Language Selection

English French German Italian Portuguese Spanish

Interviews

My Linux Story: How an influential security developer got started in open source

Filed under
Linux
Interviews
OSS

Open source is a way to express creativity in software while solving a problem. With the right license, it allows almost anyone to use the software, typically for free. That is also important, as not everyone has the luxury to pay for software or related services. The Dutch are known to be humble, outspoken, and in love with things being "gratis." This word is the same in Latin and means "for thanks" or "for nothing." While the F in FOSS does not refer to this type of free, I believe it is a powerful driver to bring the software into more people's hands. That is valuable in itself, as it can open the gates to more feedback, ideas, or even code improvements.

Read more

Insights on the reproducibility and future of free software with Chris Lamb

Filed under
GNU
Interviews

The Reproducible Builds project seeks to integrate a set of development practices into software which emphasize build reproducibility, or the ability to ensure that a given build process will lead to verifiably integrous binaries which correspond to their source code. Reproducibility is especially important in software that is used for sensitive applications or even by users living in repressive regimes under mortal danger – repressive governments, for example, may choose to introduce vulnerabilities into software used by dissidents to connect to the Internet by targeting pre-compiled binaries and build processes rather than source code. The project is working towards making many widely used pieces of free software reproducible, from its aims towards making (at the very least the packages of) several widely used distributions of GNU/Linux reproducible to achieving reproducibility for individual pieces of critical software like Tor and Tails.

Read more

Interview with A. Cord-Landwehr about REUSE adoption in the KDE community

Filed under
KDE
Interviews

In 2017, the FSFE launched its REUSE campaign and it not only has received many important updates since then but also an overwhelming international attention. Since the release of version 3.0 last year, we have been focusing on supporting Free Software projects in adopting the underlying best practices. And 2020 marks another successful year of this initiative.

On one hand this is thanks to the FSFE's role as a consortium member of the Next Generation Internet Zero (NGI0). In this position, the FSFE's legal team assists all participating software projects with any Free Software copyright and licensing issues that they may run into. And we are encouraging and assisting the projects in becoming REUSE compliant. More than 150 projects that we are reviewing in the scope of our NGI0 involvement are in process of adopting the REUSE specifications and many of them are already REUSE compliant.

Read more

Ben Cotton: How Do You Fedora?

Filed under
Red Hat
Interviews

If you follow the Fedora’ Community Blog, there’s a good chance you already know who Ben is.

Ben’s Linux journey started around late 2002. Frustrated with some issues on using Windows XP, and starting a new application administrator role at his university where some services were being run on FreeBSD. A friend introduced him to Red Hat Linux, when Ben decided it made sense to get more practice with Unix-like operating systems. He switched to Fedora full-time in 2006, after he landed a job as a Linux system administrator.

Since then, his career has included system administration, people management, support engineering, development, and marketing. Several years ago, he even earned a Master’s degree in IT Project Management. The variety of experience has helped Ben learn how to work with different groups of people. “A lot of what I’ve learned has come from making mistakes. When you mess up communication, you hopefully do a better job the next time.”

Read more

An Interview with LearnLinux.TV’s Jay LaCroix

Filed under
Linux
Interviews

For me, Linux is an amazing thing. I’m obsessed, it’s like my hobby and it just happens to pay. What are the odds that something you love to do can generate a paycheck? There’s nothing as great as that.
In addition to the YouTube channel, I write books, so my newest book is going to be coming out at the end of the year. The book is Mastering Ubuntu Server — Third Edition. It’s just an update to the 2nd Edition, but it became a lot more than just an update. Surprisingly the amount of work I’ve had to do on it is about the same as writing a brand new book from scratch, because it’s taken at least six months now to finish. The 2nd one has been a very big success, and this one I think is going to be even better. The important thing to note is this book is written entirely on System76 hardware and entirely on LibreOffice.

Read more

Interview with Tansy Branscombe

Filed under
KDE
Interviews

I found out about Krita after doing some research online about the different free art tools available online. There were lots of options, but the name Krita came up quite often and seemed to get good reviews, so I thought it was worth trying!

I love that Krita really feels like it was built with art & artists in mind. One of my favourite features is having the reference images pinned around my work without having them cluttering up my layers. I also love that the programme seems quite streamlined so it starts up pretty quickly and never gets too slow even though my laptop doesn’t have a dedicated graphics card.

Read more

Torvalds says no need to name successor as that will take care of itself

Filed under
Linux
Interviews

Linux creator Linus Torvalds says it won't be necessary for him to name a successor to take over from him as head of the Linux kernel project because "it will be fairly clear who it is".

"Not because this is some democracy and people would vote on it and there's a clear winner, but because these things really happen on their own: a 'successor' isn't somebody who gets anointed as such, they end up just doing the work and making themselves one that way," Torvalds told iTWire during an interview this week.

As usual, he offered views on a wide range of topics, among them the way he has coped with life during the pandemic and also about his life in a country which is split along partisan lines.

He was interviewed by email. His answers are, as usual, given in full.

Read more

'This was bigger than GNOME and bigger than just this case.' GNOME Foundation exec director talks patent trolls and much, much more

Filed under
Interviews
GNOME
Legal

Patent assertion entities: do not pick a fight with open source. It won't end well for you. This is the message from GNOME Foundation executive director Neil McGovern, who will speak on the subject at the Open Source Summit Europe next week.

McGovern talked to The Register ahead of the event on patents, Microsoft, and more.

The open-source outfit develops the default desktop environment on major Linux distributions including Ubuntu and Red Hat. In late August 2019, Rothschild Patent Imaging filed a lawsuit against the GNOME foundation claiming that GNOME Shotwell, a photo manager, infringed one of its patents.

“We didn't receive a letter before the court documents were filed or any sort of warning, it was just filed and then within a week there was a settlement request for $75,000,” McGovern told us.

Read more

Fosshost Interview: Open Source Hosting Provider for FOSS Projects

Filed under
Interviews

Introduced here at 9to5Linux about four months ago, Fosshost is a not-for-profit hosting provider for FOSS (Free and Open Source Software) projects. They offer hosting services like virtualized infrastructure, mirrors, storage, collaboration, and domain name to open-source projects who meet their eligibility criteria.

Among the big names that Fosshost offers its services, there’s Debian GNU/Linux, GNOME, Xfce, The Tor Project, IPFire, Xubuntu, Armbian, Linux Lite, Manjaro Linux, Deepin Linux, FreeCAD, F-Droid, Qubes OS, Serpent OS, Ubuntu Unity, and many more.

I wanted to learn a bit more about this awesome initiative and their future endeavors, so I spoke with Thomas, the Founder of Fosshost.

Read more

Emilia Torino shares what goes into keeping Ubuntu secure

Filed under
Interviews
Ubuntu

I’m from Argentina, and I did my undergrad in software engineering here. I worked for Intel in Argentina for six years – first as an intern and then as a fully-fledged software engineer. Then I received a Fulbright scholarship to do my master’s degree at Carnegie Mellon University in the United States. After finishing my Masters, I went back to Intel and then McAfee for a few more years, and then joined Canonical in 2019 as a Security Generalist.

I was looking for a new challenge. Even though I had more than ten years of industry experience and had been involved in security activities, the prospect of working for the team that makes Ubuntu secure was more than exciting! What’s more, I hadn’t previously been that deeply involved in open source projects. I knew that joining Canonical would offer different learning and career opportunities.

Read more

Syndicate content

More in Tux Machines

Devices: Xtra-PC, Arduino and Inventor Coding Kit

  • Xtra-PC Reviews – Best Linux USB-Stick? - Product Review by Rick Finn

    The Xtra-PC Linux USB-Stick might be your solution if you have problems with your old and slow PC. It's a small flash drive stick and it's using Linux OS to boost you PC's operations. Check out now.

  • Arduino Blog » Old keyboard turned into a new children’s learning toy

    Peter Turczak’s toddler son loves “technical stuff,” especially things like keyboards and computers that adults use. After discussing this with other likeminded technical parents, the idea of giving new life to an old (PS/2 or AT) keyboard as a teaching tool was hatched.

  • SiFive Helping To Teach Kids Programming With RISC-V HiFive Inventor Coding Kit

    SiFive in cooperation with Tynker and BBC Learning have launched a Doctor Who themed HiFive Inventor Coding Kit. This Initial HiFive Inventor Coding Kit is intended to help kids as young as seven years of age get involved with computer programming through a variety of fun exercises and challenges involving the RISC-V powered mini computer and related peripherals like LED lighting and speaker control. [...] So for those looking to get their kids involved with computer programming and looking for an IoT-type device with some fun sensors and various themed exercises to get them experimenting, the HiFive Inventor Coding Kit is worth looking into further. More details on the programming platform can be found via Tynker.com and on the hardware at HiFiveInventor.com. The HiFive Inventor Kit is available from Amazon.com and other Internet retailers for $75 USD.

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Arch Linux (atftp, coturn, gitlab, mdbook, mediawiki, nodejs, nodejs-lts-dubnium, nodejs-lts-erbium, nodejs-lts-fermium, nvidia-utils, opensmtpd, php, python-cairosvg, python-pillow, thunderbird, vivaldi, and wavpack), CentOS (firefox and thunderbird), Debian (chromium and snapd), Fedora (chromium, flatpak, glibc, kernel, kernel-headers, nodejs, php, and python-cairosvg), Mageia (bind, caribou, chromium-browser-stable, dom4j, edk2, opensc, p11-kit, policycoreutils, python-lxml, resteasy, sudo, synergy, and unzip), openSUSE (ceph, crmsh, dovecot23, hawk2, kernel, nodejs10, open-iscsi, openldap2, php7, python-jupyter_notebook, slurm_18_08, tcmu-runner, thunderbird, tomcat, viewvc, and vlc), Oracle (dotnet3.1 and thunderbird), Red Hat (postgresql:10, postgresql:12, postgresql:9.6, and xstream), SUSE (ImageMagick, openldap2, slurm, and tcmu-runner), and Ubuntu (icoutils).

  • About CVE-2020-27348

    Well this is a doozey. Made public a while back was a security vulnerability in many Snap Packages and the Snapcraft tool used to create them. Specifically, this is the vulnerability identified as CVE-2020-27348. It unfortunately affects many many snap packages… [...] The problem arises when the LD_LIBRARY_PATH includes an empty element in its list. When the Dynamic Linker sees an empty element it will look in the current working directory of the process. So if we construct our search paths with an accidental empty element the application inside our Snap Package could be caused to load a shared library from outside the Snap Package’s shipped files. This can lead to an arbitrary code execution. It has been common to put a definition of the LD_LIBRARY_PATH variable into a Snap Package’s snapcraft.yaml that references a predefined $LD_LIBRARY_PATH as if to extend it. Unfortunately, despite this being common, it was poorly understood that SnapD ensures that the $LD_LIBRARY_PATH is unset when starting a Snap Package’s applications. What that means is that where the author tried to extend the variable they have inadvertantly inserted the bad empty element. The empty element appears because $LD_LIBRARY_PATH is unset so the shell will expand it to an empty string.

  • Wait, What? Kids Found A Security Flaw in Linux Mint By Mashing Keys!

    Security flaws can be incredibly stupid and dangerous. Of course, I’m not judging anyone, we are humans after all. But this little incident is quite funny.

Audiocasts/Shows: Blender 2.91, Server Security, Linux in the Ham Shack and More

IBM/Red Hat Leftovers

  • Davie Street Enterprises: A case study in digital transformation

    We would like to introduce you to Davie Street Enterprises (DSE). DSE is a fictitious 100-year-old multinational corporation that is beginning its digital transformation journey. In this post we will lay the groundwork for a series following DSE as an illustration of how some Red Hat customers are preparing for and succeeding at digital transformation to save money, become more efficient, and compete more effectively. The company isn't real, but its struggle is very real for many organizations. Throughout this series, we will explore the business problems any number of organizations are challenged with and how DSE, with the help of Red Hat and its partners, plan to solve those problems. To start, let’s learn more about DSE, its business, and some of the associates involved in its digital transformation journey.

  • Farewell 2020: A year of togetherness with our EMEA partners

    When reflecting on 2020, I do what many people do and think about what things were like prior to this year. For me, I immediately go back to a spring day three years ago. Red Hat was hosting our EMEA Partner Conference; a mix of distributors, independent software vendors (ISVs), system integrators and solution providers from across the region. Alongside the usual product updates and market insight sessions you might expect, we decided to do a little drumming. A lot of drumming, in fact — 900 people banging bongos and clashing cymbals. Other than the noise, what I remember was the genuine sense of togetherness; embarrassment and egos put to the side in the pursuit of the perfect tempo. It seems drumming is a good signal of solidarity. Even in a large group, it’s easy to notice someone beating to a different rhythm. Trainers and coaches use this drumming technique frequently to promote unity and coordination. Our coach that day later congratulated me on "having such a tight knit group of employees." When I told him they weren’t our employees but partners from 550 different companies, he couldn’t believe it.

  • Visualizing system performance with RHEL 8 using Performance Co-Pilot (PCP) and Grafana (Part 1)

    When it comes to performance metrics data collection and visualization on Linux, PCP metrics collection and visualization are key. Red Hat Enterprise Linux (RHEL) 8 provides an excellent framework for collecting performance metrics and visualizing them! The days of poring over command line output to try and figure out what is happening on a system are gone. In this series, I’d like to introduce the power of using Performance Co-Pilot (PCP) and Grafana to visualize system performance data in RHEL. By default, Performance Co-Pilot is not installed on RHEL 8. We believe in giving users choices and as such, you have to opt-in to using Performance Co-Pilot.