Language Selection

English French German Italian Portuguese Spanish

Web

Web Standards

Filed under
Web
  • Inrupt, Tim Berners-Lee's Solid, and Me

    All of this is a long-winded way of saying that I have joined a company called Inrupt that is working to bring Tim Berners-Lee's distributed data ownership model that is Solid into the mainstream. (I think of Inrupt basically as the Red Hat of Solid.) I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now.

    The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things -- your computer, your phone, your IoT whatever -- is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It's yours. If you want your insurance company to have access to your fitness data, you grant it through your pod. If you want your friends to have access to your vacation photos, you grant it through your pod. If you want your thermostat to share data with your air conditioner, you give both of them access through your pod.

  • World wide web founder scales up efforts to reshape internet
  • Sir Tim Berners-Lee's Inrupt is Redesigning the way the web is to Work and Apple is working with them on their Data Transfer Project

    Inrupt, the start-up company founded by Sir Tim Berners-Lee to redesign the way the web works, is expanding its operational team and launching pilot projects in its quest to develop a "massively scalable, production-quality technology platform."

  • Inconsistent user-experiences with native lazy-loading images

    The specification for web browser native support for lazy-loading images landed in the HTML Living Standard a week ago. This new feature lets web developers tell the browser to defer loading an image until it is scrolled into view, or it’s about to be scrolled into view.

    Images account for 49 % of the median webpage’s byte size, according to the HTTP Archive. Lazy image loading can help reduce these images’ impact on page load performance. It can also help lower data costs by clients that never scroll down to images far down on a page.

    Historically, lazy-loading was implemented by responding to changes in the scroll position and tracking the image element’s offset from the top of the page. This could degrade page-scrolling performance. Comparatively, the new native lazy loading for images is easier to implement and doesn’t degrade scrolling performance.

Greenpeace, greenwash, openwash

Filed under
Red Hat
OSS
Web
  • Greenpeace takes open-source approach to finish web transformation

    Greenpeace is working with open source software firm Red Hat to scale and revamp its grassroots engagement platform, Planet 4.

    The project marks a complete re-design of Greenpeace.org’s backend content management systems (CMS), which are now designed to put content on the web and provide a vehicle for driving grassroots environmental action.

  • Greenpeace turns to Red Hat to scale its “Planet 4” global engagement platform
  • Greenpeace turns to open source to finish its web transformation

    In 2016, Greenpeace International decided to try a new way of stimulating grass-level environmental activity via something it called ‘Planet 4’ - a global content management system (CMS) it defined as its new engagement platform. In its original mission statement, it also outlined its expectations for the tool: that it would foster more engagement “when we present ourselves to our supporters, and our potential supporters, through a clear representation of our values with a clear proposition for why we exist, how people can become change agents through our work, and what they can do with us right now”.

Mozilla/WWW: TenFourFox, Markdown, DOM, Firefox Spying ("Glean") and Apple Monopoly

Filed under
Moz/FF
Web
  • TenFourFox FPR20b1 available

    When using FPR20 you should notice ... absolutely nothing. Sites should just appear as they do; the only way you'd know anything changed in this version is if you pressed Command-I and looked at the Security tab to see that you're connected over TLS 1.3, the latest TLS security standard. In fact, the entirety of the debate was streamed over it, and to the best of my knowledge TenFourFox is the only browser that implements TLS 1.3 on Power Macs running Mac OS X. On regular Firefox your clue would be seeing occasional status messages about handshakes, but I've even disabled that for TenFourFox to avoid wholesale invalidating our langpacks which entirely lack those strings. Other than a couple trivial DOM updates I wrote up because they were easy, as before there are essentially no other changes other than the TLS enablement in this FPR to limit the regression range. If you find a site that does not work, verify first it does work in FPR19 or FPR18, because sites change more than we do, and see if setting security.tls.version.max to 3 (instead of 4) fixes it. You may need to restart the browser to make sure. If this does seem to reliably fix the problem, report it in the comments. A good test site is Google or Mozilla itself. The code we are using is largely the same as current Firefox's.

