• Michael W. Lucas talks FreeBSD (and whatever else he wants)

• Tor part 1: how-to use Tor

  Installing tor is really easy on OpenBSD. We need to install it, and start its daemon. The daemon will listen by default on localhost on port 9050. On others systems, it may be quite similar, install the tor package and enable the daemon if not enabled by default.

• Tor part 2: hidden service

  In this second Tor article, I will present an interesting Tor feature named hidden service. The principle of this hidden service is to make available a network service from anywhere, with only prerequisites that the computer must be powered on, tor not blocked and it has network access.

• Call for testing: OpenSSH 7.9

  OpenSSH 7.9p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release.

• Slimmer and simpler static atoms

  In Firefox’s code we use the term atom rather than intern, and atom table rather than string intern pool. I don’t know why; those names have been used for a long time.

  Furthermore, Firefox distinguishes between static atoms, which are those that are chosen at compile time and can be directly referred to via an identifier, and dynamic atoms, which are added on-demand at runtime. This post is about the former.

• Home Monitoring with Things Gateway 0.6

  When it comes to smart home devices, protecting the safety and security of your home when you aren’t there is a popular area of adoption. Traditional home security systems are either completely offline (an alarm sounds in the house, but nobody is notified) or professionally monitored (with costly subscription services). Self monitoring of your connected home therefore makes sense, but many current smart home solutions still require ongoing service fees and send your private data to a centralised cloud service.

• WebRender newsletter #25

  As usual, WebRender is making rapid progress. The team is working hard on nailing the remaining few blockers for enabling WebRender in Beta, after which focus will shift to the Release blockers. It’s hard to single out a particular highlight this week as the majority of bugs resolved were very impactful.

• DevEdition 63 Beta 14 Testday, October 12th

  We are happy to let you know that Friday, October 12th, we are organizing Firefox 63 Beta 14 Testday. We’ll be focusing our testing on: Flash Compatibility and Block Autoplay V2.

• Mozilla B-Team: happy bmo push day!Mozilla B-Team: happy bmo push day!

• Mozilla B-Team: happy bmo push day (last friday)

• Firefox removes core product support for RSS/Atom feeds

  from Firefox 64 onwards, RSS/Atom feed support will be handled via add-ons, rather than in-product.

  [...]

  By virtue of being baked into the core of Firefox, these features have long had outsized maintenance and security costs relative to their usage. Making sure these features are as well-tested, modern and secure as the rest of Firefox would take a surprising amount of engineering work, and unfortunately the usage of these features does not justify such an investment: feed previews and live bookmarks are both used in around 0.01% of sessions.

  As one example of those costs, “live bookmarks” use a very old, very slow way to access the bookmarks database, and it would take a lot of time and effort to bring it up to the performance standards we expect from Quantum. Likewise, the feed viewer has its own “special” XML parser, distinct from the main Firefox one, and has not had a significant update in styling or functionality in the last seven years. The engineering work we’d need to bring these features, in their current states, up to modern standards is complicated by how few automated tests there are for anything in this corner of the codebase.

• Firefox Reality 1.0.1 - with recline mode

  Firefox Reality 1.0.1 is now available for download in the Viveport, Oculus, and Daydream app stores. This is a minor point release, focused on fixing several performance issues and adding crash reporting UI and (thanks to popular request!) a reclined viewing mode.

The Linux Foundation LTSI initiative has finished baking its first Linux 4.14-based kernel for longer-term support.

LTSI is the Long-Term Support Initiative hosted by the Linux Foundation that's focused on longer-term kernel support for the likes of consumer electronics. LTSI is apart from the long-term kernels maintained as well by Greg KH and other stakeholders.

Previously LTSI had been tracking the Linux 4.9 kernel and before that Linux 4.1, Linux 3.14, 3.10, 3.4, and 3.0.

Also: LTSI-4.14 is now released

• Google releases Oboe, a C++ library to build high-performance Android audio apps

• 60 percent off: Start your journey in Android app development Be in demand!

• Data Shows User Loyalty to Android Might Be Declining

• Twitter Is Removing The Ability To Create Moments On iOS And Android

• EMUI 9 based on Android Pie is getting several Made-for-India features

• The dirty word: 'Android' wasn't said a single time during the Google Pixel 3 event

• Asus ZenFone 4 Selfie gets Android 8.1 Oreo with ZenUI 5.0

• Supermicro boards were so bug ridden, why would hackers ever need implants?

• New U.S. Weapons Systems Are a Hackers’ [sic] Bonanza, Investigators Find

  The report by the Government Accountability Office concluded that many of the weapons, or the systems that control them, could be neutralized within hours. In many cases, the military teams developing or testing the systems were oblivious to the hackingi [sic].

• Cool Cool Cool Oversight Office Says It's Incredibly Easy To Hack The Defense Dept.'s Weapons Systems

  The GAO points out the DOD has spent more time locking down its accounting systems than its weapons systems, even as the latter has increasingly relied on computer hardware and software to operate. The systems used by the DOD are a melange of commercial and open-source software, which relies on vendors to provide regular updates and patch vulnerabilities. (Unfortunately for the DOD, some vulnerabilities may not have been disclosed to software/hardware vendors by other government agencies like the NSA.) But the DOD gives itself a 21-day window to apply patches and some remote weapons systems may go months without patching because they often need to return from deployment to be patched properly.

  The end result is a network of defense systems riddled with security holes. The GAO says it doesn't take much to commandeer weapons of mass destruction.

• Google Maps for Android Auto gets a refreshed layout with Material design changes

• Google Assistant will soon answer queries on Android lock screens

• Talos: Android trojan resembling Play Store installs sophisticated spyware

• CIRP: Smartphone loyalty hits new high, suggesting Android switchers less targetable for Apple

• Review: 6 Android apps that track your business expenses

• Razer Raiju Mobile is a new Android game controller

With just one week left until the final release, Ubuntu 18.10, dubbed Cosmic Cuttlefish, has reached the final step in its development cycle, Final Freeze. This means that from this point until the final release only critical bugs that affect the ISO images or installers are admitted in the archives.

Of course, the Ubuntu engineers would need community's help to test the ISO images before they hit the stable channels, so they are working on releasing the Release Candidate (RC) images in the coming days on the official ISO tracker for Ubuntu and probably all other official flavors.

Teal has launched a $1,200 “Teal One” drone that runs Linux on a Jetson TX1 module and an Ambarella SoC with PX4 support. The quadcopter can fly at up to 60 mph for 15 minutes and shoot [email protected] video.

Salt Lake City based Teal was launched by CEO George Matus at the age of 17 to pursue his love of FPV drone racing. The company launched a Teal Sport FPV racing drone that runs on an MCU-based KISS flight controller and sells for $499 for a barebones model and $799 fully accessorized. Now, at age 21, Matus has followed up with his promised Teal One, a higher-end, all-purpose, semi-autonomous camera quadcopter.

• AMDGPU DC Gets "PERF_TRACE" To Help With Performance Profiling

  Published on Wednesday was the latest batch of AMDGPU DC display code changes for its eventual inclusion into the AMDGPU DRM driver for mainline past the 4.20~5.0 cycle with that feature merge window being over. The most notable change with this latest AMDGPU DC haul is a new "PERF_TRACE" addition.

  The 26 patches sent out on Wednesday refactor the DCE clock code as well as the DC to SMU interface. Most interesting to us though is this PERF_TRACE feature on Linux. This PERF_TRACE functionality isn't to be confused with the perf subsystem nor the perf-trace user-space utility.

• Removing my favorite feature

  So in a decision that was long overdue, I’m removing the real-time graph from Builder 3.32. I never did a great job of porting that code to optimal Wayland use anyway. It was really designed with Xrender/Xshm in mind where XCopyArea() was cheap and done on the GPU.

• Debian/TeX Live updates 20181009

  During this update some color profiles (icc) that had unclear licenses have been removed, which for now creates problems with the pdfx package. So if you use the pdfx package, please explicitly specify a color profile. The next upload will again allow using pdfx without specifying a profile in which case a default profile is used. I have uploaded already a set of free profiles to CTAN and they arrived in TeX Live, but pdfx package isn’t updated till now.During this update some color profiles (icc) that had unclear licenses have been removed, which for now creates problems with the pdfx package. So if you use the pdfx package, please explicitly specify a color profile. The next upload will again allow using pdfx without specifying a profile in which case a default profile is used. I have uploaded already a set of free profiles to CTAN and they arrived in TeX Live, but pdfx package isn’t updated till now.

• Spinnaker is the next big open source project to watch

  Spinnaker is an open source continuous delivery (CD) platform from Netflix and Google, though it now also has the backing of other major software companies. Spinnaker 1.0 launched last July, so it’s not the newest kid on the block, but the service is slowly but surely gaining momentum now, with users that include Target, Adobe, Daimler and Capital One, as well as a growing ecosystem of vendors who support it.

  Today, after a few years of working on the project without any formal structure in place, the Spinnaker project announced that it is growing up and putting a formal governance system in place at the project’s second community summit in Seattle this week.

• Andy Wingo: heap object representation in spidermonkey

  I was having a look through SpiderMonkey's source code today and found something interesting about how it represents heap objects and wanted to share.

  I was first looking to see how to implement arbitrary-length integers ("bigints") by storing the digits inline in the allocated object. (I'll use the term "object" here, but from JS's perspective, bigints are rather values; they don't have identity. But I digress.) So you have a header indicating how many words it takes to store the digits, and the digits follow. This is how JavaScriptCore and V8 implementations of bigints work.

  Incidentally, JSC's implementation was taken from V8. V8's was taken from Dart. Dart's was taken from Go. We might take SpiderMonkey's from Scheme48. Good times, right??

  When seeing if SpiderMonkey could use this same strategy, I couldn't find how to make a variable-sized GC-managed allocation. It turns out that in SpiderMonkey you can't do that! SM's memory management system wants to work in terms of fixed-sized "cells". Even for objects that store properties inline in named slots, that's implemented in terms of standard cell sizes. So if an object has 6 slots, it might be implemented as instances of cells that hold 8 slots.

  Truly variable-sized allocations seem to be managed off-heap, via malloc or other allocators. I am not quite sure how this works for GC-traced allocations like arrays, but let's assume that somehow it does.

• Pocket Offers New Features to Help People Read, Watch and Listen across iOS, Android and Web

  We know that when you save something to Pocket, there is a reason why. You are saving something you want to learn about, something that fascinates you, something that will help shape and change you. That’s why we’ve worked hard to make Pocket a dedicated, quiet place to focus so that you can come back and absorb what you save when you are ready.

  The trick is, in the reality of our lives, it’s not always that simple. Our lives don’t always have a quiet moment with a coffee cup in hand with Pocket in the other. We have work to do, kids to take care of, school to attend. But with Pocket we’ve always worked hard to ensure that Pocket gives you tools to fit content around your life, freeing you from the moment of distraction and putting you in control.

• OpenBSD's unveil()

  One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.

  The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process's actual job.

• digest 0.6.18

  Earlier today, digest version 0.6.18 arrived on CRAN. It will get uploaded to Debian in due course.

  digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64 and murmur32 algorithms) permitting easy comparison of R language objects.

• Did your first pull request get accepted?

• Clazy 1.4 released

  Clazy 1.4 has been released and brings 10 new checks.

  Clazy is a clang compiler plugin which emits warnings related to Qt best practices. We’ll be showing Clazy at Qt World Summit in Boston, Oct 29-30, where we are a main Sponsor.

• I'd like to interject for a moment

  Mastodon is merely an implementation of Fediverse. As it happens, only one of my Fediverse channels runs on Mastodon (the Japanese language one at Pawoo). Main one still uses Gnusocial, the anime one was on Gnusocial and migrated to Pleroma a few months ago. All of them are communicating using the OStatus protocol, although a movement is afoot to switch to ActivityPub. Hopefully it's more successful than the migration from RSS to Atom was.

  Yet, I noticed that a lot of people fall to the idea that Mastodon is an exclusive brand. Rarely one has to know or care what MTA someone else uses. Microsoft was somewhat successful in establishing Outlook as such a powerful brand to the exclusion of the compatible e-mail software. The maintainer of Mastodon is doing his hardest to present it as a similar brand, and regrettably, he's very successful at that.

• How to level up your organization's security expertise

  IT security is critical to every company these days. In the words of former FBI director Robert Mueller: “There are only two types of companies: Those that have been hacked, and those that will be.”

  At the same time, IT security is constantly evolving. We all know we need to keep up with the latest trends in cybersecurity and security tooling, but how can we do that without sacrificing our ability to keep moving forward on our business priorities?

  No single person in your organization can handle all of the security work alone; your entire development and operations team will need to develop an awareness of security tooling and best practices, just like they all need to build skills in open source and in agile software delivery. There are a number of best practices that can help you level up the overall security expertise in your company through basic and intermediate education, subject matter experts, and knowledge-sharing.

• Red Hat Names Perficient Rising Star Partner of the Year

  Perficient, Inc. (NASDAQ: PRFT) (Perficient), the leading digital transformation consulting firm serving Global 2000 and other large enterprise customers throughout North America, today announced it has been named Rising Star Partner of the Year by Red Hat, Inc. The Rising Star Partner of the Year award, announced yesterday at the Red Hat North America Partner Conference, recognizes Perficient for its demonstrated collaboration and investment within its Red Hat partnership to achieve success in bringing Red Hat technologies and services to customers.

• Red Hat: Telcos must become more efficient to maximise 5G revenues

  Total Telecom sat down with Darrell Jordan-Smith, VP, Communications Service Providers, at Red Hat to discuss the challenges and opportunities facing the global telecoms market, as it prepares for the launch of 5G

• Red Hat announces SMB-focused partner programme overhaul

  Red Hat is working towards a more simplified service for go-to-market strategies for its partners.

  The open source software firm is gathering its partner network at the 2018 North America Partner Conference this week, where it will share some of the work currently being done to modernize, simplify and help it more closely align with its partners.

  "Let me start by saying that working together already "works"," said Red Hat's senior VP of channel sales, Mark Enzweiler. "Red Hat's growth has been fueled by partners, who globally contribute to 75 plus % of our revenue.

• IBM: We're Beating Red Hat Private Cloud Growth
  

  IBM celebrated the one-year anniversary of its Cloud Private platform with a brag that it's already nearly grown as big as Red Hat's OpenShift, which is years older.

  That's going to make things awkward during meetings between the two companies, who are both competitors and partners. Tip for IBM Corp. (NYSE: IBM): Donuts make everything nicer.

• NuoDB Re-Defines the SQL Database, Launches Container-Native Features & Availability for Red Hat OpenShift Container Platform

• Red Hat honors North America Partner Award winners for delivering innovative open source solutions

  Partners are an important multiplier for Red Hat. They play a key role in enabling customer success. One small way we congratulate and celebrate them for the innovation and customer success that they continually deliver is through the Red Hat North America Partner Awards. Last night we recognized this year’s winners at the Red Hat 2018 North America Partner Conference in Maryland.

• Red Hat Virtualization: Supporting multiple NVIDIA virtual GPU workflows in virtualized environment

  With two teenage sons who are passionate about video games, I can’t help but notice NVIDIA and its graphics processing units (GPUs). I’ve learned over the years that more powerful GPUs are continually sought after by gamers for better video game performance. But graphic rendering for video games is not the only application for GPUs: Professional visualization, high performance computing, big data, machine learning, and artificial intelligence are a few leading compute-intensive use cases for GPUs. Multiple GPUs are often deployed to speed interactive rendering of photorealistic images and to accelerate computational performance of real time simulations during product design, as well as to run ground-breaking research and applications.

• MetLife Investment Advisors LLC Has $7.03 Million Holding in Red Hat Inc (NYSE:RHT)

• Performance Assessment Proving Vital for Investment: Red Hat, Inc. (NYSE:RHT)

• Red Hat, Inc. (RHT) Price Watch: Sellers Picking Up Steam!

