The Linux 4.19 kernel brought the ability to disallow the opening of FIFOs and regular files not owned by the user in world-writable sticky directories in the name of security. Had this ability been around previously it could have prevented a number of CVEs going back a long time. In helping ensure this functionality gets utilized, Systemd 241 will now set these sysctl options to enable the behavior by default.

The restricted O_CREAT of FIFOs and regular files is not enforced by the kernel by default as it could be considered a breaking change but with systemd 241+ it sets the fs.protected_regular and fs.protected_fifos sysctls to enabled for having said functionality, similar to systemd's enforcing of hardlink/symlink protection. This protection is for avoiding unintentional writes to an attacker-controlled FIFO or regular file. That Linux 4.19 kernel commit notes at least a handful of security vulnerabilities that could have been prevented by this functionality with those CVEs going back to at least the year 2000.

• mintCast 300.1 interview 1 Charles

• The Linux Link Tech Show Episode 792

• FLOSS Weekly 514: Tari

  Tari is a new open source, decentralized protocol that reimagines the future of digital assets. The platform allows anyone to program complex rules for digital assets and trust that they will be enforced.

We just landed the largest refactor to Builder since it’s inception. Somewhere around 100,000 lines of code where touched which is substantial for a single development cycle. I wrote a few tools to help us do that work, because that’s really the only way to do such a large refactor.

Not only does the refactor make things easier for us to maintain but it will make things easier for contributors to write new plugins. In a future blog post I’ll cover some of the new design that makes it possible.

Let’s take a look at some of the changes in Builder for 3.32 as users will see them.

The Android-x86 Project announced the general availability of the Android-x86 8.1-r1 stable release, a GNU/Linux distribution that lets you run Google's Android mobile operating system on your PC.
After entering development last year in June, the Android-x86 8.1 release, which is based on the latest Android 8.1 Oreo mobile operating system, saw two RC (Release Candidate) builds that allowed testers to try the upcoming OS on their PCs. Three months after the last RC build, the Android-x86 8.1 release is now finally stable and ready for mass adoption.

Software rendering is also possible on unsupported GPU devices with OpenGL ES 2.0 support via SwiftShader, and Android-x86 8.1 also comes with support for hardware accelerated codecs on devices powered by Intel HD and Intel G45 graphics cards series. For newer Intel and AMD GPUs, this release adds experimental Vulkan support available via Advanced options on the boot menu.

Also: The 15-minute Chromebook tune-up

• GPL Cooperation Commitment: Promise of Collaborative Interpretation [Ed: IP Kat perpetuates the Microsoft-connected (and funded) lie that GPL "popularity has dropped dramatically during the past decade," citing Jono Bacon and Microsoft-funded 'analysts', proxies like Black Duck. To this date, in light of the GitHub takeover, Microsoft managers are badmouthing the GPL and many anti-GPL 'studies' are based on this Microsoft site alone.]

  GNU General Public Licence version 2 (GPLv2) was written in the early nineties to ensure compliant distribution of copyleft-licensed software. Even though its popularity has dropped dramatically during the past decade, it nevertheless continues to be one of the most widely used and important open source licences.

  Notedly, GPLv2 was drafted by non-legal free (as in “free speech,” not as in “free beer”) software enthusiasts and yet it has necessitated legal interpretation and application in accordance with IP and contract law principles. For nearly two decades, compliance and enforceability of the licence by its users has had to deal with ambiguity and uncertainty with respect to its terms.

• HMD releases source code for Nokia 8 Sirocco

  HMD has released the source code for Nokia 8 Sirocco and it is now available for download on the official Nokia website.

• SUSECON: The Best Open Source Conference Value in the World!

• Richard Stallman to speak at MSU-Bozeman

• 2019 Linux Foundation events include ELC shows in San Diego and Lyon

  The Linux Foundation announced its 2019 schedule of events, including new events about Ceph and gRPC. The Embedded Linux Conference will co-locate with the Open Source Summit in San Diego on Aug. 21-23.

