Once you have a sense of the vast potential of Linux, you may be eager to experience it for yourself. Considering the complexity of modern operating systems, though, it can be hard to know where to start.
As with many things, computers can be better understood through a breakdown of their evolution and operation. The terminal is not only where computers began, but also where their real power still resides. I'll provide here a brief introduction to the terminal, how it works, and how you can explore further on your own.
Linux has become a viable, free alternative to Windows and MacOS – and you don't need to be an expert. We select the best distributions for desktops and servers.
While it may not be as popular as Windows or MacOS, Linux is often the operating system of choice for those in the know. A combination of power and versatility has made Linux a firm favourite among developers and tech geeks over the years.
A new Linux laptop has been unveiled this week by System 76 in the form of the new ultraportable Galago Pro, which is equipped with a 13ââ¬Â³ HiDPI display and sports a thin lightweight aluminium construction with a backlit keyboard.
Unfortunately only a few specifications have been announced by System 76 at the current time, but what we do know is the Linux laptop will be powered by an Intel Kaby Lake processor.
The latest addition is the System76 Galago Pro, an Ubuntu-based notebook featuring some of the latest components and solid build quality. It’s also going to be relatively affordable when it arrives in April, with an expected retail price of $899, according to OMG Ubuntu.
I recently acquired a Chromebook and I couldn’t be happier. The device itself is incredibly lightweight and portable yet robust with superb performance (Acer Chromebook 14 for Work in case you were wondering). It makes me want to work, which explains the huge boost to my overall productivity.
Many people have discovered that a Chromebook can be a terrific replacement for a regular desktop or laptop computer. But what apps can you get to replace your favorite desktop apps? A writer at Make Use Of has a helpful list of 8 useful apps for the Chromebook.
I know: Ubuntu has its problems, too. Nothing's perfect. And for some people, WIndows is just a better fit than Linux.
Still, I admit that I've been happy, in a kind of way, by my frustrations working with Windows. Ever since I switched to Linux, I have always been afraid that Windows will get much better, without my knowledge. Using a recent version of Windows and finding it quite annoying is pleasant affirmation that Linux is still the better option for me.
Data centers must continue to evolve to handle the increasing network load generated by our frequent use of applications and services like voice activated network applications (OK Google, Alexa), video, mobile phones, IoT devices, and more, according to SDxCentral’s 2017 Next Gen Data Center Networking Report.
Intel's Mesa driver is exposing additional performance counters now for helping game/application debuggers better profile the performance of their software on Intel HD/Iris Graphics hardware.
There is now support for OA (Observation Architecture) performance counters via the i965 Mesa DRI driver. The OA performance counters are for Haswell and newer.
The GeForce GTX 1080 Ti is NVIDIA's new high-end gamer graphics card as a step-up from the previous GTX 1080 flagship. The GTX 1080 Ti is getting ready for release by retailers and, thankfully, NVIDIA did mail out a GeForce GTX 1080 Ti for Linux testing at Phoronix.
In the early hours of today AMD posted a set of 23 AMDGPU patches as "prep patches for new ASICs", which given the timing, is presumably prepping for the Radeon RX VEGA.
But before getting too excited, there isn't any new GPU support code as part of these 23 patches that touch several hundred lines of code. These patches are just prepping the driver infrastructure for being able to handle AMD's new GPUs but without actually adding in any new support at this time.
Peter Hutterer has released minor updates to libinput as well as the X.Org xf86-input-libinput components.
Here is the current tentative 17.1.0 release schedule.
Apr 14 2017 - Feature freeze/Release candidate 1 Apr 21 2017 - Release candidate 2 Apr 28 2017 - Release candidate 3 May 05 2017 - Release candidate 4/final release
Collabora's Emil Velikov is continuing as the Mesa release manager and has laid out plans for getting the Mesa 3D 17.1 release to happen in early May.
The latest and greatest Mesa release 17.1 is due for release on May 5th, so not long for everything to get polished up.
With Mesa recently landing their RadeonSI GLSL on-disk shader cache and enabling it by default plus other recent optimizations, plus in kernel-space there now being Linux 4.11-rc1 and that showing potential improvements, here are some fresh benchmarks of AMD Radeon vs. NVIDIA on Ubuntu Linux.
The GeForce GTX 1080 Ti is NVIDIA's newest, most powerful graphics card for gamers not only on Windows but also under Linux. I only received the GeForce GTX 1080 Ti this morning so here are my initial Linux performance figures for this new high-end Pascal graphics card compared to other NVIDIA and AMD Radeon graphics cards. Linux VR tests, CUDA/OpenCL compute benchmarks, and additional GeForce GTX 1080 Ti results will be published in the days ahead when having more time to spend with this graphics card.
If you manage your to-to list with a plaintext Todo.txt file this indicator applet may help you keep on top of your tasks.
Sure, there are plenty of web-based clients, sticky note widgets, and feature-packed desktop task managers offering to help us cut through the crud and get stuff done.
Oracle released a few moments ago new point releases of the VirtualBox 5.1 and 5.0 stable branches of the popular and open-source virtualization software for GNU/Linux, macOS, and Microsoft Windows operating systems.
VirtualBox 5.1.16 is now the most advanced version of the application, and it comes approximately seven weeks after the VirtualBox 5.1.14 maintenance update. The most important change implemented for Linux users is initial support for the upcoming Linux 4.11 kernel, whose development just started a few days with the first Release Candidate.
MOC (Music On Console) is a Music player app for Linux/Unix Command Line Interface designed to be simple and robust enough to run smoothly without significantly affecting other I/O operations.
Simple Weather Indicator is the simplest weather indicator app you can use on Unity and Gnome desktops (among others).
It is an Open Source indicator app written in Python and it implements Eris, a free Open Source Weather API to fetch the current weather condition of designated regions.
Samba 4.6 has been released with many new features and changes. New features include Kerberos client encryption types, a new option for owner inheritance, multi-process Netlogon support, new options for controlling TCP ports used for RPC services, and more.
Samba 4.6.0 is now available as the project's latest stable release for SMB/CIFS support on Linux systems.
It was a quiet month because most of the team is toiling away on cool stuff that’s not yet shipping. But we do have a few goodies hitting Atom 1.15.
