How a VC-Funded Company Is Undermining the Open-Source Community ( 81

Adrianne Jeffries, reporting for The Outline: Is a $4 million venture capital-funded startup stealthily taking over popular coding tools and injecting ads and spyware into them? That's what some programmers fear may be happening. It is one of the most troubling scandals to hit the open-source community -- a robust network of programmers who work on shared tools for free -- in recent memory. It started back in April, when a programmer noticed a strange change to an open-source tool called Minimap. Minimap has had more than 3.5 million downloads, but like many open-source tools, it was maintained by a single person who no one knew much about other than their username: @abe33. At some point, @abe33, whose real name is Cedric Nehemie, was hired by Kite. Kite was started by Adam Smith, a successful tech entrepreneur who raised funding from a slew of big names including the CEO of Dropbox and the creator of WordPress. It is unclear what Kite's business model is, but it says it uses machine-learning techniques to make coding tools. Its tools are not open source. After being hired by Kite, @abe33 made an update to Minimap. The update was titled "Implement Kite promotion," and it appeared to look at a user's code and insert links to related pages on Kite's website. Kite called this a useful feature. Programmers said it was not useful and was therefore just an ad for an unrelated service, something many programmers would consider a violation of the open-source spirit. "It's not a feature, it's advertising -- and people don't want it, you want it," wrote user @p-e-w. "The least you can do is own up to that." "I have to wonder if your goal was to upset enough people that you'd generate real attention on various news sites and get Kite a ton of free publicity before your next funding round," @DevOpsJohn wrote. "That's the only sane explanation I can find for suddenly dropping ads into the core of one of the oldest and most useful Atom plugins." [...] Although Kite has no business model yet, it's widely thought in Silicon Valley that having users is the first step toward profitability. Adding users potentially benefits the company in another way, by giving it access to precious data. Kite says it uses machine learning tactics to make the best coding helper tools possible. In order to do that, it needs tons of data to learn from. The more code it can look at, the better its autocomplete suggestions will get, for example.

Debian 'Stretch' Updated With 9.1 Release ( 40

An anonymous reader quotes The Debian project is pleased to announce the first update of its stable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems... Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media... Those who frequently install updates from won't have to update many packages, and most such updates are included in the point release.

Mozilla's New Open Source Voice-Recognition Project Wants Your Voice ( 55

An anonymous reader quotes Mashable: Mozilla is building a massive repository of voice recordings for the voice apps of the future -- and it wants you to add yours to the collection. The organization behind the Firefox browser is launching Common Voice, a project to crowdsource audio samples from the public. The goal is to collect about 10,000 hours of audio in various accents and make it publicly available for everyone... Mozilla hopes to hand over the public dataset to independent developers so they can harness the crowdsourced audio to build the next generation of voice-powered apps and speech-to-text programs... You can also help train the speech-to-text capabilities by validating the recordings already submitted to the project. Just listen to a short clip, and report back if text on the screen matches what you heard... Mozilla says it aims is to expand the tech beyond just a standard voice recognition experience, including multiple accents, demographics and eventually languages for more accessible programs. Past open source voice-recognition projects have included Sphinx 4 and VoxForge, but unfortunately most of today's systems are still "locked up behind proprietary code at various companies, such as Amazon, Apple, and Microsoft."
Open Source

Media Player Classic Home Cinema (MPC-HC) for Windows Pushes What Could Be Its Last Update ( 139

Popular open-source media player for Windows, Media Player Classic Home Cinema -- or MPC-HC, has issued what it says could be the last update the app ever receives. The team writes: v1.7.13, the latest, and probably the last release of our project... For quite a few months now, or even years, the number of active developers has been decreasing and has inevitably reached zero. This, unfortunately, means that the project is officially dead and this release would be the last one. ... Unless some people step up that is. So, if someone's willing to really contribute and has C/C++ experience, let me know on IRC or via e-mail. Otherwise, all things come to an end and life goes on. It's been a nice journey and I'm personally pretty overwhelmed having to write this post.

Open Source Contributions More Important Than Tabs Vs Spaces For Salary ( 164

Jason Baker, a Red Hat data analyst, doesn't believe developers who use spaces make more money than those who use tabs. An anonymous reader quotes Baker's blog post: After reading the study one data scientist, Evelina Gabasova, performed some additional analysis and came to a slightly different conclusion, which feels a little more precise: "Environments where people use Git and contribute to open source are more associated both with higher salaries and spaces, rather than with tabs." In other words, if you're at a company where you're using version control and committing open source code upstream, you're statistically a little more likely to be a space-user and a higher wage-earner.
Even across all experience levels, contributing to open source still correlates to higher salaries, Gabasova concludes. "My theory is that when diverse people are working on open source projects together without enforced coding style, the possible formatting mess is nudging people towards using spaces simply because the code is consistent for everyone.

"This is just one of the possible theories, I didn't look to see if possibly language communities that use predominantly spaces (like Python or Ruby) are more active in open source."
Open Source

In Which Linus Torvalds Makes An 'Init' Joke ( 358

Long-time Slashdot reader jawtheshark writes: In a recent Linux Kernel Mailing List post, Linux Torvalds finishes his mail with a little poke towards a certain init system. It is a very faint criticism, compared to his usual style. While Linus has no direct influence on the "choices" of distro maintainers, his opinion is usually valued.
In a discussion about how to set rlimit default values for setuid execs, Linus concluded his email by writing, "And yes, a large part of this may be that I no longer feel like I can trust "init" to do the sane thing. You all presumably know why."
Open Source

Bruce Perens Warns Grsecurity Breaches the Linux Kernel's GPL License ( 474

Bruce Perens co-founded the Open Source Initiative with Eric Raymond. Now he's sharing a "strong opinion" that companies should avoid the Grsecurity security patch for the Linux kernel "because it presents a contributory infringement and breach of contract risk." Slashdot reader NewGnu shared Bruce's comments: [I]t would fail a fair-use test... Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2... My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition...

This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.

Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."
Operating Systems

48-Year-Old Multics Operating System Resurrected ( 94

"The seminal operating system Multics has been reborn," writes Slashdot reader doon386: The last native Multics system was shut down in 2000. After more than a dozen years in hibernation a simulator for the Honeywell DPS-8/M CPU was finally realized and, consequently, Multics found new life... Along with the simulator an accompanying new release of Multics -- MR12.6 -- has been created and made available. MR12.6 contains many bug and Y2K fixes and allows Multics to run in a post-Y2K, internet-enabled world.
Besides supporting dates in the 21st century, it offers mail and send_message functionality, and can even simulate tape and disk I/O. (And yes, someone has already installed Multics on a Raspberry Pi.) Version 1.0 of the simulator was released Saturday, and is offering a complete QuickStart installation package with software, compilers, install scripts, and several initial projects (including SysDaemon, SysAdmin, and Daemon). Plus there's also useful Wiki documents about how to get started, noting that Multics emulation runs on Linux, macOS, Windows, and Raspian systems.

The original submission points out that "This revival of Multics allows hobbyists, researchers and students the chance to experience first hand the system that inspired UNIX."
Open Source

Microsoft Makes 'Visual Studio Code Extension for Arduino' Open Source ( 65

BrianFagioli quotes BetaNews: Thursday, Microsoft released yet another open source tool on GitHub -- Visual Studio Code Extension for Arduino. This MIT-licensed code should greatly help developers that are leveraging Arduino hardware for Internet of Things-related projects and more. "Our team at Visual Studio IoT Tooling, researched the development tools developers are using today, interviewed many developers to learn about their pain points developing IoT applications, and found that of all layers of IoT, there are abundant dev tools for cloud, gateway, interactive devices, and industrial devices, but limited availability and capability for micro-controllers and sensors...

