Language Selection

English French German Italian Portuguese Spanish

Gnu Planet

Syndicate content
Planet GNU - https://planet.gnu.org/
Updated: 1 week 2 days ago

mit-scheme @ Savannah: MIT/GNU Scheme 10.1.4 released

Monday 7th of January 2019 03:01:41 AM

See the release notes.

recutils @ Savannah: recutils 1.8 released

Thursday 3rd of January 2019 10:20:39 AM

I am happy to announce a new release of the GNU recutils, version 1.8.

The changes in this release are:

  • Utilities:
    • Fix the build of readrec with recent bash headers.
  • librec:
    • Fix evaluation of sexes containing #NAME expressions.
    • Make numeric results from aggregated functions signed.
  • readred:
    • readrec --help now shows the help message and returns, instead of waiting for input.
  • Emacs mode:
    • rec-mode.el now supports case-insensitive searches.
    • rec-mode.el now defines it's own faces.
    • ob-rec.el was switched to lexical binding to satisfy later org-mode versions.
  • It is now possible to run the testsuite in parallel.
  • Other fixes:
    • gnulib updated.
    • GNU/Hurd build fixed.
    • Aggregate functions now work properly in Aarch64 and powerpc.
  • Internal cleanup and code factorization.
  • Other bug fixes.

The release can be found in the GNU ftp:
ftp://ftp.gnu.org/gnu/recutils/recutils-1.8.tar.gz

Alternatively, http://ftpmirror.gnu.org/recutils/ will automatically
redirect to a nearby mirror.

==About GNU recutils==

GNU recutils is a set of tools and libraries to access human-editable,
text-based databases called recfiles. The data is stored as a
sequence of records, each record containing an arbitrary number of
named fields. Advanced capabilities usually found in other data
storage systems are supported by GNU recutils: data types, data
integrity (keys, mandatory fields, etc) as well as the ability of
records to refer to other records (sort of foreign keys). Despite its
simplicity, recfiles can be used to store medium-sized databases.

Please see the GNU recutils homepage for more information:
http://www.gnu.org/software/recutils

-- Jose E. Marchesi Frankfurt am Main 3 January 2019

tar @ Savannah: Version 1.31

Wednesday 2nd of January 2019 07:17:56 PM

Version 1.31 is available for download. New in this release:

  • Fix heap-buffer-overrun with --one-top-level.
  • Support for zstd compression.
  • The -K option interacts properly with member names given in the command line.
  • Fix CVE-2018-20482

diffutils @ Savannah: diffutils-3.7 released [stable]

Tuesday 1st of January 2019 02:52:05 AM
This is to announce diffutils-3.7, a stable release. There have been 27 commits by 4 people in the 84 weeks since 3.6. See the NEWS below for a brief summary. Thanks to everyone who has contributed! The following people contributed changes to this release: Bruno Haible (2) Dennis Lambe Jr (1) Jim Meyering (18) Paul Eggert (6) Jim [on behalf of the diffutils maintainers] ================================================================== Here is the GNU diffutils home page: http://gnu.org/s/diffutils/ For a summary of changes and contributors, see: http://git.sv.gnu.org/gitweb/?p=diffutils.git;a=shortlog;h=v3.7 or run this command from a git-cloned diffutils directory: git shortlog v3.6..v3.7 To summarize the 915 gnulib-related changes, run these commands from a git-cloned diffutils directory: git checkout v3.7 git submodule summary v3.6 ================================================================== Here are the compressed sources and a GPG detached signature[*]: https://ftp.gnu.org/gnu/diffutils/diffutils-3.7.tar.xz https://ftp.gnu.org/gnu/diffutils/diffutils-3.7.tar.xz.sig Use a mirror for higher download bandwidth: https://ftpmirror.gnu.org/diffutils/diffutils-3.7.tar.xz https://ftpmirror.gnu.org/diffutils/diffutils-3.7.tar.xz.sig [*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify diffutils-3.7.tar.xz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.gnupg.net --recv-keys 7FD9FCCB000BEEEE and rerun the 'gpg --verify' command. This release was bootstrapped with the following tools: Autoconf 2.69.197-b8fd7 Automake 1.16a Gnulib v0.1-2305-g95c96b6dd ================================================================== NEWS * Noteworthy changes in release 3.7 (2018-12-31) [stable] ** Bug fixes diff --strip-trailing-cr with a single CR byte in one input file would provoke an uninitialized memory read, e.g., diff -a --strip-trailing-cr <(printf '\r') <(echo a) [bug introduced in 2.8 with addition of the --strip-trailing-cr option] ** Improvements diff --color now produces output compatible with less -R.

FSF Blogs: A message from Richard M. Stallman

Monday 31st of December 2018 02:14:30 AM

The donation from the Pineapple Fund arrived in the form of Bitcoin and had gone down to around $860,000 by the time we could convert it all to dollars. Around half of the donation from Handshake is earmarked for specific software projects; some of that will go to improving Replicant, the free Android fork, but that half won't help fund the FSF's general operations.

We will need to add part of these donations to our reserves, which are meant to enable us to keep operating in the case of a possible downturn. That still leaves enough to expand our staff by two or three positions. We will be able to do some of the work that always needed doing but that we could not undertake.

We have added a position to the tech team so that they can upgrade the support platforms for GNU packages -- repositories, Web pages, translation, testing -- and publish about how we run the FSF without nonfree software.

We intend also to add another person to the Licensing and Compliance team, which certifies distributions and products and enforces the GNU General Public License. Because of the success of Respects Your Freedom, we have a long backlog of products to evaluate. Expanding the team will increase our ability to help people purchase hardware that runs entirely on free software.

We will also fund development of free JavaScript code to make certain Web sites function in the free world. Making sites depend on sending users nonfree JavaScript code has become fashionable, so that organizations and even governments do it without even thinking about it. The option to communicate with Web sites without running nonfree software is a crucial part of freedom for users of the World Wide Web. We will also continue improving the GNU LibreJS extension, and making GNU IceCat protect against JavaScript spyware techniques.

This year's surprise one-time donations make it possible for us to hire additional staff and do more work, but we can't coast very long on them alone; we will need to continue paying the staff to keep doing the work. Most of our income, these donations aside, comes from individual donors giving less than $200 a year. To carry on with this work, we need your support.

The increased operations, as we are planning them now, will still not do all that needs to be done to win freedom in computing. You can enable us to continue -- and to undertake the other work that we are still not doing -- by joining the Free Software Foundation or donating now. Even better, do both!

gzip @ Savannah: gzip-1.10 released [stable]

Sunday 30th of December 2018 06:08:30 AM
This is to announce gzip-1.10, a stable release. There have been 19 commits by 2 people in the 51 weeks since 1.9, not to mention the 559 gnulib-related changes. See the NEWS below for a brief summary. Thanks to everyone who has contributed! The following people contributed changes to this release: Jim Meyering (9) Paul Eggert (10) Jim [on behalf of the gzip maintainers] ================================================================== Here is the GNU gzip home page: http://gnu.org/s/gzip/ For a summary of changes and contributors, see: http://git.sv.gnu.org/gitweb/?p=gzip.git;a=shortlog;h=v1.10 or run this command from a git-cloned gzip directory: git shortlog v1.9..v1.10 ================================================================== Here are the compressed sources: https://ftp.gnu.org/gnu/gzip/gzip-1.10.tar.gz (1.2MB) https://ftp.gnu.org/gnu/gzip/gzip-1.10.tar.xz (760KB) Here are the GPG detached signatures[*]: https://ftp.gnu.org/gnu/gzip/gzip-1.10.tar.gz.sig https://ftp.gnu.org/gnu/gzip/gzip-1.10.tar.xz.sig [*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify gzip-1.10.tar.gz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.gnupg.net --recv-keys 7FD9FCCB000BEEEE and rerun the 'gpg --verify' command. This release was bootstrapped with the following tools: Autoconf 2.69.197-b8fd7 Automake 1.16a Gnulib v0.1-2305-g95c96b6dd ================================================================== NEWS * Noteworthy changes in release 1.10 (2018-12-29) [stable] ** Changes in behavior Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file. Instead, the output contains a null (zero) timestamp. This makes gzip's behavior more reproducible when used as part of a pipeline. (As a reminder, even regular files will use null timestamps after the year 2106, due to a limitation in the gzip format.) ** Bug fixes A use of uninitialized memory on some malformed inputs has been fixed. [bug present since the beginning] A few theoretical race conditions in signal handers have been fixed. These bugs most likely do not happen on practical platforms. [bugs present since the beginning]

gnuastro @ Savannah: Gnuastro 0.8 released

Friday 28th of December 2018 02:58:19 PM

The 8th release of GNU Astronomy Utilities (Gnuastro) is now available for download. Please see the announcement for details.

FSF Events: Richard Stallman - "Should we have more surveillance than the USSR?" (Kozhikode, India)

Friday 28th of December 2018 02:35:53 PM
Digital technology has enabled governments to impose surveillance that Stalin could only dream of, making it next to impossible to talk with a reporter undetected. This puts democracy in danger. Stallman will present the absolute limit on general surveillance in a democracy, and suggest ways to design systems not to collect dossiers on all citizens.

Richard Stallman will be speaking at the Kerala Literature Festival (2019-01-10–13). His speech will be nontechnical, admission is gratis, and the public is encouraged to attend.

Location: Kerala Literature festival, Kozhikode Beach, Port Grounds, Kozhikode, Kerala, India

Please fill out our contact form, so that we can contact you about future events in and around Kozhikode.

FSF Events: Richard Stallman - "Free software: Freedom in your computing" (Kozhikode, India)

Friday 28th of December 2018 01:52:52 PM
The Free Software Movement campaigns for computer users' freedom to cooperate and control their own computing. The Free Software Movement developed the GNU operating system, typically used together with the kernel Linux, specifically to make these freedoms possible.

