Your browser does not support the audio element. Reality 2.0 - Episode 13: Surveillance Marketing

Doc Searls and Katherine Druckman talk to Dr. Augustine Fou about surveillance marketing, ad tech, and privacy.

• Download ogg format

Links mentioned:

If it weren’t for retargeting, we might not have ad blocking

News briefs for January 18, 2019.

openSUSE announces three new Tumbleweed snapshots to start of 2019, which include updates for KDE Plasma, Vim, RE2, QEMU, curl and much, much more. The openSUSE blog post notes that, "all snapshots have either logged or are treading as moderately stable with a rating of 83 or above, according to the Tumbleweed snapshot reviewer. There are more than 300 packages in staging that will likely be released in several snapshots over the coming weeks."

Malware in Google Play used motion sensors in phones to hide itself, triggering only when the phones moved. According to Ars Technica, the malicious apps avoid detection by monitoring "the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers—and possibly Google employees screening apps submitted to Play—are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant." Trend Micro found the malware in two apps: BatterySaverMobi and Currency Converter.

XDA Developers got their hands on a Google Pixel 3 XL with a leaked version of Android Q, giving them a first look at what Google has been working on. First is a system-wide Dark Theme. In addition, it has a huge permissions revamp "in the Settings app that allows you to get an overview of permission access by apps and restrict certain permissions like location only while the app is in use". It also includes new Developer Options, accessibility settings and other miscellaneous changes.

deepin 5.9 has been released. This release fixes several bugs and "adds support for touchscreen gestures and onscreen keyboard, optimizes the using frequency algorithm for application sequence in Launcher mini mode, and introduces a new function - Smart Mirror Switch, hoping to bring users more stable and efficient experiences." You can download the ISO from here.

ZFS On Linux 0.8 is coming soon, and it's expected to be a huge release. Phoronix reports that this update will include "native encryption support, device removal, direct I/O, sequential scrub, pool checkpoints, and a lot of other new features for the first time with this Linux port of the Sun/Oracle ZFS file-system."

News openSUSE Google Mobile Android Security Deepin ZFS

by Kyle Rankin

Why open core software is bad for the FOSS movement.

Nothing is inherently anti-business about Free and Open Source Software (FOSS). In fact, a number of different business models are built on top of FOSS. The best models are those that continue to further FOSS by internal code contributions and that advance the principles of Free Software in general. For instance, there's the support model, where a company develops free software but sells expert support for it.

Here, I'd like to talk a bit about one of the more problematic models out there, the open core model, because it's much more prevalent, and it creates some perverse incentives that run counter to Free Software principles.

If you haven't heard about it, the open core business model is one where a company develops free software (often a network service intended to be run on a server) and builds a base set of users and contributors of that free code base. Once there is a critical mass of features, the company then starts developing an "enterprise" version of the product that contains additional features aimed at corporate use. These enterprise features might include things like extra scalability, login features like LDAP/Active Directory support or Single Sign-On (SSO) or third-party integrations, or it might just be an overall improved version of the product with more code optimizations and speed.

Because such a company wants to charge customers to use the enterprise version, it creates a closed fork of the free software code base, or it might provide the additional proprietary features as modules so it has fewer problems with violating its free software license.

The first problem with the open core model is that on its face it doesn't further principles behind Free Software, because core developer time gets focused instead of writing and promoting proprietary software. Instead of promoting the importance of the freedoms that Free Software gives both users and developers, these companies often just use FOSS as a kind of freeware to get an initial base of users and as free crowdsourcing for software developers that develop the base product when the company is small and cash-strapped. As the company get more funding, it's then able to hire the most active community developers, so they then can stop working on the community edition and instead work full-time on the company's proprietary software.

Go to Full Article

News briefs for January 17, 2019.

Oracle released its first Critical Patch Update of the year this week, which addresses 284 vulnerabilities. eWeek reports that "Thirty-three of the vulnerabilities are identified as being critical with a Common Vulnerabilities Scoring System (CVSS) score of 9.0 or higher."

Red Hat Enterprise Linux and Fedora are dropping MongoDB. ZDNet reports that the decision is due to MongoDB's new Server Side Public License (SSPL), which, according to Red Hat's Technical and Community Outreach Program Manager Tom Callaway, is "intentionally crafted to be aggressively discriminatory towards a specific class of users." ZDNet explains that "specific objection is that SSPL requires, if you offer services licensed under it, that you must open-source all programs that you use to make the software available as a service."

