Language Selection

English French German Italian Portuguese Spanish

New Slack is Out

Filed under
Slack

Despite recent health issues for Patrick, Slackware Linux 10.1 has been release with mostly bug fixes and a few updates. Details and changelog on Slackware.com.

On a related note, here's a nice little summary.

More in Tux Machines

Free Software and FOSS

  • Michael Meeks: 2020-10-01 Thursday

    In talking to a number of friends, one mentioned that the idea of 'gratis everything' is an increasing problem in many FOSS projects. It's interesting, many years back the fashion was to talk about Open Standards (which are of course great) instead of Open Source (which is better). Noawadays that's less popular and I hear people emphasising the vital Freedom from Price (or even reminders to contribute) in place of Software Freedom. Possibly both of these betray an emphasis on users's rights rather than the responsibility to contribute.

  • LibrePlanet 2021 CFS office hours

    The LibrePlanet call for sessions is open now and will be open until November 20 and we want to hear from you! Speaking at a conference, and even submitting a proposal, can be intimidating or hard. Luckily, some great, experienced speakers are volunteering their time to help out during the CFS office hours. Whether you want to propose a talk and want feedback on your idea, proposal wording, talk title, or just advice on how to deal with nerves, there is one more office hour slot scheduled over the next few weeks.

  • Christopher Allan Webber: Spritely website launches, plus APConf video(s)!

    Not bad, eh? Also with plenty of cute characters on the Spritely site (thank you to David Revoy for taking my loose character sketches and making them into such beautiful paintings!) But those cute characters are there for a reason! Spritely is quite ambitious and has quite a few subprojects. Here's a video that explains how they all fit together. Hopefully that makes things more clear! Actually that video is from ActivityPub Conference 2020, the talks of which have now all have their videos live! I also moderated the intro keynote panel about ActivityPub authors/editors. Plus there's an easter egg, the ActivityPub Conference Opening Song! :)

  • Should you be concerned about the Windows XP leak?

    When a game was out of date, and he had developed a whole new gaming engine, he would remove licensed third-party code and toss the source out for all to play with under a GPL license, and see what they came up with. All kinds of mods would be made, but more important, it gave coders a chance to show off their chops.

  • Free Tools for FOSS Governance

    Governance plays a crucial role in our world by determining and defining acceptable ways of interacting and doing business with one other. When governance is done well, it provides a supportive framework that facilitates interaction and fades into the background. When it’s done poorly, things don’t run as smoothly. The same is true within open source projects, where governance is key to providing overall operating guidelines, defining rules of conduct, and stating specific goals.

  • Sintel 10th Anniversary

    Early this morning I read a post from Colin Levy on Twitter informing the open movie Sintel had its 10th anniversary today. Ten years... This project really influenced so many components of my life (especially about the software and licenses I use now). I also met a lot of great people on it and my artworks started to get a lot of visibility at that time. So, I took my stylus, opened Krita 4.4beta2 and started a quick painting to meditate about it. I hope you'll like it! Thank you again Sintel team and happy anniversary!

  • How open source underpins blockchain technology

    One of the more popular operating systems, Linux, is open source. Linux powers the servers for many of the services we feel comfortable sharing personal information on every day.

Programming Leftovers

  • DigitalOcean's Hacktoberfest is Hurting Open Source

    For the last couple of years, DigitalOcean has run Hacktoberfest, which purports to “support open source” by giving free t-shirts to people who send pull requests to open source repositories.

    In reality, Hacktoberfest is a corporate-sponsored distributed denial of service attack against the open source maintainer community.

    So far today, on a single repository, myself and fellow maintainers have closed 11 spam pull requests. Each of these generates notifications, often email, to the 485 watchers of the repository. And each of them requires maintainer time to visit the pull request page, evaluate its spamminess, close it, tag it as spam, lock the thread to prevent further spam comments, and then report the spammer to GitHub in the hopes of stopping their time-wasting rampage.

    The rate of spam pull requests is, at this time, around four per hour. And it’s not even October yet in my timezone.

