DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
GNU is Not Unix

Richard Stallman Interviewed By Bryan Lunduke (youtube.com) 169

Many Slashdot readers know Bryan Lunduke as the creator of the humorous "Linux Sucks" presentations at the annual Southern California Linux Exposition. He's now also a member of the OpenSUSE project board and an all-around open source guy. (In September, he released every one of his books, videos and comics under a Creative Commons license, while his Patreon page offers a tip jar and premiums for monthly patrons). But now he's also got a new "daily computing/nerd show" on YouTube, and last week -- using nothing but free software -- he interviewed the 64-year-old founder of the Free Software Foundation, Richard Stallman. "We talk about everything from the W3C's stance on DRM to opinions on the movie Galaxy Quest," Lunduke explains in the show's notes.

Click through to read some of the highlights.
GNOME

GNOME 3.24 Released (softpedia.com) 118

prisoninmate quotes a report from Softpedia: GNOME 3.24 just finished its six-month development cycle, and it's now the most advanced stable version of the modern and popular desktop environment used by default in numerous GNU/Linux distributions. It was developed since October 2016 under the GNOME 3.23.x umbrella, during which it received numerous improvements. Prominent new features of the GNOME 3.24 desktop environment include a Night Light functionality that promises to automatically shift the colors of your display to the warmer end of the spectrum after sunset, and a brand-new GNOME Control Center with redesigned Users, Keyboard and Mouse, Online Accounts, Bluetooth, and Printer panels. As for the GNOME apps, we can mention that the Nautilus file manager now lets users browse files as root (system administrator), GNOME Photos imitates Darktable's exposure and blacks adjustment tool, GNOME Music comes with ownCloud integration and lets you edit tags, and GNOME Calendar finally brings the Week view. New apps like GNOME Recipes are also part of this release. The full release notes can be viewed here. Softpedia notes in conclusion: "As mentioned before, it will take at least a couple of weeks for the new GNOME 3.24 packages to land on the stable repositories of your favorite distro, which means that you'll most probably be able to upgrade from GNOME 3.22 when the first point release, GNOME 3.24.1, is out on April 12, 2017."
Privacy

Notepad++ Update Fixes 'CIA Hacking' Issue (archive.org) 82

Free software Notepad++ (released under the GNU General Public License) received a new update this week which was announced under the headline "Fix CIA Hacking Notepad++ Issue". The CIA documents in WikiLeaks' 'Vault 7' included a "Notepad++ DLL Hijack" document which affected the popular Windows editor for text and source code. "It's not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it," reads the announcement. From the Notepad++ web site: If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch. Checking the certificate of DLL makes it harder to hack.

Note that once users' PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.

The update also includes "a lot of enhancements and bug-fixes," and if no critical issues are found, "Auto-updater will be triggered in few days."
Firefox

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018 (softpedia.com) 91

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.
Mozilla

After 19 Years, DMOZ Will Close, Announces AOL 60

Its volunteer-edited web directory formed the basis for early search offerings from Netscape, AOL, and Google. But 19 years later, there's some bad news. koavf writes: As posted on the DMOZ homepage, the Open Directory Project's web listing will go offline on March 14, 2017. Founded in 1998 as "Gnuhoo", the human-curated directory once powered Google and served as a model for Wikipedia.
A 1998 Slashdot editorial prompted Richard Stallman and the Free Software Foundation to complain about how "Gnu" was used in the site's name. "We renamed GnuHoo to NewHoo," a blog post later explained, "but then Yahoo objected to the 'Hoo' (and our red letters, exclamation point, and 'comical font')." After being acquired for Netscape's "Open Directory Project," their URL became directory.mozilla.org, which was shortened to DMOZ. Search Engine Land predicts the memory of the Open Directory Project will still be kept alive by the NOODP meta tag.

The site was so old that its hierarchical categories were originally based on the hierarchy of Usenet newsgroups. As it nears its expiration date, do any Slashdot readers have thoughts or memories to share about DMOZ?
Debian

Mozilla Thunderbird Finally Makes Its Way Back Into Debian's Repos (softpedia.com) 47

prisoninmate quotes a report from Softpedia: A year ago, we told you that, after ten long years, the Debian Project finally found a way to switch their rebranded Iceweasel web browser back to Mozilla Firefox, both the ESR (Extended Support Release) and normal versions, but one question remained: what about the Mozilla Thunderbird email, news, and calendar client? Well, that question has an official answer today, as the Mozilla Thunderbird packages appear to have landed in the Debian repositories as a replacement for Icedove, the rebranded version that Debian Project was forced to use for more than ten years due to trademark issues. "Thunderbird is back in Debian! We also renamed other related packages to use official names, e.g. iceowl-extension -> lightning. For now, we need testers to catch existing issues and things we haven't seen until now," said Christoph Goehre in the mailing list announcement. You can find out how to migrate your Icedove profiles to Thunderbird via Softpedia's report.
GNU is Not Unix

