Several reports indict that at least some of Sony's recent Android TVs are actively blocking Kodi, the open-source, cross-platform streaming and media player that allows you to access and play local, network, and remote content. Android Police reports: The official Kodi project Twitter account pointed out Sony's deficiency a couple of days ago, but reports on the Kodi forums of issues installing and running the app from the Play Store go even further back to last year. A handful of affected enthusiasts believe they have discovered the cause of the problem: Sony seems to be blocking the package ID for the app from being installed/run. Supporting this theory is the fact that recompiling the app from scratch with a different ID allows it to work.

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. From a report: The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans. The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software. GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.

Tech Republic re-visits the story of the earliest attempts to build the Raspberry Pi, and the dramatic launch of a quest "to rekindle the curiosity about computing in a generation immersed in technology but indifferent to how it worked." [T]he dominant computers -- games consoles and later tablets and smartphones -- no longer offered an invitation to create, but rather to consume. Eben Upton recalls a bonfire party in 2007 where an 11-year-old boy told him he wanted to be an electrical engineer, and his disappointment at realizing the boy didn't have access to a computer he could program on. "I said, 'Oh, what computer have you got?'. He said, 'I've got a Nintendo Wii'. And there was just that awful feeling about there being a kid who was excited, a kid who was showing concrete interest in our profession, and who didn't have access to a programmable computer, a computer of any sort. He just had a games console."

At this time Upton was working as a system-on-a-chip architect at chip designer Broadcom, and realized he had the skills to try to halt this drift away from computers that encouraged users to code.
Upton describes the Raspberry Pi as "a very conscious attempt" to bring back the easily programmable home computers that he remembered as a child in the 1980s -- and he was gratified at its success. "Even early on you started to see those pictures of kids lying on the living room floor, looking up at the TV with Raspberry Pi plugged into it, the same way we used to."

It was named "Pi" because it booted into a version of Python, and Raspberry because "There's a lot of fruit-named computer companies, and the 'blowing a raspberry' thing was also deliberate."

It's gone on to become the world's third best-selling general-purpose computer.

ZDNet reports that by 2020, "many, if not most, new cars will be running with Linux." While some companies, like Tesla, run their own homebrew Linux distros, most rely on Automotive Grade Linux (AGL). AGL is a collaborative cross-industry effort developing an open platform for connected cars with over 140 members... Its membership includes Audi, Ford, Honda, Mazda, Nissan, Mercedes, Suzuki, and the world's biggest automobile company: Toyota. Why? "Automakers are becoming software companies, and just like in the tech industry, they are realizing that open source is the way forward," said Dan Cauchy, AGL's executive director, in a statement.

Car companies know that while horsepower sells, customers also want smart infotainment systems, automated safe drive features, and, eventually, self-driving cars. Linux and open-source company can give them all of that. The AGL's goal is to develop an open-source, common platform for infotainment systems: The Unified Code Base (UCB). This is a Linux distribution and open-source software platform for car infotainment, telematics, and instrument cluster applications... The AGL's hope is that this will serve as a de facto industry standard. It's well on its way.
Yesterday Hyundai announced that they were also joining both the AGL effort and the Linux Foundation.

The GIMP developers on Wednesday published a blog post in which they look back at the year 2018 (release of GIMP 2.10) and outline the things that they intend to get around this year. From the post: We expect to be shipping 2.10.x updates throughout 2019, starting with the version 2.10.10 currently expected in January/February. This version will feature faster layer groups rendering, smart colorization with the Bucket Fill tool, and various usability improvements. We are also planning the first unstable release of GIMP that will have version 2.99.2, eventually leading up to version 3.0. The prerequisite for releasing that version will be the completion of the space invasion. ZeMarmot project (which can be supported on Patreon or Tipeee) is also planning to focus a bit more on better canvas interactions, as well as animation support improvements, starting from merging existing work. On the GEGL and babl front, we expect to continue working towards better CMYK support and performance.

Julia Reda is a member of Germany's Pirate Party, a member of the European Parliament, and the Vice-President of The Greens-European Free Alliance.

Thursday her official web site announced: In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.... The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure.... That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project: FOSSA... In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software...

In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.
The bounties start at 25.000,00 € -- about $29,000 USD -- rising as high as 90.000,00 € ($103,000). "The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software," Reda writes.

Click through for a list of the software projects for which bug bounties will be offered.

