Not too long after Linus Torvalds wrote his own Unix kernel, which he called Linux, in the summer of 1991, a magazine was founded by enthusiasts to focus on the operating system. For nearly three decades Linux Journal has been an authority magazine on all things Linux, but it is now shuttering doors, it said late Wednesday. The announcement comes about two years after the periodical said it would cease to exist, but it was able to find some backing -- from Privacy Internet Access group -- to resume operations later on.

The team said on Wednesday that all staff members had been laid off and the company was left with no operating funds to continue in any capacity. It remains committed to keeping the website afloat for another few weeks.

In honor of FreeDOS's 25th birthday, project founder and coordinator Jim Hall agreed to answer the 10 best questions submitted by Slashdot readers. You asked and he answered! Read on for Jim's interview.

Tekla Perry writes: When WYSIWIG pioneer Charles Simonyi went to space, he couldn't but help notice the awkward user interface on the rocket's control panel. It was a case of legacy systems, not wanting to change training and documentation, and an emulator that ran Unix on a 386 chip, he reported during a recent discussion on space software held at the Computer History Museum. "They liked the older chips because of radiation resistance and the feature set," he pointed out, noting how operation of the virtual interface was trickier than it seemed. "There are rows and columns," he said, "and you move the cursor over the button and use another button to push the virtual button."

"On the right side," he said, "there are these windows that are numbers you type in by pushing virtual buttons below them. You use the cursor keys to go to the virtual buttons then push an entry button that is virtual." He added: "You can see that even as the technology changes, they want to keep as many things the same as possible."

Chris Siebenmann is a Unix sys-admin for the CS department at the University of Toronto. He recently saw a tweet asking about the possibility of community-implemented generics for the Go programming language, and posted a widely-read response on his blog.

"There are many answers for why this won't happen, but one that does not usually get said out loud is that Go is Google's language, not the community's." Yes, there's a community that contributes things to Go, some of them important and valued things; you only have to look at the diversity of people in CONTRIBUTORS or see the variety of people appearing in the commits. But Google is the gatekeeper for these community contributions; it alone decides what is and isn't accepted into Go. To the extent that there even is a community process for deciding what is accepted, there is an 800-pound gorilla in the room. Nothing is going to go into Go that Google objects to, and if Google decides that something needs to be in Go, it will happen.

(The most clear and obvious illustration of this is what happened with Go modules, where one member of Google's Go core team discarded the entire system the outside Go community had been working on in favour of a relatively radically different model. See eg for one version of this history.)

Or in short, Go has community contributions but it is not a community project. It is Google's project. This is an unarguable thing, whether you consider it to be good or bad, and it has effects that we need to accept. For example, if you want some significant thing to be accepted into Go, working to build consensus in the community is far less important than persuading the Go core team. (As a corollary, sinking a lot of time and effort into a community effort that doesn't have enthusiastic buy-in from the Go core team is probably a waste of time....) On the good and bad scale, there is a common feeling that Go has done well by having a small core team with good taste and a consistent vision for the language, a team that is not swayed by outside voices and is slow moving and biased to not making changes.
The essay also concedes that "I like Go and have for a fair while now, and I'm basically okay with how the language has been evolving and how the Go core team has managed it. I certainly think it's a good idea to take things like generics slowly.

"But at the same time, how things developed around Go modules has left a bad taste in my mouth and I now can't imagine becoming a Go contributor myself, even for small trivial changes."

UPDATE (1/29/2024) In a 2023 talk, Rob Pike -- one of Go's original creators -- addressed the question head-on. "People often assume Google tells the Go team what to do. That's simply not true.

"Google is incredibly generous in its support for Go, but does not set the agenda. The community has far more input. Google has a huge internal Go code base that the team uses to test and verify releases, but this is done by importing from the public repo into Google, not the other way around. In short, the core Go team is paid by Google but they are independent."