  • Moving to Markdown

    I'm writing this only for those who follows this blog via RSS feed and probably wonders why they had many notifications on their RSS reader. Sorry, this thing happen when upload a new version of my website. So, what's new on this new website? Not much, nothing changed visually... But everything changed under the hood!

  • Semantic markup, browsers, and identity in the DOM

    HTML was initially designed as a semantic markup language, with elements having semantics (meaning) describing general roles within a document. These semantic elements have been added to over time. Markup as it is used on the web is often criticized for not following the semantics, but rather being a soup of divs and spans, the most generic sorts of elements. The Web has also evolved over the last 25 years from a web of documents to a web where many of the most visited pages are really applications rather than documents. The HTML markup used on the Web is a representation of a tree structure, and the user interface of these web applications is often based on dynamic changes made through the DOM, which is what we call both the live representation of that tree structure and the API through which that representation is accessed.

    Browsers exist as tools for users to browse the Web; they strike a balance between showing the content as its author intended versus adapting that content to the device it is being displayed on and the preferences or needs of the user.

    Given the unreliable use of semantics on the Web, most of the ways browsers adapt content to the user rarely depend deeply on semantics, although some of them (such as reader mode) do have significant dependencies. However, browser adaptations of content or interventions that browsers make on behalf of the user very frequently depend on the persistent object identity in the DOM. That is, nodes in the DOM tree (such as sections of the page, or paragraphs) have an identity over the lifetime of the page, and many things that browsers do depend on that identity being consistent over time. For example, exposing the page to a screen reader, scroll anchoring, and I think some aspects of ad blocking all depend on the idea that there are elements in the web page that the browser understands the identity of over time.

  • Chris H-C: This Week in Glean: A Distributed Team Echoes Distributed Workflow

    I was recently struck by a realization that the position of our data org’s team members around the globe mimics the path that data flows through the Glean Ecosystem.

  • Apple May Soon Let You Set Third-Party Mail, Browser Apps as Default on iOS: Report

    Apple has always had its own apps set as defaults in cases like the music player and the browser, Apple Music and Safari respectively. But, this might change soon. Reportedly, Apple is considering allowing third party apps to be set as defaults on iOS. Apple is also debating whether to allow third-party music apps on the HomePod speaker, something would mean allowing users to stream music via Spotify, which is one of Apple Music's rivals. No decision has been made by the company as of now.

Gopher: When Adversarial Interoperability Burrowed Under the Gatekeepers' Fortresses

Filed under
Web

In the early 1990s, personal computers did not arrive in an "Internet-ready" state. Before students could connect their systems to UMN's network, they needed to install basic networking software that allowed their computers to communicate over TCP/IP, as well as dial-up software for protocols like PPP or SLIP. Some computers needed network cards or modems, and their associated drivers.

That was just for starters. Once the students' systems were ready to connect to the Internet, they still needed the basic tools for accessing distant servers: FTP software, a Usenet reader, a terminal emulator, and an email client, all crammed onto a floppy disk (or two). The task of marshalling, distributing, and supporting these tools fell to the university's Microcomputer Center.

For the university, the need to get students these basic tools was a blessing and a curse. It was labor-intensive work, sure, but it also meant that the Microcomputer Center could ensure that the students' newly Internet-ready computers were also configured to access the campus network and its resources, saving the Microcomputer Center thousands of hours talking students through the configuration process. It also meant that the Microcomputer Center could act like a mini App Store, starting students out on their online journeys with a curated collection of up-to-date, reliable tools.

That's where Gopher comes in. While the campus mainframe administrators had plans to selectively connect their systems to the Internet through specialized software, the Microcomputer Center had different ideas. Years before the public had heard of the World Wide Web, the Gopher team sought to fill the same niche, by connecting disparate systems to the Internet and making them available to those with little-to-no technical expertise—with or without the cooperation of the systems they were connecting.

Gopher used text-based menus to navigate "Gopherspace" (all the world's public Gopher servers). The Microcomputer Center team created Gopher clients that ran on Macs, DOS, and in Unix-based terminals. The original Gopher servers were a motley assortment of used Macintosh IIci systems running A/UX, Apple's flavor of Unix. The team also had access to several NeXT workstations.

