Dell’s 2019 XPS 13 DE ships with Ubuntu 18.04 installed and ready to go, no tweaking required but certainly not forbidden if you so desire. Ars Technica is looking at the pros and cons of picking up a developer laptop right now, or waiting for the newest model to arrive. The 2019 model they have investigated is powered by a Comet Lake i7-10710U, 16GB of RAM, a 1TB solid state drive and a 13ââ¬Â³ InfinityEdge, 4K IPS touchscreen and was a decent improvement over the previous model.
The 2020 edition will sport a 10th generation Core processor and similar memory and storage but the screen will be changed to a 16:10 aspect ratio as opposed to the 16:9 of the current. This might not sound like much but for a 13ââ¬Â³ laptop it does add screen real estate, not to mention allowing for a larger keyboard. Drop by for a look at their thought process as they ponder Dell’s new workstation.
System76 began with the mission to inspire users to create, make, and build their imaginations into existence. And in 2018, we built an inspiring computer of our own. As an open hardware computer, Thelio was the culmination of our vision of an open source future. We infused Thelio with design elements that best represented our journey and began manufacturing these computers in our founding city of Denver, Colorado.
Hundreds of iterations and over a year later, we’re expanding our color options for Thelio to include Neptune Blue, Martian Red, and Dark Matter wood stains. These colors give Thelio a modernized aesthetic that’s fitting for creators, makers, and builders on the cusp of new discoveries.
One thing we’ve heard from the mesh administrators and operators who use Istio is that its complexity makes it hard to adopt and integrate with their current stack. I’ve been involved with the development of Istio since Istio 0.6, and I’ve seen it become increasingly complex over time.
Enter Istio 1.5. This release has many new features, but those features are dwarfed by a major improvement. The improvement I’m most excited about is an architectural simplification of Istio that consolidates the control panel into a single binary called istiod. Essentially, istiod dramatically simplifies Istio’s architecture, which we think will improve the feasibility of making improvements to the project.
With serverless, there are no long running servers, virtual machines or containers that need to be managed by engineers. Functions execute when needed as a service and the backend infrastructure is all managed in the cloud by a service provider. Serverless basically allows you to just focus on the business and application logic, so you can gracefully refactor an application and not worry about reconstituting the underlying plumbing to run a new set of services. This is a hard detour from the cloud-native path of moving to Kubernetes clusters and orchestration management, which is more complex and just as costly than anything we’ve done in the past.
Debian Project Leader Sam Hartman has announced he won’t be running again, Let’s Encrypt scrambles to deal with millions of improperly issued certificates, and openSUSE is again looking to fill a board seat after recent resignations.
We revisit some of the projects we have covered in previous episodes to see what we’ve stuck with and what we haven’t.
Qubes OS and Tails, a handy Android app, building websites, easy Arch, the cloud, hardware hacking, and more.
Why ZFS is doing filesystem checksumming right, better TMPFS throughput performance on DragonFlyBSD, reshaping pools with ZFS, PKGSRC on Manjaro aarch64 Pinebook-pro, central log host with syslog-ng on FreeBSD, and more.
I've had a soft spot for Elementary OS since I first encountered it in 2013. A lot of that has to do with the distribution being very clean and simple.
Since 2013, I've recommended Elementary to people who I've helped transition to Linux from other operating systems. Some have stuck with it. Some who moved on to other Linux distributions told me that Elementary helped smooth the transition and gave them more confidence using Linux.
Like the distribution itself, many of the applications created specifically for Elementary OS are simple, clean, and useful. They can help boost your day-to-day productivity, too.
Insync is a great app for Ubuntu that lets you integrate your Google Drive to Ubuntu. Not just that, you can also sync multiple Google Drive accounts.
Some years ago Gmail wasn’t as popular as it is today, neither was Google Drive and many other Google services. Thanks to the massive success of Android though, these services had a great ride to success themselves. Most of us have an Android device and most of them do come pre-installed with Google Drive already. Anyone who’s not already using another cloud service will find it easier to just use Google Drive. It also provides PC clients for Mac and Windows so your files are available across all your devices. On Linux (and thus, Ubuntu) though, using Google Drive is not a great experience. But it can be if you are ready to shell out a few bucks for Insync.
Gala Sky 2.25 Released Today: Gala Sky is a 3D virtualization software developed by Gaia group of the Astronomisches Rechen-Institut (ZAH, University Heidelberg). This application is an open-source and cross platform application and it runs on Windows, Linux and MAC operating systems.
There are a multitude of applications to manage your todo list. One of these apps is Taskwarrior, it allows you to manage your task in the terminal without a GUI. This article will show you how to get started using it.
PipeWire 0.3 was released a few days ago, marking a big step forward in the effort of making this emerging media service the core layer of all multimedia on Linux.
A huge effort is currently underway to bring the Linux desktop into the future with the help of containerization technologies such as Flatpak. One of the goals of this exercise is to create a clear security barrier separating the applications from each other and from the system. The media stack is one area where the applications normally fail to co-operate with this model, requiring direct access to the hardware because large amounts of data need to be exchanged and a low latency is often critical. PipeWire is the missing piece to this puzzle, allowing applications to access hardware devices in an efficient, yet secure manner.
Over on the Collabora blog, Julian Bouzas writes about PipeWire, which is a relatively new multimedia server for the Linux desktop and beyond.
D9VK (now part of DXVK) developer Joshua Ashton has proposed a set of patches to Wine's Vulkan library (Winevulkan) that should help with performance.
Ashton's patch-set works to reduce heap allocations in many of the Vulkan commands and instead is using alloca to place the small items on the stack. These excessive heap allocations in Winevulkan were happening "thousands of times per second" and "these structures and arrays of structures are small, and this is all super duper hot path code."
Humble Bundle and Paradox Interactive have teamed up for something a little more unusual, instead of a standard Humble Bundle they're letting you build it yourself with the games you want.
A nice idea and a good way to build up your collection of fine strategy games, especially since so many support Linux thanks to Paradox.
Aside from time travel, there aren't many new features, though I plan on adding some in the next week (probably powerups or a boss fight), so another release should be not far away.
Admittedly, Fallen London is not a game I played until this week when learning of the 10 year anniversary and this browser-based narrative adventure certainly does capture your attention.
In Fallen London, you start off with nothing and click your way through different stories to attempt to make a name for yourself. Through your actions, you gain experience towards various skills that will affect how you progress through what becomes your own unique story. It's stylish, it has great writing and it will suck away your time.
While the majority of the game is text based, as it's "a literary RPG of sorts" they did just give it a nice fresh upgrade. Originally, the city map was just a flat image with a few locations marked on it but now they've given it quite the overhaul and it does look quite fantastic. You can zoom in and out, hover over locations to get a description and scroll around. All very modern looking.
The Longing is highly unusual, a game that takes 400 real-time days to come to a conclusion. As soon as you load it up, a timer will start counting down even when you're not in the game. Note: Copy provided for GOL from the publisher before the release.
A game about loneliness and solitude based on the Kyffhäuser legend, created as a passion project by German indie developer Anselm Pyta of Studio Seufz and publishing by the wonderful Linux-friendly team at Application Systems Heidelberg.
Presented in the classic point and click style, you explore a vast underground network of caves that over time change and allow you to access new areas. You can see something of a preview I did recently here, and today I decided to come back to it for the release to explore some more. Part of what's great about The Longing, is being able to come back to it days and weeks later to do more. We're talking about a game where opening a door can take a few hours, however I have managed to explore even more of the cave system as I continued travelling around.
Total War: THREE KINGDOMS - A World Betrayed was announced today as the latest expansion, it looks and sounds good and a release isn't far away. Arriving for Windows on March 17, the porting studio Feral Interactive announced the Linux version will see support for it "shortly after Windows".
A World Betrayed portrays a seminal moment in the history of the Three Kingdoms. Taking place following the Three Kingdoms conflict from 194 CE, many of the iconic warlords of Total War: THREE KINGDOMS have now passed on, a catalyst that has spurred a new generation of warlords into making a play for their own dynasties.
The key thing about SuperStarfighter is the accessibility, the controls are super simple and it's easy for anyone to get into for some family-friendly fun. It uses a single button plus movement, so there's really no fussing around.
With this big update you can now actually customize the experience more to your liking. Choose with game modes to play, how many stars are needed to win and more. However, if you do have people to play with the 3/4 player arenas have been redesigned to give more room and be more fun to play. There's even a brand new game mode "slam-a-gon", along with a new playable character.
Creating awesome 2D games can be made quite easy, thanks to tools like GDevelop, the free and open source game engine that has an events-driven system so even beginners can use it.
Instead of writing out tons of lines of code (well, you can still do that), you drag and drop events around and add actions to things. It's clever and it does work quite well. They're quickly improving the game engine and editor for GDevelop too with a new release up.
Barotrauma from FakeFish, Undertow Games and Daedalic Entertainment is a 2D co-op submarine sim with survival and horror elements that showed a lot of promise and they're now trying to make it a smoother experience.
