Call for design: Artful Banner for Kubuntu.org website

Kubuntu 17.10 — code-named Artful Aardvark — will be released on October 19th, 2017. We need a new banner for the website, and invite artists and designers to submit designs to us based on the Plasma wallpaper and perhaps the mascot design.

Randa 2017 Report – Marble Maps

Just came back home yesterday from Randa Meetings 2017. This year, even though my major motive for the sprint was to use Qt 5.8’s Qt Speech module instead of custom Java for text-to-speech during navigation, that could not be achieved because of a bug which made the routes not appear in the app in the first place. And this bug is reproducible both by using latest code, and old-enough code, and is even there in the prod app in the Google Play Store itself. So, although most of my time had gone in deep-diving on the issue, unfortunately I was not able to find the root-cause to it eventually. I will need to pick up on that in the coming weeks again when I get time, to get it fixed.

Kube in Randa

I’ve spent the last few days with fellow KDE hackers in beautiful Randa in the Swiss Mountains. It’s an annual event that focuses on a specific topic every year, and this time accessibility was up, so Michael and me made our way up here to improve Kube in that direction (and to enjoy the scenic surroundings of course).

Usability testing for early-stage software prototypes

In this article, Ciarrai Cunneen and I describe how to do a paper-based usability test, using an early redesign of the GNOME Settings app as an example. The updated Settings features in GNOME 3.26, released on September 13. When writing open source software, we often obsess about making our logic elegant and concise, coming up with clever ways to execute tasks and demonstrate ideas. But we sometimes forget a key fact: Software is not useful if it is not easy to use. To make sure our programs can be used by our intended audience, we need usability testing. Usability is basically asking the question, "Can people easily use this thing?" or "Can real people use the software to do real tasks in a reasonable amount of time?" Usability is crucial to the creative process of building anything user-based. If real people can't use our software, then all the hard work of creating it is pointless. [...] In early 2016, GNOME decided to make a major UI update to its Settings application. This visual refresh shifts from an icon-based menu to drop-down lists and adds important changes to several individual Settings panels. The GNOME design team wanted to test these early-stage design changes to see how easily real people could navigate the new GNOME Settings application. Previously, GNOME relied on traditional usability tests, where users explore the software's UI directly. But this wouldn't work, since the software updates hadn't been completed.

LibrePlanet 2018: Let's talk about Freedom. Embedded.

The call for sessions is open now, until November 2nd, 2017. General registration and exhibitor and sponsor registration are also open. Pre-order a LibrePlanet 10th anniversary t-shirt when you register to attend! Do you want to discuss or teach others about a topic relevant to the free software community? You've got until Thursday, November 2nd, 2017 at 10:00 EDT (14:00 UTC) to submit your session proposals. LibrePlanet is an annual conference for free software enthusiasts and everyone who cares about the intersection of technology and social justice. For the past nine years, LibrePlanet has brought together free software developers, policy experts, activists, hackers, students, and people who are at the beginning of their free software journeys. LibrePlanet 2018 will feature programming for all ages and experience levels.

LibrePlanet free software conference celebrates 10th anniversary, CFP and registration open now

The call for proposals is open now, until November 2, 2017. General registration and exhibitor and sponsor registration are also open. LibrePlanet is an annual conference for free software enthusiasts and anyone who cares about the intersection of technology and social justice. For the past nine years, LibrePlanet has brought together free software developers, policy experts, activists, hackers, students, and people who are at the beginning of their free software journeys. LibrePlanet 2018 will feature programming for all ages and experience levels.

dot-zed extractor

FSFE Newsletter - September 2017

To push our demand, the FSFE launched a new campaign last week: "Public Money Public Code". The campaign explains the benefits of releasing publicly funded Software under free licences with a short inspiring video and an open letter to sign. Furthermore, the campaign and the open letter will be used in the coming months until the European Parliament election in 2019 to highlight good and bad examples of publicly funded software development and its potential reuse.

