By Michael Catanzaro.
Major Linux distributions have a problem with WebKit security. Whereas major desktop browsers push automatic security updates directly to users on a regular basis so that users don’t have to worry about updates, Linux users are dependent on their distributions to release updates. Well over 100 vulnerabilities that could allow remote code execution were fixed in WebKit last year, so getting updates out to users is critical. This talk examines the disconnect between how the WebKit project handles security issues upstream and how different major distributions do (or do not) handle security issues, shows that WebKit security issues have widespread impact even for users who do not use a WebKit-based web browser, and discusses the security consequences of the split between the original WebKit API and WebKit2.
WebRTC From Asterisk to Headline - MoNageChad Hart
The realtime communications VoIP technology known as WebRTC is only 5 years old, but has accomplished great things already. With hundreds of millions of active users and an explosion of new use cases, WebRTC is in a good place. However, it does still face a few challenges as it expands like Apple support. This talk from MoNage in Boston gives some background on WebRTC, highlights major users, emerging use cases and challenges.
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Michael Man
Security Rationale For Istio
An introduction to Istio security, looking at how Istio helps to keeps your security team happy by satisfying Kubernetes security requirements for multi-tenancy, and your developers happy by reducing implementation effort. Istio is still an evolving technology, and outstanding issues and impending improvements will be discussed.
Presented by: Lin Sun, IBM
Presented at All Things Open 2020
Abstract: Do you really need microservices? The Istio team have made an architecture decision to change the Istio control plane components from microservices to monolithic to simplify Istio. Come and hear why we did it and how it simplifies Istio operation experience, along with many other changes we made to simplify Istio.
Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...Docker, Inc.
If you want to compromise millions of machines and users, software distribution and software updates are an excellent attack vector. Using public cryptography to sign your packages is a good starting point, but as we will see, it still leaves you open to a variety of attacks. This is why we designed TUF, a secure software update framework. TUF helps to handle key revocation securely, limits the impact a man-in-the-middle attacker may have, and reduces the impact of repository compromise. We will discuss TUF's protections and integration into Docker's Notary software, and demonstrate new techniques that could be added to verify other parts of the software supply chain, including the development, build, and quality assurance processes.
WebRTC From Asterisk to Headline - MoNageChad Hart
The realtime communications VoIP technology known as WebRTC is only 5 years old, but has accomplished great things already. With hundreds of millions of active users and an explosion of new use cases, WebRTC is in a good place. However, it does still face a few challenges as it expands like Apple support. This talk from MoNage in Boston gives some background on WebRTC, highlights major users, emerging use cases and challenges.
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Michael Man
Security Rationale For Istio
An introduction to Istio security, looking at how Istio helps to keeps your security team happy by satisfying Kubernetes security requirements for multi-tenancy, and your developers happy by reducing implementation effort. Istio is still an evolving technology, and outstanding issues and impending improvements will be discussed.
Presented by: Lin Sun, IBM
Presented at All Things Open 2020
Abstract: Do you really need microservices? The Istio team have made an architecture decision to change the Istio control plane components from microservices to monolithic to simplify Istio. Come and hear why we did it and how it simplifies Istio operation experience, along with many other changes we made to simplify Istio.
Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...Docker, Inc.
If you want to compromise millions of machines and users, software distribution and software updates are an excellent attack vector. Using public cryptography to sign your packages is a good starting point, but as we will see, it still leaves you open to a variety of attacks. This is why we designed TUF, a secure software update framework. TUF helps to handle key revocation securely, limits the impact a man-in-the-middle attacker may have, and reduces the impact of repository compromise. We will discuss TUF's protections and integration into Docker's Notary software, and demonstrate new techniques that could be added to verify other parts of the software supply chain, including the development, build, and quality assurance processes.
Digium 'Demo & Eggs' Breakfast Presentation slides, as shown at WebRTC World III on November 21, 2013.
These slides we used in a presentation which also featured a live demo of a WebRTC-enabled Asterisk appliance (based on a Raspberry Pi just for fun) serving a web page that contained the JsSIP soft phone.
Audience members were able to connect to our WiFi network and use Chrome or Firefox to browse to this page, and them make a call to each other, to a Digium phone, to hear a message from Allison (THE Voice of Asterisk) or to go into a conference call with each other.
What is WebRTC? How it benefits developers? Is WebRTC a recognized standard? How RingCentral is using WebRTC? How RingCentral is involved in WebRTC? What the future of WebRTC looks like?
Clarifying common concerns/excuses for not doing WebRTC, including: ORTC vs. WebRTC standards battle, video codec interoperability, Microsoft support, Apple support, future of Flash/RTMFP, standards status, and WebRTC bugs. Includes some pointers for dealing with the unique nature of WebRTC.
This presents the Grid Manager and Network Instrumentation service on top of KITE, which allow to test any communication system with total programmatically control over the network. Test the behaviour of your (or your competitor's) communication system or more specifically the bandwidth estimation, congestion control, adaptation, .......
By Antonio Gomes.
(c) BlinkOn 7 (Sunnyvale, California)
Jan 31 - Feb 01, 2017
https://docs.google.com/document/d/1jlpsfv0kXCveOEX5l75aATgRXbcAvwyse4Tn6jVprWs/edit
An update on WebRTC for Astricon 2016 including some history, WebRTC's massive traction recently, Apple, Microsoft, codecs, standards, and tips for working with WebRTC
Collaboration Webinar topic: OpeVPN on Mikrotik
Presenter: Supono
Moderator : Achmad Mardiansyah
In this collab webinar series, We are discussing OpeVPN on Mikrotik
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
The recording is available On :
https://youtu.be/4crJPuRTB1s
Lab Exercise: IBM Blockchain runs also on LinuxONE, see it in action!Anderson Bassani
This laboratory covers a Blockchain implementation running on an IBM LinuxONE Server. Second, you will learn how to deploy a Hyperledger Fabric using Dockers Containers. Originally presented at IBM Systems Technical University, Sao Paulo, Atibaia, 2016.
M2M for Java Developers: MQTT with Eclipse Paho - Eclipsecon Europe 2013Dominik Obermaier
Talk from the EclipseCon 2013.
Mobile devices like smartphones and tablet computers became an integral part of our modern world and single-board computers like Raspberry Pi are cheaper today than at any time before. Simple and open Machine-to-Machine (M2M) protocols like MQTT enable these devices to communicate in an efficient manner, even in scenarios with unreliable und instable networks. This talk shows how Eclipse Paho - an Eclipse umbrella project for M2M protocols - can be utilized for professional and personal projects to build efficient and scalable solutions for (mobile) devices.
MobileTea Boston presentation on getting started with WebRTC. Includes:
*References on major WebRTC deployments
*WebRTC use cases
*What WebRTC is
*Intro to the WebRTC API's
*How to start developing with WebRTC
*WebRTC scaling challenges
*Chad's favorite WebRTC resources
Chad Hart of webrtcHacks and Voxbone provides a market update on WebRTC to open WebRTC Boston #4. Chad give a quick background on WebRTC, talks about recent announcements, reviews browser support, discusses Microsoft, Safari, and standards status
These slides from my talk at the buildingIoT conference discuss how to secure communication with the Internet of Things protocol "MQTT". It discusses Network, Host, Application and Data Security and also covers advanced topics like OAuth 2.0 and X509 client certificate authentication.
ModSecurity 3.0 and NGINX: Getting StartedNGINX, Inc.
On demand version can be accessed at https://www.nginx.com/resources/webinars/modsecurity-3-0-and-nginx-getting-started/
The long-awaited ModSecurity 3.0 is available now. ModSecurity 3.0 is a complete rewrite of ModSecurity, and is the first version to work natively with NGINX. ModSecurity 3.0 loads into NGINX as a dynamic module.
Watch this webinar to learn:
- A brief history of the ModSecurity project
- How ModSecurity stops Layer 7 attacks
- What’s changed with ModSecurity 3.0 and how it integrates with NGINX
- How to install and configure ModSecurity with both open source NGINX and NGINX Plus
Digium 'Demo & Eggs' Breakfast Presentation slides, as shown at WebRTC World III on November 21, 2013.
These slides we used in a presentation which also featured a live demo of a WebRTC-enabled Asterisk appliance (based on a Raspberry Pi just for fun) serving a web page that contained the JsSIP soft phone.
Audience members were able to connect to our WiFi network and use Chrome or Firefox to browse to this page, and them make a call to each other, to a Digium phone, to hear a message from Allison (THE Voice of Asterisk) or to go into a conference call with each other.
What is WebRTC? How it benefits developers? Is WebRTC a recognized standard? How RingCentral is using WebRTC? How RingCentral is involved in WebRTC? What the future of WebRTC looks like?
Clarifying common concerns/excuses for not doing WebRTC, including: ORTC vs. WebRTC standards battle, video codec interoperability, Microsoft support, Apple support, future of Flash/RTMFP, standards status, and WebRTC bugs. Includes some pointers for dealing with the unique nature of WebRTC.
This presents the Grid Manager and Network Instrumentation service on top of KITE, which allow to test any communication system with total programmatically control over the network. Test the behaviour of your (or your competitor's) communication system or more specifically the bandwidth estimation, congestion control, adaptation, .......
By Antonio Gomes.
(c) BlinkOn 7 (Sunnyvale, California)
Jan 31 - Feb 01, 2017
https://docs.google.com/document/d/1jlpsfv0kXCveOEX5l75aATgRXbcAvwyse4Tn6jVprWs/edit
An update on WebRTC for Astricon 2016 including some history, WebRTC's massive traction recently, Apple, Microsoft, codecs, standards, and tips for working with WebRTC
Collaboration Webinar topic: OpeVPN on Mikrotik
Presenter: Supono
Moderator : Achmad Mardiansyah
In this collab webinar series, We are discussing OpeVPN on Mikrotik
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
The recording is available On :
https://youtu.be/4crJPuRTB1s
Lab Exercise: IBM Blockchain runs also on LinuxONE, see it in action!Anderson Bassani
This laboratory covers a Blockchain implementation running on an IBM LinuxONE Server. Second, you will learn how to deploy a Hyperledger Fabric using Dockers Containers. Originally presented at IBM Systems Technical University, Sao Paulo, Atibaia, 2016.
M2M for Java Developers: MQTT with Eclipse Paho - Eclipsecon Europe 2013Dominik Obermaier
Talk from the EclipseCon 2013.
Mobile devices like smartphones and tablet computers became an integral part of our modern world and single-board computers like Raspberry Pi are cheaper today than at any time before. Simple and open Machine-to-Machine (M2M) protocols like MQTT enable these devices to communicate in an efficient manner, even in scenarios with unreliable und instable networks. This talk shows how Eclipse Paho - an Eclipse umbrella project for M2M protocols - can be utilized for professional and personal projects to build efficient and scalable solutions for (mobile) devices.
MobileTea Boston presentation on getting started with WebRTC. Includes:
*References on major WebRTC deployments
*WebRTC use cases
*What WebRTC is
*Intro to the WebRTC API's
*How to start developing with WebRTC
*WebRTC scaling challenges
*Chad's favorite WebRTC resources
Chad Hart of webrtcHacks and Voxbone provides a market update on WebRTC to open WebRTC Boston #4. Chad give a quick background on WebRTC, talks about recent announcements, reviews browser support, discusses Microsoft, Safari, and standards status
These slides from my talk at the buildingIoT conference discuss how to secure communication with the Internet of Things protocol "MQTT". It discusses Network, Host, Application and Data Security and also covers advanced topics like OAuth 2.0 and X509 client certificate authentication.
ModSecurity 3.0 and NGINX: Getting StartedNGINX, Inc.
On demand version can be accessed at https://www.nginx.com/resources/webinars/modsecurity-3-0-and-nginx-getting-started/
The long-awaited ModSecurity 3.0 is available now. ModSecurity 3.0 is a complete rewrite of ModSecurity, and is the first version to work natively with NGINX. ModSecurity 3.0 loads into NGINX as a dynamic module.
Watch this webinar to learn:
- A brief history of the ModSecurity project
- How ModSecurity stops Layer 7 attacks
- What’s changed with ModSecurity 3.0 and how it integrates with NGINX
- How to install and configure ModSecurity with both open source NGINX and NGINX Plus
Compiling and Optimizing Your Own Browser with WebKitSencha
Webkit is the layout engine behind Safari, Chrome and almost every mobile browser. But did you ever wonder how to build WebKit yourself? In this session, you'll learn the simple steps, along with never-seen-before techniques, on how to experiment with WebKit on your own. You'll learn how to find the root of various performance problems, automate a wide array of regression tests, and see how WebKit works to produce the render tree, resolve complex styling, execute scripts, and more.
A Browser for the Automotive: Introduction to WebKit for Wayland (Automotive ...Igalia
By Silvia Cho.
Given the popularity of HTML5 and web technologies, browsers have become an essential technology in almost all industries, including the automotive. Because of its complexity, it is very important to understand the pros and cons of the available choices before making a decision. This talk aims to explain and compare each of the available open source options.
WebKit is a web rendering engine with a generic part (WebCore, JSEngine), and ports for specific platforms that implement bits like rendering, networking or multimedia. GTK+, EFL and Wayland ports are available. Blink is fork of WebKit from which several projects have evolved such as Chromium, Crosswalk, and CEF. During the presentation, Silvia will explain and compare each them and provide more details of WebKit for Wayland which has several advantages for the IVI system.
Por José María Casanova Crespo.
El próximo 23 de febrero se impartirá en el CiTIUS el workshop Licencias Software Libre, en el que se ofrecerá una visión introductoria sobre el licenciamiento de software y los principales ejes temáticos que lo caracterizan: derechos y obligaciones, impacto y otros aspectos relacionados con su uso, en particular relacionado con su distribución de forma binaria o en formato de código fuente. Durante la sesión, de hora y media de duración, se abordarán también otros temas de posible interés para los asistentes, caso de la compatibilidad de licencias o los pasos a seguir para el licenciar un software propio.
(c) CiTIUS, CC-BY-SA 4.0
https://citius.usc.es/novidades/eventos/freesoftwarelicenses
23 Febrero 2017
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Lessons from Contributing to WebKit and BlinkBruno Abinader
Being one of the most successful open source projects to date, WebKit development process consists of a series of protocols and strict policies in order to obtain committer and reviewer status. Blink follows a similar approach with committers and scoped code owners, in a similar fashion as Linux Kernel does with its subsystem maintainers. Their open source success is due to not only solid support from major technology companies, but also to the high quality and automated testing performed on patches before submission. In this presentation, Bruno explains how the development process of both WebKit and Blink projects are - from submitting well-tested patches with strict policies to check, get review from community, and commit upstream via commit-queue system (including early warning system bots). This is a very practical talk with live demonstrations of patch submissions on both projects.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
L'analisi del Patch Tuesday di Ivanti va oltre l'applicazione di patch alle tue applicazioni e ti offre le informazioni e la guida necessarie per stabilire le priorità su cui concentrare la tua attenzione.
Add the power of the Web to your embedded devices with WPE WebKitIgalia
The Web engine is the most important component of a Web Browser: it makes it possible to fetch and interpret web content, allowing users to interact with it. WebKit, the Open Source Web engine used in Web browsers like Safari, provides an architecture particularly well-designed for embedded platforms, making it popular not just for Apple devices, but for all sorts of Linux-based environments too (e.g. set-top-boxes, smart home appliances..). However, a Web engine is a complex piece of software and often not optimized for low-power computers.
This is where WPE, a Linux-based Open Source “port” of WebKit for embedded devices, comes in. Its low memory footprint and focus on simplicity, flexibility, and performance allows for the kind of customization needed to run on bespoke hardware and integrate with a wide variety of requirements. WPE is also developed upstream as part of the WebKit project and regularly published every 6 months via stable releases, guaranteeing that it’s up-to-date with the latest developments in the WebKit community.
In this talk, we will explore WPE in detail, see how the project has evolved, and look at where it’s heading next, highlighting some of its most popular use cases and some experiments that open up brand-new possibilities for this port of WebKit.
(c) Embedded Recipes 2023
5th Edition
September 2023, 28 to 29
Paris - France
https://embedded-recipes.org/2023/
https://www.youtube.com/watch?v=rdiETUGD6dg
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
Rejoignez-nous ce mois-ci pour un récapitulatif des correctifs de sécurité Microsoft et d’applications tierces publiés à l’occasion du Patch Tuesday. Nous discuterons notamment des vulnérabilités à surveiller, des produits à tester et des correctifs à déployer en priorité.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
El análisis del Patch Tuesday de Ivanti va más allá de la aplicación de parches a sus aplicaciones y le ofrece la inteligencia y orientación necesarias para priorizar dónde debes enfocarte. Consulta los últimos análisis en nuestro blog Ivanti y únete a los expertos del sector en el webinar de Patch Tuesday. En él profundizaremos en cada uno de los informes y ofreceremos orientación sobre los riesgos asociados a las vulnerabilidades más recientes.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Similar to WebKit Security Updates (GUADEC 2016) (20)
A Year of the Servo Reboot: Where Are We Now?Igalia
Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry.
(c) Embedded Open Source Summit 2024
April 16-18, 2024
Seattle, Washington (US)
https://events.linuxfoundation.org/embedded-open-source-summit/
https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia
Building End-user Applications on Embedded Devices with WPEIgalia
The Web engine is the most important component of a Web Browser, enabling
developers to harness the power of the Web Platform to build their
applications. However, Web Browsers are not the only type of applications that
can be built with Web Engines, which can also be used to develop other types of
applications using the same Web-based technologies, but for a different type of
use cases other than "browsing the Web".
These use cases can cover a wide range of situations outside of the traditional
desktop or mobile environments, such as the ones embedded systems are usually
used for (e.g. set-top-boxes, smart home appliances, GPS navigation devices, or
in-car/in-flight infotainment systems, to name a few). And in those situations
it is very common to be running on boards with SoCs and a particular set of HW
capabilities that make it crucial for the Web Engine to be able to tightly
integrate with them.
In this session we will focus on how WPE, a fully Open Source port of the
WebKit Web engine for Linux-based embedded devices, can be used to adapt to the
different challenges that embedded devices pose to develop end-user
applications, using the power of the Web Platform underneath.
(c) Embedded Open Source Summit 2024
April 16-18, 2024
Seattle, Washington (US)
https://events.linuxfoundation.org/embedded-open-source-summit/
https://eoss24.sched.com/event/1aNTr/building-end-user-applications-on-embedded-devices-with-wpe-mario-sanchez-prada-igalia
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
The Raspberry Pi 5 was announced on October 2023. This new version of the
popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU
platform, and was released with a fully open source driver stack, developed by
Igalia. The presentation will discuss some of the major changes required to
support this new Video Core iteration, the challenges we faced in the process
and the solutions we provided in order to deliver conformant OpenGL ES and
Vulkan drivers. The talk will also cover the next steps for the open source
Raspberry Pi 5 graphics stack.
(c) Embedded Open Source Summit 2024
April 16-18, 2024
Seattle, Washington (US)
https://events.linuxfoundation.org/embedded-open-source-summit/
https://eoss24.sched.com/event/1aBEx
Automated Testing for Web-based Systems on Embedded DevicesIgalia
Every day, embedded devices are becoming more powerful and capable of running
more elaborate applications. Among these applications are Web-based ones,
enabling to leverage features from the Web APIs to the embedded context, either
through a generic browser running a traditional Web application or through a
customized Web engine tightly integrated within the system.
But such capabilities usually bring new challenges, like testing user
interactions with the application using the embedded device's specific I/O
methods, such as gestures, or inspecting Web application internals with
JavaScript. In this context, using a browser automation framework such as
WebDriver, which is a W3C standard supported by WebKit Web engine, allows
testing Web-based applications on such devices as if the user were actually
using it, alongside running custom JS code.
In this session, we will cover why we need browser automation for testing on
certain types of embedded devices, with a focus on WebDriver as the proposed
tool to achieve that goal. We will also discuss WebDriver's main features and
limitations, as well as other possible approaches and frameworks that could be
considered for this kind of task.
(c) Embedded Open Source Summit 2024
April 16-18, 2024
Seattle, Washington (US)
https://events.linuxfoundation.org/embedded-open-source-summit/
https://eoss24.sched.com/event/1aeSx/automated-testing-for-web-based-systems-on-embedded-devices-lauro-moura-igalia
Embedding WPE WebKit - from Bring-up to MaintenanceIgalia
Embedded devices have become powerful enough to run Web content a decade ago,
and any modern SoC that can run Linux and includes a GPU is a potential
candidate to hide a Web engine under the surface. How did it made it there?
Does it only show Web content? What else can it do? The talk will cover
bring-up tips to build and get WPE WebKit working on your custom embedded
device and make your own simple Web browser, as well as the best practices for
keeping the system up to date. No less important is integration with the rest
of the system: this session will detail the possibilities that WebKit brings to
the table, including how to add new JavaScript APIs which call into native code
to provide tight, performant access to platform functionality.
(c) Embedded Open Source Summit 2024
April 16-18, 2024
Seattle, Washington (US)
https://events.linuxfoundation.org/embedded-open-source-summit/
https://eoss24.sched.com/event/1aBFQ/embedding-wpe-webkit-from-bring-up-to-maintenance-adrian-perez-de-castro-igalia
This talk dives into how the scheduler impacts your gameplay on Linux and
unveils our journey to smoother gameplay. How does task scheduling impact Linux
gaming? Suboptimal task scheduling can cause stuttering while playing games on
the Steam Deck game console. First, we nail down the enemy. What exactly is
"stuttering," and how can we measure its impact on your gameplay? Next, we
extensively analyzed the characteristics of game tasks from the scheduler’s
point of view. Characterizing task behavior in Linux gaming helps to understand
why some schedulers create much stuttering and others create less and to unveil
the secrets behind smooth vs. choppy performance. Lastly, we will share our
progress on the optimized scheduler for reducing the stuttering problems in
Linux gaming, especially Steam Deck. We implemented the scheduling policy based
on sched_ext, a BPF-based extensible scheduling framework.
(c) Open Source Summit North America 2024
April 16-18, 2024
Seatle, Washington (US)
https://events.linuxfoundation.org/open-source-summit-north-america/
https://ossna2024.sched.com/event/1aBOT/optimizing-scheduler-for-linux-gaming-changwoo-min-igalia
So, we are adding a backend for the SpiderMonkey’s codegen to enable JIT
support for JavaScript running through Wasm. Sounds a bit cryptic so let’s
divide it into parts.
SpiderMonkey is a JavaScript engine which is used for running JavaScript inside
the Firefox browser. SpiderMonkey is written in C++ and supports compilation
into the Wasm module, see live demo -
https://mozilla-spidermonkey.github.io/sm-wasi-demo/. However, SpiderMonkey
compiled into the Wasm module supports execution of JavaScript only in the
interpreter-only mode and it doesn’t support just-in-time compilation because
there is no Wasm backend for that. There are backends for Arm, X86, X64 etc but
there is none for Wasm.
Why do we want to add support for JIT? Well, because we want speed. Right now
there is no solution to run JS scripts via Wasm fast, there are only
interpreters.
Why does JIT improve performance?
The reasons are the same for why an interpreter is slower than a compiler -
because it eliminates the interpreter loop, uses a more efficient ABI and, more
importantly, it can specialize polymorphic operations in JavaScript. So, we not
only enable the JIT tier in SpiderMonkey for Wasm but we also provide support
for inline caches.
Inline caches is a mechanism for specializing the behavior of particular
operations like plus or a call to specific arguments provided at runtime.
With all that we can generate Wasm modules on the fly, instantiate them, and
link them to provide from ~2x to ~11x speedup over the interpreter. In the
talks we will cover how the whole scheme works with SpiderMonkey: 1. How to
link modules on the fly into SpiderMonkey.wasm 2. How to add an exotic Wasm
backend into SpiderMonkey’s supported backend line - X64, X86, Arm, Wasm 3. How
to use the whole solution in the cloud instead of QuickJS 4. How to get a
speedup of your JS over wasm with test data.
Wasm I/O 2024
14 - 15 Mar, 2024
Barcelona
https://2024.wasmio.tech/
To crash or not to crash: if you do, at least recover fast!Igalia
What could be possibly worse that an almost unbeatable boss in
a game or a tough maze that consume hours of gameplay with not
much progress? How about a Linux kernel crash that makes you
lose all the game progress with no apparent reason or feedback?
Though rare, it is a real possibility that would make gamers
quite annoyed, given that Linux is used more and more as a
platform for playing games.
Some technologies are available to collect logs and feedback
the user in case such disastrous events happen, mostly related
with kernel crashes handling mechanisms. The main ones available
are kdump and pstore, but still there are work to be done in
this area...
In this talk we're going to present the basics about kernel
crash handling, like how a kernel panic might happen, how to
deal with that (with an overall discussion about kdump and
pstore techs) and the kdumpst tool, developed specially to
deal with this situation on Steam Deck (and generically on
Arch Linux); also we're gonna discuss some missing
pieces / ideas to make it even less likely gamers need to
complain that their device just got hang for no reason!
FOSForums 2023
Aug 26 - Aug 27, 2023
Institute of Computing, State University of Campinas (Unicamp)
Campinas, São Paulo, Brazil
https://www.fosforums.org/
Introducción a Mesa. Caso específico dos dispositivos Raspberry Pi por IgaliaIgalia
Nesta charla impartida por Alejandro Piñeiro de Igalia, darase unha introdución
a Mesa, librería open-source para o desenvolvemento de drivers gráficos.
Explicarase a súa historia, os seus compoñentes máis importantes, que
utilidades proporcionan aos desenvolvedores e unha lista de hardware ás que dan
soporte. Finalmente explicarase o caso concreto do soporte proporcionado para
as GPUs dos dispositivos da serie Raspberry Pi, centrándonos nas Raspberry Pi 4
e Raspberry Pi 5
Igalia é unha empresa galega, con sede na Coruña, especializada en servizos de
consultoría, e que desenvolve solucións innovadoras de código aberto para un
gran conxunto de plataformas de software e hardware. En Igalia traballan nas
áreas máis interesantes do software de código aberto, incluídos navegadores,
gráficos e multimedia.
Igalia desenvolveu os controladores OpenGL ES 3.1 e Vulkan 1.2 conformes para a
GPU VideoCore VII Broadcom que se fornece coa nova Raspberry Pi 5.
Alejandro Piñeiro é enxeñeiro de Software e socio en Igalia, é desenvolvedor de
Software Libre desde 2004. A súa experiencia inclúe unha variedade de proxectos
de GNOME e freedesktop.org, enfocándose desde 2015 en Mesa, especificamente os
drivers Intel e Broadcom. É un dos responsables do desenvolvemento do
controlador Broadcom Vulkan para Raspberry Pi 4 & 5.
Máis información en https://aindustriosa.org/Mesa/
Esta actividade está patrocinada pola Xunta de Galicia e pola Axencia Para a
Modernización Tecnolóxica (AMTEGA).
(c) A Industriosa
https://aindustriosa.org
28 de Outubro (Vigo)
Chimera Linux is a novel Linux distribution built around FreeBSD core tools and
the LLVM toolchain. Since its initial launch in 2021, it has made a lot of
progress and is now in alpha stage. The system can be deployed on a wide array
of hardware and many people are using it as their desktop system; it works on
x86_64, AArch64, POWER (little and big endian) as well as RISC-V and by now
comes with thousands of packages.
While trying to be practical, Chimera is also highly hardened, partly thanks to
the LLVM toolchain, rendering it immune to various security issues other
distros are vulnerable to. It has transparent and robust infrastructure,
ensuring smooth deployment of packages. We are also developing various new
tooling that the whole ecosystem can benefit from, including the Turnstile
session tracker. Service management is based around Dinit, a modern,
supervising system; we maintain and create a variety of tooling around it,
trying to break the existing status quo with systemd, while abandoning legacy
approaches.
2023 has seen several major milestones, so I will focus on these, while also
giving a short overview so that people unfamiliar with the system don't feel
lost. I will also explain how our work benefits the entire Linux ecosystem, as
well as beyond.
(c) FOSDEM 2024
3 & 4 February 2024
https://fosdem.org/2024/schedule/event/fosdem-2024-2524-2023-in-chimera-linux/
For the last 3 years, I've been building a complete Linux distribution, Chimera
Linux (https://chimera-linux.org) using solely LLVM as its system toolchain -
that means Clang, compiler-rt, and libc++, alongside its other tooling. Right
now, it is a complete desktop system that is already used by many, with a
familiar GNOME interface and thousands of packages, targeting 5 CPU
architectures. In this talk I would like to focus on my experiences using the
toolchain, what obstacles got in the way, how I dealt with them, the issues
that are still left and I would like to see addressed, the many benefits using
LLVM gave the project, and overall give the audience an insight into practical
deployment of LLVM in a project where it isn't simply a drop-in alternative to
GCC.
(c) FOSDEM 2024
3 & 4 February 2024
https://fosdem.org/2024/schedule/event/fosdem-2024-2555-building-a-linux-distro-with-llvm/
turnip: Update on Open Source Vulkan Driver for Adreno GPUsIgalia
Turnip changed a lot since the last status update. You could now run AAA
desktop games via FEX + Turnip, Adreno 7xx is now supported, Turnip is used by
emulators on Android, and more!
(c) FOSDEM 2024
3 & 4 February 2024
https://fosdem.org/2024/schedule/event/fosdem-2024-2033-turnip-update-on-open-source-vulkan-driver-for-adreno-gpus/
Graphics stack updates for Raspberry Pi devicesIgalia
This talk will show the efforts done in the Open-Source graphics stack for
supporting Raspberry Pi devices. Although the talk will focus on the recently
launched new Raspberry Pi 5, we will show the improvements done for previous
generations of the Raspberry Pi hardware.
Raspberry Pi 5 has available FLOSS GPU drivers on product launch, exposing
OpenGL-ES 3.1 and Vulkan 1.2. We'll go through the changes needed to enable
desktop OpenGL 3.1 on RPi4/5.
We will also review the changes done to the kernel driver to expose the RPi5
capabilities and the new GPU stats support for RPi4/5.
Finally, we will show the work done to use Wayfire as the default Wayland
compositor on the Raspberry Pi OS.
- https://www.mesa3d.org/
- https://www.raspberrypi.com/
- https://wayfire.org/
(c) FOSDEM 2024
3 & 4 February 2024
https://fosdem.org/2024/schedule/event/fosdem-2024-2841-graphics-stack-updates-for-raspberry-pi-devices/
Delegated Compositing - Utilizing Wayland Protocols for Chromium on ChromeOSIgalia
This talk will cover our experience in utilizing Wayland subsurfaces and
implementing delegated compositing for Chromium on ChromeOS. Several concepts
will be covered - from overlay making decision in Chromium/Viz to design and
implementation of custom Wayland protocols, which were required to pass frame
data as overlays via Wayland and reconstruct that frame on the Wayland server
side.
(c) FOSDEM 2024
3 & 4 February 2024
https://fosdem.org/2024/schedule/event/fosdem-2024-3177-delegated-compositing-utilizing-wayland-protocols-for-chromium-on-chromeos/
MessageFormat: The future of i18n on the webIgalia
Internationalization in JavaScript and on the web platform is very complicated,
but also vastly important for us developers in order to build accessible and
intelligible interfaces. Thankfully, Unicode Consortium's MessageFormat working
group and TC39 have been hard at work standardizing the next generation of i18n
tooling that aims to unify analogous non-standard tools in use today while
approaching this problem from a fresh perspective.
Join me along this tour of i18n in JavaScript, discover some of the newest
additions to the toolkit and learn about the ongoing MessageFormat proposal and
how it aims to radically improve the developer experience.
(c) FOSDEM 2024
3 & 4 February 2024
https://fosdem.org/2024/schedule/event/fosdem-2024-2832-messageformat-the-future-of-i18n-on-the-web/
Replacing the geometry pipeline with mesh shadersIgalia
This talk will discuss the problems with the traditional vertex processing
pipeline and present how mesh shading solves these problems. Instead of
processing a fixed set of input vertices, mesh shaders can create an arbitrary
topology of vertices and primitives. Mesh shading also includes a new solution
for geometry amplification: task shaders.
The talk should be scheduled before Timur's talk about implementing mesh
shaders in the RADV Mesa driver.
(c) X.Org Developer Conference (XDC) 2022
October 4-6, 2022
Minneapolis, Minnesota, USA
https://indico.freedesktop.org/event/2/
Let's talk about developing AMD display drivers in the DRM subsystem as an
external contributor. Part of this work is a trail of breadcrumbs to build
documentation. What are those breadcrumbs? How do they help to review, fix,
improve and enable features of AMD drivers? How would both sides benefit if
those pieces of information were already documented? We are gathering
information from anywhere and also bothering experts for input. Ultimately,
this presentation focuses on AMD driver development but may fit DRM drivers of
any GPU vendors.
(c) X.Org Developer Conference (XDC) 2022
October 4-6, 2022
Minneapolis, Minnesota, USA
https://indico.freedesktop.org/event/2/
There has been a lot of activity in V3DV, the Vulkan driver for Raspberry Pi 4,
over the last year: we have significantly reworked our synchronization code,
obtained Vulkan 1.1 conformance, implemented Vulkan 1.2 support, continued to
work on compiler optimizations and more.
In this talk I would like to go through the main development milestones and
changes we implemented in the driver as well as discussing some limitations of
the underlying hardware platform that have discouraged us from implementing
features such as scalar block layout or fp16.
(c) X.Org Developer Conference (XDC) 2022
October 4-6, 2022
Minneapolis, Minnesota, USA
https://indico.freedesktop.org/event/2/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Essentials of Automations: Optimizing FME Workflows with Parameters
WebKit Security Updates (GUADEC 2016)
1. August 12, 2016 KARLSRUHE
WebKit Security Updates
Michael Catanzaro (mcatanzaro@gnome.org)
2. WebKit Security Updates 2
Browser security in 45 seconds
Vulnerabilities: buffer overflows, null pointer dereferences, use-after-frees, etc.
Vulnerabilities let attackers craft exploits to gain control of your computer/phone
user account
Vulnerabilities can be mitigated by a sandbox (Chromium, Flatpak) or by
language (Rust)
3. WebKit Security Updates 3
WebKit Ports
macOS port
iOS port
Apple Windows port
WinCairo port
WebKitGTK+
WebKitEFL
(What about Chromium. . . ?)
(What about QtWebKit. . . ?)
4. WebKit Security Updates 4
WebKitGTK+
Desktop Linux + not Qt = WebKitGTK+
Flagship application is GNOME Web (Epiphany)
Other examples: Anjuta, Banshee, Devhelp, Emacs, Empathy, Evolution, Geany,
Geary, GIMP, gitg, GNOME Builder, GNOME Documents, GNOME Initial Setup,
GNOME Notes (Bijiben), GNOME Online Accounts, GnuCash, gThumb, Liferea,
Midori, Rhythmbox, Shotwell, Sushi, Yelp (GNOME Help)
Until recently, no security advisories
5. WebKit Security Updates 5
WebKit2: The Great API Break
WebKitGTK+ < 2.0: WebKit1 (and WebKit2 betas)
WebKitGTK+ 2 <= 2.4.x: WebKit1 and WebKit2
WebKitGTK+ >= 2.6.x: WebKit2
Supported transition period was two years (from 2.0 in March 2013 until 2.6 in
September 2014)
149 public vulnerabilities in WebKitGTK+ 2.4.9
Limited security update 2.4.10 fixes 27 of those
WebKit2 adoption is going very slowly
Considering removing WebKit1 apps from Fedora to speed things up
6. WebKit Security Updates 6
Recommended distros for WebKit: Arch, Fedora, Mageia
Arch: WebKitGTK+ 2.12.3
Fedora 24: WebKitGTK+ 2.12.3
Fedora 23: WebKitGTK+ 2.12.3
Mageia 5: WebKitGTK+ 2.12.3
Arch and Fedora: A
Recent Mageia update took two months, maybe still in updates-testing(?): B
10. WebKit Security Updates 10
Debian
Zero security updates for stable
Debian Testing (Stretch): WebKitGTK+ 2.12.3
Debian 8.5 (Jessie): WebKitGTK+ 2.6.2 (106 public vulnerabilities)
Jessie Backports: WebKitGTK+ 2.12.0 (4 public vulnerabilities, all 4 RCE)
Debian 7.11 (Wheezy): WebKitGTK+ 1.8.1 (WebKit1)
11. WebKit Security Updates 11
Debian
Debian 8 includes several browser engines which are affected by a steady
stream of security vulnerabilities. The high rate of vulnerabilities and partial
lack of upstream support in the form of long term branches make it very
difficult to support these browsers with backported security fixes.
Additionally, library interdependencies make it impossible to update to newer
upstream releases. Therefore, browsers built upon the webkit, qtwebkit and
khtml engines are included in Jessie, but not covered by security support.
These browsers should not be used against untrusted websites.
For general web browser use we recommend Iceweasel or Chromium.
Chromium – while built upon the Webkit codebase – is a leaf package, which
will be kept up-to-date by rebuilding the current Chromium releases for
stable. Iceweasel and Icedove will also be kept up-to-date by rebuilding the
current ESR releases for stable.
12. WebKit Security Updates 12
Why not update?
Stuck on WebKit1 (RHEL, SLED, old Debian/Ubuntu)
Fear of regressions (modern Debian, Ubuntu)
Not paying attention (everyone else)
13. WebKit Security Updates 13
Why not patch downstream?
Highly impractical
Requires specialized expertise to handle conflicts
How to decide which patches to take, if not following upstream?
14. WebKit Security Updates 14
Vulnerabilities are bad, but keep things in perspective
Vulnerabilities are not exploits
You are still relatively safe from non-targeted exploits using GNU/Linux
Be more concerned about man-in-the-middle attacks: WebKit1 apps rarely do
proper certificate verification (e.g. Midori, Xombrero, Raspberry Pi browser,
Banshee, Shotwell)