De-Googling my phone

I’ve been a professional Free Software developer in the GNU/Linux area for 14
years now, and a hobbyist developer and user for much longer. For some reason
that never extended much to the smartphone world, beyond running
LineageOS on my older phones (my current Sony Xperia
is still under warranty and I’m fine with the officially supported Android),
and various stabs at using the Ubuntu phone (RIP!).

On a few long weekends this year it got a hold of me, and I had a look over the
Google fence to see how Free Software is doing on Android and how to reduce my
dependency on Google Play Services and Google apps. Less because I would
actually severely distrust Google, as they have a lot of business and goodwill
to lose if they ever majorly screw up; but more because of simple curiosity and
for learning new things. I want to note down my experience here for sharing and
discussing.

I started experimenting on


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/y9eitdHKJvo/

Original article

Asylo: an open-source framework for confidential computing

Asylo is an open source framework for confidential computing
Asylo is an open-source framework and SDK for developing applications that run in trusted execution environments (TEEs). TEEs help defend against attacks targeting underlying layers of the stack, including the operating system, hypervisor, drivers, and firmware, by providing specialized execution environments known as “enclaves”. TEEs can also help mitigate the risk of being compromised by a malicious insider or an unauthorized third-party. Asylo includes features and services for encrypting sensitive communications and verifying the integrity of code running in enclaves, which help protect data and applications.Previously, developing and running applications in a TEE required specialized knowledge and tools. In addition, implementations have been tied to specific hardware environments. Asylo makes TEEs much more broadly accessible to the developer community, across a range of hardware—both on-premises and in the cloud.
“With the Asylo toolset, Gemalto sees accelerated use of secure enclaves for high security


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/ir1ncDJVaRo/Introducing-Asylo-an-open-source-framework-for-confidential-computing.html

Original article

A standards-based PDF viewer created using Electron and Pdf.js

README.md

PDF viewer created using Electron framework and PDF.js
Usage
Download executable jar from Releases
Or build from source :
Install dependencies (Node.js, npm etc) –
$ sudo apt-get install python-software-properties
$ curl -sL https://deb.nodesource.com/setup_7.x | sudo -E bash –
$ sudo apt-get update
$ sudo apt-get install build-essential
$ sudo apt-get install nodejs
$ sudo apt-get install npm

To run –
$ git clone https://github.com/praharshjain/Electron-PDF-Viewer.git
$ cd Electron-PDF-Viewer
$ npm install && npm start

Screenshot

License
PDF.js is available under Apache License.Electron is released under MIT License.Rest of the code is MIT licensed.


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/sA539INXdds/

Original article

Google Releases Open Source Framework For Building ‘Enclaved’ Apps For Cloud

An anonymous reader quotes a report from Ars Technica: Today, Google is releasing an open source framework for the development of “confidential computing” cloud applications — a software development kit that will allow developers to build secure applications that run across multiple cloud architectures even in shared (and not necessarily trusted) environments. The framework, called Asylo, is currently experimental but could eventually make it possible for developers to address some of the most basic concerns about running applications in any multi-tenant environment. Container systems like Docker and Kubernetes are designed largely to allow untrusted applications to run without exposing the underlying operating system to badness. Asylo (Greek for “safe place”) aims to solve the opposite problem — allowing absolutely trusted applications to run “Trusted Execution Environments” (TEEs), which are specialized execution environments that act as enclaves and protect applications from attacks on the underlying platform they run on.

Read more of


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kxf_eb_9tq8/google-releases-open-source-framework-for-building-enclaved-apps-for-cloud

Original article

Three-day no-meeting schedule for engineers

Brian Donohue | Pinterest engineering manager, Product EngineeringAbout 100 days ago, our product engineering team began experimenting with a three-day no-meeting schedule for individual contributors on our teams.It’s not a big revelation that software development requires long stretches of uninterrupted time to focus. As Pinterest has grown, we’ve noticed the number of meetings also has increased. Having so many meetings can fragment an engineer’s entire day, eliminating the stretches of uninterrupted time required to build software.Back in 2009, Paul Graham wrote the following, which speaks to this issue better than I can ever hope to:When you’re operating on the maker’s schedule, meetings are a disaster. A single meeting can blow a whole afternoon, by breaking it into two pieces each too small to do anything hard in. Plus you have to remember to go to the meeting. That’s no problem for someone on the manager’s schedule. There’s always something coming


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/dYwTSr9TGB4/three-day-no-meeting-schedule-for-engineers-fca9f857a567

Original article

Latest Kali Linux Ethical Hacking OS Release Adds Spectre and Meltdown Mitigations

Kali Linux 2018.2 is the second release in 2018 and the first to incorporate mitigation for the widely reported Meltdown and Spectre security vulnerabilities


Original URL: http://feedproxy.google.com/~r/linuxtoday/linux/~3/r30MN8l8Tec/latest-kali-linux-ethical-hacking-os-release-adds-spectre-and-meltdown-mitigations-180502105514.html

Original article

How I wrote my book using Markdown, Pandoc, and a little help from the internet

Did I mention recently that I just wrote a book? I hope you’re not tiring of the self-promotion here and on my social media feeds, but I’m very happy with how the book turned out, and I want as many people as possible to get their hands on it. I had a great experience researching and writing this book. But when I started, I had no experience at all with the process of actually writing a book. I had to do a lot of research not only on things like cognitive psychology and pedagogical practices, I also had to figure the technical process of putting a book together.

With a project this complex, it turns out that you can’t just open up a word processor and start typing. There are issues to consider that don’t have a single right answer, and I had to figure out a way to deal with


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/TS3nVILIFwc/

Original article

Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package

Catalin Cimpanu, reporting for BleepingComputer: The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular — albeit deprecated — JavaScript package. The actual backdoor mechanism was found in “getcookies,” a relatively newly created npm package (JavaScript library) for working with browser cookies. The npm team — which analyzed this package earlier today after reports from the npm community — says “getcookies” contains a complex system for receiving commands from a remote attacker, who could target any JavaScript app that had incorporated this library.

Read more of this story at Slashdot.


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/qQXxXcEUbMg/somebody-tried-to-hide-a-backdoor-in-a-popular-javascript-npm-package

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: