Get best of the week

FOSS News No. 6 - review of free and open source news for March 2-8, 2020



Hello everyone!

We continue to review the news of free and open source software (and a bit of hardware). All the most important thing about penguins and not only in Russia and the world.

In the issue No. 6 of March 2–8, 2020:

  1. Chrome OS 80 release
  2. Mass revocation of Let's Encrypt certificates
  3. Removing Eric Raymond from the OSI mailing lists and ethical issues in open licenses
  4. What is Linux, and where did hundreds of distributions come from?
  5. Android forked from Google achieves good results
  6. 3 Open Source
  7. Open Source , SUSE
  8. Red Hat
  9. Open Source
  10. Open Source
  11. 17- PPPD Linux-
  12. Fuchsia Google
  13. Session – Open Source
  14. KDE Connect
  15. Porteus Kiosk 5.0.0
  16. APT 2.0
  17. PowerShell 7.0
  18. Linux Foundation OSTIF
  19. InnerSource: Open Source
  20. , 100% Open Source ?
  21. X.Org/FreeDesktop.org is looking for sponsors or will be forced to abandon CI
  22. Most Common FOSS Security Concerns
  23. The evolution of Kali Linux: what is the future of the distribution?
  24. Advantages of Kubernetes in bare-metal cloud infrastructure
  25. Spotify opens source code for Terraform ML module
  26. Drauger OS is another GNU / Linux distribution for games.
  27. 8 knives in the back of Linux: from love to hate, one bug

Chrome OS 80 release




OpenNET announces the release of the new version of ChromeOS 80, an operating system that focuses on web applications and is primarily designed for Chromebooks, but also available through unofficial builds for regular computers with x86, x86_64, and ARM processors. ChromeOS is based on the open Chromium OS and uses the Linux kernel. Major changes to the new version:

  1. ;
  2. Linux- Debian 10;
  3. ;
  4. Ambient EQ, , ;
  5. Android-;
  6. web-;
  7. Added experimental horizontal navigation mode for open tabs, working in the style of Chrome for Android and displaying, in addition to headings, large thumbnails associated with tabbed pages;
  8. Added an experimental gesture control mode that allows you to conveniently control the interface on devices with touch screens.

Details

Mass revocation of Let's Encrypt certificates




OpenNET writes that the nonprofit Let's Encrypt Certification Authority, under community control and offering certificates for free to everyone, has warned of the upcoming revocation of many previously issued TLS / SSL certificates. On March 4, slightly more than 3 million of the 116 million active certificates were revoked, that is 2.6%. "An error occurs if the certificate request covers several domain names at once, each of which requires verification of the CAA record. The essence of the error is that at the time of the re-check, instead of validating all domains, only one domain from the list was re-checked (if the request had N domains, instead of N different checks, one domain was checked N times). For the rest of the domains, the re-verification was not performed and when making the decision, the data of the first verification was used (i.e., data were used that were up to 30 days old). As a result, within 30 days after the first verification, Let's Encrypt could issue a certificate, even if the CAA record value was changed and Let's Encrypt was removed from the list of valid certification authorities, ”the publication explains.

Details

Removing Eric Raymond from the OSI mailing lists and ethical issues in open licenses




OpenNET reports that, according to Eric Raymond, he was denied access to the Open Source Initiative (OSI) mailing lists. Raymond is an American programmer and hacker, the author of the trilogy Cathedral and Bazaar, Populating the Noosphere and The Magic Cauldron, which describes the ecology and ethology of software development, co-founder of OSI. According to OpenNET, the reason was that Eric " too persistently opposed a different interpretation of the fundamental principles prohibiting the license from infringing on the rights of certain groups and discrimination in the field of application ." And another publication reveals Raymond’s assessment of what is happening in the organization - “Instead of the principles of meritocracy and the “show me the code” approach, a new model of behavior is being imposed, according to which no one should feel uncomfortable. The effect of such actions is a decrease in the prestige and autonomy of people who work and write code in favor of self-proclaimed guardians of noble manners . ” Remembering the recent story with Richard Stallman becomes especially sad.

Details

What is Linux, and where did hundreds of distributions come from?




It's FOSS conducts an educational program about what Linux is (a confusion in terminology is really ubiquitous) and where did 100,500 distributions come from, drawing an analogy with engines and various vehicles using them.