Linus Torvalds has announced the general availability of v4.20 of the Linux kernel. In a post to the Linux Kernel Mailing List, Torvalds said that there was no point in delaying the release of the latest stable version of the kernel just because so many people are taking a break for the holiday season. From a report: He says that while there are no known issues with the release, the shortlog is a little longer than he would have liked. However "nothing screams 'oh, that's scary'", he insists. The most notable features and changes in the new version includes: New hardware support! New hardware support includes bringing up the graphics for AMD Picasso and Raven 2 APUs, continued work on bringing up Vega 20, Intel has continued putting together its Icelake Gen 11 graphics support, there is support for the Hygon Dhyana CPUs out of China based upon AMD Zen, C-SKY 32-bit CPU support, Qualcomm Snapdragon 835 SoC enablement, Intel 2.5G Ethernet controller support for "Foxville", Creative Sound Blaster ZxR and AE-5 sound card support, and a lot of smaller additions.

Besides new hardware support when it comes to graphics processors, in the DRM driver space there is also VCN JPEG acceleration for Raven Ridge, GPUVM performance work resulting in some nice Vulkan gaming boosts, Intel DRM now has full PPGTT support for Haswell/IvyBridge/ValleyView, and HDMI 2.0 support for the NVIDIA/Nouveau driver. On the CPU front there are some early signs of AMD Zen 2 bring-up, nested virtualization now enabled by default for AMD/Intel CPUs, faster context switching for IBM POWER9, and various x86_64 optimizations. Fortunately the STIBP work for cross-hyperthread Spectre V2 mitigation was smoothed out over the release candidates that the performance there is all good now.

Btrfs performance improvements, new F2FS features, faster FUSE performance, and MDRAID improvements for RAID10 round out the file-system/storage work. One of the technical highlights of Linux 4.20 that will be built up moving forward is the PCIe peer-to-peer memory support for device-to-device memory copies over PCIe for use-cases like data going directly from NICs to SSD storage or between multiple GPUs.

Junko Yoshida, writing for EETimes: Without question, 2018 was the year RISC-V genuinely began to build momentum among chip architects hungry for open-source instruction sets. That was then. By 2019, RISC-V won't be the only game in town. Wave Computing (Campbell, Calif.) announced Monday (Dec. 17) that it is putting MIPS on open source, with MIPS Instruction Set Architecture (ISA) and MIPS' latest core R6 available in the first quarter of 2019. Art Swift, hired by Wave this month as president of its MIPS licensing business, described the move as critical to accelerate the adoption of MIPS in an ecosystem.

Going open source is "a big plan" that Wave CEO Derek Meyer, a MIPS veteran, has been quietly fostering since Wave acquired MIPS Technologies in June, explained Swift. Swift himself is a MIPS alumnus who worked at the company as a vice president of marketing and business development for four years. Wave, which styles itself as a tech startup poised to bring "AI and deep learning from the datacenter to the edge," sees MIPS as a key to advancing Wave's AI into a host of uses and applications. Included in MIPS instruction sets are extensions such as SIMD (single instruction, multiple data) and DSP. Swift promised that MIPS will bring to the open-source community "commercial-ready" instruction sets with "industrial-strength" architecture. "Chip designers will have opportunities to design their own cores based on proven and well tested instruction sets for any purposes," said Swift.

Steve Dower, a Python developer at Microsoft, describes how the language become popular internally: In 2010, our few Pythonistas were flying under the radar, in case somebody noticed that they could reassign a few developers to their own project. The team was small, leftover from a previous job, but was chipping away at a company culture that suffered from "not invented here" syndrome: Python was a language that belonged to other people, and so Microsoft was not interested. Over the last eight years, the change has been dramatic. Many Microsoft products now include Python support, and some of the newest only support Python. Some of our critical tools are written in Python, and we are actively investing in the language and community....

In 2018, we are out and proud about Python, supporting it in our developer tools such as Visual Studio and Visual Studio Code, hosting it in Azure Notebooks, and using it to build end-user experiences like the Azure CLI. We employ five core CPython developers and many other contributors, are strong supporters of open-source data science through NumFOCUS and PyData, and regularly sponsor, host, and attend Python events around the world.
"We often felt like a small startup within a very large company" Downer writes, in a post for the Medium community "Microsoft Open Source Stories."

"it is clear to me that open source -- now several decades old and fully adult -- is going through its own midlife crisis," writes Joyent CTO Bryan Cantrill. [O]pen source business models are really tough, selling software-as-a-service is one of the most natural of them, the cloud service providers are really good at it -- and their commercial appetites seem boundless. And, like a new cherry red two-seater sports car next to a minivan in a suburban driveway, some open source companies are dealing with this crisis exceptionally poorly: they are trying to restrict the way that their open source software can be used. These companies want it both ways: they want the advantages of open source -- the community, the positivity, the energy, the adoption, the downloads -- but they also want to enjoy the fruits of proprietary software companies in software lock-in and its concomitant monopolistic rents.

If this were entirely transparent (that is, if some bits were merely being made explicitly proprietary), it would be fine: we could accept these companies as essentially proprietary software companies, albeit with an open source loss-leader. But instead, these companies are trying to license their way into this self-contradictory world: continuing to claim to be entirely open source, but perverting the license under which portions of that source are available. Most gallingly, they are doing this by hijacking open source nomenclature. Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons), but others...are little better...
"[T]heir business model isn't their community's problem, and they should please stop trying to make it one," Cantrill writes, adding letter that "As we collectively internalize that open source is not a business model on its own, we will likely see fewer VC-funded open source companies (though I'm honestly not sure that that's a bad thing)..." He also points out that "Even though the VC that led the last round wants to puke into a trashcan whenever they hear it, business models like 'support', 'services' and 'training' are entirely viable!"

Jay Kreps, Co-founder of @confluentinc, has posted a rebuttal on Medium. "How do you describe a license that lets you run, modify, fork, and redistribute the code and do virtually anything other than offer a competing SaaS offering of the product? I think Bryan's sentiment may be that it should be called the Evil Proprietary Corruption of Open Source License or something like that, but, well, we disagree."

Thursday a bug report complained that the source code for OpenJDK, the free and open-source implementation of Java, "has too many swear words." An anonymous reader writes: "There are many instances of swear words inside OpenJDK jdk/jdk source, scattered all over the place," reads the bug report. "As OpenJDK is used in a professional context, it seems inappropriate to leave these 12 instances in there, so here's a changeset to remove them."
IBM software developer (and OpenJDK team member and contributor) Adam Farley responded that "after discussion with the community, three determinations were reached":

• "Damn" and "Crap" are not swear words.

• Three of the four f-bombs are located in jszip.js, which should be corrected upstream (will follow up).

• The f-bomb in BitArray.java, as well as the rude typo in SoftChannel.java, *are* swear words and should be removed to resolve this work item.

He promised a new webrev would be uploaded to reflect these determinations, and the bug has been marked as "resolved."

An anonymous reader writes: At its Microsoft Connect(); 2018 virtual event today, Microsoft announced the initial public preview of Visual Studio 2019 -- you can download it now for Windows and Mac. Separately, .NET Core 2.2 has hit general availability and .NET Core 3.0 Preview 1 is also available today.

At the event today, Microsoft also made some open-source announcements, as is now common at the company's developer shindigs. Microsoft open-sourced three popular Windows UX frameworks on GitHub: Windows Presentation Foundation (WPF), Windows Forms, and Windows UI XAML Library (WinUI). Additionally, Microsoft announced the expansion of the .NET Foundation's membership model.

Seeking compliance with Linux's new Code of Conduct, Intel software engineer Jarkko Sakkinen recently requested comments on a set of changes to kernel code comments which Neowin described as "replacing the F-word with 'hug'. "

80 comments quickly followed on the Linux Kernel Maintainer's List: Several contributors responded to the alterations calling them insane. One wondered if Sakkinen was just trying to make a joke, and another called it censorship and said he'd refuse to apply any sort of patches like this to the code he's in charge of...

Some of the post-change comments read "Some Athlon laptops have really hugged PST tables", "If you don't see why, please stay the hug away from my code", and "Only Sun can take such nice parts and hug up the programming interface".
Eventually LWN.net publisher Jonathan Corbet deflated most of the controversy by pointing out that Linux's new Code of Conduct applies to future comments but clearly indicates that it does not apply explicitly to past comments.

And Jarkko Sakkinen acknowledged that he had missed that part of the discussion.

"[O]n Nov. 26 it was publicly revealed that a widely deployed open-source Node.js programming language module known as event-stream had been injected with malicious code that looked to steal cryptocurrency wallets," reports eWeek, adding "The event-stream library has over two million downloads."

