Linux Journal

Red Hat's "Road to A.I." Film, Google Chrome Marks HTTP Connections Not Secure, BlueData Launches BlueK8s Project, Linux Bots Account for 95% of DDoS Attacks and Tron Buys BitTorrent

2 months 3 weeks ago

News briefs for July 25, 2018.

Red Hat's Road to A.I. film has been chosen as an entry in the 19th Annual Real to Reel International Film Festival. According to the Red Hat blog post, this "documentary film looks at the current state of the emerging autonomous vehicle industry, how it is shaping the future of public transportation, why it is a best use case for advancing artificial intelligence and how open source can fill the gap between the present and the future of autonomy." The Road to A.I. is the fourth in Red Hat's Open Source Stories series, and you can view it here.

Google officially has begun marking HTTP connections as not secure for all Chrome users, as it promised in a security announcement two years ago. The goal is eventually "to make it so that the only markings you see in Chrome are when a site is not secure, and the default unmarked state is secure". Also, beginning in October 2018, Chrome will start showing a red "not secure" warning when users enter data on HTTP pages.

BlueData launched the BlueK8s project, which is an "open source project that seeks to make it easier to deploy big data and artificial intelligence (AI) application workloads on top of Kubernetes", Container Journal reports. The BlueK8s "project is based on container technologies the company developed originally to accelerate the deployment of big data based on Hadoop and Apache Spark software".

According to the latest Kaspersky Lab report, Linux bots now account for 95% of all DDoS attacks. A post on Beta News reports that these attacks are based on some rather old vulnerabilities, such as one in the Universal Plug-and-Play protocol, which has been around since 2001, and one in the CHARGEN protocol, which was first described in 1983. See also the Kaspersky Lab blog for more Q2 security news.

BitTorrent has been bought by Tron, a blockchain startup, for "around $126 million in cash". According to the story on Engadget, Tron's founder Justin Sun says that this deal now makes his company the "largest decentralized Internet ecosystem in the world."

News Red Hat AI open source Google Chrome Security Blockchain
Jill Franklin

Some of Intel's Effort to Repair Spectre in Future CPUs

2 months 3 weeks ago
by Zack Brown

Dave Hansen from Intel posted a patch and said, "Intel is considering adding a new bit to the IA32_ARCH_CAPABILITIES MSR (Model-Specific Register) to tell when RSB (Return Stack Buffer) underflow might be happening. Feedback on this would be greatly appreciated before the specification is finalized." He explained that RSB:

...is a microarchitectural structure that attempts to help predict the branch target of RET instructions. It is implemented as a stack that is pushed on CALL and popped on RET. Being a stack, it can become empty. On some processors, an empty condition leads to use of the other indirect branch predictors which have been targeted by Spectre variant 2 (branch target injection) exploits.

The new MSR bit, Dave explained, would tell the CPU not to rely on data from the RSB if the RSB was already empty.

Linus Torvalds replied:

Yes, please. It would be lovely to not have any "this model" kind of checks.

Of course, your patch still doesn't allow for "we claim to be skylake for various other independent reasons, but the RSB issue is fixed".

So it might actually be even better with _two_ bits: "explicitly needs RSB stuffing" and "explicitly fixed and does _not_ need RSB stuffing".

And then if neither bit it set, we fall back to the implicit "we know Skylake needs it".

If both bits are set, we just go with a "CPU is batshit schitzo" message, and assume it needs RSB stuffing just because it's obviously broken.

On second thought, however, Linus withdrew his initial criticism of Dave's patch, regarding claiming to be skylake for nonRSB reasons. In a subsequent email Linus said, "maybe nobody ever has a reason to do that, though?" He went on to say:

Virtualization people may simply want the user to specify the model, but then make the Spectre decisions be based on actual hardware capabilities (whether those are "current" or "some minimum base"). Two bits allow that. One bit means "if you claim you're running skylake, we'll always have to stuff, whether you _really_ are or not".

Arjan van de Ven agreed it was extremely unlikely that anyone would claim to be skylake unless it was to take advantage of the RSB issue.

That was it for the discussion, but it's very cool that Intel is consulting with the kernel people about these sorts of hardware decisions. It's an indication of good transparency and an attempt to avoid the fallout of making a bad technical decision that would incur further ire from the kernel developers.

Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to ljeditor@linuxjournal.com.

Go to Full Article
Zack Brown

Cooking with Linux (without a Net): Backups in Linux, LuckyBackup, gNewSense and PonyOS

2 months 3 weeks ago

Please support Linux Journal by subscribing or becoming a patron.

