Communications

James Dolan, Co-Creator of SecureDrop, Dead At 36 (gizmodo.com) 188

The Freedom of the Press Foundation is reporting that James Dolan, former Marine and co-creator of the whistleblower submission system SecureDrop alongside Aaron Swartz and Wired editor Kevin Poulsen, has died at age 36. He reportedly took his own life. Gizmodo reports: First deployed as StrongBox with The New Yorker, organizations such as the Washington Post, the New York Times, the Associated Press, and Gizmodo Media Group have all come to rely on SecureDrop -- which allows highly secure communication between journalists and sources in possession of sensitive information or documents. As an industry tool, it has become invaluable for reporters. Dolan joined the Freedom of the Press Foundation to maintain SecureDrop after co-creator Aaron Swartz took his life in 2013 at age 26, as pressure mounted in a federal investigation against him that many felt was overzealous. Memorial services have not yet been announced, and presently the circumstances of Dolan's death are not known.
Linux

Can You Install Linux On a 1993 PC? (yeokhengmeng.com) 253

Slashdot reader yeokm1 writes: The oldest x86 CPU that the Lnux kernel supports today is theoretically the 486. However is this theory actually true in practice? I decided to put this theory to the test in my project.
His site describes installing Gentoo Linux on an "ancient" IBM PS/1 Consultant 2133 19C (released in 1993), with 64MB SIMM-72 RAM. (Though to speed things up, he compiled that minimal version of Gentoo on a modern Thinkpad T430 released in 2012.) "Due to the age of the PC, the BIOS only supports booting from the floppy drive or internal HDD," so there was also some disk partitioning and kernel configuration. ("Must disable 64-bit kernel for obvious reasons!") A half-hour video shows that it takes almost 11 minutes just to boot up -- and five and a half minutes to shut down. "Despite the many roadblocks I faced, I was impressed by the level of support Linux has for ancient hardware like this."

And there's one more added bonus. "Given the age of the 486 (1989 technology), it does not support branch prediction... Ironically this makes it safe from the Meltdown and Spectre attacks."
Intel

Can We Replace Intel x86 With an Open Source Chip? (zdnet.com) 359

An anonymous reader quotes Jason Perlow, the senior technology editor at ZDNet: Perhaps the Meltdown and Spectre bugs are the impetus for making long-overdue changes to the core DNA of the semiconductor industry and how chip architectures are designed... Linux (and other related FOSS tech that forms the overall stack) is now a mainstream operating system that forms the basis of public cloud infrastructure and the foundational software technology in mobile and Internet of Things (IoT)... We need to develop a modern equivalent of an OpenSPARC that any processor foundry can build upon without licensing of IP, in order to drive down the costs of building microprocessors at immense scale for the cloud, for mobile and the IoT. It makes the $200 smartphone as well as hyperscale datacenter lifecycle management that much more viable and cost-effective.

Just as Linux and open source transformed how we view operating systems and application software, we need the equivalent for microprocessors in order to move out of the private datacenter rife with these legacy issues and into the green field of the cloud... The fact that we have these software technologies that now enable us to easily abstract from the chip hardware enables us to correct and improve the chips through community efforts as needs arise... We need to stop thinking about microprocessor systems' architectures as these licensed things that are developed in secrecy by mega-companies like Intel or AMD or even ARM... The reality is that we now need to create something new, free from any legacy entities and baggage that has been driving the industry and dragging it down the past 40 years. Just as was done with Linux.

The bigger question is which chip should take its place. "I don't see ARM donating its IP to this effort, and I think OpenSPARC may not be it either. Perhaps IBM OpenPOWER? It would certainly be a nice gesture of Big Blue to open their specification up further without any additional licensing, and it would help to maintain and establish the company's relevancy in the cloud going forward.

"RISC-V, which is being developed by UC Berkeley, is completely Open Source."
Windows

Lindows Resurrected! Freespire 3.0 and Linspire 7.0 Linux Distros Now Available (betanews.com) 77

BrianFagioli writes: About 16 years ago, a for-pay Linux distribution caused quite a stir all because of its name -- Lindows. Yes, someone actually thought kicking the billion dollar hornets nest that is Microsoft by playing off of the "Windows" name was a good idea. To be honest, from a marketing perspective, it was brilliant -- it got tons of free press. Microsoft eventually killed the Lindows name by use of money and the legal system, however. Ultimately, the Linux distro was renamed "Linspire." Comically, there was a Lindows Insiders program way before Windows Insiders!

After losing the Lindows name, the operating system largely fell out of the spotlight, and its 15 minutes of fame ended. After all, without the gimmicky name, it was hard to compete with free Linux distros with a paid OS. Not to mention, Richard Stallman famously denounced the OS for its non-free ways. The company eventually created a free version of its OS called Freespire, but by 2008, both projects were shut down by its then-owner, Xandros. Today, however, a new Linspire owner emerges -- PC/OpenSystems LLC. And yes, Lindows is rising from the grave -- as Freespire 3.0 and Linspire 7.0!

"Today the development team at PC/Opensystems LLC is pleased to announce the release of Freespire 3.0 and Linspire 7.0. While both contain common kernel and common utilities, they are targeted towards two different user bases. Freespire is a FOSS distribution geared for the general Linux community, making use of only open source components, containing no proprietary applications. This is not necessarily a limitation : through our software center and extensive repositories, Freespire users can install any application that they wish," says PC/OpenSystems LLC.

Back in 2003 the CEO of Lindows answered questions from Slashdot readers.

The first question was "Why oh why?"
Open Source

Could We Reduce Data Breaches With Better Open Source Funding? (marketwatch.com) 60

The CEO of Wireline -- a cloud application marketplace and serverless architecture platform -- is pushing for an open source development fund to help sustain projects, funded by an initial coin offering. "Developers like me know that there are a lot of weak spots in the modern internet," he writes on MarketWatch, suggesting more Equifax-sized data breaches may wait in our future. In fact, many companies are not fully aware of all of the software components they are using from the open-source community. And vulnerabilities can be left open for years, giving hackers opportunities to do their worst. Take, for instance, the Heartbleed bug of 2014... Among the known hacks: 4.5 million health-care records were compromised, 900 Canadians' social insurance numbers were stolen. It was deemed "catastrophic." And yet many servers today -- two years later! -- still carry the vulnerability, leaving whole caches of personal data exposed...

[T]hose of us who are on the back end, stitching away, often feel a sense of dread. For instance, did you know that much of the software that underpins the entire cloud ecosystem is written by developers who are essentially volunteers? And that the open-source software that underpins 70% of corporate America is vastly underfunded? The Heartbleed bug, for instance, was created by an error in some code submitted in 2011 to a core developer on the team that maintained OpenSSL at the time. The team was made up of only one full-time developer and three other part-timers. Many of us are less surprised that a bug had gotten through than that it doesn't happen more often.

The article argues that "the most successful open-source initiatives have corporate sponsors or an umbrella foundation (such as the Apache and Linux foundations). Yet we still have a lot of very deeply underfunded open-source projects creating a lot of the underpinnings of the enterprise cloud."
Open Source

Kodi 18 'Leia' 64-Bit For Windows Is Finally Ready To Replace the 32-bit Version (betanews.com) 80

BrianFagioli shares a report from BetaNews: Earlier this year, we shared with you that a pre-release version of Kodi 18 "Leia" 64-bit for Windows was available. There was a big catch, however -- it was not up to par with its 32-bit brother. And so, many people just stuck with the 32-bit version, because, well... why not? It is finally time to make the jump to the 64-bit variant, however, as according to the Kodi team, it is now identical to the 32-bit version from a feature perspective. "The 64-bit Kodi version for Windows is now feature complete and on the same level as 32-bit. From now on the 32-bit installer will include a warning to ask you to install the 64-bit instead. This upgrade from 32-bit to 64-bit version is seamless and you just need to install on top of the old version," says Kodi.
Operating Systems

Apple To Release Lisa OS For Free As Open Source In 2018 (iphoneincanada.ca) 95

New submitter Jose Deras writes: Nearly 35 years ago, Apple released its first computer with a graphical user interface, called the Lisa. Starting next year, the Computer History Museum will release the Apple Lisa OS for free as an open-source project. According to a new report from Business Insider, the Computer History Museum will release the code behind the Apple Lisa operating system for free as open source, for anyone to try and tinker with. The news was announced via the LisaList mailing list for Lisa enthusiasts.

"While Steve Jobs didn't create the Lisa, he was instrumental in its development. It was Jobs who convinced the legendary Xerox PARC lab to let the Apple Lisa team visit and play with its prototypes for graphical user interfaces," reads the report. "And while Apple at the time said that Lisa stood for 'Local Integrated System Architecture,' Jobs would later claim to biographer Walter Isaacson that the machine was actually named for his oldest daughter, Lisa Nicole Brennan-Jobs." "Then-Apple CEO John Sculley had Jobs removed from the Lisa project, which kicked off years-long animosity between the two," continues the report. "Ultimately, a boardroom brawl would result in Jobs quitting in a huff to start his own company, NeXT Computer. Apple would go on to buy NeXT in 1996, bringing Jobs back into the fold. By 1997, Jobs had become CEO of Apple, leading the company to its present status as the most valuable in the world."

Open Source

FSF Adds PureOS To List of Endorsed GNU/Linux Distributions (fsf.org) 46

Long-time Slashdot reader donaldrobertson writes: The Free Software Foundation on Thursday announced PureOS as an endorsed GNU/Linux distro. PureOS is an operating system focused on privacy, security and ease of use. Endorsement means the system meets the FSF's Free System Distribution Guidelines by providing and promoting only free software, with a dedication to making sure the system always remains free.
GUI

Could 2018 Be The Year of the Linux Desktop? (gnome.org) 383

Suren Enfiajyan writes: Red Hat worker and GNOME blogger Christian F.K. Schaller wrote why GNU/Linux failed to become a mainstream desktop OS... "My thesis is that there really isn't one reason, but rather a range of issues that all have contributed to holding the Linux Desktop back from reaching a bigger market. Also to put this into context, success here in my mind would be having something like 10% market share of desktop systems. That to me means we reached critical mass."

He named the following reasons:

- A fragmented market
- Lack of special applications
- Lack of big name applications
- Lack of API and ABI stability
- Apple's resurgence
- Microsoft's aggressive response
- Windows piracy
- Red Hat mostly stayed away
- Canonical's business model not working out
- Lack of original device manufacturer support

Then he ended with some optimism:

"So anyone who has read my blog posts probably knows I am an optimist by nature. This isn't just some kind of genetic disposition towards optimism, but also a philosophical belief that optimism breeds opportunity while pessimism breeds failure. So just because we haven't gotten the Linux Desktop to 10% marketshare so far doesn't mean it will not happen going forward. It just means we haven't achieved it so far.

"One of the key identifiers of open source is that it is incredibly hard to kill, because unlike proprietary software, just because a company goes out of business or decides to shut down a part of its business, the software doesn't go away or stop getting developed. As long as there is a strong community interested in pushing it forward it remains and evolves, and thus when opportunity comes knocking again it is ready to try again."

The essay concludes desktop Linux has evolved and is ready to try again, since from a technical perspective it's better than ever. "The level of polish is higher than ever before, the level of hardware support is better than ever before and the range of software available is better than ever before...

"There is also the chance that it will come in a shape we don't appreciate today. For instance maybe ChromeOS evolves into a more full fledged operating system as it grows in popularity and thus ends up being the Linux on the Desktop end game? Or maybe Valve decides to relaunch their SteamOS effort and it provides the foundation for a major general desktop growth? Or maybe market opportunities arise that will cause us at Red Hat to decide to go after the desktop market in a wider sense than we do today? Or maybe Endless succeeds with their vision for a Linux desktop operating system...."
Open Source

Fleeing Google's Apps and iOS, Mandrake Linux Creator Launches 'eelo' Project (hackernoon.com) 122

Open-source veteran Gaël Duval created Mandrake Linux in 1998. But in a new essay, he writes that "I realized that I had become lazy. Not only wasn't I using Linux anymore as my main operating system, but I was using a proprietary OS on my smartphone. And I was using Google more and more."

