Forgot your password?

Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros 144

Posted by timothy
from the holes-to-plug dept.
According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple's iOS (and which Apple has since fixed). Says the article:"The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical 'goto fail' flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug." And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.
Open Source

GNU C Library Alternative Musl Libc Hits 1.0 Milestone 134

Posted by Unknown Lamer
from the dept.
New submitter dalias (1978986) writes "The musl libc project has released version 1.0, the result of three years of development and testing. Musl is a lightweight, fast, simple, MIT-licensed, correctness-oriented alternative to the GNU C library (glibc), uClibc, or Android's Bionic. At this point musl provides all mandatory C99 and POSIX interfaces (plus a lot of widely-used extensions), and well over 5000 packages are known to build successfully against musl.

Several options are available for trying musl. Compiler toolchains are available from the musl-cross project, and several new musl-based Linux distributions are already available (Sabotage and Snowflake, among others). Some well-established distributions including OpenWRT and Gentoo are in the process of adding musl-based variants, and others (Aboriginal, Alpine, Bedrock, Dragora) are adopting musl as their default libc."
The What's New file contains release notes (you have to scroll to the bottom). There's also a handy chart comparing muscl to other libc implementations: it looks like musl is a better bet than dietlibc and uclibc for embedded use.

OpenShift Now Supports Windows; GoDaddy Joins OpenStack 19

Posted by Unknown Lamer
from the didn't-see-that-one-coming dept.
sfcrazy writes "It's not The Onion: Red Hat has partnered with Uhuru Software to bring Microsoft .NET Apps and SQL server capabilities to Red Hat's Platform-as-a-Service solution OpenShift." This brings OpenShift to Windows, and not .NET applications to GNU/Linux OpenShift installations. RedHat customers have apparently been asking for this for a while. The source is available: "The consistent model for managing both Linux and Windows systems that OpenShift provides allow organizations to achieve greater efficiency and agility. Windows is now a full-fledged member of the Open Source world of OpenShift. In keeping with the spirit of Open Source, Uhuru has made all of its OpenShift integration software for Windows available to the community and is working to have it officially integrated into OpenShift Origin."

In related news (OpenShift is usually used on top of OpenStack), darthcamaro writes "The OpenStack cloud platform keeps on gaining new converts. The latest is GoDaddy which today announced it is now officially supporting the OpenStack Foundation. How GoDaddy came to officially join the OpenStack Foundation is interesting, apparently the OpenStack Foundation found out that GoDaddy was using OpenStack though job postings."

Experimental Port of Debian To OpenRISC 56

Posted by Unknown Lamer
from the building-rms-a-new-laptop dept.
Via Phoronix comes news that Debian has been ported to the OpenRISC architecture by Christian Svensson. Quoting his mailing list post: "Some people know that I've been working on porting Glibc and doing some toolchain work. My evil master plan was to make a Debian port, and today I'm a happy hacker indeed! ... If anyone want to try this on real hardware (would be very cool to see how this runs IRL), ping me on IRC [#openrisc on freenode] and I'll set you up with instructions how to use debootstrap - just point to a repo with the debs and you're all set, the wonders of binary distributions." For those who don't know, OpenRISC is the completely open source RISC processor intended as the crown jewel of the Opencores project. A working port of glibc and a GNU/Linux distribution is a huge step toward making use of OpenRISC practical. There's a screencast of the system in action, and source on Github (at posting time, it was a month out of date from the looks of it). Christian Svensson's Github account also has repos for the rest of the toolchain.
GNU is Not Unix

Interview: Ask Richard Stallman What You Will 480

Posted by samzenpus
from the go-ahead-and-ask dept.
Richard Stallman (RMS) founded the GNU Project in 1984, the Free Software Foundation in 1985, and remains one of the most important and outspoken advocates for software freedom. He now spends much of his time fighting excessive extension of copyright laws, digital restrictions management, and software patents. RMS has agreed to answer your questions about GNU/Linux, how GNU relates to Linux the kernel, free software, why he disagrees with the idea of open source, and other issues of public concern. As usual, ask as many as you'd like, but please, one question per post.
Open Source

Louis Suarez-Potts Talks About Making Money with FOSS (Video) 33

Posted by Roblimo
from the bringing-free-and-open-software-to-the-masses dept.
Louis Suarez-Potts has been community manager for OpenOffice since it was sponsored by Sun Microsystems. He's still working with OpenOffice now that it's under the Apache Foundation umbrella. He also has a business going, along with several other long-time Free and Open Source boosters, called Age of Peers. They say it's "a collective forum for consultants, practitioners and boutique agencies, to collaborate on a bigger picture. We mix these ingredients in an organization built to foster collaboration, and harness creative cooperation into powerful new ideas." The company is focused on Open Source developers and companies, and often doesn't charge startups or individual developers for their services. They will be doing a live Google Hangout interview on March 5 that might give you some ideas about how to start, manage, and market an Open Source project -- even if you have no money to spend, which many people who have good ideas do not, at least when they get started. (Alternate video URL)
Operating Systems

