Language Selection

English French German Italian Portuguese Spanish

Enforcing the pyramid of Open Source

Filed under
Security

The well-known log4j security vulnerability of December 2021 triggered a lot of renewed discussions around software supply chain security, and sometimes it has also been said to be an Open Source related issue.

This was not the first software component to have a serious security flaw, and it will not be the last.

What can we do about it?

This is the 10,000 dollar question that is really hard to answer. In this post I hope to help putting some light on to why it is such a hard problem. This comes from my view as an Open Source author and contributor since almost three decades now.

In this post I’m going to talk about security as in how we make our products have less bugs in the code we write and land on purpose. There is also a lot to be said about infrastructure problems such as consumers not verifying dependencies so that when malicious actors purposely destroy a component, users of that don’t notice the problem or supply chain security issues that risk letting bad actors insert malicious code into components. But those are not covered in this blog post!

Read more

More in Tux Machines

Inkscape 1.2 Released with Support for Multi-Page Documents, Numerous Enhancements

Coming almost a year after Inkscape 1.1, the Inkscape 1.2 release is here to introduce a new Page tool that implements support for multiple pages in Inkscape documents. To access the new Page tool, click on the lowest button in the toolbar. The tool also lets you import and export multi-page PDF documents. Also new in Inkscape 1.2 is a ‘Tiling’ Live Path Effect (LPE) that allows for interactive tiling, the ability to import SVG images from Open Clipart, Wikimedia Commons, and other online sources, on-canvas alignment snapping, as well as the ability to edit markers and dash patterns. Read more

What you’ll find inside Inkscape version 1.2

Our annual Spring release has left the building! From offering multiple pages to making tiling super easy and fun, Inkscape 1.2 has something for everyone seeking to Draw Freely. What’s not making a comeback are many of the bugs that were fixed thanks to everyone who tested the earlier versions and shared their feedback with the Inkscape teams. This helps us to improve the program between alpha, beta and final releases. While we cannot possibly mention everything inside version 1.2 in an article, we suggest a test drive of the actual software. Before you download it – or as it’s downloading – we suggest checking out our Inkscape 1.2 video specially prepared to demonstrate some of the most popular new features and updates. Read more

today's howtos

  • Comprehensive Guide to Using FFmpeg to Convert Media Files

    FFmpeg is one of those modern marvels of open source software. It is a suite of libraries and smaller programs to handle video and audio files primarily. It works with images and other multimedia files such as video streaming formats. It has lots of uses like video transcoding, video editing, video scaling, video cropping or other video manipulation work. At its heart FFmpeg is a command line tool used with the ffmpeg command. It has a basic simple video player and ability to probe video media information for analysis. FFmpeg is also included in the workflow of other software like the popular video player VLC. Enterprise companies like YouTube use it in their core processing when ingesting video uploads. Overall FFmpeg can play, record, convert, and stream audio and video. It includes libavcodec – the leading audio/video codec library. In this tutorial we’ll install FFmpeg and learn how to use some its most popular features through practical examples and detailed explanations.

  • Extracting substrings on Linux [Ed: This should say "GNU", not "Linux"]

    There are many ways to extract substrings from lines of text using Linux and doing so can be extremely useful when preparing scripts that may be used to process large amounts of data. This post describes ways you can take advantage of the commands that make extracting substrings easy.

  • How to Install WordPress with Apache and Let's Encrypt SSL on Ubuntu 22.04
  • How to install Godot Mono 3.4.4 on a Chromebook
  • How to install Steam Link on Debian 11 - Invidious

    In this video, we are looking at how to install Steam Link on Debian 11.

Hackers getting married

We had several of our old-time friends from the GNU Project, and some guests with young children still unused to such an international context who soon enough learned to enjoy the sound of different languages and the happy chaos of people meeting for the first time, some more traditional if not formal, others fun and weird. Read more