Language Selection

English French German Italian Portuguese Spanish

Web

Tails 4.5 is out

Filed under
GNU
Linux
Security
Web
Debian

This release fixes many security vulnerabilities. You should upgrade as soon as possible.

Read more

Five Open Source alternatives to Slack

Filed under
OSS
Web

Like Slack, Riot allows you to chat, exchange files, make voice calls, hold video conferences, and work with some bots. The application is developed on the Matrix platform. That has two significant advantages in terms of security and privacy. The data gets store in a private server, and conversations are end-to-end encrypted.

Riot allows it to be installed for free on the servers of any company. Although those interested can also contract it as a managed hosting service. Like Slack, it also has open APIs that allow its integration in a good number of applications, like instant messaging standouts.

Riot has support for both the leading desktop platforms (Windows, macOS, Linux) and mobile (iOS, Android) and web version.

Read more

Kiwi TCMS 8.2 and WordPress Tales

Filed under
Web
  • Kiwi TCMS 8.2

    We're happy to announce Kiwi TCMS version 8.2!

  • Contact Form 7 Datepicker Taken down from WordPress Plugin Repository

    With great power comes great responsibility. Recently a WordPress plugin with as many as 100,000 installations was taken down from WordPress plugin repository due to a severe vulnerability.

    The Wordfence team found a severe vulnerability in Contact Form 7 Datepicker, a WordPress plugin allows to show datepicker in forms created with a very popular plugin Contact Form 7. Though the vulnerability does not affect Contact Form 7 but anyone with Contact Form 7 Datepicker on site, should immediately deactivate and uninstall the plugin from the site.

  • The Month in WordPress: March 2020

    The month of March was both a tough and exciting time for the WordPress open-source project. With COVID-19 declared a pandemic, in-person events have had to adapt quickly – a challenge for any community. March culminated with the release of WordPress 5.4, an exhilarating milestone only made possible by dedicated contributors. For all the latest, read on.

Better than Zoom: Try these free software tools for staying in touch

Filed under
Web

In times like these it becomes all the more important to remember that tools like Zoom, Slack, and Facebook Messenger are not benign public services, and while the sentiment they've expressed to the global community in responding to the crisis may be sincere, it hasn't addressed the fundamental ethical issues with any piece of proprietary software.

After taking the LibrePlanet 2020 conference online, we received a number of requests asking us to document our streaming setup. As the pandemic grew worse, this gave way to more curiosity about how the Free Software Foundation (FSF) uses free tools and free communication platforms to conduct our everyday business. And while the stereotype of hackers hunched over a white on black terminal session applies to us in some ways, many of the tools we use are available in any environment, even for people who do not have a lot of technical experience. We've started documenting ethical solutions on the LibrePlanet wiki, in addition to starting a remote communication mailing list to help each other advocate for their use.

In the suggestions that follow, a few of the tools we will recommend depend upon some "self-reliance," that is, steering clear of proprietary network services by hosting free software solutions yourself, or asking a technical friend to do it for you. It's a difficult step, and the benefits may not be immediately obvious, but it's a key part of preserving your autonomy in an age of ubiquitous digital control.

To those who have the technical expertise and available infrastructure, we urge you to consider hosting instances of free communication platforms for your friends, family, and your community at large. For example, with a modest server and some GNU/Linux knowledge, you could help local students learn in freedom by volunteering to administer an instance of one of the programs we'll be recommending below.

The need to self-host can be an uncomfortable reminder of our dependence on the "cloud" -- the network of someone else's computers -- but acknowledging our current reliance on these providers is the first step in making new, dependable systems for ourselves. During dangerous and stressful times, it's tempting to sideline our ethical commitments for easier or more convenient ways to get things done, and software freedom is no exception. We hope these suggestions will inspire you to inform others about the importance of their freedom, privacy, and security.

Read more

Jitsi Without Google and Videoconferencing as Malware

Filed under
Web
  • Videoconferencing with #privacy

    Videoconferencing is on the rise worldwide with the COVID-19 crisis. But did you know that most videoconferencing software is NOT offering any guarantee about your privacy?

    Even some nice open source software such as Jitsi is relying on some Google services.

  • Zoom Is Leaking Emails And Photos Of Users

    It has reported that the popular video-conferencing app Zoom is leaking email addresses and photos of its users to the unknown people and Zoom is giving strangers the ability to attempt to start a video call with those users.

    Zoom Is Leaking Emails And Photos Of Users

    Zoom meetings are not end-to-end (E2E) encrypted. Zoom’s spokesperson told The Intercept, “It is not possible to enable E2E encryption for Zoom video meetings.”

    In E2E encryption, no one can read your conversation, not even the company.

WordPress 5.4 “Adderley”

Filed under
OSS
Web

Here it is! Named “Adderley” in honor of Nat Adderley, the latest and greatest version of WordPress is available for download or update in your dashboard.

Read more

WordPress 5.4 RC5 and Load Balancing

Filed under
Server
OSS
Web
  • WordPress 5.4 RC5

    The fifth release candidate for WordPress 5.4 is live!

    WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time!

    You can test the WordPress 5.4 release candidate in two ways:

  • Best Performance WordPress with Google Cloud CDN and Load Balancing

    Best Performance WordPress with Google Cloud CDN and Load Balancing. Learn how to setup your WordPress application to handle high traffic with auto-scaling capabilities on Google Cloud Platform using HTTP(S) Layer 7 Load Balancing.

    In this guide you will install WordPress, configure your website to use Google Cloud Storage for media files, setup instance template, auto-scaling group to manage live traffic. You will also configure Google Cloud CDN for your website.

Tails Call for testing: 4.5~rc1

Filed under
Security
Web
Debian

Tails 4.5, scheduled for April 7, will be the first version of Tails to support Secure Boot.

You can help Tails by testing the release candidate for Tails 4.5 now.

Read more

qBittorrent v4.2.2 release

Filed under
Software
Web

There's a "qBittorrent" app on the Windows Store which costs money. It isn't an official release nor it is coming from us. The person publicizing it doesn't have permission to use the qBittorrent name/logo.

Read more

Also: qBittorrent 4.2.2 Released! How to Install it via PPA

Internet: Remote Work, Daniel Stenberg on Curl and QUIC/HTTP/3

Filed under
Software
Web
  • Our Essential List of Free Software for Remote Work

    Team chat has already become an essential tool for teams looking to be more collaborative and less reliant on email. At Purism we use Matrix for team chat, 1 to 1 calls, video conferencing via Jitsi (open source video conferencing), adhoc file sharing and all our community chat channels. Matrix is a distributed (federated) network, similar to email, which means you can communicate across Matrix servers and compatible services.

    You can self host Matrix or use a public instance like our own free Librem Chat service part of Librem One. All the goodness of Matrix conveniently hosted for you and accessible with one account that also gives you access to Librem Social, our hosted Mastodon instance, and our premium services: end-to-end encrypted email and VPN.

    [...]

    Most office-based teams already have email and things like a company newsletter but we thought we’d share how we manage ours. Our company email and Librem Mail are powered by Dovecot and we use GNU Mailman for our newsletter and mailing lists.

  • Daniel Stenberg: A curl dashboard

    When I wrote up my looong blog post for the curl’s 22nd anniversary, I vacuumed my home directories for all the leftover scripts and partial hacks I’d used in the past to produce graphs over all sorts of things in the curl project. Being slightly obsessed with graphs, that means I got a whole bunch of them.

    I made graphs with libreoffice

    I dusted them off and made sure they all created a decent CSV output that I could use. I imported that data into libreoffice’s calc spreadsheet program and created the graphs that way. That was fun and I was happy with the results – and I could also manually annotate them with additional info. I then created a new git repository for the purpose of hosting the statistics scripts and related tools and pushed my scripts to it. Well, at least all the ones that seemed to work and were the most fun.

    Having done the hard work once, it felt a little sad to just have that single moment snapshot of the project at the exact time I created the graphs, just before curl’s twenty-second birthday. Surely it would be cooler to have them updated automatically?

  • A QUIC look at HTTP/3

    Each HTTP session requires a TCP connection which, in turn, requires a three-way handshake to set up. Once that is done, "we can send data in a reliable data stream", Stenberg explained. TCP transmits data in the clear, so everyone can read what is transferred; the same thus holds true for the non-encrypted HTTP protocol. However, 80% of requests today are using the encrypted version, called Hypertext Transfer Protocol Secure (HTTPS), according to statistics of Mozilla (Firefox users) and Google (Chrome users). "The web is getting more and more encrypted", Stenberg explained. HTTPS uses Transport Layer Security (TLS); it adds security on the top of the stack of protocols, which are (in order): IP, TCP, TLS, and HTTP. The cost of TLS is another handshake that increases the latency. In return, we get privacy, security, and "you know you're talking to the right server".

    HTTP/1 required clients to establish one new TCP connection per object, meaning that for each request, the browser needed to create a connection, send the request, read the response, then close it. "TCP is very inefficient in the beginning", Stenberg explained; connections transmit data slowly just after being established, then increase the speed until they discover what the link can support. With only one object to fetch before closing the connection, TCP was never getting up to speed. In addition, a typical web page includes many elements, including JavaScript files, images, stylesheets, and so on. Fetching one object at a time is slow, so browser developers responded by creating multiple connections in parallel.

    That created too many connections to be handled by the servers, so typically the number of connections for each client was limited. The browser had to choose which of its few allowed connections to use for the next object; that led to the so-called "head-of-line blocking" problem. Think of a supermarket checkout line; you might choose the one that looks shortest, only to be stuck behind a customer with some sort of complicated problem. A big TCP efficiency improvement was added for HTTP/1.1 in 1997: open TCP connections can be reused for other requests. That improved the slow-start problem, but not the head-of-line blocking issue, which can be made even worse.

Syndicate content

More in Tux Machines

Android Leftovers

Today in Techrights

Servers: Kuberhealthy, Red Hat and Denuvo DRM

  • K8s KPIs with Kuberhealthy

    Last November at KubeCon San Diego 2019, we announced the release of Kuberhealthy 2.0.0 - transforming Kuberhealthy into a Kubernetes operator for synthetic monitoring. This new ability granted developers the means to create their own Kuberhealthy check containers to synthetically monitor their applications and clusters. The community was quick to adopt this new feature and we’re grateful for everyone who implemented and tested Kuberhealthy 2.0.0 in their clusters. Thanks to all of you who reported issues and contributed to discussions on the #kuberhealthy Slack channel. We quickly set to work to address all your feedback with a newer version of Kuberhealthy. Additionally, we created a guide on how to easily install and use Kuberhealthy in order to capture some helpful synthetic KPIs.

  • Empowering remote teams to collaborate in a WFH world

    Many more people are working at home these days, and although much of this started with COVID-19, remote work from home (WFH) could become standard procedure for businesses around the world. Team members may no longer work on-site, in the same building, but proper communication and collaboration is still the foundation of teamwork. Of course, this means teams need to conduct remote meetings on a regular basis, more than they ever have before. Many of us already attend conference calls all the time, but remote meetings—where every team member is working from home—that is a completely new encounter for most teams.

  • Fedora program update: 2020-22

    Here’s your report of what has happened in Fedora this week. Fedora 30 has reached end-of-life. Elections voting is open through 11 June. I have weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else.

  • Earn a badge with the new IBM Blockchain Foundation Developer course
  • FINOS expands industry presence by joining the Linux Foundation

    Red Hat is part of many communities, and one community that is important to us, and to the financial services industry, is the Fintech Open Source Foundation (FINOS). This community helps drive open source advancements geared specifically towards the unique needs of the financial services firms, accelerating innovation and collaboration through the adoption of open source software, standards, best practices and governance. Red Hat joined FINOS as a Gold Member in spring of 2018, and Red Hat OpenShift is providing the underlying technology for the FINOS Open Developer Platform (ODP), one of the leading venues for community development within the financial services community. Red Hat has also contributed its open source leadership experience to the Open Source Readiness Project, which provides governance and open source legal guidance to banks who are first participating in open source. Additionally, we’ve provided our experience and expertise in the hybrid cloud to help progress the Cloud Services Certification project under FINOS, which works to accelerate firms’ journeys to open source readiness. Red Hat is also an active member of the Linux Foundation, which is dedicated to building sustainable ecosystems around open source projects, with the goal of accelerating technology development and adoption. The Linux Foundation was founded in 2000, and has helped to establish and build some of the most critical open source technologies in use. Additionally, it has expanded its work beyond Linux, to foster innovation at every layer of the stack.