Richard Stallman will be speaking at the Kerala Literature Festival (2019-01-10–13). His speech will be nontechnical, admission is gratis, and the public is encouraged to attend.

Location: Kerala Literature festival, Kozhikode Beach, Port Grounds, Kozhikode, Kerala, India

Please fill out our contact form, so that we can contact you about future events in and around Kozhikode.

FSF Events: Richard Stallman - "Computing, Freedom and Privacy" (Kochi, India)

Friday 28th of December 2018 01:13:29 PM
The way digital technology is developing, it threatens our freedom, within our computers and in the internet. What are the threats? What must we change?

Richard Stallman will be speaking at the Kochi-Muziris Biennale 2018 (2018-12-12–2019-03-29). His speech will be nontechnical, admission is gratis, and the public is encouraged to attend.

Location: Biennale Pavilion, Cabral Yard, Fort Kochi, Kochi, Kerala, India

Please fill out our contact form, so that we can contact you about future events in and around Kochi.

FSF Events: Richard Stallman to speak in Bozeman, MT, USA

Friday 28th of December 2018 11:45:49 AM

This speech by Richard Stallman will be part of the University of Montana's Math and Computer Science Seminar series. It will be nontechnical, admission is gratis, and the public is encouraged to attend.

Speech topic and start time to be determined.

Location: room number to be determined, University of Montana, Bozeman, Montana, United States of America

Please fill out our contact form, so that we can contact you about future events in and around Bozeman.

FSF Events: Richard Stallman - "A Free Digital Society" (New Delhi, India)

Thursday 27th of December 2018 06:50:00 PM
There are many threats to freedom in the digital society. They include massive surveillance, censorship, digital handcuffs, nonfree software that controls users, and the War on Sharing. Other threats come from use of web services. Finally, we have no positive right to do anything in the Internet; every activity is precarious, and can continue only as long as companies are willing to cooperate with it.

This speech by Richard Stallman will be nontechnical, admission is gratis, and the public is encouraged to attend.

Location: room 229, School of International Studies II, Jawaharlal Nehru University (JNU), New Delhi, India

Please fill out our contact form, so that we can contact you about future events in and around New Delhi.

FSF Blogs: GNU Spotlight with Mike Gerwitz: 21 new GNU releases!

Thursday 27th of December 2018 05:19:55 PM

For announcements of most new GNU releases, subscribe to the info-gnu mailing list: https://lists.gnu.org/mailman/listinfo/info-gnu.

To download: nearly all GNU software is available from https://ftp.gnu.org/gnu/, or preferably one of its mirrors from https://www.gnu.org/prep/ftp.html. You can use the URL https://ftpmirror.gnu.org/ to be automatically redirected to a (hopefully) nearby and up-to-date mirror.

A number of GNU packages, as well as the GNU operating system as a whole, are looking for maintainers and other assistance: please see https://www.gnu.org/server/takeaction.html#unmaint if you'd like to help. The general page on how to help GNU is at https://www.gnu.org/help/help.html.

If you have a working or partly working program that you'd like to offer to the GNU project as a GNU package, see https://www.gnu.org/help/evaluation.html.

As always, please feel free to write to us at maintainers@gnu.org with any GNUish questions or suggestions for future installments.

FSF Blogs: New frontiers in freedom for a new year

Wednesday 26th of December 2018 05:20:18 PM

The beginning of a new year invests us with new hope for the future: while the free software movement has been dealt some harsh blows in 2018, here at the Free Software Foundation (FSF) we have a lot of reasons for optimism as well.

The public is slowly becoming aware that Google, Facebook, Microsoft, Apple, and other purveyors of proprietary software don’t have their best interests at heart, that “smart home” appliances are an unwise buy, and that allowing bulk surveillance in the name of “security” isn’t worth the loss of freedom. The less people outside of the inner circle of tech trust the peddlers of nonfree software and related products, the more open they are to our message; the more the public fights back to defend net neutrality, smash the disastrous EU Copyright Directive Article 13, and demand answers about how social media giants are violating their privacy, the broader our potential audience grows.

In order to create the free world we need, free software must become a "kitchen table" issue. Making that happen is a large part of the FSF’s mission, and it takes the everyday advocacy and hard work of a huge community of supporters to make it possible. It also takes funds for campaigns, software development, and more -- freedom isn’t always gratis, unfortunately. So we’re making one last push to ask you to help us start 2019 in a position of strength.

Our members provide the most crucial building blocks for our movement, and member dues fuel the infrastructure of the FSF and the GNU Project, keep the GNU Press churning out important free software documentation and cool T-shirts, enables the enforcement of copyleft licenses, and so much more. We urge you to start off your new year by becoming a new member of the FSF. Benefits of FSF membership include a 20% discount on FSF merchandise, gratis entrance to the yearly LibrePlanet conference, and more -- plus, as a thank-you gift, we’re sending all new and renewing associate members a fun set of exclusive enamel pins! We're just shy of our goal of 400 new members in this fundraiser period, and with your help, we'll start off 2019 ready to launch software freedom to new frontiers.

In the meantime, the FSF is bigger and better than ever, and more equipped to do the work you count on us to do: standing up against companies, governments, and programs that abuse your computing freedom, and expanding your ability to replace nonfree programs with free software that meets all of your computing needs. Keep an eye on our blogs, our news page, and our GNU Social, Diaspora, and Twitter accounts for the latest news. With your help, we can make this the best year for free software yet.

FSF Blogs: Some losses from 2018

Monday 24th of December 2018 09:28:38 PM

When I look back on 2018, of course I see successes for user freedom across the world: the appeal in Christoph Hellwig's GPL compliance case against VMWare is moving forward; Google employees are rallying against Dragonfly, the authoritarian search engine being built for the Chinese government; the Free Software Foundation's (FSF) home state of Massachusetts is taking steps for the Right to Repair; and people all over the world shared their tips and tricks to leading safer digital lives -- just to name a few! It's hard not to be impressed and inspired by everything the free software -- and greater digital rights -- community has done so much over the past year.

But the work we need to do for freedom is far from over. I want to highlight just a few of the (many) losses from 2018. I think these make it clear why the work of organizations like the FSF is so important. The FSF sets a hard line for freedom -- uncompromising in our ideology and bringing it to everything we do. I look at this list and am reminded why the FSF exists, why we need to keep fighting, and why we can only succeed by rallying as a community.

Project Dragonfly

Dragonfly, mentioned above, is a censored search engine Google is likely building for use in China. It is a travesty for the future of software freedom in China. It is explicitly designed to allow censorship of the Web and Web access.

Project Dragonfly was "effectively ended" in mid-December, after five months of hard efforts by Google staff, journalists, and activists around the world. This is a great success, and should be celebrated, but Dragonfly never should have existed in the first place. We have no doubt that someone will try this again, with or without Google.

What does this mean for free software? Projects like Dragonfly allow greater targeting of tools used to create, maintain, share, and use free software. We know from experience that the Chinese government will use this power to block access to important free software, especially in the categories of cryptography and security. It is possible that users would not even be able to learn about free software.

On the note of censorship...

The European Copyright Directive and Censorship Machines

Activists and activist organizations in the European Union use the term "Censorship Machines" for the upload filters the European Copyright Directive will require sites to install. These attempts to "prevent copyright infringement" only serve to stifle creativity and software freedom. You can read more at juliareda.eu.

While a first round of voting saw the proposed Copyright Directive rejected, it later passed onto next steps, bringing us closer to a more controlled, more dystopian Internet and Web.

What does this mean for free software? One of the themes from 2018 is greater government and corporate control over what we can access on the Web and how we interact with the Internet. According to the Free Software Foundation Europe, Article 13 "imposes preventive blocking of online code repositories."

Net neutrality, the FCC, and the ongoing battle for freedom on the Net

The Federal Communications Commission (FCC) voted to gut net neutrality protections in the United States. In the US, Title II is a provision that treated Internet Service Providers (ISPs) as "common carriers," or organizations that are required to provide "general service to the public without discrimination." This is the closest thing the US had to providing net neutrality.

In 2018, the US Congress created a discharge petition to overturn the FCC's ruling. As of writing this, the House of Representatives is waiting to vote on the petition.

What does this mean for free software? This is a twist on how Article 13 affects us, with the government allowing corporate control over what we see and do on the Internet. With net neutrality protections gone, ISPs can (and will) throttle access to Web sites and users that aren't able to pay extra fees. This will impact smaller Web sites, including code sharing sites and other tools we use to build and share free software. It will give major DRM-ed Web sites a privileged status, as they will be the ones able to pay extra fees, and they already have good relationships with the ISPs.

Oracle, Inc. v. Google, Inc.

In the words of Parker Higgins, "you wouldn't reimplement an API." The US Federal Circuit agrees.

The Oracle v. Google case concerning the copyright of Java APIs, originally from 2010, continues to this day. After years of back and forth, 2016 brought good news: a jury found Google’s reimplementation of Oracle’s Java APIs to be fair use and therefore acceptable. However, Oracle appealed, and this year the Federal Circuit ruled in favor of Oracle, finding Google’s use of the Java APIs to be copyright infringement.

Read the FSF's 2012 and 2014 statements on the matter.

What does this mean for free software? This ruling is a big loss for interoperability in software. With the recent results of this case, and the potential for large penalties due to copyright infringement, developing free software through API compatibility could become a legally risky activity. This ruling could fundamentally alter the standard software practice of interoperability through APIs.

Licensing and the Commons Clause

I'd be remiss to not mention one of the most contentious licensing debates in recent history: the Commons Clause.

The Commons Clause isn't a license per se, but something to add to a pre-existing license. Released towards the end of 2018 by Redis, the misleadingly named Commons Clause is a non-commercial use clause, and using it renders a previously free license nonfree.

What does this mean for free software? This is a risk to user freedom, as it makes a free license into a nonfree one. It does not guarantee the four freedoms of free software, and it does not respect user (or developer) rights. Not only does the Commons Clause set a precedent that a free license can be contorted into a nonfree one, it could potentially confuse people looking to use free software.

In summary...

These are just a few of the setbacks software freedom took in 2018. Each one reminds me why I do what I do at the FSF every day -- stand up for user rights by standing up for software freedom. I hope you'll look at this list and not feel despondent. Instead, I ask you to look at it as a to-do list for 2019 -- seeing where and how we can do better, what controversies are on the horizon, and how we can keep working together for a freer world. If you want to support the work of the FSF in 2019, please consider becoming a member.

I started this by mentioning a few of the successes we saw in 2018. These aren't the only ones! Read more about the small victories of 2018 here.

FSF Blogs: Small victories matter: the year in free software

Monday 24th of December 2018 08:41:24 PM

At a brief glance, 2018 might seem like a big old bummer when it comes to the fight for software freedom: the Federal Communications Commission (FCC) voted to dismantle net neutrality regulations, Facebook continued to abuse public trust, and the European Union passed the disastrous Article 13, which threatens free speech and free software. Plus, smartphones and other computers are thoroughly infested with spyware, Digital Restrictions Management (DRM), and other creepy crawlies, and we don’t even have to tell you how sinister the Internet of Things is -- don’t invite Alexa, Echo, Google Home, Nest, or any of those other invaders into your house!

The wins for 2018 haven’t made headlines in the same way as all of these items, but they reflect some important trends: greater public awareness of the importance of controlling the technology we use, and greater awareness of how to fight back. The Free Software Foundation (FSF) works hard every day for wins like these, and in this article, we're sharing some of the progress the digital rights community has made.

Major donations

As you may have already heard, the FSF received two wonderful, enormous monetary gifts this year: 91.45 Bitcoin (valued at $1 million) from the Pineapple Fund, and another $1 million from Handshake. We weren’t alone in this windfall: other great organizations who got big donations included Software Freedom Conservancy, the Internet Archive, and the Electronic Frontier Foundation (EFF).

This influx of funds don’t just keep the lights on and improve our ability to communicate the importance of free software: they expand what we can actually do to bring more free software into existence, improve the free software that exists, and support the development of free software that replaces proprietary software that people depend on every day. The Handshake donation, in particular, includes funds earmarked for GNU Guix and GuixSD, GNU Octave, the GNU Toolchain, the fight against nonfree JavaScript, and Replicant, the fully free mobile operating system based on Android.

This doesn't mean that everyday members and donors are any less important: we can't count on huge windfalls every year, and the steady support provided by associate members is priceless for our stability. Thousands of people who care about software freedom donate less than $200 a year on average to support the work we do, so every individual at any amount makes an important contribution. If you're not a member already, we encourage you to join today, and if you're already a member, tell your friends why they should join too!

Microsoft joins the Open Invention Network

Just to be clear, Microsoft has a very long way to go to earn the free software movement's trust. However, we were pleased to hear that they’re starting to pay some attention to our calls to cease their use of computational idea patents to aggressively intimidate free software developers, distributors, and users. The announcement that they’ve joined both the LOT Network and the Open Invention Network (OIN) was an excellent first step -- but not one we’re going to settle for, either. You can read the rest of our statement here.

LibreJS: GNU and improved

As we pointed out in the Fall 2018 Free Software Bulletin, JavaScript is almost impossible to escape on the Internet, and when you open a page with JavaScript on it, it will run automatically. Nonfree JavaScript includes many of the standard abuses that come with proprietary software: for instance, it can be used to identify and profile you. A JavaScript blocker allows you to browse the Web without nonfree JavaScript running willy-nilly in the background and doing who knows what without your permission, so we’ve made GNU LibreJS a high priority. The new version of LibreJS, funded by the FSF, loads pages faster, does not require a browser restart to enable and disable the plugin, and is compatible with WebExtensions, and thus newer Mozilla-based browsers, including Abrowser and a future version of IceCat.

Of course, there’s way more to do before we can call the issue of proprietary JavaScript solved: for instance, you lose a lot of Web functionality if you block JavaScript, and some sites don't even work at all, so we need to get Web site owners to stop using nonfree JavaScript, period. Check out the Bulletin article for some more ways to take action on this issue!

ActivityPub becomes a W3C recommended standard

While we do not recommend the World Wide Web Consortium (W3C) as a place to do standards work since they sold out to proprietary corporate interests and betrayed your freedom by adopting the Encrypted Media Extensions standard for Digital Restriction Management (DRM), it’s nevertheless cause for celebration that the group of community experts working on the standard brought their work to the completion, leading to the W3C recommending ActivityPub this past January.

ActivityPub is a protocol for building decentralized social networking applications. Decentralized free software social networks are becoming increasingly popular, and we maintain accounts on GNU social and Diaspora, but most of these networks can’t talk to each other, keeping them from having the popular reach of, say, Twitter. ActivityPub “gives applications a shared vocabulary that they can use to communicate with each other,” enabling users of a social network that implements ActivityPub to communicate beyond the individual instance of, say, Mastodon. It connects multiple social networks to create one monster, federated network, sans the abuses of Facebook, Instagram, or Twitter. This is a terrific first step to freeing users from the proprietary software requirements and SaaSS functions of commonly used social media, and we hope to see more exciting developments soon.

Slow but positive progress on DRM

The Digital Millennium Copyright Act (DMCA) creates legal penalties for trying to break the DRM on the products you own -- a major violation of your user freedom. The process of applying for exemptions is a Kafkaesque mess, but many of the exemptions we supported were granted in the latest round, which will at least stop some malicious prosecution while we work to abolish the restrictions entirely. For instance, the rules for permitting researchers to access the software on devices have been loosened, so that researchers who are just trying to determine how badly a product violates your privacy won’t be risking DMCA charges.

In the meantime, while DRM is imposed in items from baby monitors to medical devices, some clever and brave hackers and developers have discovered roundabout ways to seize control of these items. In the case of the Sleepyhead software program, which lets the users of continuous positive airway pressure (CPAP) machines access the data the machine generates in order to improve their results, these efforts may even be saving lives, and we’re always glad when a news story breaks that brings more attention to the injustice and insanity of outlawing this kind of extremely beneficial tinkering.

Tech workers get active

No matter how brilliant the people at the reins of a tech company are, it takes thousands of other people’s work and ingenuity to create the products, services, and software we use every day -- which means that if tech workers were to, say, refuse to build nonfree software, our battle would be won. They aren’t taking this particular stand in large numbers just yet, but tech workers are developing a habit lately of taking stands on other matters: for instance, Google employees demanded answers about the company’s plan to build "Dragonfly," a censored version of their search engine for China (followed by a demand to cancel the initiative, signed by 14 human rights organizations). Between public outrage and threats of a strike, Google backed down, and the Dragonfly project is now "effectively ended."

We find it heartening to see the people who build software exercising their conscience and refusing to be responsible for evil software, and we encourage you to stand up against all software that controls you, including what you’re allowed to see, say, and download. Along with activism for net neutrality, against DRM, against Article 13 in Europe, and for the right to repair, it can only be a positive thing when the community demands more control over technology, and we hope that this activist energy will translate into more wins for free software as well.

In the meantime, here at the FSF, we'll be making sure you hear about every opportunity to stand up against companies, governments, and programs that abuse your computing freedom, and letting you know what free software options exist to serve your computing needs. Although the outlook may look grim on the surface, lots of important and hopeful trends are bubbling beneath the surface, and we can't wait to see what happens next. Keep an eye on these blogs, our news page, and our GNU social, Diaspora, and Twitter accounts for the latest news!

parallel @ Savannah: GNU Parallel 20181222 ('Jacob Sparre') released

Saturday 22nd of December 2018 03:47:31 PM

GNU Parallel 20181222 ('Jacob Sparre') has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/

Quote of the month:

GNU parallel is a seriously powerful flexible and tool.
-- Greg Hurrell @wincent

New in this release:

  • Better /proc/cpuinfo parser.
  • Simpler job scheduling flow.
  • Bug fixes and man page updates.

Get the book: GNU Parallel 2018 http://www.lulu.com/shop/ole-tange/gnu-parallel-2018/paperback/product-23558902.html

GNU Parallel - For people who live life in the parallel lane.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with:
(wget -O - pi.dk/3 || curl pi.dk/3/ || fetch -o - http://pi.dk/3) | bash

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
  • Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference

If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

GNU Guix: Reproducible Builds Summit, 4th edition

Friday 21st of December 2018 10:30:00 AM

As it has become tradition, a sizeable delegation of Guix developers attended this year's Reproducible Builds Summit in Paris a little over one week ago. In the Mozilla offices around 50 people representing dozens of free software projects (and also Microsoft) got ready to share ideas and work together on reproducibility problems for three days. As the agenda unfolded we would split up into small groups, each focusing on a different issue. This blog post is an attempt to share impressions from some of these group sessions.

Opam

Opam is the OCaml package manager, and a number of sessions were dedicated to addressing reproducibility problems that affect Opam, such as the lack of accounting for common system packages. One of the outcomes of the session is a script to catch common sources of non-determinism, which should improve the quality of OCaml packages in general, including those that are available through Guix.

Some very productive hack session resulted in a new Guix package importer for Opam packages and various fixes for the Opam package in Guix. The Opam website now also includes instructions on how to install Opam with Guix.

