Crypto 24 / 7 News

Anyone hesitant of upgrading to GNOME 3.28 because of its decision to remove desktop icons need worry no more.
A new extension for GNOME Shell brings desktop icons support back to the GNOME desktop.
It works almost exactly as you’d expect: you can see icons on your desktop and rearrange them; double-click on files/folders/apps to open them; right-click on an empty part of the desktop create a new folders or open a folder in the terminal; and perform basic file operations like copy and paste. New Videos & New Opportunities
Flatpak 1.

0 has released which is a great milestone for the Linux Desktop. I was asked at GUADEC whether a release video could be in place.

In response, I spontaneously arranged to produce a voice-over with Sam during the GUADEC Video Editing BoF.

Since then, I have been storyboarding, animating and editing the project in Blender. The music and soundscape has been produced by Simon-Claudius who has done an amazing job. Britt edited the voice-over and has lended me a great load of rendering power (thanks Britt!). Getting back into Outreachy
Outreachy is a great organization that helps women and other minorities get involved in open source software.

(Outreachy was formerly the GNOME Outreach Program for Women.) I’ve mentored several cycles in Outreachy, doing usability testing with GNOME. I had a wonderful time, and enjoyed working with all the talented individuals who did usability testing with us.
I haven’t been part of Outreachy for a few years, since I changed jobs. I have a really hectic work schedule, and the timing hasn’t really worked out for me. Outreachy recently posted their call for participation in the December-March cycle of Outreachy.

December to March should be a relatively stable time on my calendar, so this is looking like a great time to get involved again.
I don’t know if GNOME plans to hire interns for the upcoming cycle of Outreachy, at least for usability testing. But I am interested in mentoring if they do.
Following conversations with Allan Day and Jakub Steiner, from GNOME Design, I’m thinking about changing the schedule we would use in usability testing. In previous cycles, I set up the schedule like a course on usability. That was a great learning experience for the interns, as they had a ramp-up in learning about usability testing before we did a big usability project.

They should have called it Mirrorball
TL;DR: there’s now an rsync server at rsync://images-dl.endlessm.com/public from which mirror operators can pull Endless OS images, along with an instance of Mirrorbits to redirect downloaders to their nearest—and hopefully fastest!—mirror. Our installer for Windows and the eos-download-image tool baked into Endless OS both now fetch images via this redirector, and from the next release of Endless OS our mirrors will be used as BitTorrent web seeds too.

This should improve the download experience for users who are near our mirrors.
If you’re interested in mirroring Endless OS, check out these instructions and get in touch.

We’re particularly interested in mirrors in Southeast Asia, Latin America and Africa, since our mission is to improve access to technology for people in these areas. New Releases Bodhi Linux 5.0.0 Released
Today I am very pleased to share the hard work of the Bodhi Team which has resulted in our fifth major release. It has been quiet the journey since our first stable release a little over seven years ago and I am happy with the progress this projected has made in that time.
For those looking for a lengthy change log between the 4.

5.0 release and 5.0.0, you will not find one. We have been happy with what the Moksha desktop has provided for some time now. This new major release simply serves to bring a modern look and updated Ubuntu core (18.

04) to the lightning fast desktop you have come to expect from Bodhi Linux. Bodhi Linux 5.0 Promises a Rock-Solid Moksha Desktop on Top of Ubuntu 18.04 LTS
Bodhi Linux developer Jeff Hoogland announced today the release and general availability of the final Bodhi Linux 5.0 operating system series for 32-bit and 64-bit platforms.
Based on Canonical’s long-term supported Ubuntu 18.

04 LTS (Bionic Beaver) operating system series, Bodhi Linux 5.0 promises to offer users a rock-solid, Enlightenment-based Moksha Desktop experience, improvements to the networking stack, and a fresh new look based on the popular Arc GTK Dark theme, but colorized in Bodhi Green colors. Bodhi Linux 5.0 Arrives with Moksha Desktop Improvements
The latest version of the lightweight Linux distribution includes a modest set of changes mainly concerned with aesthetics. The main lure for users will be the foundational upgrade to Ubuntu 18.04 LTS ‘Bionic Beaver’.
“We have been happy with what the Moksha desktop has provided for some time now. This new major release simply serves to bring a modern look and updated Ubuntu core (18.

04) to the lightning fast desktop you have come to expect from Bodhi Linux,” Bodhi developer Jeff Hoagland writes in his release announcement. Bodhi Linux 5.0.0 now available with Ubuntu 18.04 base
One of the best things about there being so many Linux distributions, is it can be fun to try them all. Believe it or not, “distro-hopping” is a legit hobby, where the user enjoys installing and testing various Linux-based operating systems and desktop environments. While Fedora is my reliable go-to distro, I am quite happy to try alternatives too. Hell, truth be told, I have more fun trying distributions than playing video games these days, but I digress.

A unique distribution I recommend trying is the Ubuntu-based Bodhi Linux. The operating system is lightweight, meaning it should run decently on fairly meager hardware.

It uses a desktop environment called “Moksha” which is very straightforward. The Enlightenment 17 fork is a no-nonsense DE that both beginners and power users will appreciate.

Today, version 5.0.0 finally becomes available. This follows a July release candidate.

Two important conferences are coming up:
* the Nextcloud conference in Berlin, Germany, from August 23 to 30, and * the MyData.org conference in Helsinki, Finland, August 29-31.
We’ll be at both, and just in time, we are proud to release UBOS beta 15!
Here are some highlights:
* Boot your Raspberry Pi from USB, not just an SDCard * The UBOS Staff has learned a very convenient new trick * UBOS now drives the LEDs on Intel NUCs and the Desktop Pi enclosure for the Raspberry Pi * Access your device from the public internet through Pagekite integration
For more info, read the detailed release notes here: https://ubos.net/docs/releases/beta15/release-notes/ Freespire 4.

0, Mozilla Announces New Fellows, Flatpak 1.0, KDevelop 5.2.4 and Net Neutrality Update
Freespire 4.0 has been released. This release brings a migration of the Ubuntu 16.04 LTS codebase to the 18.

