Language, Linux, Open Source
Posts tagged tech
Tor Browser squashes user tracking bug
02 weeks
The Tor Project has updated its browser after the discovery of a bug with more than dangerous repercussions for user privacy. URLs based on onion services version 2 should migrate to version 3 before September 2021.
A recent update of the Tor Browser to version 10.0.18 has enabled several bugs to be corrected, including a rather serious vulnerability for users, French IT news site Le Monde Informatique reports. As a matter of fact, this bug, which is based on version 2 of its onion services, enabled some sites to track users from the applications installed on their devices.
Tor Browser running on Ubuntu Linux. Image courtesy of Wikimedia Commons.
The vulnerability tracked users via their browsers, enabling any website or government to discover a user’s actual IP address, which is contrary to the basic principle of the Tor project. URLs actually benefit from a security gain with version 3 of onion services. This is due to the fact that they use “cleaner” code with stronger cryptography which is proving to be less susceptible to brute force attacks due to its complexity.
URLs under onion services V2 no longer supported from 15 July
The project also announced it would start to deprecate URLs under onion services version 2 by initially advising the operators and clients that access them. With effect from 15 July, Tor will no longer support V2 URLs V2 and support for them will be removed from the browser codebase.
So as to ensure that each user and website administrator is well aware of this change, a message will be displayed “when visiting sites which are still using V2 URLs advising they will shortly be deprecated and the site will be inaccessible unless it is updated to version 3 of onion services“.
Estonia – government software is now public software
02 weeks
The Baltic Republic of Estonia has clearly taken note of the Free Software Foundation Europe’s Pubic Money Public Code campaign to have publicly funded software released as free software.
Joinup,the EU’s news site for open source IT developments reports that the Estonian government decided to make all government software publicly available.
The Estonian Parliament, the Riigikogu, approved the necessary changes to the Estonian State Property Act on 12 May 2021 and the the new rules came into effect on 1st June 2021.
All software to which the Estonian state owns the property rights in whole or part shall henceforth ould be made available publicly. If only parts are owned by the state, those parts owned by the state will be made available.
Under the new regulations, the authority in charge of the software shall decide if the software is to be made available and has to provide the following:
- a description of the public software to be made available for use;
- the conditions of use of the public software to be made available.
However, there are some restrictions on the release of publicly-funded software to the pubic. For example, if such a release would be detrimental to the state, such as a potential threat to public order and national security or cybersecurity reasons, in which case the authority in question can refuse to make the software publicly available.
With his move, Estonia joins other European countries such as Spain, Italy and France, which already publish most of government-owned software publicly
OpenStreetMap might move to EU member state
3 weeks
OpenStreetMap is a great open source alternative to the commercial data slurping map services provided by technology giants such Microsoft (Bing) and Google.
OpenStreetMap view of part of East Bristol
At this point you might be wondering why your ‘umble scribe chooses to mention Brexit, the English Empire’s most stupid and damaging foreign policy decision since the 1956 Suez Crisis.
Today’s Guardian announces that OpenStreetMap, which has been headquartered in the UK since its inception nearly 20 years ago, might be upping sticks and moving to a European member state very soon due to part-time alleged prime minister Boris Johnson’s pretend government taking back control and once again ostensibly becoming – in its mendacious words – an independent sovereign state. It’s such a pity the Blonde Bumbler’s kakistocracy doesn’t understand and never has understood the concept of pooled sovereignty.
The OpenStreetMap Foundation, which was formally registered in 2006 – 2 years after the project began – is a limited company incorporated under the laws of England and Wales.
Quoting an email from earlier this month, The Guardian quotes Guillaume Rischard, the Foundation’s treasurer, as saying the following
There is not one reason for moving, but a multitude of paper cuts, most of which have been triggered or amplified by Brexit.
One of these <empaper cuts is the failure of the Johnson régime and EU to agree on mutual recognition of database rights. While both have an agreement to recognise copyright protections, maps are data and fall outside the ambit of creative works. Until Brexit mapping were covered by an EU-wide agreement that protected databases, but since Brexit, there is no longer any mutual recognition and/or protection of any database made in the UK or EU on or after 1 January 2021.
The Foundation’s other motives for moving from the UK include banking and payment concerns, plus the increased importance of the EU technology regulation matters.
A statement issued by the Foundation includes the following:
We are actively researching options to protect the OSM community’s interests, and one option under investigation is relocation to an EU member state. We have made no decisions so far.
ODF 1.3 becomes OASIS standard
4 weeks
Version 1.3 of OpenDocument Format for Office Applications (ODF) has been approved as an OASIS Committee Standard, Italo Vignoli writes on The Document Foundation (TDF) blog.