"Keeping open source and open platform in mind, we started the work to add an extension on Visual Studio Code, the cross-platform, open sourced advanced code editor, for Arduino application development," says Zhidi Shang, R&D and Product Development, Microsoft.

Microsoft's adds that its tool "is almost fully compatible and consistent with the official Arduino IDE," extending its capabilities with "the most sought-after features, such as IntelliSense, Auto code completion, and on-device debugging for supported boards."

Maybe this would be a good time to ask if anybody has a favorite IDE that they'd like to recommend?

'Severe' Systemd Bug Allowed Remote Code Execution For Two Years ( 551

ITWire reports: A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely. The vulnerability resides in the daemon systemd-resolved and can be triggered using a TCP payload, according to Ubuntu developer Chris Coulson. This component can be tricked into allocating less memory than needed for a look-up. When the reply is bigger it overflows the buffer allowing an attacker to overwrite memory. This would result in the process either crashing or it could allow for code execution remotely. "A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," is how Coulson put it.
Affected Linux vendors have pushed out patches -- but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root.
Open Source

Linux Kernel 4.12 Officially Released ( 55

prisoninmate quotes Softpedia: After seven weeks of announcing release candidate versions, Linus Torvalds today informs the Linux community through a mailing list announcement about the general availability of the Linux 4.12 kernel series. Development on the Linux 4.12 kernel kicked off in mid-May with the first release candidate, and now, seven weeks later we can finally get our hands on the final release... A lot of great improvements, new hardware support, and new security features were added during all this time, which makes it one of the biggest releases, after Linux 4.9...

Prominent features of the Linux 4.12 kernel include initial support for AMD Radeon RX Vega graphics cards, intial Nvidia GeForce GTX 1000 "Pascal" accelerated support, implementation of Budget Fair Queueing (BFQ) and storage-I/O schedulers, more MD RAID enhancements, support for Raspberry Pi's Broadcom BCM2835 thermal driver, a lot of F2FS optimizations, as well as ioctl for the GETFSMAP space mapping ioctl for both XFS and EXT4 filesystems.

Linus said in announcing the release that "I think only 4.9 ends up having had more commits," also noting that 4.9 was a Long Term Support kernel, whereas "4.12 is just plain big."

"There's also nothing particularly odd going on in the tree - it's all just normal development, just more of it than usual."
Open Source

23 Years Of The Open Source 'FreeDOS' Project ( 123

Jim Hall is celebrating the 23rd birthday of the FreeDOS Project, calling it "a major milestone for any free software or open-source software project," and remembering how it all started. An anonymous reader quotes Linux Journal: If you remember Windows 3.1 at the time, it was a pretty rough environment. I didn't like that you could interact with Windows only via a mouse; there was no command line. I preferred working at the command line. So I was understandably distressed in 1994 when I read via various tech magazines that Microsoft planned to eliminate MS-DOS with the next version of Windows. I decided that if the next evolution of Windows was going to be anything like Windows 3.1, I wanted nothing to do with it... I decided to create my own version of DOS. And on June 29, 1994, I posted an announcement to a discussion group... Our "PD-DOS" project (for "Public Domain DOS") quickly grew into FreeDOS. And 23 years later, FreeDOS is still going strong! Today, many people around the world install FreeDOS to play classic DOS games, run legacy business software or develop embedded systems...

FreeDOS has become a modern DOS, due to the large number of developers that continue to work on it. You can download the FreeDOS 1.2 distribution and immediately start coding in C, Assembly, Pascal, BASIC or a number of other software development languages. The standard FreeDOS editor is quite nice, or you can select from more than 15 different editors, all included in the distribution. You can browse websites with the Dillo graphical web browser, or do it "old school" via the Lynx text-mode web browser. And for those who just want to play some great DOS games, you can try adventure games like Nethack or Beyond the Titanic, arcade games like Wing and Paku Paku, flight simulators, card games and a bunch of other genres of DOS games.

On his "Open Source Software and Usability" blog, Jim says he's been involved with open source software "since before anyone coined the term 'open source'," and first installed Linux on his home PC in 1993. Over on the project's blog, he's also sharing appreciative stories from FreeDOS users and from people involved with maintaining it (including memories of early 1980s computers like the Sinclair ZX80, the Atari 800XL and the Coleco Adam). Any Slashdot readers have their own fond memories to share?

Ubuntu Disputes 'Ads In MOTD' Claims ( 110

Thursday Lproven (Slashdot reader #6030) wrote: It appears that Ubuntu is using a feature it has added -- intended to insert headlines of breaking tech news (security alerts and so on) into the Message of the Day displayed at login to the console -- to display advertising and promotional messages.
The message in question linked to a Hacker Noon article titled "How HBO's Silicon Valley built 'Not Hotdog' with mobile TensorFlow, Keras & React Native." Later that day Dustin Kirkland, a Ubuntu Product Manager for the feature's design (and the Core Developer for its implementation) suggested the message had been mistaken for an ad, describing it on Hacker News as a "fun fact... an interesting tidbit of potpourri from the world of Ubuntu," and later saying it was intended like Google's doodles. "Last week's message actually announced an Ubuntu conference in Latin America. The week before, we linked to an article asking for feedback on Kubuntu. Before that, we announced the availability of Extended Security Maintenance updates for 12.04. And so on." He later confirmed Canonical received no money for the message, and also pointed out that the messages all come from an open source repository, and "You're welcome to propose your own messages for merging, if you have a well formatted, informative message for Ubuntu users."

Click through for a condensed version of the complete response by Dustin Kirkland, Ubuntu Product and Strategy at Canonical.
Open Source

GitHub Urges Companies To Participate In 'Open Source Fridays' ( 71

An anonymous reader quotes VentureBeat: GitHub wants to help more people become open source contributors with a new initiative called Open Source Friday. As the name implies, the program encourages companies to set aside time at the end of the week for their employees to work on open source projects. It's designed to bolster the ranks of open source contributors at a time when many businesses rely on freely available projects for mission-critical applications. Open Source Friday isn't just about getting businesses to offer their employees' time as a form of charity, it's also a way to improve key business infrastructure, according to Mike McQuaid, a senior software engineer at GitHub...

McQuaid hopes that carving out employees' time on Fridays could help provide additional structure and incentive to participate in the ecosystem... Users don't need to be engineers in order to take part, either. While code contribution is important to the success of a project, creating and maintaining documentation is also key. includes tips for interested contributors, as well as a page suggesting to employers that they could see benefits like developers learning to code faster, better, and more transparently.

Software Developer Explains Why The Ubuntu Phone Failed ( 137

troublemaker_23 quotes ITWire: A developer who worked with the Ubuntu Phone project has outlined the reasons for its failure, painting a picture of confusion, poor communication and lack of technical and marketing foresight. Simon Raffeiner stopped working with the project in mid-2016, about 10 months before Canonical owner Mark Shuttleworth announced that development of the phone and the tablet were being stopped.
Raffeiner says, for example, that "despite so many bugs being present, developers were not concentrating on fixing them, but rather on adding support for more devices." But he says he doesn't regret the time he spent on the project -- though now he spends his free time "traveling the world, taking photographs and creating bad card games, bad comics and bad games."

"Please note that this post does not apply to the UBPorts project, which continues to work on the phone operating system, Unity 8 and other components."
Open Source

Linus Explains What Surprises Him After 25 Years Of Linux ( 181

Linus Torvalds appeared in a new "fireside chat" with VMware Head of Open Source Dirk Hohndel. An anonymous reader writes: Linus explained what still surprises him about Linux development. "Code that I thought was stable continually gets improved. There are things we haven't touched for many years, then someone comes along and improves them or makes bug reports in something I thought no one used. We have new hardware, new features that are developed, but after 25 years, we still have old, very basic things that people care about and still improve... Our processes have not only worked for 25 years, we still have a very strong maintainer group... And as these maintainers get older and fatter, we have new people coming in."

