Fact is, we don’t yet know enough details about all possible attack surfaces against SSH available to the agencies and we badly need more information to know what infrastructure components remain save and reliable for our day to day work. However we do have an idea about the weak spots that should be avoided.
Unless you live off-the-grid and have abundant free electricity, leaving your rig on while you go away on trips is hardly economic. So if you’re like [Josh Forwood] and you happen to use a remote desktop client all the time while on the road, you might be interested in this little hack he threw together. It’s a remote Power-On-PC from anywhere device.
It’s actually incredibly simple. Just one Arduino. He’s piggybacking off of the excellent Teleduino software by [Nathan] who actually gave him a hand manipulating it for his purpose. The Arduino runs as a low-power server which allows [Josh] to access it via a secure website login. From there, he can send a WOL packet to his various computers to wake them up.
As this year draws to a close, it's worth taking note of two important projects from the Apache Software Foundation (ASF) that have graduated to top-tier project status, ensuring them development resources and more. Apache MetaModel went from the Apache Incubator to become a Top Level Project. It provides a model for interacting with data based on metadata, and developers can use it to go beyond just physical data layers to work with most any forms of data.
Meanwhile, we've also covered the news of Apache Drill graduating to Top Level Project status. Drill is billed as the world's first schema-free SQL query engine that delivers real-time insights by removing the constraint of building and maintaining schemas before data can be analyzed.
Compared to the firmware, the hardware reverse engineering task was fairly straightforward. The documents we could scavenge gave us a notion of the ball-out for the chip, and the naming scheme for the pins was sufficiently descriptive that I could apply common sense and experience to guess the correct method for connecting the chip. For areas that were ambiguous, we had some stripped down phones I could buzz out with a multimeter or stare at under a microscope to determine connectivity; and in the worst case I could also probe a live phone with an oscilloscope just to make sure my understanding was correct.
In this lightning talk presentation, Remy tells us about the first academic minor in open source software at Rochester Institute of Technology (RIT) that has both a technical and non-technical track. The courses in this minor all use open source software in some way, shape, or form. Additionally, student engagement on campus includes social coding through hackathons and meetups.
Remy goes in-depth about the humanitarian free and open source software (HFOSS) class that is a required course for the minor. He covers the details of the other electives and describes how the program works for students. Remy also shares how students taking this minor really learn how the world of open source works and how it prepares them for the future work environment.
"This year we had a very dark highlight with the Systemd situation," said Google+ blogger Gonzalo Velasco C. "Wounds are still bleeding in some communities; forks were made; tons of antacids were consumed. Time will heal those, but for now, the bitter taste remains." That said, "distros like Slackware, Gentoo and PCLinuxOS stayed put on their convictions not to use it, and that is very good."
A great Bengali polymath and noble prize winner in literature (Rabindranath Tagore) once said: "Don't limit a child to your own learning, for he was born in another time". With changing times, the systems and customs that govern our society should also change. Human beings are intrinsically curious. To quote Thomas Hobbes, an English philosopher, "Curiosity is the lust of the mind". However, there also seems to be another aspect of our human nature that sees systems and customs in a preordained manner. This aspect stifles disruptive innovation, restricts growth in a vertical direction, and fortifies the stubborn staying power of our fixations with these systems and customs.
Mozilla has done a study of image formats and concluded that WebP and JPEG XR are not a big-enough improvement over well-optimized JPEG. In the study only HEVC (H.265) was significantly better, but it’s a patent-encumbered format, so it can’t be used freely (shhhh!)
It seems that Mozilla has a short-term and a long-term plan for image compression. They’re sponsoring development of the Daala codec, which is technically very interesting, but not production-ready yet.
As I reflect on another year of open source in government stories, I took a look back at the articles we published on Opensource.com this year to see if there were any noticeable commonalities. I found that most articles on the government channel fell into one of three categories: government policies, new tools available, and case studies.
This is consistent with the trend I highlighted last year (We have policies. Now what?). As Mark Bohannon is fond of saying, "Governments are wrestling with the 'how tos' of open source choices; not 'whether' to use it." Government policies are become more refined and sophisticated in regards to open technologies, and increasingly, governments are choosing to "default to open." However, governments still need help implementing those policies, and citizens are stepping up by creating new, open source tools and open formats to help governments get the job done.
Rather than do a traditional Top 10 list this year, I wanted to highlight a few standouts from each of these categories from 2014 that I think are worth reading if you missed them the first time. Or might even be worth a second read if it’s been a while.