Language Selection

English French German Italian Portuguese Spanish

OSS and Sharing Leftovers

Filed under
OSS
  • Crowdfunding for extension management in GIMP (and other improvements)

    Well that’s the big question! Let’s be clear: currently security of plug-ins in GIMP sucks.

    So the first thing is that our upload website should make basic file type checks and compare them with the metadata listing. If your metadata announces you ship brushes, and we find executables in there, we would block it.

    Also all executables (i.e. plug-ins or scripts) would be held for manual review. That also means we’ll need to find people in the community to do the review. I predict that it will require some time for things to set up smoothly and the road may be bumpy at first.

    Finally we won’t accept built-files immediately. If code is being compiled, we would need to compile it ourselves on our servers. This is obviously a whole new layer of complexity (even more because GIMP can run on Linux, Windows, macOS, BSDs…). So at first, we will probably not allow C and C++ extensions on our repository. But WAIT! I know that some very famous and well-maintained extensions exist and are compiled. We all think of G’Mic of course! We may make exceptions for trustworthy plug-in creators (with a well-known track record), to allow them to upload their compiled plug-ins as extensions. But these will be really exceptional.

    Obviously this will be a difficult path. We all know how security is a big deal, and GIMP is not so good here. At some point, we should even run every extension in a sandbox for instance. Well some say: the trip is long, but the way is clear.

  • Python's founder steps down, India's new net neutrality regulations, and more open source news

    The head of one of the most popular free software/open source software projects is stepping down. Guido van Rossum announced that he's giving up leadership of the project he founded, effective immediately.

    van Rossum, affectionately known as Python's "benevolent dictator for life," made the move after the bruising process of approving a recent enhancement proposal to the scripting language. He also cited some undisclosed medical problems as another factor in his resignation. van Rossum stated that he "doesn't want to think as hard about his creation and is switching to being an 'ordinary core developer'," according to The Inquirer.

    van Rossum, who "has confirmed he won't be involved in appointing his replacement. In fact, it sounds very much like he doesn't think there should be one," believes that Python's group of committers can do his job.

  • FLIR Creates Open-Source Dataset for Driving Assistance

    Sensor systems developer FLIR Systems Inc. has announced an open-source machine learning thermal dataset designed for advanced driver assistance systems (ADAS) and self-driving vehicle researchers, developers, and auto manufacturers, featuring a compilation of more than 10,000 annotated thermal images of day and nighttime scenarios.

    The first of its kind to include annotations for cars, other vehicles, people, bicycles, and dogs, the starter thermal dataset enables developers to begin testing and evolving convolutional neural networks with the FLIR Automotive Development Kit (ADKTM). The dataset empowers the automotive community to quickly evaluate thermal sensors on next-generation algorithms. When combined with visible light cameras, lidar, and radar, thermal sensor data paired with machine learning helps create a more comprehensive and redundant system for identifying and classifying roadway objects, especially pedestrians and other living things.

  • Open-source map of accessible restaurants in Calgary growing into something beautiful

    A call on Twitter for a list of accessible restaurants has led to an online mapping movement to plot out user-friendly restaurants around the city.

    On Monday, Calgary-based tech entrepreneur Travis Martin saw a tweet from Natasha Gibson (@ktash) asking Councillor Druh Farrell if she knew of some accessible restaurants for her senior parents.

  • Universities in Germany and Sweden Lose Access to Elsevier Journals [iophk: "sci-hub to the rescue"]

    This month, approximately 300 academic institutions in Germany and Sweden lost access to new papers published in Elsevier’s journals due to a standstill in negotiations for nationwide subscription contracts. While Elsevier’s papers remain inaccessible, academics are turning to alternative means of obtaining them, such as using inter-library loan services, emailing authors, finding earlier versions on preprint servers, or buying individual papers.

  • Open Source Laboratory Rocker is Super Smooth

    Lab equipment is often expensive, but budgets can be tight and not always up to getting small labs or researchers what they need. That’s why [akshay_d21] designed an Open Source Lab Rocker with a modular tray that uses commonly available hardware and 3D printed parts. The device generates precisely controlled, smooth motion to perform automated mild to moderately aggressive mixing of samples by tilting the attached tray in a see-saw motion. It can accommodate either a beaker or test tubes, but since the tray is modular, different trays can be designed to fit specific needs.

  • Update on our planned move from Azure to Google Cloud Platform

    Improving the performance and reliability of GitLab.com has been a top priority for us. On this front we've made some incremental gains while we've been planning for a large change with the potential to net significant results: running GitLab as a cloud native application on Kubernetes.

    The next incremental step on our cloud native journey is a big one: migrating from Azure to Google Cloud Platform (GCP). While Azure has been a great provider for us, GCP has the best Kubernetes support and we believe will the best provider for our long-term plans. In the short term, our users will see some immediate benefits once we cut over from Azure to GCP including encrypted data at rest on by default and faster caching due to GCP's tight integration with our existing CDN.

More in Tux Machines

today's howtos

Get started with Roland, a random selection tool for the command line

There seems to be a mad rush at the beginning of every year to find ways to be more productive. New Year's resolutions, the itch to start the year off right, and of course, an "out with the old, in with the new" attitude all contribute to this. And the usual round of recommendations is heavily biased towards closed source and proprietary software. It doesn't have to be that way. Here's the seventh of my picks for 19 new (or new-to-you) open source tools to help you be more productive in 2019. Read more

Nginx vs Apache: Which Serves You Best in 2019?

For two decades Apache held sway over the web server market which is shrinking by the day. Not only has Nginx caught up with the oldest kid on the block, but it is currently the toast of many high traffic websites. Apache users might disagree here. That is why one should not jump to conclusions about which web server is better. The truth is that both form the core of complete web stacks (LAMP and LEMP), and the final choice boils down to individual needs. For instance, people running Drupal websites often call on Apache, whereas WordPress users seem to favor Nginx as much if not more. Accordingly, our goal is to help you understand your own requirements better rather than providing a one-size recommendation. Having said that, the following comparison between the two gives an accurate picture. Read more

Security: Updates, 'Smart' Things, Android Proprietary Software and Firefox Woes on Windows

  • Security updates for Friday
  • How Do You Handle Security in Your Smart Devices?
    Look around your daily life and that of your friends and family, and you’ll see that smart devices are beginning to take over our lives. But this also means an increase in a need for security, though not everyone realizes it, as discussed in a recent article on our IoT-related site. Are you aware of the need for security even when it’s IoT-related? How do you handle security in your smart devices?
  • A Vulnerability in ES File Explorer Exposes All of Your Files to Anyone on the Same Network
  • 2018 Roundup: Q1
    One of our major pain points over the years of dealing with injected DLLs has been that the vendor of the DLL is not always apparent to us. In general, our crash reports and telemetry pings only include the leaf name of the various DLLs on a user’s system. This is intentional on our part: we want to preserve user privacy. On the other hand, this severely limits our ability to determine which party is responsible for a particular DLL. One avenue for obtaining this information is to look at any digital signature that is embedded in the DLL. By examining the certificate that was used to sign the binary, we can extract the organization of the cert’s owner and include that with our crash reports and telemetry. In bug 1430857 I wrote a bunch of code that enables us to extract that information from signed binaries using the Windows Authenticode APIs. Originally, in that bug, all of that signature extraction work happened from within the browser itself, while it was running: It would gather the cert information on a background thread while the browser was running, and include those annotations in a subsequent crash dump, should such a thing occur.