You are here

Agreguesi i feed

The Fridge: Ubuntu Membership Board call for nominations

Planet Ubuntu - Pre, 24/08/2018 - 10:12md

As you may know, Ubuntu Membership is a recognition of significant and sustained contribution to Ubuntu and the Ubuntu community. To this end, the Community Council recruits from our current member community for the valuable role of reviewing and evaluating the contributions of potential members to bring them on board or assist with having them achieve this goal.

We have five members of our boards expiring from their terms, which means we need to do some restaffing of this Membership Board.

We have the following requirements for nominees:

  • be an Ubuntu Member (preferably for some time)
  • be confident that you can evaluate contributions to various parts of our community
  • be committed to attending the membership meetings broad insight into the Ubuntu community at large is a plus

Additionally, those sitting on membership boards should have a proven track record of activity in the community. They have shown themselves over time to be able to work well with others and display the positive aspects of the Ubuntu Code of Conduct. They should be people who can discern character and evaluate contribution quality without emotion while engaging in an interview/discussion that communicates interest, a welcoming atmosphere, and which is marked by humanity, gentleness, and kindness. Even when they must deny applications, they should do so in such a way that applicants walk away with a sense of hopefulness and a desire to return with a more complete application rather than feeling discouraged or hurt.

To nominate yourself or somebody else (please confirm they wish to accept the nomination and state you have done so), please send a mail to the membership boards mailing list (ubuntu-membership-boards at lists.ubuntu.com). You will want to include some information about the nominee, a Launchpad profile link, and which time slot (20:00 or 22:00) the nominee will be able to participate in.

We will be accepting nominations through Monday, September 10th at 13:00 UTC. At that time all nominations will be forwarded to the Community Council who will make the final decision and announcement.

Thanks in advance to you and to the dedication everybody has put into their roles as board members.

Jonathan Riddell: Akademy Group Photo Automator

Planet Ubuntu - Pre, 24/08/2018 - 3:50md

Every year we take a group photo at Akademy and then me or one of the Kennies manually marks up the faces so people can tag them and we can know who we all are and build community.  This is quite old school effort so this year I followed a mangazine tutorial and made Akademy Group Photo Automator to do it.  This uses an AI library called face_recognition to do the hard work and Docker to manage the hard work and spits out the necessary HTML.  It was a quick attempt and I’m not sure it did much good in the end alas.  The group photos tend to be quite disorganised and whoever takes it upon themselves to direct it each year makes basic mistakes like putting everyone on a flat stage or making everyone wave their hands about which means many of the faces are half covered and not recognised.  And it seems like the library is not a fan of glasses.  It also outputs rect coordinates rather than circle ones which ment Kenny had to do many adjustments.  Still it’s an interesting quick dive into a new area for me and maybe next year I’ll get it smoother.

Faces recognisedby

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, July 2018

Planet Ubuntu - Pre, 24/08/2018 - 1:59md

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In July, about 224 work hours have been dispatched among 14 paid contributors. Their reports are available:

Evolution of the situation

The number of sponsored hours did not change.

The security tracker currently lists 51 packages with a known CVE and the dla-needed.txt file has 43 packages needing an update.

Thanks to our sponsors

New sponsors are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Benjamin Mako Hill: Heading to the Bay Area

Planet Ubuntu - Pre, 24/08/2018 - 4:39pd

On September 4th, I’ll be starting a fellowship at the Center for Advanced Studies in the Behavioral Sciences (CASBS), a wonderful social science research institute at Stanford that’s perched on a hill overlooking Palo Alto and the San Francisco Bay. The fellowship is a one-year gig and I’ll be back in Seattle next June.

A CASBS fellowship is an incredible gift in several senses. In the most basic sense, it will mean time to focus on research and writing. I’ll be using my time there to continuing my research on the social scientific study of peer production and cooperation. More importantly though, the fellowship will give me access to a community of truly incredible social social scientists who be my “fellow fellows” next year.

Finally, being invited for a CASBS fellowship is a huge honor. I’ve been preparing by reading a list of Wikipedia articles I built about the previous occupants of the study that I’ll be working out of next year (the third fellow to work out of my study was Claude Shannon!). It’s rare for junior faculty like myself to be invited and I’m truly humbled.

The only real downside of the fellowship is that it means that I’ll be spending the academic year away from Seattle. I’m going to miss working out of UW, my department, and the Community Data Science Collective lab here enormously.

In a personal sense, it means I’ll be leaving a wonderful community in Seattle in and around my home at Extraordinary Least Squares. I’m going to miss folks deeply and I look forward to returning.

Of course, I’m also pretty excited about moving to Palo Alto. It will be the first time either Mika or I have lived in California and we hope to take advantage of the opportunity.

Please help us do so!  If you’re at Stanford, in Silicon Valley, or are anywhere in the Bay Area and want to meet up, please don’t hesitate to get in contact! We’ll be arriving with very little community and I’m really interested in meeting and making friends  and taking advantage of my nine-months in the area to make connections!

Jono Bacon: Design The Bacon Family Crest

Planet Ubuntu - Enj, 23/08/2018 - 9:01md

Designers! We need your help! We want to produce a fun family crest for the Bacon family, something that really reflects us and who we are. This will go on a flag poll at our house and on napkins/coasters for parties.

Hello, Designers! The Bacon family needs a Family Crest designing. We have a flag poll in our new house, and we thought it could be fun to have a family crest that reflects us, our personalities, and background. This will also go on some napkins and coasters for parties. We want it to be amusing and fun, but also professional and classy. Please make it: * Modern and classy. We don't want this to look medieval or old-school. We want it to look classy, but contemporary. * Amusing, but not cheesy. * Either a single-color design, or max of 2 - 3 colors (that contrast really well). * This should be hi-res so it can be printed on material with a solid background color. As you design it, please try to incorporate the following (in priority order): * Include the text "The Bacon Family" near the top. * Add the latin "Sicut delectamentum cibum prandium." near the bottom (which is latin for "Like the delicious breakfast meat" - we say this when we say our name and check in hotels, because people always assume our name isn't as ridiculous as "Bacon") * The USA, British, and Italian flags in some form. * Incorporate key symbols that reflect us: - Food/Cooking. - Music/Heavy Metal (e.g. a Rhandy Rhoads guitar.) - Technology. - People/Community (people getting together to do cool things.) As food for thought, I like these: * https://www.teepublic.com/phone-case/597879-rahoxah-family-crest * https://www.pinterest.ca/pin/42573158947630583/

Interested?

JOIN THE 99DESIGNS CONTEST ($350 fee)

There is only four days to submit entries!

The post Design The Bacon Family Crest appeared first on Jono Bacon.

Ubuntu Podcast from the UK LoCo: S11E24 – Mr. Penumbra’s 24-Hour Bookstore - Ubuntu Podcast

Planet Ubuntu - Enj, 23/08/2018 - 12:30md

One of us has been vacationing in France. Alan went to Akademy and explains what went on. We’ve got some Webby love and go over all your feedback.

It’s Season 11 Episode 24 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Jono Bacon: ZBiotics Crowdfunding Campaign Launched

Planet Ubuntu - Mër, 22/08/2018 - 2:16pd

A little while ago I worked with a client called ZBiotics. They are producing an engineered probiotic which that can be a hangover cure, but the technology has a wealth of other potential applications outside of making your morning-after a little less brutal.

They were interested in running a crowdfunding campaign. I have run a few campaigns before (the $12.7 million Ubuntu Edge, and the $1million Global Learning XPRIZE) and I provided strategic guidance for the Mycroft Mark II (which raised $395k of it’s $50k goal).

I like Zack and Stephen. They seem like good guys who want to build a company the right way. I sat down and provided some training around how to structure and deliver their campaign. This was a complex one because they are not only delivering a practical consumer product (hangover cure) but their technology is also the secret sauce. Both of these are important parts of the message.

They launched it yesterday with a goal of $25,000 and already smashed past that in Day 1. Here is their overview video:

Can’t see it? See it here.

Go and check it out.

The post ZBiotics Crowdfunding Campaign Launched appeared first on Jono Bacon.

The Fridge: Ubuntu Weekly Newsletter Issue 541

Planet Ubuntu - Mar, 21/08/2018 - 1:52pd

Welcome to the Ubuntu Weekly Newsletter, Issue 541 for the week of August 12 – 18, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Jono Bacon: Video: How to Manage and Work With Difficult Personalities

Planet Ubuntu - Hën, 20/08/2018 - 9:36md

Every organization, community, and family has difficult people in them. Some get overly agitated, some are not constructive in their criticism, some rub other people up the wrong way, some always commit but never deliver, and other traits.

In my new video I share some details for how to manage these types of personalities. I share some golden rules for handling them, how to analyze the situation well, and a method for building a resolution and solving problems.

Here it is:

Can’t see it? Watch it here.

The post Video: How to Manage and Work With Difficult Personalities appeared first on Jono Bacon.

Kees Cook: security things in Linux v4.18

Planet Ubuntu - Hën, 20/08/2018 - 8:29md

Previously: v4.17.

Linux kernel v4.18 was released last week. Here are details on some of the security things I found interesting:

allocation overflow detection helpers
One of the many ways C can be dangerous to use is that it lacks strong primitives to deal with arithmetic overflow. A developer can’t just wrap a series of calculations in a try/catch block to trap any calculations that might overflow (or underflow). Instead, C will happily wrap values back around, causing all kinds of flaws. Some time ago GCC added a set of single-operation helpers that will efficiently detect overflow, so Rasmus Villemoes suggested implementing these (with fallbacks) in the kernel. While it still requires explicit use by developers, it’s much more fool-proof than doing open-coded type-sensitive bounds checking before every calculation. As a first-use of these routines, Matthew Wilcox created wrappers for common size calculations, mainly for use during memory allocations.

removing open-coded multiplication from memory allocation arguments
A common flaw in the kernel is integer overflow during memory allocation size calculations. As mentioned above, C doesn’t provide much in the way of protection, so it’s on the developer to get it right. In an effort to reduce the frequency of these bugs, and inspired by a couple flaws found by Silvio Cesare, I did a first-pass sweep of the kernel to move from open-coded multiplications during memory allocations into either their 2-factor API counterparts (e.g. kmalloc(a * b, GFP...) -> kmalloc_array(a, b, GFP...)), or to use the new overflow-checking helpers (e.g. vmalloc(a * b) -> vmalloc(array_size(a, b))). There’s still lots more work to be done here, since frequently an allocation size will be calculated earlier in a variable rather than in the allocation arguments, and overflows happen in way more places than just memory allocation. Better yet would be to have exceptions raised on overflows where no wrap-around was expected (e.g. Emese Revfy’s size_overflow GCC plugin).

Variable Length Array removals, part 2
As discussed previously, VLAs continue to get removed from the kernel. For v4.18, we continued to get help from a bunch of lovely folks: Andreas Christoforou, Antoine Tenart, Chris Wilson, Gustavo A. R. Silva, Kyle Spiers, Laura Abbott, Salvatore Mesoraca, Stephan Wahren, Thomas Gleixner, Tobin C. Harding, and Tycho Andersen. Almost all the rest of the VLA removals have been queued for v4.19, but it looks like the very last of them (deep in the crypto subsystem) won’t land until v4.20. I’m so looking forward to being able to add -Wvla globally to the kernel build so we can be free from the classes of flaws that VLAs enable, like stack exhaustion and stack guard page jumping. Eliminating VLAs also simplifies the porting work of the stackleak GCC plugin from grsecurity, since it no longer has to hook and check VLA creation.

Kconfig compiler detection
While not strictly a security thing, Masahiro Yamada made giant improvements to the kernel’s Kconfig subsystem so that kernel build configuration now knows what compiler you’re using (among other things) so that configuration is no longer separate from the compiler features. For example, in the past, one could select CONFIG_CC_STACKPROTECTOR_STRONG even if the compiler didn’t support it, and later the build would fail. Or in other cases, configurations would silently down-grade to what was available, potentially leading to confusing kernel images where the compiler would change the meaning of a configuration. Going forward now, configurations that aren’t available to the compiler will simply be unselectable in Kconfig. This makes configuration much more consistent, though in some cases, it makes it harder to discover why some configuration is missing (e.g. CONFIG_GCC_PLUGINS no longer gives you a hint about needing to install the plugin development packages).

That’s it for now! Please let me know if you think I missed anything. Stay tuned for v4.19; the merge window is open. :)

© 2018, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Ubuntu Podcast from the UK LoCo: S11E23 – Twenty-Three Tales - Ubuntu Podcast

Planet Ubuntu - Pre, 17/08/2018 - 4:00md

We’ve been upgrading RAM and tooting in the fediverse. We discuss Hollywood embracing open source, a new release of LibreOffice, pacemakers getting hacked and fax machines becoming selfaware and taking over the planet. We also round up the community news and events.

