open source

309 Articles

Git Good, By Playing A Gamified Version Of Git

April 12, 2024 by 6 Comments

What better way to learn to use Git than a gamified interface that visualizes every change? That’s the idea behind Oh My Git! which aims to teach players all about the popular version control system that underpins so many modern software projects.

Git good, with a gameified git interface.

Sometimes the downside to a tool being so ubiquitous is that it tends to be taken for granted that everyone already knows how to use it, and those starting entirely from scratch can be left unsure where to begin. That’s what creators [bleeptrack] and [blinry] had in mind with Oh My Git! which is freely available for Linux, Windows, and macOS.

The idea is to use a fun playing-card interface to not only teach players the different features, but also to build intuitive familiarity for operations like merging and rebasing by visualizing in real-time the changes a player’s actions make.

The game is made with beginners in mind, with the first two (short) levels establishing that managing multiple versions of a file can quickly become unwieldy without help. Enter git — which the game explains is essentially a time machine — and it’s off to the races.

It might be aimed at beginners, but more advanced users can learn a helpful trick or two. The game isn’t some weird pseudo-git simulator, either. The back end uses real git repositories, with a real shell and git interface behind it all. Prefer to type commands in directly instead of using the playing card interface? Go right ahead!

Oh My Git! uses the free and open-source Godot game engine (not to be confused with the Godot machine, a chaos-based random number generator.)

FLOSS Weekly Episode 777: Asterisk — Wait, Faxes?

April 3, 2024 by 9 Comments

This week Jonathan Bennett and David Ruggles sit down with Joshua Colp to talk about Asterisk! That’s the Open Source phone system software you already interact with without realizing it. It started as a side project to run the phones for Linux Support Services, and it turned out working on phone systems was more fun than supporting Linux. The project grew, and in the years since has landed at Sangoma, where Joshua holds the title of Asterisk Project Lead.

Asterisk is used in call centers, business phone systems, and telecom appliances around the world. But how does it handle faxes, WebRTC, and stopping spam calls? Just kidding on that last one, still an unsolved problem.

Continue reading “FLOSS Weekly Episode 777: Asterisk — Wait, Faxes?”

Exploit The Stressed-out Package Maintainer, Exploit The Software Package

March 31, 2024 by 10 Comments

A recent security vulnerability — a potential ssh backdoor via the liblzma library in the xz package — is having a lot of analysis done on how the vulnerability was introduced, and [Rob Mensching] felt that it was important to highlight what he saw as step number zero of the whole process: exploit the fact that a stressed package maintainer has burned out. Apply pressure from multiple sources while the attacker is the only one stepping forward to help, then inherit the trust built up by the original maintainer. Sadly, [Rob] sees in these interactions a microcosm of what happens far too frequently in open source.

Maintaining open source projects can be a high stress activity. The pressure and expectations to continually provide timely interaction, support, and updates can easily end up being unhealthy. As [Rob] points out (and other developers have observed in different ways), this kind of behavior just seems more or less normal for some projects.

The xz/liblzma vulnerability itself is a developing story, read about it and find links to the relevant analyses in our earlier coverage here.

Security Alert: Potential SSH Backdoor Via Liblzma

March 29, 2024 by 34 Comments

In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package, that could potentially compromise SSH logins on Linux systems. The most detailed analysis so far seems to be by [Andres Freund] on the oss-security list.

The xz release tarballs from 5.6.0 in late February and 5.6.1 on March 9th both contain malicious code. A pair of compressed files in the repository contain the majority of the malicious patch, disguised as test files. In practice, this means that looking at the repository doesn’t reveal anything amiss, but downloading the release tarballs gives you the compromised code.

This was discovered because SSH logins on a Debian sid were taking longer, with more CPU cycles than expected. And interestingly, Valgrind was throwing unexpected errors when running on the liblzma library. That last bit was first discovered on February 24th, immediately after the 5.6.0 release. The xz-utils package failed its tests on Gentoo builds.

Continue reading “Security Alert: Potential SSH Backdoor Via Liblzma”

FLOSS Weekly Episode 776: Dnsmasq, Making The Internet Work Since 1999

March 27, 2024 by 4 Comments

This week Jonathan Bennett and Simon Phipps sit down with Simon Kelley to talk about Dnsmasq! That’s a piece of software that was first built to get a laptop online over LapLink, and now runs on most of the world’s routers and phones. How did we get here, and what does the future of Dnsmasq look like? For now, Dnsmasq has a bus factor of one, which is a bit alarming, given how important it is to keeping all of us online. But the beauty of the project being available under the GPL is that if Simon Kelley walks away, Google, OpenWRT, and other users can fork and continue maintenance as needed. Give the episode a listen to learn more about Dnsmasq, how it’s tied to the Human Genome Project, and more!

Continue reading “FLOSS Weekly Episode 776: Dnsmasq, Making The Internet Work Since 1999”

FLOSS Weekly Episode 775: Meshtastic Central

March 20, 2024 by 4 Comments

This week, Jonathan Bennett and Rob Campbell chat with Ben Meadors and Adam McQuilkin to talk about what’s new with Meshtastic! There’s a lot. To start with, your favorite podcast host has gotten roped into doing development for the project. There’s a new Rust client, there’s a way to run the firmware on Linux Native, and there’s a shiny new web-based flasher tool!

Continue reading “FLOSS Weekly Episode 775: Meshtastic Central”

Open-Source Solar Modules

February 5, 2024 by 13 Comments

As the price of solar panels continues to fall, more and more places find it economical to build solar farms that might not have been able to at higher prices. High latitude locations, places with more clouds than sun, and other challenging build sites all are seeing increased green energy development. The modules being used have one main downside, though, which is that they’re essentially a black box encased in resin and plastic, so if one of the small cells fails a large percentage of the panel may be rendered useless with no way to repair it. A solar development kit like this one from a group called Biosphere Solar is looking to create repairable, DIY modules that are completely open source, to help solve this issue.

The modular solar panel is made from a 3D printed holster which can hold a number of individual solar cells. With the cells placed in the layout and soldered together, they are then sandwiched between a few layers of a clear material like acrylic or glass with a seal around the exterior to prevent water intrusion. Since the project is open-source any number of materials can be used for the solar cell casing, and with the STL file available it’s not strictly necessary to 3D print the case as other manufacturing methods could be used. The only thing left is to hook up a DC/DC converter if you need one, and perhaps also a number of bypass and/or blocking diodes depending on your panel’s electrical layout.

The project is still in active development, and some more information can be found at the project’s website. While the “recyclability” of large-scale solar farms is indeed a problem, it’s arguably one which has been overblown by various interests who are trying to cast doubt on green energy. A small build like this won’t solve either problem anytime soon, so the real utility here would be for home users with small off-grid needs who want an open-source, repairable panel. It’s a great method to make sure solar technology is accessible and repairable for anyone that wants it, and in a way this approach to building hardware reminds us a lot of the Framework laptops.