Long-time Slashdot reader nuand999 writes: He's creating a non-profit project called eelo.io that's going to release a "privacy-friendly" smartphone OS and associated web-services... eelo is going to be forked fromLineageOS, and will ship with the existing open source bricks put together into a consistent and privacy-enhanced, yet desirable, smartphone OS + web-services. A crowdfunding campaign has just started on Kickstarter to fuel early developments.
"iOS is proprietary and I prefer Open Source Software," Gaël writes on Hacker Noon, while also adding that "like millions of others, I'VE BECOME A PRODUCT OF GOOGLE... I'm not happy because Google has become too big and is tracking us by catching a lot of information about what we do. They want to know us as much as possible to sell advertising..."

"People are free to do what they want. They can choose to be volunteery slaves. But I do not want this situation for me anymore. I want to reconquer my privacy. My data is MY data. And I want to use Open Source software as much as possible."
The Courts

Court Throws Out Grsecurity Libel Lawsuit Against Bruce Perens (reason.com) 48

Long-time Slashdot reader SlaveToTheGrind writes: As previously discussed on Slashdot, Grsecurity developer Open Source Security sued Bruce Perens for allegedly defamatory statements about Grsecurity's licensing policies. Thursday, Magistrate Judge Laurel Beeler of the District Court for the Northern District of California dismissed the lawsuit, holding that Perens's statements were not libelous:

"Mr. Perens counters, and the court agrees, that the blog posts are opinions about a disputed legal issue, are not false assertions of fact, and thus are not actionable libel. . . . Mr. Perens -- who is not a lawyer — voiced an opinion about whether the Grsecurity Access Agreement violated the General Public License. No court has addressed the legal issue. Thus, his "opinion" is not a "fact" that can be proven provably false and thus is not actionable as defamation."

While Open Source Security technically has the ability to amend its complaint to allege a new legal theory, Judge Beeler said any amendment likely would fall under California's anti-SLAPP statute: "Mr. Perens's statements were made in a public forum and concern issues of public interest, and the plaintiffs have not shown a probability of prevailing on their claims."

Music

PSA: Spotify Now Available As a Snap For Linux (betanews.com) 66

BrianFagioli shares a report from BetaNews: Speaking of Spotify, the most popular streaming music service in the world has long supported Linux-based operating systems. Installing the official app was not an easy affair, however. Today this changes, as installation gets much simpler. You see, Spotify is now officially available as a Snap for easy installation on any Snap-supporting operating systems such as Ubuntu and Linux Mint. Canonical, the creator of both Ubuntu and Snaps, explains, "Snaps are containerized software packages designed to work perfectly and securely in any Linux environment. As well as supporting all major Linux systems from a single build, snaps can be also updated or rolled back automatically to ensure that users are always benefiting from the latest version of the application. Since their launch last year, close to 2,500 snaps have been released by developers as they adopt the format for its reliability and security."

Jamie Bennett, VP of Engineering, Devices & IoT, Canonical says, "In launching their own snap, Spotify has ensured that their users in the Linux ecosystem are now able to enjoy the latest version of their leading music streaming application as soon as it's released regardless of which distribution they are using. We're glad to welcome Spotify to the snaps ecosystem and look forward to unveiling more leading snaps in 2018."

AI

AI-Assisted Fake Porn Is Here and We're All Screwed (vice.com) 291

New submitter samleecole shares a report from Motherboard: There's a video of Gal Gadot having sex with her stepbrother on the internet. But it's not really Gadot's body, and it's barely her own face. It's an approximation, face-swapped to look like she's performing in an existing incest-themed porn video. The video was created with a machine learning algorithm, using easily accessible materials and open-source code that anyone with a working knowledge of deep learning algorithms could put together. It's not going to fool anyone who looks closely. Sometimes the face doesn't track correctly and there's an uncanny valley effect at play, but at a glance it seems believable. It's especially striking considering that it's allegedly the work of one person -- a Redditor who goes by the name 'deepfakes' -- not a big special effects studio that can digitally recreate a young Princess Leia in Rouge One using CGI. Instead, deepfakes uses open-source machine learning tools like TensorFlow, which Google makes freely available to researchers, graduate students, and anyone with an interest in machine learning. Anyone could do it, and that should make everyone nervous.
Debian

