Language Selection

English French German Italian Portuguese Spanish

February 2017

today's leftovers

Filed under
Misc

Linux Devices: Tizen and Pi Zero

Filed under
Linux
  • Samsung Z4 SM-Z400F could be the phone that runs Tizen 3.0 out of the box

    It has been over six months since the launch of the last Tizen Smartphone which was the Samsung Z2 and hence we should soon be seeing a successor to refresh the series. Earlier today, we reported on the leaked specifications and features of one such upcoming Tizen device which is the highly anticipated Samsung Z5. Now, we are getting hints on another Tizen device in the making bearing the Model name SM-Z400F which should logically be the Samsung Z4.

  • Smartphone Game: Dinosaur Simulator: Dino World platform Tizen

    Dino Simulator Dino World is a game where you are a dinosaur causing chaos all over the place. There is one objective and that is to kill, destroy, and to destroy more!!! By causing destuction to innocent people’s lives (and proberably killing those innocent people), you get points! (YAY!).

  • Pi Zero Wireless out now for $10

    Today, on the fifth anniversary of the release of the original Raspberry Pi, the Foundation has released Pi Zero W, a Pi Zero with built-in WiFi and Bluetooth, for $10.

    The original Pi Zero was great (and still is!)—but many people found its lack of wireless connectivity an inconvenience. Now with Zero W, you can connect to the Internet without using any adapters, and you can even use a Bluetooth mouse and keyboard rather than wired USB, or use a Bluetooth speaker for audio.

FOSS Licensing: ZFS in Debian and Creative Commons

Filed under
OSS
Legal
  • On ZFS in Debian

    I’m currently over at FOSDEM, and have been asked by a couple of people about the state of ZFS and Debian. So, I thought I’d give a quick post to explain what Debian’s current plan is (which has come together with a lot of discussion with the FTP Masters and others around what we should do).

    [...]

    Debian has always prided itself in providing the unequivocally correct solution to our users and downstream distributions. This also includes licenses – we make sure that Debian will contain 100% free software. This means that if you install Debian, you are guaranteed freedoms offered under the DFSG and our social contract.

  • Complying with Creative Commons license attribution requirements in slides and powerpoint

    When I was at Mozilla and WMF, I frequently got asked how to give proper credit when using Creative Commons-licensed images in slideshows. I got the question again last week, and am working on slides right now, so here’s a quick guide.

Leftovers: OSS and Sharing/Transparency

Filed under
OSS
  • ‘Use open source software for GIS mapping’

    Open sourcing of data for Geographical Information System (GIS) mapping will create a huge potential for employment and transparency in administration, secretary of OSGEO-India V. Ravi Kumar has said.

    Proprietary software for GIS costs up to Rs. .30 lakh. Instead, utilising tools developed using open software and training youth would help in creating employment locally, he said. Money will be spent on those working using GIS but not for the software, he said.

  • ESI Group: Acquisition of Scilab Enterprises, Publisher of Scilab Open Source Analytical Computational Software
  • Release notes for the Genode OS Framework 17.02

    After the revision of Genode's most fundamental protocols in the previous release it was time to move our attention upwards the software stack. The current release largely revisits the integration of the C runtime with the Genode component API as well as the virtual-file-system (VFS) infrastructure. The two biggest challenges were making Genode's VFS capable to perform I/O asynchronously, and to make the C runtime compatible with the state-machine-based execution model of modern Genode components. This line of work is described in detail in Sections Enhanced VFS infrastructure and New execution model of the C runtime. One particularly exciting result is the brand-new ability to plug the Linux TCP/IP stack as a VFS plugin into any libc-using component by the sole means of component configuration.

  • Genode OS 17.02 Released With Improved VFS, New Input Event Processing

    Genode OS 17.02 has been released today as the latest version of this open-source operating system framework.

    Accomplished for Genode OS 17.02 were ABI improvements, a much better virtual file-system (VFS) implementation, new input event processing capabilities, and a dynamic component-composition engine.

  • heads 0.0 is out!

    heads 0.0 is a preview live CD of what heads is going to be about. This release is not intended to be used from a security point of view, but as a showcase and testing point of view.

    I am not even completely sure everything is torified, but hey, that's what testing is for, no?

  • IKEA's Idealistic Open Source Garden Orb
  • Denmark’s draft IT architecture open for comment

    Denmark’s Agency for Digitisation (Digitaliseringsstyrelsen - DIGST) is inviting comments on its draft IT architecture for digitalisation of the public sector. The document sets out the IT principles for the country’s 33 digitisation initiatives.

  • Norway working on first IT procurement frameworks

    Norway’s government procurement centre (ANS) and the Agency for Public Management and e-Government (Difi) are preparing the country’s first procurement frameworks related to IT. The first call, on telephony services, will be published in the next few days. The second call, for telephony and PC workstations, is expected around 24 April. Calls will be published on both Norway’s and Europe’s procurement portals, Doffin and Ted.

  • France prepares next Open Government action plan

    The 2017-2019 Open Government Action Plan is being prepared by the government modernisation unit (Secretariat-General for Government Modernisation, SGMAP). This week, on Tuesday, SGMAP is hosting a public workshop, where it will present a draft of the plan. The final text is expected in September.

  • Make food production data open source, urges MIT Media Lab

    Agriculture production data should be public and the open source movement should be the model for analysing it, according to the Open Agriculture initiative at MIT Media Lab.

    This could involve making the data from every farming IoT sensor public - so you could use the climate data to understand how best to grow what and where, or use other IoT data points to trace where the food has come from across the whole supply chain.

Security News

Filed under
Security
  • Security updates for Tuesday
  • EU updates smartphone secure development guideline

    The European Union Agency for Network and Information Security (ENISA) has published an updated version of its Smartphone Secure Development Guidelines. This document details the risks faced by developers of smartphone application, and provides ways to mitigate these.

  • CloudLinux 7 Users Get New Beta Linux Kernel Update That Addresses CVE-2017-6074

    CloudLinux's Mykola Naugolnyi announced today the availability of a new Beta kernel for the CloudLinux 7 operating system series, which patches a recently discovered and critical security flaw.

  • Linus Torvalds shrugged off warnings about 'insecure' SHA-1 in 2005

    LINUX FOUNDER Linus Torvalds was warned in 2005 that the use of the SHA-1 hash to sign code in Linux and Git was insecure and urged to shift to something better protected, but rejected the advice outright.

    Free software evangelist John Gilmore warned Torvalds ten years ago that "SHA1 has been broken; it's possible to generate two different blobs that hash to the same SHA1 hash".

    Gilmore penned his warning to Torvalds in April 2005, when MD5 had already been cracked and SHA1 remained "hard to crack" - but still crackable.

  • Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

    You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions.

  • making git-annex secure in the face of SHA1 collisions

    git-annex has never used SHA1 by default. But, there are concerns about SHA1 collisions being used to exploit git repositories in various ways. Since git-annex builds on top of git, it inherits its foundational SHA1 weaknesses. Or does it?

  • SSH Fingerprint Verification via Tor

    OpenSSH (really, are there any other implementations?) requires Trust on First Use for fingerprint verification.

    Verification can be especially problematic when using remote services like VPS or colocation.

    How can you trust that the initial connection isn’t being Man In The Middle’d?

  • Almost all Windows vulnerabilities are enabled by liberal 'admin rights'

    NEARLY OF THE VULNERABILITIES THAT AFFECT Microsoft's Windows operating system could be mitigated through a little careful control.

    Avecto, a security company, is the source of the latest revelation in this direction, and it says that 94 per cent of security problems could have been killed off if admin rights had been removed from the affected computer.

    This makes a lot of sense, since a computer that cannot be molested by a user cannot be molested by a third party. 94 per cent is just one example of the differences that can be made and Avecto says that in the case of Internet Explorer 100 per cent of risks are mitigated when rights are removed.

  • More on Bluetooth Ingenico Overlay Skimmers

    This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles.

Linux and Linux Foundation

Filed under
Linux

GNOME News

Filed under
GNOME
  • Hands on with the new Night Light feature in GNOME 3.24

    We take a look at GNOME Night Light, a blue light filter that is included in the GNOME 3.24 desktop and adjusts the color temperature of the display.

  • New Printers Panel

    As I mentioned in my previous post about the New Users Panel, we are happy to be able to include a new Printers panel in GNOME 3.24.

    The Printers panel is also part of the GNOME Control Center redesign effort which intents to introduce the new shell in 3.26

  • Profiling Flatpak’d applications
  • Attended FOSDEM 2017

    Containerised applications solve these issues. Maybe. He mentioned Flatpak, snappy, and Appimage. The former is the oldest technology dating all the way back to 2003. The solutions have in common that they bundle the app and run it in some kind of container or sandbox. From his criteria, the compatibility issue is solved, because the libraries are in the bundles. Portability is solved, because all dependencies are shipped in the bundle. And the pace of change is up to the app developer.

  • Custom terminal titles are back in Fedora

    Almost four years ago, in GNOME 3.12, the ability to have custom terminal titles was removed from gnome-terminal. As is wont to happen, users who dealt with scores of similar looking terminal tabs and windows were quick to express their grief at this loss.

Red Hat News

Filed under
Red Hat

today's howtos

Filed under
HowTos

Gemini PDA is like a tiny Android/Linux laptop with premium specs (crowdfunding)

Filed under
Android
Linux

Are physical keyboards for mobile devices making a comeback? TCL and BlackBery just launched a new phone with a QWERTY keyboard. A keyboard module for the Moto Z smartphone is generating some buzz. And an Indiegogo campaign for a 7 inch, pocket-sized Windows notebook has raised over $1.7 million (so far).

Now the folks at UK-based Planet Computers want to bring back the idea of a small, clamshell computer. And they’ve partnered with the designer of the classic Psion Series 5 to do it.

Read more

More in Tux Machines

Kernel: Kernelci.org, Tripwire, Linux Foundation, R600 Gallium3D

  • Kernelci.org automated bisection
    The kernelci.org project aims at continuously testing the mainline Linux kernel, from stable branches to linux-next on a variety of platforms. When a revision fails to build or boot, kernel developers get informed via email reports. A summary of all the results can also be found directly on the website.
  • Securing the Linux filesystem with Tripwire
    While Linux is considered to be the most secure operating system (ahead of Windows and MacOS), it is still vulnerable to rootkits and other variants of malware. Thus, Linux users need to know how to protect their servers or personal computers from destruction, and the first step they need to take is to protect the filesystem. In this article, we'll look at Tripwire, an excellent tool for protecting Linux filesystems. Tripwire is an integrity checking tool that enables system administrators, security engineers, and others to detect alterations to system files. Although it's not the only option available (AIDE and Samhain offer similar features), Tripwire is arguably the most commonly used integrity checker for Linux system files, and it is available as open source under GPLv2.
  • Open Source Networking and a Vision of Fully Automated Networks
    Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed open source networking trends at Open Source Summit Europe. Ever since the birth of local area networks, open source tools and components have driven faster and more capable network technologies forward. At the recent Open Source Summit event in Europe, Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed his vision of open source networks and how they are being driven by full automation. “Networking is cool again,” he said, opening his keynote address with observations on software-defined networks, virtualization, and more. Joshipura is no stranger to network trends. He has led major technology deployments across enterprises, carriers, and cloud architectures, and has been a steady proponent of open source. “This is an extremely important time for our industry,” he said. “There are more than 23 million open source developers, and we are in an environment where everyone is asking for faster and more reliable services.”
  • R600 Gallium3D Gets Some Last Minute Improvements In Mesa 18.0
    These days when Dave Airlie isn't busy managing the DRM subsystem or hacking on the RADV Vulkan driver, he's been spending a fair amount of time on some OpenGL improvements to the aging R600 Gallium3D driver. That's happened again and he's landed some more improvements just ahead of the imminent Mesa 18.0 feature freeze.

OSS Leftovers

  • Reliance Jio and global tech leaders come together to push Open Source in India
    The India Digital Open Summit which will be held tomorrow at the Reliance Corporate Park campus in Navi Mumbai -is a must-attend event for industry leaders, policymakers, technologists, academia, and developer communities working towards India’s digital leadership through Open Source platforms. The summit is hosted by Reliance Jio in partnership with the Linux Foundation and supported by Cisco Systems.
  • Open-source software simulates river and runoff resources
    Freshwater resources are finite, unevenly distributed, and changing through time. The demand—and competition—for water is expected to grow both in the United States and in the developing/developed world. To examine the connection between supply and demand and resulting regional and global water stresses, a team developed Xanthos. The open-source hydrologic model is available for free and helps researchers explore the details and analyze global water availability. Researchers can use Xanthos to examine the implications of different climate, socioeconomic, and/or energy scenarios over the 21st century. They can then assess the effects of the scenarios on regional and global water availability. Xanthos can be used in three different ways. It can operate as an independent hydrologic model, driven, for example, by scenarios. It can serve as the core freshwater supply component of the Global Change Assessment Model, where multiple sectors and natural systems are modeled simultaneously as part of an interconnected, complex system. Further, it can be used by other integrated models and multi-model frameworks that focus on energy-water-land interactions.
  • “The Apache Way” — Open source done well
    I was at an industry conference and was happy to see many people stopping by the Apache booth. I was pleased that they were familiar with the Apache brand, yet puzzled to learn that so many were unfamiliar with The Apache Software Foundation (ASF). For this special issue, “All Eyes On Open Source”, it’s important to recognize not just Apache’s diverse projects and communities, but also the entity behind their success. Gone are the days when software and technology, in general, were developed privately for the benefit of the few. As technology evolves, the challenges we face become more complex, and the only way to effectively move forward to create the technology of the future is to collaborate and work together. Open Source is a perfect framework for that, and organizations like the ASF carry out a decisive role in protecting its spirit and principles.
  • ​Learn how to run Linux on Microsoft's Azure cloud
  • LLVM 6.0-RC1 Makes Its Belated Debut
    While LLVM/Clang 6.0 was branched earlier this month and under a feature freeze with master/trunk moving to LLVM 7.0, two weeks later the first release candidate is now available. Normally the first release candidate comes immediately following the branching / feature freeze, but not this time due to the shifted schedule with a slow start to satisfy an unnamed company seeking to align their internal testing with LLVM 6.0.
  • Hackers can’t dig into latest Xiaomi phone due to GPL violations
     

    Yet another Android OEM is dragging its feet with its GPL compliance. This time, it's Xiaomi with the Mi A1 Android One device, which still hasn't seen a kernel source code release.  

    Android vendors are required to release their kernel sources thanks to the Linux kernel's GPLv2 licensing. The Mi A1 has been out for about three months now, and there's still no source code release on Xiaomi's official github account.

  • 2017 - The Year in Which Copyright Went Beyond Source Code
    2017 was a big year for raising the profile of copyright in protecting computer programs. Two cases in particular helped bring attention to a myth that was addressed and dispelled some time ago but persists in some circles nonetheless. Many lawyers hold on to the notion that copyright protection for software is weak because such protection inheres in the source code of computer programs. Because most companies that generate code take extensive (and often successful) measures to keep source code out of the hands of third parties, the utility of copyright protection for code is often viewed as limited. However, copyright also extends to the “non-literal elements” of computer programs, such as their sequence, structure and organization, as well as to things such as screen displays and certain user interfaces. In other words, copyright infringement can occur when copying certain outputs of the code without there ever having been access to the underlying code itself.
  • Announcing WebBook Level 1, a new Web-based format for electronic books
    Eons ago, at a time BlueGriffon was only a Wysiwyg editor for the Web, my friend Mohamed Zergaoui asked why I was not turning BlueGriffon into an EPUB editor... I had been observing the electronic book market since the early days of Cytale and its Cybook but I was not involved into it on a daily basis. That seemed not only an excellent idea, but also a fairly workable one. EPUB is based on flavors of HTML so I would not have to reinvent the wheel. I started diving into the EPUB specs the very same day, EPUB 2.0.1 (released in 2009) at that time. I immediately discovered a technology that was not far away from the Web but that was also clearly not the Web. In particular, I immediately saw that two crucial features were missing: it was impossible to aggregate a set of Web pages into a EPUB book through a trivial zip, and it was impossible to unzip a EPUB book and make it trivially readable inside a Web browser even with graceful degradation. When the IDPF started working on EPUB 3.0 (with its 3.0.1 revision) and 3.1, I said this was coming too fast, and that the lack of Test Suites with interoperable implementations as we often have in W3C exit criteria was a critical issue. More importantly, the market was, in my opinion, not ready to absorb so quickly two major and one minor revisions of EPUB given the huge cost on both publishing chains and existing ebook bases. I also thought - and said - the EPUB 3.x specifications were suffering from clear technical issues, including the two missing features quoted above.
  • Firefox 58 Bringing Faster WebAssembly Compilation With Two-Tiered Compiler
    With the launch of Mozilla Firefox 58 slated for next week, WebAssembly will become even faster thanks to a new two-tiered compiler.
  • New Kernel Releases, Net Neutrality, Thunderbird Survey and More
    In an effort to protect Net Neutrality (and the internet), Mozilla filed a petition in federal court yesterday against the FCC. The idea behind Net Neutrality is to treat all internet traffic equally and without discrimination against content or type. Make your opinions heard: Monterail and the Thunderbird email client development team are asking for your assistance to help improve the user interface in the redesign of the Thunderbird application. Be sure to take the survey.

IBM code grandmaster: what Java does next

Reports of Java’s death have been greatly exaggerated — said, well, pretty much every Java engineer that there is. The Java language and platform may have been (in some people’s view) somewhat unceremoniously shunted into a side ally by the self-proclaimed aggressive corporate acquisition strategists (their words, not ours) at Oracle… but Java still enjoys widespread adoption and, in some strains, growing use and development. Read more

Programming/Development: Git 2.16, Node.js, Testing/Bug Hunting

  • Git v2.16.0
    The latest feature release Git v2.16.0 is now available at the usual places. It is comprised of 509 non-merge commits since v2.15.0, contributed by 91 people, 26 of which are new faces.
  • Git 2.16 Released
    Git maintainer Junio Hamano has released version 2.16.0 of this distributed revision control system.
  • Announcing The Node.js Application Showcase
    The stats around Node.js are pretty staggering. There were 25 million downloads of Node.js in 2017, with over one million of them happening on a single day. And these stats are just the users. On the community side, the numbers are equally exceptional. What explains this immense popularity? What we hear over and over is that, because Node.js is JavaScript, anyone who knows JS can apply that knowledge to build powerful apps — every kind of app. Node.js empowers everyone from hobbyists to the largest enterprise teams to bring their dreams to life faster than ever before.
  • Google AutoML Cloud: Now Build Machine Learning Models Without Coding Experience
    Google has been offering pre-trained neural networks for a long time. To lower the barrier of entry and make the AI available to all the developers and businesses around, Google has now introduced Cloud AutoML. With the help of Cloud AutoML, businesses will be able to build machine learning models with the help of a drag-and-drop interface. In other words, if your company doesn’t have expert machine-learning programmers, Google is here to fulfill your needs.
  • Re-imagining beta testing in the ever-changing world of automation
    Fundamentally, beta testing is a test of a product performed by real users in the real environment. There are a number of names for this type of testing—user acceptance testing (UAT), customer acceptance testing (CAT), customer validation and field testing (common in Europe)—but the basic components are more or less the same. All involve user testing of the front-end user interface (UI) and the user experience (UX) to find and resolve potential issues. Testing happens across iterations in the software development lifecycle (SDLC), from when an idea transforms into a design, across the development phases, to after unit and integration testing.