Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Open Source

GitHub Invites Contributions To 'Open Source Guides' (infoq.com) 48

An anonymous reader quotes InfoQ: GitHub has recently launched its Open Source Guides, a collection of resources addressing the most common scenarios and best practices for both contributors and maintainers of open source projects. The guides themselves are open source and GitHub is actively inviting developers to participate and share their stories... "Open source is complicated, especially for newcomers. Experienced contributors have learned many lessons about the best way to use, contribute to, and produce open source software. Everyone shouldn't have to learn those lessons the hard way."

Making a successful first contribution is not the exclusive focus of the guides, though, which also strives to make it easier to find users for a project, starting a new project, and building healthy open source communities. Other topics the guides dwell on are best practices, getting financial support, metrics, and legal matters.

GitHub's Head of Open Source says the guides create "the equivalent of a water cooler for the community."
Open Source

Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) 165

Google's researchers specifically cited Git when they announced a new SHA-1 attack vector, according to ZDNet. "The researchers highlight that Linus Torvald's code version-control system Git 'strongly relies on SHA-1' for checking the integrity of file objects and commits. It is essentially possible to create two Git repositories with the same head commit hash and different contents, say, a benign source code and a backdoored one,' they note." Saturday morning, Linus responded: First off - the sky isn't falling. There's a big difference between using a cryptographic hash for things like security signing, and using one for generating a "content identifier" for a content-addressable system like git. Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation. And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories...

The reason for using a cryptographic hash in a project like git is because it pretty much guarantees that there is no accidental clashes, and it's also a really really good error detection thing. Think of it like "parity on steroids": it's not able to correct for errors, but it's really really good at detecting corrupt data... if you use git for source control like in the kernel, the stuff you really care about is source code, which is very much a transparent medium. If somebody inserts random odd generated crud in the middle of your source code, you will absolutely notice... It's not silently switching your data under from you... And finally, the "yes, git will eventually transition away from SHA1". There's a plan, it doesn't look all that nasty, and you don't even have to convert your repository. There's a lot of details to this, and it will take time, but because of the issues above, it's not like this is a critical "it has to happen now thing".

In addition, ZDNet reports, "Torvalds said on a mailing list yesterday that he's not concerned since 'Git doesn't actually just hash the data, it does prepend a type/length field to it', making it harder to attack than a PDF... Do we want to migrate to another hash? Yes. Is it game over for SHA-1 like people want to say? Probably not."
Google

Google Releases Open Source File Sharing Project 'Upspin' On GitHub (betanews.com) 58

BrianFagioli quotes a report from BetaNews: Today, Google unveiled yet another way to share files. Called "Upspin," the open source project aims to make sharing easier for home users. With that said, the project does not seem particularly easy to set up or maintain. For example, it uses Unix-like directories and email addresses for permissions. While it may make sense to Google engineers, I am dubious that it will ever be widely used. "Upspin looks a bit like a global file system, but its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world. Upspin is not an "app" or a web service, but rather a suite of software components, intended to run in the network and on devices connected to it, that together provide a secure, modern information storage and sharing network," says Google. The search giant adds: "Upsin is a layer of infrastructure that other software and services can build on to facilitate secure access and sharing. This is an open source contribution, not a Google product. We have not yet integrated with the Key Transparency server, though we expect to eventually, and for now use a similar technique of securely publishing all key updates. File storage is inherently an archival medium without forward secrecy; loss of the user's encryption keys implies loss of content, though we do provide for key rotation."
Open Source

New Free O'Reilly Ebook: 'Open Source In Brazil' (oreilly.com) 54

An anonymous reader writes: Andy Oram, who's been an editor at O'Reilly since 1992, has written a new free report about how open source software is everywhere in Brazil. The country's IT industry is booming in Brazil -- still Latin America's most vibrant economy -- with open source software popular in both startups and in cloud infrastructure. Oram attributes this partly to the government's support of open source software, which over the last 15 years has built public awareness about its power and potential. And says the Brazil now has a thriving open source community, and several free software movements. Even small towns have hacker spaces for collaboration and training, and the country has several free software movements.
Robotics

New Kit Turns A Raspberry Pi Into A Robot Arm (raspberrypi.org) 36

An anonymous reader writes: A new kit turns your Raspberry Pi into a robotic arm. It's controlled by an on-board joystick, or even a web browser, and "because it's connected to the Pi you can program it through any of the various programming languages that already run on the Pi," according to its creators. "There's also free software available which lets you program it through a web interface using drag and drop programming environments like Scratch and Blockly or with Python and Javascript for the more experienced."

They explain in a video on Kickstarter that "Our mission is to get children excited about technology through building and programming their own robots," and they've already raised three times their original $12,411 fundraising goal. The Raspberry Pi blog describes it as "a great kit for anyone wanting to step into the world of digital making."

Long-time Slashdot reader bjpirt adds that "It's completely open source and hackable."
Classic Games (Games)

MAME Celebrates Its 20th Anniversary (mame.net) 47

After years of work, a fan has finally completed a MAME version of Atari's unreleased game Primal Rage II this week, one more example of the emulator preserving digital history. Long-time Slashdot reader AmiMoJo quotes MAME.net: Way back in 1997, Nicola Salmoria merged a few stand-alone arcade machine emulators into the first Multiple Arcade Machine Emulator. Could he have possibly imagined the significance of what he'd built? Over the past two decades, MAME has brought together over a thousand contributors to build a system that emulates more machines than any other program.

But MAME is more than that: MAME represents the idea that our digital heritage is important and should be preserved for future generations. MAME strives to accurately represent original systems, allowing unmodified software to run as intended. Today, MAME documents over thirty thousand systems, and usably emulates over ten thousand. MAME meets the definitions of Open Source and Free Software, and works with Windows, macOS, Linux and BSD running on any CPU from x86-64 to ARM to IBM zSeries.

A 20th-anniversary blog post thanked MAME's 1,600 contributors -- more than triple the number after its 10th anniversary -- and also thanks MAME's uncredited contributors. "if you've filed a bug report, distributed binaries, run a community site, or just put in a good word for MAME, we appreciate it." I've seen MAME resurrect everything from a rare East German arcade game to a Sonic the Hedgehog popcorn machine. Anybody else have a favorite MAME experience to share?
Open Source

MariaDB Fixes Business Source License, Releases MaxScale 2.1 (perens.com) 17

Creator of The Open Source Definition and longtime Slashdot reader Bruce Perens writes: MariaDB is releasing MaxScale 2.1, a new version of their database routing proxy, and has modified its timed-transition-to-Open-Source "Business Source License" to make it more acceptable to the Open Source community and more easily usable by other companies. I've blogged the issues I had with the license and how MariaDB has fixed them, and Kaj Arno has blogged the MariaDB side of the story. Here's an excerpt from Perens' blog post: "The BSL is a parameterized license. The licensor chooses the license which is transitioned to, the date of the transition, and the limitation. The problem with this is that it was so parameterized that if you told someone the license was 'BSL 1.0,' they would not have any idea what license they really had. It might transition to any of 100 Open Source licenses, or to a non-Open-Source license. The transition might happen in a month, or next century. The limitation might be that you could only have three commercial servers, or that you indentured your firstborn son (OK, that's going overboard, but you get the picture)." He continues, "So, I didn't like that 'BSL' didn't really say what the license did, and I didn't feel that was the best thing for the users or the community. I asked MariaDB to fix it. Together we have arrived at constraints on the parameters and minimum privileges that will take the new BSL much closer to being one license while still allowing licensors some latitude to choose parameters."
Open Source

LinuxQuestions Users Choose Their Favorite Distro: Slackware (zdnet.com) 145

ZDNet summarizes some of the surprises in this year's poll on LinuxQuestions, "one of the largest Linux groups with 550,000 member". An anonymous reader quotes their report: The winner for the most popular desktop distribution? Slackware...! Yes, one of the oldest of Linux distributions won with just over 16% of the vote. If that sounds a little odd, it is. On DistroWatch, a site that covers Linux distributions like paint, the top Linux desktop distros are Mint, Debian, Ubuntu, openSUSE, and Manjaro. Slackware comes in 28th place... With more than double the votes for any category, it appears there was vote-stuffing by Slackware fans... The mobile operating system race was a runaway for Android, with over 68% of the vote. Second place went to CyanogenMod, an Android clone, which recently went out of business...