Does Systemd Make Linux Complex, Error-Prone, and Unstable? (ungleich.ch) 751

"Systemd developers split the community over a tiny detail that decreases stability significantly and increases complexity for not much real value." So argues Nico Schottelius, talking about his experiences as the CEO of a Swiss company providing VM hosting, datacenters, and high-speed fiber internet. Long-time Slashdot reader walterbyrd quotes Nico's essay: While I am writing here in flowery words, the reason to use Devuan is hard calculated costs. We are a small team at ungleich and we simply don't have the time to fix problems caused by systemd on a daily basis. This is even without calculating the security risks that come with systemd. Our objective is to create a great, easy-to-use platform for VM hosting, not to walk a tightrope...

[W]hat the Devuan developers are doing is creating stability. Think about it not in a few repeating systemd bugs or about the insecurity caused by a huge, monolithic piece of software running with root privileges. Why do people favor Linux on servers over Windows? It is very easy: people don't use Windows, because it is too complex, too error prone and not suitable as a stable basis. Read it again. This is exactly what systemd introduces into Linux: error prone complexity and instability. With systemd the main advantage to using Linux is obsolete.

The essay argues that while Devuan foisted another choice into the community, "it is not their fault. Creating Devuan is simply a counteraction to ensure Linux stays stable. which is of high importance for a lot of people."
Debian

Updated Debian Linux 9.3 and 8.10 Released (debian.org) 49

An anonymous reader writes: The Debian project is pleased to announce the third update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. The Debian project also announces the tenth update of its oldstable distribution Debian 8 (codename jessie).

Please note that the point release does not constitute a new version of Debian 9 or 8 but only updates some of the packages included. There is no need to throw away old jessie or stretch DVD/CD media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. This stable update adds a few important corrections to packages. New installation images will be available soon at the mirrors. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. One can use the apt command or apt-get command to apply updates. A step-by-step update guide is posted here.

Operating Systems

ReactOS 0.4.7 Released (reactos.org) 94

jeditobe writes: OSNews reports that the latest version of ReactOS has been released: "ReactOS 0.4.7 has been released, and it contains a ton of fixes, improvements, and new features. Judging by the screenshots, ReactOS 0.4.7 can run Opera, Firefox, and Mozilla all at once, which is good news for those among us who want to use ReactOS on a more daily basis. There's also a new application manager which, as the name implies, makes it easier to install and uninstall applications, similar to how package managers on Linux work. On a lower level, ReactOS can now deal with Ext2, Ext3, Ext4, BtrFS, ReiserFS, FFS, and NFS partitions." General notes, tests, and changelog for the release can be found at their respective links. A less technical community changelog for ReactOS 0.4.7 is also available. ISO images are ready at the ReactOS Download page.
Programming

'24 Pull Requests' Suggests Contributing Code For Christmas (24pullrequests.com) 30

An anonymous reader writes: "On December 1st, 24 Pull Requests will be opening its virtual doors once again, asking you to give the gift of a pull request to an open source project in need," writes UK-based software developer Andrew Nesbitt -- noting that last year the site registered more than 16,000 pull requests. "And they're not all by programmers. Often the contribution with the most impact might be an improvement to technical documentation, some tests, or even better -- guidance for other contributors."

This year they're even touting "24 Pull Requests hack events," happening around the world from Lexington, Kentucky to Torino, Italy. (Last year 80 people showed up for an event in London.) "You don't have to hack alone this Christmas!" suggests the site, also inviting local communities and geek meetups (as well as open source-loving companies) to host their own events.

Contributing to open source projects can also beef up your CV (for when you're applying for your next job), the site points out, and "Even small contributions can be really valuable to a project."

