Project Trident is moving from FreeBSD to Void Linux, reports Its FOSS: According to a later post, the move was motivated by long-standing issues with FreeBSD. These issues include "hardware compatibility, communications standards, or package availability continue to limit Project Trident users". According to a conversation on Telegram, FreeBSD has just updated its build of the Telegram client and it was nine releases behind everyone else.

The lead dev of Project Trident, Ken Moore, is also the main developer of the Lumina Desktop. The Lumina Desktop has been on hold for a while because the Project Trident team had to do so much work just to keep their packages updated. (Once they complete the transition to Void Linux, Ken will start working on Lumina again.)

After much searching and testing, the Project Trident team decided to use Void Linux as their new base.
More from the Project Trident site: It's important to reiterate that Project Trident is a distribution of an existing operating system. Project Trident has never been a stand-alone operating system. The goal of Project Trident is enhancing the usability of an operating system as a graphical workstation through all sorts of means: custom installers, automatic setup routines, graphical utilities, and more...

The more we've tested Void Linux, the more impressed we have been. We look forward to working with an operating system that helps Project Trident continue to provide a stable, high-quality graphical desktop experience.

exomondo shares a report from The Hacker News: A vulnerability has been discovered in Sudo -- one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access. Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments -- most often, for running commands as the root user.

The vulnerability, tracked as CVE-2019-14287 and discovered by Joe Vennix of Apple Information Security, is more concerning because the sudo utility has been designed to let users use their own login password to execute commands as a different user without requiring their password. What's more interesting is that this flaw can be exploited by an attacker to run commands as root just by specifying the user ID "-1" or "4294967295." That's because the function which converts user id into its username incorrectly treats -1, or its unsigned equivalent 4294967295, as 0, which is always the user ID of root user. The vulnerability affects all Sudo versions prior to the latest released version 1.8.28, which has been released today.

Photographer Peter Adams launched a "Faces of Open Source" portrait project in 2014. This week he posted a special announcement on the web site of Bell Labs: Later this month, Bell Labs will celebrate the 50th anniversary of Unix with a special two day "Unix 50" event at their historic Murray Hill headquarters. This event should be one for the history books with many notable Unix and computer pioneers in attendance...!

As I was making those photographs (which will be on display at the event), I gained much insight into Bell Labs and the development of Unix. However, it was some of the more personal stories and anecdotes that brought Bell Labs to life and gave me a feel for the people behind the code. One such time was when Ken Thompson (who is an accomplished pilot) told me how he traveled to Russia after the fall of the Soviet Union in order to fly in a MiG-29 fighter jet... Brian Kernighan told me about how a certain portrait of Peter Weinberger found its way into some very interesting places. These included the concrete foundation of a building on Bell Labs campus, the cover images printed onto Unix CD-ROMs, and most notably, painted on the top of a nearby water tower.

Which brings us to another important piece of Unix mythology that I learned about: the fictitious Bell Labs employee G.R. Emlin (a.k.a. "the gremlin").... A lot of this folklore (including the gremlin) is going to be on display at the Unix 50 event. The archivists at Bell Labs have outdone themselves by pulling together a massive collection of artifacts taken from the labs where Unix was developed for over 30 years. I was able to photograph a few of these artifacts last year, but so much more will be exhibited at this event -- including several items from the personal archives of some attendees.

As if that wasn't enough, the event will also showcase a number of vintage computers and a look into Bell Labs future with a tour of their Future X Labs.
The article includes some more quick stories about the Unix pioneers at Bell Labs (including "the gremlin") and argues that "the decision to freely distribute Unix's source code (to anyone who asked for it) inadvertently set the stage for the free and open source software movements that dominate the technology industry today...

"In hindsight, maybe 1969 should be called the 'summer of code.'"

JustAnotherOldGuy shares a report from Boing Boing: Early versions of the free/open Unix variant BSD came with password files that included hashed passwords for such Unix luminaries as Dennis Ritchie, Stephen R. Bourne, Eric Schmidt, Brian W. Kernighan and Stuart Feldman. Leah Neukirchen recovered an BSD version 3 source tree and revealed that she was able to crack many of the weak passwords used by the equally weak hashing algorithm from those bygone days.

