An anonymous reader quotes a report from VentureBeat: The Cloud Native Computing Foundation (CNCF) today announced it is funding a bug bounty program for Kubernetes. Security researchers who find security vulnerabilities in Kubernetes' codebase, as well as the build and release processes, will be rewarded with bounties ranging from $100 to $10,000. Bug bounty programs motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Originally designed by Google and now run by the CNCF, Kubernetes is an open source container orchestration system for automating application deployment, scaling, and management. Given the hundreds of startups and enterprises that use Kubernetes in their tech stacks, it's significantly cheaper to proactively plug security holes than to deal with the aftermath of breaches.

Open-source intelligence proved vital in the investigation into Ukraine Airlines flight PS752. Then Iranian officials had to admit the truth. From a report: [...] In the days after the Ukraine Airlines plane crashed into the ground outside Tehran, Bellingcat and The New York Times have blown a hole in the supposition that the downing of the aircraft was an engine failure. The pressure -- and the weight of public evidence -- compelled Iranian officials to admit overnight on January 10 that the country had shot down the plane "in error." So how do they do it? "You can think of OSINT as a puzzle. To get the complete picture, you need to find the missing pieces and put everything together," says Lorand Bodo, an OSINT analyst at Tech versus Terrorism, a campaign group. The team at Bellingcat and other open-source investigators pore over publicly available material. Thanks to our propensity to reach for our cameraphones at the sight of any newsworthy incident, video and photos are often available, posted to social media in the immediate aftermath of events. "Open source investigations essentially involve the collection, preservation, verification, and analysis of evidence that is available in the public domain to build a picture of what happened," says Yvonne McDermott Rees, a lecturer at Swansea University.

Some of the clips in this incident surfaced on Telegram, the encrypted messaging app popular in the Middle East, while others were sent directly to Bellingcat. "Because Bellingcat is known for our open source work on MH17, people immediately thought of us. People started sending us links they'd found," says Eliot Higgins of Bellingcat. "It was involuntary crowdsourcing." OSINT investigators then utilise metadata, including EXIF data -- which is automatically inserted into videos and photos, showing everything from the type of camera used to take the images to the precise latitude and longitude of where the taker was standing -- to validify that the footage is legitimate. They'll also try and identify who took the footage, and whether it's practical for them to have been where they claim to have been at the time. However, for this instance, they couldn't use EXIF data. "People would share photos and videos on Telegram which strip the metadata, and then someone else would find that and share it on Twitter," says Higgins. "We were really getting a second-hand or third-hand version of these images. All we have to go on is what's visible in the photograph." So instead they moved onto the next step.

"Linux kernel head Linus Torvalds has warned engineers against adding a module for the ZFS filesystem that was designed by Sun Microsystems -- and now owned by Oracle -- due to licensing issues," reports ZDNet: As reported by Phoronix, Torvalds has warned kernel developers against using ZFS on Linux, an implementation of OpenZFS, and refuses to merge any ZFS code until Oracle changes the open-source license it uses.

ZFS has long been licensed under Sun's Common Development and Distribution License as opposed to the Linux kernel, which is licensed under GNU General Public License (GPL). Torvalds aired his opinion on the matter in response to a developer who argued that a recent kernel change "broke an important third-party module: ZFS". The Linux kernel creator says he refuses to merge the ZFS module into the kernel because he can't risk a lawsuit from "litigious" Oracle -- which is still trying to sue Google for copyright violations over its use of Java APIs in Android -- and Torvalds won't do so until Oracle founder Larry Ellison signs off on its use in the Linux kernel.

"If somebody adds a kernel module like ZFS, they are on their own. I can't maintain it and I cannot be bound by other people's kernel changes," explained Torvalds. "And honestly, there is no way I can merge any of the ZFS efforts until I get an official letter from Oracle that is signed by their main legal counsel or preferably by Larry Ellison himself that says that yes, it's OK to do so and treat the end result as GPL'd," Torvalds continued.

"Other people think it can be OK to merge ZFS code into the kernel and that the module interface makes it OK, and that's their decision. But considering Oracle's litigious nature, and the questions over licensing, there's no way I can feel safe in ever doing so."

The source code for acclaimed 2D puzzle platformer VVVVVV has been released by creator Terry Cavanagh to celebrate the title's 10th anniversary. Gamasutra reports: Breaking to news in a blog post, Cavanagh explained the code fro both the desktop and mobile versions of the game can now be grabbed over on Github, and confessed that "even by the standard of self taught indie devs, it's kind of a mess." The desktop code is the version that was ported to C++ by Simon Roth back in 2011 and later updated and maintained by Ethan Lee, while the mobile code is written in Actionscript for Adobe AIR and is based on the original v1.0 flash version of the game.

