Language Selection

English French German Italian Portuguese Spanish

Some things Oracle just doesn’t get

Filed under
OS
OSS

Yesterday at the NLUUG conference I picked up a Solaris 11 Express CD in a nice brownish CD sleeve (I say "nice" because it feels and looks different from the generic white sleeves).

I thought shrink-wrap licenses went out with Disco, or something like that?

A little searching gets me to the license text so I can read it before opening the package to get at the license itself. The one saving grace is that the license condition is "opening this sealed software package and using the software" (emphasis mine) so it’s not classic shrink-wrap.

In classic fashion, though,




More in Tux Machines

Android Leftovers

FOSS Events

  • Speaking at FOSSASIA’17 | Seasons of Debian : Summer of Code & Winter of Outreachy
    I got an amazing chance to speak at FOSSASIA 2017 held at Singapore on “Seasons of Debian – Summer of Code and Winter of Outreachy“. I gave a combined talk with my co-speaker Pranav Jain, who contributed to Debian through GSoC. We talked about two major open source initiatives – Outreachy and Google Summer of Code and the work we did on a common project – Lumicall under Debian.
  • Notes from Linaro Connect
    The first of two 2017 Linaro Connect events was held March 6 to 10 in Budapest, Hungary; your editor had the privilege of attending. Reports from a number of the sessions there have appeared in separate articles. There were a number of discussions at the event that, while not being enough to fill an article on their own, were nevertheless worthy of some attention. Connect is an interesting event, in that it is a combination of an architecture-specific kernel developers' gathering and a members-only meeting session. Not being a member, your editor only participated in the former aspect. Sessions at Connect are usually short — 25 minutes — and focused on a specific topic; they also routinely run over their allotted time. There is an emphasis on discussion, especially in the relatively unstructured "hack sessions" that occupy much of the schedule. Many of the sessions are focused on training: how to upstream code, for example, or kernel debugging stories in Mandarin (video).
  • Your guide to LibrePlanet 2017, wherever you are, March 25-26
    The free software community encompasses the globe, and we strive to make the LibrePlanet conference reflect that. That's why we livestream the proceedings of the conference, and encourage you to participate remotely by both watching and participating in the discussion via IRC chat. If you are planning to attend LibrePlanet in Cambridge, we encourage you to register in advance through Tuesday morning at 10:00 EST (14:00 UTC) -- advance registration helps us plan a better event. Walk ups are also welcome. Students and FSF members receive gratis admission.
  • IBM Interconnect 2017 first day keynote recap
  • Community Leadership Summit 2017: 6th – 7th May in Austin
    Secondly, the bulk of the event is an unconference where the attendees volunteer session ideas and run them. Each session is a discussion where the topic is discussed, debated, and we reach final conclusions. This results in a hugely diverse range of sessions covering topics such as event management, outreach, social media, governance, collaboration, diversity, building contributor programs, and more. These discussions are incredible for exploring and learning new ideas, meeting interesting people, building a network, and developing friendships.

Security Leftovers

  • Google Threatens to Distrust Symantec SSL/TLS Certificates
    Google is warning that it intends to deprecate and remove trust in Symantec-issued SSL/TLS certificates, as Symantec shoots back that the move is unwarranted.
  • Hackers Stole My Website…And I Pulled Off A $30,000 Sting Operation To Get It Back

    I learned that my site was stolen on a Saturday. Three days later I had it back, but only after the involvement of fifty or so employees of six different companies, middle-of-the-night conferences with lawyers, FBI intervention, and what amounted to a sting operation that probably should have starred Sandra Bullock instead of…well…me.

  • Google Summer of Code
    The Linux Foundation umbrella organization is responsible for this year's WireGuard GSoC, so if you're a student, write "Linux Foundation" as your mentoring organization, and then specify in your proposal your desire to work with WireGuard, listing "Jason Donenfeld" as your mentor.
  • Takeaways from Bruce Schneier’s talk: “Security and Privacy in a Hyper-connected World”
    Bruce Schneier is one of my favorite speakers when it comes to the topic of all things security. His talk from IBM Interconnect 2017, “Security and Privacy in a Hyper-connected World“, covered a wide range of security concerns.
  • [Older] Make America Secure Again: Trump Should Order U.S. Spy Agencies to Responsibly Disclose Cyber Vulnerabilities
    Last week, WikiLeaks released a trove of CIA documents that detail many of the spy agency’s hacking capabilities. These documents, if genuine (and early reports suggest that they are), validate concerns that U.S. spy agencies are stockpiling cybersecurity vulnerabilities. The intelligence community uses undisclosed vulnerabilities to develop tools that can penetrate the computer systems and networks of its foreign targets. Unfortunately, since everyone uses the same technology in today’s global economy, each of these vulnerabilities also represents a threat to American businesses and individuals. In the future, rather than hoard this information, the CIA and other intelligence agencies should commit to responsibly disclosing vulnerabilities it discovers to the private sector so that security holes can be patched.
  • Announcing Keyholder: Secure, shared shell access
    The new software is a ssh-agent proxy that allows a group of trusted users to share an SSH identity without exposing the contents of that identity’s private key. [...] A common use of the ssh-agent is to “forward” your agent to a remote machine (using the -A flag in the OpenSSH client). After you’ve forwarded your ssh-agent, you can use the socket that that agent creates to access any of your many (now unencrypted) keys, and login to any other machines for which you may have keys in your ssh-agent. So, too, potentially, can all the other folks that have root access to the machine to which you’ve forwarded your ssh-agent.
  • pitchfork
    After years of training journalists and NGOs communication and operational security, after years of conducting research into the tools and protocols used, it took some more years developing a reasonable answer to most of the issues encountered during all this time. In todays world of commercially available government malware you don't want to store your encryption keys on your easily infected computer. You want them stored on something that you could even take into a sauna or a hot-tub - maintaining continuous physical contact. So people who care about such things use external smartcard-based crypto devices like Ubikey Neos or Nitrokeys (formerly Cryptosticks). The problems with these devices is that you have to enter PIN codes on your computer that you shouldn't trust, that they are either designed for centralized use in organizations, or they are based mostly on PGP.

Slackware Current

  • For your Slackware-current: KDE 5_17.03 with lots of goodies
    Those of you who follow my repository RSS feeds have already noticed, but many people rely on the announcements I make on this blog (plus, I can give a lot more detail here). I uploaded the packages for the March 2017 release of my ‘ktown’ repository: KDE 5_17.03. Actually, there is a lot of interesting stuff going on in this release, because I decided to do some things that were on my TODO for a long while. Read more about that below in the “NEWS” section. What you get in this new release is: KDE Frameworks 5.32.0, Plasma 5.9.3 and Applications 16.12.3. All of this is still built on top of Qt 5.7.1. This Plasma 5 release targets only Slackware-current for the moment, because of the PLASMA5 Live that I release in parallel. But packages for Slackware 14.2 (only 64bit) are already being compiled at the moment, so updates will be visible in my 14.2 repository in a couple of days at most.
  • Last week’s package harvest and more