Dennis MacAlistair Ritchie's was "dmac," Bourne's was "bourne," Schmidt's was "wendy!!!" (his wife's name), Feldman's was "axlotl," and Kernighan's was "/.,/.,." Four more passwords were cracked by Arthur Krewat: Ozalp Babaolu's was "12ucdort," Howard Katseff's was "graduat;," Tom London's was "..pnn521," Bob Fabry's was "561cml.." and Ken Thompson's was "p/q2-q4!" (chess notation for a common opening move). BSD 3 used Descrypt for password hashing, which limited passwords to eight characters, salted with 12 bits of entropy.

Last week Infoworld reported on a reunion of more than 1,000 former employees of Sun Microsystems including all four founders of the company -- Andreas Bechtolsheim, Vinod Khosla, Scott McNealy, and Bill Joy -- at just their second reunion since the 2010 Oracle acquisition. Prior to the formal festivities, the company founders met with a small group of press persons. Pondering recent developments in computing, Bill Joy, who is now concentrating on climate change solutions, recalled that Sun tried to do natural language processing, but the hardware was not fast enough. Regarding the emergence of the iPhone, Joy said the advent of mobility and data networks has been transformational for society. He noted that Sun had that kind of vision with Java ME, with Sun trying to do programmable smartphones. "But the hardware was just really nascent at the time," Joy said. Machine learning, though, will be as transformational as the smartphone, he added.

McNealy emphasized Sun's willingness to share technology, such as the Network File System (NFS), which helped to bring about the open source software movement now prevalent today. "We didn't invent open source but we [made it] happen. We were the leader of that parade." Asked if Sun should have moved from Sparc Risc processors and Solaris Unix to Intel processors and Linux, McNealy said he did not want to talk about mistakes he had made as Sun CEO but such a switch was not what Sun should have done....

Among those proudest of Sun's achievements was Sun founder and CEO Scott McNealy, who, taking the stage, had some sharp words for Facebook, which now occupies one of Sun's former Silicon Valley campuses, without mentioning Facebook by name. "I remember some company moved into one of our old headquarters buildings," McNealy said. "And the CEO said, we're going to leave the [Sun Microsystems] logos up because we want everybody in our company to remember what can happen to you if you don't pay attention. This company could do well to do one-one-hundredth of what we did."

Red Hat developer Matthias Clasen has announced the release of GNOME 3.34, bringing many performance improvements and better Wayland support. Phoronix reports: Making GNOME 3.34 particularly exciting is the plethora of optimizations/fixes in tow with this six-month update. Equally exciting are a ton of improvements and additions around the Wayland support to ensure its performance and feature parity to X11. GNOME 3.34 also brings other improvements like sandboxed browsing with Epiphany, GNOME Music enhancements, GNOME Software improvements, and a ton of other refinements throughout GNOME Shell, Mutter, and the many GNOME applications. More details can be found via release announcement and release notes.

Exactly 28 years ago today, a 21-year-old student named Linus Torvalds made a fateful announcement on the Usenet newsgroup comp.os.minix.

i-Programmer commemorates today's anniversary with some interesting trivia: Back in 1991 the fledgling operating system didn't have a name, according to Joey Sneddon's 27 Interesting Facts about Linux:

Linux very nearly wasn't called Linux! Linus wanted to call his "hobby" project "FreaX" (a combination of "free", "freak" and "Unix"). Thankfully, he was persuaded otherwise by the owner of the server hosting his early code, who happened to prefer the name "Linux" (a combination of "Linus" and "Unix").

One fact I had been unaware of is that the original version of Linux wasn't open source software. It was free but was distributed with a license forbidding commercial use or redistribution. However, for version 0.12, released in 1992, the GPL was adopted making the code freely available.
Android Authority describes the rest of the revolution: Torvalds announced to the internet that he was working on a project he said was "just a hobby, won't be big and professional." Less than one month later, Torvalds released the Linux kernel to the public. The world hasn't been the same since...

To commemorate the nearly 30 years that Linux has been available, we compiled a shortlist of ways Linux has fundamentally changed our lives.

- Linux-based operating systems are the number-one choice for servers around the world... As of 2015, web analytics and market share company W3Cook estimated that as many as 96.4% of all servers ran Linux or one of its derivatives. No matter the exact number, it's safe to say that the kernel nearly powers the entire web...

- In Oct. 2003, a team of developers forked Android from Linux to run on digital cameras. Nearly 16 years later, it's the single most popular operating system in the world, running on more than 2 billion devices. Even Chrome OS, Android TV, and Wear OS are all forked from Linux. Google isn't the only one to do this either. Samsung's own in-house operating system, Tizen, is forked from Linux as well, and it's is even backed by The Linux Foundation.

- Linux has even changed how we study the universe at large. For similar reasons cars and supercomputers use Linux, NASA uses it for most of the computers aboard the International Space Station. Astronauts use these computers to carry out research and perform tasks related to their assignments. But NASA isn't the only galaxy studying organization using Linux. The privately-owned SpaceX also uses Linux for many of its projects. In 2017, SpaceX sent a Linux-powered supercomputer developed by HP to space and, according to an AMA on Reddit, even the Dragon and Falcon 9 run Linux.
"Without it," the article concludes, "there would be no science or social human development, and we would all still be cave-people."

Slashdot reader sfcrazy writes: The Linux Foundation hosted the executive director of the FreeBSD Foundation, Deb Goodkin, at the Open Source Summit in San Diego. In this episode of Let's Talk, we sat down with Goodkin to talk about the FreeBSD project and the foundation.
"How did they let you in?" jokes their interviewer.

"They didn't realize that FreeBSD was not a Linux distribution," the executive director replies. "No, but seriously, they've been very welcoming to the FreeBSD community and wanting to include our voice in conversations about open source." FreeBSD is about five and a half million lines of code, versus 35 million for Linux, so "If you want to learn, it's a great way to learn... Someone said they believed that they were a great Linux sys-admin because of knowing FreeBSD."

Founded in 2000 in Boulder, Colorado, the FreeBSD project is a 501(c)(3) -- a public charity -- where the Linux Foundation is a 501(c)(6) -- a trade association. They have 400 committers, and "We're known for excellent documentation," the executive director says in the interview, describing how the community works to welcome new-comers and mentor new contributors. "We actually descended from the original Berkeley Unix. Some of those original people who worked on Berkeley Unix are still involved in the FreeBSD project. They're very approachable. So these young people go to conferences, and here you have Kirk McKusick, who developed UFS and still works on file systems, and he's there, and he's telling stories about back in the day, when he was at Berkeley working with Bill Joy, and he is really interested in helping these new people contribute."

Companies using FreeBSD include Netflix and Apple -- and according to Phoronix, the number of FreeBSD ports has increased to nearly 37,000 packages.

Earlier this week on the Linux kernel mailing list, Artem S. Tashkinov described a low-memory scenario where "the system will stall hard. You will barely be able to move the mouse pointer. Your disk LED will be flashing incessantly..."

"I'm afraid I have bad news for the people snickering at Linux here," wrote Chris Siebenmann, a sys-admin at the University of Toronto's CS lab. "If you're running without swap space, you can probably get any Unix to behave this way under memory pressure..." In the old days, this usually was not very much of an issue because system RAM was generally large compared to the size of programs and thus the amount of file-backed pages that were likely to be in memory. That's no longer the case today; modern large programs such as Firefox and its shared libraries can have significant amounts of file-backed code and data pages (in addition to their often large use of dynamically allocated memory, ie anonymous pages).
A production engineer (now on Facebook's Web Foundation team) wrote about experiencing similar issues years ago when another company had disabled swapping when they replaced or reinstalled machines -- leading to lots of pages from hosts that had to be dealt with. This week they wrote: I stand by my original position: have some swap. Not a lot. Just a little. Linux boxes just plain act weirdly without it. This is not permission to beat your machine silly in terms of memory allocation, either... If you allocate all of the RAM on the machine, you have screwed the kernel out of buffer cache it sorely needs. Back off.

Put another way, disk I/O that isn't brutally slow costs memory. Network I/O costs memory. All kinds of stuff costs memory. It's not JUST the RSS of your process. Other stuff you do needs space to operate. If you try to fill a 2 GB box with 2 GB of data, something's going to have a bad day! You have to leave room for the actual system to run or it's going to grind to a stop.

