• Public Money? Public Code! - Join the FSFE Campaign

  Public institutions spend millions of Euros every year for the development of new software that is specifically tailored to their needs.

  Unfortunately, most of this software is closed source.

  This means that your tax money is being used to pay for software that cannot be modified or even studied. Most public institutions pay to develop programs that they do not or cannot release to the public. When other institutions need to solve similar problems, they have to develop the same software again. And each time the public - including you - has to foot the bill.

• Google's Fuchsia OS Magenta Becomes Zircon

  For those looking to follow the development of Google's Fuchsia operating system that is written from scratch, it's low-level Magenta core has been renamed to Zircon.

  As a reminder, Fuchsia is a (non-Linux) real-time operating system developed by Google that has been under much public speculation since its code began appearing last year. Fuchsia uses a micro-kernel design with it being called Magenta.

• How to become a data scientist

  Once upon a time, I wanted to be an evolutionary biologist. To make a long story short, I had a change of heart and dropped out of my PhD program to pursue a career in computer science. I'm now a senior software engineer at Red Hat, where I work on a variety of machine learning and data science projects (you can read more about my journey on my blog). Not long after joining Red Hat, many people—including three different University of Chicago grad students—asked me about transitioning to a career in data science, so I started looking into it.

• Mozilla Announces 15 New Fellows for Science, Advocacy, and Media

  Today, Mozilla is announcing 15 new Fellows in the realms of science, advocacy, and media.

  Fellows hail from Mexico, Bosnia & Herzegovina, Uganda, the United States, and beyond. They are multimedia artists and policy analysts, security researchers and ethical hackers.

  Over the next several months, Fellows will put their diverse abilities to work making the Internet a healthier place. Among their many projects are initiatives to make biomedical research more open; uncover technical solutions to online harassment; teach privacy and security fundamentals to patrons at public libraries; and curtail mass surveillance within Latin American countries.

• Oracle prepares to spin off Java EE to Eclipse Foundation

  Oracle is continuing to free up Java Enterprise Edition (EE), Java's enterprise middleware platform, from its once iron-grip. In a blog post, Oracle Software Evangelist David Delabassee said, "After careful review, we have selected the Eclipse Foundation."

  Oracle has recently admitted that "although Java EE is developed in open source with the participation of the Java EE community, often the process is not seen as being agile, flexible, or open enough, particularly when compared to other open-source communities. We'd like to do better."

• VCV Rack is an open-source virtual modular synth you can download for free

• VMware Charges Into OpenStack VIM Market

• Seeking investment, Alaska goes open source with oil & gas data

  Under this program, the state released its first two data sets in 2016.  One set included a 3-D seismic survey from the North Slope that covered a huge chunk of ground near Prudhoe Bay. And the state saw a burst of activity, requests from university researchers, companies, and contractors.

  And even getting the data that is open to the public is still vaguely super-spy-ish. Acting Deputy Commissioner of the Department of Natural Resources Steve Masterman says they ask people to provide a brand new hard drive, still in the wrapper.

• Eat or be eaten in Tooth and Tail, a new strategy game with day-1 Linux support, my thoughts

  As a big fan of real-time strategy games, I couldn’t pass up checking out Tooth and Tail [Official Site, Steam] from Pocketwatch Games.

• Exciting looking customizable top-down shooter 'JYDGE' will be a day-1 Linux release

  JYDGE [Steam, Official Site] looks like the nuts top-down shooter I've seen for a while and the great news is that it's arriving on Linux in October.

• Knightfall, a reduced vision action RPG now has Linux support, developed live on Twitch

• Want to play 'Duck Game' on Linux? Well, it's possible thanks to XnaToFna

  Duck Game [Official Site] is a popular action game that's a little insane and it's actually possible to run it on Linux, thanks to developer "0x0ade".

• The Infectious Madness of Doctor Dekker is now officially available for Linux

  The Infectious Madness of Doctor Dekker [Steam, Official Site], a Full Motion Video game about solving murder whilst dealing with the unusual patients of the recently deceased Doctor Dekker.

• GNOME 3.26 "Manchester" Desktop Environment Debuts Officially, Here's What's New

  After six months of hard work, the GNOME Project's development team was proud to announce today, September 13, 2017, the immediate release and general availability of the GNOME 3.26 desktop environment.