  Now’s the time to schedule your plans for Linux events, most of which occur under the umbrella of the Linux Foundation. The LF has revealed its 2019 calendar for conferences, including two new events: Cephalocon, which will explore the world of the Ceph storage standard and gRPC Conf, which covers gPRC Remote Procedure Call technology. In 2018, Linux Foundation events attracted more than 32,000 attendees from more than 11,000 organizations across 113 countries. The LF expects 35,000 participants in 2019.

• Oracle Patches 284 Vulnerabilities in January Critical Patch Update

  Oracle released its first Critical Patch Update for 2019 on Jan. 15, providing patches for 284 vulnerabilities.

  The January 2019 CPU addresses security vulnerabilities found across the Oracle software portfolio, including ones affecting database, middleware, Java, PeopleSoft, Siebel and E-Business Suite applications. Thirty-three of the vulnerabilities are identified as being critical with a Common Vulnerabilities Scoring System (CVSS) score of 9.0 or higher. CVSS is a standardized method for helping organizations understand the impact and severity of software vulnerabilities.

• Microsoft Rolls Out New Updates for Different Versions of Windows 10, Includes Small Bug Fixes

  Just a week ago, Microsoft released its Patch Tuesday updates for all the supported versions of Windows 10. And now, the company has come up with new updates for Windows 10 versions 1709, 1803, and 1703. The cumulative updates released by the company do not include any security patches but has quite a few changes that have been rolled out. Here are the updates that Microsoft has rolled for the three versions of Windows 10.

• Only XRP Private Keys That Used Software From Before August 2015 Are Vulnerable

  Ripple (XRP) software libraries published before August 2015 potentially rendered private keys which signed multiple transactions vulnerable, Ripple announced in a statement released on Jan 16.

  Recent research jointly conducted by the DFINITY Foundation and the University of California revealed that a portion of Bitcoin (BTC), Ethereum (ETH) and Ripple addresses are vulnerable.

  As is known among cryptographers, the security of Elliptic Curve Digital Signature Algorithms (ECDAs) employed by the aforementioned cryptocurrencies is highly dependent on random data, which are known as nonces. The research further explains:

• Valve put out a new Steam beta client, plenty of Linux fixes and no more Steam Play zero-byte downloads

  Valve have put out their second beta update to the Steam client this year and this is actually a rather nice one.

  Firstly, the big annoyance of Steam Play titles always having a zero-byte download when you first load the Steam client has been solved. It will still do it once but when you update them again now, it won't happen again (confirmed that myself). While in reality it was a really minor issue, it was damn annoying so it's great to see it fixed.

  On top of that, Steam now supports ipv6 for "connections to download servers", DPI and screen size changes bugs were fixed, a new force quit option in the normal Steam Overlay if a game is frozen but the overlay still works that will be handy.

• Steam Client Beta Updated With Many Linux Fixes, Vulkan Caching Updates

  Valve has just released their biggest Steam client beta update of the year so far for Linux gamers.

• gVisor: Building and Battle Testing a Userspace OS in Go

  Adin Scannell talks about gVisor - a container runtime that implements the Linux kernel API in userspace using Go. He talks about the architectural challenges associated with userspace kernels, the positive and negative experiences with Go as an implementation language, and finally, how to ensure API coverage and compatibility.

• Rust bindings for GStreamerGL: Memoirs

  Rust is a great programming language but the community around it’s just amazing. Those are the ingredients for the craft of useful software tools, just like Servo, an experimental browser engine designed for tasks isolation and high parallelization.

  Both projects, Rust and Servo, are funded by ">">Mozilla.

  Thanks to Mozilla and Igalia I have the opportunity to work on Servo, adding it HTML5 multimedia features.

  First, with the help of Fernando Jiménez, we finished what my colleague Philippe Normand and Sebastian Dröge (one of my programming heroes) started: a media player in Rust designed to be integrated in Servo. This media player lives in its own crate: servo/media along with the WebAudio engine. A crate, in Rust jargon, is like a library. This crate is (very ad-hocly) designed to be multimedia framework agnostic, but the only backend right now is for GStreamer. Later we integrated it into Servo adding an initial support for audio and video tags.

  Currently, servo/media passes, through a IPC channel, the array with the whole frame to render in Servo. This implies, at least, one copy of the frame in memory, and we would like to avoid it.

  For painting and compositing the web content, Servo uses WebRender, a crate designed to use the GPU intensively. Thus, if instead of raw frame data we pass OpenGL textures to WebRender the performance could be enhanced notoriously.

• proc-macro-rules

• Analyzing Robinhood trade history

• Leveraging OpenShift or Kubernetes for automated performance tests (part 3)

  This is the third of a series of three articles based on a session I held at EMEA Red Hat Tech Exchange. In the first article, I presented the rationale and approach for leveraging Red Hat OpenShift or Kubernetes for automated performance testing, and I gave an overview of the setup. In the second article, we looked at building an observability stack. In this third part, we will see how the execution of the performance tests can be automated and related metrics gathered.

• Ansible vs. Puppet: Declarative DevOps tools square off

  DevOps aims to drive collaboration between development and operations teams, but software quality drives DevOps adoption more than any other factor. As this comparison of Ansible vs. Puppet shows, software quality dramatically influences DevOps tools.

  Software quality tends to be an organizational goal or a staff function, not the dominion of a dedicated group with broad responsibility to implement its decisions. Effective software quality efforts involve everyone from development to production users to ensure real value.

• An Introduction to the Machine Learning Platform as a Service

  Machine-Learning-Platform-as-a-Service (ML PaaS) is one of the fastest growing services in the public cloud. It delivers efficient lifecycle management of machine learning models.

  At a high level, there are three phases involved in training and deploying a machine learning model. These phases remain the same from classic ML models to advanced models built using sophisticated neural network architecture.

• SUSE Partners with Intel and SAP to Accelerate IT Transformation with Persistent Memory in the Data Center

  SUSE Linux Enterprise Server for SAP Applications is the FIRST enterprise Linux optimized for Intel® Optane™ DC persistent memory with SAP HANA® workloads.

• Generations of GeForce GPUs in Ubuntu

  If you are running an Ubuntu system with an older GPU and are curious about upgrading but unsure if it is worth it, Phoronix has a great review for you. Whether you are gaming with OpenGL and Vulkan, or curious about the changes in OpenCL/CUDA compute performance they have you covered. They even delve into the power efficiency numbers so you can spec out the operating costs of a large deployment, if you happen to have the budget to consider buying RTX 2060's in bulk.

• Intel To Eventually Explore Offering A Graphics Control Panel For Linux Systems

  Intel's Linux graphics driver stack has never offered its own vendor-specific driver control panel GUI like is common among all major graphics vendors on Windows, but instead they've opted for the command-line experience and making use of common interfaces with what's offered by the different desktop environments for resolution handling, multi-monitor setup, etc. But moving forward they may end up bringing a new graphics driver control panel to Linux.

• Mesa 19.0 Deprecates GNU Autotools Build System In Favor Of Meson

  Last month was a proposed patch that would have killed the Autotools build system within Mesa. Developers have decided for the upcoming Mesa 19.0 release not to eliminate this GNU Autotools support but rather to mark it as deprecated and require an extra flag in order to make use of it.

  Hitting Mesa Git master today was the patch deprecating Autotools support within Mesa in favor of the Meson build system. It hasn't been determined when the Autotools scripts will be removed themselves, but for now if wanting to enable the support you need to pass --enable-autotools to acknowledge the fact that it's been deprecated.

I keep starting articles but not finishing them. However, after responding to some correspondence recently, where I got into a minor rant about a particular topic, I thought about starting this article and more or less airing the rant for a wider audience. I don’t intend to be negative here, so even if this sounds like me having a moan about how things are, I really do want to see positive and constructive things happen to remedy what I see as deficiencies in the way people go about promoting and supporting Free Software.
The original topic of the correspondence was my brother’s article about submitting “apps” to F-Droid, the Free Software application repository for Android, which somehow got misattributed to me in the FSFE newsletter. As anyone who knows both of us can imagine, it is not particularly unusual that people mix us up, but it does still surprise me how people can be fluid about other people’s names and assume that two people with the same family name are the same person.
Eventually, the correction was made, for which I am grateful, and it must be said that I do also appreciate the effort that goes into writing the newsletter. Having previously had the task of doing some of the Fellowship interviews, I know that such things require more work than people might think, largely go either unnoticed or unremarked, and as a participant in the process it can be easy to wonder afterwards if it was worth the bother. I do actually follow the FSFE Planet and the discussion mailing list, so I’d like to think that I keep up with what other people do, but the newsletter must have some value to those who don’t want to follow a range of channels.

