Open Source

Crowdfunded Linux Voice Magazine Releases Second Issue CC-BY-SA 19

Posted by Soulskill
from the coming-through-on-a-promise dept.
M-Saunders writes: As covered previously on Slashdot, Linux Voice crowdfunded its way to success in late 2013, showing how a small team can make things happen with a different business model (giving profits and content back to the community). Now, a few months after the magazine made issue 1 freely available, they've released issue 2 under the Creative Commons for everyone to share and modify. If you've ever fancied making your own Raspberry Pi-powered arcade machine, there's a full guide in the second issue.
Linux

Sloppy File Permissions Make Red Star OS Vulnerable 105

Posted by Soulskill
from the helps-to-feed-your-developers dept.
An anonymous reader writes: Red Star OS Desktop 3.0, the official Linux distro of North Korea, which recently found its way onto torrents and various download sites in form of an ISO image, is interesting for a number of reasons, including its attempt to look like commercial operating systems (currently OS X, earlier versions mimicked the Windows GUI). Hackers are also poking Red Star for security vulnerabilities. An pseudonymous researcher noted in a post to the Open Source Software Security (oss-sec) mailing list, that the OS has one significant security hole: Red Star 3.0 ships with a world-writeable udev rule file /etc/udev/rules.d/85-hplj10xx.rules (originally designed for HP LaserJet 1000 series printers) which can be modified to include RUN+= arguments executing arbitrary commands as root by Udev. In the post he also mentions how the older Red Star 2.0 shipped with another schoolboy mistake: /etc/rc.d/rc.sysinit was world-writeable.
Open Source

Big Names Dominate Open Source Funding 32

Posted by Soulskill
from the all-about-the-open-source-benjamins dept.
jones_supa writes: Network World's analysis of publicly listed sponsors of 36 prominent open-source non-profits and foundations reveals that the lion's share of financial support for open-source groups comes from a familiar set of names. Google was the biggest supporter, appearing on the sponsor lists of eight of the 36 groups analyzed. Four companies – Canonical, SUSE, HP and VMware – supported five groups each, and seven others (Nokia, Oracle, Cisco, IBM, Dell, Intel and NEC) supported four. For its part, Red Hat supports three groups (Linux Foundation, Creative Commons and the Open Virtualization Alliance).

It's tough to get more than a general sense of how much money gets contributed to which foundations by which companies – however, the numbers aren't large by the standards of the big contributors. The average annual revenue for the open-source organizations considered in the analysis was $4.36 million, and that number was skewed by the $27 million taken in by the Wikimedia Foundation (whose interests range far beyond OSS development) and the $17 million posted by Linux Foundation.
Software

Linux Controls a Gasoline Engine With Machine Learning 89

Posted by Soulskill
from the penguin-engine dept.
An anonymous reader writes: Here's a short (2 min) video of PREEMPT_RT Linux controlling a gasoline engine from one burn to the next using a Raspberry Pi. It's using an adaptive machine learning algorithm that can predict near chaotic combustion in real-time. A paper about the algorithm is available at the arXiv.
Bug

Closure On the Linux Lockup Bug 115

Posted by Soulskill
from the it-was-dead-the-whole-time dept.
jones_supa writes: Dave Jones from Red Hat has written a wrap-up of the strange bug that has made some machines running Linux to freeze. (Previous discussion.) Right down to his final week at Red Hat before Dave gave all his hardware back, Linus Torvalds managed to reproduce similar symptoms, by scribbling directly to the HPET timer. He came up with a hack that at least made the kernel survive for him. When Dave tried the same patch, the machine ran for three days before he interrupted it, which was a promising result. The question remains, what was scribbling over the HPET in his case? The only two plausible scenarios Dave could think of were that Trinity generated 0xFED000F0 as a random address and passed that to a syscall which wrote to it, or a hardware bug. That's where the story ends for now. Linus' hacky workaround didn't get committed, but him and John Stultz continue to back and forth on hardening the clock management code in the face of screwed up hardware, so maybe soon we'll see something real get committed on that area.
Programming

Learn Gate-Array Programming In Python and Software-Defined Radio 51

Posted by samzenpus
from the watch-and-learn dept.
Bruce Perens writes Chris Testa KB2BMH taught a class on gate-array programming the SmartFusion chip, a Linux system and programmable gate-array on a single chip, using MyHDL, the Python Hardware Design Language to implement a software-defined radio transceiver. Watch all 4 sessions: 1, 2, 3, 4. And get the slides and code. Chris's Whitebox hardware design implementing an FCC-legal 50-1000 MHz software-defined transceiver in Open Hardware and Open Source, will be available in a few months. Here's an Overview of Whitebox and HT of the Future. Slashdot readers funded this video and videos of the entire TAPR conference. Thanks!"
Encryption

Tips For Securing Your Secure Shell 148

Posted by Soulskill
from the locking-your-locks dept.
jones_supa writes: As you may have heard, the NSA has had some success in cracking Secure Shell (SSH) connections. To respond to these risks, a guide written by Stribika tries to help you make your shell as robust as possible. The two main concepts are to make the crypto harder and make stealing keys impossible. So prepare a cup of coffee and read the tutorial carefully to see what could be improved in your configuration. Stribika gives also some extra security tips: don't install what you don't need (as any code line can introduce a bug), use the kind of open source code that has actually been reviewed, keep your software up to date, and use exploit mitigation technologies.
Open Source

Fluxbox 1.3.6 Released 63

Posted by Soulskill
from the onward-and-upward dept.
jones_supa writes: After nearly two years since the previous release, the Fluxbox team has released version 1.3.6 to start off the new year. Like most Linux geeks already know, Fluxbox is the long-standing X window manager derived from Blackbox. The new version (announcement) puts emphasis on quality assurance and takes care of fixing a bunch of critical bugs: clocktool problems, rendering long text, race condition on shutdown, lost keypresses after workspace switch, corruption of fbrun-history, and resize and move problems. The two new features are an ArrangeWindowsStack action and treating Windows with a WM_CLASS as DockApp as DockApps. Translations for Bulgarian, Hebrew and Japanese also got updates. The Fluxbox project sends many thanks to all the contributors.
Input Devices

Ask Slashdot: Linux Distro For Hybrid Laptop? 210

Posted by Soulskill
from the half-man-half-penguin dept.
Steve Parrish writes: I needed a new laptop and found a great deal on an Asus Transformer TP500L. It's one of the laptops where you can flip the screen back and use it as a tablet. I'd like to replace Windows 8.1, and I'm having a difficult time finding a Linux distro that will work on it. I'm familiar with Mint, SolydX, and older Ubuntu versions. I tried the latest Ubuntu with Unity and didn't like it, but the OS installed with only a few minor issues. Has anyone tried any other distros on a hybrid laptop with a touchscreen? I've used Linux for several years, but I'm no guru -- I'm not comfortable with the command line or other advanced workings. Any suggestions would be appreciated.
AMD

AMD Catalyst Linux Driver Catching Up To and Beating Windows 136

Posted by Soulskill
from the tortoise-finally-starting-to-overtake-the-hare dept.
An anonymous reader writes: Along with the open-source AMD Linux driver having a great 2014, the AMD Catalyst proprietary driver for Linux has also improved a lot. Beyond the open-source Radeon Gallium3D driver closing in on Catalyst, the latest Phoronix end-of-year tests show the AMD Catalyst Linux driver is beating Catalyst on Windows for some OpenGL benchmarks. The proprietary driver tests were done with the new Catalyst "OMEGA" driver. Is AMD beginning to lead real Linux driver innovations or is OpenGL on Windows just struggling?
Programming

Red Hat Engineer Improves Math Performance of Glibc 226

Posted by Soulskill
from the performance-enhancing-devs dept.
jones_supa writes: Siddhesh Poyarekar from Red Hat has taken a professional look into mathematical functions found in Glibc (the GNU C library). He has been able to provide an 8-times performance improvement to slowest path of pow() function. Other transcendentals got similar improvements since the fixes were mostly in the generic multiple precision code. These improvements already went into glibc-2.18 upstream. Siddhesh believes that a lot of the low hanging fruit has now been picked, but that this is definitely not the end of the road for improvements in the multiple precision performance. There are other more complicated improvements, like the limitation of worst case precision for exp() and log() functions, based on the results of the paper Worst Cases for Correct Rounding of the Elementary Functions in Double Precision (PDF). One needs to prove that those results apply to the Glibc multiple precision bits.
Bug

2014: The Year We Learned How Vulnerable Third-Party Code Libraries Are 255

Posted by timothy
from the creative-misinterpretation dept.
jfruh writes Heartbleed, Shellshock, Poodle — all high-profile vulnerabilities in widely used libraries that rocked the software industry in 2014. Sadly, experts are now beginning to believe that these aren't the only bugs lurking out there in widely used open source code, just the ones that grabbed the most attention. It's beginning to look like one of the foundation concepts of open source — that with enough eyes, all bugs are shallow — is a myth. Of course, probably no one believes that all bugs are instantly shallow, no matter how open is the source, or that open source software is immune from bugs -- particularly ESR, coiner of the phrase.
Programming

Ringing In 2015 With 40 Linux-Friendly Hacker SBCs 81

Posted by samzenpus
from the pick-your-favorite dept.
DeviceGuru writes As seen in this year-end summary of 40 hacker-friendly SBCs, 2014 brought us plenty of new Linux and Android friendly single-board computers to tinker with — ranging from $35 bargains, to octa-core powerhouses. Many of the new arrivals feature 1-2GHz multicore SoCs, 1-2GB RAM, generous built-in flash, gigabit Ethernet, WiFi, on-board FPGAs, and other extras. However, most of the growth has been in the sub-$50 segment, where the Raspberry Pi and BeagleBone reign supreme, but are now being challenged by a growing number of feature-enhanced clones, such as the Banana Pi and Orange Pi. Best of all, there's every reason to expect 2015 to accelerate these trends.
Open Source

Linux 3.19 Kernel To Start 2015 With Many New Features 66

Posted by timothy
from the presents-from-linus-and-friends dept.
An anonymous reader writes Linux 3.18 was recently released, thus making Linux 3.19 the version under development as the year comes to a close. Linux 3.19 as the first big kernel update of 2015 is bringing in the new year with many new features: among them are AMDKFD HSA kernel driver, Intel "Skylake" graphics support, Radeon and NVIDIA driver improvements, RAID5/6 improvements for Btrfs, LZ4 compression for SquashFS, better multi-touch support, new input drivers, x86 laptop improvements, etc.
Open Source

Docker Image Insecurity 73

Posted by Soulskill
from the totally-secure-for-undefined-values-of-secure dept.
An anonymous reader writes Developer Jonathan Rudenberg has discovered and pointed out a glaring security hole in Docker's system. He says, "Recently while downloading an 'official' container image with Docker I saw this line: ubuntu:14.04: The image you are pulling has been verified

I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.

Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities."
Docker's lead security engineer has responded here.
Hardware

Quadcopter Drone Packs First All-Linux Autopilot 31

Posted by Soulskill
from the flying-penguins dept.
DeviceGuru writes: Erle Robotics has launched what is claimed to be the first drone to run both a Pixhawk APM autopilot and ROS directly on Linux. Over the last year Erle Robotics and 3DRobotics have collaborated on developing an open source, all-Linux BeagleBone Black-based autopilot for drones using the popular 3DR APM architecture, but without using Nuttx RTOS for the real-time bits. In addition to being used on a new 'Erle-copter' quadcopter drone, the new all-Linux 'Erle-brain' APM will ship in both a two-winged UAV and a four-wheeled robotic vehicle, due next spring.
Debian

Devuan Progress Report Published 184

Posted by Soulskill
from the still-kicking-and-still-forking dept.
zdzichu writes: The group of anonymous Italians behind the recent Debian fork have published their first progress report. It covers a wide range of topics: the 4.5k€ of donations received so far, moving distro infrastructure from GitHub to GitLab, progress on LoginKit (which replaces systemd's logind), fraud accusations, logo discussions, and few more important points.
Networking

NetworkManager 1.0 Released After Ten Years Development 164

Posted by Soulskill
from the good-things-come-for-those-who-wait dept.
An anonymous reader writes: After ten years of development focused on improving and simplifying Linux networking, NetworkManager 1.0 was released. NetworkManager 1.0 brings many features including an increasingly modernized client library, improved command-line support, a lightweight internal DHCP client, better Bluetooth support, VPN enhancements, WWAN IPv6 support, and other features.
Linux

LinuxFest Northwest 2015 Will be Held April 25 and 26 (Video) 21

Posted by Roblimo
from the the-coolest-conference-in-our-country's-upper-left-hand-corner dept.
Their website says, 'Come for the code, stay for the people! We have awesome attendees and electrifying parties. Check out the robotics club, the automated home brewing system running on Linux, or the game room for extra conference fun.' This is an all-volunteer conference, and for a change the volunteers who run it are getting things together far in advance instead of having sessions that don't get scheduled until a few days before the conference, which has happened more than once with LFNW.

So if you have an idea for a session, this is the time to start thinking about it. Sponsors are also welcome -- and since LFNW sponsorships regularly sell out, it's not to soon to start thinking about becoming a sponsor -- and if you are part of a non-profit group or FOSS project, LFNW offers free exhibit space because this is a conference that exists for the community, not to make money for a corporate owner. But don't delay. As you can imagine, those free exhibit spots tend to fill up early. (Alternate Video Link)
Security

Grinch Vulnerability Could Put a Hole In Your Linux Stocking 118

Posted by timothy
from the pretty-generic-description-there dept.
itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.