Java

Red Hat Gives Ceylon To The Eclipse Foundation (eclipse.org) 70

An anonymous reader writes: Some media outlets called Ceylon an attempted "Java killer" when Gavin King first unveiled his secret two-year development project in 2011. In 2013 Red Hat finally released version 1.0 of the modern, modular statically-typed programming language for the Java and JavaScript virtual machines. After another four years, "Ceylon has a small but very active and enthusiastic community of developers and users, and indeed is the fruit of the hard work of a large number of contributors over the years," says a project proposal page at Eclipse.org seeking "to further grow our community... a key strategy to achieve that would be to move Ceylon from Red Hat to a vendor-neutral foundation."

That project has now been approved, and the "Eclipse Ceylon" project has been created. It includes the Ceylon distribution and its SDK, plus the Java2Ceylon converter and the Ceylon Herd project's server (and related services) for Ceylon module sharing. There's also three IDEs (and their code-formatting and functionality-sharing modules).

Back in 2011 InfoWorld predicted that instead of becoming a Java killer, "it is more likely Ceylon will join a growing list of new languages resting atop the JVM, while the Java language and platform will continue on as staples of enterprise computing."
Android

postmarketOS Pursues A Linux-Based, LTS OS For Android Phones (liliputing.com) 86

An anonymous reader quotes Liliputing: Buy an iPhone and you might get 4-5 years of official software updates. Android phones typically get 1-3 years of updates... if they get any updates at all. But there are ways to breathe new life into some older Android phones. If you can unlock the bootloader, you may be able to install a custom ROM like LineageOS and get unofficial software updates for a few more years. The folks behind postmarketOS want to go even further: they're developing a Linux-based alternative to Android with the goal of providing up to 10 years of support for old smartphones...

Right now postmarketOS is a touch-friendly operating system based on Alpine Linux that runs on a handful of devices including the Samsung Galaxy Nexus, Google Nexus 4, 5, and 7 (2012), and several other Samsung, HTC, LG, Motorola, and Sony smartphones. There are also ports for some non-Android phones such as the Nokia N900 and work-in-progress builds for the BlackBerry Bolt Touch 9900 and Jolla Phone. Note that when I say the operating system runs on those devices, I basically mean it boots. Some phones only have network access via a USB cable, for instance. None of the devices can actually be used to make phone calls. But here's the cool thing: the developers are hoping to create a single kernel that works with all supported devices, which means that postmarketOS would work a lot like a desktop operating system, allowing you to install the same OS on any smartphone with the proper hardware.

One postmarketOS developer complains that Android's architecture "is based on forking (one might as well say copy-pasting) the entire code-base for each and every device and Android version. And then working on that independent, basically instantly incompatible version. Especially adding device-specific drivers plays an important role... Here is the solution: Bend an existing Linux distribution to run on smartphones. Apply all necessary changes as small patches and upstream them, where it makes sense."
Desktops (Apple)

In Defense of the Popular Framework Electron (dev.to) 134

Electron, a popular framework that allows developers to write code once and seamlessly deploy it across multiple platforms, has been a topic of conversation lately among developers and users alike. Many have criticised Electron-powered apps to be "too memory intensive." A developer, who admittedly uses a high-end computer, shares his perspective: I can speak for myself when I say Electron runs like a dream. On a typical day, I'll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. [...] So, how does it feel to run this bloat train of death every day? Well, it feels like nothing. I don't notice it. My laptop doesn't get hot. I don't hear the fan. I experience no lags in any application. [...] But aside from how it makes end-users feel, there is an arguably more important perspective to be had: how it makes software companies feel. For context, the project I work in is an open-source cross-platform notes app that's available on most platforms, including web, Mac, Windows, Linux, iOS, and Android. All the desktop applications are based off the main web codebase, and are bundled using Electron, while the iOS and Android app use their own native codebases respectively, one in Swift and the other in Kotlin. And as a new company without a lot of resources, this setup has just barely allowed us to enter the marketplace. Three codebases is two too many codebases to maintain. Every time we make a change, we have to make it in three different places, violating the most sacred tenet of computer science of keeping it DRY. As a one-person team deploying on all these platforms, even the most minor change will take at minimum three development days, one for each codebase. This includes debugging, fixing, testing, bundling, deploying, and distributing every single codebase. This is by no means an easy task.
Debian

OpenSource.com Test-Drives Linux Distros From 1993 To 2003 (opensource.com) 80

An anonymous reader quotes OpenSource.com: A unique trait of open source is that it's never truly EOL (End of Life). The disc images mostly remain online, and their licenses don't expire, so going back and installing an old version of Linux in a virtual machine and getting a precise picture of what progress Linux has made over the years is relatively simple... Whether you're new to Linux, or whether you're such an old hand that most of these screenshots have been more biographical than historical, it's good to be able to look back at how one of the largest open source projects in the world has developed. More importantly, it's exciting to think of where Linux is headed and how we can all be a part of that, starting now, and for years to come.
The article looks at seven distros -- Slackware 1.01 (1993), Debian 0.91 (1994), Jurix/S.u.S.E. (1996), SUSE 5.1 (1998), Red Hat 6.0 (1999), Mandrake 8.0 (2001), and Fedora 1 (2003). Click through for some of the highlights.
GNOME

Canonical Needs Your Help Transitioning Ubuntu Linux From Unity To GNOME (ubuntu.com) 109

BrianFagioli quotes BetaNews: On August 24 and 25, the Ubuntu Desktop team will be holding a "Fit and Finish Sprint," where they will aggressively test GNOME. Canonical is also asking the Ubuntu community to help with this process. In other words, you might be able to assist with making Artful Aardvark even better.