An anonymous reader quotes Ars Technica: The backdoor came to light [November 20th] with this report from Github user Ayrton Sparling. Officials with the NPM, the open source project manager that hosted event-stream, didn't issue an advisory until six days later.... "This compromise was not targeting module developers in general or really even developers," an NPM official told Ars in an email. "It targeted a select few developers at a company, Copay, that had a very specific development environment set up. Even then, the payload itself didn't run on those developers' computers; rather, it would be packaged into a consumer-facing app when the developers built a release. The goal was to steal Bitcoin from this application's end users...."

According to the Github discussion that exposed the backdoor, the longtime event-stream developer no longer had time to provide updates. So several months ago, he accepted the help of an unknown developer. The new developer took care to keep the backdoor from being discovered. Besides being gradually implemented in stages, it also narrowly targeted only the Copay wallet app. The malicious code was also hard to spot because the flatmap-stream module was encrypted. The attack is the latest to exploit weaknesses in a widely used supply chain to target downstream end users... The supply-chain attacks show one of the weaknesses of open source code. Because of its openness and the lack of funds of many of its hobbyist developers and users, open source code can be subject to malicious modifications that often escape notice.
"The time has come," concludes Ars Technica, "for maintainers and users of open source software to devise new measures to better police the millions of packages being used all around us." Sophos' security blog also asks why so many developers "immediately and blindly trusted the new maintainer," and shared a concerned comment from developer named Chris Northwood.

"Nothing's stopping this happening again, and it's terrifying."

"2019 just might be the Year of Linux -- the year in which Linux is fully recognized as the powerhouse it has become," writes Network World's "Unix dweeb." The fact is that most people today are using Linux without ever knowing it -- whether on their phones, online when using Google, Facebook, Twitter, GPS devices, and maybe even in their cars, or when using cloud storage for personal or business use. While the presence of Linux on all of these systems may go largely unnoticed by consumers, the role that Linux plays in this market is a sign of how critical it has become. Most IoT and embedded devices -- those small, limited functionality devices that require good security and a small footprint and fill so many niches in our technology-driven lives -- run some variety of Linux, and this isn't likely to change. Instead, we'll just be seeing more devices and a continued reliance on open source to drive them.

According to the Cloud Industry Forum, for the first time, businesses are spending more on cloud than on internal infrastructure. The cloud is taking over the role that data centers used to play, and it's largely Linux that's making the transition so advantageous. Even on Microsoft's Azure, the most popular operating system is Linux. In its first Voice of the Enterprise survey, 451 Research predicted that 60 percent of nearly 1,000 IT leaders surveyed plan to run the majority of their IT off premises by 2019. That equates to a lot of IT efforts relying on Linux. Gartner states that 80 percent of internally developed software is now either cloud-enabled or cloud-native.
The article also cites Linux's use in AI, data lakes, and in the Sierra supercomputer that monitors America's nuclear stockpile, concluding that "In its domination of IoT, cloud technology, supercomputing and AI, Linux is heading into 2019 with a lot of momentum."

And there's even a long list of upcoming Linux conferences...

"The Linux Foundation and RISC-V Foundation announced yesterday a joint collaboration project to promote open source development and commercial adoption of the RISC-V instruction set architecture (ISA)," reports TechRepublic: Though some devices that integrate RISC-V will use real-time operating systems rather than Linux, the use of Linux in development will be instrumental as existing tools are being extended to support the RISC-V ISA when developing software on traditional computers. "This joint collaboration with the Linux Foundation will enable the RISC-V Foundation to offer more robust support and educational tools for the active RISC-V community, and enable operating systems, hardware implementations and development tools to scale faster," said Rick O'Connor, executive director of the RISC-V Foundation, in a press release.

In many ways, RISC-V is a hardware equivalent to the open source principles that guide the Linux project, as the ISA is open source, is not subject to patent encumbrances, and is available under the BSD license. [L]icensing fees for Arm or MIPS ISAs -- both of which are fundamentally RISC in principle -- can be avoided by using RISC-V.... As alternatives like Alpha, SuperH, MIPS, and even Intel's own Itanium processors have fallen by the wayside, organizations using those ISAs in their products have had difficult adjustment periods transitioning away, while patent encumbrances largely prevent third parties from continuing development or providing drop-in replacements for those technologies. RISC-V's open nature prevents these issues, as it is possible for any organization to extend or customize their own implementation, and any organization can produce their own RISC-V processors.
Manufacturers like how RISC-V CPUs aren't restricted to a single manufacturer, according to the article, which points out that NVIDIA and Western Digital have both announced plans to use RISC-V in some upcoming products.

