One of the things that makes Python so powerful is that you can find a module for almost anything. In this article, I cover Astropy, which was originally developed by the Space Telescope Science Institute for doing astronomy calculations like image processing and observatory calculations. more>>
Build and release is a complicated process. I really don’t need to tell anyone that…but I did anyway. more>>
Through the years, Firefox has enjoyed a reputation as one of the most secure Web browsers on any platform, and it's the default browser for many Linux distros. However, a security exploit appeared this week that has shown users they can't afford to be complacent about security. more>>
Linus Torvalds reported on some GCC compiler warnings that he felt were unnecessary, and he gave his opinion on how they should work instead. Specifically, GCC 5.1 would issue a warning against using a switch statement with a boolean variable, presumably because a boolean would be better handled by a simple if statement. more>>
In my discussion on IRC with "bkidwell" (see the Non-Linux FOSS article for more on our talk), we were discussing how we connect to IRC. My main method is to SSH in to my co-located Raspberry Pi in Austria and connect to a screen session I have running that is constantly connected to IRC with Irssi. This works really well for me, and I never miss messages when I'm away. more>>
The Call for Proposals for PyCon Canada 2015 is ending soon. We've heard that they have been receiving many amazing proposals. It is quite exciting to see the Canadian Python community all together again in November in Toronto.
If you have not yet submitted a talk or had not considered giving one, please be aware that talk slots can be either 5-10 minutes or 25-30 minutes, so whether you have a long form presentation or a quick lightning talk, it is quite exciting and looking forward to see your talk. A few suggestions: something Python related that you find interesting, something you’ve been working on, a tool that you have found helpful, tips and tricks you’d like to share, or ways in which you’ve used Python poorly, but would like to save others the same pain would all be great talks! Submissions are due by this Friday, August 14 so please get yours in today!
As well, if you are interested in running a tutorial session on your favourite topic. Please get in touch with the PyCon Canada team at email@example.com.
The PyCon Canada team is also actively seeking sponsors to help make this event possible. Sponsoring PyCon Canada 2015 is a great way to foster and strengthen your ties with the community, so please reach out to firstname.lastname@example.org.
Please share the word!
And you have need any help at creating your proposal please reach us at email@example.com
For more informations about PyCon Canada 2015, please have a look at the website at https://2015.pycon.ca/.
Ubuntu has received a lot of flack from the community for some of its commercial projects. Placing Amazon ads in Unity's Dash is a classic example of a poorly planned move that flies in the teeth of the community's ethos. A community built on the concepts of freedom and software that empowers the user (instead of some commercial concern) would never take that well. more>>
The editorial staff here at Linux Journal wants to see your skills! Almost every time I'm in the #linuxjournal IRC channel, chit chatting on Google+, or tweeting back and forth on Twitter, I hear about really exciting projects our readers are involved with. more>>
Most of the work I do on computers is done via the command line. When I'm off on vacation somewhere, that means shoddy Wi-Fi and cell-phone tethering. Because cell-phone tethering gets expensive quick (I also have three teenage daughters with which I share a data plan), I try to use free Internet whenever I can. The biggest hassle with that method is dealing with broken SSH sessions. more>>
LibreOffice 5.0 ships this week, and it brings a host of improvements that users will be excited about. more>>
[In June 2015, I gave a commencement address to the graduating class of High Mowing School in New Hampshire. I wrote many drafts for the talk, all toward extemporizing the final thing. My experience with Linux and open-source hackers had an influence on it and gets credit as well. That's why I'm sharing it here.—Doc] more>>
Binary jokes are always fun, and although technically I could say "welcome to issue <BINARY_NUMBER>" every month, it's more fun with nice round numbers li more>>
In my last two articles, I looked at the Django Web application framework, written in Python. Django's documentation describes it as an MTV framework, in which the acronym stands for model, template and views. more>>
In my last article, I started a series on some of the challenges related to spawning secure servers on Amazon EC2. In that column, I discussed some of the overall challenges EC2 presents for security compared to a traditional infrastructure and elaborated on how I configure security groups and manage secrets. more>>
Through the years, I have settled on maintaining my sensitive data in plain-text files that I then encrypt asymmetrically. Although I take care to harden my system and encrypt partitions with LUKS wherever possible, I want to secure my most important data using higher-level tools, thereby lessening dependence on the underlying system configuration. more>>
Debian and Ubuntu are moving to update all C++ packages with GCC5, which was released in April. GCC stands for Gnu Compiler Collection, and it is used to convert source code to executable code and libraries. These compilers are used to build everything from the Linux kernel to user applications, so it's a far-reaching change. more>>
I sometimes get questions when people use my wireless access point, which, for as long as I can remember, has been open to everyone; that is without any form of password protection or encryption. I arguably don't use the access point much myself, as I prefer the wired connection for the higher bandwidth, security and reliability it provides.
Apart from convenience for myself and visitors, the main reason why I leave my wireless access open is that I believe in a free (both as in beer and freedom) internet, built with principles of solidarity rather than exploitation and profitability. In these days of ubiquitous surveillance, freedom often goes hand in hand with anonymity, which implies providing free internet access to everyone.
I also believe that, as more and more services get perniciously transferred to the global internet, access to the network is becoming a basic human right. This is therefore my small contribution to the struggle, now also part of the Réseau Libre project.
So here were my friends question, in essence:
My credit card info was stolen when I used a wifi hotspot in an airport... Should I use open wifi networks?
Is it safe to use my credit card for shopping online?
Here is a modified version of an answer I sent to a friend recently which I thought could be useful to the larger internet community. The short answer is "sorry about that", "it depends, you generally can, but be careful" and "your credit card company is supposed to protect you".Sorry!
First off, sorry to hear that our credit card was stolen in an airport! That has to be annoying... Did the credit card company reimburse you? Normally, the whole point of credit cards is that they protect you in case of theft like this and they are supposed to reimburse you if you credit card gets stolen or abused...The complexity and unreliability of passwords
Now of course, securing every bit of your internet infrastructure helps in protecting against such attacks. However: there is a trade-off! First off, it does makes it more complicated for people to join the network. You need to make up some silly password (which has its own security problems: passwords can be surprisingly easy to guess!) that you will post on the fridge or worst, forget all the time!
And if it's on the fridge, anyone with a view to that darn fridge, be it one-time visitor or sneaky neighbor, can find the password and steal your internet access (although, granted, that won't allow them to directly spy on your internet connection).
In any case, if you choose to use a password, you should use the tricks I wrote in the koumbit wiki to generate the password and avoid writing it on the fridge.The false sense of security of wireless encryption
Second, it can also give a false sense of security: just because a wifi access point appears "secure" (ie. that the communication between your computer and the wifi access point is encrypted) doesn't mean the whole connection is secure.
In fact, one attack that can be done against access points is exactly to masquerade as an existing access point, with no security security at all. That way, instead of connecting to the real secure and trusted access point, you connect to an evil one which spies on our connection. Most computers will happily connect to such a hotspot even with degraded security without warning.
It may be what happened at the airport, in fact. Of course this particular attack would be less likely to happen if you live in the middle of the woods than an airport, but it's some important distinction to keep in mind, because the same attack can be performed after the wireless access point, for example by your countryside internet access provider or someone attacking it.
Your best protection for your banking details is to rely on good passwords (for your back account) but also, and more importantly, what we call end-to-end encryption. That is usually implemented using the "HTTPS" with a pad lock icon in your address bar. This ensures that the communication between your computer and the bank or credit card company is secure, that is: that no wifi access point or attacker between your computer and them can intercept your credit card number.The flaws of internet security
Now unfortunately, even the HTTPS protocol doesn't bring complete security. For example, one attack that can be done is similar to the previous one and that is to masquerade as a legitimate bank site, but either strip out the encryption or even fake the encryption.
So you also need to look at the address of the website you are visiting. Attackers are often pretty clever and will use many tricks to hide the real address of the website in the address bar. To work around this, I always explicitly type my bank website address (https://accesd.desjardins.com/ in my case) directly myself instead of clicking on links, bookmarks or using a search engine to find my bank site.
In the case of credit cards, it is much trickier because when you buy stuff online, you end up putting that credit card number on different sites which you do not necessarily trust. There's no good solution but complaining to your credit card company if you believe a website you used has stolen your credit card details. You can also use services like Paypal, Dwolla or Bitcoin that hide your credit card details from the seller, if they support the service.
I usually try to avoid putting my credit card details on sites I do not trust, and limit myself to known parties (e.g. Via Rail, Air Canada, etc). Also, in general, I try to assume the network connection between me and the website I visit is compromised. This forced me to get familiar with online security and use of encryption. It is more accessible to me than trying to secure the infrastructure i am using, because i often do not control it at all (e.g. internet cafes...).
Internet security is unfortunately a hard problem, and things are not getting easier as more things move online. The burden is on us programmers and system administrators to create systems that are more secure and intuitive for our users so, as I said earlier, sorry the internet sucks so much, we didn't think so many people would join the acid trip of the 70s.