to apply domain-specific expertise to the development of applications that automate processes and decisions to more rapidly adapt to a changing business environment". In addition, it "introduces a collaborative environment where individuals can make changes to project assets independently and simultaneously. Using these shared workspaces can lead to a more efficient, iterative and agile development process." The latest updates are available for customers at the Red Hat customer portal.

News GNU Guix Google Season of Docs Docker NVIDIA Red Hat
Jill Franklin

The Kernel Issue

1 month 3 weeks ago
by Bryan Lunduke

How much do you know about your kernel? Like really know?

Considering how critically important the Linux kernel is to the world—and, perhaps just as important, to our own personal computers and gadgets—it's rather amazing how little most people actually know about it.

There might as well be magical hamsters in there, pushing 1s and 0s around with their enchanted hamster gloves of computing power. How do kernels (in a general sense) actually work, anyway? How does one sit down and debug a specific Linux kernel issue? How does a kernel allocate and work with the memory in your computer? Those are questions most of us never need to ask—because Linux works.

Me, personally? Never submitted a single patch to the kernel. Not one.

I mean, sure. I've looked at little snippets of Linux kernel source code—mostly out of idle curiosity or to investigate a topic for a story. And I've compiled the kernel plenty of times to get one hardware driver or feature working. But, even so, my knowledge of the inner-workings of the kernel is mostly limited to "Linux power user" level.

So, it's time for a little kernel boot camp in this issue of Linux Journal to get a bit more up to speed.

Let's start with the basics. What is a kernel, and how, exactly, does a person go about making a brand-new one? Like...from scratch.

Linux Journal Editor at Large Petros Koutoupis previously has walked us through building a complete Linux distribution (starting from the very basics—see Part I and Part II). Now he does the same thing, but this time for building a brand-new kernel.

What tools are needed? What code must be written? Petros provides a step-by-step rundown of kernel building. In the end, you'll have a fully functional kernel (well, functional enough to boot a computer, at any rate) that you can build on further. Plus, you'll have a better understanding of how kernels actually work, which is pretty darn cool.

Moving back to Linux land, Frank Edwards gives a rundown on how the kernel handles memory: how virtual memory works and is structured, how the kernel reports memory usage and information to userland applications and the like. If you've ever wondered how the memory in your system is structured and interacted with by the applications and the kernel, give that a read.

Now that you know the basics of how to build a kernel, and a primer on how memory is used, let's turn to something directly practical for Linux developers and pro users: debugging Linux kernel panics.

Go to Full Article
Bryan Lunduke

Creative Commons Search Is Now Out of Beta, Dell Announces Two New Budget-Friendly Mobile Workstations, NS1 Releases Flamethrower, Scalyr Launches PowerQueries and High-Severity Hole Discovered in Oracle WebLogic

1 month 3 weeks ago

News briefs for May 1, 2019.

CC Search is now out of beta, with more than 300 million images, "a major redesign, and faster, more relevant search". The Creative Commons blog post notes that "CC Search searches images across 19 collections pulled from open APIs and the Common Crawl dataset, including cultural works from museums (the Metropolitan Museum of Art, Cleveland Museum of Art), graphic designs and art works (Behance, DeviantArt), photos from Flickr, and an initial set of CC0 3D designs from Thingiverse."

Dell yesterday announced two new mobile workstations, the Dell Precision 3540 and 3541. These new laptops "are budget-friendly machines with a smaller footprint and workstation-level performance". The 3540 is available now, with your choice of Ubuntu 18.04 or Windows 10, and it "comes with the essentials including the latest 4-core Intel Core 8th generation processors, up to 32GB of DDR4 memory, AMD Radeon Pro graphics with 2GB of dedicated memory, and 2TB of storage." The Precision 3541 will be available in late May and will "offer additional power, with 9th generation 8-core Intel Core and 6-core Intel Xeon processor options. It'll be available with next generation NVIDIA Quadro professional graphics with 4GB of dedicated memory. Boasting extreme battery life—quite possibly the longest battery life in its class—the system supports on-the-go productivity. As with the Precision 3540, the Precision 3541 comes with Thunderbolt 3 connectivity and optional features to enhance security such as fingerprint and smartcard readers, an IR camera and our first-ever camera shutter."

