Ars Technica reviews the Purism Librem 5 smartphone, which is made from open-source software and (mostly) open hardware. It is clearly not there yet as a replacement for the phone in our pockets, but it would seem to be on the right path. “The thing to keep in mind here is that Purism has taken on an absolutely gargantuan task. It somehow scraped together a new supply chain of mostly open source components, it came up with a smartphone design from scratch, and it is building its own smartphone distribution of Linux. Two years is not enough time to do this. The OS and app package is not nearly finished, and it lacks basic smartphone functionality. The hardware is nearly finished, but you’ll have a hard time taking advantage of it right now since the power management isn’t really implemented, and support for things like the cameras are non-existent. If you really want open source smartphones to be a thing, though, this is where you need to start. The Librem 5 is a proof of concept.”
The Electronic Frontier Foundation (EFF) has put out a statement in support of journalist Glenn Greenwald whose “prosecution is an attempt to use computer crime law to silence an investigative reporter who exposed deep-seated government corruption“. Greenwald is being charged in Brazil, where he reported on corruption within the government of that country. While the EFF said that it has seen “no actions detailed in the criminal complaint that violate Brazilian law“, its main concern is the use of ill-defined “cybercrime” laws.
“Around the world, cybercrime laws are notoriously hazy. This is in part because it’s challenging to write good cybercrime laws: technology evolves quickly, our language for describing certain digital actions may be imprecise, and lawmakers may not always imagine how laws will later be interpreted. And while the laws are hazy, the penalties are often severe, which makes them a dangerously big stick in the hands of prosecutors. Prosecutors can and do take advantage of this disconnection, abusing laws designed to target criminals who break into computers for extortion or theft to prosecute those engaged in harmless activities, or research—or, in this case, journalists communicating with their sources.”
Security updates have been issued by openSUSE (chromium, libredwg, and thunderbird), Oracle (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, and python-reportlab), Red Hat (kernel), Scientific Linux (apache-commons-beanutils, libarchive, and openslp), SUSE (java-11-openjdk), and Ubuntu (e2fsprogs, graphicsmagick, python-apt, and zlib).
Keith Packard is no stranger to the linux.conf.au stage; he has spoken on a
wide variety of topics since he started going to the conference in 2004
(which was held in
Adelaide, where organizers apparently had a lot of ice cream for
attendees). One of his talks at this year’s conference was on an
education-focused project that he has been working on for around a year:
a version of Python called “Snek” targeting embedded processors.
He gave a look at some of the
history of his work with 10-12 year-old students that led to the
development of Snek as well as some plans for the language—and hardware to
run it on—moving forward.
integrity (CFI) is a technique used to reduce the ability to
redirect the execution of a program’s code in attacker-specified ways. The
Clang compiler has some features that can assist in maintaining
control-flow integrity, which have been applied to the Android kernel. Kees
Cook gave a talk about CFI for the Linux kernel at the recently concluded
linux.conf.au in Gold Coast, Australia.
Everyone has expertise in some things, which is normally seen as a good
thing to have. But Dr. Sean Brady gave some examples of ways that our
expertise can lead us astray, and actually cause us to make worse decisions,
in a keynote at the 2020 linux.conf.au. Brady is a forensic
engineer who specializes in analyzing engineering
failures to try to discover the root causes behind them. The talk gave
real-world examples of expertise gone wrong, as well as looking at some of the
psychological research that demonstrates the problem. It was an
interesting view into the ways that our brains work—and fail to work—in
situations where our expertise may be sending our thoughts down the wrong path.
The intersection of games with free and open-source software (FOSS) was the
topic of a
miniconf on the first day of this year’s linux.conf.au, which was held January
13-17 in Gold Coast, Australia. As part of the miniconf, Bradley M. Kuhn
gave a talk that was well outside of his normal conference-talk fare:
the game of poker and its relationship to FOSS. It turns out that he did
some side work on a FOSS-based poker site along the way, which failed by
most measures, but there was also an element of success to the project.
The time for a successful FOSS poker project likely has passed at this
point, but there are some lessons to be learned from the journey.
One of Guido van Rossum’s last items of business as he finished his term on the inaugural steering council for Python was to
review the Python Enhancement Proposal (PEP) that proposes a new update and union
operators for dictionaries. He would still seem to be in favor of the idea,
but it will be up to the newly elected steering
council and whoever the council chooses as the PEP-deciding delegate (i.e. BDFL-Delegate).
Van Rossum provided some feedback on the PEP and,
inevitably, the question of how to spell the operator returned, but the
path toward getting a decision on it is now pretty clear.
The random-number generation facilities in the kernel have been reworked
some over the past few months—but problems in that subsystem have been
addressed over an even longer time frame. The most
recent changes were made to stop the getrandom() system call from
blocking for long periods of time at system boot, but the underlying cause
was the behavior of the blocking random pool. A recent patch set would
remove that pool and it would seem to be headed for the mainline kernel.
It is not all that often that the mainstream press looks at issues in the open-source world, but this article from The Atlantic does just that; it looks at the controversy surrounding GitHub renewing its contract with the US Immigration and Customs Enforcement (ICE) agency and the concerns some have had with their code being used by ICE. “So when news of GitHub’s contract with ICE emerged, its employees weren’t the only ones outraged. Because of the transitive nature of open source, volunteer developers—who host code on the site to share with others—may have unwittingly contributed to the code GitHub furnished for ICE, the agency responsible for enforcing immigration policy. Some were troubled by the idea that their code might in some way be used to help agents detain and deport undocumented migrants. But their outrage—and the backlash to it—reveals existential questions about the very nature of open source.”
Over the holiday week, we missed the announcement of Ruby 2.7 on December 25. It is the most recent release of the Ruby programming language and was more than a year in development. There are quite a few new features including experimental pattern matching for case statements (more information can be found in these slides), a new compaction garbage collector for the heap, support for separating positional and keyword arguments, and plenty more.
Python prides itself on being a newbie-friendly language; its developers
have gone out of their way to try to ensure that easy tasks are
straightforward to program. A recent discussion on the python-ideas
mailing list looked at a use case that is common, but often implemented in an
inefficient, incorrect fashion, with an eye toward making it easier to do
correctly. Finding the first match for a regular expression in a body of
text is where the conversation started, but it went in some other
interesting directions as well.
A proposal to periodically run the fstrim
command on Fedora 32 systems was discussed recently on the Fedora
devel mailing list.
fstrim is used to cause a filesystem to inform the underlying
storage of unused blocks, which can help SSDs and other types of block
devices perform better.
There were a number of questions and concerns raised,
including whether to change the behavior of earlier versions of the
distribution when they get upgraded and if the kernel should be responsible
for handling the whole problem.
Security updates have been issued by CentOS (firefox, fribidi, nss, nss-softokn, nss-util, openslp, and thunderbird), Debian (opensc), and Mageia (389-ds-base, apache, apache-mod_auth_openidc, kernel, libofx, microcode, php, and ruby).
Security updates have been issued by Debian (cyrus-imapd and gdk-pixbuf), Fedora (cacti, cacti-spine, and fribidi), Red Hat (fribidi, git, and openstack-keystone), Scientific Linux (fribidi), Slackware (wavpack), and SUSE (firefox, kernel, mariadb, spectre-meltdown-checker, and trousers).