Language Selection

English French German Italian Portuguese Spanish

Web

From student message board to open-source CMS: a Q&A with the creator of Drupal

Filed under
Software
Interviews
Drupal
Web

Drupal has completely changed the way large organisations think about and build their digital estate.

The open source content management system (CMS), which was founded in the year 2000, is now used by some of the world’s biggest brands like Warner Music, Virgin Sport, Princess Cruises and Wilson because of its ability to handle huge spikes of web traffic and because of how it enables marketers to manage their brand digitally on a global level.

TechRadar Pro recently had the opportunity to interview the creator of Drupal, Dries Buytaert who told us how he came to create the CMS and gave us insight into what's in store for future versions...

Read more

Also: Acquia Lightning Revamped, Enonic 7.0 Released, More Open Source News [Ed: Drupal founder now selling better performance]

Exim and GNU Screen Patched

Filed under
GNU
Security
Web
  • New RCE vulnerability impacts nearly half of the internet's email servers

    A critical remote command execution (RCE) security flaw impacts over half of the Internet's email servers, security researchers from Qualys have revealed today.

    The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients.

    According to a June 2019 survey of all mail servers visible on the Internet, 57% (507,389) of all email servers run Exim -- although different reports would put the number of Exim installations at ten times that number, at 5.4 million.

  • CVE-2019-10149 Exim 4.87 to 4.91

    We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.

    A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87.

    The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better.

    Exim 4.92 is not vulnerable.

  • GNU Screen MScrollV Function Denial of Service Vulnerability [CVE-2015-6806]

    A vulnerability in the MScrollV function of GNU Screen could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

    The vulnerability exists because the MScrollV function, as defined in the ansi.c source code file of the affected software, does not properly limit recursion. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could trigger a stack overflow condition, resulting in a DoS condition.Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. GNU has confirmed the vulnerability and released software updates.

Google: Chrome OS, Chrome and Antitrust

Filed under
GNU
Linux
Google
Web
  • It’s Not Just You – Linux Apps Are Completely Broken With The Latest Dev Channel Update

    For those of us that hang around in the Beta, Dev and Canary Channels of Chrome OS on a regular basis, we’re pretty accustomed to bugs and issues. It is part of the territory when you live on the bleeding edge of technology, and as you climb the ladder of Chrome releases, the OS becomes more and more unstable.

    Today’s bug report is a pretty big one, however, and we wanted to make sure that everyone that lives in the Dev Channel on a regular basis is aware that this particular issue in the latest update that rolled out yesterday looks to be affecting everyone.

    So, what is happening, exactly? From what we can tell so far, the Linux container will install just fine, but as soon as anything is run or installed, the container will not ever come back online. No restarts will help, unfortunately, and the only way to get Linux containers to respond again is to fully remove them and re-install.

  • Google to restrict modern ad blocking Chrome extensions to enterprise users

    Back in January, Google announced a proposed change to Chrome’s extensions system, called Manifest V3, that would stop current ad blockers from working efficiently. In a response to the overwhelming negative feedback, Google is standing firm on Chrome’s ad blocking changes, sharing that current ad blocking capabilities will be restricted to enterprise users.

  • Google's API changes mean only paid enterprise users of Chrome will be able to access full adblock

    Google has warned investors that "New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business," and ad blocker developers like Raymond Hill of Ublock Origin have speculated that "Google’s primary business is incompatible with unimpeded content blocking. Now that Google Chrome product has achieve high market share, the content blocking concerns as stated in its 10K filing are being tackled."

  • Google is facing an imminent antitrust investigation from the US Justice Department

    Citing anonymous sources, the WSJ says the Federal Trade Commission, which works alongside the DOJ to bring federal antitrust cases, will defer to the Justice Department in this case. Prior to this, the FTC brought a case against the company in 2011 related to the placement of tracking cookies in Apple’s Safari browser. That case was resolved a year later with a $22.5 million civil penalty judgement, at the time the largest such judgement the FTC had ever earned in court. According to the WSJ, the FTC then investigated Google in 2013 for broad antitrust violations, but closed the case without taking any action against the search giant. Now, the DOJ is leading the charge on a new, potentially unprecedented antitrust evaluation of the company.

New Release: Tor Browser 8.5

Filed under
Moz/FF
Security
Web

Tor Browser 8.5 is the first stable release for Android. Since we released the first alpha version in September, we've been hard at work making sure we can provide the protections users are already enjoying on desktop to the Android platform. Mobile browsing is increasing around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so we made it a priority to reach these users.

Read more

GNUnet News: 2019-05-12: GNUnet 0.11.4 released

Filed under
GNU
Web

This is a bugfix release for 0.11.3, mostly fixing minor bugs, improving documentation and fixing various build issues. In terms of usability, users should be aware that there are still a large number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny (about 200 peers) and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.11.4 release is still only suitable for early adopters with some reasonable pain tolerance.

Read more

Chrome 75 Beta and More Chrome News

Filed under
Google
Web
  • Chrome 75 Beta: low latency canvas contexts, sharing files, and numeric separators

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Find more information about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 75 is beta as of May 2, 2019.

  • Beta Channel Update for Desktop

    The Chrome team is excited to announce the promotion of Chrome 75 to the beta channel for Windows, Mac and Linux. Chrome 75.0.3770.18 contains our usual under-the-hood performance and stability tweaks, but there are also some cool new features to explore - please head to the Chromium blog to learn more!

  • Chrome 75 Beta Released With Low-Latency Canvas Contexts, RTC Improvements

    Following the recent Chrome 74 web browser update, Google has now promoted Chrome 75 to its beta channel.

    Chrome 75 introduces an Animation constructor for more control over creating animations with the Web Animations API, low-latency canvas contexts, various RTC improvements, FIDO CTAP2 PIN support was added to the Web Authentication API, Web Share API Level 2 support, and various other developer editions.

  • 5 Best Free VPN Chrome Extension For Privacy In 2019

    Whenever you are online on Google Chrome, it collects information on your browsing patterns and habits — right from your location, to operating system, to hardware. Therefore, securing your browsing sessions through Virtual Private Networks (VPN) is a good idea. VPNs are useful services which help you overcome geo-location restrictions and avoid getting tracked on the internet.

    While there are many Chrome VPN extensions available in the Chrome store, picking out the best ones can still be a confusing task. This is why I have put together a list of the best VPN Chrome extensions that you can use to encrypt your browser traffic and browse anonymously.

How to use a FreedomBox running open source software to regain control of your online privacy

Filed under
Server
OSS
Security
Web

As numerous posts on this blog have noted, some of the biggest threats to privacy come from Internet giants like Facebook and Google. The centralized nature of their services allows them to aggregate personal data on a huge scale, and to extract information that we never agreed to provide. Although it is only recently that the mainstream media has caught up with this development, some people were warning about this problem a decade ago.

One such is Eben Moglen. He was General Counsel of the Free Software Foundation for 13 years, and helped draft the most recent version of the GNU GPL, the core license of the open source world. As well as being Professor of Law at Columbia Law School, he is the Founding Director of the Software Freedom Law Center. Back in 2009, I interviewed him for the now-defunct site The H Open.

Read more

Browsers: Chromium 74 on Slackware, TenFourFox on OS/2, Debugging Firefox Trunk and Brave Forked

Filed under
Google
Moz/FF
Web
  • Chromium 74 available in my repository. Also for 32bit Slackware.

    The Chromium 74 sources were released a few days ago by Google, and it comes with a long list of fixes for security issues.
    I spent almost two months to investigate why the 32bit package could no longer be built (which is one of the reasons why there were so few updates in march and april – I only have a few hours every day that I can spend on Slackware these days) and had finally managed to compile a 32bit package for Chromium 73 in a 32bit chroot environment on a 64bit Slackware OS, and that package was online for one day…. and now I tried compiling the new release on a regular 32bit Slackware OS and that worked! No idea whether this is because of my modifications of the SlackBuild.

  • Cameron Kaiser: Another interesting TenFourFox downstream

    Because we're one of the few older forks of Firefox to still backport security updates, TenFourFox code turns up in surprising places sometimes. I've known about roytam's various Pale Moon and Mozilla builds; the patches are used in both the rebuilds of Pale Moon 27 and 28 and his own fork of 45ESR. Arctic Fox, which is a Pale Moon 27 (descended from Firefox 38, with patches) rebuild for Snow Leopard and PowerPC Linux, also uses TenFourFox security patches as well as some of our OS X platform code.
    Recently I was also informed of a new place TenFourFox code has turned up: OS/2. There's no Rust for OS/2, so they're in the same boat that PowerPC OS X is, and it doesn't look like 52ESR was ever successfully ported to OS/2 either; indeed, the last "official" Firefox I can find from Bitwise is 45.9. Dave Yeo took that version (as well as Thunderbird 45.9 and SeaMonkey 2.42.9) and backported our accumulated security patches along with other fixes to yield updated "SUa1" Firefox, Thunderbird and SeaMonkey builds for OS/2. If you're curious, here are the prerequisites.

  • Update To rr Master To Debug Firefox Trunk

    The issue is that LMDB opens a file, maps it into memory MAP_SHARED, and then opens the file again and writes to it through the new file descriptor, and requires that the written data be immediately reflected in the shared memory mapping. (This behavior is not guaranteed by POSIX but is guaranteed by Linux.) rr needs to observe these writes and record the necessary memory changes, otherwise they won't happen during replay (because writes to files don't happen during replay) and replay will fail. rr already handled the case when the application write to the file descriptor (technically, the file description) that was used to map the file — Chromium has needed this for a while. The LMDB case is harder to handle. To fix LMDB, whenever the application opens a file for writing, we have to check to see if any shared mapping of that file exists and if so, mark that file description so writes to it have their shared-memory effects recorded. Unfortunately this adds overhead to writable file opens, but hopefully it doesn't matter much since in many workloads most file opens are read-only. (If it turns out to be a problem there are ways we can optimize further.) While fixing this, we also added support for the case where the application opens a file (possibly multiple times with different file descriptions) and then creates a shared mapping of one of them. To handle that, when creating a shared mapping we have to scan all open files to see if any of them refer to the mapped file, and if so, mark them so the effects of their writes are recorded.

  • Gab is forking Brave, and Brave is forking furious

    Gab, the free-speech absolutist social media network, continues to look for creative ways to resist being silenced.

    Having earned a reputation as a platform that is tolerant of even the most hateful (yet still technically legal) expressions of speech, Gab has been booted off virtually every Silicon Valley service imaginable—from payment processors to web host providers.

    Now, fresh off having its browser plug-in Dissenter, the “comment section of the Internet,” ejected from the Google and Mozilla extension libraries, Gab is taking the oft-used “if you don’t like it, go create your own” criticism to heart. The company has built its own web browser—a forked version of the open-source Brave browser—and will be releasing it within the next few weeks, Gab CEO Andrew Torba tells Decrypt .

Google/Chrome: Filament and More, Notably Google Chrome 74 Release

Filed under
Google
Web
  • Google's Filament Real-Time PBR Engine Updated With New Features

    Filament is Google's real-time physically based rendering engine that supports Android along with Linux and all other major platforms, including a target for WebAssembly+WebGL. Filament 1.2.0 was released on Tuesday as the latest step forward for this PBR rendering engine.

    Filament 1.2.0 features various tooling and engine improvements, improves render target management, squeezes better performance out of the job system, support for compressed textures from its JavaScript API, more JavaScript bindings were also added, the Vulkan rendering support now can handle RGB textures, and there are a variety of other rendering advancements.

  • Google Chrome 74 Released for Windows, macOS, and Linux; Dark Mode Arrives on Windows

    Google has released Chrome 74 for Windows, Mac, Linux, Chrome OS, and Android (beta). The latest release brings a number of new features apart from quite a few bug fixes. Probably the biggest highlight of Chrome 74 is support for dark mode on Windows. After arriving on the Mac last month, support for dark mode in Chrome is finally available on Windows. Google Chrome currently has over 1 billion users worldwide.

  • Data Saver is now Lite mode

    Since we introduced Data Saver in Chrome, we’ve reduced users’ data usage by up to 60 percent. But now, the feature is expanding to provide more benefits in addition to data savings. Pages will now load faster, in some cases considerably faster, and use less memory. This is why starting today, we will be renaming Data Saver to Lite mode.
    Lite mode will continue to reduce data use by using Google servers to compress the pages you visit before downloading them. Using the NetworkInformation API, Lite mode tells web servers that you are interested in receiving a version of the site that uses less data if one is available.
    Lite mode also helps improve page loads. If Chrome predicts that a page will take longer than 5 seconds for the first text or image to show on screen, it will load a Lite version of the page instead. Lite pages are highly optimized to load considerably faster. A whitepaper will be published in the coming months that will explain this in more detail.

  • Google Chrome 74 Released: Dark Mode For Windows, Lite Mode For Android

    Google released the Chrome version 74 today for Windows, Mac, Linux, Android, and Chrome OS users. The new version comes with new features and bug fixes with the main highlight being support for a Dark Mode in Windows.

    Other noteworthy changes include the replacement of Data Saver feature with Lite Mode for Chrome on Android devices. There are a few security improvements too, so read on to find out the details.

WWW and Development

Filed under
Development
Moz/FF
OSS
Web
  • Acquisition roundabout sees Zend Framework spun off to Linux Foundation

    The Zend Framework is to get a new name and a new home, under the auspices of the Linux Foundation, just a few months after its parent co was itself swallowed whole.

    Zend – as was – is an open source, object-oriented web application framework implemented in PHP 7. It was synonymous with Zend Technologies, which was taken over by Rogue Wave Software in 2015. Rogue Wave Software was itself acquired by private equity outfit Clear Lake Capital earlier this year.

    According to the website for the new organisation, “To take it to the next step of adoption and innovation, we are happy to announce that we are transitioning Zend Framework and all its subprojects to an open source project hosted at the Linux Foundation.”

  • Five RESTful web service client examples for developers

    How do you access a RESTful web service? That depends on what you're trying to accomplish.

    If you just want to test connectivity, a terminal-based utility like curl is a great RESTful web service client. If you want to inspect the JSON a service returns to you, a browser-based plugin will probably be a better fit. And if you are in the midst of application development, you'll likely need to use JAX-RS, Spring or a similar framework.

  • 5 Best Reasons to Opt for PHP Web Development

    Many companies now are choosing PHP web development to realize their IT needs. According to research, almost 83 percent of web services are using PHP, and it is the preferred choice of industry stalwarts such as BlaBlaCar, Slack, and Spotify. PHP is open source and comes with a great community, and it is continuously upgrading. There is no doubt about the same.

  • It’s Complicated: Mozilla’s 2019 Internet Health Report

    The Report paints a mixed picture of what life online looks like today. We’re more connected than ever, with humanity passing the ‘50% of us are now online’ mark earlier this year. And, while almost all of us enjoy the upsides of being connected, we also worry about how the internet and social media are impacting our children, our jobs and our democracies.

    When we published last year’s Report, the world was watching the Facebook-Cambridge Analytica scandal unfold — and these worries were starting to grow. Millions of people were realizing that widespread, laissez-faire sharing of our personal data, the massive growth and centralization of the tech industry, and the misuse of online ads and social media was adding up to a big mess.

    Over the past year, more and more people started asking: what are we going to do about this mess? How do we push the digital world in a better direction?

    As people asked these questions, our ability to see the underlying problems with the system — and to imagine solutions — has evolved tremendously. Recently, we’ve seen governments across Europe step up efforts to monitor and thwart disinformation ahead of the upcoming EU elections. We’ve seen the big tech companies try everything from making ads more transparent to improving content recommendation algorithms to setting up ethics boards (albeit with limited effect and with critics saying ‘you need to do much more!’). And, we’ve seen CEOs and policymakers and activists wrestling with each other over where to go next. We have not ‘fixed’ the problems, but it does feel like we’ve entered a new, sustained era of debate about what a healthy digital society should look like.

Syndicate content

More in Tux Machines

Desktop GNU/Linux: Rick and Morty, Georges Basile Stavracas Neto on GNOME and Linux Format on Eoan Ermine

  • We know where Rick (from Rick and Morty) stands on Intel vs AMD debate

    For one, it appears Rick is running a version of Debian with a very old Linux kernel (3.2.0) — one dating back to 2012. He badly needs to install some frickin’ updates. “Also his partitions are real weird. It’s all Microsoft based partitions,” a Redditor says. “A Linux user would never do [this] unless they were insane since NTFS/Exfat drivers on Linux are not great.”

  • Georges Basile Stavracas Neto: Every shell has a story

    … a wise someone once muttered while walking on a beach, as they picked up a shell lying on the sand. Indeed, every shell began somewhere, crossed a unique path with different goals and driven by different motivations. Some shells were created to optimize for mobility; some, for lightness; some, for speed; some were created to just fit whoever is using it and do their jobs efficiently. It’s statistically close to impossible to not find a suitable shell, one could argue. So, is this a blog about muttered shell wisdom? In some way, it actually is. It is, indeed, about Shell, and about Mutter. And even though “wisdom” is perhaps a bit of an overstatement, it is expected that whoever reads this blog doesn’t leave it less wise, so the word applies to a certain degree. Evidently, the Shell in question is composed of bits and bytes; its protection is more about the complexities of a kernel and command lines than sea predators, and the Mutter is actually more about compositing the desktop than barely audible uttering.

  • Adieu, 32

    The tenth month of the year arrives and so does a new Ubuntu 19.10 (Eoan Ermine) update. Is it a portent that this is the 31st release of Ubuntu and with the 32nd release next year, 32-bit x86 Ubuntu builds will end?

Linux Kernel and Linux Foundation

  • Linux's Crypto API Is Adopting Some Aspects Of Zinc, Opening Door To Mainline WireGuard

    Mainlining of the WireGuard secure VPN tunnel was being held up by its use of the new "Zinc" crypto API developed in conjunction with this network tech. But with obstacles in getting Zinc merged, WireGuard was going to be resorting to targeting the existing kernel crypto interfaces. Instead, however, it turns out the upstream Linux crypto developers were interested and willing to incorporate some elements of Zinc into the existing kernel crypto implementation. Back in September is when Jason Donenfeld decided porting WireGuard to the existing Linux crypto API was the best path forward for getting this secure networking functionality into the mainline kernel in a timely manner. But since then other upstream kernel developers working on the crypto subsystem ended up with patches incorporating some elements of Zinc's design.

  • zswap: use B-tree for search
    The current zswap implementation uses red-black trees to store
    entries and to perform lookups. Although this algorithm obviously
    has complexity of O(log N) it still takes a while to complete
    lookup (or, even more for replacement) of an entry, when the amount
    of entries is huge (100K+).
    
    B-trees are known to handle such cases more efficiently (i. e. also
    with O(log N) complexity but with way lower coefficient) so trying
    zswap with B-trees was worth a shot.
    
    The implementation of B-trees that is currently present in Linux
    kernel isn't really doing things in the best possible way (i. e. it
    has recursion) but the testing I've run still shows a very
    significant performance increase.
    
    The usage pattern of B-tree here is not exactly following the
    guidelines but it is due to the fact that pgoff_t may be both 32
    and 64 bits long.
    
    
  • Zswap Could See Better Performance Thanks To A B-Tree Search Implementation

    For those using Zswap as a compressed RAM cache for swapping on Linux systems, the performance could soon see a measurable improvement. Developer Vitaly Wool has posted a patch that switches the Zswap code from using red-black trees to a B-tree for searching. Particularly for when having to search a large number of entries, the B-trees implementation should do so much more efficiently.

  • AT&T Finally Opens Up dNOS "DANOS" Network Operating System Code

    One and a half years late, the "DANOS" (known formerly as "dNOS") network operating system is now open-source under the Linux Foundation. AT&T and the Linux Foundation originally announced their plan in early 2018 wish pushing for this network operating system to be used on more mobile infrastructure. At the time they expected it to happen in H2'2018, but finally on 15 November 2019 the goal came to fruition.

Security Patches and FUD/Drama

Android Leftovers