Language Selection

English French German Italian Portuguese Spanish

February 2017

today's leftovers

Filed under
Misc

Linux Devices: Tizen and Pi Zero

Filed under
Linux
  • Samsung Z4 SM-Z400F could be the phone that runs Tizen 3.0 out of the box

    It has been over six months since the launch of the last Tizen Smartphone which was the Samsung Z2 and hence we should soon be seeing a successor to refresh the series. Earlier today, we reported on the leaked specifications and features of one such upcoming Tizen device which is the highly anticipated Samsung Z5. Now, we are getting hints on another Tizen device in the making bearing the Model name SM-Z400F which should logically be the Samsung Z4.

  • Smartphone Game: Dinosaur Simulator: Dino World platform Tizen

    Dino Simulator Dino World is a game where you are a dinosaur causing chaos all over the place. There is one objective and that is to kill, destroy, and to destroy more!!! By causing destuction to innocent people’s lives (and proberably killing those innocent people), you get points! (YAY!).

  • Pi Zero Wireless out now for $10

    Today, on the fifth anniversary of the release of the original Raspberry Pi, the Foundation has released Pi Zero W, a Pi Zero with built-in WiFi and Bluetooth, for $10.

    The original Pi Zero was great (and still is!)—but many people found its lack of wireless connectivity an inconvenience. Now with Zero W, you can connect to the Internet without using any adapters, and you can even use a Bluetooth mouse and keyboard rather than wired USB, or use a Bluetooth speaker for audio.

FOSS Licensing: ZFS in Debian and Creative Commons

Filed under
OSS
Legal
  • On ZFS in Debian

    I’m currently over at FOSDEM, and have been asked by a couple of people about the state of ZFS and Debian. So, I thought I’d give a quick post to explain what Debian’s current plan is (which has come together with a lot of discussion with the FTP Masters and others around what we should do).

    [...]

    Debian has always prided itself in providing the unequivocally correct solution to our users and downstream distributions. This also includes licenses – we make sure that Debian will contain 100% free software. This means that if you install Debian, you are guaranteed freedoms offered under the DFSG and our social contract.

  • Complying with Creative Commons license attribution requirements in slides and powerpoint

    When I was at Mozilla and WMF, I frequently got asked how to give proper credit when using Creative Commons-licensed images in slideshows. I got the question again last week, and am working on slides right now, so here’s a quick guide.

Leftovers: OSS and Sharing/Transparency

Filed under
OSS
  • ‘Use open source software for GIS mapping’

    Open sourcing of data for Geographical Information System (GIS) mapping will create a huge potential for employment and transparency in administration, secretary of OSGEO-India V. Ravi Kumar has said.

    Proprietary software for GIS costs up to Rs. .30 lakh. Instead, utilising tools developed using open software and training youth would help in creating employment locally, he said. Money will be spent on those working using GIS but not for the software, he said.

  • ESI Group: Acquisition of Scilab Enterprises, Publisher of Scilab Open Source Analytical Computational Software
  • Release notes for the Genode OS Framework 17.02

    After the revision of Genode's most fundamental protocols in the previous release it was time to move our attention upwards the software stack. The current release largely revisits the integration of the C runtime with the Genode component API as well as the virtual-file-system (VFS) infrastructure. The two biggest challenges were making Genode's VFS capable to perform I/O asynchronously, and to make the C runtime compatible with the state-machine-based execution model of modern Genode components. This line of work is described in detail in Sections Enhanced VFS infrastructure and New execution model of the C runtime. One particularly exciting result is the brand-new ability to plug the Linux TCP/IP stack as a VFS plugin into any libc-using component by the sole means of component configuration.

  • Genode OS 17.02 Released With Improved VFS, New Input Event Processing

    Genode OS 17.02 has been released today as the latest version of this open-source operating system framework.

    Accomplished for Genode OS 17.02 were ABI improvements, a much better virtual file-system (VFS) implementation, new input event processing capabilities, and a dynamic component-composition engine.

