Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Development
Misc
  • Teaching People to Share Technology: Adafruit Founder Limor Fried

    When Adafruit founder Limor Fried was studying electrical engineering and computer science at MIT, she realized she was less interested in the electrical engineering part.

    “What I really liked to do was build stuff,” she said.

    Instead of working on her homework or thesis, Fried spent her time designing hardware projects in her dorm. She built an MP3 player way before Apple made iPods popular.

    “With electronics, you could build anything from an MP3 player to a GPS tracker,” she said.

    [...]

    “Open source hardware is a perfect middle ground. It’s inexpensive and allows you to customize the way you need it,” Fried said. “The code is there. Instructions are there. Anyone can do it. Since it’s open source, people can iterate, tweak, fine-tune to their needs. We are seeing a lot of interest in open source hardware for assistive technologies.”

    Adafruit’s hardware is working for everyone from creative hobbyists to people interested in building things for their smartphones to developers inventing products for the next industrial revolution. Adafruit also worked with computer game company Nvidia to help build its Jetson Nano Developer Kit, which lets users run multiple neural networks for artificial intelligence, machine learning and edge computing.

  • Gcc 4.2.1 to be removed before FreeBSD 13, a firm timeline
    Greetings,
    
    
    
    
    As promised for almost the past decade or so, gcc 4.2.1 will be removed
    from the tree before FreeBSD 13 is branched.
    
    
    
    
    I propose the following timeline for its removal:
    
    
    
    
    2019-08-31: disconnect gcc 4.2.1 from CI build
    
    
    
    
    Turn off -Werror on gcc 4.2.1 platforms
    
    
    
    
    Turn off all gcc 4.2.1 from universe by default (can be turned on)
    
    
    
    
    2019-12-31: Turn off gcc 4.2.1 build by default (can be turned on)
    
    
    
    
    2020-03-31: svn rm gcc 4.2.1 and friends
    
    
    
    
    2020-05-31: svn rm all non-clang platforms not supported by in-tree LLVM or
    converted to ext toolchain.
    
    
    
    
    2020-07-31: svn rm all ext toolchain platforms not supported by re@ release
    scripts
    
    
    
    
    The basic notion is that it’s long past time to have a firm plan for EOL
    gcc 4.2.1 in the tree. There is ample external toolchain support today for
    platforms that need it to build images, though that integration with
    buildworld could use some more polish. It’s now completely sufficient to
    move to the next phase of removing gcc 4.2.1 from the tree.
    
    
    
    
    We already have gcc 6.4 as an xtoolchain on amd64 in CI. This should
    somewhat mitigate the risk for cross-compiler portability. This is a
    long-established part of our CI. We want to retain gcc support for modern
    versions of gcc since its debuggability is higher. Notifications for this
    are currently turned off, but will be enabled soon. It’s expected that this
    always will be working later in the year. We’ll work to update the
    committers guide to reflect this, as well as give a recipe for testing.
    
    
    
    
    The first phase will be at the end of the month. We’ll turn off -Werror on
    gcc 4.2.1 (and MFC it to stable/11 and stable/12). We’ll then stop building
    all platforms that require it as part of CI. New warnings will come up, but
    will no longer waste developer time in trying to fix. Gcc 4.2.1 platforms
    will no longer be built as part of universe, unless you add
    -DMAKE_OBSOLETE_GCC is added to the command line. We plan on implementing
    this by 2019-08-31.
    
    
    
    
    An experimental branch will be created that will remove gcc related bits to
    expose gaps in planning and to come up with a list of action items needed
    to ensure Tier 1 platforms are unaffected by the gcc removal. The timeline
    for this is by the end of September.
    
    
    
    
    Next, we’ll turn off building gcc by default. This will effectively break
    all gcc platforms with in-tree compilers. The external toolchain support we
    have will suffice here, and patches will be accepted for whatever
    integration are needed for these platforms with our current ports /
    packages. The onus for these changes will be squarely on people that want
    the platforms to continue. However, as a stop-gap gcc building can be
    turned on for those people transitioning gcc-only platforms until gcc 4.2.1
    is removed. This will happen on or about 2019-12-31.
    
    
    
    
    After a 3 month transition period, gcc 4.2.1 will be removed from the tree.
    This will be done on or about 2020-03-31.
    
    
    
    
    After an additional 2 month transition period, all those platforms that
    have not integrated with the FreeBSD CI system, work in a make universe
    with the proper packages installed, and are shown to boot on real hardware
    will be removed from the tree. This will happen on or about 2020-05-31.
    
    
    
    
    After an additional 2 month grace period, those platforms that require
    external toolchain integration that aren’t supported by the release
    engineer’s release scripts will be removed. This  will happen on or about
    2020-07-31.
    
    
    
    
    The timeline gives powerpc, mips, mips64, and sparc64 9 months to integrate
    either into an in-tree compiler, or to have a proven external toolchain
    solution. This is on top of the many-years-long warnings about this being
    the end game of the clang integration.
    
    
    
    
    This is the proposed timeline, but should there be a significant issue
    that’s discovered, the timeline can be amended.
    
    
    
    
    Also note: the all toolchains in tree discussions are specifically out of
    bounds here. Let’s remove one compiler and get the infrastructure needed to
    make external toolchains robust before embarking on that discussion.
    
    
    
    
    Comments?
    
    
    
    
    Warner
    
  • FreeBSD 13 Is Preparing To Finally Retire GCC 4.2

    A firm timeline has been established for removing GCC 4.2.1 before next year's FreeBSD 13 release. This timeline includes dropping GCC 4.2.1 from continuous integration builds at the end of the month and turning off GCC 4.2.1 from universe by default. At the end of the calendar year they will turn off GCC 4.2.1 by default and at the end of March is when they will remove the compiler code entirely from their SVN. Next May they also intend to drop non-Clang platforms that are not supported by the in-tree LLVM or converted to an external toolchain. 

  • Designing Continuous Build Systems: Handling Webhooks with Sanic

    After covering how to design a build pipeline and define build directives in the continuous builds series, it’s time to look at handling events from a code repository.

    As internet standards evolved over the years, the HTTP protocol has become more prevalent. It’s easier to route, simpler to implement and even more reliable. This ubiquity makes it easier for applications that traverse or live on the public internet to communicate with each other. As a result of this, the idea of webhooks came to be as an “event-over-http” mechanism.

  • No, Zwift Racing Wasn’t Hacked. Yet. Sorta. Let Me Explain.

    One of the most well-known conferences from a lore standpoint is Def Con, but there are also many other huge ones such as BlackHat, SANS, and RSA, and other vendor-specific ones like BlueHat (run by Microsoft for Microsoft technologies) or government-specific ones. Again, in general the goal of these summits is to learn about security and improve security practices.

    This past Sunday at Def Con (considered one of the more rambunctious events on the circuit) a presentation was given around Zwift and ‘hacking’ it – titled “Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks”. Now one has to understand that while in the ‘mainstream’ the term ‘hacking’ is usually akin to ‘breaking’, in the computer world, the term ‘hacking’ is often a bit more nebulous. Sometimes used interchangeably with ‘tweaking’ or ‘optimizing’, and sometimes used in the less ideal variant such as ‘credit cards were hacked’. So one has to take any usage of that term with a bit of sanity check to see what’s going on.

  • Protecting your organization against privileged identity theft

    What do the top data breaches of the 21st century have in common? Privileged identity abuse. In these breach instances, well-resourced, external actors were able to gain the credentials of users with access to privileged accounts – such as administrative, service or operational accounts – giving them the ability to collect and exfiltrate industrial-scale amounts of data.

More in Tux Machines

OSS Leftovers

  • This Program Makes It Even Easier to Make Deepfakes

    A new method for making deepfakes creates realistic face-swapped videos in real-time, no lengthy training needed. Unlike previous approaches to making deepfakes—algorithmically-generated videos that make it seem like someone is doing or saying something they didn’t in real life—this method works on any two people without any specific training on their faces. Most of the deepfakes that are shared online are created by feeding an algorithm hundreds or thousands of images of a specific face. The algorithm "trains" on that specific face so it can swap it into the target video. This can take hours or days even with access to expensive hardware, and even longer with consumer-grade PC components. A program that doesn’t need to be trained on each new target is another leap forward in making realistic deepfakes quicker and easier to create. [...] On their project website, the researchers say that the project code will eventually be available on GitHub...

  • 5 Free and Open Source CRM Software

    We’re here to save you time by going over some of the most popular free and open source CRM solutions and when you should consider paid system...

  • A free/open tool for making XKCD-style "hand-drawn" charts

    Tim Qian, a "full stack developer and open source activist," has published chart.xkcd, a free/open tool that lets you create interactive, "hand-drawn" charts in the style of XKCD comics. It's pretty fabulous!

  • The Secret Source: Machine Learning and Open Source Come Together

    There was a time when banks and asset managers would dare not talk about their use of AI—and, specifically, machine learning—in public forums, as they either viewed it as taboo or they wanted to hide its power from competitors. The secret, though, is out of the black box.

  • How China became a hero in open source

    China was once a relative zero when it came to software. Not anymore. In both proprietary and open source development, China's influence is growing. Sure, open source has helped to fuel that rise—as Swim.ai CTO Simon Crosby has suggested, "Now [China] can download our best, for free, every day"—but this tells an incomplete story. China may have been a net consumer of code once upon a time, but now has gone from zero to hero in open source.

  • The 7 Best Tools for Open-Source Network Bandwidth Monitoring

    Network bandwidth monitoring is a very specific type of monitoring. What it does is measure the amount of traffic passing a given point on a network. Typically, the measuring point is a router or switch interface but it’s not uncommon to monitor bandwidth utilization of a server’s LAN interface. The important thing here is to realize that all we’re measuring is the amount of traffic. Bandwidth monitoring won’t give you any information about what that traffic is, only how much of it there is. There are several reasons for wanting to monitor network bandwidth utilization. First and foremost, it can help you pinpoint areas of contention. As a network circuit’s utilization grows, its performance starts degrading. This is a fact of life. The more you approach the maximum capacity, the more impact there is on performance. By allowing you to keep an eye on network utilization, bandwidth monitoring tools give you a chance to detect high utilization—and address it—before it becomes noticeable by users. Capacity planning is another major benefit of network monitoring tools. Network circuits—especially long-distance WAN connections—are expensive and will often have only the bandwidth that was required when they were initially installed. While that amount of bandwidth might have been OK back then, it will eventually need to be increased. By monitoring the evolution of your network circuits’ bandwidth utilization, you’ll be able to see which ones need to be upgraded and when. Bandwidth monitoring tools can also be useful for troubleshooting poor application performance. When a user complains that some remote application has slowed down, looking at the network bandwidth utilization can give you a pretty good idea whether or not the problem is caused by network congestion. If you see low network utilization, you can likely concentrate your troubleshooting efforts elsewhere.

  • Au Revoir DTW

    While I wanted to use it for my tiny, crazy, work in progress thoughts, I find that it was increasingly being subsumed by my new shiny Mastodon. And as the volume of things I write now scales up, I do not want another place to maintain.

  • How To Promote Real Social Good

    It was big news this week when the nation’s most powerful chief executives finally acknowledged that corporations should contribute more to society than maximizing shareholder value. [...] This news story caught our attention here at Purism because we have been thinking about how to build a company that promotes social good. Our company was incorporated in Washington State as a Social Purpose Corporation. [...] We at Purism are grateful to the many US states offering to give companies the freedom to actually benefit society, rather than contribute to its ills. We believe that consumers who really care about their freedom, privacy, and security, or other issues like climate change, seek out companies like ours that exist, first and foremost, to do something important that can better people’s lives. We use capitalism, and the corporate form, to build a sustainable company that can continue to serve our mission. Making money is a means to an end, not the end itself. We exist for our customers, not for our shareholders, and our shareholders back us because know the social good that comes from our efforts. People parting with their hard-earned money for products and services deserve that much.

Security Leftovers

  • Security Researchers Find Several Bugs in Nest Security Cameras

    Researchers Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered the vulnerabilities and disclosed them publicly on August 19. The two found eight vulnerabilities that are based in the Nest implementation of the Weave protocol. The Weave protocol is designed specifically for communications among Internet of Things or IoT devices.

  • Better SSH Authentication with Keybase

    With an SSH CA model, you start by generating a single SSH key called the CA key. The public key is placed on each server and the server is configured to trust any key signed by the CA key. This CA key is then used to sign user keys with an expiration window. This means that signed user keys can only be used for a finite, preferably short, period of time before a new signature is needed. This transforms the key management problem into a user management problem: How do we ensure that only certain people are able to provision new signed SSH keys?

  • Texas ransomware attacks deliver wake-up call to cities [iophk: Windows TCO]

    The Texas Department of Information Resources has confirmed that 22 Texas entities, mostly local governments, have been hit by the ransomware attacks that took place late last week. The department pointed to a “single threat actor” as being responsible for the attacks, which did not impact any statewide systems.

  • Texas Ransomware Attack

    On Security Now, Steve Gibson talks about a huge ransomware attack. 23 cities in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th.

  • CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry

    Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side. This was added to address the Java deserialization vulnerability disclosed in CVE-2014-1972. In the fix for the previous vulnerability, the HMACs were compared by string comparison, which is known to be vulnerable to timing attacks.

GNOME Feeds is a Simple RSS Reader for Linux Desktops

Feedreader, Liferea, and Thunderbird are three of the most popular desktop RSS readers for Linux, but now there’s a new option on the scene. GNOME Feeds app is simple, no-frills desktop RSS reader for Linux systems. It doesn’t integrate or sync with a cloud-based service, like Feedly or Inoreader, but you can import a list of feeds via an .opml file. “Power” users of RSS feeds will likely find that GNOME Feeds a little too limited for their needs. But the lean feature set is, arguably, what will make this app appeal to more casual users. Read more

GNU Radio Launches 3.8.0.0, First Minor-Version Release In Six Years

The GNU Radio maintainers have announced the release of GNU Radio 3.8.0.0, the first minor-version release of the popular LimeSDR-compatible software defined radio (SDR) development toolkit in over six years. “It’s the first minor release version since more than six years, not without pride this community stands to face the brightest future SDR on general purpose hardware ever had,” the project’s maintainers announced this week. “What has not changed is the fact that GNU Radio is centred around a very simple truth: Let the developers hack on DSP. Software interfaces are for humans, not the other way around. And so, compared to the later 3.7 releases, nothing has fundamentally modified the way one develops signal processing systems with GNU Radio: You write blocks, and you combine blocks to be part of a larger signal processing flow graph.” Read more