Read more

Also: The Things Industries Launches Global Join Server for Secure LoRaWAN

Meet Ephemeral: The Always-Incognito Web Browser For Linux

Filed under
Linux
Web

Popping up of the ads based on your browsing data has become a common issue that most people face nowadays. Hence, it’s obvious that people are turning toward the more privacy focussed search engine and web browser.

Keeping the private browsing in mind, Cassidy James Blaede, co-founder & CXO at elementary, developed an open-source and always-incognito web browser, Ephemeral.

Read more

Rclone Browser (Fork) 1.8.0 Gets Proxy Support, Option To Create Public Link

Filed under
Software
Web

Rclone Browser (fork), a Qt5 GUI for Rclone, was updated to version 1.8.0, getting proxy support, an option to display the complete directory tree for a remote, and the ability to create a public link to easily share files, among others.

Rclone Browser is a cross-platform (Windows, macOS and Linux) Qt5 GUI for Rclone, a command line tool to synchronize (and mount) files from remote cloud storage services like Google Drive, OneDrive, Nextcloud, Dropbox, Amazon Drive and S3, Mega, and others.

This GUI can be used to simplify operations like copying a file from one cloud storage to another or to the local drive, mount cloud storages on your system with a click, and browsing the contents of various cloud storage remotes in a tabbed interface.

Read more

Brave Browser and DRM With 'Open' Veneer

Filed under
OSS
Web
  • Data Doctors: Is the Brave browser safe to use?

    If you’re like most users, you spend more time using a browser than any other program on your computer or smartphone.

    You probably don’t think about what browser you’re using; the focus is on getting to a website, not what got you there.

    Google Chrome is by far the most popular browser, but because it’s a Google product integrated with all their tracking and advertising networks, a lot of people are looking for an alternative.

  • Here’s how to know if the Brave browser is safe to use

    A: If you’re like most users, you spend more time using a browser than any other program on your computer or smartphone.

    You probably don’t think about what browser you’re using as the focus is on getting to a website and not what got you there.

    Google’s Chrome is by far the most popular browser, but because it’s a Google product integrated with all their tracking and advertising networks, a lot of people are looking for an alternative.

  • Netflix Now Exploring AVIF For Image Compression

    Following Netflix's AV1 adoption with collaborating with Intel on the SVT-AV1 encoder, now using AV1 streaming for Android users, and others around this advanced royalty-free video codec, Netflix is now exploring AVIF as their next-gen image format.

    [...]

    Netflix acknowledges the significant need for next-gen image coding that has better compression efficiency and more features than JPEG. Netflix believes AVIF has the potential albeit they aren't yet ready to transition to AVIF today.

    In their testing they are finding good results out of AVIF compared to JPEG and other image formats. For those wanting to go through a long and interesting technical read, on the Netflix Tech Blog they have example screenshots and results comparing their AVIF results to other formats.

  • Netflix begins streaming AV1 content on its Android mobile app

    Netflix today announced that it is beginning to stream videos compressed using the AV1 codec, on its Android mobile app. AV1 is a next-generation, royalty-free video codec that provides compression efficiency that is improved by 20%. This codec, developed to replace VP9, was built by the Alliance for Open Media, of which Netflix, Google, Amazon Prime Video, and more big-name content providers are a part of.

Openwashing of 5G

Filed under
OSS
Web

Detailed tests of search engines: Google, Startpage, Bing, DuckDuckGo, metaGer, Ecosia, Swisscows, Searx, Qwant, Yandex, and Mojeek

Filed under
Google
Reviews
Web

Since my last in-depth comparison review of alternative search engines in 2014, a lot has changed, and a lot has stayed the same. Google is appearing as a loan-verb in more and more languages due to its continued dominance in the search engine market. But at the same time, Google is being increasingly demonized by privacy focused users. An even more more interesting development is the trend of complaints that Google’s algorithm is producing results that are less relevant and more indicative of artificial stupidity than artificial intelligence. I belong in this latter camp, as I am more of a pragmatist than a privacy pundit. I simply want the best search results with minimal effort and no nonsense. Back in my 2014 article, I was hopeful that DuckDuckGo was quickly becoming a viable and attractive alternative to Google. While DuckDuckGo continues to be the darling of privacy conscious users and is enjoying more popularity than ever, I am concerned that its core search infrastructure and algorithms have largely stagnated. Since my last article, many other alternatives have cropped up, bringing some very interesting features and concepts, but it still remains to be seen if they offer acceptable results in the fundamentally important area of relevant search results. This comparison sets out to analyze and compare the current batch of alternatives in 2020.