ODF is a free, open XML-based document file format for office applications for use for documents containing text, spreadsheets, charts and graphical elements. In addition,ODF is the native file format used by TDF’s free and open source LibreOffice productivity suite, as well as other free and open source suites such as Apache OpenOffice, whilst the format can also be handled by major proprietary office suites. Furthermore, ODF has been adopted by the UK government’s Open Standards Board for document exchange with citizens and other victims.
ODF 1.3 is an update to the international standard Version 1.2, which was approved by the International Organization for Standardization (ISO) as ISO/IEC 26300 (2015). The update was approved with 14 affirmative consents and no objections.
The most important new features of ODF 1.3 include digital signatures for documents and the OpenPGP-based encryption of XML documents, with improvements in areas such as change tracking and document security, additional details in the description of elements in first pages, text, numbers and charts.
The full ODF 1.3 Specification can be downloaded from OASIS website.
The new version of ODF has been funded by TDF.
Finally, it is hoped that the new ODF 1.3 will complete the process to update its existing ISO/IEC standard 26300 in early 2022.
Improved security in GRUB 2.06 bootloader
1 month
The newest version – 2.06 – of the GRUB bootloader used by most Linux distributions contains two new features, German IT news site heise reports. The software now supports boot partitions encrypted with LUKS2 and the update also contains several bug fixes and security improvements. This is the first new version of GRUB in nearly 2 years. It was originally to have been released in summer 2020, but developers were thwarted by a nasty security hole.
Attackers could gain access to the boot process and execute malicious code via a vulnerability named BootHole. To begin with Linux distributors patched their own GRUB packages. Unfortunately, BootHole patches for Red Hat, CentOS, Debian and Ubuntu blocked GRUB2. GRUB has now officially patched BootHole with the new version
GRUB developers have taken over the additional patches used in the meantime by Red Hat, Debian and a few other distributors to secure their own GRUB packages. The distributors had tried to bridge the gap in the lone release times between GRUB versions. In addition, several errors have been eliminated and GRUB’s code tidied up. GRUB can now be compiled with the GCC 10 and Clang 10 C compilers.
GRUB bootloader menu on Ubuntu Linux machine
New security module
As a new feature, GRUB 2.06 supports the Xen hypervisor’s XSM/FLASK security module and Secure Boot Advanced Targeting (SBAT). The developers of the Shim bootloader came up with the latter technology to further complicate attacks on the boot process. In simple terms, the procedure automatically considers outdated versions of a program involved in the boot process to be unsafe. In addition to this, GRUB 2.06 offers a lockdown mechanism that is similar to the equivalent of the Linux kernel of the same name.
REUSE Booster provides free software licensing and copyright support
1 month
REUSE is a set of best practices to make Free Software licensing much easier. Using simple guidelines, it helps developers stipulate their copyright and conditions for code re-use, as well as providing documentation and low-threshold tools to get the job done.
With REUSE Booster, the Free Software Foundation Europe (FSFE) is to start providing direct support for free software projects.
Since its inception, the aim of the FSFE’s REUSE initiative has been to make licensing and copyright easier for developers, especially those without legal experience and assistance.
REUSE offers standardised ways to mark all files in a project with their relevant licence and copyright. For developers, creating free software and giving notice of the conditions for code re-use are now easier than ever. before. REUSE comes with tutorial and FAQ, as well as the REUSE helper tool and the API to automate once manual processes.
The FSFE is constantly working on improving REUSE.
Introducing REUSE Booster
With REUSE Booster, the FSFE is inviting free software projects to register for support by the its legal experts. As the name suggests, this will boost the process of adopting best practice, together with a general understanding of licensing and copyright.
Accepted projects will participate in an initial workshop in which the process is explained and typical questions answered. Each project will then receive an individual evaluation revealing potential challenges on their path to full REUSE compliance. Guidance will be provided by direct contacts if unforeseen problems arise. Last but not least, the FSFE will share practical suggestions on how to maintain a stable licensing status. The FSFE already provides similar support for all projects in the Next Generation Internet Zero (NGI0) project. As consortium partners, the FSFE helps developers resolve licensing and copyright uncertainties and avoid legal pitfalls. Furthermore, many NGIO projects adopt REUSE best practice to streamline their compliance.
The FSFE now wants to build on this practical experience and enable other projects to benefit. This has made possible by REUSE sponsors such as Siemens and individual support from FSFE volunteers and supporters.
Free Software project managers are asked to register before 8 July 2021 for support in becoming REUSE compliant.
France – the state of open source
2 months
In France the Conseil National des logiciel libres (CNLL – National Free Software Council) has just published its 2020/2021 survey (PDF) into free and open source software in France.
The report’s findings can be summarised as follows.
Free and open source companies are typically micro-businesses (59%) and SMEs (35.1%). They are generally well established youngish businesses with an average age of 11.5 years. They have a very varied customer base in all sectors and exports account for over 20% of their turnover, as opposed to 16.7% in the digital sector.
Besides service activities, there has been a move from solutions-based financial models (invoicing for use, sale of licences) whereas 57.1% are software producers, playing a vital ecosystem role.
During the Covid crisis, the majority (64.6%) of companies reported stable or increasing activities, with 82.8% of managers saying they were confident about the future of their companies and 61.1% seeking to recruit staff. However, 53.7% are worried about the French economy over the long term, particularly as regards the durability of B2B customers.
Although it has been recommended by the Secretariat-General for National Defence and Security (SGDSN) to reassert digital sovereignty, only 29.3% of respondents think that France is implementing an open source industrial strategy to counter the Big Tech companies and 64.6% of them believe the powers that be are not giving sufficient encouragement to open source as provided for by law, particularly in respect of public sector procurement.
Plus de 80% des entreprises sont déjà engagées dans une démarche éthique libre et responsable vis-à-vis de critères spécifiques : la moitié d’entre elles a déjà formalisé de tels engagements et l’autre se déclare prête à le faire.
Businesses are very involved in the ecosystem and contribute to more than 35 organisations. Furthermore, 9.7% report that their region has an open source-based digital strategy which has tangible results, albeit with marked regional disparties.
Printed manuals available for LibreOffice 7
2 months
The Document Foundation (TDF) blog reports today that users of the TDF’s free and open source LibreOffice suite can now acquire hard copies of guides to the various modules in version 7.* of the suite (Writer, Calc, Impress, Math and Base) as well as a general Getting Started Guide.
These new guides are full of tips, tricks and tutorials to help users get the best out of the whole office suite.
The guides are already available for download in both PDF and ODT versions.
There will nevertheless always be people who appreciate hard copies of manuals, so the LibreOffice Documentation community has joined forces with online bookshop Lulu (which was started by Red Hat co-founder Bob Young) made these available guides. The guides will be printed on demand in various locations and be shipped to anywhere in the world.
Pricing for the UK is shown as £10 per guide. Lulu also provide guides for earlier versions of LibreOffice.
LibreOffice 7.1 Calc Guide available
2 months
The Document Foundation (TDF), the organisation behind the free and open source cross-platform LibreOffice suite, announced on its blog on Friday that a new guide for the suite’s Calc spreadsheet module had been released. Version 7.1 of LibreOffice was released in February this year.
The guide has been produced by members of the LibreOffice documentation community to take account of the improvements to Calc in the new release.
The Guide includes the volunteer effort of many members of the documentation community – Rafael Lima from Brazil, Martin Van Zijl and Kees Kriek from the Netherlands and Celia Palacios from the Spanish language community. Yusuf Keten from the Google Summer of Code program merits a special mention for work new extensions and template dialogs, as does Steve Fanning for his editorial review and to Jean Hollis Weber for her work on improving and organising the text. Work on the new guide was co-ordinated by Felipe Viggiano from Brazil.
The 545-page guide is available as a PDF and covers all of Calc’s basic and advanced features, making it a must-read for getting the most out of Calc.
Press gets it wrong – again
0If there’s one characteristic of the English Empire’s free and fearless press and the news media in general that’s immediately apparent to anyone with more than one brain cell, it’s their usually remote relationship with the truth.
In the last week or so a new word has emerged – pingdemic – in relation to the coronavirus pandemic to describe the large volume of self-isolation warnings issued by the Covid track and trace app (aka pings (pl.), as derived from the computer networking utility of the same name. Ed.).
Thus the terms ping and pingdemic have become part of normal newspaper and news media vocabulary, as shown in this typical example from yesterday’s London Evening Standard.
Whoever wrote the headline Ping threat to our food, tube and bins has clearly not thought the matter through.
It’s not the pings that are the threat but the viral plague which is giving rise to rocketing Covid, aided and abetted by an apology for a government that has removed restrictions far too soon and relinquished – in exemplary Pontius Pilate mode – all responsibility for safeguarding people’s health in the rush to let all their rich mates resume making Loadsamoney again.
All news is to a certain extent manipulated, but if those that right it cannot even get the basic details correct in a headline, is it any wonder that there is deep mistrust in the media?
Still, never mind with all this gloom and doom. Immediately adjacent is a prime example of look over there in the form of the current 2020 Olympic games in Tokyo.
The staff of the Standard clearly seem to have adopted the comment by Juvenal, the 2nd century Roman poet famous that the common people are only interested in bread and circuses (Latin: panem et circensis. Ed.) as editorial policy