Language Selection

English French German Italian Portuguese Spanish

Security

Improved Security and Privacy Indicators in Firefox 70

Filed under
Moz/FF
Security
Web

The upcoming Firefox 70 release will update the security and privacy indicators in the URL bar.

In recent years we have seen a great increase in the number of websites that are delivered securely via HTTPS. At the same time, privacy threats have become more prevalent on the web and Firefox has shipped new technologies to protect our users against tracking.

To better reflect this new environment, the updated UI takes a step towards treating secure HTTPS as the default method of transport for websites, instead of a way to identify website security. It also puts greater emphasis on user privacy.

Read more

Proprietary Software Security and FOSS Patches

Filed under
Security
  • Compromised AWS API Key Allowed Access to Imperva Customer Data

    Imperva has shared more information on how [attackers] managed to obtain information on Cloud Web Application Firewall (WAF) customers, and revealed that the incident involved a compromised administrative API key.

  • Oil Refiner Reports Major IT Incident in Finland

    It’s not yet clear whether the cause is a malfunction or a cyber attack, according to spokeswoman Susanna Sieppi. The issue is under investigation, and it’s too early to estimate when the systems will be fixed, she said by phone.

  • WordPress 5.2.4 Security Release

    WordPress 5.2.4 is now available! This security release fixes 6 security issues.

    WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.

  • Ubuntu Releases Patch for Major ‘sudo’ Security Exploit

    Canonical has issued an urgent security fix to the ‘sudo’ package in the Ubuntu archives following the discovery of a major security flaw.

    A critical fix has rolled out to all users of Ubuntu 16.04 LTS, 18.04 LTS, 19.04 and 19.10 (and one assumes Ubuntu 14.04 ESR too) — just run a sudo apt upgrade to install it.

    But what about the flaw inquisition? Well, if you’re yet to hear about it I appreciate meditative disconnect from social media. The oft toxic waste pools of chatter were with wet with alarm — some manufactured, the rest well weighted — over CVE-2019-14287 when it was announced yesterday, October 14.

  • Security updates for Tuesday

    Security updates have been issued by Debian (sudo and xtrlock), openSUSE (sudo), Red Hat (Single Sign-On), Slackware (sudo), SUSE (binutils, dhcp, ffmpeg, kernel, kubernetes-salt, sudo, and tcpdump), and Ubuntu (sudo).

Linux security hole: Much sudo about nothing

Filed under
Linux
Security

There's a lot of hubbub out there now about a security hole in the Unix/Linux family's sudo command. Sudo is the command, which enables normal users to run commands as if they were the root user, aka the system administrator. While this sudo security vulnerability is a real problem and needs patching, it's not nearly as bad as some people make it out to be.

At first glance the problem looks like a bad one. With it, a user who is allowed to use sudo to run commands as any other user, except root, can still use it to run root commands. For this to happen, several things must be set up just wrong.

First the sudo user group must give a user the right to use sudo but doesn't give the privilege of using it to run root commands. That can happen when you want a user to have the right to run specific commands that they wouldn't normally be able to use. Next, sudo must be configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification.

Read more

Debian and Ubuntu Patch Critical Sudo Security Vulnerability, Update Now

Filed under
Security
Debian
Ubuntu

Discovered by Joe Vennix, the security vulnerability (CVE-2019-14287) could be exploited by an attacker to execute arbitrary commands as the root user (system administrator) because sudo incorrectly handled certain user IDs when it was configured to allow users to run commands as an arbitrary user through the ALL keyword in a Runas specification.

"Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID- -1 or 4294967295," reads Debian's security advisory.

Read more

Security: XML External Entity (XXE) Example and the Latest Patches

Filed under
Security
  • XML External Entity (XXE) Example

    According to OWASP, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

    If a parser accepts unsanitized XML, we can take advantage of that and send our own crafted external XML payload to exploit our target. This post won’t be long so let’s get into it.

  • Security updates for Monday

    Security updates have been issued by Arch Linux (chromium, sdl, and unbound), Debian (clamav, libdatetime-timezone-perl, openssl, tcpdump, and tzdata), Fedora (cutter-re, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-parent, libapreq2, ming, opendmarc, radare2, and thunderbird), openSUSE (chromium), Oracle (kernel), and SUSE (axis, jakarta-commons-fileupload, kernel, sles12sp3-docker-image, sles12sp4-image, system-user-root, and webkit2gtk3).