Not too long after Linus Torvalds wrote his own Unix kernel, which he called Linux, in the summer of 1991, a magazine was founded by enthusiasts to focus on the operating system. For nearly three decades Linux Journal has been an authority magazine on all things Linux, but it is now shuttering doors, it said late Wednesday. The announcement comes about two years after the periodical said it would cease to exist, but it was able to find some backing -- from Privacy Internet Access group -- to resume operations later on.

The team said on Wednesday that all staff members had been laid off and the company was left with no operating funds to continue in any capacity. It remains committed to keeping the website afloat for another few weeks.

In honor of FreeDOS's 25th birthday, project founder and coordinator Jim Hall agreed to answer the 10 best questions submitted by Slashdot readers. You asked and he answered! Read on for Jim's interview.

Tekla Perry writes: When WYSIWIG pioneer Charles Simonyi went to space, he couldn't but help notice the awkward user interface on the rocket's control panel. It was a case of legacy systems, not wanting to change training and documentation, and an emulator that ran Unix on a 386 chip, he reported during a recent discussion on space software held at the Computer History Museum. "They liked the older chips because of radiation resistance and the feature set," he pointed out, noting how operation of the virtual interface was trickier than it seemed. "There are rows and columns," he said, "and you move the cursor over the button and use another button to push the virtual button."

"On the right side," he said, "there are these windows that are numbers you type in by pushing virtual buttons below them. You use the cursor keys to go to the virtual buttons then push an entry button that is virtual." He added: "You can see that even as the technology changes, they want to keep as many things the same as possible."

Chris Siebenmann is a Unix sys-admin for the CS department at the University of Toronto. He recently saw a tweet asking about the possibility of community-implemented generics for the Go programming language, and posted a widely-read response on his blog.

"There are many answers for why this won't happen, but one that does not usually get said out loud is that Go is Google's language, not the community's." Yes, there's a community that contributes things to Go, some of them important and valued things; you only have to look at the diversity of people in CONTRIBUTORS or see the variety of people appearing in the commits. But Google is the gatekeeper for these community contributions; it alone decides what is and isn't accepted into Go. To the extent that there even is a community process for deciding what is accepted, there is an 800-pound gorilla in the room. Nothing is going to go into Go that Google objects to, and if Google decides that something needs to be in Go, it will happen.

(The most clear and obvious illustration of this is what happened with Go modules, where one member of Google's Go core team discarded the entire system the outside Go community had been working on in favour of a relatively radically different model. See eg for one version of this history.)

Or in short, Go has community contributions but it is not a community project. It is Google's project. This is an unarguable thing, whether you consider it to be good or bad, and it has effects that we need to accept. For example, if you want some significant thing to be accepted into Go, working to build consensus in the community is far less important than persuading the Go core team. (As a corollary, sinking a lot of time and effort into a community effort that doesn't have enthusiastic buy-in from the Go core team is probably a waste of time....) On the good and bad scale, there is a common feeling that Go has done well by having a small core team with good taste and a consistent vision for the language, a team that is not swayed by outside voices and is slow moving and biased to not making changes.
The essay also concedes that "I like Go and have for a fair while now, and I'm basically okay with how the language has been evolving and how the Go core team has managed it. I certainly think it's a good idea to take things like generics slowly.

"But at the same time, how things developed around Go modules has left a bad taste in my mouth and I now can't imagine becoming a Go contributor myself, even for small trivial changes."

UPDATE (1/29/2024) In a 2023 talk, Rob Pike -- one of Go's original creators -- addressed the question head-on. "People often assume Google tells the Go team what to do. That's simply not true.

"Google is incredibly generous in its support for Go, but does not set the agenda. The community has far more input. Google has a huge internal Go code base that the team uses to test and verify releases, but this is done by importing from the public repo into Google, not the other way around. In short, the core Go team is paid by Google but they are independent."

"2019 is truly, finally shaping up to be the year of Linux on the desktop," writes PC World's senior editor, adding "Laptops, too!" But most people won't know it. That's because the bones of the open-source operating system kernel will soon be baked into Windows 10 and Chrome OS, as Microsoft and Google revealed at their respective developer conferences this week... Between lurking in Windows 10 and Chrome OS, and the tiny portion of actual Linux distro installs, pretty much any PC you pick up will run a Linux kernel and Linux software. Macs won't, but it's based on a Unix-like BSD system that already runs many Linux apps with relative ease (hence Apple's popularity with developers).

