Language Selection

English French German Italian Portuguese Spanish

GNOME: Security vulnerability in Epiphany, Nautilus File Operations and More

Filed under
GNOME
  • Security vulnerability in Epiphany Technology Preview

    If you use Epiphany Technology Preview, please update immediately and ensure you have revision 3.29.2-26 or newer. We discovered and resolved a vulnerability that allowed websites to access internal Epiphany features and thereby exfiltrate passwords from the password manager. We apologize for this oversight.

    The unstable Epiphany 3.29.2 release is the only affected release. Epiphany 3.29.1 is not affected. Stable releases, including Epiphany 3.28, are also not affected.

  • Nautilus File Operations

    While unit tests are meant to be fairly short and simple, tackling individual instances of a functionality or component, Nautilus would not really allow us to do that. Due to Nautilus’ nature and its tight relation to I/O operations, unit testing for us meant cherry-picking the simpler functions which we use and testing these. However, for the larger, more important components, we’d rely on integration tests, which represented one of the following items on our list.

  • 23rd of April

    Lo and behold (not as surprising as it was for me considering I am writing this) my project had been accepted and I was about to start my bonding period as an official member and contributor under the GNOME community!

    I doubt I’ll soon (if ever) forget the feelings I went through as I saw my name listed there. At first, I could not find myself. The GNOME projects list kept going and going, I even went past my fellow Nautilus GSOC’er project and would not see my name. Eventually, I saw it, “Tests, profiling and debug framework for Nautilus” with my name on top of it. It just felt both rewarding (as I had been contributing to Nautilus for a while up to that point) and relaxing, knowing I would get to contribute to something I use on my day-to-day work and alongside the people I got to learn so much from, all whilst being a part a of a huge project, whose name is familiar to millions of users.

More in Tux Machines

It Turns Out RISC-V Hardware So Far Isn't Entirely Open-Source

While they are trying to make it an open board, as it stands now Minnich just compares this RISC-V board as being no more open than an average ARM SoC and not as open as IBM POWER. Ron further commented that he is hoping for other RISC-V implementations from different vendors be more open. Read more

Perl 5.28.0 released

Version 5.28.0 of the Perl language has been released. "Perl 5.28.0 represents approximately 13 months of development since Perl 5.26.0 and contains approximately 730,000 lines of changes across 2,200 files from 77 authors". The full list of changes can be found over here; some highlights include Unicode 10.0 support, string- and number-specific bitwise operators, a change to more secure hash functions, and safer in-place editing. Read more

Today in Techrights

Will Microsoft’s Embrace Smother GitHub?

Microsoft has had an adversarial relationship with the open-source community. The company viewed the free Open Office software and the Linux operating system—which compete with Microsoft Office and Windows, respectively—as grave threats. In 2001 Windows chief Jim Allchin said: “Open source is an intellectual-property destroyer.” That same year CEO Steve Ballmer said “Linux is a cancer.” Microsoft attempted to use copyright law to crush open source in the courts. When these tactics failed, Microsoft decided if you can’t beat them, join them. It incorporated Linux and other open-source code into its servers in 2014. By 2016 Microsoft had more programmers contributing code to GitHub than any other company. The GitHub merger might reflect Microsoft’s “embrace, extend and extinguish” strategy for dominating its competitors. After all, GitHub hosts not only open-source software and Microsoft software but also the open-source projects of other companies, including Oracle, IBM, and Amazon Web Services. With GitHub, Microsoft could restrict a crucial platform for its rivals, mine data about competitors’ activities, target ads toward users, or restrict free services. Its control could lead to a sort of surveillance of innovative activity, giving it a unique, macro-scaled insight into software development. Read more