today's leftovers

• By embracing blockchain, a California bill takes the wrong step forward.

  The California legislature is currently considering a bill directing a public board to pilot the use of blockchain-type tools to communicate Covid-19 test results and other medical records. We believe the bill unduly dictates one particular technical approach, and does so without considering the privacy, security, and equity risks it poses. We urge the California Senate to reconsider. The bill in question is A.B. 2004, which would direct the Medical Board of California to create a pilot program using verifiable digital credentials as electronic patient records to communicate COVID-19 test results and other medical information. The bill seems like a well-intentioned attempt to use modern technology to address an important societal problem, the ongoing pandemic. However, by assuming the suitability of cryptography-based verifiable credential models for this purpose, rather than setting out technology-neutral principles and guidelines for the proposed pilot program, the bill would set a dangerous precedent by effectively legislating particular technology outcomes. Furthermore, the chosen direction risks exacerbating the potential for discrimination and exclusion, a lesson Mozilla has learned in our work on digital identity models being proposed around the world. While we appreciate the safeguards that have been introduced into the legislation in its current form, such as its limitations on law enforcement use, they are insufficient. A new approach, one that maximizes public good while minimizing harms of privacy and exclusion, is needed.

• Karl Dubost: Browser developer tools timeline

  I was reading In a Land Before Dev Tools by Amber, and I thought, Oh here missing in the history the beautifully chiseled Opera Dragonfly and F12 for Internet Explorer. So let's see what are all the things I myself didn't know.

• Daniel Stenberg: Using fixed port numbers for curl tests is now history!

  The curl test suite fires up a whole bunch of test servers for the various supported protocols, and then command lines using curl or libcurl-using dedicated test apps are run against those servers to make sure curl is acting exactly as it is supposed to.

• Mycroft: an open-source voice assistant

  Mycroft is a free and open-source software project aimed at providing voice-assistant technology, licensed under the Apache 2.0 license. It is an interesting alternative to closed-source commercial offerings such as Amazon Alexa, Google Home, or Apple Siri. Use of voice assistants has become common among consumers, but the privacy concerns surrounding them are far-reaching. There have been multiple instances of law enforcement's interest in the data these devices produce for use against their owners. Mycroft claims to offer a privacy-respecting, open-source alternative, giving users a choice on how much of their personal data is shared and with whom. The Mycroft project is backed by the Mycroft AI company. The company was originally funded by a successful one-million-dollar crowdfunding campaign involving over 1,500 supporters. In recent years, it has developed two consumer-focused "smart speaker" devices: the Mark 1 and Mark 2. Both devices were funded through successful Kickstarter campaigns, with the most recent Mark 2 raising $394,572 against a $50,000 goal. In the press, the company has indicated its intention is to focus on the enterprise market for its commercial offerings, while keeping the project free to individual users and developers. On the subject of developers, contributors are expected to sign a contributor license agreement (CLA) to participate in the project. The actual CLA was unavailable at the time of publication, but the project claims it grants the project a license to the contributed code, while retaining ownership of the contribution to the developer.

• GSoC 2020 Second Evaluation Report: Curses Library Automated Testing

  My GSoC project under NetBSD involves the development of test framework of curses library. This blog report is second in series of blog reports; you can have a look at the first report. This report would cover the progress made in second coding phase along with providing some insights into the libcurses.

• Accelerating the value of multicloud environments: A collaborative DevSecOps approach is critical

  Cloud Native development is not so much about where you run your application, but more about how you develop it. It is an interesting moment in time for enterprise developers, as more emphasis shifts to application modernization and cloud native development. The responsibility is shifting to the application for critical success factors for hybrid cloud environments, including security, reliability, and manageability. I have found that these “interesting” challenges are best addressed by collaborative, cross-disciplinary DevSecOps teams that understand the entire software development lifecycle. In this new environment, your role as developers is more demanding, and we all need better tools. You have increased responsibility for understanding and working directly with security engineers on governance and related management policies. You are being tasked with prioritizing service reliability, and the best practice is to address potential problems early in the application lifecycle. You also need to proactively detect and resolve potential issues with production environments before they have a negative business impact.

• Play Minecraft with Fedora Friends at Nest 2020 [Ed: Fedora is boosting Microsoft and "Fedora Minecraft/Spigot server follows the same Code of Conduct as Fedora Nest and the wider Fedora Community. Be kind, be respectful, and have fun!" (unlike Microsoft)]

• Linux Foundation New Course To Help Developers Create Enterprise Blockchain Applications

  The Linux Foundation has announced a new training course, LFD272 – Hyperledger Fabric for Developers. The course, developed in conjunction with Hyperledger, is designed for developers who want to master Hyperledger Fabric chaincode – Fabric’s smart contracts – and application development.

• The Linux Foundation release innovative training course

  The Linux Foundation is a  nonprofit organization enabling mass innovation through open source.

• Google Details Its Open Source Contributions

  Most of Google’s open source work is done within two hosting platforms: GitHub and Google’s own Git service, git-on-borg, which hosts Android and Chromium. According to the report, Google hosts over 8,000 public repositories on GitHub and more than 1,000 public repositories on git-on-borg.

• Open source by the numbers at Google

  At Google, open source is at the core of our infrastructure, processes, and culture. As such, participation in these communities is vital to our productivity. Within OSPO (Open Source Programs Office), our mission is to bring the value of open source to Google and the resources of Google to open source. To ensure our actions match our commitment, in this post we will explore a variety of metrics intended to increase context, transparency, and accountability across all of the communities we engage with.

• libredwg-0.11 released

• Best free tools for small businesses

• 7-Zip 20.01 Alpha

  The unRAR code is under a mixed license: GNU LGPL + unRAR restrictions. Check license information here: 7-Zip license.

• Kiwi TCMS Enterprise v8.5.2-mt

  We're happy to announce Kiwi TCMS Enterprise version 8.5.2-mt and extended support hours for subscribers in America.

• Jonathan Dowland: Vimwiki

  At the start of the year I begun keeping a daily diary for work as a simple text file. I've used various other approaches for this over the years, including many paper diaries and more complex digital systems. One great advantage of the one-page text file was it made assembling my weekly status report email very quick, nearly just a series of copies and pastes. But of course there are drawbacks and room for improvement. vimwiki is a personal wiki plugin for the vim and neovim editors. I've tried to look at it before, years ago, but I found it too invasive, changing key bindings and display settings for any use of vim, and I use vim a lot. I decided to give it another look. The trigger was actually something completely unrelated: Steve Losh's blog post "Coming Home to vim". I've been using vim for around 17 years but I still learned some new things from that blog post. In particular, I've never bothered to Use The Leader for user-specific shortcuts.

• Gmail Desktop

  There is a new application available for Sparkers: Gmail Desktop

• Wine 5.0.2 Released With Fixes For Various Games, Windows Applications

  For those using Wine in a production environment for running Windows software on Linux, Wine 5.0.2 is out as the latest stable update. While Wine continues chugging along with a lot of great feature work with the Wine 5.x bi-weekly snapshots leading up to the Wine 6.0 release early next year, Wine 5.0.2 is the latest stable point release with a variety of bug-fixes back-ported to this code-base that was minted at the start of this year. There are no new features but exclusively bug fixes.

Open Hardware, Raspberry Pi and More

• When Will Open Source Hardware Become a Thing?

  my honest opinion, Free and Open Source Software (FOSS) is probably the best of all innovation to come out of the tech industry in the past four or five decades. As far as I can tell, the Open Source Initiative is predated by Richard Stallman’s famous Free Software Foundation (FSF) (1985), which itself is predated by his own GNU project (1983) which seems as if it pretty much kick-started what we would call Free and Open Source today. Whilst it is true that software programs were often shared amongst academics before GNU, the software industry was a fraction of what it is today and so I believe that it was indeed GNU that kicked it all off. [...] Open Source firmware and drivers have been harder to come by in general than software. However, there have been major efforts made by Open Source and Free Software community members to create projects such as Libreboot which aims to replace proprietary boot firmware. Firmware is often a more contentious issue than software since most hardware we buy comes with firmware baked in. Reverse engineering a device’s firmware is not necessarily a particularly easy task, at least not when compared to just rebuilding an existing software project (eg. LibreOffice and Microsoft Office). To make matters worse, It can be much easier for companies to embed potentially malicious code since it is harder to analyse. I think that Open Source firmware will slowly become a bigger thing. However, its growth will probably be driven by the rise of Open Source hardware. [...] We’ve also seen the introduction of devices for the everyday user (not just hobbyists and tinkerers) including mobile phones and laptops. The company Purism has recently released both Laptops and a model of mobile phone which seem promising. Unfortunately, their laptops do rely on Intel CPUs, even if they claim to have disabled the management engine. It does seem like it will certainly take a while for these devices to meet mainstream though. Still, promising…