Read More

Browsers and Privacy

Filed under
OSS
Web
  • Browsers, web sites, and user tracking

    Browser tracking across different sites is certainly a major privacy concern and one that is more acute when the boundaries between sites and browsers blur—or disappear altogether. That seems to be the underlying tension in a "discussion" of an only tangentially related proposal being made by Google to the W3C Technical Architecture Group (TAG). The proposal would change the handling of the User-Agent headers sent by browsers, but the discussion turned to the unrelated X-Client-Data header that Chrome sends to Google-owned sites. The connection is that in both cases some feel that the web-search giant is misusing its position to the detriment of its users and its competitors in the web ecosystem.

  • Data detox: Four things you can do today to protect your computer

    From the abacus to the iPad, computers have been a part of the human experience for longer than we think. So much so that we forget the vast amounts of personal data we share with our devices on a daily basis. On any given day we could be tackling sensitive work emails, planning our next vacation, or just booking some good ole doctor’s appointments. No big deal right? Well, in the wrong hands it can become a huge deal.

    Thankfully, it’s pretty easy to tighten your device security. Read on for four easy things you can do today to protect your personal info along with your devices.

Syndicate content

More in Tux Machines

today's leftovers

  • Bring your ideas to the world with kubectl plugins

    kubectl is the most critical tool to interact with Kubernetes and has to address multiple user personas, each with their own needs and opinions. One way to make kubectl do what you need is to build new functionality into kubectl. Challenges with building commands into kubectl However, that’s easier said than done. Being such an important cornerstone of Kubernetes, any meaningful change to kubectl needs to undergo a Kubernetes Enhancement Proposal (KEP) where the intended change is discussed beforehand. When it comes to implementation, you’ll find that kubectl is an ingenious and complex piece of engineering. It might take a long time to get used to the processes and style of the codebase to get done what you want to achieve. Next comes the review process which may go through several rounds until it meets all the requirements of the Kubernetes maintainers – after all, they need to take over ownership of this feature and maintain it from the day it’s merged. When everything goes well, you can finally rejoice. Your code will be shipped with the next Kubernetes release. Well, that could mean you need to wait another 3 months to ship your idea in kubectl if you are unlucky. So this was the happy path where everything goes well. But there are good reasons why your new functionality may never make it into kubectl. For one, kubectl has a particular look and feel and violating that style will not be acceptable by the maintainers. For example, an interactive command that produces output with colors would be inconsistent with the rest of kubectl. Also, when it comes to tools or commands useful only to a minuscule proportion of users, the maintainers may simply reject your proposal as kubectl needs to address common needs. But this doesn’t mean you can’t ship your ideas to kubectl users.

  • Phoronix Test Suite 9.4 Released With More Features For Open-Source, Cross-Platform Automated Benchmarking

    Phoronix Test Suite 9.4-Vestby is now available as one of our largest updates in recent years for our open-source, cross-platform automated benchmarking framework. Almost wanting to rebrand it as Phoronix Test Suite 10, sticking to conventional versioning the Phoronix Test Suite 9.4 release brings numerous result viewer improvements, a lot of polishing to the PDF result exporting, various Microsoft Windows support improvements, new statistics capabilities, some useful new sub-commands, and much more as the latest quarterly feature release.

  • Linux 5.6 Tests On AMD EPYC 7742 vs. Intel Xeon 8280 2P With 100+ Benchmarks

    The latest benchmarks for your viewing pleasure are looking at the dual Intel Xeon Platinum 8280 performance up against the dual AMD EPYC 7742 CPUs while using the in-development Linux 5.6 kernel as the first time trying out these highest-end server processors on this new kernel debuting as stable in about one month's time.

