Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Software

Indian State Saves $45 Million As Schools Switch To Open Source Software (factordaily.com) 56

From a report: The Kerala government has made a saving of Rs 300 crore ($45 million) through introduction and adoption of Free & Open Source Software (FOSS) in the school education sector, said a state government official on Sunday. IT became a compulsory subject in Kerala schools from 2003, but it was only in 2005 that FOSS was introduced in a phased manner and started to replace proprietary software. The decision made by the curriculum committee to implement it in the higher secondary sector has also been completed now. "It's not the cost saving that matters more, but the fact that the Free Software license enables not only teachers and students but also the general public an opportunity to copy, distribute and share the contents and use it as they wish," K. Anwar Sadath, executive director IT@School said.
Hardware Hacking

Open Source Car-Hacking Tool Successfully Crowdfunded (kickstarter.com) 52

An anonymous reader writes: Two geeks are crowdfunding an open source car hacking tool that will allow builders to experiment with diagnostics, telematics, security, and prototyping. "Cars have become complicated and expensive to work with," they explain on a Kickstarter page. "Macchina wants to use open source hardware to help break down these barriers and get people tinkering with their cars again." After years developing a beta prototype, they announced a tiny plug-and-play device/development platform (that can also be hardwired under the hood) on an Arduino Due board with a 32-bit ARM microcontroller. They almost immediately reached their $25,000 funding goal, and with 24 days left to go they've already raised $41,672, and they're now also selling t-shirts to benefit the EFF's "Right to Repair" activism.

Challenging "the closed, unpublished nature of modern-day car computers," their M2 device ships with protocols and libraries "to work with any car that isn't older than Google." With catchy slogans like "root your ride" and "the future is open," they're hoping to build a car-hacking developer community, and they're already touting the involvement of Craig Smith, the author of the Car Hacker's Handbook from No Starch Press.

"The one thing that all car hobbyists can agree on is that playing with cars isn't cheap," argues the campaign page. "Open source hardware is the answer!"
The Military

The US Department Of Defense Announces An Open Source Code Repository (defense.gov) 43

"The Pentagon is the latest government entity to join the open-source movement," writes NextGov. An anonymous reader quotes their report: The Defense Department this week launched Code.mil, a public site that will eventually showcase unclassified code written by federal employees. Citizens will be able to use that code for personal and public projects... The Defense Department's Digital Service team, whose members are recruited for short-term stints from companies including Google and Netflix, will be the first to host its code on the site once the agreement is finalized... "This is a direct avenue for the department to tap into a worldwide community of developers to collectively speed up and strengthen the software development process," a DOD post announcing the initiative said. The Pentagon also aims to find software developers and "make connections in support of DOD programs that ultimately service our national security."
Interestingly, there's no copyright protections on code written by federal employees, according to U.S. (and some international) laws, according to the site. "This can make it hard to attach an open source license to our code, and our team here at Defense Digital Service wants to find a solution. You can submit a public comment by opening a GitHub issue on this repository before we finalize the agreement at the end of March."
Open Source

GitHub Invites Contributions To 'Open Source Guides' (infoq.com) 54

An anonymous reader quotes InfoQ: GitHub has recently launched its Open Source Guides, a collection of resources addressing the most common scenarios and best practices for both contributors and maintainers of open source projects. The guides themselves are open source and GitHub is actively inviting developers to participate and share their stories... "Open source is complicated, especially for newcomers. Experienced contributors have learned many lessons about the best way to use, contribute to, and produce open source software. Everyone shouldn't have to learn those lessons the hard way."

Making a successful first contribution is not the exclusive focus of the guides, though, which also strives to make it easier to find users for a project, starting a new project, and building healthy open source communities. Other topics the guides dwell on are best practices, getting financial support, metrics, and legal matters.

GitHub's Head of Open Source says the guides create "the equivalent of a water cooler for the community."
Open Source

Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) 190

Google's researchers specifically cited Git when they announced a new SHA-1 attack vector, according to ZDNet. "The researchers highlight that Linus Torvald's code version-control system Git 'strongly relies on SHA-1' for checking the integrity of file objects and commits. It is essentially possible to create two Git repositories with the same head commit hash and different contents, say, a benign source code and a backdoored one,' they note." Saturday morning, Linus responded: First off - the sky isn't falling. There's a big difference between using a cryptographic hash for things like security signing, and using one for generating a "content identifier" for a content-addressable system like git. Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation. And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories...

The reason for using a cryptographic hash in a project like git is because it pretty much guarantees that there is no accidental clashes, and it's also a really really good error detection thing. Think of it like "parity on steroids": it's not able to correct for errors, but it's really really good at detecting corrupt data... if you use git for source control like in the kernel, the stuff you really care about is source code, which is very much a transparent medium. If somebody inserts random odd generated crud in the middle of your source code, you will absolutely notice... It's not silently switching your data under from you... And finally, the "yes, git will eventually transition away from SHA1". There's a plan, it doesn't look all that nasty, and you don't even have to convert your repository. There's a lot of details to this, and it will take time, but because of the issues above, it's not like this is a critical "it has to happen now thing".

In addition, ZDNet reports, "Torvalds said on a mailing list yesterday that he's not concerned since 'Git doesn't actually just hash the data, it does prepend a type/length field to it', making it harder to attack than a PDF... Do we want to migrate to another hash? Yes. Is it game over for SHA-1 like people want to say? Probably not."
Google

Google Releases Open Source File Sharing Project 'Upspin' On GitHub (betanews.com) 58

BrianFagioli quotes a report from BetaNews: Today, Google unveiled yet another way to share files. Called "Upspin," the open source project aims to make sharing easier for home users. With that said, the project does not seem particularly easy to set up or maintain. For example, it uses Unix-like directories and email addresses for permissions. While it may make sense to Google engineers, I am dubious that it will ever be widely used. "Upspin looks a bit like a global file system, but its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world. Upspin is not an "app" or a web service, but rather a suite of software components, intended to run in the network and on devices connected to it, that together provide a secure, modern information storage and sharing network," says Google. The search giant adds: "Upsin is a layer of infrastructure that other software and services can build on to facilitate secure access and sharing. This is an open source contribution, not a Google product. We have not yet integrated with the Key Transparency server, though we expect to eventually, and for now use a similar technique of securely publishing all key updates. File storage is inherently an archival medium without forward secrecy; loss of the user's encryption keys implies loss of content, though we do provide for key rotation."
Open Source

New Free O'Reilly Ebook: 'Open Source In Brazil' (oreilly.com) 54

An anonymous reader writes: Andy Oram, who's been an editor at O'Reilly since 1992, has written a new free report about how open source software is everywhere in Brazil. The country's IT industry is booming in Brazil -- still Latin America's most vibrant economy -- with open source software popular in both startups and in cloud infrastructure. Oram attributes this partly to the government's support of open source software, which over the last 15 years has built public awareness about its power and potential. And says the Brazil now has a thriving open source community, and several free software movements. Even small towns have hacker spaces for collaboration and training, and the country has several free software movements.
Robotics

New Kit Turns A Raspberry Pi Into A Robot Arm (raspberrypi.org) 36

An anonymous reader writes: A new kit turns your Raspberry Pi into a robotic arm. It's controlled by an on-board joystick, or even a web browser, and "because it's connected to the Pi you can program it through any of the various programming languages that already run on the Pi," according to its creators. "There's also free software available which lets you program it through a web interface using drag and drop programming environments like Scratch and Blockly or with Python and Javascript for the more experienced."

They explain in a video on Kickstarter that "Our mission is to get children excited about technology through building and programming their own robots," and they've already raised three times their original $12,411 fundraising goal. The Raspberry Pi blog describes it as "a great kit for anyone wanting to step into the world of digital making."

Long-time Slashdot reader bjpirt adds that "It's completely open source and hackable."
Classic Games (Games)

MAME Celebrates Its 20th Anniversary (mame.net) 47

After years of work, a fan has finally completed a MAME version of Atari's unreleased game Primal Rage II this week, one more example of the emulator preserving digital history. Long-time Slashdot reader AmiMoJo quotes MAME.net: Way back in 1997, Nicola Salmoria merged a few stand-alone arcade machine emulators into the first Multiple Arcade Machine Emulator. Could he have possibly imagined the significance of what he'd built? Over the past two decades, MAME has brought together over a thousand contributors to build a system that emulates more machines than any other program.

But MAME is more than that: MAME represents the idea that our digital heritage is important and should be preserved for future generations. MAME strives to accurately represent original systems, allowing unmodified software to run as intended. Today, MAME documents over thirty thousand systems, and usably emulates over ten thousand. MAME meets the definitions of Open Source and Free Software, and works with Windows, macOS, Linux and BSD running on any CPU from x86-64 to ARM to IBM zSeries.

A 20th-anniversary blog post thanked MAME's 1,600 contributors -- more than triple the number after its 10th anniversary -- and also thanks MAME's uncredited contributors. "if you've filed a bug report, distributed binaries, run a community site, or just put in a good word for MAME, we appreciate it." I've seen MAME resurrect everything from a rare East German arcade game to a Sonic the Hedgehog popcorn machine. Anybody else have a favorite MAME experience to share?
Open Source

MariaDB Fixes Business Source License, Releases MaxScale 2.1 (perens.com) 17

Creator of The Open Source Definition and longtime Slashdot reader Bruce Perens writes: MariaDB is releasing MaxScale 2.1, a new version of their database routing proxy, and has modified its timed-transition-to-Open-Source "Business Source License" to make it more acceptable to the Open Source community and more easily usable by other companies. I've blogged the issues I had with the license and how MariaDB has fixed them, and Kaj Arno has blogged the MariaDB side of the story. Here's an excerpt from Perens' blog post: "The BSL is a parameterized license. The licensor chooses the license which is transitioned to, the date of the transition, and the limitation. The problem with this is that it was so parameterized that if you told someone the license was 'BSL 1.0,' they would not have any idea what license they really had. It might transition to any of 100 Open Source licenses, or to a non-Open-Source license. The transition might happen in a month, or next century. The limitation might be that you could only have three commercial servers, or that you indentured your firstborn son (OK, that's going overboard, but you get the picture)." He continues, "So, I didn't like that 'BSL' didn't really say what the license did, and I didn't feel that was the best thing for the users or the community. I asked MariaDB to fix it. Together we have arrived at constraints on the parameters and minimum privileges that will take the new BSL much closer to being one license while still allowing licensors some latitude to choose parameters."
Open Source

LinuxQuestions Users Choose Their Favorite Distro: Slackware (zdnet.com) 145

ZDNet summarizes some of the surprises in this year's poll on LinuxQuestions, "one of the largest Linux groups with 550,000 member". An anonymous reader quotes their report: The winner for the most popular desktop distribution? Slackware...! Yes, one of the oldest of Linux distributions won with just over 16% of the vote. If that sounds a little odd, it is. On DistroWatch, a site that covers Linux distributions like paint, the top Linux desktop distros are Mint, Debian, Ubuntu, openSUSE, and Manjaro. Slackware comes in 28th place... With more than double the votes for any category, it appears there was vote-stuffing by Slackware fans... The mobile operating system race was a runaway for Android, with over 68% of the vote. Second place went to CyanogenMod, an Android clone, which recently went out of business...

Linux users love to debate about desktop environments. KDE Plasma Desktop took first by a hair's breadth over the popular lightweight Xfce desktop. Other well-regarded desktop environments, such as Cinnamon and MATE, got surprisingly few votes. The once popular GNOME still hasn't recovered from the blowback from its disliked design change from GNOME 2 to GNOME 3.

Firefox may struggle as a web browser in the larger world, but on Linux it's still popular. Firefox took first place with 51.7 percent of the vote. Chrome came in a distant second place, with the rest of the vote being divided between a multitude of obscure browsers.

LibreOffice won a whopping 89.6% of the vote for "best office suite" -- and Vim beat Emacs.
Security

Trend Micro's Own Cybersecurity Blog Gets Hacked (silicon.co.uk) 17

Mickeycaskill quotes Silicon: Just to illustrate that you can never be too careful, cybersecurity specialist Trend Micro has confirmed that one of the blogs it uses to communicate with customers was itself the victim of a content spoofing attack. The culprits exploited a vulnerability in WordPress to inject fake content onto the blog before it was removed by Trend Micro and the bug fixed... "Unfortunately there are many different URLs attackers can use to carry out the same attack, so a couple of fake 'articles' ended up posted on CounterMeasures," head of security research Rik Ferguson told Silicon. "We have responded and shut down the vulnerability completely to resolve the issue."
The chairman of Trend Micro claimed in 2011 that open source software was inherently less secure than closed source -- but instead of blaming Wordpress, Ferguson "said it goes to show how breaches are an unfortunate fact of life and that companies should be judged on how they respond... 'Of course technology and best practice can mitigate the vast majority of intrusion attempts, but when one is successful, even one as low-level as this, you are more defined by how you respond than you are by the fact that it happened.'"
Education

Pioneering Data Genius Hans Rosling Passes Away At Age 68 (bbc.com) 53

An anonymous reader writes: On Tuesday, Sweden's prime minister tweeted that Hans Rosling "made human progress across our world come alive for millions," and the public educator will probably best be remembered as the man who could condense 200 years of global history into four minutes. He was a geek's geek, a former professor of global health who "dropped out" because he wanted to help start a nonprofit about data. Specifically, it urged data-based decisions for global development policy, and the Gapminder foundation created the massive Trendalyzer tool which let users build their own data visualizations. Eventually they handed off the tool to Google who used it with open-source scientific datasets. The BBC describes Rosling as a "public educator" with a belief that facts "could correct 'global ignorance' about the reality of the world, which 'has never been less bad.'" Rosling's TED talks include "The Best Data You've Never Seen" and "How Not To Be Ignorant About The World," and in 2015 he also gave a talk titled "How to Beat Ebola." Hans Rosling died Tuesday at age 68.
Hardware Hacking

Reporter Pans Open Source Laptop Kit TERES-I (theverge.com) 133

The Verge's Paul Miller has some harsh words for the $242 open source DIY laptop kit TERES-I from Olimex. Instead of buying one hyper-integrated board that has all of the laptop's brains and I/O on it, you buy several little boards and wire them together. Then you put them inside a mostly finished case built by Olimex -- although if you want to go ultra DIY you can 3D print your own case, too. Everything, from the shell's CAD design to the motherboard's wiring, is available on GitHub for perusal or modification, and the modular nature of the internals means you can add a more powerful chipset or modify just about anything you find unsatisfying about the computer if you have the know-how or if Olimex or others offer compatible parts.

But, unfortunately, almost everything about this laptop is unsatisfying right now. It runs a quad-core ARM64 chip, though x86 and MIPS chips might be offered later on. It has a tiny 11.6-inch screen, a huge bezel, a tiny trackpad, a cramped-looking keyboard, and a whole lot of plastic. The OS (Linux, naturally) runs off a microSD card. At least the LCD comes in a 1080p variant, because the default 1366 x 768 resolution is a real throwback. There's even 802.11n Wi-Fi, which has me questioning what decade it is.

But are there any better alternatives? In the comments share your own thoughts about open source laptop kits.
Firefox

Mozilla Binds Firefox's Fate To The Rust Language (infoworld.com) 236

An anonymous reader quotes InfoWorld: After version 53, Firefox will require Rust to compile successfully, due to the presence of Firefox components built with the language. But this decision may restrict the number of platforms that Firefox can be ported to -- for now... Rust depends on LLVM, which has dependencies of its own -- and all of them would need to be supported on the target platform. A discussion on the Bugzilla tracker for Firefox raises many of these points...

What about proper support for Linux distributions with long-term support, where the tools available on the distro are often frozen, and where newer Rust features might not be available? What about support for Firefox on "non-tier-1" platforms, which make up a smaller share of Firefox users? Mozilla's stance is that in the long run, the pain of transition will be worth it. "The advantage of using Rust is too great," according to maintainer Ted Mielczarek. "We normally don't go out of our way to make life harder for people maintaining Firefox ports, but in this case we can't let lesser-used platforms restrict us from using Rust in Firefox."