Just recently they put up the "Quality of Life Update", which as the name suggests focuses on easing as many pain-points in it as possible. From bugs to performance, there's a massive amount that's changed with it. The entire user interface had a graphical and functional overhaul, the cursor now changes based on what you're hovering over to give more context, plus a ton more visual adjustments to make the game clearer.
Performance was a major focus they said too, with a big physics optimization and they've now made it multi-threaded. Optimizations were done all across the game too from items not updating when not active (which for a big submarine can make a huge difference), characters aren't rendered when off-screen which for a big game can again be a welcome improvement and AI bots got improved performance too.
The KDE Applications 19.12.3 update is now available as the last in the series. It comes with the Choqok 1.7 microblogging app, which now supports Twitter’s 280 character limit, the ability to disable accounts, and support for extended tweets.
Also included in the March 2020 apps update is the KDE Partition Manager 4.1.0 disk formatting program with support for MINIX filesystems, and KPhotoAlbum 5.6 image viewer and organizer, which better handles tagging of a large number of images, improved thumbnail view, and support for KDE’s purpose plugin framework.
This release also improved support for Samba (SMB) shares in the Dolphin file manager by adding the ability to create and paste files on Samba shares, support for file attributes, the ability to view available amount of free space, correctly hide files, the ability to specify the domain, and support for cifs:// URLs as valid paths.
In case you missed the news: last month I decided to make the full version of GCompris gratis for all platforms! I hope that this move will make it easier for all the children in the world to get access to the best educational software.
Now in order to support my work on GCompris development, I will rely only on Patreon.
Each month I will publish a News post there to keep patrons informed of the work done. All the patrons will have their name on the donation page of GCompris website, except those who select the “Hidden Cats” tier.
After Carlos Soriano and Ernestas Kulik left Files (Nautilus) development, António Fernandes and I are now officially new maintainers. Given the limited manpower, the focus is more on fixing bugs, but some neat new features have been added to Files and GVfs as well. I just explain shortly that GVfs provides access to various protocols and remote shares for Files among others. I hope I will find some time soon to write a new post about GVfs in general. But let’s move back to the news in this release.
Have you ever wondered what the best community-oriented open source conference events look like? Ever wanted to attend one, but never dared to? Or need something to convince your boss to support you in attending as part of your work?
For many veteran FLOSS contributors who are part of big established projects, it is easy to take things for granted and just go to those events without hesitation; we forget how mysterious and intimidating this can be for casual or new contributors. We don’t typically spend the time to articulate what makes these events great, and why we spend so much effort organizing and attending them.
It also seems quite mysterious to our non-technical friends and family members. They sometimes know that we’re travelling to some mythical “computer conference” event in some faraway land, suspiciously held in a different city every year (as is the case with GNOME’s GUADEC), but it’s hard to explain why we’re mostly going there for a few days to spend time “indoors in some auditorium” instead of sipping margaritas on the beach.
Well, I have the solution for this longstanding communication problem.
I just uploaded a new unstable release version of Shotwell, 0.31.1. Why that took roughly a year and why that still doesn’t contain everything I wanted it to contain will be the content for some following posts.
Previously, there was already a way to have separate databases, but you would share the settings and thus the import folder between the two databases. Even more so, developing on the machine where you have your own photo collection caused me to import test data into my collection more than once.
GNOME Genius, one of the oldest GNOME programs and what served as the desktop's original calculator, has finally been ported to GTK3 and seen a new release in 2020.
GNOME Genius has been around since 1997 as one of the longest standing GNOME programs. While it was born as a calculator, with time it has tacked on 2D/3D plotting, an extensive numerical language, and a wide range of extra math features beyond what normally finds in a conventional desktop calculator.
The new thing here is port to this newfangled GTK3 by Yavor Doganov. A couple of new functions and bugfixes, but mostly it is just the new port.
In any case, Genius is one of the oldest GNOME projects going back to late 1997. It was the original GNOME calculator before I got wild ideas about it doing absolutely everything. It is programmable, has a powerful language and handles many fun features including support for matrices, rational numbers, and nice 2D and 3D plotting. The GUI version requires GNOME2 (at least glib2 if you don't want a GUI) a recent enough GMP library and the MPFR library. You can still use the command line version if you prefer non-gui interface.
With over 900,000 downloads since its release nine months ago, Zorin OS 15 has been our biggest and most advanced release ever. 2 in every 3 of these downloads were coming from Windows and macOS, reflecting our mission to bring the power of Linux to people who’ve never had access to it before. None of this could be possible without the help of you – the community – who have spread the word and helped the project to grow. We would like to thank all of you for making this release as enormous as it has been!
Based on the Ubuntu 18.04.4 LTS (Bionic Beaver) release, Zorin OS 15.2 is here to update the installation medias of all supported Zorin OS editions with the latest software versions and security patches to provide the community with better hardware compatibility and stronger security.
Just like Ubuntu 18.04.4 LTS, this new Zorin OS 15 update uses the Linux 5.3 HWE (Hardware Enablement) kernel the Canonical backported from the Ubuntu 19.10 (Eoan Ermine) operating system release. This adds support for AMD Navi GPUs like the Radeon RX 5700, 10th Gen Intel CPUs, and newer MacBook and MacBook Pro keyboards and touchpads.
With that in mind, Zorin OS continues its mission on delivering a free and powerful computer operating system to the masses, as a replacement for Windows or macOS. It also looks like the Zorin OS 15 release it’s close to one million downloads since its release in June 2019.
Zorin OS 15.2 is now available to download. The update serves as the latest point release in the Zorin OS 15.x series which debuted last year.
A raft of software updates, bug fixes and security patches are included, as is a new Linux kernel (Linux 5.3) courtesy of Ubuntu 18.04.4 LTS and its Hardware Enablement (HWE) stack.
Updated versions of core apps like Firefox, LibreOffice and GIMP also feature.
Zorin OS 15 has been a huge hit since its release last summer, clocking up an impressive 900,000 downloads since then.
The success is testament to the design and development choices taken by the Zorin OS team, who tailor the distro towards Windows switchers and Linux newbies who just want a system that ‘just works’ out of the box.
It’s for this reason Zorin OS 15 snared a spot on our list of the best Linux distros in 2019.
Microsoft's Windows 10 is hardly a new operating system anymore. In fact, it has been available to the public for damn near five years now. And yet, despite existing half a decade, it still feels very incomplete. The Control Panel still hasn't been merged with Settings, for instance, and the user interface still feels like a work in progress. Hey, at least those terrible Live Tiles are seemingly on their way out. Ultimately, using Windows 10 feels like you are in a constant state of beta. It shouldn't be this way -- Microsoft's operating system should be much better than it is. After all, the company essentially has unlimited resources.
Thankfully, Linux is here to save the day. Yes, thanks to Linux distributions, computer users can experience a sane operating system -- one that actually makes sense. There are countless great Linux-based operating systems, such as MX Linux 19.1, Netrunner 20.01, elementary OS 5.1.2, and Manjaro 19.0. One of my favorite Linux distros -- particularly for those switching from Windows -- is the excellent Zorin OS. Why? Well, it is very secure, looks great, offers a familiar user experience, and comes with some great free software. Today, a new version of that operating system -- Zorin OS 15.2 -- becomes available for download, and it looks awesome.
The Manjaro Linux ARM team recently announced a new development build of their Arch Linux-based distro for the PinePhone and PineTab devices, and it looks like they are making great progress so far.
According to the developers, the latest alpha build introduces the brand-new Plasma Mobile interface, a couple of new apps, a Manjaro ARM wallpaper, as well as a new partition layout using extlinux.conf as configuration file.
Moreover, the new build adds support for saving contacts in the Phonebook app, fixes brightness control, enables screen lock via the power button, improves the Favorites bar be correctly displayed, and changes the default user password to 1234.
Before you join the sysadmin corps, let me show you what a typical day in the life of a sysadmin looks like. In fact, I would like to share a whole week. So, read on and enjoy.
First, I would like to talk about what I actually do. I work in the central IT department of Bielefeld University. In my job, I take care of our virtualization platform, data center firewalls, and load balancer. I'm also one of several Linux admins running services on top of Red Hat Enterprise Linux.
[...]
As you could read from my week's diary above, the sysadmin's job is not only about hacking and configuring cool hardware, software, etc., it's also a lot of email, meetings, and contract checking.
Since the “should we switch to systemd” discussion has finally settled down, few things have inspired passionate conversations on the devel mailing list like Fedora Modularity. Developing Modularity has been a long process and we finally shipped “Modularity for Everyone” in Fedora 29. But we know there are a lot of rough edges, and it’s not surprising that the response hasn’t been completely enthusiastic. Let’s be honest: we’ve ended up in a situation where a lot of Fedora developers hate Modularity.
The Council agrees that Modularity serves a purpose that we really want to see Fedora, but we also understand the community frustrations. The packager experience is difficult, and handling upgrades needs additional work. We don’t want to throw away the work that’s been done, we want to take what’s there and make it work better.
Red Hat is canceling the physical Red Hat Summit presence in San Francisco and rebuilding it as a free, multi-day, virtual event from April 28-29, 2020.
User experience, or UX, is a lot more than prototypes and wireframes. To take a product and transform it into a human experience, you need multiple tools in your tool kit: insight, empathy, understanding, creativity, technical aptitude, and…content? Yes!