Plan 9 From Bell Labs Operating System Now Available Under GPLv2 223

Posted by Soulskill
from the still-kicking dept.
TopSpin writes "Alcatel-Lucent has authorized The University of California, Berkeley to 'release all Plan 9 software previously governed by the Lucent Public License, Version 1.02 under the GNU General Public License, Version 2.' Plan 9 was developed primarily for research purposes as the successor to Unix by the Computing Sciences Research Center at Bell Labs between the mid-1980s and 2002. Plan 9 has subsequently emerged as Inferno, a commercially supported derivative, and ports to various platforms, including a recent port to the Raspberry Pi. In Plan 9, all system interfaces, including those required for networking and the user interface, are represented through the file system rather than specialized interfaces. The system provides a generic protocol, 9P, to perform all communication with the system, among processes and with network resources. Applications compose resources using union file systems to form isolated namespaces."
GNU is Not Unix

GNU Hurd Gets Improvements: User-Space Driver Support and More 163

Posted by samzenpus
from the now-even-better dept.
jones_supa writes "At FOSDEM 2014 some recent developments of GNU Hurd were discussed (PDF slides). In the name of freedom, GNU Hurd has now the ability to run device drivers from user-space via the project's DDE layer. Among the mentioned use-cases for the GNU Hurd DDE are allowing VPN traffic to just one application, mounting one's own files, redirecting a user's audio, and more flexible hardware support. You can also run Linux kernel drivers in Hurd's user-space. Hurd developers also have working IDE support, X.Org / graphics support, an AHCI driver for Serial ATA, and a Xen PV DomU. Besides the 64-bit support not being in a usable state, USB and sound support is still missing. As some other good news for GNU Hurd, around 79% of the Debian archive is now building for GNU Hurd, including the Xfce desktop (GNOME and KDE soon) and Firefox web browser."
GNU is Not Unix

LLVM & GCC Compiler Developers To Begin Collaborating 279

Posted by timothy
from the integration-nation dept.
An anonymous reader writes "While RMS is opposed to LLVM over its BSD-like license rather than the GPL, LLVM/Clang and GCC developers have agreed to try to start cooperating in an "open compiler initiative" to jointly tackle common issues that plague both compilers and issues that can be better served by working together rather than creating fragmentation between the two popular open-source compilers."

Adobe Flash Remote Code Execution Flaw Exploited In the Wild 187

Posted by Unknown Lamer
from the malware-disguised-as-boring-game dept.
An anonymous reader writes "Adobe has released an emergency patch for a critical vulnerability affecting Flash Player for Windows, Linux, and OS X, the exploitation of which can result in an attacker gaining remote control of the victims' systems. The flaw is being actively exploited in the wild, but apart from crediting its discovery to researchers Alexander Polyakov and Anton Ivanov of Kaspersky Labs, no details about the ongoing attack has been shared." They even updated the explicitly unsupported NPAPI GNU/Linux version.
Open Source

FSF's Richard Stallman Calls LLVM a 'Terrible Setback' 1098

Posted by Soulskill
from the they-can-compile-our-source-but-they'll-never-compile-our-freedom dept.
An anonymous reader writes "Richard Stallman has called LLVM a terrible setback in a new mailing list exchange over GCC vs. Clang. LLVM continues to be widely used and grow in popularity for different uses, but it's under a BSD-style license rather than the GPL. RMS wrote, 'For GCC to be replaced by another technically superior compiler that defended freedom equally well would cause me some personal regret, but I would rejoice for the community's advance. The existence of LLVM is a terrible setback for our community precisely because it is not copylefted and can be used as the basis for nonfree compilers — so that all contribution to LLVM directly helps proprietary software as much as it helps us.'"

Valve Offers Free Subscription To Debian Developers: Paying It Forward 205

Posted by samzenpus
from the a-little-something-for-you dept.
sfcrazy writes "Valve Software, the makers of Steam OS, is already winning praise from the larger free and open source community – mainly because of their pro-community approach. Now the company is 'giving back' to Debian by offering free subscription to Debian developers. This subscription will offer full access to current and future games produced by Valve. Since Steam OS is based on Debian GNU/Linux it's a nice way for Valve to say 'thank you' to Debian developers."

Valve Working on GNU/Linux Native Open Source OpenGL Debugger 88

Posted by Unknown Lamer
from the four-dee-graphics dept.
jones_supa writes "OpenGL debugging has always lagged behind DirectX, mainly because of the excellent DX graphics debugging tools shipping with Visual Studio and GL being left with APITrace. Valve's Linux initiatives are making game companies to think about OpenGL, and the video game company wants to create a good open source OpenGL debugger to improve the ecosystem. AMD and Nvidia have already expressed interest in helping them out. Valve has been developing VOGL mostly on Ubuntu-based distributions under Qt Creator. The software currently supports tracing OpenGL 1.0 through 3.3 (core and compatibility), and is expected to eventually support OpenGL 4.x. Many more details on VOGL can be found at Valve's Rich Geldreich's blog." This looks much nicer than BuGLe. Valve is using Mercurial for version control and they plan to throw it up on bitbucket under an unspecified open source license soon. It works with clang and gcc, but debugging with gcc is currently very slow (hopefully something that can be fixed once the source is available and the gcc hackers can see what's going on). The tracer's internal binary log format can be converted into JSON for use with other tools as well.

