An anonymous reader writes "Open source operating systems vulnerable to the Shellshock bug have already pushed two patches to fix the vulnerability, but Apple has yet to issue one for Mac OS X. Ars Technica speculates that licensing issues may be giving Apple pause: "[T]he current [bash] version is released under the GNU Public License version 3 (GPLv3). Apple has avoided bundling GPLv3-licensed software because of its stricter license terms....Apple executives may feel they have to have their own developers make modifications to the bash code."" It's also worth noting that there are still flaws with the patches issued so far. Meanwhile, Fedora Magazine has published an easy-to-follow description of how Shellshock actually works. The Free Software Foundation has also issued a statement about Shellshock.

jrepin writes OpenMandriva is proud to announce the release of OpenMandriva Lx 2014.1 distribution of the GNU/Linux operating system. Most of developers efforts were focused on reducing system boot up time and memory usage. This version brings Linux kernel 3.15.10 (with special patches for desktop system performance, responsiveness, and realtime capabilities), KDE Software Compilation 4.13.3, Xorg 1.15.1, Mesa 10.2.6, LibreOffice 4.3.1, Firefox 32, GNU bash with latest security fixes, and many other updated software packages.

New submitter ciaran2014 writes Richard Stallman's long-format talks are well-known — there are videos going back to 2001 and transcripts dating back to 1986 — but he recently condensed his free software talk down to 14 minutes and set it to hand-drawn slides for TEDxGeneva (video link). He introduces with the four freedoms, as always, and then moves on to spyware, surveillance, non-free drivers, free software in schools, non-free javascript, Service as a Software Substitute and how free software is today necessary for a strong democracy. As usual, the talk is suitable for non-technical audiences.

paroneayea (642895) writes "The GNU MediaGoblin folks have put out another release of their free software media hosting platform, dubbed 0.7.0: Time Traveler's Delight. The new release moves closer to federation by including a new upload API based on the Pump API, a new theme labeled "Sandy 70s Speedboat", metadata features, bulk upload, a more responsive design, and many other fixes and improvements. This is the first release since the recent crowdfunding campaign run with the FSF which was used to bring on a full time developer to focus on federation, among other things."

alphadogg (971356) writes with news that the transition from Windows to GNU/Linux in Munich may be in danger The German city of Munich, long one of the open-source community's poster children for the institutional adoption of Linux, is close to performing a major about-face and returning to Microsoft products. Munich's deputy mayor, Josef Schmid, told the Süddeutsche Zeitung that user complaints had prompted a reconsideration (Google translation to English) of the city's end-user software, which has been progressively converted from Microsoft to a custom Linux distribution — "LiMux" — in a process that dates back to 2003.

jrepin writes: Today, a child without access to a computer (and the Internet) at home is at a disadvantage before he or she ever sets foot in a classroom. The unfortunate reality is that in an age where computer skills are no longer optional, far too many families don't possess the resources to have a computer at home. Linux Journal recently had the opportunity to talk with Ken Starks about his organization, Reglue (Recycled Electronics and Gnu/Linux Used for Education) and its efforts to bridge this digital divide.

M-Saunders (706738) writes The death of print has been predicted for years, and many magazines and publishers have taken a big hit with the rise of eBooks and tablets. But not everyone has given up. Four geeks quit their job at an old Linux magazine to start Linux Voice, an independent GNU/Linux print and digital mag with a different publishing model: giving profits and content back to the community. Six months after a successful crowdfunding campaign, the magazine is going well, so here is the full story.

An anonymous reader writes Release Candidate One of OpenWRT 14.07 "Barrier Breaker" is released. Big for this tiny embedded Linux distribution for routers in 14.07 is native IPv6 support and the procd init system integration. The native IPv6 support is with the RA and DHCPv6+PD client and server support plus other changes. Procd is OpenWRT's new preinit, init, hotplug, and event system. Perhaps not too exciting is support for upgrading on devices with NAND, and file system snapshot/restore so you can experiment without fear of leaving your network broken. There's also experimental support for the musl standard C library.

When Linus Torvalds first announced his new operating system project ("just a hobby, won't be big and professional like gnu"), he aimed the announcement at users of Minix for a good reason: Minix (you can download the latest from the Minix home page) was the kind of OS that tinkerers could afford to look at, and it was intended as an educational tool. Minix's creator, Professor Andrew Stuart "Andy" Tanenbaum, described his academic-oriented microkernel OS as a hobby, too, in the now-famous online discussion with Linus and others. New submitter Thijssss (655388) writes with word that Tanenbaum, whose educational endeavors led indirectly to the birth of Linux, is finally retiring. "He has been at the Vrije Universiteit for 43 years, but everything must eventually end."

benrothke writes There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors Jay Jacobs and Bob Rudis show you how to find security patterns in your data logs and extract enough information from it to create effective information security countermeasures. By using data correctly and truly understanding what that data means, the authors show how you can achieve much greater levels of security. Keep reading for the rest of Ben's review.

