Language Selection

English French German Italian Portuguese Spanish

Login

Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Mozilla: ASan Nightly Project, National Science Foundation (NSF), “Arch” at JSConf EU in Berlin

  • Introducing the ASan Nightly Project
    Every day, countless Mozillians spend numerous hours testing Firefox to ensure that Firefox users get a stable and secure product. However, no product is bug free and, despite all of our testing efforts, browsers still crash sometimes. When we investigate our crash reports, some of them even look like lingering security issues (e.g. use-after-free or other memory corruptions) but the data we have in these reports is often not sufficient for them to be actionable on their own (i.e. they do not provide enough information for a developer to be able to find and fix the problem). This is particularly true for use-after-free problems and some other types of memory corruptions where the actual crash happens a lot later than the memory violation itself. In our automated integration and fuzz testing, we have been using AddressSanitizer (ASan), a compile-time instrumentation, very successfully for over 5 years. The information it provides about use-after-free is much more actionable than a simple crash stack: It not only tells you immediately when the violation happens, but also includes the location where the memory was free’d previously.
  • A Science Fair with $1.6 Million in Prizes
    Across the U.S., community technologists are using creative ideas — like solar-powered Wi-Fi and mesh networks — to connect the unconnected. This August, Mozilla is gathering those projects under one roof for a science fair — and awarding $1.6 million in prizes to the most promising ideas. The event is the final leg of the Wireless Innovation for a Networked Society (WINS) Challenges, a $2 million competition run by the National Science Foundation (NSF) and Mozilla. Launched in 2017, the initiative awards prizes to the people and projects who are connecting unconnected Americans with scalable, secure, and resilient solutions.
  • The Arch: Using Rust & WebAssembly to animate 30k colored LED lights
    In June, Mozilla collaborated with an artist named Ian Brill to create an installation called the “Arch” at JSConf EU in Berlin. This interactive environment allowed people to experience the intersection of art and technology in a physical, pulsating, immersive way. Visitors could view the larger-than-life Arch and experience an ever-changing light show of 30,000 colored LEDs. To support the exhibit, Mozilla engineers built a platform that enabled anyone to use web technologies (with underlying implementation in Rust & WebAssembly) to control the Arch animations and makes the light display interactive. The result was fun and colorful — and it gave developers a chance to interact with unfamiliar new technologies.

Security: Updates, First PGPainless Release, and 'The Cloud'

  • Security updates for Thursday
  • First PGPainless Release!
    PGPainless 0.0.1-alpha1 is the first non-snapshot release and is available from maven central. It was an interesting experience to go through the process of creating a release and I’m looking forward to have many more releases in the future :) The current release contains a workaround for the bug I described in an earlier blog post. The issue was, that bouncycastle wouldn’t mark the public sub keys of a secret key ring as sub keys, which results in loss of keys if the user tries to create a public key ring from the exported public keys. My workaround fixes the issue by iterating through all sub keys of an existing key ring and converting the key packages of subkeys to subkey packages. The code is also available as a gist.
  • Thousands of US voters' data exposed by robocall firm
    A Virginia-based political campaign and robocalling company, which claims it can "reach thousands of voters instantly," left a huge batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password.  The bucket contained close to 2,600 files, including spreadsheets and audio recordings, for several US political campaigns. Kromtech Security's Bob Diachenko, who discovered the exposed data and blogged his findings, shared prior to publication several screenshots of data, packed with voters' full names, home addresses, and political affiliations.
  • Another Day, Another Pile Of Voter Data Left Laying Around On A Public Server
    Leaving private voter or customer data easily accessible on a public-facing server is the hot new fashion trend. You'll recall that it's a problem that has plagued the Defense Department, GOP data firm Deep Root Analytics (198 million voter records exposed), Verizon's marketing partners (6 million users impacted), Time Warner Cable (4 million users impacted), and countless other companies or partners that failed to implement even basic security practices. And it's a trend that shows no sign of slowing down despite repeated, similar stories (much of it thanks to analysis by security researcher Chris Vickery). This week yet another pile of private voter data was left publicly accessible for anybody to peruse. According to analysis by Kromtech Security’s Bob Dianchenko, a Virginia-based political consulting and robocalling company by the name of Robocent publicly exposed 2,600 files, including voter file spreadsheets (including voter phone numbers, names, addresses, political affiliations, gender, voting districts and more) and audio recordings for a number of political campaigns.

Canonical/Ubuntu: End of Ubuntu 17.10, Ubuntu Podcast, Snaps Add Flexibility with Tracks and Canonical Needs Help

  • PSA: Support for Ubuntu 17.10 Ends Today
    Ubuntu 17.10 reaches end of life on July 19, 2018 — which if you haven’t checked your calendar recently, is today. If you have thus far managed to resist the temptation to upgrade to a newer release then alas: today is the day when you need to start thinking about it.
  • Ubuntu Podcast from the UK LoCo: S11E19 – Nineteen Minutes - Ubuntu Podcast
    It’s Season 11 Episode 19 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Ryan are connected and speaking to your brain.
  • Snaps Add Flexibility with Tracks
    Snap packages have a rich set of features beyond getting the latest shiny on your Linux distribution. Tracks enable developers to publish multiple supported releases of their application under the same name. With this enabled, a user can switch tracks at any time to install and use an alternate supported relase of software. Within each track are four standard channels named edge, beta, candidate and stable. The channels represent the risk-level users should expect from the snaps within. Edge snaps (typically built from the latest code committed) would be riskier to use than beta releases, which are more risky than stable releases. By default every application has one ‘latest’ track and the four named channels. Developers can optionally choose whether to supplement that with additional tracks. Further the developer can choose which channels to use within those tracks.
  • Canonical Needs Your Help to Test the Improved Ubuntu 18.04.1 Server Installer
    Canonical's Dimitri John Ledkov put out a call for testing for the Ubuntu community to help them test drive the improved Ubuntu Server installer in the upcoming Ubuntu 18.04.1 LTS point release. Ubuntu 18.04.1 LTS, the first of a total of five scheduled point releases of the long-term supported Ubuntu 18.04 LTS (Bionic Beaver) operating system series is about to be released in approximately one week from the moment of writing, on July 26, 2018, with improved and up-to-date core components and apps.
  • Help Test the New Ubuntu Server Installer
    I only ask because Canonical’s server bods are currently looking for wily folks to help them test an improved version of the new Ubuntu Server installer.

today's howtos