Linus also says he's surprised by the widespread popularity of Git. "I expected it to be limited mostly to the kernel -- as it's tailored to what we do... In certain circles, Git is more well known than Linux." And he also shares advice if you want to get started as an open source developer. "I'm not sure my example is the right thing for people to follow. There are a ton of open source projects and, if you are a beginning programmer, find something you're interested in that you can follow for more than just a few weeks... If you can be part of a community and set up patches, it's not just about the coding, but about the social aspect of open source. You make connections and improve yourself as a programmer."

Linus also says that "I really like what I'm doing. I like waking up and having a job that is technically interesting and challenging without being too stressful so I can do it for long stretches; something where I feel I am making a real difference and doing something meaningful not just for me."

Researcher Finds Critical OpenVPN Bug Using Fuzzing ( 47

"Guido Vranken recently published 4 security vulnerabilities in OpenVPN on his personal blog," writes long-time Slashdot reader randomErr -- one of which was a critical remote execution bug. Though patches have been now released, there's a lesson to be learned about the importance of fuzzing -- bug testing with large amounts of random data -- Guido Vranken writes: Most of these issues were found through fuzzing. I hate admitting it, but...the arcane art of reviewing code manually, acquired through grueling practice, are dwarfed by the fuzzer in one fell swoop; the mortal's mind can only retain and comprehend so much information at a time, and for programs that perform long cycles of complex, deeply nested operations it is simply not feasible to expect a human to perform an encompassing and reliable verification.
ZDNet adds that "OpenVPN's audits, carried out over the past two years, missed these major flaws. While a handful of other bugs are found, perhaps OpenVPN should consider adding fuzzing to their internal security analysis in the future."

Guido adds on his blog, "This was a labor of love. Nobody paid me to do this. If you appreciate this effort, please donate BTC..."
Open Source

'Stack Clash' Linux Flaw Enables Root Access. Patch Now ( 126

msm1267 writes: Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors made patches available Monday, and systems running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 hardware should be updated soon.

The risk presented by this flaw, CVE-2017-1000364, becomes elevated especially if attackers are already present on a vulnerable system. They would now be able to chain this vulnerability with other critical issues, including the recently addressed Sudo vulnerability, and then run arbitrary code with the highest privileges, said researchers at Qualys who discovered the vulnerability.


Linus Torvalds Says Linux Still Surprises and Motivates Him ( 78

Linus Torvalds: What I find interesting is code that I thought was stable continually gets improved. There are things we haven't touched for many years, then someone comes along and improves them or makes bug reports in something I thought no one used. We have new hardware, new features that are developed, but after 25 years, we still have old, very basic things that people care about and still improve. I really like what I'm doing. I like waking up and having a job that is technically interesting and challenging without being too stressful so I can do it for long stretches; something where I feel I am making a real difference and doing something meaningful not just for me. I occasionally have taken breaks from my job. The 2-3 weeks I worked on Git to get that started for example. But every time I take a longer break, I get bored. When I go diving for a week, I look forward to getting back. I never had the feeling that I need to take a longer break.

University of Missouri To Use Open Source And Other Cheaper Alternatives For General Education Textbook ( 58

Rudi Keller, writing for Columbia Tribune: The University of Missouri will move quickly to use open source and other cheaper alternatives for general education textbooks, building on initiatives already in place, system President Mun Choi said. At an event with members of the Board of Curators, administrators, lawmakers, faculty from all four campuses and student representatives, Choi said the intent is to save money for students while providing up-to-date materials. Faculty, including graduate assistants, will be eligible for incentive payments of $1,000 to $10,000 for preparing and adopting materials that save students money, Choi said. Textbooks are sometimes overlooked as a contributor to the cost of attending college, Choi said. "We want to provide our students an opportunity to have a low cost, high-quality alternative," Choi said.

Slashdot Top Deals