• Head to Head Contrast: Red Hat (RHT) against Sify Technologies (SIFY)

• Glancy Prongay & Murray LLP Continues Investigation on Behalf of Red Hat, Inc. Investors (RHT)

• Research Analysts’ Weekly Ratings Updates for Red Hat (RHT)

• Red Hat Inc. (RHT) Dips 3.62% for October 10

• Spence Asset Management Purchased 1,169 Shares of Red Hat Inc (RHT)

• Red Hat Inc (RHT) Position Increased by Daiwa SB Investments Ltd.

• Fedora Women’s Day 2018 – Mexico City

  Fedora Women’s Day (FWD) is a day to celebrate and bring visibility to female contributors in open source projects including Fedora. The initiative is led by Fedora’s Diversity and Inclusion team. The number of women in tech have been increasing year over year, further highlighting the importance of a more inclusive culture in tech.

  On September 21, We had our first Fedora Women’s Day in the UAM Azcapotzalco (Mexico City) and we loved to do it.

• Kiwi TCMS winter conference presence

• Updated packages of varnish-6.0.1 with matching vmods, for el6 and el7

• Modularity Test Day 2018-10-12

• PHP version 7.1.23 and 7.2.11

• On flatpak, snap, distros, and software distribution

  I don't think any of Flatpak, Snappy, traditional Linux distros, non-traditional Linux distros, containers, online services, or other forms of software distribution are a good solution for all users. They all fail in some way, and each of them requires continued, ongoing effort to be acceptable even within their limitations.

  This week, there's been some discussion about Flatpak, a software distribution approach that's (mostly) independent of traditional Linux distributions. There's also, Snappy, which is Canonical's similar thing.

  The discussion started with the launch of a new website attacking Flatpak as a technology. I'm not going to link to it, since it's an anonymous attack and rant, and not constructive. I'd rather have a constructive discussion. I'm also not going to link to rebuttals, and will just present my own view, which I hope is different enough to be interesting.

  The website raises the issue that Flatpak's sandboxing is not as good as it should be. This seems to be true. Some of Flatpak's defenders respond that it's an evolving technology, which seems fair. It's not necessary to be perfect; it's important to be better than what came before, and to constantly improve.

• Moving away from the 1.6 freedesktop runtime

  A flatpak runtime contains the basic dependencies that an application needs. It is shared by applications so that application authors don’t have to bother with complicated low-level dependencies, but also so that these dependencies can be shared and get shared updates.

  Most flatpaks these days use the freedesktop runtime or one of its derivates (like the Gnome and KDE runtimes). Historically, these have been using the 1.6 version of the freedesktop runtime which is based on Yocto.

• PostgreSQL 11 RC1 Released!

  The PostgreSQL Global Development Group announces that the first release candidate of PostgreSQL 11 is now available for download. As a release candidate, PostgreSQL 11 RC 1 should be identical to the initial release of PostgreSQL 11, though some more fixes may be applied prior to the general availability of PostgreSQL 11.

• PostgreSQL 11 RC1 Released Ahead Of Stable Release Next Week

  -
  One week from today will hopefully mark the release of the PostgreSQL 11 stable database server release.

  PostgreSQL 11.0 delivers more performance tuning optimizations with that work being never-ending. There are also various other improvements.

Minikube is advertised on the Hello Minikube tutorial page as a simple way to run Kubernetes for Docker. While that documentation is very informative, it is primarily written for MacOS. You can dig deeper for instructions for Windows or a Linux distribution, but they are not very clear. And much of the documentation—like one on installing drivers for Minikube—is targeted at Debian/Ubuntu users.

Four openSUSE Tumbleweed snapshots this week brought new versions of software along with new versions of KDE’s Plasma and Frameworks as well as python-setuptools and many other packages.