GNU Guile Scheme Gets a Register VM and CPS-Based IL 42

Posted by Unknown Lamer
from the lisp-hacker-does-weird-thing-for-fun dept.
In late November, Andy Wingo pushed a new register VM to Guile's (the GNU implementation of the Scheme language) master branch. It brought a number of performance improvements, but led to a bit of a conceptual mismatch between the compiler's direct-style intermediate language and the virtual machine. Earlier this week Andy Wingo announced a new continuation-passing style intermediate language for Guile. From the article: "To recap, we switched from a stack machine to a register machine because, among other reasons, register machines can consume and produce named intermediate results in fewer instructions than stack machines, and that makes things faster. To take full advantage of this new capability, it is appropriate to switch at the same time from the direct-style intermediate language (IL) that we had to an IL that names all intermediate values. ... In Guile I chose a continuation-passing style language. ... Guile's CPS language is composed of terms, expressions, and continuations. It was heavily inspired by Andrew Kennedy's 'Compiling with Continuations, Continued' paper. ... The optimizations I have currently implemented for CPS are fairly basic. Contification was tricky. One thing I did recently was to make all non-tail $call nodes require $kreceive continuations; if, as in the common case, extra values were unused, that was reflected in an unused rest argument. This required a number of optimizations to clean up and remove the extra rest arguments for other kinds of source expressions: dead-code elimination, the typical beta/eta reduction, and some code generation changes." The article describes the CPS language provided by Guile and explains the reasons behind choosing CPS over SSA or A-Normal Form. The Guile manual contains draft documentation. The new VM and Intermediate Language will be released with Guile 2.2, which should be out later this year.

Coca-Cola Reserves a Massive Range of MAC Addresses 371

Posted by timothy
from the maytag-and-starbucks-champing-at-bit dept.
An anonymous reader writes "GNU MacChanger's developer has found by chance that The Coca-Cola company got a range of MAC addresses allocated at the OUI, the IEEE Registration Authority in charge of managing the MAC addresses spectrum. What would Coca-Cola want around 16 million MAC addresses reserved? What are they planning to use them for? Could this part of a strategy around the Internet-of-things concept?"
GNU is Not Unix

Emacs Needs To Move To GitHub, Says ESR 252

Posted by timothy
from the this-way-to-the-bazaar dept.
hypnosec writes "Eric S. Raymond, co-founder of the Open Source Initiative, has recommended that Emacs should move to another version control system like GitHub, as bzr is dying. In an email, Raymond highlighted the key reasons why he believes that Emacs should move. Raymond said that bzr is moribund; its dev list has flatlined; and most of Canonical's in-house projects have already abandoned bzr and moved to GitHub. ESR believes that bzr's codebase is sufficiently mature to be used as a production tool, but he does mention that continuing to use the revision control system will have 'social and signaling effects damaging to Emacs's prospects.'" Update: 01/06 20:50 GMT by U L : ESR did not suggest Github the proprietary hosting platform for git, but rather git the version control system. Which is actually already available on Savannah (the bazaar repository is automatically synced with the git repository).
Classic Games (Games)

Prince of Persia Level Editor 'Apoplexy' Reaches 2.0 44

Posted by timothy
from the add-your-high-school dept.
An anonymous reader writes "Last year, Jordan Mechner, the creator of the Prince of Persia video game franchise, released the long-thought-lost original Apple II source code for Prince of Persia. Today marks the release of version 2.0 of apoplexy, the free and open-source level editor of Prince of Persia for DOS. Roughly 5.5 years after its initial release, support has been added for editing Prince of Persia 2 levels in both GNU/Linux and Windows. The game has its 25th anniversary next year, but the original trilogy only has a (very) small fan community. Will old games such as this also interest future generations or will they gradually lose their appeal because of technological advances?"

GNU Octave Gets a GUI 166

Posted by timothy
from the grumblers-gonna-grumble dept.
jones_supa writes "GNU Octave — the open source numerical computation suite compatible with MATLAB — is doing very well. The new 3.8 release is a big change, as it brings a graphical user interface, a feature which has long been requested by users. It is peppered with OpenGL acceleration and uses the super fast FLTK toolkit for widgets. The CLI interface still remains available and GNUplot is used as a fallback in cases where OpenGL or FLTK support is not available. Other changes to Octave 3.8 are support for nested functions with scoping rules, limited support for named exceptions, new regular expressions, a TeX parser for the FLTK toolkit, overhauls to many of the m-files, function rewrites, and numerous other changes and bug fixes."

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.