Language Selection

English French German Italian Portuguese Spanish

Debian: Development Reports and Sparky News

Filed under
Debian
  • Paul Wise: FLOSS Activities October 2019
  • Chris Lamb: Free software activities in October 2019

    Whilst anyone can inspect the source code of free software for malicious flaws almost all software is distributed pre-compiled to end users.

    The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

  • Sparky news 2019/10

    The 10th monthly report of 2019 of the Sparky project:

    • Sparky 5.9 based on Debian stable “Buster” released
    • Linux kernel updated up to version 5.3.8 & 5.4-rc5
    • Perl updated to 5.30 in Debian testing repos, so libgtk2-perl has been removed and -> obmenu-generator as well, from the Openbox edition (rolling/testing line only)
    • sparky-obmenu installs and automatically configures obmenu for Openbox users, instead of obmenu-generator
    • and the Rescue edition’s menu has been reconfigured as well
    • Sparky rolling 2019.11 is on the way, stay tuned

  • Sylvain Beucler: Debian LTS and ELTS - October 2019

    Here is my transparent report for my work on the Debian Long Term Support (LTS) and Debian Extended Long Term Support (ELTS), which extend the security support for past Debian releases, as a paid contributor.

    In October, the monthly sponsored hours were split evenly among contributors depending on their max availability - I was assigned 22.75h for LTS (out of 30 max) and 20h for ELTS (max).

    There was a bit of backlog during my LTS triage week and for once I didn't make a pass at classifying old undetermined issues.

    MITRE was responsive for public (non-embargoed) issues in common free software packages, when I submitted new references or requested a CVE to identify known issues. There was more ball passing and delays when there was an another CNA (CVE Numbering Authorities).

  • Jonathan Wiltshire: Daisy and George’s Corfian Holiday

    Daisy and George have worked hard all year being diplomats in Arabia, helping test Debian CDs and writing best-selling books.

More in Tux Machines

Android Leftovers

The world's fastest supercomputers hit higher speeds than ever with Linux

Yes, there's a lot of talk now about how quantum computers can do jobs in 200 seconds that would take the world's fastest supercomputers 10,000 years. That's nice. But the simple truth is, for almost all jobs, supercomputers are faster than anything else on the planet. And, in the latest Top 500 supercomputer ratings, the average speed of these Linux-powered racers is now an astonishing 1.14 petaflops. The fastest of the fast machines haven't changed since the June 2019 Top 500 supercomputer list. Leading the way is Oak Ridge National Laboratory's Summit system, which holds top honors with an HPL result of 148.6 petaflops. This is an IBM-built supercomputer using Power9 CPUs and NVIDIA Tesla V100 GPUs. Read more

Programming: Django, Python and Qt

  • Introducing DjangoCon Africa

    Following the huge success of PyCon Africa, the Django community in Africa is ready to bring a new major software event to the continent - the very first DjangoCon Africa! The Django Software Foundation is excited to endorse and support this initiative. Plans are already in motion for a DjangoCon Africa to be held in Addis Ababa, Ethiopia in November 2020. Actual dates to be announced as soon as key details are in place. DjangoCon Africa will include 3 days of single-track talks, 1 day of workshops and sprints, and another day for touring for international visitors. The event will also include a Django Girls workshop to be held the weekend before DjangoCon Africa. To make the conference as inclusive as possible, the event will offer financial aid to members of under-represented communities in software to ensure they can also attend.

  • Django 3.0 release candidate 1 released

    Django 3.0 release candidate 1 is the final opportunity for you to try out the raft of new features before Django 3.0 is released. The release candidate stage marks the string freeze and the call for translators to submit translations. Provided no major bugs are discovered that can't be solved in the next two weeks, Django 3.0 will be released on or around December 2. Any delays will be communicated on the django-developers mailing list thread.

  • Cyber Discovery - What it is all about

    Cyber Discovery is made of 4 rounds. The first one being CyberStart Assess. It ran from the 3rd September to the 25th October 2019. There are 10 challenges starting easy, getting much harder. The aim for most of the challenges are to use 'Inspect Element' to get into the website and find the flag. I completed all of these challenges and was invited onto the next round: CyberStart Game. CyberStart Game is much more about finding things out yourself. A useful tip if you are stuck is to search for help on Google. CyberStart Game has 3 'Bases': Headquarters where you get to take part in lots of varied challenges, Moon Base where you learn the basics of Python and Internet Tools that can be run in python e.g. FTP... You also learn how to use python to Brute Force password protected ZIP files and other securities. The Forensics Base is, well you can guess: Forensics. It teaches you about Cryptography and other hiding methods.

  • PyDev of the Week: Martin Uribe

    While taking some college courses I learned Java, but I didn’t like it much. I know enough of the following to get things done: HTML, CSS, JavaScript, Perl, SQL, and BASH. Python is my favorite; I use it pretty much every day even though my job doesn’t require me to code.

  • You can now hone your testing / pytest skills on our platform

    Writing test code is an essential skill. As PyBites we believe writing code is the only solution to becoming a master (Ninja) at programming. The same applies to test code. For that reason we extended our regular exercises with Test Bites. In this article you will read about the feature showcasing it on our first ever Test Bite. We also share some details around implementation and a challenge we hit getting it to work. Enjoy and start honing your testing skills today!

  • unu – Using Qt on embedded Linux

    Right from the start, unu wanted to add a stylish, first-class embedded high-res display to their second generation electric scooter. Like many top-class engineering companies, unu didn’t have in-house expertise for building a modern UI, so they decided to partner with KDAB to build a modern UI based on Qt. In this video you learn more about the development process in this project and why unu chose KDAB as a partner.

Google and fwupd sitting in a tree

I’ve been told by several sources (but not by Google directly, heh) that from Christmas onwards the “Designed for ChromeBook” sticker requires hardware vendors to use fwupd rather than random non-free binaries. This does make a lot of sense for Google, as all the firmware flash tools I’ve seen the source for are often decades old, contain layer-on-layers of abstractions, have dubious input sanitisation and are quite horrible to use. Many are setuid, which doesn’t make me sleep well at night, and I suspect the security team at Google also. Most vendor binaries are built for the specific ODM hardware device, and all of them but one doesn’t use any kind of source control or formal review process. The requirement from Google has caused mild panic among silicon suppliers and ODMs, as they’re having to actually interact with an open source upstream project and a slightly grumpy maintainer that wants to know lots of details about hardware that doesn’t implement one of the dozens of existing protocols that fwupd supports. These are companies that have never had to deal with working with “outside” people to develop software, and it probably comes as quite a shock to the system. To avoid repeating myself these are my basic rules when adding support for a device with a custom protocol in fwupd: I can give you advice on how to write the plugin if you give me the specifications without signing an NDA, and/or the existing code under a LGPLv2+ license. From experience, we’ll probably not end up using any of your old code in fwupd but the error defines and function names might be similar, and I don’t anyone to get “tainted” from looking at non-free code, so it’s safest all round if we have some reference code marked with the right license that actually compiles on Fedora 31. Yes, I know asking the legal team about releasing previously-nonfree code with a GPLish licence is difficult. Read more