• Bash Shell Utility Reaches 5.0 Milestone

  As we look forward to the release of Linux Kernel 5.0 in the coming weeks, we can enjoy another venerable open source technology reaching the 5.0 milestone: the Bash shell utility. The GNU Project has launched the public version 5.0 of GNU/Linux’s default command language interpreter. Bash 5.0 adds new shell variables and other features and also repairs several major bugs.

  New shell variables in Bash 5.0 include BASH_ARGV0, which “expands to $0 and sets $0 on assignment,” says the project. The EPOCHSECONDS variable expands to the time in seconds since the Unix epoch, and EPOCHREALTIME does the same, but with microsecond granularity.

  New features include a “history -d” built-in function that can remove ranges of history entries and understands negative arguments as offsets from the end of the history list. There is also a new option called “localvar_inherit” that allows local variables to inherit the value of a variable with the same name at the nearest preceding scope.

• Announce: Entangle “Sodium“ release 2.0 – an app for tethered camera control & capture

  I am pleased to announce a new release 2.0 of Entangle is available for download from the usual location...

• Entangle 2.0 Released For Taking Control Of Your DSLR Camera From A Linux PC

  Entangle is the long-standing open-source software that allows you to control DSLR cameras from Linux. With various Nikon and Canon DSLRs, among others, it's possible to view a live preview, automatically download images, and snap pictures all over the USB connection to the camera. 

  It's been a while since last hearing of Entangle but today marks the Entangle 2.0 "Sodium" release.

• Notepad++ Snap App Review

  Notepad++ is a lightweight and popular programmer's text editor, originally developed for MS Windows Operating System, and now available on Snap Store for Linux users.

  The program is developed using C++, hence, the name Notepad++. Its official website claims to save more CO2 emission by utilizing fewer resources and CPU. Nonetheless, Notepad++ comes equipped with many useful features like syntax highlighting, buffer restoring, automatic code indentation, etc.

• How to Install Nagios 4 on Ubuntu 18.04 for Server Monitoring

• How To Install and Configure Redmine on CentOS 7

• Updating Micron 1100 Series SSD firmware on Linux

• Data Types & Data Modelling In MySQL - MySQL Series Part 2

• A Solution for Authoritative DNS

• Backing up and restoring your Linux install with Timeshift

• MuseScore 3.0.1 Released with Redesigned New Score Wizard

  Free Scorewriter MuseScore released version 3.0.1 yesterday with some improvements and numerous bug-fixes.

  MuseScore 3.0.1 redesigned New Score Wizard for easy searching templates, better score previews, and accessibility improvements for blind users. The new release also features better import of 2.X scores, better automatic placement of hairpins and dynamics, and reworked Mixer UI.

• MuseScore 3.0.1 Release

  Today we are pleased to release MuseScore 3.0.1. This is the first in what we intend to be a regular series of updates to MuseScore 3, the ground-breaking version of the world’s most popular music notation software.

• Microsoft Updates Skype for Windows and Linux with Blurred Background Feature

• Fedora 29-20190115 updated Live isos released

• What Are Various Debian Installation Discs

  Ever got confused by the amount of disc made available for downloading on Debian servers? Worry not, if this is your approach looking around the Internet for an explanation why and what are those various discs for installing Debian on your beloved computer, you are at the right place. I'll try to be quick and concise so you can get on with Debian installation within 2 minutes read

• Arm Posts Initial Ares CPU Tuning Support For GCC, Helps SPEC Performance By ~1%

  Arm continues plumbing the open-source GNU compiler toolchain support for their next-generation "Ares" high-performance server/HPC core. 

  Back in November they presented the initial Ares compiler patches for GCC. Those patches presented Ares as an ARMv8-based design that has statistical profiling, dot product, and FP16 extensions by default. We've also seen other Ares toolchain patches by Arm developers like the recent GNU Assembler support.

