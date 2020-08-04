today's leftovers
The California legislature is currently considering a bill directing a public board to pilot the use of blockchain-type tools to communicate Covid-19 test results and other medical records. We believe the bill unduly dictates one particular technical approach, and does so without considering the privacy, security, and equity risks it poses. We urge the California Senate to reconsider.
The bill in question is A.B. 2004, which would direct the Medical Board of California to create a pilot program using verifiable digital credentials as electronic patient records to communicate COVID-19 test results and other medical information. The bill seems like a well-intentioned attempt to use modern technology to address an important societal problem, the ongoing pandemic. However, by assuming the suitability of cryptography-based verifiable credential models for this purpose, rather than setting out technology-neutral principles and guidelines for the proposed pilot program, the bill would set a dangerous precedent by effectively legislating particular technology outcomes. Furthermore, the chosen direction risks exacerbating the potential for discrimination and exclusion, a lesson Mozilla has learned in our work on digital identity models being proposed around the world. While we appreciate the safeguards that have been introduced into the legislation in its current form, such as its limitations on law enforcement use, they are insufficient. A new approach, one that maximizes public good while minimizing harms of privacy and exclusion, is needed.
I was reading In a Land Before Dev Tools by Amber, and I thought, Oh here missing in the history the beautifully chiseled Opera Dragonfly and F12 for Internet Explorer. So let's see what are all the things I myself didn't know.
The curl test suite fires up a whole bunch of test servers for the various supported protocols, and then command lines using curl or libcurl-using dedicated test apps are run against those servers to make sure curl is acting exactly as it is supposed to.
Mycroft is a free and open-source software project aimed at providing voice-assistant technology, licensed under the Apache 2.0 license. It is an interesting alternative to closed-source commercial offerings such as Amazon Alexa, Google Home, or Apple Siri. Use of voice assistants has become common among consumers, but the privacy concerns surrounding them are far-reaching. There have been multiple instances of law enforcement's interest in the data these devices produce for use against their owners. Mycroft claims to offer a privacy-respecting, open-source alternative, giving users a choice on how much of their personal data is shared and with whom.
The Mycroft project is backed by the Mycroft AI company. The company was originally funded by a successful one-million-dollar crowdfunding campaign involving over 1,500 supporters. In recent years, it has developed two consumer-focused "smart speaker" devices: the Mark 1 and Mark 2. Both devices were funded through successful Kickstarter campaigns, with the most recent Mark 2 raising $394,572 against a $50,000 goal.
In the press, the company has indicated its intention is to focus on the enterprise market for its commercial offerings, while keeping the project free to individual users and developers. On the subject of developers, contributors are expected to sign a contributor license agreement (CLA) to participate in the project. The actual CLA was unavailable at the time of publication, but the project claims it grants the project a license to the contributed code, while retaining ownership of the contribution to the developer.
My GSoC project under NetBSD involves the development of test framework of curses library. This blog report is second in series of blog reports; you can have a look at the first report. This report would cover the progress made in second coding phase along with providing some insights into the libcurses.
Cloud Native development is not so much about where you run your application, but more about how you develop it. It is an interesting moment in time for enterprise developers, as more emphasis shifts to application modernization and cloud native development. The responsibility is shifting to the application for critical success factors for hybrid cloud environments, including security, reliability, and manageability. I have found that these “interesting” challenges are best addressed by collaborative, cross-disciplinary DevSecOps teams that understand the entire software development lifecycle.
In this new environment, your role as developers is more demanding, and we all need better tools. You have increased responsibility for understanding and working directly with security engineers on governance and related management policies. You are being tasked with prioritizing service reliability, and the best practice is to address potential problems early in the application lifecycle. You also need to proactively detect and resolve potential issues with production environments before they have a negative business impact.
Play Minecraft with Fedora Friends at Nest 2020 [Ed: Fedora is boosting Microsoft and "Fedora Minecraft/Spigot server follows the same Code of Conduct as Fedora Nest and the wider Fedora Community. Be kind, be respectful, and have fun!" (unlike Microsoft)]
The Linux Foundation has announced a new training course, LFD272 – Hyperledger Fabric for Developers. The course, developed in conjunction with Hyperledger, is designed for developers who want to master Hyperledger Fabric chaincode – Fabric’s smart contracts – and application development.
The Linux Foundation is a nonprofit organization enabling mass innovation through open source.
Most of Google’s open source work is done within two hosting platforms: GitHub and Google’s own Git service, git-on-borg, which hosts Android and Chromium. According to the report, Google hosts over 8,000 public repositories on GitHub and more than 1,000 public repositories on git-on-borg.
