BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
Wine

Ask Slashdot: What Are Your Greatest Successes and Weaknesses With Wine (Software)? 236

wjcofkc writes: As a distraction, I decided to get the video-editing software Filmora up and running on my Ubuntu box. After some tinkering, I was able to get it installed, only to have the first stage vaporize on launch. This got me reflecting on my many hits and misses with Wine (software) over the years. Before ditching private employment, my last job was with a software company. They were pretty open minded when I came marching in with my System76 laptop, and totally cool with me using Linux as my daily driver after quickly getting the Windows version of their software up and running without a hitch. They had me write extensive documentation on the process. It was only two or three paragraphs, but I consider that another Wine win since to that end I scored points at work. Past that, open source filled in the blanks. That was the only time I ever actually needed (arguably) for it to work. Truth be told, I mostly tinker around with it a couple times a year just to see what does and does not run. Wine has been around for quite awhile now, and while it will never be perfect, the project is not without merit. So Slashdot community, what have been your greatest successes and failures with Wine over the years?
Censorship

Hitler Quote Controversy In the BSD Community 473

New submitter Seven Spirals writes: Recently, the FreeBSD folks have removed Fortune with a fairly predictable far right 4chan condemnation. Then last weekend saw a lively debate on NetBSD's current-users mailing list about the inclusion of Hitler quotes in the Fortune database with dozens of posts falling on the left and right. The quotes themselves are fairly tame material probably intended as cautionary. However, the controversy and the reaction of BSD users has been real and very diverse. So far, the result has been to pull Fortune out of FreeBSD and to relocate the quotes into the "offensive" database in NetBSD's case.
China

All 500 of the World's Top 500 Supercomputers Are Running Linux (zdnet.com) 287

Freshly Exhumed shares a report from ZDnet: Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list. Today, it finally happened: All 500 of the world's fastest supercomputers are running Linux. The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the November 2017 TOP500 Supercomputer list. When the first TOP500 supercomputer list was compiled in June 1993, Linux was barely more than a toy. It hadn't even adopted Tux as its mascot yet. It didn't take long for Linux to start its march on supercomputing.

From when it first appeared on the TOP500 in 1998, Linux was on its way to the top. Before Linux took the lead, Unix was supercomputing's top operating system. Since 2003, the TOP500 was on its way to Linux domination. By 2004, Linux had taken the lead for good. This happened for two reasons: First, since most of the world's top supercomputers are research machines built for specialized tasks, each machine is a standalone project with unique characteristics and optimization requirements. To save costs, no one wants to develop a custom operating system for each of these systems. With Linux, however, research teams can easily modify and optimize Linux's open-source code to their one-off designs.
The semiannual TOP500 Supercomputer List was released yesterday. It also shows that China now claims 202 systems within the TOP500, while the United States claims 143 systems.
Google

Google Working To Remove MINIX-Based ME From Intel Platforms (tomshardware.com) 181

An anonymous reader quotes a report from Tom's Hardware: Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world. Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn't much public knowledge of the workings of the ME, especially in its current state. It's not even clear where the hardware is physically located anymore.

What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.

The Courts

Appeals Court Rules: SCO v. IBM Case Can Continue (arstechnica.com) 131

Long-time Slashdot reader Freshly Exhumed quotes Ars Technica: A federal appeals court has now partially ruled in favor of the SCO Group, breathing new life into a lawsuit and a company (now bankrupt and nearly dead) that has been suing IBM for nearly 15 years.

Last year, U.S. District Judge David Nuffer had ruled against SCO (whose original name was Santa Cruz Operation) in two summary judgment orders, and the court refused to allow SCO to amend its initial complaint against IBM. SCO soon appealed. On Monday, the 10th US Circuit Court of Appeals found that SCO's claims of misappropriation could go forward while also upholding Judge Nuffer's other two orders.

Here's Slashdot's first story about the trial more than 14 years ago, and a nice timeline from 2012 of the next nine years of legal drama.
Security

Security Upgraded For NetBSD-amd64 with Kernel ASLR Support (netbsd.org) 49

24 years after its release, NetBSD is getting a security upgrade -- specifically, Address Space Layout Randomization (ASLR). An anonymous reader writes: Support for Kernel ASLR was added on NetBSD-amd64 a few weeks ago. KASLR basically randomizes the address of the kernel, and makes it harder to exploit several classes of vulnerabilities [including privilege escalations and remote code execution]. It is still a work-in-progress, but it's already fully functional, and can be used following the instructions on this post from the NetBSD blog. It will be available starting from NetBSD 9, but may be backported to NetBSD 8 once it is stabilized.
NetBSD says they're the first BSD system to support ASLR.
Open Source

Linux Now Has its First Open Source RISC-V Processor (designnews.com) 161

"SiFive has declared that 2018 will be the year of RISC V Linux processors," writes Design News. An anonymous reader quotes their report: When it released its first open-source system on a chip, the Freeform Everywhere 310, last year, Silicon Valley startup SiFive was aiming to push the RISC-V architecture to transform the hardware industry in the way that Linux transformed the software industry. Now the company has delivered further on that promise with the release of the U54-MC Coreplex, the first RISC-V-based chip that supports Linux, Unix, and FreeBSD... This latest development has RISC-V enthusiasts particularly excited because now it opens up a whole new world of use cases for the architecture and paves the way for RISC-V processors to compete with ARM cores and similar offerings in the enterprise and consumer space...

"The U54 Coreplexes are great for companies looking to build SoC's around RISC-V," Andrew Waterman co-founder and chief engineer at SiFive, as well as the one of the co-creators of RISC-V, told Design News. "The forthcoming silicon is going to enable much better software development for RISC-V." Waterman said that, while SiFive had developed low-level software such as compilers for RISC-V the company really hopes that the open-source community will be taking a much broader role going forward and really pushing the technology forward. "No matter how big of a role we would want to have we can't make a dent," Waterman said. "But what we can do is make sure the army of engineers out there are empowered."

Perl

New Video Peeks 'Inside the Head' of Perl Creator Larry Wall (infoq.com) 106

"I was trained more as a linguist than a computer scientist," says Perl creator Larry Wall, "and some people would say it shows." An anonymous reader describes Wall's new video interview up on InfoQ: "With a natural language, you learn it as you go," Wall says. "You're not expected to know the whole language at once. It's okay to have dialects... Natural languages evolve over time, and they don't have arbitrary limits. They naturally cover multiple paradigms. There are external influences on style... It has fractal dimensionality to it. Easy things should be easy, hard things should be possible. And, you know, if you get really good at it, you can even speak CompSci."

Wall also touched on the long delay for the release of Perl 6. "In the year 2000, we said 'Maybe it's time to break backward compatibility, just once. Maybe we can afford to do that, get off the worse-is-worse cycle, crank the thing once for a worse-is-better cycle." The development team received a whopping 361 suggestions -- and was also influenced by Paul Graham's essay on the 100-year language. "We put a lot of these ideas together and thought really hard, and came up with a whole bunch of principles in the last 15 years." Among the pithy principles: "Give the user enough rope to shoot themselves in the foot, but hide the rope in the corner," and "Encapsulate cleverness, then reuse the heck out of it.."

But Wall emphasized the flexibility and multi-paradigm nature that they finally implemented in Perl 6. "The thing we really came up with was... There really is no one true language. Not even Perl 6, because Perl 6 itself is a braid of sublanguages -- slangs for short -- and they interact with each other, and you can modify each part of the braid..."

Wall even demoed a sigil-less style, and argued that Perl 6 was everything from "expressive" and "optimizable" to "gradually-typed" and "concurrency aware," while supporting multiple virtual machines. He also notes that Perl 6 borrows powerful features from other languages, including Haskell (lazy evaluation) Smalltalk (traits), Go (promises and channels), and C# (functional reactive programming).

And towards the end of the interview Wall remembers how the original release of Perl was considered by some as a violation of the Unix philosophy of doing one thing and doing it well. "I was already on my rebellious slide into changing the world at that point."
Google

Why Google's Gmail Phishing Warnings Give False Positives (vortex.com) 49

Vortex.com is one of the oldest domains on the internet -- one of the first 40 ever registered, writes Slashdot reader Lauren Weinstein. So why does Google sometimes block the email he sends? Here's why. First, my message had the audacity to mention "Google Account" or "Google Accounts" in the subject and/or body of the message. And secondly, one of my mailing lists is "google-issues" -- so some (digest format) recipients received the email from "google-issues-request@vortex.com"... Apparently what we're dealing with here is a simplistic (and frankly, rather haphazard in this respect at least) string-matching algorithm that could have come right out of the early 1970s...! [A]t least in this case, it appears that Google is basically using the venerable old UNIX/Linux "grep" command or some equivalent, and in a rather slipshod way, too.
In addition, the article concludes, "I've never found a way to get Google to 'whitelist' well-behaved senders against these kinds of errors, so some users see these false phishing warnings repeatedly.
SuSE

