open source

  • Debian Installer Jessie Alpha 1 release

    Steve WoodsLinux, Open Source, Tech

    Debian logoThe first alpha of the installation media for Debian 8 (codenamed Jessie) GNU/Linux comes with the lightweight Xfce desktop as standard. The reloading of firmware is not working in this initial version.

    The Debian installer team has released an initial alpha for Debian 8 (Jessie). The standard images for testing the Jessie installation are supplied with the Xfce desktop as standard. However, it is currently uncertain whether this will be retain for the actual Debian 8 release as the developers want to discuss the standard desktop once more in August. If necessary, the decision taken then will be considered once again, which is possible since the main development phase doesn’t end until 5th November; this “freeze” is typically followed by a stabilisation phase lasting several months before the distribution is finally released.

    However, some of the features introduced with the alpha might not be altered any further. Thus there is no alpha version for Itanium (IA-64) processors because the Debian Project will not be supporting this processor architecture in future. In addition, the IBM S390 architecture has been replaced with the S390x architecture.

    The AMD64 edition of the first alpha of Jessie takes up three DVDs and uses a kernel which is based on Linux 3.13. Amongst this releases known problems is a bug that missing firmware files cannot be reloaded.

    I’m already running Jessie on one of my machines, but did an upgrade on an existing machine, rather than a fresh install, and am finding it very reliable and stable. Read about my experience.

  • South Tyrol region to save €1 mn. with free software

    Steve WoodsOpen Source, Politics

    Südtirol coat of armsThe government of Italy’s Autonomous Province of South Tyrol wants to save &euro 1 mn. per year by using free software, according to a press release issued last week.

    Public sector organisations took the first step towards the use of free software nearly one year ago with the change to the LibreOffice productivity suite (news passim). On 11th March 2014 the regional government decided to continue to pursue this route and to resort to the use of open source where possible. “We are expecting savings of one million Euro per year through free software,” declares governor Arno Kompatscher.

    “The use of proprietary or free software has in the meantime degenerated into almost a religious war, not only in the public sector, but also in private businesses,” Kompatscher continued, speaking after a regional government meeting.

    During the preceding legislature period the region and regional government had already made a decision in principle to opt for the use of free software. In June last year the first major step towards free software was made with the change from MS Office to LibreOffice. The regional government alone migrated 7,000 to the open source office suite.

    Governor Kompatscher stressed that it was not a matter of using free software exclusively, but to find the best solution as regards citizens: “We’re standing by using free software. However, it’s not a matter of deciding between free and proprietary software, but between requirements.” Free software, according to Kompatscher, is not always suitable, but: “Citizens must always have access to public sector documents without having to resort to paid-for software as well. That is the key issue”.

    The city of Munich is acting as an example for the use of free software in government. “For example, Munich’s city council is using free software; in spite of this ten per cent of its computers are still running proprietary programs. We’re aligning ourselves with this. There will be no either or; the principal objective is friendliness towards citizens,” Kompatscher emphasises.

    The governor also refers to the potential savings arising from free software: “A very, very large amount of money is involved. The target is savings of one million euro per year.” Just from its first major step, switching to LibreOffice should save the regional government paying Microsoft some €600,000 in licence fees in the next few years.

  • Bloggers under attack as pingback abused

    Steve WoodsLinux, Media, Open Source, Tech

    WordPress logoWordPress’ pingback function can be abused to mount a denial of service (DoS) attack on blogs without their owners noticing, Germany’s Heise IT website reports. It is unlikely that the problem will be remedied with an update.

    Security company Sucuri reports on an attack on one WordPress installation in which more than 162,000 other WordPress sites were misused as a DDoS platform. In this instance the attacker used the software’s pingback function in order to cripple the target website. With a pingback, one WordPress site can notify another that it has quoted its blog post.

    The attack works in such a manner that an attacker searches for a legitimate blog which has pingback activated (currently the default configuration for new WordPress installations) and then simulate a pingback from the victim’s site. The victim’s blog then queries the victim for the post which was quoted in the faked pingback. If the attacker does this with many sites, the flood of traffic is difficult for the target site to black as the queries look completely legitimate and originate from trustworthy sources.

