Language Selection

English French German Italian Portuguese Spanish

Web

From student message board to open-source CMS: a Q&A with the creator of Drupal

Filed under
Software
Interviews
Drupal
Web

Drupal has completely changed the way large organisations think about and build their digital estate.

The open source content management system (CMS), which was founded in the year 2000, is now used by some of the world’s biggest brands like Warner Music, Virgin Sport, Princess Cruises and Wilson because of its ability to handle huge spikes of web traffic and because of how it enables marketers to manage their brand digitally on a global level.

TechRadar Pro recently had the opportunity to interview the creator of Drupal, Dries Buytaert who told us how he came to create the CMS and gave us insight into what's in store for future versions...

Read more

Also: Acquia Lightning Revamped, Enonic 7.0 Released, More Open Source News [Ed: Drupal founder now selling better performance]

Exim and GNU Screen Patched

Filed under
GNU
Security
Web
  • New RCE vulnerability impacts nearly half of the internet's email servers

    A critical remote command execution (RCE) security flaw impacts over half of the Internet's email servers, security researchers from Qualys have revealed today.

    The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients.

    According to a June 2019 survey of all mail servers visible on the Internet, 57% (507,389) of all email servers run Exim -- although different reports would put the number of Exim installations at ten times that number, at 5.4 million.

  • CVE-2019-10149 Exim 4.87 to 4.91

    We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.

    A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87.

    The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better.

    Exim 4.92 is not vulnerable.

  • GNU Screen MScrollV Function Denial of Service Vulnerability [CVE-2015-6806]

    A vulnerability in the MScrollV function of GNU Screen could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

    The vulnerability exists because the MScrollV function, as defined in the ansi.c source code file of the affected software, does not properly limit recursion. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could trigger a stack overflow condition, resulting in a DoS condition.Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. GNU has confirmed the vulnerability and released software updates.

Google: Chrome OS, Chrome and Antitrust

Filed under
GNU
Linux
Google
Web
  • It’s Not Just You – Linux Apps Are Completely Broken With The Latest Dev Channel Update

    For those of us that hang around in the Beta, Dev and Canary Channels of Chrome OS on a regular basis, we’re pretty accustomed to bugs and issues. It is part of the territory when you live on the bleeding edge of technology, and as you climb the ladder of Chrome releases, the OS becomes more and more unstable.

    Today’s bug report is a pretty big one, however, and we wanted to make sure that everyone that lives in the Dev Channel on a regular basis is aware that this particular issue in the latest update that rolled out yesterday looks to be affecting everyone.

    So, what is happening, exactly? From what we can tell so far, the Linux container will install just fine, but as soon as anything is run or installed, the container will not ever come back online. No restarts will help, unfortunately, and the only way to get Linux containers to respond again is to fully remove them and re-install.

  • Google to restrict modern ad blocking Chrome extensions to enterprise users

    Back in January, Google announced a proposed change to Chrome’s extensions system, called Manifest V3, that would stop current ad blockers from working efficiently. In a response to the overwhelming negative feedback, Google is standing firm on Chrome’s ad blocking changes, sharing that current ad blocking capabilities will be restricted to enterprise users.

  • Google's API changes mean only paid enterprise users of Chrome will be able to access full adblock

    Google has warned investors that "New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business," and ad blocker developers like Raymond Hill of Ublock Origin have speculated that "Google’s primary business is incompatible with unimpeded content blocking. Now that Google Chrome product has achieve high market share, the content blocking concerns as stated in its 10K filing are being tackled."

  • Google is facing an imminent antitrust investigation from the US Justice Department

    Citing anonymous sources, the WSJ says the Federal Trade Commission, which works alongside the DOJ to bring federal antitrust cases, will defer to the Justice Department in this case. Prior to this, the FTC brought a case against the company in 2011 related to the placement of tracking cookies in Apple’s Safari browser. That case was resolved a year later with a $22.5 million civil penalty judgement, at the time the largest such judgement the FTC had ever earned in court. According to the WSJ, the FTC then investigated Google in 2013 for broad antitrust violations, but closed the case without taking any action against the search giant. Now, the DOJ is leading the charge on a new, potentially unprecedented antitrust evaluation of the company.

