Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Best VPN for Ubuntu in 2019 (Full Review)

    Linux is a highly customizable and completely open-source operating system that gives you full control over your computer. The Ubuntu distribution takes that customizability and adds a layer of user-friendliness on top. You get all the security benefits of Linux, only you don’t have to be a command line expert to get things done.

    Even though Ubuntu is more secure than other operating systems, out of the box it doesn’t do much to protect data leaving your device. VPNs bridge that crucial gap by providing encryption for every packet that exits your home network. You’ll get non-local privacy along with a high level of anonymity, all from the comfort of your own Ubuntu system.

  • Cisco's failure to heed whistleblower's warning about security defects in video surveillance software costs the company $8.6m in fines

                       

                         

    There's a lesson here about the people who advocate for allowing companies to decide when defects in their products can be revealed: companies are not trustworthy custodians of bad news about their products, even (especially) when the stakes are high and they face titanic liability for failing to mitigate reported defects.  

  • GitLab Is A Very Powerful Tool For Security: Liz Rice Of Aqua Security

    The ‘Takeaway’ from this interview is that GitLab is a very powerful tool for security. Guest Liz Rice, VP of Open Source Engineering at Aqua Security.

  • Liz Rice On Technology & Culture Of The Cloud Native World

    Liz Rice, VP of Open Source Engineering at Aqua Security sat down with Swapnil Bhartiya at KubeCon and CloudNativeCon, Barcelona, to talk about a wide range of topics.

  • bzip2 and the CVE that wasn’t

    Compiling with the GCC sanitizers and then fuzzing the resulting binaries might find real bugs. But not all such bugs are security issues. When a CVE is filed there is some pressure to treat such an issue with urgency and push out a fix as soon as possible. But taking your time and making sure an issue can be replicated/exploited without the binary being instrumented by the sanitizer is often better.

    This was the case for CVE-2019-12900 “BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors“.

    The bzip2 project had lost the domain which it had used for the last 15 years. And it hadn’t seen an official release since 2010. The bzip2 project homepage, documentation and downloads had already been moved back to sourceware.org. And a new bug tracker, development mailinglist and git repository had been setup. But we were still in the middle of a code cleanup (removing references to the old homepage, updating the manual and adding various cleanups that distros had made to the code) when the CVE was filed.

Security Leftovers

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by Debian (firefox-esr and thunderbird), openSUSE (openexr and rmt-server), Oracle (bind, container-tools:rhel8, cyrus-imapd, dotnet, edk2, firefox, flatpak, freeradius:3.0, ghostscript, gvfs, httpd:2.4, java-1.8.0-openjdk, java-11-openjdk, kernel, mod_auth_mellon, pacemaker, pki-deps:10.6, python-jinja2, python27:2.7, python3, python36:3.6, systemd, thunderbird, vim, virt:rhel, WALinuxAgent, and wget), Slackware (mariadb), SUSE (java-1_8_0-openjdk, polkit, and python-Django1), and Ubuntu (Sigil and sox).

  • Securing BGP on the host with the RPKI

    An increasingly popular design for a data-center network is BGP on the host: each host ships with a BGP daemon to advertise the IPs it handles and receives the routes to its fellow servers. Compared to a L2-based design, it is very scalable, resilient, cross-vendor and safe to operate.1 Take a look at “L3 routing to the hypervisor with BGP” for a usage example.

    [...]

    On the Internet, BGP is mostly relying on trust. This contributes to various incidents due to operator errors, like the one that affected Cloudflare a few months ago, or to malicious attackers, like the hijack of Amazon DNS to steal cryptocurrency wallets. RFC 7454 explains the best practices to avoid such issues.

    People often use AS sets, like AS-APPLE in this example, as they are convenient if you have multiple AS numbers or customers. However, there is currently nothing preventing a rogue actor to add arbitrary AS numbers to their AS set.
    IP addresses are allocated by five Regional Internet Registries (RIR). Each of them maintains a database of the assigned Internet resources, notably the IP addresses and the associated AS numbers. These databases may not be totally reliable but are widely used to build ACLs to ensure peers only announce the prefixes they are expected to. Here is an example of ACLs generated by bgpq3 when peering directly with Apple:

  • Fernando ‘Corby’ Corbató

    Fernando “Corby” Corbató lived long enough to curse his most famous invention: the computer password. In 1961 he adapted the ancient system of secret codes almost as an afterthought for his truly groundbreaking invention: the ability for several people to simultaneously use the same computer — in those days room-sized elephants — remotely. But five years ago he admitted that passwords had become “a nightmare”. For a while he carried round three sheets of closely typed paper with his own collection of 150 codes. He eventually entrusted them to an electronic file.

Canonical Releases Linux 5.0 Kernel (HWE) Security Update for Ubuntu 18.04.2 LTS

Filed under
Security
Ubuntu

Canonical released today a new Linux kernel security update, this time for users of the Ubuntu 18.04.2 LTS operating system using the Linux 5.0 HWE (Hardware Enablement) kernel from Ubuntu 19.04.

This Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04.2 LTS includes the same fixes for four security flaws that Canonical added in the lastest kernel for Ubuntu 19.04 last week, including an integer overflow (CVE-2019-11487) discovered in Linux kernel, which could lead to use-after-free issues as local attackers were able to use the exploit to execute arbitrary code or cause a denial of service (system crash).

Read more

Security Leftovers

Filed under
Security
  • Security updates for Thursday

    Security updates have been issued by CentOS (httpd, libssh2, and qemu-kvm), Debian (glib2.0, squirrelmail, subversion, and wpa), Fedora (proftpd), Oracle (icedtea-web), Red Hat (icedtea-web), Scientific Linux (icedtea-web), SUSE (icedtea-web, java-1_7_0-openjdk, subversion, and zypper, libzypp and libsolv), and Ubuntu (linux-hwe, openjdk-lts, pango1.0, python-django, and subversion).

  • Canonical Announces the Availability of Xibo as a Snap, Chrome 76 Released, Viruses Discovered in LibreOffice, Pop!_OS 18.10 Reaches End of Life, and Dutch Ministry of Justice and Security Warns of Microsoft Office Online Privacy Risks

    System76 announces that Pop!_OS 18.10 has reached end of life and will no longer receive security updates. To keep your system secure and up to date, upgrade your OS to version 19.04.

  • The FTC's Settlement With Equifax Is Such A Joke, The FTC Is Now Begging You Not To Ask For A Cash Settlement

    Last week there was a bit of news as the FTC released a proposed settlement between the FTC and Equifax over the data brokers' massive security breach that came to light nearly two years ago. We had already noted that the FTC's way of dealing with Equifax seemed particularly tone deaf, but it's getting worse. Much worse. As you may have heard, part of the "settlement" with Equifax is that you could sign up to get $125 from the company (or possibly more). It was either that or free credit monitoring. But, come on: everyone already has so many "free credit monitoring" services from previous breaches that this is a totally meaningless offer. It also costs nothing for Equifax.

    So, over the past week or so a ton of (helpful) news sites have been posting explainers on how to get your $125. Except... apparently too many people signed up and now the FTC is helping Equifax by telling people not to ask for money from the company any more.

  • Log management: Helping IT admins to achieve infrastructure-wide visibility

    When properly configured and deployed, log management tools can unearth a veritable treasure trove of data that IT administrators can use to triage and diagnose problems in enterprise IT infrastructures

  • New Home Secretary calls for an end to end-to-end encryption

    UK Home Secretary Priti Patel has taken to the pages of The Telegraph to call for Facebook to insert back door access to the end-to-end encryption system of its messaging platform and other , as members of the Five Eyes nations meet to call for the same.

    When protecting digital traffic, there are effectively two methods: client-server cryptography and end-to-end cryptography. In client-server cryptography, your traffic is encrypted between your client device and the remote server and vice-versa; anyone on the server, however, can access the traffic in its unencrypted form. In end-to-end cryptography, popularly and controversially used in Facebook's WhatsApp instant messaging platform, the encryption remains intact from client device to client device regardless of how many servers it passes through on the way - meaning there's no easy way for ne'er-do-wells nor security services to capture the traffic in its unencrypted form.