InfoWorld points out most Firefox users won't be affected, adding that those who are should "marshal efforts to build out whatever platforms need Rust support." Since most users just want Mozilla to deliver a fast and feature-competitive browser, the article concludes that "The pressure's on not only to move to Rust, but to prove the move was worth it."
Operating Systems

OPNsense 17.1 Released, Based On FreeBSD 11 (phoronix.com) 39

An anonymous reader quotes Phoronix: OPNsense 17.1 is now available as the newest release of this network-focused FreeBSD-based operating system forked from pfSense. It's now been two years since the first official release of OPNsense and to celebrate they have out a big update. OPNsense 17.1 re-bases to using FreeBSD 11.0, there's now a SSH remote installer, new language support, more hardening features used from HardenedBSD, new plugins, integrated authentication via PAM, and many other improvements. Some of the new plug-ins include FTP Proxy, Tinc VPN, and Let's Encrypt support.
This version has been named "Eclectic Eagle".
Microsoft

LibreOffice 5.3 Released, Touted As 'One of the Most Feature-Rich Releases' Ever (omgubuntu.co.uk) 224

An anonymous reader shares a report: A new month, and a brand new version of open-source office suite LibreOffice is now available to download. And what a release it is. LibreOffice 5.3 introduces a number of key new features and continues work on improving the look and feel of the app across all major platforms. The Document Foundation describes LibreOffice 5.3 as "one of the most feature-rich releases in the history of the application." One of the headline features is called MUFFIN interface, a new toolbar design similar to the Microsoft Office Ribbon UI.
Chrome

Google Open-Sources Chrome For iOS (venturebeat.com) 39

Google has uploaded its Chrome for iOS code into the open-source Chromium repository. In other words, Chrome for iOS has now been open-sourced like Chrome for other platforms, letting anyone examine, modify, and compile the project. From a report: Chromium is the open-source Web browser project that shares much of the same code as Google Chrome, and new features are often added there first. Google intended for Chromium to be the name of the open-source project, while the final product name would be Chrome, but developers have taken the code and released versions under the Chromium name. Eventually, many browser makers started using it as a starting point; Opera, for example, switched its browser base to Chromium in 2013. Since its inception, Chromium was a desktop-only affair. That changed in May 2015 with the open-sourcing of Chrome for Android.
AI

Who's Responsible For Accidents Caused By Open Source Self-Driving Car Software? (ieee.org) 114

Here's the problem. "You could download Comma.ai's new open-source Python code from Github, grab the necessary hardware, and follow the company's instructions to add semi-autonomous capabilities to specific Acura and Honda model cars (with more vehicles to follow)," writes IEEE Spectrum. But then who's legally responsible if there's an accident? Long-time Slashdot reader Registered Coward v2 writes: While many legal experts agree OSS is "buyer beware" and that Comma.ai and its CEO Georg Hotz would not be liable, it's a gray area in the law. The software is release under the MIT OSS license and the Read Me contains the disclaimer "This is alpha-quality software for research purposes only... You are responsible for complying with local laws and regulatons." The U.S. Supreme Court, in a series of court cases in the 1990s, ruled open source code as free speech protected under the First Amendment of the U.S. Constitution.

The question is does that release the author(s) from liability. The EU has no EU wide rules on liability in such cases. One open question is even if the person who used the software could not sue, a third party injured by it might be able to since they are not a party to the license agreement.

An EFF attorney told HotHardware "Prosecutors and plaintiffs often urge courts to disregard traditional First Amendment protections in the case of software." But not everyone agrees. "Most legal experts that spoke with IEEE Spectrum -- and Hotz himself -- believe that if you use the company's code and something goes wrong, then it isn't liable for damages. You are."
Android

Do Android Users Still Use Custom Roms? (androidauthority.com) 215

"With all of the drama at CyanogenMod, Android Authority takes a look at the current state of custom ROM development," writes Slashdot reader Thelasko. From the article: The future of CyanogenMod appears uncertain, after the open source ROM was forced to fork under the name Lineage OS. Fortunately there are already other remixed versions of Android available, with some of the most popular being Paranoid Android, Resurrection Remix, and Dirty Unicorns... [But] with each new version of Android, the gap between Android and popular custom ROMs has shrunk, which begs an interesting question: Are custom ROMs even necessary anymore? To answer this, let's take a quick look at the state of custom ROM development as it exists today.
The article points out that mobile virtual reality is "on the verge of becoming mainstream and the wearable market has grown tremendously," asking whether custom firmware will also integrate these newer technologies. But the original submission also asks a question that's closer to home. What custom ROMs do Slashdot users have installed?

Slashdot Top Deals