The Courts

Friendlier GPL-Enforcement Permission Proposed By Linux Kernel Developers (kroah.com) 94

The former Executive Director of the Free Software Foundation -- and Slashdot user #41121 -- contacted Slashdot with this announcement. bkuhn -- now president of the Software Freedom Conservancy -- writes: Software Freedom Conservancy, home of the GPL Compliance Project for Linux Developers, publicly applauded today the proposal of the Linux Kernel Enforcement Statement, which adds a per-copyright-holder-opt-in additional permission to the termination provisions of Linux's GPLv2-only license.
It apparently addresses a developer who "made claims based on ambiguities in the GPL-2.0 that no one in our community has ever considered part of compliance," according to a statement from some of the kernel developers who drafted the statement. While the kernel community has always supported enforcement efforts to bring companies into compliance, we have never even considered enforcement for the purpose of extracting monetary gain... [W]e are aware of activity that has resulted in payments of at least a few million Euros. We are also aware that these actions, which have continued for at least four years, have threatened the confidence in our ecosystem. Because of this, and to help clarify what the majority of Linux kernel community members feel is the correct way to enforce our license, the Technical Advisory Board of the Linux Foundation has worked together with lawyers in our community, individual developers, and many companies that participate in the development of, and rely on Linux, to draft a Kernel Enforcement Statement to help address both this specific issue we are facing today, and to help prevent any future issues like this from happening again. It adopts the same termination provisions we are all familiar with from GPL-3.0 as an Additional Permission giving companies confidence that they will have time to come into compliance if a failure is identified.
Security

Targeted Fuzzing Is Improving Linux Security, Linus Torvalds Says (iu.edu) 62

On the sidelines of announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds said fuzzing, which involves stress testing a system by generating random code to induce errors, is helping the community find and fix a range of security vulnerabilities. He wrote: The other thing perhaps worth mentioning is how much random fuzzing people are doing, and it's finding things. We've always done fuzzing (who remembers the old "crashme" program that just generated random code and jumped to it? We used to do that quite actively very early on), but people have been doing some nice targeted fuzzing of driver subsystems etc, and there's been various fixes (not just this last week either) coming out of those efforts. Very nice to see.
Android

Samsung To Let Proper Linux Distros Run on Galaxy Smartphones (theregister.co.uk) 226

An anonymous reader shares a report: Samsung has announced it will soon become possible to run actual proper Linux on its Note8, Galaxy S8 and S8+ smartphones -- and even Linux desktops. Yeah, yeah, we know Android is built on Linux, but you know what we mean. Samsung said it's working on an app called "Linux on Galaxy" that will let users "run their preferred Linux distribution on their smartphones utilizing the same Linux kernel that powers the Android OS." "Whenever they need to use a function that is not available on the smartphone OS, users can simply switch to the app and run any program they need to in a Linux OS environment," Samsung says. The app also allows multiple OSes to run on a device. Linux desktops will become available if users plug their phones into the DeX Station, the device that lets a Galaxy 8 run a Samsung-created desktop-like environment when connected to the DeX and an external monitor.
Ubuntu

Ubuntu 17.10 Artful Aardvark Released 134

Canonical has made available the download links for Ubuntu 17.10 "Artful Aardvark". It comes with a range of new features, changes, and improvements including GNOME as the default desktop, Wayland display server by default, Optional X.org server session, Mesa 17.2 or Mesa 17.3, Linux kernel 4.13 or kernel 4.14, new Subiquity server installer, improved hardware support, new Ubuntu Server installer, switch to libinput, an always visible dock using Dash to Dock GNOME Shell extension, and Bluetooth improvements with a new BlueZ among others.
Windows

Munich Plans New Vote on Dumping Linux For Windows 10 (techrepublic.com) 412

An anonymous reader quotes TechRepublic: The city of Munich has suggested it will cost too much to carry on using Linux alongside Windows, despite having spent millions of euros switching PCs to open-source software... "Today, with a Linux client-centric environment, we are often confronted with major difficulties and additional costs when it comes to acquiring and operating professional application software," the city council told the German Federation of Taxpayers. Running Linux will ultimately prove unsustainable, suggests the council, due to the need to also keep a minority of Windows machines to run line-of-business software incompatible with Linux. "In the long term, this situation means that the operation of the non-uniform client landscape can no longer be made cost-efficient"... Since completing the multi-year move to LiMux, a custom-version of the Linux-based OS Ubuntu, the city always kept a smaller number of Windows machines to run incompatible software. As of last year it had about 4,163 Windows-based PCs, compared to about 20,000 Linux-based PCs.

The assessment is at odds with a wide-ranging review of the city's IT systems by Accenture last year, which found that most of the problems stem not from the use of open-source software, but from inefficiencies in how Munich co-ordinates the efforts of IT teams scattered throughout different departments. Dr. Florian Roth, leader of the Green Party at Munich City Council, said the review had also not recommended a wholesale shift to Windows. "The Accenture report suggested to run both systems because the complete 'rollback' to Windows and MS Office would mean a waste of experience, technology, work and money," he said... The city's administration is investigating how long it would take and how much it would cost to build a Windows 10 client for use by the city's employees. Once this work is complete, the council will vote again in November on whether this Windows client should replace LiMux across the authority from 2021.

A taxpayer's federation post urged "Penguin, adieu!" -- while also admitting that returning to Windows "will devour further tax money in the millions," according to TechRepublic.

"The federation's post also makes no mention of the licensing and other savings achieved by switching to LiMux, estimated to stand at about €10m."
Music

SUSE Shares Linux-Themed Music Video Parodies (itwire.com) 28

Long-time Slashdot reader troublemaker_23 quotes ITWire: German Linux company SUSE Linux is well-known for its Linux and other open source solutions. It is also known for producing videos for geeks and debuting them at its annual SUSECon conference. This year, in Prague, was no different. The company, which marked its 25th year on 2 September, came up with two videos, one to mark the occasion and the other all about Linux and open source. Both videos are parodies of well-known songs: the video Linus Said is based on "Momma Said", while 25 Years is a parody of "7 Years". Some of the lyrics in both SUSE videos would be meaningless to the average person -- but every word will ring a bell, sometimes a very poignant one, with geeks. And that's the primary audience it targets.
The article embeds both videos -- and also links to the music videos they're parodying. And it includes links to SUSE's two previous annual music video parodies -- Uptime Funk (based on Bruno Mars' blockbuster hit "Uptown Funk"), and Can't Stop the SUSE, a parody of Justin Timberlake's "Can't Stop the Feeling".
Cellphones

Security, Privacy Focused Librem 5 Linux Smartphone Successfully Crowdfunded (softpedia.com) 82

prisoninmate shares a report from Softpedia: Believe it or not, Purism's Librem 5 security and privacy-focused smartphone has been successfully crowdfunded a few hours ago when it reached and even passed its goal of $1.5 million, with 13 days left. Librem 5 wants to be an open source and truly free mobile phone designed with security and privacy in mind, powered by a GNU/Linux operating system based on Debian GNU/Linux and running only Open Source software apps on top of a popular desktop environment like KDE Plasma Mobile or GNOME Shell. Featuring a 5-inch screen, Librem 5 is compatible with 2G, 3G, 4G, GSM, UMTS, and LTE mobile networks. Under the hood, it uses an i.MX 6 or i.MX 8 processor with separate baseband modem to offer you the protection you need in today's communication challenges, where you're being monitored by lots of government agencies.
Open Source

OpenBSD 6.2 Released (openbsd.org) 114

basscomm writes: OpenBSD 6.2 has now been released. Check out the release notes if you're into that kind of thing. Some of the new features and systems include improved hardware support, vmm(4)/ vmd(8) improvements, IEEE 802.11 wireless stack improvements, generic network stack improvements, installer improvements, routing daemons and other userland network improvements, security improvements and more. Here is the full list of changes.
Open Source

Linux Now Has its First Open Source RISC-V Processor (designnews.com) 161

"SiFive has declared that 2018 will be the year of RISC V Linux processors," writes Design News. An anonymous reader quotes their report: When it released its first open-source system on a chip, the Freeform Everywhere 310, last year, Silicon Valley startup SiFive was aiming to push the RISC-V architecture to transform the hardware industry in the way that Linux transformed the software industry. Now the company has delivered further on that promise with the release of the U54-MC Coreplex, the first RISC-V-based chip that supports Linux, Unix, and FreeBSD... This latest development has RISC-V enthusiasts particularly excited because now it opens up a whole new world of use cases for the architecture and paves the way for RISC-V processors to compete with ARM cores and similar offerings in the enterprise and consumer space...

"The U54 Coreplexes are great for companies looking to build SoC's around RISC-V," Andrew Waterman co-founder and chief engineer at SiFive, as well as the one of the co-creators of RISC-V, told Design News. "The forthcoming silicon is going to enable much better software development for RISC-V." Waterman said that, while SiFive had developed low-level software such as compilers for RISC-V the company really hopes that the open-source community will be taking a much broader role going forward and really pushing the technology forward. "No matter how big of a role we would want to have we can't make a dent," Waterman said. "But what we can do is make sure the army of engineers out there are empowered."

Communications

Microsoft Releases 'Next Generation' Preview of Skype For Linux (skype.com) 92

BrianFagioli writes: Friday, Microsoft released a refreshed preview of Skype for Linux. There are both DEB and RPM packages available, making it easy to install on, say, Ubuntu, Debian, or Fedora. In fact, I successfully installed it on Pop!_OS earlier today. Believe it or not, the new interface is quite nice, making it something I could possibly enjoy using on my Linux machine.

"Great news for Skype for Linux users -- the next generation of Skype for Linux is launching!" says The Skype Team. "Starting today, you can download Skype Preview for Linux and start enjoying new features across all your devices -- including screen sharing and group chat. With Skype for Linux, you can take advantage of the screen sharing feature on your desktop screen. Now, you can share content with everyone on the call -- making it even easier to bring your calls to life and collaborate on projects."

Android

Linux LTS Kernels To Now Be Maintained For Six Years (phoronix.com) 79

An anonymous reader writes: In a bid to help Android smartphone vendors the Linux LTS (Long Term Support) kernels will now be maintained for a period of six years. The Linux LTS initiative backed by the Linux Foundation has supported annual LTS kernels for two years worth of updates, but that is being changed for Linux 4.4+ at the request of Google and their Project Treble. This means the Linux 4.4 LTS kernel will be maintained through 2022 and the upcoming Linux 4.14 LTS through 2023 for security/bug fixes in order to last a complete "device lifecycle."
Operating Systems

Ask Slashdot: Whatever Happened To the 'Year of Linux on Desktop'? 417

An anonymous reader writes: Investors, enthusiasts, and Linux distro makers have for more than a decade projected that the upcoming year will be the year of Linux on the desktop platform. But we just can't seem to get to that year for some reason. Windows continues to dominate the consumer market. Apple's macOS X is quickly gaining ground among business customers and designers, and is already ahead of Linux. Do you see Linux getting a significant boost in the desktop market in the coming years?
Ubuntu

Ubuntu To Stop Offering 32-Bit ISO Images, Joining Many Other Linux Distros (bleepingcomputer.com) 133

An anonymous reader writes: Canonical engineer Dimitri John Ledkov announced on Wednesday that Ubuntu does not plan to offer 32-bit ISO installation images for its new OS version starting with the next release — Ubuntu 17.10 (Artful Aardvark) scheduled for release on October 19. The decision comes after month-long discussions on the dwindling market share of 32-bit architectures. Ledkov made it clear that Canonical does not plan to stop support for 32-bit architectures. The Ubuntu team plans to continue to offer security updates and bug fixes, but they won't be offering new ISO images. Lubuntu and Xubuntu, which are Ubuntu offshoots created to run on older computers, will most likely continue to provide 32-bit ISO images, as this is their bread and butter. Manjaro, Tails, and Arch Linux announced similar decisions. Even Google dropped support for Chrome on 32-bit Linux platforms, way back in 2015, predicting the overall trend.
Ubuntu

System76 Pop!_OS Beta Ubuntu-based Linux Distribution Now Available To Download (betanews.com) 67

BrianFagioli writes: Next month, a new era of Ubuntu begins. Unity is dead, and GNOME 3 takes over as the default desktop environment. While this change was for the best, it was still shocking for many. For a company like System76, for instance, that sells computers pre-loaded with Ubuntu, this was problematic. Why? Well, the company essentially lost control of the overall user experience by relying on vanilla Ubuntu. It was being forced to follow Canonical's path. To solve this, and regain some control, System76 has been developing its own operating system called 'Pop!_OS.' No, it is not reinventing the wheel here -- it will still use Ubuntu as a base, and GNOME will be the desktop environment. The company is customizing the operating system, however, with things like fonts, themes, and icons, to create something truly unique. This could lead to an improved user experience. Today, the first official beta of the operating system becomes available for download.
Red Hat Software

Analyst: Enterprises Trust Red Hat Because It 'Makes Open Source Boring' (redmonk.com) 105

Tech analyst James Governor reports on what he learned from Red Hat's "Analyst Day": So it turns out Red Hat is pretty good at being Red Hat. By that I mean Red Hat sticks to the knitting, carries water and chops wood, and generally just does a good job of packaging open source technology for enterprise adoption. It's fashionable these days to decry open source -- "it's not a business". Maybe not for you, but for Red Hat it sure is. Enterprises trust Red Hat precisely because it makes open source boring. Exciting and cool, on the other hand, often means getting paged in the middle of the night. Enterprise people generally don't like that kind of thing...

Red Hat remains an anomaly -- it makes money in open source. It has new revenue streams opening up. It is well positioned to keep doing the basics, but also now have a conversation with the C-suite about transformation.

The article notes the popularity of OpenShift, Red Hat's Kubernetes distribution for managing container-based applications. (OpenShift Container Platform, Red Hat's on-premises private PaaS product, now has 400 paying enterprise customers). And it also applauds Red Hat's 2016 launch of Open Innovation Labs -- a enterprise consulting service "to jumpstart innovation and software development initiatives using open source technology and DevOps methods."
GNU is Not Unix

Richard Stallman vs. Canonical's CEO: 'Will Microsoft Love Linux to Death?' (techrepublic.com) 269

TechRepublic got different answers about Microsoft's new enthusiasm for Linux from Canonical's founder and CEO Mark Shuttleworth, and from Richard Stallman. Stallman "believes that Microsoft's decision to build a Windows Subsystem for Linux (WSL) amounts to an attempt to extinguish software that users are free to run, copy, distribute, study, change and improve." "It certainly looks that way. But it won't be so easy to extinguish us, because our reasons for using and advancing free software are not limited to practical convenience," he said. "We want freedom. As a way to use computers in freedom, Windows is a non-starter..." Stallman remains adamant that the WSL can only help entrench the dominance of proprietary software like Windows, and undermine the use of free software. "That doesn't advance the cause of free software, not one bit," he says... "The aim of the free software movement is to free users from freedom-denying proprietary programs and systems, such as Windows. Making a non-free system, such as Windows or MacOS or iOS or ChromeOS or Android, more convenient is a step backward in the campaign for freedom..."

For Shuttleworth, Windows' embrace of GNU/Linux is a net positive for open-source software as a whole. "It's not like Microsoft is stealing our toys, it's more that we're sharing them with Microsoft in order to give everyone the best possible experience," he says. "WSL provides users who are well versed in the Windows environment with greater choice and flexibility, while also opening up a whole new potential user base for the open source platform..." Today Shuttleworth takes Microsoft's newfound enthusiasm for GNU/Linux at face value, and says the company has a different ethos to that of the 1990s, a fresh perspective that benefits Microsoft as much as it does open-source software. "Microsoft is a different company now, with a much more balanced view of open and competitive platforms on multiple fronts," he says. "They do a tremendous amount of engineering specifically to accommodate open platforms like Ubuntu on Azure and Hyper-V, and this work is being done in that spirit."

The article also points out that Microsoft "does seem to be laying the groundwork for WSL to extend what's possible using a single GNU/Linux distro today, for instance, letting the user chain together commands from different GNU/Linux distros with those from Windows."
Microsoft

Microsoft and Canonical Make Custom Linux Kernel (neowin.net) 121

Billly Gates writes: Microsoft and Canonical's relationship is getting closer besides Ubuntu for Windows. Azure will soon be offering more customized Ubuntu containers with a MS optimized kernel. Uname -r will show 4.11.0-1011-azure for Ubuntu cloud based 16.04 LTS. If you want the non MS kernel you can still use it on Azure by typing:
$ sudo apt install linux-virtual linux-cloud-tools-virtual
$ sudo apt purge linux*azure
$ sudo reboot
The article mentions several benefits over the generic Linux kernel for Azure

Red Hat Software

Red Hat Pledges Patent Protection For 99 Percent of FOSS-ware (theregister.co.uk) 65

Red Hat says it has amassed over 2,000 patents and won't enforce them if the technologies they describe are used in properly-licensed open-source software. From a report: The company has made more or less the same offer since 2002, when it first made a "Patent Promise" in order to "discourage patent aggression in free and open source software." Back then the company didn't own many patents and claimed its non-enforcement promise covered 35 per cent of open-source software. The Promise was revised in order to reflect the company's growing patent trove and to spruce up the language it uses to make it more relevant. The revised promise "applies to all software meeting the free software or open source definitions of the Free Software Foundation (FSF) or the Open Source Initiative (OSI)." [...] It's not a blank cheque. Hardware isn't covered and Red Hat is at pains to point out that "Our Promise is not an assurance that Red Hat's patents are enforceable or that practicing Red Hat's patented inventions does not infringe others' patents or other intellectual property." But the company says 99 percent of FOSS software should be covered by the Promise.
GNOME

GNOME Partners With Purism On Librem 5 Linux-based Privacy-focused Smartphone (betanews.com) 100

BrianFagioli writes: The Librem 5 smartphone by Purism has a long and difficult road ahead of it. Competing against the likes of Apple and Google on the mobile market has proven to be a death sentence for many platforms -- including Microsoft with its failed Windows 10 Mobile. Luckily, Purism has found itself a new partner on this project -- one of the most important organizations in the Linux community -- The GNOME Foundation. The GNOME Foundation explains, 'The Librem 5 is a hardware platform the Foundation is interested in advancing as a GNOME/GTK phone device. The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone. As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5.'
Linux

Linux Foundation President Used MacOS For Presentation at Open Source Summit (itsfoss.com) 284

Slashdot reader mschaffer writes:It appears that Jim Zemlin, President of the Linux Foundation, was using MacOS while declaring "2017 is officially the year of the Linux desktop!" at the Open Source Summit 2017. This was observed by several YouTube channels: Switched to Linux and The Lunduke Show. Finally it was reported by It's FOSS.

if, indeed, this is the year of desktop Linux, why oh why cannot people like Zemlin present a simple slide presentation -- let alone actually use a Linux distro for work.

A security developer at Google has now "spotted Jim Zemlin using Apple's macOS twice in last four years," according to the article, which complains the Foundation's admirable efforts on cloud/container technology has them neglecting Linux on the desktop.

Ironically, in March Zemlin told a cloud conference that organizations that "don't harvest the shared innovation" of open source "will fail."
Windows

'Bashware' Attacks Exploit Windows 10's Subsystem for Linux (betanews.com) 80

Mark Wilson quote BetaNews: While many people welcomed the arrival of Windows Subsystem for Linux (WSL) in Windows 10, it has been found to be a potential security issue. A new technique known as a Bashware has been discovered by security researchers that makes it possible for malware to use the Linux shell to bypass security software.

While administrator access is needed to execute a Bashware attack, this is fairly easily obtained, and the technique can be used to disguise malicious operations from antivirus software and other security tools. Researchers from Check Point Research point out that the danger stems from the fact that "existing security solutions are still not adapted to monitor processes of Linux executables running on Windows."

Microsoft

Will Linux Innovation Be Driven By Microsoft? (infoworld.com) 335

Adobe's VP of Mobile (and a former intellectual property lawyer) sees "a very possible future where Microsoft doesn't merely accept a peaceful coexistence with Linux, but instead enthusiastically embraces it as a key to its future," noting Microsoft's many Linux kernel developers and arguing it's already innovating around Linux -- especially in the cloud. An anonymous reader quotes InfoWorld: Even seemingly pedestrian work -- like making Docker containers work for Windows, not merely Linux -- is a big deal for enterprises that don't want open source politics infesting their IT. Or how about Hyper-V containers, which marry the high density of containers to the isolation of traditional VMs? That's a really big deal...

Microsoft has started hiring Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and (in mid-2016) Stephen Hemminger... Microsoft now employs 12 Linux kernel contributors. As for what these engineers are doing, Linux kernel maintainer Greg Kroah-Hartman says, "Microsoft now has developers contributing to various core areas of the kernel (memory management, core data structures, networking infrastructure), the CIFS filesystem, and of course many contributions to make Linux work better on its Hyper-V systems." In sum, the Linux Foundation's Jim Zemlin declares, "It is accurate to say they are a core contributor," with the likelihood that Hemminger's and others' contributions will move Microsoft out of the kernel contribution basement into the upper echelons.

The article concludes that "Pigs, in other words, do fly. Microsoft, while maintaining its commitment to Windows, has made the necessary steps to not merely run on Linux but to help shape the future of Linux."
KDE

KDE Plasma 5.11 Beta Released (kde.org) 59

JRiddell writes: The original and best linux desktop has a new version, KDE Plasma 5.11 beta is out. UI improvements include a redesigned System Settings and notification history. Privacy improvements include Plasma Vault, which helps you store your files securely. Progress on Wayland support continues with many people now using it as their daily setup. The full changelog can be viewed here.
GNOME

GNOME 3.26 Released (betanews.com) 176

BrianFagioli shares a report from BetaNews: Today, GNOME 3.26 codenamed "Manchester" sees release. It is chock full of improvements, such as a much-needed refreshed settings menu, enhanced search, and color emoji! Yes, Linux users like using the silly symbols too! "System search has been improved for GNOME 3.26. Results have an updated layout which makes them easier to read and shows more items at once. Additionally, it's now possible to search for system actions, including power off, suspend, lock screen, log out, switch user and orientation lock. (Log out and switch user only appear if there's more than one user. Orientation lock is only available if the device supports automatic screen rotation.) These search features can be accessed in the usual way: click Activities and type into the search box, or simply press 'super' and start typing," says the GNOME Project. The full release notes are available here.
Security

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices (bleepingcomputer.com) 121

An anonymous reader quotes a report from Bleeping Computer: Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email. "Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device." Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off immediately. When a patch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely. The BlueBorne Android App on the Google Play Store will be able to determine if a user's Android device is vulnerable. A technical report on the BlueBorne flaws is available here (PDF).
Security

Torvalds Wants Attackers To Join Linux Before They Turn To the "Dark Side" (eweek.com) 112

darthcamaro writes: People attack Linux everyday and Linus Torvalds is impressed by many of them. Speaking at the Open Source Summit in LA, Torvalds said he wants to seek out those that would attack Linux and get them to help improve Linux, before they turn to the 'dark side.' "There are smart people doing bad things, I wish they were on our side and they could help us," Torvalds said. "Where I want us to go, is to get as many smart people as we can before they turn to the dark side. We would improve security that way and get those that are interested in security to come to us, before they attack us," he added.
SuSE

Linux Pioneer SUSE Marks 25 Years In the Field (itwire.com) 54

troublemaker_23 shares an article from ITWire: The Germany-based SUSE Linux marked a milestone last week: on Friday, September 2, the company turned 25, a remarkable achievement in an industry where the remains of software companies litter the landscape around the world... SUSE was formed in 1992 by three university students -- Hubert Mantel, Roland Dyroff, and Burchard Steinbild. The fourth man in the equation was software engineer Thomas Fehr. They had a simple objective: to build software and deliver UNIX support. Linux had been around for a little more than a year at that point and they decided to use it... The name S.u.S.E is a German acronym and means "Software und System-Entwicklung", or "Software and systems development". The name was later changed to SuSE and some years on became SUSE...

Like other open source outfits, SUSE has widened its services and now not only provides an enterprise Linux distribution but has a well developed software-defined storage product and one for a container-as-a-service option. It also caters to those seeking cloud options and does more than its fair share in contributing to upstream FOSS projects. Along the way, it has spawned a top-notch community distribution, openSUSE, which is run by an autonomous board led by the ebullient British developer Richard Brown.

S.u.S.E Linux was one of the first distros, arriving in 1994 after Soft Landing Systems Linux (in mid-1992) and Slackware.
GUI

Linux.com Raves About New Snap-Centric 'Nitrux' Distro (linux.com) 137

An anonymous reader quotes Linux.com: What happens when you take Ubuntu 17.10, a new desktop interface (one that overlays on top of KDE), snap packages, and roll them all up into a pseudo rolling release? You get Nitrux. At first blush, this particular Linux distribution seems more of an experiment than anything else -- to show how much the KDE desktop can be tweaked to resemble the likes of the Elementary OS or MacOS desktops. At its heart, however, it's much more than that... This particular take on the Linux desktop is focused on the portable, universal nature of snap packages and makes use of a unique desktop, called Nomad, which sits atop KDE Plasma 5... The desktop includes a dock, a system/notification tray, a quick search tool (Plasma Search), and an app menu. Of all the elements on the desktop, it's the Plasma Search tool that will appeal to anyone looking for an efficient means to interact with their desktops. With this tool, you can just start typing on a blank desktop to see a list of results. Say, for example, you want to open LibreOffice writer; on the blank desktop, just start typing "libre" and related entries will appear...

Skilled Linux users should have no problem using Nitrux and might find themselves intrigued with the snap-centric Nomad desktop. The one advantage of having a distribution centered around snap packages would be the ease with which you could quickly install and uninstall a package, without causing issues with other applications... In the end, Nitrux is a beautiful desktop that is incredibly efficient to use -- only slightly hampered by an awkward installer and a lack of available snap packages. Give this distribution a bit of time to work out the kinks and it could become a serious contender.

The GUI-focused distro even includes Android apps in the menu -- although Linux.com's reviewer notes that "on two different installations, I have yet to get this feature to work. Even the pre-installed Android apps never start."
Chrome

Chrome 61 Arrives With JavaScript Modules, WebUSB Support (venturebeat.com) 115

The latest version of Google Chrome has launched, bringing a host of new developer features like JavaScript modules and WebUSB support. An anonymous Slashdot reader shares a report from VentureBeat: Google has launched Chrome 61 for Windows, Mac, and Linux. Additions in this release include JavaScript modules and WebUSB support, among other developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Google also released Chrome 61 for Android today. In addition to performance and stability fixes, you can expect two new features: Translate pages with a more compact toolbar and pick images with an improved image picker.

Chrome now supports JavaScript modules natively via the new element, letting developers declare a script's dependencies. Modules are already popular in third-party build tools, which use them to bundle only the required scripts. Native support means the browser can fetch granular dependencies in parallel, taking advantage of caching, avoiding duplications across the page, and ensuring the script executes in the correct order, all without a build step. Google recommends these two blog posts for more information: ECMAScript modules in browsers and ES6 Modules in Depth. Speaking of JavaScript, Chrome 61 also upgrades the browser's V8 JavaScript engine to version 6.1. Developers can expect performance improvements and a binary size reduction. The WebUSB API meanwhile allows web apps to access user-permitted USB devices. This enables all the functionality provided by hardware peripherals such as keyboards, mice, printers, and gamepads, while still preserving the security guarantees of the web.

Operating Systems

Linux Kernel 4.13 Officially Released (softpedia.com) 43

prisoninmate writes: As expected, the Linux 4.13 kernel series was made official this past weekend by none other than its creator, Linus Torvalds, which urges all Linux users to start migrating to this version as soon as possible. Work on Linux kernel 4.13 started in mid-July with the first Release Candidate (RC) milestone, which already gave us a glimpse of the new features coming to this major kernel branch. There are, of course, numerous improvements and support for new hardware through updated drivers and core components. Highlights of Linux kernel 4.13 include Intel's Cannon Lake and Coffee Lake CPUs, support for non-blocking buffered I/O operations to improve asynchronous I/O support, support for "lifetime hints" in the block layers and the virtual filesystem, AppArmor enhancements, and better power management. There's also AMD Raven Ridge support implemented in the AMDGPU graphics driver, which received numerous improvements, support for five-level page tables was added in the s390 architecture, and the structure randomization plugin was added as part of the build system.
Android

With Android Oreo, Google Is Introducing Linux Kernel Requirements (betanews.com) 120

Mark Wilson shares a report from BetaNews: As is easy to tell by comparing versions of Android from different handset manufacturers, developers are -- broadly speaking -- free to do whatever they want with Android, but with Oreo, one aspect of this is changing. Google is introducing a new requirement that OEMs must meet certain requirements when choosing the Linux kernel they use. Until now, as pointed out by XDA Developers, OEMs have been free to use whatever Linux kernel they wanted to create their own version of Android. Of course, their builds still had to pass Google's other tests, but the kernel number itself was not an issue. Moving forward, Android devices running Oreo must use at least kernel 3.18, but there are more specific requirements to meet as well. Google explains on the Android Source page: "Android O mandates a minimum kernel version and kernel configuration and checks them both in VTS as well as during an OTA. Android device kernels must enable the kernel .config support along with the option to read the kernel configuration at runtime through procfs."
Operating Systems