  Dubbed "Manchester," after the city where the annual GUADEC (GNOME Users And Developers European Conference) developer conference took place this year, the GNOME 3.26 desktop environment packs many enhancements for the apps and core components included in the GNOME Stack, along with new features.

  This year, on August 15, the GNOME Project celebrated its 20th anniversary, and we couldn't be happier to be using GNOME as our main desktop environment. The biggest new features of the GNOME 3.26 release are support for emoji, Flatpak improvements, as well as a brand-new Control Center that's now called simply "Settings."

• GNOME 3.26 Released

  The GNOME Project is excited to announce the release of version 3.26, the latest version of GNOME 3. The new version is the result of six months’ hard work by the GNOME community, and comes packed with improvements and new features. Announcing the release, Matthias Clasen of the GNOME Release Team, said “We are happy and proud to announce GNOME 3.26, the latest major release of GNOME, “Manchester”, just a few weeks after we celebrated the 20th birthday of GNOME at GUADEC. As always, the GNOME community did a great job in delivering exciting features, completing translations, and refining the user experience. Thanks!”

• GNOME 3.26 Released

  GNOME 3.26 "Manchester" has been officially released.

  Matthias Clasen announced a few minutes ago on the mailing list, "This release brings refinements to the system search, animations for maximizing and unmaximizing windows and support for color Emoji. Improvements to core GNOME applications include a redesigned Settings application, a new display settings panel, Firefox sync in the Web browser, and many more."

• Introducing GNOME 3.26: “Manchester”

  GNOME 3.26 is the latest version of GNOME 3, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, as well as many smaller improvements and bug fixes. In total, the release incorporates 24105 changes, made by approximately 778 contributors.

  3.26 has been named “Manchester” in recognition of this year’s GUADEC organizing team. GUADEC is GNOME’s primary annual conference and is only possible due to the amazing work of local volunteers. This year’s event was held in Manchester, UK, and was a big success. Thank you Team Manchester!

• Blender 2.79 Released

  These are the release notes for Blender 2.79, released September 12th, 2017.

• Blender 2.79 Now Available With Much Faster Radeon OpenCL

  Today marks the long-awaited debut of the Blender 2.79 3D modeling software release. Especially for those using OpenCL acceleration, Blender 2.79 is quite an exciting update.

  Exciting us the most about Blender 2.79 is better OpenCL support and much greater performance. The performance improvements in Blender 2.79 aren't limited to OpenCL (or CUDA) but include greater performance on the CPU too thanks to continued AVX optimizations as well as continued multi-threading work. On the CPU side there can be 10~20% speed-ups while for some situations on OpenCL are now as much as 50% faster.

• Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol

  The Dlink 850L is a router overall badly designed with a lot of vulnerabilities.

  Basically, everything was pwned, from the LAN to the WAN. Even the custom MyDlink cloud protocol was abused.

• House Dems demand answers from Equifax CEO

  All 24 minority members of the committee signed a letter to the Equifax executive, Richard Smith, calling on him to come forward with more information about his handling of the crisis.

• Chatbot lets you sue Equifax for up to $25,000 without a lawyer

  Even if you want to be part of the class action lawsuit against Equifax, you can still sue Equifax for negligence in small claims court using the DoNotPay bot and demand maximum damages. Maximum damages range between $2,500 in states like Rhode Island and Kentucky to $25,000 in Tennessee.

• Bluetooth flaws leave billions of devices open to attacks

  Researchers at IoT security firm Armis say they have found eight flaws in the Bluetooth protocol that can be used to attack devices running Android, iOS, Linux and Windows.

• Bluetooth Vulnerability BlueBorne Impacts Android, iOS, Windows, and Linux Devices

  The BlueBorne attack doesn’t even require the victim to tap or click on any malicious links. If your device has Bluetooth and is on then it is possible for an attacker to take complete control of it from 32 feet away. This even works without the attacker pairing anything to the victim’s device and the target device doesn’t need to be set to discoverable mode either. The team at Armis Labs have identified eight zero-day vulnerabilities so far and believes many more are waiting to be discovered.