  • [llvm-dev] [RFC] Backend for Motorola 6800 series CPU (M68k)

    We would like to contribute our supports for Motorola 68000 series CPU (also known as M68k or M680x0) into LLVM. And we want to hear feedbacks from you Here is some background for M68k: Motorola 68000 series CPU was one of the most popular CPUs used by personal computers in the ‘80, including some of the earliest Apple Macintosh. Fast-forwarding to modern days, M68k is still popular among retrocomputing communities - a bunch of people doing cool stuff, mostly porting modern software and systems, on old computers. For example, Planet m68k (http://m68k.info/ <http://m68k.info/>) is a portal and a bulletin board for many communities that focus on specific M68k computer models, Amiga, Atari, Mac68k to name a few, to share their news. Major operating systems like Debian [1] (Adrian in the CC list can back me up on the Debian part) and NetBSD [2] also support M68k. Long story short, there is a big community and a huge amount of developers in this ecosystem. Some of you might remember that LLVM backend for M68k has been brought up in the mailing list sever times. The latest one was in 2018 [3]. Though those attempts never went through, we learned precious lessons: It’s important to show who’s behind this backend, how sustainable they are, and how we can make these changes easy to review. As I illustrated earlier, majorities of the participants in the M68k community are hobbyists and non-profit groups. So do the people behind this backend: Currently there are three core members (CC’ed): Adrian, Artyom, and me. All of us participate in this project as individual contributors. I know the fact that we’re not supported (financially) by any institution or organization will put us in a lower hand when it comes to reliability. However, the quality of the backend has improved quite a lot since the last discussion. We’ve also settled down the code owner / primary maintainer. Not to mention we’ve been working closely with the rest of the M68k community to help us improve the testing. On the financial side, we’re trying to open up a donation campaign (e.g. Patreon). Though that involves many other practical issues so we’re still discussing that. LLVM is an open and inclusive community accepting contributions from talented people all over the world, regardless of their backgrounds. I believe this virtue can still be seen in the support of hardware backends, where each of the targets is judged by its code quality, maintenance, and user base. Rather than which company supports it.

  • Developers Try Again To Upstream Motorola 68000 Series Support In LLVM

    Hobbyist developers are trying once again to get a Motorola 68000 back-end merged into the upstream LLVM compiler. Yes, the M68k processors that are some 30+ years old. The Motorola 68000 series processors have been around since the 80's thanks to the likes of the early Apple Macintosh computers. Fast forward to 2020, the Motorola 68000 is still a popular target for vintage computer enthusiasts and hobbyists. Community developers have worked on improving the Linux kernel support for M68k hardware like early Apple Powerbooks as recently as a few years ago and the compiler support is a continued target. [...] We'll see how this attempt pans out over the weeks ahead if LLVM could finally see a mainline Motorola 68000 series back-end in 2020/2021.

  • Knurling-rs changelog #2

    This is the second weekly changelog for Knurling-rs, our push to sustainably build better tooling for developing and debugging Rust software for embedded systems. Knurling-rs includes a suite of tools that make it easier to develop, log, debug, and test your embedded Rust libraries and applications!

  • Announcing the Portable SIMD Project Group

    We're announcing the start of the Portable SIMD Project Group within the Libs team. This group is dedicated to making a portable SIMD API available to stable Rust users.

  • This Week in Rust 358
  • A look at the main differences of Bourne shell vs. Bash

    Most Linux admins are hard-pressed to avoid the terminal window. It's almost as though it's in your blood to automatically use commands. And when you do, you usually work with Bourne Again Shell, also known as Bash. But what is a shell? It is a program that accepts input from a keyboard and hands it off to the OS. As you type commands, the shell interprets them such that the OS can understand them.

  • Logging in Python – Your One Stop Guide

    Logging is a crucial step to be performed by a programmer during software development. It helps developers to track events happening during the execution of a program, which can be helpful for the future debugging process. If you are a new learner or working on a new project, it is a good practice to use logging for tracking the code flow and for solving errors.

  • Python Monthly September 2020

    Being a Python developer is a fantastic career option. Python is now the most popular language with lots of growing job demand (especially in the fields of Web, Data Science and Machine Learning). You have many job opportunities, you can work around the world, and you get to solve hard problems. One thing that is hard, however, is staying up to date with the constantly evolving ecosystem. You want to be a top-performing python developer, coder, programmer, software developer, but you don’t have time to select from hundreds of articles, videos and podcasts each day.

