An anonymous reader shares a report: Today, Canonical's Ubuntu reaches a major milestone. You see, Ubuntu 19.04, which is named "Disco Dingo," has achieved Beta status. And yes, you can download it immediately. Fans of GNOME will be glad to know that version 3.32 is included in the standard Ubuntu Desktop release. Also cool? This is the first version of Ubuntu to use Linux kernel 5.

Five candidates now are running to be Debian's project leader for the coming year. But earlier this week, Slashdot reader Seven Spirals shared LWN's story about what a difficult election it's been: This year, the call for nominations was duly sent out by project secretary Kurt Roeckx on March 3. But, as of March 10, no eligible candidates had put their names forward... There is nobody there to do any campaigning.

This being Debian, the constitution naturally describes what is to happen in this situation: the nomination period is extended for another week... Should this deadline also pass without candidates, it will be extended for another week; this loop will repeat indefinitely until somebody gives in and submits their name... In the absence of a project leader, the chair of the technical committee and the project secretary are empowered to make decisions -- as long as they are able to agree on what those decisions should be. Since Debian developers are famously an agreeable and non-argumentative bunch, there should be no problem with that aspect of things...

One might well wonder, though, why there seems to be nobody who wants to take the helm of this project for a year. The fact that it is an unpaid position requiring a lot of time and travel might have something to do with it. If that were indeed to prove to be part of the problem, Debian might eventually have to consider doing what a number of similar organizations have done and create a paid position to do this work.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 73 for Windows, Mac, and Linux. The release includes support for hardware media keys, PWAs and dark mode on Mac, and the usual slew of developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. Chrome 73 supports Progressive Web Apps (PWAs) on macOS. These apps install and behave like native apps (they don't show the address bar or tabs). Google killed off Chrome apps last year and has been focusing on PWAs ever since. Adding Mac support means Chrome now supports PWAs on all desktop and mobile platforms: Windows, Mac, Linux, Chrome OS, Android, and iOS. Chrome now also supports dark mode on Apple's macOS; dark mode for Windows is on the way, the team promises.

The VentureBeat report includes a long list of developer features included in this release, as well as all the security fixes found by external researchers. Chrome 73 implements a total of 60 security fixes.

The Linux Foundation today unveiled several major collaborative partnerships as it looks to cement the development of various open source projects that power much of the web. From a report: First off, the Node.js Foundation and the JS Foundation, which the Linux Foundation launched in 2016, are merging to form the OpenJS Foundation. The merger between the two chief organizations that focus on JavaScript comes six months after they publicly began to explore such a possibility with their communities. The OpenJS Foundation will focus on hosting and funding activities that support the growth of JavaScript and web technologies, the Linux Foundation said in a press release.

The OpenJS Foundation consists of 29 open source JavaScript projects including jQuery, Node.js, Appium, Dojo, and webpack. The merger is supported by 30 corporate and end user members including Google, Microsoft, IBM, PayPal, GoDaddy, and Joyent that recognize the "interconnected nature of the JavaScript ecosystem, and the importance of providing a neutral home for projects which represent significant shared value," the Linux Foundation said in a prepared statement. Also in the report: The Linux Foundation has created CHIPS Alliance, a project that aims to host and curate open source code relevant to design of chips that power mobile, IoT, and other consumer electronic devices; and the Continuous Delivery Foundation, which aims to serve as a platform for vendors, developers, and users to frequently engage and share insights and best practices to spur the development of open source projects.

It also announced that the GraphQL Foundation is collaborating with Joint Development Foundation to encourage "contributions, stewardship, and a shared investment from a broad group in vendor-neutral events, documentation, tools, and support for the data query language."

Michael Stapelberg, maintains "a bunch" of Debian packages and services, and says the free software Linux distro "has been in my life for well over 10 years at this point."

Today he released a 2,255-word essay explaining why he's "winding down" his involvement in Debian to a minimum, citing numerous complaints including Debian's complicated build stack, waits of up to seven hours before package uploads can be installed, leading to "asynchronous" feedback -- and Debian's lack of tooling for large changes.
The closest to "sending out a change for review" is to open a bug report with an attached patch... Culturally, reviews and reactions are slow. There are no deadlines. I literally sometimes get emails notifying me that a patch I sent out a few years ago (!!) is now merged. This turns projects from a small number of weeks into many years, which is a huge demotivator for me.

Interestingly enough, you can see artifacts of the slow online activity manifest itself in the offline culture as well: I don't want to be discussing systemd's merits 10 years after I first heard about it.

Lastly, changes can easily be slowed down significantly by holdouts who refuse to collaborate. My canonical example for this is rsync, whose maintainer refused my patches to make the package use debhelper purely out of personal preference. Granting so much personal freedom to individual maintainers prevents us as a project from raising the abstraction level for building Debian packages, which in turn makes tooling harder.
There's also several complaints about old infrastructure -- for example, "I dread interacting with the Debian bug tracker. debbugs is a piece of software (from 1994) which is only used by Debian and the GNU project these days." Stapelberg also complains that the "painful" experience of developing using Debian "leaves a lot to be desired," and adds that "It baffles me that in 2019, we still don't have a conveniently browsable threaded archive of mailing list discussions."

"My frustration level ultimately exceeded the threshold," Stapelberg writes in the essay, adding "I hope this post inspires someone, ideally a group of people, to improve the developer experience within Debian." He'll soon transition packages to be team-maintained "where it makes sense," but also "orphan packages where I am the sole maintainer... For all intents and purposes, please treat me as permanently on vacation..."

"I will try to keep up best-effort maintenance of the manpages.debian.org service and the codesearch.debian.net service, but any help would be much appreciated."

"For over a decade, VMware has been accused of illegally using Linux code in its VMware ESX bare-metal virtual machine hypervisor," reports ZDNet, adding that "A German court has dismissed the case, but the struggle may not be over." VMware stood accused of illegally using Linux code in its flagship VMware ESX bare-metal virtual machine (VM) hypervisor... In 2011, the Software Freedom Conservancy, a non-profit organization that promotes open-source software, discovered that VMware had failed to properly license any Linux or BusyBox, a popular embedded Linux toolkit, source code... In 2015, having exhausted all other means, [Linux kernel developer Christoph] Hellweg and the Software Freedom Conservancy sued VMware in the district court of Hamburg in Germany. Besides the general violation of the GPLv2, "Conservancy and Hellwig specifically assert that VMware has combined copyrighted Linux code, licensed under GPLv2, with their own proprietary code called 'vmkernel' and distributed the entire combined work without providing nor offering complete, corresponding source code for that combined work under terms of the GPLv2."

The German court disagreed in November 2018. Helwig appealed and continued the fight, saying "The lower court dismissed the case as a result of evidentiary rules and likely an incomplete understanding of the documentation of the code in question...." [Monday] VMware rather mysteriously announced: "VMware is pleased with the Feb. 28, 2019 decision of the German appellate court in Hamburg to dismiss Mr. Hellwig's appeal and let stand the regional court's decision to dismiss Mr. Hellwig's lawsuit. "
Karen Sandler, attorney and the Conservancy's executive director, told ZDNet that "We strongly believe that litigation is necessary against willful GPL violators, particularly in cases like VMware where this is strong community consensus that their behavior is wrong. Litigation moves slowly. We will continue to discuss this with Christoph and his lawyers and hope to say more about it in the coming weeks -- after the courts provide their rationale for their decision to the parties (which has not yet occurred)."

Meanwhile, VMware stated that it "continues to be a strong supporter of open source software development," adding that it's been "actively" working on removing vmklinux from vSphere in an upcoming release as part of a multi-year project -- "for reasons unrelated to the litigation."

Linux 5.1 continues the massive undertaking in preparing the kernel for the Year 2038 problem. Phoronix: The Linux kernel has been seeing "Y2038" work for years and the effort is far from over. Thomas Gleixner (a Linux kernel developer who serves as a member of the technical advisory board at The Linux Foundation) sent in the latest Y2038 work for the Linux 5.1 kernel, which after a lot of ground work in previous kernels has introduced the first set of syscalls that are Year 2038 safe.

An anonymous reader writes: Linus Torvalds has released Linux 5.0 in kicking off the kernel's 28th year of development. Linux 5.0 features include AMD FreeSync support, open-source NVIDIA Turing GPU support, Intel Icelake graphics, Intel VT-d scalable mode, NXP PowerPC processors are now mitigated for Spectre Variant Two, and countless other additions. eWeek adds: Among the new features that have landed in Linux 5.0 is support for the Adiantum encryption system, developed by Google for low power devices. Google's Android mobile operating system and ChromeOS desktop operating system both rely on the Linux kernel. "Storage encryption protects your data if your phone falls into someone else's hands," Paul Crowley and Eric Biggers, Android Security and Privacy Team at Google wrote in a blog post. "Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices without cryptographic acceleration, to ensure that all devices can be encrypted. Memory management in Linux also gets a boost in the 5.0 kernel with a series of improvements designed to help prevent memory fragmentation, which can reduce performance.

For some reason, Apple's website where you can manage your Apple ID (appleid.apple.com) is blocking users of Linux browsers from accessing it. From a report: Having access to the website is important to manage things such as payment information, two-factor authentication, and other account details. Even though the number of Linux users accessing the website must be relatively small compared to other operating systems, some iPhone users who use Linux on the desktop noticed the issue. This behavior was first explained by user Alexander Martin on Mastodon. He discovered that when the browser reports itself as being a Linux browser, Apple's website will block the access by throwing a "Bad Gateway" error.

The Linux Foundation today launched Enabling Linux in Safety Applications (ELISA), an open source project comprising tools intended to help companies build and certify Linux-based systems whose failure could result in loss of human life, significant property damage, or environmental damage. From a report: In partnership with British chip designer Arm, BMW, autonomous platforms company Kuka, Linutronix, and Toyota, ELISA will work with certification and standardization bodies in "multiple industries" to establish ways Linux can form the foundation of safety-critical systems across industries.

dryriver writes: A lot of people probably remember the 1990s palmtop computers made by Psion fondly. The clamshell-design palmtops were pocketable, black and white, but had a working stylus and a fantastic tactile foldout QWERTY keyboard that you could type pretty substantial documents on or even write code with. A different company -- Planet Computers -- has now produced a spiritual successor to the old Psion palmtops called the Gemini PDA that is much like an old Psion but with the latest Android smartphone hardware in it and a virtually identical tactile keyboard. It can also dual boot to Linux (Debian, Ubuntu, Sailfish) alongside Android. The technical specs are a MediaTek deca-core processor, 4GB RAM, 64GB storage (plus microSD slot), 4G, 802.11c Wi-Fi, GPS, Bluetooth, eSIM support, and 4,220mAh battery. The screen measures in at 5.99-inches with a 2,160 x 1,080 (403ppi) resolution. The only thing missing seems to be the stylus -- but perhaps that would have complicated manufacturing of this niche-device in its first production run.

One of Windows Subsystem for Linux's more annoying tricks is it's hard to get at your Linux files from Windows. From a report: Oh, you can do it, but you take a real chance of ruining the files. To quote Microsoft, "DO NOT, under ANY circumstances, access, create, and/or modify files in your distro's filesystem using Windows apps, tools, scripts, consoles, etc." In the forthcoming Windows 10 April 2019 Update, aka Windows 10 19H1, this Linux file problem will finally be fixed. According to Craig Loewen, a Microsoft programming manger working on Windows Subsystem for Linux (WSL), "The next Windows update is coming soon and we're bringing exciting new updates to WSL with it! These include accessing the Linux file system from Windows, and improvements to how you manage and configure your distros in the command line."

jrepin writes: Today, KDE launched Plasma 5.15, the first stable release of the popular desktop environment in 2019. For this release the Plasma team has focused on hunting down and removing all the paper cuts that slow you down. Plasma 5.15 brings a number of changes to the configuration interfaces, including more options for complex network configurations. Many icons have been added or redesigned to make them clearer. Integration with third-party technologies like GTK and Firefox has been improved substantially. Discover, Plasma's software and add-on installer, has received tons of improvements to help you stay up-to-date and find the tools you need to get your tasks done. For a more detailed list of features/changes, you can browse the full Plasma 5.15 changelog.

Mark Wycislik-Wilson, writing for BetaNews: Last year, developer Felix Rieseberg released Windows 95 as an Electron app to let 90s computer users relive their younger years. Now he's back with a second version of the Windows 95 app, and it's even better than ever -- gaming classics such as Doom and Wolfenstein3D are now included, for starters! Based on the Electron framework, Windows 95 2.0 is written in JavaScript, and is essentially a 500MB standalone virtual machine. The original release was lacking in a number of areas -- such as no sound or internet access. This second release is described as a "big update" and includes a web browser in the form of Netscape Navigator 2.0.

Writing at Linux Journal, Glyn Moody reports that dozens of government IT systems are switching to open source software.

"The fact that this approach is not already the norm is something of a failure on the part of the Free Software community..." One factor driving this uptake by innovative government departments is the potential to cut costs by avoiding constant upgrade fees. But it's important not to overstate the "free as in beer" element here. All major software projects have associated costs of implementation and support. Departments choosing free software simply because they believe it will save lots of money in obvious ways are likely to be disappointed, and that will be bad for open source's reputation and future projects.

Arguably as important as any cost savings is the use of open standards. This ensures that there is no lock-in to a proprietary solution, and it makes the long-term access and preservation of files much easier. For governments with a broader responsibility to society than simply saving money, that should be a key consideration, even if it hasn't been in the past.... Another is transparency. Recently it emerged that Microsoft has been gathering personal information from 300,000 government users of Microsoft Office ProPlus in the Netherlands, without permission and without documentation.
He includes an inspiring quote from the Free Software Foundation Europe about code produced by the government: "If it is public money, it should be public code as well. But when it comes to the larger issue about the general usage of proprietary vs. non-proprietary software -- what do Slashdot's readers think?

Should all government IT systems be using open source software?

Slashdot reader internet-redstar writes: The Tesla Hacker, Jasper Nuyens -- who uncovered Tesla's "unconfirmed lane change" last year -- now launched at FOSDEM an open-source project called "FreedomEV" to run on top of rooted Teslas. It adds new features to the vehicles, such as a "Hotspot Mode" for in-car Wi-Fi and a "Cloak Mode" to prevent all location tracking and more. It hopes to become available for other cars too. Full presentation video can be found here. The Github project and the website. He is looking for contributors and support from Tesla.

Despite being more than one year old, the Meltdown or Spectre vulnerabilities have remained a theoretical threat, and no malware strain or threat actor has ever used any in a real-world attack. Over the course of the last year, system and network administrators have called on the Linux project for options to disable these protections. A report adds: Many argued that the threat is theoretical and could easily be mitigated with proper perimeter defenses, in some scenarios. Even Linus Torvalds has called for a slowdown in the deployment of some performance-hitting Spectre mitigations. The Linux kernel team has reacted positively towards these requests and has been slowly adding controls to disable some of the more problematic mitigations.

[...] The latest effort to have mitigations turned off -- and stay down -- is the addition of the PR_SPEC_DISABLE_NOEXEC control bit to the Linux kernel. This bit will prevent child processes from starting in a state where the protections for Spectre v4 are still activated, despite being deactivated in the parent process.

"Time and again, security experts and vendors alike will recommend to organizations and end users to keep software and systems updated with the latest patches," reports eWeek. "But what happens when the application infrastructure that is supposed to deliver those patches itself is at risk?" That's what open-source and Linux users were faced with this past week with a pair of projects reporting vulnerabilities. On January 22, the Debian Linux distribution reported a vulnerability in its APT package manager that is used by end users and organizations to get application updates. That disclosure was followed a day later, on January 23, with the PHP PEAR (PHP Extension and Application Repository) shutting down its primary website, warning that it was the victim of a data breach. PHP PEAR is a package manager that is included with many Linux distributions as part of the open-source PHP programming language binaries....

In the Debian APT case, a security researcher found a flaw, reported it, and the open-source project community responded rapidly, fixing the issue. With PHP PEAR issue, researchers with the Paranoids FIRE (Forensics, Incident Response and Engineering) Team reported that they discovered a tainted file on the primary PEAR website... Both PHP PEAR and Debian have issued updates fixing their respective issues. While both projects are undoubtably redoubling their efforts now with different security technologies and techniques, the simple fact is that the two issues highlight a risk with users trusting updating tools and package management systems.

Michael Larabel writes via Phoronix: Wine 4.0 is now officially available as the new annual stable release to Wine for running Windows programs and games on Linux and other operating systems. Following seven weekly release candidates, Wine 4.0 was ready to ship today as judged by Wine founder Alexandre Julliard. Wine 4.0 is a big release bringing initial Vulkan graphics API support, Direct3D CSMT is enabled by default, early Direct3D 12 support via VKD3D, continued HiDPI work, various OpenGL improvements, multi-sample D3D texture support, 64-bit improvements, continued Android support, and much more. The release announcement and notes can be read via WineHQ.org. The source can be downloaded here.

An anonymous reader quotes ZDNet: MongoDB is an open-source document NoSQL database with a problem. While very popular, cloud companies, such as Amazon Web Services (AWS), IBM Cloud, Scalegrid, and ObjectRocket has profited from it by offering it as a service while MongoDB Inc. hasn't been able to monetize it to the same degree. MongoDB's answer? Relicense the program under its new Server Side Public License (SSPL).

Open-source powerhouse Red Hat's reaction? Drop MongoDB from Red Hat Enterprise Linux 8. Red Hat's Technical and Community Outreach Program Manager Tom Callaway explained, in a note stating MongoDB is being removed from Fedora Linux, that "It is the belief of Fedora that the SSPL is intentionally crafted to be aggressively discriminatory towards a specific class of users." Debian Linux had already dropped MongoDB from its distribution....

The business point behind MongoDB's license change is to force cloud companies to use one of MongoDB's commercial cloud offerings. This hasn't worked either. AWS just launched DocumentDB, a database, which "is designed to be compatible with your existing MongoDB applications and tools," wrote AWS evangelist Jeff Barr.