• ​Linus Torvalds on Linux, life, and bathrobes

  Steve Jobs was never seen without his trademark black mock turtleneck, blue jeans, and New Balance sneakers. It's been said Bill Gates, the world's richest man, dresses like your high-school math teacher. But Linus Torvalds, creator of Linux, likes to be comfortable in his home office, so he spends his workdays in his bathrobe. Life is good when you're the world's most influential developer.

  At The Linux Foundation's Open Source Summit in Los Angeles, Jim Zemlin, executive director of the Foundation, interviewed Torvalds in front of a packed audience. Zemlin asked how Torvalds felt about his fame. Torvalds replied he doesn't really think about it, but "I'm happy I did something meaningful. Everyone wants to do something that matters."

• RISC-V Eyeing Mainline In Time For The Linux 4.15 Kernel

  RISC-V developers have been preparing their kernel port for the mainline Linux tree while it's looking like for Linux 4.15 that goal may finally be realized.

  RISC-V developers have spent months getting their code into shape so it could be accepted to the mainline Linux kernel for this open-source, royalty-free CPU instruction set architecture. They have missed out on past merge windows, realize it's too late now for Linux 4.14, and are focusing on being ready come Linux 4.15.

• Amazon’s Infamous Patent is Dead and the World’s Richest Man Failed to Fulfill His Promise on Software Patents
• EPO Gets Together With Patent Radicals to Promote Software Patents
• Patent Boxes Are for Tax Avoidance, But in the Land of Tax Avoidance (Switzerland) No Avoidance for Software Patents
• Latest Attempts to Blow Air Into the Sails of the Sinking Unitary Patent (UPC)
• Links 12/9/2017: Linux 4.13.1, digiKam 5.7.0

• Xiaomi Mi A1 with dual-camera setup and stock Android now available in India (Updated)

• On eve of iPhone X launch, Samsung CEO teases foldable phone

• Pedophile Probe Reveals Feds Can Easily Break Android Security

• New Bluetooth vulnerability can be exploited to silently hack Android phones

• Patch your Android or run Oreo, or you might OK your own pwnage

• Which Is Better, iPhone or Android? Let the Debate Rage

• Target's Sales Floors Are Switching From Apple to Android Devices

• Over 15% of all Android phones now run Nougat

The easiest way to keep track of your expenses and income is to use GnuCash. It's an accounting package that has a number of useful features for small businesses. There's even an Android app so you can work with your books on the go.

If you don't mind getting your hands dirty at the command line, you'll want to give Ledger a look. Ledger is a double-entry accounting app that also has several graphical frontends.

I can't think of any small business owner who doesn't want to get paid by customers and clients. To do that, you need to send invoices. Sure, you can create invoices in a word processor and print them off or email them as PDFs, but that makes the invoices hard to track. Instead, turn to a dedicated invoicing application.

• IBM Debuts LinuxONE Emperor II Mainframe at Open Source Summit

  IBM is one of the founding members of the Linux Foundation and has long used Linux Foundation events as the place to announce new Linux products and services. At the Open Source Summit here on Sept. 12, IBM announced a new Linux mainframe that will provide more power and security for container workloads.

  The new system is called the LinuxONE Emperor II and is the successor to the original Emperor system that IBM first announced at the LinuxCon 2015 event in Seattle.

• IBM Strengthens Linux Security on Mainframes

  IBM at an Open Source Summit North America conference today improved its case for deploying applications on an instance of Linux running on a mainframe. An update to the distribution of Linux that IBM makes available on mainframes, dubbed LinuxONE Emperor II, extends the IBM LinuxONE Secure Service Containers in a way that encrypts data by default in addition to making it impossible for anyone to tamper with an application.

• New IBM Linux-only Mainframe Delivers Breakthrough Security for Next-Gen Applications

• IBM refreshes Linux mainframes with security optimized for software containers

• IBM’s New Gen LinuxONE – Modernizing the Mainframe and Benefitting Customers

FWUL 2.0 comes with many under-the-hood improvements and features, but one major feature stands out among the rest – persistent mode. As mentioned previously, the operating system is made to be run as a live-USB OS, which usually means after rebooting your computer that any of your changes made in FWUL will not be saved. This is not a huge deal as the operating system is not really meant for general usage, but some, such as developers, may find themselves using FWUL more like a normal OS for many of their needs.