It’s Season 11 Episode 23 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Valorie Zimmerman: Akademy: closing time

Planet Ubuntu - Pre, 17/08/2018 - 3:05md
Akademy is always a whirlwind which is my excuse for not blogging! Today we wrapped up the program which leaves us in a nearly-empty venue and a bit of time after lunch to catch up.
I did manage to gather photos together in Google Photos: https://photos.app.goo.gl/qHPwehW8C1zPGuav7
Thanks again to the KDE e.V. for sponsoring my hostel and the Ubuntu Community Fund for part of my travel expenses. This allowed me to attend. Meeting Popey from the Ubuntu community and the Limux team was great, although we didn't do as much Kubuntu work as in past years. However, attending the Distro BoF was a great experience; very friendly and collaborative.
As always, the talks were interesting, the "hall track" fascinating, BoFs engaging. The high point for me personally was being given an Akademy Award on Sunday after a blessedly-short e.V. meeting. I almost fainted from surprise! It feels wonderful to be not just appreciated but honored for my work for the KDE community. 
Thank you again!
I will update here with a photo when I can.
Yesterday and today were taken up with trainings, which while exhausting are extremely valuable. Along with the documentation work ahead, I look forward to integrating both the Non-Violent Communication and Tech Documentation trainings into my work.
In addition, I will be happy to see our documentation team re-group and gain strength over the next year as we work with the contractor on identifying pain points and fixing them.
I got lost yesterday, which one should always do in a strange city. Here is one of the beautiful windows I saw before finding the tram and a different way home:
Tomorrow we meet at 3:45 am to share an Uber to the airport and the beginning of the journey home. To KDE friends new and old: we'll meet next year at Akademy I hope, or at least in IRC.
Local friends and family, I'll see you soon!

Lubuntu Blog: Lubuntu Development Newsletter #9

Planet Ubuntu - Pre, 17/08/2018 - 3:53pd
This is the ninth issue of The Lubuntu Development Newsletter. You can read the last issue here. Changes General We’ve been polishing the desktop more, but work has been blocked by the still ongoing Qt transition. The 16.04 to 18.04 upgrade has now been enabled! Please do let us know if there’s any issues. Here’s […]

Andres Rodriguez: MAAS 2.4.1 released!

Planet Ubuntu - Mër, 15/08/2018 - 5:20md

Hello MAASTers

MAAS 2.4.1 has now been released and it is a bug fix release. Please see more details in discourse.maas.io [1].

[1]: https://discourse.maas.io/t/maas-2-4-1-released/148

Stephen Michael Kellat: When Things Become Bizarre

Planet Ubuntu - Mar, 14/08/2018 - 4:25pd

Welcome to August.

As you could see from my last post, there have been changes afoot. We're effectively in a state of freefall at my job right now. The normal progression of events would have me place on seasonal release otherwise known as furlough about now already. Due to a wide-ranging set of factors beyond my control, we barely know week-to-week what is going on. It is considered to be a bad economic situation to "live paycheck to paycheck" in US life but it is even worse when you have no idea about the status of your job week to week. Being unable to plan means I can't even pursue an off-season job or look for freelance work yet. My proficiency in LaTeX is improving, at least, as evidence by the maintenance of my main static website at http://erielookingproductions.info.

There have been some stressors at work. Our enterprise WAN almost collapsed outright last week. Due to legislative changes, we're having to fit in massive retraining with very little time available and no ability to totally down tools for such training. We have difficult days ahead potentially. If appropriations go haywire, none of this may matter. The countdown clock is running on what the Senate and House of Representatives may manage.

This also means I cannot travel to OggCamp. Essentially I have to stay within close range of my Post of Duty right now. Leave grants may be getting revoked soon. Getting shifted over to mandatory training status shortly makes that happen when the stakes are becoming as high as they are right now. Nobody has said this yet at work: "Failure Is Not An Option." With senior ranks in the chain of command coming to the Post of Duty in less than a week, we'll be learning how close things are to running aground. What makes me feel worse is that this was the year I specifically made provision to travel to England. Moving up the ranks at work means I can't escape responsible roles because I'm slowly becoming one of the persons others look up to because everybody else at my rank has either retired or left.

I have been working on an article. It has been a while since I pitched anywhere. I have to check the clock to see if it has run out on the pitch. Once upon a time I had been a working journalist in print. There are four days left on the clock before I try other options. With a link to an old effort from 2012 that brings back some memories, I offer some of the citations I'm working from to write the article:

Amatulli, Jenna. “Spotify Pulls Radio Show Episodes By InfoWars’ Alex Jones After Widespread Complaints.” Huffington Post, August 1, 2018, sec. Media. https://www.huffingtonpost.com/entry/spotify-infowars-alex-jones_us_5b61c4d2e4b0b15aba9ec86e.

Badawy, Adam, Kristina Lerman, and Emilio Ferrara. “Who Falls for Online Political Manipulation?” ArXiv:1808.03281 [Physics], August 9, 2018. http://arxiv.org/abs/1808.03281.

Beschizza, Rob. “Tech Platforms Quit Alex Jones and InfoWars.” Boing Boing, August 6, 2018. https://boingboing.net/2018/08/06/tech-platforms-quit-alex-jones.html.

Brown, Elizabeth Nolan. “Senate Democrats Are Circulating Plans for Government Takeover of the Internet.” Reason.com, July 31, 2018. https://reason.com/blog/2018/07/31/democrats-tech-policy-plans-leaked.

Cellan-Jones, Rory. “Facebook, ITunes and Spotify Drop InfoWars.” BBC News, August 6, 2018, sec. Technology. https://www.bbc.co.uk/news/technology-45083684.

Crowe, Jack. “Facebook Deletes Infowars Page, Apple Deletes All Alex Jones Podcasts.” National Review (blog), August 6, 2018. https://www.nationalreview.com/news/facebook-deletes-infowars-page-apple-deletes-all-alex-jones-podcasts/.

“Enforcing Our Community Standards | Facebook Newsroom.” Accessed August 6, 2018. https://newsroom.fb.com/news/2018/08/enforcing-our-community-standards/.

Gilmer, Marcus. “Facebook Deletes 4 Pages Belonging to Alex Jones and InfoWars.” Mashable, August 6, 2018. https://mashable.com/2018/08/06/facebook-bans-alex-jones-pages/.

Glaser, April. “Apple and Spotify Just Did to Alex Jones What Facebook Wouldn’t.” Slate Magazine, August 6, 2018. https://slate.com/technology/2018/08/apple-and-spotify-are-now-both-blocking-infowars-and-alex-jones-podcasts.html.

Gold, Ashley. “Facebook Removes 4 Pages Owned by InfoWars’ Alex Jones.” POLITICO, August 6, 2018. https://www.politico.com/story/2018/08/06/facebook-removes-infowars-pages-alex-jones-764590.

Gore, Leada. “Alex Jones Infowars: Facebook, Apple Remove Podcasts, Pages from Controversial Host.” AL.com, August 6, 2018. https://www.al.com/news/index.ssf/2018/08/alex_jones_infowars_facebook_a.html.

Hern, Alex. “Facebook, Apple, YouTube and Spotify Ban Infowars’ Alex Jones.” The Guardian, August 6, 2018, sec. Technology. http://www.theguardian.com/technology/2018/aug/06/apple-removes-podcasts-infowars-alex-jones.

Hernandez. “The War Against InfoWars and Free Speech.” Victory Girls Blog (blog), August 6, 2018. http://victorygirlsblog.com/the-war-against-infowars-and-free-speech/.

Johnson, Bridget. “Homeland Security Officials: White Supremacist Extremists Skirting Social Media Bans.” Homeland Security (blog), August 7, 2018. https://pjmedia.com/homeland-security/homeland-security-officials-white-supremacist-extremists-skirting-social-media-bans/.

Kreps, Daniel. “Apple Removes Alex Jones, ‘Infowars’ Podcasts From Apps.” Rolling Stone (blog), August 6, 2018. https://www.rollingstone.com/culture/culture-news/apple-removes-alex-jones-infowars-podcasts-from-apps-706764/.

Legaspi, Althea. “Spotify Pulls Episodes of Infowars’ ‘Alex Jones Show’ Podcast.” Rolling Stone (blog), August 2, 2018. https://www.rollingstone.com/culture/culture-news/spotify-pulls-episodes-of-infowars-alex-jones-show-podcast-705812/.

McKay, Rich. “Facebook, Apple, YouTube and Spotify Take down Alex Jones Content.” Reuters, August 6, 2018. https://www.reuters.com/article/us-apple-infowars/apple-removes-most-of-u-s-conspiracy-theorists-podcasts-from-itunes-idUSKBN1KR0MZ.

Meza, Summer. “Facebook Finally Cracks down on Alex Jones and Infowars.” The Week, August 6, 2018. http://theweek.com/speedreads/788787/facebook-finally-cracks-down-alex-jones-infowars.

