An anonymous reader quotes DistroWatch: Natanael Copa has announced the release of Alpine Linux 3.6.0. Alpine Linux is an independent, minimal operating system that is well suited to running servers, routers and firewalls. Version 3.6.0 introduces support for 64-bit POWER machines, 64-bit IBM z Systems computers and features many up to date packages, including PHP 7.1, LLVM 4.0 and version 6.3 of the GNU Compiler.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."

Long-time Slashdot reader williamyf was the first to share news of "a wormable bug [that] has remained undetected for seven years in Samba verions 3.5.0 onwards." Ars Technica reports: Researchers with security firm Rapid7...said they detected 110,000 devices exposed on the internet that appeared to run vulnerable versions of Samba. 92,500 of them appeared to run unsupported versions of Samba for which no patch was available... Those who are unable to patch immediately can work around the vulnerability by adding the line nt pipe support = no to their Samba configuration file and restart the network's SMB daemon. The change will prevent clients from fully accessing some network computers and may disable some expected functions for connected Windows machines.
The U.S. Department of Homeland Security's CERT group issued an anouncement urging sys-admins to update their systems, though SC Magazine cites a security researcher arguing this attack surface is much smaller than that of the Wannacry ransomware, partly because Samba is just "not as common as Windows architectures." But the original submission also points out that while the patch came in fast, "the 'Many eyes' took seven years to 'make the bug shallow'."

An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.

prisoninmate quotes Softpedia: As it's not an LTS (Long Term Support) branch, the Linux 4.10 kernel series was doomed to reach end of life sooner or later, and it happened this weekend with the release of the Linux kernel 4.10.17 patch, which is a major one changing a total of 103 files, with 981 insertions and 538 deletions. Therefore, users are now urged to move to the Linux 4.11 kernel series. If you're using a GNU/Linux distribution powered by a kernel from the Linux 4.10 series you need to update to version 4.10.17 as soon as it makes its way into the stable repositories. However, please inform your OS vendor that they need to upgrade the kernel packages to the Linux 4.11 series immediately.

He's been the White House technology advisor since 2015, and this month Alvand Salehi delivered a keynote address at OSCON about the U.S. government's commitment to open source software. An anonymous reader quotes OpenSource.com: The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government... All new custom source code developed by or for the federal government must be available to all other federal agencies for sharing and reuse; and at least 20% of new government custom-developed code must be released to the public as open source. It also established Code.gov as a platform for access to government-developed open source code and a way for other developers to participate.

Before this policy was released, agencies were spending a lot of money to redevelop software already in use by other government agencies. This initiative is expected to save the government millions of dollars in wasteful and duplicative spending on software development. Because of this, Salehi said, open source is not a partisan issue, and "Code.gov is here to stay." Another benefit: Releasing open source code allows the government to benefit from the brainpower of developers across the country to improve their code.
Code.gov points potential contributors to their code repository on GitHub.

An anonymous reader writes: Steam and Slack are now both included as Flatpak applications on the Endless OS, a free Linux distribution built upon the decades of evolution of the Linux operating system and the contributions of thousands of volunteers on the GNOME project. The beauty of Flatpak is the ability to bridge app creators and Linux distributions using a universal framework, making it possible to bring this kind of software to operating systems that encourage open collaboration...

As an open-source deployment mechanism, Flatpak was developed by an independent cohort made up of volunteers and contributors from supporting organizations in the open-source community. Alexander Larsson, lead developer of Flatpak and principal engineer at Red Hat, provided comment saying, "We're particularly excited about the opportunity Endless affords to advance the benefits of open-source environments to entirely new audiences."

Long-time Slashdot reader paulproteus writes: OpenHatch was a non-profit that organized free tutorials with college computer science groups to learn how to teach how to get involved in open source, covered previously on Slashdot. It has run more than 50 events so far. On Friday, it announced it is closing its doors due to board members moving on to other projects, leaving open the door for other people to organize future Open Source Comes to Campus events.
If you have any stories to share about Open Hatch -- or other campus outreach groups -- feel free to leave them in the comments. Are any Slashdot readers involved with Open Source outreach efforts?

An anonymous reader quotes InfoWorld: CockroachDB, an open source, fault-tolerant SQL database with horizontal scaling and strong consistency across nodes -- and a name few people will likely forget -- is now officially available. Cockroach Labs, the company behind its development, touts CockroachDB as a "cloud native" database solution -- a system engineered to run as a distributed resource. Version 1.0 is available in both basic and for-pay editions, and both boast features that will appeal to enterprises.

The company is rolling the dice with its handling of the enterprise edition by also making those components open source and trusting that enterprises will pay for what they use in production.

Orome1 writes: In the last five months, Google's OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects... So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg -- and the list goes on...
Google launched the program in December and wants more open source projects to participate, so they're offering cash rewards for including "fuzz" targets for testing in their software. "Eligible projects will receive $1,000 for initial integration, and up to $20,000 for ideal integration" -- or twice that amount, if the proceeds are donated to a charity.

Slashdot reader destinyland writes: The District Court for the Northern District of California recently issued an opinion that is being hailed as a victory for open source software. In this case, the court denied a motion to dismiss a lawsuit alleging violation of an open source software license, paving the way for further action enforcing the conditions of the GNU General Public License... As part of its motion to dismiss, Hancom argued that using open source code offered under open source licensing terms does not form a contract... The District Court ruled that Artifex's breach of contract claim could proceed, finding that the GPL, by its express terms, requires that third parties agree to the GPL's obligations if they distribute the open-source-licensed software [and] concluded that royalty-free licensing under open source conditions does not preclude a claim for damages...

In denying a motion to dismiss, the District Court only holds that the claims may proceed on the theories enunciated by Artifex, not necessarily that they will ultimately succeed. Still, the case represents a significant step forward for open source plaintiffs... In the past decade, while enforcement of open source licensing violations has become more common, few enforcement cases result in published law. The open source community will be watching this case carefully, and this initial decision vindicates the rights of the open source authors to enforce GPL terms on both breach of contract and copyright theories.

prisoninmate quotes Softpedia: The Debian Project announced today Debian GNU/Linux 8.8, the most advanced stable version of the Jessie series, which brings corrections for numerous packages and various security flaws discovered and patched since the release of the Debian GNU/Linux 8.7 maintenance update back in mid-January 2017... "This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available," reads today's announcement.

"Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old 'jessie' CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated."
Debian 8.8 contains more than 150 bug fixes and security updates.

angry tapir shared this news from Computerworld: An open-source chip project is out to break the dominance of proprietary chips offered by Intel, AMD, and ARM... A startup called SiFive is the first to make a business out of the [open source] RISC-V architecture. The company is also the first to convert the RISC-V instruction set architecture into actual silicon. The company on Thursday announced it has created two new chip designs that can be licensed... but the company will not charge royalties. That makes it attractive alternative compared to chip designs from ARM and Imagination Technologies, which charge licensing fees and royalties.
One of RISC-V's inventors co-founded the company, and he says that support is growing -- pointing out that there's already a fork of Linux for RISC-V.

An anonymous reader quotes Fedora Magazine: Both MP3 encoding and decoding will soon be officially supported in Fedora. Last November the patents covering MP3 decoding expired and Fedora Workstation enabled MP3 decoding via the mpg123 library and GStreamer... The MP3 codec and Open Source have had a troubled relationship over the past decade, especially within the United States. Historically, due to licensing issues Fedora has been unable to include MP3 decoding or encoding within the base distribution... A couple of weeks ago IIS Fraunhofer and Technicolor terminated their licensing program and just a few days ago Red Hat Legal provided the permission to ship MP3 encoding in Fedora.

An anonymous reader quotes The Register: Devuan Linux has released its second release candidate... A 1.0.0 release candidate emerged just under a fortnight ago and today the developers announced Devuan Jessie 1.0.0 RC2. New in this cut of the code is a systemd-free version of network-manager, new versions of reportbug, desktop-base and xfce4-panel. GNOME, KDE, and Cinnamon have been removed from tasksel, but can still be installed although they "are known to suffer from some glitches due to the lack of systemd."
The Devuan web site says this series of release candidates "marks an important milestone towards the sustainability and the continuation of Devuan as a universal base distribution." And their announcement describes Devuan as "the Debian that was and could have been. Our goal is to provide a viable and sustainable alternative...a new path, nurtured with your help and support."

BrianFagioli writes: Google has decided to take artificial intelligence to the maker community with a new initiative called AIY. This initiative will introduce open source AI projects to the public that makers can leverage in a simple way. Today, Google announces the first-ever AIY project. Called "Voice Kit," it is designed to work with a Raspberry Pi 3 Model B to create a voice-based virtual assistant. Billy Rutledge, Director of AIY Projects for Google, explains, "The first open source reference project is the Voice Kit: instructions to build a Voice User Interface (VUI) that can use cloud services (like the new Google Assistant SDK or Cloud Speech API) or run completely on-device. This project extends the functionality of the most popular single board computer used for digital making -- the Raspberry Pi. The included Voice Hardware Accessory on Top (HAT) contains hardware for audio capture and playback: easy-to-use connectors for the dual mic daughter board and speaker, GPIO pins to connect low-voltage components like micro-servos and sensors, and an optional barrel connector for dedicated power supply. It was designed and tested with the Raspberry Pi 3 Model B."

