Bonum Certa Men Certa

Links 15/11/2019: New Opera and Brave, GNU/Linux Flatpa(c)ked



  • GNU/Linux

    • Server

      • IBM

        • Red Hat Adds AI Capabilities to Process Automation Suite
        • Department of Defense Enlists Red Hat to Help Improve Squadron Operations and Flight Training

          Red Hat, Inc., the world's leading provider of open source solutions, today announced that the Department of Defense (DoD) worked with Red Hat to help improve aircraft and pilot scheduling for United States Marine Corps (USMC), United States Navy (USN) and United States Air Force (USAF) aircrews. Using modern development practices and processes from Red Hat Open Innovation Labs that prioritized end user needs, the project team identified unaddressed roadblocks and gained new skills to build the right solution, a digital "Puckboard" application, for their unique scheduling challenge.

          [...]

          The problem facing squadrons was seemingly straightforward: how to improve and digitize the management of flight training operations. The existing process was entirely manual, each representing pertinent information like a pilot’s name, associated with their training syllabus, location and time of flights. Simple at a glance, the number of cognitive variables contained within this undertaking made it stressful for the operator and difficult to scale across squadrons and bases.

          For more than a decade, various project teams within the DoD had tried to improve the system via custom built applications, aircraft scheduling software and hybrid solutions. None of these deployments withstood the test of time or could be replicated if the operator took a new role elsewhere. The Defense Innovation Unit (DIU), an organization tasked with accelerating commercial technologies into the military, took on this challenge.

        • It's RedHat, And Everyone Else

          As time passes, it appears that corporations are primarily considering one distribution when considering installing Linux, and that distro is clearly RedHat. That probably does not come as any major surprise, but it appears RedHat's dominance continues to get stronger. What use to be a landscape littered with a multitude of choices has nearly been rendered down to one. Wow! That didn't take long. The open source software dynamic seemed to be formed on the premise that users were never again going to be pigeon-holed into using one piece of software. Or, perhaps better stated, that was a byproduct of making the source code readily available. And, that is still true to this day. However, as a corporate citizen in today's business climate, one finds themselves with limited possibilities.

          It was a mere 20 years ago when the buzz of Linux was starting to hit its stride. Everywhere you looked, there was a different flavor of Linux. There were nearly too many to count. And, these were not just hobbyist distros. Instead, they were corporations rising like corn stalks all over the place. Sure, there were more dominant players, but one had the ability to analyze at least 10 different fully corporate supported distributions when making a decision. With that amount of possibilities, the environment was ripe for consolidation or elimination. And, we have all watched that take place. But, did we ever think we were going to find ourselves in the current predicament?

          The data that has been collected over the past five years paints a concerning picture. Even a mere five years ago, it seemed likely that at a minimum RedHat would always have Suse as a legitimate competitor. After all, those were the two distros that seemed to win the consolidation and elimination war. At least in the corporate space. As was widely reported during that time, RedHat had somewhere in the neighborhood of 70% marketshare. It was always the gorilla in the room. But, Suse was always looked upon as an eager and willing participant, no matter its stature, and tended to garner most of the remaining marketshare. That is the way it appeared for a length of time prior to this decline over the past few years.

        • Scale testing the Red Hat OpenStack Edge with OpenShift

          Red Hat Openstack offers an Edge computing architecture called Distributed Compute Nodes (DCN), which allows for many hundreds or thousands of Edge sites by deploying hundreds or thousands of compute nodes remotely, all interacting with a central control plane over a routed (L3) network. Distributed compute nodes allow compute node sites to be deployed closer to where they are used, and are generally deployed in greater numbers than would occur in a central datacenter.

          With all the advantages that this architecture brings, there are also several scale challenges due to the large number of compute nodes that are managed by the OpenStack controllers. A previous post details deploying, running and testing a large scale environment using Red Hat OpenStack Director on real hardware, but this post is about how we can simulate far greater scale and load on the OpenStack control plane for testing using containers running on OpenShift without needing nearly as much hardware.

          In order to prove the effectiveness of Red Hat's DCN architecture, we'd like to be able to get quantitative benchmarks on Red Hat Openstack's performance when many hundreds or thousands of compute nodes are deployed.

    • Audiocasts/Shows

      • Ubuntu Podcast from the UK LoCo: S12E32 – Dungeon Keeper

        This week we’ve become addicted to Sedna SSD to PCIe controller cards. We discuss why distro hoppers are the worst, bring you some GUI love and round up our listener feedback.

        It’s Season 12 Episode 32 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

      • I.T. Phone Home | TechSNAP 416

        Ubiquiti’s troublesome new telemetry, Jim’s take on the modern Microsoft, and why Project Silica just might be the future of long term storage.

      • 2019-11-14 | Linux Headlines

        Mirantis acquires Docker, WordPress brings a big new feature to Jetpack, GitHub has a plan for archiving the world's open source code, and a new developer hub is available for Go.

      • Talk Python to Me: #238 Collaborative data science with Gigantum

        Collaborative data science has a few challenges. First of all, those who you are collaborating with might not be savvy enough in the computer science techniques (for example, git and source control or docker and Linux). Second, seeing the work and changes others have made is a challenge too.

    • Kernel Space

      • Security things in Linux v5.3

        In the continuing work to remove “uninitialized” variables from the kernel, Alexander Potapenko added new “init_on_alloc” and “init_on_free” boot parameters (with associated Kconfig defaults) to perform zeroing of heap memory either at allocation time (i.e. all kmalloc()s effectively become kzalloc()s), at free time (i.e. all kfree()s effectively become kzfree()s), or both. The performance impact of the former under most workloads appears to be under 1%, if it’s measurable at all. The “init_on_free” option, however, is more costly but adds the benefit of reducing the lifetime of heap contents after they have been freed (which might be useful for some use-after-free attacks or side-channel attacks). Everyone should enable CONFIG_INIT_ON_ALLOC_DEFAULT_ON=1 (or boot with “init_on_alloc=1“), and the more paranoid system builders should add CONFIG_INIT_ON_FREE_DEFAULT_ON=1 (or “init_on_free=1” at boot). As workloads are found that cause performance concerns, tweaks to the initialization coverage can be added.

    • Benchmarks

      • Zombieload V2 TAA Performance Impact Benchmarks On Cascade Lake

        While this week we have posted a number of benchmarks on the JCC Erratum and its CPU microcode workaround that introduces new possible performance hits, also being announced this week as part of Intel's security disclosures was "Zombieload Variant Two" as the TSX Async Abort vulnerability that received same-day Linux kernel mitigations. I've been benchmarking the TAA mitigations to the Linux kernel since the moment they hit the public Git tree and here are those initial benchmark results on an Intel Cascade Lake server.

    • Applications

      • Top GIF Recorders For Linux

        Whether you pronounce it as ‘gif’ or ‘jif’, it’s still a no-brainer that the Graphics Interchange Format is the most widely used image format there is today, gaining in popularity exponentially. This surging bitmap image format is used for a number of purposes, most of which include producing eye-catching animations to improve digital marketing. However, due to its convenience of storing multiple images in the same file while retaining file compression, it is also now considered a popular alternative to screen recording.

        While there’s a lot of support for GIFs on Windows and other operating systems like Android, they can also readily be produced on Linux with a lot of flexibility and in the best quality. Let’s look at some of the most popular GIF recorder tools used to produce GIFs on Linux.

      • Proprietary

        • Opera Browser 65 Released with Redesigned Address Bar

          Opera web browser 65 was released a day ago with redesigned address bar, improved tracker blocker, and new bookmarks panel.

        • Opera 65 Launches with Much-Improved Tracker Blocker, Redesigned Address Bar

          Opera Software announced today the general availability of the Opera 65 web browser for desktop platforms, including GNU/Linux, macOS, and Windows, a release that brings a bunch of enhancements and new features. Based on Chromium 78, the Opera 65 web browser is here and it's better than ever, brining a much-improved tracker blocker that finally lets you see which trackers are tracking your digital footprint while you're surfing the Internet.

          Based on the EasyPrivacy Tracking Protection list, Opera's tracker blocker feature will now show you all the trackers following you and let you take action against them if you believe some aren't good for you.

          By default, the tracker blocker will automatically block known tracker scripts to speed up the loading of pages and keep your online activity private. In Opera 65, the built-in tracker blocker can be toggled on and off per site too.

    • Instructionals/Technical

    • Games

      • Stardew Valley is getting a nifty whole-farm screenshot feature in an upcoming update

        The developer of the sweet game Stardew Valley, ConcernedApe, has announced that a feature-filled update is coming.

        Coming with the update is a big variety of new things. Their main aim with it, they said is to "polish" the game more. So they're going through fixing various issues that have been hanging around and add a lot of quality of life features. They don't go into too much detail though as they said they don't want to spoil it all, but it sounds like a massive update. One thing they did say is that Wild Bait, as an example, used to be "essentially worthless" but now gives you a chance to catch double fish. Also, every spouse option now has a unique 14-heart event after marriage.

      • The latest Overland update should address some inventory management nuisances

        While I appreciated Overland as difficult as it is, certain parts of it did need improvements and this new update aims to address some of the pain points.

        First up, a refresher course: what is Overland? It's a tough turn-based survival game, where you take care of a group of travellers on a post-apocalyptic road-trip across the United States.

      • inXile's big party-based RPG 'Wasteland 3' launching May 19 next year, now up for pre-order

        Wasteland 3, the big new squad-based role-playing game from inXile entertainment has a new trailer plus a release date. Today, they confirmed May 19 next year for Linux, macOS and Windows.

        Moving away from the scorching deserts of post-apocalypse Arizona to the frosty mountains of Colorado, you've been promised aid to keep your own home alive if you help the self-proclaimed Patriarch of Colorado rescue it from the ambitions of their bloodthirsty children. inXile are promising it will be full of challenging tactical combat, exploration, a deep story full of twists and ethical decision making.

    • Distributions

      • Screenshots/Screencasts

      • Arch Family

        • 6 Best Arch Linux Based User Friendly Distributions of 2019

          If you’re an avid Linux user you probably know by now that it is no Operating System for the weak at heart (well sometimes). The chances of you getting crushed when trying to install a Linux-based Operating System or learning the usual curves in your first week are pretty high.

          On the other hand, if you’re starting your trip into the world of Linux you will probably be using one of the mainstream distros out there – Ubuntu and Linux Mint, for example. Yes, these are excellent distro choices as is suggested by the Google results of the typical keyword search, but if you are explorative enough, you would have already started craving for something that is radically different from what the mainstream has to offer and this is when Arch Linux comes to the rescue.

          Arch Linux is a lightweight rolling release Linux distribution for x86-64 architecture-based computers. It is open-source and contains both libre and proprietary software because of its flexibility-based philosophy. As much loved as Arch Linux is, word on the blog streets is that it has a steep learning curve and new users end up searching for derivatives that are less developer-centric or switch to trying out a different Linux distro line completely.

      • Debian Family

        • Chrome OS 80 will start using Debian 10 Buster on new Linux installations

          At Google I/O last year, Google announced Linux app support for Chrome OS. This is made possible thanks to installing a GNU/Linux distribution, specifically Debian 9 “Stretch”, in a Linux container. Earlier this year, the Debian project announced Debian 10 “Buster,” but Google wasn’t ready to upgrade the default Linux container on Chromebooks just yet. Now, after months of testing and bug fixing, Google is ready to enable Debian 10 “Buster” as the default Linux container in Chrome OS.

          According to a recently merged commit we spotted in the Chromium Gerrit, new Crostini (the code-name for Linux apps on Chrome OS) installations will get Debian 10 by default. The commit doesn’t mention how Chromebooks with existing Debian 9 “Stretch” installations will be migrated to the newer version, but users can easily upgrade the container themselves by running a few commands. Upgrading to the newer version of Debian enables new features and should also bring greater application support. For the truly enterprising, it’s even possible to replace the Debian container with Arch Linux.

        • Debian Project Releases Linux Security Updates to Patch Latest Intel CPU Flaws

          As reported earlier this week, four new security vulnerabilities have been discovered in the Linux kernel and with an impact on Intel CPUs, namely CVE-2019-11135, CVE-2018-12207, CVE-2019-0154 and CVE-2019-0155, which may lead to privilege escalation, information leak, as well as denial of service.

          Following on the footsteps of Canonical and Red Hat, Debian Project has also released new Linux kernel security patches, along with new intel-microcode updates to mitigate all these new vulnerabilities in the Debian GNU/Linux 9 "Stretch" and Debian GNU/Linux 10 "Buster" operating systems.

      • Canonical/Ubuntu Family

        • UBports offers free Ubuntu Touch to developers willing to help

          Earlier today, UBports tweeted that Canonical had gifted them several Ubuntu Touch devices to use for further development. In the tweet, UBports offered to send the gifted devices to users willing to help develop Ubuntu Touch.

          Ubuntu Touch (also known as Ubuntu Phone) is the mobile version of Canonical’s popular Ubuntu Linux distro designed primarily for touchscreen devices such as smartphones and tablet computers.

        • Canonical enhances Kubernetes reliability for edge, IoT and multi-cloud

          Canonical today announced high-availability clustering in MicroK8s, the workstation and appliance Kubernetes, and enterprise SQL database integration for its multi-cloud Charmed Kubernetes.

          “The rapid rise of enterprise and edge Kubernetes creates a challenge for corporate IT, with thousands of edge nodes running Kubernetes, and hundreds of cloud Kubernetes clusters,” said Stephan Fabel, Director of Product at Canonical. “The next generation of Canonical’s Kubernetes offerings reduce the number of moving parts, and embrace standard corporate SQL databases for Kubernetes data stores, to address the operational consequences of Kubernetes cluster sprawl.”

          Canonical’s MicroK8s gained popularity as an IoT, appliance and developer workstation Kubernetes, with a very small footprint suitable for edge devices and laptops. MicroK8s 1.16 added clustering, enabling rapid deployment of highly standardised small K8s clusters. The next step is to ensure high availability of these clusters, using Canonical’s Dqlite distributed SQL engine. Dqlite removes process overhead by embedding the database inside Kubernetes itself, and reduces the memory footprint of the cluster which is important for IoT.

        • Canonical Announces High-Availability Clustering In MicroK8s
        • Canonical Enhances the Reliability of Its Kubernetes for IoT, Multi-Cloud & Edge

          MicroK8s is an upstream Kubernetes deployment certified by the Cloud Native Computing Foundation (CNCF) and developed entirely by Canonical to run offline on your workstation or edge device for all your development, prototyping, and testing needs. MicroK8s is delivered as a snap, which makes it possible to run all Kubernetes services natively and comes bundled with all the libraries and binaries required.

          The latest MicroK8s 1.16 release adds high-availability clustering by integrating enterprise SQL database through Canonical's in-house built Dqlite distributed SQL engine to enable rapid deployment of highly standardized small K8s clusters. Dqlite is designed to reduce memory footprint of the cluster in MicroK8s by embedding the database inside Kubernetes itself.

        • Zorin OS vs Linux Mint

          There are some specific linux distros out there that specially target the new and casual Linux users, most notably, Linux Mint and Zorin OS. In this article we will compare them.

          Zorin OS vs Linux Mint



          Both of these distros have earned a solid reputation from the community for being two of the most user-friendly distros of all. Both of them use Ubuntu as the core. Thus, both of them offer similar functionality at the core. However, the real magic is how each of them builds up on top of it. Both Linux Mint and Zorin OS comes up with different feel and vibe.

          While both of them are extremely user-friendly and robust, there are some key differences between them. That’s the beauty of Linux.
        • The future of Linux desktop application delivery is Flatpak and Snap

          Once upon a time, GNOME and KDE got along like cats and dogs. That was then. This is now. At Linux Application Summit (LAS) in Barcelona, the two, along with other desktop developers, came together to make the Linux desktop a friendlier place for all users. A big way developers will do that is by using Snap and Flatpak to deliver programs.

        • The long run of Linux desktop software shipping is Flatpak and Snap

          The moment upon a time, GNOME and KDE bought along like cats and canines. That was then. This is now. At Linux Application Summit (LAS) in Barcelona, the two, along with other desktop builders, came jointly to make the Linux desktop a friendlier area for all end users. A significant way builders will do that is by making use of Snap and Flatpak to supply plans.

        • A technical comparison between the snap and the Flatpak formats

          Since we’ve already discussed the snap layout and architecture in greater details in the previous weeks, let’s start with a quick overview of Flatpak. Much like snaps, Flatpak packages come with necessary components contained inside standalone archives, so they can be deployed and maintained with simplicity on a range of Linux distributions. Runtime and image components are bundled into a single file using the OCI format.

          In general, Flatpak applications are built against runtimes, but they can also contain additional libraries inside their own bundles. A Linux system with the Flatpak binary (primary command) installed and configured can then run Flatpak applications. At the moment, there are 21 distributions that offer Flatpak support.

          Furthermore, applications are sandboxed using Bubblewrap, which utilises kernel security and namespace features to set up unprivileged containers. Communication outside the sandbox is possible through a mechanism of portals, which allows granular access to system resources.

          Flatpak packages are available to end users primarily through Flathub, an app store and build service that is (semi)-officially associated with the Flatpak project. Submissions to Flathub are done as pull requests through GitHub, and require approval from the store admins. Similarly, publishers of proprietary software have to manually request inclusion of their applications. Flatpak applications are also sometimes available as manual download links. There is no automatic update mechanism available by default.

        • Canonical enhances Kubernetes reliability for edge, IoT and multi-cloud

          14 November 2019: Canonical today announced high-availability clustering in MicroK8s, the workstation and appliance Kubernetes, and enterprise SQL database integration for its multi-cloud Charmed Kubernetes.

