today's leftovers
-
All ProtonMail apps are now open source, as Android joins the list!
Starting today, every app you use to access your ProtonMail inbox is open source and has passed an independent security audit.
One of our guiding principles is transparency. You deserve to know who we are, how our products can and cannot protect you, and how we keep your data private. We believe this level of transparency is the only way to earn the trust of our community.
-
Taiwanese scientists develop free videoconferencing system based on open-source software
A team from Taiwan’s National Yang-Ming University has developed a videoconferencing platform with free access based on the open-source software Jitsi Meet.
Led by Chen Yu-chun (陳育群), an assistant professor at the university’s School of Medicine, the team has incorporated new features to the application for improved security. Through a one-time encryption key, users will be able to convene virtual meetings without the need to sign in.
-
Cryptography Dispatches: OpenSSH 8.2 Just Works with U2F/FIDO2 Security Keys
OpenSSH is on a roll. In February, OpenSSH 8.2 introduced first-class support for FIDO2 (née U2F) security keys, making hardware backed keys accessible for less than $20.
This is not some complicated PAM setup, or some janky cryptographic trick, but a proper public key type, where the private key is protected by the hardware token.1 And it just works out of the box for USB security keys! No more tedious and unreliable gpg-agent setups, PKCS#11, or third-party agents.
I’m a big fan of hardware tokens because they allow a few things you can’t do with just software cryptography: compromise recovery, because an attacker can’t exfiltrate the key from the hardware to use it after losing access to it; explicit consent, where the user has to physically allow each operation by e.g. tapping the key; and short PINs that can’t be bruteforced, because the retry counters or delays are enforced in hardware.
Let’s cut to the chase, here’s how you generate an SSH key backed by your security key: [...]
-
Reflections Ahead of SUSECON Digital
I have to confess that aside from New Year and family birthdays, SUSECON is my favorite diary date.
Where else could I combine the job I love with renewing friendships, meeting new friends and immersing myself in a welcoming global community?
The difficult global circumstances we currently find ourselves in have caused me to look back a little wistfully at my great experiences at previous SUSECON events where I, like other attendees, have enjoyed the outstanding technical content, open access to subject matter experts, and a true feeling of community.
-
2020 Open Source Conferences That Have Moved Online
If you’re going to stare at a screen, you can binge-watch Netflix – or you could attend one of these online open source conferences, most of which are now free or at a significantly reduced price.
-
Mozilla Releases DeepSpeech 0.7 As Their Great Speech-To-Text Engine
DeepSpeech 0.7 is the new release from Mozilla for this open-source speech-to-text engine. Among the many changes to find with this update are changes around their TensorFlow training code, support for TypeScript, multi-stream .NET support, a new format is available for training data that should be faster, support for transfer learning, ElectronJS 8.0 support, and numerous other changes.
-
William Lachance: mozregression for MacOS
More details: The Glean Python SDK, which mozregression now uses for telemetry, requires Python 3. This provided the impetus to port the GUI itself to Python 3 and PySide2 (the modern incarnation of PyQt), which brought with it a much easier installation/development experience for the GUI on platforms like Mac and Linux.
-
Sneaky Zero-Click Attacks Are a Hidden Menace
Vulnerabilities that can be exploited for zero-click attacks are rare and are prized by attackers because they don't require tricking targets into taking any action—an extra step that adds uncertainty in any hacking scheme. They’re also valuable, because less interaction means fewer traces of any malicious activity. Zero-click exploits are often thought of as highly reliable and sophisticated tools that are only developed and used by the most well-funded hackers, particularly nation state groups.
The ZecOps research suggests a different story, though: Perhaps attackers are willing to settle in some cases for using less reliable, but cheaper and more abundant zero-click tools.
"I think there are more zero-clicks out there. It doesn't have to be 'nation state-grade,’” says ZecOps founder and CEO Zuk Avraham. "Most wouldn't care if it's not 100 percent successful, or even 20 percent successful. If the user doesn't notice it, you can retry again."
-
How the GraphQL Foundation is enabling data graphs
Another software company, data graph vendor Apollo, based in San Francisco, is one of the founding members of the GraphQL Foundation and also has a commercial Data Graph Platform based on GraphQL.
-
Telegram adding secure group video calls this year
Messaging app Telegram is developing a group video calling service that’s due to be launched later this year, the company announced today. It says that current options offer either security or usability, but that its version will offer both. Telegram announced the plans alongside news that it reached 400 million monthly active users, doubling its user base in two years.
Telegram’s claim that current group video calling services offer either security or usability is a not-so-subtle swipe at user-friendly Zoom, which has been hit by multiple security scandals in recent months. Critics pointed out that the service’s claims about offering end-to-end encryption were false, and that its default privacy settings made it easy for uninvited users to tap into video calls. That said, Telegram has also faced its share of criticism from the security community in part because its end-to-end encryption is not enabled by default.
-
University of Toronto supports COVID-19 patient monitoring with Raspberry Pi
-
LXQt 0.15 Released
today's howtos
This week in KDE: so many videos for you
Version 20.04.0 of KDE’s apps has been released! Go check it out; there’s amazing stuff in there. Work proceeds on the Breeze Evolution task for Plasma 5.19. In particular, the System Tray visual overhaul subtask is nearly complete and our tray popups are looking better than ever...
Video Review - Ubuntu 20.04 LTS Focal Fossa
A quick 6 minute video review of Ubuntu 20.04 LTS Focal Fossa. Have a look.