  • Denuvo's Anti-Cheat Software Now Getting Ripped From Games At Record Speed Too

    Remember Denuvo? Back in the far simpler times of 2016-2018, which somehow seem light years better than 2020 despite being veritable dumpster fires in and of themselves, we wrote a series of posts about Denuvo's DRM and how it went from nigh-uncrackable to totally crackable upon games being released with it. Did we take a bit too much pleasure in this precipitous fall? Sure, though our general anti-DRM stance sort of mandated dunking on a company that once touted itself as invincible. Either way, it started to get comical watching publishers release a game with Denuvo, have the game cracked in a matter of days, if not hours, and then release a patch to remove Denuvo entirely from the game.

People in Free Software: Efstathios Iosifidis, Asa Dotzler and Amin Bandali

  • Meet the GNOMEies: Efstathios Iosifidis

    I am a veterinarian and I work at a vet practice. In 2010, my friend Kostas and I had a dream to revive openSUSE community in Greece. Our project was very successful, and the global community trusted us to organize the openSUSE conference in 2013. During that period I got involved in other open source projects and communities. Right now I travel to different cities to attend national and international conferences, I speak and represent open source projects on those events. I was in the organization committee of GUADEC 2019. [...] Do you have any other affiliations you want to share? I am openSUSE member. I also contribute to other communities such as GNU Health, Nextcloud, ONLYOFFICE, ownCloud. Why did you get involved in GNOME? My first distro was Ubuntu and then Fedora. Both using GNOME. During my involvement with openSUSE global community, I met my friend Isabel Valverde. She was into GNOME community and she dragged me into GNOME community. Why are you still involved with GNOME? GNOME is one of the most important open source software/desktop environment. I would like to thank the community that releases new versions with many features. I use a powerful “tool” for free, so the least I can do is translate and promote it so more people can use it. Although I’m involved in other communities, GNOME is one of the most friendly and awesome ones.

  • Asa Dotzler: 20 Years with Mozilla

    Today marks 20 years I’ve been working full-time for Mozilla. As the Mozilla organization evolved, I moved with it. I started with staff@mozilla.org at Netscape 20 years ago, moved to the Mozilla Foundation ~17 years ago, and the Mozilla Corporation ~15 years ago. Thank you to Mitchell Baker for taking a chance on me. I’m eternally grateful for that opportunity.

  • Introducing Amin Bandali, intern with the FSF tech team

    Hi there, I'm Amin Bandali, often just bandali on the interwebs. I wear a few different hats around GNU as a maintainer, Web master, and Savannah hacker, and I'm very excited to be extending that to the Free Software Foundation (FSF) as an intern with the FSF tech team for spring 2020. Growing up around parents with backgrounds in computer engineering and programming, it did not take long for me to find an interest in tinkering and playing with computers as a kid, and I first came into contact with GNU/Linux in my teenage years. My first introduction to the world of free software came a few years later, when a friend kindly pointed out to me that what I had vaguely known and referred to as "open source" software is more properly referred to as free software, and helped me see why "open source" misses the point of free software. After learning about and absorbing the ideas and ideals of free software, I have since become a free software activist. As a computer scientist who enjoys studying and hacking on various programs and sometimes writing my own, I have made a point of releasing all I can under strong copyleft licenses, particularly the GNU AGPL license. My involvement with the GNU Project started in 2016, first as a volunteer Web master, and later as one of the maintainers of GNUzilla and IceCat late last year. Also around the same time, I led a group of volunteers in organizing and holding EmacsConf 2019 as a completely online conference, using only free software tools, much like the excellent LibrePlanet 2020. I love GNU Emacs, and use it more than any other program. GNU Emacs helps me do a wide variety of tasks such as programming, reading and composing emails, and chatting via IRC.