Planet GNU

Join the FSF and friends on Friday, October 10, from 2pm to 5pm EDT (18:00 to 21:00 UTC) to help improve the Free Software Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on freenode.

Tens of thousands of people visit directory.fsf.org each month to discover free software. Each entry in the Directory contains a wealth of useful information, from basic category and descriptions, to providing detailed info about version control, IRC channels, documentation, and licensing info that has been carefully checked by FSF staff and trained volunteers.

While the Free Software Directory has been and continues to be a great resource to the world over the past decade, it has the potential of being a resource of even greater value. But it needs your help!

If you are eager to help and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today!

An understated feature in desktop Firefox is the option to suppress the text and background colors that content authors choose for us, and instead go with the plain old black on white with a smattering of blue and purple links. In other words, 1994.

Why is this feature great? Because it hands control back to the user and allows people with visual impairments to tweak things just enough to make the web readable.

Somebody once asked on the #accessibility IRC channel why they can’t turn off content colors in Firefox for Android. So it seemed like a good idea to re-introduce that option in the form of an extension. There are a few color related addons in AMO, but I just submitted another one, and you could get it here. This is what the toggle option looks like:

Since the color attribute was introduced, the web has evolved a lot. We really can’t go back to the, naive, monochrome days of the 90s. Many sites use background images and colors in novel ways, and use backgrounds to portray important information. Sometimes disabling page colors will really break things. So once you remove colors from AMO, you get:

As you can see, it isn’t perfect, but it does make the text more readable to some. Having a menu item that doesn’t take too much digging to find will hopfully help folks go back and forth between the two modes and gt the best out of both worlds.

Richard Stallman will be delivering an address on Saturday at 11:30am.

The next stable version of GNU make, version 4.1, has been released and is available for download from http://ftp.gnu.org/gnu/make/

This release consists mainly of bug fixes.

Please see the NEWS file that comes with the GNU make distribution for details on user-visible changes.

THIS MONTH…..
-TRENDS
-EYE CATCHING
-ANNUAL PLAN
-DISCUSSIONS
-EXISTING CODE
-SECURITY
-LASTLY

-TRENDS
The stuff going on in the big picture now…..

United States Electricity Price per KWH
Current and Past

July	August	Trend	% Change
$0.143	$0.143	Same	0.00%

 

Year	August	Trend	% Change	% Since	Difference
2004	$0.100	Same	0.00%	0.00%	0.00%
2005	$0.105	Increase	5.00%	5.00%	5.00%
2006	$0.118	Increase	12.38%	18.00%	13.00%
2007	$0.121	Increase	2.54%	21.00%	3.00%
2008	$0.132	Increase	9.09%	32.00%	11.00%
2009	$0.130	Decrease	-1.52%	30.00%	-2.00%
2010	$0.133	Increase	2.31%	33.00%	3.00%
2011	$0.135	Increase	1.50%	35.00%	2.00%
2012	$0.133	Decrease	-1.48%	33.00%	-2.00%
2013	$0.137	Increase	3.01%	37.00%	4.00%
2014	$0.143	Increase	4.38%	43.00%	6.00%

United Kingdom Utility Prices
Current and Past

London by night, seen from the International Space Station

-EYE CATCHING
The stuff that has caught our eye…..

Demand Response

• A new product line, from Ecobee, with an API.
• An announcement, Echelon has sold their grid division. This bring the future of the LonWorks protocol into question.
• A brief, recommending how to increase customer demand for Demand Response.
• An article, identifying the Smart Grid as the next killer software application.

Smart Grid – Consumer

• An article, reporting Amazon is working on launching a Smart Home device product line.
• A conference, Demand Response World Forum 2014.
• An article, reporting the United States Department of Energy has a final determination strengthening energy-efficiency for commercial building codes.
• An article, reporting the United States Department of Energy has released a set of voluntary privacy recommendations for smart grid owners, operators, and third parties.
• An article, reporting the impact of electric vehicle charging on the coming Smart Grid.
• An article, reporting the United States Federal Energy Regulatory Commission is studying electricity market reforms.
• An analysis, considering why consumers do not reduce their energy usage.
• An article, describing the debate of owning customer energy data.
• An article, discussing safety from hackers attacking Smart Home technologies.
• An opinion, asserting the lack of federal oversight of Demand Response will hamper growth of Demand Response.
• An article, discussing possibilities of Smart Grid mergers.
• An article, considering low income Smart Grid customers.

