Posts tagged Linux

Fedora Project wants to ban CC0 licence for software

0

The CC0 Creative Commons licence exempts work form copyright claims, but does not exclude patent claims; and this presents a problem for free and open source software, as German IT news site heise reports.

Fedora logoThe Fedora Project would like to remove the Creative Commons Zero (CC0) licence from the list of permitted software licences, as Richard Fontata from the Fedora Legal Documentation Team wrote in a post to the Fedora mailing list. The reason for the change is that the Fedora Project has agreed that software under a licence which does not exclude patent claims cannot be regarded as free and open source software (FOSS).

Public Domain logoThe Creative Commons Zero (CC0 1.0) licence is the most liberal Creative Commons licence. It places works in the public domain, with the copyright holder waiving all copyright and related rights worldwide insofar as this is legally possible. However, the patent or trade mark rights of any party are specifically not affected by CC0, so it is thus possible to place works subject to patent rights under CC0.

Patents against open source

In the 2000s various companies, including Microsoft, have attempted to asset patent claims against Linux and open source software. The Open Invention Network (OIN), whose members mutually waive all patent claims against one another, came into existence as a response to these moves.

Furthermore, in the open source world, there is the risk that companies could release code which is protected by that company’s own patents. If other developers use this code, they are unwittingly exposed to the risk of patent lawsuits. There is therefore widespread agreement in the FOSS world that open source licences must explicitly exclude the possibility of patent claims by the author*.

In its permitted licences list the Fedora Project distinguishes between licences for software, content, documentation and fonts. CC0, which was previously listed as a permitted licence for software and content, will in future only be allowed for content. According to Fontana, it still has to be clarified whether any program packages will be affected by this change.

*= for intellectual property purposes software is regarded as a work of literature.

Google and Microsoft finance open source security campaign

A new initiative by the Open Source Security Foundation (OpenSSF) should improve the security of open source applications, German news site heise reports. The campaign, called the Alpha-Omega Project, is the result of negotiations at the White House between representatives of technology companies, US authorities and non-profit organisations. The initial funding of $5 mn. is being financed jointly by Google and Microsoft.

Image courtesy of opensource.com

OpenSSF is organising the project in two parts – Alpha and Omega. In the Alpha section expert groups are analysing the security situation of the most-used open source applications to find and remedy vulnerabilities. This should train software operators and users in security awareness. In the Omega section a team of software developers is working on automated tests for over 10,000 distributed open source project to propose possible security measures to their user communities.

Open source projects and libraries are widely used in software development. The Log4Shell vulnerability in the widely-distributed Log4j Java library recently showed how critical an attack can be. Even after a month and a half it still remains unclear whether companies have survived the worst. Users and companies should therefore investigate their own systems for vulnerable instances of the Log4j library and install current patches.

More details of the Alpha-Omega Project can be found in the official announcement.

Ubuntu 21.10 released

Two days ago, Canonical announced the release of Ubuntu Linux 21.10, codenamed Impish Indri.

Ubuntu 21.10 wallpaper

Canonical’s CEO Mark Shuttleworth said of the release:

As open source becomes the new default, we aim to bring Ubuntu to all the corners of the enterprise and all the places developers want to innovate. From the biggest public clouds to the tiniest devices, from DGX servers to Windows WSL workstations, open source is the springboard for new ideas and Ubuntu makes that springboard safe, secure and consistent.

This latest Ubuntu release is a short-term one with nine months of support that precedes the next long-term support (LTS) version, Ubuntu 22.04.

The new release’s default desktop interface is GNOME 40, whilst there have also been some updates to the distribution’s default desktop programs, which now include the LibreOffice 7.2 office productivity suite, the Thunderbird 91 e-mail client, and the Firefox 92 web browser.

Ubuntu 21.10 is available for immediate download for 64-bit systems (32-bit support ceased some time ago. Ed.)

Introducing Ubuntu Frame

Earlier this month, Canonical, the company behind the popular Ubuntu Linux distribution, announced the release of Ubuntu Frame

With Ubuntu Frame, developers no longer need to integrate and maintain partial solutions such as DRM, KMS, input protocols or security policies to power and secure their displays. This means less code to manage, fewer opportunities for bugs and vulnerabilities in untried code and more time for developing the display’s content.

Ubuntu Frame screenshot

Ubuntu Frame screenshot

When developing Ubuntu Frame, the goal was to minimise the development and deployment time for building graphic solutions for edge devices by leveraging existing applications and hardening security techniques. Ubuntu Frame is therefore compatible with toolkits such as Flutter, Qt, GTK, Electron and SDL2. Furthermore, it also has a solution for applications based on HTML5 and Java, inter alia. It is also worth mentioning that Ubuntu Frame’s users benefit from easy configuration and deployment options thanks to snaps, which is being heralded asthe next-generation package format for Linux.

Ubuntu Frame provides developers with all they need to deploy fully interactive applications: it comes with all the interfaces applications need to communicate securely with the host machine without developers needing to deal with the specific hardware. It also automatically enables all the functionality that end-users expect while interacting with digital displays, such as input from touchscreens, keyboard and mouse. Developers also don’t need to worry about window behaviours and dynamics since they are all configured.

Commenting on the launch, Michał Sawicz, Smart Displays Engineering Manager at Canonical said the following:

Ubuntu Frame’s reliability has been widely tested in the field. Its technology has been in development for over 7 years and in production for 5 years, using state-of-the-art techniques, and deployed in production to Linux desktop and mobile users. As such, Ubuntu Frame is one of the most mature graphical servers available today for embedded devices.

Debian 11 bullseye released

Debian logoYour ‘umble scribe has been using Debian GNU/Linux for the best part of 15 years now.

Besides being a distribution in its own right, Debian is also used as the basis for many other Linux distros, such as the Ubuntu family and derivatives, as well as specialised distros like the security- and privacy-conscious Tails.

Furthermore, Debian stable version releases don't occur very often, only every 2-3 years (unlike the Ubuntu family, which is on a rigid twice-yearly release cycle. Ed.).

Consequently, a Debian stable version release is a major event and the latest release occurred on Friday, as announced in an email to the Debian Developer Announce mailing list

The start of the email reads as follows:

Hi,
On 14th August 2021 we released Debian 11 “bullseye”.
There are too many people who should be thanked for their work on getting us to this point to list them all individually, and we would be sure to miss some. Nevertheless, we would like to particularly thank the installer team, the buildd and ftp teams, the CD team, the publicity team, the webmasters, the Release Notes editors, porters and all the bug squashers, NMUers, package maintainers and translators who have contributed to making bullseye a great release of which we should all be proud.

The email goes on the state that first point release for bullseye will take place about one month after the initial release.

Testing will soon start for the next Debian stable release – Debian 12, codenamed bookworm.

Finally, it’s worth noting that bullseye comes with 5 years’ support and an additional 10,000 software packages, as noted by ZDNet.

Debian 11 ‘bullseye’ due for release on 14th August

Debian logoVersion 11 of Debian GNU/Linux, codenamed ‘bullseye‘, is due for release on 14th August The Register reports.

A new Debian release is an important event in the world of Linux and free and open source software as it doesn’t happen all that frequently, the last version release being over 2 years ago.

Not only is Debian an important distribution in its own right, but is also influential since it froms the basis for many others including the various flavours of Ubuntu (e.g. Kubuntu, Xubuntu, etc. Ed.), Mint, Devuan, Knoppix, Tails, Raspbian, Pop!_OS and SteamOS, to name but a few.

A post to Debian’s developer announcements list stated: “We plan to release on 2021-08-14”.

It’s a little over 2 years since the last stable Debian version, Debian 10 or ‘buster‘, was made available for download.

Improved security in GRUB 2.06 bootloader

The newest version – 2.06 – of the GRUB bootloader used by most Linux distributions contains two new features, German IT news site heise reports. The software now supports boot partitions encrypted with LUKS2 and the update also contains several bug fixes and security improvements. This is the first new version of GRUB in nearly 2 years. It was originally to have been released in summer 2020, but developers were thwarted by a nasty security hole.

Attackers could gain access to the boot process and execute malicious code via a vulnerability named BootHole. To begin with Linux distributors patched their own GRUB packages. Unfortunately, BootHole patches for Red Hat, CentOS, Debian and Ubuntu blocked GRUB2. GRUB has now officially patched BootHole with the new version

GRUB developers have taken over the additional patches used in the meantime by Red Hat, Debian and a few other distributors to secure their own GRUB packages. The distributors had tried to bridge the gap in the lone release times between GRUB versions. In addition, several errors have been eliminated and GRUB’s code tidied up. GRUB can now be compiled with the GCC 10 and Clang 10 C compilers.

GRUB bootloader menu on Ubuntu Linux machine

GRUB bootloader menu on Ubuntu Linux machine

New security module

As a new feature, GRUB 2.06 supports the Xen hypervisor’s XSM/FLASK security module and Secure Boot Advanced Targeting (SBAT). The developers of the Shim bootloader came up with the latter technology to further complicate attacks on the boot process. In simple terms, the procedure automatically considers outdated versions of a program involved in the boot process to be unsafe. In addition to this, GRUB 2.06 offers a lockdown mechanism that is similar to the equivalent of the Linux kernel of the same name.

Printed manuals available for LibreOffice 7

The Document Foundation (TDF) blog reports today that users of the TDF’s free and open source LibreOffice suite can now acquire hard copies of guides to the various modules in version 7.* of the suite (Writer, Calc, Impress, Math and Base) as well as a general Getting Started Guide.

These new guides are full of tips, tricks and tutorials to help users get the best out of the whole office suite.

Cover image of LibreOffice Getting Started Guide

The guides are already available for download in both PDF and ODT versions.

There will nevertheless always be people who appreciate hard copies of manuals, so the LibreOffice Documentation community has joined forces with online bookshop Lulu (which was started by Red Hat co-founder Bob Young) made these available guides. The guides will be printed on demand in various locations and be shipped to anywhere in the world.

Pricing for the UK is shown as £10 per guide. Lulu also provide guides for earlier versions of LibreOffice.

Mozilla grants Pyodide project its independence

image of Python logoMozilla, the organisation behind the free and open source Firefox web browser and Thunderbird email client, has just released the Pyodide project from its organisation and it will henceforth be managed independently by the community, French IT news site Le Monde Informatique reports. Formed within Mozilla in 2018 as an experimental project to create in full Python stack for data science, the tool is compiled to WebAssembly and can be used to leverage Python in a web browser and give the language full access to web-based APIs. Via WebAssembly, Pyodide thus brings the Python 3.8 runtime to the browser, with its scientific stack including NumPy, Pandas, Matplotlib, SciPy and scikit-learn. Almost 75 packages are currently offered, with the tool providing transparent object conversion between JavaScript and Python.

The project currently has a separate GitHub organisation and documentation site. It will be maintained by volunteers. A governance document and roadmap have been published to set out Pyodide’s targets, including better Python code performance, reducing the size of downloads and simplifying package uploads. The roadmap introduction states:

This document lists general directions that core developers are interested to see developed in Pyodide. The fact that an item is listed here is in no way a promise that it will happen, as resources are limited. Rather, it is an indication that help is welcomed on this topic.

Pyodide can install any Python package in wheel format from the PyPi repository. It also includes an interface which exposes Python packages Python to JavaScript and exposes the browser interface (including the DOM) to Python. Developers can test Pyodide in an REPL environment.

Version 0.17.0 with API revision

Mozilla has at the same time announced the release of Pyodide version 0.17.0 with major maintenance improvements, a revision of the central APIs and the squashing of bugs and memory leaks. Since its creation the project has given rise to plenty of interest and is used in several projects outside Mozilla.

SUSE IPO this summer

SUSE logoSUSE was the first Linux distribution I actually used as a day-to-day working system over 15 years ago. It was the distribution on which I learnt about Linux, so it has a special place in my affections.

The impetus to install it came from a friend who bought a set of 5 installation CDs off eBay for me as a present.

Later on, I treated myself to SUSE Linux Professional 9.3 for some £50. It came as a box set of 2 DVDs and 5 CDs, along with a doorstep-sized manual.

SUSE is a good, solid distribution and excellent for business use with its SUSE Enterprise Linux server and desktop offerings and paid-for support.

SUSE also sponsors the community-supported openSUSE project, which develops the openSUSE Linux distribution, which is available in both rolling release (Tumbleweed) and regular release (Leap) versions.

Founded in Germany 1992, SUSE was the first company to market Linux to business. Over the years its ownership has changed many times. In 2004 it was acquired by Novell. Novell and with it SUSE were then purchased by Attachmate (with financial assistance from Microsoft) in 2010. In 2014 Microfocus acquired Attachmate and SUSE was spun off as a separate division under the name SUSE Software Solutions Germany GmbH. Finally, EQT purchased SUSE from Micro Focus for $2.5 billion in March 2019.

News has now emerged that SUSE is being prepared for stock flotation in Europe in via an IPO in the next few months (May is mentioned as the earliest date) with Bank of America and Morgan Stanley executing the IPO with the aid of Goldman Sachs, Deutsche Bank, and Jefferies.

According to Le Monde Informatique, SUSE is likely to have a market valuation of €7-8 bn. for the IPO.

Go to Top