Free Software Foundation

Boston, MA

Fighting for essential freedoms for computer users since 1985.

  • 2016-09-29T19:37:55Z via Dianara To: Public CC: Followers

    Friday Working together for Free Software Directory IRC meetup: September 30th

    >> Free Software Foundation:

    “[...] Friday Working together for Free Software Directory IRC meetup: September 30th [...]”

    That would work better in the "Title" field ;)

    JanKusanagi at 2016-09-29T19:41:31Z

    Stephen Michael Kellat likes this.

  • 2016-09-29T19:09:09Z via Dianara To: Public CC: Followers

    Licensing resource series: Free GNU/Linux distributions & GNU Bucks shared this.

  • GnuPG this Past Summer | Great recap of the work in the community

    2016-09-28T14:53:34Z via Dianara To: Public CC: Followers

    Read online:

    As usual, Werner has made a cornucopia of contributions. He improved --quick-addkey and --quick-gen-key, he changed gpg-agent and dirmngr to exit if their sockets disappear, he added an assuan logging monitor, he implemented new export and import filters, he did some work on g13, he added /run/user/UID/gnupg sockets, he introduced an option (--recipient-file) to work directly with keys stored in a file, and he made a number of improvements to GPGME including adding TOFU support.

    The filtering changes allow controlling what packets are imported or exported. For instance, if you want to only keep a single user id when exporting a key, you could use:

    gpg --no-options --import-options import-export \

    --import-filter keep-uid='mbox = joe at' \

    --import < >

    More information about this feature is available in his note to the GnuPG mailing list or gpg's documentation.

    The --recipient-file option is an oft-requested feature, which allows working with keys without importing them.

    Werner also fixed a critical bug in the way the mixer in the random number generator stirred the pool. Specifically, the bug allowed an attacker who obtains 580 bytes from the standard random number generator (RNG) to trivially predict the next 20 bytes of output. Fortuitously, this bug does not affect the default generation of keys (more details).

    Justus continued to improve our new test suite for GnuPG. The improvements included not only fixes to the new scheme-based driver, but also a bunch of new tests. A couple of the changes included bug fixes to TinySCHEME. Unfortunately, the upstream developers don't appear to be interested in the fixes.

    Most of Justus' time recently has been focused not on the test suite, but on improving the Python bindings for GPGME. This work was started by Ben McGinnes, who contributed an initial port of the PyME bindings to Python 3. Justus finished this port, restored Python 2 compatibility, and added more pythonic interfaces (e.g., making everything work with objects implementing the buffer protocol like byte strings). The low-level interface has, however, been retained and existing applications should continue to work (if not, this is a bug, please file a bug report). He also ported the GPGME test suite to the Python bindings. This uncovered a number of latent bugs in the bindings, which he fixed. From our perspective, these are now the official Python bindings for GPGME: we've added them to the GPGME repository, and we will continue to maintain them in the foreseeable future. Nevertheless, to be more compatible with Python developers' work flow, we are also packaging pyme3 for pypi, which means that the bindings can be installed using pip install pyme3. More information is available in Justus' blog post.

    Justus also set up a Jenkins host for continuous integration. In addition to running make check for each commit under several configurations, it also runs the checks with various sanitizers enabled. This has already prevented a number of minor bugs from making it into releases.

    Andre has made a number of end-user facing contributions. The most notable is for users of Kleopatra, which now has new dialogs for File Encryption and Decryption / Verification. These greatly reduce the number of required interactions to perform these operations. He also worked on the new file type registration on Windows so that decrypting a file only requires a double click. Additionally, he has continued his work on the GnuPG plugin for Outlook, which should be released with gpg3win-3 this fall. The code is already in good form, and testers are encouraged to check it out together with the new Kleopatra (see Test version of Gpg4win-3.) Andre has also been working on improving KMail's gpg support. One of the focuses of this work has been adding TOFU support to the libraries used by KMail. Andre also merged the C++ and Qt bindings for GPGME from KDE into the official GPGME repository. This included a port of the C++ API to pure standard C++ without boost, and the removal of some KDE-Framework use in the Qt bindings so that the bindings now only require Qt 5 base. This should make working with gpg in a Qt application even more convenient. In particular, executing operations asynchronously is very easy. Finally, Andre fixed some CRL-related bugs in dirmngr.

    Kai's recent work has focused on porting Mailpile to use GPGME rather than its own wrapper, which only works with GnuPG 1.4. Unfortunately, many projects decide to take a similar approach to Mailpile, and write their own code to interact with gpg. As a reminder, we strongly encourage all developers to not directly interact with gpg, but to use GPGME, which is not only more complete, but also has seen a lot of testing. We realize that GPGME's interface's are not always ideal, however, we are open to suggestions for improvements, and feature requests. Similarly, if you don't understand how to do what you want using GPGME, we encourage you to ask for help on the gnupg-devel mailing list.

    Jussi Kivilinna has continued his work optimizing libgcrypt. In the recent past, most of his effort was spent on implementing assembly versions of various cryptographic functions for the ARMv8/AArch32 architecture.

    Niibe worked on mitigating the recently published Flip Feng Shui exploit. Flip Feng Shui uses a cross-VM, row hammer-based exploit to change the trusted.gpg file, which is used by Debian's package manager apt to verify downloads, and apt's sources.list file, which determines where packages are downloaded from, in a controlled manner. This allows attackers to replace packages that are installed with their own versions. The fix is to make sure that gpgv always checks that self-signatures are valid.

    Niibe also spent time improving GnuPG's smartcard support. This has primarily consisted of many small, but important improvements including smartcard support for ECC keys and various bug fixes. Further, Niibe investigated adding signature verification for ssh keys stored in the authorizedkeys file. This would allow detecting corrupted keys, which could happen via a Flip Feng Shui-type attack. Although there is some support for signature verification in ssh, Niibe discovered that this particular mode of operation is not yet supported by ssh-agent.

    Finally, Niibe has released a new version of GnuK (1.2.1). GnuK is a fully free cryptographic token (hardware and software). Not only is GnuK based on free software, but the entire hardware specification is open, and the parts are relatively easy to buy and assemble. The GnuK token can be ordered from seeed or the FSF.

    As usual, dkg contributed various clean ups and bug fixes. He contributed a patch to avoid publishing the GnuPG version by default, and another to improve --quick-revuid. He also provided a patch to reenable exporting secret keys without a passphrase, which was possible in gpg 1.4 and 2.0, but, due to various technicalities, was not possible in 2.1. dkg also started a discussion about having systemd manage gpg's daemons. This would ensure that GnuPG's daemons are stopped when the user logs out. He provided patches, but so far these changes have not yet been accepted.

    Ben Kibbey made a number of contributions. Among his bug fixes and clean ups, he fixed the OpenIndiana (Solaris) builds.

    I (Neal) returned from a several month sabbatical. My first order of business was to tie up some loose ends with the TOFU support in GnuPG. Among other things, I added several checks to reduce the number of gratuitous conflicts. In particular, if two keys have the same email address and are cross signed, then they are almost certainly controlled by the same person. In fact, this is a usual way of indicating key rotation. I also set the default policy to "good" for keys that the user has directly signed.

    Jason Self likes this.

    Frédéric Couchet shared this.

  • 2016-09-28T14:31:26Z via Web To: Public CC: Followers

    Free Software Directory meeting recap for September 23rd, 2016

    Read online:

    Check out the great work our volunteers accomplished at the last Free Software Directory meeting.

    Every week free software activists from around the world come together in #fsf on to help improve the Free Software Directory. This recaps the work we accomplished on the Friday, September 23rd, 2016 meeting.

  • What do you have to say? Share it at LibrePlanet 2017

    2016-09-27T20:15:58Z via Dianara To: Public CC: Followers

    Read online:

    Today is the 33rd anniversary of the announcement of the GNU Project, so we've got freedom on our minds. LibrePlanet 2017 is coming! The next installment of this annual celebration of user freedom is happening March 25-26, 2017 in the Boston area. The call for proposals is open now, until November 14th, 2016. General registration, exhibitor registration, and volunteer applications will open soon.

    Do you have a free software-related topic to teach or talk about? You've got until Wednesday, November 14th, 2016 at 18:59 EST (23:59 UTC) to submit your proposals.

  • GNU was announced 33 years ago today! Happy Birthday GNU!

    2016-09-27T16:20:26Z via Dianara To: Public CC: Followers

    Juan Antonio Añel , victorhck , Francisco M García Claramonte , ximoberna and 6 others like this.

    Anuxi VM , ximoberna , GNUstav Huarcaya , B. Ross Ashley and 2 others shared this.


    Happy birthday, and thanks for all your hard work! \o/

    JanKusanagi at 2016-09-27T16:31:51Z

    Free Software Foundation , EVAnaRkISTO like this.

    Great work!!! Happy birthday to all.

    elio at 2016-09-27T22:14:00Z

  • FSF Job Opportunity: Senior GNU/Linux Systems Administrator

    2016-09-23T20:27:32Z via Dianara To: Public CC: Followers

    The Free Software Foundation (FSF), a Massachusetts 501(c)(3) charity with a worldwide mission to protect computer user freedom, seeks a motivated and talented Boston-based individual to be a full-time Senior GNU/Linux Systems Administrator.

    This position, reporting to the executive director and working closely with the president, is an opportunity to make key contributions to the organization that started the GNU Project, launched the free software movement, and authored the GNU General Public License. The position is part of a technical team including a counterpart Senior Systems Administrator, a Web Developer, and many volunteers, tasked with maintaining and improving the FSF's technology infrastructure.

  • 2016-09-23T14:32:24Z via Web To: Public CC: Followers

    Join our community meetup in Washington, DC this evening. We'll be discussing our work for computer user freedom and enjoying some free-as-in-refreshments refreshments.
  • 2016-09-23T13:19:38Z via Dianara To: Public CC: Followers

    Software Heritage is searching for a Paris-based front-end web developer

  • 2016-09-22T20:27:26Z via Dianara To: Public CC: Followers

    Deadline extended for the FSF Job Opportunity: Copyright and Licensing Associate 

  • Calling all free software supporters: It's time to renew our shop inventory!

    2016-09-22T16:00:04Z via Dianara To: Public CC: Followers

    In advance of the Fall fundraiser and Winter holidays, we at the Free Software Foundation (FSF) want to make sure we have the snazziest possible selection of useful and stylish apparel, books, and other items.

    Read online:

    roy , Marcos like this.

    Iñaki Arenaza shared this.

  • 2016-09-22T14:21:52Z via Dianara To: Public CC: Followers

    Friday "Back to School" Free Software Directory IRC meetup: September 23rd #FSDirectory

  • 2016-09-20T14:41:58Z via Dianara To: Public CC: Followers

    Emacs 25.1 is released! Check out the new features! #Emacs

    catonano , amz3 , sirgazil , Francisco M García Claramonte and 3 others like this.

  • 2016-09-20T14:27:54Z via Dianara To: Public CC: Followers

    Check out the Free Software Directory meeting recap for September 16th  #FSDirectory

    Careful with those Twitter pastes, please... that link is actually linking to the crappy spy shortener...

    Also, titles are nice and helpful ;)

    Real link:

    EDIT: although, even better, we don't need shorteners here, with all their added problems:

    JanKusanagi at 2016-09-20T14:37:06Z

    Claes Wallin (韋嘉誠) , mray , B. Ross Ashley like this.

    >> JanKusanagi:

    “Careful with those Twitter pastes, please... that link is actually linking to the crappy spy shortener...

    Also, titles are nice and helpful ;)

    Real link:
    EDIT: although, even better, we don't need shorteners here, with all their added problems:”

    No necesitamos esos "acortadores" aquí ni en algún otro lugar. Y ahora que al otro lado dejaron de contrar los enlaces como parte de sus "140 caracteres", espero que esos servicios desaparezcan.

    GNUstav Huarcaya at 2016-09-20T14:57:02Z

    EVAnaRkISTO likes this.

  • 2016-09-20T13:26:07Z via Web To: Public CC: Followers

    Meeting notes show @W3C's having trouble finishing their new #DRM standard. Another reason to drop it and let its charter expire. #TPAC2016

    Jason Self , Alex Jordan , B. Ross Ashley like this.

    Alex Jordan , Iñaki Arenaza , Defective by Design shared this.

  • 2016-09-15T13:47:17Z via Dianara To: Public CC: Followers

    Free Software Directory IRC meetup this Friday, September 16th: updating entries for accessibility software

  • 2016-09-13T14:43:13Z via Web To: Public CC: Followers

    Free Software Directory recapping the "Golden Oldies" meeting 
  • 2016-09-13T13:30:04Z via Web To: Public CC: Followers

    ThinkPenguin is looking for a GNU/Linux Desktop Support Tech / Assistant #FSJOBS

    Christopher Allan Webber likes this.

    EricxDu , Christopher Allan Webber shared this.

  • 2016-09-01T15:55:35Z via Web To: Public CC: Followers

    Publishers must let online readers pay for news anonymously | Richard Stallman

    B. Ross Ashley , victorhck like this.

  • 2016-08-30T19:25:20Z via Web To: Public CC: Followers

    The internet wins again -- we got strong net neutrality rules in Europe. Thank you for your activism!

    Alex Jordan , martinho , EVAnaRkISTO like this.

    martinho , EVAnaRkISTO shared this.