Smart Grid – Producer

• An article, reporting a federal appeals court upholds FERC Order 1000.
• A website, the OpenADR Demand Response Research Center.
• An article, discussing utilities needing to future-proof their mobile networks.
• A report, finding electric transmission and distribution challenges include aging assets, equipment and technology investments, upgrading capacity verses lessening susceptibility, and power delivery system redesign plans.

Smart Grid – Security

• A company, using proprietary technology to collect electric meter readings via small aircraft.
• An effort, to develop and test a next generation energy management system. This effort does not speak of a security component.
• An article, describing the need to secure the Smart Grid.
• An article, addressing the current security status of the United States Smart Grid effort.
• An article, describing the ten most dangerous Home Automation devices.
• An opinion, recommending what utilities should do with their customer data.
• A new Home Automation product line, having loads of interoperability, with little to no comprehensive security plan.

-ANNUAL PLAN
Status Update of our 2014 Plan…..

Demand Response

• Further discussions with members of the electronics industry.
• No other work since the April newsletter.

Unattended Server Side Automation

• No other work since the April newsletter.

Power Line Communication

• Further discussions with the members of the electronics industry.
• No other work since the January newsletter.

Talk to us with your comments and suggestions on our plan for this year.

-DISCUSSIONS
The stuff we are talking about now…..

FSF INTERVIEW
The Free Software Foundation (FSF) interviewed the GNU remotecontrol team. GNU remotecontrol is a member of the Free Software Foundation. The article is a comprehensiveness then-to-now writing, in combination with where the software project will most likely go in the future.

FIVE YEAR HOME EFFICIENCY EXPERIMENT
The Tennessee Valley Authority has completed a study of combining various energy efficiency approaches. This study is the first time these approaches have been combined to this extent, for this long of a period. The outcome is the efficiency benefits are there to be gained, without exerting much expense. The question each person must decide is how long they are willing to wait for their payback period to arrive.

OTHER TYPES OF THERMOSTATS?
Many people have asked us about adding other types of thermostats to GNU remotecontrol. There are three questions that need to be answered before we can offer GNU remotecontrol support for any IP thermostat. These questions are:

• How to CONNECT to it (NETWORK).
• How to READ from it (CODE).
• How to WRITE to it (CODE).

It is our hope to have dozens and dozens of thermostat types that work with GNU remotecontrol. Let us know if you designed or manufactured a device and you would like to test it with GNU remotecontrol.

-EXISTING CODE
The stuff you may want to consider…..

BUGS
We have 0 new bugs and 0 fixed bugs since our last Blog posting. Please review these changes and apply to your GNU remotecontrol installation, as appropriate.

TASKS
We have 1 new tasks and 0 completed tasks since our last Blog posting. Please review these changes and apply to your GNU remotecontrol installation, as appropriate.

-SECURITY
The stuff you REALLY want to consider…..

BLACK HAT USA 2014
Black Hat is the most technical and relevant global information security event series in the world. Their 2014 conference clearly demonstrates the electronics industry is not moving fast enough to secure Smart Home technologies. This problem is not only caused by the electronics industry. It is also caused by an end-user willingness to have functionality over security. The final result is often property theft or identity theft. The need for security of both the Smart Grid and the Smart Home cannot be overstated.

REMEMBER
GNU remotecontrol relies on OS file access restrictions, Apache authentication, MySQL authentication, and SSL encryption to secure your data. Talk to us you want to find out how you can further strengthen the security of your system, or you have suggestions for improving the security of our current system architecture.

-LASTLY
Whatever you do…..don’t get beat up over your Energy Management strategy. GNU remotecontrol is here to help simplify your life, not make it more complicated. Talk to us if you are stuck or cannot figure out the best option for your GNU remotecontrol framework. The chances are the answer you need is something we have already worked through. We would be happy to help you by discussing your situation with you.

…..UNTIL NEXT MONTH!

Why the Affero GPL?

So I (Mike Gran) mentioned to a colleague the other day that my brother is Stephen Gran.

"Isn't there a Stephen Gran that does something for Debian," he said.

"I think so," I said. "I've run across that name before.... Yeah Debian Steve is #5 in the Google searches for Stephen Gran."

"But that's not your brother?," he asked

"Sadly, no. Looks like my brother is the #10 Stephen Gran, down here where it says 'suspects arrested'."

Dear community

GNU Health patchset 2.6.4 has been released !

Priority: High

Table of Contents

• About GNU Health Patchsets
• Summary of this patchset
• Installation notes
• List of Bugs

About GNU Health Patchsets

We provide "patchsets" to stable releases. Patchsets allow quick bug fixes and updates for production systems.

Patches and Patchsets maximize uptime for production systems, and keep your system updated, without the need to do a whole installation. Some of them, and thanks to the magic of Tryton can be applied to running system.

NOTE: Patchsets are applied on previously installed systems only. For new installations, download and install the whole tarball (ie, gnuhealth-2.6.4.tar.gz)

For more information about GNU Health patches and patchsets you can visit https://en.wikibooks.org/wiki/GNU_Health/Patches_and_Patchsets

Summary of this patchset

• Affected modules (excludes localization / typos) : health, health_calendar

• health : Fix appointment institution link, to point now to the new Institution model.

• health_calendar : Fix Health Professional Work Schedule wizard

Installation Notes

You must apply previous patchsets before installing this patchset. If your patchset level is 2.6.3, then just follow the general instructions. You can find the patchsets at GNU Health FTP site (ftp://ftp.gnu.org/gnu/health/)

Follow the general instructions at https://en.wikibooks.org/wiki/GNU_Health/Patches_and_Patchsets

Source the GNU Health profile (source $HOME/.gnuhealthrc) to update your environment

Update your database ( update=all )

List of bugs related to this patchset

#43347 Invalid assignment of institution in appointments ( https://savannah.gnu.org/bugs/index.php?43347 )
#43350 Institution field in Work Schedule still points to party ( https://savannah.gnu.org/bugs/index.php?43350 )

Today's Friday Free Software Directory (FSD) IRC Meeting comes after a very active week of users updating and adding new entries to the Directory. User Mviinama made over 80 edits alone! And, I was happy to see that such productivity continued during our meeting today, as well.

Two new packages added today worth highlighting are:

• Traccar, a Java server that displays map and other data from various GPS tracking devices. It is under the Apache 2.0 license.
• Seafile, a server based filestore with clients for multiple different platforms. It serves as a replacement for SaaSS such as dropbox. The server is licensed under the Apache 2.0 license and clients
  are licensed GNU GPL version 3 (only).

In addition to adding new packages and updating many more, we also had a lively discussion about font licensing and about the MPL, and we brainstormed some ideas for new icons and other art to brighten up the pages on the Directory.

You too can join in our discussions and help improve the Directory: find out how to attend our Friday Free Software Directory IRC Meetings by checking our blog or by subscribing to the RSS feed.

Recently, I had a discussion with RMS about being a speaker for Free Software.   In the end I was told simply to record some of my talks and that I would be given some feedback, but during the discussion I explained why I think GNUstep is important to free software and I believe that this is something that I think is important for other people to understand as well:

Hey Richard,

That shouldn't be hard to do.  I get invited to speak about GNUstep a
lot.  Not just about the technical aspects, but about it's importance
to free software.

While I have your attention, I would like to tell you the following...

I tend to see GNUstep as very important to the free software movement
as it facilitates developers moving away from environments such as
Cocoa and UIKit.  Apple has always been a power for control and an
enemy of freedom which is why I am so passionate about GNUstep.  I
don't like that they have locked down users like they have.