• SAMD21 Lite is a Stamp-sized, MikroBus Compatible Cortex-M0+ MCU Board

  If you’re a fan of tiny microcontroller boards, you’ll be pleased with BOKRA SAMD21 Lite board powered by Microchip SAMD21 Arm Cortex-M0+ MCU, exposing I/Os in a way compatible with MikroBus socket, and adding a Grove connector for good measure.

• TLS gets a boost from Arduino for IoT devices

  Arduino devices are a favorite among do-it-yourself (DIY) enthusiasts to create, among other things, Internet of Things (IoT) devices. We have previously covered the Espressif ESP8266 family of devices that can be programmed using the Arduino SDK, but the Arduino project itself also provides WiFi-enabled devices such as the Arduino MKR WiFi 1010 board. Recently, the Arduino Security Team raised the problem of security shortcomings of IoT devices in a post, and how the Arduino project is working to make improvements. We will take the opportunity to share some interesting things from that, and also look at the overall state of TLS support in the Arduino and Espressif SDK projects. When it comes to making a secure IoT device, an important consideration is the TLS implementation. At minimum, TLS can prevent eavesdropping on the communications, but, properly implemented, can also address a number of other security concerns as well (such as man-in-the-middle attacks). Moreover, certificate-based authentication for IoT endpoints is a considerably better approach than usernames and passwords. In certificate-based authentication, a client presents a certificate that can be cryptographically verified as to the client's identity, rather than relying on a username and password to do the same. These certificates are issued by trusted and cryptographically verifiable authorities so they are considerably more difficult to compromise than a simple username and password. Still, according to the team: "As of today, a lot of embedded devices still do not properly implement the full TLS stack". As an example, it pointed out that "a lot of off-brand boards use code that does not actually validate the server's certificate, making them an easy target for server impersonation and man-in-the-middle attacks." The reason for this is often simply a lack of resources available on the device — some devices only offer 32KB of RAM and many TLS implementations require more memory to function. Moreover, validating server certificates requires storing a potentially large number of trusted root certificates. Storing all of the data for Mozilla-trusted certificate authorities on a device takes up over 170KB in a system that potentially only has 1MB of available total flash memory. A general lack of education regarding the importance of security in this space unfortunately also plays a role. After all, TLS isn't the most straightforward subject to begin with, and having to implement it on a resource-limited platform does not make implementing it correctly any easier of a problem to solve.

• Open-source CNCing

  Last year Sienci Labs finished its Kickstarter campaign for the open-source LongMill Benchtop CNC Router — its second successful open-source CNC machine Kickstarter campaign. CNC routers allow users to mill things (like parts) from raw materials (like a block of aluminum) based on a 3D-model. The LongMill is a significant improvement over the original sold-out Mill One and makes professional-quality machining based entirely on open-source technology a reality. As an owner of a LongMill, I will walk through the various open-source technologies that make this tool a cornerstone of my home workshop. Hardware The Sienci Labs LongMill is an impressive feat of engineering, using a combination of off-the-shelf hardware components alongside a plethora of 3D-printed parts. The machine, once assembled, is designed to be mounted to a board. This board, called a spoilboard, is a board the machine can "accidentally" cut into or otherwise suffer damage — designed to be occasionally replaced. In most circumstances, the spoilboard is the top of a table for the machine, and Sienci provides documentation on several different table builds done by the community. For builders short on space, the machine can be mounted on a wall. The complete 3D plans for the machine are available for download, including a full bill of materials of all of the parts needed. The project also provides instructions to assemble the machine and how best to 3D print relevant components. The machine is controlled by the LongBoard CNC Controller, and Sienci Labs provides full schematics [23MB ZIP] of that as well. All mentioned materials are licensed under a Creative Commons BY-SA 4.0 license. In addition to the open-source design of the machine itself, an open-source-minded community has formed around the project. The company's Facebook user group has 1,600 members, and an active community forum is hosted by the company, which discusses everything from tips to machine support. Community members contribute, among other things, various modifications to improve the original design or to add new features such as a laser engraver.