    In the attack observed by Sucuri randomly generated URLs were quoted in the fake pingbacks for the victim’s ostensible posts. This results in WordPress’ caching mechanism does not take effect and the web server is so overloaded since the database must attempt to deliver the supposed posts for each request. Of course, in reality the server just serves up 404 error pages, since there are no pages for the random URLs. Nevertheless, if there are many such requests, this is sufficient to cripple the WordPress installation’s database. On Unix and Linux systems such an attack can be launched very simply by using the curl command on the command line.

    As the attack is misusing the ordinary working of the pingback function, it cannot be assumed that WordPress developers are going to do something about the problem. Site owners can prevent their blog being miused in this way by deactivating their installation’s pingback functions. Sucuri itself is proposing source code for a WordPress plug-in which should block the attacks, as follows:

    add_filter( ‘xmlrpc_methods’, function( $methods ) {
    unset( $methods[‘pingback.ping’] );
    return $methods;
    } );

    Use Sicuri’s WordPress DDoS Scanner to check if your site is being used for launching such attacks on other websites.

  • OmegaT, the basics

    Steve WoodsLanguage, Open Source, Tech

    OmegaT is a free and open source translation memory application written in Java. It’s a tool intended for professional translators.

    OmegaT has the following features:

    • Fuzzy matching
    • Match propagation
    • Simultaneous processing of multiple-file projects
    • Simultaneous use of multiple translation memories
    • User glossaries with recognition of inflected forms
    • Document file formats include:
      Open Document Format (the native format of the LibreOffice, OpenOffice and Calligra office suites)
      Microsoft Word, Excel, Powerpoint (.docx, .xlsx, .pptx)
      XHTML and HTML
      MediaWiki (Wikipedia)
      Plain text
      …plus about 30 other file formats
    • Unicode (UTF-8) support: can be used with non-Latin alphabets
    • Support for right-to-left languages
    • Integral spelling checker
    • Compatible with other translation memory applications (TMX, TTX, TXML, XLIFF, SDLXLIFF)

    OmegaT is cross-platform: it will run on any system on which the JRE (Java Runtime Environment) has been or can be installed.

    Over on YouTube, user weasel75 has produced a short (10 minutes) tutorial on the basics of OmegaT. Hopefully you’ll find it as useful as I did.

  • Applications open for new round of Gnome OPW internships

    Steve WoodsOpen Source, Tech

    OPW logoThe Gnome Outreach Program* for Women (OPW) helps women get involved in free and open source software and has just announced the opening of a new round of internship applications. Women can apply for an internship to contribute to an open source project from May to August; and OPW is not just asking for applications from programmers.

    Successful applicants can obtain a Gnome Foundation internship from 19th May until 18th August 2014 under the aegis of the OPW. The outreach programme is intended to increase the proportion of women in open source projects and twice a year promotes the contribution of women to projects such as Gnome, Wikimedia and OpenStack. The deadline for applications for the next round is 19th May 2014.

    As previously stated, the programme is not restricted to women with programming skills; those with design, documentation or marketing skills can also apply. All participants will be supported by a mentor in the participating organisations. Details on how to apply are on the Gnome Foundation’s dedicated OPW site.

    * = It’s an American institution, hence the US spelling.

  • Tor network used to hide botnets and darknets

    Steve WoodsOpen Source, Tech

    According to IT security vendors Kaspersky Lab, the Tor anonymity network is under threat of being swamped by criminals abusing the anonymity it provides for hiding zombie networks, malicious command and control servers and ‘darknets’, Le Monde Informatique reports.

    How to works diagram

    Tor – otherwise known as The Onion Router – has always had its dark side, but last year the network’s use by criminals seems to have grown appreciably. According to researcher Sergey Lozhkin, “Kaspersky Lab had uncovered evidence of 900 services using Tor, equivalent to 5,500 nodes (server relays) and 1,000 exit nodes (servers from which traffic emerges) in total.”

    “It all started from the notorious Silk Road market and evolved into dozens of specialist markets: drugs, arms and, of course, malware.

    “Carding shops are firmly established in the Darknet. Stolen personal info is for sale with a wide variety of search attributes like country, bank, etc. Offers for customers of this kind are not limited to credit cards. Dumps, skimmers and carding equipment are for sale too”, he added.

    “In addition, command and control (C&C) servers hosted by Tor are more difficult to flush out, blacklist or eliminate,” Lozhkin continued. “Although creating a Tor communication module within a malware sample means extra work for the malware developers. We expect there will be a rise in new Tor-based malware, as well as Tor support for existing malware.”