“User stories”

The “user stories” session focused on a couple of questions: How can we put reproducible builds into the hands of users? How do they benefit from it? This has been an on-going theme in Reproducible Builds Summits. We shared ideas about this before: users should be able to choose their provider of package binaries, it should be easy for them to (re)build packages locally, and it should be easy for them to challenge servers that publish binaries. Guix satisfies these requirements but could probably go further. These and other ideas were explored. In particular it was interesting to see several distros work on setting up rebuilders that would allow them to have more diversity and thus more confidence in the binaries that they ship.

Distributing packages over IPFS

Developers of IPFS offered a session on package distribution over IPFS. IPFS implements peer-to-peer unencrypted data storage; there are privacy and censorship-resistance issues that it leaves unaddressed, but its efficiency and convenience are appealing for the distribution of package binaries. An IPFS package landed in Guix right in time for the summit, which allowed us to play with it. Together with fellow Nix hackers, we sketched an incremental path towards IPFS integration in Guix and Nix. We hope to be able to deliver a first implementation of that in Guix soon—stay tuned!

Java and other JVM languages

The Java reproducibility working group discussed what was needed to reproduce builds of Java packages. We focused mainly on reproducing builds with Maven and realized that differences in vocabulary affect our goals. For instance, Maven developers don't consider plugins to be dependencies for the build, while in the context of Guix anything contributing to the build is declared as an input. Our interactions with other projects throughout the summit has led to similar revelations and contributed to improved mutual understanding.

In Guix we have packages for two more JVM languages other than Java itself: Groovy and Clojure. Other JVM languages, such as Scala and Kotlin (both dependencies of Gradle), however, come with additional challenges. The Scala compiler, for example, is written in Scala, and although there are other implementations of the compiler, they are also written in Scala. Julien started writing a bootstrap compiler for Scala in Java, which is already able to produce an AST for Scala files and produce JVM bytecode. In cases like this where it is not feasible to retrace historic steps to bootstrap a language, writing a new compiler implementation may surprisingly be the most reasonable thing to do.

Bootstrapping

We were excited to see increased interest in bootstrapping, which may have been sparked by recent major successes in the early Scheme/C bootstrap for GNU+Linux systems. While a few of us successfully hunted down a confusing miscompilation bug, parts of the early C bootstrap were ported to Nix, demonstrating that the bootstrapping work that started in the context of Guix can benefit other GNU+Linux distributions with minor adaptations.

With the addition of Gash as a Bash and GNU coreutils replacement on the horizon, we are looking forward to another dramatic reduction of the "binary seed" used to bootstrap the GNU system --- first via Guix and hopefully for other free software system distributions in the future.

Thanks!

We would like to thank the organizers who helped make the Reproducible Build Summit a productive, enjoyable and friendly workshop: Beatrice and Gunner of Aspiration, Holger, Nicolas, Vagrant, Chris and Mattia.

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686, x86_64, ARMv7, and AArch64 machines. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and aarch64.

sed @ Savannah: sed-4.7 released [stable]

Friday 21st of December 2018 06:14:11 AM
Here's a snap release to fix a regression introduced in sed-4.6. See the NEWS below for details: Here are the compressed sources and a GPG detached signature[*]: http://ftp.gnu.org/gnu/sed/sed-4.7.tar.xz http://ftp.gnu.org/gnu/sed/sed-4.7.tar.xz.sig Use a mirror for higher download bandwidth: https://ftpmirror.gnu.org/sed/sed-4.7.tar.xz https://ftpmirror.gnu.org/sed/sed-4.7.tar.xz.sig [*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify sed-4.7.tar.xz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.gnupg.net --recv-keys 7FD9FCCB000BEEEE and rerun the 'gpg --verify' command. This release was bootstrapped with the following tools: Autoconf 2.69.197-b8fd7 Automake 1.16a Gnulib v0.1-2302-g5d6a3cdd5 NEWS * Noteworthy changes in release 4.7 (2018-12-20) [stable] ** Bug fixes Some uses of \b in the C locale and with the DFA matcher would fail, e.g., the following would mistakenly print "123-x" instead of "123": echo 123-x|LC_ALL=C sed 's/.\bx//' Using a multibyte locale or certain regexp constructs (some ranges, backreferences) would avoid the bug. [bug introduced in sed 4.6]

grep @ Savannah: grep-3.3 released [stable]

Friday 21st of December 2018 04:51:38 AM
Here's a snap release to fix a regression introduced in grep-3.2. See the NEWS below for details: Here are the compressed sources and a GPG detached signature[*]: https://ftp.gnu.org/gnu/grep/grep-3.3.tar.xz https://ftp.gnu.org/gnu/grep/grep-3.3.tar.xz.sig Use a mirror for higher download bandwidth: https://ftpmirror.gnu.org/grep/grep-3.3.tar.xz https://ftpmirror.gnu.org/grep/grep-3.3.tar.xz.sig [*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify grep-3.3.tar.xz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.gnupg.net --recv-keys 7FD9FCCB000BEEEE and rerun the 'gpg --verify' command. This release was bootstrapped with the following tools: Autoconf 2.69.197-b8fd7 Automake 1.16a Gnulib v0.1-2302-g5d6a3cdd5 NEWS * Noteworthy changes in release 3.3 (2018-12-20) [stable] ** Bug fixes Some uses of \b in the C locale and with the DFA matcher would fail, e.g., the following would print nothing (it should print the input line): echo 123-x|LC_ALL=C grep '.\bx' Using a multibyte locale, using certain regexp constructs (some ranges, backreferences), or forcing use of the PCRE matcher via --perl-regexp (-P) would avoid the bug. [bug introduced in grep 3.2]