A few moments go, GitHub's Andrea Liliana Griffiths was proud to announce the release and immediate availability of the Atom 1.15 open-source hackable text editor for all supported platforms, including GNU/Linux, macOS, and Microsoft Windows.
Atom 1.15 is the monthly release of the hackable editor developed by GitHub, which means that it's packed with various improvements and bug fixes. Since last month's Atom 1.14 release, when Atom 1.15 entered Beta stages of development, the devs managed to improve the behavior when duplicating lines with multiple selections.
I've just released virt-manager 1.4.1.
A new version of popular messaging app Viber is available for Linux.
Viber Desktop versions 6.5.5 introduces a handful of new features to the messaging service, all of them certain to be familiar to users of the service’s mobile apps.
For those that don't quite understand: Wine is a way to run Windows games and applications on Linux. Wine-Staging is the development area for features to make their way into future versions of stable Wine.
The Wine Staging release 2.3 is now available.
The developers behind the Wine-Staging tree that carries various experimental patches atop the latest upstream Wine repository for running Windows programs on Linux/macOS have announced their newest bi-weekly build.
Coming hot on the heels of last week's Wine 2.3 development release, Wine Staging 2.3 is now available for those who fancy installing Windows applications and games on their GNU/Linux distributions.
As you might know, Wine Staging is a special fork of Wine that promises to offer gamers a unique feature called CSMT (Command-Stream Multi-Threading), which dramatically improves their gaming experience. So if you are serious about gaming on Linux and you want to play some Windows games, you need to install Wine Staging.
Performance was fantastic, but I did encounter one bug with the chime puzzle. I really couldn't figure it out by ear, so I left it, but the chimes kept playing as I walked with each push of WASD which was a little annoying.
This is one of the several new games Aspyr Media stated they will be bringing to Linux when I interviewed them recently.
It will be available sometime this summer and it looks like it will support AMD and NVIDIA.
Day of Infamy [Steam] is a pretty darn good FPS and they finally have their SteamOS icon on Steam to show off their Linux support. Oh, they also announced their released date and put out a whopper of a patch today.
The beta channels for the Steam client and SteamVR now support Linux. As a development build, the selection of Linux-supported SteamVR games is very limited, but Valve says the build aims to let developers begin making VR content that supports the open source operating system.
Valve recently provided some positive news for VR on Linux, which has been fairly limited since Oculus ‘paused’ its Linux development in 2015. Announced late last year, Valve has launched of a SteamVR developer build for Linux. According to the GitHub page, “This is a development release. It is intended to allow developers to start creating SteamVR content for Linux platforms. Limited hardware support is provided, and pre-release drivers are required”.
I've played it on and off for a while and I think it's really rather good. You build the board as you go on each turn, draw cards and battle. You unlock new cards as you go, but you can also buy the "Steam Pack" which includes 50 cards and more.
Late last year, an upgrade to Fedora 25 brought issues with the new version of KDE Plasma that were so bad it was difficult to get any work done. I decided to try other Linux desktop environments for two reasons. First, I needed to get my work done. Second, having used KDE exclusively for many years, I thought it was time to try some different desktops.
The first alternate desktop I tried for several weeks was Cinnamon, which I wrote about in January. This time I have been using LXDE (Lightweight X11 Desktop Environment) for about six weeks, and I have found many things about it that I like. Here is my list of eight reasons to use LXDE.
The last release of the 16.12 branch brings a few, but important improvements, like fixing a couple of crashes and avoiding a possible corruption as well as a overnight render bug along with other minor stability improvements. All in all 16.12 was a great release and the best is still to come.
We continue our focused effort in the timeline refactoring which will bring professional grade tools, stay tuned for more info on that soon!
KDE developer Martin Gräßlin published an interesting article on his personal blog to inform the Linux and KDE community about some of the exciting new features coming to the KDE Plasma 5.10 desktop environment later this spring.
The development of KDE Plasma 5.10 is ongoing, and it looks like a Beta release is scheduled for the beginning of the second week of May, on the 11th, when early adopters will be able to get a taste of its upcoming features, including the Folder View mode, which we detailed a couple of weeks ago right here on Softpedia Linux.
KDE released today, March 9, 2017, the third and last scheduled maintenance update for the KDE Applications 16.12 software suite designed for users of the KDE Plasma 5 desktop environment on various GNU/Linux distributions.
If you’d like to be able to control music playback from the Plasma lock screen, you’re in luck.
The feature is one of several productivity improvements that make up Plasma 5.10, which is due for release towards the end of May.
Today I tried out GNOME Twitch [Github, Official Site], a native desktop application for watching Twitch streams and it's really quite amazing.
After quite a bit of work, we finally have the sponsorship brochure produced for GUADEC and GNOME.Asia. Huge thanks to everyone who helped, I’m really pleased with the result. Again, if you or your company are interested in sponsoring us, please drop a mail to sponsors@guadec.org!
I’ve been slowly getting started on documentation for Builder in-between the 3.24 stabilization process and conference time. But there is a lot to do and we could use your help. Here is me publicly requesting that you help us get some documentation in place for 3.24.
In Builder, we landed a new feature for 3.24 that allows you to create a new terminal inside the application runtime. If you’re building against your host system, then this is nothing special. If you’re building against jhbuild you’ll get a shell inside of that (but again, nothing really special).
This is my last blog of Outreachy. During this period, I have finished the Chinese translation of GNOME 3.22, and completed most entries of GNOME 3.24, because it always emerges some new entries, so I talked with Mentor Tong and decided to accomplish 3.24 after the frozen-date and before the release-date. On the other hand, I improved the guideline of the Chinese Team – updated it on the basis of the last English vision and reference something from Free Software Localization Guide for Chinese (China).
Are you worried about your privacy and/or security on the Internet? Well, you should be if you’re not. In this age, there are many reasons that should make you think twice about your privacy and security online. Security includes keeping safe from prying eyes looking to sniff data or identity for fraudulent activities. For the average user, keeping an updated version of your favorite Linux distro should be good enough. That is Ubuntu, Fedora, SUSE and all your usual distros should be quite ok so long as you’re keeping them updated. You can also employ tools such as Tor and OpenPGP to raise your level of security. Trust me, your everyday distro does a whole lot better at security than Windows and MacOS do offer especially when it comes to most malware, viruses and spyware.
We are excited to introduce a refreshed version of our homegrown Heritage theme which will ship with the upcoming ISO release! In this update we have included subtle changes that we hope will improve the overall desktop experience for Chakra users.
As always, current Chakra users simply need to update their existing installations to receive the latest changes, there is no need to reinstall with the new ISO which will be released very soon. Just wait until your mirror has synchronized so you can upgrade to chakra-heritage-themes 2016.12.
Neofytos Kolokotronis from the Chakra GNU/Linux development team is announcing that the default Heritage desktop theme will get a well-deserved revamp soon as part of a new ISO snapshot that should be released very soon.
Those who have used the Chakra GNU/Linux distribution before know that it comes with a specially crafted, in-house built theme for the KDE Plasma 5 desktop environment, called Heritage. We don't even know when was the last time Chakra devs updated the theme, so the time has come for a refreshed version.
Note: Our best free Linux firewalls round-up has been fully updated. This feature was first published in June 2010.
The latest release of Black Lab Linux, an Ubuntu 16.04-based distribution, adds a Unity desktop option. You will not find Unity offered by any other major -- or nearly any minor -- Linux distributor outside of Ubuntu.
Black Lab Linux 8.0, the consumer version of PC/OpenSystems' flagship distro, also updates several other prominent desktop options.
Black Lab Linux is a general purpose community distribution for home users and small-to-mid-sized businesses. PC/OpenSystems also offers Black Lab Enterprise Linux, a commercial counterpart for businesses that want support services.
Black Lab Linux is an outgrowth of OS4 OpenLinux, a distro the same developers released in 2008. Both the community and the commercial releases could be a great alternative for personal and business users who want to avoid the UEFI (Unified Extensible Firmware Interface) horrors of installing Linux in a computer bought off the shelf with Microsoft Windows preinstalled.
Black Lab offers its flagship releases with a choice of self or full support, and both come at a price upon launch. However, you can wait 45 days and get the same release with the self-support option for free. Black Lab Linux 8.0 became available for free late last year.
The development team behind the Debian-based SparkyLinux operating system have announced today, March 8, 2017, the availability of the first unstable builds of the upcoming SparkyLinux 4.6 release.
The developers of the Debian-based Parrot Security OS distribution have announced today, March 8, 2017, the general availability of version 3.5 of the ethical hacking and penetration testing oriented OS.
Parrot Security, the Debian-based distribution just got new release Parrot 3.5 available to download.The Parrot team proudly announced the release of this new release after a call for Beta-testers and final fixes(must be made) based on it. Just a few days back the team has come up with an announcement of a release date as 8th march and here they are.
GNU/Linux developer Arne Exton announced today, March 9, 2017, the immediate availability of a new build of his Gentoo-based exGENT Linux distribution, which the developer dubbed as the best version ever.
exGENT Build 170309 is now available for those who want to install a Gentoo-based distro in less than 10 minutes. It uses the lightweight Xfce 4.12.1 desktop environment by default and the Linux 4.9.12 kernel. The OS is distributed as a Live DVD designed to run only on 64-bit architectures.
So overall, Manjaro 17.0 is quite a good release. It is decently stable and performance is also on decent level. Tough we experience a very little lag few times but it's negligible and can be ignored. Manjaro 17.0 packs with Linux kernel 4.9.13 LTS which provides support for many hardware and works like a charm. We recommend you to use Manjaro Linux once, it has lot to offer and it is made with love from developer team. There are different flavors in Manjaro, The flagships are Xfce and KDE. Soon, community flavors will be released too. We also explained detailed process of installing Manjaro 17.0 here. So, try it out guys and let us know if you have any problem while installing it or using it in comments Smile
A total of five snapshots this week brought openSUSE Tumbleweed users and developers several new packages and an important systemd commit.
Topping this week’s updates were Wireshark, Wayland and KDE Frameworks 5.31.0.
I spent from 2004 to 2014 working at Red Hat, the world's largest open source software engineering company. On my very first day there, in July 2004, my boss Marty Messer said to me, "All the work you do here will be in the open. In the future, you won't have a CV—people will just Google you."
This was one of the unique characteristics of working at Red Hat at the time. We had the opportunity to create our own personal brands and reputation in the open. Communication with other software engineers through mailing lists and bug trackers, and source code commits to mercurial, subversion, and CVS (Concurrent Versions System) repositories were all open and indexed by Google.
There's a bit of a hole in open source that Red Hat's been working to fill. Well, not a hole actually, but a missing feature in access control that is required by many enterprise users.
Red Hat is working to tackle session recording, which means exactly what it says: the recording of everything a user does while working in a system. This is necessary for a variety of reasons, and is often mandated and sometimes required by law for medical and financial institutions. SysAdmins find it useful for things like monitoring what contractors do when given access to a system. And when someone makes a mistake that brings a system down, with session recording in place there's a much better chance of getting back up quickly by seeing what the user did to bring about the crash.
Second, the fedora-hubs team is a good group of people. Welcoming, helpful, and unfailingly polite. I may have only been there for a few months, but I will miss them.
I have completed my summaries of the initial interviews for event creation/planning and ambassadors as resources. I did not manage to translate the CSS from table to div, as things were behaving very oddly when I tried. However, I did pass along the CSS/HTML work I had done to Máirín Duffy.
Our "Watch" series of blog articles continues today with a recent video posted by the community behind the ReactOS project, an open-source initiative to develop a clone of the Windows NT operating system that's binary compatible with Windows.
In the 5-minute long video, you can see an attempt of transforming the upcoming ReactOS 0.5 major release into Fedora Linux by installing the Fedora Transformation Pack, a tool designed for Windows XP and 2003 users who want to emulate the look and feel of Fedora.
I worry that Sketch will be too flexible. I won a license for it, and I should have access to macs in my household that I can play with it on. Indeed, after this internship, I am somewhat more comfortable with the idea of playing with it. I have some visual design knowledge just by frequently referring to the protoypes that Máirín Duffy made.
Enabling systemd-coredump by default is from the perspective of ABRT the biggest change in Fedora 26.
Debian Project, through Salvatore Bonaccorso, has announced the availability of a new Linux kernel security update for the Debian GNU/Linux 8 "Jessie" stable operating system series.