• Torrench: How To Search And Download Torrent Files Using Terminal (Linux, Mac, Windows)

  The torrent traffic comprises a major portion of the world’s internet traffic. With the rise of streaming services (many of them are free), people are adopting the subscription model with more frequency but it isn’t affecting the health of torrent ecosystem. However, one should note that torrenting isn’t limited to downloading illegal media. There are many legal torrent websites that host such content.

• Open Source Desktop Radio App Gradio Updated

  A new version of Gradio, a desktop radio app for Linux desktops, is available for download.

  A fairly sizeable update, Gradio 6.0 introduces a number of UI improvements, including a new sort menu, extended radio station search, and the ability to ‘edit’ station details.

  The app isn’t new of course. We’ve written about this GTK desktop radio player of times before but this release marks its first stable update in 2017.

• Netwrix Releases Free Add-ons for Privileged User Monitoring on Linux and Unix Systems and for Generic Linux Syslog

• Watermarking Images--from the Command Line

• Linux server build template (document)

• How To Upgrade Ubuntu With A Single Command

• Ubuntu 17.10 "Artful Aardvark" Preview Part 5: New System Settings!

  Now, Ubuntu Artful gets a new System Settings with a fully-new interface from GNOME 3.25. It's officially renamed to Settings and it got big changes. It's very amusing to read Georges Staracas' article (the developer of Settings) especially the fact that more than 30.000 lines of code changed since v3.20 by 15 contributors! This means when finally released, Ubuntu 17.10 will include Settings by default. Now let us see the quick look at Artful here. Enjoy!

• Ubuntu’s Suru Icon Theme Is Being Revived

  If you loved the look of the Unity 8 desktop as used in Canonical’s shelved Ubuntu phone and tablet project, I can guarantee you’re going to love the following icon set.

  Why? Because it is the Ubuntu phone and tablet icon set!

  Yup, even though Ubuntu Touch died and Canonical (painfully) let the majority of its design team go, the story isn’t yet done for the Suru icon theme.

• See What’s New in GNOME 3.26

  Today sees the release of GNOME 3.26 — and you’re probably wondering what new features are going to be on offer.

  [...]

  The GNOME desktop is made up of multiple parts. This includes the main user interface (called ‘GNOME Shell’) as well as core apps (like the file manager Nautilus), and ‘invisible’ background libraries and services that help glue everything together.

• M-CORD Project Continues to Lead Open Source Innovation for Next-Generation 5G Mobile Networks

  M-CORD, the leading open source platform for Carrier 5G Edge Network innovation, is today demonstrating a number of new, ground-breaking capabilities at Mobile World Congress Americas. Based on the CORD™Platform and hosted by the Open Networking Foundation (ONF), M-CORD is the leading platform for 5G innovation, addressing the needs of mobile operators by using cloud-native approaches to prototyping 5G innovations.

• Open Networking Foundation (ONF) Completes Metamorphosis to Focus on Open Source Solutions

• Intel Labs Contributes Mobile Core (vEPC) Reference Software to the CORD™ Project

• Need for speed unites open source and corporations for new serverless tech

  The open-source community used to thrive on rebellion against profitable proprietary corporations like Microsoft Corp. and others. All have since reconciled, and are now joining forces to fight common enemies holding back agile development.

  “Open source doesn’t have that enemy anymore. It’s the standard,” said John Furrier (@furrier) (pictured, right), co-host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio. “So the questions is what is going to motivate the organizations?”

• Evolving Government: Why government needs open-source deep learning

  Deep learning is cutting edge artificial intelligence. It’s what Google used to build AlphaGo, which beat the world champion of board game Go earlier this year in China. It’s what powers a lot of self-driving cars, by giving their machine vision human-level accuracy. And it’s being used by many of the world’s top tech companies as the basis for recommender systems, fraud detection and cybersecurity.

  [...]

  Open-source software is the bedrock of enterprise and government applications, from Linux through to Hadoop. The next layer to go open-source is AI, and that’s great news for government agencies. But open-source alone is insufficient: those agencies should make sure their tools till play well with others in the stack, so that they can march their AI solutions to the finish line. During our time in the government-focused startup accelerator, DCode42, the Skymind team learned firsthand the kind of partner and collaboration that agencies and departments require to adopt and implement new technology.