The Linux Foundation has announced its event schedule for 2019. New events for this year include include Cephalocon and gRPC Conf. See the full lineup here.

Firefox is closing its Test Pilot program and moving to a new model. From the announcement: "Migrating to a new model doesn't mean we're doing fewer experiments. In fact, we'll be doing even more! The innovation processes that led to products like Firefox Monitor are no longer the responsibility of a handful of individuals but rather the entire organization. Everyone is responsible for maintaining the Culture of Experimentation Firefox has developed through this process. These techniques and tools have become a part of our very DNA and identity. That is something to celebrate. As such, we won't be uninstalling any experiments you're using today, in fact, many of the Test Pilot experiments and features will find their way to Addons.Mozilla.Org, while others like Send and Lockbox will continue to take in more input from you as they evolve into stand alone products."

GoDaddy recently announced support for AdoptOpenJDK, which provides prebuilt open-source OpenJDK binaries. Charles Beadnall, GoDaddy CTO, says "GoDaddy supports an open access Internet because our 18 million customers depend on the open and equal nature of the Internet to compete with enterprises and corporations with more resources. With this sponsorship, we're proud to provide further support for open-source software and our community of entrepreneur customers."

News Oracle Security Red Hat Fedora MongoDB licensing The Linux Foundation Firefox GoDaddy AdoptOpenJDK

by Zack Brown

Long ago, the Linux kernel started using 00-Index files to list the contents of each documentation directory. This was intended to explain what each of those files documented. Henrik Austad recently pointed out that those files have been out of date for a very long time and were probably not used by anyone anymore. This is nothing new. Henrik said in his post that this had been discussed already for years, "and they have since then grown further out of date, so perhaps it is time to just throw them out."

He counted hundreds of instances where the 00-index file was out of date or not present when it should have been. He posted a patch to rip them all unceremoniously out of the kernel.

Joe Perches was very pleased with this. He pointed out that .rst files (the kernel's native documentation format) had largely taken over the original purpose of those 00-index files. He said the oo-index files were even misleading by now.

Jonathan Corbet was more reserved. He felt Henrik should distribute the patch among a wider audience and see if it got any resistance. He added:

I've not yet decided whether I think this is a good idea or not. We certainly don't need those files for stuff that's in the RST doctree, that's what the index.rst files are for. But I suspect some people might complain about losing them for the rest of the content. I do get patches from people updating them, so some folks do indeed look at them.

Henrik told Jonathan he was happy to update the 00-index files if that would be preferable. But he didn't want to do that if the right answer was just to get rid of them.

Meanwhile, Josh Triplett saw no reason to keep the 00-index files around at all. He remarked, "I was *briefly* tempted, reading through the files, to suggest ensuring that the one-line descriptions from the 00-INDEX files end up in the documents themselves, but the more I think about it, I don't think even that is worth anyone's time to do."

Paul Moore also voiced his support for removing the 00-index files, at least the ones for NetLabel, which was his area of interest.

The discussion ended there. It's nice that even for apparently obvious patches, the developers still take the time to consider various perspectives and try to retain any value from the old thing to the new. It's especially nice to see this sort of attention given to documentation patches, which tend to get left out in the cold when it comes to coding projects.

Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to ljeditor@linuxjournal.com.

Go to Full Article

News briefs for January 16, 2019.

A new open-source hardware project called Alias will keep Amazon and Google smart assistants from spying on you. According to the project's GitHub page, "Alias is a teachable 'parasite' that is designed to give users more control over their smart assistants, both when it comes to customisation and privacy. Through a simple app the user can train Alias to react on a custom wake-word/sound, and once trained, Alias can take control over your home assistant by activating it for you."

A security advisory from Harry Sintonen was issued this week concerning the scp clients in OpenSSH, PuTTY and more. LWN quotes the advisory: "Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output."

A new major release of the open-source Metasploit Framework is now available. According to the Rapid7 blog post, version 5.0 of the penetration-testing tool is the first milestone update since version 4.0 came out in 2011. Along with a new release cadence, "Metasploit's new database and automation APIs, evasion modules and libraries, expanded language support, improved performance, and ease-of-use lay the groundwork for better teamwork capabilities, tool integration, and exploitation at scale."

