Google's Summer of Code includes some big open source projects that needs your help! Linux Foundation announces ELISA; a safety-first approach to Linux deployment
Blender, Inkscape and hundreds of other open source projects are participating in the
- We give Google a lot of shit for their wanton privacy invasion on the show--and it's rightfully deserved.
- But Google also does a lot of good; including the Summer of Code.
- Google has listed 651 Open Source Organizations that have partnered with Summer of Code!
- A few highlights include:
- Blender, Inkscape, Coreboot, Debian, Fedora, FFmpeg, git, Gnome, Godot, Haiku, KDE, Kodi, LibreOffice. LLVM, Matrix.org, Mozilla, Python, ReactOS, ScummVM, The GNU Project, WINE, VLC, and Wikimedia Foundation just to name a few!
One package manager to rule them all... even on Windows?
Linux Foundation announces ELISA; a safety-first approach to Linux deployment
ELISA Press Release
Amazon Grocery Store Detour
Farscape Blu-ray Set I bought
Self-driving Beer Truck
- People don't trust autonomous machines. At least that's the perception at the Linux Foundation.
- After a few studies came out from The American Automobile Association, Gallup, and Pew, that stated
- So the Linux Foundation partnered with ARM, BMW, Toyota and others, to create a system of certification for Linux systems deployed in "safety critical" scenarios.
iOS Win95 Makeover
The banking industry strikes again; this time with ETS.
TLS vs ETS
EFF Fix It Already
- The EFF has a great writeup on one of the new great improvements of TLS 1.3 and how it's making the Internet safer:
- Forward Secrecy
- A major step forward in internet securty.
- In ensures that encrypted data using this technique could not be decrypted--even if the correct keys were used to attempt decryption.
- But there's a new player in town; ETS.
- ETS is a regressive encryption protocol that does not implement Forward Secrecy.
- The reason? Because the banking industry is a dinosaur that relies on unsafe data handling practices in order to "implement data loss protection, intrusion detection" and a bunch of other nonsense.
- But when you really think about what they're saying, their argument falls apart:
- The banks want to be able to forward your traffic to two of their own servers; one to process the actual transaction, and one to log and monitor it.
- But that is incredibly convoluted and leaves the door open to man-in-the-middle attacks by bad actors who've done something like stolen the bank's private keys, logged traffic and later discovers the keys, or other scenarios
- With Forward Secrecy, these vectors are mitigated if not completely eliminated.