KDE Plasma 5.9 Released (softpedia.com) 89

KDE has announced the release and general availability of the KDE Plasma 5.9 desktop environment for GNU/Linux operating systems. While it only took a few months to develop and isn't a long-term supported (LTS) version like KDE Plasma 5.8, the update does have several new features and improving Wayland support. Softpedia reports: Probably the most important one, which will make many KDE users upgrade from KDE Plasma 5.8 LTS or previous versions, is the return of Global Menus, a feature that was available in the KDE 4 series of the desktop environment. Only now, after numerous requests from users, did the KDE developers manage to implement Global Menus again in KDE Plasma 5.9. Quite a multitude of improvements have landed in the KDE Plasma 5.9 desktop environment for those who use the next-generation Wayland display server. These include the ability to take screenshots, support for using the color picker, implementation of borderless maximized windows for full-screen support, and support for dragging apps by clicking on an empty area of the user interface using the Breeze style. KDE Plasma Wayland support allows users to set color schemes for windows, which may come in handy for accessibility, implements auto-hide support for panels, and properly displays the window icon on the panel when using X11 apps. Moreover, there's now a new settings tool for configuring touchpads, which you can see in action in the second video attached below. Wayland users can also set up gestures and relative motions. KDE Plasma 5.9 also adds several cool new tools that promise to enhance your productivity. For example, you'll be able to drag a screenshot taken with the Spectacle utility from the notification pop-up straight into a web browser form, chat window, or email composer. There's also a brand-new drag and drop functionality that lets you add widgets directly to the system tray area, and it's now possible to add widgets directly from the full-screen Application Dashboard launcher. KRunner actions like "Open containing folder" and "Run in Terminal" are now displayed in the application launchers for search results powered by KRunner, of course, and there's now a new applet that lets users group multiple widgets together in a single one. You can read the announcement and download KDE Plasma 5.9 via their website.
Programming

C++ Creator Wants To Solve 35-Year-Old Generic Programming Issues With Concepts (cio.com) 339

C++ creator Bjarne Stroustrup is arguing that we can improve code by grounding generic programming in concepts -- what's required by a template's arguments. An anonymous reader quotes Paul Krill's report on a new paper by Stroustrup: In concepts, Stroustrup sees the solution to the interface specification problem that has long dogged C++, the language he founded more than 35 years ago. "The way we write generic code today is simply too different from the way we write other code," Stroustrup says... Currently an ISO technical specification, concepts provide well-specified interfaces to templates without runtime overhead. Concepts, Stroustrup writes, are intended to complete C++'s support for generic programming as initially envisioned. "The purpose of concepts is to fundamentally simplify and improve design. This leads to fewer bugs and clearer -- often shorter -- code"...

Concepts, Stroustrup believes, will greatly ease engineers' ability to write efficient, reliable C++ code... The most obvious effect will be a massive improvement in the quality of error messages, but the most important long-term effect will be found in the flexibility and clarity of code, Stroustrup says. "In particular, having well-specified interfaces allows for simple, general and zero-overhead overloading of templates. That simplifies much generic code"

Concepts are already available in GNU C Compiler 6.2, and Stroustrup wants them to be included in C++ 20. "In my opinion, concepts should have been part of C++ 17, but the committee couldn't reach consensus on that."
Open Source

Free Software Foundation Shakes Up Its List of Priority Projects (networkworld.com) 103

alphadogg quotes Network World: The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas. The foundation has maintained the High Priority Projects list since 2005, when it contained just four free software projects. [That rose to 12 projects by 2008, though the changelog shows at least seven projects have since been removed.] Today's version mostly identifies priority areas, along with a few specific projects in key areas.
The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many."

And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.
Operating Systems

Richard Stallman Acknowledges Libreboot Is No Longer A Part of GNU (gnu.org) 397

Libreboot became an official GNU project in May. Now an anonymous Slashdot reader writes: Richard Stallman has officially announced that Libreboot is no longer a GNU package. The maintainer of Libreboot had tried to leave the GNU project in September 2016, but the departure was not acknowledged until January 2017. Libreboot is a replacement for proprietary BIOS systems, effectively a distribution of coreboot without any binary blobs and adding an automated build/install process.
In the post titled "Goodbye to GNU Libreboot," Stallman wrote that "When a package's maintainer steps down, that doesn't by itself break the relationship between GNU and the package. If it is left without a maintainer but is still useful, the GNU Project will usually look for new maintainers to work on it. However, we can instead drop ties with the package, if that seems the right thing to do.