          “The rapid rise of enterprise and edge Kubernetes creates a challenge for corporate IT, with thousands of edge nodes running Kubernetes, and hundreds of cloud Kubernetes clusters,” said Stephan Fabel, Director of Product at Canonical. “The next generation of Canonical’s Kubernetes offerings reduce the number of moving parts, and embrace standard corporate SQL databases for Kubernetes data stores, to address the operational consequences of Kubernetes cluster sprawl.”

          Canonical’s MicroK8s gained popularity as an IoT, appliance and developer workstation Kubernetes, with a very small footprint suitable for edge devices and laptops. MicroK8s 1.16 added clustering, enabling rapid deployment of highly standardised small K8s clusters. The next step is to ensure high availability of these clusters, using Canonical’s Dqlite distributed SQL engine. Dqlite removes process overhead by embedding the database inside Kubernetes itself, and reduces the memory footprint of the cluster which is important for IoT.

          RAFT and SQLite are well-understood best practices for distributed and embedded systems. Using Dqlite as the Kubernetes datastore simplifies the deployment of a resilient K8s cluster. Telco and retail edge applications can now achieve high reliability at very low cost on x86 or ARM commodity appliances such as clusters of Intel NUCs or Raspberry Pi boards.

        • Lessons learned from 100+ private cloud builds

          Building a private cloud based on OpenStack has typically been a complex process with uncertain build costs based on time and materials requiring specialised expertise and low-level Linux OS knowledge. To help enterprises overcome these challenges,Canonical offers Private Cloud Build to provide businesses with a fully deployed OpenStack delivered in as little as two weeks at a fixed cost.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • PyRadio: An open source alternative for internet radio

        PyRadio is a convenient, open source, command-line application for playing any radio station that has a streaming link. And in 2019, almost every radio station (certainly, every one that has a web presence) has a way to listen online. Using the free PyRadio program, you can add, edit, play and switch between your own selected list of streaming radio stations. It is a command-line tool for Linux that can run on many computers, including Macintosh and tiny computers like Raspberry Pi. To some, a command-line client for playing music might sound needlessly complicated, but it's actually a simple alternative and one that serves as an instant text-based dashboard to easily select music to listen to.

        A little background about myself: I spend a lot of time browsing for and listening to new music on Bandcamp, on various blogs, and even Spotify. I don't spend time casually listening to app *radio* stations, which are really algorithmically-generated continuous streams of similarly tagged music. Rather, I prefer listening to non-profit, college and locally-produced independent radio stations that are run by a community and don't rely on advertisements to sustain themselves.

      • PHP 7.4.0RC6 is available for testing
        PHP 7.4.0RC6 has just been released and can be downloaded from:
        
        

        <https://downloads.php.net/~derick/>

        Or use the git tag: php-7.4.0RC6

        Windows binaries are available at: <https://windows.php.net/qa/>

        Please test it carefully, and report any bugs in the bug system at <https://bugs.php.net>.

        Hash values and PGP signatures can be found below or at <https://gist.github.com/derickr/75073b820cef83190094d34b7b04d322>.

        7.4.0 should be expected in 2 weeks, i.e. on November 28th, 2019.

        Thank you, and happy testing!

        Regards, Peter Kokot & Derick Rethans
      • PHP 7.4 Aims For Release In Two Weeks With FFI, Performance Improvements

        The sixth and final release candidate of PHP 7.4 is now available with it being on track for the general availability release before month's end.

        PHP 7.4-RC6 is now available for testing with plans for the official release in just two weeks. PHP 7.4-RC6 is just comprised of fixes ranging from making stream_copy_to_stream using mmap more often to a reflection bug to TLS issues.

      • Google: As Go programming language turns 10, here are the big names using it

        To celebrate its anniversary, Google has launched a new website on its recently launched .dev domain, simply called go.dev, which highlights Go's strengths for building cloud services, command-line interfaces, web applications, and its support of DevOps.

        Claiming over a million Go users worldwide, Google is also keen to show how many big brands are using the language extensively, including American Express, Salesforce, IBM, Target, Twitch, Netflix, Twitter, Uber, and Dropbox.

      • Google releases source code of new on-device machine learning solutions

        In a blog post, software and silicon engineers Andrew Howard and Suyog Gupta from Google Research said on Wednesday that both the source code and checkpoints for MobileNetV3, as well as the Pixel 4 Edge TPU-optimized counterpart MobileNetEdgeTPU, are now available.

      • Web Browsers

        • Brave Browser Reaches Version 1.0

          The Brave browser was pioneered by Mozilla co-founder and JavaScript inventor Brendan Eich and we originally reported on it in January 2016 when it was at version 0.7. Now as it launches Version 1.0, the Brave browser already has 8.7 million monthly active users across the globe

          Motivated by dissatisfaction with "maladvertising", Brave promises to prioritize security by blocking third-party ads, trackers, and won't allow video to autoplay. This makes it faster and saves users' time and battery life.

          Announcing the official launch of Brave 1.0 the blog post states:

          The Brave open source browser fundamentally shifts how users, publishers, and advertisers interact online by giving users a private, safer, and 3-6x faster browsing experience, while funding the Web through a new attention-based platform of privacy-preserving advertisements and rewards.

          The numbers displayed at the top of this screen reveal that Brave has blocked 117,674 ads and trackers, saved 2,846 upgrades, thus saving an estimated 59 minutes in the current brower session.

        • Mozilla

          • Thermostats, Locks and Extension Add-ons – WebThings Gateway 0.10

            Happy Things Thursday! Today we are releasing WebThings Gateway 0.10. If you have a gateway using our Raspberry Pi builds then it should already have automatically updated itself.

            This new release comes with support for thermostats and smart locks, as well as an updated add-ons system including extension add-ons, which enable developers to extend the gateway user interface. We’ve also added localisation settings so that you can choose your country, language, time zone and unit preferences. From today you’ll be able to use the gateway in American English or Italian, but we’re already receiving contributions of translations in different languages!