You have to wonder where that leaves proper Linux distributions like Ubuntu and Linux Mint, though. They already suffer from a minuscule user share, and developers may shift toward Windows and Chrome if the Linux kernels in those operating systems get the same job done. Could this fruit wind up poisonous over the long term? We'll have to see. That said, Linux is healthier than ever. The major distros are far more polished than they used to be, with far fewer hardware woes than installs of yesteryear. You can even get your game on relatively well thanks to Valve's Proton technology, which gets many (but not all) Steam games working on Linux systems. And hey, Linux is free.

Normal users may never be aware of it, but 2019 may finally be the year of Linux on the desktop -- just not Linux operating systems on the desktop.

"Release 8.3 of GDB, the GNU Debugger, is now available," according to an announcement on the info-gnu mailing list:

GDB is a source-level debugger for Ada, C, C++, Go, Rust, and many other languages. GDB can target (i.e., debug programs running on) more than a dozen different processor architectures, and GDB itself can run on most popular GNU/Linux, Unix and Microsoft Windows variants. GDB is free (libre) software. GDB 8.3 includes support for new native configurations (also available as a target configuration) for RISC-V GNU/Linux and RISC-V FreeBSD.

The announcement warns that Native Windows debugging "is only supported on Windows XP or later," and that "the Python API in GDB now requires Python 2.6 or later."

An anonymous reader quotes a report from ZDNet: This week, the Apache Software Foundation has patched a severe vulnerability in the Apache (httpd) web server project that could --under certain circumstances-- allow rogue server scripts to execute code with root privileges and take over the underlying server. The vulnerability, tracked as CVE-2019-0211, affects Apache web server releases for Unix systems only, from 2.4.17 to 2.4.38, and was fixed this week with the release of version 2.4.39. According to the Apache team, less-privileged Apache child processes (such as CGI scripts) can execute malicious code with the privileges of the parent process. Because on most Unix systems Apache httpd runs under the root user, any threat actor who has planted a malicious CGI script on an Apache server can use CVE-2019-0211 to take over the underlying system running the Apache httpd process, and inherently control the entire machine.

"First of all, it is a LOCAL vulnerability, which means you need to have some kind of access to the server," Charles Fol, the security researcher who discovered this vulnerability told ZDNet in an interview yesterday. This means that attackers either have to register accounts with shared hosting providers or compromise existing accounts. Once this happens, the attacker only needs to upload a malicious CGI script through their rented/compromised server's control panel to take control of the hosting provider's server to plant malware or steal data from other customers who have data stored on the same machine. "The web hoster has total access to the server through the 'root' account. If one of the users successfully exploits the vulnerability I reported, he/she will get full access to the server, just like the web hoster," Fol said. "This implies read/write/delete any file/database of the other clients."

Glenn Fleishman, writing for MacWorld: It seems like it was only yesterday that I first used BareBones Software's BBEdit, but in actuality, yesterday is so far away -- 25 years, in fact. With all the twists and turns across more than two decades of Apple as a company, Mac hardware, and the underlying operating system, you might think that BBEdit stands alone as a continuously-developed app shepherded largely or exclusively by the same independent developer -- an app without a giant company behind it. As it turns out, BBEdit is one of several apps that's been around the block more than a few times.

The longevity of indie apps is more extraordinary when you consider the changes Apple put the Mac through from the early 1990s to 2018. Apple switched from Motorola 680x0 processors to PowerPC to Intel chips, from 32-bit to 64-bit code, and among supported coding languages. It revved System 7 to 8 to 9, then to Unix across now 15 major releases (from 10.0 to 10.14). That's a lot for any individual programmer or small company to cope with. Bare Bones's head honcho, Rich Siegel, and the developers behind three other long-running Mac software programs shared with me their insight on development histories for over 25 years, what's changed the most during that time, and any hidden treasures users haven't yet found. You can hear more on BareBones Software's in this recent episode of The Talk Show, a podcast by DaringFireball's John Gruber.

