today's leftovers

Submitted by Roy Schestowitz on Saturday 29th of June 2019 02:04:01 PM Filed under
Misc
  • Long-term Device Use

    It seems to me that Android phones have recently passed the stage where hardware advances are well ahead of software bloat. This is the point that desktop PCs passed about 15 years ago and laptops passed about 8 years ago. For just over 15 years I’ve been avoiding buying desktop PCs, the hardware that organisations I work for throw out is good enough that I don’t need to. For the last 8 years I’ve been avoiding buying new laptops, instead buying refurbished or second hand ones which are more than adequate for my needs. Now it seems that Android phones have reached the same stage of development.

    3 years ago I purchased my last phone, a Nexus 6P [1]. Then 18 months ago I got a Huawei Mate 9 as a warranty replacement [2] (I had swapped phones with my wife so the phone I was using which broke was less than a year old). The Nexus 6P had been working quite well for me until it stopped booting, but I was happy to have something a little newer and faster to replace it at no extra cost.

    Prior to the Nexus 6P I had a Samsung Galaxy Note 3 for 1 year 9 months which was a personal record for owning a phone and not wanting to replace it. I was quite happy with the Note 3 until the day I fell on top of it and cracked the screen (it would have been ok if I had just dropped it). While the Note 3 still has my personal record for continuous phone use, the Nexus 6P/Huawei Mate 9 have the record for going without paying for a new phone.

    A few days ago when browsing the Kogan web site I saw a refurbished Mate 10 Pro on sale for about $380. That’s not much money (I usually have spent $500+ on each phone) and while the Mate 9 is still going strong the Mate 10 is a little faster and has more RAM. The extra RAM is important to me as I have problems with Android killing apps when I don’t want it to. Also the IP67 protection will be a handy feature. So that phone should be delivered to me soon.

    Some phones are getting ridiculously expensive nowadays (who wants to walk around with a $1000+ Pixel?) but it seems that the slightly lower end models are more than adequate and the older versions are still good.

  • Full Circle Magazine #146
  • Diversity and inclusion in Debian: small actions and large impacts

    The Debian Project always has and always will welcome contributions from people who are willing to work on a constructive level with each other, without discrimination.

    The Diversity Statement and the Code of Conduct are genuinely important parts of our community, and over recent years some other things have been done to make it clear that they aren't just words.

    One of those things is the creation of the Debian Diversity Team: it was announced in April 2019, although it had already been working for several months before as a welcoming space for, and a way of increasing visibility of, underrepresented groups within the Debian project.

  • GNU Web Translation Coordination - News: Malayalam team re-established

    After more than 8 years of being orphaned, Malayalam team is active again. The new team leader, Aiswarya Kaitheri Kandoth, made a new translation of the Free Software Definition, so now we have 41 translations of that page!

    Currently, Malayalam the only active translation team of official languages of India. It is a Dravidian language spoken by about 40 million people worldwide, with the most speakers living in the Indian state of Kerala. Like many Indian languages, it uses a syllabic script derived from Brahmi.

  • Killing four myths about open source in financial service

    Although historically competitive, financial firms have only just begun to adopt “open innovation” strategies akin to what other industries have done over the last two or three decades.

    But what exactly are they? To clear up the confusion, this approach really means to leverage open source technology and standards to lower costs and reduce time-to-market for products and services. It also leads to the attraction and retention of top talent. As a recent example, Goldman Sachs recently stated its plans to release proprietary code on GitHub, a web-based hosting service for software developers using this technology.

    However, many financial services decision-makers have yet to fully grasp the power of open source collaboration for their businesses. Financial institutions on both the buy- and sell-side still suffer from ingrained misconceptions about legal issues or compete-at-all-costs mindsets across their technology stacks. This can stifle a move to a more collaborative strategy that can lead to tangible, improved long-term results.

    Open source is a collaborative software development model whereby code is made publicly available and maintained by a decentralised community of developers. While its origins are rooted in individual passion, this technology has risen to a mainstream commercial business model. For example, today the size of open source database market is $2.6 billion, or 7.6% of the entire market according to Gartner. And trends continue to point to an unstoppable growth with the global open source services market estimated to be at $32.95 billion by 2022, according to MarketsAndMarkets.

  • History Will Not Be Kind to Jony Ive

    But history will not be kind to Ive, to Apple, or to their design choices. While the company popularized the smartphone and minimalistic, sleek, gadget design, it also did things like create brand new screws designed to keep consumers from repairing their iPhones.

    Under Ive, Apple began gluing down batteries inside laptops and smartphones (rather than screwing them down) to shave off a fraction of a millimeter at the expense of repairability and sustainability.

  • Apple has a generational succession problem, and Jony Ive's departure is the tip of the iceberg

    Jony Ive's coming departure from Apple underscores the firm's attempts to shift from hardware to software. [...]

    [paywall]

today's howtos

Security: OpenPGP, Huawei, Unchanged Passwords and BGP Filters

  • Community Impact of OpenPGP Certificate Flooding

    I wrote yesterday about a recent OpenPGP certificate flooding attack, what I think it means for the ecosystem, and how it impacted me. This is a brief followup, trying to zoom out a bit and think about why it affected me emotionally the way that it did. One of the reasons this situation makes me sad is not just that it's more breakage that needs cleaning up, or even that my personal identity certificate was on the receiving end. It's that it has impacted (and will continue impacting at least in the short term) many different people -- friends and colleagues -- who I know and care about. It's not just that they may be the next targets of such a flooding attack if we don't fix things, although that's certainly possible. What gets me is that they were affected because they know me and communicate with me. They had my certificate in their keyring, or in some mutually-maintained system, and as a result of what we know to be good practice -- regular keyring refresh -- they got burned. Of course, they didn't get actually, physically burned. But from several conversations i've had over the last 24 hours, i know personally at least a half-dozen different people who i personally know have lost hours of work, being stymied by the failing tools, some of that time spent confused and anxious and frustrated. Some of them thought they might have lost access to their encrypted e-mail messages entirely. Others were struggling to wrestle a suddenly non-responsive machine back into order. These are all good people doing other interesting work that I want to succeed, and I can't give them those hours back, or relieve them of that stress retroactively.

  • Nokia disowns CTO's comments about Huawei's 'sloppy' 5G kit

    The firm's chief technology officer Marcus Weldon warned: "That means being wary of adding Chinese vendors into network infrastructure, as long as these security vulnerabilities are either provably there or likely to be there based on past practices."

    Wheldon, referring to recent research from Finite State which saw it uncover back doors in more than 55 per cent of Huawei devices, added: "We read those reports and we think okay, we're doing a much better job than they are.

  • Nokia distances itself from boss's warning over Huawei 5G kit

    In the UK, Huawei equipment has been subject to close scrutiny by a unit staffed by GCHQ. It has produced reports severely critical of the security of some software, although it has not found backdoors in the firm's products.

  • An IoT worm Silex, developed by a 14 year old resulted in malware attack and taking down 2000 devices

    Larry Cashdollar, an Akamai researcher, the first one to spot the malware, told ZDNet in a statement, “It’s using known default credentials for IoT devices to log in and kill the system.”

  • 14-year-old creates dangerous malware, starts bricking thousands of IoT devices
  • Huawei Gets ‘Green Signal’ From Trump To Resume Trade In US

    The possibly lifiting of the ban doesn’t come as a surprise. Last month, President Trump gave an unsatisfactory explanation of the Huawei ban and hinted that it could end soon. Huawei is currently on 90-day temporary license in the US which was issued immediately after the ban was announced.

  • Trump Says He’ll Allow China’s Huawei to Buy From U.S. Suppliers

    President Donald Trump said he’ll allow Huawei Technologies Co. to buy products from U.S. suppliers, in a concession to China after talks with the country’s President Xi Jinping on Saturday. “U.S. companies can sell their equipment to Huawei,” Trump said at a news conference following the Group of 20 summit in Osaka, Japan. “We’re talking about equipment where there’s no great national security problem with it.” The Commerce Department last month moved to blacklist Huawei, cutting it off from U.S. suppliers, though many companies have managed to skirt the restrictions. Trump met with Xi on Saturday on the sidelines of the Group of 20 summit in Osaka, Japan, and agreed to pause the trade war between their countries.

  • The Infrastructure Mess Causing Countless Internet Outages

    The patchwork problem was on full display with the Cloudflare incident this week. Pennsylvania steel company Allegheny Technologies uses two internet providers for connectivity. It received accidental, inaccurate routing information from one provider, a small Midwest ISP, and unintentionally passed it on to its other provider, Verizon. The smaller ISP started the routing error, but Verizon—an internet backbone behemoth with massive resources—also had not implemented the BGP filters and authentication checks that would have caught the mistake. Without these protections in place, Verizon's other customers worldwide, including Cloudflare, experienced outages and failures. Verizon did not return a request for comment about the incident.

VMware Openwashing and Microsoft Entryism/EEE

  • Darren Hart | Sr Director / Open Source Technology Center At VMware

    In this interview, Darren Hart, Sr Director / Open Source Technology Center at VMware talks about how Open Source has democratized the development of new platforms.

  • Microsoft Seeks To Join the Official Linux-Distros Mailing List [Ed: See the comments here. People are not as foolish as Microsoft hoped, in spite of the expensive lying campaign of Microsoft.]
  • Microsoft is seeking to join Linux private security board [Ed: EEE. Classic EEE. Who welcomes it? The Novell facilitator of Microsoft, Greg K-H. Now in the "Linux" Foundation.]

    The application was made by Sasha Levin, and if approved would allow the Redmond giant to be part of private discussions on vulnerabilities and ongoing security issues. One of the criteria for membership is to have a Unix-like distro that makes use of open source components, and Levin mentioned Windows Subsystem for Linux 2 and Azure Sphere, which are still in public preview and slated for general availability in 2020.

Kernel: Linux 5.3, Systemd and Wacom Tablets

  • A Look At What's On The Table For Linux 5.3 Features

    With the Linux 5.2 kernel due to be released in a few weeks and that marking the opening of the Linux 5.3 merge window, here is a look at some of the likely features coming to this next version of the Linux kernel. Based upon our close monitoring of the different "-next" Git branches of the Linux kernel and mailing lists, here is a look at what you're likely to see merged with Linux 5.3 in July. Linux 5.3 will then debut as stable in September.

  • Systemd Now Allows Custom BPF Programs To Be Loaded On Cgroups

    Systemd now allows loading of custom BPF programs for network traffic filtering that are applied to all sockets created by processes of a given systemd unit. The motivation for this stems from a feature plan drawn up last year for having systemd install BPF (Berkeley Packet Filter) programs into cgroups. The benefit of this is associating a BPF program for IP filtering with a unit file so systemd can install them once a cgroup is setup.

  • Linux 5.3 To Support The $1,500 Wacom MobileStudio Pro Tablet

    In addition to the latest Wacom Intuos Pro Small drawing tablet to be supported by the Linux 5.3 kernel, the high-end (circa $1,500 USD) Wacom MobileStudio Pro tablet is also set to now be supported by this next kernel cycle. MobileStudio Pro support on Linux with the existing Wacom driver ended up being incredibly quite simple and just adding the new device IDs. That support is now queued into the "-next" branch ahead of the Linux 5.3 merge window opening in July. At $1,500, the Wacom MobileStudio Pro ends up being an actual premium tablet computer as opposed to just a drawing tablet device as is most Wacom products.

