Open source vs. proprietary: What's the difference?
There's a lot to be learned from open source projects. After all, managing hundreds of disparate, asynchronous commits and bugs doesn't happen by accident. Someone or something has to coordinate releases, and keep all the code and project roadmaps organized. It's a lot like life. You have lots of tasks demanding your attention, and you have to tend to each in turn. To ensure everything gets done before its deadline, you try to stay organized and focused.
Fortunately, there are applications out there designed to help with that sort of thing, and many apply just as well to real life as they do to software.
Here are some reasons for choosing open tools when improving personal or project-based organization.
Open Source Ports of Commercial Game Engines
Free, open source and cross-platform game engine recreations can be used to play old as well as some of the fairly recent game titles. This article will list some of these game engines that are either built by reverse engineering the original files or made by adapting the freely available source code released by the original developers. Even though there are alot of such projects, this article will only list some of them that allow you to play complete games with minor issues or workarounds. This list by any means, is not exhaustive.
Secrecy in Debian/FSFE and Cryptie/Amandine Jambert
There has been a lot of discussion this week about the ethics of revealing and discussing Amandine Jambert's real identity and connection between her CNIL and FSFE roles. Just as with the Mollamby scandal in Debian, it has been necessary to consider both privacy and public interest in the same equation.
This photo of the FSFE e.V. members was taken outside LinuxHotel, Essen, when they decided to impose more conflict on the free software community. Two of the resignations occurred immediately after this photo. Do these people owe Jambert and the rest of the community an apology?
There has recently been a lot of attention on the leaking of the first years of debian-private at Christmas 2019.
There have been many other leaks in recent times too, for example, the revelations about Cryptie/Amandine Jambert, a CNIL employee undercover in FSFE (subscribe for more news like that).
As professionals, we all know the importance of protecting sensitive data for our employers and clients. When you consider the number of people who have access to debian-private today, it is not exactly a private forum in the first place.
Security Leftovers
Security updates have been issued by Arch Linux (chromium, python-django, and sudo), Debian (libexif and libxmlrpc3-java), Fedora (upx and xar), openSUSE (ucl and upx), Oracle (ipa), Scientific Linux (kernel), SUSE (e2fsprogs, libqt5-qtbase, nginx, pcp, php7, rubygem-rack, systemd, wicked, and xen), and Ubuntu (mariadb-10.1, mariadb-10.3, mesa, pillow, and python-reportlab).
A denial of Service (DOS) attack is a very simple technique to deny accessibility to services (that’s why it is called “denial of service” attack). This attack consists of overloading the target with oversized packets, or a big quantity of them.
While this attack is very easy to execute, it does not compromise the information or privacy of the target, it is not a penetrative attack and only aims to prevent access to the target.
By sending a quantity of packets the target can’t handle attackers prevent the server from serving legitimate users.
DOS attacks are carried out from a single device, therefore it is easy to stop them by blocking the attacker IP, yet the attacker can change and even spoof (clone) the target IP address but it is not hard for firewalls to deal with such attacks, contrary to what happens with DDOS attacks.
The first exciting big update of the year is ready for testing: IPFire 2.25 - Core Update 141! It comes with a totally reworked DNS system which adds many new features like DNS-over-TLS. On top of that, this update fixes many bugs.
The Git version control system has moved closer towards using SHA-256 rather than the compromised SHA-1 for its hash algorithm, to help to protect code from tampering.
Whenever code is committed into a Git repository, the software calculates and stores a hash value. When you retrieve the code, the hash is recalculated to ensure that the code is the same. Git also uses these hash values as a database key and to avoid storing the same code twice. If the hash value is the same, the code is presumed to be the same.
What this means is that the hashing algorithm is at the heart of how Git functions. Git uses SHA-1, but in early 2017 it was shown by a team of Google engineers and others that SHA-1 can be broken, meaning that there is a technique for finding collisions, defined as different data that has the same hash value. We reported on this here.
