# Free Software Supporter Issue 118, February 2018 Welcome to the Free Software Supporter, the Free Software Foundation's (FSF) monthly news digest and action update -- being read by you and 184,817 other activists. That's 438 more than last month! ### Free Software Foundation receives $1 million donation from Pineapple Fund *From January 30* The FSF announced it has received a record-breaking charitable contribution of 91.45 Bitcoin from the Pineapple Fund, valued at $1 million at the time of the donation. This gift is a testament to the importance of free software, computer user freedom, and digital rights when technology is interwoven with daily life. * ### The 2018 LibrePlanet keynotes are here -- you won't want to miss them! *From January 16* This year at LibrePlanet 2018, you can hear talks by anthropologist and author Gabriella Coleman, free software policy expert and community advocate Deb Nicholson, Electronic Frontier Foundation (EFF) senior staff technologist Seth Schoen, and of course, FSF founder and president Richard Stallman. This year's LibrePlanet conference takes place on March 24 and 25 in Cambridge, MA -- register today! * * ## TABLE OF CONTENTS * The Intel Management Engine: An attack on computer users' freedom * A critical Intel flaw breaks basic security for most computers * Researcher finds another security flaw in Intel management firmware * Victory for libre networks: ActivityPub is now a W3C recommended standard * GNU LibreJS: New and improved! * Undermine mass surveillance with free software and your phone calls * The future of O'Reilly and DRM * City of Barcelona chooses GNU/Linux and free software after ditching Microsoft * Android users: To avoid malware, try the F-Droid app store * Third Replicant 6.0 release * Jarek Duda on software patents * February to June 2017: RMS photos from Reykjavík, East Lansing, Potsdam, Montreal, and Salta * Tony Sebro to join Software Freedom Conservancy board of directors and Outreachy leadership * GNOME Project: 2017 year in review * Collaborative Knowledge Foundation looking for NodeJS/React Developer * GNU Linux-libre 4.15-gnu * GCC 7 release series: GCC 7.3 * January Free Software Directory meeting recap * Join the FSF and friends in updating the Free Software Directory * LibrePlanet featured resource: GNU/Keysigning/Offers * GNU Spotlight with Brandon Invergo: 18 new GNU releases! * GNU Toolchain update: Support GNU Toolchain * Richard Stallman's speaking schedule and other FSF events * Thank GNUs! * GNU copyright contributions * Take action with the FSF! View this issue online here: Encourage your friends to subscribe and help us build an audience by adding our subscriber widget to your Web site. * Subscribe: * Widget: Miss an issue? You can catch up on back issues at . ### El Free Software Supporter está disponible en español. Para ver la versión en español haz click aqui: **Para cambiar las preferencias de usuario y recibir los próximos números del Supporter en español, haz click aquí:** Le Free Software Supporter est disponible en français. Pour voir la version française cliquez ici: **Pour modifier vos préférences et recevoir les prochaines publications du Supporter en français, cliquez ici:** # ### The Intel Management Engine: An attack on computer users' freedom *From January 10 by Denis GNUtoo Carikli* The Intel Management Engine (ME) is a tool that ships with Intel chipsets, purportedly to ease the job of system administrators. But in reality, it is another restriction on user freedoms, imposed by a company, and used to control your computing. Carikli offers a moderately technical explanation of what's happening with Management Engine, the ways in which it restricts rather than empowers users, and how it violates the four freedoms of free software. Because the Spectre and Meltdown vulnerabilities have drawn a great deal of unwanted attention to Intel, we should use this opportunity to educate others about the dangers of the Intel ME, as well as other ongoing injustices imposed by proprietary software. * * ### A critical Intel flaw breaks basic security for most computers *From January 3 by Andy Greenberg* Early this month, security researchers took note of a series of changes GNU/Linux and Windows developers began rolling out in beta updates to address a critical security flaw: a bug in Intel chips allows low-privilege processes to access memory in the computer's kernel. Theoretical attacks that exploit that bug could allow malicious software to spy deeply into other processes and data on the target computer or smartphone. And on multi-user machines, they could even allow hackers to break out of one user's process, and instead snoop on other processes running on the same shared server. * ### Researcher finds another security flaw in Intel management firmware *From January 12 by Sean Gallagher* Researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware -- remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. * ### Victory for libre networks: ActivityPub is now a W3C recommended standard *From January 23 by Christopher Lemmer Webber* I'm happy to announce that after three years of standardization work in the World Wide Web Consortium (W3C) Social Working Group, ActivityPub has finally been made an official W3C recommended standard. ActivityPub is a protocol for building decentralized social networking applications. Why ActivityPub? Increasingly, much of our lives is mediated through social networks, and so network freedom in these spaces -- and thus removing central control over them -- is critical. * ### GNU LibreJS: New and improved! *From January 31* The FSF is pleased to announce the release of a new and improved version of GNU LibreJS, a plugin designed to protect the freedom of users on the Web. We encourage everyone to use the new plugin with the latest version of Abrowser, a browser that ships with Trisquel GNU/Linux. * ### Undermine mass surveillance with free software and your phone calls *From January 11* On Thursday, January 11, the US House of Representatives voted to extend and expand an act enabling the National Security Agency's (NSA) spying, allowing them to continue to surveil Americans' digital communications without a warrant while conducting bulk surveillance activities. The bill passed into law on January 18. Mass surveillance is a software freedom issue, and free software and email encryption help to make it more difficult for them to collect our information. * * ### The future of O'Reilly and DRM *From January 31* We were surprised to hear that O'Reilly is moving away from selling DRM-free ebooks on their Web site. Now, their ebooks are only available through Safari, which requires proprietary software to use. * ### City of Barcelona chooses GNU/Linux and free software after ditching Microsoft *From January 11 by Adarsh Verma* According to a report from Spanish newspaper *El País*, the City of Barcelona is moving away from the proprietary software products from Microsoft. This move is important in the wake of Munich’s recent decision to again adopt Microsoft’s products. As per the report, Barcelona plans to replace all user applications on its computers with free software alternatives. After finding a proper replacement for all proprietary software, the final step would be to go ahead with replacing the operating system with GNU/Linux. * ### Android users: To avoid malware, try the F-Droid app store *From January 21 by Sean O'Brien and Michael Kwet* The scourge of hidden trackers in Android apps means users should stop using the Google Play store, researchers argue. F-Droid, on the other hand, only offers free software apps without tracking, has a strict auditing process, and can be easily installed on most Android phones without hassles or restrictions. It may not have as many apps as Google Play, but the apps that F-Droid has are far better for your privacy and security -- and, most importantly, they are ethical. * ### Third Replicant 6.0 release *From December 30 by GNUtoo* A new version (0003) of Replicant 6.0 has been released a few weeks ago. It fixes an important issue that makes devices end up in a boot loop (the devices were crashing during boot, endlessly) when installing certain applications. * ### Jarek Duda on software patents *From January 19* Why does the patent system respect the will of the greedy, and not the will of the idealistic? On our End Software Patents page, Duda, who is best known for the introduction of Asymmetric Numeral Systems (ANS), explores how the patent system can hurt the creators of innovative new programs. * ### February to June 2017: RMS photos from Reykjavík, East Lansing, Potsdam, Montreal, and Salta *From January 31* January was a relatively quiet month for FSF president Richard Stallman (RMS), so we're taking this opportunity to look back on a few speeches that RMS gave last year and that we did not get a chance to report on. * ### Tony Sebro to join Software Freedom Conservancy board of directors and Outreachy leadership *From January 12 by Software Freedom Conservancy* Tony Sebro, who was Conservancy’s second full-time employee, is moving on to become Deputy General Counsel at the Wikimedia Foundation, the home of Wikipedia; however, he will be continuing with the Conservancy in some important new volunteer roles. Specifically, Conservancy’s Board of Directors has invited Tony to serve as an at-large Director. Tony has also joined the Project Leadership committee of Conservancy’s Outreachy project (their internship program for free software contribution for underrepresented groups). * ### GNOME Project: 2017 year in review *From January 12 by GNOME Project* 2017 represented a strong year for the project, with another two releases with large technical advances. We have seen growing numbers of partners, new advisory board members and a wider adoption of GNOME on several distributions. During the year, the GNOME Foundation board set a number of policies in place which likely will have a positive impact on the project, including hiring a full-time Executive Director to oversee the future success of the organization. * ### Collaborative Knowledge Foundation looking for NodeJS/React Developer *From January 5* Collaborative Knowledge is seeking a talented NodeJS / React developer to work with them changing scientific publishing forever. They are a mission-driven not-for-profit developing exciting new free software platforms to accelerate and improve the process of scholarly publishing (books and journals). * ### GNU Linux-libre 4.15-gnu *From January 29 by Alexandre Oliva* GNU Linux-libre 4.15-gnu sources and tarballs are now available at . This release introduces changes in scripts/package, so that .deb and .rpm scripts built with the scripts in there will refer to GNU Linux-libre rather than upstream. This is in line with our goal of not leading users to nonfree software. * ### GCC 7 release series: GCC 7.3 *From January 25 by GCC team* The GNU Project and the GCC developers are pleased to announce the release of GCC 7.3. This release is a bug-fix release, containing fixes for regressions in GCC 7.2 relative to previous releases of GCC. * ### January Free Software Directory meeting recap Check out the great work our volunteers accomplished at the January Free Software Directory meetings. Every week free software activists from around the world come together in #fsf on irc.freenode.org to help improve the Free Software Directory. * ### Join the FSF and friends in updating the Free Software Directory Tens of thousands of people visit directory.fsf.org each month to discover free software. Each entry in the Directory contains a wealth of useful information, from basic category and descriptions to version control, IRC channels, documentation, and licensing. The Free Software Directory has been a great resource to software users over the past decade, but it needs your help staying up-to-date with new and exciting free software projects. To help, join our weekly IRC meetings on Fridays. Meetings take place in the #fsf channel on irc.freenode.org, and usually include a handful of regulars as well as newcomers. Freenode is accessible from any IRC client -- Everyone's welcome! The next meeting is Friday, February 2, from 12pm to 3pm EST (16:00 to 19:00 UTC). Details here: * ### LibrePlanet featured resource: GNU/Keysigning/Offers Every month on LibrePlanet, we highlight one resource that is interesting and useful -- often one that could use your help. For this month, we are highlighting GNU/Keysigning/Offers, which provides a place for GNU contributors or maintainers to find other people in their area to sign GPG keys and strengthen the Web of Trust. You are invited to adopt, spread and improve this important resource. * Do you have a suggestion for next month's featured resource? Let us know at . ### GNU Spotlight with Brandon Invergo: 18 new GNU releases! * [coreutils-8.29](https://www.gnu.org/software/coreutils/) * [gdbm-1.14.1](https://www.gnu.org/software/gdbm/) * [gnuhealth-client-3.2.5](http://health.gnu.org/) * [gnustep-gui-0.26.2](https://www.gnu.org/software/gnustep/) * [gnutls-3.5.17](https://www.gnu.org/software/gnutls/) * [gzip-1.9](https://www.gnu.org/software/gzip/) * [libcdio-2.0.0](https://www.gnu.org/software/libcdio/) * [libsigsegv-2.12](https://www.gnu.org/software/libsigsegv/) * [libtasn1-4.13](https://www.gnu.org/software/libtasn1/) * [linux-libre-4.14.15-gnu](https://www.gnu.org/software/linux-libre/) * [mpc-1.1.0](https://www.gnu.org/software/mpc/) * [mpfr-4.0.0](https://www.gnu.org/software/mpfr/) * [nano-2.9.2](https://www.gnu.org/software/nano/) * [parallel-20180122](https://www.gnu.org/software/parallel/) * [servletapi-3.0.1](https://www.gnu.org/software/classpathx/) * [unifont-10.0.07](https://www.gnu.org/software/unifont/) * [vcdimager-2.0.1](https://www.gnu.org/software/vcdimager/) * [wget-1.19.4](https://www.gnu.org/software/wget/) For announcements of most new GNU releases, subscribe to the info-gnu mailing list: . To download: nearly all GNU software is available from , or preferably one of its mirrors from . You can use the URL to be automatically redirected to a (hopefully) nearby and up-to-date mirror. A number of GNU packages, as well as the GNU operating system as a whole, are looking for maintainers and other assistance: please see if you'd like to help. The general page on how to help GNU is at . If you have a working or partly working program that you'd like to offer to the GNU project as a GNU package, see . As always, please feel free to write to us at with any GNUish questions or suggestions for future installments. ### GNU Toolchain update: Support GNU Toolchain Donate to support the GNU Toolchain, a collection of foundational freely licensed software development tools including the [GNU C Compiler collection (GCC)](https://gcc.gnu.org/), the [GNU C Library (glibc)](https://www.gnu.org/software/libc/libc.html), and the [GNU Debugger (GDB)](https://sourceware.org/gdb/). * ### Richard Stallman's speaking schedule For event details, as well as to sign-up to be notified for future events in your area, please visit . So far, Richard Stallman has the following events this month: * February 15, 2018, London, United Kingdom, [Speech topic to be determined](https://www.fsf.org/events/rms-20180215-london) * February 24, 2018, Oviedo, Spain, ["El software libre y tu libertad"](https://www.fsf.org/events/rms-20180224-oviedo) ### Other FSF and free software events * February 4, 2018, Brussels, Belgium, [John Sullivan, "People can't care when they don't know"](https://www.fsf.org/events/john-sullivan-20180204-brussels-fosdem) ### Thank GNUs! We appreciate everyone who donates to the Free Software Foundation, and we'd like to give special recognition to the folks who have donated $500 or more in the last month. * This month, a big Thank GNU to: * Adam Klotblixt * Charles Erwin * Cristian Francu * Dwengo Helvetica * Erwin Yükselgil * Guillaume Rembert * Iñaki Arenaza * Luis Rodriguez * Matthias Herrmann * Pablo Adrián Nieto * Paul Allen * Paul Eggert * Richard Harlow * Stefan Maric * Timothy Doyle You can add your name to this list by donating at . ### GNU copyright contributions Assigning your copyright to the Free Software Foundation helps us defend the GPL and keep software free. The following individuals have assigned their copyright to the FSF in the past month: * Adam Robert Halski (Emacs) * Daniel Martin Gomez (Wget2) * Joshua Michel Moller-Mara (Emacs) * Kevin Legouguec (Emacs) * Lindsay Haisley (GNU Mailman) * Michael Gulick (GDB) * Peter Pisar (Emacs) * Zebediah Figura (GNU Binutils) (GDB) Want to see your name on this list? Contribute to GNU and assign your copyright to the FSF. * ### Take action with the FSF! Contributions from thousands of individual members enable the FSF's work. You can contribute by joining at . If you're already a member, you can help refer new members (and earn some rewards) by adding a line with your member number to your email signature like: I'm an FSF member -- Help us support software freedom! The FSF is always looking for volunteers (). From rabble-rousing to hacking, from issue coordination to envelope stuffing -- there's something here for everybody to do. Also, head over to our campaigns section () and take action on software patents, Digital Restrictions Management (DRM), free software adoption, OpenDocument, Recording Industry Association of America (RIAA), and more. ### Copyright © 2018 Free Software Foundation, Inc. This work is licensed under the Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit .