Desktops (Apple)

In Defense of the Popular Framework Electron (dev.to) 130

Electron, a popular framework that allows developers to write code once and seamlessly deploy it across multiple platforms, has been a topic of conversation lately among developers and users alike. Many have criticised Electron-powered apps to be "too memory intensive." A developer, who admittedly uses a high-end computer, shares his perspective: I can speak for myself when I say Electron runs like a dream. On a typical day, I'll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. [...] So, how does it feel to run this bloat train of death every day? Well, it feels like nothing. I don't notice it. My laptop doesn't get hot. I don't hear the fan. I experience no lags in any application. [...] But aside from how it makes end-users feel, there is an arguably more important perspective to be had: how it makes software companies feel. For context, the project I work in is an open-source cross-platform notes app that's available on most platforms, including web, Mac, Windows, Linux, iOS, and Android. All the desktop applications are based off the main web codebase, and are bundled using Electron, while the iOS and Android app use their own native codebases respectively, one in Swift and the other in Kotlin. And as a new company without a lot of resources, this setup has just barely allowed us to enter the marketplace. Three codebases is two too many codebases to maintain. Every time we make a change, we have to make it in three different places, violating the most sacred tenet of computer science of keeping it DRY. As a one-person team deploying on all these platforms, even the most minor change will take at minimum three development days, one for each codebase. This includes debugging, fixing, testing, bundling, deploying, and distributing every single codebase. This is by no means an easy task.
Debian

OpenSource.com Test-Drives Linux Distros From 1993 To 2003 (opensource.com) 79

An anonymous reader quotes OpenSource.com: A unique trait of open source is that it's never truly EOL (End of Life). The disc images mostly remain online, and their licenses don't expire, so going back and installing an old version of Linux in a virtual machine and getting a precise picture of what progress Linux has made over the years is relatively simple... Whether you're new to Linux, or whether you're such an old hand that most of these screenshots have been more biographical than historical, it's good to be able to look back at how one of the largest open source projects in the world has developed. More importantly, it's exciting to think of where Linux is headed and how we can all be a part of that, starting now, and for years to come.
The article looks at seven distros -- Slackware 1.01 (1993), Debian 0.91 (1994), Jurix/S.u.S.E. (1996), SUSE 5.1 (1998), Red Hat 6.0 (1999), Mandrake 8.0 (2001), and Fedora 1 (2003). Click through for some of the highlights.
GNOME

Canonical Needs Your Help Transitioning Ubuntu Linux From Unity To GNOME (ubuntu.com) 109

BrianFagioli quotes BetaNews: On August 24 and 25, the Ubuntu Desktop team will be holding a "Fit and Finish Sprint," where they will aggressively test GNOME. Canonical is also asking the Ubuntu community to help with this process. In other words, you might be able to assist with making Artful Aardvark even better.

What makes this particularly cool, however, is that Canonical will be selecting some community members to visit its London office on August 24 between 4 pm and 9 pm. "Over the two days we'll be scrutinizing the new GNOME Shell desktop experience, looking for anything jarring/glitchy or out of place," says Alan Pope, Community Manager. "We'll be working on the GTK, GDM and desktop theme alike, to fix inconsistencies, performance, behavioral or visual issues. We'll also be looking at the default key bindings, panel color schemes and anything else we discover along the way."

A few caveats: Canonical won't pay anyone's travel expenses to London, and "Ideally we're looking for people who are experienced in identifying (and fixing) theme issues, CSS experts and GNOME Shell / GTK themers."
AMD

AMD Confirms Linux 'Performance Marginality Problem' On Ryzen (phoronix.com) 120

An anonymous reader writes: Ryzen customers experiencing segmentation faults under Linux when firing off many compilation processes have now had their problem officially acknowledged by AMD. The company describes it as a "performance marginality problem" affecting some Ryzen customers and only on Linux. AMD confirmed Threadripper and Epyc processors are unaffected; they will be dealing with the issue on a customer-by-customer basis, and their future consumer products will see better Linux testing/validation. Ryzen customers believed to be affected by the problem can contact AMD Customer Care. Michael Larabel writes via Phoronix: "With the Ryzen segmentation faults on Linux they are found to occur with many, parallel compilation workloads in particular -- certainly not the workloads most Linux users will be firing off on a frequent basis unless intentionally running scripts like ryzen-test/kill-ryzen. As I've previously written, my Ryzen Linux boxes have been working out great except in cases of intentional torture testing with these heavy parallel compilation tasks. [AMD's] analysis has also found that these Ryzen segmentation faults aren't isolated to a particular motherboard vendor or the like, contrary to rumors/noise online due to the complexity of the problem."
Debian

OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support (debian.org) 76

An anonymous reader writes: Debian Linux "sid" is deprecating TLS 1.0 Encryption. A new version of OpenSSL has been uploaded to Debian Linux unstable. This version disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version. This will likely break certain things that for whatever reason still don't support TLS 1.2. I strongly suggest that if it's not supported that you add support for it, or get the other side to add support for it. OpenSSL made a release 5 years ago that supported TLS 1.2. The current support of the server side seems to be around 90%. I hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don't need to enable them again. This move caused some concern among Debian users and sysadmins. If you are running Debian Unstable on server tons of stuff is going to broken cryptographically. Not to mention legacy hardware and firmware that still uses TLS 1.0. On the client side (i.e. your users), you need to use the latest version of a browser such as Chrome/Chromium and Firefox. The Older version of Android (e.g. Android v5.x and earlier) do not support TLS 1.2. You need to use minimum iOS 5 for TLS 1.2 support. Same goes with SMTP/mail servers, desktop email clients, FTP clients and more. All of them using old outdated crypto.

This move will also affect for Android 4.3 users or stock MS-Windows 7/IE users (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto.

Red Hat Software

Red Hat Acquires Data-Cleaning Company Permabit (fortune.com) 85

An anonymous reader quotes Fortune: Business software company Red Hat said on Monday that it is acquiring the technology assets of Permabit, a small company that specializes in cleaning up corporate data to make storage more efficient and data access faster. Terms of the deal were not disclosed but a Red Hat spokesman said 16 people from Permabit will be joining that company...

While the conventional wisdom is that data storage is cheap, it is not free. And with companies turning to more expensive flash storage, it saves money to remove redundant data, said Richard Fichera, vice president and principal analyst at Forrester Research... Red Hat, which sells a version of the Linux operating system used by many Fortune 500 companies, also offers its own storage software. And, it wants to become a more formidable challenger in data storage, a goal that can be furthered by buying Permabit's technology, Fichera said.

Slashdot reader See Attached points out that this week Red Hat also released RHEL 7.4, which introduces support for Network Bound Disk Encryption (NBDE) and system protection against intrusive USB devices.
Open Source

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 306

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Ubuntu

Ubuntu Will Revert Window Controls To the Right-Hand Side in Next Release (neowin.net) 171

Following a survey carried out last month, Ubuntu will begin shipping with the minimise, maximise, and close buttons on the right-hand side of windows. From a report: In the survey 46.2% of people said they prefer their window controls on the left-hand side and 53.8% said they prefer them on the right. The decision comes after seven years of window controls being on the left, at the time it had plenty of detractors but Ubuntu founder, Mark Shuttleworth, maintained that the controls needed shifting to the left because they'd be in the way of the then newly introduced window indicators.
Python

It Will Take Fedora More Releases To Switch Off Python 2 (phoronix.com) 94

An anonymous reader quotes Phoronix: Finalizing Fedora's switch from Python 2 to Python 3 by default is still going to take several more Fedora release cycles and should be done by the 2020 date when Python 2 will be killed off upstream. While much of Fedora's Python code is now compatible with Py3, the /usr/bin/python still points to Python 2, various python-* packages still mean Python 2... The end game is to eventually get rid of Python 2 from Fedora but that is even further out.
Fedora is now gathering feedback on a Wiki page explaining the switch.
Cloud

Microsoft Further Pledges Linux Loyalty, Joins Cloud Native Computing Foundation (betanews.com) 109

BrianFagioli quotes BetaNews: Today, Microsoft further pledges its loyalty to Linux and open source by becoming a platinum member of the Cloud Native Computing Foundation. If you aren't familiar, the CNCF is a part of the well-respected Linux Foundation (of which Microsoft is also a member). With the Windows-maker increasingly focusing its efforts on the cloud -- and profiting from it -- this seems like a match made in heaven. In fact, Dan Kohn, Executive Director of the foundation says, "We are honored to have Microsoft, widely recognized as one of the most important enterprise technology and cloud providers in the world, join CNCF as a platinum member."

"CNCF is a part of the Linux Foundation, which helps govern for a wide range of cloud-oriented open source projects, such as Kubernetes, Prometheus, OpenTracing, Fluentd, Linkerd, containerd, Helm, gRPC, and many others," says John Gossman Azure Architect, Microsoft. "Since we joined the Linux Foundation last year, and now have decided to expand that relationship to CNCF membership as a natural next step to invest in open source communities and code at multiple levels, especially in the area of containers."

The announcement notes that Microsoft has already been contributing code to the Kubernetes project, "as well as running Kubernetes as part of the Azure Container Service."
Debian

Systemd Named 'Lamest Vendor' At Pwnie Security Awards (theregister.co.uk) 436

Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports: The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...

And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"

CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.
Windows

Microsoft's 'Windows Subsystem For Linux' Finally Leaves Beta (microsoft.com) 163

An anonymous reader quotes Microsoft's Developer blog: Early adopters on the Windows Insider program will notice that Windows Subsystem for Linux is no longer marked as a beta feature as of Insider build 16251. This will be great news for those who've held-back from employing WSL as a mainline toolset: You'll now be able to leverage WSL as a day-to-day developer toolset, and become ever more productive when building, testing, deploying, and managing your apps and systems on Windows 10... What will change is that you will gain the added advantage of being able to file issues on WSL and its Windows tooling via our normal support mechanisms if you want/need to follow a more formal issue resolution process. You can also provide feedback via Windows 10 Feedback Hub app, which delivers feedback directly to the team.
Microsoft points out that distro-publishers are still responsible for supporting and fixing the internals of their distros -- and they have no plans to support X/GUI apps or desktops. And of course, Linux files are not currently accessible from Windows -- though Microsoft says they're working on a fix.
Open Source

OpenMoko: Ten Years After (vanille.de) 48

Michael Lauer, member of the core team at OpenMoko, a project that sought to create a family of open source mobile phones -- which included the hardware specs and the Linux-based OS -- has shared the inside story of what the project wanted to do and why it failed. From his blog post: For the 10th anniversary since the legendary OpenMoko announcement at the "Open Source in Mobile" (7th of November 2006 in Amsterdam), I've been meaning to write an anthology or -- as Paul Fertser suggested on #openmoko-cdevel -- an obituary. I've been thinking about objectively describing the motivation, the momentum, how it all began and -- sadly -- ended. I did even plan to include interviews with Sean, Harald, Werner, and some of the other veterans. But as with oh so many projects of (too) wide scope this would probably never be completed. As November 2016 passed without any progress, I decided to do something different instead. Something way more limited in scope, but something I can actually finish. My subjective view of the project, my participation, and what I think is left behind: My story, as OpenMoko employee #2. On top of that you will see a bunch of previously unreleased photos (bear with me, I'm not a good photographer and the camera sucked as well). [....] Right now my main occupation is writing software for Apple's platforms -- and while it's nice to work on apps using a massive set of luxury frameworks and APIs, you're locked and sandboxed within the software layers Apple allows you. I'd love to be able to work on an open source Linux-based middleware again. However, the sad truth is that it looks like there is no business case anymore for a truly open platform based on custom-designed hardware, since people refuse to spend extra money for tweakability, freedom, and security. Despite us living in times where privacy is massively endangered.
Open Source

FreeBSD 11.1 Released (freebsd.org) 219

Billly Gates writes: Linux is not the only free open-source operating system. FreeBSD, which is based off of the historical BSD Unix in which TCP/IP was developed on from the University of California at Berkeley, has been updated. It does not include systemd nor PulseAudio and is popular in many web server installations and networking devices. FreeBSD 11.1 is out with improvements in UEFI and Amazon cloud support in addition to updated userland programs. EFI improvements including a new utility efivar(8) to manage UEFI variables, EFI boot from TFTP or NFS, as well as Microsoft Hyper-V UEFI and Secure Boot for generation 2 virtual machines for both Windows Server and Windows 10 Professional hosts. FreeBSD 11.1 also has extended support Amazon Cloud features. A new networking stack for Amazon has been added with the ena(4) driver, which adds support for Amazon EC2 platform. This also adds support for using Amazon EC2 NFS shares and support for the Amazon Elastic Filesystem for NFS. For application updates, FreeBSD 11.1 Clang, LLVM, LLD, LLDB, and libc++ to version 4.0.0. ZFS has been updated too with a new zfsbootcfg with minor performance improvements. Downloads are here which include Sparc, PowerPC, and even custom SD card images for Raspberry Pi, Beagle-bone and other devices.
Bug

DNS Lib Underscore Bug Bites Everyone's Favorite Init Tool, Blanks Netflix (theregister.co.uk) 292

Reader OneHundredAndTen writes and shares a report: Systemd doing what it does best. From a report on The Register: A few Penguinistas spent a weekend working out why they can't get through to Netflix from their Linux machines, because when they tried, their DNS lookups failed. The issue emerged over the weekend, when Gentoo user Dennis Schridde submitted a bug report to the Systemd project. Essentially, he described a failure within systemd-resolve, a Systemd component that turns human-readable domain names into IP addresses for software, like web browsers, to connect to. The Systemd resolver couldn't look up Netflix's servers for Schridde's web browser, according to the report. In his detailed post, Schridde said he expected this to happen: ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net gets resolved to 37.77.187.142 or 2a00:86c0:5:5::142. When in reality, that wasn't happening, so Netflix couldn't be reached on his box. His speculation that libidn2, which adds internationalised domain names support to the resolver, was at fault turned out to be accurate. Rebuilding Systemd without that library cleared the problem.

Slashdot Top Deals