Mozilla.cz informuje, že Firefox bude možná upozorňovat na úniky vašich hesel. V Mozille prototypují upozorňování na únik informací o vašem účtu, pokud se na seznamu Have I been pwned? objeví služba, ke které máte ve Firefoxu uložené přihlašovací údaje. Informace se objevila v pravidelném newsletteru o vývoji Firefoxu.
Společnost ZONER informuje o bezpečnostním incidentu, při kterém došlo ke zcizení a zveřejnění části přihlašovacích údajů zákazníků k elektronické poště a webhostingu CZECHIA.COM.
Byla vydána nová stabilní verze 1.13 (1.13.1008.32) webového prohlížeče Vivaldi (Wikipedie). Z novinek vývojáři zdůrazňují možnost zobrazení otevřených i uzavřených listů pomocí ikonky Okno na postranní liště a vylepšené stahování (YouTube). Nejnovější Vivaldi je postaveno na Chromiu 62.0.3202.97.
Byla vydána verze 2017.3 dnes již průběžně aktualizované linuxové distribuce navržené pro digitální forenzní analýzu a penetrační testování Kali Linux. Aktualizovat systém lze pomocí příkazů "apt update; apt dist-upgrade; reboot". Z novinek lze zmínit 4 nové nástroje: InSpy, CherryTree, Sublist3r a OSRFramework.
Společnost Uber potvrdila bezpečnostní incident a únik dat v roce 2016. Unikly údaje o 57 milionech cestujících (jména, emailové adresy a čísla mobilních telefonů) a 600 tisících řidičích (navíc čísla řidičských průkazů).
Co vypíše příkaz man půl hodiny po půlnoci? Text "gimme gimme gimme". Jedná se o virtuální velikonoční vajíčko připomínající skupinu ABBA a její hit Gimme! Gimme! Gimme! (A Man After Midnight). Problém nastane, pokud gimme gimme gimme nabourá automatizované testování softwaru. To se pak příkaz man musí opravit [Bug 1515352] [reddit].
Mozilla.cz informuje, že Firefox na Fedoře podporuje Client Side Decorations. Firefox na Linuxu se vykresluje včetně standardního záhlaví okna, které je v případě webového prohlížeče většinou nadbytečné a ubírá drahocenné vertikální místo na obrazovce. Verze distribuovaná uživatelům Fedory však nyní obsahuje experimentální podporu pro takzvané Client Side Decorations, které umožňují vykreslování „oušek“ panelů do záhlaví okna.
Maxim Goryachy a Mark Ermolov ze společnosti Positive Technologies budou mít v prosinci na konferenci Black Hat Europe 2017 přednášku s názvem "Jak se nabourat do vypnutého počítače, a nebo jak v Intel Management Engine spustit vlastní nepodepsaný kód". O nalezeném bezpečnostním problému informovali společnost Intel. Ta bezpečnostní problém INTEL-SA-00086 v Intel Management Engine (ME), Intel Server Platform Services (SPS) a Intel… více »
Na Humble Bundle byla spuštěna akce Humble Book Bundle: Java. Za 1 dolar a více lze koupit 5 elektronických knih, za 8 dolarů a více 10 elektronických knih a za 15 dolarů a více 15 elektronických knih věnovaných programovacímu jazyku Java od nakladatelství O'Reilly. Peníze lze libovolně rozdělit mezi nakladatelství O'Reilly, neziskovou organizaci Code for America a Humble Bundle.
1) Have you given any more thought to changing the version numbering model of the kernel?
I'd actually like to change the version numbering because right now the 2.6 doesn't mean anything at all. Maybe you read the discussion, we had some discussion on the kernel mailing list. Just from the discussion my takeaway was that right now it's just not worth the pain. So, I think we'll revisit it in a year or two, and when we are 2.6.38 or whatever, we'll say “OK, we're still 2.6, maybe we should reset the numbering some way”. But nobody really came up with very strong arguments for or against any other numbering scheme. There were lots of people with different opinions, but there was no consensus. So, right now, no. In a couple of years maybe we'll revisit it.
2) If you were actually to go ahead with the change, would consider the “marketing” point of view? For example, 2009.06 being more...
No, no, what I find most disturbing about 2.6.29 is that when numbers get big they get hard to remember, and they get hard to associate. OK, was 29 three months ago or seven months ago? So, I'm interested in something that is date-related, so I wouldn't mind having 9.4 mean, for example, April 2009. It wouldn't be a marketing issue, it would be more of “OK, we can look back at old versions, and just the name of the version tells us how old it is”. That would be interesting. But as I mentioned, right now... enough people hate the date numbering, too. And there were actually people who had very valid points against that whole confusion about that. So I don't think we'll do it.
3) Andrew Morton is concerned that the quality of the kernel code deteriorates because of insufficient testing. Do you share that view?
No, but I think the worry is real and very valid. And I think we need to worry about it. Because if we don't worry about it, I guarantee you that the quality will go down. I don't think it has but,.. we get so much code so quickly. If we just look at one single release, it takes about two and a half to three months. And the patch size of most of those releases, I forget what it is, but I think it's like 12 megabytes. And we're talking about changing a million lines of code. If you don't worry about it, you will screw up. So Andrew does worry about it. I worry about it too.
I think, actually, our numbers show that we are not getting worse. So, if you look at the regression list, it's actually interesting to look at the regression numbers that we keep track of for every release. And they look very similar. We start out with something like 70 or 80 known regressions at around -rc2 time, and the regressions keep on growing because people find more bugs, but at the same time the regressions we fix do keep on growing. And they grow faster. So, by the time we have a release we always have a few regression that we just never figure out, maybe it was fleaky hardware, maybe it was something else. Maybe just one person saw it and nobody else could reproduce it. The point is, the numbers don't actually get worse over time. But it's something we have to be careful about. We need to worry about it. We need to have Andrew bring it up. Every three months we need to ask “Is our quality going down?”
4) If the licensing allowed to include OpenSolaris code in Linux, do you think it would be worth the effort? (People often talk about ZFS or DTrace.)
DTrace is probably really hard... I mean, one of the problems is that taking code from other projects is hard. You can't take the code as is, right? Solaris is very different in many areas from Linux, so if you take Solaris code you have to fix it for all the differences. Quite often it's actually more work to try to take code from another project than it would be to just write it yourself from the start, from scratch.
It's not always true. There are areas where the problems are abstract enough that the big bulk of code is very specific to that area and it doesn't have a lot of input to the rest of the kernel. Filesystems are one such area, so ZFS would probably be much easier to integrate than, say, DTrace. There's obviously a lot of interest in ZFS. I don't think it's going to happen, the license situation being what it is. Maybe Sun will change the license, I don't know, I don't think so.
5) Do you think, as many others seem to do, that the recently merged btrfs filesystem is the future for Linux?
It's certainly the most interesting of the new filesystems. It's the one I'm holding, personally, the most hope for. Ext4 isn't as interesting to me, I don't think it solves many of the problems btrfs solves. So, we merged it now. Realistically, filesystems are... I mean, you have to get them right. Because if you start losing data... So we're going to take it really slow and careful and I hope that a lot of people end up testing it. But right now I can't say how well it's going to work out. I am very optimistic, and I think btrfs has a really good chance of becoming the replacement for ext3, basically. And if it all works out it's going to solve a lot of our filesystem issues. But, we'll see how it goes.
6) So, you think btrfs will end up becoming the replacement for ext3, not ext4? Do you think the transition to btrfs will come sooner than the transition to ext4?
It's hard to tell. I think Ubuntu may have ext4 as an installation option right now. So, in that sense it could be that ext4 adoption I so fast that we actually go from ext3 to ext4 and then maybe btrfs. On the other hand, if I'm looking on my own pattern, for example, I was considering, on my laptop, just taking my ext3 partition and converting it to btrfs. And if I were to go through ext4, I couldn't do that. I don't think there is any ext4 to btrfs translator right now. But ext3 to btrfs I can do. So, I'm planning on trying to switch the laptop I have with me now from ext3 to btrfs after LCA. I'll try to see how much of a difference, if any, I notice. But, yeah, it could be that, from the distros' standpoint, maybe people go from ext3 to ext4 and then maybe btrfs if it all pans out.
7) Do you have any programmer heroes or models?
No, when I grew up my role models were scientists, not programmers. And that hasn't really changed. There is nobody I look up to as a programmer. There are lots of programmers that are doing a really good job, I think. For example, one of the programmers I admire is Larry Wall. Not because I think his code is beautiful, and not because I love Perl – I don't like Perl very much myself – but the thing about Larry Wall, he's several times done new things that really changed how people work. He did Perl, obviously, but before Perl he did the whole threaded newsreaders. And OK, people don't use them any more. But that really changed how people did things.
But if I were to name heroes I would do people like Newton; scientists, physicists.
8) Had you not become a successful programmer, what would you like to do?
Because of the whole 'growing up thinking about science' I believed, when I was younger, that I'd go into physics and do theoretical physics, and that never happened. I still read popular science things but I never got into it for real. The other thing I was interested in was biochemistry. So, if I wasn't doing programming I would probably be doing genetics, or biology at a cellular level, that kind of thing. That really interests me. Maybe neurochemistry, too.
9) You recently started a blog so perhaps it might be the right time ask whether you have considered writing a memoir.
Well, I did the “Just for Fun” thing. It was kind of a memoir, it was interesting writing a book together with David Diamond, and it was actually fun. At the same time... I come from a family of journalists; my dad, my mom, my uncle, they're all journalists. My dad wants to write books. For him, writing is what he does. And that was never the case for me. I didn't want to write a book, and I'm really happy I did. I mean, co-wrote with David. But it's one those things that are done right now and it feels OK. And then at once I feel I don't need to do it again. Even if it was something that I did on my own... I don't see myself doing it. But who knows? Five years from now maybe I say “Hey, maybe I could try another book”.
I actually find writing really hard. “Just for Fun” would never have happened if I hadn't had David to write. Just because I have a hard time starting. So, David was really the guy who said “OK, this is how we'll do it”. And if I hadn't had that kind of thing I would never have written a book. It's just one of those things. That's actually why I didn't stay at the university; I realized I couldn't write papers, I hated writing papers. If you can't write papers you can't do a university.
Thanks for your time.
Nástroje: Tisk bez diskuse