What makes this particularly cool, however, is that Canonical will be selecting some community members to visit its London office on August 24 between 4 pm and 9 pm. "Over the two days we'll be scrutinizing the new GNOME Shell desktop experience, looking for anything jarring/glitchy or out of place," says Alan Pope, Community Manager. "We'll be working on the GTK, GDM and desktop theme alike, to fix inconsistencies, performance, behavioral or visual issues. We'll also be looking at the default key bindings, panel color schemes and anything else we discover along the way."

A few caveats: Canonical won't pay anyone's travel expenses to London, and "Ideally we're looking for people who are experienced in identifying (and fixing) theme issues, CSS experts and GNOME Shell / GTK themers."
AMD

AMD Confirms Linux 'Performance Marginality Problem' On Ryzen (phoronix.com) 120

An anonymous reader writes: Ryzen customers experiencing segmentation faults under Linux when firing off many compilation processes have now had their problem officially acknowledged by AMD. The company describes it as a "performance marginality problem" affecting some Ryzen customers and only on Linux. AMD confirmed Threadripper and Epyc processors are unaffected; they will be dealing with the issue on a customer-by-customer basis, and their future consumer products will see better Linux testing/validation. Ryzen customers believed to be affected by the problem can contact AMD Customer Care. Michael Larabel writes via Phoronix: "With the Ryzen segmentation faults on Linux they are found to occur with many, parallel compilation workloads in particular -- certainly not the workloads most Linux users will be firing off on a frequent basis unless intentionally running scripts like ryzen-test/kill-ryzen. As I've previously written, my Ryzen Linux boxes have been working out great except in cases of intentional torture testing with these heavy parallel compilation tasks. [AMD's] analysis has also found that these Ryzen segmentation faults aren't isolated to a particular motherboard vendor or the like, contrary to rumors/noise online due to the complexity of the problem."
Debian

OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support (debian.org) 76

An anonymous reader writes: Debian Linux "sid" is deprecating TLS 1.0 Encryption. A new version of OpenSSL has been uploaded to Debian Linux unstable. This version disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version. This will likely break certain things that for whatever reason still don't support TLS 1.2. I strongly suggest that if it's not supported that you add support for it, or get the other side to add support for it. OpenSSL made a release 5 years ago that supported TLS 1.2. The current support of the server side seems to be around 90%. I hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don't need to enable them again. This move caused some concern among Debian users and sysadmins. If you are running Debian Unstable on server tons of stuff is going to broken cryptographically. Not to mention legacy hardware and firmware that still uses TLS 1.0. On the client side (i.e. your users), you need to use the latest version of a browser such as Chrome/Chromium and Firefox. The Older version of Android (e.g. Android v5.x and earlier) do not support TLS 1.2. You need to use minimum iOS 5 for TLS 1.2 support. Same goes with SMTP/mail servers, desktop email clients, FTP clients and more. All of them using old outdated crypto.

This move will also affect for Android 4.3 users or stock MS-Windows 7/IE users (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto.

Red Hat Software

Red Hat Acquires Data-Cleaning Company Permabit (fortune.com) 85

An anonymous reader quotes Fortune: Business software company Red Hat said on Monday that it is acquiring the technology assets of Permabit, a small company that specializes in cleaning up corporate data to make storage more efficient and data access faster. Terms of the deal were not disclosed but a Red Hat spokesman said 16 people from Permabit will be joining that company...

While the conventional wisdom is that data storage is cheap, it is not free. And with companies turning to more expensive flash storage, it saves money to remove redundant data, said Richard Fichera, vice president and principal analyst at Forrester Research... Red Hat, which sells a version of the Linux operating system used by many Fortune 500 companies, also offers its own storage software. And, it wants to become a more formidable challenger in data storage, a goal that can be furthered by buying Permabit's technology, Fichera said.