Details

Android forked from Google achieves good results




It's FOSS writes that a few years ago, the Eelo project started, started by Gael Duvall, who once created Mandrake Linux. Eelo's goal was to remove all Google services from Android to give you an alternative mobile operating system that does not track you and does not encroach on your privacy. A lot of interesting things happened to Eelo (now / e /) since then and the publication publishes an interview with Duval himself.

Interview

3 Reasons Why System Integrators Should Use Open Source Systems




Security Sales & Integration emphasizes that Open Source systems have special qualities due to which system integrators can create customized solutions specifically for the unique needs of their customers. And there are three reasons

  1. Open source systems are flexible;
  2. Open source systems promote innovation;
  3. Open source systems are simpler.

Details

Open Source is getting bigger and richer, says SUSE




ZDNet discusses the topic of growth in financial inflows in the company's Open Source and gives an example of SUSE. Melissa Di Donato, the new CEO of SUSE, is convinced that the SUSE business model provides an opportunity to grow rapidly. To illustrate this, she pointed to nine years of continuous company growth. Last year alone, SUSE recorded an almost 300% increase in app delivery subscription revenue.

Details

Red Hat expands its certification programs




Red Hat is improving its partnerships built around the company's ecosystem’s cloud solutions through the Red Hat Partner Connect program, according to TFIR. The program offers partners a set of tools and capabilities for automating, enhancing and modernizing modern development for the leading enterprise Linux system Red Hat Enterprise Linux and for the Kubernetes platform Red Hat OpenShift.

Details

Open Source Software Competition Announced to Address Climate Issues




TFIR Announces - IBM and David Clark Cause in partnership with the United Nations Human Rights and the Linux Foundation have announced Call for Code Global Challenge 2020. This competition encourages participants to create innovative programs based on Open Source technologies to help stop and reverse the impact of humanity on climate change.

Details

The future of open source licenses is changing




Computer Weekly wondered about the future of Open Source licenses in light of problems with their free use by corporations. Libraries filled with amazing features written by world-class experts can and should be the foundation upon which new projects are built. This is one of the concepts that made using Open Source software the most efficient way to create new code. However, some Open Source companies believe that their business models are not viable due to cloud services that use their code and earn big money on it without giving anything back. As a result, some place restrictions on their licenses to prevent such use. Does this mean the end of Open Source, the publication wonders and understands the topic.

Details

Linux Foundation Zephyr Project - Opening New Horizons in the IoT World




With a strong emphasis on open source software and platforms, sometimes we lose sight of how hardware continues to evolve thanks to the community’s own development and standardization efforts. The Linux Foundation recently announced its Zephyr project, which is building a secure and flexible real-time operating system (RTOS) for the Internet of Things (IoT). And recently Adafruit joined the project, an interesting company that allows manufacturers to create DIY electronic products.

Details

17-year PPPD vulnerability puts Linux systems at risk of remote attacks




The US-CERT team warned of the critical vulnerability of CVE-2020-8597 in the PPP daemon implemented in most Linux-based operating systems, as well as in various network devices. The problem allows, having generated and sent a special package to the vulnerable device, use buffer overflow, remotely execute arbitrary code without authorization and gain full control over the device. PPPD often works with root privileges, so the vulnerability is especially dangerous. However, there is already a fix and, for example, in Ubuntu, you can fix the problem simply by updating the package.

Details

Fuchsia OS Goes Testing at Google




OpenNET reports - The Open Source operating system Fuchsia, developed by Google, is moving to the stage of final internal testing, which implies that the OS will be used in the daily activities of employees before being provided to ordinary users. The publication recalls, “ As part of the Fuchsia project, Google is developing a universal operating system that can work on any type of device, from workstations and smartphones to embedded and consumer equipment. The development is based on the experience of creating the Android platform and takes into account the shortcomings in the field of scaling and security »

Details

Session - Open Source messenger without the need for a phone number




It's FOSS talks about the new Session messenger, Signal fork. Here are its features:

  1. a phone number is not required (recently, of course, it’s certainly a novelty, but before all messengers somehow lived without it - approx. Gim6626);
  2. the use of a decentralized network, blockchain and other crypto technologies;
  3. cross platform
  4. special privacy options;
  5. group chats, voice messages, sending attachments, in short everything else that is almost everywhere.