Linux users love to debate about desktop environments. KDE Plasma Desktop took first by a hair's breadth over the popular lightweight Xfce desktop. Other well-regarded desktop environments, such as Cinnamon and MATE, got surprisingly few votes. The once popular GNOME still hasn't recovered from the blowback from its disliked design change from GNOME 2 to GNOME 3.

Firefox may struggle as a web browser in the larger world, but on Linux it's still popular. Firefox took first place with 51.7 percent of the vote. Chrome came in a distant second place, with the rest of the vote being divided between a multitude of obscure browsers.

LibreOffice won a whopping 89.6% of the vote for "best office suite" -- and Vim beat Emacs.
Security

Trend Micro's Own Cybersecurity Blog Gets Hacked (silicon.co.uk) 17

Mickeycaskill quotes Silicon: Just to illustrate that you can never be too careful, cybersecurity specialist Trend Micro has confirmed that one of the blogs it uses to communicate with customers was itself the victim of a content spoofing attack. The culprits exploited a vulnerability in WordPress to inject fake content onto the blog before it was removed by Trend Micro and the bug fixed... "Unfortunately there are many different URLs attackers can use to carry out the same attack, so a couple of fake 'articles' ended up posted on CounterMeasures," head of security research Rik Ferguson told Silicon. "We have responded and shut down the vulnerability completely to resolve the issue."
The chairman of Trend Micro claimed in 2011 that open source software was inherently less secure than closed source -- but instead of blaming Wordpress, Ferguson "said it goes to show how breaches are an unfortunate fact of life and that companies should be judged on how they respond... 'Of course technology and best practice can mitigate the vast majority of intrusion attempts, but when one is successful, even one as low-level as this, you are more defined by how you respond than you are by the fact that it happened.'"
Education

Pioneering Data Genius Hans Rosling Passes Away At Age 68 (bbc.com) 53

An anonymous reader writes: On Tuesday, Sweden's prime minister tweeted that Hans Rosling "made human progress across our world come alive for millions," and the public educator will probably best be remembered as the man who could condense 200 years of global history into four minutes. He was a geek's geek, a former professor of global health who "dropped out" because he wanted to help start a nonprofit about data. Specifically, it urged data-based decisions for global development policy, and the Gapminder foundation created the massive Trendalyzer tool which let users build their own data visualizations. Eventually they handed off the tool to Google who used it with open-source scientific datasets. The BBC describes Rosling as a "public educator" with a belief that facts "could correct 'global ignorance' about the reality of the world, which 'has never been less bad.'" Rosling's TED talks include "The Best Data You've Never Seen" and "How Not To Be Ignorant About The World," and in 2015 he also gave a talk titled "How to Beat Ebola." Hans Rosling died Tuesday at age 68.
Hardware Hacking

Reporter Pans Open Source Laptop Kit TERES-I (theverge.com) 133

The Verge's Paul Miller has some harsh words for the $242 open source DIY laptop kit TERES-I from Olimex. Instead of buying one hyper-integrated board that has all of the laptop's brains and I/O on it, you buy several little boards and wire them together. Then you put them inside a mostly finished case built by Olimex -- although if you want to go ultra DIY you can 3D print your own case, too. Everything, from the shell's CAD design to the motherboard's wiring, is available on GitHub for perusal or modification, and the modular nature of the internals means you can add a more powerful chipset or modify just about anything you find unsatisfying about the computer if you have the know-how or if Olimex or others offer compatible parts.

But, unfortunately, almost everything about this laptop is unsatisfying right now. It runs a quad-core ARM64 chip, though x86 and MIPS chips might be offered later on. It has a tiny 11.6-inch screen, a huge bezel, a tiny trackpad, a cramped-looking keyboard, and a whole lot of plastic. The OS (Linux, naturally) runs off a microSD card. At least the LCD comes in a 1080p variant, because the default 1366 x 768 resolution is a real throwback. There's even 802.11n Wi-Fi, which has me questioning what decade it is.

But are there any better alternatives? In the comments share your own thoughts about open source laptop kits.
Firefox

Mozilla Binds Firefox's Fate To The Rust Language (infoworld.com) 236

An anonymous reader quotes InfoWorld: After version 53, Firefox will require Rust to compile successfully, due to the presence of Firefox components built with the language. But this decision may restrict the number of platforms that Firefox can be ported to -- for now... Rust depends on LLVM, which has dependencies of its own -- and all of them would need to be supported on the target platform. A discussion on the Bugzilla tracker for Firefox raises many of these points...

What about proper support for Linux distributions with long-term support, where the tools available on the distro are often frozen, and where newer Rust features might not be available? What about support for Firefox on "non-tier-1" platforms, which make up a smaller share of Firefox users? Mozilla's stance is that in the long run, the pain of transition will be worth it. "The advantage of using Rust is too great," according to maintainer Ted Mielczarek. "We normally don't go out of our way to make life harder for people maintaining Firefox ports, but in this case we can't let lesser-used platforms restrict us from using Rust in Firefox."

InfoWorld points out most Firefox users won't be affected, adding that those who are should "marshal efforts to build out whatever platforms need Rust support." Since most users just want Mozilla to deliver a fast and feature-competitive browser, the article concludes that "The pressure's on not only to move to Rust, but to prove the move was worth it."
Operating Systems

OPNsense 17.1 Released, Based On FreeBSD 11 (phoronix.com) 39

An anonymous reader quotes Phoronix: OPNsense 17.1 is now available as the newest release of this network-focused FreeBSD-based operating system forked from pfSense. It's now been two years since the first official release of OPNsense and to celebrate they have out a big update. OPNsense 17.1 re-bases to using FreeBSD 11.0, there's now a SSH remote installer, new language support, more hardening features used from HardenedBSD, new plugins, integrated authentication via PAM, and many other improvements. Some of the new plug-ins include FTP Proxy, Tinc VPN, and Let's Encrypt support.
This version has been named "Eclectic Eagle".
Microsoft

LibreOffice 5.3 Released, Touted As 'One of the Most Feature-Rich Releases' Ever (omgubuntu.co.uk) 224

An anonymous reader shares a report: A new month, and a brand new version of open-source office suite LibreOffice is now available to download. And what a release it is. LibreOffice 5.3 introduces a number of key new features and continues work on improving the look and feel of the app across all major platforms. The Document Foundation describes LibreOffice 5.3 as "one of the most feature-rich releases in the history of the application." One of the headline features is called MUFFIN interface, a new toolbar design similar to the Microsoft Office Ribbon UI.
Chrome

Google Open-Sources Chrome For iOS (venturebeat.com) 39

Google has uploaded its Chrome for iOS code into the open-source Chromium repository. In other words, Chrome for iOS has now been open-sourced like Chrome for other platforms, letting anyone examine, modify, and compile the project. From a report: Chromium is the open-source Web browser project that shares much of the same code as Google Chrome, and new features are often added there first. Google intended for Chromium to be the name of the open-source project, while the final product name would be Chrome, but developers have taken the code and released versions under the Chromium name. Eventually, many browser makers started using it as a starting point; Opera, for example, switched its browser base to Chromium in 2013. Since its inception, Chromium was a desktop-only affair. That changed in May 2015 with the open-sourcing of Chrome for Android.
AI

Who's Responsible For Accidents Caused By Open Source Self-Driving Car Software? (ieee.org) 114

Here's the problem. "You could download Comma.ai's new open-source Python code from Github, grab the necessary hardware, and follow the company's instructions to add semi-autonomous capabilities to specific Acura and Honda model cars (with more vehicles to follow)," writes IEEE Spectrum. But then who's legally responsible if there's an accident? Long-time Slashdot reader Registered Coward v2 writes: While many legal experts agree OSS is "buyer beware" and that Comma.ai and its CEO Georg Hotz would not be liable, it's a gray area in the law. The software is release under the MIT OSS license and the Read Me contains the disclaimer "This is alpha-quality software for research purposes only... You are responsible for complying with local laws and regulatons." The U.S. Supreme Court, in a series of court cases in the 1990s, ruled open source code as free speech protected under the First Amendment of the U.S. Constitution.

The question is does that release the author(s) from liability. The EU has no EU wide rules on liability in such cases. One open question is even if the person who used the software could not sue, a third party injured by it might be able to since they are not a party to the license agreement.

An EFF attorney told HotHardware "Prosecutors and plaintiffs often urge courts to disregard traditional First Amendment protections in the case of software." But not everyone agrees. "Most legal experts that spoke with IEEE Spectrum -- and Hotz himself -- believe that if you use the company's code and something goes wrong, then it isn't liable for damages. You are."
Android

Do Android Users Still Use Custom Roms? (androidauthority.com) 215

"With all of the drama at CyanogenMod, Android Authority takes a look at the current state of custom ROM development," writes Slashdot reader Thelasko. From the article: The future of CyanogenMod appears uncertain, after the open source ROM was forced to fork under the name Lineage OS. Fortunately there are already other remixed versions of Android available, with some of the most popular being Paranoid Android, Resurrection Remix, and Dirty Unicorns... [But] with each new version of Android, the gap between Android and popular custom ROMs has shrunk, which begs an interesting question: Are custom ROMs even necessary anymore? To answer this, let's take a quick look at the state of custom ROM development as it exists today.
The article points out that mobile virtual reality is "on the verge of becoming mainstream and the wearable market has grown tremendously," asking whether custom firmware will also integrate these newer technologies. But the original submission also asks a question that's closer to home. What custom ROMs do Slashdot users have installed?
Open Source

Free Software Foundation Shakes Up Its List of Priority Projects (networkworld.com) 103

alphadogg quotes Network World: The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas. The foundation has maintained the High Priority Projects list since 2005, when it contained just four free software projects. [That rose to 12 projects by 2008, though the changelog shows at least seven projects have since been removed.] Today's version mostly identifies priority areas, along with a few specific projects in key areas.
The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many."

And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.
Open Source

Raspberry Pi Gets Competitors (hackaday.com) 115

Hackaday reports that Asus has "quietly released their Tinker board that follows the Pi form factor very closely, and packs a 1.8 GHz quad-core ARM Cortes A17 alongside an impressive spec At £55 (about $68) where this is being written it's more expensive than the Pi, but Asus go to great lengths to demonstrate that it is significantly faster."

And though the Raspberry Pi foundation upgraded their Compute Module, Pine64 has just unveiled their new SOPINE A64 64-bit computing module, a smaller version of the $15 Pine64 computer. An anonymous reader quotes ComputerWorld: At $29, the SOPINE A64 roughly matches the price of the Raspberry Pi Compute Module 3, which ranges from $25 to $30. The new SOPINE will ship in February, according to the website. The SOPINE A64 can't operate as a standalone computer like the Pine64. It needs to be plugged in as a memory slot inside a computer. But if you want a full-blown computer, Pine64 also sells the $15 SOPINE Baseboard Model-A, which "complements the SOPINE A64 Compute Module and turns it into a full single board computer," according to the company...

The original Pine64 was crowdsourced and also became popular for its high-end components like a 64-bit chip and DDR3 memory... It has 2GB RAM, which is twice that of Raspberry Pi's compute module. SOPINE also has faster DDR3 memory, superior to DDR2 memory in Raspberry Pi Compute Module 3 board.

Open Source

Will The Death of the PC Bring 'An End To Openness'? (infoworld.com) 501

Slashdot reader snydeq shared "11 Predictions For the Future of Programming" by InfoWorld's contributing editor -- and one prediction was particularly dire: The passing of the PC isn't only the slow death of a particular form factor. It;s the dying of a particularly open and welcoming marketplace... Consoles are tightly locked down. No one gets into that marketplace without an investment of capital. The app stores are a bit more open, but they're still walled gardens that limit what we can do. Sure, they are still open to programmers who jump through the right hoops but anyone who makes a false move can be tossed...

For now, most of the people reading this probably have a decent desktop that can compile and run code, but that's slowly changing. Fewer people have the opportunity to write code and share it. For all of the talk about the need to teach the next generation to program, there are fewer practical vectors for open code to be distributed.

Slashdot Top Deals