Skip to main content

Feed aggregator

Code Review--an Excerpt from VM Brasseur's New Book Forge Your Future with Open Source

Linux Journal - Thu, 10/18/2018 - 07:00
by VM Brasseur

Excerpt from Forge Your Future with Open Source by VM (Vicky) Brasseur, Copyright © 2018 The Pragmatic Programmers LLC. Reproduced with the permission of the publisher.

Even new programmers can provide a lot of value with their code reviews. You don't have to be a Rockstar Ninja 10x Unicorn Diva programmer with years and years of experience to have valuable insights. In fact, you don't even have to be a programmer at all. You just have to be knowledgable enough to spot patterns. While you won't be able to do a complete review without programming knowledge, you may still spot things that could use some work or clarification.

If you're not a Rockstar Ninja 10x Unicorn Diva programmer, not only is your code review feedback still valuable, but you can also learn a great deal in the process: Code layout, programming style, domain knowledge, best practices, neat little programming tricks you'd not have seen otherwise, and sometimes antipatterns (or "how not to do things"). So don't let the fact that you're unfamiliar with the code, the project, or the language hold you back from reviewing code contributions. Give it a go and see what there is to learn and discover.

"But," you may wail, "how is that even possible?! I don't know how to program very well! How could I ever do anything valuable on a code review?" Calm yourself, friend. You have a lot to offer here. Earlier I mentioned pattern-spotting, and that's a good place to start. If the contribution you're reviewing looks a lot more complicated than everything around it, you've just spotted a potential problem. Does the code use different indentations or variable naming than elsewhere in the file? That's another potential problem. Is the code contribution really long, when everything else in the file is much shorter? That could be a sign something is wrong. You don't have to be that Rockstar Ninja 10x Unicorn Diva programmer to spot these things; you only have to be familiar with programming and—most importantly—you only have to be looking at the code.

Do be careful as you start code review for a project with which you're not very familiar. Some projects would rather not receive reviews from people who aren't yet skilled in the code in question, as those reviews often can contain errors or inconsistencies with how the project typically operates. Inexperienced reviewers also can confuse inexperienced contributors, who might not know that the person providing feedback to them is not very familiar with the code or the project. Always check the CONTRIBUTING file or ask a core contributor before you start reviewing code contributions, rather than risk stepping on toes or providing feedback when none is wanted.

Go to Full Article
Categories: Linux News

elementary OS Juno Released, Plasma 5.14.1 Is Out, Chrome 70 Now Available, Docker Raises New Funding and New Badges for Firefox Users

Linux Journal - Wed, 10/17/2018 - 08:30

News briefs for October 17, 2018.

elementary OS Juno is now available. This new major version sports a ton of updates and improvements with three major goals: 1) "provide a more refined user experience; 2) "improve productivity for new and seasoned users alike"; and 3) "take our developer platform to the next level".

The KDE Project yesterday announced the first point release of the KDE Plasma 5.14 desktop series. Plasma 5.14.1 adds new translations and some important bugfixes. See the changelog for further details.

Chrome 70 is now available. This release removes the controversial change from the last version, and now allows users to stop the browser from automatically signing in to their Google accounts after logging in to one of its apps, The Verge reports. You still need to opt-out and specifically change this setting, however. Other changes include support for progressive web apps on Windows. See the "New in Chrome 70" post for more information on this release.

Docker has raised $92 million in new funding. According to TechCrunch, "the new funding is a signal that while Docker may have lost its race with Google's Kubernetes over whose toolkit would be the most widely adopted, the San Francisco-based company has become the champion for businesses that want to move to the modern hybrid application development and information technology operations model of programming."

Mozilla has created badges for Firefox users who want to show their support. You can grab the code for the badges here. Mozilla notes that the "images are hosted on a Mozilla CDN for convenience and performance only. We do no tracking of traffic to the CDN".

News Distributions elementary OS KDE Plasma Desktop Chrome Google Docker Containers Mozilla Firefox
Categories: Linux News

Keeping Control in the Hands of the User

Linux Journal - Wed, 10/17/2018 - 08:05
by Zack Brown

Various efforts always are underway to implement Secure Boot and to add features that will allow vendors to lock users out of controlling their own systems. In that scenario, users would look helplessly on while their systems refused to boot any kernels but those controlled by the vendors.

The vendors' motivation is clear—if they control the kernel, they can then stream media on that computer without risking copyright infringement by the user. If the vendor doesn't control the system, the user might always have some secret piece of software ready to catch and store any streamed media that could then be shared with others who would not pay the media company for the privilege.

Recently, Chen Yu and other developers tried to submit patches to enhance Secure Boot so that when the user hibernated the system, the kernel itself would encrypt its running image. This would appear to be completely unnecessary, since as Pavel Machek pointed out, there is already uswsusp (userspace software suspend), which encrypts the running image before suspending the system. As Pavel said, the only difference was that uswusp ran in userspace and not kernel space.

Perhaps in an effort to draw Chen into admitting the deeper motives behind the patch submission, Pavel asked Chen to elucidate exactly what security hole his patches addressed and how they would deal with them. Pavel would ask that question over and over again before the end of the discussion, and he would not receive an answer.

Chen offered a variety of justifications for the patch, including letting users do less work, but none of them answered the fundamental question: why was this patch needed as a security enhancement in the first place? And eventually, Pavel called it like he saw it. He said, "Purpose here is to prevent the user from reading/modifying kernel memory content on machine he owns. Strange as it may sound, that is what 'secure' boot requires (and what Disney wants)."

The discussion ended inconclusively, but not utterly. It's clear that Pavel, and a group of core kernel developers including Linus Torvalds, will continue to guard against allowing vendors to control user systems. This seems to be one of the fundamental values of the Linux kernel—to prevent the reemergence of the kind of situation we had in the 1980s, where vendors had ultimate control over virtually all software, while users were at the mercy of business decisions they didn't agree with but could do nothing about.

Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to ljeditor@linuxjournal.com.

Go to Full Article
Categories: Linux News

Canonical Announces Partnership with Eurotech, the Big Four to End Support of TLS 1.0 and 1.1, Sony Using Blockchain for DRM, NETWAYS Web Services Launches IaaS OpenStack, Grey Hat Patching MikroTik Routers and Paul Allen Dies at 65

Linux Journal - Tue, 10/16/2018 - 09:09

News briefs for October 16, 2018.

Canonical announced a partnership with Eurotech to help organizations advance in the IoT realm. In connection with this partnership, Canonical "has published a Snap for the Eclipse Kura project—the popular, open-source Java-based IoT edge framework. Having Kura available as a Snap—the universal Linux application packaging format—will enable a wider availability of Linux users across multiple distributions to take advantage of the framework and ensure it is supported on more hardware. Snap support will also extend on Eurotech's commercially supported version; the Everywhere Software Framework (ESF)."

Apple, Google, Microsoft and Mozilla all announce the end of support for TLS 1.0 and 1.1 standards starting in 2020, ZDNet reports. Chrome and Firefox already support TLS 1.3, and Microsoft and Apple will soon follow suit.

Sony announced it's planning to use the blockchain for digital rights management (DRM). According to the story on Engadget, the company plans to begin with the Sony Global Education written educational materials. This blockchain system is "built on Sony's pre-existing DRM tools, which keep track of the distribution of copyrighted materials, but will have advantages that come with blockchain's inherent security."

NETWAYS Web Services launches IaaS OpenStack. According to the press release, "the Open Source experts from 'NETWAYS Web Services' (NWS) add with OpenStack a customizable, fully managed Infrastructure as a Service (Iaas) to their platform." Customers can choose between SSD or Ceph based packages, and in addition to OpenStack, the platform offers "a diverse selection of Open Source applications for various purposes". If you're interested, you can try NWS OpenStack 30 days for free. For more information and to get started, go here.

A grey-hat hacker is breaking into MikroTik routers and patching them so they can't be compromised by cryptojackers or other attackers. According to ZDNet, the hacker, who goes by Alexey, is a system administrator and claims to have disinfected more then 100,000 MikroTik routers. He told ZDNet that he added firewall rules to block access to the routers from outside the local network, and then "in the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions." Evidently, a few folks have said "thanks", but many are outraged.

Paul Allen—"co-founder of Microsoft and noted technologist, philanthropist, community builder, conservationist, musician and supporter of the arts"—passed away yesterday. See the statements released on behalf of the Allen Family, Vulcan Inc. and the Paul G. Allen network at the Vulcan Inc. website.

News Canonical IOT Snap Apple Microsoft Amazon Mozilla Browsers Sony Blockchain drm OpenStack Security
Categories: Linux News

Have a Plan for Netplan

Linux Journal - Tue, 10/16/2018 - 08:08
by Shawn Powers

Ubuntu changed networking. Embrace the YAML.

If I'm being completely honest, I still dislike the switch from eth0, eth1, eth2 to names like, enp3s0, enp4s0, enp5s0. I've learned to accept it and mutter to myself while I type in unfamiliar interface names. Then I installed the new LTS version of Ubuntu and typed vi /etc/network/interfaces. Yikes. After a technological lifetime of entering my server's IP information in a simple text file, that's no longer how things are done. Sigh. The good news is that while figuring out Netplan for both desktop and server environments, I fixed a nagging DNS issue I've had for years (more on that later).

The Basics of Netplan

The old way of configuring Debian-based network interfaces was based on the ifupdown package. The new default is called Netplan, and although it's not terribly difficult to use, it's drastically different. Netplan is sort of the interface used to configure the back-end dæmons that actually configure the interfaces. Right now, the back ends supported are NetworkManager and networkd.

If you tell Netplan to use NetworkManager, all interface configuration control is handed off to the GUI interface on the desktop. The NetworkManager program itself hasn't changed; it's the same GUI-based interface configuration system you've likely used for years.

If you tell Netplan to use networkd, systemd itself handles the interface configurations. Configuration is still done with Netplan files, but once "applied", Netplan creates the back-end configurations systemd requires. The Netplan files are vastly different from the old /etc/network/interfaces file, but it uses YAML syntax, and it's pretty easy to figure out.

The Desktop and DNS

If you install a GUI version of Ubuntu, Netplan is configured with NetworkManager as the back end by default. Your system should get IP information via DHCP or static entries you add via GUI. This is usually not an issue, but I've had a terrible time with my split-DNS setup and systemd-resolved. I'm sure there is a magical combination of configuration files that will make things work, but I've spent a lot of time, and it always behaves a little oddly. With my internal DNS server resolving domain names differently from external DNS servers (that is, split-DNS), I get random lookup failures. Sometimes ping will resolve, but dig will not. Sometimes the internal A record will resolve, but a CNAME will not. Sometimes I get resolution from an external DNS server (from the internet), even though I never configure anything other than the internal DNS!

Go to Full Article
Categories: Linux News

KDE e.V Receives Generous Handshake Donation, Ubuntu Touch OTA-5 Is Out, Geoclue 2.5 Now Available and Asking for Help, New Code of Conduct Proposal and Internet Freedom Festival

Linux Journal - Mon, 10/15/2018 - 08:50

News briefs for October 15, 2018.

KDE e.V. announces it received a $300,000 USD donation from the Handshake Foundation. According to the KDE blog post, it plans to use $100,000 USD of the donation specifically toward development of the Calligra office suite. Also, KDE celebrated its 22nd anniversary yesterday—Happy Birthday KDE!

UBports announces Ubuntu Touch OTA-5 is out. This over the air update of version 16.04 includes a more stable experience and new features, such as the Morph QtWeb Engine browser, Qt automatic scaling, Kirigami 2 and community art used for wallpapers, notification tones and ringtones.

Geoclue 2.5 is now available, and coder Zeeshan Ali is asking for help. Geoclue uses the Mozilla Location Service (MLS), which was launched in 2013 in connection with its Firefox OS project that has since been abandoned. The service is still running, and users can contribute data, but it isn't being maintained or developed any longer. Zeeshan Ali writes, "If your company relies on MLS (directly or through Geoclue) and you'd want to secure the future of Open Source geolocation, please do get in touch and we can discuss how we could possibly achieve that."

Red Hat developer Ivan Chavero yesterday submitted a new patch for the Linux Code of Conduct. Phoronix reports that the proposal "drops the mention of 'a harassment-free experience for everyone, regardless of age, body-size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality,personal appearance, race, religion, or sexual identity and orientation.' In place Ivan proposes, 'our community an effective and enriching experience to any sentient being in the Universe.'"

The Internet Freedom Festival—"5 Years Joining Forces to Fight Censorship and Surveillance"—is being held in Valencia, Spain, April 1–5, 2019. The call for proposals is open until November 9, 2018. See the IFF website for more details, as well as news and updates from the community.

News KDE Handshake Ubuntu Touch Mobile qt Geoclue Code of Conduct Internet Freedom Festival censorship Community
Categories: Linux News

Chrome OS Stable Channel Gets Linux Apps

Linux Journal - Mon, 10/15/2018 - 06:30
by Philip Raymond

How to get started with Linux Apps for Chromebooks.