"You've been benefiting from the use of open source projects all year. Now is the time to say thanks to the maintainers of those projects, and a little birdy tells me that they love receiving pull requests!"
Cloud

Is Open Source Innovation Now All About Vendor On-Ramps? (infoworld.com) 58

InfoWorld published an interesting essay from Matt Asay, former COO at Canonical (and an emeritus board member of the Open Source Initiative), about innovation from the big public cloud vendors, which "even when open-sourced, doesn't really help the community at large... All this innovation is available to buy; none of it is available to build. Not for mere mortals, anyway." Google in particular has figured out how to both open-source code in a useful way and make it pay. As Server Density CEO David Mytton has underlined, Google hopes to "standardize machine learning on a single framework and API," namely TensorFlow, then supplement it "with a service that can [manage] it all for you more efficiently and with less operational overhead," namely Google Cloud. By open-sourcing TensorFlow and backing it with machine-learning-heavy Google Cloud, Google has open-sourced a great on-ramp to future revenue.

My question: why not do this with the rest of its code? The simple answer is "Because it's a lot of work." That is, Google could open-source everything tomorrow without any damage to its revenue, but the code itself would provide other providers and enterprises only limited ability to increase their revenue unless Google did all the necessary prep work to make it useful to mere mortals not running superhuman Google infrastructure. This is the trick that AWS, Microsoft, and Google are all racing to figure out today. Not open source, per se, because that's the easy table stakes. No, the AWS/Microsoft Azure/Google Cloud trio are figuring out how to turn their innovations into open source on-ramps to their proprietary services. Companies used to lock up their code to sell it. Today, it's the opposite: They need to open it up to make their ability to operate the code at scale more valuable. For them.

Red Hat Software

Understanding the New Red Hat-IBM-Google-Facebook GPL Enforcement Announcement (perens.com) 96

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Bruce Perens writes: Red Hat, IBM, Google, and Facebook announced that they would give infringers of their GPL software up to a 30-day hold-off period during which an accused infringer could cure a GPL violation after one was brought to their attention by the copyright holder, and a 60 day "statute of limitations" on an already-cured infringement when the copyright holder has never notified the infringer of the violation. In both cases, there would be no penalty: no damages, no fees, probably no lawsuit; for the infringer who promptly cures their infringement.
Perens sees the move as "obviously inspired" by the kernel team's earlier announcement, and believes it's directed against one man who made 50 copyright infringement claims involving the Linux kernel "with intent to collect income rather than simply obtain compliance with the GPL license."

Unfortunately, "as far as I can tell, it's Patrick McHardy's legal right to bring such claims regarding the copyrights which he owns, even if it doesn't fit Community Principles which nobody is actually compelled to follow."
Mozilla

Mozilla Releases Open Source Speech Recognition Model, Massive Voice Dataset (mozilla.org) 58

Mozilla's VP of Technology Strategy, Sean White, writes: I'm excited to announce the initial release of Mozilla's open source speech recognition model that has an accuracy approaching what humans can perceive when listening to the same recordings... There are only a few commercial quality speech recognition services available, dominated by a small number of large companies. This reduces user choice and available features for startups, researchers or even larger companies that want to speech-enable their products and services. This is why we started DeepSpeech as an open source project.

Together with a community of likeminded developers, companies and researchers, we have applied sophisticated machine learning techniques and a variety of innovations to build a speech-to-text engine that has a word error rate of just 6.5% on LibriSpeech's test-clean dataset. vIn our initial release today, we have included pre-built packages for Python, NodeJS and a command-line binary that developers can use right away to experiment with speech recognition.

The announcement also touts the release of nearly 400,000 recordings -- downloadable by anyone -- as the first offering from Project Common Voice, "the world's second largest publicly available voice dataset." It launched in July "to make it easy for people to donate their voices to a publicly available database, and in doing so build a voice dataset that everyone can use to train new voice-enabled applications." And while they've started with English-language recordings, "we are working hard to ensure that Common Voice will support voice donations in multiple languages beginning in the first half of 2018."

"We at Mozilla believe technology should be open and accessible to all, and that includes voice... As the web expands beyond the 2D page, into the myriad ways where we connect to the Internet through new means like VR, AR, Speech, and languages, we'll continue our mission to ensure the Internet is a global public resource, open and accessible to all."

Slashdot Top Deals