• Bellevue’s Polyverse brings on significant “strategic investors” as it raises $2M for its secure Linux product and courts the Pentagon

  Polymorphic Linux fools memory-based attack software, a growing type of attack that takes advantage of vulnerabilities in widely used software, as opposed to older methods of delivering malware onto a network through a compromised email attachment. It does this by “scrambling” some of the basic system information those in-memory attacks use to target Linux applications, creating a unique version of Linux by producing “individually unique binaries that are semantically equivalent,” according to Polyverse material.

  “If you’re running the same software the Russians have, you’re in trouble,” Gounares said. “They’re getting your copy of Linux, they are studying it, they are finding those flaws, and today those economics favor them” given how many machines they can access if they discover a zero-day flaw in something as widely used as Linux or Windows, he said.

• Microsoft scores five-year $1.76bn contract with the Pentagon

  The $1.76bn (£1.57bn) deal was announced by the Pentagon as an indefinite delivery/indefinite quantity arrangement - in other words, between now and the end of January 2024, Microsoft will offer what is needed, payable on a per task basis, across different cost centres.

• Nine defendants charged in SEC [cracking] scheme that netted $4.1 million

  Two of the defendants, federal prosecutors in New Jersey said, breached SEC networks starting in May 2016 by subjecting them to hacks that included directory traversal, phishing attacks, and infecting computers with malware. From there, the defendants allegedly accessed EDGAR (the SEC’s Electronic Data Gathering, Analysis, and Retrieval system) and stole nonpublic earnings reports that publicly traded companies had filed with the commission. The [intruders] then passed the confidential information to individuals who used it to trade in the narrow window between when the files were stolen and when the companies released the information to the public.

• In 2019, Nothing Will Bolster Collaborative Open Source, User-Centered Design & Development In Learning Like The Moodle Users Association

  In LMS and learning technologies, there are few like the Moodle Users Association. Across the spectrum, developers and entrepreneurs keep looking for community engagement. When they do, the usual ideas come to mind. Surveys or social media interactions seem enough to call it a day. In some cases, large participants can influence the development roadmap and single-handedly affect the experience for everyone. Moodle offers all these avenues of interaction. But it also offers the MUA Process Development Cycle, a unique process of transparency and effectiveness that continues to polish and grow and audience. People with little more than a good idea and willingness for effort can make great impact.

• The 101 on Moodle

  We have all sorts of management systems to help make our work and lives easier to, well, manage. While content management systems help us organise our blogs, portfolios and social media, learning management systems (LMS) get our virtual education filing system sorted in one nook of the Web. One can liken Moodle to a ‘virtual classroom without the germs and threat of detention’.

• How to backup and restore Android apps

• How to adjust flashlight brightness (for iOS and Android)

• Apple rumoured to be replacing iPhone chargers with Android cables

• Google details upcoming 64-bit requirement for Android apps on the Play Store

• Hassle-free fragments: Using Android’s Navigation Architecture Component

• Samsung Galaxy A50 with 6GB RAM and Android Pie spotted, may launch soon

• Nokia 3.1 Plus starts receiving January 2019 Android Security update

• Yahoo Japan and EMQ X Join the OpenMessaging Project

  The OpenMessaging project welcomes Yahoo Japan and EMQ X as new members.

  We are excited to announce two new members to the OpenMessaging project: Yahoo Japan, one of the largest portal sites in Japan, and EMQ X, one of the most popular MQTT message middleware vendors. Yahoo Japan and EMQ X join Alibaba, JD.com, China Mobile Cloud, Qing Cloud, and other community members to form a standards community with 13 corporation members.

  OpenMessaging is a standards project for messaging and streaming technology. Messaging and Streaming products have been widely used in modern architecture and data processing, for decoupling, queuing, buffering, ordering, replicating, etc. But when data transfers across different messaging and streaming platforms, compatibility problems arise, which always means much additional work. The OpenMessaging community looks to eliminate these challenges through creating a global, cloud-oriented, vendor-neutral industry standard for distributed messaging.

