kenyahhtah kenyahhtah@identi.ca

I've just published security fixes for several denial-of-service vulnerabilities in pump.io. All admins are impacted and should update ASAP. http://pump.io/blog/2017/10/denial-of-service-security-fixes-now-available

Please share this widely.

La viñeta del día 

Abril de 1990. Los kioscos reciben el número 1 (de 38) de la edición a color de 'Akira', el mítico manga de Katsuhiro Otomo por parte de Ediciones B. El éxit...

En general, históricamente y salvo contadas excepciones, la clase política argentina (sin distinción de colores político/partidarios) se ha hecho rica (o más rica); y, en general, los ciudadanos (sin contactos o intereses político/partidarios) pobres (o más pobres).

Periódicamente, debemos soportar las “desafortunadas” o #irresponsables decisiones políticas (paradójicamente sin responsabilidad política o judicial por parte de sus autores; de ésto último, algunos cambios legislativos les han favorecido: La reforma a la Carta Orgánica del Banco Central y la reforma a la responsabilidad civil del Estado y la de sus funcionarios y agentes, por ejemplo).

¿Recuerdan ustedes lo que ocurrió en los años 2000/2001?, cuando los protagonistas (y las víctimas, a diferencia de la clase política argentina, cabe aclarar) de una serie de "desaciertos" (o de incumplimientos normativos) fuimos los ahorristas.

Ahora, luego del despilfarro de bienes y fondos públicos, de la #corrupción (tanto por parte de algunos integrantes del sector público como del sector privado) y la #desvalorización de la moneda nacional, nuevamente debemos soportar la #inflación ... más el tarifazo y, nuevamente, la "irresponsabilidad" de la clase política (han aumentado su dieta, inclusive aquéllos que fueron responsables de la actual situación económica del país; y además, muchos vuelven a postularse para ocupar un cargo público en el próximo nuevo año). ¡ Dan vergüenza ajena !.

Manteniendo la esperanza de poder ver, en algún momento, a una clase política y a un sector privado comprometidos con el bien común (y no con sus intereses particulares o personales), les deseo un

¡ Feliz año nuevo !
http://www.proyectowww.com.ar/autor  

Or almost, depending on where in the marble you are at the moment =)

Happy 2039!! \o/

New blogpost: New phone: Samsung Galaxy S III phone with Replicant https://larjona.wordpress.com/2016/10/09/new-phone-samsung-galaxy-s-iii-phone-with-replicant/

October 27, 2016 by Bradley M. Kuhn

As I mentioned in an earlier blog post, I had the privilege of attending Embedded Linux Conference Europe (ELC EU) and the OpenWrt Summit in Berlin, Germany earlier this month. I gave a talk (for which the video is available below) at the OpenWrt Summit. I also had the opportunity to host the first of many conference sessions seeking feedback and input from the Linux developer community about Conservancy's GPL Compliance Project for Linux Developers.

ELC EU has no “BoF Board” where you can post informal sessions. So, we scheduled the session by word of mouth over a lunch hour. We nevertheless got an good turnout (given that our session's main competition was eating food :) of about 15 people.

Most notably and excitingly, Harald Welte, well-known Netfilter developer and leader of gpl-violations.org, was able to attend. Harald talked about his work with gpl-violations.org enforcing his own copyrights in Linux, and explained why this was important work for users of the violating devices. He also pointed out that some of the companies that were sued during his most active period of gpl-violations.org are now regular upstream contributors.

Two people who work in the for-profit license compliance industry attended as well. Some of the discussion focused on usual debates that charities involved in compliance commonly have with the for-profit compliance industry. Specifically, one of them asked how much compliance is enough, by percentage? I responded to his question on two axes. First, I addressed the axis of how many enforcement matters does the GPL Compliance Program for Linux Developers do, by percentage of products violating the GPL? There are, at any given time, hundreds of documented GPL violating products, and our coalition works on only a tiny percentage of those per year. It's a sad fact that only that tiny percentage of the products that violate Linux are actually pursued to compliance.

