• Reproducible Builds: Weekly report #185

• D-Link’s Central Wifi-Manager Seems To Be Vulnerable To Privilege Escalation Attacks Through Trojan File

  D-Link’s Central Wifi-Manager is quite a nifty tool. It’s a web-based wireless Access Point management tool, enabling you to create and manage multi-site, multi-tenancy wireless networks. Whether deployed on local computer or hosted in the cloud. But it seems there might have been a security issue with the software.

• Kaspersky starts processing threat data in Europe as part of trust reboot

• Capsicum

  I spent a couple of years evangelizing about Capsicum. I wrote many articles about it. So, it is very natural that I would also like to update you on this blog about the progress of the Capsicum project in FreeBSD, because this is what I’m doing in my free time. That said I feel that this blog wouldn’t be completed without some introduction to what Capsicum is. This post should fill this gap. Over the next weeks and months we will extend this topic and discuss different parts of Capsicum. Without further introduction let’s jump into the topic

• Elisa in FreeBSD

  Elisa (product page, release announcements blog) is a music player designer for excellent integration into the KDE Plasma desktop (but of course it runs everywhere, including some non-Free platforms). I had used it a few times, but had not gotten around to packaging it. So today I threw together a FreeBSD port of Elisa, and you’ll be able to install it from official packages whenever the package cluster gets around to it.

Void also comes in musl C flavors, which use the musl C library, a lightweight alternative to the popular glibc library.

Did you know you can run Void in the cloud? We provide ready to upload images for Google Cloud Platform that are compatible with the always free tier! You can also easily build images for other cloud providers from our ready to run x64 tarballs.

Our rootfs tarballs can also be used anywhere you want a Void Linux chroot and are available for all architectures we currently compile for.

You can find all images and rootfs tarballs at https://alpha.de.repo.voidlinux.org/live/current, or in the /live/current directory on any mirror near you.

• What does IBM's Red Hat purchase mean for the data center?

  RedHat was one of the first big open source businesses. It’s grown over the years to encompass more than Linux, building out a complete developer stack that stretches from IoT to hyperscale clouds. It’s a reach that goes well beyond IBM’s, but at a very different, much smaller scale. Where IBM has been a one-stop shop for all your data center needs, RedHat has been a company that’s relied on partnerships and on industry collaboration.

• Could Red Hat deal be a 'distraction' for IBM? Unisys CEO hopes so

• Red Hat Accelerates Back Office Processes and Unifies Global Workforce with FinancialForce

  FinancialForce, a leading customer-centric ERP and Professional Services Automation (PSA) cloud solution native to the Salesforce Platform, announced that Red Hat, the world’s leading provider of open source solutions, is successfully unifying its global workforce and accelerating back-office processes with FinancialForce PSA.

• DLT Awarded Coveted 2018 Red Hat Public Sector Partner of the Year Award

• Total Chaos Doom II Mod Now Available On Flathub

  Total Chaos, a Doom II mod that runs on the GZDoom source port, is now available for easy Linux installation from FlatHub.

  Flathub is an app store and build service for Linux that distributes applications as Flatpak packages, which allows them to run on almost any Linux distribution.

  After nearly a decade of development, the open world survival horror mod was officially released two weeks ago, and it includes 6 chapters set on a remote island known as Fort Oasis. The Total Chaos mod introduces many new graphical features, including 3D models and high resolution textures.

• On Heels of IBM Deal, Red Hat Boosts Community Linux With Fedora 29

• ARMv8.5 Support Lands In GCC Compiler With Latest Spectre Protection

  Landing just in time with the GCC 9 branching being imminent is ARMv8.5-A support in the GNU Compiler Collection's ARM64/AArch64 back-end.

  This ARMv8.5-A support is an incremental upgrade over the existing ARMv8 support. The ARMv8.5 additions are similar to what we already saw land for LLVM / Clang.

• Comparing The Quality Of Debug Information Produced By Clang And Gcc

  I've had an intuition that clang produces generally worse debuginfo than gcc for optimized C++ code. It seems that clang builds have more variables "optimized out" — i.e. when stopped inside a function where a variable is in scope, the compiler's generated debuginfo does not describe the value of the variable. This makes debuggers less effective, so I've attempted some qualitative analysis of the issue.

  I chose to measure, for each parameter and local variable, the range of instruction bytes within its function over which the debuginfo can produce a value for this variable, and also the range of instruction bytes over which the debuginfo says the variable is in scope (i.e. the number of instruction bytes in the enclosing lexical block or function). I add those up over all variables, and compute the ratio of variable-defined-bytes to variable-in-scope-bytes. The higher this "definition coverage" ratio, the better.

• Quo vadis, Perl?

  By losing the sight of the strategies in play, I feel the discussion degenerated very early in personal accusations that certainly leave scars while not resulting in even a hint of progress. We are not unique in this situation, see the recent example of the toll it took on Guido van Rossum. I can only sympathize with Larry is feeling these days.

• Track Prices and Send One-Step Email Links With Firefox’s New Test Pilot Experiments

  Firefox Test Pilot is Mozilla’s way to test out interesting new features. Some of these features see the light of the day, and others just vanish into thin air. However, that doesn’t stop the Firefox Pilot team from experimenting with browser.

  Today, Firefox announced two new such experiments — namely Price Wise and Email Tabs. Both are ridiculously useful for a user who would like to crack tedious work in mere seconds.

• Shop intelligently with Price Wise

  Tell Price Wise to keep an eye on a product, and it’s added to your watch list.
  Price Wise will automatically monitor the prices of products on your watch list. When they drop, we’ll let you know:

  When the price drops, Price Wise alerts you with a colorful heads-up.
  Price checks are done locally, so your shopping data never leaves Firefox. We’re particularly excited about that; Price Wise is the first Firefox feature designed around Fathom, a toolkit for understanding the content of webpages you browse.
  Existing software like this works by tracking you across the web, and it’s often run by advertisers and social networks seeking to learn more about you. Your browser can do these checks for you, while making sure the gathered information never leaves your computer. We know it’s possible to deliver great utility while protecting your privacy, and want you to get a great deal without getting a raw deal.

• Mozilla Reps Community: New Council Members – Fall 2018 Elections

  We are very happy to announce that our 2 new Council members Monica Bonilla and Yofie Setiawan are fully on-boarded and already working moving the Mozilla Reps program forward. A warm welcome from all of us. We we are very excited to have you and can’t wait to build the program together.

• Stay classy: Amazon's Jassy gets sassy with Larry

  Amazon’s consumer business has switched off its Oracle data warehouse and will be almost Big Red-free by Christmas – at least according to AWS boss Andy Jassy.

  The claims – made over Twitter, so it must be true – were then doubled down on by Amazon CTO Werner Vogels, who said that the database was one of the largest in the world, adding “RIP”.

  It’s the latest in a long-running war of words between the rival tech giants that normally sees Oracle CTO Larry Ellison smack-talking the online marketplace-cum-cloud vendor.

• U.S Supercomputers Lead Top500 Performance Ranking

  The IBM POWER9 based Summit system has retained its crown that it first achieved in the June 2018 ranking. Summit is installed at the U.S. Department of Energy's Oak Ridge National Laboratory and now has performance of 143.5 petaflops per second, up from the 122.3 petaflops the system had when it first came online.

  [...]

  Though China doesn't hold the top spot on the list, it now has more supercomputers than any other other nation with 227. In contrast, there are now only 109 systems on the Top500 list that are located in the U.S., which is an all-time low.

  That said, thanks to the enormous power of Summit and Sierra at the top, the U.S. is home to 38 percent of the total aggregate supercomputing power on the top500 list, while China's systems account for 31 percent.

• Introducing Red Hat virtual central office solution: An open pathway to modern telecommunications services

  Digital transformation and technology modernization aren’t trends that are limited just to the enterprise world. Behind the walls of proprietary stacks, many telecommunications service providers also want to use open innovation to evolve their infrastructure and services in an agile, flexible fashion. But these closed stacks are a problem and one that extends from the core datacenter all the way to the central offices.

  Central offices are the local “hubs” of many telecommunications networks, often handling “last-mile” operations like telephone switching, copper, and optical terminations. These operations lean on purpose-built equipment that can be rigid and complex. Coupled with a lack of open standards, these devices can struggle to interact with each other, making the life of operations teams in central offices harder, especially in the face of demand for modern services expected from 5G. These differentiated services increasingly require virtualized environments and computing power at the network edge, leading to substantial demand for resources, flexibility and operational simplicity.

• Jesień Linuksowa 2018

  Last weekend I participated in the conference Jesień Linuksowa 2018 in Krakow, Poland. It was my first time in a country with so much tragic historical experiences.

  On the hand, I was impressed by the community members and the organization of the event. We celebrated another edition of Linux Autumn in the hotel Gwarek and my post-event wrap up will take into consideration seven basic points:

  Organizers

  This time I was accompanied by my friend Ana Garcia, who is a student at the University of Edinburgh and the members of the organization were supportive and kind all the time with us. We felt a warm environment since we arrive at night in the middle of the fog at midnight. They helped us with our talks and workshops we offer related to parallelization.

  We meet new friends! Thanks to Dominik, Rafal, Filip, Linter and Matej from Red Hat.

• Sustain OSS 2018: quick rewind

  This year, I attended the second edition of the Sustain Open Source Summit (a.k.a. Sustain OSS) on October 25th, 2018 in London. Sustain OSS is a one-day discussion on various topics about sustainability in open source ecosystems. It’s also a collection of diverse roles across the world of open source. From small project maintainers to open source program managers at the largest tech companies in the world, designers to government employees, there is a mix of backgrounds in the room. Yet there is a shared context around the most systemic problems faced by open source projects, communities, and people around the world.

  The shared context is the most valuable piece of the conference. As a first-time attendee, I was blown away by the depth and range of topics covered by attendees. This blog post covers a narrow perspective of Sustain OSS through the sessions I participated and co-facilitated in.

• A Review of Hacktoberfest Year 5!

• Hacktoberfest Celebrates 5th Anniversary

  Five years ago the community team at DigitalOcean wanted to create a program to inspire open source contributions. That first year, in 2014, the first Hacktoberfest participants were asked for 50 commits, and those who completed the challenge received a reward of swag. 676 people signed up and 505 forged ahead to the finish line, earning stickers and a custom limited-edition T-shirt.

  This year that number is an astounding 46,088 completions out of 106,582 sign-ups. We’ve seen it become an entry point to developers contributing to open source projects: much more than a program, it’s clear that Hacktoberfest has become a global community movement with a shared set of values and passion for giving back.

The latest feature on deck for the long overdue Xfce 4.14 desktop update is support for the RandR primary display/output functionality.

The X11 Resize and Rotate (RandR) protocol has long had baked into it the concept of a primary output/display, which is intended to be where the desktop panel(s), icons, notifications and other central functionality of the desktop would reside. Basically, of a multi-monitor configuration, the display head that is most important for your workflow.

• Project Hospital is a more serious hospital building game out with Linux support

  For those who found Two Point Hospital a little too cute and lacking in depth, Project Hospital might be what the doctor ordered.

  Don't get me wrong, I like Two Point Hospital quite a lot. However, Project Hospital is an entirely different beast altogether. There's a lot more to learn and you can even be a Doctor yourself. It makes it really quite interesting, although a little of your own patience is needed.

• The Fertile Crescent is an indie RTS in development that looks quite promising

  With a style that resembles the original Age of Empires a little, The Fertile Crescent is an RTS set during the Bronze Age in the Ancient Near East. Currently available for free on itch.

• The excellent theme park sim 'Parkitect' to leave Early Access November 29th with a campaign mode

  I've been waiting on this day for quite some time! Parkitect is a truly great theme park management sim and it's getting set to leave Early Access.

  November 29th is the day and this will also see the game finally get the campaign mode. Sounds like it's going to be pretty interesting too, with 26 scenarios with unique and varied settings that is spread across a world-map with branching paths.

• The open source racer 'SuperTuxKart' is looking for testers to try their new online play

  hey're also now asking for testers.

  There's one caveat though, you will for now need to download and compile it yourself until it's properly released or someone provides it ready made for us. The developers said their next release isn't actually too far off, as they're busy working on a beta/release candidate so hopefully that won't be too long.

  Currently, they have around 20 servers up with various game modes for people to jump in and test and you can also host your own.

• Deadly Days, the strategic zombie survival rogue-lite has changed dramatically, we have keys to give away

  It's been a good few months since I last looked at the Early Access strategic zombie survival rogue-lite called Deadly Days. During this time, it's changed a lot. Note: My own copy was personally purchased.

  Sometime in the future, the fast food chain MKing put some secret addictive additives to their meat. Tasty, sure, but it had a rather devastating affect on the population. It practically shut down the brains of people who ate it and so the apocalypse began.

• Feral Interactive are asking you to send the game port suggestions again

  Feral Interactive, one of the only companies to be porting AAA games to Linux have put out a request for more port suggestions.

• Vulkan 1.1.92 Released, Finally Allows For Chunked HTML Documentation

  Vulkan 1.1.92 is out today to mark the newest specification update to this high-performance graphics/compute API.

  With it just being one week since Vulkan 1.1.91 that brought some new/improved extensions, there isn't any new extensions to find with Vulkan 1.1.92. But there are a number of documentation/specification corrections and clarifications.

• Wayland Protocols 1.17 Brings Explicit Synchronization & Primary Selection

  Jonas Ådahl of Red Hat today released a new version of Wayland-Protocols, the collection of stable and unstable protocols for extending Wayland functionality.

  With the Wayland-Protocols 1.17 release the big new feature is the initial (unstable) version of linux-explicit-synchronization. The Wayland explicit synchronization protocol provides a means of explicit per-surface buffer synchronization. This synchronization protocol is based on Google Chromium's extension (zcr_linux_explicit_synchronization_v1) and lets clients request this explicit synchronization on a per-surface basis. Google, Intel, and Collabora were involved in the formation of this extension.

• The Radeon GCN Backend Is Still Being Worked On For GCC, GCC 9 Deadline Looms

  Back in September Code Sourcery / Mentor Graphics posted their new Radeon GCN port for the GNU Compiler Collection (GCC). Two months later this port is still being worked on but not yet ready for mainline.

  This Radeon GCN back-end for GCC is being done with a focus on GPU computing with eventually a goal of allowing OpenMP / OpenACC offloading to newer AMD GPUs. At this current stage, single-threaded C and Fortran programs can be built for Radeon GPUs with this compiler but the multi-threading API offloading bits are still coming about. This back-end has been focused on Fiji/Tonga support and newer.

• AMDVLK Vulkan Driver Sees Its First Tagged Release

  In the nearly one year that the AMDVLK official Vulkan driver has been open-source there hasn't been any "releases" but rather new code drops on a weekly basis that is pushed out of their internal development repositories. But surprisingly this morning is now a v2018.4.1 release tag for this open-source AMD Vulkan Linux driver.

  The AMDVLK public source repositories have just been perpetual Git while AMD pulls from their internal repositories when building out their official closed-source Windows/Linux Radeon Software driver releases (that also use their closed-source shader compiler currently rather than the open-source AMDGPU LLVM back-end, as used by the public AMDVLK sources). Waking up this morning there is now the first release tag in AMDVLK as v2018.4.1.

• Mesa Drops Support For AMD Zen L3 Thread Pinning, Will Develop New Approach

  It was just a few months back that the Mesa/RadeonSI open-source AMD Linux driver stack received Zen tuning for that CPU microarchitecture's characteristics. But now AMD's Marek Olšák is going back to the drawing board to work on a new approach for Zen tuning.

  Just a few days ago I wrote about another developer wanting to toggle the support around L3 thread pinning as it was found to hurt the RadeonSI Gallium3D performance in at least some Linux games. At that point the goal was to allow making it a DriConf tunable that could then be adjusted a per-game/app basis, but it turns out the gains aren't there to keep it around.

• Mesa Gets Testing Patches For New Zen Optimization Around Thread Pinning

  It was just yesterday that the AMD Zen L3 thread pinning was dropped from Mesa due to that optimization not panning out as intended for benefiting the new AMD processors with the open-source Linux graphics driver stack. Lead Mesa hacker Marek Olšák is already out with a new Zen tuning implementation that may deliver on the original optimization goal.

  The first patch posted by Marek as part of his new tuning effort is to regularly re-pin the driver threads to the core complex (CCX) where the application thread is. Basically, when Mesa is being used without the glthread (OpenGL threading) behavior, keep chasing the application/game thread on the processor so it will be part of the same CCX and share a cache. This chasing is done rather than explicitly pinning the application thread.

• The Shiny New Features Of Mesa 18.3 For Open-Source Intel / Radeon Graphics Drivers

  Being well into the Mesa 18.3 feature freeze and that quarterly update to these open-source OpenGL/Vulkan drivers due out in about two weeks, here is a look at all of the new features and changes you can expect to find with this big update.

• NVIDIA released a new 415.13 beta driver recently for Linux

  One I completely forgot to post about here, NVIDIA recently released the 415.13 beta driver for Linux.

  Released on the 8th of November, it includes a number of interesting fixes, including an issue fixed with WINE where it might crash on recent distribution releases. Nice to see WINE get some focus, since things like this can affect Valve's Steam Play.

• Samsung will bring One UI to Galaxy S8, Note 8

• Samsung's older flagships to get its sleek new One UI Android skin

• Gboard for Android Gets AI-Backed Suggestions for Emoji, GIFs, and Stickers

• Gboard uses AI to suggest GIFs, stickers, and emoji

• Google Contacts v3.2 brings the long-awaited dark mode [APK Download]

• Benefits of rooting your Android phone

• Fairphone's ethical smartphone gets Android 7

• Adoptable storage may be heading to Samsung devices w/ the Android Pie update

In Berlin, at OpenStack Summit, Jonathan Bryce, OpenStack's Executive Director, announced that this would be the last OpenStack Summit and it would be replaced next year by Open Infrastructure Summit. This is more than just a name change. It represents that OpenStack is evolving beyond its Infrastructure-as-a-Service (IaaS) cloud offerings to offering a full range of cloud services.

This isn't a sudden change. OpenStack has been expanding its offerings for some time. As Thierry Carrez, the OpenStack Foundation's VP of engineering wrote, in 2017 OpenStack started "shifting our focus from being solely about the production of the OpenStack software, to more broadly helping organizations embrace open infrastructure: using and combining open source solutions to fill their needs in terms of IT infrastructure."

• How to Install Ansible on Ubuntu and Other Linux Distributions

• How to disable IPv6 on Linux

• How to download and install music player Qmmp on Ubuntu

• How to install Rancher 2 on Ubuntu Server 18.04

• draw honeycomb

• draw mesh

• Install NFS Server and Client on Ubuntu 18.04 LTS

• An introduction to Udev: The Linux subsystem for managing device events

• Add Multiple Trackers to Transmission BitTorrent

• Linux shuf Command Tutorial for Beginners (with Examples)

• Learn How to Install the Latest Eclipse on Ubuntu

We’re pleased to announce the stable release of Qubes 3.2.1! As we previously announced, this is the first and only planned point release for version 3.2. Since no major problems were discovered with 3.2.1-rc1, this stable release is not significantly different from the release candidate.

My university's freshman programming class was taught using VAX assembler. In data structures class, we used Pascal—loaded via diskette on tired, old PCs in the library's computer center. In one upper-level course, I had a professor that loved to show all examples in ADA. I learned a bit of C via playing with various Unix utilities' source code on our Sun workstations. At IBM we used C—and some x86 assembler—for the OS/2 source code, and we heavily used C++'s object-oriented features for a joint project with Apple. I learned shell scripting soon after, starting with csh, but moving to Bash after finding Linux in the mid-'90s. I was thrust into learning m4 (arguably more of a macro-processor than a programming language) while working on the just-in-time (JIT) compiler in IBM's custom JVM code when porting it to Linux in the late '90s.

A working draft of the standard for the next revision of the C programming language, referred to for now as “C2x,” is now available for review.

Most of the changes thus far approved for C2x don’t involve adding new features, but instead clarify and refine how C should behave in different implementations and with regard to its bigger brother C++. The emphasis on refinement is in line with how previous revisions to C—C11 and most recently C17—have unfolded.

• The USPTO and EPO Pretend to Care About Patent Quality by Mingling With the Terms “Patent” and “Quality”
• Yannis Skulikaris Promotes Software Patents at EPOPIC, Defending the Questionable Practice Under António Campinos
• The U.S. Chamber of Commerce is Working for Patent Trolls and Patent Maximalists

• Don't use AirPods with Android

• Easily Change Your Phone's Font Without Tripping SafetyNet

• Samsung's foldable smartphone reportedly arriving in March for a price that'll make your eyes bleed

• Samsung's updated 'One UI' Android skin will come to Galaxy S8, Note 8 devices

• Gboard now suggests GIFs, stickers, and emoji based on your conversation

• Google Play Store has denied Tasker access to Android call and SMS capabilities

• Google Contacts 3.2 adds dark theme, respects system Night mode in Android Pie

• Motorola Moto X4 beta testers are getting an Android Pie soak test

• Xiaomi opens up Android Pie beta program for the Mi A2 Lite

• Developers could test stock Android Q on devices very early

• Turn any photo into a WhatsApp sticker with this free Android app

• You can now initiate manual Android backups to Google Drive

Imagine what the world would look like if growth, innovation, and development were free from fear. Innovation without fear is fostered by consistent, predictable, and fair license enforcement. That is what the GPL Cooperation Commitment aims to accomplish.

Last year, I wrote an article about licensing effects on downstream users of open source software. As I was conducting research for that article, it became apparent that license enforcement is infrequent and often unpredictable. In that article, I offered potential solutions to the need to make open source license enforcement consistent and predictable. However, I only considered "traditional" methods (e.g., through the court system or some form of legislative action) that a law student might consider.