  • PyIDM – An Open Source Alternative to IDM (Internet Download Manager)

    pyIDM is a free, open-source alternative to IDM (Internet Download Manager), used to download general files and videos from youtube as well as other streaming websites. It is developed using Python (requires Python 3.6+) and relies only on open source tools and libraries such as pycurl, youtube_dl, FFmpeg, and pysimplegui. It features multiple-connections, a speed engine (and it offers high download speeds based on libcurl); resume uncompleted downloads, support for fragmented video streams, support for encrypted/non-encrypted HLS (HTTP Live Streaming) media streams. Besides, it also supports scheduling downloads, re-using an existing connection to a remote server, and HTTP proxy support. And it allows users to control options such as selecting a theme (there are 140 themes available), set proxy, selecting segment size, speed limit, maximum concurrent downloads and maximum connections per download.

  • DRM Plugin crashes after openSUSE Tumbleweed update

    A few days ago openSUSE users started complaining about DRM Plugin crashes in Firefox after running a Tumbleweed update. Netflix requires the DRM plugin in Firefox to be able to play encrypted videos. The plugin would crash due to a bug in Firefox 73. While this bug affected not just openSUSE users, but everyone using Firefox 73, it became apparent to TW users as v73 landed in the Tumbleweed repo.

  • How Melissa Di Donato Is Going To Reinvent SUSE

    SUSE is one of the oldest open source companies and the first to market Linux for the enterprise. Even though it has undergone several acquisitions and a merger, it remains a strong player in the business. It has maintained its integrity and core values around open source. It continues to rely on its tried-and-tested Linux business and European markets, and generally shies away from making big moves taking big risks. Until now. SUSE appointed Melissa Di Donato as its first female CEO. She is making some serious changes to the company, from building a diverse and inclusive culture to betting on emerging technologies and taking risks. Soon after taking the helm last year, Di Donato spent the first few months traveling around the globe to meet SUSE teams and customers and get a better sense of the perception of the market about the company. Just like Red Hat CEO Jim Whitehurst, Di Donato didn’t come to the company from an open source background. She had spent the last 25 years of her career as a SUSE customer, so she did have an outsider’s perspective of the company. “I am not interested in what SUSE was when I joined. I am more interested in what we want to become,” she said.

  • Experimental feature: snap refresh awareness and update inhibition

    We’d like to follow up on last week’s article about parallel installs for classic snaps with another bleeding-edge topic. Today, we will discuss snap refreshes. By design, snaps come with automatic updates, and by default, the update (refresh) frequency check is four times a day. Whenever new application versions are published, they soon become available and propagate to all end-user systems. Normally, the process is transparent and seamless, but there could be exceptions. For instance, if you have an app open and running, an update could be disruptive in the middle of your work. Some developers have asked for an option to inhibit refreshes of snaps while they are running, and this is now a new, experimental feature that you can enable and test on your system. [...] The app refresh capability offers snaps users another level of control in the overall user experience. Automatic updates are geared toward security, but users can defer updates for up to 60 days, and now, they also have the ability to gracefully update applications with minimal disruption to their normal usage patterns and workflows. We very much welcome your feedback and suggestions, especially with new and upcoming features. The refresh awareness option is a good example of where the developer feedback has been valuable and useful in making the snap ecosystem even friendlier and more robust. If you have any ideas on this topic – or any other, please join our forum for a discussion.

  • How Domotz streamlined provisioning of IoT devices

    Learn how Ubuntu Core and snaps gives Domotz a competitive advantage As the number of IoT devices scale, the challenges of provisioning and keeping them up to date in the field increases. Domotz, who manufacture an all-in-one, network monitoring and management device for enterprise IoT networks, found themselves with this challenge that was further compounded by their rapid software release cadence. One of the most crucial and difficult aspects for Domotz to solve was the delivery of automatic updates to the tens of thousands of devices deployed. Domotz turned to snaps and Ubuntu Core to meet their exacting requirements. I absolutely believe that Ubuntu Core and snaps give us a competitive advantage. We are the only company in the IoT network management space that can guarantee a secure, always-up-to-date device for our customers’ on-premises deployments.

  • A birthday gift: 2GB Raspberry Pi 4 now only $35

    TL;DR: it’s our eighth birthday, and falling RAM prices have allowed us to cut the price of the 2GB Raspberry Pi 4 to $35. You can buy one here.

  • The RedMonk Programming Language Rankings: January 2020 [Ed: Redmonk uses to assess programming languages use only projects that Microsoft (a Redmonk client) controls. Some 'research', eh?]
  • Announcing Rust 1.41.1

    The Rust team has published a new point release of Rust, 1.41.1. Rust is a programming language that is empowering everyone to build reliable and efficient software. If you have a previous version of Rust installed via rustup, getting Rust 1.41.1 is as easy as: rustup update stable If you don't have it already, you can get rustup from the appropriate page on our website.

  • This Week in Rust 327
  • Zip Files: History, Explanation and Implementation

    I have been curious about data compression and the Zip file format in particular for a long time. At some point I decided to address that by learning how it works and writing my own Zip program. The implementation turned into an exciting programming exercise; there is great pleasure to be had from creating a well oiled machine that takes data apart, jumbles its bits into a more efficient representation, and puts it all back together again. Hopefully it is interesting to read about too.

    This article explains how the Zip file format and its compression scheme work in great detail: LZ77 compression, Huffman coding, Deflate and all. It tells some of the history, and provides a reasonably efficient example implementation written from scratch in C. The source code is available in hwzip-1.0.zip.

    I am very grateful to Ange Albertini, Gynvael Coldwind, Fabian Giesen, Jonas Skeppstedt (web), Primiano Tucci, and Nico Weber who provided valuable feedback on draft versions of this material.

Netrunner Linux Still Goes Its Own Way at 'Twenty'

The Netrunner distro used to be a bleeding-edge choice among KDE options. With little that's new and must-have, this release takes the edge off the bleeding. I wasn't nudged away from my preferred competing KDE distro -- the new Feren OS Plasma edition. While Netrunner 20.01 provides a fairly solid integration of classic KDE desktop performance, this release is a departure, in that it is not a step or two ahead of most other KDE-integrated Linux OSes. I Netrunner attracts two types of typical users. One fancies a more friendly desktop environment. The second wants the freedom to tweak more extensively than other desktop environments allow. Hardware requirements include a minimum CPU of 1.6 GHz Intel Atom N270 or greater and at least 1 GB of RAM with at least 10 GB hard drive space. Also, the computer should have Intel GMA 945 graphics card support with 128+ MB of video memory. Netrunner is a unique distro with its own spin on the K Plasma desktop environment. Seasoned Linux users who like to fiddle and tweak an OS into their own platform will love how this distro integrates the KDE Plasma desktop. Newcomers can be quite content using the out-of-the-box settings. Read more

Wind River launches dev site with TensorFlow for Linux and a free VxWorks download

A new “Wind River Labs” developer site hosts projects including TensorFlow for Wind River Linux, the first free VxWorks SDK, and VxWorks BSPs for the Raspberry Pi and UP Squared. One would think that when Wind River decided to launch a public-facing developer site, it would showcase the Yocto Project based Wind River Linux, which is available in a GPL-licensed release on GitHub in addition to the standard commercial version and new continuous integration version. Yet when Wind River announced its new Wind River Labs site this week, its proprietary VxWorks was the star of the show — but with a twist. There’s a new free VxWorks SDK for evaluating the RTOS for non-commercial purposes, as well as open source VxWorks BSPs for the Raspberry Pi and UP Squared boards. Read more

Security, Proprietary Software and Openwashing

  • Linux 4.4.215 / 4.9.215 / 4.14.172 / 5.5.7 Kernels Bringing Intel KVM Security Fix

    A few days back we reported on a security vulnerability within Intel's KVM virtualization code for the Linux kernel. That vulnerability stems from unfinished kernel code and was fixed for Linux 5.6 Git and is now being back-ported to the 4.4 / 4.9 / 4.14 / 5.5 supported kernels. Back on Monday when the CVE-2020-2732 patches first came to light, little was publicly known about the issue but that it stemmed from incomplete code in the vmx_check_intercept functionality in not checking all possible intercepts and in turn could end up emulating instructions that should be disabled by the hypervisor.

  • Let's Encrypt Has Issued a Billion Certificates

    We issued our billionth certificate on February 27, 2020. We’re going to use this big round number as an opportunity to reflect on what has changed for us, and for the Internet, leading up to this event. In particular, we want to talk about what has happened since the last time we talked about a big round number of certificates - one hundred million. One thing that’s different now is that the Web is much more encrypted than it was. In June of 2017 approximately 58% of page loads used HTTPS globally, 64% in the United States. Today 81% of page loads use HTTPS globally, and we’re at 91% in the United States! This is an incredible achievement. That’s a lot more privacy and security for everybody. Another thing that’s different is that our organization has grown a bit, but not by much! In June of 2017 we were serving approximately 46M websites, and we did so with 11 full time staff and an annual budget of $2.61M. Today we serve nearly 192M websites with 13 full time staff and an annual budget of approximately $3.35M. This means we’re serving more than 4x the websites with only two additional staff and a 28% increase in budget. The additional staff and budget did more than just improve our ability to scale though - we’ve made improvements across the board to provide even more secure and reliable service. Nothing drives adoption like ease of use, and the foundation for ease of use in the certificate space is our ACME protocol. ACME allows for extensive automation, which means computers can do most of the work. It was also standardized as RFC 8555 in 2019, which allows the Web community to confidently build an even richer ecosystem of software around it. Today, thanks to our incredible community, there is an ACME client for just about every deployment environment. Certbot is one of our favorites, and they’ve been working hard to make it even easier for people to use.

  • The “Cloud Snooper” malware that sneaks into your Linux servers [Ed: Sophos citing itself, hyping up the threat is installing malicious software on one's own server]

    SophosLabs has just published a detailed report about a malware attack dubbed Cloud Snooper. The reason for the name is not so much that the attack is cloud-specific (the technique could be used against pretty much any server, wherever it’s hosted), but that it’s a sneaky way for cybercrooks to open up your server to the cloud, in ways you very definitely don’t want, “from the inside out”. The Cloud Snooper report covers a whole raft of related malware samples that our researchers found deployed in combination.

  • OpenSMTPD Email Server Vulnerability Threatens Many Linux and BSD Systems [Ed: It is this package, not the operating systems (GNU/Linux rarely uses this)]

    A critical vulnerability has been discovered in the OpenBSD email server OpenSMTPD. Exploiting the flaw could allow remote code execution attacks. The seriousness of the vulnerability poses a threat to the integrity of OpenBSD and Linux systems.

  • A billion Wi-Fi devices suffer from a newly discovered security fla

    More than a billion internet-connected devices—including Apple's iPhone and Amazon's Echo—are affected by a security vulnerability that could allow [attackers] to spy on traffic sent over Wi-Fi.

  • New ‘Haken’ Malware Found On Eight Apps In Google Play Store

    Eight apps – mostly camera utilities and children’s games – were discovered spreading a new malware strain that steals data and signs victims up for expensive premium services.

  •                            
  • What does it take to commit to 100% open source?
                                 
                                   

    While experts in the database market in particular agree that open source is becoming the norm, the question remains, just how open is this sector’s open-source software? Can software providers realistically succeed with a company that’s 100% open source? Furthermore, would a proprietary infrastructure software provider with a freemium tier be able to achieve the same benefits as those committing to open source?

                                   

    The short answer is, yes — a proprietary infrastructure software company with a freemium tier could theoretically achieve the same benefits as companies going fully open source. However, it’s important to recognize that it would take a freemium model company a significantly longer period of time for its software to mature to the same level as that of an open-source company. Also, the loss of collaborative development and slower feedback loops would likely lead to a higher probability of the software never achieving market traction and ultimately fading away into oblivion.

  • Mirantis: Balancing Open Source With Guardrails

    Mirantis, an open infrastructure company that rose to popularity with its OpenStack offering, is now moving into the Kubernetes space very aggressively. Last year, the company acquired the Docker Enterprise business from Docker. This week, it announced that they were hiring the Kubernetes experts from the Finnish company Kontena and established a Mirantis office in Finland, expanding the company’s footprint in Europe. Mirantis already has a significant presence in Europe due to large customers such as Bosch and Volkswagen.