Written content plays a huge role in UX, but not many people know that. It’s not the focal point of good UX design—and it shouldn’t be. Similar to many other design aspects like button placement and menu items, the best written content does its job so well that people don’t even notice it. What people typically notice, however, is how they feel when interacting with products, teams, and companies. And content can be a big factor in that.
On Red Hat’s User Experience Design (UXD) team, we treat content the same way we treat products: the open source way. Everyone contributes ideas and feedback as we create content for all different channels, with one shared vision: to create the best user experiences possible. Here’s how we work together to write and distribute a variety of content for the user experience.
Some time ago, I published an article about the idea of self-hosting a load balancer within OpenShift to meet the various requirements for ingress traffic (master, routers, load balancer services). Since then, not much has changed with regards to the load balancing requirements for OpenShift. However, in the meantime, the concept of operators, as an approach to capture automated behavior within a cluster, has emerged. The release of OpenShift 4 fully embraces this new operator-first mentality.
Prompted by the needs of a customer, additional research on this topic was performed on the viability of deploying a self-hosted load balancer via an operator.
The requirement is relatively simple: an operator watches for the creation of services of type LoadBalancer and provides load balancing capabilities by allocating a load balancer in the same cluster for which the service is defined.
Organizations aim to innovate faster and more efficiently through cloud-native applications — and they expect these applications to protect their data, scale smoothly, and be always available. Now you can meet both expectations by combining the leading container application platform with the leading enterprise computing platform: Red Hat OpenShift on LinuxONE.
Debian is a free and open-source community-developed Linux operating system based on the Linux kernel and the basic system tools of the GNU project. It belongs to the operating system family of Unixoid systems (i.e. it implements the behavior of Unix) and is mainly supported and sponsored by the Debian project.
Debian is one of the most reliable operating systems you can run on a computer whether for personal computing or server purposes. And did you know that it is the distro upon which the popular Ubuntu operating system is based on?
Well, if you’re thinking about installing Linux on your workstation I’ve got a list of more relevant facts that go into my bag of the top reasons why you should not only try Debian out but make it the go-to distro for your day-to-day tasks.
Frankly, I think nearly everyone should wait for that solution to arrive in the Stable Channel. You could manually upgrade but you never know what that might break in the hooks of Project Crostini. I had a thought though, because I use several Chromebooks, all with different versions or channels of Chrome OS. Some still have the older Debian Stretch containers while one has a new Buster container. I decided to try a container backup and restore from Stretch to Buster.
Debian project leader Sam Hartman has decided not to run for the post again this year, putting his decision down to the fact that the mix of problems facing the community GNU/L:Linux project for the next year don't play to his strengths as much as those of the current year did. However, he did not rule out putting his hand up for the post again sometime in the future.
When Hartman was elected leader in April last year, he told iTWire in an interview that one of his priorities was to improve the process of decision-making.
And he says that during his tenure as leader, that problem has been tackled, at least to some extent. "I think we've made good progress figuring out how to make decisions," he told iTWire.
"Unfortunately, some of the decisions have had no easy answers. Feelings build up, and just because we've decided doesn't magically make that go away. We need to remind ourselves that we are still a community and find a way to process these feelings. That's something I am very interested in working on, but it's not something I can work on alone."
Before I began leading Ubuntu Studio, I was using a “spin” of Fedora called Fedora Jam. It was a musician/audio “lab” for Fedora which seemed to work well for me. Think of it as Ubuntu Studio minus the non-audio/music stuff, and with KDE Plasma instead of Xfce.
However, I knew of Ubuntu Studio’s importance in Linux-based production and creativity, and, as the story goes, I answered a call to help keep it alive.
Fast-forward two years. Ubuntu Studio is doing very well. I have a team that I rely on to keep things running. I decided to look at Fedora to see how they were doing, only to find out Fedora Jam had not been released for Fedora 31, and there was an un-responded-to keepalive request for Jam.
This got me thinking: what if something happens to Ubuntu Studio and Ubuntu/Debian became no-longer viable options for audio production? With that in mind, I decided to do something about it and stepped-in to become Fedora Jam’s new maintainer.
As it stands now, Fedora Jam 32 looks like it will be a thing, although not quite what I have envisioned. Hence, even now, I’m working on items for inclusion in Fedora 33 that should make it an excellent choice for audio production on Linux.
All this said, I want to make it clear: I am not leaving Ubuntu Studio. I am in a situation where I can adequately lead both Ubuntu Studio and Fedora Jam. Besides, this gives me a great deal of experience with packaging for Debian-based and .rpm-based Linux distributions.
Multipass is the software developed by Ubuntu-maker Canonical that is advertised as "a mini-cloud on your workstation" that provides an Ubuntu command-line in "just a click" with native hypervisor support.
Multipass is basically an easy means of spinning up Ubuntu VMs on Linux / Windows / macOS and similar in nature to Vagrant, but just focused on Ubuntu VMs. Multipass reached version 1.0 at the end of last year and doing the heavy lifting is KVM on Linux, Microsoft Hyper-V on Windows, and KyperKit on macOS. VirtualBox support also remains available.
This is the final week before the team is all off the Frankfurt for co-located sprinting on some features and products. So, watch this space. This was a fairly busy two weeks for the Web & Design team at Canonical. Here are some of the highlights of our completed work.
Seco unveiled a Linux-ready, 3.5-inch “SBC-C90” with a Ryzen V1000 or R1000, 2x GbE, and 4x DP++ ports. It also launched a Yocto-based Edgehog OS with containers, OTA updates, and remote management that runs on an upcoming SoloX based SBC-C23.
Last week at Embedded World, Seco announced an SBC-C90 board based on AMD’s Ryzen Embedded V1000 or R1000 SoCs. The Italian embedded firm also launched a subscription-based, managed Linux distribution called Edgehog OS that runs on several of its SBCs including an “under development” i.MX6 SoloX based SBC-C23 (see farther below). Finally, Seco unveiled two compute modules based on the Ryzen Embedded R1000 and AMD’s Epyc Embedded 3000, respectively, which we hope to cover in the coming days.
Nexcom’s Embux subsidiary has launched a 3.5-inch “EBC3A1-1G Y0” SBC that runs Linux on an i.MX6 and offers wide-range power, -20 to 65€°C support, dual CAN, and dual mini-PCIe slots.
We’ve seen Raspberry Pi cluster boards before, and most of them either use Raspberry Pi Zero boards or Raspberry Pi Compute Modules. Some examples include Turing Pi Clusterboard for up to 7 RPi CM3 modules, Cluster HAT board taking up to 4 Pi Zero board, and Mininodes Raspberry Pi 3 COM Carrier Board.
But some other solutions like Bitscope rely instead on full-sized Raspberry Pi 2/3/4 Model B boards. Another such option is IPTerra CloverPI board allowing up to 4 Raspberry Pi or compatible boards with 40-pin header to be clustered into a single unit powered by one power supply and connected via a 5-port Gigabit Ethernet switch.
Since we first launched Raspberry Pi, an SD card (or microSD card) has always been a vital component. Without an SD card to store the operating system, Raspberry Pi is pretty useless*! Over the ensuing eight years, SD cards have become the default removable storage technology, used in cameras, smartphones, games consoles and all sorts of other devices. Prices have plummeted to the point where smaller size cards are practically given away for free, and at the same time storage capacity has increased to the point where you can store a terabyte on your thumbnail.
The environment supports industry-standard Linux Industrial I/O applications, MATLAB, Simulink, and GNU Radio, and streaming interfaces for custom C, C++, Python, and C# applications. HDL reference designs and drivers allow zero day development.
Volla Phone, the company behind a smartphone that can run Android as well as Linux-based operating systems, has successfully achieved its target in its second Kickstarter campaign.
The concept of Volla Phone revolves around offering users more privacy and an alternative to Android and iOS operating systems. According to the Kickstarter campaign of the Linux smartphone, the campaign backers could also purchase Volla Phone running on Ubuntu Touch pre-installed.
The Librem 5 uses GNOME Contacts to manage contacts, but it does not yet have a way to import contacts from files. I decided to fix this and create a simple application to import contacts from vcard files. This means you can now easily migrate your contacts from Android and iCloud to the Librem 5!
If you have technical problems in the Free Software world chances are others ran into it too and publicly discussed how to solve it. The Openmoko project worked on a similar problem and Ubuntu Touch users have also discussed how to sync contacts. While these aren’t complete solutions, there’s plenty of useful advice to build on.
Also, don’t forget to ask for help and feedback from others
Thank you to Jeremiah, Kyle, Richard and Mladen from the Purism team for your help on my project.
The Librem 5 already has access to an incredible collection of software through the PureOS Store and will be getting official Flatpak support in the future. Flatpak is great because it makes it easy to package, distribute and sandbox applications, preventing them from accessing other apps or files. Regular Debian packages don’t have the same isolation offered by Flatpak, but they have access to the complete GNU/Linux stack.
Back in the 1990s, when Linux was a young operating system, Ian Murdock invented the concept of an app store in the form of what is now the apt command. This introduced the idea that a computer's capacity was boundless, and literally any command should be available to you; all you had to do was copy it from a network repository to your local system. It seemed impossible at the time, and yet it's commonplace now, whether you're on a Linux machine with DNF or Apt, Mac OS with Homebrew, or Windows with Chocolatey.
Chocolatey is software management automation for Windows that wraps installers, executables, ZIP files, and scripts into compiled packages. It's modeled after Apt and yum and unlocks a new world of automatable and predictable package management to Microsoft's operating system. Chocolatey is open source and encourages participation from the community. The more people who learn and use Chocolatey, the more its offerings of packages can grow.
The security industry has come a long way in the past decade. As companies strive to make their products more accessible to cater to end-user demands, system designs are changing. One of the most significant advancements we’ve seen is a migration from proprietary systems to systems that have the flexibility to work seamlessly with other equipment, regardless of the manufacturer.
Open source systems are impacting all aspects of physical security, from development to installation. Thanks to the flexibility these systems provide, integrators can create individualized solutions tailored to their client’s unique needs. While the benefits are many, there are three key reasons to embrace open source systems to ensure you are providing your clients with the tools they need, now and in the future.
This is my third time attending FOSDEM. I attended on behalf of RIT LibreCorps to represent our engagement with the UNICEF Office of Innovation and the Innovation Fund. For FOSDEM 2020, I arrived ready to give my talk (coming in pt. 2) and honestly to see where the weekend took me.
Planning out FOSDEM is hard. So, my strategy is to figure it out as I go, since most of what I get out of FOSDEM comes from casual conversations and “hallway track.”
The venue, which was originally projected to take place on the Microsoft campus in Redmond, WA, gives will now be live-streamed entirely as a safety measure against virus infections.
FOSS Linux shared news of the first-ever Windows Subsystem for Linux Conference, or WSLConf, with our readers September last year. However, concerns over the coronavirus (COVID-19) outbreak have compelled the event’s sponsor, Canonical, and host, Microsoft, to cancel the onsite event and instead hold the event as a virtual event.
Red Hat is the latest organization that decides to cancel one of its physical events, with the upcoming Red Hat Summit 2020 now moving to online-only due to coronavirus concerns.
The event was projected to take place April 28-29, and Red Hat says the same content would be provided to those who connect to the live streaming, including keynotes, breakout sessions, and access to Red Hat experts.
It seems likely that these are not the last conferences that will be affected in our communities.
Can you even remember a world before selfies or memes? Things have escalated quickly. Social media has taken over our lives and, for better or worse, become an extension of who we are online. Our vacations, friends, major life milestones and really anything personal you can think of is put on display for all to see in our social profiles. We’re innocently connecting with friends or catching up on the latest social trends while snoopers (hello Joe from Netflix’s You) and advertisers are using it to learn all they can about us.
Developing a 3D application is a complex task. While 3D engines like three.js provide a solid foundation, there are still many different systems that must work together (eg: app states, flow, logic, collisions, physics, UI, IA, sound…), and you probably do not want to rebuild all this from scratch on each project.
Also, when creating a small experiment or simple technical demo (like those at https://threejs.org/examples), disparate parts of an application can be managed in an ad-hoc manner. But as the software grows with more interactions, a richer UI, and more user feedback, the increased complexity demands a better strategy to coordinate modules and state.
We created ECSY to help organize all of this architecture of more complex applications and ECSY-Three to ease the process when working with the three.js engine.
Welcome to another round of updates from Firefox Add-ons in Firefox 74.
I’ve spent the past few weeks, and will spend the next few weeks, setting up cross-compiled builds of Firefox for Windows on Linux workers on Mozilla’s CI.
This major update of Collabora Online comes with a fresh new user interface and is built on top of the stability and performance of our LTS version of LibreOffice: Collabora Office 6.2. This new Collabora Online includes many improvements in functionality and user-friendliness as well as a raft of bug fixes and polish. The most obvious new feature is the powerful sidebar, which allows users to easily change settings for text, tables, colours, charts and other objects in the documents. It gives Collabora Online almost the same feature- richness available in Collabora Office on the desktop. Furthermore there is a redesigned status bar, much-improved toolbars and a powerful function wizard now available in Calc online. Copy and paste of rich text and content is added for online functions, and our responsive user interface adapts attractively to smaller and mobile screen sizes.
Collabora Productivity, the force behind putting LibreOffice in the Cloud, announced today the availability of Collabora Online 4.2, a new major release of their LibreOffice Online office suite.
Built on top of the long-term supported Collabora Office 6.2 office suite, Collabora Online 4.2 is here to introduce a fresh new look, giving users easy access to the most powerful features and tools. A new them and redesigned icons provides existing users with a fresher LibreOffice Online experience.
On top of the new user interface improvements, Collabora Online 4.2 brings new functionality to the cloud-based office suite, including a powerful new sidebar that makes it easier for users to change text, chart, table, color, and several other settings in their documents. The new sidebar also allow users to quickly access rich chart functions.
LibrePlanet has an important role in building ties and collaboration in the free software movement, and we know how much many people look forward to it each year. The onset of the novel coronavirus (COVID-19) is a stressful and devastating development. We are considering all possible measures that might need to be taken as we carefully track the latest news updates. We are committed to the safety of our attendees, staff, and their wider communities, so we are approaching these decisions carefully.
At this time, the risk for Massachusetts residents remains low, and there are no travel notifications for the United States or Boston, MA. The latest update from the World Health Organization (WHO) from February 29 continues to advise against the application of any international travel restrictions, based on current information available. For the time being, we are remaining optimistic that LibrePlanet 2020 can continue as planned.
This is to announce coreutils-8.32, a stable release. See the NEWS below for more details.
Thanks to everyone who has contributed! There have been 100 commits by 18 people in the 51 weeks since 8.31 Akim Demaille (1) Jeff Layton (3) Andreas Dilger (1) Jim Meyering (1) Assaf Gordon (6) Kamil Dudka (4) Bernhard Voelker (6) Kevin Locke (1) Bruno Haible (3) Martin Castillo (2) Chris Meyering (1) Mike Swanson (1) Colin Watson (1) Paul Eggert (31) Emil Engler (1) Pádraig Brady (38) Jan Nieuwenhuizen (1) Shugo Maeda (1)
Pádraig [on behalf of the coreutils maintainers]
==================================================================
Here is the GNU coreutils home page: https://gnu.org/software/coreutils/
For a summary of changes and contributors, see: https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=shortlog;h=v8.32 or run this command from a git-cloned coreutils directory: git shortlog v8.31..v8.32
To summarize the 867 gnulib-related changes, run these commands from a git-cloned coreutils directory: git checkout v8.32 git submodule summary v8.31
==================================================================
Here are the compressed sources: https://ftp.gnu.org/gnu/coreutils/coreutils-8.32.tar.gz (13MB) https://ftp.gnu.org/gnu/coreutils/coreutils-8.32.tar.xz (5.3MB)
Here are the GPG detached signatures[*]: https://ftp.gnu.org/gnu/coreutils/coreutils-8.32.tar.gz.sig https://ftp.gnu.org/gnu/coreutils/coreutils-8.32.tar.xz.sig
Use a mirror for higher download bandwidth: https://www.gnu.org/order/ftp.html
[*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this:
gpg --verify coreutils-8.32.tar.xz.sig
If that command fails because you don't have the required public key, then run this command to import it:
gpg --keyserver keys.gnupg.net --recv-keys DF6FD971306037D9
and rerun the 'gpg --verify' command.
This release was bootstrapped with the following tools: Autoconf 2.69 Automake 1.16.1 Gnulib v0.1-3322-gd279bc6d9 Bison 3.4.1
NEWS
* Noteworthy changes in release 8.32 (2020-03-05) [stable]
** Bug fixes
cp now copies /dev/fd/N correctly on platforms like Solaris where it is a character-special file whose minor device number is N. [bug introduced in fileutils-4.1.6]
dd conv=fdatasync no longer reports a "Bad file descriptor" error when fdatasync is interrupted, and dd now retries interrupted calls to close, fdatasync, fstat and fsync instead of incorrectly reporting an "Interrupted system call" error. [bugs introduced in coreutils-6.0]
df now correctly parses the /proc/self/mountinfo file for unusual entries like ones with '\r' in a field value ("mount -t tmpfs tmpfs /foo$'\r'bar"), when the source field is empty ('mount -t tmpfs "" /mnt'), and when the filesystem type contains characters like a blank which need escaping. [bugs introduced in coreutils-8.24 with the introduction of reading the /proc/self/mountinfo file]
factor again outputs immediately when stdout is a tty but stdin is not. [bug introduced in coreutils-8.24]
ln works again on old systems without O_DIRECTORY support (like Solaris 10), and on systems where symlink ("x", ".") fails with errno == EINVAL (like Solaris 10 and Solaris 11). [bug introduced in coreutils-8.31]
rmdir --ignore-fail-on-non-empty now works correctly for directories that fail to be removed due to permission issues. Previously the exit status was reversed, failing for non empty and succeeding for empty directories. [bug introduced in coreutils-6.11]
'shuf -r -n 0 file' no longer mistakenly reads from standard input. [bug introduced with the --repeat feature in coreutils-8.22]
split no longer reports a "output file suffixes exhausted" error when the specified number of files is evenly divisible by 10, 16, 26, for --numeric, --hex, or default alphabetic suffixes respectively. [bug introduced in coreutils-8.24]
seq no longer prints an extra line under certain circumstances (such as 'seq -f "%g " 1000000 1000000'). [bug introduced in coreutils-6.10]
** Changes in behavior
Several programs now check that numbers end properly. For example, 'du -d 1x' now reports an error instead of silently ignoring the 'x'. Affected programs and options include du -d, expr's numeric operands on non-GMP builds, install -g and -o, ls's TABSIZE environment variable, mknod b and c, ptx -g and -w, shuf -n, and sort --batch-size and --parallel.
