Long-time Slashdot reader jaromil (Denis "Jaromil" Roio) writes: A few days ago Devuan ASCII 2.1 was announced and one update has been overlooked by most media outlets: our dbus patch to re-generate machine-id at every boot.

This patch matters for everyone's privacy and I hope more distributions will follow our example, let alone Debian. We are dealing with important privacy implications: non-consensual user tracking is illegal in many countries and is not even mentioned in the machine-id documentation so far.
"In theory, the machine-id should be a persistent identifier of the current host," explains the README documentation. "In practice, this causes some privacy concerns..."

hackingbear writes: The RISC-V Foundation, which sets standards for the open-sourced CPU architecture and controls who can use the RISC-V trademark on products, will soon move to Switzerland to ensure that universities, governments and companies outside the United States can help develop its open-source technology. "From around the world, we've heard that 'If the incorporation was not in the U.S., we would be a lot more comfortable,'" its Chief Executive Calista Redmond said. Redmond said the foundation's board of directors approved the move unanimously but declined to disclose which members prompted it. More than 325 companies or other entities pay to be members, including U.S. and European chip suppliers such as Qualcomm and NXP Semiconductors, as well as China's Alibaba Group and Huawei Technologies.

The foundation's move from Delaware to Switzerland may foreshadow further technology flight because of U.S. restrictions on dealing with some Chinese technology companies, said William Reinsch, who was undersecretary of commerce for export administration in the Clinton administration. "There is a message for the government. The message is, if you clamp down on things too tightly this is what is going to happen. In a global supply chain world, companies have choices, and one choice is to go overseas," he said. The U.S. has increased tenancy to sanction foreign, especially Chinese, companies using national security as an excuse, thus conveniently evading legal due process in the U.S. justice system without providing any actual evidence.

diegocg writes: Linux 5.4 has been released, featuring the new kernel lockdown mode, intended to strengthen the boundary between UID 0 and the kernel; virtio-fs, a high-performance virtio driver which allows a virtualized guest to mount a directory that has been exported on the host; fs-verity, for detecting file tampering, like dm-verity, but works on files rather than block devices; dm-clone, which allows live cloning of dm targets; two new madvise() flags for improved app memory management on Android, support for new Intel/AMD GPUs, support for the exfat file system and removing the experimental status of the erofs file system; a new haltpoll cpuidle driver and governor that greatly improves performance for virtualized guests wanting to do guest-side polling in the idle loop; and blk-iocost, a new cgroup controller that attempts to calculate more accurately the cost of IO. As always, many other new drivers and improvements can be found in the changelog.

An anonymous reader quotes a report from Forbes: Denver-based PC manufacturer and Pop!_OS Linux developer System76 plans to follow-up its custom Thelio desktop PC with an in-house laptop beginning next year, according to founder and CEO Carl Richell. During a recent interview, Richell was quick to emphasize that the entire process of designing, prototyping and iterating the final product could take two to three years. But the company is eager to break into this market and put the same signature "stamp" on its laptop hardware that graces its custom-built Thelio desktop.

System76 sells an extensive lineup of laptops, but the machines are designed by the likes of Sager and Clevo. The company doesn't merely buy a chassis and slap Pop!_OS on it, but Richell tells me he's confident that with the experience gained from developing Thelio -- and the recent investment into a factory at the company's Denver headquarters -- System76 is capable of building a laptop from the ground up that meets market needs and carries a unique value proposition. Richell says the company's first priority is locking down the aesthetic of the laptop and how various materials look and feel. It will simultaneously begin working on the supply chain aspects and speaking with various display and component manufacturers. System76 will design and build a U-class laptop first (basically an Ultrabook form factor like the existing Darter and Galago) and then evaluate what it might do with higher-end gaming and workstation notebooks with dedicated graphics.

pacopico writes: GitHub's CEO Nat Friedman traveled to Svalbard in October to stash Linux, Android, and 6,000 other open-source projects in a permafrost-filled, abandoned coal mine. It's part of a project to safeguard the world's software from existential threats and also just to archive the code for posterity. As Friedman says, "If you told someone 20 years ago that in 2020, all of human civilization will depend on and run on open-source code written for free by volunteers in countries all around the world who don't know each other, and it'll just be downloaded and put into almost every product, I think people would say, 'That's crazy, that's never going to happen. Software is written by big, professional companies.' It's sort of a magical moment. Having a historical record of this will, I think, be valuable to future generations." GitHub plans to open several more vaults in other places around the world and to store any code that people want included.

