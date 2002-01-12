Software: Opera 62, GNU Projects and Nextcloud Text Opera 62 Released with Dark Mode, HD Displays Improvements Opera web browser 62 was released today with improved dark mode, design updates. Here’s how to install it in Ubuntu.

Opera 62 Web Browser Launches with New Task Completer, Design Improvements Opera Software announced today the release Opera 62 web browser for all supported platforms, including GNU/Linux, macOS, and Microsoft Windows, a release that adds various design updates and some new features. Opera 62 is now available as the latest and most advanced version of the Chromium-based, cross-platform web browser that runs on desktops and mobile devices. This release introduces a new tool called Task Completer, which helps you easily plan your next vacation by allowing you to revisit the hotels you searched for on booking.com locally on the Opera Speed Dial. The Task Completer features is experimental and will be improved in future releases. "We wanted to experiment with Task Completer in a context where retrieving previous search results is most important, such as travel. When we look for flights and book hotels we don’t always make instant decisions. Oftentimes, we want to go back to a specific hotel and show it to friends or loved ones traveling with us before we book," said Opera's Joanna Czajka.

How do Spritely's actor and storage layers tie together? I've been hacking away at Spritely (see previously). Recently I've been making progress on both the actor model (goblins and its rewrite goblinoid) as well as the storage layers (currently called Magenc and Crystal, but we are talking about probably renaming the both of them into a suite called "datashards"... yeah, everything is moving and changing fast right now.) In the #spritely channel on freenode a friend asked, what is the big picture idea here? Both the actor model layer and the storage layer describe themselves as using "capabilities" (or more precisely "object capabilities" or "ocaps") but they seem to be implemented differently. How does it all tie together? A great question! I think the first point of confusion is that while both follow the ocap paradigm (which is to say, reference/possession-based authority... possessing the capability gives you access, and it does not matter what your identity is for the most part for access control), they are implemented very differently because they are solving different problems. The storage system is based on encrypted, persistent data, with its ideas drawn from Tahoe-LAFS and Freenet, and the way that capabilities work is based on possession of cryptographic keys (which are themselves embedded/referenced in the URIs). The actor model, on the other hand, is based on holding onto a reference to a unique, unguessable URL (well, that's a bit of an intentional oversimplification for the sake of this explaination but we'll run with it) where the actor at that URL is "live" and communicated with via message passing. (Most of the ideas from this come from E and Waterken.) Actors are connected to each other over secure channels to prevent eavesdropping or leakage of the capabilities.

GNU Spotlight with Mike Gerwitz: 17 new GNU releases in June! apl-1.8 artanis-0.3.2 dr-geo-19.06a gawk-5.0.1 gengetopt-2.23 gnunet-0.11.5 guile-2.2.5 icecat-60.7.0-gnu1 libmicrohttpd-0.9.64 libredwg-0.8 mailutils-3.7 mit-scheme-10.1.9 nano-4.3 nettle-3.5 parallel-20190622 unifont-12.1.02 units-2.19

Bzip2 1.0.7 is released Distros and embedded users should start using bzip2-1.0.7 immediately. The patches they already have for the bzip2's traditional build system should still apply. The release includes bug fixes and security fixes that have accumulated over the years, including the new CVE-2019-12900. Once 1.1.0 is released, distributions should be able to remove their patches to the build system and just start using Meson or CMake. You may want to monitor the 1.1.0 milestone — help is appreciated fixing the issues there so we can make the first release with the new build systems!

bzip2 1.0.7 We are happy to announce the release of bzip2 1.0.7. This is an emergency release because the old bzip2 website is gone and there were outstanding security issues. The original bzip2 home, downloads and documentation can now be found at: https://sourceware.org/bzip2/

Nextcloud announces a new collaborative rich text editor called Nextcloud Text. Nextcloud Text is described as not "a replacement to a full office suite, but rather a distraction-free, focused way of writing rich-text documents alone or together with others." See the Nextcloud blog post for more details.

Security: Updates, Purism’s Librem Key, Silex 'Malware' (Brute-Forcing Bad/Unchanged Passwords), Arch Linux Reproducible Builds Security updates for Thursday

Made in USA Librem Key We would never use the words “Made in USA” lightly. We had to meet very strict requirements before being allowed to use that label. It’s well-known that other firms have been fined for mislabeling their Made in China products as Made in USA, for instance because “screwdriver assembly” only (getting electronics made elsewhere and doing final case-assembly in the USA) is not enough to qualify for “Made in USA”. A company can source specific, individual electronics components from around the world (we source chips like the OpenPGP smart card from a European supplier, for example) but must actually make–as in fabricate–the product here, in the US, to be able to label it as “Made in USA.”

Purism’s Librem Key is Now the First and Only USB Security Token to be Made in the USA Purism, the social purpose corporation which designs and produces popular hardware and software that protects users’ digital lives, today announced its Librem Key product will be the first device of its category to be made in the USA. Librem Key, the first and only OpenPGP smart card closely integrated with the Heads-firmware offering a tamper-evident boot process, launched in September 2018. Initially manufactured in-part by partner Nitrokey, Purism is now manufacturing Librem Keys entirely from Purism’s Carlsbad, California headquarters – the same U.S. facility used to manufacture its Librem 5 smartphone devkits in 2018. Version 2 also stores up to 4096-bit RSA keys and up to 512-bit ECC keys and securely generates keys directly on the device. Supply chain security is a rising concern due to the lack of control hardware companies have over manufacturing links. Threats include security hacks, malware concerns, cyber-espionage, and even copyright theft. Purism sees protection of its supply chain as an existentially important issue, and has invested in supply chain improvements including the launch of Librem Key V2.

The Curious Case of Silexbot A new piece of malware that is using default credentials to log into IoT devices and then erase their file systems and shut them down is on the move, but it may not end up having the reach that it’s alleged creator intended.

Thousands of IoT Devices Bricked By Silex Malware

Jelle Van der Waa: Reproducing Arch [core] repository packages As Arch Linux we are working on reproducible builds for a while and have a continuous test framework rebuilding package updated in our repositories. This test does an asp checkout of a package and builds it twice in a schroot, we do not try to reproduce actual repository packages yet. In the end this is however what we want to achieve, giving users the ability to verify a repository package by rebuilding it on their own hardware.

mariadb 10.4.x update requires manual intervention The update to mariadb 10.4.6-1 and later changes configuration layout as recommended by upstream.