Aggregator

Firefox 65.0 Released, CO.LAB to Host First "Global Experience" at the Tate Modern, Electric Guitar with a Built-In RPi Synthesizer, Debian's Reproducible Builds Report and Update on Fedora's New Privacy System for User Stats

2 weeks 5 days ago

News briefs for January 29, 2019.

Firefox 65.0 was released to Channel users today. New features include enhanced tracking protection, better experience for multilingual users, support for HandOff on macOS, better video streaming for Windows users, and improved performance and web compatibility, with support for the WebP image format. Go here to download Firefox.

CO.LAB to host its first "global experience" at the Tate Modern in London. On Wednesday, "students from two London schools will participate in an all-day session learning a bit about coding, a bit about music and a lot about open source. The program is a collaboration between Red Hat and Femi Owolade-Coombes, better known as Hacker Femo. Femi, a 13-year-old coder known for his Young Coder Workshops in London, worked with us to provide a curriculum that extends the capabilities of the micro:bit, a pocket-sized codeable computer of which one million were delivered to England and Wales year 7 students in 2016. Differing from previous CO.LAB events, the curriculum will be led by Femi, and mentors will be both Red Hat experts and middle school girls from the Young Coders program." For more info about Red Hat's CO.LAB initiative, go here.

Lucern Custom Instruments from the UK teamed up with Tracktion Corporation of Seattle to create Spirit Animal, an electric guitar with a Raspberry Pi synthesizer built in. According to the Raspberry Pi Blog, the guitar "boasts an onboard Li-ion battery granting about 8 hours of play time, and a standard 1/4" audio jack for connecting to an amp. To permit screen-sharing, updates, and control via SSH, the guitar allows access to the Pi's Ethernet port and wireless functionality." See also the Gear News website and the Lucern Instruments Facebook page for more information.

Debian published its Reproducible Builds report for the past week. There are many updates of note, including "There was considerable progress towards making the Debian Installer images reproducible with a number of rounds of code review, a subsequent merge of Chris Lamb's merge request and the closing of the corresponding bug report for the time being, pending further testing."

Fedora's new privacy system for user statistics is making progress. Phoronix reports that "Earlier this month there was a change proposal announced that would give Fedora system's a new unique UUID tracking identifier to count systems. The intention isn't to track users but rather to provide more statistics about the Fedora install base compared to the current system that is just tracking unique IP addresses, but a revised proposal would improve the privacy while still offering up much of the same statistics potential." The revised proposal will work like this: "Rather than relying upon a unique identifier that is transmitted to the Fedora update servers, the revised proposal is focusing upon just transmitting the 'variant' (indicating if you are running Fedora Workstation or one of the other spins) and then a new 'countme' variable. That countme variable would be managed client-side and under current thinking would increment weekly to reflect the age of the Fedora system: that would allow Fedora to see the age of the systems, new vs. updating installs to new releases, the number of users just running in Docker/cloud/other short-lived instances, and other metrics but without relying upon a per-system UUID."

News Firefox Privacy Fedora Education Raspberry Pi Music CO.LAB Red Hat Debian ReproducibleBuilds
Jill Franklin

FOSS Project Spotlight: Mender.io, an Open-Source Over-the-Air Software Update Manager for IoT Devices

2 weeks 5 days ago
by Ralph Nguyen

Mender is an open-source (Apache 2.0) project to address over-the-air (OTA) software update management for Linux-based IoT devices. When we researched this five years ago, there were no open-source end-to-end (device-to-server) options to manage the lifecycle of OTA updates for connected devices. Some open-source options were available, but they either had a proprietary management server, or they were client-only and required integration with another back-end server.

In short, the options available to IoT device-makers either had vendor lock-in or simply were too kludgy. Thus, we created Mender, which has two components: the runtime client integrated into the device and the management server with an intuitive user interface to manage updates at scale for large fleets.

Figure 1. The Mender Server's User Interface

We found in our initial research phase that many embedded systems developers created their own remote update mechanism, which usually took risky shortcuts around security and robustness. Embedded development traditionally has been a very diverse space, and the lack of technology standardization generates a lot of custom work for device-makers. Unlike web development and accepted standards, such as the LAMP stack, device-makers had to create much of their stack. This includes the fundamental capability of remote updates. And, most developers had no other choice but to build their own, given how exotic hardware and OS combinations could be for connected devices. We created a community repository called Mender Hub to allow developers to create and reuse tested and validated integrations to enable OTA updates for any combination of hardware and OS.

A consequence of the growth of IoT devices is the increase of easy targets for malicious actors, evident in the proliferation of malware targeting poorly secured IoT devices. There have been an increasing number of malware attacks infecting poorly secured connected devices. The 2016 Dyn DDoS attack was one of the clearest examples of the ramifications of poorly secured IoT devices, which was executed through the Mirai malware infecting a large number of IoT devices and enslaved them into a botnet. The IoT botnet attack caused major outages across internet platforms and services, including Amazon, GitHub and Netflix.

The increasing connectivity of cars, medical devices and more is making IoT security a serious public health issue. We created Mender to help with baseline security-hardening, and security patching is fundamental. But remote updates is quite challenging and has a lot of nuances to consider to establish a secure and robust OTA process.

Go to Full Article
Ralph Nguyen