New submitter vivekgite writes: The 12th version of the FreeBSD has been released, bringing support for updated hardware. Some of the highlights include: OpenSSL has been updated to version 1.1.1a (LTS). Unbound has been updated to version 1.8.1, and DANE-TA has been enabled by default. OpenSSH has been updated to version 7.8p1. Additonal capsicum(4) support has been added to sshd(8). Clang, LLVM, LLD, LLDB, compiler-rt and libc++ has been updated to version 6.0.1. The vt(4) Terminus BSD Console font has been updated to version 4.46. The bsdinstall(8) utility now supports UEFI+GELI as an installation option. The VIMAGE kernel configuration option has been enabled by default. The NUMA option has been enabled by default in the amd64 GENERIC and MINIMAL kernel configurations. The netdump(4) driver has been added, providing a facility through which kernel crash dumps can be transmitted to a remote host after a system panic. The vt(4) driver has been updated with performance improvements, drawing text at rates ranging from 2- to 6-times faster.

Various improvements to graphics support for current generation hardware. Support for capsicum(4) has been enabled on armv6 and armv7 by default. The UFS/FFS filesystem has been updated to consolidate TRIM/BIO_DELETE commands, reducing read/write requests due to fewer TRIM messages being sent simultaneously. The NFS version 4.1 server has been updated to include pNFS server support. The pf(4) packet filter is now usable within a jail(8) using vnet(9). The bhyve(8) utility has been updated to add NVMe device emulation. The bhyve(8) utility is now able to be run within a jail(8). Various Lua loader(8) improvements. KDE has been updated to version 5.12.

Chris Siebenmann, a Unix Systems Administrator at University of Toronto, writes about the inability to figure out the bottleneck when an SSD dies: What unnerves me about these sorts of abrupt SSD failures is how inscrutable they are and how I can't construct a story in my head of what went wrong. With spinning HDs, drives might die abruptly but you could at least construct narratives about what could have happened to do that; perhaps the spindle motor drive seized or the drive had some other gross mechanical failure that brought everything to a crashing halt (perhaps literally). SSDs are both solid state and opaque, so I'm left with no story for what went wrong, especially when a drive is young and isn't supposed to have come anywhere near wearing out its flash cells (as this SSD was).

(When a HD died early, you could also imagine undetected manufacturing flaws that finally gave way. With SSDs, at least in theory that shouldn't happen, so early death feels especially alarming. Probably there are potential undetected manufacturing flaws in the flash cells and so on, though.) When I have no story, my thoughts turn to unnerving possibilities, like that the drive was lying to us about how healthy it was in SMART data and that it was actually running through spare flash capacity and then just ran out, or that it had a firmware flaw that we triggered that bricked it in some way.

"2019 just might be the Year of Linux -- the year in which Linux is fully recognized as the powerhouse it has become," writes Network World's "Unix dweeb." The fact is that most people today are using Linux without ever knowing it -- whether on their phones, online when using Google, Facebook, Twitter, GPS devices, and maybe even in their cars, or when using cloud storage for personal or business use. While the presence of Linux on all of these systems may go largely unnoticed by consumers, the role that Linux plays in this market is a sign of how critical it has become. Most IoT and embedded devices -- those small, limited functionality devices that require good security and a small footprint and fill so many niches in our technology-driven lives -- run some variety of Linux, and this isn't likely to change. Instead, we'll just be seeing more devices and a continued reliance on open source to drive them.

According to the Cloud Industry Forum, for the first time, businesses are spending more on cloud than on internal infrastructure. The cloud is taking over the role that data centers used to play, and it's largely Linux that's making the transition so advantageous. Even on Microsoft's Azure, the most popular operating system is Linux. In its first Voice of the Enterprise survey, 451 Research predicted that 60 percent of nearly 1,000 IT leaders surveyed plan to run the majority of their IT off premises by 2019. That equates to a lot of IT efforts relying on Linux. Gartner states that 80 percent of internally developed software is now either cloud-enabled or cloud-native.
The article also cites Linux's use in AI, data lakes, and in the Sierra supercomputer that monitors America's nuclear stockpile, concluding that "In its domination of IoT, cloud technology, supercomputing and AI, Linux is heading into 2019 with a lot of momentum."

And there's even a long list of upcoming Linux conferences...