• Open Source Artificial Intelligence: 50 Top Projects

  For this list, we selected 50 of the most well-known of these open source artificial intelligence projects. They are organized into categories and then alphabetized within those categories. The lines between some of the categories can be fuzzy, so we used the project owners' descriptions of their applications to determine where to place the various tools.

• Symphony Software Foundation Launches Open Source Strategy Forum

  - Symphony Software Foundation (the Foundation), the nonprofit organization fostering innovation in financial services through open source software, will be hosting its inaugural Open Source Strategy Forum at the BNY Mellon Conference Center in New York on November 8, 2017. Registration is open today.

• Shakthi Kannan – the Free and Open Source Software ‘Shakthimaan’

      

  Our Techie Tuesdays of the week, Shakthi Kannan dons the hats of Free and Open Source Software (FOSS) advocate, documentation expert, and DevOps engineer with ease. 

  Impeccably attired, Shakthi Kannan was half an hour early for our meeting, which, in essence, describes the man – meticulous and a perfectionist.

• Security updates for Tuesday

• In wake of Equifax breach, Linux Foundation unveils open source CHAOSS

• Equifax Breach Potentially Triggered by Apache Struts Vulnerability

• Edward Snowden: NSA, FBI Were Aware Of DNC Hackers

• Snowden: Where's The NSA's Proof Russia Hacked DNC?

• Snowden: Russia 'Probably Did Hack' Dems, But Not Alone

• BlueBorne Bluetooth Flaws Put Billions of Devices at Risk

• Kernel Stack Protector and BlueBorne

  Today, a security issue was disclosed that had the potential to be the most serious Linux kernel security issue that Red Hat Product Security has dealt with in our 18 year history: BlueBorne. A flaw where a remote (but physically quite close) attacker could get root on a server, without an internet connection or authentication, just needing a system that has Bluetooth hardware installed and listening.

• New NSA Windows Hacking Tool Leaks

  Back in May, the WannaCry ransomware decimated millions of Windows PC around the world. Later, a similar worm – dubbed EternalRocks – compromised a load more Windows machines. Hacker group ShadowBrokers released WannaCry and EternalRocks – both stolen NSA hacking tools – promising more to come. Now, it seems ShadowBrokers are true to their word. The group unveiled a fresh NSA hacking tool: a Trojan known as UNITEDRAKE. UNITEDRAKE is able to compromise Windows systems from XP to Windows Server 2012, and pretty much every version in-between.

• Virginia (Again) Dumps Electronic Voting Devices Over Concerns About Election Interference

  It seems Virginia can't catch a break when it comes to voting. Trusting vendors to provide secure electronic voting devices just isn't paying off. Two years ago, Virginia pulled a bunch of voting machines after it was discovered they were leaky, insecure devices masquerading as something American voters could trust.

  The security wasn't just bad in the way many machines are -- frailties that can only be sussed out by security researchers and talented criminals. No, they were bad in the way your grandparents' Google Box is: "secured" with passwords like "abcde" or "admin," along with accessible DOS prompts and multiple open ports.

• Open Container Initiative reaches ‘great milestone,’ says Red Hat chief technologist

  After two years of work, the Open Container Initiative launched Version 1.0 for container runtime and image specifications in July. OCI’s foundation, formed by a number of container industry leaders, was tasked with the mission to create specifications that would support container portability across different operating systems and platforms. Red Hat Inc.’s chief technologist likes the specifications that he’s seen so far.

  “We had some initial code associated with those specifications as part of the OCI project and expectations that we’d get further adoptions from other parts of the ecosystem, and we’re seeing the evidence of that happening today,” said Chris Wright (pictured), vice president and chief technologist, Office of Technology, at Red Hat. “It’s a great milestone.”

• Red Hat Is Looking For Another Developer To Work On Open-Source AMD Graphics

  Red Hat is looking for another senior software engineer to join their Desktop Graphics Team where in particular they will be working on the open-source Radeon support, including Vulkan and comp

• University gets Nutanix for self-serve cloud to replace Red Hat

  The Nutanix cluster – which cost between £300,000 and £400,000 – replaces an existing infrastructure made up of numerous storage arrays and based around a Red Hat-supplied GlusterFS file system (covered by ComputerWeekly in 2013) that had become cumbersome and difficult to manage.

• Red Hat Inc (RHT) Mesa Adaptive MA Sitting Above FAMA

• Linus Torvalds On Fun, the Linux Kernel, and the Future

  Linus Torvalds, creator of the Linux kernel, took to the stage at Open Source Summit in Los Angeles. In this keynote presentation, Torvalds joined The Linux Foundation Executive Director Jim Zemlin in conversation about Linux kernel development and how to get young open source developers involved. Here are some highlights of their talk.

• Collabora & Linux Kernel 4.13

  Linux kernel 4.13 is out and - like in the 4.12 release - 12 Collabora developers contributed a total of 72 patches. In addition Collabora developers provided 25 Reviewed-by tags and 10 Tested-by tags. Furthermore 83 patches received a Signed-off-by tag from Collabora peoples. Again, general information about the merge window is available by LWN.net in form of the following articles: part 1 and part 2.

• A Quick EXT4 Run With Linux 4.14 Git

  After the Linux 4.14 merge window is over, I'll begin with a lot of fresh Linux kernel benchmarks from this in-development release. But I/O and EXT4 changes already have me running some preliminary tests.

  With EXT4 are some scalability improvements to note. The scalability improvements around allocating inodes may help in some workloads. I received a report of this patch on a consumer SSD helping out the Phoronix Test Suite's BlogBench. There's also been some talk of other performance changes to find in Linux 4.14.

• Core i9 7900X vs. Threadripper 1950X On Ubuntu 17.10, Antergos, Clear Linux

  While we have already compared the Threadripper 1950X to the current top-end Core i9 7900X processor, today we are taking things a step further with our Threadripper Linux benchmarks by doing a side-by-side showdown when each system is tested across three different Linux distributions.

  Here is a multi-way comparison when running the Threadripper 1950X and Core i9 7900X under Ubuntu 17.10 with its latest daily snapshot as of testing, Antergos 17.9 Rolling, and Clear Linux 17650. This provides a diverse look at the performance across distributions for these high-end desktop processors.

• Why developer evangelism is the secret to the success of Kubernetes

  Kubernetes is the hottest thing to hit containers since...Docker. That's faint praise, given that Docker barely burst onto the scene in 2013. But, given the pace of enterprise infrastructure innovation these days, four years may be all the limelight one gets. As such, it's critical to make the most of an opportunity, which Kubernetes has done by delivering great code and, as I've called out, superior community.

• Containers Use in Production Workloads Ticks Up Slowly

  Docker and other container platforms have caught the attention of enterprise software development teams and IT departments, but relatively few are entrusting their production workloads to the technology.

  According to the Cloud Foundry Foundation's latest Global Perception Study, 25 percent of enterprises are using containers in production, a three percent increase compared to 2016. Forty-two percent of respondents said their organizations were currently evaluating container technologies.

One of the largest financial data breaches in U.S. history, it exposed names, addresses, Social Security Numbers, birth dates, driver's license numbers and other sensitive information belonging to 143 million U.S. consumers, as well as data belonging to an undisclosed number of UK and Canadian consumers.

The attackers also accessed credit card data for about 209,000 consumers and credit dispute information for about 182,000 consumers, Equifax said.

[...]

However, with respect to the possibility that it resulted from an exploitation of a vulnerability in the Apache Struts Web Framework, it was not clear which vulnerability could have been utilized, Gielen said.

One assumption connected the breach to CVE-2017-2805, one of several patches Apache announced on Sept. 4.

"However, the security breach was already detected in July, which means that the attackers either used an earlier announced vulnerabiity on an unpatched Equifax server or exploited a vulnerability not known at this point in time -- a so called Zero Day Exploit," Gielen noted.

The committee members have put enormous effort into "securing and hardening the software we produce," he added, and they fix problems that come to their attention.

There's a distinction between the existence of an unknown flaw in the wild for nine years and failing to address a known flaw for nine years, said Gielen, emphasizing that the committee just learned about this flaw.

The has not had any contact with anyone using the @equifax domain on any Apache list in more than two years, said Apache spokesperson Sally Khudairi.

"To be clear, whilst we haven't had contact with anyone using the @equifax domain -- official or otherwise -- that is not to say there isn't a chance that someone from their team may have done so using an alternate channel," she told LinuxInsider.