Details

KDE Connect project has a website




The KDE VKontakte community reports that the KDE Connect utility has its own website kdeconnect.kde.org . On the site you can download utilities, read the latest project news and learn how to join the development. KDE Connect is a utility for synchronizing notifications and clipboard between devices, file transfer and remote control. KDE Connect is built into Plasma (Desktop and Mobile), comes as an extension for GNOME (GSConnect), and is available as a standalone application for Android and Sailfish. Early builds for Windows and macOS have been prepared, ”explains the community.

Source

Porteus Kiosk 5.0.0 Release




Linux.org.ru announces the release of a new version 5.0.0 of the Porteus Kiosk distribution for quick deployment of demo stands and self-service terminals. The image size is only 104 mb. “The Porteus Kiosk distribution includes the minimum environment required to launch a web browser (Mozilla Firefox or Google Chrome) with limited rights - settings, applications or add-ons are prohibited, access to pages that are not in the white list is denied. There is also a pre-installed ThinClient for the terminal to act as a thin client. The distribution is configured using a special setup wizard combined with the installer - KIOSK WIZARD. After loading, the OS verifies all components by checksums, and the system is mounted in a read-only state."- writes the publication. Major changes to the new version:

  1. the package base is synchronized with the Gentoo repository on 2019/09/08:
    1. the kernel has been updated to Linux 5.4.23;
    2. Google Chrome updated to version 80.0.3987.122;
    3. Mozilla Firefox updated to version 68.5.0 ESR;
  2. a new utility for adjusting the speed of the mouse cursor;
  3. Now you can configure different intervals for changing browser tabs in kiosk mode;
  4. Firefox taught to display images in TIFF format (through intermediate conversion to PDF);
  5. the system time is now synchronized with the NTP server every day (previously, synchronization worked only when the terminal was rebooted);
  6. A virtual keyboard has been added to facilitate entering the session password (previously a physical keyboard was required).

Source

APT 2.0 Package Manager Release




OpenNET announces the release of version 2.0 of the Advanced Package Tool (APT) developed by the Debian project. In addition to Debian and its derived distributions (e.g. Ubuntu), APT is also used in some distributions based on the rpm package manager, such as PCLinuxOS and ALT Linux. The new release will soon be integrated into the Debian Unstable branch and the Ubuntu package base. Some innovations:

  1. support for templates in commands that accept package names;
  2. added a “satisfy” command to satisfy the dependencies specified in the string passed as an argument;
  3. adding packages from other branches without updating the entire system, for example, it became possible to install in stable packages from testing or unstable;
  4. waiting for the dpkg lock to be released (if it fails, it displays the name and pid of the process holding the lock file).

Details

PowerShell 7.0 Shell Release




Microsoft introduced the release of the PowerShell 7.0 command shell, the source code of which was opened in 2016 under the MIT license, according to OpenNET. The new release has been prepared not only for Windows, but also for Linux and macOS. PowerShell is optimized to automate command line operations and provides built-in tools for processing structured data in formats such as JSON, CSV and XML, and also supports REST APIs and object models. In addition to the command shell, an object-oriented language for developing scripts and a set of utilities for managing modules and scripts are offered, ”the publication explains. Among the innovations added in PowerShell 7.0:

  1. (pipeline) «ForEach-Object -Parallel»;
  2. «a? b: c»;
  3. "||" "&&";
  4. "??" "??=";
  5. ;
  6. Windows PowerShell;
  7. ;
  8. DSC (Desired State Configuration) PowerShell.



Linux Foundation OSTIF





The Security Lab reports that the Linux Foundation and the Open Source Technology Improvement Fund (OSTIF) have partnered to enhance the security of open source software for enterprise users through a security audit. “A strategic partnership with OSTIF will enable the Linux Foundation to expand its efforts in conducting security audits. OSTIF will be able to share its resources for conducting an audit through the CommunityBridge platform launched by the Linux Foundation and other organizations supporting developers and projects, ”the publication explains.

Details

InnerSource: How Open Source Best Practices Help Enterprise Development Teams




Security Boulevard writes that open source legends say that Tim O'Reilly coined the term InnerSource back in 2000. Although O'Reilly admits that he does not remember to coined the term, he did not forget to recommend IBM in the late 1990s to adopt some elements that make open source magic, namely “collaboration, community and low barriers to entry for those who wanted to share with each other. " Today, more and more organizations are adopting InnerSource as a strategy, using methods and philosophies that provide the foundation for open source and make it great for improving their internal development processes.

