Language Selection

English French German Italian Portuguese Spanish

Debian: New Debian Developers and Maintainers, DebConf19 and More

Filed under
Debian
  • New Debian Developers and Maintainers (November and December 2018)

    The following contributors got their Debian Developer accounts in the last two months:

    Abhijith PA (abhijith)
    Philippe Thierry (philou)
    Kai-Chung Yan (seamlik)
    Simon Qhuigley (tsimonq2)
    Daniele Tricoli (eriol)
    Molly de Blanc (mollydb)
    The following contributors were added as Debian Maintainers in the last two months:

    Nicolas Mora
    Wolfgang Silbermayr
    Marcos Fouces
    kpcyrd
    Scott Martin Leggett

  • DebConf19 is looking for sponsors!

    DebConf19 will be held in Curitiba, Brazil from July 21th to 28th, 2019. It will be preceded by DebCamp, July 14th to 19th, and Open Day on the 20th.

    DebConf, Debian's annual developers conference, is an amazing event where Debian contributors from all around the world gather to present, discuss and work in teams around the Debian operating system. It is a great opportunity to get to know people responsible for the success of the project and to witness a respectful and functional distributed community in action.

    The DebConf team aims to organize the Debian Conference as a self-sustaining event, despite its size and complexity. The financial contributions and support by individuals, companies and organizations are pivotal to our success.

  • Nonce sense paper online

    When you create a cryptographic signatures using ECDSA (the elliptic curve digital signature algorithm), you need to come up with the nonce, a 256 bit random number. It is really important to use a different nonce every time, otherwise it is easy for someone else to take your signatures (which might be stored for everyone to read on the Bitcoin blockchain) and calculate your private key using relatively simple math, and with your private key they can spend all your Bitcoins. In fact, there is evidence that people out there continuously monitor the blockchains for signatures with such repeated nonces and immediately extract the money from compromised keys.

    Less well known, but still nothing new to the crypto (as in cryptopgraphy) community is the that an attacker can calculate the key from signature that use different, but similar nonces: For example if they are close by each other (only the low bits differ), or if they differ by exactly a large power of two (only the high bits differ). This uses a fancy and powerful technique based on lattices. Our main contribution here is to bridge crypto (as in cryptopgraphy) and crypto (as in cryptocurrency) and see if such vulnerabilities actually exist out there.

    And indeed, there are some. Not many (which is good), but they do exist, and clearly due to more than one source. Unfortunately, it is really hard to find out who made these signatures, and with which code, so we can only guess about the causes of these bugs. A large number of affected signatures are related to multisig transactions, so we believe that maybe hardware tokens could be the cause here.

  • Jonathan Dowland: Amiga floppy recovery project, part 3: preliminaries

    The first step for my Amiga project was to recover the hardware from my loft and check it all worked.

    When we originally bought the A500 (in, I think, 1991) we bought a RAM expansion at the same time. The base model had a whole 512KiB of RAM, but it was common for people to buy a RAM expander that doubled the amount of memory to a whopping 1 MiB. The official RAM expander was the Amiga 501, which fit into a slot on the underside of the Amiga, behind a trapdoor.

    The 501 also featured a real-time clock (RTC), which was powered by a backup NiCad battery soldered onto the circuit board. These batteries are notorious for leaking over a long enough time-frame, and our Amiga had been in a loft for at least 20 years. I had heard about this problem when I first dug the machine back out in 2015, and had a vague memory that I checked the board at the time and could find no sign of leakage, but reading around the subject more recently made me nervous, so I double-checked.

  • Debian Bug Squash Party Tokyo 2019-01
  • Mario Lang: Please delete me from Planet

    Wow. Hi Debian. Apparently, you've changed even more in a direction I personally never really liked. As a member of a minority group, I feel the need to explain that I highly dislike the way you are currently handling minority groups. And no, I dont feel you are ignoring them. You are giving a select view far too much attention for a technically focused project.

More in Tux Machines

Hey advertisers, track THIS

If it feels like the ads chasing you across the internet know you a little too well, it’s because they do (unless you’re an avid user of ad blockers, in which case this is not for you). Earlier this month we announced Enhanced Tracking Protection on by default for new users in our flagship Firefox Quantum browser as a way to stop third-party cookies in their tracks. If you’re still not sure why you’d want to block cookies, today we’re launching a project called Track THIS to help you recognize what they do. You’re being followed across the web through cookies—small data files stored by your browser—that remember things like language preferences, sites you’ve visited, or what’s in your shopping cart. That might sound generally fine, but it gets shady when data brokers and advertising networks also use cookies to collect information about your internet habits without your consent. You should still have control over what advertisers know about you—if they know anything about you at all—which can be tough when web trackers operate out of sight. Read more Also: Once Again: It's Not Clear The Internet Needs Creepy Targeted Ads

Richard Stallman: Drop the journalism charges against Julian Assange

The US government has persecuted Julian Assange for a decade for Wikileaks' journalism, and now seeks to use his case to label the publishing of leaked secret information as spying. The Free Software Foundation stands for freedom of publication and due process, because they are necessary to exercise and uphold the software freedom we campaign for. The attack on journalism threatens freedom of publication; the twisting of laws to achieve an unstated aim threatens due process of law. The FSF therefore calls on the United States to drop all present and future charges against Julian Assange relating to Wikileaks activities. Accusations against Assange that are unrelated to journalism should be pursued or not pursued based on their merits, giving him neither better nor worse treatment on account of his journalism. Read more

Rugged, Arm-based 7-inch touch-panel supports PoE and CAN

OS support includes Android 6.0, Ubuntu 16.04, and Yocto 2.1 stack with Qt GUI toolkits. There’s also a Chromium embedded web browser and a VNC tool for rapid web app development. Read more

Android Leftovers