    Back in 2017 then-Home Secretary Amber Rudd called for back door access to be provided to governments, security services, and law enforcement while claiming that 'real people' don't care about encryption. A year later the governments of the 'Five Eyes' countries - the UK and Australia, Canada, New Zealand, and the United States of America - hinted at the need for mandatory back-door access, and were supported by the UK's Government Communications Headquarters (GCHQ) and National Cyber Security Centre (NCSC). Most recently US Attorney General William Barr has joined the ranks of the non-technical claiming that it's entirely possible to add a back door into an end-to-end cryptosystem without threatening the security or privacy of its legitimate users.

Security Leftovers

Filed under
Security
  • Visa vulnerability lets cybercrims bypass contactless card limit

    When testing the attack with five major UK banks, Leigh-Anne Galloway and Tim Yunusov were not only able to bypass the verification limit "irrespective of the card terminal," but also found that the attack is possible with foreign cards and terminals.

  • Google’s Plans for Chrome Extensions Won’t Really Help Security

    Note: Sam Jadali, the author of the DataSpii report referenced in this blog post, is an EFF Coders’ Rights client. However, the information about DataSpii in this post is based entirely on public reports.

    Last week we learned about DataSpii, a report by independent researcher Sam Jadali about the “catastrophic data leak” wrought by a collection of browser extensions that surreptitiously extracted their users’ browsing history (and in some cases portions of visited web pages). Over four million users may have had sensitive information leaked to data brokers, including tax returns, travel itineraries, medical records, and corporate secrets.

    While DataSpii included extensions in both the Chrome and Firefox extension marketplaces, the majority of those affected used Chrome. Naturally, this led reporters to ask Google for comment. In response to questions about DataSpii from Ars Technica, Google officials pointed out that they have “announced technical changes to how extensions work that will mitigate or prevent this behavior.” Here, Google is referring to its controversial set of proposed changes to curtail extension capabilities, known as Manifest V3.

    As both security experts and the developers of extensions that will be greatly harmed by Manifest V3, we’re here to tell you: Google’s statement just isn’t true. Manifest V3 is a blunt instrument that will do little to improve security while severely limiting future innovation.

  • EFF at Vegas Security Week

    EFF is back this year at Vegas Security Week, sometimes affectionately known as Hacker Summer Camp. Stop by our booths at BSides, Black Hat, and DEF CON to find out about the latest developments in protecting digital freedom, sign up for our action alerts and mailing list, and donate to become an EFF member. We'll also have our limited-edition DEF CON 27 shirts available. These shirts have a puzzle incorporated into the design—try your hand at cracking it!

  • Protecting update systems from nation-state attackers

    Frequent updates are a key part of keeping systems secure, but that goal will not be met if the update mechanism itself is compromised by an attacker. At a talk during the 2019 Open Source Summit Japan, Justin Cappos described Uptane, an update delivery mechanism for automotive applications that, he said, can prevent such problems, even when the attacker has the resources of a nation state. It would seem that some automobile manufacturers agree.
    The list of companies that have suffered successful attacks on their update systems is long, Cappos began; it is something that happens all too frequently. Often these attacks are carried out by governments; he listed compromises that have been attributed to North Korea and Russia. The Stuxnet attack exploited the Windows update service as well, he said. Nation-state attackers can launch complex attacks; if you are defending against them, you have to worry about holding off a dedicated team of professionals — the best attackers in the world — who command massive resources and who are focused on your company in particular. It is a scary scenario, he said.

    It is even scarier when one is dealing with the software that makes a modern automobile run. An attacker who gains the ability to install new software on cars could create no end of mayhem, up to and including large-scale loss of life. Clearly, we all want our cars to be well defended against even the most sophisticated intrusion attempts.

    [...]

    There are multiple open-source implementations of Uptane available. It has now been mandated by several manufacturers, but he was not allowed to name them. It meets or surpasses all of the existing proposals for update security, including upcoming regulations that require compromise resistance. There is a standardization effort around Uptane that is funded by the US Department of Homeland Security, rather than by the vendors. The system has been through a number of security audits as well. Uptane has been integrated with in-toto, a mechanism for supply-chain security that has been adopted widely, including by Debian, Arch Linux, and the reproducible builds project.

    This code, he said, can be expected to ship in about one-third of all new cars on US roads in the near future.

    Cappos closed by saying that, regardless of the work he and others have done, some groups will use insecure designs and car companies will put lives at risk. Attacks will happen, and appeals to weak regulations for cover will not suffice; people will die and (seemingly worse for manufacturers) big lawsuits will result. Systems like Uptane are meant to prevent that from happening.

On self-hosting the project

Filed under
Development
OSS
Security

Something that I cannot highlight often enough, but never did in writing is, that the IPFire Project is entirely self-hosted. We host all services for our developers and users ourselves. We do not use any big services from any third-parties and never share any user-data.

This is quite important to myself and others in the team, because it has many implications that are not very easy to see: IPFire is being used by many individuals and organisations with a higher need for security. They are a regularly targeted. Although this is not a problem for the average user of IPFire, it still helps to keep a low-profile wherever possible.

Read more

Also: Github Has Restricted Accounts of Users from US Sanctioned Countries

Security: Small Airplanes, Hutchins, Updates, Windows XP and WireGuard

Filed under
Security
  • US issues hacking security alert for small planes [iophk: as planes become networked, attacks will no longer require physical access, such a thing has happened in cars.]

    The cybersecurity firm, Rapid7, found that an attacker could potentially disrupt electronic messages transmitted across a small plane’s network, for example by attaching a small device to its wiring, that would affect aircraft systems.

    Engine readings, compass data, altitude and other readings “could all be manipulated to provide false measurements to the pilot,” according to the DHS alert.

  • Small Airplanes Can Be Hacked to Display False Data in Flight

    However, the [attack] requires physical access.

    [...]

    Rapid7 verified the findings by investigating two commercially available avionics systems. It determined that only "some level of physical access" to the aircraft's wiring was needed to pull of the hack, which could be delivered by attaching a small device to the plane's Controller Area Network (CAN) bus to send the false commands.

    The key problem is that the CAN bus is integrated into the plane's other components without any firewalls or authentication systems in place. This means untrusted connections over a USB adapter hooked up to the plane can send commands to its electronic systems.

  • No Jail Time for “WannaCry Hero” [iophk: the plea "bargain" still means he has become a convicted felon]

    Hutchins’ conviction means he will no longer be allowed to stay in or visit the United States, although Judge Stadtmeuller reportedly suggested Hutchins should seek a presidential pardon, which would enable him to return and work here.

  • Security updates for Wednesday

    Security updates have been issued by CentOS (389-ds-base, curl, and kernel), Debian (libssh2), Fedora (kernel, kernel-headers, and oniguruma), openSUSE (chromium, openexr, thunderbird, and virtualbox), Oracle (389-ds-base, curl, httpd, kernel, and libssh2), Red Hat (nss and nspr and ruby:2.5), Scientific Linux (httpd and kernel), SUSE (java-1_8_0-openjdk, mariadb, mariadb-connector-c, polkit, and python-requests), and Ubuntu (openjdk-8, openldap, and sox).

  • It's 2019, and one third of businesses still have active Windows XP deployments [Ed: The problem is that they use Windows (back doors in all versions), not that they use "XP". They should move corporate data to something secure like BSD and GNU/Linux.]

    Zero-day attacks were the second-most cited concern among IT decision makers, according to SpiceWorks, with 18% of respondents citing that as their primary concern. Insider data leaks were the most cited, at 27%, while attacks on IoT devices was third (17%), followed by supply-chain attacks (15%), DDoS attacks (15%), and cryptojacking (15%). Fewer than 20% of respondents indicated their business was "completely prepared" for common security threats.

    Considering the risks that accompany unsupported software generally, and the larger attack surface that results from an unsupported (or otherwise unpatched) operating system, there is a relative lack of urgency to migrate from Windows 7. Certainly, while paid support for volume licenses is a possibility for some, smaller organizations ineligible for volume licensing will be left out in the cold. To date, Microsoft has shown no signs of wavering in their intent to grant a reprieve to the remaining users of Windows 7. Without a major shift, or a reprieve from Redmond, the prospect of unpatched, internet-connected systems is fertile ground for botnet creation.

  • NordLynx: NordVPN Builds New Tech Around WireGuard

    Well known Panama-based VPN provider NordVPN has announced their NordLynx technology today that is based on the WireGuard protocol.

    NordLynx is the company's new "fast and secure" VPN solution built atop WireGuard. The company describes WireGuard as a "radical change" and "a breath of fresh air in the industry."

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security updates for Tuesday

    Security updates have been issued by Fedora (cutter-re and radare2), Oracle (389-ds-base, httpd, kernel, libssh2, and qemu-kvm), Red Hat (389-ds-base, chromium-browser, curl, docker, httpd, keepalived, kernel, kernel-alt, kernel-rt, libssh2, perl, podman, procps-ng, qemu-kvm, qemu-kvm-ma, ruby, samba, and vim), Scientific Linux (389-ds-base, curl, libssh2, and qemu-kvm), SUSE (bzip2 and openexr), and Ubuntu (python-urllib3 and tmpreaper).

  • Equifax Settlement Won’t be Enough to Deter Future Breaches: The Law Must Catch Up

    Last week, news broke of a large financial settlement for the massive 2017 Equifax data breach affecting 147 million Americans. While the direct compensation to those harmed and the fines paid are important, it’s equally important to evaluate how much this result is likely to create strong incentives to increase data security for both Equifax and the other companies that are closely watching.

    We doubt it will do enough. Without stronger privacy legislation, the lawyers and regulators trying to respond to these data leaks are operating with one hand tied behind their back.

    In the meantime, EFF strongly urges everyone impacted by the calamitous Equifax breach to participate in the settlement claims process. Equifax must pay for the harm they have caused to everyone. And all too often, the fact that too few people make claims in these consumer privacy cases is used in the next case to argue that consumers just don’t care about privacy, making it even harder to force real security upgrades. If you do care about your privacy and want to make companies more responsible with your data, make your position known.

  • Capitol One Breach Sets Record

    Capitol One bank announced that a criminal hacker stole the personal information of 106 million people who had applied for credit, including credit scores, social security numbers, and bank account numbers. By some measures, it is the largest data breach of a US bank in history. The FBI arrested the alleged hacker and filed a complaint in federal court. Capitol One joins a long list of companies that have had data breaches in recent years. In testimony before the Senate and the House several years ago, EPIC warned Congress that US financial institutions were not doing to safeguard consumer data. EPIC has recently renewed calls for the creation of a US Data Protection Agency.

  • Capital One Gets In On The Data Breach Action, Coughs Up Info On 100 Million Customers To A Single Hacker

    That's a big "if" -- one that's certainly called into question by the swift apprehension of a suspect. Maybe this is all on the level. Even if it is, does it matter? Companies collecting massive amounts of data are still, on the whole, pretty cavalier about data security, even as breach after horrifying breach is announced.

    Given the data obtained, it almost seems like it would have been far less labor-intensive to just scour the web for a copy of the Equifax breach and download that instead. The Venn diagram of the sensitive data likely has a significant overlap.

    Then there's the press release by Capital One, which inadvertently shows how little it really cares what happens to customers' sensitive information.

Canonical Releases New Linux Kernel Live Patch for Ubuntu 18.04 and 16.04 LTS

Filed under
Linux
Security
Ubuntu

Coming hot on the heels of the last Linux kernel security updates released by Canonical last week for all supported Ubuntu Linux releases, this new kernel live patch is now available for users of the Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) operating systems who use the Canonical Livepatch Service to apply rebootless kernel updates.

It fixes five security issues, including a race condition (CVE-2019-11815), which could lead to a use-after-free, in Linux kernel's RDS (Reliable Datagram Sockets) protocol implementation that may allow a local attacker to crash the system or execute arbitrary code, as well as a flaw (CVE-2019-2054) affecting ARM CPUs, which lets local attackers to bypass seccomp restrictions.

Read more

Syndicate content

More in Tux Machines

Games: Loria, Dota Underlords and Steam in China

  • Classic inspired RTS Loria is now available DRM-free on GOG

    If you're like me and you enjoy a good real-time strategy game, Loria is actually pretty good. It added Linux support on Steam earlier this year and now it's also available on GOG. While it's inspired by titles like Warcraft II, it's not just a retro RTS. There's a few RPG-like elements including hero units, item collection, quests and more.

  • The Underlords are actually coming to Dota Underlords, plus a new Duos mode

    Valve continue to push out changes rapidly to their auto-battler Dota Underlords, with some of their upcoming plans now being detailed in a fresh update. One big new feature planned to be available in a few weeks is a new Duos game mode. Valve say it's a new way to play cooperatively with a friend. You party up and battle against other teams and it will support both Casual and Ranked play. The actual Underlords are going to be making an appearance soon too. This feature Valve said they're "excited" about, as they're a "core part of the game". They haven't said how they will work but they will "add a layer of fun and strategy to every match" so I'm very curious to see what happens.

  • Steam for China Is Called 'Zhengpi Pingtai'

    The digital games service will be run almost entirely independent of Steam and by Valve's Chinese partner company Perfect World.

Samsung Galaxy Note 10 now links up with Windows and Mac PCs via supercharged DeX app

And there’s a big bonus here in the form of being able to drag-and-drop files directly from your phone to your PC, and vice versa. So you could take a photo from your Note 10 and whip it onto the PC to tweak it up in a proper heavyweight image editor, for example. Furthermore, as XDA Developers observes, Linux on DeX is available via the DeX app, allowing you to create a container and run an Ubuntu Linux image, giving you even more flexibility and options here. It’s not clear what Samsung intends to do in terms of giving users with older Galaxy handsets backwards compatibility, but at the moment, this is strictly a Galaxy Note 10-only affair, as mentioned. Finally, it’s worth noting that the app does warn that your phone might get hot running the DeX application, although exactly how hot likely depends on what you’ve got the hardware doing, of course. Read more

Android Leftovers

today's leftovers

  • Open Policy Agent: Cloud-native security and compliance

    Every product or service has a unique way of handling policy and authorization: who-can-do-what and what-can-do-what. In the cloud-native world, authorization and policy are more complex than ever before. As the cloud-native ecosystem evolves, there’s a growing need for DevOps and DevSecOps teams to identify and address security and compliance issues earlier in development and deployment cycles. Businesses need to release software on the order of minutes (instead of months). For this to happen, those security and compliance policies—which in the past were written in PDFs or email—need to be checked and enforced by machines. That way, every few minutes when software goes out the door, it’s obeying all of the necessary policies. This problem was at the top of our minds when Teemu Koponen, Torin Sandall, and I founded the Open Policy Agent project (OPA) as a practical solution for the critical security and policy challenges of the cloud-native ecosystem. As the list of OPA’s successful integrations grows—thanks to active involvement by the open source community—the time is right to re-introduce OPA and offer a look at how it addresses business and policy pain points in varied contexts.

  • Eirini: Mapping Code into Containers

    There has been a lot of noise recently about the Project known as Eirini.  I wanted to dig into what this project was in a little more detail. If you weren’t already aware, its goal is to allow Cloud Foundry to use any scheduler but it’s really for allowing the workloads to run directly inside Kubernetes without needing separately scheduled Diego cells to run on top of. There are many reason that this is a fantastic change, but the first and foremost is that having a scheduler run inside another scheduler is begging for headaches. It works, but there are odd edge cases that lead to split-brain decisions. NOTE: There is another project (Quarks) that is working on containerizing the control plane in a way that the entire platform is more portable and requiring significantly less overhead. (As in: you can run Kubernetes, the entire platform, and some work, all on your laptop)  

  • Wayland Buddies | LINUX Unplugged 315

    We spend our weekend with Wayland, discover new apps to try, tricks to share, and dig into the state of the project. Plus System76's new software release, and Fedora's big decision.