It's Tuesday, and it's time for Cooking with Linux (without a Net) where I do some live Linuxy and open-source stuff, live, on camera, and without the benefit of post-video editing—therefore providing a high probability of falling flat on my face. And now, the classic question: What shall I cover? Today, I'm going to look at backing up your data using the command line and a graphical front end. I'm also going to look at the free-iest and open-iest distribution ever. And, I'm also going to check out a horse-based operating system that is open source but supposedly not Linux. Hmm...

Cooking with Linux
Marcel Gagné

Security Keys Work for Google Employees, Canonical Releases Kernel Update, Plasma 5.14 Wallpaper Revealed, Qmmp Releases New Version, Toshiba Introduces New SSDs

2 months 3 weeks ago

News briefs for July 24, 2018.

Google requires all of its 85,000 employees to use security keys, and it hasn't had one case of account takeover by phishing since, Engadget reports. The security key method is considered to be safer than two-factor authentication that requires codes sent via SMS.

Canonical has released a new kernel update to "fix the regression causing boot failures on 64-bit machines, as well as for OEM processors and systems running on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and other cloud environments", according to Softpedia News. Users of Ubuntu 18.04 and 16.04 LTS should update to the new kernel version as soon as possible. See the Linux kernel regression security notice (USN-3718-1) for more information.

New Plasma 5.14 wallpaper, "Cluster", has been revealed on Ken Vermette's blog. He writes that it's "the first wallpaper for KDE produced using the ever excellent Krita." You can see the full image here.

Qmmp, the Qt-based Linux audio player, recently released version 1.2.3. Changes in the new version include adding qmmp 0.12/1.3 config compatibility, disabling global shortcuts during configuration, fixing some gcc warnings and metadata updating issues and more. Downloads are available here.

Toshiba introduces a new lineup of SSDs based on its 96-layer, BiCS FLASH 3D flash memory. It's the first SSD to use this "breakthrough technology", and "the new XG6 series is targeted to the client PC, high-performance mobile, embedded, and gaming segments—as well as data center environments for boot drives in servers, caching and logging, and commodity storage." According to the press release, "the XG6 series will be available in capacities of 256, 512 and 1,024 gigabytes" and are currently available only as samples to select OEM customers.

News Google Security email Canonical Ubuntu kernel Plasma Desktop KDE qt Audio/Video multimedia Hardware SSDs
Jill Franklin

Building a Bare-Bones Git Environment

2 months 3 weeks ago
by Andy Carlson

How to migrate repositories from GitHub, configure the software and get started with hosting Git repositories on your own Linux server.

With the recent news of Microsoft's acquisition of GitHub, many people have chosen to research other code-hosting options. Self-hosted solutions like GitLabs offer a polished UI, similar in functionality to GitHub but one that requires reasonably well-powered hardware and provides many features that casual Git users won't necessarily find useful.

For those who want a simpler solution, it's possible to host Git repositories locally on a Linux server using a few basic pieces of software that require minimal system resources and provide basic Git functionality including web accessibility and HTTP/SSH cloning.

In this article, I show how to migrate repositories from GitHub, configure the necessary software and perform some basic operations.

Migrating Repositories

The first step in migrating away from GitHub is to relocate your repositories to the server where they'll be hosted. Since Git is a distributed version control system, a cloned copy of a repository contains all information necessary for running the entire repository. As such, the repositories can be cloned from GitHub to your server, and all the repository data, including commit logs, will be retained. If you have a large number of repositories this could be a time-consuming process. To ease this process, here's a bash function to return the URLs for all repositories hosted by a specific GitHub user:

genrepos() { if [ -z "$1" ]; then echo "usage: genrepos " else repourl="https://github.com/$1?tab=repositories" while [ -n "$repourl" ]; do curl -s "$repourl" | awk '/href.*codeRepository/ ↪{print gensub(/^.*href="\/(.*)\/(.*)".*$/, ↪"https://github.com/\\1/\\2.git","g",$0); }' export repourl=$(curl -s "$repourl" | grep'>Previous<. ↪*href.*>Next<' | grep -v 'disabled">Next' | sed ↪'s/^.*href="//g;s/".*$//g;s/^/https:\/\/github.com/g') done fi }

This function accepts a single argument of the GitHub user name. If the output of this command is piped into a while loop to read each line, each line can be fed into a git clone statement. The repositories will be cloned into the /opt/repos directory:

Go to Full Article
Andy Carlson

New Neptune OS V5.4, Slax 9.5.0 Now Available, GNOME Redesigning Icons, KDE Applications 18.08 Enters Beta Testing and Kernel 4.18-rc6 Released

2 months 3 weeks ago

News briefs for July 23, 2018.

Neptune OS released V5.4, which is a complete update with many enhancements and fixes to the Debian-based distro. New features include a GUI makeover with dark themes in mind, increased hardware support, and several software and app updates. See the post on Appuals for all the details and the changelog.

