Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Open Source

Happy Birthday, Linux! An OS At 24 151

prisoninmate writes: It has been 24 long years since the first ever release of the Linux project on August 25, 1991, which is the core component of any GNU/Linux distribution. With this occasion we want to remind everyone that Linux is everywhere, even if you don't see it. You use Linux when you search on Google, when you use your phone, when buy metro tickets, actually the whole Internet is powered by Linux. Happy Birthday, Linux!
Bug

Multiple Vulnerabilities Exposed In Pocket 88

vivaoporto writes: Clint Ruoho reports on gnu.gl blog the process of discovery, exploitation and reporting of multiple vulnerabilities in Pocket, the third party web-based service chosen by Mozilla (with some backslash) as the default way to save articles for future reading in Firefox. The vulnerabilities, exploitable by an attacker with only a browser, the Pocket mobile app and access to a server in Amazon EC2 costing 2 cents an hour, would give an attacker unrestricted root access to the server hosting the application.

The entry point was exploiting the service's main functionality itself — adding a server internal address in the "read it later" user list — to retrieve sensitive server information like the /etc/passwd file, its internal IP and the ssh private key needed to connect to it without a password. With this information it would be possible to SSH into the machine from another instance purchased in the same cloud service giving the security researcher unrestricted access. All the vulnerabilities were reported by the researcher to Pocket, and the disclosure was voluntarily delayed for 21 days from the initial report to allow Pocket time to remediate the issues identified. Pocket does not provide monetary compensation for any identified or possible vulnerability.
Education

Ask Slashdot: Switching To a GNU/Linux Distribution For a Webdesign School 233

spadadot writes: I manage a rapidly growing webdesign school in France with 90 computers for our students, dispatched across several locations. By the end on the year it will amount to 200. Currently, they all run Windows 8 but we would love to switch to a GNU/Linux distribution (free software, easier to deploy/maintain and less licensing costs). The only thing preventing us is Adobe Photoshop which is only needed for a small amount of work. The curriculum is highly focused on coding skills (HTML, CSS, JavaScript, PHP/MySQL) but we still need to teach our students how to extract images from a PSD template. The industry format for graphic designs is PSD so The Gimp (XCF) is not really an option. Running a Windows VM on every workstation would be hard to setup (we redeploy all our PCs every 3 months) and just as costly as the current setup. Every classroom has at least 20Mbit/s — 1Mbit/s ADSL connection so maybe setting up a centralized virtualization server would work? How many Windows/Photoshop licenses would we need then? Anything else Slashdot would recommend?
Debian

Largest DebConf Ever Will Hit Heidelberg In Mid-August 41

New submitter alfino writes: Less than two weeks away, DebConf15, the 16th Debian Conference, scheduled to take place 15–22 August in Heidelberg, Germany, has been officially announced. The organisers are expecting more than 550 participants from 53 countries (making it the largest DebConf so far, and the first in history that will be closing registrations early), and have presented a schedule packed with talks and events, including several prominent, invited speakers, and yet plenty of room for informal and ad-hoc collaboration. Most events will be streamed live to allow for remote participation, and archived for later consumption.

The celebrations of Debian's 22nd birthday on 16 August, the traditional "Cheese & Wine BoF", a screening of the Oscar-award-winning documentary Citizenfour (which mentions Debian in its end credits), and a day trip for all attendees top off the programme. Additionally, DebConf15 will be preceeded by DebCamp, a week of sprints, workshops and hacking sessions. It is expected that much progress will be made on Debian (gcc5 transition, planning of the next stable release "stretch", etc.), and of course Free Software in general. The conference itself begins with an Open Weekend geared to the public, and featuring a job fair.

Attendance is free of charge thanks to numerous sponsors, including Platinum Sponsor Hewlett-Packard. Registration is required nonetheless and only very few places are left.

The conference will be tracked on various social media sites using hashtag #DebConf15. Even though Debian does not endorse proprietary services, @DebConf will have the news.
Privacy

Tor Project Pilots Exit Nodes In Libraries 37

An anonymous reader writes: The Tor Project has announced a new initiative to open exit relays in public libraries. "This is an idea whose time has come; libraries are our most democratic public spaces, protecting our intellectual freedom, privacy, and unfettered access to information, and Tor Project creates software that allows all people to have these rights on the internet." They point out that this is both an excellent way to educate people on the value of private internet browsing while also being a practical way to expand the Tor network. A test for this initiative is underway at the Kilton Library in Lebanon, New Hampshire, which already has a computing environment full of GNU/Linux machines.
GNU is Not Unix

Video Purism Offers Free (as in Freedom) Laptops (Video) 77

Purism uses its own OS, PureOS, which is a Debian derivative by way of Ubuntu and other members of the Debian-derivative family, but with no taint of proprietary code. Now imagine all the binaries stripped out of the Linux kernel, making it closer to the FSF ideal of a 100% free operating system than the Linux kernel in use almost everywhere else.

They're still using a proprietary BIOS, but have people working on a Free one. The main thing, though, is that Purism is working to give you all the privacy and freedom they can -- with more coming as they keep working to replace proprietary bits of the OS, BIOS, and hardware drivers with Free Software. Best of all, even if you don't need a new laptop right now, you can download PureOS and run it on any compatible hardware you already own.
GNU is Not Unix

Interviews: Ask Richard Stallman a Question 359

RMS founded the GNU Project, the Free Software Foundation, and remains one of the most important and outspoken advocates for software freedom. He now spends much of his time fighting excessive extension of copyright laws, digital restrictions management, and software patents. RMS has agreed to answer your questions about GNU/Linux, how GNU relates to Linux the kernel, free software, why he disagrees with the idea of open source, and other issues of public concern. As usual, ask as many as you'd like, but please, one question per post.
Encryption

Tomb, a Successor To TrueCrypt For Linux Geeks 114

jaromil writes: Last day we released Tomb version 2.1 with improvements to stability, documentation and translations. Tomb is just a ZSh script wrapping around cryptsetup, gpg and other tools to facilitate the creation and management of LUKS encrypted volumes with features like key separation, steganography, off-line search, QRcode paper backups etc. In designing Tomb we struggle for minimalism and readability, convinced that the increasing complexity of personal technology is the root of many vulnerabilities the world is witnessing today — and this approach turns out to be very successful, judging from the wide adoption, appreciation and contributions our project has received especially after the demise of TrueCrypt.

As maintainer of the software I wonder what Slashdot readers think about what we are doing, how we are doing it and more in general about the need for simplicity in secure systems, a debate I perceive as transversal to many other GNU/Linux/BSD projects and their evolution. Given the increasing responsibility in maintaining such a software, considering the human-interface side of things is an easy to reach surface of attack, I can certainly use some advice and criticism.
Open Source

Video Meet OpenDaylight Project Executive Director Neela Jacques (Video) 14

The OpenDaylight Project works on Software Defined Networking. Their website says, "Software Defined Networking (SDN) separates the control plane from the data plane within the network, allowing the intelligence and state of the network to be managed centrally while abstracting the complexity of the underlying physical network." Another quote: it's the "largest software-defined networking Open Source project to date." The project started in 2013. It now has an impressive group of corporate networking heavyweights as sponsors and about 460 developers working on it. Their latest release, Lithium, came out earlier this month, and development efforts are accelerating, not slowing down, because as cloud use becomes more prevalent, so does SDN, which is an obvious "hand-in-glove" fit for virtualized computing.

Today's interview is with OpenDaylight Project Executive Director Nicolas "Neela" Jacques, who has held this position since the project was not much more than a gleam in (parent) Linux Foundation's eye. This is one of the more important Linux Foundation collaborative software projects, even if it's not as well known to the public as some of the foundation's other efforts, including -- of course -- GNU/Linux itself.
GNU is Not Unix

The Free Software Foundation's Statement On Canonical's Updated Licensing Terms 75

New submitter donaldrobertson writes: After two years of negotiations, Canonical has updated the intellectual property rights policy for Ubuntu Linux to address a disagreement over how the software is licensed. The FSF announcement reads in part: "In July 2013, the FSF, after receiving numerous complaints from the free software community, brought serious problems with the policy to Canonical's attention. Since then, on behalf of the FSF, the GNU Project, and a coalition of other concerned free software activists, we have engaged in many conversations with Canonical's management and legal team proposing and analyzing significant revisions of the overall text. We have worked closely throughout this process with the Software Freedom Conservancy, who provides their expert analysis in a statement published today." Richard Stallman thinks there are still other issues to address saying: "While the FSF acknowledges that the first update emerging from that process solves the most pressing issue with the policy ... the policy remains problematic in ways that prevent us from endorsing it as a model for others."
Operating Systems

Ask Slashdot: If You Could Assemble a "FrankenOS" What Parts Would You Use? 484

rnws writes: While commenting about log-structured file systems in relation to flash SSDs, I referenced Digital's Spiralog [pdf], released for OpenVMS in 1996. This got me thinking about how VMS to this day has some of, if not the best storage clustering (still) in use today. Many operating systems have come and gone over the years, particularly from the minicomputer era, and each usually had something unique it did really well. If you could stitch together your ideal OS, then which "body parts" would you use from today and reanimate from the past? I'd probably start with VMS's storage system, MPE's print handling, OS/2's Workplace Shell, AS/400's hardware abstraction and GNU's Bash shell. What would you choose?
Debian