NS1 recently released Flamethrower, "a lightweight, configurable open source tool for functional testing, benchmarking, and stress testing DNS servers and networks." According to HelpNetSecurity.com, "Flamethrower supports IPv4, IPv6, UDP, TCP, DNS over TLS, as well as experimental support for DNS over QUIC. It has a modular system for generating the queries used in the tests, allowing for rich and realistic test scenarios that can plug into automation pipelines. It simulates multiple concurrent clients and generates actionable metrics, including send and receive counts, timeouts, errors and data on minimum, maximum and average latency." You can get Flamethrower on GitHub.

Scalyr this week announced its first major GA product launch of the year: PowerQueries. From the announcement: "PowerQueries are a new set of data operations within Scalyr that give users the ability to transform and manipulate data on the fly. They let users seamlessly pivot from facet-based search to complex log search operations for complicated data sets, such as grouping, transformations, filtering and sorting, table lookups and joins, enabling them to create sophisticated data processing pipelines." See also Scalyr Founder Steve Newman's blog post for more information.

A "high-severity hole" in Oracle WebLogic was exploited for nine days before being discovered. Ars Technica reports that "Attackers have been actively exploiting a critical zero-day vulnerability in the widely used Oracle WebLogic server to install ransomware, with no clicking or other interaction necessary on the part of end users, researchers from Cisco Talos said on Tuesday." Oracle released an emergency patch. Patch now.

News creative commons Dell Laptops Flamethrower DNS Scalyr Security Oracle
Jill Franklin

Purism Launches Librem One, a Suite of Privacy-Protecting, No-Track, No-Ad Apps and Services

1 month 3 weeks ago
by Bryan Lunduke

Some time back, the folks from Purism sent me a question: "Would you like to record some voice-over for a little commercial we're making?"

"Sure," I say. "Why not?"

They give me a script, show me a rough cut of the footage, and I record a few lines. Easy peasy.

The only problem? The commercial was for something that I think is a really great idea. And, the finished commercial gave me a serious case of the giggles. Yet I couldn't tell anyone about it. I was sworn to secrecy.

For a person who runs his mouth for a living, secrecy isn't always so easy. Keeping my big, dumb mouth shut was downright painful. Painful, I say!

Luckily, I can now, as of today, spill the beans without getting into trouble.

Purism has just launched an online service it has dubbed "Librem One", which is, as Purism calls it, a "suite of apps and services designed to provide users with convenient alternatives to Big Tech products".

There are two components of Librem One that are offered free of cost (or, at least, choose your own price): Chat and Social Media.

The chat component—the aptly named "Librem Chat"—is built on Matrix (which I am also a big fan of) and includes end-to-end encrypted text chat plus audio and video chatting. And, since it's built on Matrix, it has access to all the other users on Matrix out there. Which may not be as big of a user pool as, say, Hangouts or something, but the user base is growing. Quickly.

The Social Media component is built using Activity Pub and Mastodon (a federated, free software social network system).

I want to pause right there a moment, because this is really interesting to me.

That means we now have a social media server that is supported via a subscription model.  Not advertisements. Not data collection. Subscription. Which, in my opinion, is just a much better way to build a social network that respects user data and privacy.

Plus, this solves one of the biggest problems with picking and utilizing a Mastodon server up until this point—that they've mostly been run by hobbyists in their spare time. Thus, servers could go up or down or lose data at any time (which happened to me more than once). A professionally administered Mastodon social-media server supported as part of a subscription online service? Heck yes.

Then there are the services that aren't part of the free (in cost) tier, the ones you'll need to pay to gain access to: Librem Mail (encrypted email), Librem Tunnel (a VPN service), and, according to the Purism folks, they have plans to add a few additional services to Librem One in the future:

Go to Full Article
Bryan Lunduke

Fedora 30 Is Here, Raspberry Pi Foundation Announces the Gender Balance in Computing Project, Open ZFS/ZFS On Linux Working on a Code of Conduct, Docker Hub Breach and Help Promote the Coming openSUSE Leap 15.1 Release

1 month 3 weeks ago

News briefs for April 30, 2019.

Fedora 30 was released today. TechRepublic reports that this version brings some "quality-of-life improvements", such as the flicker-free boot process. It includes GNOME 3.32 with all new app icons, but it also includes Fedora spins for KDE, XFCE, LXQT, MATE-Compiz, Cinnamon, and LXDE. In addition, "New to Fedora 30 include packages for DeepinDE and Pantheon, the desktop environments used in Deepin Linux, called "the single most beautiful desktop on the market" by TechRepublic's Jack Wallen, as well as elementaryOS, which Wallen lauded as "spectacularly subtle." While these are only packages—requiring simple, though manual, installation—packaging these desktops is the first step to building a full independent spin." Go here to download, and see the full changelog here.

Raspberry Pi Foundation announces a consortium has been awarded £2.4 million for a new research project to investigate how to engage more girls in computing, as part of its work with the National Centre of Computing Education. The project is called Gender Balance in Computing and "is a collaboration between the consortium of the Raspberry Pi Foundation, STEM Learning, BCS, The Chartered Institute for IT, and the Behavioural Insights Team". Here's how it will work: "Gender Balance in Computing will develop and roll out several projects that aim to increase the number of girls choosing to study a computing subject at GCSE and A level. The consortium has already identified some of the possible reasons why a large percentage of girls don't consider computing as the right choice for further study and potential careers. These include: feeling that they don't belong in the subject; not being sufficiently encouraged; and feeling that computing is not relevant to them. We will go on to research and pilot a series of new interventions, with each focusing on addressing a different barrier to girls' participation."

OpenZFS/ZFS On Linux is working on a code of conduct to help encourage new contributors. According to Phoronix, "The OpenZFS Code of Conduct would apply to OpenZFS, ZFS On Linux, ZFS On OSX, and ZFS On Windows projects. They are working on this CoC to ensure 'The OpenZFS community values respectful, welcoming behavior towards everyone. This enables our members to thrive and contribute, and encourages new participants to join our community.'" You can read the draft here.

There was a Docker Hub breach recently that impacted 190,000 accounts. eWeek reports that the breach was first reported on April 26, and was discovered the day before. From Director of Docker Support Kent Lamb's email to Docker Hub users: "During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as GitHub and Bitbucket tokens for Docker autobuilds." Docker recommends that impacted users "change their Docker Hub account passwords, review GitHub activity, and unlink and then relink GitHub access."

You can help promote the openSUSE Leap 15.1 release, which is about 3 weeks away. Go here for a counter, or you can get artwork here.

News Fedora Distributions Raspberry Pi Open ZFS ZFS On Linux Code of Conduct Docker Security openSUSE
Jill Franklin

A Conversation with Kernel Developers from Intel, Red Hat and SUSE

1 month 3 weeks ago
by Bryan Lunduke

Three kernel developers describe what it's really like to work on the kernel, how they interact with developers from other companies, some pet peeves and how to get started.

Like most Linux users, I rarely touch the actual code for the Linux kernel. Sure, I've looked at it. I've even compiled the kernel myself on a handful of occasions—sometimes to try out something new or simply to say I could do it ("Linux From Scratch" is a bit of a right of passage).

But, unless you're one of the Linux kernel developers, odds are you just don't get many opportunities to truly look "under the hood".

Likewise, I think for many Linux users (even the pro users, sysadmins and developers), the wild world of kernel development is a bit of a mystery. Sure, we have the publicly available Linux Kernel Mailing List (LKML.org) that anyone is free to peruse for the latest features, discussions and (sometimes) shenanigans, but that gives only a glimpse at one aspect of being a kernel developer.

And, let's be honest, most of us simply don't have time to sift through the countless pull requests (and resulting discussions of said pull requests) that flood the LKML on a daily basis.

With that in mind, I reached out to three kernel developers—each working at some of the most prominent Linux contributing companies today—to ask them some basic questions that might provide a better idea of what being a Linux kernel developer is truly like: what their days look like and how they work with kernel developers at other companies.

Those three developers (in no particular order):

  • Dave Hansen, Principal Engineer, System Software Products at Intel.
  • Josh Poimboeuf, Principal Software Engineer on Red Hat Enterprise Linux.
  • Jeff Mahoney, Team Lead of Kernel Engineering at SUSE Labs.

Intel, Red Hat and SUSE—three of the top contributors of code to the Linux kernel. If anyone knows what it's like being a kernel developer, it's them.

I asked all three the exact same questions. Their answers are here, completely unmodified.

Bryan Lunduke: How long have you been working with the Linux kernel? What got you into it?

Dave Hansen (Intel): My first experience for the Linux kernel was a tiny little device driver to drive the eight-character display on an IBM PS/2, probably around 20 years ago. I mentioned the project on my college resume, which eventually led to a job with IBM's Linux Technology Center in 2001. IBM is where I started doing the Linux kernel professionally.

Go to Full Article
Bryan Lunduke

Episode 18: KidOYO

1 month 3 weeks ago
Your browser does not support the audio element. Reality 2.0 - Episode 18: KidOYO

Doc Searls talks to Zhen, Devon and Melora Lofretto of KidOYO and Doctor Michael Nagler, superintendent of the Mineola Public School system in Mineola  Long Island.

Links Mentioned:

 

Doc Searls

Apache Software Foundation Migrates to GitHub, Linux Kernel 5.1-rc7 Is Out, deepin 15.10 Released, Debian 9.9 Update and KaOS 2019.04 Now Available

1 month 3 weeks ago

News briefs for April 29, 2019.

The Apache Software Foundation today announced it has migrated its Git service to GitHub. From the announcement: "As the world's largest Open Source foundation, the ASF's 200M+ lines of code are overseen by an all-volunteer community of 730 individual ASF Members and 7,000 Apache code committers. Over its 20 year history, 1,058,321,099 lines of code have been committed across 3,022,836 code commits." Of the migration, the ASF writes, "GitHub makes it easier for developers to work together, to solve challenging problems, and to create the world's most important technologies. The platform enables teams to host and review code, manage projects, and build software alongside 31M+ developers, 2M+ businesses and organizations, and across 100M+ repositories."

Linux kernel 5.1-rc7 is out. Linus Torvalds writes, "If rc6 was bigger than I wished, it really does seem to have been just due to timing of pull requests. Because rc7 is tiny. Just under half of the patch is various kinds of networking changes: a mix of core networking, network drivers and some netfilter selftests....But it's all pretty tiny. Plus about 30% of the patches are marked for stable, so on the whole it really does feel like 5.1 is on target for a regular release next weekend."

deepin 15.10 was released yesterday. This new version of the distro "devoted to providing beautiful, easy to use, safe and reliable system for global users" includes new features such as "files on desktop auto merge, wallpaper slideshow, separate switches for system sound effects, and supports dragging the tray icon out in fashion mode. In addition, many bugs are fixed and the existing functions are optimized." The announcement also notes that "deepin 15.10 is newly built and released using Debian stable repository, in this way, system stability and security is greatly improved, bringing users more stable and efficient experiences." Go here to download.

Debian 9.9 was released over the weekend. This update mainly adds security fixes; it's not a new version of Debian 9, so it just updates some included packages. To update: "Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at https://www.debian.org/mirror/list. As a special case for this point release, those using the apt-get tool to perform the upgrade will need to ensure that the dist-upgrade command is used, in order to update to the latest kernel packages. Users of other tools such as apt and aptitude should use the upgrade command."

KaOS 2019.04 was released yesterday. This version marks the distro's sixth anniversary and includes a "fully updated Midna theme, a new toolchain and Qt 5.12.3". As a rolling distro, it also has the "latest packages for the Plasma Desktop, this includes Frameworks 5.57.0, Plasma 5.14.4 and KDE Applications 19.04.0. All built on Qt 5.12.3." There are many other new features, so see the announcement for details, and go here to download.

News Distributions Apache Software Foundation GitHub kernel Deepin Debian KaOS KDE
Jill Franklin

Data in a Flash, Part I: the Evolution of Disk Storage and an Introduction to NVMe

1 month 3 weeks ago
by Petros Koutoupis

NVMe drives have paved the way for computing at stellar speeds, but the technology didn't suddenly appear overnight. It was through an evolutionary process that we now rely on the very performant SSD for our primary storage tier.

Solid State Drives (SSDs) have taken the computer industry by storm in recent years. The technology is impressive with its high-speed capabilities. It promises low-latency access to sometimes critical data while increasing overall performance, at least when compared to what is now becoming the legacy Hard Disk Drive (HDD). With each passing year, SSD market shares continue to climb, replacing the HDD in many sectors. The effects of this are seen in personal, mobile and server computing.

IBM first unleashed the HDD into the computing world in 1956. By the 1960s, the HDD became the dominant secondary storage device for general-purpose computers (emphasis on secondary storage device, memory being the first). Capacity and performance were the primary characteristics defining the HDD. In many ways, those characteristics continue to define the technology—although, not in the most positive ways (more details on that shortly).

The first IBM-manufactured hard drive, the 350 RAMAC, was as large as two medium-sized refrigerators with a total capacity of 3.75MB on a stack of 50 disks. Modern HDD technology has produced disk drives with volumes as high as 16TB, specifically with the more recent Shingled Magnetic Recording (SMR) technology coupled with helium—yes, that's the same chemical element abbreviated as He in the periodic table. The sealed helium gas increases the potential speed of the drive while creating less drag and turbulence. Being less dense than air, it also allows more platters to be stacked in the same space used by 2.5" and 3.5" conventional disk drives.

Figure 1. A lineup of Standard HDDs throughout Their History and across All Form Factors (by Paul R. Potts—Provided by Author, CC BY-SA 3.0 us, https://commons.wikimedia.org/w/index.php?curid=4676174)

A disk drive's performance typically is calculated by the time required to move the drive's heads to a specific track or cylinder and the time it takes for the requested sector to move under the head—that is, the latency. Performance is also measured at the rate by which the data is transmitted.

Being a mechanical device, an HDD does not perform nearly as fast as memory. A lot of moving components add to latency times and decrease the overall speed by which you can access data (for both read and write operations).

Go to Full Article
Petros Koutoupis

The EFF Asks You to Help End the Call Detail Records Program, FreedomBox Foundation Launches the Pioneer Edition FreedomBox Home Server, Polyverse Announces CVE API Support, IBM Developers Working on System Call Isolation and Scientific Linux Discontinued

1 month 4 weeks ago

News briefs for April 26, 2019.

The EFF asks you to tell Congress to end the Call Detail Records (CDR) program: "For nearly two decades, the NSA has searched millions of Americans' telephone call records—all without a warrant or, for the vast majority of these calls, any suspicion of wrongdoing. But there's a bill in Congress that would finally put an end to the Call Detail Records (CDR) program. Please tell your members of Congress to cosponsor the Ending Mass Collection of Americans' Phone Records Act (S. 936, H.R. 1942)."

The FreedomBox Foundation recently announced the launch of its Pioneer Edition FreedomBox Home Servers. From the announcement: "the product includes pocket-sized server hardware, an SD card with the operating system pre-installed, and a backup battery which can power the hardware for 4-5 hours in case of outages. It sells for 82 euros and ships globally. The FreedomBox community will be offering free technical support for owners of the Pioneer Edition FreedomBox servers on our support forum. The only thing users pay for is hardware." In addition, "FreedomBox is designed around the principle that the exploitation of user data and attention should be technologically impossible. To that end, it is a user-controlled device that enables almost anyone to decentralize the web by hosting their own corner of the internet at home. Its simple user interface empowers individuals to host their own Internet services without any expertise, like an encrypted chat server that can replace Whatsapp, a VoIP server, a personal website, file sharing, a metasearch engine, and much more. The FreedomBox software is fully free and open source, and it is supported by the non-profit FreedomBox Foundation." You can order one via Olimex.

The Polyverse Corporation announces it "is supporting and promoting cveapi.com, an online resource that makes the Common Vulnerabilities and Exposures (CVEs) database more accessible to the open source community." Archis Gore, Polyverse CTO, says "Polyverse is thrilled to support cveapi.com in our shared mission to democratize the cybersecurity industry and foster an environment that encourages collaboration. By encouraging open APIs such as the CVE API, we hope to do our small part in helping ideas flourish and creating usable data."

IBM developers are working on a "system call isolation" concept for the Linux kernel to help increase security. Phoronix reports that the concept was just announced, and some preliminary patches are in the works. The post quotes developer Mike Rapoport: "The idea here is to allow an untrusted user access to a potentially vulnerable kernel in such a way that any kernel vulnerability they find to exploit is either prevented or the consequences confined to their isolated address space such that the compromise attempt has minimal impact on other tenants or the protected structures of the monolithic kernel. Although we hope to prevent many classes of attack, the first target we're looking at is ROP gadget protection."

Scientific Linux is being discontinued. According to BetaNews, the RHEL-based distro maintained by the scientific community at The Fermi National Laboratory and CERN will no longer be developed, and the organizations will switch to CentOS. James Amundson, Head of Scientific Computing Division, Fermi National Accelerator Laboratory, says the change is driven by the need to unify their computing platform with collaborating labs and institutions: "Toward that end, we will deploy CentOS 8 in our scientific computing environments rather than develop Scientific Linux 8. We will collaborate with CERN and other labs to help make CentOS an even better platform for high-energy physics computing. Fermilab will continue to support Scientific Linux 6 and 7 through the remainder of their respective lifecycles. Thank you to all who have contributed to Scientific Linux and who continue to do so."

News eff NSA FreedomBox Privacy Polyverse Security IBM kernel Scientific Linux CentOS Science
Jill Franklin

Plotting on Linux with KmPlot

1 month 4 weeks ago
by Joey Bernard

This issue of Linux Journal marks the magazine's 25th anniversary. So, I thought I'd look back to see when I wrote my first article, and I was horrified to see that it was in 2000. I'm too young to have been writing articles for more than 18 years! Here's to another 25 years for Linux Journal and all of the authors who have made it what it is.

For this article, let's take a look at the KmPlot plotting program. KmPlot is part of the EDU suite of programs from the KDE project, and it was designed to plot functions and interact with them to learn about their behavior. Since it is a part of the KDE project, it should exist in most package management systems. For example, in Debian-based systems, you can install it with the command:

sudo apt-get install kmplot

When you first start KmPlot, you'll see a blank workspace where you can start to play with mathematical functions. On the right-hand side, there's a main plot window where all of the graphical display will happen. On the left-hand side, there's a function list window where you can find all of the functions you've defined and are planning on working with.

Figure 1. Upon start up, you can begin entering functions and learning about their behavior.

The first thing to do is create some functions to use from within KmPlot. Click the Create button at the bottom of the function window to bring up a drop-down menu. Here you can select from a number of plot types, such as Cartesian, polar or differential. As an example, clicking the Cartesian option opens a new window where you can create your function.

Figure 2. You can use the built-in palettes to select functions and constants to build up the functions that you are interested in.

You can use pre-defined constants and simpler functions to build up the specific function you want to study. Once you're finished, KmPlot will update the main window, and you'll see your plot generated.

Several defaults exist that you can assign in terms of its appearance. Click the Advanced button at the bottom of the left-hand pane to open a new dialog window where you can change some of the defaults.

Figure 3. Click the Advanced button to set several options in the plot window.

Go to Full Article
Joey Bernard

Google Won't Allow DRM in an Open-Source Project, Collabora Announces the SPURV Project, WPS Office for Linux Version 11 Released, PyCharm 2019.1.1 Now Available, and KDE Plasma 5.15.4 Brings Many Bug Fixes and Improvements

2 months 3 weeks ago

News briefs for April 4, 2019.

Google won't allow DRM in an open-source project. Samuel Maddock is building a browser called Metastream, an "Electron-based (Chromium derived), MIT-licensed browser hosted on GitHub. Its main feature is the ability to playback videos on the web, synchronized with other peers. Each client runs its own instance of the Metastream browser and transmits playback information to keep them in sync—no audio or video content is sent." He sent a request to Google for a license to implement Widevine in his browser, and received this reply, "I'm sorry but we're not supporting an open source solution like this", four months later. See also "After years of insisting that DRM in HTML wouldn't block open source implementations, Google says it won't support open source implementations" by Cory Doctorow for more on the story.

Collabora recently announced a new project called SPURV, which allows you to "run Android applications in the same graphical environment as regular Wayland Linux applications with full 3D acceleration." The announcement also notes that "For current non-Android systems, this work enables a path forward to running Android applications in the same graphical environment as traditional non-Android applications are run." Full build instructions are available on GitLab.