• iWave Telematics Control Unit Supports GPS, 4G LTE, WiFi, and Bluetooth

  We’ve often written about iWave Systems’ single board computers, development kits, and systems-on-module, but the company has also been offering automotive products such as a Linux based OBD-II Dongle.

• First Tiger Lake SBCs emerge

  Aaeon and Kontron are prepping 3.5-inch SBCs — and Advantech will offer a 2.5-incher — that debut Intel’s 11th Gen, 10nm Tiger Lake CPUs. The 15-28W TDP Tiger Lake offers better graphics than Ice Lake, including support for up to 4x 4K displays. Intel’s recent announcement of an additional six months delay in delivering 7nm CPUs, pushing back its original roadmap by a year to late 2022 or 2023 has led to further questions about the company’s future dominance. The 7nm defects are severe enough that Intel says it will expand its outsourcing of manufacturing to TSMC. Yet, Intel’s strong quarterly earnings and news that 10nm fabricated, 11th Gen Tiger Lake processors will meet their revised Q4 2020 deadline are helping to salve the wound.

• RAK2287 Mini PCIe LoRaWAN Concentrator Module Supports up to 500 Nodes per km2

  The company provides a Raspbian based Raspberry Pi 3/4 firmware in the Wiki, but it’s obviously possible to use the card with other Linux hardware, and instructions to build an x86 Linux gateway are also provided. That’s for RAK2247, but it will work for RAK2287 as well.

• How A Raspberry Pi 4 Performs Against Intel's Latest Celeron, Pentium CPUs

  Following the recent Intel Comet Lake Celeron and Pentium CPU benchmarking against other x86_64 Intel/AMD CPUs, here was a bit of fun... Seeing how these budget Intel CPUs compare to a Raspberry Pi 4 in various processor benchmarks, all tested on Debian Linux. The Celeron part tested was the G5900 as a $42 processor as a dual-core 3.4GHz processor with 2MB cache and UHD Graphics 610.

• MEGA-RTD Raspberry Pi HAT Offers up to 64 Resistance Temperature Detectors (Crowdfunding)

  Sequent Microsystems like to make stackable Raspberry Pi HATs. After their stackable 4-relay board allowing for up to 32 relays controlled by a Raspberry Pi board, the company has now launched MEGA-RTD 8-channel RTD Raspberry Pi HAT enabling up to 64 resistance temperature detectors via 8x MEGA RTD board stacked on top of a Raspberry Pi board.

• The State of Robotics – July 2020

  Looking for an easy way to get familiar with ROS 2? We recently published a few helpers on how to simulate robots with turtlesim to help our readers get a rolling start on ROS2. [...] CIS has a long and successful history of creating community-consensus best practice recommendations for security. The first CIS benchmark for ROS is currently under consideration and covers Melodic running on Ubuntu Server 18.04.

Programming Leftovers

• Intel Compute Runtime Preparing For The Upcoming oneAPI Level Zero 1.0

  At the end of last year Intel published the oneAPI Level Zero specification as a low-level API for direct-to-metal interfaces for offload accelerators like FPGAs and GPUs. In the months since they have continued advancing the Level Zero interface and implementation within the Intel software stack (along with the other oneAPI components at large) while it's looking like Level Zero v1.0 is around the corner.

• nanotime 0.3.0: Yuge New Features!

  A fresh major release of the nanotime package for working with nanosecond timestamps is hitting CRAN mirrors right now. nanotime relies on the RcppCCTZ package for (efficient) high(er) resolution time parsing and formatting up to nanosecond resolution, and the bit64 package for the actual integer64 arithmetic. Initially implemented using the S3 system, it has benefitted greatly from work by Leonardo Silvestri who rejigged internals in S4—and now added new types for periods, intervals and durations. This is what is commonly called a big fucking deal!! So a really REALLY big thank you to my coauthor Leonardo for all these contributions. With all these Yuge changes patiently chisseled in by Leonardo, it took some time since the last release and a few more things piled up. Matt Dowle corrected something we borked for integration with the lovely and irreplacable data.table. We also switched to the awesome yet minimal tinytest package by Mark van der Loo, and last but not least we added the beginnings of a proper vignette—currently at nine pages but far from complete.

• Lockless algorithms for mere mortals

  Time, as some have said, is nature's way of keeping everything from happening at once. In today's highly concurrent computers, though, time turns out not to be enough to keep events in order; that task falls to an extensive set of locking primitives and, below those, the formalized view of memory known as the Linux kernel memory model. It takes a special kind of mind to really understand the memory model, though; kernel developers lacking that particular superpower are likely to make mistakes when working in areas where the memory model comes into play. Working at that level is increasingly necessary for performance purposes, though; a recent conversation points out ways in which the kernel could make that kind of work easier for ordinary kernel developers. Concurrency comes into play when multiple threads of execution are accessing the same data at the same time. Even in a simple world, keeping everything coherent in a situation like this can be a challenging task. The kernel prevents the wrong things from happening at the same time with the use of spinlocks, mutexes, and other locking primitives that can control concurrency. Locks at this level can be thought of as being similar to traffic lights in cities: they prevent accidents as long as they are properly observed, but at the cost of stopping a lot of traffic. Time spent waiting for locks hurts; even the time bouncing lock data between memory caches can wreck scalability, so developers often look for ways to avoid locking.

• A look at Dart

  Dart is a BSD-licensed programming language from Google with a mature open-source community supporting the project. It works with multiple architectures, is capable of producing native machine-code binaries, and can also produce JavaScript versions of its applications. Dart version 1.0 was released in 2013, with the most recent version, 2.8, released on June 3 (2.9 is currently in public beta). Among the open-source projects using Dart is the cross-device user-interface (UI) toolkit Flutter. We recently covered the Canonical investment in Flutter to help drive more applications to the Linux desktop, and Dart is central to that story. Dart's syntax is a mix of concepts from multiple well-established languages including JavaScript, PHP, and C++. Further, Dart is a strongly-typed, object-oriented language, with primitive types that are implemented as classes. While Dart does have quirks, it is likely that a programmer familiar with the aforementioned languages will find getting started with Dart to be relatively easy. Included in the language are useful constructs like Lists (arrays), Sets (unordered collections), and Maps (key/value pairs). Beyond the language constructs, the Dart core libraries provide additional support for features like asynchronous programming, HTML manipulation, and converters to work with UTF-8 and JSON.

• Reactive Quarkus: A Java Mutiny

  DevNation Tech Talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions plus code and sample projects to help you get started. In this talk, you’ll learn about reactive Quarkus and Mutiny from Clement Escoffier and Edson Yanaga. First things first: How much confusion has been caused by the word reactive? Are we talking about reactive systems? Reactive programming? Reactive streams? Also, how many headaches have been caused by non-seasoned reactive developers trying to read reactive code? Let’s make some sense out of this issue. In this talk, we introduce Mutiny, a new reactive programming library. After several years of observing developers using reactive APIs, we designed this library to be more event-driven, navigable, and to avoid the common pitfalls of reactive programming. This talk explores the reason behind Mutiny and how it simplifies the development of reactive applications. We also explain how Mutiny is integrated into Quarkus to build supersonic, subatomic, and reactive applications.

• Integrating H2 with Python and Flask

  H2 is a lightweight database server written in Java. It can be embedded in Java applications, or run as a standalone server. In this tutorial, we'll review why H2 can be a good option for your projects. We'll also learn how to integrate H2 with Python by building a simple Flask API.