Stream music from your phone to Fedora Workstation

Have you ever had an awesome song on your phone, and want to listen to it on your desktop without moving the file over? Or want to easily listen to your preferred streaming music service easily on your computer? Fedora… Continue Reading →

New features in Juju 1.23

  A little over a month ago Juju 1.23 hit the prime time and brought with it a flurry of bug fixes and new features. Below are a highlight of the exciting new things Juju can do as of 1.23, or feel free to dig into the release notes for all the details.   Support […]

Microsoft Wants to Support and Contribute to the OpenSSH Community

On June 2, the PowerShell Team at Microsoft had the great pleasure of announcing that they will support and contributed to the OpenSSH community in order to deliver better SSH support in the PowerShell and Windows SSH software solutions.

Apparently…

Treasure Hunter – Astromancer Outfit

Four faction outfits and pets, plus the Astromancer outfit up for grabs!

Community Spotlight: Solomon Kitumba and Benjamin Lutaaya Kiyita

For our June community spotlight, we’d like to highlight the efforts of two men in Uganda who are working hard to grow their local community and bring more university students into the Drupal fold. In 2014, the two were awarded a Community Cultivation Grant for their Uganda University Drupal Tour program, which will be discussed in today’s spotlight.

For close to three years, Solomon Kitumba(solomonkitumba) and Benjamin Lutaaya Kiyita(benjaminkyta) of Kampala, Uganda, have been working with Drupal. Solomon, a Drupal front end developer, owns Kyta Labs, a mobile and web app development company. Benjamin, a Drupal Dev Ops and UI/UX Developer, is active both in the local Drupal community and in the local Linux community as well. Both men share a fascination with open source, and encountered the same obstacles when learning Drupal — which led them to team up and forge a better path for other Ugandans.

Initially, both Solomon and Benjamin learned Drupal software through online tutorials found on Lynda.com and YouTube, and through free eBooks as well. One struggle that the two bumped up against — and still struggle with — is the lack of a physical space where their local community can come together to teach new Drupalers, learn from each other, and give each other support.

“One of the biggest challenges we have faced is a lack of collaborative space where drupalers can meet daily,” said Solomon.” In our city, there’s nowhere where we can work on solutions together and learn from each other. There are a couple of these places for mobile developers, but we lack one for web people in Kampala.

“We’ve used our Drupal careers to create a presence in the local tech industry,” said Solomon by email. “People know who to talk to if they want to discuss Drupal and getting paid to develop using Drupal. Initially, our local community was pretty inactive. There were a few people who knew how to use Drupal, but lacked the force and momentum to get good attendance at events and meetups. We’ve been working to attract more people, like site builders and module developers, and we’ve seen a lot of growth in our local community because of it.”

And how have the two grown the Drupal community in Uganda?

“We started doing some outreach to use local universities as meeting spaces, but they’re so far from the main city that it became very costly. Getting together outside of the city means dealing with expenses like hotel fees, transportation costs, and a few other things, and those costs would put our projects at a standstill in times when we can’t afford it.”

However, the outreach to nearby universities — though expensive — has its benefits. “We’re doing a lot of work to get university students interested in Drupal while they are still at school. Students have a lot of time available to learn new things, so we put together a Drupal University tour that we are still conducting, and so far it has been very well received.”

For Solomon and Benjamin, the university tour seemed like a natural extension of the work they’d been doing at local meetups.

“We got the idea from the tech meetups we attended in Kampala that were also attended by university students in the same field. They were all curious about the platforms we use to build our online technologies, and we told them about Drupal. After the meetups they knew it was a CMS and a few of them could even install it — but that was it. We asked ourselves how we could help these students learn Drupal more easily, which led us to the idea of holding training through the major universities in Uganda. And for us, it just made sense to call the campaign the Drupal University Tour.”

Planning the University Tour was no easy task: the duo encountered no small amount of hesitation from universities, and came up against financial obstacles as well. “We started off by writing down the things we would need, and figured out from there how we would hold the trainings — what we would teach specifically, and so on. Then, we started communicating with the department heads of the universities we wanted to train at. Some of them were hesitant at first, but eventually they accepted our proposal.

“When we were preparing the tour, we realized that we needed funding for the whole campaign. The universities weren’t ready to financially facilitate our sessions, so we applied for the Drupal Community Cultivation Grant. Through it, we were awarded $1,488 USD, and we were able to kick off the tour.”

The two knew that, for maximum efficacy, they’d have to go to a number of different schools to speak to as many students as possible. So they decided to go to the best schools in the country. “We went to all the major universities in Uganda. Makere University, Kampala International University, Kyambogo University, and Mbara University of Science and Technology were all on our list. Because of scheduling conflicts, we weren’t able to run the tour in the timeframe we had planned, but we eventually made it. And, we managed to have a little money left over — about $50 USD, which was enough for us to go to another institution called Datamine Technical Institute. So they were able to benefit from the campaign as well,” Solomon concluded.

The Drupal University tour has been a big success, the two felt.

“We spent a day teaching the students about Drupal itself as a software. We taught them about making contributions to the development, such as by submitting code to the project. We also emphasized the power of both the local and global Drupal communities, and discussed what a big benefit it is,” Solomon said. “We talked about how to share resources with people in the Drupal community, and how we can mobilize both locally and internationally to help people learn Drupal and organize training.”

We couldn’t be more thrilled and grateful for the work that Solomon and Benjamin have done. We often hear conversations about the difficulties of bringing new talent into the Drupal community, and the work that Solomon and Benjamin have done is invaluable, both for their local community and for the wider Drupal world. Thank you for your work!

Drupal 8 Security bug bounty program: Get paid to find security issues in D8

Drupal 8 is nearing release, and with all the big architectural changes it brings, we want to ensure D8 upholds the same level of security as our previous releases. That’s where you come in!

The security team is using monies from the D8 Accelerate fund to pay for valid security issues found in Drupal 8, from now until August 31, 2015 (open to extension). This program is open for participation by anyone.

How does this work?

Install a local copy of Drupal 8 from Git (https://www.drupal.org/project/drupal/git-instructions). Find security issues such as XSS, SQL Injection, CSRF, Access Bypass etc. If you find any, go to www.bugcrowd.com/drupal and submit them. You will have to sign up for an account on bugcrowd.com for this. Bugcrowd is a crowdsourced security bug finding platform suggested by security team members, and it is used by many, including LastPass, Pinterest, Heroku, Pantheon, and CARD.com.

I can get paid to do this?

We will be paying anywhere from $50-$1000 per issue. The more serious the issue, the more the security team will be paying. Issues must first be confirmed by a security team member before being approved for payment. You must provide a detailed explanation of the issue and steps to reproduce the issue. The quality of your report will be taken into account when assigning a value to it. We will also take into account the severity of the security issue.

Can I get paid for finding issues in contrib or Drupal 7?

No, however if you do find security issues in Drupal core other than version 8 or in contrib projects please submit them via our issue reporting process.

Who is running this program?

The Drupal Security Team with funds from the D8 Accelerate program.

If I find something will I get credit?

Yes, just like our regular reporting policy you will get credit as long as you don’t disclose it until a fix is released. If an issue is suitable for public discussion, we will disclose it and give you credit.

Do all security issues count?

If a task requires the attacker to have one of the following roles it would not count:
Access site reports (a.k.a. “View site reports”), Administer filters, Administer users, Administer permissions, Administer content types, Administer site configuration, Administer views, Translate interface.

Issues excluded from the bounty program:
– Descriptive error messages (e.g. Stack Traces, application or server errors).
– HTTP 404 codes/pages or other HTTP non-200 codes/pages.
– Fingerprinting / banner disclosure on common/public services.
– Disclosure of known public files or directories, (e.g. robots.txt).
– Clickjacking and issues only exploitable through clickjacking.
– CSRF on forms that are available to anonymous users (e.g. the contact form).
– Logout Cross-Site Request Forgery (logout CSRF).
– Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality.
– Lack of Secure/HTTPOnly flags on non-sensitive Cookies.
– Lack of Security Speedbump when leaving the site.
– Username enumeration
– Missing HTTP security headers, specifically (https://www.owasp.org/index.php/List_of_useful_HTTP_headers), e.g.
– Strict-Transport-Security
– X-Frame-Options
– X-XSS-Protection
– X-Content-Type-Options
– Content-Security-Policy, X-Content-Security-Policy, X-WebKit-CSP
– Content-Security-Policy-Report-Only
– SSL Issues, e.g.
– SSL Attacks such as BEAST, BREACH, Renegotiation attack
– SSL Forward secrecy not enabled
– SSL weak / insecure cipher suites
– Other exceptions not listed.

However, we would still like to know about it, and you will still get credit for it. but we will not be issuing payments for it.

I have a question not listed here

Email security@drupal.org

Drupal version: 

Development Release: antiX 15 Beta 3

The antiX development team has announced the availability of the third beta build of antiX 15, a lightweight Debian-based distribution designed for (not only) older computers. Like the distribution’s previous beta releases, this one also uses SysVInit…

Tuska World Event

Gielinor must unite to face the World Eater!

Distribution Release: Peppermint OS Six

Mark Greaves, lead developer of the Peppermint OS distribution, has announced a new release of the Ubuntu-based distribution. Peppermint OS Six offers users an updated Linux kernel (version 3.16), the VLC multimedia player and the Nemo file manager. "Peppermint is excited to announce the launch of our latest….

Nautilus (Files) File Manager to Get a Major Update for GNOME 3.18

The Nautilus (Files) open-source file manager used in numerous GNU/Linux distributions has been updated recently as part of the GNOME 3.17.2 desktop environment, the second milestone towards GNOME 3.18.

According to the attached release notes, Nautilus 3.17.2, which is the first unstable milestone towards Nautilus 3.18, brings numerous under-the-hood and user-visible changes, but it also fixes many of the bugs that have been reported by users or discovered by the Nautilus d…

Waiting for Mageia 5: Spotlight on UEFI support

This article is addressed to users with some technical background. Summary for the non-techie: Mageia 5 supports UEFI, which means it’s now easier to install it on recent hardware. Bottom line: after the initial installation, which might be a little … Continue reading

Here’s What’s New in Ubuntu Touch OTA-4 Update

We reported yesterday, May 28 that the major OTA-4 update for the Ubuntu Touch mobile operating system from Canonical will finally arrive sometime in the middle of next week.

Today, May 29, we are happy to inform you that the entire list of Ubuntu Phone updates has been published by Canonical on their Ubuntu Insights…

Development: Re: GNOME 3.15.2

Sorry, too late on Friday evening; this of course is GNOME 3.17.2, not 3.15.2


On 29 May 2015 at 18:56, Javier Jardón <jjardon< at >gnome.org> wrote:



GNOME: Goodbye Marco

The GNOME project is sad to have learnt that Marco Pesenti Gritti recently passed away after a long fight with cancer. Marco made major contributions to GNOME, having been the original author of both the Epiphany (also known as “Web”) browser and Evince, the GNOME PDF reader. Besides his significant contributions and technical ability, Marco was known as a good friend who served as an inspiration to many within the community.

Members of the GNOME community have expressed their sadness at Marco’s death. Xan López, the current Epiphany maintainer, wrote: “I remember fondly working with Marco on Epiphany many years ago. His patience and good character were instrumental in getting me involved with GNOME and Free Software”. Another contributor, Tomeu Vizoso, said: “He reviewed my first patches ever to a free software project and his contagious enthusiasm was what put into motion my career in open source.”

GNOME wasn’t the only community that Marco was a part of: he also played an important role in the development of Sugar, a platform which focused on education and the developing world.

Our thoughts are with Marco’s family and friends at this difficult time.

The Document Foundation announces LibreOffice Viewer for Android

Berlin, May 28, 2015 – LibreOffice, the best free office suite on the desktop, is available on Android as a native application for viewing ODF documents. The app can be installed from Google Play Store at http://tdf.io/androidviewer. Direct download of the APK and download from other app stores will be made available at http://www.libreoffice.org/download/android-viewer. LibreOffice […]

Valve Changes the Tux Logo with the SteamOS One, Users Are Now Confused

So this just happened! It would appear that Valve just took the decision, without asking users first, to change the Tux logo with the SteamOS one on both the Steam website and the desktop client.

As a result, the entire

Service Disruption – Miami

We’re currently investigating some networking issues with our provider for our Miami datacentre.

Fedora 22 for ARM Promises to Be a Game Changer

Peter Robinson has announced that Fedora 22 for AArch64, a community-driven and -built operating system, has been released and is now available for download.

We saw the release of Fedora 22 yesterday, for the regular architectures, but now we also get a chance to install and run the AArch64 version of the distro, which is built specifically for 64-bit ARM architecture. Despite the fact that it runs on a very different hardware platform, there aren’t any differences from the…

LMDE 1 will reach EOL on January 1st 2016

The first release of Linux Mint Debian, i.e. LMDE 1 “debian”, will reach End Of Life on January 1st 2016.

If you are using LMDE 1, please upgrade to LMDE 2 “Betsy” by following the instructions at http://blog.linuxmint.com/?p=2830

Alternatively, you can switch to the following long term support releases, via a fresh installation:

  • Linux Mint 13 “Maya”, supported until 2017.
  • Linux Mint 17 “Qiana” or 17.1 “Rebecca”, supported until 2019.

Distribution Release: ALT Linux 7.0.5

Andrey Cherepanov has announced the release of ALT Linux 7.0.5, a set of Linux distributions that include the "Centaurus", "KDesktop" and "Schools Suite" variants, as well as "Simply Linux" (for the home/office desktop). "Centaurus", shipping with the MATE 1.6.0 desktop environment, is the project’s default edition. From the….