Slashdot reader dryriver writes: More and more professional 3D software like 3DMax, Maya, AutoCAD (Autodesk) and Substance Painter (Adobe) is now only available on a monthly or yearly subscription basis — you cannot buy any kind of perpetual license for these industry standard 3D tools anymore, cannot offline install or activate the tools, and the tools also phone home every few days over the internet to see whether you have "paid your rent". Stop paying your rent, and the software shuts down, leaving you unable to even look at any 3D project files you may have created with software.

This has caused so much frustration, concern and anxiety among 3D content creators that, increasingly, everybody is trying to replace their commercial 3D software with Open Source 3D tools. Thankfully, open source 3D tools have grown up nicely in recent years. Some of the most popular FOSS 3D tools are the complete 3D suite Blender, polygon modeling tool Wings 3D, polygon modeling tool Dust3D, CAD modeling tool FreeCAD, PBR texturing tool ArmorPaint, procedural materials generator Material Maker, image editing tool GIMP, painting tool Krita, vector illustration tool Inkscape and the 2D/3D game engine Godot Engine.

Along with these tools comes a beguiling possibility — while working with commercial 3D tools pretty much forced you to use Windows X in terms of OS choice in the past, all of the FOSS 3D tool alternatives have Linux versions. This means that for the first time, professional 3D users can give Windows a miss and work with Linux as their OS instead.
In a comment on the original submission, dryriver offers some anecdotal evidence: Go on any major 3D software forum on the Internet and it is filled with enraged 3D users revolting against forced software subscriptions and threatening to switch to FOSS Blender as soon as possible.

Some major 3D animation studios are also working Blender into their CGI pipeline. Companies like EPIC and Nvidia have begun donating to the Blender foundation. Its happening. The move away from commercial closed source tools - which are expensive, stagnant and don't offer you permanent licenses anymore - is in full swing. The fact that Blender has an innovative GPU accelerated realtime render engine called EEVEE that none of the commercial software has has only accelerated this trend.

Blender is widely believed to have 2 - 3 million active users already, and the fact that V 2.80 comes with a much more usable UI is only accelerating things.

"Despite its own solvency concerns, NPM Inc on Tuesday deployed code changes that add a 'funding' command to the latest version of the npm command-line tool, namely v6.13.0," reports the Register: Henceforth, developers creating packages for the JavaScript runtime environment Node.js can declare metadata that describes where would-be donors can go to offer financial support. Doing so involves adding a funding field to package.json, a file that lists various module settings and dependencies. The funding field should be a URL that points to an online funding service, like Patreon, or payment-accepting website....

In a phone interview with The Register, NPM Inc co-founder and co-CTO Isaac Schlueter said: "The problem we're solving is open source projects need funding and there are very few ways people can get that information in front of people using their code...." Schlueter allowed that NPM Inc's funding mechanism may reward good marketers more than it rewards good developers. But he believes it will work against that. "One thing nice about this approach is that it does take some of the marketing skill out of the equation," he said. "Because all you really have to do is set up a payment URL and then put that in your packages. You don't have to craft the message expertly, you'll show up on that list at the end of the install."
"At the end of August, we made a promise to the community to invest time & effort to better support package maintainers," explains an announcement on the NPM blog.

"This work is just the first, small step toward creating a means/mechanism for a more sustainable open source development ecosystem."

On Hackaday's hosting site Hackaday.io, an electrical engineer with a background in semiconductor physics argues that Linux's small market share is due to a lack of marketing: Not only does [Linux] have dominance when raw computing ability is needed, either in a supercomputer or a webserver, but it must have some ability to effectively work as a personal computer as well, otherwise Android wouldn't be so popular on smartphones and tablets. From there it follows that the only reason that Microsoft and Apple dominate the desktop world is because they have a marketing group behind their products, which provides customers with a comfortable customer service layer between themselves and the engineers and programmers at those companies, and also drowns out the message that Linux even exists in the personal computing realm...

Part of the problem too is that Linux and most of its associated software is free and open source. What is often a strength when it comes to the quality of software and its flexibility and customizablity becomes a weakness when there's no revenue coming in to actually fund a marketing group that would be able to address this core communications issue between potential future users and the creators of the software. Canonical, Red Hat, SUSE and others all had varying successes, but this illistrates another problem: the splintered nature of open-source software causes a fragmenting not just in the software itself but the resources. Imagine if there were hundreds of different versions of macOS that all Apple users had to learn about and then decide which one was the best for their needs...

I have been using Linux exclusively since I ditched XP for 5.10 Breezy Badger and would love to live in a world where I'm not forced into the corporate hellscape of a Windows environment every day for no other reason than most people already know how to use Windows. With a cohesive marketing strategy, I think this could become a reality, but it won't happen through passionate essays on "free as in freedom" or the proper way to pronounce "GNU" or the benefits of using Gentoo instead of Arch. It'll only come if someone can unify all the splintered groups around a cohesive, simple message and market it to the public.

Ever wondered what would manifest if you mixed 1990s nostalgia with a clever name and some futuristic hacking tech? The answer is the Pwnagotchi: a DIY, open source gadget for hacking Wi-Fi that gets smarter the more networks it gets exposed to using machine learning. From a report: It also has an adorable interface that reflects different "moods" depending on what it's doing, and echoes the Tamagotchi digital pets of the 90s. The idea is for its user to take it around the city and "feed" it with Wi-Fi handshakes, the process that allows phones or laptops to communicate with other wireless devices like a router or a smart TV. In theory, these handshakes can then be cracked to reveal the Wi-Fi network's password, which would be useful if the Pwnagotchi user wanted to hack into the Wi-Fi network at a later time. Hackers, of course, love it. The software for the Pwnagotchi was publicly released on September 19. Barely a month later, and with little promotion other than on Twitter, there's already an enthusiastic community of hundreds of security researchers and hackers all over the world who are playing with it, modding it, writing plugins to improve it, and helping each other out on a Slack channel.

Project Trident is moving from FreeBSD to Void Linux, reports Its FOSS: According to a later post, the move was motivated by long-standing issues with FreeBSD. These issues include "hardware compatibility, communications standards, or package availability continue to limit Project Trident users". According to a conversation on Telegram, FreeBSD has just updated its build of the Telegram client and it was nine releases behind everyone else.

The lead dev of Project Trident, Ken Moore, is also the main developer of the Lumina Desktop. The Lumina Desktop has been on hold for a while because the Project Trident team had to do so much work just to keep their packages updated. (Once they complete the transition to Void Linux, Ken will start working on Lumina again.)

After much searching and testing, the Project Trident team decided to use Void Linux as their new base.
More from the Project Trident site: It's important to reiterate that Project Trident is a distribution of an existing operating system. Project Trident has never been a stand-alone operating system. The goal of Project Trident is enhancing the usability of an operating system as a graphical workstation through all sorts of means: custom installers, automatic setup routines, graphical utilities, and more...

The more we've tested Void Linux, the more impressed we have been. We look forward to working with an operating system that helps Project Trident continue to provide a stable, high-quality graphical desktop experience.

Google appears to be removing apps that have donation links, including open-source apps where donations are one of the main sources of revenue. WireGuard, a free and open-source VPN, has been reportedly dropped over this according to WireGuard lead developer Jason Donenfeld. Phoronix reports: After waiting days for Google to review the latest version of their secure VPN tunnel application, it was approved and then removed and delisted -- including older versions of WireGuard. The reversal comes on the basis of violating their "payments policy." The only bit of possible "payments" within the WireGuard app is a donation link within the program taking the user to the WireGuard website should anyone want to donate to support this promising open-source secure networking tech. An appeal to the situation was also rejected by Google, Donenfeld has confirmed this morning on their mailing list. In trying to make it back into Android's Play Store, Jason has dropped the donation link from the Android app version while it's still awaiting review from Google. UPDATE: WireGuard lead developer Jason Donenfeld says the app "has been relisted on the Play Store in its usual location," adding: "Sorry again for any inconvenience this has caused users, or caused developers who depend on the availability of our app for use by their own users. We won't be making any similar changes unless we're certain that we won't be delisted."

Continuing its embracing of open source, Microsoft has today announced two new open source projects. From a report: The first is Open Application Model (OAM), a new standard for developing and operating applications on Kubernetes and other platforms. The second project is Dapr (Distributed Application Runtime), designed to make it easier to build microservice applications. Microsoft says that both OAM and Dapr "help developers remove barriers when building applications for cloud and edge." Microsoft has worked on OAM with Alibaba, and the aim is to simplify the development and deployment of applications. The company explains that: "OAM is a specification for describing applications so that the application description is separated from the details of how the application is deployed onto and managed by the infrastructure. This separation of concerns is helpful for multiple reasons." The second open source project is Dapr, which Microsoft describes as "an open source, portable, event-driven runtime that makes it easy for developers to build resilient, microservice stateless and stateful applications that run on the cloud and edge."

exomondo shares a report from The Hacker News: A vulnerability has been discovered in Sudo -- one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access. Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments -- most often, for running commands as the root user.

The vulnerability, tracked as CVE-2019-14287 and discovered by Joe Vennix of Apple Information Security, is more concerning because the sudo utility has been designed to let users use their own login password to execute commands as a different user without requiring their password. What's more interesting is that this flaw can be exploited by an attacker to run commands as root just by specifying the user ID "-1" or "4294967295." That's because the function which converts user id into its username incorrectly treats -1, or its unsigned equivalent 4294967295, as 0, which is always the user ID of root user. The vulnerability affects all Sudo versions prior to the latest released version 1.8.28, which has been released today.

System76, the Denver-based Linux PC manufacturer and developer of Pop OS, has some stellar news for those who prefer their laptops a little more open. Later this month the company will begin shipping two of their laptop models with its Coreboot-powered open source firmware. From a report: Beginning today, System76 will start taking pre-orders for both the Galago Pro and Darter Pro laptops. The systems will ship out later in October, and include the company's Coreboot-based open source firmware which was previously teased at the 2019 Open Source Firmware Conference. (Coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.) What's so great about ripping out the proprietary firmware included in machines like this and replacing it with an open alternative? To begin with, it's leaner. System76 claims that users can boot from power off to the desktop 29% faster with its Coreboot-based firmware.

[...] Both of these laptops can be kitted out with 10th-Generation Intel CPUs (specifically the i5-10210U and the i7-10510U), and both have glare-resistant matte 1080p IPS displays. Beginning at $949, the Galago Pro features an all-aluminum chassis, a wealth of connectivity options including HDMI, DisplayPort to USB-C and Thunderbolt, and can be configured with up to 32GB of RAM and up to 6TB of storage space. The Darter Pro, meanwhile, can be built out with 32GB of RAM and up to 2TB of storage, and features up to 10 hours of battery life.

Collapse OS is a new open-source operating system built specifically for use during humanity's darkest days. According to its creator, software developer Virgil Dupras, Collapse OS is what the people of the future will need to reconfigure their scavenged iPhones. For now, though, he's hosting the project on GitHub and looking for contributors. Motherboard reports: According to the Collapse OS site, Dupras envisions a world where the global supply chain collapses by 2030. In this possible future -- kind of a medium-apocalypse -- populations won't be able to mass produce electronics anymore, but they'll still be an enormous source of political and social power. Anyone who can scavenge electronics and reprogram them will gain a huge advantage over those who don't. Dupras believes that the biggest problem for tech savvy post-apocalyptic people will be microcontrollers -- tiny computers embedded in circuit boards that control the functions of computer systems.

Collapse OS will work with Z80 8-bit microprocessors. Though less common today than 16- and 32-bit components, the 8-bit Z80 can be found in desktop computers, cash registers, musical instruments, graphing calculators, and everything in between. In a Reddit Q&A, Dupras explained that the Z80 was chosen "because it's been in production for so long and because it's been used in so many machines, scavenger have good chances of getting their hands on it." According to the product page, Collapse OS currently can run on a homebrew Z80-based computer called the RC2014, and on Reddit Dupras said it could theoretically run on a Sega Genesis console.

An anonymous reader quotes a report from ZDNet: At the 2019 Linux Plumbers Conference, I talked to Linus Torvalds and several other of the Linux kernel's top programmers. They universally agreed Microsoft wants to control Linux, but they're not worried about it. That's because Linux, by its very nature and its GPL2 open-source licensing, can't be controlled by any single third-party. Torvalds said: "The whole anti-Microsoft thing was sometimes funny as a joke, but not really. Today, they're actually much friendlier. I talk to Microsoft engineers at various conferences, and I feel like, yes, they have changed, and the engineers are happy. And they're like really happy working on Linux. So I completely dismissed all the anti-Microsoft stuff."

But that doesn't mean the Microsoft leopard can't change its spots. Sure, he hears, "This is the old Microsoft, and they're just biding their time." But, Torvalds said, "I don't think that's true. I mean, there will be tension. But that's true with any company that comes into Linux; they have their own objectives. And they want to do things their way because they have a reason for it." So, with Linux, "Microsoft tends to be mainly about Azure and doing all the stuff to make Linux work well for them," he explained. Torvalds emphasized this is normal: "I mean, that's just being part of the community." James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, sees Microsoft as going through the same process as all other corporate Linux supporters: "This is a thread that runs through Linux. You can't work on the kernel to your own proprietary advantage. A lot of companies, as they came in with the proprietary business model, assumed they could. They have to be persuaded that, if you want something in Linux, that will assist your business -- absolutely fine. But it has to go through an open development process. And if someone else finds it useful, you end up cooperating or collaborating with them to produce this feature." That means, to get things done, even Microsoft is "eventually forced to collaborate with others."

Bottomley concluded: "So it doesn't matter if Microsoft has a competing agenda to Red Hat or IBM or anybody else. Developers are still expected to work together in the Linux kernel with a transparent agenda."

The Transaction Processing Performance Council is a many-decades-old nonprofit that defines transaction processing and database benchmarks and shares its performance results with the industry.

Long-time Slashdot reader hackingbear says they've just released some surprising news: The TPC organization reported on October 5 that OceanBase, an open-source relational database from Ant Financial, a business unit of Chinese e-commerce giant Alibaba Group, has topped the TPC-C benchmark, more than doubling the score achieved by Oracle Corp. which had held the world record for the past 9 years.

OceanBase v2.2 Enterprise Edition with Partitioning scored at 60,880,800, while Oracle Database 11g R2 Enterprise Edition w/RAC and Partitioning achieved 30,249,688.

TPC Benchmark C is industrial standard OLTP benchmark, measuring on-line transactions per minute (tpmC).

Google has been testing the Linux kernel with its "sanitizer" testing software that hunts for memory corruption bugs and undefined behaviors. Now Phoronix reports on Google's newest sanitizer: Kernel Concurrency Sanitizer (KCSAN) is focused on discovering data-race issues within the kernel code. This dynamic data-race detector is an alternative to the Kernel Thread Sanitizer. In their testing just last month, in two days they found over 300 unique data race conditions within the mainline kernel.

There was a recent discussion about the Kernel Concurrency Sanitizer on the LKML.

An anonymous reader quotes ZDNet: Microsoft has launched a new 44-part series called Python for Beginners on YouTube, consisting of three- to four-minute lessons from two self-described geeks at Microsoft who love programming and teaching.

The course isn't quite for total beginners as it assumes people have done a little programming in JavaScript or played around with the MIT-developed Scratch visual programming language aimed at kids. But it could help beginners kick-start ambitions to build machine-learning apps, web applications, or automate processes on a desktop.... It has published a page on GitHub containing additional resources, including slides and code samples to help students become better at Python.

The NLNet Foundation is a non-profit supporting privacy, security, and the "open internet". Now the open source Libre RISC-V hybrid CPU/GPU is applying for eight additional grants from the NLNet Foundation, according to this update from the project's Luke Kenneth Casson Leighton (Slashdot reader #517,947): Details on each Grant Application are on the newly-opened RISC-V Community Forum.

The general idea is to kick RISC-V into a commercially-viable mass-volume high gear by putting forward funding proposals for NEON/SSE-style Video Acceleration to be upstreamed for use by ffmpeg, vlc, mplayer and gstreamer; hardware-assisted Mesa 3D (a port of the RADV Vulkan Driver to RISC-V), and a hardware-accelerated OpenCL port to RISC-V. This all in a "Hybrid" fashion (a la NEON/SSE) as opposed to the "usual" way that 3D and Video is done, which hugely complicate both software drivers and applications debugging.

In addition, the Libre RISC-V SoC itself is applying for grants to do a gcc port supporting its Vectorisation Engine including auto-vectorisation, and, crucially, to do an entirely Libre-licensed ASIC Layout using LIP6.fr coriolis2, working in tandem with Chips4Makers to create a 180nm commercially-viable single-core dual-issue test ASIC.

The process takes approximately 2-3 months for approval. Once accepted, anyone may be the direct (tax-deductible) recipient of NLNet donations, for sub-tasks completed. Worth noting: Puri.sm is sponsoring the project, and, given NLNet's Charitable Status, donations from Corporations (or individuals) are 100% tax-deductible.