  • heads 0.0 is out!

    heads 0.0 is a preview live CD of what heads is going to be about. This release is not intended to be used from a security point of view, but as a showcase and testing point of view.

    I am not even completely sure everything is torified, but hey, that's what testing is for, no?

  • IKEA's Idealistic Open Source Garden Orb
  • Denmark’s draft IT architecture open for comment

    Denmark’s Agency for Digitisation (Digitaliseringsstyrelsen - DIGST) is inviting comments on its draft IT architecture for digitalisation of the public sector. The document sets out the IT principles for the country’s 33 digitisation initiatives.

  • Norway working on first IT procurement frameworks

    Norway’s government procurement centre (ANS) and the Agency for Public Management and e-Government (Difi) are preparing the country’s first procurement frameworks related to IT. The first call, on telephony services, will be published in the next few days. The second call, for telephony and PC workstations, is expected around 24 April. Calls will be published on both Norway’s and Europe’s procurement portals, Doffin and Ted.

  • France prepares next Open Government action plan

    The 2017-2019 Open Government Action Plan is being prepared by the government modernisation unit (Secretariat-General for Government Modernisation, SGMAP). This week, on Tuesday, SGMAP is hosting a public workshop, where it will present a draft of the plan. The final text is expected in September.

  • Make food production data open source, urges MIT Media Lab

    Agriculture production data should be public and the open source movement should be the model for analysing it, according to the Open Agriculture initiative at MIT Media Lab.

    This could involve making the data from every farming IoT sensor public - so you could use the climate data to understand how best to grow what and where, or use other IoT data points to trace where the food has come from across the whole supply chain.

Security News

Filed under
Security
  • Security updates for Tuesday
  • EU updates smartphone secure development guideline

    The European Union Agency for Network and Information Security (ENISA) has published an updated version of its Smartphone Secure Development Guidelines. This document details the risks faced by developers of smartphone application, and provides ways to mitigate these.

  • CloudLinux 7 Users Get New Beta Linux Kernel Update That Addresses CVE-2017-6074

    CloudLinux's Mykola Naugolnyi announced today the availability of a new Beta kernel for the CloudLinux 7 operating system series, which patches a recently discovered and critical security flaw.

  • Linus Torvalds shrugged off warnings about 'insecure' SHA-1 in 2005

    LINUX FOUNDER Linus Torvalds was warned in 2005 that the use of the SHA-1 hash to sign code in Linux and Git was insecure and urged to shift to something better protected, but rejected the advice outright.

    Free software evangelist John Gilmore warned Torvalds ten years ago that "SHA1 has been broken; it's possible to generate two different blobs that hash to the same SHA1 hash".

    Gilmore penned his warning to Torvalds in April 2005, when MD5 had already been cracked and SHA1 remained "hard to crack" - but still crackable.

  • Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

    You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions.

  • making git-annex secure in the face of SHA1 collisions

    git-annex has never used SHA1 by default. But, there are concerns about SHA1 collisions being used to exploit git repositories in various ways. Since git-annex builds on top of git, it inherits its foundational SHA1 weaknesses. Or does it?

  • SSH Fingerprint Verification via Tor

    OpenSSH (really, are there any other implementations?) requires Trust on First Use for fingerprint verification.

    Verification can be especially problematic when using remote services like VPS or colocation.

    How can you trust that the initial connection isn’t being Man In The Middle’d?

  • Almost all Windows vulnerabilities are enabled by liberal 'admin rights'

    NEARLY OF THE VULNERABILITIES THAT AFFECT Microsoft's Windows operating system could be mitigated through a little careful control.

    Avecto, a security company, is the source of the latest revelation in this direction, and it says that 94 per cent of security problems could have been killed off if admin rights had been removed from the affected computer.

    This makes a lot of sense, since a computer that cannot be molested by a user cannot be molested by a third party. 94 per cent is just one example of the differences that can be made and Avecto says that in the case of Internet Explorer 100 per cent of risks are mitigated when rights are removed.

