Mozilla has announceda significant set of changes for authors of Firefox add-ons. These includea new API (and the deprecation of XUL and XPCOM), a process-basedsandboxing mechanism, mandatory signing of extensions, and more."For our add-on development community, these changes will bringbenefits, like greater cross-browser add-on compatibility, but will alsorequire redevelopment of a number of existing add-ons. We’re making a biginvestment by expanding the team of engineers, add-on reviewers, andevangelists who work on add-ons and support the community that developsthem. They will work with the community to improve and finalize theWebExtensions API, and will help developers of unsupported add-ons make thetransition to newer APIs and multi-process support."
Kent Overstreet, author of the bcacheblock caching layer, has announced that bcachehas metamorphosed into a fully featured copy-on-write filesystem."Well, years ago (going back to when I was still at Google), I andthe other people working on bcache realized that what we were working onwas, almost by accident, a good chunk of the functionality of a full blownfilesystem - and there was a really clean and elegant design to be hadthere if we took it and ran with it. And a fast one - the main goal ofbcachefs to match ext4 and xfs on performance and reliability, but with thefeatures of btrfs/zfs."
Fedora has updated pure-ftpd(F21: denial of service).Red Hat has updated openshift(RHOSE3: privilege escalation).SUSE has updated xen (SLE11SP1: two vulnerabilities).Ubuntu has updated subversion(15.04, 14.04, 12.04: multiple vulnerabilities) and firefox (15.04, 14.04, 12.04: regression inprevious update).
The GNU C Library (glibc) is a famously conservative project. In the past,that conservatism created a situation where there is no way to directlycall a number of Linux system calls from a glibc-using program. As glibchas relaxed a bit in recent years, its developers have started toreconsider adding wrapper functions for previously inaccessible systemcalls. But, as the discussion shows, adding these wrappers is still not asstraightforward as one might think.
Debian has updated conntrack (denial of service), openjdk-6 (multiple vulnerabilities), vlc (code execution), and zendframework (XML External Entity attack).Debian-LTS has updated conntrack (denial of service).Fedora has updated mariadb (F22:multiple vulnerabilities).Red Hat has updated mariadb55-mariadb (RHSCL2: multiplevulnerabilities) and rh-mariadb100-mariadb(RHSCL2: multiple vulnerabilities).SUSE has updated kvm (SLE11SP1: code execution).
Version 0.8 of the rkt container specification has been released. The changelog notes that this version adds support for running under the LKVM hypervisor and adds experimental support for user namespaces. Other features include improved integration with systemd and additional functional tests. An accompanying blog post goes into further detail for many of these new features.
CentOS has updated pam (C6; C7: denial of service).Debian has updated python-django (multiple vulnerabilities).Debian-LTS has updated wordpress (multiple vulnerabilities).Fedora has updated audit (F21; F22: unsafe escape-sequence handling), icecast (F21; F22: denial of service), kernel (F21; F22: information leak), openssh (F22: multiple vulnerabilities), rubygem-rack (F22: denial of service), rubygems (F21: DNS hijacking), strongswan (F21; F22: multiple vulnerabilities), and xfsprogs (F21: information leak).Oracle has updated pam (O6; O7: denial of service).Red Hat has updated kernel (RHEL6: privilege escalation) and pam (RHEL6, 7: denial of service).Scientific Linux has updated pam (SL6, 7: denial of service).Ubuntu has updated python-django (12.04, 14.04, 15.04: multiple vulnerabilities) and openssh (12.04, 14.04, 15.04: upstream regression resulting in denial of service).
On his blog, Clint Ruoho reports on multiple vulnerabilities he found in the Pocket service that saves articles and other web content for reading later on a variety of devices. Pocket integration has been controversially added to Firefox recently, which is what drew his attention to the service. "The full output from server-status then was synced to my Android, and was visible when I switched from web to article view. Apache’s mod_status can provide a great deal of useful information, such as internal source and destination IP address, parameters of URLs currently being requested, and query parameters. For Pocket’s app, the URLs being requested include URLs being viewed by users of the Pocket application, as some of these requests are done as HTTP GETs.These details can be omitted by disabling ExtendedStatus in Apache. Most of Pocket’s backend servers had ExtendedStatus disabled, however it remained enabled on a small subset, which would provide meaningful information to attackers." He was able to get more information, such as the contents of /etc/passwd on Pocket's Amazon EC2 servers.(Thanks to Scott Bronson and Pete Flugstad.)
CentOS has updated glibc (C5:code execution from 2013), mysql55-mysql(C5: multiple unspecified vulnerabilities, one from 2014), net-snmp(C7; C6:code execution), sqlite (C6: codeexecution), sqlite (C7: threevulnerabilities), and subversion (C6: threevulnerabilities).Debian has updated apache2 (twovulnerabilities), gdk-pixbuf (codeexecution), and nss (two vulnerabilities).Debian-LTS has updated libstruts1.2-java (unclear vulnerability from 2014).Fedora has updated erlang (F22; F21:man-in-the-middle vulnerability), firefox(F22: many vulnerabilities), flac (F21: twovulnerabilities from 2014), gnutls (F21:code execution), golang (F22; F21: HTTP request smuggling),nagios-plugins (F22; F21: three vulnerabilities), qemu (F22: two vulnerabilities), uwsgi(F22; F21:denial of service), and webkitgtk4 (F22:three unspecified vulnerabilities).Mageia has updated kdepim (M4: noattachment encryption from 2014).openSUSE has updated subversion(two vulnerabilities) and virtualbox (two vulnerabilities).Oracle has updated glibc (OL5:code execution from 2013), mysql55-mysql(OL5: multiple unspecified vulnerabilities, one from 2014), net-snmp(OL7; OL6:code execution), sqlite (OL7: threevulnerabilities), sqlite (OL6: codeexecution), and subversion (OL6: three vulnerabilities).Red Hat has updated net-snmp(RHEL6&7: code execution).Scientific Linux has updated glibc (SL5: code execution from 2013), mysql55-mysql (SL5: multiple unspecifiedvulnerabilities, one from 2014), net-snmp(SL6&7: code execution), sqlite (SL6:code execution), and subversion (SL6: threevulnerabilities).Ubuntu has updated kernel (12.04:three vulnerabilities), kernel (15.04; 14.04: denial of service), linux-lts-trusty (12.04: denial of service),linux-lts-utopic (14.04: denial ofservice), linux-lts-vivid (14.04: denial ofservice), linux-ti-omap4 (12.04: threevulnerabilities), and net-snmp (twovulnerabilities, one from 2014).
As of this writing, the 4.2-rc7 prepatch isout and the final 4.2 kernel looks to be (probably) on-track to be released on August 23.Tradition says that it's time for a look at the development statistics for this cycle. 4.2, ina couple of ways, looks a bit different from recent cycles, with some olderpatterns reasserting themselves.Click below (subscribers only) for the full article.
Christian Schaller has posted anopen letter to the Apache Software Foundation with a non-trivialrequest: "So dear Apache developers, for the sake of open source andfree software, please recommend people to go and download LibreOffice, thefree office suite that is being actively maintained and developed and whichhas the best chance of giving them a great experience using freesoftware. OpenOffice is an important part of open source history, but thatis also what it is at this point in time."In this context, it's interesting to note that OpenOffice project chair JanIverson recently stepped down, listingresistance to an effort to cooperate with LibreOffice as one of the mainreasons. The project currently looks set to name Dennis Hamilton (who isrunning unopposed) as itsnew chair.
The Linux Foundation has announcedthe launch of the OpenMainframe Project. "In just the last few years, demand formainframe capabilities have drastically increased due to Big Data, mobileprocessing, cloud computing and virtualization. Linux excels in all theseareas, often being recognized as the operating system of the cloud and foradvancing the most complex technologies across data, mobile and virtualizedenvironments. Linux on the mainframe today has reached a critical mass suchthat vendors, users and academia need a neutral forum to work together toadvance Linux tools and technologies and increase enterpriseinnovation."
Greg Kroah-Hartman has announced the release of the 4.1.6, 3.14.51, and 3.10.87. As usual, there are important fixesthroughout the tree and users of those kernel series should upgrade.
Arch Linux has updated glibc(denial of service from 2014).Debian-LTS has updated libidn(information disclosure) and subversion (information disclosure).Fedora has updated bzr (F22; F21:denial of service from 2013), firefox (F21:multiple vulnerabilities), and flac (F22: two vulnerabilities).Gentoo has updated adobe-flash(multiple vulnerabilities), icecast (denialof service), and libgadu (threevulnerabilities from 2013 and 2014).openSUSE has updated firefox (13.2; 13.1:multiple vulnerabilities) and flash-player (13.2; 13.1: many vulnerabilities).Oracle has updated kernel 3.8.13 (OL7; OL6: tworemote denial of service flaws), kernel 2.6.39 (OL6; OL5: tworemote denial of service flaws), and kernel 2.6.32 (OL6; OL5: tworemote denial of service flaws).Red Hat has updated glibc (RHEL5:code execution from 2013), mysql55-mysql (RHEL5; RHSC2:multiple unspecified vulnerabilities, one from 2014), rh-mysql56-mysql (RHSC2: multiple unspecifiedvulnerabilities), sqlite (RHEL6:code execution), sqlite (RHEL7: three vulnerabilities), and subversion (RHEL6: three vulnerabilities).Scientific Linux has updated sqlite (SL7: three vulnerabilities).Slackware has updated firefox(multiple vulnerabilities) and thunderbird(multiple vulnerabilities).Ubuntu has updated openssh(15.04, 14.04, 12.04: two vulnerabilities) and pollinate (15.04, 14.04: certificate update).
Linus has released the 4.2-rc7 prepatch,but he's still not sure about whether it will be the last for thisdevelopment cycle. "So this may be the last RC, and it might notbe. It will depend on whether anything more comes up next week, and howgood I feel about things come next Sunday. A part of me is convinced thatall the odd 32-bit compat issues etc fallout is finally fixed, but a partof me is still a bit leery."
Version 2.22 of the GNU C Library is out. The biggest user-visible changesare an update to Unicode 7.0.0 and the addition of a vectorized mathlibrary for the x86_64 architecture. Beyond that, of course, there isa pile of bug fixes, a few of which address security-related problems.
It would seem that reports of the demise of the Stagefright Android vulnerability may be rather premature. Exodus Intelligence is reporting that at least one of the fixes for integer overflow did not actually fully fix the problem, so MPEG4 files can still crash Android and potentially allow code execution. "Around July 31st, Exodus Intelligence security researcher Jordan Gruskovnjak noticed that there seemed to be a severe problem with the proposed patch. As the code was not yet shipped to Android devices, we had no ability to verify this authoritatively.In the following week, hackers converged in Las Vegas for the annual Black Hat conference during which the Stagefright vulnerability received much attention, both during the talk and at the various parties and events.After the festivities concluded and the supposedly patched firmware was released to the public, Jordan proceeded to investigate whether his assumptions regarding its fallibility were well founded. They were."
Arch Linux has updated freeradius(certificate verification botch) and subversion (two vulnerabilities).CentOS has updated kernel (C6:two remote denial of service flaws).Fedora has updated gnutls (F22:denial of service), nbd (F22; F21: denial of service), pcre (F22: code execution), andwordpress (F22; F21: multiple vulnerabilities).Mageia has updated gdk-pixbuf2.0(M5: code execution) and owncloud (three vulnerabilities).openSUSE has updated glibc (13.1:denial of service from 2014) and kernel(13.2: multiple vulnerabilities, some from 2014).Oracle has updated kernel (OL6:two remote denial of service flaws).Red Hat has updated kernel(RHEL6: two remote denial of service flaws).Scientific Linux has updated kernel (SL6: two remote denial of service flaws).SUSE has updated firefox(SLE11SP4, SP3: information leak).
Fedora Magazine reports on Fedora project leader Matthew Miller's keynote at Flock, which is the Fedora contributor conference. He outlined the state of the distribution using some graphs and statistics and said "we’re doing very well as a project and it’s thanks to all of you". The use of Internet Relay Chat (IRC) by the project was another topic: "Fedorans do like to work together. Last year there were 1,066 IRC meetings (official meetings, not just being in IRC talking), and 765 IRC meetings in 2015 alone. 'This shows how vibrant we are, but also is buried in IRC. There’s a lot of Fedora activity you don’t see on the Fedora Web site… I want to look at ways to make that more visible,' says Miller.There are efforts to make the activity more visible, says Miller. 'If I want to interact with the project, is somebody there? Yes, but we have millions of dead pages on the wiki… we need to make this more visible.'IRC is 'definitely a measure of engagement' but it’s also a high barrier of entry, says Miller. 'Wow that’s complicated. Wow, that’s still around?' is a common response from new contributors to IRC. The technology, and 'culture' can be confusing."
Debian has updated request-tracker4 (cross-site scripting).Red Hat has updated flash-plugin(RHEL5&6: many vulnerabilities).SUSE has updated firefox (SLE12:information leak), java-1_7_0-ibm(SLE11SP3, SP2: many vulnerabilities), and kernel-rt (SLE11SP3: many vulnerabilities,including some from 2014).
One of the oft-recurring topics at GUADEC 2015 wasthe xdg-app application-packaging system currently being developed.Xdg-app's lead developer Alexander Larsson gave a presentation on itscurrent status on the first day, and it featured prominently inChristian Hergert's keynote about reaching new developers as well as inBastien Nocera's talk about hardware enablement. Perhaps the mostpractical discussion of the subject, however, came in StephanBergmann's talk about his recent attempts to bundle LibreOffice intoan xdg-app package.
Arch Linux has updated firefox (multiple vulnerabilities).CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).Debian has updated gnutls28 (denial of service), iceweasel (multiple vulnerabilities), and wordpress (multiple vulnerabilities).Fedora has updated devscripts (F22; F21: twovulnerabilities), kernel (F22; F21: information leak), pure-ftpd (F22: denial of service), xen(F22; F21:code execution), and xfsprogs (F22:information disclosure from 2012).Mageia has updated firefox(MG4,5: multiple vulnerabilities), flash-player-plugin (MG4,5: multiplevulnerabilities), and qemu (MG4,5: multiple vulnerabilities).openSUSE has updated gnutls(13.2, 13.1: denial of service).Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities).Red Hat has updated firefox(RHEL5,6,7: multiple vulnerabilities) and kernel (RHEL6.5: use-after-free flaw).Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities).SUSE has updated flash-player (SLE12; SLED11SP4,SP3: multiple vulnerabilities).Ubuntu has updated firefox(15.04, 14.04, 12.04: multiple vulnerabilities) and ubufox (15.04, 14.04, 12.04: multiple vulnerabilities).
The 1.8release of the Docker container system is out, with a number of newfeatures. "Docker Content Trust is a new feature in Docker Engine1.8 that makes it possible to verify the publisher of Docker images. When apublisher pushes an image to a remote registry, Docker signs the image witha private key. When you later pull this image, Docker uses the publisher’spublic key to verify that the image you are about to run is exactly whatthe publisher created, has not been tampered with, and is up todate."
Cisco, it seems, is unhappy with the patent mess around video codecs, so ithas launcheda project called "Thor" to make one that can be freely distributed."The effort is being staffed by some of the world’s most foremostcodec experts, including the legendary Gisle Bjøntegaard and ArildFuldseth, both of whom have been heavy contributors to prior videocodecs. We also hired patent lawyers and consultants familiar with thistechnology area. We created a new codec development process which wouldallow us to work through the long list of patents in this space, andcontinually evolve our codec to work around or avoid those patents."
Mozilla has released Firefox 40. There are several new features listed inthe release notes suchas; improved scrolling, graphics, and video playback performance with offmain thread compositing, added protection against unwanted softwaredownloads, a new style for add-on manager based on the in-contentpreferences style, and an improved graphic blocklist mechanism.
Kali Linux is a Debian-based distribution oriented toward penetrationtesting and related tasks; the 2.0release is now available. "There’s a new 4.0 kernel, now based onDebian Jessie, improved hardware and wireless driver coverage, support fora variety of Desktop Environments (gnome, kde, xfce, mate, e17, lxde,i3wm), updated desktop environment and tools – and the list goes on. Butthese bulletpoint items are essentially a side effect of the real changesthat have taken place in our development backend. Ready to hear the realnews? Take a deep breath, it’s a long list." At the top of thatlist is that Kali is now a rolling distribution.
Arch Linux has updated ppp (denial of service).Debian has updated subversion (two vulnerabilities).Debian-LTS has updated opensaml2 (denial of service).Fedora has updated elasticsearch(F22: multiple vulnerabilities), lxc (F22; F21: twovulnerabilities), and rubygems (F22: DNS hijacking).
The OpenSSH 7.0 release is out. It fixes a number of problems and adds afew new configuration features, but the main focus of 7.0 is taking thingsout: "This focus of this release is primarily to deprecate weak, legacyand/or unsafe cryptography." More old crypto is slated for removalin 7.1; see the announcement for the list.
Ubuntu has announcedthe release of the file-synchronization code behind its "Ubuntu One"service. The release is about as "over-the-wall" as it gets, though:"Will you take patches? In general, no. We won’t have anybodyassigned to reviewing and accepting code. We’d encourage interestedmaintainers to fork the code and build out a community around it."