After months of user testing in developer and beta channels, the Crostini project at Google finally delivered the goods, Linux apps for most users of Chromebooks in the stable channel—definitely worth the wait. While this still is aimed primarily at developers using Chromebooks, I think there's a good chance these Linux apps will be used and enjoyed by the general public using Chromebooks as well. There's still a bit of a learning curve to overcome before that possibility is realized, but if you already are a user of any Linux distro, it will feel very familiar. Here's an overview of how to install it and what to expect afterward.

After getting the update to version 69, go to Settings and scroll down a bit, and you'll see the option to turn on Linux apps. Figure 1 shows this first step. Note that this isn't available on all Chromebooks; if you're using an older one, you'll have to wait a while before this function is available. If you don't see the option to turn on Linux apps, your Chromebook currently lacks that functionality. But, if you have a Chromebook produced in the past two years, you probably will see the option.

Figure 1. Linux Apps Option

Figure 2. Installing Linux Apps

After it's done installing, you see the terminal appear. From here, you can do as you would with any terminal. I chose to sudo apt-get install the GIMP, Open Shot, Handbrake, Firefox and the GNOME Software Center, which I used to download and install Audacity. The GNOME Software Center provides an easy-to-manage GUI method of finding the more popular Linux apps, but if you prefer the terminal method of using apt-get install, that works just as well and provides more app choices than the GNOME Software Center.

One more thing to note about the GNOME Software Center is that you likely will not see any apps in it after first installing it. You need to reboot first before the apps appear.

If you want to run Firefox on a Chromebook, there are actually two ways to do it. One way is to download and install Firefox from the Google Play Store as an Android app. Now with Linux apps via Crostini, you also can download and install it from the terminal using apt-get install, but it needs to be the extended support release version, Firefox-ESR.

Figures 3–5 show some of my installed apps up and running.

Go to Full Article
Categories: Linux News

Montréal-Python 73: Call for Speakers - Despotic Wagon

Montreal Python - Sun, 10/14/2018 - 23:00

Just in the time for the end of Fall we are officially calling for speakers for our next pythonesque rendez-vous.

Either you want to practice your talk for PyCon Canada, or you would like to present to us your latest discovery, send us your proposition by email at mtlpyteam@googlegroups.com or join us on slack at http://montrealpython.org/en/slackin.

By the way, it's time to buy your ticket for PyCon Canada 2018 at following link: https://2018.pycon.ca/.

When

Monday November 5th, 2018 at 6PM

Where

Shopify, 490 rue de la Gauchetière Montréal, Québec (map)

Schedule

6:00PM - Doors open

6:30PM - Presentations

8:00PM - End of the event

8:15PM - Benelux

Categories: External Blogs

Episode 3: Microsoft and Patents

Linux Journal - Sun, 10/14/2018 - 13:47
Your browser does not support the audio element. Reality 2.0 - Episode 3: Microsoft and Patents

Doc Searls and Katherine Druckman talk to Erich Andersen, Corporate Vice President, Deputy General Counsel at Microsoft and Keith Bergelt, CEO of Open Invention Network about Microsoft's recently announced membership with the Open Invention Network patent community.

Useful links:

https://www.openinventionnetwork.com/pressrelease_details/?id=89

https://azure.microsoft.com/en-us/blog/microsoft-joins-open-invention-network-to-help-protect-linux-and-open-source/

Categories: Linux News

Weekend Reading: Raspberry Pi Projects

Linux Journal - Sat, 10/13/2018 - 06:23
by Carlie Fairchild

The Raspberry Pi has been very popular among hobbyists and educators ever since its launch in 2011. It’s a credit-card-sized single-board computer with a Broadcom BCM 2835 SoC, 256MB to 512MB of RAM, USB ports, GPIO pins, Ethernet, HDMI out, camera header and an SD card slot. The most attractive aspects of the Raspberry Pi are its low cost of $35 and large user community following. Join us this weekend as we explore some cool Raspberry Pi projects.

Raspberry Strudel: My Raspberry Pi in Austria by Kyle Rankin:  In this article, I explain how I was able to colocate a Raspberry Pi and the steps I went through to prepare it for remote management.

Raspberry Pi: the Perfect Home Server by Brian Trapp: If you've got several different computers in need of a consistent and automated backup strategy, the RPi can do that. If you have music and video you'd like to be able to access from almost any screen in the house, the RPi can make that happen too. Maybe you have a printer or two you'd like to share with everyone easily? The Raspberry Pi can fill all those needs with a minimal investment in hardware and time.

Securi-Pi: Using the Raspberry Pi as a Secure Landing Point by Bill Childers: Set up a Raspberry Pi to act as an OpenVPN endpoint, SSH endpoint and Apache server—with all these services listening on port 443 so networks with restrictive policies aren't an issue.

Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi by Chris Jenks: A couple years ago, I decided to go back to school to get a Bachelor's degree. I needed to find a single credit hour to fill for graduation. That one credit hour became an independent study on using the Raspberry Pi (RPi) to create a passive real-time wireless sensor network. I share my work with you here.

Flash ROMs with a Raspberry Pi by Kyle Rankin: In this article, I describe the steps I performed to turn a regular Raspberry Pi running Raspbian into a BIOS-flashing machine.

Go to Full Article
Categories: Linux News

Canonical Announces Plex as a Snap, DuckDuck Go Reaches 30 Million Direct Searches a Day, Purism's Librem 5 Phone to Ship with GNOME 3.32 Desktop, Libre Computer Project Launches the La Frite SBC and Google Releases Oboe

Linux Journal - Fri, 10/12/2018 - 08:57

News briefs for October 12, 2018.

Canonical yesterday announced that Plex has arrived in its Snap Store. You now can download the multimedia platform as a snap for Ubuntu, KDE Neon, Debian, Fedora, Manjaro, OpenSUSE and Zorin. For more details, see the Ubuntu Blog.

DuckDuck Go, the privacy-focused search engine, has reached the milestone of 30 million direct searches a day. According to The Verge and Search Engine Journal, DuckDuck Go's market share is estimated to be .18%, compared with Google's 77% and Bing's 5%; however, DuckDuck Go's traffic is up 50% from last year.

Purism's Librem 5 phone will ship with the GNOME 3.32 desktop, which is scheduled for release March 13, 2019. Softpedia News reports that GNOME developer Adrien Plazas invites "GNOME and GTK+ app developers to adapt their applications to work both on their favorite GNU/Linux distribution and on the upcoming Librem 5 Linux phone, which will use Purism's Debian-based and security-oriented Pure OS operating system by default." See also Adrien's blog post for more details on Librem 5 + GNOME 3.32.

The Libre Computer Project recently announced its new open-source, libre ARM SBC called La Frite. Phoronix reports the new 512MB model will ship for $5 USD, or you can get the 1GB version for $10 USD. In addition, "the $5 ARM SBC is said to be 10x faster than the Raspberry Pi Zero" and also includes real HDMI, Ethernet and USB ports. La Frite, the miniature version of Le Potato SBC supported by mainline Linux and Android 8, should be available in November. See the Kickstarter page for details.

Google yesterday released Oboe, a C++ library for creating real-time audio apps. According to the post on Packt, one of Oboe's main benefits is "the lowest possible audio latency across the widest range of Android devices". See the GitHub repository to get started with Oboe.

News Canonical Plex Snap multimedia DuckDuck Go Privacy Librem 5 Phone Purism GNOME SBCs Embedded Google Android
Categories: Linux News

Doing Date Math on the Command Line, Part I

Linux Journal - Fri, 10/12/2018 - 07:00
by Mitch Frazier

If you've ever used a spreadsheet, you've probably used or seen functions for doing date math—in other words, taking one date and adding some number of days or months to it to get a new date, or taking two dates and finding the number days between them. The same thing can be done from the command line using the lowly date command, possibly with a little help from Bash's arithmetic.

Go to Full Article
Categories: Linux News

Archived a part of my CD collection

Anarcat - Thu, 10/11/2018 - 10:52

After about three days of work, I've finished archiving a part of my old CD collection. There were about 200 CDs in a cardboard box that were gathering dust. After reading Jonathan Dowland's post about CD archival, I got (rightly) worried it would be damaged beyond rescue so I sat down and did some research on the rescue mechanisms. My notes are in rescue and I hope to turn this into a more agreeable LWN article eventually.

I post this here so I can put a note in the box with a permanent URL for future reference as well.

Remaining work

All the archives created were dumped in the ~/archive or ~/mp3 directories on curie. Data needs to be deduplicated, replicated, and archived somewhere more logical.

Inventory

I have a bunch of piles:

  • a spindle of disks that consists mostly of TV episodes, movies, distro and Windows images/ghosts. not imported.
  • a pile of tapes and Zip drives. not imported.
  • about fourty backup disks. not imported.
  • about five "books" disks of various sorts. ISOs generated. partly integrated in my collection, others failed to import or were in formats that were considered non-recoverable
  • a bunch of orange seeds piles
    • Burn Your TV masters and copies
    • apparently live and unique samples - mostly imported in mp3
    • really old stuff with tons of dupes - partly sorted through, in jams4, reste still in the pile
  • a pile of unidentified disks

All disks were eventually identified as trash, blanks, perfect, finished, defective, or not processed. A special needs attention stack was the "to do" pile, and would get sorted through the other piles. each pile was labeled with a sticky note and taped together summarily.

A post-it pointing to the blog post was included in the box, along with a printed version of the blog post summarizing a snapshot of this inventory.

Here is a summary of what's in the box.

Type Count Note trash 13 non-recoverable. not detected by the Linux kernel at all and no further attempt has been made to recover them. blanks 3 never written to, still usable perfect 28 successfully archived, without errors finished 4 almost perfect: but mixed-mode or multi-session defective 21 found to have errors but not considered important enough to re-process total 69 not processed ~100 visual estimate
Categories: External Blogs

FSF Issues Statement on Microsoft Joining OIN, RaspEX Build 181010 Now Available for Raspberry Pi 3 Model B+, OpenShift Container Platform 3.11 Released, Kernel Security Update for CentOS 6 and RHEL 6, and Qt Creator 4.8 Beta Is Out

Linux Journal - Thu, 10/11/2018 - 08:47

News briefs for October 11, 2018.

Following the news of Microsoft joining the Open Invention Network, the Free Software Foundation issued a statement calling on Microsoft to "take additional steps to continue the momentum toward a complete resolution". These steps include "make a clear, unambiguous statement that it has ceased all patent infringement claims on the use of Linux in Android"; "work within OIN to expand the definition of what it calls the 'Linux System' so that the list of packages protected from patents actually includes everything found in a GNU/Linux system"; and "use the past patent royalties extorted from free software to fund the effective abolition of all patents covering ideas in software."

RaspEX Build 181010 is now available for the Raspberry Pi 3 Model B+. It features the Helium Desktop from BunsenLabs Linux, and according to Softpedia News, it's "based on the latest Ubuntu 18.04 LTS (Bionic Beaver) operating system series, using packages from the Debian GNU/Linux 9 'Stretch' and Linaro open source software for ARM SoCs. RaspEX is compatible with Raspberry Pi 2, Raspberry Pi 3, and Raspberry Pi 3 Model B+." See also Arne Exton's release announcement for more details.

Red Hat announced the availability of the OpenShift Container Platform 3.11 release yesterday. eWeek reports that key highlights with this release "are multiple components that have been integrated from the CoreOS Tectonic distribution of Kubernetes, including a new cluster administrator console. Red Hat has also integrated CoreOS' Operator concept into OpenShift making it easier for organizations to deploy cloud native applications."

CentOS and Red Hat announced an important Linux kernel security update for CentOS Linux 6 and Red Hat Enterprise Linux 6 that addresses two vulnerabilities found in those operating systems: CVE-2018-5391 and CVE-2018-14634.Users should update immediately. See the Softpedia News post for details.

Qt Creator 4.8 Beta was released today. This version introduces experimental support for the Language Server Protocol, added some experimental C++ features and added support for running debuggers on one or more executables simultaneously. You can download the open-source version here.

FSF Microsoft OIN patents Android Raspberry Pi Red Hat OpenShift Containers CentOS Security Qt Creator
Categories: Linux News

FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid

Linux Journal - Thu, 10/11/2018 - 07:00
by Matthias Pfau

Seven years ago, we started building Tutanota, an encrypted email service with a strong focus on security, privacy and open source. Long before the Snowden revelations, we felt there was a need for easy-to-use encryption that would allow everyone to communicate online without being snooped upon.

Figure 1. The Tutanota team's motto: "We fight for privacy with automatic encryption."

As developers, we know how easy it is to spy on email that travels through the web. Email, with its federated setup is great, and that's why it has become the main form of online communication and still is. However, from a security perspective, the federated setup is troublesome—to say the least.

End-to-end encrypted email is difficult to handle on desktops (with key generation, key sharing, secure storing of keys and so on), and it's close to impossible on mobile devices. For the average, not so tech-savvy internet user, there are a lot of pitfalls, and the probability of doing something wrong is, unfortunately, rather high.

That's why we decided to build Tutanota: a secure email service that is so easy to use, everyone can send confidential email, not only the tech-savvy. The entire encryption process runs locally on users' devices, and it's fully automated. The automatic encryption also enabled us to build fully encrypted email apps for Android and iOS.

Finally, end-to-end encrypted email is starting to become the standard: 58% of all email sent from Tutanota already are end-to-end encrypted, and the percentage is constantly rising.

Figure 2. Easy email encryption on desktops and mobile devices is now possible for everyone.

The Open-Source Email Service to Get Rid of Google

As open-source enthusiasts, our apps have been open source from the start, but putting them on F-Droid was a challenge. As with all email services, we have used Google's FCM for push notifications. On top of that, our encrypted email service was based on Cordova, which the F-Droid servers are not able to build.

Not being able to publish our Android app on F-Droid was one of the main reasons we started to re-build the entire Tutanota web client. We are privacy and open-source enthusiasts; we ourselves use F-Droid. Consequently, we thought that our app must be published there, no matter the effort.

When rebuilding our email client, we made sure not to use Cordova anymore and to replace Google's FCM for push notifications.

Go to Full Article
Categories: Linux News

Episode 2: Privacy is Personal

Linux Journal - Wed, 10/10/2018 - 10:31
Your browser does not support the audio element. Reality 2.0 - Episode 2: Privacy is Personal

Katherine Druckman talks to Doc Searls about consumer privacy, Main Street, and heart attacks at Walmart.

Links mentioned:

https://twitter.com/torproject/status/1049370119338713088

http://customercommons.org/

Categories: Linux News

Microsoft Joins the Open Invention Network, NVIDIA Announces RAPIDS, Asterisk 16.0.0 Now Available, BlockScout Released and Security Advisory for Debian GNU/Linux 9 "Stretch"

Linux Journal - Wed, 10/10/2018 - 08:54

News briefs for October 10, 2018.

Microsoft has joined the Open Invention Network (OIN), an open-source patent consortium. According to ZDNet, this means "Microsoft has essentially agreed to grant a royalty-free and unrestricted license to its entire patent portfolio to all other OIN members." OIN's CEO Keith Bergelt says "This is everything Microsoft has, and it covers everything related to older open-source technologies such as Android, the Linux kernel, and OpenStack; newer technologies such as LF Energy and HyperLedger, and their predecessor and successor versions."

NVIDIA has just announced RAPIDS, its open-source data analytics/machine learning platform, Phoronix reports. The project is "intended as an end-to-end solution for data science training pipelines on graphics processors", and NVIDIA "laims that RAPIDS can allow for machine learning training at up to 50x and is built atop CUDA for GPU acceleration".

The Asterisk Development Team announces that Asterisk 16.0.0 is now available. This version includes many security fixes, new features and tons of bug fixes. You can download it from here.

BlockScout, the first full-featured open-source Ethereum block explorer tool, was released yesterday by POA Network. The secure and easy-to-use tool "lets users search and explore transactions, addresses, and balances on the Ethereum, Ethereum Classic, and POA Network blockchains". And, because it's open source, anyone can "contribute to its development and customize the tool to suit their own needs".

Debian has published another security advisory for Debian GNU/Linux 9 "Stretch". According to Softpedia News, CVE-2018-15471 was "discovered by Google Project Zero's Felix Wilhelm in the hash handling of Linux kernel's xen-netback module, which could result in information leaks, privilege escalation, as well as denial of service". The patch also addresses CVE-2018-18021, a privilege escalation flaw. The Debian Project recommends that all users of GNU/Linux 9 "Stretch" update kernel packages to to version 4.9.110-3+deb9u6.

News Microsoft open source NVIDIA Machine Learning Asterisk BlockScout Ethereum Cryptocurrency Security Debian GNU/Linux
Categories: Linux News

Creating the Concentration Game PAIRS with Bash, Part II

Linux Journal - Wed, 10/10/2018 - 07:00
by Dave Taylor

Dave finishes up the PAIRS concentration game, only to realize it's too hard to solve!

In my last article, I tossed away my PC card and talked about how I was a fan of the British colonial-era writer Rudyard Kipling. With that in mind, I do appreciate that you're still reading my column.

I was discussing the memory game that the British spy plays with the orphan boy Kim in the book of the same name. The game in question involves Kim being shown a tray of stones of various shapes, sizes and colors. Then it's hidden, and he has to recite as many patterns as he can recall.

The card game Concentration is clearly inspired by the same pattern memorization game, and it's considerably easier to set up: shuffle a deck of cards, place them face down in a grid, then flip pairs to find matches. In the beginning, it's just guessing, of course, but as the game proceeds, it becomes more about spatial memory than luck. Someone with an eidetic memory always will win.

Using letters makes things easy, so I suggested a row, column, notational convention like this:

1 2 3 4 5 6 7 8 9 10 11 12 13 1: [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] 2: [-] [-] [-] [A] [-] [-] [-] [-] [-] [-] [-] [-] [-] 3: [-] [-] [-] [-] [-] [-] [-] [-] [E] [-] [-] [-] [-] 4: [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [Z]

You can represent uppercase letters as a shell array like this:

declare -a letters=(A B C D E F G H I J K L M N O P Q R S T U V W X Y Z)

Unfortunately, Bash doesn't support multidimensional arrays, so you're going to have to represent the grid as a one-dimensional array. It's not too hard though, because the grid is straightforward. Here's an index formula if firstvalue is the first digit and rest is the remainder of the index value:

index=$(( ( ( $firstvalue - 1 ) * 13 ) + $rest ))

The letter "E" in the above grid, at 3,9, would show up in the array as ((3-1)*13)+9 or slot 35.

Shuffle Those Values

The script from my last article already initializes everything in sequential order and defaults to 2 * 13 slots (for simplicity in debugging). The work of the script is really in the shuffle, but it turns out that there's a pretty elegant little shuffle algorithm (shown in a kind of sloppy C for illustrative purposes) floating around the internet that can be tapped for this task:

shuffle { for (i = n-1; i > 0; i-) { int j = rand() % (i+1); swap( array[i], array[j]); } }

Translating this into a shell script and using better variable names, here's what I created:

Go to Full Article
Categories: Linux News

Redis Labs and the "Common Clause"

Linux Journal - Tue, 10/09/2018 - 12:53

So, the short version is that with the recent licensing changes to several Redis Labs modules making them no longer free and open source, GNU/Linux distributions, such as Debian and Fedora, are no longer able to ship Redis Labs' versions of the affected modules to their users.

As a result, we have begun working together to create a set of module repositories forked from prior to the license change. We will maintain changes to these modules under their original open source licenses, applying only free and open fixes and updates.

We are committed to making these available under an open source license permanently, and welcome community involvement.

You can find more background info here:

Redis GoodFORM Debian Fedora licensing open source
Categories: Linux News

New Open-Source GoodFORM Project, Made by Google 2018 Event Today, Asus Chromebook C423, HP Chromebook x360 14 and KDE Launches Plasma 5.14

Linux Journal - Tue, 10/09/2018 - 08:11

News briefs for October 9, 2018.

Redis labs recently added the Commons Clause on top of the Redis open-source, in-memory data structure store, and now open-source developers are forking the code in a new project called GoodFORM. ZDNet quotes Debian project leader Chris Lamb and Fedora developer Nathan Scott's explanation for the need to fork the code: "With the recent licensing changes to several Redis Labs modules making them no longer free and open source, GNU/Linux distributions such as Debian and Fedora are no longer able to ship Redis Labs' versions of the affected modules to their users."

The Made by Google 2018 event kicks off today at 11am ET. 9To5Google reports the company is expected to announce the Pixel 3 and 3 XL, the Google Home Hub and the Google Pixel Slate. You can watch the Made by Google 2018 live event here.

Asus just announced its super-thin Chromebook C423. The company has not released any pricing info or availability date. According to Engadget, it will have a 14" screen, and you can choose between a full HD touchscreen or a non-touchscreen with a 1366x768 pixel resolution. You also will be able to install Android apps on it via Google Play.

And, HP yesterday announced the HP Chromebook x360 14, which is "HP's thinnest Chromebook convertible device" and is "designed make the most of the seamless integration of the Google and Chrome OS ecosystem". It will be available October 21st, starting at $599.

KDE today launched the first release of Plasma 5.14. This release has several new features and bug fixes. Much work went into improving the Discover software manager, a new Firmware Update feature was added and "many subtle user interface improvements give it a smoother feel". Download live images from here.

News Redis licensing Google Hardware Chromebooks HP Asus Android KDE Plasma
Categories: Linux News
Syndicate content