"A few months ago, the maintainer of GNU Libreboot decided not to work on Libreboot for the GNU Project any more. That was her decision to make. She also asserted that Libreboot was no longer a GNU package -- something she could not unilaterally do. The GNU Project had to decide what to do in regard to Libreboot. We have decided to go along with the former GNU maintainer's wishes in this case, for a combination of reasons: (1) it had not been a GNU package for very long, (2) she was the developer who had originally made it a GNU package, and (3) there were no major developers who wanted to continue developing Libreboot under GNU auspices."
Desktops (Apple)

Raspberry Pi's Linux-Based PIXEL Desktop Now Available For PC and Mac (betanews.com) 50

From a report on BetaNews: If you own a Raspberry Pi, you're probably familiar with PIXEL. The desktop environment is included in the Raspbian OS. The Raspberry Pi Foundation describes PIXEL as the "GNU/Linux we would want to use" and understandably so. It offers a smart, clean interface, a decent selection of software, the Chromium web browser with plug-ins, and more -- and from today it's available for PC and Mac. The version of Debian+PIXEL for x86 platforms is described as "experimental" but having taken it for a spin, it seems pretty stable to me. To run PIXEL on your PC or Mac, download the image, burn it onto a DVD or flash it onto a USB memory stick, and boot from it. The desktop environment will load ready for use.
Security

Does Code Reuse Endanger Secure Software Development? (threatpost.com) 148

msm1267 quotes ThreatPost: The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It's a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off approach with the code they host. This scenario allows attackers to target one overlooked component flaw used in millions of applications instead of focusing on a single application security vulnerability.

The real-world consequences have been demonstrated in the past few years with the Heartbleed vulnerability in OpenSSL, Shellshock in GNU Bash, and a deserialization vulnerability exploited in a recent high-profile attack against the San Francisco Municipal Transportation Agency. These are three instances where developers reuse libraries and frameworks that contain unpatched flaws in production applications... According to security experts, the problem is two-fold. On one hand, developers use reliable code that at a later date is found to have a vulnerability. Second, insecure code is used by a developer who doesn't exercise due diligence on the software libraries used in their project.

That seems like a one-sided take, so I'm curious what Slashdot readers think. Does code reuse endanger secure software development?
Firefox

Mozilla Releases Firefox 50 (softpedia.com) 127

Mozilla has begun seeding the binary and source packages of the final release of Firefox 50 web browser on all supported platforms, including GNU/Linux and macOS. From a report on Softpedia: We have to admit that we expected to see some major features and improvements, but that hasn't happened. The biggest new feature of the Firefox 50.0 release appears to be emoji for everyone. That's right, the web browser now ships with built-in emoji for GNU/Linux distributions, as well as other operating systems that don't include native emoji fonts by default, such as Windows 8.0 and previous versions. Also new, Firefox 50.0 now shows lock icon strikethrough for web pages that offer insecure password fields. Another interesting change that landed in the Mozilla Firefox 50.0 web browser is the ability to cycle through tabs in recently used order using the Ctrl+Tab keyboard shortcut. Moreover, it's now possible to search for whole words only using the "Find in page" feature. Last but not the least, printing was improved as well by using the Reader Mode, which now uses the accel-(opt/alt)-r keyboard shortcut, the Guarana (gn) locale is now supported, the rendering of dotted and dashed borders with rounded corners (border-radius) has been fixed as well.
GNU is Not Unix

Debian GNU/Linux 9 'Stretch' Installer Gets GNU Screen, Linux Kernel 4.7 Support (softpedia.com) 58

"Debian developer Cyril Brulebois was pleased to announce this past weekend the release and immediate availability of the eighth Alpha development snapshot of the Debian GNU/Linux 9 'Stretch' installer," reports Softpedia. An anonymous reader quotes their article: It's been four long months since Alpha 7 of Debian GNU/Linux 9 "Stretch" hit the testing channels back in July, but the wait was worth it as the Alpha 8 release adds a huge number of changes, starting with initial support for the GNU Screen terminal multiplexer and lots of debootstrap fixes, which now defaults to merged-/usr.

"debootstrap now defaults to merged-/usr, that is with /bin, /sbin, /lib* being symlinks to their counterpart in /usr (more details on: https://lists.debian.org/debian-devel/2016/09/msg00269.html)," wrote Cyril Brulebois in the mailing list announcement, where it states that default debootstrap mirror was switched to deb.debian.org.