  • More on Bluetooth Ingenico Overlay Skimmers

    This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles.

Linux and Linux Foundation

Filed under
Linux

GNOME News

Filed under
GNOME
  • Hands on with the new Night Light feature in GNOME 3.24

    We take a look at GNOME Night Light, a blue light filter that is included in the GNOME 3.24 desktop and adjusts the color temperature of the display.

  • New Printers Panel

    As I mentioned in my previous post about the New Users Panel, we are happy to be able to include a new Printers panel in GNOME 3.24.

    The Printers panel is also part of the GNOME Control Center redesign effort which intents to introduce the new shell in 3.26

  • Profiling Flatpak’d applications
  • Attended FOSDEM 2017

    Containerised applications solve these issues. Maybe. He mentioned Flatpak, snappy, and Appimage. The former is the oldest technology dating all the way back to 2003. The solutions have in common that they bundle the app and run it in some kind of container or sandbox. From his criteria, the compatibility issue is solved, because the libraries are in the bundles. Portability is solved, because all dependencies are shipped in the bundle. And the pace of change is up to the app developer.

  • Custom terminal titles are back in Fedora

    Almost four years ago, in GNOME 3.12, the ability to have custom terminal titles was removed from gnome-terminal. As is wont to happen, users who dealt with scores of similar looking terminal tabs and windows were quick to express their grief at this loss.

Red Hat News

Filed under
Red Hat

today's howtos

Filed under
HowTos

Gemini PDA is like a tiny Android/Linux laptop with premium specs (crowdfunding)

Filed under
Android
Linux

Are physical keyboards for mobile devices making a comeback? TCL and BlackBery just launched a new phone with a QWERTY keyboard. A keyboard module for the Moto Z smartphone is generating some buzz. And an Indiegogo campaign for a 7 inch, pocket-sized Windows notebook has raised over $1.7 million (so far).

Now the folks at UK-based Planet Computers want to bring back the idea of a small, clamshell computer. And they’ve partnered with the designer of the classic Psion Series 5 to do it.

Read more

More in Tux Machines

This week in KDE: fixing up Plasma 5.20

Okular’s editable forms are no longer mis-rendered when inertially scrolling (Kezi Olio, Okular 1.11.2) When your scanner can almost but not quite fit a particular page size, Skanlite will now display the option to scan to that page size anyway (e.g. 215mm wide scan beds now give you the option to scan using the US Letter page size) (Kåre Särs, libksane 20.12) The text of Elisa’s keyboard shortcuts are now translated properly (Nikunj Goyal, Elisa 20.12) Clearing the clipboard history on Wayland no longer crashes Plasma (David Edmundson, Plasma 5.20) Improved the Plasma SVG cache heuristics such that various things which might sometimes be invisible after upgrading Plasma now show up like they’re supposed to (Arjen Hiemstra, Plasma 5.20) On Wayland, clicking on a Task Manager entry while that entry’s tooltip is visible no longer crashes Plasma (Vlad Zahorodnii, Plasma 5.20) On Wayland, clicking on a Task Manager thumbnail now activates that window, as you would expect (Marco Martin, Plasma 5.20) Read more Also: KDE Plasma 5.20 Should Be Crashing A Lot Less Under Wayland

Legacy: Dennis Ritchie's Lost Dissertation and FTP Fadeout

  • Discovering Computer Legend Dennis Ritchie's Lost Dissertation
  • FTP Fadeout

    Here’s a small piece of news you may have missed while you were trying to rebuild your entire life to fit inside your tiny apartment at the beginning of the COVID crisis: Because of the way that the virus shook up just about everything, Google skipped the release of Chrome version 82. Who cares, you think? Well, users of FTP, or the File Transfer Protocol. During the pandemic, Google delayed its plan to kill FTP, and now that things have settled to some degree, Google recently announced that it is going back for the kill with Chrome version 86, which deprecates the support once again, and will kill it for good in Chrome 88. (Mozilla announced similar plans for Firefox, citing security reasons and the age of the underlying code.) It is one of the oldest protocols the mainstream [Internet] supports—it turns 50 next year—but those mainstream applications are about to leave it behind. Today’s Tedium talks about history of FTP, the networking protocol that has held on longer than pretty much any other.

virt-manager 3.0.0 released!

Yesterday I released virt-manager 3.0.0. Despite the major version number bump, things shouldn't look too different from the previous release. For me the major version number bump reflects certain feature removals (like dropping virt-convert), and the large amount of internal code changes that were done, though there's a few long awaited features sprinkled in like virt-install --cloud-init support which I plan to write more about later. Read more Also: virt-install --cloud-init support

today's leftovers

  • 7 Alternatives to Google Earth

    Google Earth has received so much press coverage that many users will appreciate that it is one of the coolest applications to download. In brief, it is a feature-laden 3D virtual globe, map and geography browser which lets users zoom in on their world with fantastic detail. View satellite imagery, maps, terrain, 3D buildings and even explore galaxies in the sky. This application allows the exploration of rich geographical content, save toured places and share with others. The software maps the earth by the superimposition of images obtained from satellite imagery, aerial photography and GIS 3D globe. Google Earth is undoubtedly a very impressive application, and it is extremely hard not to admire the wealth of features that it offers. Its satellite images are unrivaled, it provides useful and accurate statistical information, and the software has many practical benefits, such as helping to find locations and give driving directions. In terms of functionality, this application earns our highest praise. We use the software on a regular basis on both desktop and mobile devices (the latter under Android). However, while Google Earth is available to download without charge, Google do not release the software under an open source license. In the past there have been attempts to reverse engineer Google Earth and implement its features in an open and extensible way. However, these actions were understandably frowned upon by Google. Instead we prefer to see the development of open source virtual globe software which uses freely licensed or public domain data. While the development of open source virtual globe applications may not, in itself, encourage Google to release its application or data under a similar license, it does give users the option to be able to have the freedom to do what they want. This route also helps to foster greater user community support to drive development often in the form of add-ons and plug-ins. There are a number of applications which are credible open source alternatives to Google Earth. While none of the software applications featured in this article have all of the features offered by Google Earth (although some offer some different features), and they are not exactly comparable, they are all worthy of investigating.

  • Warzone 2100 Lands Vulkan Renderer, Adaptive V-Sync For 20+ Year Old Game

    Warzone 2100 as the real-time strategy/tactics game that first premiered in 1999 before becoming open-source in 2004 and then fully open-source with game data in 2008 is now evolving in 2020 with Vulkan graphics support. The open-source Warzone 2100 game not only has a Vulkan back-end that was merged today but also OpenGL ES 2.0/3.0 support for those wanting to relive this late 90's computer game on mobile/embedded devices having only GLES drivers.

  • [NetBSD] Curses Library Automated Testing

    My GSoC project under NetBSD involves the development of the test framework of curses. This is the final blog report in a series of blog reports; you can look at the first report and second report of the series. The first report gives a brief introduction of the project and some insights into the curses testframe through its architecture and language. To someone who wants to contribute to the test suite, this blog can act as the quick guide of how things work internally. Meanwhile, the second report discusses some of the concepts that were quite challenging for me to understand. I wanted to share them with those who may face such a challenge. Both of these reports also cover the progress made in various phases of the Summer of Code. This being the final report in the series, I would love to share my experience throughout the project. I would be sharing some of the learning as well as caveats that I faced in the project.

  • [NetBSD] RumpKernel Syscall Fuzzing

    The first and second coding period was entirely dedicated to fuzzing rumpkernel syscalls using hongfuzz. Initially a dumb fuzzer was developed to start fuzzing but it soon reached its limits. For the duration of second coding peroid we concentrated on crash reproduction and adding grammar to the fuzzer which yielded in better results as we tested on a bug in ioctl with grammar. Although this works for now crash reproduction needs to be improved to generate a working c reproducer. For the last coding period I have looked into the internals of syzkaller to understand how it pregenerates input and how it mutates data. I have continued to work on integrating buildrump.sh with build.sh. buildrump eases the task fo building the rumpkernel on any host for any target. buildrump.sh is like a wrapper around build.sh to build the tools and rumpkernel from the source relevant to rumpkernel. So I worked to get buildrump.sh working with netbsd-src. Building the toolchain was successfull from netbsd-src. So binaries like rumpmake work just fine to continue building the rumpkernel.

  • Full Circle Magazine #161
  • Bandwidth for Video Conferencing

    For the Linux Users of Victoria (LUV) I’ve run video conferences on Jitsi and BBB (see my previous post about BBB vs Jitsi [1]). One issue with video conferences is the bandwidth requirements. The place I’m hosting my video conference server has a NBN link with allegedly 40Mb/s transmission speed and 100Mb/s reception speed. My tests show that it can transmit at about 37Mb/s and receive at speeds significantly higher than that but also quite a bit lower than 100Mb/s (around 60 or 70Mb/s). For a video conference server you have a small number of sources of video and audio and a larger number of targets as usually most people will have their microphones muted and video cameras turned off. This means that the transmission speed is the bottleneck. In every test the reception speed was well below half the transmission speed, so the tests confirmed my expectation that transmission was the only bottleneck, but the reception speed was higher than I had expected. When we tested bandwidth use the maximum upload speed we saw was about 4MB/s (32Mb/s) with 8+ video cameras and maybe 20 people seeing some of the video (with a bit of lag). We used 3.5MB/s (28Mb/s) when we only had 6 cameras which seemed to be the maximum for good performance.

  • Get involved – Meet the TDF team

    Joining a free and open source software project, such as LibreOffice, is a great way to build your skills, gain experience for future career options, meet new people – and have fun! But sometimes, joining a large and well-established project can be a bit daunting at the start. So here we’ll introduce you to the small team at The Document Foundation, the non-profit entity behind LibreOffice. Most team members oversee certain sub-projects in the LibreOffice community – click on their names to learn more in interviews…

  • Emacs Builders (Together with Richard Stallman) Focus on Learn how to Construct a Extra 'Fashionable' Emacs
  • Lack of Qualified Linux Talent Impedes Enterprise Move to the Clouds

    The Linux Foundation has been working to address the shortage of Linux talent for many years with a combination of training and certification exams. Despite this, the breathtaking growth in Linux adoption, especially as the de facto OS of the cloud, means that there is still a shortage of qualified talent, according to Clyde Seepersad, senior vice president and general manager for training and certification at The Linux Foundation (LF). “We are always supportive of developments in the training ecosystem which help address this gap. In particular, we are finding that demand for our performance-based certification exams continues to be gated by individuals not feeling adequately prepared,” he told LinuxInsider. LF’s certification exams include Certified Kubernetes Administrator, Certified Kubernetes Application Developer, Linux Foundation Certified SysAdmin, and Linux Foundation Certified Engineer. “ACG and LA both have excellent reputations for the quality of their open-source training content so we are pleased to see them come together to better serve the talent development needs of the open-source software ecosystem,” he added.

  • Last phase of the desktop wars?

    Economic pressure will be on Microsoft to deprecate the emulation layer. Partly because it’s entirely a cost center. Partly because they want to reduce the complexity cost of running Azure. Every increment of Windows/Linux convergence helps with that – reduces administration and the expected volume of support traffic. Eventually, Microsoft announces upcoming end-of-life on the Windows emulation. The OS itself , and its userland tools, has for some time already been Linux underneath a carefully preserved old-Windows UI. Third-party software providers stop shipping Windows binaries in favor of ELF binaries with a pure Linux API… …and Linux finally wins the desktop wars, not by displacing Windows but by co-opting it. Perhaps this is always how it had to be.