• Reproducible Builds: week 73 in Stretch cycle

  Ximin Luo started a new series of tools called (for now) debrepatch, to make it easier to automate checks that our old patches to Debian packages still apply to newer versions of those packages, and still make these reproducible.

• Linux Top 3: Tails 2.6, Android-x86 6.0 and Deepin 15.3

• Debian-Based Q4OS 2.2.1 "Scorpion" Linux OS Ships with LXQt Alongside Trinity

  Today, September 20, 2016, the Q4OS development team informs Softpedia about the immediate availability of an updated version of their work-in-progress Q4OS 2.0 "Scorpion" GNU/Linux operating system.

  Q4OS 2.2.1 is out now, and it comes as a drop-in replacement for the previous development release, namely Q4OS 2.1.1, bringing all sort of updated components and new technologies based, of course, on the upstream Debian Testing repositories. These include Linux kernel 4.6, Trinity Desktop Environment (TDE) 14.0.4, and GCC 6.

• Get your own $80 private cloud server kit with Nextcloud Box!

  Nextcloud, an open source, self-hosted file sync and share and communication app platform, has teamed up with Canonical and WDLabs to release a Raspberry Pi and Ubuntu Linux powered cloud server called Nextcloud Box for homes and offices.

  According to the company, the Nextcloud Box is a secure, private, self-hosted cloud and Internet of Things (IoT) platform. It makes hosting a personal cloud simple and cost effective whilst maintaining a secure private environment that can be expanded with additional features via apps.

  “It has been a great co-operation with amazingly agile teams at Canonical and WDLabs,” said Frank Karlitschek, Founder and Managing Director, Nextcloud.

• Simple Weather Indicator for Ubuntu Now Has Its Own PPA

  A new version of the 'no frills' weather indicator that I use on my Ubuntu desktop is available to download — and it finally has a PPA.

• Google Maps' shining blue beam guides Android users' travels

• Google's Android search may drop the 'Now on Tap' name

• Stock Android might have a “Restart” option starting with Android 7.1

• Android Banking Trojan First to Gain Root Privileges

• Building businesses out of open-source solutions

  The open-source movement is taking over business software. There are benefits; open source is usually less expensive, it’s easy to add on functionality and there’s a community to draw on. The trick, though, is making a business out of open-source solutions. One such business is Rackspace, Inc., a managed cloud computing company.

  To gain some insight into how open-source business works, Dave Vellante (@dvellante) and Stu Miniman (@stu), cohosts of theCUBE, from the SiliconANGLE Media team, visited the IBM Edge 2016 conference in Las Vegas. There, they sat down with Major Hayden, principal architect at Rackspace, Inc.

• Abigail Cabunoc Mayes: How to Bring Open Source to a Closed Community

  Abigail Cabunoc Mayes, who works for the Mozilla Foundation as the lead developer for open source engagement, recently gave a lively talk explaining open source inclusion practices. View this engaging video here.

• Coreboot Is Being Ported To A New Intel Skylake-Y System

  Those wishing to use Coreboot on a modern Intel system (albeit with the closed-source FSP) will soon have another option to consider with an open-source, physically secure computer powered by a Skylake-Y SoC moving ahead with a port to Coreboot.

• Mozilla shortlists four designs in open-source rebrand project

  Four designs have been shortlisted in the search to find a new brand identity for software company Mozilla.

  Mozilla is best known for its web browser Firefox, though its latest rebrand project is an attempt at dispelling the myth that this is the only thing the company does.

  It is working with design consultancy Johnson Banks on its open-source rebrand project, which has seen it seeking feedback from the Mozilla community and general public through the comments section on the Mozilla blog, social media and live events over the last few months.

  Involving the community in its rebrand aims to show the company’s “transparent” and “open” philosophy, Mozilla says. However, the company has made it clear that this is not a crowd-sourcing project, which would involve public voting, but instead a way of harbouring thoughts and opinions.

• Despite a Skills Gap, Forecasts for Big Data Growth are Rosy

• GNU Chess 6.2.3

  GNU Chess is a chess-playing program. It can be used to play chess against the computer on a terminal or, more commonly, as a chess engine for graphical chess frontends.

• The Coral Project launches open-source 'Ask' form builder

  New open-source software designed to allow newsrooms to crowdsource information from readers was made available to publishers on request today (19 September) by The Coral Project.

  Ask is the second in a trio of products from The Coral Project, a collaboration between The Washington Post, The New York Times, and the Mozilla Foundation.

  Greg Barber, director of digital news projects at the Post, and strategy and partnerships at The Coral Project, likened Ask to an enhanced version of Google Forms which allows journalists to request information from readers, such as opinions, personal anecdotes, or suggestions on topics to cover.

• GitHub 101: A Beginners Guide For Contributing To GitHub Open Source Software Projects

  Since launching in 2009, GitHub has become the biggest Git repository hosting service in the world and is used by millions of individuals and businesses to manage software projects. It has also become a playground for open-source software projects that often involve a large number of contributors. When there are a lot of cooks in the kitchen, it can become chaotic and scare off beginners. If you are a software developer that’s ready to enter the GitHub fray, we have some advice on what to do — and what not to do — when you’re contributing to a project in a Git repository.

  As of April 2016, GitHub has over 14 million users and 35 million repositories. Many of the projects hosted on GitHub are open source. The nature of the service allows for large groups of people from all corners of the world to collaborate and improve the code in these projects. But the nature of group work, especially when individuals come from diverse backgrounds, means maintaining and participating in a project can become problematic. Which is one reason why GitHub brought in a feature that allows project owners of public repositories to block troublesome users.

  It can be intimidating to start contributing to an open source project and it can be a bit of a learning curve for newbies. First off, let’s talk about taking the plunge. To do this, you’ll need to create a GitHub account. We have a guide on how to do this here.

  Once you’ve done that, it’s best to start off on a project that is beginner-friendly.

• Security updates for Tuesday

• Aid Security Incident Statistics: 18-month trends based on open source reported events affectng aid infrastructure (December 2014 to May 2016)

• Easy Secure Web Serving with OpenBSD’s acme-client and Let’s Encrypt

  s recently as just a few years ago, I hosted my personal website, VPN, and personal email on a computer running OpenBSD in my basement. I respected OpenBSD for providing a well-engineered, no-nonsense, and secure operating system. But when I finally packed up that basement computer, I moved my website to an inexpensive cloud server running Linux instead.

  Linux was serviceable, but I really missed having an OpenBSD server. Then I received an email last week announcing that the StartSSL certificate I had been using was about to expire and realized I was facing a tedious manual certificate replacement process. I decided that I would finally move back to OpenBSD, running in the cloud on Vultr, and try the recently-imported acme-client (formerly “letskencrypt”) to get my HTTPS certificate from the free, automated certificate authority Let’s Encrypt.

• iPhone passcode bypassed with NAND mirroring attack

  Passcodes on iPhones can be hacked using store-bought electronic components worth less than $100 (£77), according to one Cambridge computer scientist.

  Sergei Skorobogatov has demonstrated that NAND mirroring—the technique dismissed by James Comey, the director of the FBI, as unworkable—is actually a viable means of bypassing passcode entry limits on an Apple iPhone 5C. What's more, the technique, which involves soldering off the phone's flash memory chip, can be used on any model of iPhone up to the iPhone 6 Plus, which use the same type of LGA60 NAND chip. Later models, however, will require "more sophisticated equipment and FPGA test boards."

  In a paper he wrote on the subject, Skorobogatov, a Russian senior research associate at the Cambridge Computer Laboratory's security group, confirmed that "any attacker with sufficient technical skills could repeat the experiment," and while the technique he used is quite fiddly, it should not present too much of an obstacle for a well-resourced branch of law enforcement.

  The attack works by cloning the iPhone's flash memory chip. iPhones generally allow users six attempts to guess a passcode before locking them out for incrementally longer periods of time; by the complex process of taking the phone apart, removing its memory chip, and then cloning it, an attacker is able to have as many clusters of six tries as they have the patience to make fresh clones. Skorobogatov estimates that each run of six attempts would take about 45 seconds, meaning that it would take around 20 hours to do a full cycle of all 10,000 passcode permutations. For a six-digit passcode, this would grow to about three months—which he says might still be acceptable for national security.

• Seagate NAS hack should scare us all

  No fewer than 70 percent of internet-connected Seagate NAS hard drives have been compromised by a single malware program. That’s a pretty startling figure. Security vendor Sophos says the bitcoin-mining malware Miner-C is the culprit.

Is customizing your Linux desktop important to you? Run Linux for even a few months, and the ability to customize a desktop environment according to your preferences can become a right.

Customization options start with the fact that more than one Linux desktop is available, and many of these desktop environments allow some customization of the desktop and panel. However, others include options for almost everything you can see or use.

Microsoft opening the source code of a lot of its projects in the last months convinced some people that the company – under its new management – is now good, and that it “loves Linux”, however, this assumption came to be wrong today with the latest monopoly try from Microsoft.

In a TL;DR format: Some new laptops that ship with Windows 10 Signature Edition don’t allow you to install Linux (or any operating system) on it; the BIOS is locked and the hard drives are hidden in a way you can’t install any OS. Those news are not some rumors from the Internet, Lenovo for example confirmed that they have singed an agreement with Microsoft for this.

Hicat’s open source, “Livera” machine vision board runs Linux on an ARM9 Hi3518 camera SoC, and Arduino on an Atmel 32u4 MCU, and has an optional robot kit.

A startup called Team Hicat has gone to Kickstarter to launch a Hicat Livera machine vision development board and robot kit that runs both Linux and Arduino. The CERN-licensed design is available in early bird packages of $39 for the Livera board with built-in 720p ready camera, and $49 for a Pro version that includes a Motor Driver board. The full robot kit, which adds motors, servos, and more, goes for $69. The campaign lasts through Nov. 16, and the devices ship in December.

We reported yesterday on the upcoming availability of the Ubuntu Touch OTA-13 software update for Ubuntu Phone and Ubuntu Tablet devices, and it looks like Canonical finally started the phased update earlier today.

Canonical's Lukasz Zemczak informs us that the main OTA-13 images have been successfully copied from the rc-proposed channel to the stable one for users to update but, as expected, it's phased during the next 24 hours, so not everyone will get it at the same time.

Also: Ubuntu tees up OpenStack on IBM's iron

SUSE's Andreas Jaeger reports on the availability of an updated toolchain for the SUSE Linux Enterprise 12 operating system, bringing the latest tools designed for application development.

The updated toolchain included in SUSE Linux Enterprise 12 comes with some of the latest and most advanced development utilities, such as GCC (GNU Compiler Collection) 6.2, GDB (GNU Debugger) 7.11.1, and GNU Binutils 2.26.1, thus enabling app developers to use the newest technologies when creating their amazing projects.

Just a few moment ago, the Tails development team proudly announced the official and general availability of the Tails 2.6 anonymous Live CD Linux operating system based on the latest Debian technologies.

Earlier this month, we reported on the availability of the first development version of Tails 2.6, the RC1 build, which also appeared to be the only one, and now, nearly three weeks later, we can get our hands on the final release, which brings many updated components and several new features.

According to the release notes, the biggest new features in Tails 2.6 are the enablement of the kASLR (kernel address space layout randomization) in the Linux kernel packages that ship with the popular amnesic incognito live system, protecting users from buffer overflow attacks.

• CouchDB 2.0

  The Apache CouchDB development community is proud to announce the immediate availability of version 2.0.

• Apache CouchDB 2.0 Released

  For users of Apache's CouchDB document-oriented NoSQL database system, version 2.0 was announced today.

• Apache Announces Availablity of CouchDB 2.0 Database

  Over the past several months, we've taken note of the many open source projects that the Apache Software Foundation has been elevating to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to data-centric and developer-focused tools in recent months. As Apache moves these projects to Top-Level Status, they gain valuable community support.

This is the official release announcement for IPFire 2.19 – Core Update 104.
This update brings you a new kernel under the hood and a from scratch rewritten Guardian.

• Red Hat links Java to Microsoft's Visual Studio Code

  Using a newly minted protocol for language and IDE interoperability, Red Hat is expanding Java developers' ability to use Microsoft's Visual Studio Code editor.

• IBM Power Systems and Red Hat Extend Collaboration for Next-Generation Cloud Platforms

• Power Play: Red Hat, IBM expand collaboration

• Shares of International Business Machines Corp. (NYSE:IBM) & Bristol-Myers Squibb Co (NYSE:BMY) Stocks News Update: Monday

• Stocks Logging Active Run- International Business Machines (NYSE:IBM), SeaWorld Entertainment (NYSE:SEAS), Encana (NYSE:ECA)

• Android takes on Apple's tvOS with open-source Poplar developer board

  Android isn't as popular in TVs as tvOS, which powers the Apple TV media box. But Linaro, a non-profit organization that champions Android, wants to change that.

  A new $79.99 open-source TV board called Poplar, made by Tocoding, brings Android to enthusiasts who want to make set-top boxes at home for broadcast TV and streaming media. It was made based on specifications set by Linaro, which is working hard to make Android a viable TV OS.

  Poplar is capable of processing and delivering 4K video. It can work with external tuner cards to deliver video streams from cable or satellite sources, but you'll need to hook up extra hardware for that.

• Google wants to show Samsung and Huawei what Android should look like

  Google has always been a reluctant hardware maker, even though its Android operating system powers more than 80 percent of smartphones around the globe. But next month it plans to launch two new "Made by Google" smartphones running a unique version of Android with new features unavailable on any other phone.

  Google's hope is that by producing unique phones — and selling lots of them — it can take back control of Android, which is used freely by smartphone manufacturers from Samsung to Huawei which barely mention Android and are increasingly adding their own apps and services on top to stand out, and diluting Google's vision of Android in the process.

• Non-blurry photos of the Google Pixel and Pixel XL leak

• BlackBerry DTEK60 running Android spotted on company website

• Google gets more time to counter EU antitrust charge on Android [Ed: Microsoft initiated this whole mess]

• Firefox 49 Released, This Is What’s New

  Mozilla has released Firefox 49 for Windows, Mac and Linux. The latest update to the popular open-source web browser introduces a range of (always) welcome improvements. Among them, Firefox 49 ships with native support for the Widevine CDM on Linux. This enables you to watch Netflix (and other DRM-protected HTML5 video content) without any cumbersome workarounds.

• Latest Firefox Expands Multi-Process Support and Delivers New Features for Desktop and Android

  With the change of the season, we’ve worked hard to release a new version of Firefox that delivers the best possible experience across desktop and Android.

• Opera 40 Released With Built-In VPN Support, Chromecast

• MATE 1.16 Ready For Release, More GTK2 GNOME-Forked Code Ported To GTK3

  The various components of the GNOME2 desktop forked MATE code were checked in as version 1.16 today in preparation for announcing this next release.

  MATE 1.16 is being released in time to hopefully make it in Ubuntu 16.10 and Fedora 25, which are among the goals for this release. During MATE 1.16 development that began following MATE 1.14 in April, there's been more porting of GTK+ 2 code to GTK+ 3.

• A Look At The Exciting Features/Improvements Of GNOME 3.22

  If all goes well, GNOME 3.22 will be officially released tomorrow, 21 September. Here is a recap of some of the new features and improvements made over this past six month development cycle plus some screenshots of the near-final desktop that will power the upcoming Fedora 25 Workstation.

• How blockchain will grow beyond bitcoin

  Since its advent in 2009, bitcoin’s decentralized, broker-less and secure mechanism to send money across the world has steadily risen in popularity and adoption. Of equal — if not greater — importance is the blockchain, the technology that supports the cryptocurrency, the distributed ledger which enables trustless, peer-to-peer exchange of data.

• The end of Moore’s Law and the expansion of Linux; what do these mean to IBM?

  As many organizations are finding out, open-source computing is a game-changer. Many businesses now rely on open-source tools to lower costs, increase flexibility and freedom, and enhance security and accountability.

  Stefanie Chiras, VP of IBM Power Systems Offering Management, Systems of Engagement, at IBM, joined Stu Miniman (@stu) and Dave Vellante (@dvellante), cohosts of theCUBE, from the SiliconANGLE Media team, during IBM Edge, held at the MGM Grand in Las Vegas, NV, to discuss the changing landscape around open source, the end of Moore’s Law, and how the cloud drives innovation for clients.

• Cloud Foundry launches its new Docker-compatible container management system

  Cloud Foundry, the Pivotal- and VMware-incubated open source platform-as-a-service project, is going all in on its new Diego container management system. For a while now, the project used what it called Droplet Execution Agents (DEA) to manage application containers. After running in parallel for a while, though, the team has now decided to go all in on its new so-called “Diego” architecture. Thanks to this, Cloud Foundry says it can now scale to running up to 250,000 containers in a single cluster.

• Secure messaging environment delivers safe online collaboration

• Riot Launches Introducing Open Source Encrypted Collaboration for Business

• Riot looks to launch a chat revolution with open platform

• Riot is trying to knock down the walled gardens of the messaging space

A start-up has completed a crowdfunding campaign for a stamp-sized Linux server development kit that has integrated Wi-Fi and on-board flash storage for DIYers to build hardware or IoT applications.

Boston-based Onion Corp. began its Indiegogo crowdfunding campaign in July and by Aug. 23 had already received more than $773,400 in pledged funding -- 4,400 times its funding goal.

Samsung’s Hybrid boradcast broadband TV (HbbTV) media player has now taken the open source path which the company announced in a press release earlier today. The project is available on GitHub as HbbPlayer and app developers as well as broadcasters can utilize it to test their services on any HbbTV 1.5 compliant TV which most of Samsung’s smart TVs are.