According to Debian Security Advisory DSA-3804-1, a total of nine kernel vulnerabilities discovered recently have been patched in the new kernel version that's not available for installation in the stable repositories of Debian Jessie. "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts," said Salvatore Bonaccorso.
The Tor Project announced the immediate availability of the first point release of the Tor Browser 6.5 stable branch of the open-source, Firefox-based anonymity web browser with enhanced security and privacy features based on Tor.
Just one day after announcing the general availability of the Tails 2.11 anonymous live system, the development team behind this Debian-based distribution released today the second Beta version of the upcoming Tails 3.0 release.
Tails 3.0 will be a major release that will ship with the long-term supported Linux 4.9 kernel (kernel 4.9.13 is installed in this second Beta release), and include all the goodies from the forthcoming Debian GNU/Linux 9 "Stretch" operating system. Tails 3.0 Beta 2 comes with all the changes included in the Tails 2.11 release.
Canonical published several security advisories to inform Ubuntu users about new kernel versions for their Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 16.10 (Yakkety Yak) operating systems.
While the products that Ubuntu provides — such as Canonical Livepatch Service and Juju — are well-known in the cloud community, its corporate stance is not as recognized. It’s hoping to change that perception.
“Ubuntu is a very popular [operating system], and we are most dominant in public cloud,” explained Udi Nachmany, vice president of public cloud at Ubuntu.
NAS boxes have changed a lot over the years. From dumb storage, to multi-user storage, routing and network services, to web servers, to cloud servers, to full-blown media centers and PCs that can perform all of the above. QNAP is one of the leading NAS providers and it’s now releasing a new model with a lot of functionality.
The TS-453Bmini is a 64-bit quad-core 4-bay NAS built using an Intel J3455 Celeron processor, and is an update to the 2015 model, the TS-453mini (no B in the name). It’s a 10W TDP CPU that’s built on Apollo Lake, the successor to Braswell, and is the same generation chip as Kaby Lake (but for low power devices).
It all started with the Raspberry Pi as a Christmas present, and we started with the Raspberry Pi Education Manual as our guide. As a free download, it was a very good primer to get started. Then we moved onto other books, such as Getting Started with Raspberry Pi, and I started to notice some patterns. Those books often covered the same things over and over: getting the system to boot with Raspbian, visual programming with Scratch, and using the GPIO pins. Also, I noticed that the books focused on how to use the disparate features of the Raspberry Pi, but they didn’t have a common goal or theme in mind. Both of these observations led to my next observation that my daughter’s excitement in Raspberry Pi books started to wane because it felt like we were slogging through math textbooks as opposed to reading with an exciting goal in mind.
Congatec’s “Conga-IC175” is a Linux-friendly thin Mini-ITX board with Kaby Lake CPUs, wide-range power, Intel Optane support, and PCIe and M.2 expansion.
Ka-Ro’s rugged, SODIMM-style “TXSD-410E” COM runs Linux with U-Boot on a Snapdragon 410E, and offers WiFi, Bluetooth, LVDS, and a choice of dev kits.
After more than eight years in the hands of consumers, Android is poised to overtake Windows as the most used operating system in the world. This measurement comes by way of web analytics firm StatCounter, which follows trends in worldwide web traffic. Microsoft Windows holds the slimmest of margins over Android, and they could trade positions very soon if current trends continue.
On Wednesday, a security expert noted that hundreds of millions of Android users are at risk following recent revelations resulting from the cache of top-secret CIA documents exposed by WikiLeaks. The documents appear to detail various hacking tools used by the CIA to exploit vulnerabilities in smartphones, tablets, computers, wireless routers, cars and other devices, allowing the agency to spy on people without their knowledge.
Have you ever wanted a complete Linux terminal environment on your Android phone? Not just a terminal emulator with basic commands, but a comprehensive Linux command-line environment with all the utilities and packages you’ve grown accustomed to? If so, then Termux is the answer.
As Google's next-gen artificial intelligence system starts making its way to more and more Android devices, it's a question that's bound to come up plenty. After all, splashy branding aside, Assistant is pretty darn similar to the (far less heavily marketed) Android voice command system that preceded it. But along with all the overlap, Assistant does have some interesting new tricks up its sleeves.
The watchmaker unveiled a partnership with Google to launch the Movado Connect smartwatch collection, which will be powered by the newly updated Android Wear 2.0.
Tommy Hilfiger and Hugo Boss, brands in the Movado licensed portfolio, are also partnering with Google to launch smartwatch collections for fall.
Movado, which has been dabbling in the smartwatch category, is one of the first to design a watch specifically for the new operating system. The Movado Connect collection will be unveiled at the Baselworld trade show, which starts March 23, and will launch this fall. It will include five men’s styles starting at $495 and be available in the U.S., the Caribbean, Canada and the U.K.
It seems like Google is trying to make its mobile platform more convenient to use as the search giant is reportedly working on some assistive features that might make their way to the next version of Android - codenamed Android O. If the newly revealed information is to be believed, Google is working towards adding features that would make use of artificial intelligence to make life easier for Android users. There are also talks of adding gesture triggers to help users perform functions with speed and ease.
One of the perils of launching a clever new feature at the zoo called Mobile World Congress is that clever new things get lost in the noise.
With its P10, one of the three main flagships launched at the show, Huawei quietly introduced a new feature that few people even noticed. It's abolished the Navigation Bar by incorporating the three main functions into a sensor button. In the small world of mobile UX, this is big news; since the Navigation Bar has barely changed over almost a decade. As I've discovered, this changes how you use Android quite significantly. To see why, let's recap how two billion people have grappled with Android so far.
Google spent several extra months on the Android Wear 2.0 update after delaying its release last fall. Now the latest version of Google’s wearable platform has debuted on two new smartwatches, and it’s about to roll out to many of the older devices. Has Google done what it needs to make smartwatches work? Not so much. Google definitely fixed some things in Wear 2.0, but it also broke other things. Here are the best and worst things about Wear 2.0
Teradata today released its data lake management software platform to the open source community. The project aims to help organizations address common challenges in data lake implementation, including skill shortages for engineers and administrators, learning and implementing governance best practices and driving data lake adoption beyond engineers.
Teradata is offering the new open source Kylo project under the Apache 2.0 license, and plans to offer services and support for the platform.
The security industry is recognizing the importance open source has within enterprise applications and ultimately security, according to Forrester research. The Forrester Wave: Software Composition Analysis, Q1 2017 focused on Software Composition Analysis (SCA) and found developers use open source components as their foundation and highlights how security pros are turning to SCA tools to reduce risks.
The six leading providers, according to Forrester, are Black Duck Software, Flexera Software, Sonatype, Synopsys, Veracode, and WhiteSource Software. The report researched, analyzed, and scored each provider to see how each one measures up to help security professionals make the right choices for their organizations.
The one-year-old Hyperledger Project has already come a long way in making the innovative blockchain technology used in Bitcoin a viable option for secure business transactions. That was the clear message from Christopher Ferris in his keynote at the Open Source Leadership Summit in February.
Ferris, the CTO of open technology at IBM and member of Hyperledger’s leadership, said Hyperledger and blockchain technology could be enormously successful in private enterprise securing and verifying rapid, high value, and highly private transactions. Additionally, the collaborative open source foundation is nearing release of its production-ready distributed ledger code base, Fabric.
The Hyperledger project has come a long way in making the innovative blockchain technology used in Bitcoin a viable option for secure business transactions; hear more from Christopher Ferris in this keynote at the Open Source Leadership Summit.
When open source first started to become mainstream in the 90s, there was a good deal of debate about what 'free software' meant.
It wasn't just about something you didn't have to pay for, went the philosophy, it was also about being able to see the source code to understand what was going on, and to make your own changes.
Talk about starting a business based on open source software and the conversation will inevitably shift to Red Hat. That's because the Linux vendor is a shining example of a company that's making money from an open source product. But how easy is it really to establish an open source startup that makes money? For every success story like Red Hat there are companies like Cyanogen that fail to thrive and projects that are abandoned.
It's tempting to believe that the Red Hat business model, which is based around selling subscriptions for support to a maintained and tested version of Linux (or a closely related model that offers consultancy and customization to an open source software solution as well support and maintenance), is the most viable way to make money from open source software. But Sam Myers, a principal at Balderton Capital, a technology venture capital company, says that most open source startups are unlikely to succeed using these business models.
Nolan Lawson is burning up the free/open source web with an essay called What it feels like to be an open-source maintainer, where he describes the contradictory and negative experiences of trying to please hundreds of people who are just trying to get his code to work, where the more emotional and technical work he does to make them happy, the more he ends up with.
The hot new buzz in tech is gRPC. It is a super-fast, super-efficient Remote Procedure Call (RPC) system that will make your microservices talk to each other at lightspeed, or at least that’s what people say. So this article will take a quick look at what it is, and how or when it can fit into your services.
With many organisations having moved to more open source adoption, more than 90% admit there are potential or hidden costs in doing so.
Up to half admit to not taking the different costs of open source into account in their decision-making, such as training, recruiting and replacing employees with essential data science skills.
[...]
What is clear are that many organisations see clear benefits from open source and many are already deploying these solutions, with plans to grow their use of open source.
Respondents listed a number of customer benefits. Almost half believe it can help bring opportunities in terms of a wider range and more personalised products and services. Around four in 10 feel it can help with faster resolution of problems.
The Apache Software Foundation, in conjunction with our friends at the Linux Foundation events team, are proud to announce the schedule for ApacheCon North America - http://events.linuxfoundation.org/events/apachecon-north-america/program/schedule - and Apache Big Data North America - http://events.linuxfoundation.org/events/apache-big-data-north-america/program/schedule
This year was the 15th Annual SCaLE (Southern California Linux Expo) event where I was fortunate enough to both attend and speak at. While this is the 15th year of the, now very well known, conference; it was in fact my first time to attend. I spent majority of my time floating between working the Fedora, Red Hat, and OpenShift booths there in the Expo Hall. I had originally planned to spend more time at the Fedora booth than I did, but the OpenShift crew ended up short staffed because of unexpected travel issues of some of their team members so I filled in the best I could. As expected the interest in containers is at full tilt and people were very interested to see what is going on with OpenShift as it is a Kubernetes distribution with advanced features beyond core Kubernetes, and Kubernetes is easily the most popular container orchestration platform around right now. The Project Atomic Community manager, Josh Berkus was kind enough to lend his Sub-Atomic Cluster (Described in this two-part blog series: Part 1, Part 2) to the booth efforts and that made for some very engaging demos of what OpenShift can accomplish (even though the conference network left something to be desired, but this is nothing new). Over all I think we were able to provide event goers a solid booth destination in their Expo Hall travels.
Last Saturday in Lima, Peru, a group of students and, Fedora and GNOME lovers have celebrated the event called #LinuxPlaya.
Today, I have been interviewed by Lennon Shimokawa (Founder of DevAcademy) to talk about the Free Software situation in Peru and how to get involved in the GNOME and Fedora project since you are interested to do it! This was the preamble for this season:
Do you love to code? Are you a trailblazer in secure app development, IoT or bot app development? Want to share your microservices or container success story? If so, DevNet Create wants you as a speaker at its first annual event May 23-24, 2017, in San Francisco.
Just a few moments ago, Google promoted the Chrome 57 web browser to the stable channel for all supported operating systems, including GNU/Linux, macOS, and Microsoft Windows.
Chrome 57.0.2987.98 is now the newest stable version of the applications, and it looks like it comes with various new features and improvements that have been revealed during its Beta stages of development, such as CSS Grid Layout, an improved "Add to Home" screen, as well as a Media Session API (Application Programming Interface).
As expected, Mozilla kicked off the development of the next major Firefox release, just one day after launching Firefox 52.0 as the new ESR (Extended Support Release) branch for GNU/Linux, macOS, and Microsoft Windows operating systems.
The Mozilla Foundation has has given the world the fifty-second version of the Firefox browser, complete with some significant changes.
Most notable is the eviction of plug-ins. The browser will now only run Flash. Anything else reliant on the Netscape Plugin API (NPAPI) is now verboten. Which means Silverlight, Java and Acrobat are gone, daddy, gone.
The world of the database is one of those areas that sees lots of people obsessing over details that to outside observers would seem trivial. Graph, NoSQL, SQL, distributed—so many choices.
So, when ScyllaDB told me about a funding round that they’d raised and their stated intention to replace Apache Cassandra, I was interested—if slightly skeptical. Not skeptical because of anything I know about ScyllaDB per se, but simply because of the busy-ness of the space.
Italo Vignoli from The Document Foundation (TDF) is informing Softpedia today, March 9, 2017, about the general and immediate availability of the sixth maintenance update to the LibreOffice 5.2 open-source and cross-platform office suite.
With the perceived growth of FLOSS deployments in the world's education sector, we wanted to try to confirm our intuition. What better way of doing so than going directly to the source. In this instance, we reached out to Patrick Masson, Director and General Manager at Open Source Initiative (OSI). He was kind enough to put a lot of time and effort into answering questions in this area. He provides plenty of reasons to confirm our initial thoughts. Please enjoy reading through the immense amount of information Patrick provided to us.
Open Compute Project, the open source data center and hardware design community Facebook founded six years ago, has launched an online marketplace where companies can shop for official OCP-accepted hardware as well as hardware “inspired” by specs and designs open sourced through the project.
While operators of massive, hyper-scale data centers, the likes of Facebook and Microsoft, have used OCP to source hardware that’s custom designed for their workloads and to drive down the cost of their data center hardware by having vendors compete to supply essentially the same products, OCP gear has not been easy to source for smaller data center operators who do not buy at the same volumes.
Facebook is updating its server hardware portfolio with updates of existing designs as well as new server and storage platforms.
Great news! The Netfilter project has been elected by Google to be a mentoring organization in this year Google Summer of Code program. Following the pattern of the last years, Google seems to realise and support the importance of this software project in the Linux ecosystem.
The list of mentoring organizations for this year's Google Summer of Code has been posted and there's a record number of them. The list includes large and well known projects together with smaller and less familiar ones.
The LLVM compiler infrastructure stack and Clang C/C++ compiler front-end will see their version 4.0 release within the next few days.
LLVM/Clang 4.0 has dragged on due to unresolved blockers compared to their targeted release date about two weeks ago, but the good news now that after the additional release candidates, the bugs have been resolved.
This question has generated many pixels’ worth of traffic on the OSI License discuss email list. This post is just a brief summary of a little of the discussion, which has been going on for some weeks and shows no sign of slowing down.
There are currently 80 Open Sourse Initiative-approved open source licenses. It’s nice that the Army (I’m a veteran) wants to not only write software licensed as open source, but OSI-approved open source software. (Go Army!)
But does the Army really need its own special OS license? Should the Air Force have a different one? Will the Navy want a Coastal Combat Open Source License, along with a separate Blue Water Open Source License? That might sound far-fetched, but Mozilla has three separate open source licenses, Microsoft has two, and Canada’s province of Québec also has three. So why shouldn’t the U.S. Department of Defense have a whole slew of open source licenses?
There are five different GPL licenses alone, and I assure you that even the Coast Guard dwarfs the Free Software Foundation in both personnel and resources.
While the US DoD has long utilized open source software as a basic component for development of both classified and unclassified software, this new effort is unique in that it seeks to provide transparent sharing of unclassified software that was developed under DoD contracts.
In Kerala, IT became a compulsory subject in 2003. It was followed by the phased adoption of Free and Open Source Software (FOSS) in 2005. This was done to replace the proprietary software.
A few months ago, someone clued us in on a neat little programmable power supply from the usual Chinese retailers. The DPS5005 is a programmable power supply that takes power from a big AC to DC wall wart and turns it into a tiny bench-top power supply. You can pick one of these things up for about thirty bucks, so if you already have a sufficiently large AC to DC converter you can build a nice 250 Watt power supply on the cheap.
[Johan] picked up one of these tiny programmable power supplies. His overall impression was positive, but like so many cheap products on AliExpress, there wasn’t a whole lot of polish to the interface. Additionally, the DPS5005 lacked the ability to be controlled over a serial port or WiFi.
You should write maintainable code. I assume people have told you this, at some point. The admonishment is as obligatory as it is vague. So, I’m sure, when you heard this, you didn’t react effusively with, “oh, good idea — thanks!”
If you take to the internet, you won’t need to venture far to find essays, lists, and stack exchange questions on the subject. As you can see, software developers frequently offer opinions on this particular topic. And I present no exception; I have little doubt that you could find posts about this on my own blog.
It looks like Facebook could be exploring more from ARM servers in their data centers as they have now brought their HHVM PHP implementation to AArch64.
Imagination Technologies has announced their new PowerVR "Furian" GPU architecture for next-gen graphics and compute performance.
A recent workshop held on the doorstep of policymakers in the United States drew speakers from academic and activist circles to examine the mechanisms in US law which could help lead to lower prescription drug prices.
The United Nations Human Rights Council held a panel discussion yesterday to exchange views on good practices and key challenges relevant to access to medicines. The panel gave a large part of the discussion to the recent report of the United Nations Secretary General’s High-Level Panel on Access to Medicines, much to the chagrin of the European Union and the United States.
Google has revealed its emergency patching efforts to fix a widespread and “pernicious” software vulnerability that affected thousands of open source projects in 2015.
Referred to as “Mad Gadget” by Google (aka the Java “Apache Commons Collections Deserialization Vulnerability” CVE 2015-6420), the flaw was first highlighted by FoxGlove Security in November of that year, months after the first proof-of-concept code garnered almost zero attention.
The Vault 7 document and code cache released yesterday by WikiLeaks revealed that many big software companies were being actively exploited by the CIA. Apple, Microsoft, Google, Samsung, and even Linux were all named as having vulnerabilities that could be used for surveillance.
In the wake of WikiLeaks' Vault 7 CIA leaks, Apple has been quick to point out that vulnerabilities mentioned in the documents have already been addressed. Microsoft and Samsung have said they are "looking into" things, and now the Linux Foundation has spoken out.
Nicko van Someren, Chief Technology Officer at The Linux Foundation says that while it is "not surprising" that Linux would find itself a target, the open source project has a very fast release cycle, meaning that kernel updates are released every few days to address issues that are found.