New Release: Tor Browser 8.5

Filed under
Moz/FF
Security
Web

Tor Browser 8.5 is the first stable release for Android. Since we released the first alpha version in September, we've been hard at work making sure we can provide the protections users are already enjoying on desktop to the Android platform. Mobile browsing is increasing around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so we made it a priority to reach these users.

Read more

GNUnet News: 2019-05-12: GNUnet 0.11.4 released

Filed under
GNU
Web

This is a bugfix release for 0.11.3, mostly fixing minor bugs, improving documentation and fixing various build issues. In terms of usability, users should be aware that there are still a large number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny (about 200 peers) and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.11.4 release is still only suitable for early adopters with some reasonable pain tolerance.

Read more

Chrome 75 Beta and More Chrome News

Filed under
Google
Web
  • Chrome 75 Beta: low latency canvas contexts, sharing files, and numeric separators

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Find more information about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 75 is beta as of May 2, 2019.

  • Beta Channel Update for Desktop

    The Chrome team is excited to announce the promotion of Chrome 75 to the beta channel for Windows, Mac and Linux. Chrome 75.0.3770.18 contains our usual under-the-hood performance and stability tweaks, but there are also some cool new features to explore - please head to the Chromium blog to learn more!

  • Chrome 75 Beta Released With Low-Latency Canvas Contexts, RTC Improvements

    Following the recent Chrome 74 web browser update, Google has now promoted Chrome 75 to its beta channel.

    Chrome 75 introduces an Animation constructor for more control over creating animations with the Web Animations API, low-latency canvas contexts, various RTC improvements, FIDO CTAP2 PIN support was added to the Web Authentication API, Web Share API Level 2 support, and various other developer editions.

  • 5 Best Free VPN Chrome Extension For Privacy In 2019

    Whenever you are online on Google Chrome, it collects information on your browsing patterns and habits — right from your location, to operating system, to hardware. Therefore, securing your browsing sessions through Virtual Private Networks (VPN) is a good idea. VPNs are useful services which help you overcome geo-location restrictions and avoid getting tracked on the internet.

    While there are many Chrome VPN extensions available in the Chrome store, picking out the best ones can still be a confusing task. This is why I have put together a list of the best VPN Chrome extensions that you can use to encrypt your browser traffic and browse anonymously.

How to use a FreedomBox running open source software to regain control of your online privacy

Filed under
Server
OSS
Security
Web

As numerous posts on this blog have noted, some of the biggest threats to privacy come from Internet giants like Facebook and Google. The centralized nature of their services allows them to aggregate personal data on a huge scale, and to extract information that we never agreed to provide. Although it is only recently that the mainstream media has caught up with this development, some people were warning about this problem a decade ago.

One such is Eben Moglen. He was General Counsel of the Free Software Foundation for 13 years, and helped draft the most recent version of the GNU GPL, the core license of the open source world. As well as being Professor of Law at Columbia Law School, he is the Founding Director of the Software Freedom Law Center. Back in 2009, I interviewed him for the now-defunct site The H Open.

Read more

Browsers: Chromium 74 on Slackware, TenFourFox on OS/2, Debugging Firefox Trunk and Brave Forked

Filed under
Google
Moz/FF
Web
  • Chromium 74 available in my repository. Also for 32bit Slackware.

    The Chromium 74 sources were released a few days ago by Google, and it comes with a long list of fixes for security issues.
    I spent almost two months to investigate why the 32bit package could no longer be built (which is one of the reasons why there were so few updates in march and april – I only have a few hours every day that I can spend on Slackware these days) and had finally managed to compile a 32bit package for Chromium 73 in a 32bit chroot environment on a 64bit Slackware OS, and that package was online for one day…. and now I tried compiling the new release on a regular 32bit Slackware OS and that worked! No idea whether this is because of my modifications of the SlackBuild.