Linux Pioneer SUSE Marks 25 Years In the Field (itwire.com) 54

troublemaker_23 shares an article from ITWire: The Germany-based SUSE Linux marked a milestone last week: on Friday, September 2, the company turned 25, a remarkable achievement in an industry where the remains of software companies litter the landscape around the world... SUSE was formed in 1992 by three university students -- Hubert Mantel, Roland Dyroff, and Burchard Steinbild. The fourth man in the equation was software engineer Thomas Fehr. They had a simple objective: to build software and deliver UNIX support. Linux had been around for a little more than a year at that point and they decided to use it... The name S.u.S.E is a German acronym and means "Software und System-Entwicklung", or "Software and systems development". The name was later changed to SuSE and some years on became SUSE...

Like other open source outfits, SUSE has widened its services and now not only provides an enterprise Linux distribution but has a well developed software-defined storage product and one for a container-as-a-service option. It also caters to those seeking cloud options and does more than its fair share in contributing to upstream FOSS projects. Along the way, it has spawned a top-notch community distribution, openSUSE, which is run by an autonomous board led by the ebullient British developer Richard Brown.

S.u.S.E Linux was one of the first distros, arriving in 1994 after Soft Landing Systems Linux (in mid-1992) and Slackware.
Open Source

FreeBSD 11.1 Released (freebsd.org) 219

Billly Gates writes: Linux is not the only free open-source operating system. FreeBSD, which is based off of the historical BSD Unix in which TCP/IP was developed on from the University of California at Berkeley, has been updated. It does not include systemd nor PulseAudio and is popular in many web server installations and networking devices. FreeBSD 11.1 is out with improvements in UEFI and Amazon cloud support in addition to updated userland programs. EFI improvements including a new utility efivar(8) to manage UEFI variables, EFI boot from TFTP or NFS, as well as Microsoft Hyper-V UEFI and Secure Boot for generation 2 virtual machines for both Windows Server and Windows 10 Professional hosts. FreeBSD 11.1 also has extended support Amazon Cloud features. A new networking stack for Amazon has been added with the ena(4) driver, which adds support for Amazon EC2 platform. This also adds support for using Amazon EC2 NFS shares and support for the Amazon Elastic Filesystem for NFS. For application updates, FreeBSD 11.1 Clang, LLVM, LLD, LLDB, and libc++ to version 4.0.0. ZFS has been updated too with a new zfsbootcfg with minor performance improvements. Downloads are here which include Sparc, PowerPC, and even custom SD card images for Raspberry Pi, Beagle-bone and other devices.
Operating Systems

48-Year-Old Multics Operating System Resurrected (multicians.org) 94

"The seminal operating system Multics has been reborn," writes Slashdot reader doon386: The last native Multics system was shut down in 2000. After more than a dozen years in hibernation a simulator for the Honeywell DPS-8/M CPU was finally realized and, consequently, Multics found new life... Along with the simulator an accompanying new release of Multics -- MR12.6 -- has been created and made available. MR12.6 contains many bug and Y2K fixes and allows Multics to run in a post-Y2K, internet-enabled world.
Besides supporting dates in the 21st century, it offers mail and send_message functionality, and can even simulate tape and disk I/O. (And yes, someone has already installed Multics on a Raspberry Pi.) Version 1.0 of the simulator was released Saturday, and Multicians.org is offering a complete QuickStart installation package with software, compilers, install scripts, and several initial projects (including SysDaemon, SysAdmin, and Daemon). Plus there's also useful Wiki documents about how to get started, noting that Multics emulation runs on Linux, macOS, Windows, and Raspian systems.

The original submission points out that "This revival of Multics allows hobbyists, researchers and students the chance to experience first hand the system that inspired UNIX."
Operating Systems

OpenBSD Will Get Unique Kernels On Each Reboot (bleepingcomputer.com) 162

An anonymous reader quotes a report from Bleeping Computer: A new feature added in test snapshots for the upcoming OpenBSD 6.2 release will create a unique kernel every time an OpenBSD user reboots or upgrades his computer. This feature is named KARL -- Kernel Address Randomized Link -- and works by relinking internal kernel files in a random order so that it generates a unique kernel binary blob every time. Currently, for stable releases, the OpenBSD kernel uses a predefined order to link and load internal files inside the kernel binary, resulting in the same kernel for all users. Developed by Theo de Raadt, KARL will work by generating a new kernel binary at install, upgrade, and boot time. If the user boots up, upgrades, or reboots his machine, the most recently generated kernel will replace the existing kernel binary, and the OS will generate a new kernel binary that will be used on the next boot/upgrade/reboot, constantly rotating kernels on reboots or upgrades. KARL should not be confused with ASLR -- Address Space Layout Randomization -- a technique that randomizes the memory address where application code is executed, so exploits can't target a specific area of memory where an application or the kernel is known to run. A similar technique exists for randomizing the memory location where the kernel loads -- called KASLR. The difference between the two is that KARL loads a different kernel binary in the same place, while KASLR loads the same binary in random locations. Currently Linux and Windows only support KASLR.
Security

Linux Is Not As Safe As You Think (betanews.com) 237

BrianFagioli writes via BetaNews: Would you be surprised if I told you that threat methods for Linux increased an astonishing 300 percent in 2016, while Microsoft's operating systems saw a decrease? Well, according to a new report, that is true. Does this mean Linux is unsafe? No way, Jose! There are some important takeaways here. Microsoft's Windows operating systems are still the most targeted platforms despite the year over year decline -- far beyond Linux. Also, just because there is an increase in malware attack methods doesn't necessarily mean that more systems will be infected. Let us not forget that it is easier to find a vulnerability with open source too; Microsoft largely uses closed source code. "At the end of November, criminals with other variants of the same Linux malware unleashed devastating attacks against DSL routers of Telekom customers. 900,000 devices were taken down. In October, the Mirai code appeared freely available on the Internet. Since then, the AV-TEST systems have been investigating an increasing number of samples with spikes at the end of October, November and beginning of December," says AV Test of the Mirai malware. "Other Linux malware, such as the Tsunami backdoor, has been causing trouble for several years now and can be easily modified for attacks against IoT devices. The detection systems of AV-TEST first detected the Tsunami malicious code in the year 2003. Although, at that time, practically no IoT devices existed, the Linux backdoor already offered attack functions which even today would be suitable for virtually unprotected attacks on routers: In this manner, Tsunami can download additional malicious code onto infected devices and thus make devices remote controllable for criminals. But the old malware can also be used for DDoS attacks. The Darlloz worm, known since 2013, as well as many other Linux and Unix malware programs, have similar attack patterns which AV-TEST has been detecting and analyzing for years."
Ubuntu

Ubuntu Disputes 'Ads In MOTD' Claims (twitter.com) 110

Thursday Lproven (Slashdot reader #6030) wrote: It appears that Ubuntu is using a feature it has added -- intended to insert headlines of breaking tech news (security alerts and so on) into the Message of the Day displayed at login to the console -- to display advertising and promotional messages.
The message in question linked to a Hacker Noon article titled "How HBO's Silicon Valley built 'Not Hotdog' with mobile TensorFlow, Keras & React Native." Later that day Dustin Kirkland, a Ubuntu Product Manager for the feature's design (and the Core Developer for its implementation) suggested the message had been mistaken for an ad, describing it on Hacker News as a "fun fact... an interesting tidbit of potpourri from the world of Ubuntu," and later saying it was intended like Google's doodles. "Last week's message actually announced an Ubuntu conference in Latin America. The week before, we linked to an article asking for feedback on Kubuntu. Before that, we announced the availability of Extended Security Maintenance updates for 12.04. And so on." He later confirmed Canonical received no money for the message, and also pointed out that the messages all come from an open source repository, and "You're welcome to propose your own messages for merging, if you have a well formatted, informative message for Ubuntu users."

Click through for a condensed version of the complete response by Dustin Kirkland, Ubuntu Product and Strategy at Canonical.
Silicon Graphics

SGI Desktop Clone Gets A New Version On Fedora (maxxinteractive.com) 103

Silicon Graphics workstations used the IRIX Interactive Desktop (formerly called Indigo Magic Desktop) for its IRIX operating system (based on UNIX System V with BSD extensions). "Anyone who remembers working on a SGI machine probably has fond memories of the Magic Desktop for IRIX," remembered one Slashdot reader in 2002. At the time a project called 5Dwm was working on a clone, and its work is still being continued by MaXX Interactive. Today Slashdot reader Daniel Mark shared the news that after "several years and many long nights," the company is announcing a new release for Fedora 25, adding that "more Linux Distributions support will be added over the coming days/weeks." They're calling it "something new and fresh in the Linux Desktop space." The MaXX Desktop is available in two versions, the free Community Edition (CE) which provides basic SGI Desktop experience and the commercially available Professional Edition (PE) that comes with support, CPU and GPU specific optimizations and a full SGI Desktop experience... So there is no surprise here, the MaXX Desktop is a highly tuned Workstation Environment for the Linux x86_64 and ia64 platforms. Multi-core processing, NVidia GPU specific optimizations are among the things that makes the MaXX Desktop so fast, light-weight and stable.
AT&T

ESR Shares A Forgotten 'Roots Of Open Source' Moment From 1984 (ibiblio.org) 79

Eric S. Raymond recently documented one of the first public calls for free software, which happened immediately after AT&T's fateful decision commercialize Unix: [I]n October 1984 I was in a crowd of people watching a presentation by a woman from Bell Labs describing the then-new getopt(3) library, written by AT&T as a way to regularize the processing of command-line arguments in C programs... Everybody thought this was a fine idea, and several people asked questions probing whether AT&T was going to let anyone else use the getopt code they had written. These questions related to the general anxiety about Unix source code distributions drying up. Frustration mounted as the woman gave evasive answers which seemed to add up to "No, we refuse to commit to allowing general access to this code." Which seemed to confirm everyone's worst fears about what was going to happen to Unix source code access in general. At which point Henry Spencer stands up and says (not in these exact words) "I will write and share a conforming implementation." -- and got a cheer from the assembled.

If you're thinking "That's not a big deal, we do this sort of thing all the time," my actual point is that in October 1984 this was indeed a big deal. It took an actual imaginative leap for Henry Spencer to, in effect, say "Screw AT&T and its legalisms and evasions, if they're going to cut off source access we hackers are gonna do it for ourselves"... [H]e got an actual cheer exactly because he was pushing forward, exposing the possibility of doing not just small projects and demos and quirky little tools but at competing with the likes of AT&T itself at software production.

Raymond also remembers this as an important moment for him. "I was a young, unknown programmer then -- just 27, still figuring out what I wanted. I watched Henry make that promise. I heard the cheer, and felt the change in the air as culturally, we realized what the solution to AT&T fscking us over had to be. And I thought 'I want to be like that guy.'"
Security

Newly Discovered Vulnerability Raises Fears Of Another WannaCry (reuters.com) 109

A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to that caused by WannaCry, which infected more than 300,000 computers worldwide, cybersecurity researchers said on Thursday. From a Reuters report: The U.S. Department of Homeland Security on Wednesday announced the vulnerability, which could be exploited to take control of an affected computer, and urged users and administrators to apply a patch. Rebekah Brown of Rapid7, a cybersecurity company, told Reuters that there were no signs yet of attackers exploiting the vulnerability in the 12 hours since its discovery was announced. But she said it had taken researchers only 15 minutes to develop malware that made use of the hole. "This one seems to be very, very easy to exploit," she said. Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers.
Security

Wall Street IT Engineer Hacks Employer To See If He'll Be Fired (bleepingcomputer.com) 198

An anonymous reader writes: A Wall Street engineer was arrested for planting credentials-logging malware on his company's servers. According to an FBI affidavit, the engineer used these credentials to log into fellow employees' accounts. The engineer claims he did so only because he heard rumors of an acquisition and wanted to make sure he wouldn't be let go. In reality, the employee did look at archived email inboxes, but he also stole encryption keys needed to access the protected source code of his employer's trading platform and trading algorithms.

Using his access to the company's Unix network (which he gained after a promotion last year), the employee then rerouted traffic through backup servers in order to avoid the company's traffic monitoring solution and steal the company's source code. The employee was caught after he kept intruding and disconnecting another employee's RDP session. The employee understood someone hacked his account and logged the attacker's unique identifier. Showing his total lack of understanding for how technology, logging and legal investigations work, the employee admitted via email to a fellow employee that he installed malware on the servers and hacked other employees.

Slashdot Top Deals