          • The ByteCode Alliance wants to bring binary apps into your browser

            Back in 2015, a consortium including Google, Microsoft, Mozilla, and the WebKit project announced WebAssembly. This week, Mozilla, Intel, Red hat, and Fastly announced a new consortium called the Bytecode Alliance, which aims to foster WebAssembly and other "new software foundations" that will allow secure-by-default ways to run untrusted code, either inside or outside the Web browser environment.

            For many, this raises an obvious question: what is WebAssembly? WebAssembly (wasm) was and is a potentially exciting project, offering a way to run native bytecode inside the browser for potentially very large increases in performance over the Javascript engines in use both then and today.

            Javascript is frequently misunderstood as a scripting language that is interpreted at runtime. Although it is generally loaded into the browser as source code, it may be either interpreted or compiled to bytecode and executed. Compilation means higher performance execution—particularly inside tight loops—but it also means a startup penalty for the time needed to do the JIT compilation itself.

          • 2019 Add-ons Community Meetup in London

            At the end of October, the Firefox add-ons team hosted a day-long meetup with a group of privacy extension developers as part of the Mozilla Festival in London, UK. With 2019 drawing to a close, this meetup provided an excellent opportunity to hear feedback from developers involved in the Recommended Extensions program and to get input about some of our plans for 2020.

            [...]

            We recently announced that Firefox Preview, Mozilla’s next generation browser for Android built on GeckoView, will support extensions through the WebExtensions API. Members of the Android engineering team will build select APIs needed to initially support a small set of Recommended Extensions.

            The group discussed a wishlist of features for extensions on Android, including support for page actions and browser actions, history search, and the ability to manipulate context menus. These suggestions will be considered as work on Firefox Preview moves forward.

          • Here’s why pop culture and passwords don’t mix

            Were they on a break or not?! For nearly a decade, Ross and Rachel’s on-screen relationship was a point of contention for millions of viewers around the world. It’s no surprise to learn that years after the series finale, they are not only TV’s most beloved characters, but their names are popular account passwords, too. That’s right. More than thousands of internet users love Rachel, Monica, Joey, Chandler, Ross and Phoebe enough to use their names as passwords.

            Wondering about trends, we turned to haveibeenpwned (HIBP) — the website that aggregates data from known breaches — for pop culture favorites. (Firefox Monitor draws from HIBP to help people learn if they’ve been caught up in a data breach and take steps to protect themselves.)

            We couldn’t access any data files, browse lists of passwords or link passwords to logins — that info is inaccessible and kept secure — but we could look up random bad passwords manually on HIBP. It turns out, quite a lot of sitcom and sports fans are using pop culture passwords for their accounts. These bad passwords are not only weak, they have also been breached. Here’s what we spotted.

          • Adding CodeQL and clang to our Bug Bounty Program

            One of the ways we’re supporting this initiative at Mozilla is through renewed investment in automation and static analysis. We think the broader Mozilla community can participate, and we want to encourage it. Today, we’re announcing a new area of our bug bounty program to encourage the community to use the CodeQL tools. We are exploring the use of CodeQL tools and will award a bounty – above and beyond our existing bounties – for static analysis work that identifies present or historical flaws in Firefox.

      • Linux Foundation

        • The Linux Foundation and AWS announce new open data model

          The Linux Foundation’s joint Development Foundation (JDF) is teaming up up with AWS, Genesys and Salesforce to create an open source data model that standardizes data interoperability across cloud applications. They’re calling it the Cloud Information Model (CIM).

          The CIM is meant to tackle the challenge of cloud computing and creating data models. The foundation explained that data models force developers to build, test and manage custom code in order to translate data across systems.

          According to the foundation, the new open data model aims to reduce the complexities of integrating data across cloud applications by providing data interoperability guidelines to point-of-sale systems, digital marketing platforms, contact centers or CRM centers.

        • LF AI Welcomes ONNX, Ecosystem for Interoperable AI Models, as Graduate Project

          The LF AI Foundation, the organization building an ecosystem to sustain open source innovation in artificial intelligence (AI), machine learning (ML) and deep learning (DL), is announcing today the Open Neural Network eXchange (ONNX) is its newest graduate level project. Moving ONNX under the umbrella of LF AI governance and management is viewed as a key milestone in establishing ONNX as a vendor-neutral open format standard.

          ONNX is an open format used to represent machine learning and deep learning models. An ecosystem of products supporting ONNX provides AI capabilities like model creation and export, visualization, optimization, and acceleration capabilities. Among its many advantages, ONNX provides portability, allowing AI developers to more easily move AI models between tools that are part of trusted AI/ML/DL workflows.

      • FSF/FSFE/GNU/SFLC

        • GIMP basics: Best tips and tricks for beginners

          GIMP (GNU Image Manipulation Program), like so many other open source programs, started out as a student project at the University of California, Berkeley. It was developed by Spencer Kimball and Peter Mattis in 1995, and the first version (0.54) was released in 1996.

          As of the current version (2.10) GIMP has matured into a truly incredible photo-editing program. It’s not as complex as Photoshop, but it’s not as basic as PC Paint either. It rivals all the top dogs on the market today. Best of all, it’s free!

          If you’re coming at GIMP by way of Photoshop, however, you may be frustrated by the some of the differences. Here are a few user tips to get you started, whether you're a rookie or a pro.

      • Programming/Development

        • Manipulating text with grep

          Imagine you have a file (or bunch of files) and you want to search for a specific string or configuration setting within these files. Opening each file individually and trying to find the specific string would be tiresome and probably isn’t the right approach. So what can we use, then?

        • Hiring a technical writer in the age of DevOps

          It's common for enterprises to leave the technical writer's role out of the DevOps discussion. Even the marketing department joins the discussion in some DevOps-first organizations—so why not the writers?

          Our industry doesn't ask enough of its technical writers. Documentation is an afterthought. Companies farm out technical writing to contractors at the end of the project lifecycle. Corners get cut. Likewise, technical writers don't ask enough of their industry. The expectations for the role vary from company to company. Both circumstances lead to technical writers being left out of the DevOps discussion.

          As your organization matures its DevOps practices, it's time to revisit the role of your technical writer.

        • How to port an awk script to Python

          Scripts are potent ways to solve a problem repeatedly, and awk is an excellent language for writing them. It excels at easy text processing in particular, and it can bring you through some complicated rewriting of config files or reformatting file names in a directory.

        • Navigating Python Code with Wing Pro 7 (part 1 of 3)

          Wing Python IDE includes a boatload of features aimed at making it easier to navigate and understand the structure of Python code. Some of these allow for quick navigation between the definition and uses of a symbol. Others provide a convenient index into source code. And still others quickly find and open files or navigate to symbols matching a name fragment.

          [...]

          This tool supports text matching, wildcard, and regular expression searching and automatically updates the search results as files change.

          Searching on Project Files assumes that you have used Add Existing Directory in the Project menu to add your source code to your project. Typically the project should contain the code you are actively working on. Packages that your code uses can be left out of the project, unless you anticipate often wanting to search them with Search in Files.

      • Standards/Consortia

        • Report from July 2019 ISO C++ Standards Committee Meeting (Concurrency and Parallelism Study Group) S

          The summer 2019 WG21 C++ Committee meeting was held in Cologne, Germany during the week of July 13. As usual, Red Hat sent three representatives, Jason Merrill in the Core Working Group (CWG), Jonathan Wakely in the Library Working Group (LWG), and myself in the Concurrency and Parallelism Study Group (SG1). This rather late report covers the Cologne SG1 session and looks ahead to some revised papers from that meeting, which are scheduled for the fall meeting in Belfast, Northern Ireland, for the first week of November 2019.

        • On data encoding and complex text shaping

          The summit was inaugurated by Fahad Al-Saidi of the Scribus fame, who was instrumental in implementing complex text layout (CTL). Prior to the talks, I got to meet the team who made it possible to switch Janayogom’s entire publishing process on to free software platform — Kubuntu based ThengOS, Scribus for page layout, Inkspace for vector graphics, GIMP for raster graphics, CMYK color profiling for print, new Malayalam Unicode fonts with traditional orthography etc. It was impressive to see that entire production fleet was transformed, team was trained and the news paper is printed every day without delay.

          I also met Fahad later and pleasantly surprised to realize that he already knows me from open source contributions. We had a productive discussion about Scribus.

  • Leftovers

    • Health/Nutrition

      • The Logic of Medical Co-Payments

        Aaron Carroll had a very useful NYT Upshot piece highlighting research showing that even modest co-payments discourage people from getting necessary medical care. The article is about co-payments for prescription drugs where it highlights research showing that people will often skip taking prescribed drugs to avoid co-payments. There are a couple of points worth making about co-payments in this context and more generally.

      • Justice Democrats Accuses Buttigieg of Abandoning Medicare for All After Taking 'Tons of Cash' From Corporate Interests

        The progressive group said Buttigieg has "no credibility" to attack Warren and Sanders on Medicare for All given "how much money he's been taking from Big Pharma and insurance executives."

    • Security (Confidentiality/Integrity/Availabilitiy)

      • Why Kali Linux is loved by penetration testers [Q&A]

        Penetration testing is an essential tool for organizations to make sure their systems are safe and secure. It probes systems by attacking them in the way that a hacker would.

        But for many, the concept of pentesting is something of a dark art, and the tools used to carry it out shaded in obscurity. One of the most popular tools among testers is Kali Linux but you could be forgiven for never having heard of it.

        We spoke to Jim O'Gorman of testing training specialist Offensive Security, which maintains the Kali Linux project, to discover more about what Kali Linux is and why pen testers love it so much.

      • Windows and Linux Get Options To Disable Intel TSX To Prevent Zombieload v2 Attacks
      • Windows & Linux get options to disable Intel TSX to prevent Zombieload v2 attacks
      • Security updates for Thursday

        Security updates have been issued by Arch Linux (kernel, linux-lts, and linux-zen), CentOS (kernel, sudo, and thunderbird), Debian (linux-4.9), Fedora (samba), openSUSE (apache2-mod_auth_openidc, kernel, qemu, rsyslog, and ucode-intel), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and microcode_ctl), and Ubuntu (kernel, libjpeg-turbo, linux, linux-hwe, linux-oem, linux, linux-hwe, linux-oem-osp1, and qemu).

    • Defence/Aggression

      • Murder Like It’s 1495: U.S.-Backed Counterinsurgency in the Philippines

        Two men, soldiers probably, noticed Bai Leah Tumbalang. This was last August. She was in Valencia City, in the Philippine province of Bukidnon. The men drew near on their motorcycle, followed her, then pulled up to shoot her in the forehead. She died immediately.

      • The So-Called War on Terror Has Killed Over 801,000 People and Cost $6.4 Trillion: New Analysis

        "The numbers continue to accelerate, not only because many wars continue to be waged, but also because wars don't end when soldiers come home."

      • A Doubtful Proposition: a Reflection on the Trial of the Kings Bay Plowshares 7

        “Whether nuclear weapons are actually illegal under international or domestic law (a doubtful proposition) is not relevant or an appropriate issue to litigate in this case,” so ruled Judge Lisa Godbey Wood of the US District Court for the Southern District of Georgia, late on Friday October 18. This last-minute order, restricting the defense of seven antinuclear activists at a trial that began Monday morning the 21st, made a short trial a foregone conclusion. It also, more than any evidence that the yet to be impaneled jury would eventually hear, made their convictions all but certain.

      • 'Schools of Mass Destruction': Report Details 49 US Universities Abetting Nuclear Weapons Complex

        "Why would an institution of higher learning support weapons that cause terrible humanitarian consequences?"

      • How Not to End a Forever War

        I love “caper’ movies. There’s nothing like a gang of lovable rogues executing an elaborately planned, seemingly impossible crime. President Donald Trump, while in no way lovable, pulled off the perfect caper when he grabbed the White House three years ago. Now Trump has launched a new caper: stealing Syria’s oil. Danny Ocean, eat your heart out.

      • Reckoning With the Costs of War: It's Time to Take Responsibility

        In 2008, when he was only 29, Army Pfc. Russell Madden€ enlisted in the Army because he needed health insurance for his son, who was born with cystic fibrosis. While deployed to Afghanistan in 2010, he died after a rocket-propelled grenade hit his convoy.

      • Israel Intensifies Strikes as Rockets Rain Down on Gaza

        Israeli aircraft struck Islamic Jihad targets throughout the Gaza Strip on Wednesday while the militant group rained scores of rockets into Israel for a second straight day as the heaviest round of fighting in months showed no signs of ending. The death toll rose to 26 Palestinians, including a 7-year-old boy and two other minors.

      • Sanders Has Denounced Coup, But Biden, Warren, and Buttigieg So Far Silent on Overthrow of Bolivia's Morales

        "Why is Bernie Sanders the only one who has spoken out? Don't the other candidates have a position about a destabilizing, right-wing takeover of a neighboring country? We need to hear from them."

      • The Bolivian Coup Comes Down to One Precious Mineral

        Bolivia’s President Evo Morales was overthrown in a military coup on November 10. He is now in Mexico. Before he left office, Morales had been involved in a long project to bring economic and social democracy to his long-exploited country. It is important to recall that Bolivia has suffered a series of coups, often conducted by the military and the oligarchy on behalf of transnational mining companies. Initially, these were tin firms, but tin is no longer the main target in Bolivia. The main target is its massive deposits of lithium, crucial for the electric car.

      • How the OAS and US Just Helped Overthrow Another Government

        The United States and the Organization of American States can add another coup to their scorecards, even if U.S. media refuses to recognize it as such.

      • Military Coup in Bolivia 'Has Been Consummated,' Says Evo Morales as Right-Wing Senator Declares Herself President in Defiance of Constitution

        "She's declared herself president without having a quorum in the parliament," said Morales supporter Julio Chipana. "She doesn't represent us."

      • New Revelations on Dutch Role in Deadly Iraq Attack

        Recent news reports have exposed Dutch involvement in an airstrike in Iraq in June 2015 that killed at least 70 civilians, with the Minister of Defense finally admitting on November 5, 2019 that the ministry had known about the deaths after years of denial.

      • ‘Everybody at the school knew’ The St. Petersburg university that employed the historian who dismembered his grad student girlfriend denies past complaints about other sexual assaults

        On November 9, police pulled 63-year-old historian and St. Petersburg State University senior lecturer Oleg Sokolov from the Moyka River. He was alive, but the same could not be said for Anastasia Eshchenko, a 24-year-old graduate student who lived with Sokolov as his fiancée. Officials soon realized that he had murdered her and dismembered her body. When he was discovered in the river, Sokolov was carrying a backpack that contained the woman’s severed hands. On November 11, a court formally jailed the historian, and St. Petersburg State University quickly announced his dismissal. Many are angry, however, that the school didn’t act sooner. A petition at Change.org now has more than 72,000 signatures demanding punishment for the university officials who failed to take action against Sokolov, despite apparent allegations against him. In St. Petersburg, demonstrators have also staged isolated pickets with the same demands. The historian’s colleagues say the school was aware of his multiple romances with students, but they say there were no grounds to fire Sokolov, because no one ever filed a formal complaint against him.

      • Criminalated Warmongers

        The Dawn Patrol is a 1938 film about British World War I fighter pilots, roistering and dying in an aerial war of attrition in France with their German counterparts. It was directed by Edmund Goulding from a screenplay written by Seton I. Miller and Dan Totheroh, which was adapted from a story by John Monk Saunders. The film starred Errol Flynn (Captain Courtney), Basil Rathbone (Major Brand), David Niven (Scott), Donald Crisp (Phipps), and Morton Lowry (Donnie Scott), and was produced by the Warner Brothers Studio as a remake of their earlier 1930 film of the same story.

    • Transparency/Investigative Reporting

      • Assange, Zuckerberg and Free Speech

        This time, more than any other, is a time for free speech absolutism. It is a time where the influence of one’s speech can be bought. Corporations are considered people. Truth is not defined by people, it is defined by corporate interests—namely profit. Sectarianism has at least culturally collapsed, creating the potential, although not a guarantee, of a united global revolution against the prevailing ideology of capital. Now is not the time for censorship. Now is the time to leave the truth behind all together and accept something greater. We must transcend truth and begin to live in material reality that is not conscious of anything except for the mission at hand and the urgency of life itself as the material clock of both ourselves and civilization as we know it nears midnight.

      • Norway's DNB to investigate allegedly improper Icelandic payments to Namibia

        Norwegian bank DNB (DNB.OL) is investigating media allegations that an Icelandic company transferred money via the bank to bribe Namibian officials, DNB said on Wednesday.

        Iceland’s public broadcaster reported on Tuesday that fisheries group Samherji had made illicit payments worth millions of dollars to secure fishing quotas in Namibia.

        “We are of course investigating the claims,” DNB said of the report.

        Separately, Namibian media reported that two Namibian ministers had resigned from their cabinet positions on Wednesday following the Icelandic news report.

        The Namibian government had no immediate comment.

        Samherji said in a statement it had hired a law firm to investigate the allegations.

      • Ministers Sacky Shanghala and Bernhardt Esau resign after kickback exposé

        Justice Minister Sacky Shanghala and Fisheries Minister Bernhardt Esau have resigned after The Namibian newspaper exposed a Namibian fishing quota kickback scandal worth millions of dollars.

        State House issued a press statement Wednesday afternoon announcing the resignations.

        The Presidency said since assuming office President Hage Geingob "has taken practical steps to promote effective governance, prioritising the fight against corruption, promoting greater transparency and accountability. "

      • Julian Assange’s judge and her husband’s links to the British military establishment exposed by WikiLeaks

        The husband of Lady Emma Arbuthnot, the Westminster chief magistrate overseeing WikiLeaks’ founder Julian Assange’s extradition to the US, has financial links to the British military establishment, including institutions and individuals exposed by WikiLeaks.

    • Environment

    • Finance

    • AstroTurf/Lobbying/Politics

    • Censorship/Free Speech

    • Privacy/Surveillance

      • Ring Spends The Week Collecting Data On Trick-Or-Treating Kids And Being An Attack Vector For Home WiFi Networks

        Nothing owns like a self-own. And Ring -- Amazon's doorbell surveillance project -- is so into self-abuse, it's almost kinky. It's a DOM when it picks up another submissive law enforcement partner (400+ at last count, so maybe get tested if you install a doorbell without protection). Any other time, it seems to be a relentlessly cheery masochist. Hopefully it's deriving some pleasure from the endless negative news cycles. Maybe 95% market share heals all wounds.

      • Facebook Says It Axed 3.2 Billion Fake Accounts in Last Six Months

        Facebook says it removed 3.2 billion fake accounts from its service from April to September, up slightly from 3 billion€ in the previous six months.

      • Microsoft Says It's Cool With California's New Privacy Law

        We've made it abundantly clear that California's new privacy law is aggressively undercooked, and will require some very serious fine tuning if it's going to be workable for many California companies. At the same time, giant companies like Google, Comcast, and AT&T have spent a lot of time aggressively misrepresenting what the law actually does, running ads outright lying about the bill's impact, and downplaying the fact that states wouldn't be wading into the privacy waters if these companies hadn't lobbied to kill modest federal privacy requirements in the first place.

    • Civil Rights/Policing

    • Internet Policy/Net Neutrality

      • DirectTV Forgot To Stop Charging Customers For Channels That Were Blacked Out

        As we've detailed for some time now, while contract blackouts have almost always been an annoyance in the cable television industry, they are becoming increasingly prevalent alongside the rise of cord-cutting. Normally when we discuss cable blackouts, the discussion revolves around the entirely predictable strategy by both the broadcaster and cable operator to blame one another, all while paying customers sit without the channels they're paying for. While annoying, that is usually the extent of our comments on the matter.



Recent Techrights' Posts

Technology: rights or responsibilities? - Part XI
By Dr. Andy Farnell
GNU/Linux and ChromeOS in Qatar Reach 4%, an All-Time High
Qatar has money to spend, but not much of it will be spent on Microsoft, or so one can hope
This 'Article' About "Linux Malware" is a Fake Article, It's LLM Slop (Likely Spewed Out by Microsoft Chatbot)
They're drowning out the Web
Early Retirement Age: Linus Torvalds Turns 55 Next Week
Now he's almost eligible for retirement in certain European countries
 
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024
Links 22/12/2024: Election Rants and More Sites Available via Gemini
Links for the day
Links 22/12/2024: North Pole Moving and Debian's Joey Hess Goes Solar
Links for the day
Gemini Links 22/12/2024: Solstice and IDEs
Links for the day
BetaNews: Microsoft Slop is Your "Latest Technology News"
Paid-for garbage disguised as "journalism"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 21, 2024
IRC logs for Saturday, December 21, 2024
Links 21/12/2024: EU on Solidarity with Ukraine, Focus on Illegal and Unconstitutional Patent Court in the EU (UPC)
Links for the day
[Meme] Microsofters at the End of David's Leash
Hand holding the leash. Whose?
Deciphering Matt's Take on WordPress, Which is Under Attack From Microsofters-Funded Aggravator
the money sponsoring the legal attacks on WordPress and on Matt is connected very closely to Microsoft
Gemini Links 21/12/2024: Projections, Dead Web ('Webapps' Replacing Pages), and Presentation of Pi-hole
Links for the day
American Samoa One of the Sovereign States Where Windows Has Fallen Below 1% (and Stays Below It)
the latest data plotted in LibreOffice
[Meme] Brian's Ravioli
An article per minute?
Links 21/12/2024: "Hey Hi" (AI) or LLM Bubble Criticised by Mainstream Media, Oligarchs Try to Control and Shut Down US Government
Links for the day
LLM Slop is Ruining the Media and Ruining the Web, Ignoring the Problem or the Principal Culprits (or the Slop Itself) Is Not Enough
We need to encourage calling out the culprits (till they stop this poor conduct or misconduct)
Christmas FUD From Microsoft, Smearing "SSH" When the Real Issue is Microsoft Windows
And since Microsoft's software contains back doors, only a fool would allow any part of SSH on Microsoft's environments, which should be presumed compromised
Paywalls, Bots, Spam, and Spyware is "Future of the Media" According to UK Press Gazette
"managers want more LLM slop"
Google Has Mass Layoffs (Again), But the Problem is Vastly Larger
started as a rumour about January 2025
On BetaNews Latest Technology News: "We are moderately confident this text was [LLM Chatbot] generated"
The future of newsrooms or another site circling down the drain with spam, slop, or both?
"The Real New Year" is Now
Happy solstice
Microsoft OSI Reads Techrights Closely
Microsoft OSI has also fraudulently attempted to censor Techrights several times over the years
"Warning About IBM's Labor Practices"
IBM is not growing and its revenue is just "borrowed" from companies it is buying; a lot of this revenue gets spent paying the interest on considerable debt
[Meme] The Easier Way to Make Money
With patents...
The Curse (to Microsoft) of the Faroe Islands
The common factor there seems to be Apple
Electronic Frontier Foundation Defends Companies That Attack Free Speech Online (Follow the Money)
One might joke that today's EFF has basically adopted the same stance as Donald Trump and has a "warm spot" for BRICS propaganda
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 20, 2024
IRC logs for Friday, December 20, 2024
Gemini Links 21/12/2024: Death of Mike Case, Slow and Sudden End of the Web
Links for the day