GNU is Not Unix

Serious Network Function Vulnerability Found In Glibc 208

Posted by Soulskill
from the audits-finding-gold dept.
An anonymous reader writes: A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors.
Graphics

Ask Slashdot: GPU of Choice For OpenCL On Linux? 109

Posted by timothy
from the discriminating-tastes dept.
Bram Stolk writes So, I am running GNU/Linux on a modern Haswell CPU, with an old Radeon HD5xxx from 2009. I'm pretty happy with the open source Gallium driver for 3D acceleration. But now I want to do some GPGPU development using OpenCL on this box, and the old GPU will no longer cut it. What do my fellow technophiles from Slashdot recommend as a replacement GPU? Go NVIDIA, go AMD, or just use the integrated Intel GPU instead? Bonus points for open sourced solutions. Performance not really important, but OpenCL driver maturity is.
GNU is Not Unix

Librem: a Laptop Custom-Made For Free/Libre Software 229

Posted by timothy
from the asymptotic-development dept.
Bunnie Huang's Novena laptop re-invents the laptop with open source (and Free software) in mind, but the hackability that it's built for requires a fair amount of tolerance on a user's part for funky design and visible guts. New submitter dopeghost writes with word of the nearly-funded (via Crowd Supply) Librem laptop, a different kind of Free-software machine using components "specifically selected so that no binary blobs are needed in the Linux kernel that ships with the laptop." Made from high quality components and featuring a MacBook-like design including a choice of HiDPI screen, the Librem might just be the first laptop to ship with a modern Intel CPU that is not locked down to require proprietary firmware.

Richard M. Stallman, president of the FSF, said, "Getting rid of the signature checking is an important step. While it doesn't give us free code for the firmware, it means that users will really have control of the firmware once we get free code for it."
Unlike some crowdfunding projects, this one is far from pie-in-the-sky, relying mostly on off-the-shelf components, with a planned shipping date in Spring of this year: "Purism is manufacturing the motherboard, and screen printing the keyboard. Purism is sourcing the case, daughter cards, memory, drives, battery, camera, and screen."
Android

The Free Educational Software GCompris Comes To Android 75

Posted by timothy
from the approved-for-all-ages dept.
New submitter xarma writes GCompris is a reference in its category on GNU/Linux but also on Windows. Its development started in 2000 in Gtk+. Last year the development team, willing to address the tablet and PC users from a single code base, took the hard decision to fully rewrite it in Qt Quick. The new version is now developed under the KDE community umbrella. After one year of work, a first release has been shipped on the Android play store. Continuing on its original funding approach, it remains free software but requires a fee on proprietary platforms.
Open Source

Systemd's Lennart Poettering: 'We Do Listen To Users' 551

Posted by Soulskill
from the disagreeing-is-not-ignoring dept.
M-Saunders writes: Systemd is ambitious and controversial, taking over a large part of the GNU/Linux base system. But where did it come from? Even Red Hat wasn't keen on it at the start, but since then it has worked its way into almost every major distro. Linux Voice talks to Lennart Poettering, the lead developer of Systemd, about its origins, its future, its relationship with Upstart, and handling the pressures of online flamewars.
Programming

Red Hat Engineer Improves Math Performance of Glibc 226

Posted by Soulskill
from the performance-enhancing-devs dept.
jones_supa writes: Siddhesh Poyarekar from Red Hat has taken a professional look into mathematical functions found in Glibc (the GNU C library). He has been able to provide an 8-times performance improvement to slowest path of pow() function. Other transcendentals got similar improvements since the fixes were mostly in the generic multiple precision code. These improvements already went into glibc-2.18 upstream. Siddhesh believes that a lot of the low hanging fruit has now been picked, but that this is definitely not the end of the road for improvements in the multiple precision performance. There are other more complicated improvements, like the limitation of worst case precision for exp() and log() functions, based on the results of the paper Worst Cases for Correct Rounding of the Elementary Functions in Double Precision (PDF). One needs to prove that those results apply to the Glibc multiple precision bits.
Robotics

What Happens To Society When Robots Replace Workers? 628

Posted by Soulskill
from the fewer-wrong-orders-at-the-drivethru dept.
Paul Fernhout writes: An article in the Harvard Business Review by William H. Davidow and Michael S. Malone suggests: "The "Second Economy" (the term used by economist Brian Arthur to describe the portion of the economy where computers transact business only with other computers) is upon us. It is, quite simply, the virtual economy, and one of its main byproducts is the replacement of workers with intelligent machines powered by sophisticated code. ... This is why we will soon be looking at hordes of citizens of zero economic value. Figuring out how to deal with the impacts of this development will be the greatest challenge facing free market economies in this century. ... Ultimately, we need a new, individualized, cultural, approach to the meaning of work and the purpose of life. Otherwise, people will find a solution — human beings always do — but it may not be the one for which we began this technological revolution."

This follows the recent Slashdot discussion of "Economists Say Newest AI Technology Destroys More Jobs Than It Creates" citing a NY Times article and other previous discussions like Humans Need Not Apply. What is most interesting to me about this HBR article is not the article itself so much as the fact that concerns about the economic implications of robotics, AI, and automation are now making it into the Harvard Business Review. These issues have been otherwise discussed by alternative economists for decades, such as in the Triple Revolution Memorandum from 1964 — even as those projections have been slow to play out, with automation's initial effect being more to hold down wages and concentrate wealth rather than to displace most workers. However, they may be reaching the point where these effects have become hard to deny despite going against mainstream theory which assumes infinite demand and broad distribution of purchasing power via wages.

As to possible solutions, there is a mention in the HBR article of using government planning by creating public works like infrastructure investments to help address the issue. There is no mention in the article of expanding the "basic income" of Social Security currently only received by older people in the U.S., expanding the gift economy as represented by GNU/Linux, or improving local subsistence production using, say, 3D printing and gardening robots like Dewey of "Silent Running." So, it seems like the mainstream economics profession is starting to accept the emerging reality of this increasingly urgent issue, but is still struggling to think outside an exchange-oriented box for socioeconomic solutions. A few years ago, I collected dozens of possible good and bad solutions related to this issue. Like Davidow and Malone, I'd agree that the particular mix we end up will be a reflection of our culture. Personally, I feel that if we are heading for a technological "singularity" of some sort, we would be better off improving various aspects of our society first, since our trajectory going out of any singularity may have a lot to do with our trajectory going into it.
Java

Kawa 2.0 Supports Scheme R7RS 62

Posted by timothy
from the multi-lingual dept.
First time accepted submitter Per Bothner (19354) writes "Kawa is a general-purpose Scheme-based programming language that runs on the Java platform. It combines the strengths of dynamic scripting languages (less boiler-plate, fast and easy start-up, a REPL, no required compilation step) with the strengths of traditional compiled languages (fast execution, static error detection, modularity, zero-overhead Java platform integration).

Version 2.0 was just released with many new features. Most notably is (almost) complete support for the latest Scheme specification, R7RS, which was ratified in late 2013. This LWN article contains a brief introduction to Kawa and why it is worth a look."
Linux Business

Crowdfunded Linux Voice Magazine Releases First Issue CC-BY-SA 62

Posted by timothy
from the different-models-can-all-work dept.
M-Saunders (706738) writes Linux Voice, the crowdfunded GNU/Linux magazine that Slashdot has covered previously, had two goals at its launch: to give 50% of its profits back to the community after one year, and release each issue's contents under the Creative Commons after nine months. Well, it's been nine months since issue 1, so the whole thing is now online and free to share. Readers and supporters have also made audio versions of articles, for listening to on the commute to work.
Open Source

Groupon Backs Down On Gnome 114

Posted by Soulskill
from the a-little-internet-outrage-is-all-it-takes dept.
Rambo Tribble writes: Groupon has announced it will abandon the 'Gnome' name for their product, ending the recent naming controversy that had the open source community up in arms. They said, "After additional conversations with the open source community and the Gnome Foundation, we have decided to abandon our pending trademark applications for 'Gnome.' We will choose a new name for our product going forward." The GNOME Foundation has thanked everyone who helped.

My question... does this represent Gnu thinking on the part of Groupon?
Software

Pitivi Video Editor Surpasses 50% Crowdfunding Goal, Releases Version 0.94 67

Posted by samzenpus
from the brand-new dept.
kxra writes With the latest developments, Pitivi is proving to truly be a promising libre video editor for GNU distributions as well as a serious contender for bringing libre video production up to par with its proprietary counterparts. Since launching a beautifully well-organized crowdfunding campaign (as covered here previously), the team has raised over half of their 35,000 € goal to pay for full-time development and has entered "beta" status for version 1.0. They've released two versions, 0.94 (release notes) being the most recent, which have brought full MPEG-TS/AVCHD support, porting to Python 3, lots of UX improvements, and—of course—lots and lots of bug fixes. The next release (0.95) will run on top of Non Linear Engine, a refined and incredibly more robust backend Pitivi developers have produced to replace GNonLin and bring Pitivi closer to the rock-solid stability needed for the final 1.0 release.
GNOME

Trisquel 7 Released 39

Posted by Soulskill
from the lucky-seven dept.
An anonymous reader writes: Trisquel 7.0 Belenos has been released. Trisquel is a "free as in freedom" GNU/Linux distribution endorsed by the FSF. This latest release includes Linux-libre 3.13, GNOME 3.12, Abrowser 33 (based on Firefox), the Electrum Bitcoin client and many more new features and upgrades. Trisquel 7.0 will be supported until 2019.

Interested users can check out the screenshots and download the latest release. The project also accepts donations.
Programming

Tao3D: a New Open-Source Programming Language For Real-Time 3D Animations 158

Posted by timothy
from the not-quite-minecraft dept.
descubes (35093) writes "Tao3D is a new open-source programming language designed for real-time 3D animations. With it, you can quickly create interactive, data-rich presentations, small applications, proofs of concept, user interface prototypes, and more. The interactivity of the language, combined with its simplicity and graphical aspects, make it ideal to teach programming.

Tao3D also demonstrates a lot of innovation in programming language design. It makes it very easy to create new control structures. Defining if-then-else is literally a couple of lines of code. The syntax to pass pass blocks of code to functions is completely transparent. And it is fully reactive, meaning that it automatically reacts as necessary to external events such as mouse movements or the passage of time.

The source code was just made available under the GNU General Public License v3 on SourceForge [as linked above], GitHub and Gitorious."
Open Source

Slashdot Asks: Appropriate Place For Free / Open Source Software Artifacts? 46

Posted by timothy
from the you-haul dept.
A friend of mine who buys and sells used books, movies, etc. recently purchased a box full of software on CD, including quite a few old Linux distributions, and asked me if I'd like them. The truth is, I would like them, but I've already collected over the last two decades more than I should in the way of Linux distributions, on at least four kinds of media (starting with floppies made from a CD that accompanied a fat book on how to install some distribution or other -- very useful in the days of dialup). I've got some boxes (Debian Potato, and a few versions of Red Hat and Mandrake Linux), and an assortment of marketing knickknacks, T-shirts, posters, and books. I like these physical artifacts, and they're not dominating my life, but I'd prefer to actually give many of them to someplace where they'll be curated. (Or, if they should be tossed, tossed intelligently.) Can anyone point to a public collection of some kind that gathers physical objects associated with Free software and Open Source, and makes them available for others to examine? (I plan to give some hardware, like a pair of OLPC XO laptops, to the same Goodwill computer museum highlighted in this video, but they probably don't want an IBM-branded radio in the shape of a penguin.)
Operating Systems

Italian Supreme Court Bans the 'Microsoft Tax' 353

Posted by Soulskill
from the making-hardware-a-bit-cheaper dept.
An anonymous reader writes: In a post at the Free Software Foundation, lawyer Marco Ciurcina reports that the Italian Supreme Court has ruled the practice of forcing users to pay for a Windows license when they buy a new PC is illegal. Manufacturers in Italy are now legally obligated to refund that money if a buyer wants to put GNU/Linux or another free OS on the computer. Ciurcina says, "The focus of the Court's reasoning is that the sale of a PC with software preinstalled is not like the sale of a car with its components (the 4 wheels, the engine, etc.) that therefore are sold jointly. Buying a computer with preinstalled software, the user is required to conclude two different contracts: the first, when he buys the computer; the second, when he turns on the computer for the first time and he is required to accept or not the license terms of the preinstalled software. Therefore, if the user does not accept the software license, he has the right to keep the computer and install free software without having to pay the 'Microsoft tax.'"
Encryption

Security Company Tries To Hide Flaws By Threatening Infringement Suit 124

Posted by Soulskill
from the because-that-always-ends-well dept.
An anonymous reader writes: An RFID-based access control system called IClass is used across the globe to provide physical access controls. This system relies on cryptography to secure communications between a tag and a reader. Since 2010, several academic papers have been released which expose the cryptographic insecurity of the IClass system. Based on these papers, Martin Holst Swende implemented the IClass ciphers in a software library, which he released under the GNU General Public License.

The library is useful to experiment with and determine the security level of an access control system (that you own or have explicit consent to study). However, last Friday, Swende received an email from INSIDE Secure, which notified him of (potential) intellectual property infringement, warning him off distributing the library under threat of "infringement action." Interestingly, it seems this is not the first time HID Global has exerted legal pressure to suppress information.
Software

GNU Emacs 24.4 Released Today 156

Posted by timothy
from the please-have-more-than-8-megs-of-RAM dept.
New submitter Shade writes Well over one and a half years in the works, the latest and greatest release of GNU Emacs was made officially available today. Highlights of this release include a built-in web browser, improved multi-monitor and fullscreen support, "electric" indentation enabled by default, support for saving and restoring the state of frames and windows, pixel-based resizing for frames and windows, support for digitally signed ELisp packages, support for menus in text terminals, and much more. Read the official announcement and the full list of changes for more information.
Software

Apple Releases CUPS 2.0 178

Posted by Soulskill
from the onward-and-upward dept.
kthreadd writes: 15 years after the release of CUPS 1.0, Apple has now released version 2.0 of the printing system for GNU/Linux and other Unix-style operating systems. One of the major new features in 2.0 is that the test program for ippserver now passes the IPP Everywhere self-certification tests. Also, they've made an interesting blog post looking at the past and future of printing. Since the first major release in 1999, printing has become much more personal. Printer drivers are going away, and mobile usage is now the norm."
Programming

Fighting the Culture of 'Worse Is Better' 240

Posted by Soulskill
from the fighting-for-reasoned-debate dept.
An anonymous reader writes: Developer Paul Chiusano thinks much of programming culture has been infected by a "worse is better" mindset, where trade-offs to preserve compatibility and interoperability cripple the functionality of vital languages and architectures. He says, "[W]e do not merely calculate in earnest to what extent tradeoffs are necessary or desirable, keeping in mind our goals and values -- there is a culture around making such compromises that actively discourages people from even considering more radical, principled approaches." Chiusano takes C++ as an example, explaining how Stroustrup's insistence that it retain full compatibility with C has led to decades of problems and hacks.

He says this isn't necessarily the wrong approach, but the culture of software development prevents us from having a reasoned discussion about it. "Developing software is a form of investment management. When a company or an individual develops a new feature, inserts a hack, hires too quickly without sufficient onboarding or training, or works on better infrastructure for software development (including new languages, tools, and the like), these are investments or the taking on of debt. ... The outcome of everyone solving their own narrow short-term problems and never really revisiting the solutions is the sea of accidental complexity we now operate in, and which we all recognize is a problem."
Open Source

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In" 993

Posted by samzenpus
from the let-the-flamewar-begin dept.
An anonymous reader writes "Free software programmer Lennart Poettering has been part of his fair share of controversy in the open source community, and his latest essay may raise the most eyebrows yet. Poettering takes on the idea that the community is one big happy family and has some harsh words for the loudest and most obnoxious members. He says in part: "I don't usually talk about this too much, and hence I figure that people are really not aware of this, but yes, the Open Source community is full of a#@&oles, and I probably more than most others am one of their most favourite targets. I get hate mail for hacking on Open Source. People have started multiple 'petitions' on petition web sites, asking me to stop working (google for it). Recently, people started collecting Bitcoins to hire a hitman for me (this really happened!). Just the other day, some idiot posted a 'song' on youtube, a creepy work, filled with expletives about me and suggestions of violence. People post websites about boycotting my projects, containing pretty personal attacks. On IRC, people /msg me sometimes, with nasty messages, and references to artwork in 4chan style. And there's more. A lot more."