Language Selection

English French German Italian Portuguese Spanish

Login

More in Tux Machines

Mozilla Leftovers

  • Firefox 86 brings multiple Picture-in-Picture, “Total Cookie Protection”

    In December 2019, Firefox introduced Picture-in-Picture mode—an additional overlay control on in-browser embedded videos that allows the user to detach the video from the browser. Once detached, the video has no window dressing whatsoever—no title bar, min/max/close, etc. PiP mode allows users who tile their windows—automatically or manually—to watch said video while consuming a bare minimum of screen real estate. Firefox 86 introduces the concept of multiple simultaneous Picture-in-Picture instances. Prior to build 86, hitting the PiP control on a second video would simply reattach the first video to its parent tab and detach the second. Now, you can have as many floating, detached video windows as you'd like—potentially turning any monitor into something reminiscent of a security DVR display. The key thing to realize about multi-PiP is that the parent tabs must remain open—if you navigate away from the parent tab of an existing PiP window, the PiP window itself closes as well. Once I realized this, I had no difficulty surrounding my Firefox 86 window with five detached, simultaneously playing video windows.

  • This Week in Glean: Boring Monitoring [Ed: Mozilla insists that it is not surveillance when they call it "data science" and "big data"]

    Every Monday the Glean has its weekly Glean SDK meeting. This meeting is used for 2 main parts: First discussing the features and bugs the team is currently investigating or that were requested by outside stakeholders. And second bug triage & monitoring of data that Glean reports in the wild. [...] It probably can! But it requires more work than throwing together a dashboard with graphs. It’s also not as easy to define thresholds on these changes and when to report them. There’s work underway that hopefully enables us to more quickly build up these dashboards for any product using the Glean SDK, which we can then also extend to do more reporting automated. The final goal should be that the product teams themselves are responsible for monitoring their data.

  • William Lachance: Community @ Mozilla: People First, Open Source Second [Ed: Is this why Mozilla pays its CEO over 3 million dollars per year (quadruple the older sum) while sacking even its own people and spying on Firefox users (people)?]

    It seems ridiculously naive in retrospect, but I can remember thinking at the time that the right amount of “open source” would solve all the problems. What can I say? It was the era of the Arab Spring, WikiLeaks had not yet become a scandal, Google still felt like something of a benevolent upstart, even Facebook’s mission of “making the world more connected” sounded great to me at the time. If we could just push more things out in the open, then the right solutions would become apparent and fixing the structural problems society was facing would become easy! What a difference a decade makes. The events of the last few years have demonstrated (conclusively, in my view) that open systems aren’t necessarily a protector against abuse by governments, technology monopolies and ill-intentioned groups of individuals alike. Amazon, Google and Facebook are (still) some of the top contributors to key pieces of open source infrastructure but it’s now beyond any doubt that they’re also responsible for amplifying a very large share of the problems global society is experiencing.

LXTerminal 0.4.0 released.

Terminal emulator of LXDE had no releases for more than two years. Not much was added, not much was fixed but still some work done. Could be more of course but what we can do with our forces, that we do. Let hope we can do more later. Read more

Security Leftovers

  • Security updates for Wednesday

    Security updates have been issued by openSUSE (firefox and tor), Oracle (stunnel and xterm), Red Hat (virt:8.2 and virt-devel:8.2 and xterm), SUSE (avahi, gnuplot, java-1_7_0-ibm, and pcp), and Ubuntu (openssl).

  • Why not rely on app developer to handle security? – Michał Górny

    One of the comments to the The modern packager’s security nightmare post posed a very important question: why is it bad to depend on the app developer to address security issues? In fact, I believe it is important enough to justify a whole post discussing the problem. To clarify, the wider context is bundling dependencies, i.e. relying on the application developer to ensure that all the dependencies included with the application to be free of vulnerabilities. In my opinion, the root of security in open source software is widely understood auditing. Since the code is public, everyone can read it, analyze it, test it. However, with a typical system install including thousands of packages from hundreds of different upstreams, it is really impossible even for large companies (not to mention individuals) to be able to audit all that code. Instead, we assume that with large enough number of eyes looking at the code, all vulnerabilities will eventually be found and published. On top of auditing we add trust. Today, CVE authorities are at the root of our vulnerability trust. We trust them to reliably publish reports of vulnerabilities found in various packages. However, once again we can’t expect users to manually make sure that the huge number of the packages they are running are free of vulnerabilities. Instead, the trust is hierarchically moved down to software authors and distributions. Both software authors and distribution packagers share a common goal — ensuring that their end users are running working, secure software. Why do I believe then that the user’s trust is better placed in distribution packagers than in software authors? I am going to explain this in three points.

  • Sysdig Donates Module to CNCF to Improve Linux Security

    Sysdig announced today it has donated a sysdig kernel module, along with libraries for the Falco security platform for Kubernetes, to the Cloud Native Computing Foundation (CNCF) as part of an effort to advance Linux security.

  • Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the DizmeID Foundation and technical project with the intent to support digital identity credentialing. The effort will combine the benefits of self-sovereign identity with necessary compliance and regulation, with the aim to enable wallet holders with ownership and control over their digital identity and data access and distribution.

  • Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network

Best Free And Open Source Photoshop Alternatives

Photoshop is quite synonymous with Graphics design nowadays, but it is not the only king in the room. Photoshop doesn’t come with a friendly interface for beginners. No doubt photoshop offers you freedom of using features quite independently, but everything comes at a cost. There are some other options too that are worth considering for users who are looking for open source and free photoshop alternatives. These free and open source photoshop alternatives are not only useful for beginners but also useful for professionals who are thinking of switching from photoshop. And the good thing is that these free applications make no compromise with the quality of work. So, what to do if you are a bit tight on budget and want to learn to design without paying the monthly subscription as in Photoshop. Well, I have prepared a list of free and open-source applications like photoshop to create awesome designs without compromising quality. Read more