Brief items
Security
Security quotes of the week
The real trade-off between surveillance and public health is this. For
years, a pandemic has been at the top of Britain’s risk register, yet far
less was spent preparing for one than on anti-terrorist measures, many of
which were ostentatious rather than effective. Worse, the rhetoric of
terror puffed up the security agencies at the expense of public health,
predisposing the US and UK governments to disregard the lesson of SARS in
2003 and MERS in 2015 — unlike the governments of China, Singapore, Taiwan
and South Korea, who paid at least some attention. What we need is a
radical redistribution of resources from the surveillance-industrial
complex to public health.
— Ross
Anderson
Our effort should go into expanding testing, making ventilators, retraining everyone with a clinical background from vet nurses to physiotherapists to use them, and building field hospitals. We must call out bullshit when we see it, and must not give policymakers the false hope that techno-magic might let them avoid the hard decisions. Otherwise we can serve best by keeping out of the way. The response should not be driven by cryptographers but by epidemiologists, and we should learn what we can from the countries that have managed best so far, such as South Korea and Taiwan.
To me, the real problems aren't around privacy and security. The efficacy
of any app-based contact tracing is still unproven. A "contact" from the
point of view of an app isn't the same as an epidemiological contact. And
the ratio of infections to contacts is high. We would have to deal with the
false positives (being close to someone else, but separated by a partition
or other barrier) and the false negatives (not being close to someone else,
but contracting the disease through a mutually touched object). And without
cheap, fast, and accurate testing, the information from any of these apps
isn't very useful. So I agree with Ross [Anderson] that this is primarily an exercise
in that false syllogism: Something must be done. This is
something. Therefore, we must do it. It's techies proposing tech solutions
to what is primarily a social problem.
— Bruce
Schneier
It is as though the Big Bad Wolf, after years of unsuccessfully trying to
blow the brick house down, has instead introduced a legal framework that
allows him to hold the three little pigs criminally responsible for being
delicious and destroy the house anyway. When he is asked about this
behavior, the Big Bad Wolf can credibly claim that nothing in the bill
mentions “huffing” or “puffing” or “the application of forceful breath to a
brick-based domicile” at all, but the end goal is still pretty clear to any
outside observer.
— Joshua Lund in the Signal
blog on EARN IT
Kernel development
Kernel release status
The current development kernel is 5.7-rc1, released on April 12. Linus said: "Maybe an hour or two early, because it's Easter Sunday, and I may be socially distancing but we're still doing the usual Finnish Easter dinner with lamb, mämma and pasha... I may not be religious, but tradition is tradition. Thanks to the social distancing, this year we'll have to forgo trying to force-feed our poor American friends mämma, which never really works out anyway. In fact, I think I can hear the sighs of relief from miles away."
Stable updates: 5.6.4, 5.5.17, 5.4.32, 4.19.115, 4.14.176, 4.9.219, and 4.4.219 were all released on April 13.
Distributions
GNU Guix 1.1.0 released
Version 1.1.0 of the GNU Guix transactional package manager and system distribution has been released. "It’s been 11 months since the previous release, during which 201 people contributed code and packages. This is a long time for a release, which is in part due to the fact that bug fixes and new features are continuously delivered to our users via guix pull. However, a number of improvements, in particular in the installer, will greatly improve the experience of first-time users."
Bringing Leap and SUSE Linux Enterprise closer together - a proposal
The openSUSE Leap distribution is a community effort built on top of a set of stable packages from the SUSE Linux Enterprise offering. SUSE is now floating a proposal to unify the work of building those two distributions; click below for the details or see the "closing the Leap gap" FAQ, which summarizes things this way: "Today, SUSE is also offering the pre-built binaries from SLE in addition to the sources, to increase compatibility and to leverage synergies." The intended advantages (or "leveraged synergies") seem to be reducing the effort required to create Leap and making it easier to migrate a system between the two distributions.
Development
The growing disconnect between KDE and the Qt Company
Here's a message posted by Olaf Schmidt-Wischhöfer to the kde-community mailing list detailing the current state of discussions between the KDE community, the Qt development project, and the Qt Company. It seems they are not going entirely well. "But last week, the company suddenly informed both the KDE e.V. board and the KDE Free QT Foundation that the economic outlook caused by the Corona virus puts more pressure on them to increase short-term revenue. As a result, they are thinking about restricting ALL Qt releases to paid license holders for the first 12 months. They are aware that this would mean the end of contributions via Open Governance in practice."
There is a response from the Qt Company that doesn't add a whole lot.
Changes To Zimbra's Open Source Policy
The Zimbra email and collaboration suite will change its open source policy. This post from the Zeta Alliance notes the changes for Zimbra 9. "John E. explained that Zimbra 9 introduces a change to Synacor's open source policy for Zimbra. Starting with Zimbra 9, a binary version of Zimbra 9 will no longer be released to the community and will instead only be made available to Zimbra Network Edition customers. There are currently no plans to release the source code for Zimbra 9 to the community. Zimbra 8.8.15 will remain open source for the community and continue to be supported for the remainder of its lifecycle through December, 31, 2024 (https://www.zimbra.com/support/support- ... lifecycle/). Version 8.8.15 will also continue to receive patches during this time frame. John E. described this new model for Zimbra 9 as "open core" where the open source products on which Zimbra is built will continue to be freely available, but the Zimbra 9 product itself will not be open source." (Thanks to Emmanuel Seyman)
Miscellaneous
Blender community mourns Octavio Mendez
The Blender 3D modeling and rendering project mourns the passing of Octavio Mendez. "It is with great sadness that I must report we lost a great community member today. Octavio Mendez, a long-time cornerstone of the Mexican Blender and open source community, has passed away after fighting the Corona virus." Gunnar Wolf also has a tribute: "
Long-time free software supporter, very well known for his craft –and for his teaching– with Blender."
European funding available for interesting development projects
The NGI POINTER program, funded by the European Commission, is looking for interesting development project to support. Its objective is "to support promising bottom-up projects that are able to build, on top of state-of-the-art research, scalable protocols and tools to assist in the practical transition or migration to new or updated technologies, whilst keeping European Values at the core." The application period is open; there must be no end of interesting projects in the free-software space that would fit within this program's parameters. (Thanks to Thorsten Leemhuis).
Page editor: Jake Edge
Next page:
Announcements>>