• The Linux Foundation Announces 2019 Events Schedule

  The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced its 2019 events schedule. Linux Foundation events are where the creators, maintainers and practitioners of the world’s most important open source projects meet. In 2018, Linux Foundation events attracted more than 32,000 developers, architects, community thought leaders, business executives and other industry professionals from more than 11,000 organizations across 113 countries. New events hosted by the Linux Foundation for 2019 include Cephalocon and gRPC Conf.

There seems to be a mad rush at the beginning of every year to find ways to be more productive. New Year's resolutions, the itch to start the year off right, and of course, an "out with the old, in with the new" attitude all contribute to this. And the usual round of recommendations is heavily biased towards closed source and proprietary software. It doesn't have to be that way.

Here's the fourth of my picks for 19 new (or new-to-you) open source tools to help you be more productive in 2019.

New Zealand's economy is dependent on agriculture, a sector that is highly sensitive to climate change. This makes it critical to develop analysis capabilities to assess its impact and investigate possible mitigation and adaptation options. That analysis can be done with tools such as agricultural systems models. In simple terms, it involves creating a model to quantify how a specific crop behaves under certain conditions then simulating altering a few variables to see how that behavior changes. Some of the software available to do this includes CropSyst from Washington State University and the Agricultural Production Systems Simulator (APSIM) from the Commonwealth Scientific and Industrial Research Organization (CSIRO) in Australia.

• Chrome OS will soon let you search for and install Linux apps from the launcher

  We’ve talked a lot about Chrome OS‘ ability to install various Linux applications. From supporting the ability to install Debian packages to some kernel modules being backported so that older Chrome OS devices can support Linux apps. There has been a lot of activity in this area in the last 12 months. This added support is a big deal for a lot of people with some saying it’s the biggest change to Chrome OS since the added support of Android apps. Now, some new details have been discovered that suggest Chrome OS will soon let you search for and install these supported Linux apps directly from the launcher.

• Chrome OS Launcher May Soon Be Able To Search For And Install Linux Apps

  The entire Crostini (Linux apps on Chromebooks) effort has moved along quite quickly when you think about it. In just 6 short months, we’ve gone from not having an official option for Linux apps (though Crouton is and was an amazing effort) to seeing a majority of Chromebooks gain baked-in access to Linux on Chrome OS.

  While we’re still eagerly awaiting a few big, missing features (audio and GPU acceleration), the core pieces are falling into place quite nicely and many users are already finding great workflows with their favorite Linux apps on Chrome OS.

• Chrome OS may let users find new Linux apps from the App Launcher

  Chrome OS has always been based on Linux, but with its new beta support for Linux apps, the system has been opened to a wealth of powerful new applications otherwise inaccessible. The problem is, unless you’re already a Linux guru, you likely have no idea what those Linux apps are. Google is looking to fix this by making Linux apps you can install discoverable from the Chrome OS app launcher.

  In a new commit posted last night to Chromium’s Gerrit source code management, we see our first signs of returning behavior for Chrome OS’s app launcher. From the handy search tool, you will be able to search for Linux apps beyond just the ones you already have installed.

• Chrome OS may allow Linux software to be installed from the launcher

  Chrome Story discovered a commit on the Chromium repo which adds the ability to search for and install Linux packages from the Chrome OS launcher. The bug tracker description reads, "Add APT search into Chrome OS App Launcher, so that uninstalled Linux packages and Apps can be searched for and installed via the App launcher." The feature doesn't appear to be live on Chrome OS Canary yet, but the flag will be called #crostini-app-search.

Developers, hobbyists and Linux enthusiasts may be interested in a new development board called the Giant Board which is capable of running Linux on a form factor similar to that of the Adafruit Feather. Powered by a Microchip SAMA5D2 ARM Cortex-A5 Processor 500MHz tiny single-board computer has been based on the Adafruit Feather form factor created to provide users with plenty of power for a wide variety of projects and applications.

“The Giant Board is a super tiny single-board computer based on the Adafruit Feather form factor. We always want more power in a smaller package and the Giant Board delivers! There are always those couple of projects that just need a little more power, or a different software stack. With the release of the ATSAMA5D27C-D1G, it’s made linux possible in such a small form factor. Listed below are the specs and current pinout of the board.”

