I still have a sales trophy from 16 years ago. My daughter was born 3 months before and I was still trying to get back on my feet after the “Internet bubble burst” from 2 years prior got me a ‘RIF package’ from IBM.
[...]
I haven’t ‘worked’ in over a year, but that doesn’t mean that we are not moving forward. Managing a team of 12 of the smartest, brightest and most awesome consultants in all of Open Source and the IT universe, I am involved in multiple projects. Projects that will affect how SUSE goes into the future and people are listening.
NPM’s CEO Bryan Bogensberger resigns, Google’s new Play Pass subscription service and their Kotlin bootcamp are announced.
Plus some noteworthy updates for ulauncher and ReactOS.
On this episode of This Week in Linux, we have probably the most controversial episodes we have ever done for this show but before we get to all of that, we’re going to cover some exciting news like a new version of OBS Studio with release of OBS 24.
Released by Linus Torvalds on September 15th, Linux kernel 5.3 is the latest and most advanced kernel series for Linux-based operating systems and introduces support for the Intel Speed Select feature to make power tuning much easier on some Xeon servers, as well as support for AMD Radeon Navi GPUs in the AMDGPU driver.
It also adds support for Zhaoxin x86 CPUs, support for utilizing the clamping mechanism in power-asymmetric processors, support for the umwait x86 instructions for more power efficient userspace, support for 16 millions new IPv4 addresses in the 0.0.0.0/8 range, and support for the lightweight and flexible ACRN embedded hypervisor.
Traditionally with the Linux graphics drivers there are PCI ID tables littered in multiple places throughout the driver stack from the DRM/KMS kernel drivers to the Mesa OpenGL/Vulkan drivers but also the potential for other areas like the increasingly less common DDX drivers and other components. AMD is looking to address the proliferation of PCI IDs throughout the stack and the maintenance burden of having to keep the list of IDs in sync across the different components.
AMD has been working to centralize their PCI ID list within the DRM/KMS kernel area and to then expose the needed device and description/family bits to user-space that should be the basic information needed by the likes of the RadeonSI Gallium3D driver for managing the support rather than having to keep replicating these lists.
majority of our benchmarking of Intel's new Gallium3D OpenGL open-source driver is done with various "Gen9" graphics hardware given its proliferation and not yet having any Icelake Gen11 graphics hardware for Linux benchmarking. But with the Iris Gallium3D going back to supporting Broadwell "Gen8" graphics, here is a fresh look at how that oldest supported Intel hardware is working for this new Linux open-source OpenGL driver compared to the current default "i965" Intel OpenGL driver too.
Last week I provided an extensive look at the current Intel Gallium3D driver performance with the common Gen9 graphics hardware and the performance (and overall stability) of this new driver is looking great. It's looking like Intel is still on track for enabling that driver by default in Mesa before the 19.3 release at the end of the calendar year. Following that testing I was curious about Broadwell so I fired up an old Lenovo ThinkPad X1 Carbon laptop.
The GStreamer team is pleased to announce the first bug fix release in the stable 1.16 release series of your favourite cross-platform multimedia framework!
This release only contains bugfixes and it should be safe to update from 1.16.x.
See /releases/1.16/ for the details.
Binaries for Android, iOS, Mac OS X and Windows will be available shortly.
Valve have again released another update to the Steam Library beta. There's still a lot of issues with it but they seem to be getting through the major problems.
For the new Library they've added a screenshots section to pages for non-Steam games, non-Steam games should be available when Family View is enabled and they fixed an issue with the play bar going over the links bar on the game details when library sharing is active.
Valve and CodeWeavers have once again updated Steam Play Proton as they react quickly to issues that appear.
It's another small release too but small isn't exactly a bad thing. Seeing more regular updates to fix issues for major titles is actually something I had hoped they would do.
Just a week past the previous Proton update, Proton 4.11-6 is out today from Valve as the latest version of their Wine downstream powering Steam Play.
The principal change to Proton 4.11-6 is pulling in this weekend's release of DXVK 1.4. The DXVK 1.4 release has Direct3D 11.4 + DXGI 1.5 support to improve game compatibility, and fixes to benefit a handful of games like the Rockstar Game Launcher and Dark Souls III.
KDE Plasma 5.17 promises some really cool new features and enhancements, among which we can mention multi-screen and HiDPI improvements, fractional scaling on Wayland, support for managing and configuring Thunderbolt hardware in System Settings, Night Color support on X11, and much-improved notifications with automatic Do Not Disturb mode for presentations.
Several of the pages in System Settings got redesigned to help you configure your KDE Plasma system easier, the Breeze GTK theme now offers users a better appearance for the Chromium and Google Chrome web browsers and supports system color schemes for GTK and GNOME apps, System Monitor now shows NVidia GPU stats, and Plasma Discover package manager now shows icons for Snap apps.
Linux, Windows, what. More like awesome Linux software on Windows, what. Behold a review of KDE Connect for Windows, including setup and configuration of the nightly build, functionality and associated glitches, usage testing with SMS, file sharing and music playback, some other observations, and more. Enjoy.
Linux is traditionally associated as being an operating system for coders and programmers, but over the years there have been real attempts to make Linux more attractive to general consumers. This is not least due to general consumer dissatisfaction with Windows security issues or even Apple's walled garden.
However, Linux comes in many different forms, known as 'flavors' or 'distros'. This is simply because Linux is so incredibly configurable that different forms tend to be developed for different userbase needs or interests.
Not long ago, I was in the openSUSE Discord off topic chat room… or channel… whatever the terminology is, and the reasons for using openSUSE came up because someone needed a reminder. It was probably more tongue and cheek than anything but it is good, from time to time, to reflect on your decisions and ask yourself whether or not those decisions are still correct.
After doing a little reflection as to why I use openSUSE, what is its unique selling feature, I would say there are multiple and those reasons likely change in rank based on your particular use case. For me it is the combination of the tools plus a few herbs and spices that provide to me a reliable and stable base upon which I can rely which enables me to learn, experiment and potentially break it with mutliple fail safe features to easily restore it to a pre-fiddling stage. I get freedom to fiddle with openSUSE without the catastrophic consequences of breaking it. It is quite literally everything I want out of a computer operating system.
Here are some of the featurs I think make it “Fantabulous”, today, in 2019.
Intel's Database Reference Stack 1.0 is another initiative under their Clear Linux umbrella for demonstrating a database setup that is optimized for their Optane DC Persistent Memory hardware in conjunction with 2nd Gen Xeon Scalable (Cascadelake) CPUs.
[...]
This early release of their Database Reference Stack runs atop Clear Linux while tailoring Apache Cassandra and Redis for running off these persistent memory modules. This stack also pulls in Kubernetes for orchestration/management, Kata Containers, and makes use of the Intel Persistent Memory Development Kit (PMDK) and Low-Level Persistence Library. Both FSDAX and DEVDAX persistent memory modes are supported by this stack.
We hereby announce a new release of Hyperbola live image and HyperTalking for Hyperbola GNU/Linux-libre. It is the first release with LibreSSL support and adherence to the Filesystem Hierarchy Standard.
This version contains various bugfixes and improved stability.
Fedora has been leading the migration to Wayland since day one and we are not planning to stop. XWayland on demand has been an effort a lot of people contributed to this cycle. The goal is to only need XWayland for legacy X applications, not have it started and running all the time as that is a waste of system resources and also having core functionality still depend on X under Wayland makes the system more fragile. XWayland-on-demand has been a big effort with contributions from a lot of people and companies. One piece of this was the Systemd user session patches that was originally written by Iain Lane from Canonical. They had been lingering for a bit so Benjamin Berg took those patches on for this cycle and helped shepherd them over the finish line and get them merged upstream. This work wasn’t a hard requirement for Wayland-on-demand, but since it makes it a lot easier to do different things under X and Wayland which in turn makes moving towards XWayland-on-demand a little simpler to implement. That work will also allow (in future releases) us to do things like only start services under GNOME that are actually needed for your hardware, so for instance if you don’t have a bluetooth adapter in your computer there is no reason to run the bits of GNOME dealing with bluetooth. So expect further resource savings coming from this work over time.
Carlos Garnacho then spent time going through GNOME Shell removing any lingering X dependencies while Olivier Fourdan worked on cleaning up the control center. This work has mostly landed, but it is hidden behind an experimental flag (gsettings set org.gnome.mutter experimental-features "[...,'autostart-xwayland']") in Fedora 31 as we need to mature it a bit more before its ready for primetime. But we hope and expect to have it running by default in Fedora Workstation 32.
Fedora Workstation 31 when it debuts at the end of October should be another great release for the Fedora project and continuing to ship with the bleeding-edge yet stable packages and latest upstream innovations.
I continue running Fedora Rawhide on a number of systems internally and that's going well. We've covered many of the features of Fedora 31 during its development cycle thus far while now Red Hat's Christian Schaller has done a great job highlighting some of the most interesting work on the Fedora Workstation 31 front.
Fedora 31 will be released soon. It’s time to start planing activities around the release.
The most common activity to do is organize release parties. A release party is also a great way for other contributors in the community to get involved with advocacy in their local regions. Learn how to organize a release party and get a badge for it in this article.
Dear Debian:
First, we're approaching the deadline for projects and mentors for the next round of Outreachy [15]. If you have a corner of Debian and would bi interested in helping show a new intern why what you're working on is really exciting, then please take a look at that announcement. You don't have a lot of time, so please act quickly.
I like to start out my Bits from the DPL with a quick glimpse into some corner of Debian. This month comes with mixed emotions as I take a moment to thank several people who have stepped back from their roles. No, nothing is going wrong; this is just the normal consequences of people taking stock of their involvement after the Buster release.
Just before August started, Laura Arjona Reina retired from being involved in DebConf organization [16]. Since then, two members of the DebConf committee have resigned: Jonathan Carter [17] and Lucas Nussbaum [18].
Steve McIntyre [19] and Luca Filipozzi stepped down from the cloud team.
One of the best things about Debian is that especially in the last few years we've developed a culture of taking stock of our own involvement and asking ourselves whether we still want to be in some position. All of the above are still actively involved in Debian. In all cases they have just realized that it is time to move on from a particular role and focus on the parts of Debian that they choose.
Rotation of people helps our organization stay strong. So I'd like to thank you all for your service in these roles, and thank you for making room for others to get involved.
And at least for the DebConf committee and Cloud Team, I need to work with the community and teams to find replacements:-)
Lubuntu used to be that Linux distribution that you referred a friend to in case he wanted a very lightweight, newbie-friendly yet elegant alternative for Windows. Up to its 18.04LTS release, it indeed worked as expected, but starting with 18.10 where the development team switched to using the Qt-based desktop LXQt instead of traditional LXDE, things started to break.
As a short background, you should know that there was a desktop environment called “Razor-Qt”, which was a newly developed desktop based on the Qt toolkit that aimed to be lightweight and modern in the same time. There was also another team working on a Qt branch of LXDE (which is GTK-based) called LXDE-Qt. After a lot of discussions, both teams combined efforts and started to work on one project called LXQt.
LXDE desktop is still working today, and is considered to be feature complete. But it was not even ported to GTK 3 like other desktops such as MATE and XFCE, instead, it’s still using the legacy GTK 2.
With Ubuntu 19.10 one of the changes we have been looking forward to the most is the planned Ubuntu desktop installation support atop ZFS as a root file-system and Canonical's related work around the new ZSYS daemon. It's looking like the basic ZFS root installation support will make it in time for next month's Ubuntu 19.10 release but more advanced installation features won't be ready in time.
As of writing and even with the Ubuntu 19.10 beta freeze upon us, the option for installing the Ubuntu desktop atop a ZFS root file-system isn't yet in place for Ubiquity. There were some disagreements over the zfs_install code for Ubiquity with its design. Revised code is now being worked on.
Welcome to the Ubuntu Weekly Newsletter, Issue 597 for the week of September 15 – 21, 2019.
The open-spec BeagleBone AI has arrived for $118 with a dual Cortex-A15 TI AM5729 with dual C66x DSPs and 4x EVE cores for AI. The SBC supplies 1GB RAM, 16GB eMMC, WiFi/BT, GbE, USB 3.0 Type-C, and micro-HDMI.
The long-awaited heir to the BeagleBone Black that was unveiled by the BeagleBoard.org Foundation in February has reached market. The open-spec, community-backed BeagleBone AI has begun selling with pre-installed Debian Linux for $118 at Newark and $125 at Arrow, Mouser, and OKdo. The layout and dimensions appear to be the same as the 86 x 53mm BeagleBone Black and it supports the same Cape add-on boards.
On Kickstarter: Sequent Microsystems has launched a $15 “Hardware Watchdog HAT & Power Manager for Raspberry Pi” for protecting against software lock-ups.
Hardware-based watchdog timers are usually standard equipment on industrial computers, but are rarely seen on Linux hacker boards. Sequent Microsystems, which has previously launched Raspberry Pi add-ons such as the MegaIO-IND home automation board, has now successfully launched a Hardware Watchdog HAT & Power Manager for Raspberry Pi. The HAT is available on Kickstarter through Oct. 17 for $15 for Jan. 2020 delivery or $20 for Nov. 2019 delivery.
Amlogic offers variants of their processors depending on whether they come with Dolby and/or DTS licenses.
HealthyPi v4 Campaign Starts ProtoCentral has started a Crowd Supply campaign for the HealthyPi v4, its latest vital signs monitoring dev kit.
This new platform was designed to offer simple product development with wide software support, including Mainline Linux, Ubuntu, Debian, Yocto and OpenWRT.
Coraline Ada Ehmke has created “Hippocratic License” that “add ethics to open source projects”. But this seems to be just the beginning of a controversy as the “Hippocratic License” may not be open source at all.
Come Monday, Crist reversed course.
In a new blog post, Crist said that Chef won’t renew contracts with ICE and the US Customs and Border Protection when they expire next year, and that the company will donate this year’s revenue from the contracts to charities that help families affected by the agencies’ family separation and detention policies. The ICE contract was valued at $95,500 for an 11-month period through August 2020. Chef declined to comment on the value of the CBP contract.
On September 17, Seth Vargo—a former employee of Chef, the software deployment automation company—found out via a tweet that Chef licenses had been sold to the Immigration and Customs Enforcement Agency (ICE) under a $95,500, one-year contract through the approved contractor C&C International Computers & Consultants. In protest, Vargo decided to "archive" the GitHub repository for two open source Chef add-ons he had developed in the Ruby programming language. On his GitHub repository page, Vargo wrote, "I have a moral and ethical obligation to prevent my source from being used for evil."
That move, according to an all-hands email sent out by Chef CEO Barry Crist—later published on the company's website—"impact[ed] production systems for a number of our customers. Our entire team has worked to minimize customer downtime and will continue to do so until we restore services to 100% operation."
C++ developers flocked to Colorado for CppCon 2019. The convention is intended for personal networking and slideshow presentations, but its size leads to a handful of niche announcements that might be interesting to our readers when bundled together.
I am familiar with AdGuard thanks to its ad blocker for multiple desktop browsers, but Blokada was a new name for me. A search in the Play Store was fruitless, so I googled it.
What kind of service would it provide for someone to believe that Android should not be used without it? Was it someone just stating his/her opinion as facts, or was there some truth behind it?
Turns out, I kind of agree with this redditor. Blokada is an ad blocker that works differently from what AdGuard provides in its browser extension. It not only blocks ads, it has a list of blacklisted URLs, and it creates a local VPN to block any request that is submitted to any domain in said list. The request bounces against the local VPN and dies right away.
Last week I spent two days at Harvard University participating in my third Professional Development class at Harvard. This time the subject was “Creative Thinking: Innovative Solutions to Complex Challenges.” The workshop was led by two experienced facilitators, Anne Manning and Susan Robertson.
We started with introductions, and it soon became clear we had a very diverse group of participants - I was the lone person from the tech sector, but there was a nice blend of sectors represented, as well as some international participants. This made from some very interesting discussion outside the classroom and during the various breaks.
I was also pleased that some people sought me out, especially once they found out I was an “Ideator.” Prior to the class, we had taken an assessment, and then were presented with the results. In one of the exercises, it turned out we were teamed up with other participants who fell into the same quadrant as us. I thought it was a good way to weave that assessment into the class content (and of course, initially without us being aware of it).
I had some great takeaways from the two day class. I think the thing I appreciated the most was that the facilitators went to great lengths to give us a toolkit to take with us to apply the next time we are working on a project or interacting within a team. I think I also left the class with the distinct feeling that much like the diagram our team came up with above, you really have to build creativity into your system in a continuous manner.
We're happy to announce Kiwi TCMS version 7.0! This is a major release which includes security updates, significant database schema and API changes, many improvements, removed functionality, bug fixes, substantial internal refactoring and several new languages. You can explore everything at https://public.tenant.kiwitcms.org!
This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version.
Of all the stories we’d expect to hit our little corner of the world, we never thought that the seedy doings of a now-deceased accused pedophile billionaire would have impacted the intellectual home of the open-source software movement. But it did, and this week Richard Stallman resigned from the Computer Science and Artificial Intelligence Lab at MIT, as well as from the Free Software Foundation, which he founded and served as president. The resignations, which Stallman claims were “due to pressure on MIT and me over a series of misunderstandings and mischaracterizations”, followed the disclosure of a string of emails where he perhaps unwisely discussed what does and does not constitute sexual assault. The emails were written as a response to protests by MIT faculty and students outraged over the university’s long and deep relationship with Jeffrey Epstein, the late alleged pedophile-financier. This may be one of those stories where the less said, the better. If only Stallman had heeded that advice.
GIMP (GNU Image Manipulation Program) is a downloadable, professional-grade photo editor with an extensive Photoshop-like collection of essential editing tools. In addition, GIMP boasts advanced filters and layer masks. Whether you want to add text, erase background or add texture to a photo, this no-cost editing software will meet your needs.
The FSF Licensing and Compliance Lab will work with experienced lawyers and professionals to provide a full day continuing legal education (CLE) seminar on GPL Enforcement and Legal Ethics for legal professionals, law students, free software developers, and anyone interested in licensing issues.
Xiaomi has often been criticized by FOSS proponents and developers for its failure to abide by the GNU General Public License v2 license, which governs open source software such as Android. The company has often either completely failed to release kernel sources for its smartphones and tablets, or released them long after the launch of the device, both of which are an outright violation of the GNU GPL license.
In part 3 of our series on Qt graphics (part 1, part 2), we will look at how shaders are handled in Qt Quick in Qt 5.14 when switching the scenegraph over to rendering through QRhi, the Qt Rendering Hardware Interface. We choose to cover shader handling before digging into the RHI itself because Qt Quick applications using ShaderEffect items or custom materials have to provide fragment and/or vertex shader code themselves, and therefore they need to be aware of (and by Qt 6, migrate to) the new approach to shader handling.
Speaking of Qt 6: while everything described here applies to, and only to, Qt 5.14, and may change in later releases, what we have here will likely form the foundation of graphics and compute shader handling in Qt 6, once the few remaining rough edges are eliminated.
The most crucial step in any continuous integration process is the one that executes build instructions and tests their output. There’s an infinite number of ways to implement this step ranging from a simple shell script to a complex task system.
Keeping with the principles of simplicity and practicality, today we’ll look at continuing the series on Designing CI/CD Systems with our implementation of the execution script.
We are back to San Diego!! Our team will be joining DjangoCon US's conference, one of the biggest Django events in the world. For this year, we'll be giving two talks: Pull Requests: Merging good practices into your project and Building effective Django queries with expressions
Ada is a structured, statically typed, imperative, wide-spectrum, multi-paradigm, object-oriented high-level, ALGOL-like programming language, extended from Pascal and other languages. The language was developed in the late 1970s and early 1980s. Ada is named after Augusta Ada Byron (often now known as Ada Lovelace), daughter of the poet Lord Byron.
Ada has built-in language support for explicit concurrency, offering tasks, synchronous message passing, protected objects, and non-determinism. Ada incorporates the benefits of object-oriented languages without incurring the pervasive overheads.
Other notable features of Ada include: strong typing, inherent reliability, modularity mechanisms (packages), run-time checking, parallel processing, exception handling, the ability to provide abstraction through the package and private type, and generics.
The Zen of Python is loose enough and contradicts itself enough that you can prove anything from it. Let's meditate upon one of its most famous principles: "Explicit is better than implicit."
One thing that traditionally has been implicit in Python is the expected interface. Functions have been documented to expect a "file-like object" or a "sequence." But what is a file-like object? Does it support .writelines? What about .seek? What is a "sequence"? Does it support step-slicing, such as a[1:10:2]?
Originally, Python's answer was the so-called "duck-typing," taken from the phrase "if it walks like a duck and quacks like a duck, it's probably a duck." In other words, "try it and see," which is possibly the most implicit you could possibly get.
Our first DevNation Live regional event was held in Bengaluru, India in July. This free technology event focused on open source innovations, with sessions presented by elite Red Hat technologists.
In this session, Burr Sutter discusses serverless architectures, which have become a common approach in organizations that want to be more effective in DevOps and optimize their IT resources. This approach adds further flexibility to the next generation of microservices, and Knative helps running your microservices serverless workloads on Kubernetes/OpenShift be more agile and effective.
A new release of RcppAnnoy is now on CRAN.
RcppAnnoy is the Rcpp-based R integration of the nifty Annoy library by Erik Bernhardsson. Annoy is a small and lightweight C++ template header library for very fast approximate nearest neighbours—originally developed to drive the famous Spotify music discovery algorithm.
This release brings several updates. First and foremost, the upstream Annoy C++ code was updated from version 1.12 to 1.16 bringing both speedier code thanks to AVX512 instruction (where available) and new functionality. Which we expose in two new functions of which buildOnDisk() may be of interest for some using the file-back indices. We also corrected a minor wart in which a demo file was saved (via example()) to a user directory; we now use tempfile() as one should, and contributed two small Windows build changes back to Annoy.
I wrote a couple of years ago about the troubles I had finding a good libc for embedded systems, and for the last year or so I've been using something I called 'newlib-nano', which was newlib with the stdio from avrlibc bolted on. That library has worked pretty well, and required very little work to ship.
Now that I'm doing RISC-V stuff full-time, and am currently working to improve the development environment on deeply embedded devices, I decided to take another look at libc and see if a bit more work on newlib-nano would make it a good choice for wider usage.
One of the first changes was to switch away from the very confusing "newlib-nano" name. I picked "picolibc" as that seems reasonably distinct from other projects in the space and and doesn't use 'new' or 'nano' in the name.
If you don't believe AI conversations affect you, then I suggest reviewing this 2018 McKinsey Report on reskilling in the age of automation, which provides some interesting statistics.
Despite iFixit’s note that the phone has “some relatively repair-friendly features” surrounding its battery, it still awarded the phone a 6 out of 10 score for repairability overall, exactly the same as last year’s devices.
A mysterious AVID issue has been affecting computers across the industry.
Title X is a federally funded family planning program that guarantees low-income people can receive critical health care services for free or at a reduced cost. For decades it’s been one of the most effective federal health care programs, providing a wide range of vital reproductive and other services for millions of people across the country who wouldn’t otherwise be able to afford them.
Young people across the United States are continuing to fall ill with vaping-related lung disease as federal investigators struggle to identify the cause. In a conference call with reporters on Thursday, officials from the Centers for Disease Control and Prevention said they have recorded 530 probable and confirmed cases, along with seven deaths. Canada also reported its first case this week, after a teenager in Ontario was put on life support following use of an e-cigarette device.
In many of the recorded cases, the patients — mainly men under the age of 25 — have experienced chest pain, shortness of breath, and coughing, among other symptoms. But officials have not been able to pin down a single substance, ingredient, or brand that could be responsible. And while most patients have reported vaping tetrahydrocannabinol (THC), the primary psychoactive ingredient in marijuana, others say they only vaped nicotine or a combination of the two.
Coming more than four months after version 4.6, the Parrot 4.7 release is here with up-to-date penetration testing and ethical hacking tools for security researchers and everyone else how wants to get started with security releated tasks. Powered by the Linux 5.2 kernel, Parrot 4.7 introduces a new sandbox behavior to make it easier to use sandboxed apps.
"In Parrot 4.7 the sandbox is disabled by default, and users can decide wether to start an application sandboxed or not," explains Lorenzo Faletra. "You can easily start the sandboxed version of an installed program from the /sandbox/ folder or from a dedicated menu that we plan to improve in the future, or you can re-enable it by default by using the firecfg tool."
SensePost CTO Dominic White is one of South Africa’s best-known white hat hackers and has become the face of cybersecurity for many people.
White’s love for computers started in school when his mother bought him a second-hand computer from one of their tenants.
“I immediately tried to plug it all in and get it turned on. I soon realized I had no idea what I was doing, but I wanted to figure it out,” he said.
He did figure it out, and quickly realised that high school computer science presented many opportunities for mischief.
Security is a misunderstood element in DevOps. Some see it as outside of DevOps' purview, while others find it important (and overlooked) enough to recommend moving to DevSecOps. No matter your perspective on where it belongs, it's clear that security affects everyone.
Each year, the statistics on hacking become more alarming. For example, there's a hacker attack every 39 seconds, which can lead to stolen records, identities, and proprietary projects you're writing for your company. It can take months (and possibly forever) for your security team to discover the who, what, where, or when behind a hack.
What are operations professionals to do about these dire problems? I say it is time for us to become part of the solution by becoming security champions.
Microsoft today issued a rare emergency security update for Internet Explorer to address a critical flaw in the browser that's being exploited right now in the wild.
Redmond says the vulnerability, a scripting-engine memory-corruption bug designated CVE-2019-1367, can be abused by a malicious webpage or email to achieved remote code execution: that means Windows PCs can be hijacked by viewing a suitably booby-trapped website, or message, when using Internet Explorer. Malware, spyware, and other software nasties can be injected to run on the computer, in that case.
Discovery of the flaw, and its exploitation in the wild by miscreants to commandeer systems, was attributed to Clément Lecigne of the Google Threat Analysis Group. The programming blunder is present in at least IE 9 to 11.
Such flaws are not uncommon, and Microsoft typically patches anywhere from 10-20 browser and scripting engine remote code execution bugs each month with the Patch Tuesday bundle. Because they allow remote code execution with little or no user warning or interaction, Redmond considers such bugs to be critical security risks.
We, Lightning Wire Labs, are offering an opportunity ideal for a student to become a Junior Developer.
As a leading organisation in the IPFire Project, we are growing our team to allow us to move it forward quicker as well as advancing other internal projects.
Are you a frequent contributor to Open Source projects, but want to develop your skills further? Join our growing team to help us to achieve our ambitious goals and learn at the same time.
[...]
This job will be remote work with occasional visits to our main office if required. A EU/EEA citizenship is required.
The “Immortal Regiment” memorial march is a staple of collective memory in contemporary Russia: In it, marchers carry photographs of relatives and others who were killed in the Second World War. In an apparent attempt to elevate internal Soviet repressions to the cultural status of the war, a group of Russian opposition organizations is petitioning to hold a march called “Immortal Gulag” in central Moscow.
The United States government has moved to block Daniel Hale, a former U.S. Air Force language analyst, from presenting any evidence that he had “good motives” when he allegedly disclosed documents to a reporter that exposed a targeted assassination program involving armed drones.
Yet, while the U.S. government hopes to ensure Hale cannot put on a whistleblower defense during his trial, Hale’s defense attorneys have directly challenged the constitutionality of the Espionage Act, arguing [PDF] it violates the First Amendment. They also assert that the government is selectively and vindictively prosecuting Hale for his alleged act of dissent.
At the UN, Tehran is challenging the Europeans to defy Washington—and the attack on Saudi oil installations demonstrates that Iran can fight back against US sanctions, whether directly or through proxies.
The U.N.’s annual gathering of world leaders opens today with U.N. Secretary-General Antonio Guterres hosting a major summit promoting action to slow climate change.
The event—which follows a New York City-sanctioned school climate strike and a U.N. Youth Summit featuring 16-year-old Swedish climate activist Greta Thunberg—will draw an impressive list of world leaders, including German Chancellor Angela Merkel, French President Emmanuel Macron, and Indian Prime Minister Narendra Modi, who will detail specific steps to lower dependence on fossil fuel. China’s Foreign Minister, Wang Yi, will also speak. Over 100 world leaders are expected to attend. But there’s one glaring absence.
The summit highlighted the nations doing the most to fulfill their commitments as part of the 2016 Paris climate accord. That meant representatives from Saudi Arabia, Japan, and the US got no time on stage. Among the biggest contributors to the global carbon budget, they were excluded for not sufficiently committing to emissions reduction or for pursuing policies that actively undermine the Paris accord. President Donald Trump underscored his climate dismissal by attending for a mere 15 minutes. With dozens of world leaders descending on UN headquarters, Trump had scheduled a competing meeting at the UN for a “call to protect religious freedom”; in the end, he and Vice President Mike Pence made a brief surprise appearance at the climate meeting.
Scolded for doing little, leader after leader promised the United Nations on Monday to do more to prevent a warming world from reaching even more dangerous levels.
Russian Prime Minister Dmitry Medvedev has signed a government order accepting the conditions of the Paris Agreement, RIA Novosti reported. The agreement was initially drafted in 2015 to provide an international framework for combating the climate crisis.
In a recent interview with Amy Goodman, Naomi Klein linked Greta Thunberg’s autism with her powerful commitment to combating climate chaos. In doing so, I believe she promoted a serious misunderstanding about how autism is linked to Greta’s moral clarity on this existential threat. In the interview quoted extensively below, Klein talks about autism and the human brain’s propensity for “mirroring.”
By the year 2050, as many as 1.5 billion people around the world could be displaced as a result of climate change, according to the International Organization for Migration.
When the Washington Post‘s Paul Waldman (9/18/19) recently attempted to explain Elizabeth Warren’s rise in the Democratic primary polls, he attributed it in part to media:
The family of Anton Vaino, the chief of staff of Russia’s presidential administration, reportedly owns properties in Moscow and the Moscow region that are worth a total of 1.6 billion rubles ($25 million). The Russian outlet Republic reported its discovery of the properties on September 23.
For Li, deepfake technology itself isn't the problem - it's people using the technology to deceive or harm. To paraphrase the old slogan of the gun lobby: deepfakes don't fool people, people fool people.
The rise of this technology has, however, given rise to concerns about how these creations could cause confusion and propagate disinformation, especially in the context of global politics. Online disinformation through targeted social-media campaigns and apps such as WhatsApp has already roiled elections around the world.
Speech critical of the government is under increasing attack in Myanmar.€ In the past two weeks, NLD officials have filed several criminal defamation charges against government critics.
The wife of Saudi blogger Raif Badawi says he has ended his hunger strike after being visited in jail by a Saudi human rights commissioner. Badawi was lashed publicly and jailed in 2014 for allegedly insulting Islam.
The Alphabet Inc. unit was the only member of the World Wide Web Consortium to vote against the measure to expand the power of the organization’s [Internet] privacy group, according to a tally of the results viewed by Bloomberg News. Twenty four organizations voted for the idea in a recent poll.
Edward Snowden’s memoir “Permanent Record” is a best seller. Hackers are trying to cash in on it, too.
A type of malware called Emotet is being embedded in an email phishing campaign that offers Snowden’s book as an attachment. The spam email claims the former government contractor’s story has been banned, then encourages readers to download, read and share his book, according to Malwarebytes Inc., which analyzed the campaign in recent days.
But when a recipient clicks on the attachment, there’s no book. Instead, there’s a link that, if selected, buries malicious code into the unlucky clicker’s device. Malwarebytes said it discovered the emails in English, Spanish, German, Italian and French.
Cheboksary Electromechanical College has made it mandatory for its students to sign a set of institutional rules that include a prohibition on attending protest actions. The RFE/RL project Idel.Realii obtained a copy of the document.
Demonstrators said that undercover officers didn’t identify themselves as police, adding to fears that the men had been part of gangs that had attacked demonstrators in recent weeks. According to the Hong Kong police’s guidelines, officers are required to identify themselves before exercising their duties.
Yet, the true efficacy of the law has been negligible. At least, that is what a new study by the women's rights group Terre des Femmes has shown. The group's figures show that at least 813 child marriages have been registered across the country since the law went into effect, yet only 10 of those marriages have been annulled.
The European Parliament on Thursday, September 19, 2019, adopted a resolution condemning Iran’s regime for violations of women’s rights in Iran. The resolution was adopted by 608 votes in favor, 7 against and 46 abstentions.
But the new blasters come with a catch: DRM for darts, it sounds like! “If the blaster detects an incompatible dart in the drum, it won’t fire and will skip to the next chamber,” writes The Wall Street Journal. A Hasbro executive told the publication that existing darts were just too easy to copy, and it’s got patents pending on the new Ultra foam.
That may annoy the Nerf community, because it could drive up the effective price of hosting a Nerf war. Right now, you can buy hundreds of knockoff Nerf Elite darts for just a few dollars online and use them in dozens of different blasters from both Hasbro and competitors, whereas it’ll cost $10 to get just 20 of these new Ultra darts instead.
The low prices and interoperability of Elite darts meant event organizers could afford to provide a big chest of ammo for players that they return at the end of the day — instead of each person bringing their own ammo and fighting over which darts belong to which people at the end of each game.
Twitter on Friday said it had “removed or suspended thousands of accounts with ties to governments in the Middle East,” including a former close media adviser to Saudi Crown Prince Mohammed bin Salman who reportedly ran a pro-regime online troll army and was implicated as involved in the murder of dissident journalist Jamal Khashoggi.
Using Logic, he split up the song into two beats, ending up at about 400 stems. And although the notes can sometimes cut off midway through musical phrases, the songs avoid sounding chopped up through the use of reverb. “I exported each of these stems so that the reverb rings out as much as it can,” he says. “Each of these stems, they’re not the same length, even though they’re the same musical length. You can play them over the top of each other, and it just sounds like the piano is holding down the sustain pedal.”
The stems were then matched up to the game, which operates in three states: the first is a silent state, where the goose is just hanging out, not doing anything; in the second state, the “low energy version” is performed as the goose is plotting and scheming, moving closer to his prey; and the third state is when you’re being actively chased, which is the performance you’d hear on a record. The game chooses which version to play depending on what’s happening — so taking into account all the different ways the stems can be matched together, that means the amount of different versions you can hear is “a number with, like, 52 zeroes,” Golding says. “One of the beauties of the game is that nobody’s gonna get the same performance.”