• ANAVI Thermometer open source temp and humidity sensor board

  Anavi Technology has this month launched a new product via the Crowd Supply in the form of the ANAVI Thermometer, an ESP8266-powered, open source, wireless dev board equipped with temperature and humidity sensors. The Anavi Thermometer Development board is fully compatible with the Arduino IDE, PlatformIO, and Home Assistant via the MQTT messaging protocol. Watch the demonstration video below to learn more about the open source dev board and its features.

  The development team behind the ANAVI Thermometer explain more about its hardware and specifications:

• MAAS 2.5 : Growing the ecosystem and support for KVM micro-clouds

  Our latest release makes for a very exciting point in the MAAS evolution. As datacenter (DC) infrastructure grows at unparalleled scale fueled by new applications and services such as connected autonomous cars, augmented/virtual reality (AR/VR) and IoT, the need for automated bare metal provisioning has never been more important. Multi-access edge computing and the ongoing shift to 5G will continue to drive cloud architectures ranging from small clusters deployed at actual radio towers all the way to thousands of nodes running in core data centres.

  The agility and speed of discovering, allocating and also repurposing bare-metal servers will be crucial to new services and an automated physical infrastructure lifecycle management. MAAS 2.5 brings new capabilities and improvements to how this can be achieved in a repeatable and reliable way.

• Container Storage Interface (CSI) for Kubernetes GA

  The Kubernetes implementation of the Container Storage Interface (CSI) has been promoted to GA in the Kubernetes v1.13 release. Support for CSI was introduced as alpha in Kubernetes v1.9 release, and promoted to beta in the Kubernetes v1.10 release.

  The GA milestone indicates that Kubernetes users may depend on the feature and its API without fear of backwards incompatible changes in future causing regressions. GA features are protected by the Kubernetes deprecation policy.

• Happy Birthday, Chef!

  With Chef, you can automate the way your infrastructure is configured, deployed, and managed. When you’re operating with a single machine, configuration management can be fairly simple. But what happens when your organization scales up? That’s where Chef comes in and saves the day — and a whole lot more.

  Chef ensures your configurations are standardized and continuously enforced in every environment and at any scale. It allows your infrastructure configurations to be testable, portable, and auditable, saving your organization time and monetary resources. You could say Chef is a superhero with all the saving it does.

• Community collaboration makes for some great OpenStack solutions

  If you follow the evolution of OpenStack, you know how it’s finding its way into all sorts of workloads, from high-level research to car manufacturing to all-new 5G networks. Organizations are using it for everything from the mundane to the sublime and sharing what they’re learning with the OpenStack community.

  Some of the examples offered up at the recent OpenStack Summit Berlin showed that OpenStack is a full-fledged part of the IT mainstream, which means there are a wealth of ideas out there for your own implementation.

• Khronos Exploring New Industry Standard For Heterogeneous Communications

  From VR to autonomous vehicles to edge computing, The Khronos Group continues working on new industry standards for today's expanding compute landscape. Today the organization announced they are soliciting industry feedback and creating an exploratory group for a new, open industry standard around High Performance Embedded Computing (HPEC).

• Broadcom's V3D Gallium Driver Picks Up New Features Ahead Of Mesa 19.0

  Lead VC4/V3D driver developer Eric Anholt of Broadcom has landed a batch of improvements to the next-generation V3D driver in Mesa 19.0.

  The latest round of work that was merged on Monday evening include SSBO / atomic counters support, support for the ARB_framebuffer_no_attachments OpenGL extension, support for more compute shader intrinsics, and other items.

• AMDGPU Changes Begin Queueing Ahead Of Linux 5.1 Kernel Cycle

  The drm-next-5.1-wip branch has been created by open-source AMD developers as they begin vetting the changes they plan to submit to DRM-Next for inclusion in the Linux 5.1 kernel cycle when it kicks off around the start of March.

  With it just being over one week since the Linux 5.0 merge window ended and with this branch having just been setup the other day, there are just over 100 changes so far in this proving grounds for Linux 5.1 AMDGPU though nothing really dramatic.

• Android OEMs Shamed by Devs Fed up with App-Breaking Features

• Navigation Editor Highlights Android Studio 3.3 Update

• Android Studio 3.5 Canary adds “Apply Changes,” an Instant Run replacement

• Huawei pushes Android Pie-based EMUI 9 update to P20 Pro, Nova 3

• Huawei MediaPad M5 Pro Android Pie tablet surfaces on Geekbench

• Samsung Galaxy A40 spotted on Geekbench with Android Pie onboard, Exynos 7885 and 4 GB RAM in tow

• Android Pie-based EMUI 9.0 to be rolled out to 150 million users by 2019

• What are you hoping to see in Android Q?

• Stable version of Android x86 8.1 Oreo now available

• Lenovo reportedly close to releasing new Motorola RAZR with folding display for $1,500

• Hands-on: Elegant bucket list app 'Soon' launches on Android

• The best add-on lenses for iPhone and Android phones in 2019

• How to build an API for a machine learning model in 5 minutes using Flask

  As a data scientist consultant, I want to make impact with my machine learning models. However, this is easier said than done. When starting a new project, it starts with playing around with the data in a Jupyter notebook. Once you’ve got a full understanding of what data you’re dealing with and have aligned with the client on what steps to take, one of the outcomes can be to create a predictive model.

  You get excited and go back to your notebook to make the best model possible. The model and the results are presented and everyone is happy. The client wants to run the model in their infrastructure to test if they can really create the expected impact. Also, when people can use the model, you get the input necessary to improve it step by step. But how can we quickly do this, given that the client has some complicated infrastructure that you might not be familiar with?

• What is Small Scale Scrum?

  Agile is fast becoming a mainstream way industries act, behave, and work as they look to improve efficiency, minimize costs, and empower staff. Most software developers naturally think, act, and work this way, and alignment towards agile software methodologies has gathered pace in recent years.

  VersionOne’s 2018 State of Agile report shows that scrum and its variants remain the most popular implementation of agile. This is in part due to changes made to the Scrum Guide’s wording in recent years that make it more amenable to non-software industries.

• This Week in Rust 269

• Async IO in Python: A Complete Walkthrough

  Async IO is a concurrent programming design that has received dedicated support in Python, evolving rapidly from Python 3.4 through 3.7, and probably beyond.

  You may be thinking with dread, “Concurrency, parallelism, threading, multiprocessing. That’s a lot to grasp already. Where does async IO fit in?”

  This tutorial is built to help you answer that question, giving you a firmer grasp of Python’s approach to async IO.

• Security updates for Wednesday

• Reproducible Builds: Weekly report #194

  Here’s what happened in the Reproducible Builds effort between Sunday January 6 and Saturday January 12 2019...

• ES File Explorer Has A Hidden Web Server; Data Of 500 Million Users At Risk

• The Evil-Twin Framework: A tool for testing WiFi security

  The increasing number of devices that connect over-the-air to the internet over-the-air and the wide availability of WiFi access points provide many opportunities for attackers to exploit users. By tricking users to connect to rogue access points, hackers gain full control over the users' network connection, which allows them to sniff and alter traffic, redirect users to malicious sites, and launch other attacks over the network..

  To protect users and teach them to avoid risky online behaviors, security auditors and researchers must evaluate users' security practices and understand the reasons they connect to WiFi access points without being confident they are safe. There are a significant number of tools that can conduct WiFi audits, but no single tool can test the many different attack scenarios and none of the tools integrate well with one another.

  The Evil-Twin Framework (ETF) aims to fix these problems in the WiFi auditing process by enabling auditors to examine multiple scenarios and integrate multiple tools. This article describes the framework and its functionalities, then provides some examples to show how it can be used.

• KDE Plasma5 – Jan ’19 release for Slackware

  Here is your monthly refresh for the best Desktop Environment you will find for Linux. I just uploaded “KDE-5_19.01” to the ‘ktown‘ repository. As always, these packages are meant to be installed on a Slackware-current which has had its KDE4 removed first. These packages will not work on Slackware 14.2.

  It looks like Slackware is not going to be blessed with Plasma5 any time soon, so I will no longer put an artificial limitation on the dependencies I think are required for a solid Plasma5 desktop experience. If Pat ever decides that Plasma5 has a place in the Slackware distro, he will have to make a judgement call on what KDE functionality can stay and what needs to go.