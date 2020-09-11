Security Leftovers Ransomware to blame for nearly half the cyber-insurance claims filed in early 2020 Ransomware attacks were the cause of 41% of the cyber-insurance claims filed over the first six months of 2020, according to a report published by Coalition, a cyber-insurance vendor that compiled the data based on findings from 25,000 small and medium-sized companies in the U.S. and Canada. Coalition reported a 47% increase in the number of ransomware attacks, with the average size of the demand jumping by 46% over the time period in question.

Reproducible wheels at SecureDrop SecureDrop workstation project's packages are reproducible. We use prebuilt wheels (by us) along with GPG signatures to verify and install them using pip during the Debian package building step. But, the way we built those wheels (standard pip command), they were not reproducible. To fix this problem, Jennifer Helsby (aka redshfitzero) built a tool and the results are available at https://reproduciblewheels.com/. Every night her tool is building the top 100 + our dependency packages on Debian Buster and verifies the reproducibly of them. She has a detailed write up on the steps.

New vulnerability fixes in Python 2.7 (and PyPy) As you probably know (and aren’t necessarily happy about it), Gentoo is actively working on eliminating Python 2.7 support from packages until end of 2020. Nevertheless, we are going to keep the Python 2.7 interpreter much longer because of some build-time dependencies. While we do that, we consider it important to keep Python 2.7 as secure as possible. The last Python 2.7 release was in April 2020. Since then, at least Gentoo and Fedora have backported CVE-2019-20907 (infinite loop in tarfile) fix to it, mostly because the patch from Python 3 applied cleanly to Python 2.7. I’ve indicated that Python 2.7 may contain more vulnerabilities, and two days ago I’ve finally gotten to audit it properly as part of bumping PyPy.

KDE: Linux App Summit, Oxygen Reboot, and Develop.kde.org 3 days to sends your talks to Linux App Summit 2020! Head to https://linuxappsummit.org/cfp/ and talk about all those nice [Linux] Apps you're working on!

O² or Oxygen all over again, aka Oxygen Reboot, maybe O squared? Ok starting to get a bit more serious because, well I have to, this new thing is something that I had as a plan since the end of Oxygen.. Something on the realm of... "How would I do it now that I know what I did not knew wen this started....." But even before that I had to come to terms with the present at the time design ethos. AKA the flatness. I have to be honest was not my thing, still is not my thing, I get it, but I got pretty good at disguising my design limitations under layers of more design, decoration, skeomorphism, gradients etc.. I had to, take my time to discover what I was a designer, and also I was burned out on KDE again look at the hours mentioned... And real life and work was work enough. And so a few years passed... In what today seams eons ago in Qt world Summit I got to have diner with Good Friend Eike Hein, that challenged me to get back (aka if anything goes terribly wrong you know the reasons name). And that was it i was decided.... some day I would be back.... Cue in 2020. A year that will be...yeah.. Specially by me, with 2 of the most important people in my life gone (not Covid related). Finally Akademy 2020, I got to do a Design/Workshop thingy, had to prepare for it think about it. witch meant thinking of just how much fun I had doing KDE stuf. and it was great. meeting the people way greater... and that was it, I was hooked again...

Develop.kde.org The long term goal of this new website is to increase the first and third parties use of the KDE Frameworks and development tools. To achieve this goal, this website will provide high quality and complete documentation about the usage of the KDE Frameworks and other libraries (a quite ambitious goal I know), but also provide marketting content for the libraries to offer them a bigger visibility in the internet. The more short term and more realistic goal is to import the existing tutorials available from various places (techbase, the framework book, the plasma mobile docs and other more hidden places. And more importantly while importing the content, also update and improve it and allow other in the community to review the content for correctness. Another big task is to better organize the content in logical sections.