Distribuir contenido

Edward Snowden will kick off LibrePlanet 2016 in Cambridge, Massachusetts

FSF - Mié, 01/27/2016 - 21:50

The annual free software conference will kick off at Massachusetts Institute of Technology's (MIT) Stata Center in Cambridge, Massachusetts on the morning of Saturday, March 19th with "The last lighthouse: Free software in dark times", in which Snowden (who will appear via a free software live video stream) and Daniel Kahn Gillmor will discuss free software, surveillance, power, and control of the future.


Daniel Kahn Gillmor
This work by Daniel Kahn Gillmor is licensed under a Creative Commons Attribution ShareAlike 4.0 International License.


Edward Snowden
Screenshot of Citizen Four by Praxis Films. by Laura Poitras is licensed under a Creative Commons Attribution 3.0

"We're thrilled and honored to be hosting this conversation. Edward Snowden has ignited desperately needed discussion around the world about the meaning of privacy, the power of governments and large corporations, and the impact of secretive technology on our freedom. I can't think of a more powerful way to launch this year's conference, and I can't wait to see what great things the LibrePlanet community of activists and developers will do with the energy," said FSF's executive director John Sullivan.

Edward Snowden is a former intelligence officer who served the Central Intelligence Agency (CIA), NSA, and Defense Intelligence Agency (DIA) for nearly a decade as a subject matter expert on technology and cybersecurity. In 2013, he revealed the NSA was unconstitutionally seizing the private records of billions of individuals who had not been suspected of any wrongdoing, resulting in the largest debate about reforms to US surveillance policy since 1978. Today, he works on methods of enforcing human rights through the application and development of new technologies. He joined the board of Freedom of the Press Foundation in February 2014.

Daniel Kahn Gillmor is a technologist with the ACLU's Speech, Privacy and Technology Project, and a free software developer. He's a Free Software Foundation Associate member, a member of Debian, a contributor to a wide range of free software projects, and a participant in protocol development standards organizations like the Internet Engineering Task Force (IETF), with an eye toward preserving and improving civil liberties and civil rights through our shared infrastructure.

For the third year in a row, LibrePlanet will be held at MIT's Stata Center in Cambridge, Massachusetts, on March 19th and 20th, 2016. Co-presented by the Free Software Foundation and MIT's Student Information Processing Board (SIPB), the rest of the LibrePlanet program will be announced soon.

Registration for LibrePlanet is now open. Admission to the conference is gratis for FSF members and students.

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software — particularly the GNU operating system and its GNU/Linux variants — and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

More information about the FSF, as well as important information for journalists and publishers, is at https://www.fsf.org/press.

Media Contacts

Georgia Young
Program Manager
Free Software Foundation
+1 (617) 542 5942
georgia@fsf.org

Categorías: Software Libre

What's your vision for the FSF? Fill out our survey.

FSF - Sáb, 01/09/2016 - 02:03

We continue to rely on the expertise of the free software movement to inform our initiatives and strategies. Taking the first step into our next thirty years, we want to hear your feedback, your suggestions, and your vision for the future of the FSF.

Fill out the survey now!

The survey takes only five to fifteen minutes to complete, and it will be up until the end of January. The FSF eagerly awaits the results, and we plan to publicly share insights from them.

It's important that this survey reach a large and diverse range of people who use free software or care about it. Please share it by whatever means will reach your friends best — social media (hashtag #fsfsurvey), email, IRC, or word of mouth.

One more thing: Our yearly fundraiser is ending soon. We need to raise $450,000 by the end of January to continue being a guiding light for free software and to turn the results of this survey into action. Please become a member for $10 a month, or make a one-time donation to help us reach our goal.

Media Contacts

Zak Rogoff
Campaigns Manager
Free Software Foundation
+1 (617) 542 5942 x31
campaigns@fsf.org

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software — particularly the GNU operating system and its GNU/Linux variants — and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

More information about the FSF, as well as important information for journalists and publishers, is at https://www.fsf.org/press.

Categorías: Software Libre

[20151207] - Core - SQL Injection

Joomla Security - Mar, 12/22/2015 - 02:24
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.0.0 through 3.4.6
  • Exploit type: SQL Injection
  • Reported Date: 2015-December-15
  • Fixed Date: 2015-Decemer-21
  • CVE Numbers: requested
Description

Inadequate filtering of request data leads to a SQL Injection vulnerability.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.6

Solution

Upgrade to version 3.4.7

Contact

The JSST at the Joomla! Security Centre.

Reported By: Georgios Papadakis
Categorías: Joomla

[20151206] - Core - Session Hardening

Joomla Security - Mar, 12/22/2015 - 02:20
  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 1.5.0 through 3.4.6
  • Exploit type: Remote Code Execution
  • Reported Date: 2015-December-15
  • Fixed Date: 2015-December-21
  • CVE Number: requested
Description

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.4.6

Solution

Upgrade to version 3.4.7

Contact

The JSST at the Joomla! Security Centre.

Reported By: Found by JSST and independently reported by Dennis Hermatski
Categorías: Joomla

Free Software Foundation submits comments to U.S. Department of Education encouraging free licensing for all grant-funded materials

FSF - Vie, 12/18/2015 - 23:35

The Department was seeking comments on proposed rules that would ensure that works created with competitive grant funds from the Department would be licensed to give the public and educational institutions the right to freely modify and distribute the works. The FSF's comment lauded this goal, but suggested an important wording change in the regulation to ensure that "the license must grant public permission to 'distribute modifications' or equivalently 'distribute adaptations.'" Earlier this month, the FSF also called on free software supporters to submit comments of their own, or add their signature to the FSF's filing.

"What the Department of Education is proposing is a great step for education and for computer user freedom. We submitted our comment, along with comments from our community, to ensure that the updated regulations create the greatest benefit: that all public grant-funded educational works carry the essential four freedoms," said FSF's executive director, John Sullivan.

In addition to the comments, the FSF provided the Department with a letter calling for a mechanism to submit comments electronically without the use of proprietary software. Currently, comments submitted digitally to federal agencies that participate in the eRulemaking Program require submission via the Regulations.gov interface. This interface requires the use of JavaScript that is not freely licensed.

When software is proprietary, that means that some company claims ownership of it, and through that ownership claim, imposes restrictions on users as to how they can or can't use the software. When the government requires citizens run such software, it is requiring that they accept the specific and arbitrary terms imposed by that company. The FSF's letter stresses that citizens should not be required to engage with any particular private company in order to participate in public proceedings, or use any governmental Web sites or network service.

"The public should be able to communicate with government agencies without being forced to use proprietary software. In this day and age, not providing a free software friendly mechanism of submitting comments in digital format creates a real barrier to communication and participation. In accordance with the same principles motivating this very NPRM, we encourage the Department of Education and other governmental agencies to offer methods of digital submission that do not require the use of proprietary JavaScript," said FSF's licensing and compliance manager, Joshua Gay.

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

More information about the FSF, as well as important information for journalists and publishers, is at https://www.fsf.org/press.

Media Contacts

Joshua Gay
Licensing and Compliance Manager
Free Software Foundation
+1 (617) 542 5942
licensing@fsf.org

Categorías: Software Libre

[20151205] - Session - Remote Code Execution Vulnerability

Joomla Security - Lun, 12/14/2015 - 20:00
  • Project: Joomla! Framework
  • SubProject: Session
  • Severity: High
  • Versions: 1.0.0 through 1.3.0
  • Exploit type: Remote Code Execution
  • Reported Date: 2015-December-13
  • Fixed Date: 2015-December-14
  • CVE Number: requested
Description

Browser information is not filtered properly while saving the session values which leads to a Remote Code Execution vulnerability.

Affected Versions

Joomla! Framework Session package versions 1.0.0 through 1.3.0

Solution

Upgrade to version 1.3.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Uwe Flottemensch
Categorías: Joomla

[20151214] - Core - Remote Code Execution Vulnerability

Joomla Security - Lun, 12/14/2015 - 20:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 1.5.0 through 3.4.5
  • Exploit type: Remote Code Execution Vulnerability
  • Reported Date: 2015-December-13
  • Fixed Date: 2015-December-14
  • CVE Number: requested
Description

Browser information are not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.4.5

Solution

Upgrade to version 3.4.6

Unofficial fixes for Joomla! 1.5.x and 2.5.x will be provided: https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions Contact

The JSST at the Joomla! Security Centre.

Reported By: Uwe Flottemensch
Categorías: Joomla

[20151214] - Core - CSRF Hardening

Joomla Security - Lun, 12/14/2015 - 19:30
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.4.5
  • Exploit type: CSRF
  • Reported Date: 2015-November-26
  • Fixed Date: 2015-December-14
  • CVE Number: requested
Description

Add additional CSRF hardening in com_templates.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.5

Solution

Upgrade to version 3.4.6

Contact

The JSST at the Joomla! Security Centre.

Reported By: JSST
Categorías: Joomla

[20151204] - Core - Directory Traversal

Joomla Security - Lun, 12/14/2015 - 19:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.4.5
  • Exploit type: Directory Traversal
  • Reported Date: 2015-November-26
  • Fixed Date: 2015-December-14
  • CVE Number: requested
Description

Inadequate filtering of request data leads to a Directory Traversal vulnerability.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.5

Solution

Upgrade to version 3.4.6

Contact

The JSST at the Joomla! Security Centre.

Reported By: JSST
Categorías: Joomla

[20151214] - Core - Directory Traversal

Joomla Security - Lun, 12/14/2015 - 19:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.4.0 through 3.4.5
  • Exploit type: XML File Read Issue
  • Reported Date: 2015-November-26
  • Fixed Date: 2015-December-14
  • CVE Number: requested
Description

Fails to properly sanitise input data from the XML install file located within the package archive.

Affected Installs

Joomla! CMS versions 3.4.0 through 3.4.5

Solution

Upgrade to version 3.4.6

Contact

The JSST at the Joomla! Security Centre.

Reported By: JSST
Categorías: Joomla

Libreboot T400 laptop now FSF-certified to respect your freedom

FSF - Vie, 12/11/2015 - 22:05

This is the third Libreboot-series laptop from Minifree (formerly known as Gluglug) to achieve RYF certification, the first being the Libreboot X60 in December 2013, followed by the Libreboot X200 in January 2015. The Libreboot T400 can be purchased from Minifree at http://minifree.org/product/libreboot-t400/.

The Libreboot T400 is a refurbished and updated laptop based on the Lenovo ThinkPad T400. Just as with the Libreboot X200, in order to achieve the Free Software Foundation's RYF certification guidelines, Minifree had to replace the low-level firmware as well as the operating system. Microsoft Windows was replaced with the FSF-endorsed Trisquel GNU/Linux operating system, which includes the GNOME 3 desktop environment. The free software boot system of Libreboot and the GNU GRUB 2 bootloader were adapted to replace the stock proprietary firmware, which included a BIOS and Intel's Management Engine firmware.

The mission of both Libreboot and Minifree is to push the free software movement forward in a fundamental way, at the hardware and firmware level.

"While we don't require that companies selling Respects Your Freedom certified products also develop or fund free software projects directly, in the case of Minifree, sales of their products do directly fund the Libreboot project. It is doubly exciting to be able to endorse a new freedom-respecting hardware product while also encouraging people to support the development of an important free software project," said FSF's licensing & compliance manager, Joshua Gay.

"We call on more people and companies to get involved with Libreboot development. We also need hardware manufacturers to cooperate. This is a long battle, and one that the Libreboot project has taken on. We're doing this because we believe users deserve to have full control over their own computing, and the freedom to share with others," said Francis Rowe, founder of Minifree and lead maintainer of Libreboot.

To learn more about the Respects Your Freedom hardware certification, including details on the certification of the Libreboot T400, visit https://www.fsf.org/ryf. Hardware sellers interested in applying for certification can consult https://www.fsf.org/resources/hw/endorsement/criteria.

Subscribers to the FSF's Free Software Supporter newsletter will receive announcements about future Respects Your Freedom products.

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

More information about the FSF, as well as important information for journalists and publishers, is at https://www.fsf.org/press.

About Minifree and Libreboot

Minifree Ltd, trading as Ministry of Freedom (formerly trading as Gluglug), is a UK supplier shipping worldwide that sells GNU/Linux-libre computers with the Libreboot firmware and Trisquel GNU/Linux-libre operating system preinstalled.

Libreboot is a free BIOS/UEFI replacement, offering faster boot speeds, better security, and many advanced features compared to most proprietary boot firmware.

Media Contacts

Joshua Gay
Licensing & Compliance Manager
Free Software Foundation
+1 (617) 542 5942
licensing@fsf.org

Francis Rowe
Founder & CEO
Minifree Ltd
+44 1268 857 837
info@gluglug.org.uk

###

Categorías: Software Libre

2.8 project developer kickoff meeting notes

Blender - Dom, 11/01/2015 - 16:56

At the 2015 blender conference the attending developers sat down to discus things we as a group wanted the 2.8 project to be a software engineering perspective.  The things discussed below are intended to become effective with the 2.8 project and any changes in supported hardware will be kept as minimal as possible.

C++ 11 / C99

Blender is written in C, C++ and Python mainly. currently we use C++98, C89 and Python 3.4.

There is consensus to allow C++11 and C99 for the features that make sense and are supported by our current hosting compilers (Microsoft Visual Studio 2013 is the lowest common denominator here ).  This should let us write better code thanks to some stupid limitations being lifted but it will also need us to bump the platform requirements and in particular support for Mac OS X versions lower then 10.8 and Linux versions that ship with a glibc older then 2.14 would be dropped.

OpenGL

Currently blender uses OpenGL in a way that remains compatible with versions 1.4 of the standard. Over the last 20 years graphics hardware has evolved greatly and some of the concepts in accessing this hardware have also changes. In 2009 the OpenGL 3.2 standard was released that for the first time deprecated the old way of doing things. Today a lot of platforms even do not allow this old way of accessing the hardware and some disallow use of newer features when legacy calls are used (MacOS X is an example of this).

The developers universally agree that this will happen and is unavoidable. We also felt that this move away from immediate mode towards VBOs and GLSL will need to happen, regardless of the new viewport design. Antony Riakiotakis started this conversions, but there is a significant amount of work left, and it is unclear at this point how this is to be approached best.

This move will have some downsides, such as loss of hardware acceleration on early Intel i9xx cards. Any post-2008 Nvidia or AMD hardware should remain unaffected.

Scons

The Blender developers currently maintain 2 buildsystems (cmake and scons). Most of us use CMake, more than we use SCons, and collectively we feel that dropping one would free up a big enough amount of resources that the benefit would far outweigh the costs. There are buildsystem-specific bugs, it adds to difficulty of becoming a contributor, and the builds on both systems are currently inconsistent.

The remaining work lies mainly in supporting the linux release builds with cmake, and verifying the MacOS X release build against the scons version. Brecht and Martijn have volunteered to get this done.

Dropping Features

There are various opinions on what parts of Blender are broken, hard to maintain, or lack a future. Mentioned were the sequencer, game engine, openimage-io, constraints, particle system, and OpenCollada. The only one we could reach some kind of consensus on is OpenCollada: the library and integration make up for 1/3 of the binary size of Blender, and we currently only have Gaia to maintain it (who was not present at the meeting). We decided to seriously consider dropping it for 2.8.

The particle system and constraints may need a complete overhaul.

The sequencer and game engine are in serious danger of removal, if we cannot come up with a good solution during the 2.8 project.

OpenNL was also discussed and it seems most of the usages could also be covered by the Eigen library.

 

Finally, it is good to remember that this discussion is about what could be good for Blender and the Blender developers from a software engineering perspective, and what could make it easier for us to deliver a better Blender. We make Blender for artists first, and in that sense this list cannot and should not be interpreted as a complete representation of the 2.8 project.

 

 

Categorías: Diseño 3D

Library of Congress issues limited exemptions to DMCA anti-circumvention provisions but leaves users without full control over their own computing

FSF - Vie, 10/30/2015 - 22:15

The Digital Millennium Copyright Act (DMCA) contains provisions penalizing the circumvention of "technological protection measures". These measures are digital jails denying users access to the software and other digital works they possess, preventing them from examining or changing the software on their devices. While such measures are nominally meant to protect copyrighted works, in reality they function as unacceptable restrictions on computer user freedom. The Free Software Foundation (FSF) opposes such Digital Restrictions Management (DRM) systems. The FSF further opposes the DMCA's anti-circumvention provisions, and demands that Congress repeal those provisions. Other countries with similar laws should follow suit.

Every three years, the Library of Congress reviews proposals granting limited exemptions from the DMCA's broad ban on users controlling the software and data on devices encumbered with DRM. This flawed process is meant to lessen the DMCA's harm by giving user rights advocates an opportunity to request exemptions allowing circumvention in particular cases. Even when such petitions succeed, the resulting exemptions last only three years, meaning that advocates must repeatedly fight to retain the limited ground they won.

In the round that just concluded, the Free Software Foundation demanded that the Library of Congress grant every proposed exemption. In each comment, we explained the importance of free software; software that "users are free to study, share and improve," which enables users to enjoy the universal right of controlling their own computing. Users have the right to modify and access all software they possess, regardless of its purpose or on what device it runs. Since DRM requires proprietary software to take control of a user's computer away from her, it is fundamentally incompatible with a fully free world. Users cannot enjoy their rights so long as DRM cages them and the DMCA threatens them to stay in the cage. There should be no penalties for users controlling their own software or for sharing tools to help others do the same.

Before outlining the list of exemptions, the Library of Congress provides a clear warning (one that did not appear in previous exemption rulemaking documents) that the potential scope of its exemptions is limited by law. Specifically, it makes clear that under Section 1201, it cannot make it legal for a person to share her methods for circumventing some digital restriction technology, including "products and services that are used to circumvent technological measures that control access to copyrighted works (for example, a password needed to open a media file)," or "products and services used to circumvent technological measures that protect the exclusive rights of the copyright owner in their works (for example, technology that prevents the work from being reproduced)." (p. 5) It claims that the sharing of passwords and software is illegal trafficking and that it will take an act of Congress to change this. Even if the Library of Congress believes it cannot grant such exemptions, it does have the power to recommend that Congress to correct this fatal flaw.

Advocates did succeed in securing several important exemptions. The Software Freedom Conservancy successfully won back some rights for Smart TV owners. Although the exemption granted for Smart TVs is narrower than what was requested, it allows users to circumvent DRM for the sole purpose of enabling interoperability of programs on their Smart TVs. The Electronic Frontier Foundation was also victorious in several proposed exemptions. Users of tablets and multi-player video games run via servers, for example, now have exemptions protecting some of their uses. Many other users had their previously granted exemptions maintained, such as those related to cell phones. The FSF supported these exemptions because they carve out a little more space for user freedom. These victories are a testament to the dedication and hard work of advocates in the face of a difficult system. In other areas, however, change was even more limited.

For example, while the Library of Congress granted an exemption related to software on motor vehicles and farming equipment, it limited this exemption to only the owners of the vehicles. Thus, while users may circumvent DRM on their own vehicles, they may not ask third parties to do the work. For many users, not being able to have third parties access software for them is in practice just as bad as not being able to do it themselves, and denies them fundamental rights of association and expression. The exemption also does not extend to "computer programs primarily designed for the control of telematics or entertainment systems" (p. 43), therefore blocking installation of many legitimately useful free software programs.

Further, the Library of Congress limited the exemption in light of regulations unrelated to copyright . In its statement, it says "while from a copyright perspective proponents had made the case for an exemption, based on the record, the exemption needed to be carefully tailored". (p. 42) The Environmental Protection Agency (EPA) opposed any exemption for motor vehicles, attempting to shoehorn its own duties regarding emissions control into what is nominally an act related to copyright. This is despite the fact that the anti-circumvention provisions of the DMCA actually helped hide unlawful activity by Volkswagen in which they used proprietary software in order to trick EPA tests on emissions. If users and researchers had been permitted to access the software on their own vehicles, they may have discovered Volkswagen's fraud years earlier than the EPA did.

Interference from other government agencies, such as the Food and Drug Administration, is found throughout the statement on exemptions. These agencies are not tasked with enforcing copyright. Instead, they are trying to use the DMCA's penalties to control users regardless of whether any crime occurs. The government should not presume that all users are guilty of violating the law, and should not punish all users in its quest to enforce the law against the few who might break it. But using DRM to enforce the law does just that, as DRM blocks ethical and lawful activities. That government agencies are attempting to use the DMCA to punish and control users based on regulations wholly unrelated to copyright demonstrates that DRM has nothing to do with rights, and everything to do with restriction.

While users might feel relief in receiving some exemptions, we cannot endorse a process that leaves so many out in the cold. While we do celebrate our victories and those of our allies in this process, the very real danger is that these exemptions will be used to argue against us, on the grounds that such "safety valves" are enough to solve the problems with DRM or the DMCA's anti-circumvention provisions. They are not. The exemptions process allows users to partially control some of their devices and software, but robs them of the necessary tools and the help of third parties. This process further allows government agencies to co-opt a law nominally about copyright to implement restrictions wholly unrelated to that area of law. The FSF calls on Congress to end this broken process and repeal the anti-circumvention provisions of the DMCA.

Categorías: Software Libre

Debugging Python code with PyCharm

Blender - Mar, 10/27/2015 - 23:04

During the Ask a Developer session at the Blender Conference last weekend, there was a request for easy debugging of Python code. Fortunately, with PyCharm or Eclipse/PyDev, this is quite easy. Personally I use PyCharm, but the process should be pretty similar for Eclipse/PyDev. Besides Blender and your IDE, you need more two ingredients:

  1. The egg file from your IDE. For PyCharm, this file is called “pycharm-debug-py3k.egg” and you can find it in PyCharm’s “debug-eggs” directory. Make sure you get the one for Python 3. There is no need to do anything with the file, just note down its path. On my machine, it is “/home/sybren/pycharm/debug-eggs/pycharm-debug-py3k.egg”, but yours may be in “C:\Program Files\…”
  2. My addon remote_debugger.py from GitHub.

Update 1-Nov-2015: You need the Professional version of PyCharm for this to work. Fortunately, if you can show that you actively participate in an Open Source project, you can get a Pro license for free.

Step 1: Install and configure the addon

Once you’ve downloaded remote_debugger.py, install it in Blender. Open the User Preferences window, and hit the “Install from file…” button at the bottom.

Configuring the addon

In the addon preferences, point Blender to your “pycharm-debug-py3k.egg” file. On my Linux machine it’s at /home/sybren/pycharm/debug-eggs/pycharm-debug-py3k.egg. Since you’re a developer, I’ll assume that you know where you installed your IDE.

Step 2: Create the debug server configuration

PyCharm debugger configuration

In PyCharm, create a new Python Remote Debugger configuration: Run → Edit Configurations… → + → Python Remote Debug.

Make sure Local Host Name is set to “localhost” and Port to “1090”. You can use another port number if you want, but be sure to update the addon source code to reflect this.

Step 3: Start the debug server

Starting the debug server in PyCharm

Start the debug server from the Run/Debug dropdown. Don’t forget to click the little bug to actually start it.

Step 4: Connect Blender

Connecting the debugger from Blender

In Blender, hit space in the 3D viewport and search for “debugger”. Choose “Connect to remote Python debugger”. Once you do this, you will see that Blender freezes up. This is expected behaviour. Switch to PyCharm, and you’ll see that it has paused the execution of the addon just under the “pydevd.settrace(…)” call. Press the green “play” button (or press F9) to un-freeze Blender.

Step 5: Debug!

Now that everything is connected, you can debug your code like you’re used to. Set breakpoints, step through code, inspect variables, etc.

Some final words

The order in which things are set up are quite important. You only need to do steps 1-2 once, which is nice. Be sure to do steps 3 and 4 in that order, as it makes things a bit more predictable and works well.

Here are some additional links that may help with the remote debugging. You can always try to contact me (Sybren) on IRC in #blenderpython if you have questions.

Categorías: Diseño 3D

[20151001] - Core - SQL Injection

Joomla Security - Jue, 10/22/2015 - 21:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.2.0 through 3.4.4
  • Exploit type: SQL Injection
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Numbers: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858
Description

Inadequate filtering of request data leads to a SQL Injection vulnerability.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: Asaf Orpani of Trustwave and Netanel Rubin at PerimeterX
Categorías: Joomla

[20151002] - Core - ACL Violations

Joomla Security - Jue, 10/22/2015 - 21:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.2.0 through 3.4.4
  • Exploit type: ACL Violation
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Number: CVE-2015-7859
Description

Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: JSST
Categorías: Joomla

[20151003] - Core - ACL Violations

Joomla Security - Jue, 10/22/2015 - 21:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.0.0 through 3.4.4
  • Exploit type: ACL Violation
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Number: CVE-2015-7899
Description

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: JSST
Categorías: Joomla

[20151001] - Core - SQL Injection

Joomla Security - Jue, 10/22/2015 - 21:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.2.0 through 3.4.4
  • Exploit type: SQL Injection
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Numbers: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858
Description

Inadequate filtering of request data leads to a SQL Injection vulnerability.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: Asaf Orpani of Trustwave and Netanel Rubin at PerimeterX
Categorías: Joomla

[20151002] - Core - ACL Violations

Joomla Security - Jue, 10/22/2015 - 21:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.2.0 through 3.4.4
  • Exploit type: ACL Violation
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Number: CVE-2015-7859
Description

Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: JSST
Categorías: Joomla

[20151003] - Core - ACL Violations

Joomla Security - Jue, 10/22/2015 - 21:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.0.0 through 3.4.4
  • Exploit type: ACL Violation
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Number: CVE-2015-7899
Description

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: JSST
Categorías: Joomla

Páginas