THE LINUX FOUNDATION has become the latest firm to responded to the revelations that its products have been compromised by the CIA.
Wikileaks on Tuesday published 8,761 documents dubbed 'Year Zero', the first part in a series of leaks on the agency that Wikileaks has dubbed 'Vault 7'.
The whistleblowing foundation claims the document dump reveals full details of the CIA's 'global covert hacking program', including 'weaponised exploits' used against operating systems including Android, iOS, Linux, macOS, Windows and "even Samsung TVs, which are turned into cover microphones".
The Linux Security Modules (LSM) API provides security hooks for all security-relevant access control operations within the kernel. It’s a pluggable API, allowing different security models to be configured during compilation, and selected at boot time. LSM has provided enough flexibility to implement several major access control schemes, including SELinux, AppArmor, and Smack.
The code-execution bug resides in the Apache Struts 2 Web application framework and is trivial to exploit. Although maintainers of the open source project patched the vulnerability on Monday, it remains under attack by hackers who are exploiting it to inject commands of their choice into Struts servers that have yet to install the update, researchers are warning. Making matters worse, at least two working exploits are publicly available.
Blockchain, the distributed ledger technology underlying bitcoin, may prove to be far more valuable than the currency it supports. But it’s only as valuable as it is secure. As we begin to put distributed ledger technology into practice, it’s important to make sure that the initial conditions we’re setting up aren’t setting us up for security issues later on.
Last week was an exciting week for me — I’ve just joined container security specialists Aqua Security and spent a couple of days in Tel Aviv getting to know the team and the product. I’m sure I’m learning things that might be obvious to the seasoned security veteran, but perhaps aren’t so obvious to the rest of us! Here are three aspects I found interesting and hope you will too, even if you’ve never really thought about the security of your containerized deployment before:
On January 29, 5-year-old Sinan al Ameri was asleep with his mother, his aunt, and 12 other children in a one-room stone hut typical of poor rural villages in the highlands of Yemen. A little after 1 a.m., the women and children awoke to the sound of a gunfight erupting a few hundred feet away. Roughly 30 members of Navy SEAL Team 6 were storming the eastern hillside of the remote settlement.
[...]
His mother’s body was found in the early light of dawn, the front of her head split open. The baby was wounded but alive. Sinan’s mother was one of at least six women killed in the raid, the first counterterrorism operation of the Trump administration, which also left 10 children under the age of 13 dead. “She was hit by the plane. The American plane,” explained Sinan. “She’s in heaven now,” he added with a shy smile, seemingly unaware of the enormity of what he had witnessed or, as yet, the impact of his loss. “Dog Trump,” declared Nesma, turning to the other women in the room for agreement. “Yes, the dog Trump,” they agreed.
Trump’s budget would get rid of Energy Star.
The government labeling program for energy-efficient appliances and consumer products is on the chopping block as the president tries to slash spending so he can steer $54 billion more a year to the military.
About 18,000 companies and other organizations are Energy Star partners, voluntarily putting the label on their products that meet efficiency guidelines. That helps consumers identify products that use less energy and thus cost them less to run, and it helps companies market those products.
The Wrap, a Hollywood-focused online publication, has a somewhat bizarre article by First Amendment/entertainment lawyer Susan Seager. It's officially about California's anti-SLAPP law (which we've written plenty about) and how it's popped up in a bunch of cases in Hollywood over the past few years, protecting a number of people and companies from having to go through questionable lawsuits based on their speech. This is exactly what the law is supposed to do. But Seager, for some reason, seems to imply that the law should only be used for "small-town citizens" and shouldn't be used by larger players.
Popular singer Vlado Georgiev, who claimed his recent concert was cancelled because he supports an opposition politician, said that Prime Minister Aleksandar Vucic was wrong to say the event wasn’t censored.
A section of playwrights has expressed fury over the suggested 19 cuts in the Marathi play “Jai Bhim, Jai Bharat” in Mumbai. The play, written by Janardhan Jadhav, throwing light on Dalit atrocities through an imaginary conversation between Ambedkar, Gandhi and a Dalit activist, was scheduled to be staged at Kalyan Theatre on February 7, 2016.
To the list of what can get you censored on a university campus we can now add ‘talking about censorship’.
Now, even this video about the policing of women's sexuality is being policed — by Facebook. Dorian Electra reached out to Refinery29 after an attempt to boost her original post of the video on Facebook was denied, she thinks, because the video was deemed sexually explicit.
When WikiLeaks yesterday released a trove of documents purporting to show how the CIA hacks everything from smartphones to PCs to smart televisions, the agency’s already shadowy reputation gained a new dimension. But if you’re an average American, rather than Edward Snowden or an ISIS jihadi, the real danger clarified by that leak wasn’t that someone in Langley is watching you through your hotel room’s TV. It’s the rest of the hacker world that the CIA has inadvertently empowered.
As security researchers and policy analysts dig through the latest WikiLeaks documents, the sheer number of hacking tools the CIA has apparently hoarded for exploiting zero-day vulnerabilities—secret inroads that tech firms haven’t patched—stands out most. If the US intelligence community knows about them, that leaves open the possibility that criminal and foreign state hackers do as well.
BlackBerry Ltd.’s QNX automotive software, used in more than 60 million cars, was listed as a potential target for the Central Intelligence Agency to hack, according to documents released by WikiLeaks.
CIA meeting notes mention QNX as one of several “potential mission areas” for the organization’s Embedded Devices Branch. The same branch also worked with U.K. spy agencies to develop tools to break into Apple iPhones, Google’s Android system and Samsung smart TVs, according to some of the 8,761 documents WikiLeaks posted Tuesday.
WikiLeaks’ publication of documents detailing the CIA’s vast hacking prowess prompted a rebuke from China’s Foreign Ministry on Thursday over concerns surrounding the security risks caused by the agency’s ability to crack the world’s most widely-used electronic devices.
Chinese Foreign Ministry spokesman Geng Shuang said he was concerned when at asked at a press conference Thursday about Beijing’s response to the latest WikiLeaks release — a cache of documents indicating the CIA can compromise an array of popular tech products, including many made and sold in China.
Wikileaks’ publication of documents detailing CIA hacking tools has prompted calls for government to control spy agencies’ use of vulnerabilities in widely used hardware and software
A digital rights group has called on government to regulate the way their intelligence agencies hoard and use vulnerabilities that affect devices owned by millions of ordinary people.