Mozilla is working on a new Android browser called Fenix. According to ZDNet, this "new non-Firefox browser for Android is apparently targeted at younger people, with Mozilla developers on GitHub tagging the description, 'Fenix is not your parents' Android browser'." In addition, mockups suggest that Fenix developers are "currently toying with the idea of putting the URL bar and home button down at the bottom of user interface."

VirtualBox 6.0.2 was released yesterday, the first maintenance release of the 6.0 series. This release fixed a conflict between Debian and oracle build desktop files, fixed building drivers on SLES 12.4, fixed building shared folder driver with older kernels and much more. See the changelog for all the details.

News Security Metasploit Mozilla Android Fenix VirtualBox Privacy Alias

by Mitch Frazier

 

Even if you're already familiar with the printf command, if you got your information via "man printf" you may be missing a couple of useful features that are provided by bash's built-in version of the standard printf(1) command.

Go to Full Article

by Doc Searls

The more digital we become, the less human we remain.

I had been in Los Angeles only a few times in my life before the October day in 1987 when I drove down from our home in the Bay Area with my teenage son to visit family. The air was unusually clear as we started our drive back north, and soon the San Gabriel Mountains—Los Angeles' own Alps (you can ski there!)—loomed over the region like a crenelated battlement, as if protecting its inhabitants from cultures and climates that might invade from the north. So, on impulse, I decided to drive up to Mount Wilson, the only crest in the range with a paved road to the top.

I could see from the maps I had already studied that the drive was an easy one. Our destination also was easily spotted from below: a long, almost flat ridge topped by the white domes of Mount Wilson Observatory (where Hubble observed the universe expanding) and a bristle of towers radiating nearly all the area's FM and TV signals. The site was legendary among broadcast engineering geeks, and I had longed to visit it ever since I was a ham radio operator as a boy in New Jersey.

After checking out the observatory and the towers, my son and I stood on a promontory next to a parking lot and surveyed the vast spread of civilization below. Soon four visiting golfers from New York came over and started asking me questions about what was where.

I answered like a veteran docent, pointing out the Rose Bowl, Palos Verdes Peninsula, Santa Catalina and other Channel Islands, the Hollywood Hills, the San Fernando Valley, the Jet Propulsion Laboratory, Santa Anita Park and more. When they asked where the Whittier Narrows earthquake had happened a few days before, I pointed at the Puente Hills, off to the southeast, and filled them in on what I knew about the geology there as well.

After a few minutes of this, they asked me how long I had lived there. I said all this stuff was almost as new to me as it was to them. "Then how do you know so much about it?", they asked. I told them I had studied maps of the area and refreshed my knowledge over lunch just before driving up there. They were flabbergasted. "Really?", one guy said. "You study maps?"

Indeed, I did. I had maps of all kinds and sizes at home, and the door pockets of my car bulged with AAA maps of everywhere I might drive in California. I also added local and regional Southern California maps to my mobile inventory before driving down.

Go to Full Article

News briefs for January 15, 2019.

Today is Fedora Test Day for kernel 4.20. To participate, you just need to be able to download the test materials (which include some large files) and read and follow directions. See the wiki page for more information on how to participate.

Netrunner yesterday announced the release of Netrunner 19.01 Blackbird. This desktop distro is based on Debian Testing, and updates with this version include KDE Plasma 5.14.3, KDE Frameworks 5.51, KDE Applications 18.08, Qt 5.11.3 and many more. It also sports a new look and feel called "Netrunner Black" among other changes. You can get the Netrunner 19.01 ISO from here.

Canonical yesterday released a security patch for the GNOME Bluetooth tools to address a security vulnerability with Ubuntu 18.04. Softpedia News reports that security researcher Chris Marchesi discovered the vulnerability in the BlueZ Linux Bluetooth stack, "which made it incorrectly handle disabling Bluetooth visibility, allowing a remote attacker to possibly pair to Bluetooth devices." All Ubuntu 18.04 LTS users should update immediately to the gnome-bluetooth 3.28.0-2ubuntu0.1 and libgnome-bluetooth13 3.28.0-2ubuntu0.1 packages from the official repos. See the wiki for detailed instructions.