04 LTS codebase, which adds many usability improvements and more hardware support. Other updates include intuitive dark mode, “night light”, Geary 0.12, Chromium browser 68 and much more. Red Hat Enterprise Linux 7.

6 Beta now available
The hybrid cloud requires a consistent foundation and today, we are pleased to refine and innovate that foundation with the availability of Red Hat Enterprise Linux 7.6 beta.

The latest update to Red Hat Enterprise Linux 7 is designed to deliver control, confidence, and freedom to demanding business environments, keeping pace with cloud-native innovation while supporting new and existing production operations across the many footprints of enterprise IT.
As Red Hat’s Paul Cormier states, the hybrid cloud is becoming a default technology choice. Enterprises want the best answers to meet their specific needs, regardless of whether that’s through the public cloud or on bare metal in their own datacenter. Red Hat Enterprise Linux provides an answer to a wide variety of IT challenges, providing a stable, enterprise-grade backbone across all of IT’s footprints – physical, virtual, private cloud, and public cloud. As the future of IT turns towards workloads running across heterogeneous environments, Red Hat Enterprise Linux has focused on evolving to meet these changing needs. Red Hat Enterprise Linux 7.

6 Enters Beta with Linux Container Innovations, More
Red Hat announced today the availability of Red Hat Enterprise Linux 7.6 operating system for beta testing for Red Hat Enterprise Linux customers.
Red Hat Enterprise Linux 7.6 is the sixth maintenance update in the Red Hat Enterprise Linux 7 operating system series, promising innovative technologies for Linux containers and enterprise-class hybrid cloud environments, new security and compliance features, as well as improvements in the management and automation areas.
“The latest update to Red Hat Enterprise Linux 7 is designed to deliver control, confidence, and freedom to demanding business environments, keeping pace with cloud-native innovation while supporting new and existing production operations across the many footprints of enterprise IT,” said Red Hat in today’s announcement. Open source key in federal IT modernization, adoption of emerging tech
There’s no pause button for agencies as they modernize systems — they must maintain critical legacy services while developing new platforms, which can make modernization a doubly tough proposition.

Open source technologies, however, can help to lighten that load, says Adam Clater, chief architect of Red Hat’s North American public sector business.
“Open source in the current climate is very much on the tip of everyone’s tongue. As the federal government looks to dig themselves out of the technical debt and focus on modernization, as well as delivering new services to their end users, at the end of the day they do have to continue the business of the government,” said Clater. “There’s a very natural affinity toward open source technologies as they do that because open source technologies are really at the forefront of the innovation we’re seeing.”
Because of this, Clater says he’s seen a surge in adoption of open source technology in the federal government in recent years.
“I think the government is ratcheting up their participation in open source communities,” he told FedScoop.

“They’ve long been participants and contributors, but with Code.gov and the memorandum around open source and open sourcing of government code, I think they’re really leaning in as both a contributor and a consumer of open source while partnering with industry in a lot of that adoption.

” How open source should transform your product development strategy
It’s a bit surprising that no one else seems to be following Red Hat’s lead. For a company that pulled in a very profitable $3 billion in its last fiscal year, and is on track to top $5 billion, Red Hat does a lot of things right. Perhaps most interestingly, however, is how it does product development.
As Red Hat CEO Jim Whitehurst has said: “Five years ago we didn’t know the technologies we’d be using today, and we don’t know what will be big in five years time.” That’s true of all companies.

What’s different for Red Hat, however, is how the company works with open source communities to invent the future. Mozilla Announces Major Improvements to Its Hubs Social Mixed Reality Platform, Windmill Enterprise Joins The Linux Foundation, Cloud Foundry Survey Results, New Bodhi Linux Major Release and Red Hat Linux 7.6 Now Available
Red Hat Linux 7.6 beta is now available. According to the Red Hat blog, “Red Hat Enterprise Linux 7.

6 beta adds new and enhanced capabilities emphasizing innovations in security and compliance features, management and automation, and Linux containers.” See the Release Notes for more information. Maxta, Red Hat, Intel Team Up for Hyperconverged ‘(Un)Appliance’
Hyperconverged storage software maker Maxta on Aug. 22 introduced a new appliance with a specific function: to run its software on Red Hat Linux’ virtualization framework.
This is a pre-configured system—called a Hyperconverged (Un)Appliance—consisting of Red Hat and Maxta software bundled together on Intel Data Center Blocks hardware. The joint package provides appliance-based hyperconvergence benefits without the disadvantages conventional systems have to endure, such as costs for refreshing, upgrading, VMware licensing and proprietary virtualization.
Hyperconverged (Un)Appliances collapse servers, storage and networking into a single server tier that is used to run virtual machines and containers, Maxta said. Storage is configured automatically when VMs or containers are created, allowing administrators to focus on managing applications rather than storage.

Maxta Introduces Hyperconverged “(Un)Appliance” with Maxta and Red Hat Virtualization Pre-Configured on Intel® Data Center Blocks Hardware
-Maxta Inc., a leading provider of hyperconvergence software, today introduced a Hyperconverged “(Un)Appliance” for Red Hat Virtualization, a pre-configured system of Red Hat Virtualization software and Maxta Hyperconvergence software bundled together on Intel® Data Center Blocks hardware. This joint solution provides all the advantages of appliance-based hyperconvergence without any of the disadvantages – there’s no refresh tax, no upgrade tax, no VMware tax, and no proprietary virtualization. Ready to adapt: Providing applications and services worldwide easily and quickly
The automobile industry is undergoing the biggest transformation in its 100-plus year history – and automotive trade is changing just as dramatically. Digitization has become at once a major competitive factor and a catalyst, influencing every company in the industry, while simultaneously proving to be a resource to be taken advantage of. Companies wishing to benefit from it should prepare to adapt organizationally, culturally, and technically while being able to manage the resulting changes.
In many ways, digitization means that companies must orient themselves to the needs of the customers economically, strategically, and technically. This customer-centric focus runs through all value chains company-wide as well as the respective individual divisions of every company, from development and production to sales and service.

New Red Hat Product Security OpenPGP key
Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key. This was done to improve the long-term security of our communications with our customers and also to meet current key recommendations from NIST (NIST SP 800-57 Pt. 1 Rev. 4 and NIST SP 800-131A Rev.

1).
The old key will continue to be valid for some time, but it is preferred that all future correspondence use the new key. Replies and new messages either signed or encrypted by Product Security will use this new key. Reducing data inconsistencies with Red Hat Process Automation Manager
Managing data reconciliation through a specific process is a common necessity for projects that require Digital Process Automation (formerly known as Business Process Management), and Red Hat Process Automation Manager helps to address such a requirement.

This article provides good practices and a technique for satisfying data reconciliation in a structured and clean way.
Red Hat Process Automation Manager was formerly known as Red Hat JBoss BPM Suite, so it’s worth mentioning that jBPM is the upstream project that fuels Process Automation Manager. The blog post From BPM and business automation to digital automation platforms explains the reasons behind the new name and shares exciting news for this major release. Finance Flatpak Linux app distributor is now ready for prime time
The Flatpak framework for distributing Linux desktop applications is now in prodaction release, after three years of beta status. The framework, originally called XDG-app, is intended to make Linux more attractive to desktop app developers. Applications built as a Flatpak can be installed on just about any Linux distribution.

The open source FlatPak can be used by different types of desktop applications and is intended to be as agnostic as possible when it comes the building of applications. There are no requirements for languages, build tools, or frameworks.

Users can control app updates. Flatpack uses familiar technologies such as the Bubblewrap utility for setting up containers and Systemd for setting up Linux cgroups (control groups) for sandboxes. Fedora 29 FESCO Approval Highlights from This Week, and Fedora 30 Release Schedule Confirmed
The members of the Fedora Engineering and Steering Committee have not only recently approved the Fedora 30 release schedule proposal, they have just recently approved a handful of Fedora 29 features.
Fedora 29 won’t be shipping until the end of October, but the Fedora 30 release schedule was confirmed to be around April 30th to May 7th of next year – the developers are planning on a massive and lengthy rebuild to occur around the end of January, then change checkpoint completion deadline by middle of February, beta freeze in early March, beta release towards the end of March, and the final freeze around the middle of April.

Fedora 30 Release Schedule Finalized, Aiming For A 30 April Debut
While Fedora 29 isn’t shipping until the end of October, the release schedule for Fedora 30 was firmed up this week at the Fedora Engineering and Steering Committee meeting.
The approved schedule is aiming for the Fedora 30 Linux release to happen on 30 April but with a pre-planned fallback date of 7 May. PHP on the road to the 7.3.

0 release
Version 7.3.

0beta2 is released. It’s now enter the stabilisation phase for the developers, and the test phase for the users.
RPM are available in the remi-php73 repository for Fedora ≥ 27 and Enterprise Linux ≥ 6 (RHEL, CentOS) and as Software Collection in the remi-safe repository (or remi for Fedora) Flock 2018 trip report
A presentation from Jim Perrin and Matt Miller revealed that Fedora and CentOS dist-git will be tied together. This change will likely provide an opportunity to do crazy, awesome and beautiful stuff. But the key thing is to have a single dist-git deployment instead of 2 at start. Once that’s done, we may start thinking about what to do with it.

Also Brian Stinson described the CI effort to validate all Fedora packages using CentOS CI infrastructure. Good updates, we seem to be getting really close to a system where all of us can write tests for their packages easily and run them on builds. Brian promised that short term we should be getting notifications from the pipeline and documentation. Can’t wait! Debian Family Debian Developers Discuss Process For Salvaging Packages
While Debian has tens of thousands of packages in its archive and users often tend to cite the size of a package archive as one of the useful metrics for evaluating a OS/distribution or package manager’s potential, not all packages are maintained the same.

In acknowledging that not all packages are maintained to the same standard and some ultimately slip through the cracks, Debian developers are discussing a salvaging process.
Like other distributions, Debian has processes in place already for orphaning packages when a maintainer disappears or voluntarily gives up maintaining a particular package.

But this proposed package salvaging process is for poorly maintained or completely unmaintained packages that aren’t in an orphaned state — the process to salvage a package to improve its quality would be “a weaker and faster procedure than orphaning.” The package maintainers could simply be preoccupied for a number of months, lost interest in the particular package and not pursued orphaning, etc. Reasons Why Debian Is Crucial To Linux History
That August 16, 1993, a young Ian Murdock announced on Usenet “the imminent completion of a new version of Linux which I will call Debian Linux Release.” Murdock, of course, had no idea that Debian would end up becoming an institution in the Linux world. This distribution, mother of many others (Ubuntu included), has completed 25 splendid years that have confirmed it as a crucial development in the world of Linux and Open Source. Linux Vacation Eastern Europe 2018
On Friday, I will be attending LVEE (Linux Vacation Eastern Europe) once again after a few years of missing it for various reasons.

I will be presenting a talk on my experience of working with LAVA; the talk is based on a talk given by my colleague Guillaume Tucker, who helped me a lot when I was ramping up on LAVA.
Since the conference is not well known outside, well, a part of Eastern Europe, I decided I need to write a bit on it. According to the organisers, they had the idea of having a Linux conference after the newly reborn Minsk Linux User Group organised quite a successful celebration of the ten years anniversary of Debian, and they wanted to have even a bigger event. The first LVEE took place in 2005 in a middle of a forest near Hrodna. DebConf18 video work
For personal reasons, I didn’t make it to DebConf18 in Taiwan this year; but that didn’t mean I wasn’t interested in what was happening.

Additionally, I remotely configured SReview, the video review and transcoding system which I originally wrote for FOSDEM. Derivatives Looking for a new OS? Try these Debian Linux-based systems
The Linux-based OS Debian is 25 years old, and during its lifetime this child of the 90s has spawned its own family of operating systems.
Debian derivatives come in all shapes and sizes, from user-friendly Linux Mint to the macOS replacement Elementary OS to the privacy-centric Tails.
This gallery rounds up some of the most notable and popular Debian derivatives, as highlighted by The Debian Project and DistroWatch. Devuan is a Linux Distro Without systemd. Why Should You Use It?
Devuan is a fork of the popular Debian Operating System upon which Ubuntu is based. It was first released in November 2014 with the aim of providing Linux users with a distro that doesn’t have the systemd daemon installed by default.

