I got an amazing chance to speak at FOSSASIA 2017 held at Singapore on “Seasons of Debian – Summer of Code and Winter of Outreachy“. I gave a combined talk with my co-speaker Pranav Jain, who contributed to Debian through GSoC. We talked about two major open source initiatives – Outreachy and Google Summer of Code and the work we did on a common project – Lumicall under Debian.
The first of two 2017 Linaro Connect events was held March 6 to 10 in Budapest, Hungary; your editor had the privilege of attending. Reports from a number of the sessions there have appeared in separate articles. There were a number of discussions at the event that, while not being enough to fill an article on their own, were nevertheless worthy of some attention.
Connect is an interesting event, in that it is a combination of an architecture-specific kernel developers' gathering and a members-only meeting session. Not being a member, your editor only participated in the former aspect. Sessions at Connect are usually short — 25 minutes — and focused on a specific topic; they also routinely run over their allotted time. There is an emphasis on discussion, especially in the relatively unstructured "hack sessions" that occupy much of the schedule. Many of the sessions are focused on training: how to upstream code, for example, or kernel debugging stories in Mandarin (video).
The free software community encompasses the globe, and we strive to make the LibrePlanet conference reflect that. That's why we livestream the proceedings of the conference, and encourage you to participate remotely by both watching and participating in the discussion via IRC chat.
If you are planning to attend LibrePlanet in Cambridge, we encourage you to register in advance through Tuesday morning at 10:00 EST (14:00 UTC) -- advance registration helps us plan a better event. Walk ups are also welcome. Students and FSF members receive gratis admission.
Secondly, the bulk of the event is an unconference where the attendees volunteer session ideas and run them. Each session is a discussion where the topic is discussed, debated, and we reach final conclusions. This results in a hugely diverse range of sessions covering topics such as event management, outreach, social media, governance, collaboration, diversity, building contributor programs, and more. These discussions are incredible for exploring and learning new ideas, meeting interesting people, building a network, and developing friendships.
Google is warning that it intends to deprecate and remove trust in Symantec-issued SSL/TLS certificates, as Symantec shoots back that the move is unwarranted.
I learned that my site was stolen on a Saturday. Three days later I had it back, but only after the involvement of fifty or so employees of six different companies, middle-of-the-night conferences with lawyers, FBI intervention, and what amounted to a sting operation that probably should have starred Sandra Bullock instead of…well…me.
The Linux Foundation umbrella organization is responsible for this year's WireGuard GSoC, so if you're a student, write "Linux Foundation" as your mentoring organization, and then specify in your proposal your desire to work with WireGuard, listing "Jason Donenfeld" as your mentor.
Bruce Schneier is one of my favorite speakers when it comes to the topic of all things security. His talk from IBM Interconnect 2017, “Security and Privacy in a Hyper-connected World“, covered a wide range of security concerns.
Last week, WikiLeaks released a trove of CIA documents that detail many of the spy agency’s hacking capabilities. These documents, if genuine (and early reports suggest that they are), validate concerns that U.S. spy agencies are stockpiling cybersecurity vulnerabilities. The intelligence community uses undisclosed vulnerabilities to develop tools that can penetrate the computer systems and networks of its foreign targets. Unfortunately, since everyone uses the same technology in today’s global economy, each of these vulnerabilities also represents a threat to American businesses and individuals. In the future, rather than hoard this information, the CIA and other intelligence agencies should commit to responsibly disclosing vulnerabilities it discovers to the private sector so that security holes can be patched.
The new software is a ssh-agent proxy that allows a group of trusted users to share an SSH identity without exposing the contents of that identity’s private key.
A common use of the ssh-agent is to “forward” your agent to a remote machine (using the -A flag in the OpenSSH client). After you’ve forwarded your ssh-agent, you can use the socket that that agent creates to access any of your many (now unencrypted) keys, and login to any other machines for which you may have keys in your ssh-agent. So, too, potentially, can all the other folks that have root access to the machine to which you’ve forwarded your ssh-agent.
After years of training journalists and NGOs communication and operational security, after years of conducting research into the tools and protocols used, it took some more years developing a reasonable answer to most of the issues encountered during all this time.
In todays world of commercially available government malware you don't want to store your encryption keys on your easily infected computer. You want them stored on something that you could even take into a sauna or a hot-tub - maintaining continuous physical contact.
So people who care about such things use external smartcard-based crypto devices like Ubikey Neos or Nitrokeys (formerly Cryptosticks). The problems with these devices is that you have to enter PIN codes on your computer that you shouldn't trust, that they are either designed for centralized use in organizations, or they are based mostly on PGP.
Those of you who follow my repository RSS feeds have already noticed, but many people rely on the announcements I make on this blog (plus, I can give a lot more detail here).
I uploaded the packages for the March 2017 release of my ‘ktown’ repository: KDE 5_17.03. Actually, there is a lot of interesting stuff going on in this release, because I decided to do some things that were on my TODO for a long while. Read more about that below in the “NEWS” section.
What you get in this new release is: KDE Frameworks 5.32.0, Plasma 5.9.3 and Applications 16.12.3. All of this is still built on top of Qt 5.7.1.
This Plasma 5 release targets only Slackware-current for the moment, because of the PLASMA5 Live that I release in parallel. But packages for Slackware 14.2 (only 64bit) are already being compiled at the moment, so updates will be visible in my 14.2 repository in a couple of days at most.
22 things Amarok does: the good, the bad, the ugly, and the hope
Ask not what you can do for Amarok. Ask what Amarok can do for you!
Many years ago, just the mention of this music player would invoke shivers down my spine. It was stylish, exotic, modern, elegant, powerful. It did everything superbly, and there was always a hidden Joker up its sleeve. The plethora of options and possibilities and feature was endless. And then it all changed.
Amarok slid out of the spotlight and became just another program to play your music collection. Recently, fueled by nostalgia and perhaps vain hope, I’ve invested fresh new energy and time working with it, taming it, fighting it, loving it, hating it, trying to figure out how relevant, sleek and accessibility this player still is. My curiosity peaked with the extensive Plasma testing I did last month in my somewhat ultra-long article The State of Plasma. So I fired KDE neon once again, a brand new image, and started fiddling. Here’s the Spaghetti Western of what to expect. With a big disclaimer. Read on.
Also: Reading old stuff