Groboards has launched a new "tiny, Adafruit Feather form-factor 'Giant Board' SBC that runs Linux on Microchip's SiP implementation of its Cortex-A5-based SAMA5D SoC and offers 128MB RAM, micro-USB, microSD and I/O including ADC and PWM", Linux Gizmos reports. There's no pricing or availability information yet, but see the OSH Park blog and the Groboards site for specs and more info.

Linspire recently posted its development roadmap for Linspire and Freespire releases for 2019 and 2020. The Linspire CE 8.0 Office 365 Edition is planned for February 21, 2019, with Linspire Server on April 14, 2019. Freespire 4.5 is planned for May 5, 2019 and Freespire 5.0 is scheduled for November 15, 2019.

News Fedora Netrunner Distributions Canonical Security GNOME Ubuntu SBCs Linspire Freespire

Please support Linux Journal by subscribing or becoming a patron.

Please support Linux Journal by subscribing or becoming a patron.

News briefs for January 7, 2019.

Linux 5.0-rc1 was released yesterday. Linus Torvalds wrote: "The numbering change is not indicative of anything special. If you want to have an official reason, it's that I ran out of fingers and toes to count on, so 4.21 became 5.0. There's no nice git object numerology this time (we're _about_ 6.5M objects in the git repo), and there isn't any major particular feature that made for the release numbering either. Of course, depending on your particular interests, some people might well find a feature _they_ like so much that they think it can do as a reason for incrementing the major number. So go wild. Make up your own reason for why it's 5.0."

MIT recently released Scratch 3, the latest version of its visual programming language. The Raspberry Pi blog announced it has upgraded to make this a smooth transition for those who use its free project resources, "whether that be at a Code Club, CoderDojo, Raspberry Jam, or at home, so we've been busy upgrading our resources to work with Scratch 3". In addition, "Scratch 3 versions of all projects in the Code Club Scratch Modules 1–3 and the CoderDojo Scratch Sushi Cards are already live!" See the post for more details related to Scratch 3 on RPi.

Phoronix Test Suite 8.6-Spydeberg Milestone 1 is out. This is the first development snapshot for the "open-source, cross-platform benchmarking software release due out later in Q1". New features for the Phoronix Test Suite include updates for Microsoft Windows Server 2019 (and it'll be a fully supported platform as well), a new "new phoronix-test-suite compare-results-to-baseline sub-command for comparing two result files with treating the first argument as the performance baseline and providing various statistics off that", a "new ShowPostRunStatistics user configuration" and more. You can get the first development snapshot of Phoronix Test Suite 8.6 at GitHub.

Elteria Adventures is "an open-world RPG MMO with world-building features and it's coming to Linux". GamingOnLinux reports that the developer confirmed it will run on Linux, simply saying ""Yes it will. Also on Mac :)" Evidently the Steam page doesn't give many details on what the game will be like, but GamingOnLinux says "it sounds a bit like Minecraft mixed with an RPG and it has a bunch of platforming as the world is built across many floating islands".

The Chromium web browser in Fedora now has Video Acceleration API (VAAPI) support, making "video playback much smoother while using significantly less resources". Fedora is now the second distribution to include the VAAPI patch in its official Chromium package. See the Fedora Magazine post for more info.

News kernel Programming Scratch Raspberry Pi Phoronix gaming Chromium Fedora

by Glyn Moody

How Big Blue became an open-source company.

News that IBM is buying Red Hat is, of course, a significant moment for the world of free software. It's further proof, as if any were needed, that open source has won, and that even the mighty Big Blue must make its obeisance. Admittedly, the company is not quite the behemoth it was back in the 20th century, when "nobody ever got fired for buying IBM". But it remains a benchmark for serious, mainstream—and yes, slightly boring—computing. Its acquisition of Red Hat for the not inconsiderable sum of $34 billion, therefore, proves that selling free stuff is now regarded as a completely normal business model, acknowledged by even the most conservative corporations.

Many interesting analyses have been and will be written about why IBM bought Red Hat, and what it means for open source, Red Hat, Ubuntu, cloud computing, IBM, Microsoft and Amazon, amongst other things. But one aspect of the deal people may have missed is that in an important sense, IBM actually began buying Red Hat 20 years ago. After all, $34 billion acquisitions do not spring fully formed out of nowhere. Reaching the point where IBM's management agreed it was the right thing to do required a journey. And, it was a particularly drawn-out and difficult journey, given IBM's starting point not just as the embodiment of traditional proprietary computing, but its very inventor.

Even the longest journey begins with a single step, and for IBM, it was taken on June 22, 1998. On that day, IBM announced it would ship the Apache web server with the IBM WebSphere Application Server, a key component of its WebSphere product family. Moreover, in an unprecedented move for the company, it would offer "commercial, enterprise-level support" for that free software.

When I was writing my book Rebel Code: inside Linux and the open source revolution in 2000, I had the good fortune to interview the key IBM employees who made that happen. The events of two years before still were fresh in their minds, and they explained to me why they decided to push IBM toward the bold strategy of adopting free software, which ultimately led to the company buying Red Hat 20 years later.

Go to Full Article

by Shawn Powers

I've written about and trained folks on various DevOps tools through the years, and although they're awesome, it's obvious that most of them are designed from the mind of a developer. There's nothing wrong with that, because approaching configuration management programmatically is the whole point. Still, it wasn't until I started playing with Ansible that I felt like it was something a sysadmin quickly would appreciate.

Part of that appreciation comes from the way Ansible communicates with its client computers—namely, via SSH. As sysadmins, you're all very familiar with connecting to computers via SSH, so right from the word "go", you have a better understanding of Ansible than the other alternatives.

With that in mind, I've written a few articles exploring how to take advantage of Ansible. It's a great system, but when I was first exposed to it, it wasn't clear how to start. It's not that the learning curve is steep. In fact, if anything, the problem was that I didn't really have that much to learn before starting to use Ansible, and that made it confusing. For example, if you don't have to install an agent program (Ansible doesn't have any software installed on the client computers), how do you start?

Ansible, Part I: the Automation Framework That Thinks Like a Sysadmin

How to get started with Ansible. Shawn tells us the reason Ansible was so difficult for him at first was because it's so flexible with how to configure the server/client relationship, he didn't know what he was supposed to do. The truth is that Ansible doesn't really care how you set up the SSH system; it will utilize whatever configuration you have. This article will get you set up.  

Ansible, Part II: Making Things Happen

Finally, an automation framework that thinks like a sysadmin. Ansible, you're hired.

Ansible is supposed to make your job easier, so the first thing you need to learn is how to do familiar tasks. For most sysadmins, that means some simple command-line work. Ansible has a few quirks when it comes to command-line utilities, but it's worth learning the nuances, because it makes for a powerful system.

Ansible, Part III: Playbooks

Playbooks make Ansible even more powerful than before.

Go to Full Article

News briefs for January 4, 2019.

Google's Fuchsia OS will have Android app support via Android Runtime. According to 9To5Google, it was expected that Fuchsia would support Android apps, and now "that suspicion has been confirmed by a new change found in the Android Open Source Project, and we can say with confidence that Fuchsia will be capable of running Android apps using the Android Runtime." The article also notes that "How exactly Fuchsia will use the Android Runtime from there is still unclear. This is includes whether the Android Runtime is able to work as expected to replace Linux kernel calls with equivalents from Fuchsia's Zircon kernel or if ART will run inside of a Linux virtual machine using Machina, Fuchsia's virtual machine system."

Linux servers equipped with poorly configured IPMI (Intelligent Platform Management Interface) cards are prone to attack. ITPro Today reports that "since November, black hat hackers have been using the cards to gain access in order to install JungleSec ransomware that encrypts data and demands a 0.3 bitcoin payment (about $1,100 at the current rate) for the unlock key". The post recommends that to secure against these attacks, make sure the IPMI password isn't the default and "access control lists (ACLs) should be configured to specify the IP addresses that have access the IPMI interface, and to also configure IPMI to only listen on internal IP addresses, which would limit access to admins inside the organization's system."

LinuxGizmos has published its 2019 catalog of open-spec Linux hacker boards. These are all "hacker-friendly, open-spec SBCs that run Linux or Android", and LinuxGizmos provides "recently updated descriptions, specs, pricing, and links to details for all 122 SBCs."

USB Type-C is becoming more secure with the launch of the USB Type-C Authentication Program. eWeek reports that the USB-IF (USB-Implementers Forum) is "taking a cryptographic approach to helping protect USB users and devices against potential risks". In addition, "With the authentication specification, compliance with USB specifications is validated in an effort to prevent potentially dangerous devices and chargers from connecting to a system. The specification can also limit the risk of malicious software that might be embedded within a USB device from attacking a system. According to the USB-IF, the authentication specification enables implementors of the standard to authenticate certified USB Type-C chargers, devices, cables and power sources."

Epic Games says it doesn't currently plan to provide a Linux version of its store. GamingOnLinux, quoted this tweet from Sergey Galyonkin, Director of Publishing Strategy for Epic Games, in response to a question on Reddit: "It really isn't on the roadmap right now. Doesn't mean this won't change in the future, it's just we have so many features to implement."

News Google Fuchsia Android Mobile Servers Security SBCs USB gaming

by Joey Bernard

I've covered tons of different scientific applications you can run on your computer to do rather complex calculations, but so far, I've not really given much thought to the hardware on which this software runs. So in this article, I take a look at a software package that lets you dive deep down to the level of the logic gates used to build up computational units.

At a certain point, you may find yourself asking your hardware to do too much work. In those cases, you need to understand what your hardware is and how it works. So, let's start by looking at the lowest level: the lowly logic gate. To that end, let's use a software package named Logisim in order to play with logic gates in various groupings.

Logisim should be available in most distributions' package management systems. For example, in Debian-based distros, install it with the following command:

sudo apt-get install logisim

You then can start it from your desktop environment's menu, or you can open a terminal, type logisim and press Enter. You should see a main section of the application where you can start to design your logic circuit. On the left-hand side, there's a selection pane with all of the units you can use for your design, including basic elements like wires and logic gates, and more complex units like memory or arithmetic units.

Figure 1. When you first start Logisim, you get a blank project where you can start to design your first logic circuit.

To learn how to start using Logisim, let's look at how to set up one of the most basic logic circuits: an AND gate.

Figure 2. You easily can add logic gates to your circuit to model computations.

If you click the Gates entry on the left-hand side, you'll see a full list of available logic gates. Clicking the AND gate allows you to add them to the design pane by clicking on the location where you want them added. At the bottom of the left-hand side, you'll see a pane that displays the attributes of the selected gate. You can use this pane to edit those attributes to make the gate behave exactly the way you want. For this example, let's change the number of inputs value from 5 to 2. The next step is to add an output pin in order to see when the output is either 1 or 0. You can find pins in the wiring section.

Go to Full Article

Your browser does not support the audio element. Reality 2.0 - Episode 11: Moving the Chairs

Katherine Druckman and Doc Searls talk to Petros Koutoupis about his Deep Dive articles, storage, blockchain, and moving chairs.

• Download ogg format

Links mentioned:

• The December issue of Linux Journal
• Blockchain, Part I: Introduction and Cryptocurrency

by Zack Brown

Brendan Higgins recently proposed adding unit tests to the Linux kernel, supplementing other development infrastructure such as perf, autotest and kselftest. The whole issue of testing is very dear to kernel developers' hearts, because Linux sits at the core of the system and often has a very strong stability/security requirement. Hosts of automated tests regularly churn through kernel source code, reporting any oddities to the mailing list.

Unit tests, Brendan said, specialize in testing standalone code snippets. It was not necessary to run a whole kernel, or even to compile the kernel source tree, in order to perform unit tests. The code to be tested could be completely extracted from the tree and tested independently. Among other benefits, this meant that dozens of unit tests could be performed in less than a second, he explained.

Giving credit where credit was due, Brendan identified JUnit, Python's unittest.mock and Googletest/Googlemock for C++ as the inspirations for this new KUnit testing idea.

Brendan also pointed out that since all code being unit-tested is standalone and has no dependencies, this meant the tests also were deterministic. Unlike on a running Linux system, where any number of pieces of the running system might be responsible for a given problem, unit tests would identify problem code with repeatable certainty.

Daniel Vetter replied extremely enthusiastically to Brendan's work. In particular, he said, "Having proper and standardized infrastructure for kernel unit tests sounds terrific. In other words: I want." He added that he and some others already had been working on a much more specialized set of unit tests for the Direct Rendering Manager (DRM) driver. Brendan's approach, he said, would be much more convenient than his own more localized efforts.

Dan Williams was also very excited about Brendan's work, and he said he had been doing a half-way job of unit tests on the libnvdimm (non-volatile device) project code. He felt Brendan's work was much more general-purpose, and he wanted to convert his own tests to use KUnit.

Go to Full Article

News briefs for January 3, 2019.

A recent Privacy International report reveals that "at least 20 out of 34 popular Android apps are transmitting sensitive information to Facebook without asking permission, including Kayak, MyFitnessPal, Skyscanner and TripAdvisor". According to the story on Engadget, "The concern isn't just that apps are oversharing data, but that they may be violating the EU's GDPR privacy rules by both collecting info without consent and potentially identifying users. You can't lay the blame solely at the feet of Facebook or developers, though. Facebook's relevant developer kit didn't provide the option to ask for permission until after GDPR took effect. The social network did develop a fix, but it's not clear that it works or that developers are implementing it properly."

A new version of ExTiX Linux Live DVD—19.1, build 181228—was released yesterday. According to the author, "The best thing with ExTiX 19.1 is that while running the system live (from DVD/USB) or from hard drive you can use Refracta Tools (pre-installed) to create your own live installable Ubuntu system. So easy that a ten year child can do it!" You can download ExTiX 19.1 from SourceForge.

The Peppermint team yesterday announced the release Peppermint 9 Respin-2. This is a bug-fix release, and it fixes three issues in the installation routine. If you have already installed Peppermint 9 Respin successfully (released December 21, 2018), there is not need to re-install this version. See the Release Notes for more information.

Nextcloud founder Frank Karlitschek posted a look back at 2018 and thoughts on the future for 2019. He predicts that "2019 will be a very good year for privacy, open source and decentralized cloud software. Maybe even the mainstream breakthrough of federated and decentralized internet services!" He also writes "I think 2019 could be the year where open source, federated and self-hosted technology hits mainstream, taking on the proprietary, centralized data silos keeping people's personal information hostage. Society becoming more critical about data collection will fuel this development. If you want to make a difference then join Nextcloud or one of the other project that develop open source decentralized and federated solutions. I think 2019 is the year were we can win the internet back!"

Security updates were posted this week for Debian, Fedora, openSUSE and Red Hat. See LWN for links.

News Privacy Android Facebook ExTiX Linux Peppermint Nextcloud Security Debian Fedora openSUSE Red Hat

by Bryan Lunduke

Do you remember your first distro?

The first version of Linux I truly used, for any length of time, was back at the end of the 1990s—in Ye Olden Times, when 56k modems, 3.5" floppies and VGA CRT monitors reigned supreme.

Linux itself had been a thing for a number of years by this point—with both SUSE (then known as the gloriously mixed-case and punctuation-filled S.u.S.E.) and Red Hat doing good business supporting it—when I decided to really give this "Free" operating system a try.

Because I'm a nerd. And that's what we do.

I remember the day well. It was cold. It was rainy. And I was taking an extended lunch break from my job at Microsoft (seriously). My days—and, all too often, nights—spent testing Windows NT 5 (before it was renamed Windows 2000) had taken a toll. I had reached peak "burn out".

After a mildly rejuvenating, two-hour long, burger-eating (and venting about our job) session with a co-worker, we made our way to the big-box computer store close to Microsoft's main campus. Once inside, we bee-lined it for the Operating System section (this was back when computer stores had rows upon rows of actual boxes that contained actual physical media, which, in turn, contained actual software).

Several versions of Windows were on display, and, lo and behold, right there next to them, was S.u.S.E. Linux—in a box. I grabbed it immediately. It was heavy. There were several CDs inside along with a manual (which would turn out to be necessary simply to get the system to boot).

Fifteen minutes later, we were back in my office installing Linux on one of my little Dell towers.

That's right. My first full-time Linux machine? A Microsoft, company-issued work computer. This was my way of "sticking it to the man"—and boy did it feel good.

Were there problems with my first foray into Linux? You bet. The sound card didn't work. Getting an X Server running (with any sort of GUI) was a mildly mystifying process. And, heck, just getting the darn thing to boot took the better part of an afternoon. But, even with those challenges, I was in love.

Thus, my 20-year long hobby of "installing every Linux distribution I can get my grubby little hands on" was born—right there on Microsoft's main campus, using funds I earned from my job at Microsoft, on Microsoft-owned hardware, using Microsoft-supplied electricity and company time.

Shh. Don't tell Ballmer.

From that point onward, one of the things about Linux that always has made me smile is the wide variety of distributions out there in the world. There seems to be one custom-made for every man, woman and child on planet Earth.

Go to Full Article