Although Devuan started when Debian adopted systemd but didn’t have a stable release until last year, 2017 in line with the release of Debian 9.
Because Devuan is virtually a replica of Debian except that it doesn’t use systemd, this article will be to highlight the differences between both OSes (starting with the most important,) so that you can see why you may prefer one over the other. Canonical/Ubuntu Ubuntu Server development summary – 21 August 2018
The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubuntu Server Team. If you would like to reach the server team, you can find us at the #ubuntu-server channel on Freenode.

Alternatively, you can sign up and use the Ubuntu Server Team mailing list. Flavours and Variants After Adopting LXQt, Lubuntu Is Switching to Wayland by Default for Ubuntu 20.10
Like its bigger brother Ubuntu and other official flavors, Lubuntu is still using the old X.Org Server by default, though nothing stops users to switch to Wayland if they want a more secure and capable display server for their computers, but that’s about to change in the coming years as Lubuntu will adopt Wayland by default.

Ubuntu already tried to move to Wayland by default with the now deprecated Ubuntu 17.10 (Artful Aardvark) release, but it had to switch back to X.Org Server and put Wayland on the back seat as an alternative session, which users can select from the login manager, with the Ubuntu 18.04 LTS (Bionic Beaver) release. Rugged, Linux-ready mini-PC showcases Ryzen V1000
Tranquil PC open pre-orders on a fanless, barebones “Mini Multi Display PC” mini-PC with AMD’s Ryzen Embedded V1000 SoC, 4x simultaneous 4K DisplayPort displays, 2x GbE, and up to 32GB DDR4 and 1TB storage.
Manchester, UK based Tranquil PC has launched the first mini-PC based on the AMD Ryzen Embedded V1000. The Mini Multi Display PC is named for the Ryzen V1000’s ability to simultaneously drive four 4K displays, a feature supported here with 4x DisplayPorts. The NUC-like, aluminum frame system is moderately rugged, with 0 to 40°C support and IP50 protection.

Apollo Lake Pico-ITX SBC has dual GbE ports and plenty of options
Aaeon’s Apollo Lake powered “PICO-APL4” SBC offers a pair each of GbE, USB 3.0, and M.

2 connections plus HDMI, SATA III, and up to 64GB eMMC.
Aaeon has spun another Pico-ITX form-factor SBC featuring Intel Apollo Lake processors, following the PICO-APL3 and earlier PICO-APL1. Unlike those SBCs, the new PICO-APL4 has dual Gigabit Ethernet ports, among other minor changes. Embedded IPC system runs on Qnap’s Linux-based QTS
IEI’s rugged, “TANK-860-QGW” IPC computer for M2M and IoT runs a Qnap-derived QTS Gateway Linux distro on a 4th Gen Core CPU with dual SATA bays and up to 6x PCIe slots.
IEI Technology has spun a rather singular embedded PC that aims to replace barebones IPC (interprocess communications) systems with something a bit more modern and IoT savvy. We say “a bit more” since the rugged, industrial focused TANK-860-QGW system runs on Intel’s old-school, 4th Gen “Haswell” processor. Otherwise, however, this “cloud-based IPC solution” offers up-to-date features.

The TANK-860-QGW runs on a homegrown QTS Gateway Linux distribution based on Qnap’s Linux-based QTS platform for its NAS (network attached server) systems. The system can monitor IPMI equipment, servers, PCs, and production line equipment, and can be set up as a LoRaWAN server, says IEI. Android Will a new, open source Twitter replace the flawed old one?
If you type Mastodon into Google around now you’ll probably happen upon a hairy chap called Brent Hinds who is apparently selling off his huge collection of guitars and amplifiers. For as well as being a prehistoric elephant, Mastodon is a beat combo and, latterly, a newish social network being promoted as “Twitter without the Nazis” or, less hysterically, “Twitter minus its bad bits”.
Mastodon was launched in August 2016 and received a guarded welcome. People got the idea: Mastodon was community owned, open source, decentralised, no advertising, no tracking, and no hate speech (probably) sort of outfit.
Unlike Twitter, Mastadon comprises software ‘instances’, so it’s a federation of little sites which self-administer.

If you live mostly in one instance, that doesn’t stop you from following and being followed by members of other instances.
Essentially open source Business Process Management (BPM) software company Bonitasoft has introduced its Bonita 7.7 iteration release.
This is BPM software with Intelligent Continuous Improvement (ICI) and Continuous Delivery (CD) capabilities.

The company says that its ICI play here is a route to building what it has called adaptable ‘living’ applications.
A living application then being one that can deliver changes in terms of continuous improvement, continuous integration, continuous deployment and continuous connectivity.
A new open-source tool designed to make DNS rebinding attacks easier has been released.

The kit, dubbed ‘singularity of origin’, was launched last week by a team from NCC Group.

It simplifies the process of performing a DNS rebinding attack, where an attacker is able to takeover a victim’s browser and break the single origin policy. This effectively allows an attacker to mask as the victim’s IP address and potentially abuse their privileges to access sensitive information.
The tool was created with pentesters in mind, and to increase awareness for developers and security teams on how to prevent DNS rebinding, the tool’s creators said.
NCC Group’s Gerald Doussot and Roger Meyer, who wrote the tool, told The Daily Swig: “Many developers think it’s safe to write software that has debug services listening only locally, but we’ve had several engagements where we were able to remotely compromise applications using DNS rebinding. Open source community accelerates Akraino development for Edge Computing
One of the most fascinating open networking projects to emerge earlier this year is the AT&T-initiated Akraino Edge Stack, which is being managed by the Linux Foundation. The objective of the Akraino project is to create an open source software stack that supports high-availability cloud services optimised for edge computing systems and applications.

The project has now moved into its execution phase to begin technical documentation and is already backed and supported by a strong group of telecoms operators and vendors. They include Arm, AT&T, Dell EMC, Ericsson, Huawei, Intel, Juniper Networks, Nokia, Qualcomm, Radisys, Red Hat and Wind River. Progress Open Sources ABL Code with Release of Spark Toolkit
Progress, a provider of application development and digital experience technologies, has released the Progress Spark Toolkit, a set of open source ABL code and recommended best practices to enable organizations to evolve existing applications and extend their capabilities to meet market demands.
Previously only available from Progress Services, the Spark Toolkit was created in collaboration with the Progress Common Component Specification (CCS) project, a group of Progress OpenEdge customers and partners defining a standard set of specifications for the common components for building modern business applications. By engaging the community, Progress says it has leveraged best practices in the development of these standards-based components and tools to enable new levels of interoperability, flexibility, efficiencies and effectiveness. Foundries.io promises standardized open source IoT device security
IoT devices currently lack a standard way of applying security.

It leaves consumers, whether business or individuals, left to wonder if their devices are secure and up-to-date. Foundries.io, a company that launched today, wants to change that by offering a standard way to secure devices and deliver updates over the air.
“Our mission is solving the problem of IoT and embedded space where there is no standardized core platform like Android for phones,” Foundries.io CEO George Grey explained.

Foundries.io Launches microPlatforms for an Always-Secure Internet of Things
Emerging from two years in stealth mode, Foundries.

io™ today announced the world’s first commercially available, continuously updated LinuxⓇ and Zephyr™ microPlatform™ distributions for the embedded, IoT, edge and automotive markets. Supported by a newly announced partner program, these microPlatforms™ enable devices from light bulbs to connected cars to always be secure and updated to the latest available firmware, operating system and application(s). Managed Linux and Zephyr distros for IoT offer OTA and container tech
A Linaro spinoff called Foundries.io unveiled a continuously updated “microPlatforms” IoT service with managed Linux and Zephyr distros. The Linux platform is based on OE/Yocto and Docker container code.
A Cambridge, UK based startup called Foundries.

io, which is funded by Linaro and led by former Linaro exec George Grey, has launched a microPlatforms service with managed, subscription-based Linux and Zephyr distributions. The microPlatforms offering will target IoT, edge, and automotive applications, and provide continuous over-the-air (OTA) updates to improve security.

The distributions are designed to work with any private or public cloud platform, with the microPlatform cloud service acting as an intermediary. The microPlatforms packages include firmware, kernel, services, and applications, “delivered continuously from initial product design to end-of-life,” says Foundries.io. Foundries.

io Tightens Edge, IoT Integration to Boost Security
oundries.io emerged from stealth with the notion that tight integration and instant software updates are the best security for edge, embedded, and IoT devices.
That philosophy is behind the company’s “microPlatforms” software that target devices running Linux or Zephyr distributions for the embedded, IoT, connected device, and edge markets. The Foundries.io platform allows for security and bug fix updates to be immediately sent to those devices. The software includes firmware, kernel, services, and application support, with Foundries.io handling the engineering, testing, and deployment of those updates. Startup Drives Open Source to IoT
A startup formed by members of Linaro wants to be the Red Hat of the Internet of Things, delivering configurations of Linux and the Zephyr RTOS for end nodes, gateways and cars.

Foundries.io aims to provide processor-agnostic code with regular updates at a time when IoT developers have a wide variety of increasingly vendor-specific choices.
“Today every IoT product is effectively a custom design that has to be tested and maintained, and we believe that causes huge fragmentation. Our concept is to make it as easy to update an embedded product as to update a smartphone, so you don’t need a security expert,” said George Grey, chief executive of Foundries.

io. State Certifies LA County’s New Open-Source Vote Tally System
Los Angeles County’s open-source vote tally system was certified by the secretary of state Tuesday, clearing the way for redesigned vote-by-mail ballots to be used in the November election.
“With security on the minds of elections officials and the public, open-source technology has the potential to further modernize election administration, security and transparency,” Secretary of State Alex Padilla said. “Los Angeles County’s VSAP vote tally system is now California’s first certified election system to use open-source technology.

This publicly-owned technology represents a significant step in the future of elections in California and across the country.”
The system — dubbed Voting Solutions for All People (VSAP) Tally Version 1.0 — went through rigorous security testing by staffers working with the secretary of state as well as an independent test lab, according to county and state officials. LA County OKs Open-Source Election System
California Secretary of State Alex Padilla’s office has certified the first open-source, publicly owned election technology for use in Los Angeles County — “a significant step in the future of elections in California and across the country.”
The system is known as Voting Solutions for All People (VSAP) Tally Version 1.0. Its certification will allow Los Angeles County to use its newly designed Vote By Mail (VBM) ballots in the November election.
County Registrar-Recorder/County Clerk Dean Logan, in the news release from Padilla’s office, said the new system will ensure accurate and secure counting of ballots.

Logan’s office will begin distributing the new ballots on Oct. 9. Each voter’s packet will include a ballot, a postage-paid return envelope, a secrecy sleeve and an “I Voted” sticker.
“As part of the certification process, the system went through rigorous functional and security testing conducted by the Secretary of State’s staff and a certified voting system test lab,” Padilla’s office said. “The testing ensured the system’s compliance with California and federal laws, including the California Voting System Standards (CVSS).” State Certifies LA County’s New Open-Source Vote Tally System
Los Angeles County’s open-source vote tally system was certified by the secretary of state Tuesday, clearing the way for redesigned vote-by-mail ballots to be used in the November election.

“With security on the minds of elections officials and the public, open-source technology has the potential to further modernize election administration, security and transparency,” Secretary of State Alex Padilla said. “Los Angeles County’s VSAP vote tally system is now California’s first certified election system to use open-source technology. This publicly-owned technology represents a significant step in the future of elections in California and across the country.”
The system — dubbed Voting Solutions for All People (VSAP) Tally Version 1.0 — went through rigorous security testing by staffers working with the secretary of state as well as an independent test lab, according to county and state officials. 5 open source tools for container security
As containers become an almost ubiquitous method of packaging and deploying applications, the instances of malware have increased. Securing containers is now a top priority for DevOps engineers.