prisoninmate quotes Softpedia: Linux kernel 4.11 has been in development for the past two months, since very early March, when the first Release Candidate arrived for public testing. Eight RCs later, we're now able to download and compile the final release of Linux 4.11 on our favorite GNU/Linux distributions and enjoy its new features. Prominent ones include scalable swapping for SSDs, a brand new perf ftrace tool, support for OPAL drives, support for the SMC-R (Shared Memory Communications-RDMA) protocol, journalling support for MD RAID5, all new statx() system call to replace stat(2), and persistent scrollback buffers for VGA consoles... The Linux 4.11 kernel also introduces initial support for Intel Gemini Lake chips, which is an Atom-based, low-cost computer processor family developed using Intel's 14-nanometer technology, and better power management for AMD Radeon GPUs when the AMDGPU open-source graphics driver is used.

Many Slashdot readers know Bryan Lunduke as the creator of the humorous "Linux Sucks" presentations at the annual Southern California Linux Exposition. He's now also a member of the OpenSUSE project board and an all-around open source guy. (In September, he released every one of his books, videos and comics under a Creative Commons license, while his Patreon page offers a tip jar and premiums for monthly patrons). But now he's also got a new "daily computing/nerd show" on YouTube, and last week -- using nothing but free software -- he interviewed the 64-year-old founder of the Free Software Foundation, Richard Stallman. "We talk about everything from the W3C's stance on DRM to opinions on the movie Galaxy Quest," Lunduke explains in the show's notes.

Click through to read some of the highlights.

Slashdot user #1083, downwa, writes: Canonical engineer Simon Fels has publicly released an Alpha version of Anbox. Similar to the method employed for Android apps on ChromeOS, Anbox runs an entire Android system (7.1.1 at present) in an LXC container. Developed over the last year and a half, the software promises to seamlessly bring performant Android apps to the Linux desktop.

After installing Anbox (based on Android 7.1.1) and starting Anbox Application Manager, ten apps are available: Calculator, Calendar, Clock, Contacts, Email, Files, Gallery, Music, Settings, and WebView. Apps run in separate resizeable windows. Additional apps (ARM-native binaries are excluded) can be installed via adb. Installation currently is only supported on a few Linux distributions able to install snaps. Contributions are welcome on Github.
In a blog post Simon describes it as "a side project" that he's worked on for over a year and a half. "There were quite a few problems to solve on the way to a really working implementation but it is now in a state that it makes sense to share it with a wider audience."

Long-time reader jaromil writes: Devuan 1.0.0-RC is announced, following its beta 2 release last year. The Debian fork that spawned over systemd controversy is reaching stability and plans long-term support. Devuan deploys an innovative continuous integration setup: with fallback on Debian packages, it overlays its own modifications and then uses the merged source repository to ship images for 11 ARM targets, a desktop and minimal live, vagrant and qemu virtual machines and the classic installer isos. The release announcement contains several links to projects that have already adopted this distribution as a base OS.
"Dear Init Freedom Lovers," begins the announcement, "Once again the Veteran Unix Admins salute you!" It points out that Devuan "can be adopted as a flawless upgrade path from both Debian Wheezy and Jessie. This is a main goal for the Devuan Jessie stable release and has proven to be a very stable operation every time it has been performed. "

In an effort to curb the rising cost of textbooks, which went up by 88% between 2006 and 2016, according to the U.S. Bureau of Labor Statistics, Maryland and New York have announced initiatives that adopt open-source, copyright-free textbooks. The initiatives will reward colleges who adapt or scale the use of OER (open educational resources) -- "materials like electronic textbooks that typically use licenses that are far less restrictive than traditional, copyrighted textbooks," reports Quartz. From the report: The University System of Maryland recently announced that it would be giving out 21 "mini-grants" to seven community colleges and five public four-year schools. The grants will go to "faculty who are adopting, adapting or scaling the use of OER [open educational resources] in Fall 2017 through high-enrollment courses where quality OER exists," according to the announcement. Although the mini-grants are only $500 to $2,500 each, the effort in Maryland is expected to save 8,000 students up to $1.3 million in the Fall 2017 semester alone. That's a significant amount, but just a drop in the bucket of what students in the state spend on textbooks each year. Another big investment in open educational resources came in the budget passed in New York state last week. The news was somewhat buried by the fact that the budget includes free tuition for New York students whose families make up to $125,000 a year, but the state will also be putting $8 million into open source materials over the next fiscal year.