More in Tux Machines

Android Leftovers

Programming: Flask, Agile, Rust and Python

  • How to build an API for a machine learning model in 5 minutes using Flask
    As a data scientist consultant, I want to make impact with my machine learning models. However, this is easier said than done. When starting a new project, it starts with playing around with the data in a Jupyter notebook. Once you’ve got a full understanding of what data you’re dealing with and have aligned with the client on what steps to take, one of the outcomes can be to create a predictive model. You get excited and go back to your notebook to make the best model possible. The model and the results are presented and everyone is happy. The client wants to run the model in their infrastructure to test if they can really create the expected impact. Also, when people can use the model, you get the input necessary to improve it step by step. But how can we quickly do this, given that the client has some complicated infrastructure that you might not be familiar with?
  • What is Small Scale Scrum?
    Agile is fast becoming a mainstream way industries act, behave, and work as they look to improve efficiency, minimize costs, and empower staff. Most software developers naturally think, act, and work this way, and alignment towards agile software methodologies has gathered pace in recent years. VersionOne’s 2018 State of Agile report shows that scrum and its variants remain the most popular implementation of agile. This is in part due to changes made to the Scrum Guide’s wording in recent years that make it more amenable to non-software industries.
  • This Week in Rust 269
  • Async IO in Python: A Complete Walkthrough
    Async IO is a concurrent programming design that has received dedicated support in Python, evolving rapidly from Python 3.4 through 3.7, and probably beyond. You may be thinking with dread, “Concurrency, parallelism, threading, multiprocessing. That’s a lot to grasp already. Where does async IO fit in?” This tutorial is built to help you answer that question, giving you a firmer grasp of Python’s approach to async IO.

Security: Updates, Reproducible Builds and More

  • Security updates for Wednesday
  • Reproducible Builds: Weekly report #194
    Here’s what happened in the Reproducible Builds effort between Sunday January 6 and Saturday January 12 2019...
  • ES File Explorer Has A Hidden Web Server; Data Of 500 Million Users At Risk
  • The Evil-Twin Framework: A tool for testing WiFi security
    The increasing number of devices that connect over-the-air to the internet over-the-air and the wide availability of WiFi access points provide many opportunities for attackers to exploit users. By tricking users to connect to rogue access points, hackers gain full control over the users' network connection, which allows them to sniff and alter traffic, redirect users to malicious sites, and launch other attacks over the network.. To protect users and teach them to avoid risky online behaviors, security auditors and researchers must evaluate users' security practices and understand the reasons they connect to WiFi access points without being confident they are safe. There are a significant number of tools that can conduct WiFi audits, but no single tool can test the many different attack scenarios and none of the tools integrate well with one another. The Evil-Twin Framework (ETF) aims to fix these problems in the WiFi auditing process by enabling auditors to examine multiple scenarios and integrate multiple tools. This article describes the framework and its functionalities, then provides some examples to show how it can be used.
  • KDE Plasma5 – Jan ’19 release for Slackware
    Here is your monthly refresh for the best Desktop Environment you will find for Linux. I just uploaded “KDE-5_19.01” to the ‘ktown‘ repository. As always, these packages are meant to be installed on a Slackware-current which has had its KDE4 removed first. These packages will not work on Slackware 14.2. It looks like Slackware is not going to be blessed with Plasma5 any time soon, so I will no longer put an artificial limitation on the dependencies I think are required for a solid Plasma5 desktop experience. If Pat ever decides that Plasma5 has a place in the Slackware distro, he will have to make a judgement call on what KDE functionality can stay and what needs to go.

MongoDB "open-source" Server Side Public License rejected

MongoDB is open-source document NoSQL database with a problem. While very popular, cloud companies, such as Amazon Web Services (AWS), IBM Cloud, Scalegrid, and ObjectRocket has profited from it by offering it as a service while MongoDB Inc. hasn't been able to monetize it to the same degree. MongoDB's answer? Relicense the program under its new Server Side Public License (SSPL). Open-source powerhouse Red Hat's reaction? Drop MongoDB from Red Hat Enterprise Linux (RHEL) 8. Red Hat's Technical and Community Outreach Program Manager Tom Callaway explained, in a note stating MongoDB is being removed from Fedora Linux, that "It is the belief of Fedora that the SSPL is intentionally crafted to be aggressively discriminatory towards a specific class of users." Debian Linux had already dropped MongoDB from its distribution. Read more