Bonum Certa Men Certa

Links 16/10/2019: Halo Privacy, Ubuntu Release Imminent



  • GNU/Linux

    • Google launches the $649 Pixelbook Go Chromebook

      At its annual hardware event, Google today announced the launch of the Pixelbook Go, the latest iteration of its first-party Chromebook lineup. Starting at $649, the Pixelbook Go marks a return to the standard laptop format after last year’s Pixelbook with a 180-degree hinge and the Pixel Slate 2-in-1.

      The Go will come with a 16:9 13.3-inch touch screen and either an HD or 4K display, two USB-C ports, a built-in Titan-C security chip, up to 16GB of RAM and up to 256GB of storage. It’s powered by Intel Core CPUs, starting with an m3 chip at the low end and an i7 at the top end. Available colors are black and “not pink” and pre-orders start now, but only for the black version. “Not pink” is coming soon.

    • Purism

      • Purism Partners with Halo Privacy to Bring Extra Security to Its Linux Devices

        Purism is already known for providing top notch security and privacy for its Linux laptops and phones, but with the new partnership with Halo Privacy, the company wants to bring strong cryptography and custom managed attribution techniques to secure communications from direct attacks.

        These new, unique security stack provided by Halo Privacy works together with Purism's state-of-the-art security implementations for its Linux devices, including the Librem Key USB security token with tamper detection and PureBoot secure UEFI replacement, to cryptographically guarantee signing of the lowest level of firmware and user's privacy.

      • Halo Privacy partners with Purism

        Halo Privacy partners with Purism to provide best-in-class secure hardware devices to large enterprise customers in defense, aerospace, and the cryptocurrency/fintech sector.

        Halo is excited to deliver solutions utilizing Purism’s industry unique security stack across Librem Laptops, the Librem 5 phone, and including the recently released Made in the USA Librem Key. This advanced security combines hardware with PureBoot, Purism’s UEFI replacement (combining coreboot, Heads, TPM, and Librem Key), to cryptographically guarantee signing of the lowest level of hardware and firmware.

        Halo Privacy, combines custom managed attribution techniques with strong cryptography to secure communications from direct attack while maintaining confidentiality for a user’s identity. By integrating with the Purism suite, Halo significantly reduces the attack surface while providing strong assurance based on the integrity of Purism’s supply chain.

        Building on a foundation of shared enthusiasm for privacy and control, Purism and Halo Privacy are happy to announce a partnership focused around delivering Purism hardware into Halo Privacy’s Corona & Eclipse secure communications platforms. Halo is a solutions partner with its network of Government and private sector clients. As an additional step, Halo is allocating developer resources to deliver additional functionality on Purism’s platform.

        “Halo Privacy has proven to be an instrumental partner with Purism, helping shape some of the security products by getting involved in the early phases of development and product purchasing.” says Todd Weaver, Founder & CEO of Purism.

        “When looking to mitigate the supply chain risk in publicly available hardware offerings, nothing compares to Purism. Delivering solutions using the foundational strength of Purism’s products provides an unparalleled level of confidence and control” says Lance Gaines, Founder & CTO of Halo Privacy.

      • Librem 5 Aspen Batch – Photo and Video Gallery

        Librem 5‘s from the Aspen batch have started shipping to early backers so we’ve done a roundup of some of the best photos and videos shared by us and others as well as some never seen before photos.

        The Librem 5 case has evolved to a black anodized aluminium shell (with non-metal backing to keep radio reception quality high) with flush, easy-to-slide hardware kill switches.

        The Purism factory is ready to ship thousands of Librem 5s to backers over the coming months.

      • Purism Shares More Photos Of Initial Librem 5 Phones, PureOS UI
    • Server

      • Eirinix: Writing Extensions for Eirini

        At the recent Cloud Foundry Summit EU in the Netherlands, Vlad Iovanov and Ettore Di Giacinto of SUSE presented a talk about Eirini — a project that allows the deployment and management of applications on Kubernetes using the Cloud Foundry Platform. They introduced eirinix — a framework that allows developers to extend Eirini. Eirinix is built from the Quarks codebase, which leverages Kubernetes Mutating Webhooks. With the flexibility of Kubernetes and Eirini’s architecture, developers can now build features around Eirini, like Persi support, access to the application via SSH, ASGs via Network Policies and more. In this talk, they explained how this can be done, and how everyone can start contributing to a rich ecosystem of extensions that will improve Eirini and the developer experience of Cloud Foundry.

      • IBM

        • Building an open ML platform with Red Hat OpenShift and Open Data Hub Project

          Unaddressed, these challenges impact the speed, efficiency and productivity of the highly valuable data science teams. This leads to frustration, lack of job satisfaction and ultimately the promise of AI/ML to the business is not redeemed.

          IT departments are being challenged to address the above. IT has to deliver a cloud-like experience to data scientists. That means a platform that offers freedom of choice, is easy to access, is fast and agile, scales on-demand and is resilient. The use of open source technologies will prevent lockin, and maintain long term strategic leverage over cost.

          In many ways, a similar dynamic has played out in the world of application development in the past few years that has led to microservices, the hybrid cloud and automation and agile processes. And IT has addressed this with containers, kubernetes and open hybrid cloud.

          So how does IT address this challenge in the world of AI – by learning from their own experiences in the world of application development and applying to the world of AI/ML. IT addresses the challenge by building an AI platform that is container based, that helps build AI/ML services with agile process that accelerates innovation and is built with the hybrid cloud in mind.

        • Launching OpenShift/Kubernetes Support for Solarflare Cloud Onload

          This is a guest post co-written by Solarflare, a Xilinx company. Miklos Reiter is Software Development Manager at Solarflare and leads the development of Solarflare’s Cloud Onload Operator. Zvonko Kaiser is Team Lead at Red Hat and leads the development of the Node Feature Discovery operator.

        • Red Hat and SAS: Enabling enterprise intelligence across the hybrid cloud

          Every day 2.5 quintillion bytes of big data is created - this data comes from externally sourced websites, blog posts, tweets, sensors of various types and public data initiatives such as the human genome project as well as audio and video recordings from smart devices/apps and the Internet of Things (IoT). Many businesses are learning how to look beyond just data volume (storage requirements), velocity (port bandwidth) and variety (voice, video and data) of this data; they are learning how to use the data to make intelligent business decisions.

          Today, every organization, across geographies and industries can innovate digitally, creating more customer value and differentiation while helping to level the competitive playing field. The ability to capture and analyze big data and apply context-based visibility and control into actionable information is what creates an intelligent enterprise. It entails using data to get real-time insights across the lines of business which can then drive improved operations, innovation, new areas of growth and deliver enhanced customer and end user experiences

        • Working together to raise mental health awareness: How Red Hat observed World Mental Health Day

          Cultivating a diverse and inclusive workspace is an important part of Red Hat’s open culture. That’s why we work to create an environment where associates feel comfortable bringing their whole selves to work every single day. One way we achieve this mission is by making sure that Red Hatters who wish to share their mental health experiences, are met with compassion and understanding, but most importantly, without stigma. It is estimated that one in four adults suffers from mental illness every year.

        • Introducing Red Hat OpenShift 4.2: Developers get an expanded and improved toolbox

          Today Red Hat announces Red Hat OpenShift 4.2 extending its commitment to simplifying and automating the cloud and empowering developers to innovate.

          Red Hat OpenShift 4, introduced in May, is the next generation of Red Hat’s trusted enterprise Kubernetes platform, reengineered to address the complexity of managing container-based applications in production systems. It is designed as a self-managing platform with automatic software updates and lifecycle management across hybrid cloud environments, built on the trusted foundation of Red Hat Enterprise Linux and Red Hat Enterprise Linux CoreOS.

          The Red Hat OpenShift 4.2 release focuses on tooling that is designed to deliver a developer-centric user experience. It also helps cluster administrators by easing the management of the platform and applications, with the availability of OpenShift migration tooling from 3.x to 4.x, as well as newly supported disconnected installs.

        • A look at the most exciting features in OpenStack Train

          With all eyes turning towards Shanghai, we’re getting ready for the next Open Infrastructure Summit in November with great excitement. But before we hit the road, I wanted to draw attention to the latest OpenStack upstream release. The Train release continues to showcase the community’s drive toward offering innovations in OpenStack. Red Hat has been part of developing more than 50 new features spanning Nova, Ironic, Cinder, TripleO and many more projects.

          But given all the technology goodies (you can see the release highlights here) that the Train release has to offer, you may be curious about the features that we at Red Hat believe are among the top capabilities that will benefit our telecommunications and enterprise customers and their uses cases. Here's an overview of the features we are most excited about this release.

        • New developer tools in Red Hat OpenShift 4.2

          Today’s announcement of Red Hat OpenShift 4.2 represents a major release for developers working with OpenShift and Kubernetes. There is a new application development-focused user interface, new tools, and plugins for container builds, CI/CD pipelines, and serverless architecture.

        • Red Hat CodeReady Containers overview for Windows and macOS

          Red Hat CodeReady Containers 1.0 is now available with support for Red Hat OpenShift 4.2. CodeReady Containers is “OpenShift on your laptop,” the easiest way to get a local OpenShift environment running on your machine. You can get an overview of CodeReady Containers in the tech preview launch post. You can download CodeReady Containers from the product page.

        • Tour of the Developer Perspective in the Red Hat OpenShift 4.2 web console

          Of all of the new features of the Red Hat OpenShift 4.2 release, what I’ve been looking forward to the most are the developer-focused updates to the web console. If you’ve used OpenShift 4.1, then you’re probably already familiar with the updated Administrator Perspective, which is where you can manage workloads, storage, networking, cluster settings, and more.

          The addition of the new Developer Perspective aims to give developers an optimized experience with the features and workflows they’re most likely to need to be productive. Developers can focus on higher level abstractions like their application and components, and then drill down deeper to get to the OpenShift and Kubernetes resources that make up their application.

          Let’s take a tour of the Developer Perspective and explore some of the key features.

        • VirtualBox Adds Support for Linux Kernel 5.3, Red Hat Enterprise Linux 8.1 Beta

          Oracle released today VirtualBox 6.0.14, a new maintenance update in the latest VirtualBox 6.0 series of their open-source and cross-platform virtualization software.

          VirtualBox 6.0.14 is here to add support for new technologies, fix bug, and add various improvements. For example it implements support for the Linux 5.3 kernel series, as well as for the Red Hat Enterprise Linux 7.7, CentOS Linux 7.7, Oracle Linux 7.7m and Red Hat Enterprise Linux 8.1 Beta operating systems.

          On top of that, VirtualBox 6.0.14 improves the detection of the Python version during the creation of the RPM package on Linux hosts to address some installation issues addresses and package dependencies, and improves shared folders for Linux guests, especially when unmounting them in service script.

    • Audiocasts/Shows

    • Kernel Space

      • libinput's bus factor is 1

        Let's arbitrarily pick the 1.9.0 release (roughly 2 years ago) and look at the numbers: of the ~1200 commits since 1.9.0, just under 990 were done by me. In those 2 years we had 76 contributors in total, but only 24 of which have more than one commit and only 6 contributors have more than 5 commits. The numbers don't really change much even if we go all the way back to 1.0.0 in 2015. These numbers do not include the non-development work: release maintenance for new releases and point releases, reviewing CI failures [1], writing documentation (including the stuff on this blog), testing and bug triage. Right now, this is effectively all done by one person.

        This is... less than ideal. At this point libinput is more-or-less the only input stack we have [2] and all major distributions rely on it. It drives mice, touchpads, tablets, keyboards, touchscreens, trackballs, etc. so basically everything except joysticks.

      • Graphics Stack

        • Khronos Opens Door For Allowing More Open-Source Drivers To Reach Conformance Status

          Khronos president Neil Trevett was at this month's XDC2019 conference in Montreal and he clarified their position on accepting conformance submissions by the open-source drivers.

          He clarified that any of the open-source driver projects working on a conformant implementation for OpenGL / OpenCL / Vulkan can indeed submit to Khronos without paying any vendor fees, etc. That includes all drivers, just not those part of (or not) Khronos Group members.

        • TURNIP Vulkan Driver Gets MSAA Working

          Mesa's TURNIP Vulkan driver that provides open-source Vulkan API support for Qualcomm Adreno hardware in recent weeks has been back to seeing new activity and this week more useful contributions are being made.

          On Tuesday a number of TURNIP commits were made by Jonathan Marek as well as Eric Anholt. The latest work includes a number of fixes, adding the ASTC texture compression format layout, VK_KHR_sampler_mirror_clamp_to_edge, and ultimately getting basic MSAA working. The multi-sample anti-aliasing support for this open-source TURNIP driver for Adreno graphics has been described as "not perfect but gets through some tests."

    • Benchmarks

      • A Quick Look At EXT4 vs. ZFS Performance On Ubuntu 19.10 With An NVMe SSD

        For those thinking of playing with Ubuntu 19.10's new experimental ZFS desktop install option in opting for using ZFS On Linux in place of EXT4 as the root file-system, here are some quick benchmarks looking at the out-of-the-box performance of ZFS/ZoL vs. EXT4 on Ubuntu 19.10 using a common NVMe solid-state drive.

        Given Canonical has brought ZFS support to its Ubiquity desktop installer as an easy-to-deploy option for running on this popular file-system, for this initial round of testing from Ubuntu 19.10 a lone NVMe SSD is being used (Corsair Force MP600) as opposed to doing any multi-disk setups, etc, where ZFS is more common due to its rich feature set.

        Clean installs of Ubuntu 19.10 were done both with EXT4 and ZFS while using the stock mount options / settings each time. The ZoL support in Ubuntu 19.10 is relying upon various back-ports from ZFS On Linux 0.8.2 and this imminent Linux distribution update is shipping with a 5.3-based kernel.

    • Applications

      • 6 Excellent Free Linux Reference Management Tools

        Reference management software is software for academics and authors to use to record and use bibliographic citations. This type of software typically uses a database to store the bibliographic references, together with a system for filtering the list in a format needed desirable to scholarly journals and publishers.

        This category of software is one of the most useful digital tools for a researcher today. It enables users to import references from sources, manage and edit the references, export the references, format the bibliography, and in accordance with international standards. Researchers and academics appreciate the essential functions offered by reference management tools, minimising the tedious task of collecting, organising and citing their sources.

        There are a number of different types of software packages that you can use to manage the bibliographic details of information and the documents you find during your degree or research. All of the software featured in this article is available to use without charge, and with the exception of Mendeley Desktop are released under an open source license.

      • Handwritten Notes And PDF Annotation Tool Xournal++ Update Brings New Floating Toolbox

        Xournal++ was updated to version 1.0.14 recently, quickly followed by a minor 1.0.15 release. With this update, the application has received a new experimental floating toolbox, redesigned preferences, and some notable quality of life changes.

        Xournal++ is a handwriting notetaking application that supports PDF annotations, which runs on Linux, macOS and Windows 10.

        Written in C++ with GTK+ 3, the tool can be used to take notes with pen input devices such as Wacom Tablets, while also allowing users to take audio notes thanks to its audio recording and playback functionality. This application is not just for taking handwritten and audio notes though, as it can also annotate PDF documents (and more) - it can insert text / LaTeX, draw shapes, and insert black or delete existing PDF pages.

      • Proprietary

        • BGH Capital backs major new cyber security player

          Former national cyber security adviser Alastair MacGibbon and former Optus Business managing director John Paitaridis joined forces to create the country's largest pure cyber security company, with 400 staff and backing from private equity firm BGH Capital.

          Led by Mr Paitaridis, CyberCX brings together 12 niche cyber security players to form one large company.

        • Malware That Spits Cash Out of ATMs Has Spread Across the World [iophk: Windows TCO]

          Part of the security issue for ATMs is that many of them are, in essence, aged Windows computers.

        • Migration Complete – Amazon’s Consumer Business Just Turned off its Final Oracle Database

          We migrated 75 petabytes of internal data stored in nearly 7,500 Oracle databases to multiple AWS database services including Amazon DynamoDB, Amazon Aurora, Amazon Relational Database Service (RDS), and Amazon Redshift. The migrations were accomplished with little or no downtime, and covered 100% of our proprietary systems. This includes complex purchasing, catalog management, order fulfillment, accounting, and video streaming workloads. We kept careful track of the costs and the performance, and realized the following results: [...]

    • Instructionals/Technical

    • Games

      • Shadow of the Tomb Raider coming to Linux on Nov 5

        Gamers are in for a treat as Shadow of the Tomb Raider Definitive Edition is set to make its debut on both Linux and macOS systems this November 5th.

        Shadow of the Tomb Raider is the third and final installment to the famous Tomb Raider origins trilogy. Similar to its previous parts, it is going to be based around Lara Croft herself and will accompany tons of action and adventure. In this game, most of Lara’s adventures will take place in Paititi, where she would battle to stop a Mayan apocalypse with the help of her two best friends: firearms and stealth.

      • AI War 2, the massive RTS game confirmed for launch on October 22

        Arcen Games have now fully confirmed that October 22 is the final launch date for AI War 2 to leave Early Access.

        This is the sequel to the critically acclaimed AI War: Fleet Command released back in 2009, which eventually came to Linux too later in 2014. The release of AI War 2 is going to mark 10 years since the original! Funded on Kickstarter back in 2016 with the help of around 2,545 backers.

        AI War 2 is a grand strategy RTS hybrid against an overwhelming, inhuman enemy who has conquered the galaxy. The enemy has made only a single error: underestimating you. You must steal as much technology as you can, take enough territory to fortify your bases and launch your last stand.

      • Dominus Galaxia, a 4x strategy game heavily inspired by Master of Orion 1 has a Linux demo up

        Their aim with Dominus Galaxia is to be an upgraded spiritual successor to the original Master of Orion, they said to think of it like if Master of Orion 2 was a proper sequel and not a "a radical re-imagining".

        It's currently crowdfunding on Kickstarter which has 10 days to go with nearly 50% of the funding needed, with a bit of a stretch it may be able to make it. Just recently, they put up a full demo of the game with Linux support on itch.io.

      • Creature building action and survival game 'Sipho' adds some fun new zooids for your monstrosity

        Swim, kill, adapt and hopefully survive. That's the aim of the game in Sipho and the recent update adds in some new pieces for you to unlock to build your horrific sea creature with.

        It's such a strange game, blending together furious action with a creature builder where you unlock different parts and species. Based on real science, inspired by the Siphonophorae with your creature being built with zooids, an animal that forms part of a colony that all move together.

      • No Linux version of Lonely Mountains: Downhill yet due to IL2CPP in Unity

        Megagon Industries have now confirmed the status of Lonely Mountains: Downhill for Linux and currently it's not good news.

        This is a game that was funded on Kickstarter, that had Linux as a platform for release. If this sounds familiar, it's because we wrote about this game recently where the developer seemed a bit confused on the Linux version and they weren't clear on what they were doing.

      • Project RIP, a new FPS released recently with Linux support and it looks action-packed

        Fight off waves of demons in Project RIP from developer Storming Tech, a new Unreal Engine first-person shooter that has Linux support. This is the same developer who also made Escape Legacy: Ancient Scrolls, an escape room puzzle game which also seemed quite good.

      • The Northgard free Conquest expansion is launching October 22

        The huge free Conquest expansion for the strategy game Northgard is now confirmed to be releasing on October 22.

        As announced before this free update is going to include a new standalone game mode, which can be played solo or in co-op. Offering up a series of missions, offering a what they claim is "100+" hours of extra possible play time. The missions don't seem to be linked, offering up something new each time with specific victory conditions and rule sets.

      • The impressively smooth roguelike Jupiter Hell has a big AI upgrade and a first sale

        ChaosForge continue advancing their turn-based shooter roguelike shooter Jupiter Hell, with another big update now available.

        A big focus has been on the AI to actually make it a bit smarter. Humanoid enemies will now attempt to take cover and not always run in a straight line at you, which can make it a little more difficult for sure. Most enemies will also react to noise you and other NPCs make. The demon-like enemies will now track you by smell, so you can't hide from them. You might find the need to retreat more often, to find a better position.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Some nice widgets for your Plasma desktop

          Plasma is an extremely extensible, flexible desktop environment, and it lets you customize and change anything and everything to the tiniest detail. You can go about mimicking other desktops and systems as you please, limited only by your imagination and patience. If you want a Mac-like look or a Unity look, you can.

          So I thought, I should revisit my old Plasma widgets article and explore some fresh applets out there, to see what else you can do here. Indeed, there are lots of hidden goodies lurking beneath the surface, and if you're curious, you will discover fresh tools and features that can make the Plasma desktop experience even more enjoyable.

      • GNOME Desktop/GTK

        • Patent Attacks Against Open Source Intensify!

          We previously reported on how popular open source has been under attack from patent assertion entities. The attacks continue. The GNOME Foundation recently acknowledged that it was sued for patent infringement by Rothschild Patent Imaging LLC. The allegedly infringing product is Shotwell, a free and open source personal photo manager. Neil McGovern, Executive Director for the GNOME Foundation says “We have retained legal counsel and intend to vigorously defend against this baseless suit.” The suit alleges infringement of a single patent 9,936,086 titled “Wireless Image Distribution System and Method.”

          This suit is noteworthy in that it is not targeted at users of the open source product, but rather the entity that oversees the development. In the prior lawsuits we reported, the targets were typically companies using the open source.

          One of the potentially interesting issues that could be addressed if the case goes the distance is the request for injunctive relief. Rothschild seeks as part of its relief: “an Order Enjoining Defendant, its agents, officers, servants, employees, attorneys, and all persons in active concert or participation with Defendant who receive notice of the order from further infringement of United States Patent No. 9,936,086.” Shotwell is licensed under GNU Lesser General Public License version 2.1 (LPGL). This license permits licensees to copy and redistribute Shotwell to others. If somehow Rothschild obtains an injunction, will it apply just to the GNOME Foundation or downstream users as well? One of the novel underlying legal questions that would need to be addressed is whether licensees who redistribute an open source program are “in active concert or participation with Defendant.”

    • Distributions

      • Reviews

        • Manjaro | Review from an openSUSE User

          There are many flavors of Linux, we call them distributions but in a way, I think “flavor” is a good word for it as some some are a sweet and delightful experience while with others a lingering, foul taste remains. Manjaro has not left a foul taste in any way. In full disclosure, I am not a fan of Arch based Linux distributions. I appreciate the idea of this one-step-removed Gentoo and for those that really like to get into the nitty-gritty bits Arch is good for that. My problem with Arch is the lack of quality assurance. The official repository on Arch Wiki describes the process of how core packages need to be signed off by developers before they are allowed to move from staging into the official repositories. With the rate at which packages come in, it is almost an impossibility that through manual testing software will continue to work well with other software as some dependencies may change. Admittedly, I don’t use it daily, outside of VMs for testing nor do I have a lot of software installed so this is not going to be a problem I am likely to experience.

          Manjaro, from my less than professional opinion, is a slightly slower rolling Arch that seems to do more testing and the process, from what I understand, is similar. Developers have to approve the packages before they are moved into the official repositories. I also understand that there isn’t any automated QA to perform any testing so this is all reliant on user or community testing, which, seemingly, Manjaro is doing a good job of it.

          My dance with Manjaro is as part of a BigDaddyLinuxLive Community challenge, to give it a fair shake and share your experience.

          This is my review of Manjaro with the Plasma Desktop. Bottom Line Up Front, this is quite possibly the safest and most stable route if you like the Arch model. In the time I ran it, I didn’t have any issues with it. The default Plasma Desktop is quite nice, and the default themes are also top notch. The graphical package manager works fantastically well and you do have Snap support right out of the gate. It’s truly a great experience. Was it good enough to push me from my precious openSUSE? No, but it has made for a contender and something about which to think.

      • SUSE/OpenSUSE

        • openSUSE to have Summit in Dublin

          The openSUSE Community is going to Ireland March 27 and 28, 2020, for openSUSE Summit Dublin.

          Registration for the summit has begun and the Call for Papers is open until Feb. 14.

          The summit will begin at the end of SUSE’s premier annual global technical conference SUSECON.

          Partners of openSUSE, open-source community projects and community members are encouraged to register for the summit and submit a talk.

          The schedule for the openSUSE Summit Dublin will be posted on Feb. 17.

      • Arch Family

        • Required update to recent libarchive

          The compression algorithm zstd brings faster compression and decompression, while maintaining a compression ratio comparable with xz. This will speed up package installation with pacman, without further drawbacks.

          The imminent release of pacman 5.2 brings build tools with support for compressing packages with zstd. To install these packages you need libarchive with support for zstd, which entered the repositories in September 2018. In order for zstd compressed packages to be distributed, we require all users to have updated to at least libarchive 3.3.3-1. You have had a year, so we expect you already did update. Hurry up if you have not.

      • Fedora Family

        • Contribute to Fedora Magazine

          Do you love Linux and open source? Do you have ideas to share, enjoy writing, or want to help run a blog with over 60k visits every week? Then you’re at the right place! Fedora Magazine is looking for contributors. This article walks you through various options of contributing and guides you through the process of becoming a contributor.

        • Fabiano Fidêncio: Libosinfo (Part I)

          Libosinfo is the operating system information database. As a project, it consists of three different parts, with the goal to provide a single place containing all the required information about an operating system in order to provision and manage it in a virtualized environment.

        • Τι κάνεις FOSSCOMM 2019

          When the students visited our Fedora booth, they were excited to take some Fedora gifts, especially the tattoo sticker. I was asking how many of them used Fedora, and most of them were using Ubuntu, Linux Mint, Kali Linux and Elementary OS. It was an opportunity to share the Fedora 30 edition and give the beginner’s guide that the Fedora community wrote in a little book. Most of them enjoyed taking photos with the Linux frame I did in Edinburgh...

          [...]

          I was planning to teach the use of the GTK library with C, Python, and Vala. However, because of the time and the preference of the attendees, we only worked with C. The workshop was supported by Alex Angelo who also traduced some of my expressions in Greek. I was flexible in using different Operating Systems such as Linux Mint, Ubuntu, Kubuntu among other distros. There were only two users that used Fedora. Almost half of the audience did not bring a laptop, and then I grouped in groups to work together. I enjoyed to see young students eager to learn, they took their own notes, and asked questions. You might see the video of the workshop that was recorded by the organizers.

        • Extending the Minimization objective

          Earlier this summer, the Fedora Council approved the first phase of the Minimization objective. Minimization looks at package dependencies and tries to minimize the footprint for a variety of use cases. The first phase resulted in the development of a feedback pipeline, a better understanding of the problem space, and some initial ideas for policy improvements.

        • Fedora at 15: Why Matthew Miller sees a bright future for the Linux distribution

          Fedora—as a Linux distribution—will celebrate the 15th anniversary of its first release in November, though its technical lineage is much older, as Fedora Core 1 was created following the discontinuation of Red Hat Linux 9 in favor of Red Hat Enterprise Linux (RHEL).

          That was a turbulent time in Red Hat history, and Fedora has had its own share of turbulence as well. Since becoming project leader in June 2014, Matthew Miller had led the Fedora.next initiative, intended to guide the second decade of the Fedora project. That initiative resulted in the creation of separate Fedora Workstation, Server, and Cloud editions—the latter of which has since been replaced with CoreOS—as well as the addition of an Internet of Things (IoT) edition.

      • Debian Family

        • Canonical/Ubuntu Family

          • Ubuntu 19.10 overview | Fast, secure and simple.

            In this video, I am going to show an overview of Ubuntu 19.10 and some of the applications pre-installed.

          • Ubuntu 19.10: Complete Screenshot Tour

            Wondering what the Ubuntu 19.10 release will look like? I’ve put together a screenshot tour to illustrate the changes and new features it brings.

            Part spoiler, part pre-install prep; if sampling the Eoan Ermine through the medium of compressed .jpeg sounds like your thing, you’ve landed in the right place!

            Remember: you can upgrade to Ubuntu 19.10 from 19.04 directly, but not if you’re on 18.04 LTS. If you’re on the LTS you’ll need to wait and upgrade to Ubuntu 20.04 LTS in April of next year.

          • There’s an Ubuntu 19.10 Release Party in London, Tomorrow

            Ubuntu 19.10 is released tomorrow and to mark the occasion some folks at Canonical have found a small London pub in which they plan to congregate and celebrate the Eoan Ermine’s emergence into the world at large, with the Ubuntu community at large!

            Yes, that includes you; whatever your interest in Ubuntu, if you fancy supping over-priced beverages with like-minded folk then this is the event for you.

            And, just to sweeten the deal, the first couple of lucky bucks to join the event will snag themselves an party bag full* of Ubuntu swag (expect pens and sticker, not an Orange Box though).

          • Ubuntu 19.10 Release Date, Major Updates Revealed

            Ubuntu 19.10 development is almost complete. One of the biggest changes in Ubuntu 19.10 is the decision to include NVIDIA drivers on the ISO install image. So, this is going to make things easier for Ubuntu users who have NVIDIA hardware to install the proprietary drives for their graphics card alongside the system.

            The other big change in the release is support for installing Ubuntu using the ZFS file system. The film system is considered to be experimental. Ubuntu is the first desktop Linux distro to offer native support for ZFS out of the box.

            Ubuntu developers have worked really hard to make sure that the distro has a working 32-but userspace for legacy apps and software, including Steam and WINE. It also contains the best GNOME 3.34 features. Now, it is possible to drag and drop applications in the Application Overview in order to create app folders. There is also a refreshed set of the main apps that include Document Scanner, Todo, and Files.

          • Freespire 5.0 Linux OS Is Out with Linux Kernel 5.0, Based on Ubuntu 18.04.3 LTS

            Based on the latest Ubuntu 18.04.3 LTS operating system, Freespire 5.0 is here to respond to users' accusations of a bloated system. Freespire doesn't aim to become a bloatware, so Freespire 5.0 only ships with the best-of-breed apps and packages and nothing else.

            Among these, we can mention the KDE Plasma 5.12.9 LTS desktop environment, Chromium 77 web browser, Calligra office suite, Amarok music player, DragonPlayer video player, KolourPaint paint software, Kpatience and DreamChess games, Ice 6.0.4 browser installer, as well as Synaptic Package Manager, Boot Repair, and Kamerka.

          • Ansible vs Terraform vs Juju: Fight or cooperation?

            Ansible vs Terraform vs Juju vs Chef vs SaltStack vs Puppet vs CloudFormation – there are so many tools available out there. What are these tools? Do I need all of them? Are they fighting with each other or cooperating?

            The answer is not really straightforward. It usually depends on your needs and the particular use case. While some of these tools (Ansible, Chef, StaltStack, Puppet) are pure configuration management solutions, the others (Juju, Terraform, CloudFormation) focus more on services orchestration. For the purpose of this blog, we’re going to focus on Ansible vs Terraform vs Juju comparison – the three major players which have dominated the market.

            [...]

            Contrary to both Ansible and Terraform, Juju is an application modelling tool, developed and maintained by Canonical. You can use it to model and automate deployments of even very complex environments consisting of various interconnected applications. Examples of such environments include OpenStack, Kubernetes or Ceph clusters. Apart from the initial deployment, you can also use Juju to orchestrate deployed services too. Thanks to Juju you can backup, upgrade or scale-out your applications as easily as executing a single command.

            Like Terraform, Juju uses a declarative approach, but it brings it beyond the providers up to the applications layer. You can not only declare a number of machines to be deployed or number of application units, but also configuration options for deployed applications, relations between them, etc. Juju takes care of the rest of the job. This allows you to focus on shaping your application instead of struggling with the exact routines and recipes for deploying them. Forget the “How?” and focus on the “What?”.

      • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Open source interior design with Sweet Home 3D

        Historically, I practiced the little-known fourth principle: don't have furniture. However, since I became a remote worker, I've found that a home office needs conveniences like a desk and a chair, a bookshelf for reference books and tech manuals, and so on. Therefore, I have been formulating a plan to populate my living and working space with actual furniture, made of actual wood rather than milk crates (or glue and sawdust, for that matter), with an emphasis on plan. The last thing I want is to bring home a great find from a garage sale to discover that it doesn't fit through the door or that it's oversized compared to another item of furniture.

      • Web Browsers

        • Chromium

          • The top 5 alternatives to Google Chrome

            Google Chrome is the most popular web browser on the market. It provides a user-friendly, easy-to-use interface, with a simple appearance featuring a combined address and search bar with a small space for extensions.

            Chrome also offers excellent interconnectivity on different devices and easy syncing that means that once a user installs the browser on different devices, all their settings, bookmarks and search history come along with it. Virtually all a user does on Google chrome is backed up to Google Cloud.

            Chrome also offers easy connectivity to other Google products, such as Docs, Drive, and YouTube via an “Apps” menu on the bookmarks bar, located just below the address/search bar. Google Translate, one of the best translation applications currently available on the internet, is also included.

      • Linux Foundation

        • Databricks brings its Delta Lake project to the Linux Foundation

          Databricks, the big data analytics service founded by the original developers of Apache Spark, today announced that it is bringing its Delta Lake open-source project for building data lakes to the Linux Foundation and under an open governance model. The company announced the launch of Delta Lake earlier this year and even though it’s still a relatively new project, it has already been adopted by many organizations and has found backing from companies like Intel, Alibaba and Booz Allen Hamilton.

          “In 2013, we had a small project where we added SQL to Spark at Databricks […] and donated it to the Apache Foundation,” Databricks CEO and co-founder Ali Ghodsi told me. “Over the years, slowly people have changed how they actually leverage Spark and only in the last year or so it really started to dawn upon us that there’s a new pattern that’s emerging and Spark is being used in a completely different way than maybe we had planned initially.”

          This pattern, he said, is that companies are taking all of their data and putting it into data lakes and then do a couple of things with this data, machine learning and data science being the obvious ones. But they are also doing things that are more traditionally associated with data warehouses, like business intelligence and reporting. The term Ghodsi uses for this kind of usage is ‘Lake House.’ More and more, Databricks is seeing that Spark is being used for this purpose and not just to replace Hadoop and doing ETL (extract, transform, load). “This kind of Lake House patterns we’ve seen emerge more and more and we wanted to double down on it.”

        • The Delta Lake Project Turns to Linux Foundation to Become the Open Standard for Data Lakes

          Amsterdam and San Francisco, October 16, 2019 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced that it will host Delta Lake, a project focusing on improving the reliability, quality and performance of data lakes. Delta Lake, announced by Databricks earlier this year, has been adopted by thousands of organizations and has a thriving ecosystem of supporters, including Intel, Alibaba and Booz Allen Hamilton. To further drive adoption and contributions, Delta Lake will become a Linux Foundation project and use an open governance model.

          Every organization aspires to get more value from data through data science, machine learning and analytics, but they are massively hindered by the lack of data reliability within data lakes. Delta Lake addresses data reliability challenges by making transactions ACID compliant enabling concurrent reads and writes. Its schema enforcement capability helps to ensure that the data lake is free of corrupt and not-conformant data. Since its launch in October 2017, Delta Lake has been adopted by over 4,000 organizations and processes over two exabytes of data each month.

      • SaaS/Back End/Databases

        • syslog-ng in two words at One Identity UNITE: reduce and simplify

          UNITE is the partner and user conference of One Identity, the company behind syslog-ng. This time the conference took place in Phoenix, Arizona where I talked to a number of American business customers and partners about syslog-ng. They were really enthusiastic about syslog-ng and emphasized two major reasons why they use syslog-ng or plan to introduce it to their infrastructure: syslog-ng allows them to reduce the log data volume and greatly simplify their infrastructure by introducing a separate log management layer.

          [...]

          When you collect log messages to a central location using syslog-ng, you can archive all of the messages there. If you add a new log analysis application to your infrastructure, you can just point syslog-ng at it and forward the necessary subset of log data there.

          Life at both security and operations in your environment becomes easier, as there is only a single software to check for security problems and distribute on your systems instead of many.

      • CMS

        • Drupal shows leadership on diversity and inclusion

          Drupal is far from alone among open source communities with a diversity gap, and I think it deserves a lot of credit for tackling these issues head-on. Diversity and inclusion is a much broader topic than most of us realize. Before I read DDI's August newsletter, the history of indigenous people in my community was something that I hadn't really thought about before. Thanks to DDI's project, I'm not only aware of the people who lived in Maryland long before me, but I've come to appreciate and respect what they brought to this land.

          I encourage you to learn about the native people in your homeland and record their history in DDI's Land Acknowledgements blog. If you're a member of another open source project, consider replicating this project there. The more we know about people who differ from us, the more we respect and appreciate our collective roles as members of the human race.

      • Pseudo-Open Source (Openwashing)

        • Google unplugs AMP, hooks it into OpenJS Foundation after critics turn up the volume [Ed: Microsoft Tim on Google passing a bunch of EEE to a foundation headed by a Microsoft ‘mole’, 'open'JS ]

          AMP – which originally stood for Accelerated Mobile Pages though not any more – was launched in 2015, ostensibly to speed up page loading on smartphones. The technology includes AMP HTML, which is a set of performance-optimized web components, and the AMP Cache, which serves validated AMP pages. Most AMP pages are served by Google’s AMP Cache.

      • Openness/Sharing/Collaboration

        • Open Hardware/Modding

          • i2c clock : DS3231

            Like any clock, the DS3231 must be set at the 1st start. The registers listed in Figure 4 are accessible for reading and writing. This allows us to program the exact time and date at the time of initialization. Then the DS3231 operates autonomously, with leap years up to 2100 ;-) To compensate for the power failure, a CR1220 battery can be added to the back of the Adafruit ADA3013.

          • CHIPS Alliance Growth Continues With New Members and Design Workshop this November
          • CHIPS Alliance growth continues with new members and design workshop this November

            CHIPS Alliance, the leading consortium advancing common, open hardware for interfaces, processors and systems, today announced Codasip GmbH and Munich University of Applied Science have joined the CHIPS Alliance. In addition, on November 14–15, CHIPS Alliance will be joining the university for a workshop on open source design verification.

            CHIPS Alliance is a project hosted by the Linux Foundation to foster a collaborative environment to accelerate the creation and deployment of open SoCs, peripherals and software tools for use in mobile, computing, consumer electronics, and Internet of Things (IoT) applications. The CHIPS Alliance project develops high-quality open source Register Transfer Level (RTL) code relevant to the design of open source CPUs, RISC-V-based SoCs, and complex peripherals for Field Programmable Gate Arrays (FPGAs) and custom silicon.

            Codasip is a leading supplier of configurable RISC-V€® embedded processor IP. Codasip provides a portfolio of various RISC-V implementations along with a suite of processor developers tools to allow for rapid core customization, and will contribute to working groups on verification platforms and open cores.

            “Codasip has years of processor development experience and has shown its dedication to open platforms by its contributions to open source compiler and compliance projects. We welcome their participation in the CHIPS Alliance to facilitate the adoption of open architectures,” said Zvonimir Bandić, senior director of next-generation platforms architecture at Western Digital and Chairman, CHIPS Alliance.

      • Programming/Development

        • Test and Code: 91: Python 3.8 - what's new

          Python 3.8.0 final is live and ready to download.

          On todays episode, we're going to run through what's new, picking out the bits that I think are the most interesting and affect the most people, including

          new language features standard library changes optimizations in 3.8 porting to 3.8

        • Fedora 30 : News about python 3.8.0 and install on Linux.
        • Python 3.8 is now available with walrus operator, positional-only parameters support for Vectorcall, and more

          Python 3.8 has a new walrus operator := that assigns values to variables as part of a larger expression. It is useful when matching regular expressions where match objects are needed twice. It can also be used with while-loops that compute a value to test loop termination and then need that same value again in the body of the loop. It can also be used in list comprehensions where a value computed in a filtering condition is also needed in the expression body.

          The walrus operator was proposed in PEP 572 (Assignment Expressions) by Chris Angelico, Tim Peters, and Guido van Rossum last year. Since then it has been heavily discussed in the Python community with many questioning whether it is a needed improvement. Others are excited as the operator does make the code more readable.

          One user commented on HN, “The “walrus operator” will occasionally be useful, but I doubt I will find many effective uses for it. Same with the forced positional/keyword arguments and the “self-documenting” f-string expressions. Even when they have a use, it’s usually just to save one line of code or a few extra characters.”

        • Chemists bitten by Python scripts: How different OSes produced different results during test number-crunching

          Chemistry boffins at the University of Hawaii have found, rather disturbingly, that different computer operating systems running a particular set of Python scripts used for their research can produce different results when running the same code.

          In a research paper published last week in the academic journal Organic Letters, chemists Jayanti Bhandari Neupane, Ram Neupane, Yuheng Luo, Wesley Yoshida, Rui Sun, and Philip Williams describe their efforts to verify an experiment involving cyanobacteria, better known as blue-green algae.

          Williams, associate chair and professor in the department of chemistry at the University of Hawaii at Manoa, said in a phone interview with The Register on Monday this week that his group was looking at secondary metabolites, like penicillin, that can be used to treat cancer or Alzheimer's.

        • Chemists discover cross-platform Python scripts not so cross-platform

          In a paper published October 8, researchers at the University of Hawaii found that a programming error in a set of Python scripts commonly used for computational analysis of chemistry data returned varying results based on which operating system they were run on—throwing doubt on the results of more than 150 published chemistry studies. While trying to analyze results from an experiment involving cyanobacteria, the researchers—Jayanti Bhandari Neupane, Ram Neupane, Yuheng Luo, Wesley Yoshida, Rui Sun, and Philip Williams—discovered significant variations in results run against the same nuclear magnetic resonance spectroscopy (NMR) data.

          The scripts, called the "Willoughby-Hoye" scripts after their authors—Patrick Willoughby and Thomas Hoye of the University of Minnesota—were found to return correct results on macOS Mavericks and Windows 10. But on macOS Mojave and Ubuntu, the results were off by nearly a full percent.

        • Sending Emails in Python — Tutorial with Code Examples

          What do you need to send an email with Python? Some basic programming and web knowledge along with the elementary Python skills. I assume you’ve already had a web app built with this language and now you need to extend its functionality with notifications or other emails sending.

          [...]

          Sending multiple emails to different recipients and making them personal is the special thing about emails in Python.

          To add several more recipients, you can just type their addresses in separated by a comma, add Cc and Bcc. But if you work with a bulk email sending, Python will save you with loops.

          One of the options is to create a database in a CSV format (we assume it is saved to the same folder as your Python script).

          We often see our names in transactional or even promotional examples. Here is how we can make it with Python.

        • Binning Data with Pandas qcut and cut

          When dealing with continuous numeric data, it is often helpful to bin the data into multiple buckets for further analysis. There are several different terms for binning including bucketing, discrete binning, discretization or quantization. Pandas supports these approaches using the cut and qcut functions. This article will briefly describe why you may want to bin your data and how to use the pandas functions to convert continuous data to a set of discrete buckets. Like many pandas functions, cut and qcut may seem simple but there is a lot of capability packed into those functions. Even for more experience users, I think you will learn a couple of tricks that will be useful for your own analysis.

          [...]

          The concept of breaking continuous values into discrete bins is relatively straightforward to understand and is a useful concept in real world analysis. Fortunately, pandas provides the cut and qcut functions to make this as simple or complex as you need it to be. I hope this article proves useful in understanding these pandas functions. Please feel free to comment below if you have any questions.

        • Analysing music habits with Spotify API and Python

          I’m using Spotify since 2013 as the main source of music, and back at that time the app automatically created a playlist for songs that I liked from artists’ radios. By innertion I’m still using the playlist to save songs that I like. As the playlist became a bit big and a bit old (6 years, huh), I’ve decided to try to analyze it.

        • Python IDEs and Code Editors

          A code editor is a tool that is used to write and edit code. They are usually lightweight and can be great for learning. However, once your program gets larger, you need to test and debug your code, that's where IDEs come in.

          An IDE (Integrated Development Environment) understand your code much better than a text editor. It usually provides features such as build automation, code linting, testing and debugging. This can significantly speed up your work. The downside is that IDEs can be complicated to use.

        • Announcing Anaconda Distribution 2019.10

          As there were some significant changes in the previous Anaconda Distribution 2019.07 installers, this release focuses on polishing up rough edges in that release and bringing all the packages up to date with the latest available in repo.anaconda.com. This means many key packages are updated including Numpy, Scipy, Scikit-Learn, Matplotlib, Pandas, Jupyter Notebook, and many more. As many of the package updates have addressed Common Vulnerabilities and Exposures (CVEs), it is important to update to the latest.

          Another key change since the last release is that Apple released macOS version 10.15 – Catalina. Unfortunately, this was a breaking release for previous versions of Anaconda that used the pkg installer. The Anaconda Distribution 2019.10 installers address the issues and should install without trouble on macOS Catalina. If you would rather repair your current Anaconda installation, please check out this blog post for tips.

        • Apple's Numbers and the All-in-One CSV export

          The hierarchical form requires a number of generator functions for Sheet-from-CSV, Table-from-CSV, and Row-from-CSV. Each of these works with a single underlying iterator over the source file and a fairly complex hand-off of state. If we only use the sheet iterator, the tables and rows are skipped. If we use the table within a sheet, the first table name comes from the header that started a sheet; the table names come from distinct headers until the sheet name changes.

          The table-within-sheet iteration is very tricky. The first table is a simple yield of information gathered by the sheet iterator. Any subsequent tables, however, may be based one one of two conditions: either no rows have been consumed, in which case the table iterator consumes (and ignores) rows; or, all the rows of the table have been consumed and the current row is another "sheet: table" header.

        • Formatting NFL data for doing data science with Python

          No matter what medium of content you consume these days (podcasts, articles, tweets, etc.), you'll probably come across some reference to data. Whether it's to back up a talking point or put a meta-view on how data is everywhere, data and its analysis are in high demand.

          As a programmer, I've found data science to be more comparable to wizardry than an exact science. I've coveted the ability to get ahold of raw data and glean something useful and concrete from it. What a useful talent!

        • Sony Pushes More AMD Jaguar Optimizations To Upstream LLVM 10 Compiler

          Sony engineers working on the PlayStation compiler toolchain continue upstreaming various improvements to the LLVM source tree for helping the AMD APUs powering their latest game console.

          Several times now we've pointed out Sony engineers contributing AMD "btver2" improvements to upstream LLVM with the company using LLVM/Clang as their default code compiler and the PlayStation 4 relying on a Jaguar APU.

        • [llvm-dev] GitHub Migration Schedule and Plans
          Hi,
          
          

          We're less than 2 weeks away from the developer meeting, so I wanted to give an update on the GitHub migration and what's (hopefully) going to happen during the developer meeting.

          Everyone who has added their information to the github-usernames.txt file in SVN before today should have received an invite to become a collaborator on the llvm-project repository. If you did not receive an invite and think you should have, please contact me off-list. I will continue to monitor the file for new updates and periodically send out new batches of invites.

          There is still some ongoing work to get the buildbots ready and the mailing lists ready, but we are optimistic that the work will be done in time.

          The team at GitHub has finished implementing the "Require Linear History" branch protection that we requested. The feature is in beta and currently enabled in the llvm-project repository. This means that we will have the option to commit directly via git, in addition to using the git-llvm script. A patch that updates git-llvm to push to git instead of svn can be found here: https://reviews.llvm.org/D67772. You should be able to test it out on your own fork of the llvm-project repository.

          The current plan is to begin the final migration steps on the evening (PDT) of October 21. Here is what will happen:

          1. Make SVN read-only. 2. Turn-off the SVN->git update process. 3. Commit the new git-llvm script directly to github. 4. Grant all contributors write access to the repository. 5. Email lists announcing that the migration is complete.

          Once the migration is complete, if you run into any issues, please file a bug, and mark it as a blocker for the github metabug PR39393.

          If you have any questions or think I am missing something, please let me know.

          Thanks, Tom

        • LLVM Plans To Switch From Its SVN To Git Workflow Next Week

          On 21 October they plan to make LLVM's SVN repository read-only and finish their git-llvm script to bring all the changes into Git, and then allow developers to begin contributing to the LLVM GitHub project as the new official source repository.

        • Excellent Free Books to Learn Erlang

          Erlang is a general-purpose, concurrent, declarative, functional programming language and runtime environment developed by Ericsson, a Swedish multinational provider of communications technology and services. Erlang is dynamically typed and has a pattern matching syntax. The language solves difficult problems inherent in parallel, concurrent environments. It uses sets of parallel supervised processes, not a single sequential process as found in most programming languages.

          Erlang was created in 1986 at the Ellemtel Telecommunication Systems Laboratories for telecommunication systems. The objective was to build a simple and efficient programming language resilient large-scale concurrent industrial applications.

          Besides telecommunication systems and applications and other large industrial real-time systems, Erlang is particularly suitable for servers for internet applications, e-commerce, and networked database applications. The versatility of the language is, in part, due to its extensive collection of libraries.

        • Predicting NFL play outcomes with Python and data science

          If you made through part 1, congrats! You have the patience it takes to format data. In that article, I cleaned up my National Football League data set using a few Python libraries and some basic football knowledge. Picking up where I left off, it's time to take a closer look at my data set.

  • Leftovers

    • Health/Nutrition

      • US: Rolling Back Coal Ash Rules Threatens Health

        The United States Environmental Protection Agency’s proposal to significantly weaken rules governing coal ash, a toxic byproduct of burning coal, poses a serious threat to public health and will make air and water pollution worse, Human Rights Watch said today in a submission opposing the proposed changes.

    • Security (Confidentiality/Integrity/Availabilitiy)

      • Google USB-C Titan Security Keys Begin Shipping Tomorrow

        Google announced their new USB-C Titan Security Key will begin shipping tomorrow for offering two-factor authentication support with not only Android devices but all the major operating systems as well.

        The USB-C Titan Security Key is being manufactured by well known 2FA key provider Yubico. This new security key is using the same chip and firmware currently used by Google's existing USB-A/NFC and Bluetooth/NFC/USB Titan Security Key models.

      • One of Linux's most important commands had a glaring security flaw
      • Security Flaw in Sudo allows Users to Run Commands on Linux Systems

        Security researchers discovered a security bypass vulnerability in one of the most widely used Linux commands, the Sudo.

        According to researcher Joe Vennix, who discovered the vulnerability, the Sudo security bypass flaw can allow a malicious user to run random commands as root on a targeted Linux system. The researcher stated the vulnerability, named as CVE-2019-14287, works even when the Sudoers configuration forbids root access.

        Sudo, which stands for Superuser Do, is one of the most important and commonly used utilities that comes as a core command, installed on almost every UNIX and Linux-based operating system.

      • Sudo Vulnerability

        ‘sudo’ is one of the most useful Linux/UNIX commands that allows users without root privileges to manage administrative tasks. However, a new vulnerability was discovered in sudo package that gives users root privileges.

        “When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” according to the sudo advisory.

      • Big security flaw in Linux sudo command

        Apple security researcher Joe Vennix has found a security bug in the important sudo command in Linux.

        The sudo command, which is short for “super user do”, is widely used in various Linux distributions to separate administrator-level permissions from ordinary system users.

        When installing programs, for instance, you would typically use the sudo command. Using sudo in front of any command or program causes it to be run as the administrator, or “root” user.

      • Linux/Unix exploit allows some restricted commands to be run as root without clearance

        The 'sudo' keyword in Unix and Linux allows users to execute certain commands with special-access privileges that cannot otherwise run on a given machine by a user with a lower level of clearance. Unsurprisingly, it is one of the most important commands in the entire Linux/Unix ecosystem, one that can substantially compromise the device's security if it is exploited.

        One such exploit/bug was discovered by Joe Vennix from Apple Information Security. The vulnerability has been titled CVE-2019-14287 in the Common Vulnerabilities and Exposure database. As stated before, 'sudo' lets you run commands that cannot otherwise be run by normal users on the machine. With CVE-2019-14287, you could circumvent this by simply changing the user ID to -1 or 4294967295 with the 'sudo' command. That means that by spoofing their identity, any user could execute restricted commands on the machine.

      • Security updates for Wednesday

        Security updates have been issued by Debian (apache2 and unbound), Fedora (opendmarc, runc, and sudo), openSUSE (epiphany, GraphicsMagick, and libopenmpt), Oracle (kernel and sudo), Red Hat (java-1.8.0-openjdk, jss, kernel, kernel-rt, and kpatch-patch), SUSE (crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer, libpcap, sudo, and tcpdump), and Ubuntu (aspell and libsdl1.2).

      • Cybersecurity Awareness Month: Increasing our self-awareness so we can improve security

        October has been National Cybersecurity Awareness Month since 2004. According to staysafeonline.org, this initiative was started by the National Cybersecurity Alliance and the US Department of Homeland Security to help all Americans stay safe and secure when online. This month is usually marked with a significant uptick in cybersecurity outreach and training. It’s also the one month of the year when you can get a significant amount of cybersecurity swag such as webcam covers, mugs, and pens. This event has an outward focus to raise awareness of security globally,

        Many other events have come into existence along with this. For example, there are numerous electronics recycling events that now occur in October where people can securely dispose of their old computers. Some municipalities have extended this to include safe disposal of old prescription medications, paints, and other hazardous materials.

        Recent events in the greater technology community, specifically the resignation of Richard Stallman from both MIT and the Free Software Foundation, have become character foils that show us that while we have come a long way, we still have a long way ahead of us to improve.

      • Michael Tremer/IPFire: On quadrupling throughput of our Quality of Service

        There have been improvements to our Quality of Service (or QoS) which have made me very excited.

        Our QoS sometimes was a bottleneck. Enabling it could cut your bandwidth in half if you were unlucky. That normally was not a problem for larger users of IPFire, because if you are running a 1 Gigabit/s connection, you would not need any QoS in the first place, or your hardware was fast enough to handle the extra load.

        For the smaller users this was, however, becoming more and more of a problem. Smaller systems like the IPFire Mini Appliance are designed to be small (the clue is in the name) and to be very energy-efficient. And they are. They are popular with users with a standard DSL connection of up to 100 Megabit/s which is very common in Germany. You have nothing to worry about here. But if you are lucky to have a faster Internet connection, then this hardware and others that we have sold before might be running out of steam. There is only so much you can get out of them.

      • The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up [Ed: Windows]

        The City of Baltimore was hit with a ransomware attack in May of this year. Criminals using remodeled and rebranded NSA exploits (EternalBlue) knocked out a "majority" of the city's servers and crippled many of its applications. More details didn't surface until September when the city's government began reshuffling the budget to cover the expenses of recovering from the attack.

    • Defence/Aggression

      • Trump and Erdogan 'Just Got Played' by Putin Says Terrorism Expert, As Kurds in Syria Strike Deal With Russia and Bashar al-Assad

        In response to a tweet that suggested America was played as well, Smith said: "America did not get played. Trump did."

        [...]

        "This is a game of optics and what Putin has done is made Erdogan and Trump look like clowns."

      • Turks rally around Erdogan’s war against Syria’s Kurds

        Aside from Turkey’s biggest Kurdish party, known as the HDP, few people have opposed the offensive or expressed any sympathy with its victims. Those who do so risk ending up behind bars. In the past week at least 121 people have been detained on terrorist charges for social-media posts critical of the invasion. “People who classify this as a war”, as opposed to a counter-terrorism operation, Turkey’s interior minister, Suleyman Soylu, has said, “are committing treason.” Three opposition MPs have been placed under investigation. The HDP’s former leaders, including a former presidential contender, Selahattin Demirtas, have been in prison since 2016.

      • Erdogan says Turkey will never declare ceasefire in northern Syria

        Syrian army deployments into Kurdish-held territory mark a victory for Assad and Russia, giving them a foothold in the biggest remaining swathe of Syria that had been beyond their grasp through much of its eight-year-old war.

      • For many US military vets, the offensive against the Kurds is personal

        Kurdish fighters have served alongside US military personnel for decades. The withdrawal of US troops from northern Syria is bringing back memories for American military veterans.

    • Transparency/Investigative Reporting

    • Environment

      • 5th person in Michigan dies of EEE mosquito virus. Risk still high despite frost advisory

        This has been a record-breaking year for the EEE virus in Michigan and around the country. In an average year, there are seven cases of the virus nationally, according to the U.S. Centers for Disease Control and Prevention. This year, there have been at least 35.

        In addition to the 10 human cases in Michigan, the CDC is reporting 12 human cases in Massachusetts; three in Rhode Island; four in Connecticut; three in New Jersey; and one case each in Tennessee and North Carolina.

      • Melting Permafrost Imperils Arctic Residents

        When Holmén first arrived here some 30 years ago, the ground thawed to a maximum depth of 1 meter in the summer. Now the measurements show thaws of up to 1.7 meters. Similar things are happening in other parts of the Arctic as well.

        Holmén has studied polar climates his entire life -- in Siberia, in Greenland and in far-off Antarctica and is well-versed in the problem presented by the thaw. Twenty-four percent of the land mass in the northern hemisphere has a more or less frozen soil, an area larger than all of Russia. That permafrost stores up to 1.6 billion tons of carbon in the form of dead trees, dead animals or withered grass -- about twice as much carbon as is currently found in the atmosphere today.

      • US green economy has 10 times more jobs than the fossil fuel industry

        The fossil fuel sector, from coal mines to gas power plants, employed around 900,000 people in the US in 2015-16, government figures show. But Lucien Georgeson and Mark Maslin at University College London found that over the same period this was vastly outweighed by the green economy, which provided nearly 9.5 million jobs, or 4 per cent of the working age population. The pair defined the green economy broadly, covering everything from renewable energy to environmental consultancy.

        Their analysis showed the green economy is worth $1.3 trillion, or about 7 per cent of US GDP.

      • The William Perry Pendley Rehabilitation Tour
      • Vineyards battle to keep the Champagne cool

        As rising temperatures threaten the vines that produce Champagne, concerned growers are fighting to adapt to the very real threat of climate change.

      • Wildlife/Nature

        • Orangutans Can Play The Kazoo, And It's Changing Our Knowledge of How Speech Evolved

          In our study, some of the orangutans activated the kazoo within minutes, producing sounds of varying pitches and durations in response to kazoo demonstrations by the human experimenters.

          The speed with which these orangutans changed the quality of their voices shows that they were producing the sounds at will, rather than through training – which, as any dog trainer will reassert, requires months of reflex building and conditioning.

          These findings show that orangutan voice control lags not far behind that of humans. They confirm that the vocal abilities of great apes have been largely underestimated.

    • Finance

      • Media Smears, Political Persecution Set the Stage for Austerity and the Backlash Against It in Ecuador
      • The Problem With Partnerships and Roundtables

        When the laws regulating forest practices, endangered species, clean air and water were put on the books, it was well before the 1990s when our society became enthralled with neoliberalism that elevated economic utility and job creation above all in matters of public policy. Public resource managers now face local political pressure to base every decision on its financial impact to the local economy. During the last 25 years, public land managers have developed a “creative” new approach to administering laws which give local communities a voice and even quasi-control over land-use decisions through an array of public-private partnerships, roundtables and stewardship agreements. In all these partnerships, agencies seek to find local environmental representatives to represent the public view in these processes.

      • UK: No-Deal Brexit Risks Hunger for Poorest

        If the€ United Kingdom€ leaves the European Union without a withdrawal agreement, it will seriously threaten people’s ability to access and receive adequate food, including families with children, Human Rights Watch said today. While intense negotiations between the UK and the rest of the EU are ongoing, if no agreement is reached or extension agreed upon by October 31, 2019, the UK will leave the EU without a deal.

    • AstroTurf/Lobbying/Politics

      • Why Bother Protesting When the President Doesn’t Care?

        In the age of Trump, protesters once again face a president who claims to be impervious to criticism and responsive only to his far-right base, though he may more accurately be characterized as thin-skinned and reactive. Attention to the conditions of his Republican predecessor’s undoing—and the role of public protest in forming those conditions—has therefore taken on new relevance.

      • Amazon Pledges $1 Million More in Heated Seattle Elections

        Amazon’s latest commitment makes the company the biggest spender so far this election cycle, according to CASE, topping the $855,000 spent by a group affiliated with the Service Employees International Union. mazon this year has also hosted and sponsored city council candidate forums, and contributed $400,000 to a campaign to defeat a ballot measure that would cut Washington state car-tab taxes at the expense of transportation projects.

      • Bad Faith Negotiation

        I seldom comment on Brexit, largely because I neither see leaving the EU as a panacea nor the EU itself as a Utopia, and am alienated by the over-extravagant passions and claims on both sides. In addition to that, the FCO is largely excluded from Brexit negotiations, being perceived by the Tories as a nest of remainers, so I seldom get any interesting information fed to me by ex-colleagues.

      • Listen to Conference-Goers at Trump Resort Chant for “War!”

        On Sunday, news broke that a video of a fake President Donald Trump massacring journalists and others had been shown during a conference at one of the president’s resorts last week.

        The video was swiftly condemned by the White House, the organizers of the pro-Trump conference, as well as Donald Trump Jr. and Sarah Huckabee Sanders, who both spoke at the event.

      • Update: We Found a “Staggering” 281 Lobbyists Who’ve Worked in the Trump Administration

        At the halfway mark of President Donald Trump’s first term, his administration has hired a lobbyist for every 14 political appointments made, welcoming a total of 281 lobbyists on board, a ProPublica and Columbia Journalism Investigations analysis shows.

        With a combination of weakened rules and loose enforcement easing the transition to government and back to K Street, Trump’s swamp is anything but drained. The number of lobbyists who have served in government jobs is four times more than the Obama administration had six years into office. And former lobbyists serving Trump are often involved in regulating the industries they worked for.

      • UN: Defeat Venezuela in Human Rights Council Election

        Several candidates vying for seats on the United Nations Human Rights Council have problematic rights records, and UN member states should not vote for Venezuela.

    • Censorship/Free Speech

      • Elizabeth Warren's Feud With Facebook Over 'False' Ads Just Highlights The Impossibility Of Content Moderation At Scale

        You may have heard over the past few days about a bit of a feud between Presidential candidates -- mainly Elizabeth Warren -- and Facebook about how the company handles political ads with false information. It began a week or so ago when the Trump campaign started running a bunch of Facebook ads around impeachment, some of which were blatantly false, based on totally debunked claims. Facebook, however, just recently clarified its policy, noting that while it will block ads that its partner fact-checkers have determined to be untrue, that does not apply directly to political candidate ads themselves:

      • Blizzard's Face Plant Creates Marketing Opportunity For Companies With A Spine

        Blizzard's decision to pander to the Chinese government is a PR headache that simply isn't going away. Last week, games giant Blizzard stepped in a minefield when it severely punished a Hearthstone player for supporting the protests in Hong Kong during a championship live stream. The reaction was swift, justified, and severe, with everyone from gamers to Blizzard employees accusing the company of prioritizing profits over principles.

      • Thanks Blizzard: Riot Games Forced To Let Everyone Know They're Allowed To Use Hong Kong's LoL Team's Name

        The fallout from Blizzard's heavy-handed move on a professional Hearthstone player for voicing support for the ongoing Hong Kong protests on a livestream, which included ripping away prize money and issuing a 1 year ban on competing, continues to blaze. But while most of the backlash has been directed solely at Blizzard, the company's actions are having a ripple effect across the eSports landscape.

      • Tunisia: Prosecutions for Online Commentary

        (Tunis) – Tunisian authorities are using laws on criminal defamation, “spreading false information,” and “harming others via public telecommunications networks” to prosecute people for their online commentary, Human Rights Watch said today. €  € 

    • Civil Rights/Policing

      • Ethiopia’s Abiy Ahmed Wins Nobel Peace Prize, But It Takes Two to Make Peace

        Ethiopian Prime Minister Abiy Ahmed has been awarded the 2019 Nobel Prize for Peace which begs the question, if it takes two sides to fight a war doesn’t it take two sides to make peace? Just as it takes two hands to clap it takes two to make peace and P.M. Abiy has taken pains to give credit where credit is due, that Eritrea President Issias Aferwerki, his partner in the peace process was the leader in this process. Abiy said it unequivocally on July 8, 2018 at the end of his speech welcoming Issias for the first time to Addis Ababa, stating that “Issias is leading us”.

      • Citizens Must Remove Trump From Office

        Familiarize yourself with the hashtag #OutNow, it is refusefacism.org’s message: “In the name of humanity we refuse to accept a fascist America!” Their goal is seeing the Trump/Pence regime gone—now. The protests in Los Angeles and New York to be held on October 19th will showcase this necessary cause—there is no higher form of patriotism than protest and dissent against politicians and policies that harm humans and our environment—and no cause more noble than the effort to save humanity from the most corrupt Whitehouse administration in history.

      • Cop Peforming A Welfare Check Kills Woman By Shooting Her Through Her Own Backyard Window

        I'm really not sure what to tell anyone at this point. None of this works.

      • Kenya: Film Festival Features Activists’ Struggles

        The seventh edition of the Human Rights Watch Nairobi Film Festival will showcase 5 films at various locations in the city between October 15 and 18, 2019. Each film will be followed by a panel discussion about human rights activism.

      • Uganda: Brutal Killing of Gay Activist

        Ugandan authorities should thoroughly investigate the fatal attack on October 4, 2019 on an activist for the rights of lesbian, gay, bisexual, and transgender (LGBT) people.

      • Mauritania: Take Key Steps for Women’s Rights

        Mauritania’s President Mohamed Ould Ghazouani should prioritize women’s rights during his administration, Human Rights Watch said today in a letter to the new president. In particular, he should take steps to reduce the high incidence of gender-based violence and ensure that victims have access to justice.€ 

      • Australia: Older People in Aged Care Drugged Up

        When older people are silenced by drugs rather than given person-centered support, it risks their health and insults their humanity. Older people with dementia need an understanding helping hand, not a pill.

      • West Africa’s #SexForGrades Scandal Epitomizes Global Plight

        A hard-hitting BBC television€ documentary, Sex for Grades, has uncovered rampant sexual abuse, harassment, and bullying of students at two prestigious universities in€ Nigeria€ and€ Ghana, and launched what will hopefully be a new movement.€ € 

    • Internet Policy/Net Neutrality

      • Wireless Industry Is Trying To Hide Where 5G Is Actually Available

        Buried underneath the blistering hype surrounding fifth-generation (5G) wireless is a quiet but growing consensus: the technology is being over-hyped, and early incarnations were rushed to market in a way that prioritized marketing over substance. That's not to say that 5G won't be a good thing when it arrives at scale several years from now, but early offerings have been almost comical in their shortcomings. AT&T has repeatedly lied about 5G availability by pretending its 4G network is 5G. Verizon has repeatedly hyped early non-standard launches that, when reviewers actually got to take a look, were found to be barely available.

    • Monopolies

      • Patents and Software Patents

        • USITC investigates HTC smart devices

          The US International Trade Commission (USITC) has instituted an investigation into certain devices sold by HTC.

          In an announcement on Friday, October 11, the USITC said it had launched an investigation following a patent infringement complaint by non-practising entity Innovation Sciences.

          The complaint, filed in August, alleged that the importation and sale of certain wireless communication devices by HTC violate the country’s Tariff Act 1930.

          It claims that a number of HTC products, including smartphones, smart home devices and video cameras infringe two of its patents (US patent numbers 10,136,179 and 10,104,425).

          Both patents cover a “method and system for efficient communication”.

          Smart devices maker Resideo Technologies is also named as a defendant in the investigation.

          The USITC said it has not yet made any decision on the merits of the case, and that HTC and Resideo had 20 days to file a response to the investigation.

        • PTAB Says Privacy Management Patent Covers Abstract Idea



          Law360 (October 11, 2019, 7:17 PM EDT) -- The Patent Trial and Appeal Board invalidated a OneTrust patent related to privacy management software on Thursday, finding it covered only an abstract idea.

          The board’s decision came in an America Invents Act post-grant review requested by AvePoint, a New Jersey software developer. The board found the patent was directed to a mental process — one of the categories of abstract ideas outlined in U.S. Patent and Trademark Office guidance.

      • Copyrights

Recent Techrights' Posts

Comparing U.E.F.I. to B.I.O.S. (Bloat and Insecurity to K.I.S.S.)
By Sami Tikkanen
New 'Slides' From Stallman Support (stallmansupport.org) Site
"In celebration of RMS's birthday, we've been playing a bit. We extracted some quotes from the various articles, comments, letters, writings, etc. and put them in the form of a slideshow in the home page."
Thailand: GNU/Linux Up to 6% of Desktops/Laptops, According to statCounter
Desktop Operating System Market Share Thailand
António Campinos is Still 'The Fucking President' (in His Own Words) After a Fake 'Election' in 2022 (He Bribed All the Voters to Keep His Seat)
António Campinos and the Administrative Council, whose delegates he clearly bribed with EPO budget in exchange for votes
Adrian von Bidder, homeworking & Debian unexplained deaths
Reprinted with permission from Daniel Pocock
 
Sainsbury's: It Takes Us Up to Two Days to Respond to Customers Upon Escalation (and Sometimes Even More Than Two Days)
It not only does groceries but also many other things, even banking
People Don't Just Kill Themselves (Same for Other Animals)
And recent reports about Boeing whistleblower John Barnett
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 18, 2024
IRC logs for Monday, March 18, 2024
Suicide Cluster Cover-up tactics & Debian exposed
Reprinted with permission from Daniel Pocock
Gemini Links 19/03/2024: A Society That Lost Focus and Abandoning Social Control Media
Links for the day
Matthias Kirschner, FSFE: Plagiarism & Child labour in YH4F
Reprinted with permission from Daniel Pocock
Linux Foundation Boasting About Being Connected to Bill Gates
Examples of boasting about the association
Alexandre Oliva's Article on Monstering Cults
"I'm told an earlier draft version of this post got published elsewhere. Please consider this IMHO improved version instead."
[Meme] 'Russian' Elections in Munich (Bavaria, Germany)
fake elections
Sainsbury's to Techrights: Yes, Our Web Site Broke Down, But We Cannot Say Which Part or Why
Windows TCO?
Plagiarism: Axel Beckert (ETH Zurich) & Debian Developer list hacking
Reprinted with permission from Daniel Pocock
Links 18/03/2024: Putin Cements Power
Links for the day
Flashback 2003: Debian has always had a toxic culture
Reprinted with permission from Daniel Pocock
Sainsbury’s Epic Downtime Seems to be Microsoft's Fault and Might Even Constitute a Data Breach (Legal Liability)
one of Britain's largest groceries (and beyond) chains
[Meme] You Know You're Winning the Argument When...
EPO management starts cursing at everybody (which is what's happening)
Catspaw With Attitude
The posts "they" complain about merely point out the facts about this harassment and doxing
'Clown Computing' Businesses Are Waning and the Same Will Happen to 'G.A.I.' Businesses (the 'Hey Hi' Fame)
decrease in "HEY HI" (AI) hype
Free Software Needs Watchdogs, Too
Gentle lapdogs prevent self-regulation and transparency
Matthias Kirschner, FSFE analogous to identity fraud
Reprinted with permission from Daniel Pocock
Gemini Links 18/03/2024: LLM Inference and Can We Survive Technology?
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 17, 2024
IRC logs for Sunday, March 17, 2024
Links 17/03/2024: Microsoft Windows Shoves Ads Into Third-Party Software, More Countries Explore TikTok Ban
Links for the day
Molly Russell suicide & Debian Frans Pop, Lucy Wayland, social media deaths
Reprinted with permission from Daniel Pocock
Our Plans for Spring
Later this year we turn 18 and a few months from now our IRC community turns 16
Open Invention Network (OIN) Fails to Explain If Linux is Safe From Microsoft's Software Patent Royalties (Charges)
Keith Bergelt has not replied to queries on this very important matter
RedHat.com, Brought to You by Microsoft Staff
This is totally normal, right?
USPTO Corruption: People Who Don't Use Microsoft Will Be Penalised ~$400 for Each Patent Filing
Not joking!
The Hobbyists of Mozilla, Where the CEO is a Bigger Liability Than All Liabilities Combined
the hobbyist in chief earns much more than colleagues, to say the least; the number quadrupled in a matter of years
Jim Zemlin Says Linux Foundation Should Combat Fraud Together With the Gates Foundation. Maybe They Should Start With Jim's Wife.
There's a class action lawsuit for securities fraud
Not About Linux at All!
nobody bothers with the site anymore; it's marketing, and now even Linux
Links 17/03/2024: Abuses Against Human Rights, Tesla Settlement (and Crash)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 16, 2024
IRC logs for Saturday, March 16, 2024
Under Taliban, GNU/Linux Share Nearly Doubled in Afghanistan, Windows Sank From About 90% to 68.5%
Suffice to say, we're not meaning to imply Taliban is "good"
Debian aggression: woman asked about her profession
Reprinted with permission from Daniel Pocock
Gemini Links 17/03/2024: Winter Can't Hurt Us Anymore and Playstation Plus
Links for the day