At Google, open source is at the core of our infrastructure, processes, and culture. As such, participation in these communities is vital to our productivity. Within OSPO (Open Source Programs Office), our mission is to bring the value of open source to Google and the resources of Google to open source. To ensure our actions match our commitment, in this post we will explore a variety of metrics intended to increase context, transparency, and accountability across all of the communities we engage with.
The unRAR code is under a mixed license: GNU LGPL + unRAR restrictions. Check license information here: 7-Zip license.
We're happy to announce Kiwi TCMS Enterprise version 8.5.2-mt and extended support hours for subscribers in America.
At the start of the year I begun keeping a daily diary for work as a simple text file. I've used various other approaches for this over the years, including many paper diaries and more complex digital systems. One great advantage of the one-page text file was it made assembling my weekly status report email very quick, nearly just a series of copies and pastes. But of course there are drawbacks and room for improvement.
vimwiki is a personal wiki plugin for the vim and neovim editors. I've tried to look at it before, years ago, but I found it too invasive, changing key bindings and display settings for any use of vim, and I use vim a lot.
I decided to give it another look. The trigger was actually something completely unrelated: Steve Losh's blog post "Coming Home to vim". I've been using vim for around 17 years but I still learned some new things from that blog post. In particular, I've never bothered to Use The Leader for user-specific shortcuts.
There is a new application available for Sparkers: Gmail Desktop
For those using Wine in a production environment for running Windows software on Linux, Wine 5.0.2 is out as the latest stable update.
While Wine continues chugging along with a lot of great feature work with the Wine 5.x bi-weekly snapshots leading up to the Wine 6.0 release early next year, Wine 5.0.2 is the latest stable point release with a variety of bug-fixes back-ported to this code-base that was minted at the start of this year. There are no new features but exclusively bug fixes.
Open Hardware, Raspberry Pi and More
my honest opinion, Free and Open Source Software (FOSS) is probably the best of all innovation to come out of the tech industry in the past four or five decades. As far as I can tell, the Open Source Initiative is predated by Richard Stallman’s famous Free Software Foundation (FSF) (1985), which itself is predated by his own GNU project (1983) which seems as if it pretty much kick-started what we would call Free and Open Source today. Whilst it is true that software programs were often shared amongst academics before GNU, the software industry was a fraction of what it is today and so I believe that it was indeed GNU that kicked it all off.
[...]
Open Source firmware and drivers have been harder to come by in general than software. However, there have been major efforts made by Open Source and Free Software community members to create projects such as Libreboot which aims to replace proprietary boot firmware. Firmware is often a more contentious issue than software since most hardware we buy comes with firmware baked in. Reverse engineering a device’s firmware is not necessarily a particularly easy task, at least not when compared to just rebuilding an existing software project (eg. LibreOffice and Microsoft Office). To make matters worse, It can be much easier for companies to embed potentially malicious code since it is harder to analyse.
I think that Open Source firmware will slowly become a bigger thing. However, its growth will probably be driven by the rise of Open Source hardware.
[...]
We’ve also seen the introduction of devices for the everyday user (not just hobbyists and tinkerers) including mobile phones and laptops. The company Purism has recently released both Laptops and a model of mobile phone which seem promising. Unfortunately, their laptops do rely on Intel CPUs, even if they claim to have disabled the management engine. It does seem like it will certainly take a while for these devices to meet mainstream though. Still, promising…
If you’re a fan of tiny microcontroller boards, you’ll be pleased with BOKRA SAMD21 Lite board powered by Microchip SAMD21 Arm Cortex-M0+ MCU, exposing I/Os in a way compatible with MikroBus socket, and adding a Grove connector for good measure.
Arduino devices are a favorite among do-it-yourself (DIY) enthusiasts to create, among other things, Internet of Things (IoT) devices. We have previously covered the Espressif ESP8266 family of devices that can be programmed using the Arduino SDK, but the Arduino project itself also provides WiFi-enabled devices such as the Arduino MKR WiFi 1010 board. Recently, the Arduino Security Team raised the problem of security shortcomings of IoT devices in a post, and how the Arduino project is working to make improvements. We will take the opportunity to share some interesting things from that, and also look at the overall state of TLS support in the Arduino and Espressif SDK projects.
When it comes to making a secure IoT device, an important consideration is the TLS implementation. At minimum, TLS can prevent eavesdropping on the communications, but, properly implemented, can also address a number of other security concerns as well (such as man-in-the-middle attacks). Moreover, certificate-based authentication for IoT endpoints is a considerably better approach than usernames and passwords. In certificate-based authentication, a client presents a certificate that can be cryptographically verified as to the client's identity, rather than relying on a username and password to do the same. These certificates are issued by trusted and cryptographically verifiable authorities so they are considerably more difficult to compromise than a simple username and password. Still, according to the team: "As of today, a lot of embedded devices still do not properly implement the full TLS stack". As an example, it pointed out that "a lot of off-brand boards use code that does not actually validate the server's certificate, making them an easy target for server impersonation and man-in-the-middle attacks."
The reason for this is often simply a lack of resources available on the device — some devices only offer 32KB of RAM and many TLS implementations require more memory to function. Moreover, validating server certificates requires storing a potentially large number of trusted root certificates. Storing all of the data for Mozilla-trusted certificate authorities on a device takes up over 170KB in a system that potentially only has 1MB of available total flash memory. A general lack of education regarding the importance of security in this space unfortunately also plays a role. After all, TLS isn't the most straightforward subject to begin with, and having to implement it on a resource-limited platform does not make implementing it correctly any easier of a problem to solve.
Last year Sienci Labs finished its Kickstarter campaign for the open-source LongMill Benchtop CNC Router — its second successful open-source CNC machine Kickstarter campaign. CNC routers allow users to mill things (like parts) from raw materials (like a block of aluminum) based on a 3D-model. The LongMill is a significant improvement over the original sold-out Mill One and makes professional-quality machining based entirely on open-source technology a reality. As an owner of a LongMill, I will walk through the various open-source technologies that make this tool a cornerstone of my home workshop.
Hardware
The Sienci Labs LongMill is an impressive feat of engineering, using a combination of off-the-shelf hardware components alongside a plethora of 3D-printed parts. The machine, once assembled, is designed to be mounted to a board. This board, called a spoilboard, is a board the machine can "accidentally" cut into or otherwise suffer damage — designed to be occasionally replaced. In most circumstances, the spoilboard is the top of a table for the machine, and Sienci provides documentation on several different table builds done by the community. For builders short on space, the machine can be mounted on a wall.
The complete 3D plans for the machine are available for download, including a full bill of materials of all of the parts needed. The project also provides instructions to assemble the machine and how best to 3D print relevant components. The machine is controlled by the LongBoard CNC Controller, and Sienci Labs provides full schematics [23MB ZIP] of that as well. All mentioned materials are licensed under a Creative Commons BY-SA 4.0 license.
In addition to the open-source design of the machine itself, an open-source-minded community has formed around the project. The company's Facebook user group has 1,600 members, and an active community forum is hosted by the company, which discusses everything from tips to machine support. Community members contribute, among other things, various modifications to improve the original design or to add new features such as a laser engraver.
We’ve often written about iWave Systems’ single board computers, development kits, and systems-on-module, but the company has also been offering automotive products such as a Linux based OBD-II Dongle.
Aaeon and Kontron are prepping 3.5-inch SBCs — and Advantech will offer a 2.5-incher — that debut Intel’s 11th Gen, 10nm Tiger Lake CPUs. The 15-28W TDP Tiger Lake offers better graphics than Ice Lake, including support for up to 4x 4K displays.
Intel’s recent announcement of an additional six months delay in delivering 7nm CPUs, pushing back its original roadmap by a year to late 2022 or 2023 has led to further questions about the company’s future dominance. The 7nm defects are severe enough that Intel says it will expand its outsourcing of manufacturing to TSMC. Yet, Intel’s strong quarterly earnings and news that 10nm fabricated, 11th Gen Tiger Lake processors will meet their revised Q4 2020 deadline are helping to salve the wound.
The company provides a Raspbian based Raspberry Pi 3/4 firmware in the Wiki, but it’s obviously possible to use the card with other Linux hardware, and instructions to build an x86 Linux gateway are also provided. That’s for RAK2247, but it will work for RAK2287 as well.
Following the recent Intel Comet Lake Celeron and Pentium CPU benchmarking against other x86_64 Intel/AMD CPUs, here was a bit of fun... Seeing how these budget Intel CPUs compare to a Raspberry Pi 4 in various processor benchmarks, all tested on Debian Linux.
The Celeron part tested was the G5900 as a $42 processor as a dual-core 3.4GHz processor with 2MB cache and UHD Graphics 610.
Sequent Microsystems like to make stackable Raspberry Pi HATs. After their stackable 4-relay board allowing for up to 32 relays controlled by a Raspberry Pi board, the company has now launched MEGA-RTD 8-channel RTD Raspberry Pi HAT enabling up to 64 resistance temperature detectors via 8x MEGA RTD board stacked on top of a Raspberry Pi board.
Looking for an easy way to get familiar with ROS 2? We recently published a few helpers on how to simulate robots with turtlesim to help our readers get a rolling start on ROS2.
[...]
CIS has a long and successful history of creating community-consensus best practice recommendations for security. The first CIS benchmark for ROS is currently under consideration and covers Melodic running on Ubuntu Server 18.04.