The most recent snapshot, 20181009, updated KDE’s Plasma 5.14. The new Plasma version has several new features like the new Display Configuration widget for screen management, which is useful for presentations. The Audio Volume widget has a built in speaker test feature moved from Phonon settings and the Network widget now works for SSH VPN tunnels again. The Global menu now supports GTK applications as well. Mozilla Firefox 62.0.3 fixed a few Common Vulnerabilities and Exposures including a vulnerability in register allocation of JavaScript that can lead to type confusion, which allows for an arbitrary read and write. The cpupower package, which is a collection of tools to examine and tune power, was updated to version 4.19 and deleted some patches that are now part of the mainline. Source-control-management system mercurial 4.7.2 fixed a potential out-of-bounds read in manifest parsing C code. Other packages including in the snapshot were inxi 3.0.26, lftp 4.8.4, libinput 1.12.1, okteta 0.25.4 and vm-install 0.10.04

Snapshot 20181004 included several package updates as well. NetworkManager-openvpn 1.8.6 fixed an endless loop checking for encrypted certificate. The open source antivirus engine clamav 0.100.2 disabled the opt-in minor feature of OnAccess scanning on Linux systems and will re-enabled in a future release. Users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. The Linux Kernel was updated to 4.18.11 and had several fixes for Ext4. Developers using python-setuptools 40.4.3 will see a few changes from the previous 40.2.0 version that was in Tumbleweed like the vendored pyparsing in pkg_resources to 2.2.1. Those using Samba will see a fix for cluster CTDB configuration with the 4.9.1 version. Caching proxy squid 4.3 updated systemd dependencies in squid.service and vlc 3.0.4 improve support for broken HEVC inside MKV.

• Google challenges European Commission's $5 bn Android fine

• Alldocube M5S review: An affordable Chinese 10-inch Android slate with 4G

• Razer Phone 2 release: This new Android flagship is also a gaming powerhouse

• Nokia 3.1 Plus Android One smartphone launches in India

• Hashtag Trending – Android screens your calls; Airtame 2; Amazon's sexist AI

• The Creator of Android Wants to Destroy the Phone as We Know It

• Freedom Mobile is rolling out RCS support for Android Messages

• Grab Sony's CarPlay and Android Auto head unit for just under $300 today

I am glad to announce that the tooling I am working on since the beginning of the year is ready to be used!

Thanks to new features introduced into libhandy 0.0.3 and 0.0.4 and thanks to a few fixes to Adwaita in GTK+ 3.24.1, you can make GTK+ 3 apps adaptive to work both on the desktop and on the upcoming GNOME-based Librem 5 phone.

Also: Purism's Privacy-Focused Librem 5 Linux Phone Will Ship with GNOME 3.32 Desktop

Purism Is Hoping GNOME 3.32 Will Be In Great Shape For Their Librem 5 Smartphone

• Linux Cat Command

• How to create a minimal container image for LXC/LXD with distrobuilder

• How To Install And Use Tor As A Proxy In Ubuntu Or Linux Mint

• How to install WildFly (JBoss) Java Application Server on Ubuntu 18.04

• How to Install Zen Cart on Debian 9

• How to install Odoo 12 on Debian 9

• Continuous random string of text

• 5 Commands to Check Swap space in Linux

• Linux Make Sure /etc/resolv.conf Never Get Updated By DHCP Client

Coming hot on the heels of Krita 4.1.3, which had an unfortunate accident to the TIFF plugin, we’re releasing Krita 4.1.5 today! There’s a lot more than just that fix, though, since we’re currently celebrating the last week of the Krita Fundraiser by having a very productive development sprint in Deventer, the Netherlands.

• How open source repositories like GitHub are a crystal ball into vendors' software roadmaps [Ed: Mac Asay is again promoting Microsoft's GitHub. When does he start working for Microsoft (he tried before)?

• Google open-sources ActiveQA, an AI agent that learns to ask good questions

• Mojang is making some Minecraft libraries open source [Ed: only components, the whole is proprietary]

• Minecraft Java Team Decided to Open Source Two of Their Codes as Libraries

• Security updates for Thursday

• US Weapons Systems Are Easy Cyberattack Targets, New Report Finds

  Specifically, the report concludes that almost all weapons that the DOD tested between 2012 and 2017 have “mission critical” cyber vulnerabilities. “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” the report states. And yet, perhaps more alarmingly, the officials who oversee those systems appeared dismissive of the results.

• Election security groups warn of cyber vulnerabilities for emailed ballots

  Experts from both the private and public sector have warned about the vulnerabilities of online voting for years, but the report comes at a time of heightened alarm about election interference from hostile nation-states or cyber criminals.