Michael Hayden, former director of both the CIA and NSA, has blamed the recent WikiLeaks #Vault7 CIA release on millennials, citing Chelsea Manning and Edward Snowden as examples of the younger generation having no loyalty or sense of secrecy.
Edward Snowden, a former employee of the US National Security Agency (NSA), who disclosed electronic spying methods used by the US secret services, should have an opportunity to make his case in court, former NSA Deputy Director Chris Inglis told TASS on the sidelines of the World Cyber Security Congress in London.
So if you've spent any amount of time around here, you probably already know that the security and privacy standards surrounding the internet of (broken) things sit somewhere between high comedy and dogshit. Whether it's your refrigerator leaking your gmail credentials or your children's toys leaking kids' conversations, putting a microphone and camera on everything that isn't nailed down -- then connecting those devices to the internet without thinking about security and privacy -- hasn't been quite the revolution we were promised.
[...]
Again, this might be less of a threat if TV vendors actually took user privacy seriously, utilized system settings that made device functionality transparent, or made it easy to disable functionality of dubious value on demand. But like the rest of the Internet of Things industry, companies were so hyped to use connectivity to hoover up private user data non-transparently, their ethical apathy left the door wide open to intruders (state sponsored or otherwise).
Yet again Wikileaks has come good by exposing just how much we are being spied upon in this brave new digital world – the Vault 7 release has provided the proof for what many of us already knew/suspected – that our smart gadgets are little spy devices.
Several of the tech firms whose products have been allegedly compromised by the CIA have given their first reactions to the claims.
Wikileaks published thousands of documents said to detail the US spy agency's hacking tools on Tuesday.
They included allegations the CIA had developed ways to listen in on smartphone and smart TV microphones.
China expressed concern on Thursday over revelations in a trove of data released by Wikileaks purporting to show that the CIA can hack all manner of devices, including those made by Chinese companies.
Dozens of firms rushed to contain the damage from possible security weak points following the anti-secrecy organization's revelations, although some said they needed more details of what the U.S. intelligence agency was up to.
Widely-used routers from Silicon Valley-based Cisco (CSCO.O) were listed as targets, as were those supplied by Chinese vendors Huawei [HWT.UL] and ZTE (000063.SZ) and Taiwan supplier Zyxel for their devices used in China and Pakistan.
So the new president in the United States of America claim to be surprised to discover that he was wiretapped during the election before he was elected president. He even claim this must be illegal. Well, doh, if it is one thing the confirmations from Snowden documented, it is that the entire population in USA is wiretapped, one way or another. Of course the president candidates were wiretapped, alongside the senators, judges and the rest of the people in USA.
[...]
What I find most sad in this story is how Norwegian journalists present it. In a news reports the other day in the radio from the Norwegian National broadcasting Company (NRK), I heard the journalist claim that 'the FBI denies any wiretapping', while the reality is that 'the FBI denies any illegal wiretapping'. There is a fundamental and important difference, and it make me sad that the journalists are unable to grasp it.
While Trump, the GOP and new FCC boss Ajit Pai really want to kill net neutrality protections for AT&T, Comcast and Verizon, it likely won't happen at the FCC. As it stands, rolling back the rules via the same FCC process that birthed them would require showing the courts that things have dramatically changed since the FCC's major court win last year. Such a process would also involve another lengthy public comment period, during which the record-setting four million public comments filed during the rule creation could appear diminutive.
So if you're an ISP lobbyist looking to kill net neutrality rules, how do you accomplish this without causing a massive public shitstorm? Why you table a bill that pretends to save and protect net neutrality, while wording it to do the exact opposite, of course!
For as long as I've spent time screaming about trademark issues in the alcohol industry in these here pages, I've repeatedly made the point that trademark laws the world over should be more nuanced when it comes to defining competitive marketplaces. The alcohol industries are perfect examples of this, with a fairly discerning customer base that is quite capable of knowing the difference between a beer and a single-malt whisky, or a bottle of wine, or the horror upon humanity that is sangria. But too many governing IP offices and courts take the lazy route of lumping these micro-markets into a macro-market for the purposes of claiming competition in trademark disputes.
But the courts don't always get this question wrong. Some, in fact, do bother to take the time to weigh the sophistication of the likely buyers of products within a marketplace when rendering a decision on a trademark dispute. And that seems to have been at least in part at play in a recent decision to allow a trademark to proceed for a whisky brand despite the objection raised by a beer brewer.
Generic terms that are allowed trademark protection are the bane of those that still believe trademark law serves a useful function. For the law to work as intended, to protect the public's ability to know what they're buying and from whom they are buying it, trademarks need to be both unique and identifying. When the USPTO instead allows for laughably broad terms or words to be trademarked, it steals from trademark proponents the argument of utility.
We've written a ton about Perfect 10 over the years. As we've noted, while the company officially styled itself as a porn magazine company, it was an early form of copyright troll, focusing on suing basically every large company imaginable for being somehow kinda partially related to any of Perfect 10's pictures showing up online. As such, Perfect 10 was astoundingly useful in setting some really fantastic and useful precedents concerning intermediary liability protections, and making sure that third parties and platforms weren't held liable for copyright infringement.
I have only seen part of the newly worded Recital 38, but MEP Comodini Cachia proposes to clarify that the obligation of online service providers to conlcude licensing agreements with rightholders only arises when they are "actively and directly involved in the making available of user uploaded content and where this activity is not of a mere technical, automatic and passive nature".
A couple of years ago, the MPAA was freaking out about a piece of free software called Popcorn Time. Even though it was hugely popular as a result of its ease of use -- and access to large numbers of infringing copies of films -- it had a serious weakness. Since Popcorn Time was basically a BitTorrent client with an integrated media player, it was often possible to track down people who were using it. That fact, and the increasingly heavy-handed legal action taken against some sites that only had a vague connection with the Popcorn Time software, led to people moving on to more discreet alternatives that are based on direct streaming. One of the most popular today is Kodi, which describes itself as a "software media center for playing videos, music, pictures, games, and more." Like Popcorn time, it is also open source, but it does not include a BitTorrent client