Open Source

'Open Source Security' Loses in Court, Must Pay $259,900 To Bruce Perens (theregister.co.uk) 112

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Now he's just won a legal victory in court. "Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim," reports The Register. Slashdot reader Right to Opine writes: The order requires Spengler and his company to pay $259,900.50, with the bill due immediately rather than allowing a wait for the appeal of the case. The Electronic Frontier Foundation's attorneys will represent Perens during OSS/Spengler's appeal of the case.

Perens was sued for comments on his blog and here on Slashdot that suggested that OSS's Grsecurity product could be in violation of the GPL license on the Linux kernel. The court had previously ruled that Perens' statements were not defamatory, because they were statements by a non-attorney regarding an undecided issue in law. It is possible that Spengler is personally liable for any damages his small company can't pay, since he joined the case as an individual in order to preserve a claim of false light (which could not be brought by his company), removing his own corporate protection.

Open Source

Why OpenStreetMap Should Be a Priority for the Open Source Community (linuxjournal.com) 116

"Despite its low profile, OpenStreetMap is arguably one of the most important projects for the future of free software," argues Glyn Moody, author of Rebel Code: Linux And The Open Source Revolution, in a new Linux Journal article shared by long-time Slashdot reader carlie: The rise of mobile phones as the primary computing device for billions of people, especially in developing economies, lends a new importance to location and movement. Many internet services now offer additional features based on where users are, where they are going and their relative position to other members of social networks. Self-driving cars and drones are two rapidly evolving hardware areas where accurate geographical information is crucial. All of those things depend upon a map in critical ways, and they require large, detailed datasets. OpenStreetMap is the only truly global open alternative to better-known, and much better-funded geodata holdings, such as Google Maps.

The current dominance of the latter is a serious problem for free software -- and freedom itself. The data that lies behind Google Maps is proprietary. Thus, any open-source program that uses Google Maps or other commercial mapping services is effectively including proprietary elements in its code. For purists, that is unacceptable in itself. But even for those with a more pragmatic viewpoint, it means that open source is dependent on a company for data that can be restricted or withdrawn at any moment....

Although undoubtedly difficult, creating high-quality map-based services is a challenge that must be tackled by the Open Source community if it wants to remain relevant in a world dominated by mobile computing. The bad news is that at the moment, millions of people are happily sending crucial geodata to proprietary services like Waze, as well as providing free bug-fixes for Google Maps. Far better if they could be working with equal enthusiasm and enjoyment on open projects, since the resulting datasets would be freely available to all, not turned into corporate property. The good news is that OpenStreetMap provides exactly the right foundation for creating those open map-based services, which is why supporting it must become a priority for the Open Source world.


KDE Plasma 5.13 Released (kde.org) 94

jrepin writes: KDE unveils the final release of Plasma 5.13, the free and open-source desktop environment. Members of the Plasma team have focused on optimizing startup and minimizing memory usage. Plasma Browser Integration is a suite of new features which make Firefox, Chrome and Chromium-based browsers work with your desktop. For example, downloads are now displayed in the Plasma notification popup, and the Media Controls Plasmoid can mute and skip videos and music playing from within the browser. Browser tabs can be opened directly using KRunner via the Alt-Space keyboard shortcut. System Settings design has been improved further. Window manager gained much-improved effects for blur and desktop switching. Wayland work continued, with the return of window rules, and initial support for screencasts and desktop sharing. You can view the changelog here.

Systemd-Free Devuan 2.0 'ASCII' Officially Released (devuan.org) 313

"Dear Init Freedom Lovers..." begins the announcement at Devuan.org: We are happy to announce that Devuan GNU+Linux 2.0 ASCII Stable is finally available. Devuan is a GNU+Linux distribution committed to providing a universal, stable, dependable, free software operating system that uses and promotes alternatives to systemd and its components.

Devuan 2.0 ASCII runs on several architectures. Installer CD and DVD ISOs, as well as desktop-live and minimal-live ISOs, are available for i386 and amd64. Ready-to-use images can be downloaded for a number of ARM platforms and SOCs, including Raspberry Pi, BeagleBone, OrangePi, BananaPi, OLinuXino, Cubieboard, Nokia and Motorola mobile phones, and several Chromebooks, as well as for Virtualbox/QEMU/Vagrant. The Devuan 2.0 ASCII installer ISOs offer a variety of Desktop Environments including Xfce, KDE, MATE, Cinnamon, LXQt, with others available post-install. The expert install mode now offers a choice of either SysVinit or OpenRC as init system...

We would like to thank the entire Devuan community for the continued support, feedback, and collaboration....

The release notes include information on Devuan's new network of package repository mirrors, and they're also touting their "direct and easy upgrade paths" from Devuan Jessie, Debian Jessie and Debian Stretch.

Microsoft Acquires GitHub For $7.5B (microsoft.com) 492

As rumored, Microsoft said Monday that it has acquired code repository website GitHub for a whopping sum of $7.5B in Microsoft stock. Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub's current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives. From the blog post: "Microsoft is a developer-first company, and by joining forces with GitHub we strengthen our commitment to developer freedom, openness and innovation," said Satya Nadella, CEO, Microsoft. "We recognize the community responsibility we take on with this agreement and will do our best work to empower every developer to build, innovate and solve the world's most pressing challenges." Under the terms of the agreement, Microsoft will acquire GitHub for $7.5 billion in Microsoft stock. Subject to customary closing conditions and completion of regulatory review, the acquisition is expected to close by the end of the calendar year. GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries. Developers will continue to be able to use the programming languages, tools and operating systems of their choice for their projects -- and will still be able to deploy their code to any operating system, any cloud and any device. The two companies, together, will "empower developers to achieve more at every stage of the development lifecycle, accelerate enterprise use of GitHub, and bring Microsoft's developer tools and services to new audiences," Microsoft said. A portion of the developer community has opposed the move, with some already leaving the platform for alternative services.

Update: In a conference call with reporters, Mr. Nadella said today the company is "all in with open source," and requested people to judge the company's commitment to the open source community with its actions in the recent past, today, and in the coming future. GitHub will remain open and independent, Mr. Nadella said.

Microsoft's Interest In Buying GitHub Draws Backlash From Developers 256

The supposed acquisition of popular code repository GitHub by Microsoft has drawn an unprecedented backlash from the developer community. Over the weekend, after Bloomberg reported that the two companies could make the announcement as soon as Monday, hundreds of developers took to forums and social media to express their disappointment, with many saying that they would be leaving the platform if the deal goes through.

So why so much outrage? In a conversation with Slashdot, software developer and student Sean said that he believes a deal of such capacity would be bad for the open source community. "They've shown time and time again that they can't be trusted," he said. Sean and many other believe that Microsoft would eventually start telemetry program on the code repository. "Aside from Microsoft not being trustworthy to the open source community, I'm sure they'll add tracking and possibly even ads to all the sites within GitHub. As well as possibly use it to push LinkedIn (which they own)," he said. Ryan Hoover, the founder of ProductHunt, wrote on Sunday, "Anecdotally, the developer community is very unapproving of this move. I'm curious how Microsoft manages this and how GitHub changes (or doesn't change)." Even as Microsoft has "embraced" the open source community in the recent years (under the leadership of Mr. Nadella), for many developers, it will take time -- if at all -- to forget the company's past closed-ecosystem approach. Just this weekend, a developer accused Microsoft of stealing his code.

A petition that seeks to "stop Microsoft from buying Github" had garnered support from more than 400 developers. Prominent developer Andre Staltz said, "If you're still optimistic about the Microsoft-GitHub acquisition, consider this: They didn't ask your opinion not even a single bit, even though it was primarily your commits, stars, and repositories which made GH become a valuable platform." More importantly, if the comments left on Slashdot, Reddit, and HackerNews, places that overwhelmingly count developers and other IT industry experts among their audience, are anything to go by, Microsoft better has a good plan on how it intends to operate GitHub after the buyout. Security reporter Catalin Cimpanu said, "LinkedIn has turned into a slow-loading junk after the Microsoft acquisition. I can only imagine what awaits GitHub." On his part, Mat Velloso, who is technical advisor to CTO at Microsoft, said, "I don't think people understand how many of us at Microsoft love GitHub to the bottom of our hearts. If anybody decided to mess with that community, there would be a riot to say the least."

Jacques Mattheij: Companies that are too big to fail and that lose money are a dangerous combination, people have warned about GitHub becoming as large as it did as problematic because it concentrates too much of the power to make or break the open source world in a single entity, moreso because there were valid questions about GitHubs financial viability. The model that GitHub has -- sell their services to closed source companies but provide the service for free for open source groups -- is only a good one if the closed source companies bring in enough funds to sustain the model. Some sort of solution should have been found -- preferably in collaboration with the community -- not an 'exit' to one of the biggest sharks in the tank. So, here is what is wrong with this deal and why anybody active in the open source community should be upset that Microsoft is going to be the steward of this large body of code. For starters, Microsoft has a very long history of abusing its position vis-a-vis open source and other companies. I'm sure you'll be able to tell I'm a cranky old guy by looking up the dates to some of these references, but 'new boss, same as the old boss' applies as far as I'm concerned. Yes, the new boss is a nicer guy but it's the same corporate entity. Update: It's official. Microsoft has acquired GitHub for a whopping sum of $7.5B.
GNU is Not Unix

Emacs 26.1 Released With New Features (lwn.net) 116

There's a new version of the 42-year-old libre text editor with over 2,000 built-in commands, reports LWN.net: Highlights include a built-in Lisp threading mechanism that provides some concurrency, double buffering when running under X, a redesigned flymake mode, 24-bit color support in text mode, and a systemd [user] unit file.
The Free Software Foundation has released a 10,653-word description of all the new features in Emacs 26.1. Here's a couple more:
  • The Emacs server now has socket-launching support. This allows socket based activation, where an external process like systemd can invoke the Emacs server process upon a socket connection event and hand the socket over to Emacs... This new functionality can be disabled with the configure option '--disable-libsystemd'.
  • The new function 'call-shell-region' executes a command in an inferior shell with the buffer region as input.
  • Intercepting hotkeys on Windows 7 and later now works better.
  • The new user variable 'electric-quote-chars' provides a list of curved quotes for 'electric-quote-mode', allowing user to choose the types of quotes to be used.

Open Source

Tesla Starts To Release Its Cars' Open-Source Linux Software Code (zdnet.com) 83

An anonymous reader writes: Tesla cars are powered not only by batteries but by open-source software. Until recently, though, Tesla hasn't lived up to its obligations under open-source licenses, but now Tesla is finally releasing some of its Linux source code for the Model S and X cars. The Tesla GitHub repository contains the code for the Model S/X 2018.12 software release. Specifically, it holds the system image on the Tesla Autopilot platform, the kernel sources for its underlying hardware, and the code for its Nvidia Tegra-based infotainment system.

Tesla will release additional open-source code for other systems in their cars soon. According to Tesla, "Work is underway on preparing sources in other areas as well, together with a more coordinated information page. We wanted to let you know about this material as it is available now while work continues on the other parts." The electric car thought-leader will also update its code as updated software releases are made.


Mystery Donor Pledges $1 Million To The GNOME Foundation (betanews.com) 150

Brian Fagioli, writing for BetaNews: This week, The GNOME Foundation made a shocking revelation: a mystery donor has pledged $1 million dollars. We don't know who is promising the money -- it could be a rich man or woman, but more likely -- and this is pure speculation -- it is probably a company that benefits from GNOME, such as Red Hat or Canonical.

"An anonymous donor has pledged to donate up to $1,000,000 over the next two years, some of which will be matching funds. The GNOME Foundation is grateful for this donation and plans on using these funds to increase staff to streamline operations and to grow its support of the GNOME Project and the surrounding ecosystem. While the GNOME Foundation has maintained its position as a proponent of the GNOME Project, growth has been limited. With these funds, the GNOME Foundation will be able to expand and lead in the free software space," says The GNOME Foundation.

Open Source

Computer History Museum Makes Eudora Email Client Source Code Available To the Public (medium.com) 57

Computer History Museum (CHM), an institution which explores the history of computing and its impact on the human experience, announced on Tuesday the public release and long-term preservation of the Eudora source code, one of the early successful email clients, as part of its Center for Software History's Historical Source Code. The release comes after a five-year negotiation with Qualcomm. From the press release: The first version of Eudora was created in the 1980s by Steve Dorner who was working at the University of Illinois at Urbana-Champaign. It took Dorner over a year to create the first version of Eudora, which had 50,000 lines of C code and ran only on the Apple Macintosh. In 1991, Qualcomm licensed Eudora from the University of Illinois and distributed it free of charge. Qualcomm later released Eudora as a consumer product in 1993, and it quickly gained popularity. Available both for the IBM PC and the Apple Macintosh, in its heyday Eudora had tens of millions of users. After 15 years, in 2006, Qualcomm decided that Eudora was no longer consistent with their other major project lines, and they stopped development. The discussion with Qualcomm for the release of the Eudora source code by the company's museum took five years. Len Shustek, the chairman of the board of trustees of the Computer History Museum, writes: Eventually many email clients were written for personal computers, but few became as successful as Eudora. Available both for the IBM PC and the Apple Macintosh, in its heyday Eudora had tens of millions of happy users. Eudora was elegant, fast, feature-rich, and could cope with mail repositories containing hundreds of thousands of messages. In my opinion it was the finest email client ever written, and it has yet to be surpassed. I still use it today, but, alas, the last version of Eudora was released in 2006. It may not be long for this world. With thanks to Qualcomm, we are pleased to release the Eudora source code for its historical interest, and with the faint hope that it might be resuscitated. I will muse more about that later.
Open Source

The Percentage of Open Source Code in Proprietary Apps is Rising (helpnetsecurity.com) 60

Zeljka Zorz, writing for Help Net Security: The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging vulnerabilities in them, a recent report has shown. Compiled after examining the findings from the anonymized data of over 1,100 commercial codebases audited in 2017 by the Black Duck On-Demand audit services group, the report revealed two interesting findings:

96 percent of the scanned applications contain open source components, with an average 257 components per application. The average percentage of open source in the codebases of the applications scanned grew from 36% last year to 57%, suggesting that a large number of applications now contain much more open source than proprietary code.

Open Source

Tesla Releases Some of Its Software To Comply With Open-Source Licenses (sfconservancy.org) 24

Jeremy Allison - Sam shares a blog post from Software Freedom Conservancy, congratulating Tesla on their first public step toward GPL compliance: Conservancy rarely talks publicly about specifics in its ongoing GNU General Public License (GPL) enforcement and compliance activity, in accordance with our Principles of Community Oriented GPL Enforcement. We usually keep our compliance matters confidential -- not for our own sake -- but for the sake of violators who request discretion to fix their mistakes without fear of public reprisal. We're thus glad that, this week, Tesla has acted publicly regarding its current GPL violations and has announced that they've taken their first steps toward compliance. While Tesla acknowledges that they still have more work to do, their recent actions show progress toward compliance and a commitment to getting all the way there.

Researchers Say a Breathalyzer Has Flaws, Casting Doubt On Countless Convictions (zdnet.com) 170

An anonymous reader writes: The source code behind a police breathalyzer widely used in multiple states -- and millions of drunk driving arrests -- is under fire. It's the latest case of technology and the real world colliding -- one that revolves around source code, calibration of equipment, two researchers and legal maneuvering, state law enforcement agencies, and Draeger, the breathalyzer's manufacturer. This most recent skirmish began a decade ago when Washington state police sought to replace its aging fleet of breathalyzers. When the Washington police opened solicitations, the only bidder, Draeger, a German medical technology maker, won the contract to sell its flagship device, the Alcotest 9510, across the state. But defense attorneys have long believed the breathalyzer is faulty. Jason Lantz, a Washington-based defense lawyer, enlisted a software engineer and a security researcher to examine its source code. The two experts wrote in a preliminary report that they found flaws capable of producing incorrect breath test results. The defense hailed the results as a breakthrough, believing the findings could cast doubt on countless drunk-driving prosecutions.

Ask Slashdot: Do Citizen Science Platforms Exist? (arstechnica.com) 105

Loren Chorley writes: After reading about a new surge in the trend for citizen science (also known as community science, civic science or networked science), I was intrigued by the idea and wondered if there are websites that do this in a crowd sourced and open sourced manner. I know sites like YouTube allow people to show off their scientific experiments, but they don't facilitate uploading all their data or linking studies together to draw more advanced conclusions, or making methodologies like you'd see in academia straight forward and available through a simple interface. What about rating of experiments for peer review, revisions and refinement, requirement lists, step-by-step instructions for repeatability, ease of access, and simple language for people who don't find academia accessible? Does something like this exist already? Do you, Slashdot, think this is something useful, or that people are interested in? Or would the potential for fraud and misinformation be too great?

Aventus Blockchain-Based Ticketing System Aims To Wipe Out Ticket Touts (theguardian.com) 94

umafuckit writes: The Guardian reports on Aventus, an open-source protocol designed to eliminate fraud and touting for large events. The Aventus Protocol "would allow event organizers to give each ticket a unique identity that is tied to its owner. Since each ticket is a linked list of records, where each new one contains an encrypted version of the previous one, they cannot be faked. The software also allows event promoters to keep an easy record of who owns the ticket, which means they can control the prices. The protocol was launched at Imperial College London last week and will be trialed at this year's world cup, where it will handle 10,000 ticket sales.
GNU is Not Unix

GCC 8.1 Compiler Introduces Initial C++20 Support (gnu.org) 90

"Are you tired of your existing compilers? Want fresh new language features and better optimizations?" asks an announcement on the GCC mailing list touting "a major release containing substantial new functionality not available in GCC 7.x or previous GCC releases."

An anonymous reader writes: GNU has released the GCC 8.1 compiler with initial support for the C++20 (C++2A) revision of C++ currently under development. This annual update to the GNU Compiler Collection also comes with many other new features/improvements including but not limited to new ARM CPU support, support for next-generation Intel CPUs, AMD HSA IL, and initial work on Fortran 2018 support.

Google Releases Open Source Framework For Building 'Enclaved' Apps For Cloud (arstechnica.com) 21

An anonymous reader quotes a report from Ars Technica: Today, Google is releasing an open source framework for the development of "confidential computing" cloud applications -- a software development kit that will allow developers to build secure applications that run across multiple cloud architectures even in shared (and not necessarily trusted) environments. The framework, called Asylo, is currently experimental but could eventually make it possible for developers to address some of the most basic concerns about running applications in any multi-tenant environment. Container systems like Docker and Kubernetes are designed largely to allow untrusted applications to run without exposing the underlying operating system to badness. Asylo (Greek for "safe place") aims to solve the opposite problem -- allowing absolutely trusted applications to run "Trusted Execution Environments" (TEEs), which are specialized execution environments that act as enclaves and protect applications from attacks on the underlying platform they run on.
Open Source

Facebook's Open-Source Go Bot Can Now Beat Professional Players (techcrunch.com) 44

Google's DeepMind isn't the only team working to defeat professional Go players with artificial intelligence. At Facebook's F8 developer conference today, the company announced a Go bot of its own that has now achieved professional status after winning all 14 games it played against a group of top 30 human Go players. TechCrunch reports: "We salute our friends at DeepMind for doing awesome work," Facebook CTO Mike Schroepfer said in today's keynote. "But we wondered: Are there some unanswered questions? What else can you apply these tools to." As Facebook notes in a blog post today, the DeepMind model itself also remains under wraps. In contrast, Facebook has open-sourced its bot. "To make this work both reproducible and available to AI researchers around the world, we created an open source Go bot, called ELF OpenGo, that performs well enough to answer some of the key questions unanswered by AlphaGo," the team writes today. Facebook's AI Research group is also developing a StarCraft bot that it too plans to open source.
Open Source

Apple Open Sources FoundationDB (macrumors.com) 50

Apple's FoundationDB company announced on Thursday that the FoundationDB core has been open sourced with the goal of building an open community with all major development done in the open. The database company was purchased by Apple back in 2015. As described in the announcement, FoundationDB is a distributed datastore that's been designed from the ground up to be deployed on clusters of commodity hardware. Mac Rumors reports: By open sourcing the project to drive development, FoundationDB is aiming to become "the foundation of the next generation of distributed databases: "The vision of FoundationDB is to start with a simple, powerful core and extend it through the addition of "layers". The key-value store, which is open sourced today, is the core, focused on incorporating only features that aren't possible to write in layers. Layers extend that core by adding features to model specific types of data and handle their access patterns. The fundamental architecture of FoundationDB, including its use of layers, promotes the best practices of scalable and manageable systems. By running multiple layers on a single cluster (for example a document store layer and a graph layer), you can match your specific applications to the best data model. Running less infrastructure reduces your organization's operational and technical overhead." The source for FoundationDB is available on Github, and those who wish to join the project are encouraged to visit the FoundationDB community forums, submit bugs, and make contributions to the core software and documentation.
Operating Systems

ReactOS 0.4.8 Released (osnews.com) 60

jeditobe shares a report from OSNews: With software specifically leaving NT5 behind, ReactOS is expanding its target to support NT6+ (Vista, Windows 8, Windows 10) software. Colin, Giannis and Mark are creating the needed logic in NTDLL and LDR for this purpose. Giannis has finished the side-by-side support and the implicit activation context, Colin has changed Kernel32 to accept software made for NT6+, and Mark keeps working on the shim compatibility layer. Although in a really greenish and experimental state, the new additions in 0.4.8 should start helping several software pieces created for Vista and upwards to start working in ReactOS. Microsoft coined the term backwards compatibility, ReactOS the forward compatibility one. Slashdot reader jeditobe adds: "A new tool similar to DrWatson32 has been created by Mark and added to 0.4.8, so now any application crashing will create a log file on the desktop. This crash dump details the list of modules and threads loaded, stack traces, hexdumps, and register state."

The announcement, general notes, tests, and changelog for the release can be found at their respective links. A less technical community changelog for ReactOS 0.4.8 is also available.

Slashdot Top Deals