Language Selection

English French German Italian Portuguese Spanish

Debian: New Debian Developers and Maintainers, DebConf19 and More

Filed under
Debian
  • New Debian Developers and Maintainers (November and December 2018)

    The following contributors got their Debian Developer accounts in the last two months:

    Abhijith PA (abhijith)
    Philippe Thierry (philou)
    Kai-Chung Yan (seamlik)
    Simon Qhuigley (tsimonq2)
    Daniele Tricoli (eriol)
    Molly de Blanc (mollydb)
    The following contributors were added as Debian Maintainers in the last two months:

    Nicolas Mora
    Wolfgang Silbermayr
    Marcos Fouces
    kpcyrd
    Scott Martin Leggett

  • DebConf19 is looking for sponsors!

    DebConf19 will be held in Curitiba, Brazil from July 21th to 28th, 2019. It will be preceded by DebCamp, July 14th to 19th, and Open Day on the 20th.

    DebConf, Debian's annual developers conference, is an amazing event where Debian contributors from all around the world gather to present, discuss and work in teams around the Debian operating system. It is a great opportunity to get to know people responsible for the success of the project and to witness a respectful and functional distributed community in action.

    The DebConf team aims to organize the Debian Conference as a self-sustaining event, despite its size and complexity. The financial contributions and support by individuals, companies and organizations are pivotal to our success.

  • Nonce sense paper online

    When you create a cryptographic signatures using ECDSA (the elliptic curve digital signature algorithm), you need to come up with the nonce, a 256 bit random number. It is really important to use a different nonce every time, otherwise it is easy for someone else to take your signatures (which might be stored for everyone to read on the Bitcoin blockchain) and calculate your private key using relatively simple math, and with your private key they can spend all your Bitcoins. In fact, there is evidence that people out there continuously monitor the blockchains for signatures with such repeated nonces and immediately extract the money from compromised keys.

    Less well known, but still nothing new to the crypto (as in cryptopgraphy) community is the that an attacker can calculate the key from signature that use different, but similar nonces: For example if they are close by each other (only the low bits differ), or if they differ by exactly a large power of two (only the high bits differ). This uses a fancy and powerful technique based on lattices. Our main contribution here is to bridge crypto (as in cryptopgraphy) and crypto (as in cryptocurrency) and see if such vulnerabilities actually exist out there.

    And indeed, there are some. Not many (which is good), but they do exist, and clearly due to more than one source. Unfortunately, it is really hard to find out who made these signatures, and with which code, so we can only guess about the causes of these bugs. A large number of affected signatures are related to multisig transactions, so we believe that maybe hardware tokens could be the cause here.

  • Jonathan Dowland: Amiga floppy recovery project, part 3: preliminaries

    The first step for my Amiga project was to recover the hardware from my loft and check it all worked.

    When we originally bought the A500 (in, I think, 1991) we bought a RAM expansion at the same time. The base model had a whole 512KiB of RAM, but it was common for people to buy a RAM expander that doubled the amount of memory to a whopping 1 MiB. The official RAM expander was the Amiga 501, which fit into a slot on the underside of the Amiga, behind a trapdoor.

    The 501 also featured a real-time clock (RTC), which was powered by a backup NiCad battery soldered onto the circuit board. These batteries are notorious for leaking over a long enough time-frame, and our Amiga had been in a loft for at least 20 years. I had heard about this problem when I first dug the machine back out in 2015, and had a vague memory that I checked the board at the time and could find no sign of leakage, but reading around the subject more recently made me nervous, so I double-checked.

  • Debian Bug Squash Party Tokyo 2019-01
  • Mario Lang: Please delete me from Planet

    Wow. Hi Debian. Apparently, you've changed even more in a direction I personally never really liked. As a member of a minority group, I feel the need to explain that I highly dislike the way you are currently handling minority groups. And no, I dont feel you are ignoring them. You are giving a select view far too much attention for a technically focused project.

More in Tux Machines

GnuPG 2.2.14 and Kiwi TCMS 6.6

Today in Techrights

Android Leftovers

Raspberry Pi 3 Model B+ First Impressions

I have always been curious about the tiny computer called Raspberry Pi but I didn’t have the time or opportunity to buy one until now. I got the latest version (Raspberry Pi 3 Model B+) along with bundled accessories from AliExpress for $65. I think it was a good deal considering what I got which I will explain to you later on. But before that and for your convenience, here are some quick facts about Raspberry Pi that I got from Wikipedia... Read more