Posts tagged open source
The Tor Project has updated its browser after the discovery of a bug with more than dangerous repercussions for user privacy. URLs based on onion services version 2 should migrate to version 3 before September 2021.
A recent update of the Tor Browser to version 10.0.18 has enabled several bugs to be corrected, including a rather serious vulnerability for users, French IT news site Le Monde Informatique reports. As a matter of fact, this bug, which is based on version 2 of its onion services, enabled some sites to track users from the applications installed on their devices.
The vulnerability tracked users via their browsers, enabling any website or government to discover a user’s actual IP address, which is contrary to the basic principle of the Tor project. URLs actually benefit from a security gain with version 3 of onion services. This is due to the fact that they use “cleaner” code with stronger cryptography which is proving to be less susceptible to brute force attacks due to its complexity.
URLs under onion services V2 no longer supported from 15 July
The project also announced it would start to deprecate URLs under onion services version 2 by initially advising the operators and clients that access them. With effect from 15 July, Tor will no longer support V2 URLs V2 and support for them will be removed from the browser codebase.
So as to ensure that each user and website administrator is well aware of this change, a message will be displayed “when visiting sites which are still using V2 URLs advising they will shortly be deprecated and the site will be inaccessible unless it is updated to version 3 of onion services“.
The Baltic Republic of Estonia has clearly taken note of the Free Software Foundation Europe’s Pubic Money Public Code campaign to have publicly funded software released as free software.
Joinup,the EU’s news site for open source IT developments reports that the Estonian government decided to make all government software publicly available.
The Estonian Parliament, the Riigikogu, approved the necessary changes to the Estonian State Property Act on 12 May 2021 and the the new rules came into effect on 1st June 2021.
All software to which the Estonian state owns the property rights in whole or part shall henceforth ould be made available publicly. If only parts are owned by the state, those parts owned by the state will be made available.
Under the new regulations, the authority in charge of the software shall decide if the software is to be made available and has to provide the following:
- a description of the public software to be made available for use;
- the conditions of use of the public software to be made available.
However, there are some restrictions on the release of publicly-funded software to the pubic. For example, if such a release would be detrimental to the state, such as a potential threat to public order and national security or cybersecurity reasons, in which case the authority in question can refuse to make the software publicly available.
With his move, Estonia joins other European countries such as Spain, Italy and France, which already publish most of government-owned software publicly
OpenStreetMap is a great open source alternative to the commercial data slurping map services provided by technology giants such Microsoft (Bing) and Google.
At this point you might be wondering why your ‘umble scribe chooses to mention Brexit, the English Empire’s most stupid and damaging foreign policy decision since the 1956 Suez Crisis.
Today’s Guardian announces that OpenStreetMap, which has been headquartered in the UK since its inception nearly 20 years ago, might be upping sticks and moving to a European member state very soon due to part-time alleged prime minister Boris Johnson’s pretend government taking back control and once again ostensibly becoming – in its mendacious words – an independent sovereign state. It’s such a pity the Blonde Bumbler’s kakistocracy doesn’t understand and never has understood the concept of pooled sovereignty.
The OpenStreetMap Foundation, which was formally registered in 2006 – 2 years after the project began – is a limited company incorporated under the laws of England and Wales.
Quoting an email from earlier this month, The Guardian quotes Guillaume Rischard, the Foundation’s treasurer, as saying the following
There is not one reason for moving, but a multitude of paper cuts, most of which have been triggered or amplified by Brexit.
One of these <empaper cuts is the failure of the Johnson régime and EU to agree on mutual recognition of database rights. While both have an agreement to recognise copyright protections, maps are data and fall outside the ambit of creative works. Until Brexit mapping were covered by an EU-wide agreement that protected databases, but since Brexit, there is no longer any mutual recognition and/or protection of any database made in the UK or EU on or after 1 January 2021.
The Foundation’s other motives for moving from the UK include banking and payment concerns, plus the increased importance of the EU technology regulation matters.
A statement issued by the Foundation includes the following:
We are actively researching options to protect the OSM community’s interests, and one option under investigation is relocation to an EU member state. We have made no decisions so far.
Version 1.3 of OpenDocument Format for Office Applications (ODF) has been approved as an OASIS Committee Standard, Italo Vignoli writes on The Document Foundation (TDF) blog.
ODF is a free, open XML-based document file format for office applications for use for documents containing text, spreadsheets, charts and graphical elements. In addition,ODF is the native file format used by TDF’s free and open source LibreOffice productivity suite, as well as other free and open source suites such as Apache OpenOffice, whilst the format can also be handled by major proprietary office suites. Furthermore, ODF has been adopted by the UK government’s Open Standards Board for document exchange with citizens and other victims.
ODF 1.3 is an update to the international standard Version 1.2, which was approved by the International Organization for Standardization (ISO) as ISO/IEC 26300 (2015). The update was approved with 14 affirmative consents and no objections.
The most important new features of ODF 1.3 include digital signatures for documents and the OpenPGP-based encryption of XML documents, with improvements in areas such as change tracking and document security, additional details in the description of elements in first pages, text, numbers and charts.
The full ODF 1.3 Specification can be downloaded from OASIS website.
The new version of ODF has been funded by TDF.
Finally, it is hoped that the new ODF 1.3 will complete the process to update its existing ISO/IEC standard 26300 in early 2022.
The newest version – 2.06 – of the GRUB bootloader used by most Linux distributions contains two new features, German IT news site heise reports. The software now supports boot partitions encrypted with LUKS2 and the update also contains several bug fixes and security improvements. This is the first new version of GRUB in nearly 2 years. It was originally to have been released in summer 2020, but developers were thwarted by a nasty security hole.
Attackers could gain access to the boot process and execute malicious code via a vulnerability named BootHole. To begin with Linux distributors patched their own GRUB packages. Unfortunately, BootHole patches for Red Hat, CentOS, Debian and Ubuntu blocked GRUB2. GRUB has now officially patched BootHole with the new version
GRUB developers have taken over the additional patches used in the meantime by Red Hat, Debian and a few other distributors to secure their own GRUB packages. The distributors had tried to bridge the gap in the lone release times between GRUB versions. In addition, several errors have been eliminated and GRUB’s code tidied up. GRUB can now be compiled with the GCC 10 and Clang 10 C compilers.
New security module
As a new feature, GRUB 2.06 supports the Xen hypervisor’s XSM/FLASK security module and Secure Boot Advanced Targeting (SBAT). The developers of the Shim bootloader came up with the latter technology to further complicate attacks on the boot process. In simple terms, the procedure automatically considers outdated versions of a program involved in the boot process to be unsafe. In addition to this, GRUB 2.06 offers a lockdown mechanism that is similar to the equivalent of the Linux kernel of the same name.
REUSE is a set of best practices to make Free Software licensing much easier. Using simple guidelines, it helps developers stipulate their copyright and conditions for code re-use, as well as providing documentation and low-threshold tools to get the job done.
With REUSE Booster, the Free Software Foundation Europe (FSFE) is to start providing direct support for free software projects.
Since its inception, the aim of the FSFE’s REUSE initiative has been to make licensing and copyright easier for developers, especially those without legal experience and assistance.
REUSE offers standardised ways to mark all files in a project with their relevant licence and copyright. For developers, creating free software and giving notice of the conditions for code re-use are now easier than ever. before. REUSE comes with tutorial and FAQ, as well as the REUSE helper tool and the API to automate once manual processes.
The FSFE is constantly working on improving REUSE.
Introducing REUSE Booster
With REUSE Booster, the FSFE is inviting free software projects to register for support by the its legal experts. As the name suggests, this will boost the process of adopting best practice, together with a general understanding of licensing and copyright.
Accepted projects will participate in an initial workshop in which the process is explained and typical questions answered. Each project will then receive an individual evaluation revealing potential challenges on their path to full REUSE compliance. Guidance will be provided by direct contacts if unforeseen problems arise. Last but not least, the FSFE will share practical suggestions on how to maintain a stable licensing status. The FSFE already provides similar support for all projects in the Next Generation Internet Zero (NGI0) project. As consortium partners, the FSFE helps developers resolve licensing and copyright uncertainties and avoid legal pitfalls. Furthermore, many NGIO projects adopt REUSE best practice to streamline their compliance.
The FSFE now wants to build on this practical experience and enable other projects to benefit. This has made possible by REUSE sponsors such as Siemens and individual support from FSFE volunteers and supporters.
Free Software project managers are asked to register before 8 July 2021 for support in becoming REUSE compliant.
The report’s findings can be summarised as follows.
Free and open source companies are typically micro-businesses (59%) and SMEs (35.1%). They are generally well established youngish businesses with an average age of 11.5 years. They have a very varied customer base in all sectors and exports account for over 20% of their turnover, as opposed to 16.7% in the digital sector.
Besides service activities, there has been a move from solutions-based financial models (invoicing for use, sale of licences) whereas 57.1% are software producers, playing a vital ecosystem role.
During the Covid crisis, the majority (64.6%) of companies reported stable or increasing activities, with 82.8% of managers saying they were confident about the future of their companies and 61.1% seeking to recruit staff. However, 53.7% are worried about the French economy over the long term, particularly as regards the durability of B2B customers.
Although it has been recommended by the Secretariat-General for National Defence and Security (SGDSN) to reassert digital sovereignty, only 29.3% of respondents think that France is implementing an open source industrial strategy to counter the Big Tech companies and 64.6% of them believe the powers that be are not giving sufficient encouragement to open source as provided for by law, particularly in respect of public sector procurement.
Plus de 80% des entreprises sont déjà engagées dans une démarche éthique libre et responsable vis-à-vis de critères spécifiques : la moitié d’entre elles a déjà formalisé de tels engagements et l’autre se déclare prête à le faire.
Businesses are very involved in the ecosystem and contribute to more than 35 organisations. Furthermore, 9.7% report that their region has an open source-based digital strategy which has tangible results, albeit with marked regional disparties.
The Document Foundation (TDF), the organisation behind the free and open source cross-platform LibreOffice suite, announced on its blog on Friday that a new guide for the suite’s Calc spreadsheet module had been released. Version 7.1 of LibreOffice was released in February this year.
The guide has been produced by members of the LibreOffice documentation community to take account of the improvements to Calc in the new release.
The Guide includes the volunteer effort of many members of the documentation community – Rafael Lima from Brazil, Martin Van Zijl and Kees Kriek from the Netherlands and Celia Palacios from the Spanish language community. Yusuf Keten from the Google Summer of Code program merits a special mention for work new extensions and template dialogs, as does Steve Fanning for his editorial review and to Jean Hollis Weber for her work on improving and organising the text. Work on the new guide was co-ordinated by Felipe Viggiano from Brazil.
The 545-page guide is available as a PDF and covers all of Calc’s basic and advanced features, making it a must-read for getting the most out of Calc.
SUSE was the first Linux distribution I ever got working successfully on one of my machines. Therefore, I still keep an eye on developments within the company.
Today German IT news site heise reports that SUSE S.A. has now launched on the stock market. Shares in the Nuremberg-based software supplier are being traded in Frankfurt. The company had previously set the final offer price at €30 Euro, at the lower end of the originally planned €29-34 price range. At 9:15 the opening price after the IPO auction, the initial opening share price was €29.50.
By launching on the stock market, the Linux developer originally wanted to raise up to €1.1 bn. The share price declined slightly after the start of trading, which is not uncommon after an IPO, and the shares are currently trading at over €30.
The traditional ringing of a bell was replaced by a virtual version with SUSE CEO Melissa Di Donato ringing a 3D-animated virtual bell in front of a video wall.
SUSE has been marketing open source software since 1992, particularly its SUSE Linux Enterprise Server (SLES) Linux distribution, together with several infrastructure products for commercial use. It has been based in Nuremberg since 2011 and Melissa Di Donato, who previously worked for SAP, has been the company’s CEO since 2019. Ms Di Donato remarked that the stock market flotation was a new chapter for SUSE. In 2019 SUSE was acquired from Micro Focus by global investment company EQT, since when SUSE has undergone considerable year-on-year growth both in terms of its income and customer base, particularly as regards long-term commercial contracts.
SUSE recently stated that its takeover of Rancher Labs – completed in December 2019 – has proved to be particularly promising. Following this move, SUSE is now offering Rancher’s popular management platform for Kubernetes clusters in addition to its SLES software products.
The Document Foundation (TDF), the German non-profit organisation behind the free and open source LibreOffice productivity suite, has today announced the release of LibreOffice 7.0.6, the slightly less bleeding edge version of the suite intended for enterprise deployments and more conservative users.
LibreOffice 7.0.6 is the sixth minor release of the LibreOffice 7.0 family and is available for immediate download.
According to the LibreOffice Twitter account, this new release contains over 50 bug fixes. TDF also states this will be the final release of the 7.0 branch, with development efforts being concentrated henceforth on maintaining the 7.1 branch and working towards readying LibreOffice 7.2 for release.
For commerical deployments, TDF strongly recommends seeking support from its partners so as to obtain long-term supported releases, dedicated assistance, custom new features and other benefits such as SLAs.
Anyone who’s willing to contribute their time and professional skills to LibreOffice is advised to visit the dedicated supporters’ website.
Finally, all LibreOffice users, free software advocates and community members are invited to make a donation to support The Document Foundation.