Slax 9.5.0 has been released. Slax is a "minimalistic, fully modular operating system", and you can purchase it "preinstalled on an USB flash drive with hardware-based AES encryption. This device is universally usable because the encryption is performed directly by the drive itself, there is no software to install needed. Once disconnected, the USB drive automatically locks itself again". Payment is accepted only via Bitcoin.

Linux kernel 4.18-rc6 was released. Linus commented "So this was the week when the other shoe dropped....The reason the two previous rc releases were so nice and small was that David hadn't sent me much networking fixes, and they came in this week. That said, it's not really a huge rc this week either, so it's all good." Source: LWN.net.

GNOME developers are redesigning its icons, so your desktop will soon be more colorful, OMG Ubuntu reports. In addition, "GNOME is deprecating the use of tiny icon sizes in favour of symbolic icons, and will only require devs to ship a 'single, scalable, high resolution' app icon."

KDE Applications 18.08 has begun beta testing with version 18.07.80, and the release is scheduled for August 16, 2018. The software suite is adding two new libraries: KPkPass (for reading Apple Wallet pass files) and KItinerary (which consists of "itinerary extraction code and itinerary data model used for data model, data extraction, and data augmentation"). See the announcement and the KDE Community Wiki for more information.

News Distributions GNOME Debian Neptune OS Slax kernel KDE
Jill Franklin

Introducing Python 3.7's Dataclasses

2 months 3 weeks ago
by Reuven M. Lerner

Python 3.7's dataclasses reduce repetition in your class definitions.

Newcomers to Python often are surprised by how little code is required to accomplish quite a bit. Between powerful built-in data structures that can do much of what you need, comprehensions to take care of many tasks involving iterables, and the lack of getter and setter methods in class definitions, it's no wonder that Python programs tend to be shorter than those in static, compiled languages.

However, this amazement often ends when people start to define classes in Python. True, the class definitions generally will be pretty short. But the __init__ method, which adds attributes to a new object, tends to be rather verbose and repetitive—for example:

class Book(object): def __init__(self, title, author, price): self.title = title self.author = author self.price = price

Let's ignore the need for the use of self, which is an outgrowth of the LEGB (local, enclosing, global, builtins) scoping rules in Python and which isn't going away. Let's also note that there is a world of difference between the parameters title, author and price and the attributes self.title, self.author and self.price.

What newcomers often wonder—and in the classes I teach, they often wonder about this out loud—is why you need to make these assignments at all. After all, can't __init__ figure out that the three non-self parameters are meant to be assigned to self as attributes? If Python's so smart, why doesn't it do this for you?

I've given several answers to this question through the years. One is that Python tries to make everything explicit, so you can see what's happening. Having automatic, behind-the-scenes assignment to attributes would violate that principal.

At a certain point, I actually came up with a half-baked solution to this problem, although I did specifically say that it was un-Pythonic and thus not a good candidate for a more serious implementation. In a blog post, "Making Python's __init__ method magical", I proposed that you could assign parameters to attributes automatically, using a combination of inheritance and introspection. This was was a thought experiment, not a real proposal. And yet, despite my misgivings and the skeletal implementation, there was something attractive about not having to write the same boilerplate __init__ method, with the same assignment of arguments to attributes.

Go to Full Article
Reuven M. Lerner

Vivaldi's New Qwant Privacy-Focused Search Engine, Microsoft Makes PowerShell Core a Snap, Red Hat Ansible Engine 2.6 Now Available, Apache Software Foundation's Annual Report and More

2 months 4 weeks ago

News briefs for June 20, 2018.

Vivaldi Technologies has added a new privacy-focused search engine called Qwant to its Vivaldi web browser. Qwant doesn't store cookies or search history. Softpedia News quotes CEO and co-founder of Vivaldi Jon von Tetzchner: "We believe that the Internet can do better. We do not believe in tracking our users or in data profiling." You need version 1.15 of Vivaldi in order to enable Qwant.

Microsoft has made its PowerShell Core available in the Snap Store as a Snap application, OMG Ubuntu reports, allowing "Linux users and admins on various distros to run the latest version of PowerShell securely and safely across desktop, laptop and IoT."

Red Hat Ansible Engine 2.6 is now available. According to the press release, this new version "adds new content for automating across hybrid and multicloud environments, along with simplified connections to network APIs and updates for Ansible deployments overseeing Windows environments". It allows users "to more rapidly expand their infrastructure, without expanding manpower" and focuses on three areas of automation: multicloud, network and Windows.

Google, Microsoft, Twitter and Facebook announced the Open-Source Data Transfer Project to promote universal data portability. Phoronix reports that the initiative "is to enable consumers to transfer data directly from one server to another, without the need for downloading/uploading of the content". See also the Google Open Source blog for more information.