RISC-V is also "gaining popularity in Internet of Things, low-power, and embedded applications," and Western Digital even plans to ultimately transition its annual consumption of processors -- one billion cores per yer -- to RISC-V.

An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."

Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."

The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.

It's been named Outline because in places where internet use may be restricted — it gives you a line out.

There's no question that the concept of open-source software has revolutionized the enterprise software world, which spent billions of dollars fighting the mere idea for several years before accepting that a new future had arrived. But more than a few people are starting to wonder if the very nature of open-source software -- the idea that it can be used by pretty much anyone for pretty much anything -- is causing its developers big problems in the era of distributed cloud computing services. From a report: Two prominent open-source software companies have made the decision to alter the licenses under which some of their software is distributed, with the expressed intent of making it harder -- or impossible -- for cloud computing providers to offer a service based around that software.

Two companies do not a make a movement. But as the cloud world packs its bags for Las Vegas and Amazon Web Services' re:Invent 2018 conference next week, underscoring that company's ability to set the agenda for the upcoming year, the intersection between open-source projects and cloud computing services is on many people's minds. "The way that I would think of it, the role that open source plays in creating commercial opportunities has changed," said Abby Kearns, executive director of the open-source Cloud Foundry Foundation. "We're going to see a lot more of this conversation happening than less. I would put it in a very blunt way: for many years we were suckers, and let them take what we developed and make tons of money on this."

Redis Labs CEO Ofer Bengal doesn't mince words. His company, known for its open-source in-memory database (used by American Express, Home Depot, and Dreamworks among others), has been around for eight years, an eternity in the fast-changing world of modern enterprise software. [...] "Ninety-nine percent of the contributions to Redis were made by Redis Labs," Bengal said. There's a longstanding myth in the open-source world that projects are driven by a community of contributors, but in reality, paid developers contribute the bulk of the code in most modern open-source projects, as Puppet founder Luke Kanies explained in our story earlier this year.

At the OpenStack Summit in Berlin last week, Ubuntu Linux founder Mark Shuttleworth said in a keynote that Ubuntu 18.04 Long Term Support (LTS) support lifespan would be extended from five years to 10 years. "I'm delighted to announce that Ubuntu 18.04 will be supported for a full 10 years," said Shuttleworth, "In part because of the very long time horizons in some of industries like financial services and telecommunications but also from IoT where manufacturing lines for example are being deployed that will be in production for at least a decade." ZDNet reports: Ubuntu 18.04 released in April 2018. While the Ubuntu desktop gets most of the ink, most of Canonical's dollars comes from server and cloud customers. It's for these corporate users Canonical first extended Ubuntu 12.04 security support, then Ubuntu 14.04's support, and now, preemptively, Ubuntu 18.04. In an interview after the keynote, Shuttleworth said Ubuntu 16.04, which is scheduled to reach its end of life in April 2021, will also be given a longer support life span.

When it comes to OpenStack, Shuttleworth promised again to support versions of OpenStack dating back to 2014's IceHouse. Shuttleworth said, "What matters isn't day two, what matters is day 1,500." He also doubled-down on Canonical's promise to easily enable OpenStack customers to migrate from one version of OpenStack to another. Generally speaking, upgrading from one version of OpenStack is like a root canal: Long and painful but necessary. With Canonical OpenStack, you can step up all the way from the oldest supported version to the newest one with no more than a second of downtime.

At the 2018 Uber Open Summit, Uber announced it was joining the Linux Foundation as a Gold Member, making a firm commitment to using and contributing to open source tools. TechCrunch reports: Uber CTO Thuan Pham sees the Linux Foundation as a place for companies like his to nurture and develop open source projects. "Open source technology is the backbone of many of Uber's core services and as we continue to mature, these solutions will become ever more important," he said in a blog post announcing the partnership. "Uber has made significant investments in shared software development and community collaboration through open source over the years, including contributing the popular open source project Jaeger, a distributed tracing system, to the Linux Foundation's Cloud Native Computing Foundation in 2017," an Uber spokesperson told TechCrunch. As the report mentions, it took the ride-hailing service a long time for them to join the Linux Foundation. "Uber has been long known for making use of open source in its core tools working on over 320 open source projects and repositories from 1500 contributors involving over 70,000 commits, according to data provided by the company," reports TechCrunch.