  • Checking for True or False

    Using is is around 60% slower than if variable (17.4/10.9≈1.596), but using == is 120% slower (24.9/10.9≈2.284)! It doesn’t matter if the variable is actually True or False - the differences in performance are similar (if the variable is True, all three scenarios will be slightly slower).

  • Django bugfix release: 3.1.2

    The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Mariusz Felisiak: 2EF56372BA48CD1B.

  • The Perl Ambassador: Damian Conway

    This month I interview Damian Conway, one of the Guardians of Perl. Damian is computer scientist and excellent communicator—his presentations and courses are widely popular around the world. He was the Adjunct Associate Professor in the Faculty of Information Technology at Melbourne’s Monash University between 2001 and 2010. It was an honour to interview my idol. I enjoyed talking to him and I am sure you would have many “aha” moments. For example, Raku’s built-in grammar construct is inspired by the work of Damian’s Parse::RecDescent.

  • Monthly Report - September

    Well, ever since I decided to go slow on submitting Pull Request, I find it hard to find anything simple and easy to work with. Another reason, I don't spend much time review latest upload on CPAN. Earlier, I would constantly watch every upload on CPAN and find anything needed helping hand. Most of my spare time these days dedicated to "The Weekly Challenge", I rarely find time to review any CPAN module. Having said, I still manage to submit just few to keep the continuity. I struggle to even get 2-digits number each month. Last month, I could only submit 6 Pull Request, at least it is better than August.

  • Searching Internet RFCs

    During the quarantine I was able to find the good side of the home confination: I hadn’t enough time to read a book due to school’s tests, but for my luck, I had enough time for reading one or two Request For Comments (RFC) documents. Since my first days studying computer security, the concept of “protocol” fascinated me. Maybe for their enormous diffusion in almost every computer system, our daily lives heavily depends from these processes. As I say “trust on machines but don’t trust humans”. The RFC approach reminds the open source philosophy, which has the same objective (give everyone the opportunity to learn new things through sharing) and the same propagation channel: the internet. I find it too hard to search for these documents on the IETF website, so I made a fast and efficient script that permits me to download RFCs through a keyword and lets me decide which ones to read and which ones to ignore.

  • Stupid DATA Tricks

    I’ve previously written about Stupid Open Tricks, so know it’s time for some stupid DATA tricks. You probably already know that you can “embed” a file inside a Perl program then read it from the DATA filehandle. David Farrell wrote about this in Perl tokens you should know and he’s the one who reminded me about the curiousity that I’ll demonstrate here.

  • Is Apache Tomcat the right Java application server for you?

    Developers in search of a Java application server have no shortage of options to consider. But before any enterprise selects and ultimately adopts a Java application server for development and deployment, there are multiple variables that need to be considered. Development teams will need to know what exactly the application server will be used for in deployment. Is the main goal to act as a basic file server? And if that's the case, what sorts of file formats will be used the most? Let's compare Apache Tomcat with other servers on the market and examine which one will make the most sense for your situation.

Security Leftovers and DRM

  • Why Web Browser Padlocks Shouldn’t Be Trusted

    On Monday, the Anti-Phishing Working Group (APWG) released a study (PDF) that tracked a large uptick in phishing attacks in Q2 of 2020. The surge involves rogue sites using the cryptographic protocol Transport Layer Security or TLS, most commonly referred to by its legacy name Secure Sockets Layer, or SSL.

    SSL padlocks indicate that a browser is using a secure and encrypted communication pipe to the server hosting the desired website. SSL warnings are also complemented by the additional “HTTPS” indication within a browser address bar, meaning the browser is transmitting information safely using Hypertext Transfer Protocol Secure.

    According to the APWG report, 80 percent of phishing sites used SSL certificates in Q2. Attacks ranged from phishing lures pointing to bogus wire-transfer sites, to social-media platforms Facebook and WhatsApp being pelted with links to shady domains.

  • Security updates for Thursday

    Security updates have been issued by Debian (ruby-json-jwt and ruby-rack-cors), Fedora (xen), SUSE (aspell and tar), and Ubuntu (ruby-gon, ruby-kramdown, and ruby-rack).

  • Who’s Behind Monday’s 14-State 911 Outage?

    Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls for a broad swath of the United States.

  • PowerShell Backdoor Launched from a ShellCode

    Here is a practical example found in the wild. The initial PowerShell script has a VT score of 8/59 (SHA256:f4a4fffaa31c59309d7bba7823029cb211a16b3b187fcbb407705e7a5e9421d3). The script is not heavily obfuscated but the technique used is interesting. It uses the CSharpCodeProvider[1] class: [...]

  • Russian Who [Cracked] LinkedIn, Dropbox Gets 88-Month Prison Term

    A Russian [attacker] was sentenced to more than seven years in a U.S. prison for stealing the logins of 117 million users of LinkedIn, Dropbox and the defunct social media site Formspring, according to federal prosecutors.

    Yevgeniy Nikulin, 32, was convicted in July after a six-day jury trial in San Francisco in what was said to be one of the largest data breaches in U.S. history.

  • WhatsApp update lets you delete images and videos on other people's phones

    A new WhatsApp update will allow users to delete an image, video or gif on someone else’s phone after sending it to them.

    The Expiring Media feature, first spotted by the website WaBetaInfo, causes media to disappear after being viewed within a chat.

    In order to enable the feature, the sender needs to select a “view once” button when sending the image, video or gif.

    [...]

    These features are developed in such a way that users are unable to take a screenshot of the media in order to save the image to their phone or device.

Mozilla and Firefox Promotion, Pale Moon Web Browser 28.14 Released

  • Join the anti-establishment

    Firefox puts people first. In fact, we’re backed by a not-for-profit and our profits go back into making the internet UNFCKING BELIEVABLE FOR YOU. Luckily, we aren’t the only ones who believe that the internet works best when your privacy and security are protected. There are a number of us out there pushing for an internet that is powered by more than a handful of large tech companies, because we believe the more choice you have the better things are for you — and for the web. We vetted these companies for how they treat your data and for their potential to shake up things up. In short: they’re solid.

  • The internet needs our love

    It’s noisy out there. We are inundated with sensational headlines every minute, of every day. You almost could make a full-time job of sorting the fun, interesting or useful memes, feeds and reels from those that should be trashed. It’s hard to know what to pay attention to, and where to put your energy. With so much noise, chaos and division, it seems that one of the only things we all have in common is relying on the internet to help us navigate everything that’s happening in the world, and in our lives.

  • Pale Moon Web Browser 28.14 Released [Ubuntu PPA]

    Pale Moon, an open-source Goanna-based web browser, released version 28.14.0 (and 28.14.1 with quick fix) with stability and security improvements.

  • Mozilla Partners with the African Telecommunications Union to Promote Rural Connectivity

    Mozilla and the African Telecommunications Union (ATU) have signed a Memorandum of Understanding (MOU) for a joint project that will promote rural connectivity in the Africa region. “The project, pegged to the usage of spectrum policy, regulations and practices, is designed to ensure affordable access to communication across the continent,” said ATU Secretary-General John OMO. “Figuring out how to make spectrum accessible, particularly in rural areas, is critical to bringing people online throughout the African continent,” said Mitchell Baker, CEO of Mozilla, “I’m committed to Mozilla making alliances to address this challenge.” While half the world is now connected to the internet, the existing policy, regulatory, financial, and technical models are not fit for purpose to connect the poorer and more sparsely populated rural areas. More needs to be done to achieve the United Nations’ universal access goals by 2030. Clear policy and regulatory interventions that can support innovation, and new business models to speed up progress, are urgently required.

  • This is how we unfck the internet

    We have a once-in-a-lifetime chance to unfck the internet. We should take it. How we talk, work, and play online depends on it. Dramatic? No, Kardashians is dramatic. The truth is we have more than a few problems to deal with. A whole sh*tton of how we communicate is controlled by a few centi-billionaires. That’s a new word for all of us: centi-billionaire. It means worth over $100 billion USD. Each. [...] People deserve to feel safe with the knowledge that their personal information is shielded from hackers, spies and strangers. Let’s Encrypt, an alliance Mozilla helped found, now delivers greater security to over 85% of web transactions — while adding the “s” in “https://” — proving that security is possible on a large scale. With security comes trust, and trust will be the bedrock of a better internet.