Slashdot reader See Attached points out that this week Red Hat also released RHEL 7.4, which introduces support for Network Bound Disk Encryption (NBDE) and system protection against intrusive USB devices.
Open Source

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 307

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Ubuntu

Ubuntu Will Revert Window Controls To the Right-Hand Side in Next Release (neowin.net) 171

Following a survey carried out last month, Ubuntu will begin shipping with the minimise, maximise, and close buttons on the right-hand side of windows. From a report: In the survey 46.2% of people said they prefer their window controls on the left-hand side and 53.8% said they prefer them on the right. The decision comes after seven years of window controls being on the left, at the time it had plenty of detractors but Ubuntu founder, Mark Shuttleworth, maintained that the controls needed shifting to the left because they'd be in the way of the then newly introduced window indicators.
Python

It Will Take Fedora More Releases To Switch Off Python 2 (phoronix.com) 94

An anonymous reader quotes Phoronix: Finalizing Fedora's switch from Python 2 to Python 3 by default is still going to take several more Fedora release cycles and should be done by the 2020 date when Python 2 will be killed off upstream. While much of Fedora's Python code is now compatible with Py3, the /usr/bin/python still points to Python 2, various python-* packages still mean Python 2... The end game is to eventually get rid of Python 2 from Fedora but that is even further out.
Fedora is now gathering feedback on a Wiki page explaining the switch.
Cloud

Microsoft Further Pledges Linux Loyalty, Joins Cloud Native Computing Foundation (betanews.com) 109

BrianFagioli quotes BetaNews: Today, Microsoft further pledges its loyalty to Linux and open source by becoming a platinum member of the Cloud Native Computing Foundation. If you aren't familiar, the CNCF is a part of the well-respected Linux Foundation (of which Microsoft is also a member). With the Windows-maker increasingly focusing its efforts on the cloud -- and profiting from it -- this seems like a match made in heaven. In fact, Dan Kohn, Executive Director of the foundation says, "We are honored to have Microsoft, widely recognized as one of the most important enterprise technology and cloud providers in the world, join CNCF as a platinum member."

"CNCF is a part of the Linux Foundation, which helps govern for a wide range of cloud-oriented open source projects, such as Kubernetes, Prometheus, OpenTracing, Fluentd, Linkerd, containerd, Helm, gRPC, and many others," says John Gossman Azure Architect, Microsoft. "Since we joined the Linux Foundation last year, and now have decided to expand that relationship to CNCF membership as a natural next step to invest in open source communities and code at multiple levels, especially in the area of containers."

The announcement notes that Microsoft has already been contributing code to the Kubernetes project, "as well as running Kubernetes as part of the Azure Container Service."
Debian

Systemd Named 'Lamest Vendor' At Pwnie Security Awards (theregister.co.uk) 436

Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports: The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...

And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"

CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.
Windows

Microsoft's 'Windows Subsystem For Linux' Finally Leaves Beta (microsoft.com) 163

An anonymous reader quotes Microsoft's Developer blog: Early adopters on the Windows Insider program will notice that Windows Subsystem for Linux is no longer marked as a beta feature as of Insider build 16251. This will be great news for those who've held-back from employing WSL as a mainline toolset: You'll now be able to leverage WSL as a day-to-day developer toolset, and become ever more productive when building, testing, deploying, and managing your apps and systems on Windows 10... What will change is that you will gain the added advantage of being able to file issues on WSL and its Windows tooling via our normal support mechanisms if you want/need to follow a more formal issue resolution process. You can also provide feedback via Windows 10 Feedback Hub app, which delivers feedback directly to the team.
Microsoft points out that distro-publishers are still responsible for supporting and fixing the internals of their distros -- and they have no plans to support X/GUI apps or desktops. And of course, Linux files are not currently accessible from Windows -- though Microsoft says they're working on a fix.
Open Source

OpenMoko: Ten Years After (vanille.de) 48

Michael Lauer, member of the core team at OpenMoko, a project that sought to create a family of open source mobile phones -- which included the hardware specs and the Linux-based OS -- has shared the inside story of what the project wanted to do and why it failed. From his blog post: For the 10th anniversary since the legendary OpenMoko announcement at the "Open Source in Mobile" (7th of November 2006 in Amsterdam), I've been meaning to write an anthology or -- as Paul Fertser suggested on #openmoko-cdevel -- an obituary. I've been thinking about objectively describing the motivation, the momentum, how it all began and -- sadly -- ended. I did even plan to include interviews with Sean, Harald, Werner, and some of the other veterans. But as with oh so many projects of (too) wide scope this would probably never be completed. As November 2016 passed without any progress, I decided to do something different instead. Something way more limited in scope, but something I can actually finish. My subjective view of the project, my participation, and what I think is left behind: My story, as OpenMoko employee #2. On top of that you will see a bunch of previously unreleased photos (bear with me, I'm not a good photographer and the camera sucked as well). [....] Right now my main occupation is writing software for Apple's platforms -- and while it's nice to work on apps using a massive set of luxury frameworks and APIs, you're locked and sandboxed within the software layers Apple allows you. I'd love to be able to work on an open source Linux-based middleware again. However, the sad truth is that it looks like there is no business case anymore for a truly open platform based on custom-designed hardware, since people refuse to spend extra money for tweakability, freedom, and security. Despite us living in times where privacy is massively endangered.

Slashdot Top Deals