Morris, Chris. “Facebook Bans Several Pages From Alex Jones and Infowars.” Fortune, August 6, 2018. http://fortune.com/2018/08/06/facebook-bans-alex-jones-infowars-hate-speech/.

Neidig, Harper. “Facebook Deletes InfoWars Pages.” TheHill, August 6, 2018. http://thehill.com/policy/technology/400512-facebook-deletes-infowars-pages.

Paczkowski, John, and Charlie Warzel. “Apple Kicked Alex Jones Off Its Platform Then YouTube And Facebook Rushed To Do The Same.” BuzzFeed News, August 6, 2018. https://www.buzzfeednews.com/article/johnpaczkowski/apple-is-removing-alex-jones-and-infowars-podcasts-from.

Palladino, Valentina. “Alex Jones Hit with Bans from Facebook and Apple.” Ars Technica, August 6, 2018. https://arstechnica.com/gadgets/2018/08/alex-jones-hit-with-bans-from-facebook-and-apple/.

Russell, Jon. “Apple Has Removed Infowars Podcasts from ITunes.” TechCrunch (blog), August 6, 2018. http://social.techcrunch.com/2018/08/05/apple-has-removed-infowars-podcasts-from-itunes/.

Ryan, Jackson. “Apple Drops Alex Jones and Infowars from ITunes, Podcast App.” CNET, August 6, 2018. https://www.cnet.com/news/apple-has-dropped-alex-jones-and-infowars-from-itunes-podcasts/.

Simon, Roger L. “InfoWars and the Rise of the Tech Fascists.” Roger L. Simon (blog), August 6, 2018. https://pjmedia.com/rogerlsimon/infowars-and-the-rise-of-the-tech-fascists/.

Watson, Paul Joseph. “Facebook Bans Infowars. Permanently. Infowars Was Widely Credited with Playing a Key Role in Getting Trump Elected. This Is a Co-Ordinated Move Ahead of the Mid-Terms to Help Democrats. This Is Political Censorship.  This Is Culture War.Https://Www.Infowars.Com/Purged-Facebook-Permanently-Bans-Infowars-for-Hate-Speech/ ….” Tweet. @PrisonPlanet (blog), August 6, 2018. https://twitter.com/PrisonPlanet/status/1026433061469257733.

Yilek, Caitlin. “‘Survival of Our Democracy’ Depends on Banning Sites like InfoWars, Dem Senator Says.” Washington Examiner, August 7, 2018. https://www.washingtonexaminer.com/news/survival-of-our-democracy-depends-on-banning-sites-like-infowars-democratic-senator-says.

David Tomaschik: I'm the One Who Doesn't Knock: Unlocking Doors From the Network

Planet Ubuntu - Pre, 10/08/2018 - 9:00pd

Today I’m giving a talk in the IoT Village at DEF CON 26. Though not a “main stage” talk, this is my first opportunity to speak at DEF CON. I’m really excited, especially with how much I enjoy IoT hacking. My talk was inspired by the research that lead to CVE-2017-17704, but it’s not meant to be a vendor-shaming session. It’s meant to be a discussion of the difficulty of getting physical access control systems that have IP communications features right. It’s meant to show that the designs we use to build a secure system when you have a classic user interface don’t work the same way in the IoT world.

(If you’re at DEF CON, come check it out at 4:45PM on Friday, August 10 in the IoT Village.)

The TL;DR of it is that encryption (particularly with a key hardcoded in the device firmware) does not guarantee authenticity and that an attacker can forge messages triggering behavior on the door access controller. What’s more interesting is to discuss how to fix this problem in product designs going forward.

Getting encryption right is hard at the best of times. Doing it in a way that allows reasonable management of the devices, with proper authentication of connection, when you have devices that may not have hostnames (or if they do, may be internal only hostnames), that don’t have classic user interfaces, that may fail and need to be replaced, is very hard.

It’s also worth noting that the amount we should care about security really does depend on the product involved. While I don’t deny that an RCE in a light bulb could become part of a botnet, authentication bypass in an access control system is pretty scary. It literally has one job: to deny unauthorized access. Having the ability to bypass it over the network is clearly impactful.

I hope my talk will inspire conversations about how to do network trust among networks of embedded & IoT devices. As security professionals, we haven’t offered the device developers the tools to bootstrap the trust relationships in the real world. Here’s to hoping that next year, I can be discussing a different type of bug.