I realize that the rest of the community may not share my view and,
honestly, I have been somewhat disheartened as of late as I have
always had trouble getting other developers to see GNUstep as I do.
They focus on GNOME and KDE and consider Objective-C ugly or not
elegant.  I think that's a shame.   Which brings me to my final point.
  
Apple has recently introduced a new language called Swift.   It has
become abundantly clear that they have no intention of releasing Swift
even as open source (which I understand is a different movement, but
it would, at least, be a step for them in something which resembles
the right direction).

I feel like speaking about free software and, specifically, speaking
about how GNUstep can play an important role in it is why I would like
to be listed on the speakers list.   It would give me more of an
opportunity to speak out about Apple's evils and generally raise
awareness.

Thanks, GC

So, if anyone would like me to come and speak about free software or about GNUstep, please let me know.  I would be grateful for the opportunity.

Join the FSF and friends on Friday, October 3, from 2pm to 5pm EDT (18:00 to 21:00 UTC) to help improve the Free Software Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on freenode.

Tens of thousands of people visit directory.fsf.org each month to discover free software. Each entry in the Directory contains a wealth of useful information, from basic category and descriptions, to providing detailed info about version control, IRC channels, documentation, and licensing info that has been carefully checked by FSF staff and trained volunteers.

While the Free Software Directory has been and continues to be a great resource to the world over the past decade, it has the potential of being a resource of even greater value. But it needs your help!

If you are eager to help and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today!

• autogen-5.18.4
• bash-4.3.25
• direvent-5.0
• freedink-data-1.08.20140901
• gcl-2.6.11
• glibc-2.20
• global-6.3.2
• gnuhealth-2.6.3
• help2man-1.46.3
• libtasn1-4.2
• libunistring-0.9.4
• parallel-20140922
• rcs-5.9.3
• ucommon-6.1.11

To get announcements of most new GNU releases, subscribe to the info-gnu mailing list: http://lists.gnu.org/mailman/listinfo/info-gnu. Nearly all GNU software is available from http://ftp.gnu.org/gnu/, or preferably one of its mirrors (http://www.gnu.org/prep/ftp.html). You can use the url http://ftpmirror.gnu.org/ to be automatically redirected to a (hopefully) nearby and up-to-date mirror.

This month, we welcome Nik Nyby as a new co-maintainer of GNU librejs.

A number of GNU packages, as well as the GNU operating system as a whole, are looking for maintainers and other assistance: please see http://www.gnu.org/server/takeaction.html#unmaint if you'd like to help. The general page on how to help GNU is at http://www.gnu.org/help/help.html. To submit new packages to the GNU operating system, see http://www.gnu.org/help/evaluation.html.

As always, please feel free to write to me, karl@gnu.org, with any GNUish questions or suggestions for future installments.

Richard Stallman tomará parte en un encuentro con educadores de la Universidad Nacional Autónoma de Mejico, quienes presentarán una distribución GNU/Linux denominada Jarro Negro en la Universidad Distrital Francisco José de Caldas, Facultad de Tecnología, y asistirá a un taller sobre GNU/EMACS, con el fin de incentivar su utilización en el entorno académico.

Favor de rellenar este formulario, para que podamos contactarle acerca de eventos futuros en la región de Bogotá.

In the past weeks, quite some polish was added in windows support.

First, there was a bug affecting Popup Menus and contextual menus that affected only certain computers. It was fixed.




Then the controls were not properly initialized. Native file-dialogs, for example, as well as upcoming print dialogs (work in progress by Gregory) did not fit the theme properly. On XP, Window 7 and Windows 8 they should follow the native look, instead they always got the "Win 95" look creating a strange mix.

The fix requires initializing Windows' controls. I put the initialization code inside the WinUX theme loading. If it will not prove safe, then it needs to be moved into NSApplication. Furthermore, an XML resource file to enable the correct loading.




I really does look nice, doesn't it?

