Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
  • A look at how Jitsi became a ‘secure’ open-source alternative to Zoom

    Apart from being open-sourced, Jitsi benefited from endorsements by a few highly-regarded names in the security community. In March, a privacy-focused browser Tor tweeted about the product as an alternative to Zoom.

  • Why the entire open source movement is under threat right now

    To date, the Covid-19 pandemic has affected over 170 technology events worldwide. Some of them have been postponed and others have moved online, but the majority have been cancelled outright.

    This has had a significant impact on the open source community, placing high-profile organizations and projects under mounting financial pressure.

  • dav1d 0.7.0: mobile focus

    The VideoLAN, VLC and FFmpeg communities have been working on a new AV1 decoder, dav1d, in order to create the best and fastest decoder.

  • Dav1d 0.7 Released With More Performance Optimizations

    The VideoLAN team responsible for the dav1d AV1 video decoder have just released dav1d 0.7 as the newest feature release and it comes with more performance optimizations.

    Dav1d 0.7 is bringing around 10% faster decode performance on x86_64 systems while seeing memory usage reduced as much as 25%. Additionally, dav1d 0.7 completes its Assembly code for 8-bit bit-depth content as well as introducing more AVX-512 Assembly.

  • Chromium 83 – packages for Slackware, news about Widevine plugin

    The COVID-19 crisis caused Google to change its release calendar for the Chromium browser sources, and they decided to skip the 82 release altogether, in order to focus on keeping the 81.x versions as safe as possible while working on their upcoming 83 release.

    And so this week, Chromium 83.0.4103.61 was introduced to the “Stable Channel” with lots of bugs fixed, of which 38 are security fixes. There’s also a lot of new and improved features which are introduced in this release but it seems that many of those are only available in Google’s official Chrome binaries.
    One of the notable changes for Chromium users (as opposed to Google Chrome users for which it has always worked this way) is that the Widevine content decryption module is now an official component of the browser. Like with Mozilla Firefox, the Chromium browser will now automatically download the Widevine library into your personal profile and enable access to DRM-protected content. In the URL “chrome://components/” you’ll see Widevine listed as a component, displaying its current version and a “Check for update” button.

  • TenFourFox FPR23b1 available

    TenFourFox Feature Parity Release 23 beta 1 is now available (downloads, hashes, release notes). This version brings various oddiments of image tags up to spec, fixing issues with broken or misdimensioned images on some sites, and also has a semantic upgrade to Content Security Policy which should fix other sites but is most important to me personally because now TenFourFox can directly talk to the web BMC interface on Raptor Talos II and Blackbird systems -- like the one sitting next to the G5. There is also a minor performance tweak to JavaScript strings and the usual security updates. Assuming no major issues, FPR23 should go live on or about June 2nd.

  • 6 ways to optimize your innovation spend

    “Innovation happens at the intersection of functions; it organically comes from people closest to a problem,” says Red Hat CIO Mike Kelly. That’s one reason why he co-locates some of his technology staff with the business units they support.

More in Tux Machines

My Linux story: breaking language barriers with open source

My open source journey started rather late in comparison to many of my peers and colleagues. I was pursuing a post-graduate degree in medicine in 2000 when I managed to fulfill a dream I’d had since high school—to buy my own PC. Before that, my only exposure to computers was through occasional access in libraries or cyber cafés, which charged exorbitant prices for access at that time. So I saved up portions of my grad student stipend and managed to buy a Pentium III 550 Mhz with 128MB RAM, and as came standard in most computers in India at that time, a pirated version of Windows 98. Read more

5 things to look for in an open source alternative to SharePoint

We're entering a collaboration platform renaissance as remote work becomes the norm for enterprises large and small. Microsoft SharePoint—a collaboration platform available on premises or in the cloud—is the de-facto standard for corporations and government agencies. However, SharePoint implementations are infamous for the challenges that prevent their completion. Combine those common speedbumps with shrinking IT budgets and rising collaboration requirements because of remote work, and open source alternatives to SharePoint become well worth a look. Read more

German bill provides network traffic redirection to install state trojans

Preliminary note: This post primarily affects users falling under German jurisdiction, but may apply to other countries as well, where similar laws are already in place or about to be introduced. Unfortunately, some primary sources are German only. According to current status and local knowledge, the German government is about to establish a law that provides the redirection of network traffic through a intelligence agencies' infrastructure in order to exploit security vulnerabilities and, for example, to install a certain type of malware known as Staatstrojaner (state trojans). The bill lists both end-user devices and servers as potential targets, and requires "telecommunication service providers" to establish and maintain infrastructure for transparently redirecting traffic of certain users, households, or IP addresses. "Telecommunication service providers" covers any company providing telecommunication services, thus ranging from cable, DSL or fiber providers to mail, VoIP and messaging vendors. Ultimately, even backbone providers or internet exchanges are covered by this definition. [...] The state trojan was meant to be the ultima ratio when it was introduced in 2009. It could only be used by the Federal Criminal Police Office (Bundeskriminalamt) in case of international terrorism and preventing terrorist attacks. Once such laws were introduced, governments usually get a taste for it. As of today, any police authority may use it even in cases of less severe crimes than terrorism such as counterfeiting money or violations against the Narcotics Act (Betäubungsmittelgesetz, e. g. drug consumption or trafficking). As you can see, compromising devices became increasingly common as a measure at law enforcement agencies. It is probably going to be extended to intelligence agencies within a short amount of time. For obvious historical reasons, the German state only gives certain rights to police and intelligence agencies to avoid too much power being concentrated in one organisation, which could turn it against their people. [...] At IPFire, we fight to protect your network. Frankly, this was complicated enough before governments legalised hacking by intelligence agencies. This German bill will not make anything more secure. Instead, it will turn defense against security vulnerabilities even more into an arms race. This is not an example of "the opposite of good is good intentions". This is beyond dangerous. Imagine, for example, cyber criminals or foreign intelligence agencies (ab)using that redirection infrastructure in order to deploy their malware. Perhaps they will be able to take advantage of some zero day exploits left on some servers in that infrastructure as well (the CIA suffered from a similar breach in 2017). With a blink of an eye, arbitrary malware could be placed on a significant amount of computers compromised that way. Ransomware attacks such as WannaCry or NonPetya come to mind... Imagine compromised machines being vulnerable to other attacks as well, as some security measures have been turned off. Image surveillance abuse. Imagine future governments abusing this feature for persecution of unwanted people or political opponents - with a view at current political events, one may be concerned about personal liberties being restricted. [...] We will start next week by providing advice on whom to trust and how to establish a security-focussed mindset. Afterwards, we focus on specific technical aspects and advise how to configure IPFire machines as secure as possible - as it already implements effective mitigations against those attacks. Read more

today's howtos