Slides

PDF: I’m the One Who Doesn’t Knock: Unlocking Doors From the Network

Sergio Schvezov: Reporting Metrics Back to Ubuntu

Planet Ubuntu - Enj, 09/08/2018 - 1:22pd
A short lived ride After some time on Kubuntu on this new laptop, I just re-discovered that I did not want to live in the Plasma world anymore. While I do value all the work the team behind it does, the user interface is just not for me as it feels rather busy to my liking. In that aforementioned post I wrote about running the Ubuntu Report Tool on this system, it is not part of the Kubuntu install or first boot experience but you can install it by running apt install ubuntu-report followed by running ubuntu-report to actually create the report and if you want, send it too.

Stuart Langridge: If you can do it with CSS do it with CSS

Planet Ubuntu - Enj, 09/08/2018 - 1:19pd

I read Twitter with Tweetdeck. And I use the excellent Better Tweetdeck to improve my Tweetdeck experience. And I had an idea.

You see, emoji, much as they’re the way we communicate now, they’re actually quite hard to read. And Slack does this rather neat thing where if you respond to a message with an emoji, it displays that emoji bigger than normal text so you can see it clearly. And some people just write tweets which are, like, two emoji and that’s it, and it would be really handy if they were large enough to read.

So I thought, here’s an idea; how about, if there’s a tweet which is just emoji, then display those emoji larger so they’re easier to see? Only if there are, say, four or less; you don’t want those people who write a whole huge tweet as emoji to get enlarged. Just the ones where someone responds with two little pictures and that’s it; let’s make that nice and visible, like Slack does.

This is clearly a thing for Better Tweetdeck to do. (They already provide a config option to make emoji a little bigger, which I appreciate.) So… how do we do this?

Well, one obvious way is to do it with JavaScript. Every time we read a new tweet, look to see whether it contains nothing but emoji, and if it does and there are less than four of them, add inline styles to make them larger. Job done.

But… that’s not very efficient, is it? You have to do that every time a new tweet appears, in any column, and that happens a lot. What would actually be better is to write some CSS which does this, and add that CSS one time, when you load up, and then you’re done. Have the browser do the heavy lifting, not us. It is a principle with me that if you can do a thing with CSS, then you should do it with CSS. JavaScript is there for things that CSS can’t do. Don’t use JavaScript, which makes you do the work, when you can use CSS and make the browser do it instead. The browser is better than you at it.

So… what you want to do is this. In pure CSS, if there’s a tweet (which in Tweetdeck is a <p> element) which contains <img class="emoji"> and nothing else, and there are four or fewer of these img.emoji elements, then make those images larger.

In pure CSS. No JavaScript. This is harder than it looks. Go and try to work it out, if you don’t believe me.

Well, the key insight here is that if you are an element, and you are :last-child(X), and you are also last-of-type(X), then there can’t be any elements after you which are not the same as you. So, if an img.emoji is the first of its type, and also the first element, and it’s the third last of its type, and also the third last element, then we know that it is element 1 of three identical elements. So an img:nth-child(1) which is also an img:nth-of-type(1) and which is also an img:nth-last-of-type(3) and also an img:nth-last-child(3) must be the first <img> in a group of three <img> elements. So that solves our problem! All we need is a selector which matches an img which is:

  • img 1 in a group of 1 image, or
  • img 1 in a group of 2 images, or
  • img 2 in a group of 2 images, or
  • img 1 in a group of 3 images, or
  • img 2 in a group of 3 images, or
  • img 3 in a group of 3 images, or
  • img 1 in a group of 4 images, or
  • …etc

…and that’s pretty easy, although long, to express as a CSS selector. So, to resize all img.emoji elements where (a) there are only img.emoji elements in this tweet and no text, and (b) there are four or fewer img.emoji in the tweet, we need a selector like this:

p > .emoji:nth-child(1):nth-of-type(1):nth-last-child(1):nth-last-of-type(1), /* 1 of 1 */ p > .emoji:nth-child(1):nth-of-type(1):nth-last-child(2):nth-last-of-type(2), /* 1 of 2 */ p > .emoji:nth-child(2):nth-of-type(2):nth-last-child(1):nth-last-of-type(1), /* 2 of 2 */ p > .emoji:nth-child(1):nth-of-type(1):nth-last-child(3):nth-last-of-type(3), /* 1 of 3 */ p > .emoji:nth-child(2):nth-of-type(2):nth-last-child(2):nth-last-of-type(2), /* 2 of 3 */ p > .emoji:nth-child(3):nth-of-type(3):nth-last-child(1):nth-last-of-type(1), /* 3 of 3 */ p > .emoji:nth-child(1):nth-of-type(1):nth-last-child(4):nth-last-of-type(4), /* 1 of 4 */ p > .emoji:nth-child(2):nth-of-type(2):nth-last-child(3):nth-last-of-type(3), /* 2 of 4 */ p > .emoji:nth-child(3):nth-of-type(3):nth-last-child(2):nth-last-of-type(2), /* 3 of 4 */ p > .emoji:nth-child(4):nth-of-type(4):nth-last-child(1):nth-last-of-type(1) {/* 4 of 4 */ styles here }

It looks long and cryptic and mystic, but actually it’s not that complicated at all. And, importantly, this is all the work you have to do. Add that CSS, and then any new tweets that come along which match our criteria get automatically styled to match. You don’t have to inspect every tweet and tweak it. The browser does the work, which is what the browser is designed for. If you can do a thing with CSS, then do it with CSS. Job done.

I’m quite proud of this. There’s an increasing, and depressing, movement to add more JavaScript to web pages, to write more code client side, to deal with huge JS downloads by improving compression rather than by just doing less JavaScript. I, myself, I’m in favour of having CSS do the things it can do, even if you have to be creative to solve that problem. Falling back to JavaScript to do styling is a failure. Use CSS where you can; being clever in how you do that CSS is part of the fun. You don’t need JS for this, really you don’t. CSS actually is awesome.

My pull request at Better Tweetdeck is, at time of writing, still pending. Proof that this technique works is in jsbin. Fingers crossed my PR gets accepted, and we can solve another problem with pure CSS.

Purity is great. And if you’re thinking, CSS can’t solve real problems… check out Bence Szabó‘s amazing pure CSS stacking game. I was open mouthed with awe. If you aren’t, maybe you should spend some time going back over how the web works, and then you will be too.

Valorie Zimmerman: Ade visits, and the weather changes so we can walk about Deventer

Planet Ubuntu - Mër, 08/08/2018 - 6:00md
A lovely lunch and a shared afternoon and evening with Ade was a pleasant interlude in our time together here in beautiful Deventer. We changed tables a few times to avoid the sun! Last night we were wakened at around 2am with wind blowing rain into the open windows, which was quite exciting. Thunder roared in the south. It was still quite cool and breezy this morning so we ate inside.




After lunch, Boud proposed a walk around the town while the temperatures were moderate. We walked over much of the old town of Deventer, and spend some time in the Roman Catholic church, the old church on the "hill" with twin spires, the old Brush Shop, and back past the Weighing House and a lovely cast bronze map of Deventer.

Our favorite tree:


The Roman Catholic church whose steeple we see from the terrace:
On the wall of the Weighing House:


Our little corner of Deventer:

Tomorrow we travel by fast train to Vienna! I hope there is time to drink a cup of coffee. :-)

Sean Davis: Mugshot 0.4.1 Released

Planet Ubuntu - Mër, 08/08/2018 - 12:04md

Mugshot 0.4.1, the latest release of the lightweight user profile editor, is now available! This release includes a number of bug fixes and will now run in the most minimal of environments.

What’s New? Code Quality Improvements
  • Replaced deprecated logger.warn with logger.warning (Python 2.x)
  • Replaced deprecated module optparse with argparse (Python 2.7)
  • Resolved Pylint and PEP8 errors and warnings
Bug Fixes
  • TypeError in _spawn(): The argument, args, must be a list (LP: #1443283)
  • User-specified initials are not correctly loaded (LP: #1574239)
  • Include Mugshot in Xfce Settings, Personal Settings (LP: #1698626)
  • Support -p and -w office phone flags in chfn. This flag varies between chfn releases. (LP: #1699285)
  • FileNotFoundError when comparing profile images (LP: #1771629)
Support for Minimal Chroot Environments
  • Fix crash when run without AccountsService
  • Handle OSError: out of pty devices
  • Specify utf-8 codec for desktop file processing when building
Translation Updates

Catalan, Chinese (Simplified), Danish, Lithuanian, Spanish

Downloads

Source tarball (md5sig)

Faqet

Subscribe to AlbLinux agreguesi