Is Apple Copying Palm's WebOS? (salon.com) 188

An anonymous reader quotes a report from Salon: Released in 2009 by Palm -- the same company that popularized the PDA in the 1990s -- WebOS pioneered a number of innovations, including multiple synchronized calendars, unified social media and contact management, curved displays, wireless charging, integrated text and Web messaging, and unintrusive notifications [that have all been copied by the mobile operating systems that defeated it on the marketplace]. The operating system, built on top of a Linux kernel, was also legendary for how easily it could be upgraded by users with programming skills. WebOS was also special in that it used native internet technologies like JavaScript for local applications. That was a huge part of why it was able to do so much integration with Web services, something its competitors at the time simply couldn't match.

Apple's upcoming iOS 11 once again demonstrates how far ahead of its time WebOS really was. The yet-to-be-released Apple mobile system has essentially copied the WebOS model for switching apps by having the user swipe upward from the bottom to reveal several "cards" that represent background applications. While Apple's decision to remove its massively overworked Home button is an improvement, it is still an inferior way of switching apps, compared to what you could do on WebOS eight years ago.

Operating Systems

Linux Desktop Market Share Crosses 3% (netmarketshare.com) 285

Data for the month of August 2017 from reliable market analytics firm Net Applications is here, and it suggests that Linux has finally surpassed the three percent mark, quite possibly for the first time in recent years. According to Net Applications, the desktop market share of Linux jumped from 2.53 percent in July to 3.37 percent in August. There's no explanation for what accounted for this growth.
AMD

New Ryzen Running Stable On Linux, Threadripper Builds Kernel In 36 Seconds (phoronix.com) 186

An anonymous reader writes: After AMD confirmed the a "performance marginality problem" affecting some Ryzen Linux users, RMAs are being issued and replacement Ryzen processors arriving for affected opensource fans. Phoronix has been able to confirm that the new Ryzen CPUs are running stable without the segmentation fault problem that would occur under very heavy workloads. They have also been able to test now the Ryzen Threadripper 1950X. The Threadripper 1950X on Linux is unaffected by any issues unless you count the lack of a thermal reporting driver. With the 32 threads under Linux they have been able to build the Linux kernel in just about a half minute.
Open Source

How Open Source Advocates Celebrated The 26th Anniversary of Linux (linux.com) 99

To celebrate Linux's 26th anniversary, the Linux Foundation tweeted a picture of Tux on a birthday cake, and linked to an essay on OpenSource.com by FreeDOS founder Jim Hall: My first Linux distribution was Softlanding Linux System (SLS) 1.03, with Linux kernel 0.99 alpha patch level 11. That required a whopping 2MB of RAM, or 4MB if you wanted to compile programs, and 8MB to run X windows... To celebrate, I reinstalled SLS 1.05 to remind myself what the Linux 1.0 kernel was like and to recognize how far Linux has come since the 1990s.
"Getting X windows to perform was not exactly easy..." Hall writes, adding "the concept of a desktop didn't exist yet." Meanwhile Phoronix celebrated by republishing that fateful email Linus Torvalds sent on August 25, 1991. And Fossbytes shared the most recent statistics about modern-day Linux's 20 million lines of code from the Linux Foundation: During the period between the 3.19 and 4.7 releases, the kernel community was merging changes at an average rate of 7.8 patches per hour; that is a slight increase from the 7.71 patches per hour seen in the previous version of this report, and a continuation of the longterm trend toward higher patch volumes.
Linux

You Can Help Purism Build the Secure Open Source Linux-based Librem 5 Smartphone (betanews.com) 109

BrianFagioli writes: Thankfully, consumers are starting to wake up and become more aware of security and privacy, and some companies, such as Purism, are designing products to safeguard users. The company's laptops, for instance, run an open source Linux-based operating system, called "PureOS" with a focus on privacy. These machines even have hardware "kill switches" so you can physically disconnect a webcam or Wi-Fi card. Today, Purism announces that it is taking those same design philosophies and using them to build a new $599 smartphone called Librem 5. The planned phone will use the GNOME desktop environment and PureOS by default, but users can install different distros too. Sound good? Well you can help the company build it through crowdfunding. "Purism, the social purpose corporation which designs and produces popular privacy conscious hardware and software, has revealed its plans to build the world's first encrypted, open platform smartphone that will empower users to protect their digital identity in an increasingly unsafe mobile world. After 18 months of R&D to test hardware specifications and engage with one of the largest phone fabricators, Purism is opening a self-hosted crowdfunding campaign to gauge demand for the initial fabrication order and add the features most important to users," says Purism.
Windows

Microsoft .NET Core 2.0 For Linux Released; Redhat Will Bundle Microsoft's .NET (zdnet.com) 185

Billly Gates writes: Microsoft recently released Visual Studio 15.3 for Windows and Visual Studio 7.1 for Mac with .NET core 2.0. In addition to porting Microsoft Code and SQL Server to Linux, they have ported .NET. Redhat will bundle .NET in their software offerings instead of relying on Mono. .NET core is Microsoft's open-source .NET platform which is not based off Mono and available for Linux, Mac, and Windows here.
Java

Red Hat Gives Ceylon To The Eclipse Foundation (eclipse.org) 97

An anonymous reader writes: Some media outlets called Ceylon an attempted "Java killer" when Gavin King first unveiled his secret two-year development project in 2011. In 2013 Red Hat finally released version 1.0 of the modern, modular statically-typed programming language for the Java and JavaScript virtual machines. After another four years, "Ceylon has a small but very active and enthusiastic community of developers and users, and indeed is the fruit of the hard work of a large number of contributors over the years," says a project proposal page at Eclipse.org seeking "to further grow our community... a key strategy to achieve that would be to move Ceylon from Red Hat to a vendor-neutral foundation."

That project has now been approved, and the "Eclipse Ceylon" project has been created. It includes the Ceylon distribution and its SDK, plus the Java2Ceylon converter and the Ceylon Herd project's server (and related services) for Ceylon module sharing. There's also three IDEs (and their code-formatting and functionality-sharing modules).

Back in 2011 InfoWorld predicted that instead of becoming a Java killer, "it is more likely Ceylon will join a growing list of new languages resting atop the JVM, while the Java language and platform will continue on as staples of enterprise computing."
Android

postmarketOS Pursues A Linux-Based, LTS OS For Android Phones (liliputing.com) 111

An anonymous reader quotes Liliputing: Buy an iPhone and you might get 4-5 years of official software updates. Android phones typically get 1-3 years of updates... if they get any updates at all. But there are ways to breathe new life into some older Android phones. If you can unlock the bootloader, you may be able to install a custom ROM like LineageOS and get unofficial software updates for a few more years. The folks behind postmarketOS want to go even further: they're developing a Linux-based alternative to Android with the goal of providing up to 10 years of support for old smartphones...

Right now postmarketOS is a touch-friendly operating system based on Alpine Linux that runs on a handful of devices including the Samsung Galaxy Nexus, Google Nexus 4, 5, and 7 (2012), and several other Samsung, HTC, LG, Motorola, and Sony smartphones. There are also ports for some non-Android phones such as the Nokia N900 and work-in-progress builds for the BlackBerry Bolt Touch 9900 and Jolla Phone. Note that when I say the operating system runs on those devices, I basically mean it boots. Some phones only have network access via a USB cable, for instance. None of the devices can actually be used to make phone calls. But here's the cool thing: the developers are hoping to create a single kernel that works with all supported devices, which means that postmarketOS would work a lot like a desktop operating system, allowing you to install the same OS on any smartphone with the proper hardware.

One postmarketOS developer complains that Android's architecture "is based on forking (one might as well say copy-pasting) the entire code-base for each and every device and Android version. And then working on that independent, basically instantly incompatible version. Especially adding device-specific drivers plays an important role... Here is the solution: Bend an existing Linux distribution to run on smartphones. Apply all necessary changes as small patches and upstream them, where it makes sense."
Desktops (Apple)

In Defense of the Popular Framework Electron (dev.to) 138

Electron, a popular framework that allows developers to write code once and seamlessly deploy it across multiple platforms, has been a topic of conversation lately among developers and users alike. Many have criticised Electron-powered apps to be "too memory intensive." A developer, who admittedly uses a high-end computer, shares his perspective: I can speak for myself when I say Electron runs like a dream. On a typical day, I'll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. [...] So, how does it feel to run this bloat train of death every day? Well, it feels like nothing. I don't notice it. My laptop doesn't get hot. I don't hear the fan. I experience no lags in any application. [...] But aside from how it makes end-users feel, there is an arguably more important perspective to be had: how it makes software companies feel. For context, the project I work in is an open-source cross-platform notes app that's available on most platforms, including web, Mac, Windows, Linux, iOS, and Android. All the desktop applications are based off the main web codebase, and are bundled using Electron, while the iOS and Android app use their own native codebases respectively, one in Swift and the other in Kotlin. And as a new company without a lot of resources, this setup has just barely allowed us to enter the marketplace. Three codebases is two too many codebases to maintain. Every time we make a change, we have to make it in three different places, violating the most sacred tenet of computer science of keeping it DRY. As a one-person team deploying on all these platforms, even the most minor change will take at minimum three development days, one for each codebase. This includes debugging, fixing, testing, bundling, deploying, and distributing every single codebase. This is by no means an easy task.
Debian

OpenSource.com Test-Drives Linux Distros From 1993 To 2003 (opensource.com) 80

An anonymous reader quotes OpenSource.com: A unique trait of open source is that it's never truly EOL (End of Life). The disc images mostly remain online, and their licenses don't expire, so going back and installing an old version of Linux in a virtual machine and getting a precise picture of what progress Linux has made over the years is relatively simple... Whether you're new to Linux, or whether you're such an old hand that most of these screenshots have been more biographical than historical, it's good to be able to look back at how one of the largest open source projects in the world has developed. More importantly, it's exciting to think of where Linux is headed and how we can all be a part of that, starting now, and for years to come.
The article looks at seven distros -- Slackware 1.01 (1993), Debian 0.91 (1994), Jurix/S.u.S.E. (1996), SUSE 5.1 (1998), Red Hat 6.0 (1999), Mandrake 8.0 (2001), and Fedora 1 (2003). Click through for some of the highlights.
GNOME

Canonical Needs Your Help Transitioning Ubuntu Linux From Unity To GNOME (ubuntu.com) 111

BrianFagioli quotes BetaNews: On August 24 and 25, the Ubuntu Desktop team will be holding a "Fit and Finish Sprint," where they will aggressively test GNOME. Canonical is also asking the Ubuntu community to help with this process. In other words, you might be able to assist with making Artful Aardvark even better.

What makes this particularly cool, however, is that Canonical will be selecting some community members to visit its London office on August 24 between 4 pm and 9 pm. "Over the two days we'll be scrutinizing the new GNOME Shell desktop experience, looking for anything jarring/glitchy or out of place," says Alan Pope, Community Manager. "We'll be working on the GTK, GDM and desktop theme alike, to fix inconsistencies, performance, behavioral or visual issues. We'll also be looking at the default key bindings, panel color schemes and anything else we discover along the way."

A few caveats: Canonical won't pay anyone's travel expenses to London, and "Ideally we're looking for people who are experienced in identifying (and fixing) theme issues, CSS experts and GNOME Shell / GTK themers."
AMD

AMD Confirms Linux 'Performance Marginality Problem' On Ryzen (phoronix.com) 120

An anonymous reader writes: Ryzen customers experiencing segmentation faults under Linux when firing off many compilation processes have now had their problem officially acknowledged by AMD. The company describes it as a "performance marginality problem" affecting some Ryzen customers and only on Linux. AMD confirmed Threadripper and Epyc processors are unaffected; they will be dealing with the issue on a customer-by-customer basis, and their future consumer products will see better Linux testing/validation. Ryzen customers believed to be affected by the problem can contact AMD Customer Care. Michael Larabel writes via Phoronix: "With the Ryzen segmentation faults on Linux they are found to occur with many, parallel compilation workloads in particular -- certainly not the workloads most Linux users will be firing off on a frequent basis unless intentionally running scripts like ryzen-test/kill-ryzen. As I've previously written, my Ryzen Linux boxes have been working out great except in cases of intentional torture testing with these heavy parallel compilation tasks. [AMD's] analysis has also found that these Ryzen segmentation faults aren't isolated to a particular motherboard vendor or the like, contrary to rumors/noise online due to the complexity of the problem."
Debian

OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support (debian.org) 76

An anonymous reader writes: Debian Linux "sid" is deprecating TLS 1.0 Encryption. A new version of OpenSSL has been uploaded to Debian Linux unstable. This version disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version. This will likely break certain things that for whatever reason still don't support TLS 1.2. I strongly suggest that if it's not supported that you add support for it, or get the other side to add support for it. OpenSSL made a release 5 years ago that supported TLS 1.2. The current support of the server side seems to be around 90%. I hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don't need to enable them again. This move caused some concern among Debian users and sysadmins. If you are running Debian Unstable on server tons of stuff is going to broken cryptographically. Not to mention legacy hardware and firmware that still uses TLS 1.0. On the client side (i.e. your users), you need to use the latest version of a browser such as Chrome/Chromium and Firefox. The Older version of Android (e.g. Android v5.x and earlier) do not support TLS 1.2. You need to use minimum iOS 5 for TLS 1.2 support. Same goes with SMTP/mail servers, desktop email clients, FTP clients and more. All of them using old outdated crypto.

This move will also affect for Android 4.3 users or stock MS-Windows 7/IE users (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto.

Red Hat Software

Red Hat Acquires Data-Cleaning Company Permabit (fortune.com) 85

An anonymous reader quotes Fortune: Business software company Red Hat said on Monday that it is acquiring the technology assets of Permabit, a small company that specializes in cleaning up corporate data to make storage more efficient and data access faster. Terms of the deal were not disclosed but a Red Hat spokesman said 16 people from Permabit will be joining that company...

While the conventional wisdom is that data storage is cheap, it is not free. And with companies turning to more expensive flash storage, it saves money to remove redundant data, said Richard Fichera, vice president and principal analyst at Forrester Research... Red Hat, which sells a version of the Linux operating system used by many Fortune 500 companies, also offers its own storage software. And, it wants to become a more formidable challenger in data storage, a goal that can be furthered by buying Permabit's technology, Fichera said.

Slashdot reader See Attached points out that this week Red Hat also released RHEL 7.4, which introduces support for Network Bound Disk Encryption (NBDE) and system protection against intrusive USB devices.
Open Source

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 307

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Ubuntu

Ubuntu Will Revert Window Controls To the Right-Hand Side in Next Release (neowin.net) 171

Following a survey carried out last month, Ubuntu will begin shipping with the minimise, maximise, and close buttons on the right-hand side of windows. From a report: In the survey 46.2% of people said they prefer their window controls on the left-hand side and 53.8% said they prefer them on the right. The decision comes after seven years of window controls being on the left, at the time it had plenty of detractors but Ubuntu founder, Mark Shuttleworth, maintained that the controls needed shifting to the left because they'd be in the way of the then newly introduced window indicators.
Python

It Will Take Fedora More Releases To Switch Off Python 2 (phoronix.com) 94

An anonymous reader quotes Phoronix: Finalizing Fedora's switch from Python 2 to Python 3 by default is still going to take several more Fedora release cycles and should be done by the 2020 date when Python 2 will be killed off upstream. While much of Fedora's Python code is now compatible with Py3, the /usr/bin/python still points to Python 2, various python-* packages still mean Python 2... The end game is to eventually get rid of Python 2 from Fedora but that is even further out.
Fedora is now gathering feedback on a Wiki page explaining the switch.
Cloud

Microsoft Further Pledges Linux Loyalty, Joins Cloud Native Computing Foundation (betanews.com) 109

BrianFagioli quotes BetaNews: Today, Microsoft further pledges its loyalty to Linux and open source by becoming a platinum member of the Cloud Native Computing Foundation. If you aren't familiar, the CNCF is a part of the well-respected Linux Foundation (of which Microsoft is also a member). With the Windows-maker increasingly focusing its efforts on the cloud -- and profiting from it -- this seems like a match made in heaven. In fact, Dan Kohn, Executive Director of the foundation says, "We are honored to have Microsoft, widely recognized as one of the most important enterprise technology and cloud providers in the world, join CNCF as a platinum member."

"CNCF is a part of the Linux Foundation, which helps govern for a wide range of cloud-oriented open source projects, such as Kubernetes, Prometheus, OpenTracing, Fluentd, Linkerd, containerd, Helm, gRPC, and many others," says John Gossman Azure Architect, Microsoft. "Since we joined the Linux Foundation last year, and now have decided to expand that relationship to CNCF membership as a natural next step to invest in open source communities and code at multiple levels, especially in the area of containers."

The announcement notes that Microsoft has already been contributing code to the Kubernetes project, "as well as running Kubernetes as part of the Azure Container Service."
Debian

Systemd Named 'Lamest Vendor' At Pwnie Security Awards (theregister.co.uk) 436

Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports: The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...

And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"

CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.

Slashdot Top Deals