date now parses military time zones in accordance with common usage: "A" to "M" are equivalent to UTC+1 to UTC+12 "N" to "Y" are equivalent to UTC-1 to UTC-12 "Z" is "zulu" time (UTC). For example, 'date -d "09:00B" is now equivalent to 9am in UTC+2 time zone. Previously, military time zones were parsed according to the obsolete rfc822, with their value negated (e.g., "B" was equivalent to UTC-2). [The old behavior was introduced in sh-utils 2.0.15 ca. 1999, predating coreutils package.]
ls issues an error message on a removed directory, on GNU/Linux systems. Previously no error and no entries were output, and so indistinguishable from an empty directory, with default ls options.
uniq no longer uses strcoll() to determine string equivalence, and so will operate more efficiently and consistently.
** New Features
ls now supports the --time=birth option to display and sort by file creation time, where available.
od --skip-bytes now can use lseek even if the input is not a regular file, greatly improving performance in some cases.
stat(1) supports a new --cached= option, used on systems with statx(2) to control cache coherency of file system attributes, useful on network file systems.
** Improvements
stat and ls now use the statx() system call where available, which can operate more efficiently by only retrieving requested attributes.
stat and tail now know about the "binderfs", "dma-buf-fs", "erofs", "ppc-cmm-fs", and "z3fold" file systems. stat -f -c%T now reports the file system type, and tail -f uses inotify.
** Build-related
gzip-compressed tarballs are distributed once again
We are happy to announce that GNU Guix participates in the Google Summer of Code (GSoC), under the aegis of the GNU project. We have collected project ideas related to GNU Guix. The list is far from exhaustive, so feel free to bring your own!
The GNU Project participation was announced on Feb. 20. Thanks for the GNU org admins for organizing this.
The application period is from March 16. to March 31. The final proposal submission deadline is March 31., 2020 at 20:00 CEST.
The student projects are announced on April 27., 2020. We will have to provide the number of slots requested to the GNU project, so that they can accumulate the numbers to pass on to Google. This takes some time, so please prepare the decision early, so we don't have to hurry when this information is requested. We kindly remind everyone involved not to communicate an intern selection decision before the official announcement.
More data is becoming freely available through initiatives such as institutions and research publications requiring that data sets be freely available along with the publications that refer to them. For example, Nature magazine instituted a policy for authors to declare how the data behind their published research can be accessed by interested readers.
To make it easier for tools to find out what’s in a data set, authors, researchers, and suppliers of data sets are being encouraged to add metadata to their data sets. There are various forms for metadata that data sets use. For example, the US Government data.gov site uses the standard DCAT-US Schema v1.1 whereas the Google Dataset Search tool relies mostly on schema.org tagging. However, many data sets have no metadata at all. That’s why you won’t find all open data sets through search, and you need to go to known portals and explore if portals exist in the region, city, or topic of your interest. If you are deeply curious about metadata, you can see the alignment between DCAT and schema.org in the DCAT specification dated February 2020. The data sets themselves come in various forms for download, such as CSV, JSON, GeoJSON, and .zip. Sometimes data sets can be accessed through APIs.
Another way that data sets are becoming available is through government initiatives to make data available. In the US, data.gov has more than 250,000 data sets available for developers to use. A similar initiative in India, data.gov.in, has more than 350,000 resources available.
Qt 5.15 provides a much improved way of exposing C++ types to QML. You can now specify your module name and version in a central place and there is no need to specify minor versions or revisions anymore. Furthermore, the specifics of the QML type registration can now be declared in the C++ class declaration.
The common way to make C++ types available in QML so far was using the registration functions provided in the qqml.h header: qmlRegisterType(), qmlRegisterSingletonType(), qmlRegisterUncreatableType() etc. There are downsides to this approach:
You always need to keep your type registrations in sync with the actual types. This is especially bothersome if you use revisions to make properties available in different versions of an import. Even if not, the fact that you need to specify the registration separately from the type is a burden as you can easily lose track of how you registered which types into which modules.
Furthermore, as you register your types procedurally, any QML tooling cannot automatically tell which types are available in which import. Qt Creator indeed has some heuristics that try to detect common registration patterns in C++ code, but this is necessarily incomplete. Figuring out whether a specific registration will be executed by the program is equivalent to solving the halting problem. Simpler tools like qmllint or qmlformat have no information about the C++ code and need to analyze your QML code in isolation. Therefore, they won't have any information about types registered from C++. In order to (partially) solve this problem the "qmltypes" files were introduced. When developing a QML plugin, you are encouraged to put a file called "plugins.qmltypes" next to the plugin binary. The qmltypes file contains meta-information about the types registered by the plugin. Qt Creator and other tools can then refer to this information in order to provide you with better analysis of your code. This works, but only for plugins. If you register your types directly from the main program, you're still facing the same problem. Also, you end up specifying your types twice, once in C++ and once in qmltypes format. In order to (partially) solve the problem of redundant type specification, a tool called "qmlplugindump" is available. This tool will load your plugin in the same way the QML engine would load it. It will then extract information about all the types contained in it in order to produce a plugins.qmltypes file. This, however, will also execute unrelated code in your plugin, and it will only work if you are compiling your plugin for the same platform as qmlplugindump runs on. In practice, it does not work for cross-compiled builds.
Julia is a high-level, high-performance dynamic programming language for technical computing by Alan Edelman, Stefan Karpinski, Jeff Bezanson, and Viral Shah. Julia aims to create an unprecedented combination of ease-of-use, power, and efficiency in a single language.
It’s a homoiconic functional language focused on technical computing. While having the full power of homoiconic macros, first-class functions, and low-level control, Julia is as easy to learn and use as Python.
Although Julia is a new language, first appearing in 2012, its roots are in Lisp, so it comes with mature features like macros and support for other metaprogramming techniques like code generation. Julia’s expressive grammar lets you write easy-to-read and easier-to-debug code, and its speed gets you through more work in less time. It’s a great choice whether you’re designing a machine learning system, crunching statistical data, or writing system utilities.
Distinctive aspects of Julia’s design include a type system with parametric polymorphism and types in a fully dynamic programming language and multiple dispatch as its core programming paradigm. It allows concurrent, parallel and distributed computing, and direct calling of C and Fortran libraries without glue code.
As we take another lap around the k-Means race trace, the Porsche 914-2 and Volvo 142E are still neck and neck. This time we'll try a straight-forward normalisation that linearly scales all values to the range [0,1] and see if they still end up in the same cluster.
Curiosity finally got the better of me, so I looked up both of those models and they are actually quite similar cars from the early 1970s. Would I have dug so deep if I hadn't has that misconception about what I thought the clustering should have produced? Probably not.
In this article, you are going to see different techniques for removing stop words from strings in Python. Stop words are those words in natural language that have a very little meaning, such as "is", "an", "the", etc. Search engines and other enterprise indexing platforms often filter the stop words while fetching results from the database against the user queries.
Stop words are often removed from the text before training deep learning and machine learning models since stop words occur in abundance, hence providing little to no unique information that can be used for classification or clustering.
In this episode, I added styling to the Sign Up page of the site. We chatted about CSS tools and frameworks, the benefit of feature flags to control what UI is displayed to users, and how to use Tailwind CSS to modify a design quickly.
In the first portion of the stream, we focused on CSS frameworks. We compared Bootstrap, Semantic UI, and Tailwind CSS.
After that discussion, I talked about feature flags. The project uses a feature flag to protect the sign up page and only displays the page when I turn on a flag. This control will be useful for me to gate which new users I would like to allow into my project as I open it up to others.
Once the feature flag was on locally, we worked to style the signup form that was provided by django-allauth. I kept the form very basic with a plan to expand it in the future. We also talked about JS frameworks and my plans for which framework to use.
We finished the development for the stream by fixing the notification messages. While testing the sign up flow, I noticed that multiple notifications appeared from django-allauth and my UI stacked them in a way that looked off. We used flexbox to fix the issues so that multiple notifications could display well together.
On 3 March we upgraded our EU-based system at eu.pythonanywhere.com to the latest version of our code, and this morning (5 March) we upgraded our US-based system at www.pythonanywhere.com to the same version.
In this Part 4 of Python Data Structure series, we will be discussing what is a set, how it differs from other data structure in python, how to create set objects, delete set objects and methods of set objects.
In radiology, people take a long time to become experienced. Medical school, MD, certified radiologist... And when they're 68 they're off to a pension. What they did at Quantib was to try and "scale radiology experience with AI".
Detection and classification of prostate lesions. Same with breast MRIs. Brain shrinkage. They hope it increases the amount of MRI scans that can be processed. And also the quality of the analysis.
He demoed the application. There's detection of brain regions in the software, for instance. When you compare two MRI scans at different points in time, you can see the difference and compare that difference with what you would see in a healthy person.
Hospital practice often means downloading radiology RMI images from a central hospital image storage server ("PACS"), taking them to a separate workstation for analysis and then going back with reports. This takes time, so it is sometimes omitted due to time pressure...
What they're working on now is to run their AI software on a server and connect it to the image storage service. They designed their software as a bunch of microservices. Storage service, import, dispatch, workflow service, processing.
__getattr__ is a hook method that's called by Python when regular attribute lookup fails (not to be confused with the lower level __getattribute__, which is much harder to work with). You can use it to wrap the configuration dictionary. Here's a small example.
This Week in Rust is openly developed on GitHub.
Here in Appalachia’s Bible Belt, conservatives in the Legislature want to force all West Virginia public high schools to teach Bible classes, as occurs in several other Republican-controlled states.
"Now is not the time to play games with critical medical research that underpins every rule designed to protect us from harmful pollution in our air and in our water."
2038: Today, Unix programmers are already preparing for the "Year 2038 bug." Some versions of Unix will break in that year as the number of seconds that have passed since Unix time began in 1970 grows too big to hold in a 32-bit register.
The Open Networking Foundation (ONF) has come up with its first open source platform called Aether for delivering Enterprise 5G/LTE-Edge-Cloud-as-a-Service.
Built on the CORD and ONOS platforms, Aether runs in a Kubernetes orchestrated environment. It provides mobile connectivity and edge cloud services for distributed enterprise networks, all provisioned and managed from a centralized cloud.
Based on open source components and optimized for cloud deployments, Aether simultaneously supports deployment on licensed (4G/5G) and unlicensed (CBRS) spectrum. It is easy to deploy, highly scalable and designed for rapid edge service onboarding in a multi-cloud environment.
Today we are excited to announce the results of our annual CNCF Survey for 2019! The survey of the community provides a better understanding of how and where cloud native technologies are being adopted. This is the seventh time we have conducted an assessment of the cloud native marketplace. As CNCF grows, we’re in an excellent position to measure the trends among users of open source technologies. We love learning about what our community is doing as members continue to push the envelope of innovation and open source.
According to the recently published results of the CNCF Survey for 2019, the use of cloud native projects in production continues to grow with many projects reaching more than 50% use in production.
This includes more than half of CNCF’s graduated projects: Kubernetes (78%), Prometheus (72%), CoreDNS (69%), Fluentd (64%), and contianerd (53%). Additionally, all graduated projects saw an increase in use in production.
Overall, the results of the survey show that the use of many cloud native technologies has become ubiquitous. Cloud native software is simplifying the building of complex applications, while at the same time enabling organizations to build and deploy these applications faster.
With so much emphasis on open source software and platforms, at times we lose sight of how hardware is continuing to advance, with its own community development and standardization efforts. The Linux Foundation recently announced their Zephyr Project, which is building a secure and flexible real-time operating system (RTOS) for the Internet of Things (IoT) in space-constrained devices, welcomes Adafruit, an interesting company that enables makers to build DIY electronic products.
I am seeing nothing on the Let's Encrypt website. And no other details anywhere. I'll post more when I know more.
Security updates have been issued by CentOS (http-parser and xerces-c), Debian (tomcat7), Fedora (opensmtpd), openSUSE (openfortivpn and permissions), Red Hat (http-parser, openstack-octavia, python-waitress, and sudo), Slackware (ppp), and SUSE (kernel).
Hackers are crawling all over the US Department of Defense’s websites. Don’t worry, though: they’re white hats, and DoD officials are quite happy about the whole thing.
Four years after it first invited white hat hackers to start hacking its systems, the Pentagon continues asking them to do their worst – and a report released this week says that they’re submitting more vulnerability reports than ever.
The DoD’s Department of Defense Cyber Crime Center (DC3) handles cybersecurity for the DoD, and is responsible for tasks including cyber technical training and vulnerability sharing. It also runs the DoD’s Vulnerability Disclosure Program (VDP).
Node v10.19.0 LTS Released: Node.js is an open-source application, cross-platform application which is mainly used to interpret JavaScript. Ryan Dahl is the software engineer of the Node.js application. The team announced that the latest version of Node v10.19.0 LTS version has been released.
New vulnerabilities are reported all the time in open source code and applications and that's all good – it’s a healthy part of the ecosystem. By finding vulnerabilities, they can be fixed, rather than just staying dormant in the shadows for attackers to exploit. Over the past decade, there have been a few high profile open source vulnerabilities, that made some substantial impact. All of the issues were patched in short order by the upstream projects, but not every user patched quickly, leaving some exposed to risk.
Microsoft security is under fire after new research, published here for the first time, exposes the serious risk of account hijack from compromised subdomains. Put simply, users visiting a genuine Microsoft web domain might actually be on a subdomain controlled by an attacker. Any information those users then share will be at risk—including usernames and passwords. Users are advised to take care the links they click, but if subdomains appear genuine, they will likely be tricked.
"We are aware of such reports,” a Microsoft spokesperson told me, “and are taking appropriate action as needed to help protect services and customers." While the lack of controls on Microsoft subdomains has been exposed before, this new report from Numan Ozdemir and Ozan Agdepe of Vullnerability.com includes a proof of concept video (see below) that shows how simple this is in practice.
There are no claims that these exploits have been exploited in the wild yet. But the vulnerability is now in the public domain. It is only a matter of time before bad actors seek to exploit the issue and put users at risk. “Enterprise sprawl and a lack of internal domain controls has created a nightmare,” cyber expert Ian Thornton-Trump tells me. “I suspect in the wake of this, Microsoft will need to implement significant changes in how domains are managed.”
Microsoft has admitted that Cumulative Update 2 for SQL Server 2019 has a problem, and those using SQL Server Agent should either skip it or roll it back.
Cumulative Update 2 appeared on 13 February and contains all manner of important fixes for database botherers aimed at boosting performance and improving stability.
Alas, things seemed to go wrong pretty quickly for some database admins as users took to the DBA forums in StackExchange to complain that the SQL Server Agent seemed a bit poorly after applying the update.
Seemingly random failures, problems with schedules and freezes were mentioned as users struggled to get to grips with what was going wrong. Microsoft's own forums were similarly blighted, with one user making the important point: "In addition to not showing jobs they are also not being run so important jobs such as backups aren't being done."
SQL Server Agent is responsible for running jobs such as backups and other maintenance tasks. It can also be found running T-SQL for all manner of purposes, so for it to be broken is not ideal.
A sophisticated hacker group pwned Amazon Web Services (AWS) servers, set up a rootkit that let them remotely control servers, then merrily funnelled sensitive corporate data home to its command and control (C2) servers from a range of compromised Windows and Linux machines inside an AWS data centre.
That’s according to a report from the UK’s Sophos published late last week, which has raised eyebrows and questions in the security industry. The attackers neatly sidestepped AWS security groups (SGs); which, when correctly configured, act as a security perimeter for associated Amazon EC2 instances.
The unnamed target of this attack had correctly tuned their SGs. But with a rootkit installed on their AWS servers that gave attackers remote access, the compromised Linux system was still listening for inbound connections on ports 2080/TCP and 2053/TCP: something that eventually triggered Sophos’ intervention.
The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company's platforms. The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.
Positive Technologies specialists have discovered an error in Intel hardware, as well as an error in Intel CSME firmware at the very early stages of the subsystem's operation, in its boot ROM. Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms. For instance, Intel CSME interacts with CPU microcode to authenticate UEFI BIOS firmware using BootGuard. Intel CSME also loads and verifies the firmware of the Power Management Controller responsible for supplying power to Intel chipset components.
The Positive Technologies blog is reporting on an unfixable flaw the company has found in Intel x86 hardware that has the potential to subvert the hardware root of trust for a variety of processors.
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. The affected pppd software is an implementation of Point-to-Point Protocol (PPP) that enables communication and data transfer between nodes, primarily used to establish internet links such as those over dial-up modems, DSL broadband connections, and Virtual Private Networks. Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol (EAP) packet parser of the pppd software.
Members of Congress are about to introduce a bill that will undermine the law that undergirds free speech on the Internet. If passed, the bill known as the€ Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act,€ will fulfill a long-standing dream of U.S. law enforcement. If passed, it could largely mark the end of private, encrypted messaging on the Internet.
The Department of Justice and the FBI have long seen encryption as a threat. In 1993, the Clinton administration promoted the installation of a “Clipper Chip” in consumer devices that would allow for easy government eavesdropping using key escrow. When researchers repeatedly demonstrated that this flawed idea would compromise privacy and security for everyone, not just criminals, the idea was scrapped. But U.S. law enforcement agencies spent the next 25 years villainizing the widespread adoption of encryption and highlighting a series of awful criminal acts in their efforts to scare elected officials into requiring backdoors.
T-Mobile, like many mobile carriers, insists in highly values consumer privacy. But that hasn't really been reflected in the company's response to ongoing SIM hijacking scandals. Nor was that dedication particularly apparent when T-Mobile (along with AT&T, Verizon, and Sprint) were all caught selling access to user location and 911 data to pretty much any nitwith with a nickel.
The annual Munich Security Conference that took place February 14-16 this year turned out to be an iconic event, drawing comparison with the one held in the same Bavarian city on February 10, 2007, where in a prophetic speech Russian President Vladimir Putin had criticized the world order characterized by the United States’ global hegemony and its “almost uncontained hyper use of force—military force—in international relations.”
Thursday yet another mass shooting was committed by a military veteran, this one in€ Milwaukee. Virtually all military veterans are not mass shooters. Many peace activists are veterans. Many everything under the sun are veterans. But mass shooters are very disproportionately military veterans.
Hold on to your helmets! It’s true the White House is reporting that its proposed new Pentagon budget is€ only€ $740.5 billion, a relatively small increase from the previous year’s staggering number. In reality, however, when you also include war and security costs buried in the budgets of other agencies, the actual national security figure comes in at more than $1.2 trillion, as the Trump administration continues to give the Pentagon free reign over taxpayer dollars.
When I was in Afghanistan, I often heard a Pashtun saying attributed to the Afghan Taliban strategy for war with the United States: “They have the watches, but we have the time”. I do not know the provenance of this saying and I do not know if the saying exists in other Muslim or Asian societies, but it certainly has held true in warfare over the centuries whether you understand it in terms of the United States Revolution, the Vietnamese war for liberation against the French, Japanese and the US, or the decades long struggle against apartheid in South Africa. It is a saying that, if translated from Afghanistan’s Pashto to Iran’s Farsi, could be very applicable to Iran right now.
It’s true that the Trump administration signed a “peace deal” with the Taliban — something that eluded both George W. Bush and Barack Obama — but a closer look at the agreement reveals it to be riddled with conditions that are fraught with obstacles.
Trump has sent more new troops to the Middle East than he’s bringing home from Afghanistan.
The International Criminal Court (ICC) on Thursday authorized an investigation into possible war crimes and crimes against humanity committed in Afghanistan. The probe targets US, Afghan and Taliban forces as well as intelligence personnel. The ruling came only days after the US and the Taliban signed an ambitious peace deal to end conflict in Afghanistan.
The Hague-based international court upheld an appeal by prosecutors against an earlier deision to block an investigation.
Pretrial judges last year acknowledged that widespread crimes had been committed in the war-torn Asian country and that there was sufficient basis for the investigations. However, they rejected a probe on the basis that too much time had passed and that the anticipated lack of international cooperation would also result in a likely unsuccessful inquiry.
"We've found that one of the most worrying impacts of climate change has already begun."
DeSmog has obtained some of the emails cited by The Times in that investigation, published here for the first€ time.
In the age of coming climate apocalypse, the narcissistic self-regard of humans in their exploitive relationship with the natural world is so disgusting, so utterly reprehensible, so vain and vacuous and unworthy of intelligent beings that it makes me want to repudiate humanism altogether and call for humans to be wiped off the goddamn planet.
"It's a sobering reality we're in."
The US imperium is rattled, so much so it’s letting everyone else know about it. Move over the trade war with its bitchy insistence on redressing imbalances, surpluses and deficits; the next phase of conflict with China is being waged in matters of technology, with Huawei’s 5G prowess featuring prominently. As the veteran Australian journalist Tony Walker soberly notes, “The ultimate destination of this conflict is unclear, but its ramifications will scar international relationships for decades to come.”
US courts and regulators recently rubber stamped the T-Mobile Sprint merger, ignoring forty years of history showing how US telecom megamergers almost always result in less competition, higher prices, and fewer jobs. Eliminating one of just four US wireless carriers is likely to result in higher prices (see: Canada or Ireland). Wall Street analysts and unions alike predict the deal could eliminate anywhere between 10,000 and 30,000 jobs, and data suggests the consolidation could result in employees across the sector making less money even if they work at other companies.
They call it Town Meeting day in Vermont. The concept is a leftover from a simpler time. In the bigger towns, it’s really just election day. Unlike the rural hamlets and villages where residents actually hold a meeting, there are no debates, no show of hands and no shaking one’s head when the neighbor starts talking some point he saw online or in the newspaper. Just voting with mostly paper ballots and markers.
Although we still live under heightened political fear, our communities must be counted.
"Pelosi, the DCCC, and Charles Koch all teamed up for Cuellar."
There are few clearer ways to see an administration’s choices than its budget. Here’s what we found in the president’s.
Donald Trump is the fakest (and realest) news of all.
As Democratic establishment coalesces around Biden, 2020 primary starting to look a lot Like 2016.
The gloves must immediately come off when it comes to treating Joe Biden.
Following his Super Tuesday wins, we look closely at the record of former Vice President Joe Biden, from his central role in supporting the Iraq War to expanding the so-called war on drugs. We speak with Branko Marcetic, the author of Yesterday’s Man: The Case Against Joe Biden. Biden’s approach to politics is based on “appeasing the right” and “taking the platform of his Republican opponent and trying to make it his own,” Marcetic says.
By reducing all of black Americans' concerns to race or exploiting the idea of a singular "black vote" in the first place, the elite political class continues to undermine our ability to organize the majoritarian social movement we need to combat the ruling-class assault on all working people in the United States.
"That problem, to put it bluntly, is that the people in power in state government have no interest in making€ it easier for Texans to vote."
Super Tuesday’s voting is completed, and Joe Biden performed beyond anyone’s wildest expectations. His surprising wins in Texas, Massachusetts, Maine and Minnesota, combined with a sweep of the southern states, changed the dynamics of this primary campaign from top to bottom.
"Democracy should not be purchasable."
"Biden is the preferred candidate for the financial markets."
Super Tuesday marked the first time former New York City Mayor Mike Bloomberg appeared on a Democratic primary ballot and his last night in the campaign.
But suppose you’re a Democrat who doesn’t want Donald Trump to have a second term? Suppose you’re a Democrat who suspects that Trump got elected in the first place because he exploited a deep sense of betrayal felt by tens of millions of Americans whose wages haven’t budged in 40 years and who know the system is rigged for the benefit of those at the top? Do you really vote for Joe Biden?
Donald Trump had the perfect opponent in the 2016 election. Running as a populist billionaire taking on the Washington elite, he couldn’t have asked for a better rival in Hillary Clinton, who carried heavy political baggage and who, for many, personified the so-called establishment. While Trump’s populist shtick was easy to pick apart, Clinton was the wrong person to promote the message she was trying to get across to voters.
Prime Minister Benjamin Netanyahu has fallen short of capturing the majority needed to form a government, near-final election results showed Wednesday, deepening a year of political deadlock and appearing to dash the long-serving leader’s hopes for a decisive victory as his trial on corruption charges nears.
On the biggest day of the 2020 presidential season so far, Super Tuesday, America’s biggest new voting system—in Los Angeles County—widely frustrated voters and poll workers in its debut in a jurisdiction that’s more populous than 39 states.
A bill pending in Missouri’s legislature takes aim at libraries and librarians who are making “age-inappropriate sexual material” available to children.
The U.S. Court of Appeals for the Ninth Circuit recently held in Prager University v. Google that YouTube is not a government actor bound by First Amendment limits simply because it hosts a forum for public speech. Rather, as EFF argued in an amicus brief, YouTube is a private entity whose editorial decisions cannot be challenged under the First Amendment, because YouTube itself has First Amendment rights to manage its platform as it sees fit.
Prager University (“PragerU”) is not an actual university, but rather is an educational and media nonprofit with a conservative and Judeo-Christian perspective. It operates a YouTube channel where it posts videos about various social and political issues. It objected to YouTube tagging some if its videos as “mature content” appropriate for Restricted Mode, meaning that users who had enabled Restricted Mode could not see the videos.
Verizon Media, formerly Oath, owns the two search engines Yahoo! and AOL. Three months ago, it also launched another search engine called OneSearch. OneSearch promises to provide “unfiltered” and “unbiased” search results on its front page.
Verizon Media’s search engines are powered by Microsoft Bing. Bing does the crawling, indexing, and ranking of the web and resells its search results to meta-search-engines like the three owned by Verizon Media. Other meta-search-engines like DuckDuckGo and Ecosia also operate this way.
There’s a huge conflict of interest in a media company that owns several high-profile websitesââ¬â°—ââ¬â°including Engadget, HuffPost, and TechCrunchââ¬â°—ââ¬â°owning several search engines.
A Cafe customer and friend, Brian, handed me out of the box he was carrying copies of the August 18 issue of the New York Times magazine and the Times supplement that announce the launching of “the 1619 Project.” He had bought 50 of them in order to pass them on to anyone who might be interested. Somehow, I had missed the news of this worthy Project, aimed ambitiously and admirably at reframing American history to “make explicit that slavery is the foundation upon which this country is built”- a cause I wholeheartedly support.
To some cops, there's nothing more inherently-suspicious than the invocation of rights. It appears they believe only guilty people do this. The innocent have no need for rights because if they have nothing to hide then they have nothing to fear.
On Wednesday, the Supreme Court is set to hear an abortion case that may sound familiar. That’s because the state restriction in question is almost identical to one the court overturned in 2016.
"We refuse to allow judges who know nothing about us and politicians who care little about us to control our reproduction."
Facial recognition technology promises to alert us if our children are skipping out on their college classes, to zip us past all the suckers waiting in line at the airport and to create nationwide databases to catch the “bad guys.” This newest biometric data is sold as a shortcut to utopia: technology that delivers responsible kids, quick service and safe streets — all with a scan of the human face. Politicians and companies pushing facial recognition technology say that, like the near-certainty of DNA and the exactness of fingerprint matches, the software is a precise, unbiased alternative to human bigotry in policing. Yet in reality, facial recognition technology is prone to false positives that target Black and Brown people, and then tracks them when they’re on parole. Instead of offering a kind of utopia, this biometric tool locks people into the dystopia of an already unjust criminal legal system.
While fretting over refugee children in freezing tents along Turkey’s border, or Nargis Fazili’s family fleeing Afghanistan across Asia to Europe, or lone migrant children caged in U.S. detention centers, we may barely register what happens to American children like Kaia Rolle; she’s a 6-year-old student at a not unusual neighborhood school in Florida.
KASTANIES, Greece — Greek authorities fired tear gas and stun grenades to drive away a crowd of migrants making a push to cross the border from Turkey on Wednesday, as pressure on Greece continued after Turkey declared its previously guarded gateways to Europe open.
Big, high walls can be troublesome. Ask Humpty Dumpty.
Truthdig is proud to present this article as part of Global Voices: Truthdig Women Reporting, a series from a network of female correspondents around the world who are dedicated to pursuing truth within their countries and elsewhere.
EFF has just learned that our dear friend Special Counsel Jim Tyre—one of the biggest and best Internet advocates you may never have heard of—has passed away. We don't have a lot of information yet, except that there will be a funeral in Los Angeles on Friday. We will update this post when we have more we can share.
We are mourning Jim today for countless reasons. He was a larger-than-life personality, and was well loved for his kindness, generosity, and sense of humor. But Jim was also one of the original Internet lawyers, and his knowledge and thoughtfulness on digital civil liberties issues was intimidatingly broad. His wisdom and judgement on complex litigation was foundational for EFF, and he set the bar high for our legal work. In fact, I used to call Jim EFF’s "adult supervision." Later he was also named our own staff "pirate" since he had to wear a very stylish eye patch after his first detached retina. Anyone who has worked at EFF since about 2000 knows that Jim always participated actively in our internal conversations, despite never leaving his beloved Los Angeles.
Ethos Capital—the private equity firm poised to purchase the .ORG domain registry for $1.1 billion—and Public Interest Registry (PIR, the entity Ethos wants to buy) have been attempting to respond to the concerns raised by the .ORG community. These after-the-fact changes just make clear that while there is nothing currently wrong with .ORG, there is a lot that could go wrong if this deal moves forward.€
Last week, we wrote about a proposal by Ethos Capital to add certain “Public Interest Commitments” to the contract governing the operation of the .ORG domain registry. Our post explained why that proposal doesn’t solve the problems with the planned sale. Since then, Ethos and PIR have hosted two webinars to discuss how their plan supposedly addresses the concerns that EFF and over 800 other organizations—along with Members of Congress, UN Special Rapporteurs, and state charity regulators [pdf]—have raised. Nothing said on those webinars changed our analysis. Instead, they only further reinforced that Ethos’s plan for a for-profit PIR is one that’s unsound at its very foundation.
Human for those who labor under the delusion that the curtailment of civil liberties in Kashmir and persecution of minorities in Delhi are “internal” matters:€ India chose democracy, secularism, and socialism as its goals in 1947.
"The narrative" over the past few years concerning internet companies has clearly shifted. It went from one that generally praised the wonders and power of the internet to one that now blames the internet for everything. The hagiographc coverage of the past clearly went too far, but the current "techlash" seems to have gone way too far in the other direction as well -- much of it from people grasping at straws over why things they don't like have happened in the world. The good folks over at The Verge have done a big consumer survey of people's general opinions of various big internet companies and it shows that most people still like these internet services, and believe, on the whole, that they make their lives better, not worse. Even the services that get the "worst" grades, still get over a 60% "favorable" rating, while Amazon, Google, YouTube, Netflix, Microsoft, and Apple all come in over 80% positive (with Amazon, Google, and YouTube breaking 90%).
This is my discussion about patent and IP policy with a fellow patent attorney, Russ Krajec, who produces the “Patent Myth Podcast“. I tried to persuade him patents are evil, or at least, understand why he doesn’t agree.
Hospira lost at the district court on obviousness — with the court finding its asserted Claim 6 of US8648106 invalid as obvious.
[...]
Hospira’s basic arguments here are (1) that inherency for obviousness must be proven with clear and convincing evidence and (2) that inherency for obviousness only ‘counts’ if necessarily present in the proposed combination, not merely likely or possibly present.
In their 2005 paper on Inherency, Professors Dan Burk and Mark Lemely took the position that inherency should have almost no role in the obviousness analysis because of its hindsight approach.
In an order issued this week in IPR2019-00143, a panel of PTAB judges decided that the public has no interest in ensuring that only valid patent claims issue from the Patent Office.
That’s not an exaggeration—if anything, it understates the case. In fact, the PTAB order states that “the public is generally likely to benefit from claim amendments during an inter partes review.” (emphasis added). In other words, this PTAB panel thinks that members of the public should be happy that the PTAB is amending a claim—even if no one is challenging its validity.
[...]
Before Aqua Products, the patent owner bore the burden of showing patentability for claims they wanted to add during an IPR. But in Aqua Products, the Federal Circuit determined that the USPTO’s current rules were not permissibly enacted and that, by default, petitioners bear the burden of proving an amended claim is invalid in IPR. The various opinions also set out a way in which the USPTO could issue rules that place the burden back on the patent owner.
The USPTO did no such thing. Instead, it issued rules to place the burden on the petitioner. The problem with that—as I identified in CCIA’s comments on the proposed rule—is that sometimes, as with ZTE, petitioners don’t have an incentive to prove the claims invalid. In that situation, the party that bears the burden of proof just gives up—and the amended claims are granted without any form of substantive opposition or examination.
That’s not ideal in any circumstance—and it’s part of why the USPTO should have placed the burden on the patent owner. But the ZTE case goes one step further, because there’s a party who’s actively willing to provide that substantive opposition—and the PTAB won’t let them.
[...]
In a complete abdication of its statutory role, as described by the Supreme Court, the PTAB panel in this case decided that ZTE—in the face of all logic—remained an “active participant” and that LG would not be permitted to argue against the proposed amendment. And to add insult to injury, the PTAB did so while claiming that the public would benefit from the issuance of this unexamined amended claim.
The PTAB is intended to protect the public from patent monopolies that go beyond their legitimate scope. That’s not the result this PTAB panel has ordered. Director Iancu should step in, trigger a Precedential Opinion Panel, and hold that if a party to an IPR is actively willing to oppose an amendment otherwise unopposed, it is permitted to do so even if the primary petitioner remains in the case.
Or better yet, when the USPTO issues its final rulemaking on amendment burden, Director Iancu should throw out the idea that petitioners should bear the burden and place the burden of proving patentability where policy and common sense says it should lie—on the party asking for a new patent claim, the patent owner.
Synopsis: Allergan asserts infringement of the '202 and '896 patents. Allergen develops, manufacturers, and distributes dermal filler products including JUVEDÃâ°RM€® Ultra XC, JUVEDÃâ°RM€® Ultra Plus XC, and JUVEDÃâ°RM€® VOLUMA€® XC. Prollenium makes, uses, sells, offers to sell, and/or imports into the United States Revanesse€® Versa+TM, a dermal filler. Allergen asserts that Revanesse€® Versa+TM infringes one of more claims of the '202 and '896 patents.
The UPSTO has published a new Federal Register notice titled “Clarification of practice for revival, reinstatement, and delayed priority petitions.”
Here, the PTO is explaining that it is going to require patent applicants to submit “additional information” to explain its claim of “unintentional” delay in meeting a particular deadline.
On March 5, 2020, a joint motion to terminate pursuant to settlement was filed in IPR2019-00498 by Unified Patents and Universal Cipher, LLC (f/k/a Cumberland Systems), an NPE. The ’647 patent, directed to encrypting of a password or other secret information, has been asserted in twenty-four district court cases, all of which have been terminated.
With help from some top torrent sites, Placeholder Gameworks has released a free copy of its new game Death and Taxes. The developer torrent has the same features as the $12.99 Steam release. While there's no significant effect on sales, developer Oak, who once was a hardcore pirate himself, is convinced that the official torrent will help the game in the long run.
Movie and TV show streaming app ApolloTV has shut down following threats from the Alliance for Creativity and Entertainment. The global anti-piracy coalition hand-delivered a cease-and-desist notice to the developer behind the software, the terms of which he immediately complied with.