On the other axis, I discussed the percentage on a per-product basis. From that point of view, the question is really: Is there a ‘close enough to compliance’ that we can as a community accept and forget about the remainder? From my point of view, we frequently compromise anyway, since the GPL doesn't require someone to prepare code properly for upstream contribution. Thus, we all often accept compliance once someone completes the bare minimum of obligations literally written in the GPL, but give us a source release that cannot easily be converted to an upstream contribution. So, from that point of view, we're often accepting a less-than-optimal outcome. The GPL by itself does not inspire upstreaming; the other collaboration techniques that are enabled in our community because of the GPL work to finish that job, and adherence to the Principles assures that process can work. Having many people who work with companies in different ways assures that as a larger community, we try all the different strategies to encourage participation, and inspire today's violators to become tomorrow upstream contributors — as Harald mention has already often happened.

That same axis does include on rare but important compliance problem: when a violator is particularly savvy, and refuses to release very specific parts of their Linux code (as VMware did), even though the license requires it. In those cases, we certainly cannot and should not accept anything less than required compliance — lest companies begin holding back all the most interesting parts of the code that GPL requires them to produce. If that happened, the GPL would cease to function correctly for Linux.

After that part of the discussion, we turned to considerations of corporate contributors, and how they responded to enforcement. Wolfram Sang, one of the developers in Conservancy's coalition, spoke up on this point. He expressed that the focus on for-profit company contributions, and the achievements of those companies, seemed unduly prioritized by some in the community. As an independent contractor and individual developer, Wolfram believes that contributions from people like him are essential to a diverse developer base, that their opinions should be taken into account, and their achievements respected.

I found Wolfram's points particularly salient. My view is that Free Software development, including for Linux, succeeds because both powerful and wealthy entities and individuals contribute and collaborate together on equal footing. While companies have typically only enforce the GPL on their own copyrights for business reasons (e.g., there is at least one example of a major Linux-contributing company using GPL enforcement merely as a counter-punch in a patent lawsuit), individual developers who join Conservancy's coalition follow community principles and enforce to defend the rights of their users.

At the end of the session, I asked two developers who hadn't spoken during the session, and who aren't members of Conservancy's coalition their opinion on how enforcement was historically carried out by gpl-violations.org, and how it is currently carried out by Conservancy's GPL Compliance Program for Linux Developers. Both responded with a simple response (paraphrased): it seems like a good thing to do; keep doing it!

I finished up the session by inviting everyone to the join the principles-discuss list, where public discussion about GPL enforcement under the Principles has already begun. I also invited everyone to attend my talk, that took place an hour later at the OpenWrt Summit, which was co-located with ELC EU. Your browser does not support the element. Perhaps you can or .

In that talk, I spoke about a specific example of community success in GPL enforcement. As explained on the OpenWrt history page, OpenWrt was initially made possible thanks to GPL enforcement done by BusyBox and Linux contributors in a coalition together. (Those who want to hear more about the connection between GPL enforcement and OpenWrt can view my talk at https://sfconservancy.org/videos/2016-10-13_Kuhn_GPL-Enforcement-OpenWrt.mp4 )

Since there weren't opportunities to promote impromptu sessions on-site, this event was a low-key (but still quite nice) start to Conservancy's planned year-long effort seeking feedback about GPL compliance and enforcement. Our next session is an official BoF session at Linux Plumbers Conference, scheduled for next Thursday 3 November at 18:00. It will be led by my colleagues Karen Sandler and Brett Smith.

Posted by Bradley M. Kuhn on October 27, 2016.

We, the Debian project and the Tor project are enabling Tor onion services for several of our sites. These sites can now be reached without leaving the Tor network, providing a new option for securely connecting to resources provided by Debian and Tor.

The freedom to use open source software may be compromised when access to that software is monitored, logged, limited, prevented, or prohibited. As a community, we acknowledge that users should not feel that their every action is trackable or observable by others. Consequently, we are pleased to announce that we have started making several of the various web services provided by both Debian and Tor available via onion services.

While onion services can be used to conceal the network location of the machine providing the service, this is not the goal here. Instead, we employ onion services because they provide end-to-end integrity and confidentiality, and they authenticate the onion service end point.

For instance, when users connect to the onion service running at http://sejnfjrq6szgca7v.onion/, using a Tor-enabled browser such as the TorBrowser, they can be certain that their connection to the Debian website cannot be read or modified by third parties, and that the website that they are visiting is indeed the Debian website. In a sense, this is similar to what using HTTPS provides. However, crucially, onion services do not rely on third-party certification authorities (CAs). Instead, the onion service name cryptographically authenticates its cryptographic key.

In addition to the Tor and Debian websites, the Debian FTP and the Debian Security archives are available from .onion addresses, enabling Debian users to update their systems using only Tor connections. With the apt-transport-tor package installed, the following entries can replace the normal debian mirror entries in the apt configuration file (/etc/apt/sources.list):

  deb  tor+http://vwakviie2ienjx6t.onion/debian          jessie            main
  deb  tor+http://vwakviie2ienjx6t.onion/debian          jessie-updates    main
  deb  tor+http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates    main

Likewise, Tor's Debian package repository is available from an onion service :

  deb tor+http://sdscoq7snqtznauu.onion/torproject.org   jessie    main

Where appropriate, we provide services redundantly from several backend machines using OnionBalance. The Debian OnionBalance package is available from the Debian backports repository.

Lists of several other new onion services offered by Debian and Tor are available from https://onion.debian.org and https://onion.torproject.org respectively. We expect to expand these lists in the near future to cover even more of Debian's and Tor's services.

How might FLOSS project participants organize themselves with legal backing of their particular business or non-profit values? 

El Libro Blanco de Marina 

Manuel shared this:

Unfamous Resistenza escribió la siguiente entrada hace 12 horas

"Modern Prison" by Banksy

Artículo 17 del Pacto Internacional de Derechos Civiles y Políticos:
«1. Nadie será objeto de injerencias arbitrarias o ilegales en su vida privada, su familia, su domicilio o su correspondencia, ni de ataques ilegales a su honra y reputación.
2. Toda persona tiene derecho a la protección de la ley contra esas injerencias o esos ataques.».-

Artículo 11 de la Convención Americana sobre Derechos Humanos:
«1. Toda persona tiene derecho al respeto de su honra y al reconocimiento de su dignidad.
2. Nadie puede ser objeto de ingerencias arbitrarias o abusivas en su vida privada, en la de su familia, en su domicilio o en su correspondencia, ni de ataques ilegales a su honra o reputación.
3. Toda persona tiene derecho a la protección de la ley contra esas ingerencias o esos ataques.».-

Artículo 19 de la Constitución Nacional:
«1. Toda persona tiene derecho al respeto de su honra y al reconocimiento de su dignidad.
2. Nadie puede ser objeto de ingerencias arbitrarias o abusivas en su vida privada, en la de su familia, en su domicilio o en su correspondencia, ni de ataques ilegales a su honra o reputación.
3. Toda persona tiene derecho a la protección de la ley contra esas ingerencias o esos ataques.».-

Artículo 1071 bis del Código Civil: «El que arbitrariamente se entrometiere en la vida ajena, publicando retratos, difundiendo correspondencia, mortificando a otros en sus costumbres o sentimientos, o perturbando de cualquier modo su intimidad, y el hecho no fuere un delito penal, será obligado a cesar en tales actividades, si antes no hubieren cesado, y a pagar una indemnización que fijará equitativamente el juez, de acuerdo con las circunstancias; además, podrá éste, a pedido del agraviado, ordenar la publicación de la sentencia en un diario o periódico del lugar, si esta medida fuese procedente para una adecuada reparación.».-

Artículo 1770 del nuevo Código Civil y Comercial (Vigente a partir del 1º de agosto): «Protección de la vida privada. El que arbitrariamente se entromete en la vida ajena y publica retratos, difunde correspondencia, mortifica a otros en sus costumbres o sentimientos, o perturba de cualquier modo su intimidad, debe ser obligado a cesar en tales actividades, si antes no cesaron, y a pagar una indemnización que debe fijar el juez, de acuerdo con las circunstancias. Además, a pedido del agraviado, puede ordenarse la publicación de la sentencia en un diario o periódico del lugar, si esta medida es procedente para una adecuada reparación.».-

¡ Saludos cordiales !

Jorge ( proyectowww.com.ar/autor )

Niños, no hagan esto en casa, pueden salir lastimados xD

#vivoAlLimite #linux #img #kernelPanic #crash #debian #testing

Feliz Pascua de Resurrección! Happy Easter! Love and justice are the powers of the weak #goldenrule #powertothepeople

I just signed my opposition to #Wikimedia #MP4 support. #freecontent needs #freesoftware and #openstandards http://pili.la/rfcmp4