New submitter profi shares a report from Computing: Huawei has released the source code of openEuler, its distribution of Linux based on CentOS. The operating system was formally launched by Huawei in September 2019 in response to U.S. sanctions, which had briefly affected the company's access to Windows and Android operating systems. The source code has now been published on Gitee, the Chinese version of Github.

OpenEuler comprises two organizations on Gitee, one for source code and one for package sources. The openEuler organization was keen to highlight two particular packages, iSulad and A-Tune, among the openEuler source code. "iSulad is a lightweight gRPC service-based container runtime. Compared to runc, iSulad is written in C, but all interfaces are compatible with OCI. A-Tune is a system software to auto-optimize the system adaptively to multiple scenarios with embedded AI-engine." The announcement continues: "You will also see several infrastructure-supported projects that set up the community's operating systems... these systems are built on the Huawei Cloud through script automation."

Among the package sources, covered by the src-openeuler organization on Gitee, are around 1,000 packages with versions in both ARM64 and X86 architecture packages. Huawei claims its developers have made a number of enhancements to ARM64 openEuler code to improve multi-core efficiency. It is also working on a "green computing" ecosystem with Linaro and the Green Industry Alliance. At the moment, the organization claims, there are more than 50 contributors and just under 600 commits. The openEuler community has around 20 SIGs or project groups.

On Wednesday Phoronix cited a blog post by C++ game developer Malte Skarupke claiming his spinlocks experiments had discovered the Linux kernel had a scheduler issue affecting developers bringing games to Linux for Google Stadia.

Linus Torvalds has now responded: The whole post seems to be just wrong, and is measuring something completely different than what the author thinks and claims it is measuring.

First off, spinlocks can only be used if you actually know you're not being scheduled while using them. But the blog post author seems to be implementing his own spinlocks in user space with no regard for whether the lock user might be scheduled or not. And the code used for the claimed "lock not held" timing is complete garbage.

It basically reads the time before releasing the lock, and then it reads it after acquiring the lock again, and claims that the time difference is the time when no lock was held. Which is just inane and pointless and completely wrong...

[T]he code in question is pure garbage. You can't do spinlocks like that. Or rather, you very much can do them like that, and when you do that you are measuring random latencies and getting nonsensical values, because what you are measuring is "I have a lot of busywork, where all the processes are CPU-bound, and I'm measuring random points of how long the scheduler kept the process in place".

And then you write a blog-post blamings others, not understanding that it's your incorrect code that is garbage, and is giving random garbage values...

You might even see issues like "when I run this as a foreground UI process, I get different numbers than when I run it in the background as a batch process". Cool interesting numbers, aren't they?

No, they aren't cool and interesting at all, you've just created a particularly bad random number generator...

[Y]ou should never ever think that you're clever enough to write your own locking routines.. Because the likelihood is that you aren't (and by that "you" I very much include myself -- we've tweaked all the in-kernel locking over decades, and gone through the simple test-and-set to ticket locks to cacheline-efficient queuing locks, and even people who know what they are doing tend to get it wrong several times).

There's a reason why you can find decades of academic papers on locking. Really. It's hard.
"It really means a lot to me that Linus responded," the blogger wrote later, "even if the response is negative." They replied to Torvalds' 1,500-word post on the same mailing list -- and this time received a 1900-word response arguing "you did locking fundamentally wrong..." The fact is, doing your own locking is hard. You need to really understand the issues, and you need to not over-simplify your model of the world to the point where it isn't actually describing reality any more...

Dealing with reality is hard. It sometimes means that you need to make your mental model for how locking needs to work a lot more complicated...

Bruce Perens (Slashdot reader #3872) co-founded the Open Source Initiative with Eric Raymond in 1998. But on Thursday Perens posted "it seems to me that the organization is rather enthusiastically headed toward accepting a license that isn't freedom respecting. Fine, do it without me, please.

"I asked Patrick to cancel my membership, and I would have unsubscribed from OSI lists, including this one, if your server was working..."

The issue is a new software license drafted by lawyer Van Lindberg called the Cryptographic Autonomy License (or CAL). Another open-source-community leader familiar with the debate -- who spoke with The Register on condition of anonymity -- claimed Lindberg lobbied OSI directors privately to green-light the license, contrary to an approval process that's supposed to be carried out in public.

"I don't think that's an appropriate characterization," said Lindberg, of law firm Dykema, in a phone interview with The Register. "I think there are number of people who from the beginning made up their minds about the Cryptographic Autonomy License. You'll see a lot of people jumping onto any pretext they can find in order to oppose it. With regard to this idea of lobbying, there have been procedural-type communications that I think are entirely reasonable," he added. "But all the substantive debate has been on the license review and license discussion forums...."

Perens said he resigned because the OSI appears to have already decided to accept the license. He said he's headed in a different direction, which he called "coherent open source."

"We've gone the wrong way with licensing," he said, citing the proliferation of software licenses. He believes just three are necessary, AGPLv3, the LGPLv3, and Apache v2.
Meanwhile, the Cryptographic Autonomy License is envisioned for use with the distributed development platform Holo, notes the Register: According to Holo co-founder Arthur Brock, distributed peer-to-peer software needs a license that addresses cryptographic key rights, which is why the Cryptographic Autonomy License has been proposed. "We are trying to say: the only valid way to use our code is if that developer's end-users are the sole authors and controllers of their own private crypto keys," he wrote in a post last year.

Lindberg said the Cryptographic Autonomy License is applicable to current web applications but it more meaningful in the context of distributed workloads and distributed computation, which he contends will become more important as people seek alternatives to the centralization of today's cloud-based systems. "A lot of people are very concerned about this concept of owning your data, owning your computer, having the ability to really control your computing experience and have it not be controlled by your cloud provider," said Lindberg.

Perens said, "It's a good goal but it means you now need to have a lawyer to understand the license and to respond to your users."
Slashdot asked Bruce Perens for details on "Coherent Open Source." Here's what he wrote back...

Phoronix reports that on New Year's Day, the Linux kernel's Git source tree showed 27,852,148 lines of code, divided among 66,492 files (including docs, Kconfig files, user-space utilities in-tree, etc).

Over its lifetime there's been 887,925 commits, and around 21,074 different authors: During 2019, the Linux kernel saw 74,754 commits, which is actually the lowest point since 2013. The 74k commits is compares to 80k commits seen in both 2017 and 2018, 77k commits in 2016, and 75k commits in both 2014 and 2015. Besides the commit count being lower, the author count for the year is also lower. 2019 saw around 4,189 different authors to the Linux kernel, which is lower than the 4,362 in 2018 and 4,402 in 2017.

While the commit count is lower for the year, on a line count it's about average with 3,386,347 lines of new code added and 1,696,620 lines removed...

Intel and Red Hat have remained the top companies contributing to the upstream Linux kernel.

Slashdot reader DevNull127 writes: CNBC Explores released a 14-minute documentary this month called "The Rise Of Open-Source Software." It's already racked up 558,802 views on YouTube, arguing that open-source software "has essentially taken over the world. Companies in every industry, from Walmart to Exxon Mobile to Verizon, have open-sourced their projects. Microsoft has completely changed its point of view, and is now seen as a leader in the space. And in 2016 the U.S. government even promised to open-source at least 20% of all its new custom-developed code."

The documentary does mention the 1990s, when Microsoft "even went so far as to call Open Source 'Unamerican' and bad for intellectual property rights." But two and a half minutes in, they also tell the famous story of that 1970s printer jam at MIT which led to the purchase of a proprietary printer that inspired Richard Stallman to quit his job to develop the GNU operating system and spearhead the free software movement. And at three and a half minutes in, they also describe how Linus Torvalds "unceremoniously released" Linux in 1991, and report that "By the turn of the century, NASA, Dell, and IBM were all using it." And at 4:18, they mention "other open source projects" gaining popularity, including MySQL, Perl, and Apache.

"But for the layperson at the turn of the century, the rise of these technologies could have gone unnoticed. After all, hardly anyone ran Linux on their personal computers. But then in 2008, Google released Android devices, which ran on a modified version of Linux. Suddenly the operating system blew up the smartphone market..." (Chen Goldberg, Google's Director of Engineering, cites 2.5 billion active Android devices.) The documentary then traces the open source movement up through our current decade, even mentioning Microsoft's acquisition of GitHub, IBM's acquisition of Red Hat, and various monetization models (including GitHub's new "Sponsors" program). And it ends with the narrator calling open source development "the new norm..."