The Apache Software Foundation (ASF) released its annual report last week, which announced that the Foundation received open-source code worth more than $600 million by volunteer project contributors over a 12-month period. According to the post on IT Web, the report also covered one of the biggest crises for the ASF: "the Equifax data breach that affected 143 million consumers in the US and Canada as a result of a vulnerability in Apache Struts".

News Privacy Vivaldi Web Browsers Microsoft Snap Red Hat Ansible Cloud Apache
Jill Franklin

Atomic Modeling with GAMGI

2 months 4 weeks ago
by Joey Bernard

For this article, I'm moving back into the realm of chemistry software—specifically, the General Atomistic Modelling Graphic Interface, or GAMGI. GAMGI provides a very complete set of tools that allows you to design and visualize fairly complex molecules.

GAMGI has the special ability to make creating repeating structures much easier, which is handy when you're trying to create crystalline structures.

GAMGI should be available in the package repositories of most Linux distributions. For example, on Debian-based distros, you can install GAMGI with the following command:

sudo apt-get install gamgi

There are also data and documentation packages (gamgi-data and gamgi-doc), and when you first start to use GAMGI, it's a good idea to install those packages as well.

Once the packages are installed, you can start GAMGI from the command line or from your desktop environment's menu system. When it starts up, you get a blank canvas to begin your work.

Figure 1. When you start GAMGI, you get a minimal set of tools to help begin your project.

This interface is probably one of the more minimal ones of the chemistry packages that you are likely to use, but it hides all of the functionality that is present within GAMGI. It is object-oriented, in that all of the main elements are treated as independent objects, with properties and relationships to other objects. These elements include atoms, bonds, molecules and crystal planes. Each of them are built up of a number of the earlier ones. One extra piece that GAMGI has is the ability to work with orbitals. Let's walk through an example of a salt crystal (NaCl) to show how you can use GAMGI to do graphical analysis.

When looking at a crystalline structure, you'll want to start by creating a cell in the window. You do this by clicking the Cell→Create menu item. Then you'll get a pop-up window where you can set several properties of the new cell.

Figure 2. When you create a new cell for crystal structures, you can set several different properties on how it will be constructed.

Since salt is a cubic crystal, you'll want to set the system value to c (for cubic), and set the lattice value to F (for face-centered). For each of these, you can get a full set of allowed values by clicking the associated "List" button. Clicking Ok creates the cell.

Go to Full Article
Joey Bernard

System76's New Manufacturing Facility, Ubuntu 17.10 Reaches End of Life, Google Cloud Platform Marketplace, Stranded Deep Now Available for Linux and Cutelyst New Release

2 months 4 weeks ago

News briefs for July 19, 2018.

System76 has moved into its new manufacturing facility in Denver, Colorado. The company will begin making computers in the US, rather than just assembling them. See the System76 blog post for photos of the new digs.

Ubuntu 17.10 "Artful Aardvark" has reached end of life today, so there will be no more security updates for that version. If you're running Ubuntu 17.10, you need to upgrade to 18.04 now. See the post on It's FOSS for more information and instructions on how to upgrade.

Google has rebranded its Cloud Launcher platform, and it now will be called the Google Cloud Platform Marketplace (or GCP Marketplace). LinuxInsider reports that "it will offer production-ready commercial Kubernetes apps, promising simplified deployment, billing and third-party licensing."

Single-player survival game Stranded Deep is now available for Linux, GamingOnLinux reports, although users were reporting a few issues earlier this week. Stranded Deep is available on Steam.

Cutelyst, a C++ web framework based on Qt, has a new release. The update includes several bug fixes and some build issues with buildroot. See Dantti's Blog for all the details. Cutelyst is available on GitHub.

News System76 Ubuntu Google Kubernetes gaming qt
Jill Franklin

Using the Best CPU Available on Asymmetric Systems

2 months 4 weeks ago
by Zack Brown

Dietmar Eggemann posted a patch from Quentin Perret to take advantage of energy-efficient CPUs on asymmetric multiprocessor (AMP) systems. AMP is distinguished from SMP (symmetric multiprocessor) systems in that an SMP system uses several instances of only one type of CPU, while an AMP system might use CPUs of differing speeds, feature-sets and so on.

Quentin's patch was an effort to take advantage of differences in power consumption between the CPUs on an AMP system. It attempted to identify the most efficient CPU that was not already saturated with processes and assign newly awakened processes to it. If no CPUs fit the bill, standard SMP-type methods of processor assignment would be used instead.

Dietmar explained, "The selection of the most energy-efficient CPU for a task is achieved by estimating the impact on system-level active energy resulting from the placement of the task on each candidate CPU. The best CPU energy-wise is then selected if it saves a large enough amount of energy with respect to prev_cpu."

He acknowledged that this algorithm was a brute-force approach that could work well only on systems with a relatively small number of CPUs. He said, "This patch is an attempt to do something useful, as writing a fast heuristic that performs reasonably well on a broad spectrum of architectures isn't an easy task."

Patrick Bellasi and Joel Fernandes had no serious objections to the patch and offered some technical suggestions. The discussion delved into various technical issues and specific ways of addressing them, with no one raising any controversial issues.

This is the type of situation with a patch where it might look like a lack of opposition could let it sail into the kernel tree, but really, it just hasn't been thoroughly examined by Linux bigwigs yet. Once the various contributors have gotten the patch as good as they can get it without deeper feedback, they'll probably send it up the ladder for inclusion in the main source tree. At that point, the security folks will jump all over it, looking for ways that a malicious user might force processes all onto only one particular CPU (essentially mounting a denial-of-service attack) or some such thing. Even if the patch survives that scrutiny, one of the other big-time kernel people, or even Linus Torvalds, could reject the patch on the grounds that it should represent a solution for large-scale systems as well as small.

Go to Full Article
Zack Brown

Google Fined by EU for Antitrust Violations, Qt Creator 4.7.0 Now Available, New ownCloud Version 10.0.9, pfSense Gold to Be Free with the 2.4.4 Release, Kobol Relaunches Helios4

3 months ago

News briefs for July 18, 2018.

Google is being fined $5 billion USD for Android antitrust violations, The Verge reports. The EU Commission claims Google has abused Android dominance in three ways: "Google has been bundling its search engine and Chrome apps into the operating system. Google has also allegedly blocked phone makers from creating devices that run forked versions of Android, and 'made payments to certain large manufacturers and mobile network operators' to exclusively bundle the Google Search app on handsets." It has 90 days to bring its "illegal conduct to an end in an effective manner". Google plans to appeal this decision.

Qt Creator version 4.7.0 is now available. The release announcement notes that with this release, the Clang code model now is on by default to keep up with developments in C++. In addition, "the Clang code model provides much better information about issues in code without going through the edit-compile-analyze cycle explicitly." You can download the open-source version here.

ownCloud's new version 10.0.9 includes improved password policy, S3 Object Storage integration and pending shares feature. According to the ownCloud press release, this new version increases security as "password policies can now be defined for all users, and a password history prevents previously used passwords from being set and the ability to accept or reject pending shares of received files provides additional control and security." You can download ownCloud here and its corresponding apps here.

Netgate announces that pfSense Gold will be free with the 2.4.4 release, including all services previously offered under the pfSense Gold subscription, such as the pfSense Book and monthly online Hangouts (video conferences). In addition, AutoConfigBackup (ACB) also will be free and will conform to GDPR best practices. The 2.4.4 release is planned for September 2018.

Kobol is relaunching Helios4 via its own funding campaign. The open-spec NAS SBC and fanned system "runs Debian on a Marvell Armada 388 SoC with 2GB ECC RAM and offers 1x GbE, 2x USB 3.0, and 4x SATA 3.0 ports for up to 48TB". According to the Linux Gizmos post, "So far, the Full Kit is half funded while the Basic Kit has drawn little interest. Kobol says that it will refund the money if the campaign doesn't reach its 500-unit goal by Aug. 5. Shipments are due in October."

News Google Android EU qt OwnCloud pfSense Security Hardware Embedded
Jill Franklin

At Rest Encryption

3 months ago
by Kyle Rankin

Learn why at rest encryption doesn't mean encryption when your laptop is asleep.

There are many steps you can take to harden a computer, and a common recommendation you'll see in hardening guides is to enable disk encryption. Disk encryption also often is referred to as "at rest encryption", especially in security compliance guides, and many compliance regimes, such as PCI, mandate the use of at rest encryption. This term refers to the fact that data is encrypted "at rest" or when the disk is unmounted and not in use. At rest encryption can be an important part of system-hardening, yet many administrators who enable it, whether on workstations or servers, may end up with a false sense of security if they don't understand not only what disk encryption protects you from, but also, and more important, what it doesn't.

What Disk Encryption Does

In the context of Linux servers and workstations, disk encryption generally means you are using a system such as LUKS to encrypt either the entire root partition or only a particularly sensitive mountpoint. For instance, some Linux distributions offer the option of leaving the root partition unencrypted, and they encrypt each user's /home directories independently, to be unlocked when the user logs in. In the case of servers, you might leave root unencrypted and add encryption only to specific disks that contain sensitive data (like database files).

In a workstation, you notice when a system is encrypted at rest because it will prompt you for a passphrase to unlock the disk at boot time. Servers typically are a bit trickier, because usually administrators prefer that a server come back up after a reboot without manual intervention. Although some servers may provide a console-based prompt to unlock the disk at boot time, administrators are more likely to have configured LUKS so that the key resides on a separate unencrypted partition. Or, the server may retrieve the key from the network using their configuration management or a centralized secrets management tool like Vault, so there is less of a risk of the key being stolen by an attacker with access to the filesystem.

The main thing that at rest encryption protects you from is data loss due to theft or improper decommissioning of hard drives. If someone steals your laptop while it's powered off, your data will be protected. If someone goes into a data center and physically removes drives from a server with at rest encryption in place, the drives will spin down, and the data on them will be encrypted. The same goes for disks in a server that has been retired. Administrators are supposed to perform secure wiping or full disk destruction procedures to remove sensitive data from drives before disposal, but if the administrator was lazy, disk encryption can help ensure that the data is still protected if it gets into the wrong hands.

Go to Full Article
Kyle Rankin

Open Source at 20

3 months ago
by Doc Searls

Open source software has been around for a long time. But calling it open source only began in 1998. Here's some history:

Christine Peterson came up with the term "open source software" in 1997 and (as she reports at that link) a collection of like-minded geeks decided on February 3, 1998 to get behind it in a big way. Eric S. Raymond became the lead evangelist when he published Goodbye, "free software"; hello, "open source" on February 8th. Bruce Perens led creating the Open Source Initiative later that month. Here at Linux Journal, we were all over it from the start as well. (Here's one example.)

"Open source" took off so rapidly that O'Reilly started OSCON the next year, making this year's OSCON, happening now, the 19th one. (FWIW, at the 2005 OSCON, O'Reilly and Google together gave me an award for "Best Communicator" on the topic. I was at least among the most enthusiastic.)

Google's Ngram Viewer, which searches through all scanned books from 1800 to 2008, shows (see above) that use of "open source" hockey-sticked quickly. Today on Google, "open source" gets 116 million results.

But interest has been trailing off, as we see from Google Trends, which follows "interest over time." Here's how that looks since 2004:

Go to Full Article
Doc Searls

IBM's New Security-First Nabla Container, Humble Bundle's "Linux Geek Bundle", Updates on the Upcoming Atari VCS Console, Redesigned Files App for Chromebooks and Catfish 1.4.6 Released

3 months ago

News briefs for July 17, 2018.

IBM has a new container called Nabla designed for security first, ZDNet reports. IBM claims it's "more secure than Docker or other containers by cutting operating system calls to the bare minimum and thereby reducing its attack surface as small as possible". See also this article for more information on Nabla and this article on how to get started running the containers.

Humble Bundle is offering a "Linux Geek Bundle" of ebooks from No Starch Press for $1 (or more—your choice) right now, in connection with It's FOSS. The Linux Geek bundle's books are worth $571 and are available in PDF, ePUB and MOBI format, and are DRM-free. Part of the purchase price will be donated to the EFF. See the It's FOSS post for the list of titles and more info.

More information on the upcoming Atari VCS console due to launch next year has been released in a Q&A on Medium with Rob Wyatt, System Architect for the Atari VCS project. Rob provides more details on the hardware specs: "The VCS hardware will be powered by an AMD Bristol Ridge family APU with Radeon R7 graphics and is now going to get 8 gigabytes of unified memory. This is a huge upgrade from what was originally specified and unlike other consoles it's all available, we won't reserve 25% of hardware resources for system use." In addition, the Q&A covers the Atari VCS "open platform" and "Sandbox", compatible controllers and more.

Google's Chrome OS team is working on redesigning its Files app for Chromebooks "with a new 'My Files' section that promises to help you better organize your local files, including those from any Android and Linux apps you might have installed." See the Softpedia News post for more information on this redesigned app for Android and Linux files and how to test it via the Chrome OS Canary experimental channel.

Catfish 1.4.6 has been released, and it has now officially joined the Xfce family. According to the announcement, it's "lightweight, fast, and a perfect companion to the Thunar file manager. With the transition from Launchpad to Xfce, things have moved around a bit. Update your bookmarks accordingly!" Other new features include an improved thumbnailer, translation updates and several bug fixes. New releases of Catfish now can be found at the Xfce release archive.

News IBM Containers Nabla Security Books gaming Google ChromeOS Chromebooks Catfish XFCE
Jill Franklin

A Look at Google's Project Fi

3 months ago
by Shawn Powers

Google's Project Fi is a great cell-phone service, but the data-only SIMs make it incredible for network projects!

I have a lot of cell phones. I have iPhones (old and new), Android phones (old, new, very old and funny-shaped), and I have a few legacy phones that aren't either Android or iPhone. Remember Maemo? Yeah, and I still have one of those old Nokia phones somewhere too. Admittedly, part of the reason I have such a collection is that I tend to hoard nostalgic technology, but part of it is practical too.

I've used phones as IP cameras for BirdTopia (my recorded and streamed bird-feeder collection). I've created WiFi-only audiobook devices that I use when I'm out and about. I've used old phones as SONOS remotes, Plex players, Chromecast initiators and countless other tasks that tiny little computers are perfect for doing. One of the frustrating things about using old cell phones for projects like that though is they only have WiFi access, because adding multiple devices to a cell plan becomes expensive quickly. That's not the case anymore, however, thanks to Google's Project Fi.

Most people love Project Fi because of the tower-hopping features or because of the fair pricing. I like those features too, but the real bonus for me is the "data only" SIM option. Like most people, I rarely make phone calls anymore, and there are so many chat apps, texting isn't very important either. With most cell-phone plans, there's an "access" fee per line. With Project Fi, additional devices don't cost anything more! (But, more about that later.) The Project Fi experience is worth investigating.

What's the Deal?

Project Fi is a play on the term "WiFi" and is pronounced "Project Fye", as opposed to "Project Fee", which is what I called it at first. Several features set Project Fi apart from other cell-phone plans.

First, Project Fi uses towers from three carriers: T-Mobile, US Cellular and Sprint. When using supported hardware, Project Fi constantly monitors signal strength and seamlessly transitions between the various towers. Depending on where you live, this can mean constant access to the fastest network or a better chance of having any coverage at all. (I'm in the latter group, as I live in a rural area.)

The second standout feature of Project Fi is the pricing model. Every phone pays a $20/month fee for unlimited calls and texts. On top of that, all phones and devices share a data pool that costs $10/GB. The data cost isn't remarkably low, but Google handles it very well. I recently discovered that it's not billed in full $10 increments (Figure 1). If you use 10.01GB of data, you pay $10.01, not $20.

Go to Full Article
Shawn Powers

Debian "stretch" 9.5 Update Now Available, Red Hat Announces New Adopters of the GPL Cooperation Commitment, Linux Audio Conference 2018 Videos Now Available, Latte Dock v0.8 Released and More

3 months ago

News briefs for July 16, 2018.

Debian "stretch" has a new update, 9.5, the fifth update of the Debian 9 stable release. This version addresses several security issues and other problems. You can upgrade your current installation from one of Debian's HTTP mirrors.

Red Hat announced that 14 additional companies have adopted the GPL Cooperation Commitment, which means that "more than 39 percent of corporate contributions to the Linux kernel, including six of the top 10 contributors" are now represented. According to the Red Hat press release, these commitments "reflect the belief that responsible compliance in open source licensing is important and that license enforcement in the open source ecosystem operates by different norms." Companies joining the growing movement include Amazon, Arm, Canonical, GitLab, Intel Corporation, Liferay, Linaro, MariaDB, NEC, Pivotal, Royal Philips, SAS, Toyota and VMware.

The Linux Audio Conference announced that all videos from the 2018 conference in Berlin are now available. You can find the links here.

Latte Dock v0.8 is now available. New features include multiple layouts simultaneously, smart dynamic background, unify global shortcuts for applets and tasks, and much more. Latte v0.8 is compatible with Plasma >= 5.12, KDE Frameworks >= 5.38, Qt >= 5.9. You can download it from here.

Ubuntu has improved the user interface of its Snap Store website. It's FOSS reports that the updates make "it more useful for the users by adding developer verification, categories, improved search".

News Debian Audio/Video multimedia licensing Red Hat Ubuntu Snap open source Desktop KDE
Jill Franklin

Opinion: GitHub vs GitLab

3 months ago
by Matt Lee

Free software deserves free tools, not Microsoft-owned GitHub.

So, Microsoft bought GitHub, and many people are confused or worried. It's not a new phenomenon when any large company buys any smaller company, and people are right to be worried, although I argue that their timing is wrong. Like Microsoft, GitHub has made some useful contributions to free and open-source software, but let's not forget that GitHub's main product is proprietary software. And, it's not just some innocuous web service either; GitHub makes and sells a proprietary software package you can download and run on your own server called GitHub Enterprise (GHE).

Let's remember how we got here. BitMover made a tool called BitKeeper, a proprietary version control system that allowed free-of-charge licenses to free software projects. In 2002, the Linux kernel switched to using BitKeeper for its version control, although some notable developers made the noble choice to refuse to use the proprietary program. Many others did not, and for a number of years, kernel development was hampered by BitKeeper's restrictive noncommercial licenses.

In 2005, Andrew Tridgell, working at OSDL, developed a client that bypassed this restriction, and as a result, BitMover removed licenses to BitKeeper from all OSDL employees—including Linus Torvalds. Eventually, all non-commercial licenses were stopped, and new licenses included clauses preventing the development of alternative version control systems. As a result of this, two new projects were born: Mercurial and Git. Created in a few short weeks in 2005, Git quickly became the version control system for Linux development.

Proprietary version control tools aren't common in free software development, but proprietary collaboration websites have been around for some time. One of the earliest collaboration websites still around today is Sourceforge. Sourceforge was created in the late 1990s by VA Software, and the code behind the project was released in 2000.

Quickly this situation changed, and the project was shuttered and then became Sourceforge Enterprise Edition, a proprietary software package. The code that ran Sourceforge was forked into GNU Savannah (later Savane) and GForge, and it's still use today by both the GNU Project and CERN. When I last wrote about this problem, almost exactly ten years ago, Canonical's ambitious Launchpad service still was proprietary, something later remedied in 2009. Gitorious was created in 2010 and was for a number of years the Git hosting platform for the discerning free software developer, as the code for Gitorious was fully public and licensed under favorable terms for the new wave of AGPL-licensed projects that followed the FSF's Franklin Street Statement. Gitorious, also, is sadly no longer with us.

Go to Full Article
Matt Lee

Python and Its Community Enter a New Phase

3 months ago
by Reuven M. Lerner

On Python's BDFL Guido van Rossum, his dedication to the Python community, PEP 572 and hope for a healthy outcome for the language, open source and the computing world in general.

Python is an amazing programming language, there's no doubt about it. From humble beginnings in 1991, it's now just about everywhere. Whether you're doing web development, system administration, test automation, devops or data science, odds are good that Python is playing a role in your work.

Even if you're not using Python directly, odds are good that it is being used behind the scenes. Using OpenStack? Python plays an integral role in its development and configuration. Using Dropbox on your computer? Then you've got a copy of Python running on your computer. Using Linux? When I purchased Red Hat Linux back in 1995, the configuration was a breeze—thanks to visual tools developed in Python.

And, of course, there are numerous schools and educational programs that are now teaching Python. MIT's intro computer science course switched several years ago from Scheme to Python, and thousands of universities all over the world made a similar switch in its wake. My 15-year-old daughter participates in a program for technology and entrepreneurship—and she's learning Python.

There currently is an almost insatiable demand for Python developers. Indeed, Stack Overflow reported last year that Python is not only the most popular language on its site, but it's also the fastest-growing language. I can attest to this popularity in my own job as a freelance Python trainer. Some of the largest computer companies in the world are now using Python on a regular basis, and their use of the language is growing, not shrinking.

Normally, a technology with this much impact would require a large and active marketing department. But Python is (of course) open-source software, and its success is the result of a large number of contributors—to the core language, to its documentation, to libraries and to the numerous blogs, tutorials, articles and videos available online. I often remind my students that people often think of "open source" as a synonym for "free of charge", but that they should instead think of it as a synonym for "powered by the community"—and there's no doubt that the Python community is strong.

Such a strong community doesn't come from nowhere. And there's no doubt that Guido van Rossum, who created Python and has led its development ever since, has been a supremely effective community organizer and leader.

Go to Full Article
Reuven M. Lerner

FOSS Project Spotlight: Pydio Cells, an Enterprise-Focused File-Sharing Solution

3 months ago
by Italo Vignoli

Pydio Cells is a brand-new product focused on the needs of enterprises and large organizations, brought to you from the people who launched the concept of the open-source file sharing and synchronization solution in 2008. The concept behind Pydio Cells is challenging: to be to file sharing what Slack has been to chats—that is, a revolution in terms of the number of features, power and ease of use.

In order to reach this objective, Pydio's development team has switched from the old-school development stack (Apache and PHP) to Google's Go language to overcome the bottleneck represented by legacy technologies. Today, Pydio Cells offers a faster, more scalable microservice architecture that is in tune with dynamic modern enterprise environments.

In fact, Pydio's new "Cells" concept delivers file sharing as a modern collaborative app. Users are free to create flexible group spaces for sharing based on their own ways of working with dedicated in-app messaging for improved collaboration.

In addition, the enterprise data management functionality gives both companies and administrators reassurance, with controls and reporting that directly answer corporate requirements around the General Data Protection Regulation (GDPR) and other tightening data protection regulations.

Pydio Loves DevOps

In tune with modern enterprise DevOps environments, Pydio Cells now runs as its own application server (offering a dependency-free binary, with no need for external libraries or runtime environments). The application is available as a Docker image, and it offers out-of-the-box connectors for containerized application orchestrators, such as Kubernetes.

Also, the application has been broken up into a series of logical microservices. Within this new architecture, each service is allocated its own storage and persistence, and can be scaled independently. This enables you to manage and scale Pydio more efficiently, allocating resources to each specific service.

The move to Golang has delivered a ten-fold improvement in performance. At the same time, by breaking the application into logical microservices, larger users can scale the application by targeting greater resources only to the services that require it, rather than inefficiently scaling the entire solution.

Built on Standards

The new Pydio Cells architecture has been built with a renewed focus on the most popular modern open standards:

Go to Full Article
Italo Vignoli