Security Leftovers

Filed under
Security
  • Use sshuttle to build a poor man’s VPN

    Nowadays, business networks often use a VPN (virtual private network) for secure communications with workers. However, the protocols used can sometimes make performance slow. If you can reach reach a host on the remote network with SSH, you could set up port forwarding. But this can be painful, especially if you need to work with many hosts on that network. Enter sshuttle — which lets you set up a quick and dirty VPN with just SSH access. Read on for more information on how to use it.

    The sshuttle application was designed for exactly the kind of scenario described above. The only requirement on the remote side is that the host must have Python available. This is because sshuttle constructs and runs some Python source code to help transmit data.

    [...]

    Depending on the capabilities of your system and the remote system, you can use sshuttle for an IPv6 based VPN. You can also set up configuration files and integrate it with your system startup if desired. If you want to read even more about sshuttle and how it works, check out the official documentation.

  • Hardening Firefox against Injection Attacks

    Firefox not only renders web pages on the internet but also ships with a variety of built-in pages, commonly referred to as about:pages. Such about: pages provide an interface to reveal internal state of the browser. Most prominently, about:config, which exposes an API to inspect and update preferences and settings which allows Firefox users to tailor their Firefox instance to their specific needs.

    Since such about: pages are also implemented using HTML and JavaScript they are subject to the same security model as regular web pages and therefore not immune against code injection attacks. More figuratively, if an attacker manages to inject code into such an about: page, it potentially allows an attacker to execute the injected script code in the security context of the browser itself, hence allowing the attacker to perform arbitrary actions on the behalf of the user.

    To better protect our users and to add an additional layer of security to Firefox, we rewrote all inline event handlers and moved all inline JavaScript code to packaged files for all 45 about: pages. This allowed us to apply a strong Content Security Policy (CSP) such as ‘default-src chrome:’ which ensures that injected JavaScript code does not execute. Instead JavaScript code only executes when loaded from a packaged resource using the internal chrome: protocol. Not allowing any inline script in any of the about: pages limits the attack surface of arbitrary code execution and hence provides a strong first line of defense against code injection attacks.

  • IPFire on AWS: Update to IPFire 2.23 - Core Update 136

    Today, we have updated IPFire on AWS to IPFire 2.23 - Core Update 136 - the latest official release of IPFire.

    This update includes security fixes for OpenSSL and the Linux kernel, an updated Perl, and of course many other fixes throughout the whole system.

  • Pros and cons of event-driven security

    Great news, everyone! Forrester Research says that 95% of all recorded breaches in 2016 came from only three industries: government, technology, and retail. Everyone else is safe... ish, right?

    Hold on for a moment. Tech? Retail? What kind of industry diversification is this? We are, after all, living in 2019, where every business is a tech business. And all of us are continuously selling something, whether it’s an innovative product or an amazing service.

    So what the report should have said is that 95% of all recorded breaches came from attacks on 95% of all businesses both online and offline. And some of the attackers went for the .gov.

    More on the matter, 43% of attackers target small businesses—and that’s a lot considering that, on average, a hack attempt takes place every 39 seconds.

    To top things off, the average cost of a data breach in 2020 is expected to exceed $150 million. These stats sound a bit more terrifying out of context, but the threat is still very much real. Ouch.

Security: WireGuard, SafeBreach and More

Filed under
Security
  • WireGuard Snapshot `0.0.20191012` Available
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    Hello,
    
    A new snapshot, `0.0.20191012`, has been tagged in the git repository.
    
    Please note that this snapshot is a snapshot rather than a final
    release that is considered secure and bug-free. WireGuard is generally
    thought to be fairly stable, and most likely will not crash your
    computer (though it may).  However, as this is a snapshot, it comes
    with no guarantees; it is not applicable for CVEs.
    
    With all that said, if you'd like to test this snapshot out, there are a
    few relevant changes.
    
    == Changes ==
    
      * qemu: bump default version
      * netns: add test for failing 5.3 FIB changes
      
      Kernels 5.3.0 - 5.3.3 crash (and are probably exploitable) via this one liner:
      
      unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table main suppress_prefixlength 0 && ping -f 1234::1'
      
      We fixed this upstream here:
      
      https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
      
      This is relevant to WireGuard because a very similar sequence of commands is
      used by wg-quick(8).
      
      So, we've now added some tests to catch this code path in the future. While
      the bug here was a random old use-after-free, the test checks the general
      policy routing setup used by wg-quick(8), so that we make sure this continues
      to work with future kernels.
      
      * noise: recompare stamps after taking write lock
      
      We now recompare counters while holding a write lock.
      
      * netlink: allow preventing creation of new peers when updating
      
      This is a small enhancement for wg-dynamic, so that we can update peers
      without readding them if they've already been removed.
      
      * wg-quick: android: use Binder for setting DNS on Android 10
      
      wg-quick(8) for Android now supports Android 10 (Q). We'll be releasing a new
      version of the app for this later today.
    
    This snapshot contains commits from: Jason A. Donenfeld and Nicolas Douma.
    
    As always, the source is available at https://git.zx2c4.com/WireGuard/ and
    information about the project is available at https://www.wireguard.com/ .
    
    This snapshot is available in compressed tarball form here:
      https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.xz
      SHA2-256: 93573193c9c1c22fde31eb1729ad428ca39da77a603a3d81561a9816ccecfa8e
      BLAKE2b-256: d7979c453201b9fb6b1ad12092515b27ea6899397637a34f46e74b52b36ddf56
    
    A PGP signature of that file decompressed is available here:
      https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.asc
      Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
    
    If you're a snapshot package maintainer, please bump your package version. If
    you're a user, the WireGuard team welcomes any and all feedback on this latest
    snapshot.
    
    Finally, WireGuard development thrives on donations. By popular demand, we
    have a webpage for this: https://www.wireguard.com/donations/
    
    Thank you,
    Jason Donenfeld
    
  • WireGuard 0.0.20191012 Released With Latest Fixes

    WireGuard is still working on transitioning to the Linux kernel's existing crypto API as a faster approach to finally make it into the mainline kernel, but for those using the out-of-tree WireGuard secure VPN tunnel support, a new development release is available.

  • SafeBreach catches vulnerability in controversial HP Touchpoint Analytics software

    Now the feature is embroiled in another minor controversy after security researchers at SafeBreach said they uncovered a new vulnerability. HP Touchpoint Analytics comes preinstalled on many HP devices that run Windows. Every version below 4.1.4.2827 is affected by what SafeBreach found.

    In a blog post, SafeBreach Labs security researcher Peleg Hadar said that because the service is executed as "NT AUTHORITY\SYSTEM," it is afforded extremely powerful permissions that give it wide access.

    "The CVE-2019-6333 vulnerability gives attackers the ability to load and execute malicious payloads using a signed service. This ability might be abused by an attacker for different purposes such as execution and evasion, for example: Application Whitelisting Bypass Signature Validation Bypassing," Hadar wrote.

    [...]

    The company has long had to defend HP Touchpoint Analytics against critics who say it gives HP unnecessary access to users' systems. When it first became widely noticed in 2017, dozens of users complained that they had not consented to adding the system.

  • Security Tool Sprawl Reaches Tipping Point
  • How trusted digital certificates complement open source security

    Application developers incorporating open source software into their designs may only discover later that elements of this software have left them (and their customers) exposed to cyber-attacks.

  • Securing the Container Supply Chain

Security: SecTor, WhatsApp and Core Infrastructure Initiative (CII)

Filed under
Security
  • #SecTorCa: Millions of Phones Leaking Information Via Tor

    There is a privacy threat lurking on perhaps hundreds of millions of devices, that could enable potential attackers to track and profile users, by using information leaked via the Tor network, even if the users never intentionally installed Tor in the first place.

    In a session at the SecTor security conference in Toronto, Canada on October 10, researchers Adam Podgorski and Milind Bhargava from Deloitte Canada outlined and demonstrated previously undisclosed research into how they were able to determine that personally identifiable information (PII) is being leaked by millions of mobile users every day over Tor.

    The irony of the issue is that Tor is a technology and a network that is intended to help provide and enable anonymity for users. With Tor, traffic travels through a number of different network hops to an eventual exit point in the hope of masking where the traffic originated from. Podgorski said that there are some users that choose to install a Tor browser on their mobile devices, but that’s not the problem. The problem is that Tor is being installed by mobile applications without user knowledge and potentially putting users at risk.

