kxra - Slashdot User

Submission + - Penpot, the vector design web-app taking on Figma and Canva with FOSS, hits beta (penpot.app) 1

Submitted by kxra on Saturday November 13, 2021 @02:30PM

kxra writes: Penpot is a free-software, web-based vector design platform using .svg as a first-class filetype used as the underlying storage for all designs. As more design teams around the world move to the convenience of multi-device synchronized and collaborative web apps, this is a welcome respite from proprietary vendor lock-in by the likes of Figma and Canva. Penpot has finally launched as Beta, with competitive features such as a template library that all creators can pull from. They are the same team behind the project management tool for Agile teams which is taking on the likes of JIRA and Confluence with FLOSS.

Comment Re:Porting should be given priority (Score 2) 67

by kxra on Monday November 10, 2014 @08:31PM (#48355731) Attached to: Pitivi Video Editor Surpasses 50% Crowdfunding Goal, Releases Version 0.94

Aside from achieving stability, there are no set priorities, and donors have been given the opportunity to vote. Porting has not been of significant interest. It could be an issue of self-selection (probably is), but there is no way that the expanded donor base would be greater than the cost of doing those ports. Plus what's the point of porting to a platform which has way more competition available for no charge?

Submission + - Tor Project Mulls How Feds Took Down Hidden Websites

Submitted by HughPickens.com on Monday November 10, 2014 @03:12PM

HughPickens.com writes: Jeremy Kirk writes at PC World that in the aftermath of US and European law enforcement shutting down more than 400 websites, including Silk Road 2.0 which used technology that hides their true IP addresses, Tor users are asking : How did they locate the hidden services? "The first and most obvious explanation is that the operators of these hidden services failed to use adequate operational security," writes Andrew Lewman, the Tor project’s executive director. For example, there are reports of one of the websites being infiltrated by undercover agents and one affidavit states various operational security errors." Another explanation is exploitation of common web bugs like SQL injections or RFIs (remote file inclusions). Many of those websites were likely quickly-coded e-shops with a big attack surface. Exploitable bugs in web applications are a common problem says Lewman adding that there are also ways to link transactions and deanonymize Bitcoin clients even if they use Tor. "Maybe the seized hidden services were running Bitcoin clients themselves and were victims of similar attacks."

However the number of takedowns and the fact that Tor relays were seized could also mean that the Tor network was attacked to reveal the location of those hidden services. "Over the past few years, researchers have discovered various attacks on the Tor network. We've implemented some defenses against these attacks (PDF), but these defenses do not solve all known issues and there may even be attacks unknown to us." Another possible Tor attack vector could be the Guard Discovery attack. The guard node is the only node in the whole network that knows the actual IP address of the hidden service so if the attacker manages to compromise the guard node or somehow obtain access to it, she can launch a traffic confirmation attack to learn the identity of the hidden service. "We've been discussing various solutions to the guard discovery attack for the past many months but it's not an easy problem to fix properly. Help and feedback on the proposed designs is appreciated."

According to Lewman, the task of hiding the location of low-latency web services is a very hard problem and we still don't know how to do it correctly and it seems that there are various issues that none of the current anonymous publishing designs have really solved. "In a way, it's even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries."

Submission + - Pitivi Video Editor surpasses 50% crowdfunding goal, releases version 0.94

Submitted by kxra on Monday November 10, 2014 @02:10PM

kxra writes: With the latest developments, Pitivi is proving to truly be a promising libre video editor for GNU distributions as well as a serious contender for bringing libre video production up to par with its proprietary counterparts. Since launching a beautifully well-organized crowdfunding campaign (as covered here previously), the team has raised over half of their 35,000 € goal to pay for full-time development and has entered "beta" status for version 1.0. They've released two versions, 0.94 (release notes) being the most recent, which have brought full MPEG-TS/AVCHD support, porting to Python 3, lots of UX improvements, and—of course—lots and lots of bug fixes. The next release (0.95) will run on top of Non Linear Engine, a refined and incredibly more robust backend Pitivi developers have produced to replace GNonLin and bring Pitivi closer to the rock-solid stability needed for the final 1.0 release.

Submission + - U.S. Postal service hacked and 500k+ employess and public data breached (thestack.com)

Submitted by Anonymous Coward on Monday November 10, 2014 @01:17PM

An anonymous reader writes: The U.S. Postal Service has admitted that it has suffered a massive security breach, with the disclosure to hackers of the personal details of over 500,000 USPS workers, along with details supplied by members of the public when contacting Postal Service call centers between January and mid-August of 2015.

The breach is a hard blow to the integrity and reputation of the USPS's internal security set-up, the Corporate Information Security Office (CISO). In 2012 CISO reports that it blocked 257 billion unauthorised attempts to access the USPS network, 66,734 attempts to distribute credit-card information, 1,278 attempts to reveal USPS-ordained credit-card transactions and 345,342 attempts to distribute social security numbers.

Submission + - Mozilla Updates Firefox With Forget Button, DuckDuckGo Search, And Ads 1

Submitted by Krystalo on Monday November 10, 2014 @01:08PM

Krystalo writes: In addition to the debut of the Firefox Developer Edition, Mozilla today announced new features for its main Firefox browser. The company is launching a new Forget button in Firefox to help keep your browsing history private, adding DuckDuckGo as a search option, and rolling out its directory tiles advertising experiment.

Submission + - German Spy Agency Seeks Millions To Monitor Social Networks (itworld.com)

Submitted by itwbennett on Monday November 10, 2014 @12:53PM

itwbennett writes: Germany's foreign intelligence agency reportedly wants to spend €300 million (about $375 million) in the next five years on technology that would let it spy in real time on social networks outside of Germany, and decrypt and monitor encrypted Internet traffic. The agency, which already spent €6.22 million in preparation for this online surveillance push, also wants to use the money to set up an early warning system for cyber attacks, the report said. A prototype is expected to be launched next June with the aim of monitoring publicly available data on Twitter and blogs.

Submission + - How to end online harassment

Submitted by Presto Vivace on Monday November 10, 2014 @11:41AM

Presto Vivace writes: With Gamergate, it’s not enough to ignore the trolls
Gendered bigotry against women is widely considered to be “in bounds” by Internet commenters (whether they openly acknowledge it or not), and subsequently a demographic that comprises half of the total human population has to worry about receiving rape threats, death threats, and the harassment of angry mobs simply for expressing their opinions. This needs to stop, and while it’s impossible to prevent all forms of harassment from occurring online, we can start by creating a culture that shames individuals who cross the bounds of decency..

We can start by stating the obvious: It is never appropriate to use slurs, metaphors, graphic negative imagery, or any other kind of language that plays on someone’s gender, race/ethnicity, sexual orientation, or religion. Not only is such language inappropriate regardless of one’s passion on a given subject, but any valid arguments that existed independently of such rhetoric should have been initially presented without it. Once a poster crosses this line, they should lose all credibility.

Similarly, it is never acceptable to dox, harass, post nude pictures, or in any other way violate someone’s privacy due to disagreement with their opinions. While most people would probably agree with this in theory, far too many are willing to access and distribute this humiliating (and often illegal) content. Instead of simply viewing stories of doxing, slut-shaming, and other forms of online intimidation as an unfortunate by-product of the digital age, we should boycott all sites that publish these materials.

Submission + - What's actually wrong with DRM in HTML5? (freeculture.org)

Submitted by kxra on Wednesday April 24, 2013 @03:26PM

kxra writes: The Free Culture Fondation has posted a thorough response to the most common and misinformed defenses of the W3C's Extended Media Extensions (EME) proposal to inject DRM into HTML5. They join the EFF and FSF in a call to send a strong message to the W3C that DRM in HTML5 undermines the W3C’s self-stated mission to make the benefits of the Web “available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.” The FCF counters the three most common myths by unpacking some quotes which explain that 1. DRM is not about protecting copyright. That is a straw man. DRM is about limiting the functionality of devices and selling features back in the form of services. Second, that DRM in HTML5 doesn’t obsolete proprietary, platform-specefic browser plug-ins; it encourages them. And third, that the Web doesn’t need big media; big media needs the Web.

Submission + - Google begins blocking 3rd party Jabber invites supposedly to combat spam (fsf.org) 1

Submitted by kxra on Friday March 15, 2013 @03:12PM

kxra writes: Do you have a federated jabber instant messaging account that never gets responses from Google accounts anymore? Or do you have a Gmail account that a friend has been unable to invite from their 3rd party Jabber account? The Free Software Foundation reports, "Google users can still send subscription requests to contacts whose accounts are hosted elsewhere. But they cannot accept incoming requests. This change is akin to Google no longer accepting incoming e-mail for @gmail.com addresses from non-Google domains." This sounds like something Facebook would try in order to gain even tighter control over the network, but they never even federated their Jabber service to begin with. According to a public mailing list conversation, Google is doing this as a lazy way to handle a spam problem.

Slashdot Top Deals