  • Cameron Kaiser: Another interesting TenFourFox downstream

    Because we're one of the few older forks of Firefox to still backport security updates, TenFourFox code turns up in surprising places sometimes. I've known about roytam's various Pale Moon and Mozilla builds; the patches are used in both the rebuilds of Pale Moon 27 and 28 and his own fork of 45ESR. Arctic Fox, which is a Pale Moon 27 (descended from Firefox 38, with patches) rebuild for Snow Leopard and PowerPC Linux, also uses TenFourFox security patches as well as some of our OS X platform code.
    Recently I was also informed of a new place TenFourFox code has turned up: OS/2. There's no Rust for OS/2, so they're in the same boat that PowerPC OS X is, and it doesn't look like 52ESR was ever successfully ported to OS/2 either; indeed, the last "official" Firefox I can find from Bitwise is 45.9. Dave Yeo took that version (as well as Thunderbird 45.9 and SeaMonkey 2.42.9) and backported our accumulated security patches along with other fixes to yield updated "SUa1" Firefox, Thunderbird and SeaMonkey builds for OS/2. If you're curious, here are the prerequisites.

  • Update To rr Master To Debug Firefox Trunk

    The issue is that LMDB opens a file, maps it into memory MAP_SHARED, and then opens the file again and writes to it through the new file descriptor, and requires that the written data be immediately reflected in the shared memory mapping. (This behavior is not guaranteed by POSIX but is guaranteed by Linux.) rr needs to observe these writes and record the necessary memory changes, otherwise they won't happen during replay (because writes to files don't happen during replay) and replay will fail. rr already handled the case when the application write to the file descriptor (technically, the file description) that was used to map the file — Chromium has needed this for a while. The LMDB case is harder to handle. To fix LMDB, whenever the application opens a file for writing, we have to check to see if any shared mapping of that file exists and if so, mark that file description so writes to it have their shared-memory effects recorded. Unfortunately this adds overhead to writable file opens, but hopefully it doesn't matter much since in many workloads most file opens are read-only. (If it turns out to be a problem there are ways we can optimize further.) While fixing this, we also added support for the case where the application opens a file (possibly multiple times with different file descriptions) and then creates a shared mapping of one of them. To handle that, when creating a shared mapping we have to scan all open files to see if any of them refer to the mapped file, and if so, mark them so the effects of their writes are recorded.

  • Gab is forking Brave, and Brave is forking furious

    Gab, the free-speech absolutist social media network, continues to look for creative ways to resist being silenced.

    Having earned a reputation as a platform that is tolerant of even the most hateful (yet still technically legal) expressions of speech, Gab has been booted off virtually every Silicon Valley service imaginable—from payment processors to web host providers.

    Now, fresh off having its browser plug-in Dissenter, the “comment section of the Internet,” ejected from the Google and Mozilla extension libraries, Gab is taking the oft-used “if you don’t like it, go create your own” criticism to heart. The company has built its own web browser—a forked version of the open-source Brave browser—and will be releasing it within the next few weeks, Gab CEO Andrew Torba tells Decrypt .

Google/Chrome: Filament and More, Notably Google Chrome 74 Release

Filed under
Google
Web
  • Google's Filament Real-Time PBR Engine Updated With New Features

    Filament is Google's real-time physically based rendering engine that supports Android along with Linux and all other major platforms, including a target for WebAssembly+WebGL. Filament 1.2.0 was released on Tuesday as the latest step forward for this PBR rendering engine.

    Filament 1.2.0 features various tooling and engine improvements, improves render target management, squeezes better performance out of the job system, support for compressed textures from its JavaScript API, more JavaScript bindings were also added, the Vulkan rendering support now can handle RGB textures, and there are a variety of other rendering advancements.

  • Google Chrome 74 Released for Windows, macOS, and Linux; Dark Mode Arrives on Windows

    Google has released Chrome 74 for Windows, Mac, Linux, Chrome OS, and Android (beta). The latest release brings a number of new features apart from quite a few bug fixes. Probably the biggest highlight of Chrome 74 is support for dark mode on Windows. After arriving on the Mac last month, support for dark mode in Chrome is finally available on Windows. Google Chrome currently has over 1 billion users worldwide.

  • Data Saver is now Lite mode

    Since we introduced Data Saver in Chrome, we’ve reduced users’ data usage by up to 60 percent. But now, the feature is expanding to provide more benefits in addition to data savings. Pages will now load faster, in some cases considerably faster, and use less memory. This is why starting today, we will be renaming Data Saver to Lite mode.
    Lite mode will continue to reduce data use by using Google servers to compress the pages you visit before downloading them. Using the NetworkInformation API, Lite mode tells web servers that you are interested in receiving a version of the site that uses less data if one is available.
    Lite mode also helps improve page loads. If Chrome predicts that a page will take longer than 5 seconds for the first text or image to show on screen, it will load a Lite version of the page instead. Lite pages are highly optimized to load considerably faster. A whitepaper will be published in the coming months that will explain this in more detail.

  • Google Chrome 74 Released: Dark Mode For Windows, Lite Mode For Android

    Google released the Chrome version 74 today for Windows, Mac, Linux, Android, and Chrome OS users. The new version comes with new features and bug fixes with the main highlight being support for a Dark Mode in Windows.

    Other noteworthy changes include the replacement of Data Saver feature with Lite Mode for Chrome on Android devices. There are a few security improvements too, so read on to find out the details.

WWW and Development

Filed under
Development
Moz/FF
OSS
Web
  • Acquisition roundabout sees Zend Framework spun off to Linux Foundation

    The Zend Framework is to get a new name and a new home, under the auspices of the Linux Foundation, just a few months after its parent co was itself swallowed whole.

    Zend – as was – is an open source, object-oriented web application framework implemented in PHP 7. It was synonymous with Zend Technologies, which was taken over by Rogue Wave Software in 2015. Rogue Wave Software was itself acquired by private equity outfit Clear Lake Capital earlier this year.

    According to the website for the new organisation, “To take it to the next step of adoption and innovation, we are happy to announce that we are transitioning Zend Framework and all its subprojects to an open source project hosted at the Linux Foundation.”

  • Five RESTful web service client examples for developers

    How do you access a RESTful web service? That depends on what you're trying to accomplish.

    If you just want to test connectivity, a terminal-based utility like curl is a great RESTful web service client. If you want to inspect the JSON a service returns to you, a browser-based plugin will probably be a better fit. And if you are in the midst of application development, you'll likely need to use JAX-RS, Spring or a similar framework.

  • 5 Best Reasons to Opt for PHP Web Development

    Many companies now are choosing PHP web development to realize their IT needs. According to research, almost 83 percent of web services are using PHP, and it is the preferred choice of industry stalwarts such as BlaBlaCar, Slack, and Spotify. PHP is open source and comes with a great community, and it is continuously upgrading. There is no doubt about the same.

  • It’s Complicated: Mozilla’s 2019 Internet Health Report

    The Report paints a mixed picture of what life online looks like today. We’re more connected than ever, with humanity passing the ‘50% of us are now online’ mark earlier this year. And, while almost all of us enjoy the upsides of being connected, we also worry about how the internet and social media are impacting our children, our jobs and our democracies.

    When we published last year’s Report, the world was watching the Facebook-Cambridge Analytica scandal unfold — and these worries were starting to grow. Millions of people were realizing that widespread, laissez-faire sharing of our personal data, the massive growth and centralization of the tech industry, and the misuse of online ads and social media was adding up to a big mess.

    Over the past year, more and more people started asking: what are we going to do about this mess? How do we push the digital world in a better direction?

    As people asked these questions, our ability to see the underlying problems with the system — and to imagine solutions — has evolved tremendously. Recently, we’ve seen governments across Europe step up efforts to monitor and thwart disinformation ahead of the upcoming EU elections. We’ve seen the big tech companies try everything from making ads more transparent to improving content recommendation algorithms to setting up ethics boards (albeit with limited effect and with critics saying ‘you need to do much more!’). And, we’ve seen CEOs and policymakers and activists wrestling with each other over where to go next. We have not ‘fixed’ the problems, but it does feel like we’ve entered a new, sustained era of debate about what a healthy digital society should look like.

Syndicate content

More in Tux Machines

Red Hat: Kernel and dnf-automatic

  • Red Hat Shows Off Their vDPA Kernel Patches For Better Ethernet Within VMs

    Red Hat engineers have been developing virtual data path acceleration (vDPA) as a standard data plane that is more flexible than VirtIO full hardware offloading. The goal is providing wire-speed Ethernet interfaces to virtual machines in an open manner. This patch series was sent out on Thursday by Red Hat's Jason Wang. This implements the vDPA bus for the Linux kernel as well as providing a vDPA device simulator and supporting vDPA-based transport within VirtIO.

  • What is the latest kernel release for my version of Red Hat Enterprise Linux?

    I read an interesting question on the Red Hat Learning Community forums recently. What is the latest kernel version for my version of Red Hat Enterprise Linux (RHEL)? In this post we'll see how you can find out. Some users, trying to be helpful, gave a specific version of the kernel package. Unfortunately, that might only be valid at the time of writing. A better approach would be to understand where to get that information about the latest kernel version for a given version of RHEL. When Red Hat releases a major or minor update to RHEL, they ship it with a specific branch of the kernel version. This page in the customer portal shows the kernel version "branch" associated with a release of RHEL (e.g. RHEL7.6).

  • dnf-automatic – Install Security Updates Automatically in CentOS 8

    Security updates play a crucial role in safeguarding your Linux system against cyber-attacks and breaches which can have a devastating effect on your critical files, databases and other resources on your system. You can manually apply security patches on your CentOS 8 system, but it is much easier as a system administrator to configure automatic updates. This will give you the confidence that your system will be periodically checking for any security patches or updates and applying them.

Devices: PCB, OpenCV/RasPi and NVIDIA Jetson Nano

  • A beginner tries PCB assembly

    I wrote last year about my experience with making my first PCB using JLCPCB. I’ve now got 5 of the boards in production around my house, and another couple assembled on my desk for testing. I also did a much simpler board to mount a GPS module on my MapleBoard - basically just with a suitable DIP connector and mount point for the GPS module. At that point I ended up having to pay for shipping; not being in a hurry I went for the cheapest option which mean the total process took 2 weeks from order until it arrived. Still not bad for under $8! Just before Christmas I discovered that JLCPCB had expanded their SMT assembly option to beyond the Chinese market, and were offering coupons off (but even without that had much, much lower assembly/setup fees than anywhere else I’d seen). Despite being part of LCSC the parts library can be a bit limited (partly it seems there’s nothing complex to assemble such as connectors), with a set of “basic” components without setup fee and then “extended” options which have a $3 setup fee (because they’re not permanently loaded, AIUI).

  • Digitizing a analog water meter

    Sadly, my meter is really dirt under the glass and i couldn’t manage to clean it. This will cause problems down the road. The initial idea was easy, add a webcam on top of the meter and read the number on the upper half it. But I soon realized that the project won’t be that simple. The number shows only the use of 1m^3 (1000 liters), this means that I would have a change only every couple of days, which is useless and boring. So, I had to read the analog gauges, which show the fraction in 0.0001, 0.001, 0.01 and 0.1 m^3. This discovery blocked me, and I was like “this is way to complicated”. I have no idea how I found or what reminded me of OpenCV, but that was the solution. OpenCV is an awesome tool for computer vision, it has many features like Facial recognition, Gesture recognition … and also shape recognition. What’s a analog gauge? It’s just a circle with an triangular arrow indicating the value.

  • NVIDIA Jetson Nano Developer Kit-B01 Gets an Extra Camera Connector

    Launched in March 2019, NVIDIA Jetson Nano developer kit offered an AI development platform for an affordable $99.

today's howtos

XMPP - Fun with Clients

As I already wrote in my last blog post there's much development in XMPP, not only on the server side, but also on the client side. It's surely not exaggerated to say that Conversations on Android is the de-facto standard client-wise. So, if you have an Android phone, that's the client you want to try&use. As I don't have Android, I can't comment on it. The situation on Linux is good as well: there are such clients as Gajim, which is an old player in the "market" and is available on other platforms as well, but there is with Dino a new/modern client as well that you may want to try out. The situation for macOS and iOS users are not that good as for Windows, Linux or Android users. But in the end all clients have their pro and cons... I'll try to summarize a few clients on Linux, macOS and iOS... Read more