WPS Office for Linux version 11 (2019) was released recently. Linux Uprising reports that the new version of the office suite includes "support for high resolution screens, skin support, and interface updates." See the WPS Community site to download the Linux version.

PyCharm 2019.1.1 is now available. From the announcement: "PyCharm is the first JetBrains IDE to ship with the new JDK 11. This brings us improved performance and better rendering for our Jupyter Notebooks. Unfortunately, it also means that we ran into a couple of teething issues with the new JDK."

KDE Plasma 5.15.4 was released this week with more than three dozen bug fixes and improvements. According to Softpedia News, highlights of this release include "improvements to the Flatpak and Fwupd (firmware update) backends in the Plasma Discover package manager, better support for the latest Nvidia graphics drivers in the KWin window and composite manager, along with proper support for restoring the current desktop from session." See also the release announcement at KDE.org for more information and links to live images and downloads.

News Google open source drm Collabora Android Wayland WPS Office PyCharm KDE Plasma
Jill Franklin

Open Source Is Winning, and Now It's Time for People to Win Too

2 months 3 weeks ago
by Reuven M. Lerner

Teaching kids about open source? Don't forget to teach them ethics as well.

Back when I started college, in the fall of 1988, I was introduced to a text editor called Emacs. Actually, it wasn't just called Emacs; it was called "GNU Emacs". The "GNU" part, I soon learned, referred to something called "free software", which was about far more than the fact that it was free of charge. The GNU folks talked about software with extreme intensity, as if the fate of the entire world rested on the success of their software replacing its commercial competition.

Those of us who used such programs, either from GNU or from other, similarly freely licensed software, knew that we were using high-quality code. But to our colleagues at school and work, we were a bit weird, trusting our work to software that wasn't backed by a large, commercial company. (I still remember, as a college intern at HP, telling the others in my group that I had compiled, installed and started to use a new shell known as "bash", which was better than the "k shell" we all were using. Their response was somewhere between bemusement and horror.)

As time went on, I started to use a growing number of programs that fit into this "free software" definition—Linux, Perl and Python were the stars, but plenty of others existed, from Emacs (which I use to this day), sendmail (pretty much the only SMTP server at the time), DNS libraries and the like. In 1998, Tim O'Reilly decided that although the "free software" cause was good, it needed better coordination and marketing. Thus, the term "open source" was popularized, stressing the practical benefits over the philosophical and societal ones.

I was already consulting at the time, regularly fighting an uphill battle with clients—small startups and large multinationals alike—telling them that yes, I trusted code that didn't cost money, could be modified by anyone and was developed by volunteers.

But marketing, believe it or not, really does work. And the term "open source" did a great job of opening many people's minds. Slowly but surely, things started to change: IBM announced that it would invest huge amounts of money in Linux and open-source software. Apache, which had started life as an httpd server, became a foundation that sponsored a growing array of open-source projects. Netscape tumbled as quickly as it had grown, releasing its Mozilla browser as open-source software (and with its own foundation) before going bust. Red Hat proved that you could have a successful open-source company based on selling high-quality services and support. And these are just the most prominent names.

With every announcement, the resistance to using open source in commercial companies dropped bit more. As companies realized that others were depending on open source, they agreed to use it too.

Go to Full Article
Reuven M. Lerner

Fedora 30 Beta Released, Chef Releasing All of Its Software as Open Source, elementary Adopting Flatpak for AppCenter, Unreal Engine 4.22 Now Available and VMware Lawsuit Dropped

2 months 3 weeks ago

News briefs for April 3, 2019.

Fedora 30 Beta was released yesterday. Highlights include new desktop environment choices, DNF performance improvements, GNOME 3.32 and updated versions of many packages, such as Golang, Bash, Python and more. For more details, see the Fedora 30 Change set.

Chef has announced it is releasing all of its software as open source. According to DevOps.com, "Chef has decided to open source its entire portfolio of IT automation software as part of an effort to make it easier for organizations to construct a DevOps pipeline using the company's software. A part of that effort, Chef also launched the Chef Enterprise Automation Stack—which combines Chef Infra for managing infrastructure, Chef InSpec for maintaining compliance, Chef Habitat for managing applications, Chef Automate for managing hybrid clouds and Chef Workstation, a starter kit for launching Chef—within a single distribution of Chef software. Chef Infra is the original Chef project around which the company was launched."

elementary announced it is adopting Flatpak for AppCenter and its third-party developer ecosystem. The post makes clear that "while Flathub is a great place to get popular cross-platform apps, we still want AppCenter to be the best place to get apps that are specially developed for elementary OS." Also from the announcement: "Moving to Flatpak doesn't mean moving away from our focus on native apps, from enabling developers to get paid with pay-what-you-want downloads, or from the online AppCenter Dashboard where each app is carefully tested, reviewed, and curated before being published to users in AppCenter. We'll be providing our own hosted and curated Flatpak repo for AppCenter, much like we provide our own hosted and curated Debian repo today."

Unreal Engine 4.22 is now available. Major features with this new release include real-time ray tracing and path tracing, high-level rendering refactor, C++ iteration time improvements and much more. According to the Unreal Engine announcement, "This release includes 174 improvements submitted by the incredible community of Unreal Engine developers on GitHub!"

Linux developer Christopher Helwig has dropped the VMware lawsuit after a German court dismissed the case. ZDNet reports that "after the German Hamburg Higher Regional Court dismissed Helwig's appeal, he has decided that it would be pointless to appeal the decision." ZDNet summarized the background: "The heart of the lawsuit had been that Hypervisor vSphere VMware ESXi 5.5.0 violated Linux's copyright. That's because VMware had not licensed a derivative work from Linux under the GNU General Public License (GPL). True, VMware had disclosed the vmklinux component under the GPL, but not the associated hypervisor components. Or, as Helwig put it, 'VMware uses a badly hacked 2.4 kernel with a big binary blob hooked into it, giving a derived work of the Linux kernel that's not legally redistributable.'" See the article for more details on the history of the case.

News Fedora GNOME Chef DevOps elementary OS Unreal Engine VMware
Jill Franklin

What Linux Journal's Resurrection Taught Me about the FOSS Community

2 months 3 weeks ago
by Kyle Rankin

"Marley was dead, to begin with."—Charles Dickens, A Christmas Carol.

As you surely know by now, Linux Journal started in 1994, which means it has been around for most of the Linux story. A lot has changed since then, and it's not surprising that Linux and the Free and Open Source Software (FOSS) community are very different today from what they were for Linux Journal's first issue 25 years ago. The changes within the community during this time had a direct impact on Linux Journal and contributed to its death, making Linux Journal's story a good lens through which to view the overall story of the FOSS community. Although I haven't been with Linux Journal since the beginning, I was there during the heyday, the stroke, the decline, the death and the resurrection. This article is about that story and what it says about how the FOSS community has changed.

It's also a pretty personal story.

A Bit about Me

Although it's true that I sometimes write about personal projects in my articles and may disclose some personal details from time to time, I generally try not to talk too much about my personal life, but as it's useful to frame this story, here we go. I grew up in an era when personal computers were quite expensive (even more so, now that I account for inflation), and it wasn't very common to grow up with one in your home.

In high school, I took my first computer class in BASIC programming. This class fundamentally changed me. Early on in the class I knew that I wanted to change any past career plans and work with computers instead. My family noticed this change, and my grandparents and mother found the money to buy my first computer: a Tandy 1000 RLX. Although there certainly were flashier or more popular computers, it did come with a hard drive (40MB!), which was still pretty novel at the time. Every time I learned a new BASIC command in school, I would spend the following evenings at home figuring out every way I could use that new-found knowledge in my own software.

I never got internet access during high school (my mom saw the movie WarGames and was worried if I had internet access, I might accidentally trigger a house call from the FBI). This just made it all the more exciting when I went to college and not only got a modern computer, but also high-speed campus internet! Like most people, I was tempted to experiment in college. In my case, in 1998 a neighbor in my dorm brought over a series of Red Hat 5.1 floppies (the original 5.1, not RHEL) and set up a dual-boot environment on my computer. The first install was free.

Desktop Linux in the Late 1990s

If you weren't around during the late 1990s, you may not realize just how different Linux was back then, but hopefully a screenshot of my desktop will help illustrate (Figure 1).

Go to Full Article
Kyle Rankin