Details

How does it feel to run a 100% open source business?




SDTimes raises the topic of the (un) light share of companies doing business related to Open Source. Although database experts, in particular, agree that open source is becoming the norm, the question remains, how open is open source software in this sector? Can software providers really succeed in a 100% open source company? Also, can a freemium-level provider of their own infrastructure software achieve the same benefits as open source providers? How to make money on Open Source? The edition tried to answer these questions.

Details

X.Org/FreeDesktop.org is looking for sponsors or will be forced to abandon CI




Phoronix reports financial problems with the X.Org Foundation. The fund estimates its annual hosting costs this year at $ 75,000 and predicts spending at $ 90,000 for 2021. Gitlab.freedesktop.org is hosted on the Google Cloud. Due to rising costs and the lack of guaranteed regular sponsors, while current hosting costs are unstable, the X.Org Foundation may need to disable the CI function (which takes about $ 30,000 a year) in the coming months if they do not receive additional funding . The X.Org Foundation Board published an early warning on the mailing list and a call to any sponsors. GitLab FreeDesktop.org provides hosting not only for X.Org, but also for Wayland, Mesa and related projects, as well as for networks such as PipeWire, Monado XR,LibreOffice and many other open source desktop projects complement the publication.

Details

Most Common FOSS Security Concerns




Analytics India Mag Tackles FOSS Security Topic. Free and open source software has become an important aspect of the global economy of the new century. It was analyzed that FOSS makes up about 80-90% of any particular piece of modern software. It should be noted that software is becoming an increasingly important resource for almost all enterprises, both public and private. But there are many problems with FOSS, according to the Linux Foundation, the publication writes and lists the most common:

  1. analysis of the long-term safety and health of open source free software;
  2. lack of standardized naming;
  3. security of individual developer accounts.

Details

The evolution of Kali Linux: what is the future of the distribution?




HelpNetSecurity recalls the past of the most popular Kali Linux vulnerability testing distribution and raises the question of its future, analyzing the distribution user's database, development and feedback, development and future plans.

Details

Advantages of Kubernetes in bare-metal cloud infrastructure




Ericsson discusses the use of Kubernetes in a cloud infrastructure without virtualization and states that the cost savings for deploying Kubernetes on bare metal compared to virtualized infrastructure can reach 30% depending on the application and configuration.

Details

Spotify opens source code for Terraform ML module




InfoQ reports - Spotify opens its Terraform module to launch the Kubeflow machine learning pipeline software in the Google Kubernetes Engine (GKE). By switching their own ML platform to Kubeflow, Spotify engineers have accelerated the path to production and are carrying out 7 times more experiments than on the previous platform.

Details

Drauger OS is another GNU / Linux distribution for games.




It's FOSS writes - for years (or decades), people have complained that one of the reasons not to use Linux is the lack of mass gaming. Linux games have improved significantly over the past few years, especially with the advent of the Steam Proton project, which allows you to play many games originally created for Windows only on Linux. Continuing this trend is the distribution of Drauger OS, based on Ubuntu. Drauger OS has several applications and tools installed out of the box to improve gameplay. This includes:

  1. Playonlinux
  2. WINE
  3. Lutris
  4. Steam
  5. Dhvk

There are other reasons why gamers might be interested in them.

Details

8 knives in the back of Linux: from love to hate, one bug




3D News decided to take apart GNU / Linux "by the bones" and present all the accumulated claims to the product itself and the community, although it may have caught up with black colors. The analysis goes on points, an attempt is made to refute the following arguments:

  1. Linux is everywhere;
  2. Linux is free;
  3. Linux is free;
  4. Linux is safe;
  5. On Linux, the best way to distribute software;
  6. There are no software issues on Linux;
  7. Linux works more efficiently with resources;
  8. Linux is convenient.

But he completes the publication on a positive note and, answering the question about who is to blame for all the problems mentioned with GNU / Linux, writes “ We! Linux is a wonderful, versatile, flexible and powerful operating system with, alas, not the best community around . ”

Details


That's it, until next Sunday!

Subscribe to our Telegram channel or RSS in order not to miss the new issues of FOSS News.

Previous issue

More articles:


All Articles