Fortunately, a number of open source programs are available that scan containers and container images. Let’s look at five such tools. Salesforce Makes ML Library Available as Open Source Project
It’s increasingly clear that when it comes to artificial intelligence (AI), many organizations will be able to leverage investments made by IT vendors that are being made available as open source code. The latest example of that trend is a decision by Salesforce to make TransmogrifAI, a machine learning library that makes it simpler to consume large amounts of structured data, available as open source code on GitHub.

Shubha Nabar, senior director of data science for Salesforce Einstein, the AI platform developed by Salesforce, says the decision to make TransmogrifAI open source is driven by primarily by a desire to make AI technologies readily available and easily understandable. Bolster your DevOps infrastructure with open source tools
When we talk about DevOps, we typically mean managing software deliverables, not infrastructure. But the overall system sanctity is deeply coupled with infrastructure integrity.

How many times have you heard “But it works on my system”? Or perhaps a misconceived admin changes the configuration of the production server and things don’t work anymore. Hence, it is essential to bring infrastructure into the proven DevOps practices of consistency, traceability, and automation.
This article builds on my previous one, Continuous infrastructure: The other CI. While that article introduced infrastructure automation and infrastructure as a first-class citizen of the CI pipeline using the principles of infrastructure as code and immutable infrastructure, this article will explore the tools to achieve a CIi (continuous integration of infrastructure) pipeline through automation.

Open-Source Hybrid Analysis Portal Gets a Boost
The free Hybrid Analysis malware research site used for investigating and detecting unknown malware threats now includes an accelerated search feature that roots out matches or correlations in minutes, rather than hours.
CrowdStrike donated its Falcon MalQuery new rapid-search feature to the Hybrid Analysis community platform, which has some 100,000 active users worldwide. Hybrid Analysis was acquired in fall 2017 by CrowdStrike, and also employs CrowdStrike’s sandbox technology.

BlazeMeter Open Sources Plugin for Mainframe Testing
BlazeMeter launched an open source plugin for continuous mainframe testing.

The RTE plugin works with the company’s Apache JMeter, an open source Java application designed to load test functional behavior and measure performance.
“Supporting IBM mainframe protocols TN5250 and TN3270, the JMeter RTE plugin simulates a mainframe terminal sending actions and keystrokes to the mainframe server,” the company said in a statement.

“By using the plugin, developers and testers can simulate filling forms or calling processes, specify the position of fields on the screen and the text to set on them, and simulate the keyboard attention keys.” If you have ambition, open source at scale is essential
When your job is to provide the cloud infrastructure to run analytics and workloads across three that are more than 100 miles apart datacenters, sucking 100-plus petabytes from each daily, it’s no longer an even remotely credible option to buy it from Megavendor X. These days, the only place to find such software is on an open source repository somewhere.
Which is exactly what Didi Chuxing, the Uber of China, did.
[..

.

]
Five years ago, Cloudera cofounder Mike Olson wrote, “No dominant platform-level software infrastructure has emerged in the last ten years in closed-source, proprietary form.” In significant measure, this stems from the realities of operating at web-scale: The financial costs, never mind the technical costs, of trying to scale proprietary hardware and software systems are simply too high. Companies like Google and Facebook keep gifting genius creations to the open source community, driving innovation faster, well beyond the realm of proprietary firms’ ability to compete in data infrastructure. Energy controls platform available in open source
VOLTTRON is an innovative open source software platform that helps users rapidly develop and deploy new control solutions for a myriad of applications in buildings, renewable energy systems and electricity grid systems. Developed by Pacific Northwest National Laboratory with funding from the Department of Energy, VOLTTRON can be downloaded from the not-for-profit Eclipse Foundation that will steward it as an open source software platform.

As part of this move, PNNL has joined the Eclipse Foundation, a global organization with more than 275 members.
Flexible, scalable and cyber-secure, VOLTTRON offers paradigm-shifting capabilities for development of new analysis and management solutions for energy consumption optimization and integration of building assets with the electric grid. VOLTTRON provides the ability to shift energy demand to off-peak hours and manage a facility’s load shape to reduce stress on the grid. Open source microservices management trends alter software delivery
If you’re a business that uses a monolithic architecture, the adoption of microservices might cause some anxiety on your team. After all, there isn’t one comprehensive place to find answers to all the challenges that arise from managing today’s cloud-native apps, and there isn’t one single vendor that has all the answers.
Fortunately, the open source community can offer some help. Trends in open source software point toward a future with a completely different approach to application management. If you’re willing to delve into and invest in today’s leading open source microservices projects, it’s possible to find everything you need to manage modern microservices applications in the cloud.

Web Browsers Notes now uses Rust & Android components
Today we shipped Notes by Firefox 1.1 for Android, all existing users will get the updated version via Google Play.
After our initial testing in version 1.0, we identified several issues with the Android’s “Custom Tab” login features.

To fix those problems the new version has switched to using the newly developed Firefox Accounts Android component. This component should resolve the issues that the users experienced while signing in to Notes.

Dweb: Serving the Web from the Browser with Beaker
We work on Beaker because publishing and sharing is core to the Web’s ethos, yet to publish your own website or even just share a document, you need to know how to run a server, or be able to pay someone to do it for you.
So we asked ourselves, “What if you could share a website directly from your browser?”
Peer-to-peer protocols like dat:// make it possible for regular user devices to host content, so we use dat:// in Beaker to enable publishing from the browser, where instead of using a server, a website’s author and its visitors help host its files.

It’s kind of like BitTorrent, but for websites!
[…] New in Hubs: Images, Videos, and 3D Models
A few months ago, we announced an early preview release of Hubs by Mozilla, an experiment to bring Social Mixed Reality to the browser. Since then, we’ve made major strides in improving usability, performance, and support for standalone devices like the Oculus Go. Today, we’re excited to share our first big feature update to Hubs: the ability bring your videos, images, documents, and even 3D models into Hubs by simply pasting a link. Getting cross border lawful access in Europe right
Lawmakers in the EU have proposed a new legal framework that will make it easier for police in one country to get access to user data in another country (so-called ‘e-evidence’) when investigating crimes. While the law seeks to address some important issues, there is a risk that it will inadvertently undermine due process and the rule of law in Europe.

Over the coming months, we’ll be working with lawmakers in Europe to find a policy solution that effectively addresses the legitimate interests of law enforcement, without compromising the rights of our users or the security of our communications infrastructure. Mozilla files FTC comments calling for interoperability to promote competition
Mozilla’s Internet Health Report 2018 explored concentration of power and centralization online through a spotlight article, “Too big tech?” Five U.S. technology companies often hold the five largest market capitalizations of any industry and any country in the world. Their software and services are entangled with virtually every part of our lives.

These companies reached their market positions in part through massive innovation and investment, and they created extremely popular (and lucrative) user experiences. As a consequence of their success, though, the product and business decisions made by these companies move socioeconomic mountains.

And, like everyone, tech companies make mistakes, as well as some unpopular decisions. For many years, the negative consequences of their actions seemed dwarfed by the benefits. A little loss of privacy seemed easy to accept (for an American audience in particular) in exchange for a new crop of emojis.

But from late 2016 through 2017, things changed. The levels of disinformation, abuse, tracking, and control crossed a threshold, sowing distrust in the public and catalyzing governments around the world to start asking difficult questions.
Since our “Too big tech?” piece was published, this trajectory of government concern has continued. The Facebook / Cambridge Analytica scandal generated testimony from Facebook CEO Mark Zuckerberg on both sides of the Atlantic. The European Commission levied a $5 billion fine on Google for practices associated with the Android mobile operating system. Meanwhile Republican Treasury Secretary Steve Mnuchin called for a serious look at the power of tech companies, and Democratic Senator Mark Warner outlined a 20 point regulatory proposal for social media and technology firms. TenFourFox and legacy addons and their euthanasia thereof
Presently TenFourFox uses Mozilla Addons as a repository for “legacy” (I prefer “classic” or “can actually do stuff” or “doesn’t suck”) add-ons that remain compatible with Firefox 45, of which TenFourFox is a forked descendant. Mozilla has now announced these legacy addons will no longer be accessible in October.

I don’t know if this means that legacy-only addons will no longer be visible, or no longer searchable, or whether older compatible versions of current addons will also be no longer visible, or whatever, or whether everything is going to be deleted and HTH, HAND. The blog post doesn’t say.

Just assume you may not be able to access them anymore.
This end-of-support is obviously to correlate with the end-of-life of Firefox 52ESR, the last version to support legacy add-ons. That’s logical, but it sucks, particularly for people who are stuck on 52ESR (Windows XP and Vista come to mind). Naturally, this also sucks for alternative branches such as Waterfox which split off before WebExtensions became mandatory, and the poor beleaguered remnants of SeaMonkey. Timeline for disabling legacy add-ons on addons.mozilla.

org
Mozilla will stop supporting Firefox Extended Support Release (ESR) 52, the final release that is compatible with legacy add-ons, on September 5, 2018.
As no supported versions of Firefox will be compatible with legacy add-ons after this date, we will start the process of disabling legacy add-on versions on addons.mozilla.org (AMO) in September. On September 6, 2018, submissions for new legacy add-on versions will be disabled. All legacy add-on versions will be disabled in early October, 2018. Once this happens, users will no longer be able to find your extension on AMO.
After legacy add-ons are disabled, developers will still be able to port their extensions to the WebExtensions APIs.

Once a new version is submitted to AMO, users who have installed the legacy version will automatically receive the update and the add-on’s listing will appear in the gallery.

Education Eclipse Foundation and IBM Partner to Help Fight Natural Disasters in New Global Open Source Software Initiative
The Eclipse Foundation, the platform for open collaboration and innovation, today announced that it is joining the Call for Code initiative with Founding Partner IBM to use the power of open source software and a global collaborative community of developers to help people around the world better prevent, respond to, and recover from natural disasters.
The Call for Code Global Challenge, created by David Clark Cause and powered by IBM, has more than 35 organizations asking developers to create solutions that significantly improve natural disaster preparedness and relief. This competition is the first of its kind at this global scale, encouraging developers worldwide who want to give back to their communities open software solutions that alleviate human suffering. Why Redis Labs made a huge mistake when it changed its open source licensing strategy
No, Redis is not proprietary after Redis Labs introduced a tweak to its licensing strategy. Yes, some modules from Redis Labs will now be under a weird new license hack that says, in essence, “Clouds, you’re not allowed to make money from this code unless you pay us money.” And yes, this hack was completely unnecessary in terms of open source evolution.
You see, we already have ways to accomplish this.

Not everyone likes strategies like Open Core, but they’re well-established, well-understood, and could have saved Redis Labs some headaches.
[…]
Let’s be clear: Redis Labs’ desire is rational and common to open source vendors. While Redis Labs didn’t touch the license for Redis Core (it remains under the highly permissive BSD), the company has slapped a “Commons Clause” onto otherwise open source software to make it…not open source.

The rationale? The Data Transfer Project
Social networks are typically walled gardens; users of a service can interact with other users and their content, but cannot see or interact with data stored in competing services. Beyond that, though, these walled gardens have generally made it difficult or impossible to decide to switch to a competitor—all of the user’s data is locked into a particular site. Over time, that has been changing to some extent, but a new project has the potential to make it straightforward to switch to a new service without losing everything. The Data Transfer Project (DTP) is a collaborative project between several internet heavyweights that wants to “create an open-source, service-to-service data portability platform”.

[..

.]
Users will obviously need to authenticate to both sides of any transfer; that will be handled by authentication adapters at both ends. Most services are likely to use OAuth, but that is not a requirement. In addition, the paper describes the security and privacy responsibilities for all participants (service providers, users, and the DTP system) at some length. These are aimed at ensuring that users’ data is protected in-flight, that the system minimizes the risks of malicious transfers, and that users are notified when transfers are taking place. In addition, a data transfer does not imply removing the data from the exporting provider; there is no provision in DTP for automated data deletion.
One of the advantages for users, beyond simply being able to get their hands on their own data, is the reduction in bandwidth use that will come because the service providers will directly make the transfer. That is especially important in places where bandwidth is limited or metered—a Google+ user could, for example, export their photos to Facebook without paying the cost of multi-megabyte (or gigabyte) transfers.

