FOSS News #6 - Free and Open Source News Review March 2-8, 2020

Hi all!

We continue to review the news of free and open source software (and some hardware). All the most important things about penguins and not only in Russia and the world.

In issue No. 6, March 2–8, 2020:

1. Chrome OS Release 80
2. Bulk revocation of Let's Encrypt certificates
3. Removal of Eric Raymond from OSI mailing lists and ethical issues in public licenses
4. What is Linux and where do hundreds of distributions come from?
5. Google's Android fork achieves good results
6. 3 reasons why system integrators should use Open Source systems
7. Open Source is getting bigger and richer, says SUSE
8. Red Hat Expands Its Certification Programs
9. A competition for Open Source-based programs to solve climate problems has been announced
10. The future of Open Source licenses is changing
11. 17-year-old PPPD vulnerability puts Linux systems at risk of remote attacks
12. Fuchsia OS enters testing phase on Google employees
13. Session – Open Source messenger without the need to provide a phone number
14. The KDE Connect project now has a website
15. Release of Porteus Kiosk 5.0.0
16. APT 2.0 package manager release
17. PowerShell 7.0 release
18. The Linux Foundation has entered into an agreement with OSTIF to conduct a security audit
19. InnerSource: How Open Source Best Practices Help Enterprise Development Teams
20. What is it like to run a 100% Open Source business?
21. X.Org/FreeDesktop.org is looking for sponsors or will be forced to abandon CI
22. The most common security problems when working with FOSS
23. The evolution of Kali Linux: what is the future of the distribution?
24. Advantages of Kubernetes in cloud infrastructure on bare metal
25. Spotify opens sources of Terraform ML module
26. Drauger OS - another GNU/Linux distribution for games
27. 8 knives in the back of Linux: from love to hate one bug

Chrome OS Release 80

OpenNET announces the release of a new version of ChromeOS 80, an operating system with a strong focus on web applications and designed primarily for Chromebooks, but also available via unofficial builds for mainstream x86, x86_64, and ARM-based computers. ChromeOS is based on the open Chromium OS and uses the Linux kernel. Main changes in the new version:

1. support for auto-rotating the screen when connecting an external input device;
2. the environment for running Linux applications has been updated to Debian 10;
3. on tablets with a touch screen, instead of a full virtual keyboard on the system login and lock screens, it is possible to display a compact number pad by default;
4. Support for Ambient EQ technology has been implemented, which allows you to automatically adjust the white balance and color temperature of the screen, making the picture more natural and not tiring your eyes;
5. The environment of the layer for launching Android applications has been improved;
6. the interface for unobtrusive display of notifications about requests for permissions by sites and web applications has been activated;
7. added an experimental horizontal navigation mode for open tabs, working in the style of Chrome for Android and displaying, in addition to headers, large thumbnails of pages associated with tabs;
8. An experimental gesture control mode has been added, allowing you to conveniently control the interface on devices with touch screens.

Details

Bulk revocation of Let's Encrypt certificates

OpenNET writes that Let's Encrypt, a non-profit certificate authority that is controlled by the community and offers certificates for free to everyone, has warned that many previously issued TLS/SSL certificates will be revoked. On March 4, a little more than 3 million of the 116 million valid certificates were revoked, that is, 2.6%. "The error occurs if the certificate request covers several domain names at once, each of which requires a CAA record check. The essence of the error is that at the time of re-checking, instead of validating all domains, only one domain from the list was re-checked (if the request had N domains, instead of N different checks, one domain was checked N times). For the remaining domains, a second check was not performed and the data from the first check was used when making a decision (i.e., data that was up to 30 days old was used). As a result, within 30 days after the first verification, Let's Encrypt could issue a certificate, even if the value of the CAA record was changed and Let's Encrypt was removed from the list of acceptable certification authorities“- explains the publication.

Details

Removal of Eric Raymond from OSI mailing lists and ethical issues in public licenses

OpenNET reports that Eric Raymond says he has been blocked from accessing Open Source Initiative (OSI) mailing lists. Raymond is an American programmer and hacker, author of the trilogy “The Cathedral and the Bazaar”, “Populating the Noosphere” and “The Magic Cauldron”, which describes the ecology and ethology of software development, co-founder of OSI. According to OpenNET, the reason was that Eric "too persistently opposed a different interpretation of the fundamental principles prohibiting in a license the infringement of the rights of certain groups and discrimination in the field of application" And the publication also reveals Raymond’s assessment of what is happening in the organization - “Instead of the principles of meritocracy and the “show me the code” approach, a new model of behavior is being imposed, according to which no one should feel uncomfortable. The effect of such actions is to reduce the prestige and autonomy of the people who do the work and write the code, in favor of self-appointed guardians of noble manners" Remembering the recent story with Richard Stallman becomes especially sad.

Details

What is Linux and where do hundreds of distributions come from?

It's FOSS conducts an educational program about what Linux is (confusion in terminology is indeed widespread) and where 100500 distributions come from, drawing an analogy with engines and various vehicles that use them.

Details

Google's Android fork achieves good results

It's FOSS writes that several years ago the Eelo project appeared, started by Gael Duval, who once created Mandrake Linux. Eelo's goal was to remove all Google services from Android to give you an alternative mobile operating system that doesn't track you or invade your privacy. A lot of interesting things have happened with Eelo (now /e/) since then and the publication publishes an interview with Duval himself.

The Interview

3 reasons why system integrators should use Open Source systems

Security Sales & Integration emphasizes that Open Source systems have special qualities that allow system integrators to create customized solutions specifically for the unique needs of their clients. And there are three reasons for this

1. Open Source systems are flexible;
2. Open Source systems promote innovation;
3. Open Source systems are simpler.

Details

Open Source is getting bigger and richer, says SUSE

ZDNet examines the topic of growing financial flows into Open Source companies and gives the example of SUSE. Melissa Di Donato, SUSE's new CEO, believes that SUSE's business model allows it to grow quickly. To illustrate this, she pointed to the company's nine years of continuous growth. Last year alone, SUSE recorded nearly 300% growth in app delivery subscription revenue.

Details

Red Hat Expands Its Certification Programs

Red Hat is improving its partner offerings built around the company's cloud ecosystem solutions through the Red Hat Partner Connect program, TFIR reports. The program offers partners a set of tools and capabilities to automate, enhance and modernize modern development for the leading enterprise Linux system Red Hat Enterprise Linux and for the Kubernetes platform Red Hat OpenShift.

Details

A competition for Open Source-based programs to solve climate problems has been announced

TFIR reports - IBM and David Clark Cause, in partnership with the United Nations Human Rights and the Linux Foundation, have announced the Call for Code Global Challenge 2020. This competition encourages participants to create innovative programs based on Open Source technologies to help stop and reverse humanity's impact on climate change.

Details

The future of Open Source licenses is changing

Computer Weekly wondered about the future of Open Source licenses in light of problems with their free use by corporations. Libraries filled with amazing features written by world-class experts can and should be the foundation on which new projects are built. This is one of the concepts that has made using Open Source software the most efficient way to create new code. However, some Open Source companies feel that their business models are being rendered unviable by cloud services that use their code and make a lot of money from it without giving anything back. As a result, some include restrictions in their licenses to prevent such use. Does this mean the end of Open Source, the publication asks and understands the topic.

Details

The Linux Foundation's Zephyr Project - Breaking New Ground in the World of IoT

With so much emphasis on open source software and platforms, we sometimes lose sight of how hardware continues to evolve through the community's own development and standardization efforts. The Linux Foundation recently announced its Zephyr project, which is building a secure and flexible real-time operating system (RTOS) for the Internet of Things (IoT). And recently Adafruit, an interesting company that allows manufacturers to create DIY electronic products, joined the project.

Details

17-year-old PPPD vulnerability puts Linux systems at risk of remote attacks

The US-CERT team has warned of a critical vulnerability CVE-2020-8597 in the PPP protocol daemon implemented in most Linux-based operating systems, as well as in various network devices. The problem allows, by generating and sending a special packet to a vulnerable device, to exploit a buffer overflow, remotely execute arbitrary code without authorization, and gain full control over the device. PPPD often runs with superuser rights, making the vulnerability particularly dangerous. However, there is already a fix and, for example, in Ubuntu you can fix the problem simply by updating the package.

Details

Fuchsia OS enters testing phase on Google employees

OpenNET reports - The open source operating system Fuchsia, developed by Google, is entering final internal testing, which means the OS will be used in daily work by employees before being released to general users. The publication reminds, “As part of the Fuchsia project, Google is developing a universal operating system that can run on any type of device, from workstations and smartphones to embedded and consumer technology. Development is carried out taking into account the experience of creating the Android platform and takes into account shortcomings in the field of scaling and security»

Details

Session – Open Source messenger without the need to provide a phone number

It's FOSS talks about the new Session messenger, a fork of Signal. Here are its features:

1. no phone number is required (lately this is, of course, a downright innovation, but before all messengers somehow lived without it - approx. Gim6626);
2. use of a decentralized network, blockchain and other crypto technologies;
3. cross-platform;
4. special privacy options;
5. group chats, voice messages, sending attachments, in short, everything else that is almost everywhere.

Details

The KDE Connect project now has a website

The KDE community on VKontakte reports that the KDE Connect utility now has its own website kdeconnect.kde.org. On the website you can download utilities, read the latest project news and find out how to join the development. "KDE Connect is a utility for synchronizing notifications and clipboard between devices, transferring files and remote control. KDE Connect is built into Plasma (Desktop and Mobile), comes as an extension for GNOME (GSConnect), and is available as a standalone application for Android and Sailfish. Early builds for Windows and macOS have been prepared“- explains the community.

Source

Release of Porteus Kiosk 5.0.0

Linux.org.ru announces the release of a new version 5.0.0 of the Porteus Kiosk distribution for the rapid deployment of demonstration stands and self-service terminals. The image size is only 104 MB. "The Porteus Kiosk distribution includes the minimum environment required to run a web browser (Mozilla Firefox or Google Chrome) with reduced rights - changing settings, installing add-ons or applications is prohibited, and access to pages not included in the white list is denied. There is also a pre-installed ThinClient for the terminal to work as a thin client. The distribution kit is configured using a special setup wizard combined with the installer - KIOSK WIZARD. After loading, the OS verifies all components using checksums, and the system is mounted in a read-only state“- writes the publication. Main changes in the new version:

1. The package database is synchronized with the Gentoo repository on 2019.09.08/XNUMX/XNUMX:
   1. the kernel has been updated to Linux version 5.4.23;
   2. Google Chrome has been updated to version 80.0.3987.122;
   3. Mozilla Firefox has been updated to version 68.5.0 ESR;
2. there is a new utility for adjusting the speed of the mouse cursor;
3. it became possible to configure intervals for changing browser tabs of different durations in kiosk mode;
4. Firefox was taught to display images in TIFF format (through intermediate conversion to PDF format);
5. system time is now synchronized with the NTP server every day (previously synchronization only worked when the terminal was rebooted);
6. a virtual keyboard has been added to make it easier to enter the session password (previously a physical keyboard was required).

Source

APT 2.0 package manager release

OpenNET announces the release of version 2.0 of the APT (Advanced Package Tool) package management tool developed by the Debian project. In addition to Debian and its derivative distributions (such as Ubuntu), APT is also used in some rpm-based distributions, such as PCLinuxOS and ALT Linux. The new release will soon be integrated into the Debian Unstable branch and into the Ubuntu package base. Some innovations:

1. support for wildcards in commands that accept package names;
2. added "satisfy" command to satisfy dependencies specified in a string passed as an argument;
3. adding packages from other branches without updating the entire system, for example, it became possible to install packages from testing or unstable into stable;
4. Waiting for the dpkg lock to be released (if unsuccessful, displays the name and pid of the process holding the lock file).

Details

PowerShell 7.0 release

Microsoft has unveiled the release of PowerShell 7.0, the source code of which was opened in 2016 under the MIT license, OpenNET reports. The new release is prepared not only for Windows, but also for Linux and macOS. "PowerShell is optimized for automating command line operations and provides built-in tools for processing structured data in formats such as JSON, CSV, and XML, as well as support for REST APIs and object models. In addition to the command shell, it offers an object-oriented language for developing scripts and a set of utilities for managing modules and scripts“- explains the publication. Among the innovations added in PowerShell 7.0:

1. support for channel parallelization (pipeline) using the “ForEach-Object -Parallel” construct;
2. conditional assignment operator "a? b: c";
3. conditional launch operators "||" And "&&";
4. logical operators "??" and "??=";
5. improved dynamic error viewing system;
6. layer for compatibility with modules for Windows PowerShell;
7. automatic notification of a new version;
8. the ability to call DSC (Desired State Configuration) resources directly from PowerShell.

Details

The Linux Foundation has entered into an agreement with OSTIF to conduct a security audit

Security Lab reports that the Linux Foundation and the Open Source Technology Improvement Fund (OSTIF) have entered into a partnership to improve the security of open source software for enterprise users through security auditing. "The strategic partnership with OSTIF will allow the Linux Foundation to expand its security auditing efforts. OSTIF will be able to share its auditing resources through the Linux Foundation's CommunityBridge platform and other organizations supporting developers and projects“- explains the publication.

Details

InnerSource: How Open Source Best Practices Help Enterprise Development Teams

Security Boulevard writes - Open source legends say that Tim O'Reilly coined the term InnerSource back in 2000. While O'Reilly admits he doesn't remember coining the term, he did remember recommending that IBM in the late 1990s embrace some of the elements that make open source magic, namely "collaboration, community, and low barriers to entry for those who wanted to share with each other.” Today, more and more organizations are adopting InnerSource as a strategy, using the techniques and philosophy that provide the foundation of open source and make it great, to improve their internal development processes.

Details

What is it like to run a 100% Open Source business?

SDTimes takes up the (hard) struggles of companies doing Open Source business. And while database market experts in particular agree that open source is becoming the norm, the question remains, how open is open source software in this sector? Can software vendors really succeed in a 100% open source company? Additionally, can a freemium proprietary infrastructure software provider achieve the same benefits as open source providers? How to make money on Open Source? The publication tried to answer these questions.

Details

X.Org/FreeDesktop.org is looking for sponsors or will be forced to abandon CI

Phoronix reports financial problems with the X.Org Foundation. The fund estimates its annual hosting costs this year at $75 and projects expenses of $90 for 2021. Hosting gitlab.freedesktop.org is carried out in the Google cloud. Due to rising costs and a lack of guaranteed recurring donors, while ongoing hosting costs are unsustainable, the X.Org Foundation may need to turn off the CI feature (costing around $30K per year) in the coming months unless they receive additional funding . The X.Org Foundation Board issued an early warning on the mailing list and a call for any donors. GitLab FreeDesktop.org provides hosting not only for X.Org, but also for Wayland, Mesa and related projects, as well as networks such as PipeWire, Monado XR, LibreOffice and many other open source desktop projects, the publication adds .

Details

The most common security problems when working with FOSS

Analytics India Mag takes a look at the topic of FOSS security. Free and open source software has become an important aspect of the new century's global economy. It has been analyzed that FOSS makes up about 80-90% of any given piece of modern software. It should be noted that software is becoming an increasingly important resource for almost all businesses, both public and private. But there are many problems with FOSS, according to the Linux Foundation, the publication writes and lists the most common:

1. analysis of the long-term safety and health of free and open source software;
2. lack of standardized naming;
3. security of individual developer accounts.

Details

The evolution of Kali Linux: what is the future of the distribution?

HelpNetSecurity looks back at the past of the most popular vulnerability testing distribution, Kali Linux, and raises questions about its future, examining the distribution's user base, development and feedback, development and plans for the future.

Details

Advantages of Kubernetes in cloud infrastructure on bare metal

Ericsson discusses the use of Kubernetes in a cloud infrastructure without virtualization and states that the total cost savings of deploying Kubernetes on bare metal compared to virtualized infrastructure can be up to 30%, depending on the application and configuration.

Details

Spotify opens sources of Terraform ML module

InfoQ reports – Spotify is opening up its Terraform module to run Kubeflow machine learning pipeline software on Google Kubernetes Engine (GKE). By switching their own ML platform to Kubeflow, Spotify engineers have achieved a faster path to production and run 7x more experiments than on the previous platform.

Details

Drauger OS - another GNU/Linux distribution for games

It's FOSS writes - For years (or decades) people have complained that one of the reasons not to use Linux is the lack of mainstream games. Gaming on Linux has improved significantly over the past few years, especially with the advent of the Steam Proton project, which allows you to play many games originally created only for Windows on Linux. The Drauger OS distribution, based on Ubuntu, continues this trend. Drauger OS has several apps and tools installed out of the box to enhance your gaming experience. This includes:

1. PlayOnLinux
2. WINE
3. lutris
4. Steam
5. DXVK extension

There are other reasons why gamers might be interested in it.

Details

8 knives in the back of Linux: from love to hate one bug

3D News decided to disassemble GNU/Linux “to the bones” and present all the accumulated claims against the product itself and the community, although it may have caught up with black paint. The analysis is carried out point by point, an attempt is made to refute the following arguments:

1. Linux is everywhere;
2. Linux is free;
3. Linux is free;
4. Linux is secure;
5. Linux has the best way to distribute software;
6. Linux has no software problems;
7. Linux is more efficient with resources;
8. Linux is convenient.

But he ends the publication on a positive note and, answering the question of who is to blame for all the mentioned problems with GNU/Linux, writes “We! Linux is a wonderful, versatile, flexible and powerful operating system with, alas, no longer the best community around».

Details

That's all, until next Sunday!

Subscribe to our Telegram channel or RSS so you don't miss out on new editions of FOSS News.

Previous issue

Source: habr.com