  • Kdenlive 19.08 Released with Clip Speed, Project Bin Improvements

    Busy trying to salvage footage from a recent video shoot, I missed the arrival of Kdenlive 19.08, the first major release of this free video editor since its big code revamp earlier this year. And what a release it is! Kdenlive 19.08 builds on the terrific work featured in the various point releases that have been available since April. “This version comes with a big amount of fixes and nifty new features which will lay the groundwork for the 3 point editing system planned for this cycle,” they say in their release announcement. Now, 3-point editing isn’t my bag (if you’re a heavy keyboard user, you might want to look into it) so I’m gonna skip that side of things to highlight a couple of other welcome changes to the project bin.

  • LabPlot's Welcome screen and Dataset feature in the finish line

    Hello Everyone! This year's GSoC is coming to its end. Therefore I think that I should let you know what's been done since my last blog post. I would also like to evaluate the progress I managed to make and the goals set up at the beginning of this project. As I told you in my last post, my main goal, in this last period, was to clean up, properly document, refactor, optimise the code and make it easier to read, so it would be fit to be brought to the master branch and to be used by the community. My next proposition was to search for bugs and fix them, in order to make the implemented features more or less flawless. I can happily state, that I succeeded in this.

  • Distributed Beta Testing Platforms

    Do they exist? Especially as free software? I don’t actually know, but I’ve never seen a free software project use something like what I’ve got in mind. That would be: a website where we could add any number of test scenarios. People who wanted to help would get an account, make a profile with their hardware and OS listed. And then a couple of weeks before we make a release, we’d release a beta, and the beta testers would login and get randomly one of the test scenarios to test and report on. We’d match the tests to OS and hardware, and for some tests, probably try to get the test executed by multiple testers. Frequent participation would lead to badges or something playful like that, they would be able to browse tests, add comments and interact — and we, as developers, we’d get feedback. So many tests executed, so many reported failure or regressions, and we’d be able to improve before the release.

  • GSoC 2019 Final submission

    Since my last blog post the main merge request of my GSoC project has landed and after that I followed up with subsequent bugfixes and also a couple of enhancements to the savestates manager.

  • LXLE 18.04.3 Beta Run Through

    In this video, we are looking at LXLE 18.04.3 Beta.

  • Fedora Update Weeks 31–32

    The branch point also meant that the Change Code Complete deadline was passed. As part of the Go SIG, I was one of the packagers behind the Adopt new Go Packaging Guidelines Change. As mentioned in the last post, this was mostly handled by @eclipseo and the tracker bug was marked complete for it just earlier. I am also behind the Automatic R runtime dependencies Change. As part of this Change, I initiated a mini-rebuild last week of all affected R packages. I will write about that in a separate post. That tracker bug is now Code Complete, though there are a couple FTBFS to fix up. With release monitoring working again, that meant a slew of new bug reports about new package versions being available. This happened just last Friday, so I haven’t had much chance to update everything. I did manage to go through almost all the R packages, except for a few with new dependencies. I also updated one or two Go and Python packages as well.

  • Rugged, Kaby Lake-U based IoT gateway offers Linux BSP

    Axiomtek’s Linux-ready, DIN-rail mounted “ICO500-518” IoT gateway runs on 7th Gen Core U-series CPUs and provides swappable SATA, 4x USB 3.0, 2x GbE, 2x mini-PCIe, and 2x “PIM” slots for options including 8x GbE or isolated serial and CANBus. Axiomtek announced a compact modular edge gateway with ruggedization features for industrial IoT. Applications for the Intel 7th Gen Kaby Lake-U based ICO500-518 include transportation, public utility, smart building, solar energy, and factory automation.

  • 5 Reasons to Use a VM for Development [Ed: Dice promoting the idea that developers should use Windows and keep GNU/Linux in a VM jail using Microsoft's proprietary tools]

    I started using virtual machines (VMs) on my development PC about six years ago; I was keen to learn Linux, having been a Windows developer since the mid-1990s. At first, I used an old Windows PC and installed a Linux distro on it; but I quickly found out that the distro took up a lot of space, and I needed a KVM switch to manage two different PCs. It was all a bit “fiddly,” which is why I began exploring the potential of VMs. Discovering VirtualBox was a godsend, and made things a lot more convenient. Despite all the flak Oracle gets over its databases, MySQL, and Java, Virtual Box remains an excellent and free open-source package.