"After all, the success of Open Source reveals that collaboration and knowledge-sharing are more than just feel-good buzzwords. They're an effective business strategy. And if we're going to solve some of the world's biggest problems, many believe that we can't afford to hoard our resources and learnings."
Here's a list (in order of appearance) of the people interviewed:

• Nat Friedman, CEO of GitHub
• Devon Zuegel, Open-Source Product Manager, GitHub
• Chris Wright, CTO of Red Hat
• Jim Zemlin, Executive Director of the Linux Foundation
• Feross Aboukhadijeh, Open-Source Maintainer
• Chen Goldberg, Google's Director of Engineering

Jim Zemlin, Executive Director of the Linux Foundation, even tells CNBC that 10,000 lines of code are added to Linux every day. "It is by far the highest-velocity, the most effective software development process in the history of computing... As the idea of sharing technology and collaborating collectively expands, we're moving into open hardware initiatives, data-sharing initiatives. And that's really going to be the future...

"The complexity of building these technologies isn't going down, it's only going up. We can get that technology out there faster when everybody works together."

Long-time Slashdot reader twocows writes: Hyperbola GNU/Linux, a FSF-approved distribution of GNU/Linux, has declared their intent to fork OpenBSD and become HyperbolaBSD..."
The news came earlier this week in a roadmap announcement promising "a completely new OS derived from several BSD implementations" (though Hyperbola was originally based on Arch snapshots and Debian development).

"This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom." In 2017 Hyperbola dropped its support for systemd -- but its concerns go far beyond that: This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.

Reasons for this include:

- Linux kernel forcing adaption of DRM, including HDCP.

- Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)

- Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)

- Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies....)

HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.

DevNull127 writes: The Debian Project has announced the results of its vote on how much to support non-systemd init systems. The eight options voted on included "Focus on systemd" and "Support for multiple init systems is required" (as well as milder choices like "Support for multiple init systems is Important" and "Support non-systemd systems, without blocking progress.") The winning option?

"Systemd but we support exploring alternatives."

Here's the position for the Debian project described by that option:

The Debian project recognizes that systemd service units are the preferred configuration for describing how to start a daemon/service. However, Debian remains an environment where developers and users can explore and develop alternate init systems and alternatives to systemd features.

Those interested in exploring such alternatives need to provide the necessary development and packaging resources to do that work. Technologies such as elogind that facilitate exploring alternatives while running software that depends on some systemd interfaces remain important to Debian. It is important that the project support the efforts of developers working on such technologies where there is overlap between these technologies and the rest of the project, for example by reviewing patches and participating in discussions in a timely manner.

Packages should include service units or init scripts to start daemons and services. Packages may use any systemd facility at the package maintainer's discretion, provided that this is consistent with other Policy requirements and the normal expectation that packages shouldn't depend on experimental or unsupported (in Debian) features of other packages. Packages may include support for alternate init systems besides systemd and may include alternatives for any systemd-specific interfaces they use. Maintainers use their normal procedures for deciding which patches to include.

Debian is committed to working with derivatives that make different choices about init systems. As with all our interactions with downstreams, the relevant maintainers will work with the downstreams to figure out which changes it makes sense to fold into Debian and which changes remain purely in the derivative.

Kubernetes (originally designed by Google) is a prominent open-source container-orchestration system for cloud computing with over 4.3 million lines of Go source code. Over 700,000 lines of that code are comments.

"We've been working on a project that surfaces TODO comments in a codebase to help developers do basic project management workflows within that codebase," reads a new essay on Medium. So what did the software learn from over 2,000 TODO comments on Kubernetes? Slashdot reader patrickdevivo writes: It finds that most TODOs are quite old (average age of 2+ years) and about a quarter of them have an assignee (so they're kind of like a ticket?)

The tool used to surface the information is called tickgit, and it looks for "project management metadata" in a codebase.

The data confirms what most developers intuitively understand -- many TODO comments are forgotten and typically not addressed in a reasonable amount of time. This also appears to be the case in Kubernetes, just on a larger scale.

b-dayyy shared this article from Linux Security: The United States government's respect for and acceptance of open-source development has steadily grown stronger over the past decade, and the U.S. government is increasingly using open-source software as a way to roll out advanced, highly secure technology in an economical manner. On August 8, 2016, the White House CIO released a Federal Source Code Policy that calls for new software to be built, shared, and adapted using open-source methods to capitalize on code that is "secure, reliable, and effective in furthering our national objectives."

The United States Department of Defense recognizes the key benefits associated with open-source development and trusts Linux as its operating system. In fact, the U.S. Army is the single largest installed base for Red Hat Linux and the U.S. Navy nuclear submarine fleet runs on Linux, including their sonar systems. Moreover, the Department of Defense just recently enlisted Red Hat, Inc., the world's largest provider of open-source solutions, to help improve squadron operations and flight training.
In a comment on the original submission, long-time Slashdot reader bobs666 remembers setting up Minix 30 years ago "for running email for a part of the U.S. Army. It's too bad the stupid people made me stop working on the project."

But the world may be changing. The article notes that Linux has now already been certified to meet the three different security certifications required by the United States Department of Defense.

WireGuard has now been committed to the mainline Linux kernel. "While there are still tests to be made and hoops to be jumped through, it should be released in the next major Linux kernel release, 5.6, in the first or second quarter of 2020," reports ZDNet. From the report: WireGuard has been in development for some time. It is a layer 3 secure VPN. Unlike its older rivals, which it's meant to replace, its code is much cleaner and simple. The result is a fast, easy-to-deploy VPN. While it started as a Linux project, WireGuard code is now cross-platform, and its code is now available on Windows, macOS, BSD, iOS, and Android. It took longer to arrive than many wished because WireGuard's principal designer, Jason Donenfeld, disliked Linux's built-in cryptographic subsystem on the grounds its application programming interface (API) was too complex and difficult. He suggested it be supplemented with a new cryptographic subsystem: His own Zinc library. Many developers didn't like this. They saw this as wasting time reinventing the cryptographic well.

But Donenfeld had an important ally. Torvalds wrote, "I'm 1000% with Jason on this. The crypto/ model is hard to use, inefficient, and completely pointless when you know what your cipher or hash algorithm is, and your CPU just does it well directly." In the end, Donenfeld compromised. "WireGuard will get ported to the existing crypto API. So it's probably better that we just fully embrace it, and afterward work evolutionarily to get Zinc into Linux piecemeal." That's exactly what happened. Some Zine elements have been imported into the legacy crypto code in the forthcoming Linux 5.5 kernel. This laid the foundation for WireGuard to finally ship in Linux early next year.

The nonprofit Open Source Technology Improvement Fund connects open-source security projects with funding and logistical support. (Launched in 2015, the Illinois-based group includes on its advisory council representatives from DuckDuckGo and the OpenVPN Project.)

To raise more money, they're now planning to offer "hacker-themed swag" and apparel created with a state-of-the art direct-to-garment printer -- and they're using Kickstarter to help pay for that printer: With the equipment fully paid for, we will add a crucial revenue stream to our project so that we can get more of our crucial work funded. OSTIF is kicking-in half of the funding for the new equipment from our own donated funds from previous projects, and we are raising the other half through this KickStarter. We have carefully selected commercial-grade equipment, high quality materials, and gathered volunteers to work on the production of the shirts and wallets.
Pledges of $15 or more will be rewarded with an RFID-blocking wallet that blocks "drive-by" readers from scanning cards in your pocket, engraved with the message of your choice. And donors pledging $18 or more get to choose from their "excellent gallery" of t-shirts. Dozens of artists have contributed more than 40 specially-commissioned "hacker-themed" designs, including "Resist Surveillance" and "Linux is Communism" (riffing on a 2000 remark by Microsoft's CEO Steve Ballmer).

There's also shirts commemorating Edward Snowden (including one with an actual NSA document leaked by Edward Snowden) as well as a mock concert t-shirt for the "world tour" of the EternalBlue exploit listing locations struck after it was weaponized by the NSA. One t-shirt even riffs on the new millennial catchphrase "OK boomer" -- replacing it with the phrase "OK Facebook" using fake Cyrillic text.

And one t-shirt design shows an actual critical flaw found by the OSTIF while reviewing OpenVPN 2.4.0.

So far they have 11 backers, earning $790 of their $45,000 goal.

It's the first day of December, which means the return of an annual geek tradition: the computer programming advent calendars!

An anonymous reader delivers this update: It's the very first year for the Raku Advent Calendar (using the language formerly known as Perl 6).

Meanwhile, Perl 5 still has its own separate advent calendar. Amsterdam-based Perl programmer Andrew Shitov is also writing a special "Language a Day" advent calendar in which he'll cover the basics of an entirely different programming language each day. And the Go language site Gopher Academy has also launched their 7th annual advent calendar.

The 24 Ways site is also promising "an advent calendar for web geeks," offering "a daily dose of web design and development goodness to bring you all a little Christmas cheer."

And each day until Christmas the Advent of Code site will offer "small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like. People use them as a speed contest, interview prep, company training, university coursework, practice problems, or to challenge each other." (Their Day One puzzle explains this year's premise. "Santa has become stranded at the edge of the Solar System while delivering presents to other planets....!")
There's also one particularly ambitious advent calendar from closer to the north pole. The Norwegian design/technology/strategy consulting firm Bekk is attempting 12 different geeky Christmas calendars, each running for 24 days (for a total of 288 articles).

And each one is hosted at a .christmas top-level domain

• CSS Christmas
• Functional Christmas
• Java Christmas
• JavaScript Christmas
• Kotlin Christmas
• ML Christmas
• Open Source Christmas
• Product Christmas
• React Christmas
• Security Christmas
• The Cloud Christmas
• UX Christmas

Long-time Slashdot reader jaromil (Denis "Jaromil" Roio) writes: A few days ago Devuan ASCII 2.1 was announced and one update has been overlooked by most media outlets: our dbus patch to re-generate machine-id at every boot.

This patch matters for everyone's privacy and I hope more distributions will follow our example, let alone Debian. We are dealing with important privacy implications: non-consensual user tracking is illegal in many countries and is not even mentioned in the machine-id documentation so far.
"In theory, the machine-id should be a persistent identifier of the current host," explains the README documentation. "In practice, this causes some privacy concerns..."

hackingbear writes: The RISC-V Foundation, which sets standards for the open-sourced CPU architecture and controls who can use the RISC-V trademark on products, will soon move to Switzerland to ensure that universities, governments and companies outside the United States can help develop its open-source technology. "From around the world, we've heard that 'If the incorporation was not in the U.S., we would be a lot more comfortable,'" its Chief Executive Calista Redmond said. Redmond said the foundation's board of directors approved the move unanimously but declined to disclose which members prompted it. More than 325 companies or other entities pay to be members, including U.S. and European chip suppliers such as Qualcomm and NXP Semiconductors, as well as China's Alibaba Group and Huawei Technologies.

The foundation's move from Delaware to Switzerland may foreshadow further technology flight because of U.S. restrictions on dealing with some Chinese technology companies, said William Reinsch, who was undersecretary of commerce for export administration in the Clinton administration. "There is a message for the government. The message is, if you clamp down on things too tightly this is what is going to happen. In a global supply chain world, companies have choices, and one choice is to go overseas," he said. The U.S. has increased tenancy to sanction foreign, especially Chinese, companies using national security as an excuse, thus conveniently evading legal due process in the U.S. justice system without providing any actual evidence.

diegocg writes: Linux 5.4 has been released, featuring the new kernel lockdown mode, intended to strengthen the boundary between UID 0 and the kernel; virtio-fs, a high-performance virtio driver which allows a virtualized guest to mount a directory that has been exported on the host; fs-verity, for detecting file tampering, like dm-verity, but works on files rather than block devices; dm-clone, which allows live cloning of dm targets; two new madvise() flags for improved app memory management on Android, support for new Intel/AMD GPUs, support for the exfat file system and removing the experimental status of the erofs file system; a new haltpoll cpuidle driver and governor that greatly improves performance for virtualized guests wanting to do guest-side polling in the idle loop; and blk-iocost, a new cgroup controller that attempts to calculate more accurately the cost of IO. As always, many other new drivers and improvements can be found in the changelog.

An anonymous reader quotes a report from Forbes: Denver-based PC manufacturer and Pop!_OS Linux developer System76 plans to follow-up its custom Thelio desktop PC with an in-house laptop beginning next year, according to founder and CEO Carl Richell. During a recent interview, Richell was quick to emphasize that the entire process of designing, prototyping and iterating the final product could take two to three years. But the company is eager to break into this market and put the same signature "stamp" on its laptop hardware that graces its custom-built Thelio desktop.

System76 sells an extensive lineup of laptops, but the machines are designed by the likes of Sager and Clevo. The company doesn't merely buy a chassis and slap Pop!_OS on it, but Richell tells me he's confident that with the experience gained from developing Thelio -- and the recent investment into a factory at the company's Denver headquarters -- System76 is capable of building a laptop from the ground up that meets market needs and carries a unique value proposition. Richell says the company's first priority is locking down the aesthetic of the laptop and how various materials look and feel. It will simultaneously begin working on the supply chain aspects and speaking with various display and component manufacturers. System76 will design and build a U-class laptop first (basically an Ultrabook form factor like the existing Darter and Galago) and then evaluate what it might do with higher-end gaming and workstation notebooks with dedicated graphics.