Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Open Source

Linux Kernel 4.7 Officially Released (iu.edu) 56

An anonymous Slashdot reader writes: The Linux 4.7 kernel made its official debut today with Linus Torvalds announcing, "after a slight delay due to my travels, I'm back, and 4.7 is out. Despite it being two weeks since rc7, the final patch wasn't all that big, and much of it is trivial one- and few-liners." Linux 4.7 ships with open-source AMD Polaris (RX 480) support, Intel Kabylake graphics improvements, new ARM platform/board support, Xbox One Elite Controller support, and a variety of other new features.
Slashdot reader prisoninmate quotes a report from Softpedia: The biggest new features of Linux kernel 4.7 are support for the recently announced Radeon RX 480 GPUs (Graphic Processing Units) from AMD, which, of course, has been implemented directly into the AMDGPU video driver, a brand-new security module, called LoadPin, that makes sure the modules loaded by the kernel all originate from the same file system, and support for generating virtual USB Device Controllers in USB/IP. Furthermore, Linux kernel 4.7 is the first one to ensure the production-ready status of the sync_file fencing mechanism used in the Android mobile operating system, allow Berkeley Packet Filter (BPF) programs to attach to tracepoints, as well as to introduce the long-anticipated "schedutil" frequency governor to the cpufreq dynamic frequency scaling subsystem, which promises to be faster and more accurate than existing ones.
Linus's announcement includes the shortlog, calling this release "fairly calm," though "There's a couple of network drivers that got a bit more loving."
EU

EU To Give Free Security Audits To Apache HTTP Server and Keepass (softpedia.com) 65

An anonymous reader writes: The European Commission announced on Wednesday that its IT engineers would provide a free security audit for the Apache HTTP Server and KeePass projects. The two projects were selected following a public survey that included several open-source projects deemed important for both the EU agencies and the wide public.

The actual security audit will be carried out by employees of the IT departments at the European Commission and the European Parliament. This is only a test pilot program that's funded until the end of the year, but the EU said it would be looking for funding to continue it past its expiration date in December 2016.

Operating Systems

How (And Why) FreeDOS Keeps DOS Alive (computerworld.com.au) 211

FreeDOS was originally created in response to Microsoft's announcement that after Windows 95, DOS would no longer be developed as a standalone operating system, according to a new interview about how (and why) Jim Hall keeps FreeDOS alive. For its newest version, Hall originally imagined "what 'DOS' would be like in 2015 or 2016 if Microsoft hadn't stopped working on MS-DOS in favor of Windows" -- before he decided there's just no such thing as "modern DOS". An anonymous Slashdot reader writes: No major changes are planned in the next version. "The next version of FreeDOS won't be multitasking, it won't be 32-bit, it won't run on ARM," Hall said. "FreeDOS is still intended for Intel and Intel-compatible computers. You should still be able to run FreeDOS on your old 486 or old Pentium PC to play classic DOS games, run legacy business programs, and support embedded development."
By day, Hall is the CIO for a county in Minnesota, and he's also a member of the board of directors for GNOME (and contributes to other open source projects) -- but he still remembers using DOS's built-in BASIC system to write simple computer programs. "Many of us older computer nerds probably used DOS very early, on our first home computer..." he tells ComputerWorld. Even without John Romero's new Doom level, "The popularity of DOS games and DOS shareware applications probably contributes in a big way to FreeDOS's continued success." I'd be curious how many Slashdot readers have some fond memories about downloading DOS shareware applications.
Open Source

AT&T Open Sources Its SDN Framework To The Linux Foundation (fiercetelecom.com) 42

An anonymous reader writes "It's no secret that AT&T has been planning to move to a software-defined network for quite a while. Now, they've decided to open-source the whole thing." From Fierce Telecom: AT&T today announced it will release its Enhanced Control, Orchestration, Management and Policy (ECOMP) platform to the wider telecom industry as an open source offering managed by the Linux Foundation. The goal, the company said, is to make ECOMP the telecom industry's standard automation platform for managing virtual network functions and other software-centric network capabilities.
AT&T delivered 8.5 million lines of code to the Linux Foundation on Wednesday, saying "We want to build a community -- where people contribute to the code base and advance the platform..." AT&T said Wednesday they've already received interest from other major telecoms, and "we want this to help align the global industry." While their ultimate goal is to virtualize 75% of their own network by 2020, at least one analyst sees a larger trend where the whole telecom industry collectively bypasses equipment vendors and begins "taking network innovation into its own hands."
Open Source

Dropbox Open Sources New Lossless Middle-Out Image Compression Algorithm (dropbox.com) 135

Dropbox announced on Thursday that it is releasing its image compression algorithm dubbed Lepton under an Apache open-source license on GitHub. Lepton, the company writes, can both compress and decompress files, and for the latter, it can work while streaming. Lepton offers a 22% savings reductions for existing JPEG images, and preserves the original file bit-for-bit perfectly. It compresses JPEG files at a rate of 5MB/s and decodes them back to the original bit at 15MB/s. The company says it has used Lepton to encode 16 billion images saved to Dropbox, and continues to utilize the technology to recode its older images. You can find more technical details here.
Databases

Researchers Find Over 6,000 Compromised Redis Installations (riskbasedsecurity.com) 30

An anonymous Slashdot reader writes: Security researchers have discovered over 6,000 compromised installations of Redis, the open source in-memory data structure server, among the tens of thousands of Redis servers indexed by Shodan. "By default, Redis has no authentication or security mechanism enabled, and any security mechanisms must be implemented by the end user."

The researchers also found 106 different Redis versions compromised, suggesting "there are a lot of Redis installations that are not upgrading to the most recent versions to fix any known security issues." 5,892 infections were linked to the same email address, with two more email addresses that were both linked to more than 200. "The key take away from this research for us has been that insecure default installations continue to be a significant issue, even in 2016."

Redis "is designed to be accessed by trusted clients inside trusted environments," according to its documentation. "This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket... Redis is not optimized for maximum security but for maximum performance and simplicity."
Debian

Debian Founder's 2015 Death Ruled A Suicide (theregister.co.uk) 160

gosand writes: According to a story on The Register, the death of Ian Murdock in late 2015 has been ruled a suicide. This news brings some closure to the sad ending of his life. An interesting note from the article that I never knew before: "he was the Ian in Debian; his girlfriend at the time, Debra Lynn, was the Deb." Debian has truly been a cornerstone in the Linux world, and the founder will be missed. The medical report was obtained on Wednesday by CNN journalists.
Open Source

Bulgaria Got a Law Requiring Open Source (medium.com) 62

All software written for the government in Bulgaria are now required to be open-source. The amendments to put such laws in motion were voted in domestic parliament and are now in effect, announced software engineer Bozhidar Bozhanov, who is also an adviser to the Deputy Prime Minister at Council of Ministers of the Republic of Bulgaria. All such software will also be required by law to be developed in a public repository. Bozhanov writes in a blog post:That does not mean that the whole country is moving to Linux and LibreOffice, neither does it mean the government demands Microsoft and Oracle to give the source to their products. Existing solutions are purchased on licensing terms and they remain unaffected (although we strongly encourage the use of open source solutions for that as well). It means that whatever custom software the government procures will be visible and accessible to everyone. After all, it's paid by tax-payers money and they should both be able to see it and benefit from it. As for security -- in the past "security through obscurity" was the main approach, and it didn't quite work -- numerous vulnerabilities were found in government websites that went unpatched for years, simply because a contract had expired. With opening the source we hope to reduce those incidents, and to detect bad information security practices in the development process, rather than when it's too late.
Open Source

Linux Mint 18 'Sarah' Released, Supports Generic GTK X-Apps (linuxmint.com) 98

Slashdot reader Type44Q writes: The Linux Mint team announced the immediate availability of their latest release, Mint 18 "Sarah," in Cinnamon and MATE flavors. These follow on the heels of their respective beta versions, which have been out for nearly a month.
"Linux Mint 18 is a long-term support release which will be supported until 2021," the team announces on MATE's "new features" page, adding they've improved their update manager, included support for the Debian syntax of "apt", and are working on the "X-Apps" project to "produce generic applications for traditional GTK desktop environments...to replace applications which no longer integrate properly outside of a particular environment."
Red Hat Software

Red Hat Exec Marries A Couple At Red Hat Summit (cio.com) 62

On the second day of the Red Hat Summit this week, attendees found themselves invited to a wedding during one of the general sessions. The groom was Matt Hargrave, a Red Hat client from Texas, and, it probably goes without saying, a huge fan of the company. The bride was Shannon Montague, a sign language interpreter, and "maybe the most understanding bride ever," jokes Slashdot reader itwbennett: "Pushing a commit to github isn't the same as committing to a life partner. There is no forking this project," Red Hat EVP Paul Cormier told a Texas couple, as he united them in holy matrimony... Red Hat CEO Jim Whitehurst was ring bearer. You can watch the ceremony on YouTube.
"After today your relationship will have newly architected infrastructure. And, of course, collaboration is...critical." I'm wondering if Slashdot readers can suggest more geeky marriage vows -- or have any other geeky wedding stories to share.
KDE

KDE Bug Fixed After 13 Years (kate-editor.org) 118

About 50 KDE developers met this week in the Swiss Alps for the annual Randa Meetings, "seven days of intense in-person work, pushing KDE technologies forward and discussing how to address the next-generation demands for software systems." Christoph Cullmann, who maintains the Kate editor, blogs that during this year's sprint, they finally fixed a 13-year-old bug. He'd filed the bug report himself -- back in 2003 -- and writes that over the next 13 years, no one ever found the time to fix it. (Even though the bug received 333 "importance" votes...) After finally being marked Resolved, the bug's tracking page at KDE.org began receiving additional comments marveling at how much time had passed. Just think, when this bug was first reported:
-- The current Linux Kernel was 2.6.31...
-- Windows XP was the most current desktop verison. Vista was still 3 years away.
-- Top 2 Linux verions? Mandrake and Redhat (Fedora wouldn't be released for another 2 months, Ubuntu's first was more than a year away.)

Open Source

Pinterest Acquires Team Behind Fleksy; To Open Source Some Technology Designed For Blind (fleksy.com) 5

Pinterest has acquired the team behind the smart keyboard app Fleksy, it announced on Wednesday. The app will remain operational for the foreseeable future, the company adds, but the app update frequency will become minimal. What's interesting about the acquisition is that Pinterest says that it will be open-sourcing some of its components specialized for the blind and visually impaired. Fleksy made headlines four years ago when it launched its keyboard app for blind users in the iOS App Store, long before Apple supported third-party keyboards.
Perl

Interviews: Ask Perl Creator Larry Wall a Question 281

Larry Wall created the Perl programming language (as well as the Unix utility patch, and the Usenet client rn ). This Christmas saw the release of Perl 6 -- a "sister" language to the original Perl -- that's also free and open source, after 15 years of development. Now Larry has agreed to give some of his time to answer your questions (joking that "I doubt my remarks will be quite as controversial as, say, Donald Trump's, but I suspect I could say an interesting thing or two...")

Larry also gave Slashdot's very first interview back in 2002 -- so it's high time we had him back for more heartfelt and entertaining insights. Ask as many questions as you'd like, but please, one per comment. (And feel free to also leave your suggestions for who Slashdot should interview next.) We'll pick the very best questions -- and forward them on to Larry Wall himself.
Open Source

Ask Slashdot: What's The Best CMS? 222

Slashdot reader pipingguy recently inherited a 2012 installation of Joomla 1.5.26, and while performing four years worth of updates, began wondering about other content management systems. I've built more than a few static websites (I use Sublime Text 3 or Atom, not some fancy-pants WYSIWYG doohickey) and am quite familiar with CSS, but databases not so much. I've been through lots of online documentation and am a bit bewildered, but I'm following the recommendations regarding backups and the like.

What are Slashdot readers' latest opinions on the three most popular CMSes -- Drupal, Joomla and WordPress? Any tips for me before I accidentally blow away the existing site and have to rebuild everything...?

Leave your educated opinions in the comments...
Mozilla

Mozilla Will Fund Code Audits For Open Source Software (helpnetsecurity.com) 39

Reader Orome1 writes: The Mozilla Foundation has set up the Secure Open Source (SOS) Fund, whose aim is to help open source software projects get rid their code of vulnerabilities. Projects that want Mozilla's help must be open source/free software and must be actively maintained, but they have a much better probability to being chosen if their software is commonly used and is vital to the continued functioning of the Internet or the Web. Three open source projects -- PCRE, libjpeg-turbo, and phpMyAdmin -- have already gone through the process, and the result was removal of 43 vulnerabilities (including one critical).
Education

Microsoft Makes Minecraft Education Edition Available To Schools (techweekeurope.co.uk) 32

Mickeycaskill quotes a report from TechWeekEurope UK: Microsoft has bolstered its push into the education sector with the release of Minecraft: Education Edition for teachers around the world. The beta is an "early access" release, meaning it is free for testing purposes for schools. It comes after Microsoft last year launched a Minecraft site for educators to seek ideas on how the video game could be used as part of lessons. With the early access version of Minecraft: Education Edition now available, teachers have the chance to install and try an early version of the experience for free throughout the summer with classes of up to 30 students (without the need for a separate server). The complete version of Minecraft: Education Edition will be available in September. It will cost between $1 and $5 per user, per year depending on school size and volume licensing offers. Minecraft shows no sign of slowing down. It recently passed 100 million sales across all platforms and Microsoft, which acquired Mojang roughly two years ago, even has plans to bring Minecraft to China.
Open Source

CoreOS Launches Torus, a New Open Source Distributed Storage System (infoworld.com) 26

CoreOS on Wednesday launched Torus, an open source project that provides storage primitives designed for cloud-native apps and can be deployed like a containerized app via Kubernetes. With Torus, startups and enterprises get access to the same kind of technologies that web-scale companies such as Google already use internally. NetworkWorld reports: Torus is deployed by Kubernetes, side by side with the apps to which it provides storage, and it uses Kubernetes's Flexvolume plugin to allow dynamic mounting of volumes for nodes in the cluster. This allows, for example, PostgreSQL to run atop Torus storage volumes. Torus also demonstrates how CoreOS is working on what happens around containers, not only what happens inside them. A key part of Torus is etcd, a distributed key/value store used by CoreOS to automatically keep configuration data consistent across all machines in a cluster. In Torus, etcd is used to store and replicate metadata for all the files and objects stored in the pool.
Open Source

Raspberry Pi Zero Gains Camera Support, Keeps $5 Price (engadget.com) 84

An anonymous reader writes: The Raspberry Pi Zero has received its first major hardware upgrade today: a camera connector. The new addition of a camera connector works well with the two new Sony imaging modules announced last month. The board will retain its $5 price, too. Eben Upton, Raspberry Pi founder, said in a blog post that "through dumb luck, the same fine-pitch FPC connector that we use on the Compute Module Development Kit just fits onto the right hand side of the board." The team was able to close the feature gap between the Zero and larger Pi boards by moving the surface components towards the left, and rotating the activity LEDs. The CSI connector on the Zero is 3.5mm smaller than the adapter on the Pi 3, so you will need to invest in a new cable if you've already invested in a camera module for an existing project.
Google

Google Open-Sources SyntaxNet Natural-Language Understanding Library, Parsey McParseface Training Model 56

Google announced on Thursday that it is open sourcing its new language parsing model called SyntaxNet. It's a piece of natural-language understanding software, Google says, that you can use automatically parse sentences, as part of its TensorFlow open source machine learning library. The company also announced that it is releasing something called Parsey McParseface (Google has a sense of humor), which is a pre-trained model for parsing English-language text. Nate Swanner of The Next Web, attempts to explain it: Combining machine learning and search techniques, Parsey McParseface is 94 percent accurate, according to Google. It also leans on SyntaxNet's neural-network framework for analyzing the linguistic structure of a sentence or statement, which parses the functional role of each word in a sentence. If you're confused, here's the short version: Parsey and SyntaxNet are basically like five year old humans who are learning the nuances of language. In Google's simple example above, 'saw' is the root word (verb) for the sentence, while 'Alice' and 'Bob' are subjects (nouns). Parsey's scope can get a bit broader, too.
Education

Facebook Open-Sources Capture the Flag Competition Platform As It Encourages Students (betanews.com) 13

An anonymous reader writes: Facebook announced today that it is making its gamified security training platform called Capture the Flag (CTF) open source in an effort to encourage students and developers to learn about online security and bugs. The platform, which is popular at hacker conventions such as Def Con, pits different teams of hackers against one another. The social juggernaut itself has run CTF competitions at events across the world."By open sourcing our platform, schools, student groups, and organizations across all skill levels can now host competitions, practice sessions, and conferences of their own to teach computer science and security skills," wrote Gulshan Singh, a software engineer on Facebook's threat infrastructure team. "We're also releasing a small repository of challenges that can be used immediately upon request (to prevent cheating)."

Slashdot Top Deals