Se comunicando com segurança na Internet

O Bloqueio do WhatsApp é bom momento pra gente pensar em segurança da informação.

Se tem um coisa que eu ficaria muito feliz se todas a pessoas entendessem é que a *internet não é um lugar seguro*. Uma analogia que a ajuda a entender: se comunicar online é como morar num quarto que não tem porta, as pessoas podem ir lá e ver qualquer coisa que você está fazendo em privado.

A alternativa ao WhatApp segura é o Signal. Feito por uma galera de fato compremetida com comunição segura. Tem app pra Android e iPhone. (IMPORTANTE: O telegram não é seguro, existem algumas preocupações sobre vulnerabilidades no protocolo de criptografia)

Pra navegar na internet a opção é o Mozilla Firefox, um navegador que não deixa nada a desejar em relação ao Chrome por exemplo.

Porém algumas extensões são necessárias pra de fato navegar com segurança. A Electronic Frontier Foundation (EFF) disponibiliza o HTTPS Everywhere ( e o Privacy Badger( Juntos, eles garantem que sua comunicação com sites que você usa normalmente é segura e livre de espionagem seja de corporações, governos ou criminosos.

Além disso o AdBlockPlus( é um adicional muito bom, bloqueando propagandas e trackers indesejados.

Todas essas ferramentas são software livre, isso significa que o código fonte desses software está disponível para consulta e contribuições de terceiros.

Do mesmo jeito que pensamos em segurança no dia-a-dia devemos pensar nela na internet. Você não deixa seu portão ou carro aberto pra que quiser entrar. Você não troca segredos com seu namorado(a) na frente de outras pressoas. Na internet é mesma coisa.

Quem quiser saber mais, ou trocar idéia disso, mande um alô.

Collabora contributions to Linux Kernel 4.3

Collabora developers contributed 48 patches to kernel 4.3 as part of our current projects.

Danilo worked on the kernel doc scripts to add  cross-reference links to html documentation and arguments documentation in struct body. While Sjoerd Simons fixed a clock definition in rockchip and a incorrect udelay usage for the stmmac phy reset delay.

Tomeu fixed gpiolib to defer probe if the pin controller isn’t available, added another fix to chipidea USB to defer probe of usbmisc hasn’t been probed yet. On Tegra Tomeu worked to support to gpio-ranges property. Still on Tegra cpuidle_state.enter_freeze() was added.

Gustavo Padovan did a lot of exynos DRM work, with the most important changes being improvements to atomic modesetting, including the asynchronous atomic commit in exynos, in async mode we just schedule the atomic update and return right away to the userspace, in a similar way that PageFlips works in the old API. In this release the exynos atomic modesetting interface was enabled for userspace usage. Another important set of patches was the removal of structs exynos_drm_display and exynos_drm_encoder layers which greatly improved the code making it cleaner and easier to use. Apart from that there is also a few cleanup and fixes.

Danilo Cesar Lemes de Paula (2):

Gustavo Padovan (36):

Javier Martinez Canillas (1):

Sjoerd Simons (2):

Tomeu Vizoso (7):

Bluetooth Changes for Linux 3.10

The 3.10 development cycle was kind busy, we managed to add more than 110 patches in mainline. Almost half of this work comes from Johan Hedberg and it includes the addition of the HCI request framework, an infrastructure to handle HCI commands asynchronously, it is especially useful for situations where the HCI Core needs to send a number of commands at once. A optional callback will return when all commands are completed. We were able to fix many issues with the request framework. Fixes were also provided by Andre Guedes.

Another important work that got merged was the HIDP session management rewrite by David Herrmann. The old code was suffering a lot with ref-counting issues and bad tracking of instantiated structs. This work improve this, and also adds better ref-counting handling in other parts of the stack (HCI and L2CAP).

Dean Jenkins did a similar work for the RFCOMM subsystem, so now is more reliable and track objects properly. Marcel Holtmann added a better handling for devices that need special vendor commands in their init procedure.  Other than that we got a couple of device ID added, many bugfixes clean up and small improvements all over the stack.


GNOME 3 gets to know BlueZ 5!

I n the past two months I’ve been busy porting GNOME 3 to use the new BlueZ major version, BlueZ 5. I did this work along with Emilio Pozuelo Monfort – a colleague of me at Collabora.

We managed to rewrite a good part of the Bluetooth support in GNOME, most of this provided by the gnome-bluetooth component. During the port we also managed to do a major cleanup on it, mainly because the new BlueZ 5 API is a way more simple than the old one. The UI stayed basically the same, with some small improvements here and there, as an example, now the bluetooth-wizard only shows the valid Passkey/PIN options so the user don’t end with a pairing failure for choosing an invalid one.

The replacement of obex-data-server with Obexd in gnome-user-share was also in the roadmap, however due to the lack of some features in Obexd, mainly the ability to enable/disable the Server side of Object Push Profile(OPP) and File Transfer Profile(FTP). In GNOME a user can disable Bluetooth sharing or if a fast-switching happens the Servers needs to be stopped. The initial patches to support Obexd are working perfectly fine, but are still pending in the GNOME Bugzilla waiting for the missing features to land in the BlueZ repository,  Once this happens the gnome-user-share patches should be reworked and then pushed upstream.

All the code already upstreamed will be part of the upcoming GNOME 3.10 release in a few months. While this does not happen you can go to and fetch all the fresh new code, play with it, and give feedback back to us. :)

Despite the fact the port is complete, there is still room for a number of UX improvements in the Bluetooth bits of GNOME. Changes to the UX should happen in the near future, so stay tuned for more announcements, or join the loop to help this happen.

I would like to thank Bastien Nocera – gnome-bluetooth maintainer – for all his help during the development and the BlueZ developers for joining discussions on how to improve BlueZ APIs to cover the use cases the arose during the last two months.

Bluetooth Changes for Linux 3.9

The 3.9 cycle in the Bluetooth subsystem was a way more calm than the previous ones. 49 non-merge patches were pushed upstream through bluetooth-next this time. The bulk of changes for this release comes from Johan Hedberg. Along with many fixes to the HCI Management code he also added support for 32 and 128 its UUID in the EIR data.

Other than that we only have fixes and clean ups from Andre Guedes, Andrei Emeltchenko, Gustavo Padovan, Rami Rosen and Szymon Janc.

One can always see all Bluetooth commits in the 3.9 with the following command line:

git shortlog –no-merges v3.8..v3.9-rc1 — net/bluetooth/ include/net/bluetooth/ drivers/bluetooth/

The 3.10 release is going to be a busy release for Bluetooth subsystem,so stay tuned!

The big changes of BlueZ 5

The BlueZ project recently made a new major release, BlueZ version 5. This release brings tons of new features and improvements, however it is also accompanied by a significant  API change that makes it non-backwards compatible. BlueZ has changed to use the standard D-Bus Properties and Object Manager infrastructure, simplifying the handling of D-Bus interfaces and notifications. In addition to matching to D-Bus standards, the API of some of our interfaces also had to change, either to support new features and use cases or to optimize the API usage.

Another sensible change is related to the kernel requirements of BlueZ 5.0. BlueZ developers have recently added the Bluetooth Management (MGMT) Interface to the Linux Kernel, which significantly improves the Bluetooth experience on Linux. Among other things, you now get fine control of the HCI commands and events we send and receive to/from the Bluetooth device. In the past, this control was split between userspace and the kernel, creating synchronization problems. Now, it is handled solely by the MGMT interface in an internal queue inside the kernel. This change makes the bluetoothd daemon wake up a lot less often, saving more CPU and power for your system. A nice side-effect of those changes is that we could also get rid of blocking operations in the bluetoothd daemon when talking with Bluetooth devices.

As the MGMT interface is the only one to support the new Bluetooth Low Energy devices, BlueZ developers decided to drop support for the old interface once MGMT was completed. As a result, you need to be running Linux Kernel 3.4 or newer to use BlueZ 5.

While BlueZ developers felt the API change was necessary for this new BlueZ release, they understand that API breaks are painful for everyone. Therefore, in BlueZ 5 they introduced the notion of API versioning. For example, let’s say that today BlueZ supports “org.bluez.Device1” and “org.bluez.AgentManager1” interfaces, among others. The “1“ would refer to version 1 of the API. If for some reason we need to upgrade the Device API a new interface, “org.bluez.Device2”, could be created while still supporting the “org.bluez.Device1” interface. The two interfaces will therefore be supported simultaneously, giving you time to port your software to the new API instead of seeing things breaking overnight.

To help you with the migration to BlueZ 5, we released an extensive guide introducing the new APIs.

If you need help to bring your product to the future of Bluetooth on Linux, Collabora is available to assist you with your adoption of BlueZ 5. We can also help you on any commercial support, development or training around BlueZ, come talk to us.

Bluetooth Changes for Linux 3.8

165 Bluetooth commits are present in the latest release of the Linux Kernel, the 3.8 one. The majority of the commits were related to the Bluetooth High Speed feature, they are from Andrei Emeltchenko and Mat Martineau, most of the
code needed for the High Speed is now in mainline, however this feature is still disabled and considered as experimental.

Another important set of patches is from Johan Hedberg to enable support for Low Energy single mode Bluetooth radios. Those are now well supported by the Linux Kernel.

A new printk modifier, %pMR, was introduced to help print Bluetooth devices addresses, which are stored in the little endian order. The modifier was actually introduced in 3.7, however we could only make the changes in the Bluetooth subsystem for 3.8. Then we were able to remove the old and racy batostr() function from the subsystem. This was work of Andrei Emeltchenko.

Also, the ongoing work of split the L2CAP code into the Core an Socket parts gained a few more improvements by Gustavo Padovan. More work is expected to come in the next releases.

The SCO socket interface gained support for the Defer Setup feature, which is already present in the L2CAP and RFCOMM sockets interface. Defer Setup allows the kernel to ask the userspace if it wants to accept an incoming connection or not. Sometimes we don’t even want connections to be established, so stopping them at the CONNECTING state is of great help.

Apart from that we added support for 5 new Bluetooth devices that do not report themselves correctly as Bluetooth devices or need some firmware to be loaded. And as usual we had a lot of small changes, comprehending fixes, clean ups and small improvements.

BlueZ on GSoC: Accepted students announced

Yesterday Google released the accepted students for this year’s Google Summer of Code and BlueZ will be participating with 4 students:

Project: Bluetooth Replayer
Student: Anton Weber
Mentor: Anderson Lizardo

Project: OBEX Filesystem In Userspace
Student: Michał Poczwardowski
Mentor: Vinicius Gomes

Project: Implement AVRCP 1.3 Controller Role
Student: Rafael Fonseca
Mentor: Luiz Augusto von Dentz

Project: Visualization of Bluetooth traffic
Student: Thiago da Silva Arruda
Mentor: Gustavo Padovan

It is now community bonding time, where students get know their mentors and the community. We wish a great summer to all students.  :-)


I’m joining Collabora

After more than 3 years working at ProFUSION embedded systems I decided it was time to a move: Today is my first day (of many) at Collabora Ltd. :-)

I would like to take the opportunity to thank people at ProFUSION for the time I’ve working there. Those were good times.

And for the Collaborans: I hope we will rock a lot together. I’ll keep updating this blog with posts about my work at Collabora.

See you around. ;-)

BlueZ on Google Summer of Code 2012

BlueZ was accepted to take part in GSoC 2012, if you don’t know what GSoC is, please go  to its page and learn about.

We have already published our list of ideas, so if you are a student  take a look there and check what might interest you. Then you can talk to one of our mentors to learn more about and work on a GSoC proposal.
You can get more information about BlueZ on GsoChere. Our contact info is on the same page.

We hope to have a great summer in this year’s Google Summer of Code.