Debian GNU/Linux 8.1 (Jessie) Officially Released 128

prisoninmate writes: The Debian Project has announced the immediate availability of the first maintenance release of Debian GNU/Linux 8 (Jessie). As expected, Debian GNU/Linux 8.1 comes with a new Linux kernel, version 3.16.7-ctk11, which fixes the well-known EXT4 data corruption issue caused by delayed and unwritten extents, blacklists queued TRIM on Samsung 850 Pro SSDs, adds support for XHCI on APM Mustang USB, and updates Crucial/Micron blacklist in libata.
Education

Video Linux World Domination Creates Shortage of Linux-Skilled Workers (2 Short Videos) 72

Linux Foundation Executive Director Jim Zemlin doesn't use the phrase 'world domination' in these videos, but he could. He lists enough computing niches where GNU/Linux is the major player -- from supercomputers to the next generation of automotive systems -- that with or without world domination, Linux has obviously become an extremely important, widely used operating system that has grown amazingly since Linus Torvalds first shared his humble kernel with the world in 1991. With great popularity has come a great need for people who know how to administer and otherwise work with Linux, so the Linux Foundation is developing new courses in tandem with massive open online course (MOOC) provider edX. Unlike some of the Linux Foundation's previous course offerings, their edX ones are free to audit, and the cost for certification (if you want a cred, not just knowledge) is lower than many IT certification tests and certificates.

These videos (both visible today) were made remotely, with Timothy Lord at one end in Austin, TX, and Jim Zemlin at the other end in Tokyo, Japan. Their sound quality suffers from the distance involved, but they are generally intelligible -- and, of course, you can always choose to read the transcript instead of watching the videos.
Media

MediaGoblin 0.8.0 "A Gallery of Fine Creatures" Released 32

paroneayea writes: GNU MediaGoblin has released version 0.8.0 dubbed "A Gallery of Fine Creatures". This release includes a number of improvements including an upgrade to GStreamer 1.0, improved video thumbnailing, and preliminary Python 3 support. Additionally, an improved Social API support making use of the Pump API means that existing pump.io clients like Pumpa and Dianara are now compatible with MediaGoblin. This coincides with work underway by MediaGoblin developers working with the W3C Social Working Group to build a general federation standard, of which a draft submission to the group is already in progress.
Open Source

MinGW and MSVCRT Conflict Causes Floating-Point Value Corruption 98

jones_supa writes: If you are working on a C++ program where you need very accurate floating point numbers, you might have decided to use long double data type for the extra precision. After a few calculations, you happen to print your number. To your shock, instead of the number being 123.456789, it is printed out as -6.518427 × 10^264 (or 2.745563 depending on your computer). This is actually a bug in some versions of MinGW g++ 4.8.1 (MinGW is a port of GNU programming tools for Windows). Microsoft's C++ runtime library reserves 80 bits for double and long double. When MinGW uses the Microsoft DLL to print out the value, the number is interpreted as using only 64 bits. This discrepancy causes garbage results to be output.
Open Source

Accessibility In Linux Is Good (But Could Be Much Better) 65

An anonymous reader sends this report from opensource.com: GNU/Linux distributions provide great advantages over proprietary alternatives for people with disabilities. All the accessibility tools included in Linux are open source, meaning their code is readily available if you want to examine or improve it, and cost nothing. Hardware devices, of course, are still going to cost money. Additionally, accessibility software on other platforms generally contain licensing constraints on the user. ... When it comes to accessibility, Linux is not without issues. ... The number of developers who specifically work on accessibility tools is quite small. For example, there is only one Orca developer, two AT-SPI developers, and a single GTK developer. ... Developers who do not depend on assistive technologies tend to forget—or don't know—that a disabled person might want to use their application, read their web page, and so on. ... The problem is not necessarily that developers do not care. Rather, it's is that accessibility is highly specialized and requires someone with knowledge in the area, regardless of platform.
GNU is Not Unix

Debian GNU/Hurd 2015 Released 52

An anonymous reader sends this announcement from the debian-hurd mailing list: It is with huge pleasure that the Debian GNU/Hurd team announces the release of Debian GNU/Hurd 2015. This is a snapshot of Debian "sid" at the time of the stable Debian "jessie" release (April 2015), so it is mostly based on the same sources. It is not an official Debian release, but it is an official Debian GNU/Hurd port release. The installation ISO images can be downloaded from Debian Ports in the usual three Debian flavors: NETINST, CD, or DVD. Besides the friendly Debian installer, a pre-installed disk image is also available there, making it even easier to try Debian GNU/Hurd. The easiest way to run it is inside a VM such as qemu.