CentOS has updated firefox (C7; C6; C5: information leak).Debian has updated activemq(denial of service) and opensaml2 (problemwith previous update).Debian-LTS has updated xmltooling (denial of service).Fedora has updated community-mysql (F22; F21: unspecified vulnerabilities) and firefox (F22; F21: information leak).Mageia has updated cacti (MG4,5:multiple vulnerabilities), firefox (MG4,5:information leak), ghostscript (MG4,5:buffer overflow), libunwind (MG4,5: bufferoverflow), lxc (MG5: two vulnerabilities),and wordpress (MG4: multiple vulnerabilities).Oracle has updated firefox (OL7; OL6; OL5: information leak).Red Hat has updated firefox(RHEL5,6,7: information leak).Scientific Linux has updated firefox (SL5,6,7: information leak).Slackware has updated firefox(information leak) and nss (information leak).
The 4.2-rc6 kernel prepatch is out. Linussays: "So last week I wasn't very happy about the state of the releasecandidates, but things are looking up. Not only is rc6 finallyshrinking noticeably, the issues I was worried about had fixes come inearly in the week, and so I don't have anything big pending. Assumingnothing new comes up, I suspect we will end up with the regularrelease schedule after all (ie in two weeks). Knock wood."
The third update to the 14.04 Long Term Support release is available forDesktop, Server, Cloud, and Core products, as well as other flavors ofUbuntu with long-term support. "We have expanded our hardwareenablement offering since 12.04, and with 14.04.3, this point release contains an updated kernel and X stack fornew installations to support new hardware across all our supportedarchitectures, not just x86."
Firefox 39.0.3 has been released. According to the releasenotes there are various security fixes. This does include a fix forthe recently report active exploit.
CentOS Linux 6.7 has been released for x86 and x86_64. "There aremany fundamental changes in this release, compared with the past CentOSLinux 6 releases, and we highly recommend everyone study the upstreamRelease Notes as well as the upstream Technical Notes about the changes andhow they might impact your installation. (See the 'Further Reading' sectionof the CentOS release notes."
The Electronic Frontier Foundation has announcedthe 1.0 release of the Privacy Badger browser extension. "As youbrowse the Web, Privacy Badger looks at any third party domains that areloaded on a given site and determines whether or not they appear to betracking you (e.g. by setting cookies that could be used for tracking, orfingerprinting your browser). If the same third party domain appears to betracking you on three or more different websites, Privacy Badger willconclude that the third party domain is a tracker and block futureconnections to it." The extension is distributed under GPLv3; seethis page for moreinformation.
Mozilla has posted awarning about a Firefox vulnerability that is currently being activelyexploited on the net. "The vulnerability comes from the interactionof the mechanism that enforces JavaScript context separation (the 'sameorigin policy') and Firefox’s PDF Viewer. Mozilla products that don’tcontain the PDF Viewer, such as Firefox for Android, are notvulnerable. The vulnerability does not enable the execution of arbitrarycode but the exploit was able to inject a JavaScript payload into the localfile context. This allowed it to search for and upload potentiallysensitive local files." There is asecurity update for the problem.
On his blog, Peter Grasch considers the future for the Simon speech-recognition system for KDE. He is passing the torch and will no longer be actively participating in the project, but he spent some time passing on his knowledge and some thoughts on where things might go from here. In addition, he built a working prototype of a speech-based command and control system for the Plasma desktop called Lera. "If anything, Lera is a starting point. The next steps would be to move Simon’s “eventsimulation†library into a separate framework, to be shared between Lera and Simon. Lera could then use this to type out the recognition results (see Simon’s Dictation plugin). Then, I would suggest porting a simplified notion of “Scenarios†to Lera, which should only really contain a set of commands, and maybe context information (vocabulary and “grammar†can be synthesized automatically from the command triggers). The implementation of training (acoustic model adaption) would then complete a very sensible, very usable version 1.0."
The ownCloud blog has a post about federated file sharing between ownCloud instances in ownCloud 8.1, but it also looks at the wider view of federation between various kinds of cloud servers. ownCloud founder Frank Karlitschek has a series of posts (It is Time to Federate Our Clouds, The Next Generation File Sync and Share Technology, and The Federated Architecture of Next Generation File Sync and Share) on federation technology and has also proposed a cross-cloud-platform federation API:"In addition, today Frank proposed a draft of a Federated Cloud Sharing API to the Open Cloud Mesh working group with the goal of jump-starting a discussion about what is needed to enable federation between different file sharing implementations. Sharing among ownClouds is great, but the true power of a federated file cloud is available when you can share among different implementations seamlessly, because you all speak the same common language. This is the goal of the Open Cloud Mesh working group (of which ownCloud is a member as well), and outside of that, drafts have been shared with a number of well known standards organizations around web technologies and fellow open source file share and sync projects to get the work started."
CentOS has updated kernel (C7: multiple vulnerabilities, one from 2014).Fedora has updated kernel (F22:three vulnerabilities).openSUSE has updated ghostscript(13.2, 13.1: code execution) and php5(13.2, 13.1: two vulnerabilities).Red Hat has updated kernel(RHEL7: multiple vulnerabilities, one from 2014) and kernel-rt (RHEL7; RHEL6: multiple vulnerabilities, one from 2014).Scientific Linux has updated kernel (SL7: multiple vulnerabilities, one from 2014).SUSE has updated oracle-update(Manager 2.1: multiple vulnerabilities).Ubuntu has updated cinder (15.04:arbitrary file reads), python-keystoneclient,python-keystonemiddleware (15.04, 14.04: two vulnerabilities, one from2014), and swift (15.04, 14.04, 12,04: twovulnerabilities, one from 2014).
PostgreSQL 9.5 Alpha 2 is due to be released on August 6. Not onlydoes the new version support UPSERT, more JSON functionality, and other newfeatures we looked at back in July, it alsohas some major enhancements for "big data" workloads. Among these arefaster sorts, TABLESAMPLE, GROUPING SETS andCUBE, BRIN indexes, and Foreign Data Wrapper improvements. Takentogether, these features strengthen arguments for using PostgreSQL for datawarehouses, and enable users to continue using it with bigger databases.
Debian has updated wordpress(regression in previous update).Debian-LTS has updated ia32-libs (multiple vulnerabilities).Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiplevulnerabilities) and node.js (RHOSE2.1; RHOSE2.0: man-in-the-middle attack).SUSE has updated java-1_6_0-ibm(SLEM12: multiple vulnerabilities).Ubuntu has updated oxide-qt(15.04, 14.04: multiple vulnerabilities).
You might be surprised to learn that starting with Linux 2.6.31 (in 2009)it has been rather easy to crash the Linux kernel.This date marks the introduction of theperf_event subsystem.It is likely that perf_event is not any more prone to errors thanany other large kernel subsystem, but it has the distinction ofbeing subjected to intense testing from theperf_fuzzer tool, which methodically probes the interface for bugs.Click below (subscribers only) for the full article from perf_fuzzer authorVince Weaver.
The LibreOffice 5.0 release is out. "LibreOffice 5.0 sports a significantly improved user interface, with abetter management of the screen space and a cleaner look. In addition,it offers better interoperability with office suites such as MicrosoftOffice and Apple iWork, thanks to new and improved filters to handle nonstandard formats." See thispost from Michael Meeks for a detailed description of the work that wentinto this release.
The Electronic Frontier Foundation (EFF), privacy company Disconnect and acoalition of Internet companies have announced a stronger “Do Not Track†(DNT) setting for Web browsing—"a new policy standard that, coupled with privacy software, will better protect users from sites that try to secretly follow and record their Internet activity, and incentivize advertisers and data collection companies to respect a user’s choice not to be tracked online."
The Ada Initiative has announced that it is shutting down in mid-October. In the four years since it was founded, the organization has accomplished a lot to help create a less hostile environment for women in open technology and open culture. "We are proud of what we accomplished with the support of many thousands of volunteers, sponsors, and donors, and we expect all of our programs to continue on in some form without the Ada Initiative." Essentially, the organization found it hard to find others with the same "experiences, skills, strengths and passions" as co-founders Valerie Aurora and Mary Gardiner when they wanted to change roles within the initiative. "The Ada Initiative will shut down in approximately mid-October after using our remaining funds to complete our current obligations and do the tasks necessary to shut down the organization properly. We have several Ally Skills Workshops booked or in the process of being booked during our remaining months of operation. (We will not be booking additional Ally Skills Workshops through the Ada Initiative, but we will refer clients to other people who are teaching the Ally Skills Workshop.) We will teach Impostor Syndrome training classes in Sydney and Oakland in August, and release the materials under the Creative Commons Attribution Sharealike license. We will do the work to keep the Ada Initiative's web content online and available after the Ada Initiative shuts down."
LWN.net