Free Software Foundation Europe Leads Call For Taxpayer-Funded Software To Be Licensed For Free Re-use

Considered objectively, it's hard to think of any good reasons why code that is paid for by the public should not be released publicly as a matter of course. The good news is that this "public money, public code" argument is precisely the approach that open access advocates have used with considerable success in the field of academic publishing, so there's hope it might gain some traction in the world of software too.

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

Attack on CCleaner Highlights the Importance of Securing Downloads and Maintaining User Trust

Some of the most worrying kinds of attacks are ones that exploit users’ trust in the systems and softwares they use every day. Yesterday, Cisco’s Talos security team uncovered just that kind of attack in the computer cleanup software CCleaner. Download servers at Avast, the company that owns CCleaner, had been compromised to distribute malware inside CCleaner 5.33 updates for at least a month. Avast estimates that over 2 million users downloaded the affected update. Even worse, CCleaner’s popularity with journalists and human rights activists means that particularly vulnerable users are almost certainly among that number. Avast has advised CCleaner Windows users to update their software immediately. This is often called a “supply chain” attack, referring to all the steps software takes to get from its developers to its users. As more and more users get better at bread-and-butter personal security like enabling two-factor authentication and detecting phishing, malicious hackers are forced to stop targeting users and move “up” the supply chain to the companies and developers that make software. This means that developers need to get in the practice of “distrusting” their own infrastructure to ensure safer software releases with reproducible builds, allowing third parties to double-check whether released binary and source packages correspond. The goal should be to secure internal development and release infrastructure to that point that no hijacking, even from a malicious actor inside the company, can slip through unnoticed.

Apache bug leaks contents of server memory for all to see—Patch now

There's a bug in the widely used Apache Web Server that causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, a freelance journalist has disclosed. The vulnerability can be triggered by querying a server with what's known as an OPTIONS request. Like the better-known GET and POST requests, OPTIONS is a type of HTTP method that allows users to determine which HTTP requests are supported by the server. Normally, a server will respond with GET, POST, OPTIONS, and any other supported methods. Under certain conditions, however, responses from Apache Web Server include the data stored in computer memory. Patches are available here and here.

The Pirate Bay Takes Heat for Testing Monero Mining

Cryptocurrencies usually are mined with CPU power initially, she told LinuxInsider. Users then find ways to speed up the hashing before going to GPU. They build specialized hardware and field programmable gate array (FPGA) chips to carry out the hashing function in order to mine much faster. [...] The notion that The Pirate Bay effectively would borrow resources from its own users is not the problem, suggested Jessica Groopman, principal analyst at Tractica.

Ubuntu Server Development Summary – 19 Sep 2017

Ubuntu Weekly Newsletter 519

Welcome to the Ubuntu Weekly Newsletter. This is issue #519 for the weeks of September 5 – 18, 2017, and the full version is available here.

Ubuntu Desktop default application survey results

Canonical has released the results of its default applications survey for the 18.04 long-term support release of Ubuntu. The results of the previous survey – for Ubuntu 17.10, dubbed Artful Aardvark – yielded great suggestions, many of which have made their way into the beta version of the operating system. For Ubuntu 18.04, over 15,000 responses were processed by the Ubuntu Desktop team. “The team is now hard at work evaluating many of the suggested applications,” said Canonical.

Linux Mint 18.3 “Sylvia” Information Released

Linux Mint Project Leader Clement Lefebvre, otherwise known as “Clem” released a blog post on Sept. 18, giving some information about the upcoming release of Linux Mint 18.3, dubbed “Sylvia.” In his blog post Lefebvre gave some ideas to some of the pieces of software and changes that will be coming, such as the inclusion of the popular system restoration tool Timeshift. For those of you who haven’t used Timeshift, it’s an application that creates snapshots of your system, and then restores them later, similar to Windows System Restore, or Mac OS’s Time Machine.