FOSS News #6 - Free and Open Source News Review March 2-8, 2020

Hi all!

We continue to review the news of free and open source software (and some hardware). All the most important things about penguins and not only in Russia and the world.

In issue No. 6, March 2–8, 2020:

1. Chrome OS Release 80
2. Bulk revocation of Let's Encrypt certificates
3. Removal of Eric Raymond from OSI mailing lists and ethical issues in public licenses
4. What's the Linux and where did hundreds of distributions come from?
5. A Google-free fork Android achieved good results
6. 3 reasons why system integrators should use Open Source systems
7. Open Source is getting bigger and richer, says SUSE
8. Red Hat Expands Its Certification Programs
9. A competition for Open Source-based programs to solve climate problems has been announced
10. The future of Open Source licenses is changing
11. 17-year-old vulnerability in PPPD exposes Linux-systems at risk of remote attacks
12. Fuchsia OS enters testing phase on Google employees
13. Session – Open Source messenger without the need to provide a phone number
14. The KDE Connect project now has a website
15. Release of Porteus Kiosk 5.0.0
16. APT 2.0 package manager release
17. PowerShell 7.0 release
18. Linux The Foundation has entered into an agreement with OSTIF to conduct a security audit.
19. InnerSource: How Open Source Best Practices Help Enterprise Development Teams
20. What is it like to run a 100% Open Source business?
21. X.Org/FreeDesktop.org is looking for sponsors or will be forced to abandon CI
22. The most common security problems when working with FOSS
23. The Evolution of Kali Linux: What is the future of the distribution?
24. Advantages of Kubernetes in cloud infrastructure on bare metal
25. Spotify opens sources of Terraform ML module
26. Drauger OS – another GNU/Linux distribution for games
27. 8 knives in the back Linux: from love to hate, one bug

Chrome OS Release 80

OpenNET announces the release of ChromeOS 80, a new web-focused operating system designed primarily for Chromebooks, but also available through unofficial builds for desktop computers with x86, x86_64, and ARM processors. ChromeOS is based on the open-source Chromium OS and uses the kernel LinuxKey changes in the new version:

1. support for auto-rotating the screen when connecting an external input device;
2. environment for launching Linux-applications updated to Debian 10;
3. on tablets with a touch screen, instead of a full virtual keyboard on the system login and lock screens, it is possible to display a compact number pad by default;
4. Support for Ambient EQ technology has been implemented, which allows you to automatically adjust the white balance and color temperature of the screen, making the picture more natural and not tiring your eyes;
5. Improved launch layer environment Android-applications;
6. the interface for unobtrusive display of notifications about requests for permissions by sites and web applications has been activated;
7. An experimental mode for horizontal navigation across open tabs has been added, working in the Chrome style for Android and displays, in addition to headings, large thumbnails of pages linked to tabs;
8. An experimental gesture control mode has been added, allowing you to conveniently control the interface on devices with touch screens.

Details

Bulk revocation of Let's Encrypt certificates

OpenNET writes that Let's Encrypt, a non-profit certificate authority that is controlled by the community and offers certificates for free to everyone, has warned that many previously issued TLS/SSL certificates will be revoked. On March 4, a little more than 3 million of the 116 million valid certificates were revoked, that is, 2.6%. "The error occurs if the certificate request covers several domain names at once, each of which requires a CAA record check. The essence of the error is that at the time of re-checking, instead of validating all domains, only one domain from the list was re-checked (if the request had N domains, instead of N different checks, one domain was checked N times). For the remaining domains, a second check was not performed and the data from the first check was used when making a decision (i.e., data that was up to 30 days old was used). As a result, within 30 days after the first verification, Let's Encrypt could issue a certificate, even if the value of the CAA record was changed and Let's Encrypt was removed from the list of acceptable certification authorities“- explains the publication.

Details

Removal of Eric Raymond from OSI mailing lists and ethical issues in public licenses

OpenNET reports that Eric Raymond says he has been blocked from accessing Open Source Initiative (OSI) mailing lists. Raymond is an American programmer and hacker, author of the trilogy “The Cathedral and the Bazaar”, “Populating the Noosphere” and “The Magic Cauldron”, which describes the ecology and ethology of software development, co-founder of OSI. According to OpenNET, the reason was that Eric "too persistently opposed a different interpretation of the fundamental principles prohibiting in a license the infringement of the rights of certain groups and discrimination in the field of application" And the publication also reveals Raymond’s assessment of what is happening in the organization - “Instead of the principles of meritocracy and the “show me the code” approach, a new model of behavior is being imposed, according to which no one should feel uncomfortable. The effect of such actions is to reduce the prestige and autonomy of the people who do the work and write the code, in favor of self-appointed guardians of noble manners" Remembering the recent story with Richard Stallman becomes especially sad.

Details

What's the Linux and where did hundreds of distributions come from?

It's FOSS is giving you a primer on what it is. Linux (confusion in terminology is indeed widespread) and where did the 100500 distributions come from, drawing an analogy with engines and the various means of transportation that use them.

Details

A Google-free fork Android achieved good results

It's FOSS writes that a few years ago the Eelo project was started by Gaël Duval, who once created Mandrake LinuxEelo's goal was to remove all Google services from Android To give you an alternative mobile operating system that doesn't track you or infringe on your privacy. A lot has happened with Eelo (now /e/) since then, and the publication is publishing an interview with Duval himself.

The Interview

3 reasons why system integrators should use Open Source systems

Security Sales & Integration emphasizes that Open Source systems have special qualities that allow system integrators to create customized solutions specifically for the unique needs of their clients. And there are three reasons for this

1. Open Source systems are flexible;
2. Open Source systems promote innovation;
3. Open Source systems are simpler.

Details

Open Source is getting bigger and richer, says SUSE

ZDNet examines the topic of growing financial flows into Open Source companies and gives the example of SUSE. Melissa Di Donato, SUSE's new CEO, believes that SUSE's business model allows it to grow quickly. To illustrate this, she pointed to the company's nine years of continuous growth. Last year alone, SUSE recorded nearly 300% growth in app delivery subscription revenue.

Details

Red Hat Expands Its Certification Programs

Red Hat is enhancing its partner offerings built around the company's cloud ecosystem solutions through the Red Hat Partner Connect program, TFIR reports. The program offers partners a set of tools and capabilities to automate, leverage, and modernize modern development for leading enterprise software. Linux Red Hat Enterprise systems Linux and for the Kubernetes platform Red Hat OpenShift.

Details

A competition for Open Source-based programs to solve climate problems has been announced

TFIR reports – IBM and the David Clark Cause in partnership with the United Nations Human Rights and Linux The Foundation announced the Call for Code Global Challenge 2020. This competition calls on participants to create innovative programs based on open source technologies to help halt and reverse humanity's impact on climate change.

Details

The future of Open Source licenses is changing

Computer Weekly wondered about the future of Open Source licenses in light of problems with their free use by corporations. Libraries filled with amazing features written by world-class experts can and should be the foundation on which new projects are built. This is one of the concepts that has made using Open Source software the most efficient way to create new code. However, some Open Source companies feel that their business models are being rendered unviable by cloud services that use their code and make a lot of money from it without giving anything back. As a result, some include restrictions in their licenses to prevent such use. Does this mean the end of Open Source, the publication asks and understands the topic.

Details

Project Zephyr by Linux Foundation – Opening New Horizons in the World of IoT

With so much emphasis on open source software and platforms, we sometimes lose sight of how hardware continues to evolve through the community's own development and standardization efforts. Linux The Foundation recently announced its Zephyr project, which builds a secure and flexible real-time operating system (RTOS) for the Internet of Things (IoT). And Adafruit, an exciting company that enables makers to create DIY electronic products, recently joined the project.

Details

17-year-old vulnerability in PPPD exposes Linux-systems at risk of remote attacks

The US-CERT team has warned of a critical vulnerability CVE-2020-8597 in the PPP protocol daemon implemented in most operating systems based on Linux, as well as in various network devices. The issue allows, by crafting and sending a specially crafted packet to a vulnerable device, to exploit a buffer overflow, remotely execute arbitrary code without authorization, and gain complete control over the device. PPPD often runs with superuser privileges, making the vulnerability particularly dangerous. However, a fix already exists, for example, in Ubuntu The problem can be fixed by simply updating the package.

Details

Fuchsia OS enters testing phase on Google employees

OpenNET reports - The open source operating system Fuchsia, developed by Google, is entering final internal testing, which means the OS will be used in daily work by employees before being released to general users. The publication reminds, “As part of the Fuchsia project, Google is developing a universal operating system capable of running on all types of devices, from workstations and smartphones to embedded and consumer devices. The development is being guided by lessons learned from the platform's creation. Android and takes into account the shortcomings in the areas of scalability and security»

Details

Session – Open Source messenger without the need to provide a phone number

It's FOSS talks about the new Session messenger, a fork of Signal. Here are its features:

1. no phone number is required (lately this is, of course, a downright innovation, but before all messengers somehow lived without it - approx. Gim6626);
2. use of a decentralized network, blockchain and other crypto technologies;
3. cross-platform;
4. special privacy options;
5. group chats, voice messages, sending attachments, in short, everything else that is almost everywhere.

Details

The KDE Connect project now has a website

The KDE community on VKontakte reports that the KDE Connect utility now has its own website kdeconnect.kde.org. On the website you can download utilities, read the latest project news and find out how to join the development. "KDE Connect is a utility for synchronizing notifications and clipboards between devices, transferring files, and remote control. KDE Connect is built into Plasma (Desktop and Mobile), comes as a GNOME extension (GSConnect), and is available as a standalone application for Android and Sailfish. Early builds have been prepared for Windows и macOS“- explains the community.

Source

Release of Porteus Kiosk 5.0.0

Linux.org.ru announces the release of version 5.0.0 of the Porteus Kiosk distribution for quickly deploying demo stands and self-service kiosks. The image size is only 104 MB.The Porteus Kiosk distribution includes the minimum environment required to run a web browser (Mozilla Firefox or Google Chrome) with reduced rights - changing settings, installing add-ons or applications is prohibited, and access to pages not included in the white list is denied. There is also a pre-installed ThinClient for the terminal to work as a thin client. The distribution kit is configured using a special setup wizard combined with the installer - KIOSK WIZARD. After loading, the OS verifies all components using checksums, and the system is mounted in a read-only state“- writes the publication. Main changes in the new version:

1. The package database is synchronized with the Gentoo repository on 2019.09.08/XNUMX/XNUMX:
   1. The kernel has been updated to version Linux 5.4.23;
   2. Google Chrome has been updated to version 80.0.3987.122;
   3. Mozilla Firefox has been updated to version 68.5.0 ESR;
2. there is a new utility for adjusting the speed of the mouse cursor;
3. it became possible to configure intervals for changing browser tabs of different durations in kiosk mode;
4. Firefox was taught to display images in TIFF format (through intermediate conversion to PDF format);
5. system time is now synchronized with the NTP server every day (previously synchronization only worked when the terminal was rebooted);
6. a virtual keyboard has been added to make it easier to enter the session password (previously a physical keyboard was required).

Source

APT 2.0 package manager release

OpenNET announces the release of version 2.0 of the Advanced Package Tool (APT) package management toolkit, developed by the project Debian. Besides Debian and distributions derived from it (for example, Ubuntu) APT is also used in some rpm-based distributions, such as PCLinuxOS and ALT LinuxThe new release will be integrated into the branch soon. Debian Unstable and in the package database UbuntuSome innovations:

1. support for wildcards in commands that accept package names;
2. added "satisfy" command to satisfy dependencies specified in a string passed as an argument;
3. adding packages from other branches without updating the entire system, for example, it became possible to install packages from testing or unstable into stable;
4. Waiting for the dpkg lock to be released (if unsuccessful, displays the name and pid of the process holding the lock file).

Details

PowerShell 7.0 release

Microsoft has released PowerShell 7.0, the source code for which was open-sourced in 2016 under the MIT license, according to OpenNET. The new release is designed not only for Windows, and for Linux и macOS that holds the top spot. "PowerShell is optimized for automating command line operations and provides built-in tools for processing structured data in formats such as JSON, CSV, and XML, as well as support for REST APIs and object models. In addition to the command shell, it offers an object-oriented language for developing scripts and a set of utilities for managing modules and scripts“- explains the publication. Among the innovations added in PowerShell 7.0:

1. support for channel parallelization (pipeline) using the “ForEach-Object -Parallel” construct;
2. conditional assignment operator "a? b: c";
3. conditional launch operators "||" And "&&";
4. logical operators "??" and "??=";
5. improved dynamic error viewing system;
6. interlayer for compatibility with modules for Windows PowerShell;
7. automatic notification of a new version;
8. the ability to call DSC (Desired State Configuration) resources directly from PowerShell.

Details

Linux The Foundation has entered into an agreement with OSTIF to conduct a security audit.

Security Lab reports that Linux Foundation and the Open Source Technology Improvement Foundation (OSTIF) have entered into a partnership to improve the security of open source software for enterprise users through security auditing.Strategic partnership with OSTIF will allow Linux Foundation to expand its efforts to conduct security audits. OSTIF will be able to share its audit resources through the launched Linux Foundation platform CommunityBridge and other organizations supporting developers and projects“- explains the publication.

Details

InnerSource: How Open Source Best Practices Help Enterprise Development Teams

Security Boulevard writes - Open source legends say that Tim O'Reilly coined the term InnerSource back in 2000. While O'Reilly admits he doesn't remember coining the term, he did remember recommending that IBM in the late 1990s embrace some of the elements that make open source magic, namely "collaboration, community, and low barriers to entry for those who wanted to share with each other.” Today, more and more organizations are adopting InnerSource as a strategy, using the techniques and philosophy that provide the foundation of open source and make it great, to improve their internal development processes.

Details

What is it like to run a 100% Open Source business?

SDTimes takes up the (hard) struggles of companies doing Open Source business. And while database market experts in particular agree that open source is becoming the norm, the question remains, how open is open source software in this sector? Can software vendors really succeed in a 100% open source company? Additionally, can a freemium proprietary infrastructure software provider achieve the same benefits as open source providers? How to make money on Open Source? The publication tried to answer these questions.

Details

X.Org/FreeDesktop.org is looking for sponsors or will be forced to abandon CI

Phoronix reports financial problems with the X.Org Foundation. The fund estimates its annual hosting costs this year at $75 and projects expenses of $90 for 2021. Hosting gitlab.freedesktop.org is carried out in the Google cloud. Due to rising costs and a lack of guaranteed recurring donors, while ongoing hosting costs are unsustainable, the X.Org Foundation may need to turn off the CI feature (costing around $30K per year) in the coming months unless they receive additional funding . The X.Org Foundation Board issued an early warning on the mailing list and a call for any donors. GitLab FreeDesktop.org provides hosting not only for X.Org, but also for Wayland, Mesa and related projects, as well as networks such as PipeWire, Monado XR, LibreOffice and many other open source desktop projects, the publication adds .

Details

The most common security problems when working with FOSS

Analytics India Mag examines the topic of FOSS security. Free and open source software has become an important aspect of the global economy in the new century. It has been analyzed that FOSS accounts for approximately 80-90% of any given piece of modern software. It's worth noting that software is becoming an increasingly important resource for virtually all businesses, both public and private. But there are many problems with FOSS, according to Linux Foundation, the publication writes, listing the most common ones:

1. analysis of the long-term safety and health of free and open source software;
2. lack of standardized naming;
3. security of individual developer accounts.

Details

The Evolution of Kali Linux: What is the future of the distribution?

HelpNetSecurity looks back at the past of Kali, the most popular vulnerability testing distribution. Linux and raises the question of its future, examining issues of the distribution's user base, development and feedback, development and plans for the future.

Details

Advantages of Kubernetes in cloud infrastructure on bare metal

Ericsson discusses the use of Kubernetes in a cloud infrastructure without virtualization and states that the total cost savings of deploying Kubernetes on bare metal compared to virtualized infrastructure can be up to 30%, depending on the application and configuration.

Details

Spotify opens sources of Terraform ML module

InfoQ reports – Spotify is opening up its Terraform module to run Kubeflow machine learning pipeline software on Google Kubernetes Engine (GKE). By switching their own ML platform to Kubeflow, Spotify engineers have achieved a faster path to production and run 7x more experiments than on the previous platform.

Details

Drauger OS – another GNU/Linux distribution for games

It's FOSS writes - for years (or decades) people have complained that one of the reasons not to use Linux is the lack of mass games. Games in Linux have improved significantly over the past few years, especially with the advent of the Steam Proton project, which allows you to play many games originally created only for Windowsof the Linux. The Drauger OS distribution, based on UbuntuDrauger OS comes with several apps and tools installed out of the box to enhance your gaming experience. These include:

1. PlayOnLinux
2. WINE
3. lutris
4. Steam
5. DXVK extension

There are other reasons why gamers might be interested in it.

Details

8 knives in the back Linux: from love to hate, one bug

3D News decided to dismantle GNU/Linux "Bone by bone" and present all the accumulated complaints about the product itself and the community, although it may have cast a dark shadow. The analysis proceeds point by point, attempting to refute the following arguments:

1. Linux everywhere;
2. Linux free;
3. Linux free;
4. Linux safe;
5. В Linux the best way to distribute software;
6. В Linux no problems with software;
7. Linux works more efficiently with resources;
8. Linux convenient.

But it ends the publication on a positive note and, answering the question of who is to blame for all the problems mentioned with GNU/Linuxwrites “We! Linux — a wonderful, universal, flexible and powerful operating system with, unfortunately, not the best community around it».

Details

That's all, until next Sunday!

Subscribe to our Telegram channel or RSS so you don't miss out on new editions of FOSS News.

Previous issue

Source: habr.com