Ubuntu

Ubuntu Budgie Is Now An Official Ubuntu Flavor (softpedia.com) 49

prisoninmate writes from a report via Softpedia: After two successful major releases, budgie-remix has finally been accepted as an official Ubuntu flavor, earlier today during a meeting where four Canonical technicians voted positive. As such, we're extremely happy to inform our readers that the new Ubuntu flavor is called Ubuntu Budgie. In April this year, when budgie-remix hit the road towards its first major release, versioned 16.04, we reported that David Mohammed was kind enough to inform Softpedia about the fact that he got in touch with Ubuntu MATE leader Martin Wimpress, who urged the developer to target Ubuntu 16.10 for an official status. budgie-remix 16.10 arrived as well this fall shortly after the release of Ubuntu 16.10 (Yakkety Yak), and the dream of becoming an official Ubuntu flavor is now a reality. Re-branding of the official website and the entire distribution is ongoing. "We now move full steam ahead and look forward to working with the Ubuntu Develop Membership Board to examine and work through the technical aspects [...] 17.04 will be our first official release under the new name," said David Mohammed in the announcement.
Open Source

Linux Kernel 4.7 Reaches End of Life, Users Urged To Move To Linux 4.8 (softpedia.com) 77

prisoninmate writes: The Linux 4.7 kernel branch officially reached end of life, and it has already been marked as EOL on the kernel.org website, which means that the Linux kernel 4.7.10 maintenance update is the last one that will be released for this branch. It also means that you need to either update your system to the Linux 4.7.10 kernel release or move to a more recent kernel branch, such as Linux 4.8. In related news, Linux kernel 4.8.4 is now the latest stable and most advanced kernel version, which is already available for users of the Solus and Arch Linux operating systems, and it's coming soon to other GNU/Linux distributions powered by a kernel from the Linux 4.8 series. Users are urged to update their systems as soon as possible.
GNU is Not Unix

KDE Turns 20, Happy Birthday! (softpedia.com) 127

prisoninmate writes from Softpedia: Can you believe it's been 20 years since the KDE (Kool Desktop Environment) was announced on the 14th of October, 1996, by project founder Matthias Ettrich? Well, it has, and today we'd like to say a happy 20th birthday to KDE! "On October 14, KDE celebrates its 20th birthday. The project that started as a desktop environment for Unix systems, today is a community that incubates ideas and projects which go far beyond desktop technologies. Your support is very important for our community to remain active and strong," reads the timeline page prepared by the KDE project for this event. Feel free to share your KDE experiences in a comment below! You can read the announcement "that started the revolution of the modern Linux desktop," as well as view the timeline "prepared by the KDE team for this unique occasion."
Open Source

Physically-Secure 'ORWL' Computer Expands Its Open Source Policy (crowdsupply.com) 68

Last month DESIGN Shift successfully crowdfunded their physically-secure (and open source) ORWL computer. But this week long-time Slashdot reader Dr. Crash raised concerns that "releasing only the equivalent of 'assembly code' (PDFs of the schematic, Gerber files) and requiring an NDA for the BIOS and mechanical security just doesn't cut it... " Slashdot contacted the company, which two hours ago posted a response: After feedback from some of you and more internal discussion, we've decided to open the schematics source files under CC-BY-NC-SA 4.0... Our reasoning is that the benefit of being able to much more easily inspect the inner workings of ORWL far outweighs the minimal risk of infringement by a third party. Even if a third party does decide to copy ORWL for profit, they would quickly discover the real work is in the layout, not the schematic, as is the case in most hardware...

[T]he firmware will be licensed under GPL 3 rather than CC-BY-SA 4.0. This change is in line with the Creative Commons's own recommendations regarding software licensing. We also realized that some of our firmware uses libraries provided under NDA. We will clearly identify which components are protected under NDA and how to go about securing such an NDA.

They've already released a .zip file of their schematics, and in addition announced that "we're committing to opening the PCB layout sources once we've sold a total of 3,000 ORWL unit." Their announcement includes a link for feedback from the community.
Software

Emacs and Vim Combined In New 'Spacemacs' Distro (spacemacs.org) 130

Long-time Slashdot reader Qbertino brings news of a new text editor offering what he calls "a modern, hipster-compliant makeover" of both Emacs and Vim: As a classic, perhaps the classic GNU project, Emacs has been marred by abysmal branding and marketing...that has improved slightly but might still leave some people unsatisfied [and] has also been engulfed in an eternal war with Vim, the editor of the beast. Mope no further, salvation is nigh! Spacemacs is a new Emacs distribution that aims to combine all the goodies of Emacs and Vim and then some...
Version .2 of Spacemacs was released this week "with more than 1700 commits since the last major version released in January 2016." With nearly 500 contributors on GItHub, Spacemacs plans to be "crowd-configured" with "curated packages tuned by power users," and is offering features like a real-time display of available key bindings, a simple query system for layers and packages, and of course, a clearly defined set of conventions.

Slashdot Top Deals