A while ago you had the chance to ask programmer and open source advocate Bruce Perens about the future of open source, its role in government, and a number of other questions. Below you'll find his answers and an update on what he's doing now.

First time accepted submitter systemDead (3645325) writes "I looked mostly with disinterest at Debian's decision last February to switch to systemd as the default init system for their future operating system releases. The Debian GNU/Linux distribution is, after all, famous for allowing users greater freedom to choose what system components they want to install. This appeared to be the case with the init system, given the presence of packages such as sysvinit-core, upstart, and even openrc as alternatives to systemd.

Unfortunately, while still theoretically possible, installing an alternative init system means doing without a number of useful, even essential system programs. By design, systemd appears to be a full-blown everything-including-the-kitchen-sink solution to the relatively simple problem of starting up a Unix-like system. Systemd, for example, is a hard-coded dependency for installing Network Manager, probably the most user-friendly way for a desktop Linux system to connect to a wireless or wired network. Just this week, I woke up to find out that systemd had become a dependency for running PolicyKit, the suite of programs responsible for user privileges and permissions in a typical Linux desktop.

I was able to replace Network Manager with connman, a lightweight program originally developed for mobile devices. But with systemd infecting even the PolicyKit framework, I find myself faced with a dilemma. Should I just let systemd take over my entire system, or should I retreat to my old terminal-based computing in the hope that the horde of the systemDead don't take over the Linux kernel itself?

What are your plans for working with or working around systemd? Are there any mainstream GNU/Linux distros that haven't adopted and have no plans of migrating to systemd? Or is migrating to one of the bigger BSD systems the better and more future-proof solution?"

samzenpus (5) writes "A while ago you had the chance to ask GNU and Free Software Foundation founder Richard Stallman about GNU, copyright laws, digital restrictions management, and software patents. Below you'll find his answers to those questions."

New submitter jostber (304257) writes "It's been a long wait, but now GNU Screen, the most useful CLI windows manager around, is available. Version 4.2.1 was released a couple of days ago and the maintainer's release news is here." There are fewer commits than you might expect for software that's had six years since its last major update, but that could be because the developers have had 23 years to knock out the major bugs.

GNU Mailman, likely the most popular mailing list manager in use today, has finally announced the release of a beta for version 3. GNU Mailman 3.0 is a major rewrite, features include a central server with a REST API replacing the dozen or two programs that manipulated Mailman data directly, a shiny new web fron end (Postorius), and a new archiver (HyperKitty). Fedora is already using the new archiver and interface, which is quite a bit more modern looking than Mailman 2.x's interface (wayback machine link for posterity). Individual message thread views are greatly improved, and you can even reply from the web by logging in with your list credentials. If you'd like to try it out, see the announcement message.

paroneayea writes: "GNU MediaGoblin and the Free Software Foundation have jointly run a campaign for privacy and federation on the web. The campaign is in its last day but has already passed the first two funding milestones, and is hoping to raise more with the possibility of bringing in multiple dedicated resources to the project. The project has also released a full financial transparency report so donors can know how they can expect their money to be used!"

According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple's iOS (and which Apple has since fixed). Says the article:"The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical 'goto fail' flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug." And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

Recently you had a chance to ask the writer and creator of Babylon 5, J. Michael Straczynski, about the state of sci-fi, his body of work, and collaborating with Netflix. Below you'll find his answers to those questions.

New submitter dalias (1978986) writes "The musl libc project has released version 1.0, the result of three years of development and testing. Musl is a lightweight, fast, simple, MIT-licensed, correctness-oriented alternative to the GNU C library (glibc), uClibc, or Android's Bionic. At this point musl provides all mandatory C99 and POSIX interfaces (plus a lot of widely-used extensions), and well over 5000 packages are known to build successfully against musl.

Several options are available for trying musl. Compiler toolchains are available from the musl-cross project, and several new musl-based Linux distributions are already available (Sabotage and Snowflake, among others). Some well-established distributions including OpenWRT and Gentoo are in the process of adding musl-based variants, and others (Aboriginal, Alpine, Bedrock, Dragora) are adopting musl as their default libc." The What's New file contains release notes (you have to scroll to the bottom). There's also a handy chart comparing muscl to other libc implementations: it looks like musl is a better bet than dietlibc and uclibc for embedded use.

Last week you had the chance to ask ESR about books, guns, and open source software. Below you'll find his answers to those questions.