The same goes for backups made to online cloud-storage services, though that is not really new since some service providers already have ways to directly store user data backups elsewhere in the cloud. For local backup, though, the bandwidth cost will have to be paid, of course.
The use cases cited in the paper paint a rosy picture of what DTP can help enable for users. A user may discover a photo-printing service that they want to use, but have their photos stored in some social-media platform; the printing service could offer DTP import functionality. Or a service that received requests from customers to find a way to get their data out of another service that was going out of business could implement an export adapter using the failing service’s API.

A user who found that they didn’t like the update to their music service’s privacy policy could export their playlists to some other platform. And so on.
KOGER® Inc.

, a global financial services technology company, has announced the availability of an open-source client portal for financial institutions, asset managers, and fund administrators that works in tandem with the systems they already have in place. Funding Handshake Provides a Leg Up
Handshake has recently awarded funds to many critical free and open source software projects. In particular Conservancy has been gifted $200K for our ongoing work to support software freedom by providing a fiscal home for smaller projects, enforcing the GPL and undertaking strategic efforts to grow and improve free software. Outreachy, the organization offering biannual, paid internships for under-represented people to work in free software (itself a member project of Conservancy) has also been awarded $100,000 from these funds.

“We are grateful for this donation that will allow us to continue supporting people from underrepresented backgrounds in gaining focused experience as free software contributors and shaping the future of technology,” said Marina Zhurakhinskaya, Outreachy Organizer. Donations to the Outreachy general fund support program operations and increasing awareness of opportunities in free software among people from underrepresented groups in tech.
[..

.]
As a small organization, we are always working to do the most with what we have. The Handshake grant allows us to tackle some of the work that we would have otherwise had to put off to a later date. Unfettered donations give us the freedom to say yes to hiring contractors to help with tasks that we don’t have expertise for in house, they help us move up our timetables for critical infrastructure and they enable us to spend less time fundraising.

These kinds of gifts are absolutely critical for Conservancy and for our frugal sister organizations in the free software community. BackYourStack To Provide Open Source With Financial Security
Open Collective has come up with an new initiative that makes it easy for companies to identify the open source projects that they depend on that also need funding and make a financial contribution. BackYourStack provides a new way for open source communities get paid for the work they do and become financially sustainable.
[…]
Open Collective lets its users set up pages to collect donations and membership fees where the funds required and the funds raised are explicitly shows and sponsors and the extent of their support is acknowledged. This page gives also access to an ongoing record of a project’s expenses where members can submit new expenses for reimbursement and its Budget facility allows income and expenditure to be tracked.

According to its FAQs, so far Open Collective has raised $2,815,000 in funds for its members. It takes 10% plus credit card fees to cover the costs of running the platform and managing bookkeeping, taxes and the admin of reimbursing expenses and shares this commission with the host organizations that hold the money on behalf of member collectives.

BSD DragonFlyBSD Now Runs On The Threadripper 2990WX, Developer Shocked At Performance
Last week I carried out some tests of BSD vs. Linux on the new 32-core / 64-thread Threadripper 2990WX.

I tested FreeBSD 11, FreeBSD 12, and TrueOS — those benchmarks will be published in the next few days. I tried DragonFlyBSD, but at the time it wouldn’t boot with this AMD HEDT processor. But now the latest DragonFlyBSD development kernel can handle the 2990WX and the lead DragonFly developer calls this new processor “a real beast” and is stunned by its performance potential.
When I tried last week, the DragonFlyBSD 5.

2.2 stable release nor DragonFlyBSD 5.3 daily snapshot would boot on the 2990WX. But it turns out Matthew Dillon, the lead developer of DragonFlyBSD, picked up a rig and has it running now.

So in time for the next 5.4 stable release or those using the daily snapshots can have this 32-core / 64-thread Zen+ CPU running on this operating system long ago forked from FreeBSD. FSF/FSFE/GNU/SFLC Software Freedom Ensures the True Software Commons
Proprietary software has always been about a power relationship. Copyright and other legal systems give authors the power to decide what license to choose, and usually, they choose a license that favors themselves and takes rights and permissions away from others.
The so-called “Commons Clause” purposely confuses and conflates many issues. The initiative is backed by FOSSA, a company that sells materiel in the proprietary compliance industrial complex.

This clause recently made news again since other parties have now adopted this same license.
This proprietary software license, which is not Open Source and does not respect the four freedoms of Free Software, seeks to hide a power imbalance ironically behind the guise “Open Source sustainability”.

Their argument, once you look past their assertion that “the only way to save Open Source is to not do open source”, is quite plain: “If we can’t make money as quickly and as easily as we’d like with this software, then we have to make sure no one else can as well”.
These observations are not new. Software freedom advocates have always admitted that if your primary goal is to make money, proprietary software is a better option. It’s not that you can’t earn a living writing only Free Software; it’s that proprietary software makes it easier because you have monopolistic power, granted to you by a legal system ill-equipped to deal with modern technology.

In my view, it’s a power which you don’t deserve — that allows you to restrict others.
Of course, we all want software freedom to exist and survive sustainably. But the environmental movement has already taught us that unbridled commerce and conspicuous consumption is not sustainable. Yet, companies still adopt strategies like this Commons Clause to prioritize rapid growth and revenue that the proprietary software industry expects, claiming these strategies bolster the Commons (even if it is a “partial commons in name only”).

The two goals are often just incompatible. It may be poor man’s Photoshop, but GIMP casts a Long Shadow with latest update
There appears to be no rest for Wilber as the GIMP team has updated the venerable image editor to version 2.10.6.

We were delighted to see the arrival of the Straighten button in version 2.10.4, mainly due to our inability to hold a camera straight. Version 2.

10.6 extends this handy feature to include vertical straightening, so the Leaning Tower of Pisa need lean no more. As before, the user must wield the Measure tool and either let GIMP automatically work out if straightening should be vertical or horizontal, or override the application.
In a nod to East Asian writing systems, or just to those who feel the need for vertical text, GIMP has also gained a variety of vertical text options, including mixed orientation or the more Western style upright.
GNU Parallel 20180822 (‘Genova’) has been released. It is available for download at: