Google is still in the process of updating some of its smartwatches to Wear OS 2.2 H, but in a bid to stay ahead of the curve, or totally confuse us, version 2.3 of the wearable operating system is also being rolled out. Go figure!

As part of the update, the Home app has been updated from version 2.20 to 2.21, which has a number of improvements including a slight change of design, improved health coaching and what they call more “proactive” help from Google Assistant.

• Create a Kubernetes cron job in OKD

• OpenBSD install MariaDB database server

• How to find cpu minimum, current & maximum frequency in linux ?

• Linux How do I display failed login attempt?

• Easily Set CPU Governor (Performance / Powersave) And Monitor CPU Frequency In Gnome Shell With CPUFREQ Extension

Today KDE launches the beta release of Plasma 5.15.

For the first release of 2019, the Plasma team has embraced KDE's Usability & Productivity goal. We have teamed up with the VDG (Visual Design Group) contributors to get feedback on all the papercuts in our software that make your life less smooth, and fixed them to ensure an intuitive and consistent workflow for your daily use.

Plasma 5.15 brings a number of changes to our configuration interfaces, including more options for complex network configurations. Many icons have been added or redesigned. Our integration with third-party technologies like GTK and Firefox has been made even more complete. Discover, our software and add-on installer, has received a metric tonne of improvements to help you stay up-to-date and find the tools you need to get your tasks done.

Also: KDE Plasma 5.15 Desktop Environment Enters Beta, Promises Numerous Improvements

KDE Plasma 5.15 Beta Released With Some Grand Improvements

• SalesAgility Launches SuiteCRM 7.11

  SalesAgility has released SuiteCRM 7.11 with several bug fixes, new workflows, Elasticsearch, and Google calendar synchronization.

  Elasticsearch is an open-source RESTful search engine to centrally store and index data. SuiteCRM will now provide users a faster and more scalable way to perform full text searches via Global Search on larger data volumes than before.

• The essential guide to open source virtualization platforms

  Open source virtualization platforms offer adopters the chance to reduce licensing costs and avoid vendor lock-in, while still providing robust virtualization features.

  IT administrators who adopt open source might have less support than they would from a major vendor, so they must be adept at troubleshooting or garnering help from open source communities. Open source virtualization adopters might also consider vendors such as Red Hat that can provide support and integration services.

• WordPress Partners with Google News to Launch Open Source Platform for Newsrooms

  On January 14, 2019, WordPress announced the launch of Newspack by WordPress, an Open Source Platform for Newsrooms which will begin operations in mid-2019 with backing from ConsenSys, Civil media and others.

• Automattic announces Newspack to help news organizations publish and monetize

  WordPress,  the open-source project that lets you create websites on WordPress.com, is already a solid content management system (we use it at TechCrunch). But it becomes more difficult to use once you want to monetize your content using subscriptions, metered paywalls and user accounts. WordPress doesn’t have a native solution for that.

  That’s why Automattic  is working on a platform for news organizations — think about it as a version of WordPress specifically designed for news organizations. The company wants to help local news organizations more specifically, as those media companies don’t necessarily have a ton of development resources.

• Open Call for Humanitarian Design Challenges

  All designs and documentation of the solution will be freely published online as Open Source, to the benefit of you, users and other stakeholders, future (student) teams and anyone interested.

• Linux 4.20.3

• Linux 4.19.16

• Linux 4.14.94

• Linux 4.9.151

• Linux 4.4.171

Last week I reported on ZFS On Linux breaking with Linux 5.0 due to some kernel symbols sought by this out-of-tree file-system driver no longer being exported and the upstream developers not willing to adjust for the ZoL code. That's still the case but the ZFS On Linux developers have a patch so at least the file-system driver will be able to build on Linux 5.0.

This ZOL + Linux 5.0 issue stems from a set of functions used by this ZFS Linux port for vectorized file-system checksums no longer being exported. The kernel developers don't want to re-export the functionality since as Greg Kroah-Hartman put it, "my tolerance for ZFS is pretty non-existant."

Since that Phoronix article last week, Greg KH followed up on the mailing list with, "Sorry, no, we do not keep symbols exported for no in-kernel users." Longtime Linux kernel developer Christoph Hellwig also suggested users switch instead to FreeBSD if caring about ZFS.

• Create Panda 3D Game Project

  Hello, do you still remember that I have mentioned to you before that I will start another game project alongside the new pygame project? Well, I have not decided yet which game framework should I use to build the python game. Yesterday I had just came across Panda 3D which is a very attractive game framework that we can use to create the python game.

• Top technical skills that will get you hired in 2019

  Landing the perfect IT job is never easy, but certain technical skills can smooth the way, especially if they’re in high demand. Job search platform Indeed has analyzed the fastest-growing terms used by job seekers when searching for tech jobs in 2019, and the results represent some significant changes over last year.

  “When people look for new jobs, they often use search terms that describe cutting-edge skills associated with the jobs they want,” says Daniel Culbertson, economist at Indeed. “On the employer side, the highly specialised tech talent who have these proficiencies are in great demand.”

• 5 open source Go tools for tuning up your Golang mastery

  Love programming in Go? It’s hard not to fall in love with it, we know! Today we browsed through some Golang tools on GitHub and picked some of our favorites from the list. Far from exhaustive, this list highlights some of the best in show.

• Executing Shell Commands with Python

• Introduction to Python

• Convert video from one format to another with python

• L10n report: January edition

• HyperRogue, the unique roguelike with a non-Euclidean world has been updated

  Probably one of the most unique roguelikes around, HyperRogue has such a mind-bending world it's really quite something. See my previous thoughts here.

  Taking place in a non-Euclidean world it can be a little confusing and it certainly is a difficult game. I've never managed to get very far from it, but it's so incredibly interesting it's a game I regularly come back to just to explore some more.

• The Tyranids have arrived in Warhammer 40,000: Gladius

  Things are about to get a little more intense on Gladius Prime as the Tyranids have arrived to consume everything in their path.

• Warhammer 40,000: Mechanicus updated, fixes a few Linux issues and it's looking great

  Warhammer 40,000: Mechanicus update 1.1.1 is out and the Linux beta has seen some nice fixes making it in.

  While the Linux version still remains in a "soft" launch phase (not officially advertised), it's good to see Bulwark Studios and Kasedo Games give it some attention.

• Dis Pontibus will have you solve puzzles and connect islands together in a procedurally-generated archipelago

  Who would have thought something as simple as connecting blocks together could be so good? Dis Pontibus will keep you going for hours.

• Comedy point and click adventure 'Guard Duty' to arrive on Linux this Spring, looks awesome

  If you need a sprinkle of comedy in your life, the comedic point and click adventure Guard Duty looks like it could hit the spot.

  Not one I had heard of until today, I will be honest. Looking over it, Guard Duty was funded on Kickstarter back in March of 2017. Linux was noted as a platform back then and they're still very clearly advertising Linux support—awesome!

• LandTraveller, the really sweet 2D RPG had a pretty huge update recently

  LandTraveller from WolfCoder Workshop is a sweet 2D RPG that combines elements from traditional action-RPGs with sandbox building options and it continues to grow.

The release of Sailfish 3 has been a gratifying milestone for Jolla. Each new update completes the circle of the Sailfish 3 era, step by step, delivering new features and adding value to Sailfish OS.

This time, our name pick fell upon the woodlands of Sipoonkorpi. Sipoonkorpi is a 19 km² Finnish National park located in the municipalities of Helsinki, Vantaa and Sipoo. Sipoonkorpi is well known for its peaceful settings that combine nature and small villages to create an astonishing view.

Also: Sailfish OS "Sipoonkorpi" Brings Firewall Improvements, Redesigned Image Editing

• HMD released the source code for Nokia 8 Sirocco

  The Open source releases webpage was refreshed once more, now with the source code files for beautiful Nokia 8 Sirocco.

• AWS mixes toxic cocktail for open source

  There is currently a crisis unfolding in the open source world, with a number of companies changing their licensing to protect revenue. This has arisen due to a potentially toxic situation where public cloud providers have introduced managed services based on free open source products.

• MongoDB "open-source" Server Side Public License rejected

  MongoDB is open-source document NoSQL database with a problem. While very popular, cloud companies, such as Amazon Web Services (AWS), IBM Cloud, Scalegrid, and ObjectRocket has profited from it by offering it as a service while MongoDB Inc. hasn't been able to monetize it to the same degree. MongoDB's answer? Relicense the program under its new Server Side Public License (SSPL). Open-source powerhouse Red Hat's reaction? Drop MongoDB from Red Hat Enterprise Linux (RHEL) 8.

• Amazon Ditches MongoDB, Launches Rival

  The rationale given by Amazon is that customers find it challenging to build performant, highly available applications on MongoDB that can quickly scale to multiple Terabytes because of the complexity that comes with setting up and managing MongoDB clusters. Amazon DocumentDB implements the Apache 2.0 open source MongoDB 3.6 API by emulating the responses that a MongoDB client expects from a MongoDB server, allowing customers to use their existing MongoDB drivers and tools with Amazon DocumentDB.

  However, there's a lot that's not included in that view of the situation. Amazon and AWS has in the past been criticized for taking open-source software, doing some work on it then rebranding it without necessarily playing fair with the original developers. The thinking seemed to be that just having Amazon using your software was enough of a reward.

• AWS has broken open source software

  Amazon Web Services (AWS) and other infrastructure as a service companies have broken the standard open source revenue model. The former model was that you wrote software to solve a problem you were having. This was usually a problem being experienced by many people. You could earn a decent living supporting the software you created since you were the creator of the software. People would come to you with questions or pay you to create additional functionality.

  Let’s say you created software to store lots of information in computer memory and retrieve it quickly. This is something that many other people would like to do too. Rather than write their own software they will use the software and pay you for support when they have questions or issues.

  If Amazon Web Services (AWS) or other infrastructure as a service companies decide to use your software, suddenly users of your software have a decision: do they pay Amazon to support the software or do they pay you for support. In general, most companies will choose Amazon since they are a well-known commodity and that is the decision with the least risk.

• Why I Just Sold Most of My MongoDB Stake

  The "Death Star" has reared its head for MongoDB. Not the Death Star from Star Wars , but the company that cable mogul John Malone once compared to that ominous space station: Amazon (NASDAQ: AMZN) .

  Amazon Web Service's huge cloud infrastructure has allowed the company to expand into databases over time, but its efforts had been limited to the Aurora SQL database and the DynamoDB database. Dynamo is a nonrelational database closer to MongoDB; however, DynamoDB was not open-source, like MongoDB.

• Open Source Software At A Crossroads

  Last week, AWS announced on its blog the launch of DocumentDB, a MongoDB-compatible database. As some pundits have pointed out, this is clearly a reaction to MongoDB, Inc.’s new and highly-restrictive license called the Server Side Public License (SSPL)—a move which the publicly-traded MongoDB made in order to protect its revenue position.

  Earlier last year, Redis Labs learned a hard lesson in community relations management when it took a less dramatic step: while offering its Redis database under a permissive license, it changed the licensing on its add-on modules to the “Commons Clause”, so service providers would need to pay for their use. While communication could have been clearer, the action itself is similar in intent to what MongoDB did, and to what many other open source companies have attempted or plan to attempt to do.

• Telefónica Validates Wind River’s Cloud Platform for its Unica Project

  The testing included work on the functional components of the Wind River virtualization platform. It also included interoperability testing of the Titanium Cloud with Open Source MANO (OSM) orchestration. OSM is the open source group hosted by ETSI that’s working on management and network orchestration.

  The validation testing was conducted at Telefónica’s NFV Reference Lab in Madrid, Spain. The operator requires all vendors that want to provide virtual network functions (VNFs) to its Unica project to prove their products in the lab.

• An open-source rocket could reshape society in “A Theory of Flight”

  In Justina Ireland's original short story, a daring plan to build an open-source rocket could help more people escape Earth.

• Banco Carregosa goes open with PaymentComponents

• FoundationDB opens Apple's database sauce

• Global Technology Provider Profesia Becomes a WSO2 Value-Added Reseller Partner in Italy

• WSO2 reveals plans to support open-source communities in 2019

• Apple’s FoundationDB open sources the database layer behind CloudKit

• Apple's FoundationDB to use new Record Layer Open Source

• Apple's FoundationDB takes new Record Layer open source, confirms tech underpins CloudKit

• FoundationDB open-sources FoundationDB Record Layer with schema management, indexing facilities and more

• Embedded System Security Solutions Expanded with New Commits To Open Source seL4 Community

• Baidu Announces Open-Source Edge Computing Platform OpenEdge

• Baidu introduces Apollo 3.5, Apollo Enterprise in major advancements to Apollo autonomous driving ecosystem

• Baidu open sources ‘OpenEdge’ to create a ‘lightweight, secure, reliable and scalable edge computing community’

• ECS Taps Elastic’s Open Source Technology for Big Data Services; George Wilson Quoted

• Elastic: Steer Clear Amid Steep Valuation

• Alfresco and Tech Mahindra Extend Partnership, Reimagine Business Processes by Delivering New Machine Learning Solutions for the Digital Customer

• Alibaba Group Holding Limited (NYSE:BABA) isn't selling cloud infrastructure, but unique AI services built on open source

• Umbraco Apps Launches with ‘Best of Breed’ Extensions for Open Source Content Management System

• Major Security Breach Discovered Affecting Nearly Half of All Airline Travelers Worldwide

  According to ELAL, the bug stems from their supplier Amadeus’ (https://amadeus.com/en/industries/airlines) online booking system, which controls a staggering 44% market share of airlines operating worldwide, including United Airlines, Lufthansa, Air Canada, and many more. While booking a flight with ELAL, we received the following link to check our PNR: https://fly.elal.co.il/LOTS-OF-NUMBERS-HERE.

  By simply changing the RULE_SOURCE_1_ID, we were able to view any PNR and access the customer name and associated flight details.

• Kubernetes flaw shows API security is no ‘set & forget’ deal

  When a report surfaced last month detailing a ‘severe vulnerability’ in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, many of us will have wondered what the deeper implications of this alleged flaw could mean.

  Although the flaw was quickly patched, it allowed any user to escalate their privileges to access administrative controls through the Kubernetes API server.

• WordPress to show warnings on servers running outdated PHP versions

• Top 10 app vulnerabilities: Unpatched plugins and extensions dominate

• This Clever New Ransomware Attempts To Steal Your PayPal Credentials

  Meanwhile, PayPal offers two factor authentication which, when turned on, can offer a vital extra layer of security should your password and username be compromised, Moore says.

• A deep dive into the technical feasibility of Bloomberg's controversial "Chinese backdoored servers" story

  These denials also don't add up: Bloomberg says it sourced its story from multiple (anonymous) sources who had direct knowledge of the incidents and who had been employed in the named organizations while they were unfolding. Bloomberg stood by its reporting, and implied that the idea that all these sources from different organizations would collude to pull off a hoax like this.

  Faced with the seemingly impossible task of sorting truth from hoax in the presence of contradictory statements from Big Tech and Bloomberg, technical experts began trying to evaluate whether the hacks attributed to the Chinese spy agencies were even possible: at first, these analyses were cautiously skeptical, but then they grew more unequivocal.

  Last month, Trammell Hudson -- who has developed well-regarded proof-of-concept firmware attacks -- gave a detailed talk giving his take on the story at the Chaos Communications Congress in Leipzig.

• Android Studio 3.3 stable release is now available, Google announces an update to Project Marble

• How to Free Up RAM on Android and When to Avoid it

• A new Motorola Razr will be released this year as a $1,500 foldable phone

• Android Q leak reveals system-wide dark mode and bigger emphasis on privacy

• How picture-perfect are multi-lens Android smartphone cameras?

• Class of 2018: Five best Android phones that weren’t released in the U.S.

• Nokia 3.1 and Nokia 5.1 January 2019 Android security patch rolling out

• Asus ZenFone Max M2 Review: Good battery life and stock Android but underwhelming cameras

There seems to be a mad rush at the beginning of every year to find ways to be more productive. New Year's resolutions, the itch to start the year off right, and of course, an "out with the old, in with the new" attitude all contribute to this. And the usual round of recommendations is heavily biased towards closed source and proprietary software. It doesn't have to be that way.

Here's the fifth of my picks for 19 new (or new-to-you) open source tools to help you be more productive in 2019.

• US Patent Lawyers Will Need to Change Profession or End up Becoming Abundantly Redundant, Unemployed
• Brexit Has Failed, But So Has the Unitary Patent (UPC)
• Links 16/1/2019: Deepin 15.9 Released and Mozilla Fenix

• What should be in the Python standard library?

  Python has always touted itself as a "batteries included" language; its standard library contains lots of useful modules, often more than enough to solve many types of problems quickly. From time to time, though, some have started to rethink that philosophy, to reduce or restructure the standard library, for a variety of reasons. A discussion at the end of November on the python-dev mailing list revived that debate to some extent.

  Jonathan Underwood raised the issue, likely unknowingly, when he asked about possibly adding some LZ4 compression library bindings to the standard library. As the project page indicates, it fits in well with the other compression modules already in the standard library. Responses were generally favorable or neutral, though some, like Brett Cannon, wondered if it made sense to broaden the scope a bit to create something similar to hashlib but for compression algorithms.

• A new free-software forge: sr.ht

  Many projects have adopted the "GitHub style" of development over the last few years, though, of course, there are some high-profile exceptions that still use patches and mailing lists. Many projects are leery of putting all of their project metadata into a proprietary service, with limited means of usefully retrieving it should that be necessary, which is why GitLab (which is at least "open core") has been gaining some traction. A recently announced effort looks to kind of bridge the gap; Drew DeVault's sr.ht ("the hacker's forge") combines elements of both styles of development in a "100% free and open source software forge". It looks to be an ambitious project, but it may also suffer from a lack of "social network" effects, which is part of what sustains GitHub as the forge of choice today, it seems.

  The announcement blog post is replete with superlatives about sr.ht, which is "pronounced 'sir hat', or any other way you want", but it is a bit unclear whether the project quite lives up to all of that. It combines many of the features seen at sites like GitHub and GitLab—Git hosting, bug tracking, continuous integration (CI), mailing list management, wikis—but does so in a way that "embraces and improves upon the email-based workflow favored by git itself, along with many of the more hacker-oriented projects around the net". The intent is that each of the separate services integrate well with both sr.ht and with the external ecosystem so that projects can use it piecemeal.

  There are two sides to the sr.ht coin at this point; interested users can either host their own instance or use the hosted version. For now, the hosted version is free to use, since it is still "alpha", but eventually one will need to sign up for a plan, which range from $2 to $10 per month, to stay on the hosted service. There are instructions for getting sr.ht to run on other servers; it uses nginx, PostgreSQL, Redis, and Python 3 along with a mail server and a cron daemon.

• Wing Python IDE 6.1.4

  This minor release fixes using typing.IO and similar classes as type hints, improves handling of editor splits in goto-definition, fixes failure to install the remote agent, and fixes failure to convert EOLs in the editor. See the change log for details.

• LF – A Nifty Terminal File Manager For Linux Systems

• How to Mount Windows Partitions in Ubuntu

• How to install Shutter on Linux Mint 19.1

• Simple guide to configure Nginx reverse proxy with SSL

• The rest of the 5.0 merge window

  Linus Torvalds released 5.0-rc1 on January 6, closing the merge window for this development cycle and confirming that the next release will indeed be called "5.0". At that point, 10,843 non-merge change sets had been pulled into the mainline, about 2,100 since last week's summary was written. Those 2,100 patches included a number of significant changes, though, including some new system-call semantics that may yet prove to create problems for existing user-space code.

• A setback for fs-verity

  The fs-verity mechanism, created to protect files on Android devices from hostile modification by attackers, seemed to be on track for inclusion into the mainline kernel during the current merge window when the patch set was posted at the beginning of November. Indeed, it wasn't until mid-December that some other developers started to raise objections. The resulting conversation has revealed a deep difference of opinion regarding what makes a good filesystem-related API and may have implications for how similar features are implemented in the future.
  The core idea behind fs-verity is the use of a Merkle tree to record a hash value associated with every block in a file. Whenever data from a protected file is read, the kernel first verifies the relevant block(s) against the hashes, and only allows the operation to proceed if there is a match. An attacker may find a way to change a critical file, but there is no way to change the Merkle tree after its creation, so any changes made would be immediately detected. In this way, it is hoped, Android systems can be protected against certain kinds of persistent malware attacks.

  There is no opposition to the idea of adding functionality to the kernel to detect hostile modifications to files. It turns out, though, there there is indeed some opposition to how this functionality has been implemented in the current patch set. See the above-linked article and this documentation patch for details of how fs-verity is meant to work. In short, user space is responsible for the creation of the Merkle tree, which must be surrounded by header structures and carefully placed at the beginning of a block after the end of the file data. An ioctl() call tells the kernel that fs-verity is to be invoked on the file; after that, the location of the end of the file (from a user-space point of view) is changed to hide the Merkle tree from user space, and the file itself becomes read-only.

• Pressure stall monitors

  One of the useful features added during the 4.20 development cycle was the availability of pressure-stall information, which provides visibility into how resource-constrained the system is. Interest in using this information has spread beyond the data-center environment where it was first implemented, but it turns out that there some shortcomings in the current interface that affect other use cases. Suren Baghdasaryan has posted a patch set aimed at making pressure-stall information more useful for the Android use case — and, most likely, for many other use cases as well.

GNOME Software, the app used for installing, updating, and removing software from your GNOME-based GNU/Linux operating system, will get a major revamp in functionality for the upcoming GNOME 3.32 desktop environment.
A new development snapshot of GNOME Software 3.32 landed this week with lots of improvements for the Flatpak universal package format, allowing new permissions for Flatpak updates and displaying permissions for installed Flatpak apps. GNOME Software also now shows correct version numbers for installed Flatpaks.

The update mechanism for Flatpak apps was switched to use a single transaction, allowing the GNOME developers to share more code with the flatpak command-line utility, and it looks like GNOME Software 3.32 will offer better support for installing Flatpak repository files, also known as flatpakref, and for Flatpak plugins.

Fedora has been working on transitioning to Zchunk for its DNF metadata due to its good compression ratio while being delta-friendly and leveraging the existing work of Zstandard and Zsync/casync. The metadata has been offered in Zchunk for some weeks while more client testing is needed before landing that support in Rawhide and in turn for Fedora 30.

The goal of this Zchunk metadata for Fedora is to speed-up DNF operations by needing to download less metadata. While the server bits are in place, additional client testing is desired before landing the updated packages in Fedora Rawhide where it will affect all users on this development build of Fedora ahead of the Fedora 30 release due out in the spring.

Also: NOTICE: Epylog has been retired for Fedora Rawhide/30