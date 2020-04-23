today's leftovers
In the last post I described how we handle public transport line metadata in KPublicTransport, and what we use that for. Here’s now how you can help to review and improve these information in Wikidata and OpenStreetMap, where it not only benefits KPublicTransport, but everyone.
Software issues and concerns over public access to justice prevent French IP courts from going online
The following article presents a high-level overview of ProtonMail’s Android security model and explains how the app protects users’ sensitive data. You can view our Android app’s open source code on GitHub. We also explain the importance of open source to Proton in our Android open source announcement.
For more information on what threats ProtonMail is designed to counter, read our threat model.
Although the document covers technical subject matter, we wrote it to be as accessible as possible to the general audience.
Debian: Our Software Dependency Problem, Building Packages with Buildah in Debian and Latest in Sparky
A short while ago Daniel, Lars and I met to discuss Russ Cox’s excellent essay Our Software Dependency Problem. This essay looks at software reuse in general, especially in the context of modern distribution methods like PyPI and NPM which make the whole process much more frictionless than traditional distribution methods used with languages like C. Possibly our biggest conclusion was that the essay is so eminently sensible that we mostly just talked about how much we agreed with it and how comprehensive it was, we particularly admired the clarity with which it explores how to evaluate the quality of free software projects.
Building packages in Debian seems to be a solved problem. But is it? At the bottom, installing the dpkg-dev package provides all the basic tools needed. Assuming that you already succeeded with creating the necessary packaging metadata (i.e., debian/changelog, debian/control, debian/copyright, etc., and there are great helper tools for this such ash dh-make, dh-make-golang, etc.,) it should be as simple as invoking the dpkg-buildpackage tool. So what's the big deal here?
The issue is that dpkg-buildpackage expects to be called with an appropriately setup build context, that is, it needs to be called in an environment that satisfies all build dependencies on the system. Let's say you are building a package for Debian unstable on your Debian stable system (this is the common scenario for the official Debian build machines), you would need your build to link against libraries in unstable, not stable. So how to tell the package build process where to find its dependencies?
The answer (in Debian and many other Linux distributions) is you do not at all. This is actually a somewhat surprising answer for software developers without a Linux distribution development background1. Instead, chroots "simulate" an environment that has all dependencies that we want to build against at the system locations, that is. /usr/lib, etc.
There is a new tool available for Sparkers: jgmenu.
Due to changes in the Debian testing repositories, the Obmenu and Obmenu-generator is not available and can not be installed on Debian/Sparky testing any more, so…
The ‘jgmenu’ provides a pipemenu to the Sparky 6 Openbox edition instead of the two menu apps mentioned before.
OSS Leftovers
Open source will survive and likely grow during the current economic downturn caused by the global coronavirus pandemic. That's the position of people in the open source community, including Dr. Dries Buytaert, co-founder and CTO of Acquia and creator of Drupal, the open source web content management framework. In a March post on his personal blog, Dr. Buytaert wrote that during periods of economic decline, "organizations will look to lower costs, take control of their own destiny, and strive to do more with less." Adopting open source can help "organizations survive and thrive," he continued. I had a chance to interview Dr. Buytaert about his article, his advice for building successful open source projects and what's happening with the Drupal Association and DrupalCon for TechRepublic's Dynamic Developer video and podcast series . The following is an edited transcript of the the interview.
NordVPN, one of the biggest VPN service provider companies in the world, has, today, rolled out a new technology based on the promising WireGuard VPN protocol. The new tech dubbed NordLynx is built around the WireGuard VPN protocol which is touted to offer better speed than other contemporary protocols like OpenVPN, IPSec, and more.
Another benefit of WireGuard VPN protocol over other protocols is its easy deployment as there are extremely fewer lines of code involved. To give you a perspective, OpenVPN runs on 400,000 lines of code whereas WireGuard VPN has only 4,000 lines of code, marking a stark difference between the two.
The database that’s making waves in enterprise settings is PostgreSQL (often called Postgres), which would be romping up the database popularity index, if such a thing existed. Why is that the case?
An open-source system that runs on Alibaba Cloud, AWS, Azure and ARM alike, you can download it, run it on your virtual or real tech, from 60-core x86s to a Raspberry Pi, and it’ll happily mince your data, just how you want it!
But what happens when your business relies on Postgres, or you need a helping hand? Or an extra feature you can’t/won’t develop yourself? That’s where EnterpriseDB comes in. We speak to Marc Linster, Senior Vice President of Product Development at the company, about paying for “open-source-PLUS”, upstreaming, development communities and the unique capabilities of PostgreSQL.
Network operators, integrators and software vendors have joined forces to create Leitstand, an open-source community that aims to increase the efficiency of developing, buying and running network management systems for next generation carrier networks.
It will provide the tools needed to operate the underlying infrastructure in a disaggregated telecoms network, including zero-touch provisioning of infrastructure, inventory management, operational visibility of network elements, alarm monitoring, fault diagnosis and software version management. The Leitstand toolset will be provided in an open-source model, freely available to any operator, equipment vendor and systems integrator. Initial contributors to the Leitstand initiative include Deutsche Telekom, EWE TEL, Reply and RtBrick.
Remote team members obviously can’t rely on the nonverbal cues that happen in face-to-face communication, but they can use methods such as emojis to help gauge each other’s mood and status.
Get your own server or the apps, which offer more or less the same level of features as Zoom, with what it’s perhaps it’s “killer feature”: End-to-end encryption. Furthermore, it does not require any form of user ID. While its cloud service collects general performance data (“Crashlytics”), the server-based comes without any form of analytics features or libraries.
Network is an essential part of infrastructure health and requires constant monitoring. To meet specific OS and hardware requirements, open source tools can be the best fit.
ProtonMail has open sourced its Android app, meaning all ProtonMail and ProtonVPN apps are now open source.Open sourcing allows anyone to review the code and verify Proton’s data protection claims are accurate.The company also announced that all ProtonMail and ProtonVPN apps have also passed an independent third-party security audit.
ProtonMail has published the code for all its apps following the open sourcing of the ProtonMail Android app. The company said, “Transparency is one of Proton’s guiding principles, which is why it’s always clear who runs the organization, what its data policy is and the capabilities and limitations of the technology”.
By open sourcing all the apps, Proton is allowing users the same level of transparency into its code. Any security researcher can now verify if Proton is handling user data in the way that it claims. This extra layer of transparency means that everyone, including activists, dissidents and journalists who rely on Proton’s service can check if their communications are as private as promised.
In contrast, Jami is peer-to-peer text and video chat software for computers and phones, available as a free download. While it won’t replace the communication and collaboration you would do in Zoom or Jitsi, it could be an alternative for the kind of communication and collaboration associated with Skype or Microsoft Teams — chat with the option to transition to a call when necessary. Jami was created by Savoir-faire Linux of Montreal, which plans to make money selling Jami Account Management Server, an administrative tool.
Signal, the high-security messaging app, supports video calling, but so far only from mobile devices. Wire and Wickr are a couple of other open source options in this category.
There are several browsers available out there that are based on the open-source Chromium project, the most popular being Google Chrome of course. But if you prefer to not use the Chrome browser, there are other great options out there. One of the more promising ones that launched two years ago was the Kiwi Browser which was actually the first to support Chrome extensions. Now the developer is open-sourcing the app and all the features that come with it, inviting other developers to contribute the code into their various projects.
XDA Developers says that Kiwi Browser is one of the better Chromium-based browsers out there in its two years of experience. It had a lot of pretty useful features when it first launched including a built-in content blocker, dark mode, background video playback, etc. A lot of these features that launched two years ago actually are better compared to some of the current browsers. Best of all, it was the first of its kind that supported Chrome Extensions.
The Beaker browser lets us take a glimpse at the better internet, in which the control is back in the hands of the people. This is a great project, with amazing features and surprises everywhere. Even though a little unstable right now, it is very promising, and we request that you support this project if you can. Cheers!
Replacing Windows 7
Windows 7 has reached the end of its life. It will no longer receive security updates and Microsoft's technical support will stop. Running an out-of-date OS can have serious potential risks, and if you're using Windows 7 connected to the Internet, you will have a problem. Fortunately, there are two simple solutions.