    The researchers explained that they set up several Tor exit nodes, just to see what they could find, and the results were surprising. The researchers found that approximately 30% of all Android devices are transmitting data over Tor.

  • Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp

    Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight.

    But what if an innocent-looking GIF greeting with Good morning, Happy Birthday, or Merry Christmas message hacks your smartphone?

  • FLOSS Weekly 550: CII Best Practices Badge Update

    The Linux Foundation (LF) Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice. The CII Best Practices Badge is inspired by the many badges available to projects on GitHub. Consumers of the badge can quickly assess which FLOSS projects are following best practices and as a result are more likely to produce higher-quality secure software.

Digital Restrictions (DRM) Watch

Filed under
Security
Web
Legal
  • One Weird Law That Interferes With Security Research, Remix Culture, and Even Car Repair

    How can a single, ill-conceived law wreak havoc in so many ways? It prevents you from making remix videos. It blocks computer security research. It keeps those with print disabilities from reading ebooks. It makes it illegal to repair people's cars. It makes it harder to compete with tech companies by designing interoperable products. It's even been used in an attempt to block third-party ink cartridges for printers.

    It's hard to believe, but these are just some of the consequences of Section 1201 of the Digital Millennium Copyright Act, which gives legal teeth to "access controls" (like DRM). Courts have mostly interpreted the law as abandoning the traditional limitations on copyright's scope, such as fair use, in favor of a strict regime that penalizes any bypassing of access controls (such as DRM) on a copyrighted work regardless of your noninfringing purpose, regardless of the fact that you own that copy of the work.  

  • One Weird Law That Interferes With Security Research, Remix Culture, and Even Car Repair
  • Spotify is Defective by Design

    I never used Spotify, since it contains DRM. Instead I still buy DRM-free CDs. Most of my audio collection is stored in free formats such as FLAC and Ogg Vorbis, or Red Book in the case of CDs, everything can be played by free players such as VLC or mpd.

    Spotify, which uses a central server, also spies on the listener. Everytime you listen a song, Spotify knows which song you have listened and when and where. By contrast free embedded operating systems such as Rockbox do not phone home. CDs can be baught anonymously and ripped using free software, there is no need for an internet commection.

Tails 4.0 Anonymous OS Release Candidate Out Now with Tor Browser 9.0, Linux 5.3

Filed under
OS
Security

Powered by the latest Linux 5.3.2 kernel, Tails 4.0 Release Candidate is packed with up-to-date technologies to better protect your privacy when surfing the Internet. It comes with the latest alpha version of the upcoming TOR Browser 9.0 anonymous web browser based on Firefox 68.1.0 ESR, as well as the newest Tor 0.4.1.6 release.

Tails 4.0 Release Candidate also updates Electrum to version 3.3.8, which is fully compatible with the current Bitcoin network, and improves the usability of the Tails Greeter by making it easier to select languages, simplifying the list of keyboard layouts, fixing the Formats setting, and preventing additional settings from being applied when clicking on the Cancel or Back buttons.

Read more

Syndicate content

More in Tux Machines

Databricks brings its Delta Lake project to the Linux Foundation

Databricks, the big data analytics service founded by the original developers of Apache Spark, today announced that it is bringing its Delta Lake open-source project for building data lakes to the Linux Foundation and under an open governance model. The company announced the launch of Delta Lake earlier this year and even though it’s still a relatively new project, it has already been adopted by many organizations and has found backing from companies like Intel, Alibaba and Booz Allen Hamilton. “In 2013, we had a small project where we added SQL to Spark at Databricks […] and donated it to the Apache Foundation,” Databricks CEO and co-founder Ali Ghodsi told me. “Over the years, slowly people have changed how they actually leverage Spark and only in the last year or so it really started to dawn upon us that there’s a new pattern that’s emerging and Spark is being used in a completely different way than maybe we had planned initially.” This pattern, he said, is that companies are taking all of their data and putting it into data lakes and then do a couple of things with this data, machine learning and data science being the obvious ones. But they are also doing things that are more traditionally associated with data warehouses, like business intelligence and reporting. The term Ghodsi uses for this kind of usage is ‘Lake House.’ More and more, Databricks is seeing that Spark is being used for this purpose and not just to replace Hadoop and doing ETL (extract, transform, load). “This kind of Lake House patterns we’ve seen emerge more and more and we wanted to double down on it.” Read more

Configuring Automatic Login and Lock Screen on Ubuntu 19.10

Whether it’s Linux or Windows, Ubuntu, or Fedora, I am not an ‘automatic’ type of guy. That is to say, and I don’t want my login automated, nor do I want my updates automatically installed. This preference directly results from over thirty years in Information Technology, prudence, habit, and experience. Plus, it’s just plain smart security sense. However, I further realize that as Linux users get younger and younger, I am increasingly in the minority in this sense. While I strongly disagree with automatic logins and updates, I can understand the desire for it. So, with that understanding, let’s go about the business of instituting automated logins in Ubuntu. We will also take the time to address the Ubuntu Lock Screen setting. Configuring automatic Ubuntu software updates is much more in-depth. We will discuss this in a separate dedicated article at a later date. Read more

Programming: Python, LLVM and Erlang

  • Sending Emails in Python — Tutorial with Code Examples

    What do you need to send an email with Python? Some basic programming and web knowledge along with the elementary Python skills. I assume you’ve already had a web app built with this language and now you need to extend its functionality with notifications or other emails sending. [...] Sending multiple emails to different recipients and making them personal is the special thing about emails in Python. To add several more recipients, you can just type their addresses in separated by a comma, add Cc and Bcc. But if you work with a bulk email sending, Python will save you with loops. One of the options is to create a database in a CSV format (we assume it is saved to the same folder as your Python script). We often see our names in transactional or even promotional examples. Here is how we can make it with Python.

  • Binning Data with Pandas qcut and cut

    When dealing with continuous numeric data, it is often helpful to bin the data into multiple buckets for further analysis. There are several different terms for binning including bucketing, discrete binning, discretization or quantization. Pandas supports these approaches using the cut and qcut functions. This article will briefly describe why you may want to bin your data and how to use the pandas functions to convert continuous data to a set of discrete buckets. Like many pandas functions, cut and qcut may seem simple but there is a lot of capability packed into those functions. Even for more experience users, I think you will learn a couple of tricks that will be useful for your own analysis. [...] The concept of breaking continuous values into discrete bins is relatively straightforward to understand and is a useful concept in real world analysis. Fortunately, pandas provides the cut and qcut functions to make this as simple or complex as you need it to be. I hope this article proves useful in understanding these pandas functions. Please feel free to comment below if you have any questions.

  • Analysing music habits with Spotify API and Python

    I’m using Spotify since 2013 as the main source of music, and back at that time the app automatically created a playlist for songs that I liked from artists’ radios. By innertion I’m still using the playlist to save songs that I like. As the playlist became a bit big and a bit old (6 years, huh), I’ve decided to try to analyze it.

  • Python IDEs and Code Editors

    A code editor is a tool that is used to write and edit code. They are usually lightweight and can be great for learning. However, once your program gets larger, you need to test and debug your code, that's where IDEs come in. An IDE (Integrated Development Environment) understand your code much better than a text editor. It usually provides features such as build automation, code linting, testing and debugging. This can significantly speed up your work. The downside is that IDEs can be complicated to use.

  • Announcing Anaconda Distribution 2019.10

    As there were some significant changes in the previous Anaconda Distribution 2019.07 installers, this release focuses on polishing up rough edges in that release and bringing all the packages up to date with the latest available in repo.anaconda.com. This means many key packages are updated including Numpy, Scipy, Scikit-Learn, Matplotlib, Pandas, Jupyter Notebook, and many more. As many of the package updates have addressed Common Vulnerabilities and Exposures (CVEs), it is important to update to the latest. Another key change since the last release is that Apple released macOS version 10.15 – Catalina. Unfortunately, this was a breaking release for previous versions of Anaconda that used the pkg installer. The Anaconda Distribution 2019.10 installers address the issues and should install without trouble on macOS Catalina. If you would rather repair your current Anaconda installation, please check out this blog post for tips.

  • Apple's Numbers and the All-in-One CSV export

    The hierarchical form requires a number of generator functions for Sheet-from-CSV, Table-from-CSV, and Row-from-CSV. Each of these works with a single underlying iterator over the source file and a fairly complex hand-off of state. If we only use the sheet iterator, the tables and rows are skipped. If we use the table within a sheet, the first table name comes from the header that started a sheet; the table names come from distinct headers until the sheet name changes. The table-within-sheet iteration is very tricky. The first table is a simple yield of information gathered by the sheet iterator. Any subsequent tables, however, may be based one one of two conditions: either no rows have been consumed, in which case the table iterator consumes (and ignores) rows; or, all the rows of the table have been consumed and the current row is another "sheet: table" header.

  • Formatting NFL data for doing data science with Python

    No matter what medium of content you consume these days (podcasts, articles, tweets, etc.), you'll probably come across some reference to data. Whether it's to back up a talking point or put a meta-view on how data is everywhere, data and its analysis are in high demand. As a programmer, I've found data science to be more comparable to wizardry than an exact science. I've coveted the ability to get ahold of raw data and glean something useful and concrete from it. What a useful talent!

  • Sony Pushes More AMD Jaguar Optimizations To Upstream LLVM 10 Compiler

    Sony engineers working on the PlayStation compiler toolchain continue upstreaming various improvements to the LLVM source tree for helping the AMD APUs powering their latest game console. Several times now we've pointed out Sony engineers contributing AMD "btver2" improvements to upstream LLVM with the company using LLVM/Clang as their default code compiler and the PlayStation 4 relying on a Jaguar APU.

  • [llvm-dev] GitHub Migration Schedule and Plans
    Hi,
    
    We're less than 2 weeks away from the developer meeting, so I wanted to
    give an update on the GitHub migration and what's (hopefully) going to
    happen during the developer meeting.
    
    Everyone who has added their information to the github-usernames.txt
    file in SVN before today should have received an invite to become a collaborator
    on the llvm-project repository.  If you did not receive an invite and think
    you should have, please contact me off-list.  I will continue to monitor the
    file for new updates and periodically send out new batches of invites.
    
    There is still some ongoing work to get the buildbots ready and the mailing lists
    ready, but we are optimistic that the work will be done in time.
    
    The team at GitHub has finished implementing the "Require Linear History"
    branch protection that we requested.  The feature is in beta and currently
    enabled in the llvm-project repository.  This means that we will have the
    option to commit directly via git, in addition to using the git-llvm script.
    A patch that updates git-llvm to push to git instead of svn can be found here:
    https://reviews.llvm.org/D67772.  You should be able to test it out on your
    own fork of the llvm-project repository.
    
    The current plan is to begin the final migration steps on the evening (PDT)
    of October 21.  Here is what will happen:
    
    1. Make SVN read-only.
    2. Turn-off the SVN->git update process.
    3. Commit the new git-llvm script directly to github.
    4. Grant all contributors write access to the repository.
    5. Email lists announcing that the migration is complete.
    
    Once the migration is complete, if you run into any issues, please file
    a bug, and mark it as a blocker for the github metabug PR39393.
    
    If you have any questions or think I am missing something, please
    let me know.
    
    Thanks,
    Tom
    
    
  • LLVM Plans To Switch From Its SVN To Git Workflow Next Week

    On 21 October they plan to make LLVM's SVN repository read-only and finish their git-llvm script to bring all the changes into Git, and then allow developers to begin contributing to the LLVM GitHub project as the new official source repository.

  • Excellent Free Books to Learn Erlang

    Erlang is a general-purpose, concurrent, declarative, functional programming language and runtime environment developed by Ericsson, a Swedish multinational provider of communications technology and services. Erlang is dynamically typed and has a pattern matching syntax. The language solves difficult problems inherent in parallel, concurrent environments. It uses sets of parallel supervised processes, not a single sequential process as found in most programming languages. Erlang was created in 1986 at the Ellemtel Telecommunication Systems Laboratories for telecommunication systems. The objective was to build a simple and efficient programming language resilient large-scale concurrent industrial applications. Besides telecommunication systems and applications and other large industrial real-time systems, Erlang is particularly suitable for servers for internet applications, e-commerce, and networked database applications. The versatility of the language is, in part, due to its extensive collection of libraries.

today's howtos