Also: Axiomtek announces its first Type 7 module

Windows 7 is an excellent operating system. It is a no-nonsense computing experience that just works. There are no ugly live tiles or forced updates. Conversely, Windows 10 is largely trash. Don't get me wrong, Microsoft's latest operating system isn't all bad, but it has many poor design choices, and the intrusive telemetry makes it feel like you are being spied on when using your own computer. Worst of all, it has proven to be very buggy -- it has been deleting important user files! That is scary stuff...

Many Windows users passed on both Windows 8.x and Windows 10, opting to stay on Windows 7. You know what? I don't blame them. Unfortunately, starting today, the Windows 7 death clock begins ticking away. You see, in exactly one year, Microsoft will end support for Windows 7. While the operating system will still function, it is foolish to use an unsupported OS. These folks will have to decide if they want to "upgrade" to Window 10 or opt for something entirely different. Today, Netrunner 19.01 "Blackbird" -- a Linux-based operating system that is reminiscent of Windows 7 -- is finally released. If you don't want to run Windows 10 on your PC, you should definitely give Blackbird a try before the Windows 7 support ends.

Also new: Netrunner 19.01 Blackbird overview | The Bird has landed

The need to analyze massive amounts of data and transaction-intensive workloads are driving the use of HPC into the business arena and making these tools mainstream for a variety of industries. Commercial users are getting into high performance applications for fraud detection, personalized medicine, manufacturing, smart cities, autonomous vehicles and many other areas. In order to effectively and efficiently run these workloads, SUSE has built a comprehensive and cohesive OS platform. In this blog, I will illustrate five things you should know about our SUSE solutions for AI over HPC.

Also: Managing compliance for Linux systems with SUSE Manager

• 2019 OSI Board Elections

  The Open Source Initiative (OSI) is managed by a member-elected Board of Directors that is the ultimate authority responsible for the organization. The Board's responsibilities include oversight of the organization, including its operations, staff and budget; setting strategic direction and defining goals in line with the mission, and; serving the community through committees and working groups. The eleven person Board is composed of Directors elected by OSI Individual Members (5) and Affiliate Members (5). The General Manager of the OSI also serves on the Board as a Director (ex officio). The results of elections for both Individual and Affiliate Member Board seats are advisory with the OSI Board making the formal appointments to open seats based on the community's votes.

  As a true corporate board, Board members must agree to, and comply with, the OSI Conflict of Interest Policy, and all Directors are expected to participate regularly in monthly Board meetings, any special meetings that may arise and the ongoing discussions related to the OSI specifically and open source generally.

• Purism Supports Software Freedom Conservancy

  We live in a dangerous world where privacy and security are more important than ever. In order for software to be trusted, the source code must be available to verify — a simple trust and verify model. Purism is proud to release all of our source code under Free Software licenses that not only empower users but are vital to protect their privacy and security. We favor licenses with strong copyleft like the GNU General Public License version 3, and will release software under the GPLv3 or an FSF-approved license we inherit. Our code can be studied, verified, and shared, whether you use our Librem line of products or not.

  Software Freedom Conservancy is a vital and important part of the Free Software ecosystem that we at Purism and billions of people worldwide rely upon. Without organizations that protect and enforce the terms expressed in software licenses, our digital rights are at risk. Conservancy continues to play a central role in legal battles to safeguard these freedoms.

• FSF Blogs: The FSF is 5,000 members strong -- thanks to you

  Your support is just what we need to push the free software movement to new frontiers. Our ever-growing base of members, donors, and activists are the backbone of our work and free software. Without you, we wouldn't have been able to raise over $440,000 for software freedom. With the 488 new members, we now have more than 5,000 active FSF members. Thanks to you, we'll be able to expand the staff of the FSF, increasing our organizational capacity, ability to work on issues that matter, and build the community; certify more Respects Your Freedom products to ensure that your devices run free software out of the box, and continue enforcing the GNU General Public License and leading other copyleft efforts; build our technical infrastructure and provide greater support for the many projects that rely on the FSF; create new items for our catalog of cool new swag and engaging publications from the GNU Press Shop; ramp up the fight against DRM; and create a better future for free software.

• Software user should advocate user freedoms: Richard M Stallman

  Stallman will also deliver a lecture at Technopark on Wednesday.

• mintCast 300 Blast from the past

• Free as in Get Out | LINUX Unplugged 284

  ZFS on Linux is becoming the official upstream project of all major ZFS implementations, even the BSDs. But recent Kernel changes prevent ZFS from even building on Linux. Neal Gompa joins us to discuss why it all matters.

• The Optional Option | Coder Radio 340

  Wes joins Mike for a special Coder. They share thoughts on the costs and benefits of Optionals in Swift, uncover Mike’s secret love affair with F#, and debate the true value of serverless.

• AMDVLK Weekly Code Drop Brings A DXVK Fix, VK_EXT_debug_utils Support

  AMD developers maintaining their official Vulkan driver have carried out another weekly code push to the open-source AMDVLK code-base.

  Overall the changes for this week's worth of AMD Radeon Vulkan driver changes is fairly small, but there is a DXVK fix, one new Vulkan extension wired up, and a lot of low-level driver work.

• NVIDIA 415.27 Linux Driver Released With GeForce RTX 2060 Support

  With NVIDIA today officially shipping the GeForce RTX 2060 as the new $349 USD Turing graphics card, the 415.27 Linux driver was released today to officially support this new graphics card.

  The GeForce RTX 2060 actually works with former 415 driver series releases, but would just be identified as a NVIDIA "Device" as opposed to the GeForce RTX 2060. The product string is now in this driver plus any other small tweaks to officially support this lowest-cost RTX Turing graphics card to date.

• Mesa 18.3.2 release candidate

  The candidate for the Mesa 18.3.2 is now available. Currently we have:
  - 78 queued
  - 3 nominated (outstanding)
  - and 0 rejected patches

• Mesa 18.3.2 Is Finally En Route With 78+ Changes

  It's been more than a month since the debut of Mesa 18.3 and the emergency 18.3.1 release while due the holidays and the release manager being sick, the next point release fell off the tracks. Mesa 18.3.2 is now being crafted and should be out in the next few days. Given the time since the previous release, Mesa 18.3.2 is heavy on fixes.

  Emil Velikov announced the release today of Mesa 18.3.2 RC1 and plans for officially releasing this point update in the next day or two. This release candidate has 78 patches queued over the prior update.

The basic premise of the elementary OS Challenge is simple: ditch Windows, macOS or your current Linux OS of choice and exclusively use elementary OS 5 Juno as your daily driver for two weeks. Explore the curated AppCenter and the bundled software to get all of your working and playing done. For email, for music, for coding, for gaming, for whatever.

We’ll be taking this journey together, which hopefully means a two-way conversation to discuss the successes, discoveries, questions and potential stumbling blocks we encounter along the way.

Back in October, MongoDB announced the Server Side Public License v1 (SSPLv1) as their new license moving forward for this document-oriented database server over their existing AGPL code. SSPL was met with much controversy upon its unveiling and Fedora's legal team has now ruled it an invalid free software license for packaged software in its repositories.

The intent of MongoDB developing the Server Side Public License was to ensure that public cloud vendors and other companies using their software as a service are giving back to the community / the upstream project. SSPL v1 was based on the GPLv3 but lays clear that a company publicly offering the SSPL-licensed software as a service must in turn open-source their software that it uses to offer said service. That stipulation applies only to organizations making use of MongoDB for public software services.

• Managing pods and containers in a local container runtime

• How To Install Cinnamon Desktop On A Chromebook With Crouton

• How to connect ONLYOFFICE Desktop Editors to Nextcloud

• Install and Keep HexChat IRC Client Updated via Snap in Ubuntu

• How to Install the Official Slack Client on Linux

• How to Install IntelliJ IDEA IDE on CentOS 7

• How to Install Craft CMS on CentOS 7

• How to install Yaru Theme 19.04 on Ubuntu 18.04

• Augmented Reality and the Browser — An App Experiment

  We all want to build the next (or perhaps the first) great Augmented Reality app. But there be dragons! The space is new and not well defined. There aren’t any AR apps that people use every day to serve as starting points or examples. Your new ideas have to compete against an already very high quality bar of traditional 2d apps. And building a new app can be expensive, especially for native app environments. This makes AR apps still somewhat uncharted territory, requiring a higher initial investment of time, talent and treasure.

  But this also creates a sense of opportunity; a chance to participate early before the space is fully saturated.

  From our point of view the questions are: What kinds of tools do artists, developers, designers, entrepreneurs and creatives of all flavors need to be able to easily make augmented reality experiences? What kinds of apps can people build with tools we provide?

  For example: Can I watch Trevor Noah on the Daily Show this evening, and then release an app tomorrow that is a riff on a joke he made the previous night? A measure of success is being able to speak in rich media quickly and easily, to be a timely part of a global conversation.

• Adios, Amigo

  Firefox Test Pilot is flying off into the sunset on January 22nd, 2019. Currently active experiments will remain installed for all users, and will be available on addons.mozilla.org after this date. Non-extension experiments like Firefox Lockbox and Firefox Send will continue in active development as standalone products. In fact, both products will have significant launches in the near future. Stay tuned for updates in the coming months.

• Evolving Firefox’s Culture of Experimentation: A Thank You from the Test Pilot Program

  For the last three years Firefox has invested heavily in innovation, and our users have been an essential part of this journey. Through the Test Pilot Program, Firefox users have been able to help us test and evaluate a variety of potential Firefox features. Building on the success of this program, we’re proud to announce today that we’re evolving our approach to experimentation even further.

• Samba 4.10 RC1 Released: Adds Offline Domain Backups, Now Defaults To Python 3

  Samba 4.10 release candidate 1 was announced today as the open-source SMB implementation with support for Windows Server and Active Directory domains.

  The Samba 4.10 release is bringing export/restore features for Group Policy Objects (GPO), pre-fork process model improvements, support for offline domain backups with the samba-tool domain backup command now supporting an offline option, support for group membership statistics within a domain, Python 3 is now considered the default Python implementation while Python 2 support is retained, JSON logging improvements, and other work.

• newt-lola

  Bison and Flex (or any of the yacc/lex family members) are a quick way to generate reliable parsers and lexers for language development. It's easy to write a token recognizer in Flex and a grammar in Bison, and you can readily hook code up to the resulting parsing operation. However, neither Bison nor Flex are really designed for embedded systems where memory is limited and malloc is to be avoided.

  When starting Newt, I didn't hesitate to use them though; it's was nice to use well tested and debugged tools so that I could focus on other parts of the implementation.

  With the rest of Newt working well, I decided to go take another look at the cost of lexing and parsing to see if I could reduce their impact on the system.

• Kano Scores a Disney Partnership, Announces a Star Wars Kit for Later This Year

  Kano creates killer little sets to teach kids how to code and beyond (like the awesome Harry Potter Coding Kit), and today the company is announcing a Disney partnership. The first product will be a Star Wars kit.

  While other info is scant at the time, Kano says the Star Wars kit will be out “in the second half of 2019.” Alex Klein, Kano’s CEO and co-founder, only teased other details, saying that “Collaborating with Disney is a blessing. We can combine connected, creative technologies with some of the most memorable stories ever told.”

• GDA and GObject Introspection: Remember 1

• No really, pathlib is great

• Top Seven Apps Built With Python

• Turn video into black and white with python

• Happy Mu Year 2019!

• Python 101: Episode #42 – Creating Executables with cx_Freeze

  In this screencast, we will learn how to turn your Python code into a Windows executable file using the cx_Freeze project.

• PyCoder’s Weekly: Issue #351 (Jan. 15, 2019)

• Demonizer, a rather intense shoot 'em up on itch has Linux support and a demo

  For those who enjoy their classic shoot 'em up experiences, Demonizer on itch is pretty retro looking and the action is rather intense.

  Currently in-development so it's an Early Access title, Demonizer is estimated to be completed sometime midway through this year. Take a look at some quick gameplay of the demo version running on Ubuntu...

• Taste of Power, a new and rather rough real-time strategy game is in Early Access

  Taste of Power, a real-time strategy game from OneOcean LLC arrived on Steam back in December in Early Access, I took a look.

• Road to your City, the city-builder with a heavy emphasis on Football has a new trailer and Steam page

  Road to your City is a city-builder I highlighted here on GOL back in November, as it's going to set itself apart with a focus on Football (Soccer) and it's starting to look pretty good.

• The 'Linux Steam Integration' project has a fresh minor release out

  Back to work at Intel, developer Ikey Doherty has put out a fresh release of the Linux Steam Integration project.

  For those unaware, the LSI project is basically a helper to make Steam and games run through Steam work better on Linux. It helps to work around game-specific annoyances, game engine issues and plenty more.

• The Humble Double Fine Presents Bundle is out with some nice games

  Another week and another new bundle has appeared! The Humble Double Fine Presents Bundle is up for two weeks and there's some pretty good games going.

• Software Security is a Civil Right!

• Security isn’t a feature

  As CES draws to a close, I’ve seen more than one security person complain that nobody at the show was talking about security. There were an incredible number of consumer devices unveiled, no doubt there is no security in any of them. I think we get caught up in the security world sometimes so we forget that the VAST majority of people don’t care if something has zero security. People want interesting features that amuse them or make their lives easier. Security is rarely either of these, generally it makes their lives worse so it’s an anti-feature to many.

  Now the first thing many security people think goes something like this “if there’s no security they’ll be sorry when their lightbulb steals their wallet and dumps the milk on the floor!!!” The reality is that argument will convince nobody, it’s not even very funny so they’re laughing at us, not with us. Our thoughts by very nature blame all the wrong people and we try to scare them into listening to us. It’s never worked. Ever. That one time you think it worked they were only pretended to care so you would go away.

  So it brings us to the idea that security isn’t a feature. Turning your lights on is a feature. Cooking you dinner is a feature. Driving your car is a feature. Not bursting into flames is not a feature. Well it sort of is, but nobody talks about it. Security is a lot like the bursting into flames thing. Security really is about something not happening, things not happening is the fundamental problem we have when we try to talk about all this. You can’t build a plausible story around an event that may or may not happen. Trying to build a narrative around something that may or may not happen is incredibly confusing. This isn’t how feature work, features do positive things, they don’t not do negative things (I don’t even know if that’s right). Security isn’t a feature.

  So the question you should be asking then is how do we make products being created contain more of this thing we keep calling security. The reality is we can’t make this happen given our current strategies. There are two ways products will be produced that are less insecure (see what I did there). Either the market demands it, which given the current trends isn’t happening anytime soon. People just don’t care about security. The second way is a government creates regulations that demand it. Given the current state of the world’s governments, I’m not confident that will happen either.

• Metasploit, popular hacking and security tool, gets long-awaited update

  The open-source Metasploit Framework 5.0 has long been used by hackers and security professionals alike to break into systems. Now, this popular system penetration testing platform, which enables you to find, exploit, and validate security holes, has been given a long-delayed refresh.

  Rapid7, Metasploit's parent company, announced this first major release since 2011. It brings many new features and a fresh release cadence to the program. While the Framework has remained the same for years, the program was kept up to date and useful with weekly module updates.

• Security updates for Tuesday

• [Slackware] New VLC and Flash

  AV1 is a new video codec by the Alliance for Open Media, composed of most of the important Web companies (Google, Facebook, Netflix, Amazon, Microsoft, Mozilla…). AV1 has the potential to be up to 20% better than the HEVC codec, but the patents license is totally free. VLC supports AV1 since version 3.0.0 but I never added the ‘aom‘ decoder/encoder to my vlc package, since ‘aom’ is the reference implementation of the video format and it does not really perform.
  The VideoLAN and FFmpeg communities are collaborating on ‘dav1d’ to make this a reference optimized decoder for AV1. Now that ‘dav1d’ has an official release I thought it would be cool to have in the VLC package. Mozilla and Google browsers already have the support for AV1 video playback built-in, so… overdue here.