Hi Guys,

  In this month's news we have:
  
  * The GDB project is removing support for the following platforms:
    - MIPS IRIX (mips*-sgi-irix5*, mips*-sgi-irix6*)
    - Alpha Tru64 (alpha*-*-osf*)

    This only affect code maintained by GDB project (not binutils or GCC).  Also, support for any other target on MIPS (including embedded ones) will be maintained as is.

  * GCC now supports the MIPS R6 and ARM CORTEX-A17 architecture variants.

  * The is a new gcc attribute called no_reorder.  This tells GCC not to change the order of the marked functions and variables, relative to each other.  (Unmarked functions and variables can still be reordered).  This attribute is similar to the -fno-topleve-reorder option, except that it only applies to the marked symbols.

  * There is a new GCC command line optionn: -freport-bug

    This tells GCC to collect and dump debug information into temporary file if an internal compiler error occurs.  This information can be helpful to whomever has to fix the bug.

Cheers
  Nick

I am pleased to announce a new version of GNU guile-ncurses. guile-ncurses is a library for the creation of text user interfaces in the GNU Guile dialect of the Scheme programming language. It is based on the ncurses project's curses, panel, form, and menu libraries.

This version is a bug-fix release with no new functionality.

The web page for GNU guile-ncurses is
http://www.gnu.org/software/guile-ncurses/

Its canonical download location is http://ftp.gnu.org/gnu/guile-ncurses/

Or you can download it from a mirror at
http://ftpmirror.gnu.org/guile-ncurses/

The NEWS for this release is

- parallel 'make check' is now supported
- will now look for ncurses headers in <ncursesw/curses.h> as well
- the wcwidth procedure is not provided if it is not supported by the
underlying libraries
- update autoconfigury
- Cygwin: support pty devices with guile-ncurses-shell
- MinGW: avoid C library functions that are unavailable
- MinGW: building guile-ncurses-shell is no longer attempted
- MinGW: the libguile-ncurses dll is now unversioned so that Guile can
find it

I'm very pleased to announce the release of a new version of GNU PSPP. PSPP is a program for statistical analysis of sampled data. It is a free replacement for the proprietary program SPSS.

Changes from 0.8.3 to 0.8.4:

• Formatting of SYSFILE INFO output was made easier to read.
• Bug fixes, including the following notable ones:
  • FREQUENCIES works properly for string variables. (This bug was introduced in 0.8.2.)
  • CROSSTABS now correctly computes all of the measures that it offers. Some measures have been removed because they were not computed correctly.
  • The NPAR TESTS calculation of significance for the RUNS subcommand has been corrected.
  • Planned comparisons in ONEWAY ANOVA now correctly handle negative T-values.
  • Conformance fixes to Open Document output format.

Please send PSPP bug reports to bug-gnu-pspp@gnu.org.

Today's Friday Free Software Directory (FSD) IRC Meeting was focused on bug fixes. In particular, we fixed some HTTPS errors we were having with images, we found and deleted the rare spam entry or two that gets submitted, and we did some other minor house cleaning tasks. There were also some important conversations on what constitutes "corresponding source" of a work as well as further discussions of our art licensing policy. Free software licensing is an important and recurring topic in our weekly IRC meetings, but this week's discussion were especially interesting and thought provoking.

You, too, can join in on the fun. Find out how to attend our Friday Free Software Directory IRC Meetings by checking our blog or subscribing to the RSS feed.

In this edition, we conducted an email-based interview with Alan Reiner, core developer of Bitcoin Armory, a bitcoin wallet focused on security. Bitcoin Armory is licensed under the terms of GNU Affero General Public License version 3, or (at your option) any later version.

Tell us about yourself and Bitcoin Armory

I am the CEO of Armory Technologies, Inc and core developer of Armory Bitcoin Wallet which is a popular, free software wallet application focused on security for enterprise business and advanced users. It was the first and only Bitcoin wallet to make "cold storage" (offline wallets) accessible through an intuitive user interface, and is one of the most trusted tools for securing and managing large bitcoin investments. I have degrees in applied mathematics and engineering mechanics, and additional background in statistics, data mining, and cryptography. I spent seven years developing image & video processing algorithms at a physics lab in Maryland before switching to Armory full-time and founding Armory Technologies, Inc in mid-2013. I became one of the top Bitcoin experts in the community, and a trusted source for security best practices and innovation. My goal is to pioneer the world of Bitcoin wallets, and make high-security easy to practice even for "regular" users.

What inspired you to create Bitcoin Armory?

There were no other Bitcoin wallets that provided the security features I wanted. I knew how to implement them, so I did it! It turns out other people wanted it, too.

How are people using it?

Of all the DIY Bitcoin wallets out there, Armory is the one focused most squarely on security. The software is trusted by some of the biggest Bitcoin holders to keep their coins secure, featuring backup, offline, and multi-sig features not available elsewhere.

What features do you think really sets Bitcoin Armory apart from similar software?

The ability to manage wallets/crypto keys that are kept on computers that are not internet-connected, yet be able to gather signatures from offline devices in a secure manner. And recently, the ability to do "multi-signature" transactions without a third-party service (all locally-run instances of our software). You can even combine the two and do anonymous cold-multisig. These are critical features for major investors and enterprise users and no other software has it.

Why did you choose the AGPL as Bitcoin Armory's license?

We wanted to make the project free software, as we don't believe that a piece of software as security-sensitive as ours could survive as a proprietary application. The ability for code auditing is critical when people perceive a risk that the developers could inject code to steal their money. However, we didn't want to limit our monetization options by picking a permissive license. AGPL gives us the ability to assert some control (and incentivises dual-licensing) while allowing us to keep all the source code free.

How can users (technical or otherwise) help contribute to Bitcoin Armory?

Bitcoin Armory software is now maintained by Armory Technologies, Inc. which is a for-profit startup that will focus on the needs of advanced and enterprise users. We have accepted code contributions before, but I doubt few would contribute anymore without being on our payroll. At this time we have 5 full-time developers, and we haven't had a non-paid contribution to the codebase in months.

If someone is interested in contributing, we'd encourage them to contact us and send us their resume. Due to the nature and sensitivity of our software, there's actually a pretty high learning curve to get over to be able to make meaningful contributions to the code (that are both effective and secure).

What's the next big thing for Bitcoin Armory?

We are working on some technical advancements, as well as promoting our enterprise services. On the technical side, we are focusing on multi-user encryption features that would allow enterprise clients to appoint a set of employees to manage each signing device, without any one employee having exclusive access. Hardware Security Modules (HSMs) are typically used for this purpose, but are extremely expensive ($20k+), and we wanted to be able to provide a pure-software solution that provides most of the same benefits on consumer hardware, especially for small businesses.

Further, we are ironing out our enterprise services, which will involve custom adaptations and plugins to the base free software project, as well as security consulting and training. There's a lot brewing and not enough time to do it all!

Enjoyed this interview? Check out our previous entry in this series featuring Stephen H. Dawson and the rest of the GNU Remotecontrol team.

Richard Stallman hablará sobre las metas y la filosofía del movimiento del Software Libre, y el estado y la historia del sistema operativo GNU, el cual junto con el núcleo Linux, es actualmente utilizado por decenas de millones de personas en todo el mundo.

Esa charla de Richard Stallman formará parte de la Semana Distrital de la Cultura Libre (2014-10-06--10). No será técnica y será abierta al público; todos están invitados a asistir.

Favor de rellenar este formulario, para que podamos contactarle acerca de eventos futuros en la región de Bogotá.

I really do hate being right sometimes.  I believe that's enough said on the subject, don't you?  All I know now is that action must be taken.   The era of closed source languages is over and has been for some time.

Bash is the GNU Project's shell; it is part of the suite of software that makes up the GNU operating system. The GNU programs plus the kernel Linux form a commonly used complete free software operating system, called GNU/Linux. The bug, which is being referred to as "shellshock," can allow, in some circumstances, attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector, regardless of what kernel they are running. The bug probably affects many GNU/Linux users, along with those using Bash on proprietary operating systems like Apple's OS X and Microsoft Windows. Additional technical details about the issue can be found at CVE-2014-6271 and CVE-2014-7169.

GNU Bash has been widely adopted because it is a free (as in freedom), reliable, and featureful shell. This popularity means the serious bug that was published yesterday is just as widespread. Fortunately, GNU Bash's license, the GNU General Public License version 3, has facilitated a rapid response. It allowed Red Hat to develop and share patches in conjunction with Bash upstream developers efforts to fix the bug, which anyone can download and apply themselves. Everyone using Bash has the freedom to download, inspect, and modify the code -- unlike with Microsoft, Apple, or other proprietary software.

Software freedom is a precondition for secure computing; it guarantees everyone the ability to examine the code to detect vulnerabilities, and to create new and safe versions if a vulnerability is discovered. Your software freedom does not guarantee bug-free code, and neither does proprietary software: bugs happen no matter how the software is licensed. But when a bug is discovered in free software, everyone has the permission, rights, and source code to expose and fix the problem. That fix can then be immediately freely distributed to everyone who needs it. Thus, these freedoms are crucial for ethical, secure computing.

Proprietary, (aka nonfree) software relies on an unjust development model that denies users the basic freedom to control their computers. When software's code is kept hidden, it is vulnerable not only to bugs that go undetected, but to the easier deliberate addition and maintenance of malicious features. Companies can use the obscurity of their code to hide serious problems, and it has been documented that Microsoft provides intelligence agencies with information about security vulnerabilities before fixing them.

Free software cannot guarantee your security, and in certain situations may appear less secure on specific vectors than some proprietary programs. As was widely agreed in the aftermath of the OpenSSL "Heartbleed" bug, the solution is not to trade one security bug for the very deep insecurity inherently created by proprietary software -- the solution is to put energy and resources into auditing and improving free programs.

Development of Bash, and GNU in general, is almost exclusively a volunteer effort, and you can contribute. We are reviewing Bash development, to see if increased funding can help prevent future problems. If you or your organization use Bash and are potentially interested in supporting its development, please contact us.

The patches to fix this issue can be obtained directly at http://ftp.gnu.org/gnu/bash/.

Media Contacts

John Sullivan
Executive Director
Free Software Foundation
+1 (617) 542 5942
campaigns@fsf.org

Join the FSF and friends on Friday, September 26, from 2pm to 5pm EDT (18:00 to 21:00 UTC) to help improve the Free Software Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on freenode.

Tens of thousands of people visit directory.fsf.org each month to discover free software. Each entry in the Directory contains a wealth of useful information, from basic category and descriptions, to providing detailed info about version control, IRC channels, documentation, and licensing info that has been carefully checked by FSF staff and trained volunteers.

While the Free Software Directory has been and continues to be a great resource to the world over the past decade, it has the potential of being a resource of even greater value. But it needs your help!

If you are eager to help and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today!

On the project page for RCS on savannah, the intro blurb now has a proper link to CVS, as well as a link to the tip jar page.

Esa charla de Richard Stallman no será técnica y será abierta al público; todos están invitados a asistir.

Favor de rellenar este formulario, para que podamos contactarle acerca de eventos futuros en la región de Fusagasugá.

Tor is a publicly accessible, free software-based system for anonymizing Internet traffic. It relies on thousands of computers around the world called relays, which route traffic in tricky ways to dodge spying. The more relays, the stronger and faster the network.

We'd like to warmly thank our allies at the Electronic Frontier Foundation for organizing the Tor Challenge and inviting us to join them in promoting it. And most of all, thanks to the 1,635 of you who started a relay! (The FSF would have started one too, but we've already been running ours for a while.)

The Tor Challenge has already been successful, but that doesn't mean it's too late to start a Tor relay! You can get started from the Challenge's beautifully-designed Web site.

To see stats and graphs about the Tor Challenge, read the EFF's post.

To learn about more tools and actions you can take to secure privacy for yourself and your community, see the FSF's bulk surveillance page. For a discussion of pushing back bulk surveillance on a mass scale, read Richard Stallman's article "How Much Surveillance Can Democracy Withstand?".

The hackathon will take place primarily on-line, on the #guix IRC channel on Freenode. We have started collecting a list of hacking ideas. Feel free to stop by and make more suggestions!

The hackathon is accessible to anyone with experience in GNU/Linux packaging or systems hacking. Scheme programmers will find additional things to work on in the tool set. Finally, we will also be welcoming newcomers and helping them get started.

This is a followup to last year's hackathon, organized for GNU's 30th anniversary.

About GNU Guix:

GNU Guix is the functional package manager for the GNU system, and a distribution thereof.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It also offers a declarative approach to operating system configuration management. Guix uses low-level mechanisms from the Nix package manager, with Guile Scheme programming interfaces.

At this stage the distribution can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el.

GNU Parallel 20140922 ('Scotland') has been released. It is available for download at: http://ftp.gnu.org/gnu/parallel/

Haiku of the month:

bash for loops vanquished
jobs fan out over network
collated results!

New in this release:

• If the file give as --sshloginfile is changed it will be re-read when a job finishes though at most once per second. This makes it possible to add and remove hosts while running.

• Brutha uses GNU Parallel https://pypi.python.org/pypi/brutha/1.0.2

• OCRmyPDF uses GNU Parallel https://github.com/fritz-hh/OCRmyPDF/

• GNU Parallel was presented at Balti and Bioinformatics "On-Air" http://youtu.be/UtXlr19xTh8?t=2h5m0s

• Pleiades Plus uses GNU Parallel https://github.com/ryanfb/pleiades-plus

• Imagemagick and GNU Parallel http://deepdish.io/2014/09/15/gnu-parallel/

• GNU Parallel (Sebuah Uji Coba) http://pr4ka5a.wordpress.com/2014/09/04/gnu-parallel-sebuah-uji-coba/

• GNU Parallel: 并行执行Linux命令 http://blog.csdn.net/xzz_hust/article/details/39183837

• Bug fixes and man page updates.

GNU Parallel - For people who live life in the parallel lane.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job is can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with: (wget -O - pi.dk/3 || curl pi.dk/3/) | bash

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your commandline will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2011): GNU Parallel - The Command-Line Power Tool, ;login: The USENIX Magazine, February 2011:42-47.

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

MediaGoblin 0.7.1 has been released! This is a bugfix release building on MediaGoblin 0.7.0.

Upgrading is highly encouraged to those running postgresql databases especially. There were some issues in the previous release that lead to users of postgresql to see random errors. We had some problems related to a couple of (non-critical) features not handling transactions well… these have been disabled for this release, but will likely be re-enabled by 0.8.0’s release.

Thanks to everyone who made this release possible: Andrew Browning, Christopher Allan Webber, Jessica Tallon, Low Kian Seong, Matt Molyneaux, and Odin Hørthe Omdal. Thanks so much!

Please see the release notes for details. Happy goblin’ing!

This Saturday, September 20th, people everywhere are getting together to celebrate free software. Install parties, encryption workshops, hackathons, you name it. Here in Massachusetts, FSF Web developer David Thompson is running a getting-started workshop for F-Droid, the free software app repository for devices running Android-based operating systems like Replicant.

Wondering what to do for Software Freedom Day? Take a page out of Dave's book and share your favorite free software application with a friend. What better way to celebrate than exercising freedom 2 of free software's four freedoms with your community? If you're on GNU Social or Pump.io or even Twitter, tell us (@FSF) which application you're sharing with the hashtag #SFD (see our thoughts about Twitter).

This is the eleventh year of Software Freedom Day, and people are holding events in almost 100 countries. Thanks, everyone involved for reminding us how active, creative and inspiring the free software movement is. However you choose to celebrate, have a great Software Freedom Day!

Image CC BY 3.0 Unported Software Freedom Day.