"2019 is truly, finally shaping up to be the year of Linux on the desktop," writes PC World's senior editor, adding "Laptops, too!" But most people won't know it. That's because the bones of the open-source operating system kernel will soon be baked into Windows 10 and Chrome OS, as Microsoft and Google revealed at their respective developer conferences this week... Between lurking in Windows 10 and Chrome OS, and the tiny portion of actual Linux distro installs, pretty much any PC you pick up will run a Linux kernel and Linux software. Macs won't, but it's based on a Unix-like BSD system that already runs many Linux apps with relative ease (hence Apple's popularity with developers).

You have to wonder where that leaves proper Linux distributions like Ubuntu and Linux Mint, though. They already suffer from a minuscule user share, and developers may shift toward Windows and Chrome if the Linux kernels in those operating systems get the same job done. Could this fruit wind up poisonous over the long term? We'll have to see. That said, Linux is healthier than ever. The major distros are far more polished than they used to be, with far fewer hardware woes than installs of yesteryear. You can even get your game on relatively well thanks to Valve's Proton technology, which gets many (but not all) Steam games working on Linux systems. And hey, Linux is free.

Normal users may never be aware of it, but 2019 may finally be the year of Linux on the desktop -- just not Linux operating systems on the desktop.

"Release 8.3 of GDB, the GNU Debugger, is now available," according to an announcement on the info-gnu mailing list:

GDB is a source-level debugger for Ada, C, C++, Go, Rust, and many other languages. GDB can target (i.e., debug programs running on) more than a dozen different processor architectures, and GDB itself can run on most popular GNU/Linux, Unix and Microsoft Windows variants. GDB is free (libre) software. GDB 8.3 includes support for new native configurations (also available as a target configuration) for RISC-V GNU/Linux and RISC-V FreeBSD.

The announcement warns that Native Windows debugging "is only supported on Windows XP or later," and that "the Python API in GDB now requires Python 2.6 or later."

An anonymous reader quotes a report from ZDNet: This week, the Apache Software Foundation has patched a severe vulnerability in the Apache (httpd) web server project that could --under certain circumstances-- allow rogue server scripts to execute code with root privileges and take over the underlying server. The vulnerability, tracked as CVE-2019-0211, affects Apache web server releases for Unix systems only, from 2.4.17 to 2.4.38, and was fixed this week with the release of version 2.4.39. According to the Apache team, less-privileged Apache child processes (such as CGI scripts) can execute malicious code with the privileges of the parent process. Because on most Unix systems Apache httpd runs under the root user, any threat actor who has planted a malicious CGI script on an Apache server can use CVE-2019-0211 to take over the underlying system running the Apache httpd process, and inherently control the entire machine.

"First of all, it is a LOCAL vulnerability, which means you need to have some kind of access to the server," Charles Fol, the security researcher who discovered this vulnerability told ZDNet in an interview yesterday. This means that attackers either have to register accounts with shared hosting providers or compromise existing accounts. Once this happens, the attacker only needs to upload a malicious CGI script through their rented/compromised server's control panel to take control of the hosting provider's server to plant malware or steal data from other customers who have data stored on the same machine. "The web hoster has total access to the server through the 'root' account. If one of the users successfully exploits the vulnerability I reported, he/she will get full access to the server, just like the web hoster," Fol said. "This implies read/write/delete any file/database of the other clients."

Glenn Fleishman, writing for MacWorld: It seems like it was only yesterday that I first used BareBones Software's BBEdit, but in actuality, yesterday is so far away -- 25 years, in fact. With all the twists and turns across more than two decades of Apple as a company, Mac hardware, and the underlying operating system, you might think that BBEdit stands alone as a continuously-developed app shepherded largely or exclusively by the same independent developer -- an app without a giant company behind it. As it turns out, BBEdit is one of several apps that's been around the block more than a few times.

The longevity of indie apps is more extraordinary when you consider the changes Apple put the Mac through from the early 1990s to 2018. Apple switched from Motorola 680x0 processors to PowerPC to Intel chips, from 32-bit to 64-bit code, and among supported coding languages. It revved System 7 to 8 to 9, then to Unix across now 15 major releases (from 10.0 to 10.14). That's a lot for any individual programmer or small company to cope with. Bare Bones's head honcho, Rich Siegel, and the developers behind three other long-running Mac software programs shared with me their insight on development histories for over 25 years, what's changed the most during that time, and any hidden treasures users haven't yet found. You can hear more on BareBones Software's in this recent episode of The Talk Show, a podcast by DaringFireball's John Gruber.

New submitter vivekgite writes: The 12th version of the FreeBSD has been released, bringing support for updated hardware. Some of the highlights include: OpenSSL has been updated to version 1.1.1a (LTS). Unbound has been updated to version 1.8.1, and DANE-TA has been enabled by default. OpenSSH has been updated to version 7.8p1. Additonal capsicum(4) support has been added to sshd(8). Clang, LLVM, LLD, LLDB, compiler-rt and libc++ has been updated to version 6.0.1. The vt(4) Terminus BSD Console font has been updated to version 4.46. The bsdinstall(8) utility now supports UEFI+GELI as an installation option. The VIMAGE kernel configuration option has been enabled by default. The NUMA option has been enabled by default in the amd64 GENERIC and MINIMAL kernel configurations. The netdump(4) driver has been added, providing a facility through which kernel crash dumps can be transmitted to a remote host after a system panic. The vt(4) driver has been updated with performance improvements, drawing text at rates ranging from 2- to 6-times faster.

Various improvements to graphics support for current generation hardware. Support for capsicum(4) has been enabled on armv6 and armv7 by default. The UFS/FFS filesystem has been updated to consolidate TRIM/BIO_DELETE commands, reducing read/write requests due to fewer TRIM messages being sent simultaneously. The NFS version 4.1 server has been updated to include pNFS server support. The pf(4) packet filter is now usable within a jail(8) using vnet(9). The bhyve(8) utility has been updated to add NVMe device emulation. The bhyve(8) utility is now able to be run within a jail(8). Various Lua loader(8) improvements. KDE has been updated to version 5.12.

Chris Siebenmann, a Unix Systems Administrator at University of Toronto, writes about the inability to figure out the bottleneck when an SSD dies: What unnerves me about these sorts of abrupt SSD failures is how inscrutable they are and how I can't construct a story in my head of what went wrong. With spinning HDs, drives might die abruptly but you could at least construct narratives about what could have happened to do that; perhaps the spindle motor drive seized or the drive had some other gross mechanical failure that brought everything to a crashing halt (perhaps literally). SSDs are both solid state and opaque, so I'm left with no story for what went wrong, especially when a drive is young and isn't supposed to have come anywhere near wearing out its flash cells (as this SSD was).

(When a HD died early, you could also imagine undetected manufacturing flaws that finally gave way. With SSDs, at least in theory that shouldn't happen, so early death feels especially alarming. Probably there are potential undetected manufacturing flaws in the flash cells and so on, though.) When I have no story, my thoughts turn to unnerving possibilities, like that the drive was lying to us about how healthy it was in SMART data and that it was actually running through spare flash capacity and then just ran out, or that it had a firmware flaw that we triggered that bricked it in some way.

"2019 just might be the Year of Linux -- the year in which Linux is fully recognized as the powerhouse it has become," writes Network World's "Unix dweeb." The fact is that most people today are using Linux without ever knowing it -- whether on their phones, online when using Google, Facebook, Twitter, GPS devices, and maybe even in their cars, or when using cloud storage for personal or business use. While the presence of Linux on all of these systems may go largely unnoticed by consumers, the role that Linux plays in this market is a sign of how critical it has become. Most IoT and embedded devices -- those small, limited functionality devices that require good security and a small footprint and fill so many niches in our technology-driven lives -- run some variety of Linux, and this isn't likely to change. Instead, we'll just be seeing more devices and a continued reliance on open source to drive them.

According to the Cloud Industry Forum, for the first time, businesses are spending more on cloud than on internal infrastructure. The cloud is taking over the role that data centers used to play, and it's largely Linux that's making the transition so advantageous. Even on Microsoft's Azure, the most popular operating system is Linux. In its first Voice of the Enterprise survey, 451 Research predicted that 60 percent of nearly 1,000 IT leaders surveyed plan to run the majority of their IT off premises by 2019. That equates to a lot of IT efforts relying on Linux. Gartner states that 80 percent of internally developed software is now either cloud-enabled or cloud-native.
The article also cites Linux's use in AI, data lakes, and in the Sierra supercomputer that monitors America's nuclear stockpile, concluding that "In its domination of IoT, cloud technology, supercomputing and AI, Linux is heading into 2019 with a lot of momentum."

And there's even a long list of upcoming Linux conferences...

AmiMoJo writes: Apple's new-generation Macs come with a new so-called Apple T2 security chip that's supposed to provide a secure enclave co-processor responsible for powering a series of security features, including Touch ID. At the same time, this security chip enables the secure boot feature on Apple's computers, and by the looks of things, it's also responsible for a series of new restrictions that Linux users aren't going to like.

The issue seems to be that Apple has included security certificates for its own and Microsoft's operating systems (to allow running Windows via Bootcamp), but not for the certificate that was provided for systems such as Linux. Disabling Secure Boot can overcome this, but also disables access to the machine's internal storage, making installation of Linux impossible.

The systems and database administrator for a Fortune 500 company notes that while NFS is "decades old and predating Linux...the most obvious feature missing from NFSv4 is native, standalone encryption." emil (Slashdot reader #695) summarizes this article from Linux Journal: NFS is the most popular remote file system in the Linux, UNIX, and greater POSIX community. The NFS protocol pushes file traffic over cleartext connections in the default configuration, which is poison to sensitive information.

TLS can wrap this traffic, finally bringing wire security to files vulnerable to compromise in transit. Before using a cloud provider's toolset, review NFS usage and encrypt where necessary.
The article's author complains that Google Cloud "makes no mention of data security in its documented procedures," though "the performance penalty for tunneling NFS over stunnel is surprisingly small...."

"While the crusade against telnet may have been largely won, Linux and the greater UNIX community still have areas of willful blindness. NFS should have been secured long ago, and it is objectionable that a workaround with stunnel is even necessary."

Ostracus shares a report from Computerworld, written by Steven J. Vaughan-Nichols: Microsoft is getting ready to replace Windows 10 with the Microsoft Managed Desktop. This will be a "desktop-as-a-service" (DaaS) offering. Instead of owning Windows, you'll "rent" it by the month. Microsoft Managed Desktop is a new take. It avoids the latency problem of the older Windows DaaS offerings by keeping the bulk of the operating system on your PC. But you'll no longer be in charge of your Windows PC. Instead, it will be automatically provisioned and patched for you by Microsoft. Maybe you'll be OK with that.

Microsoft has been getting away from the old-style desktop model for years now. Just look at Office. Microsoft would much rather have you rent Office via Office 365 than buy Microsoft Office and use it for years. Microsoft Managed Desktop is the first move to replacing "your" desktop with a rented desktop. By 2021, I expect the Managed Desktop to be to traditional Windows what Office 365 is to Office today: the wave of the future. Or maybe tsunami, depending on your perspective. I'm not happy with this development. I'm old enough to remember the PC revolution. We went from depending on mainframes and Unix boxes for computing power to having the real power on our desktops. It was liberating. Now Microsoft, which helped lead that revolution, is trying to return us to that old, centralized control model.

An anonymous reader quotes a report from Ars Technica: Over the last few years, Microsoft has been working to improve the Windows console. Console windows now maximize properly, for example. In the olden days, hitting maximize would make the window taller but not wider. Today, the action will fill the whole screen, just like any other window. Especially motivated by the Windows subsystem for Linux, the console in Windows 10 supports 16 million colors and VT escape sequences, enabling much richer console output than has traditionally been possible on Windows.

Microsoft is working to build a better console for Windows, one that we hope will open the door to the same flexibility and capabilities that Unix users have enjoyed for more than 40 years. The APIs seem to be in the latest Windows 10 Insider builds, though documentation is a little scarce for now. The command-line team is publishing a series of blog posts describing the history of the Windows command-line, and how the operating system's console works. The big reveal of the new API is coming soon, and with this, Windows should finally be able to have reliable, effective tabbed consoles, with emoji support, rich Unicode, and all the other things that the Windows console doesn't do... yet.

Microsoft is giving its Notepad app for Windows a surprising amount of new features. From a report: You'll soon be able to do wrap around find and replace alongside the ability to zoom into text by holding down the ctrl key and using the mouse wheel to zoom in and out. Microsoft is also adding in extended line ending support so that Unix/Linux line endings (LF) and Macintosh line endings (CR) are supported in Notepad. The status bar will now be enabled by default in Notepad, and it includes the ability to display line and column numbers when word-wrap is enabled.

Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails. From a report: The offer, first advertised via Twitter earlier this week, is available as part of the company's latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement. The company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category. The US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000. In another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit.

Beeftopia writes: From ZDNet: "The latest TOP500 Supercomputer list is out. What's not surprising is that Linux runs on every last one of the world's fastest supercomputers. Linux has dominated supercomputing for years. But, Linux only took over supercomputing lock, stock, and barrel in November 2017. That was the first time all of the TOP500 machines were running Linux. Before that IBM AIX, a Unix variant, was hanging on for dear life low on the list."

An interesting architectural note: "GPUs, not CPUs, now power most of supercomputers' speed."

Billly Gates writes: Windows 10 build 1803 has come out this month, but with some problems. AnandTech has a deep-dive with the review examing many new features including the much better support for Linux. WSL (Windows Subsystem for Linux) now has native Curt and Tar from the command prompt as well as a utility to convert Unix to Windows pathnames called WSLpath.exe which is documented here. In addition it was mentioned on Slashdot in the past about OpenSSH being ported natively to Win32 in certain early builds. It now seems the reason was for Linux interoperability with this Spring Update 2. Unix sockets mean you can run Kali Linux on Windows 10 for penetration testing or run an Apache server in the background with full Linux networking support. Deemons now run in the background even with the command prompt closed. [...]

Several readers have shared a blog post: One of the ongoing system administration controversies in Linux is that there is an ongoing effort to obsolete the old, cross-Unix standard network administration and diagnosis commands of ifconfig, netstat and the like and replace them with fresh new Linux specific things like ss and the ip suite. Old sysadmins are generally grumpy about this; they consider it yet another sign of Linux's 'not invented here' attitude that sees Linux breaking from well-established Unix norms to go its own way. Although I'm an old sysadmin myself, I don't have this reaction. Instead, I think that it might be both sensible and honest for Linux to go off in this direction. There are two reasons for this, one ostensible and one subtle.

The ostensible surface issue is that the current code for netstat, ifconfig, and so on operates in an inefficient way. Per various people, netstat et al operate by reading various files in /proc, and doing this is not the most efficient thing in the world (either on the kernel side or on netstat's side). You won't notice this on a small system, but apparently there are real impacts on large ones. Modern commands like ss and ip use Linux's netlink sockets, which are much more efficient. In theory netstat, ifconfig, and company could be rewritten to use netlink too; in practice this doesn't seem to have happened and there may be political issues involving different groups of developers with different opinions on which way to go.

(Netstat and ifconfig are part of net-tools, while ss and ip are part of iproute2.)

However, the deeper issue is the interface that netstat, ifconfig, and company present to users. In practice, these commands are caught between two masters. On the one hand, the information the tools present and the questions they let us ask are deeply intertwined with how the kernel itself does networking, and in general the tools are very much supposed to report the kernel's reality. On the other hand, the users expect netstat, ifconfig and so on to have their traditional interface (in terms of output, command line arguments, and so on); any number of scripts and tools fish things out of ifconfig output, for example. As the Linux kernel has changed how it does networking, this has presented things like ifconfig with a deep conflict; their traditional output is no longer necessarily an accurate representation of reality.