    Experts from Kaspersky Lab have so far found Zeus with Tor capabilities and then detected ChewBacca and finally analysed the first Tor Trojan for Android.

  • Addio XP

    Steve WoodsBristol, Linux, Open Source, Tech

    It’s not just the Bristol & Bath Linux User Group (LUG) that’s organising an event to mark the end support for Microsoft’s superannuated Windows XP operating system (posts passim).

    In Italy a consortium of the Perugia GNU/Linux User Group, LibreUmbria, the Perugia Centro di Competenza Open Source and Girl Geek Life is also organising a half-day event to inform people that they don’t need to buy a new computer to have a modern, secure operating system again; all that’s needed is a change to a free and open source Linux operating system and its vast range of software.

    publicity for Perugia GNU/LUG's XP event
    Addio XP, ciao software libero!

    The Perugia event takes place at Perugia University on Saturday, 5th April 2014 from 9.00 am to 1.00 pm. Full details can be found at http://xpaddio.perugiagnulug.org/.

    Windows XP Zombie Edition
    Install Linux: don’t end up with an operating system that should died years ago!

    Support for XP (and MS Office 2003 too. Ed.) ends on 8th April 2014.

  • Upgrading Debian from stable to testing

    Steve WoodsLinux, Open Source, Tech

    Debian logoI’ve been using Debian GNU/Linux for many years and have been very pleased with its stability, reliability and security.

    Yesterday I decided to do something I’ve never done before: upgrade a production machine from Debian stable (codename ‘wheezy’) to Debian testing (codename ‘jessie’). See this guide for an explanation of Debian versions and releases.

    Anyway, after installing the apt-listbugs package which a Bristol Wireless colleague recommended, I then proceeded with the upgrade via the command line.

    The sequence of commands to perform the upgrade itself is very easy.

    # cp /etc/apt/sources.list{,.bak}
    # sed -i -e ‘s/ \(stable\|wheezy\)/ testing/ig’ /etc/apt/sources.list
    # apt-get update
    # apt-get –download-only dist-upgrade
    # apt-get dist-upgrade

    The first command backs up the software sources list, whilst the second edits the sources list to replace release versions. After that, the actual fun begins, downloading updated package information, downloading the packages themselves and then installing them.

    All told, it went very smoothly. The laptop rebooted normally after the upgrade and brought up the GUI. The only major problem was that I lost the functionality of the Broadcom wireless network card; this was resolved by reinstalling the card’s firmware – a 2 minute job. The upgrade also resulted in 2 packages being broken. The command (as root) for fixing this problem is apt-get -f install.

    In total, the upgrade took about 2 hours and I now have a machine running a more modern version of Debian on the same machine and have kept all my previous personal settings, which is a definite plus compared with a clean install where one has to spend hours reinstalling software packages not included in the ISO disc image and tweaking.

  • LibreUmbria taking free software into schools

    Steve WoodsOpen Source, Tech

    LibreUmbria free software in schools promotional flyerThe first of three free seminars organised by LibreUmbria – the organisation promoting free and open source software in Italy’s Umbria region – aimed at parents and teachers is being organised at the Giovanni Cena primary school in Perugia at 3.30 pm on Monday 10th March, the LibreUmbria blog reports.

    For some months the LibreUmbria working group has been making contact with a number of Umbrian schools in order to take free software into classrooms. They wish to start with primary schools where it is easy to raise children on open source (and there’s some great free and open source education software available at primary level. Ed). LibreUmbria’s wave of training is being heralded in with the arrival of spring thanks to collaboration with Perugia’s Terzo Circolo Didattico, which helped get this LibreUmbria experiment off the ground.

    The LibreUmbria@Scuola programme will include three seminars on the subjects of awareness, freedom and security. Each word will address one aspect of new technology and open up a debate with attendees.

    The seminars will be followed by two courses on the LibreOffice productivity suite in multimedia classrooms: one aimed at parents and another at teachers, who will in turn act as mentors and recommend them to colleagues and then to children in accordance with the cascade training approach.

    Just to emphasize the need for a digital culture that generates awareness, the title of the events being arranged by LibreUmbria is “Digital natives do not exist”. That awareness is currently lacking and there are as yet no “natives”.

Posts navigation