Linux sysadmins are an enterprising lot. We work long hours. We typically see few people during our workdays. And, we're collectors of tools, techniques, scripts, websites, physical tools, and other goodies that help us in our jobs. This article describes my own personal sysadmin survival kit that consists of all of the above, plus one that you might not have considered.
It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.
Even though I write a lot about Linux myself and I am in the humble impression that I am getting a little better each time I write down my thoughts about my beloved operating system and related software, that does not mean that I think I am the only source for usable Linux information for you to follow. There are lots of great sources out there that bring information in an accessible and user friendly way. Like everyone, I also have my heroes and some of them are my favorite bloggers and vloggers that I like to visit regularly who provide me with great Linux related news and information. In this article I would like to introduce you to five Linux vloggers who have their own unique way of bringing Linux and open source information and who deserve a visit from you all.
Brent sits down with Nuritzi Sanchez, Senior Open Source Program Manager at GitLab, former GNOME Foundation President and Chairperson of the Board of Directors, and Founding Member of Endless, Inc. We explore her current experiences at GitLab, her deep involvement in the growth of GNOME’s community, the evolution of the Linux App Summit, her involvement with Endless, and why she is so drawn to the human aspects of technology.
I'm announcing the release of the 5.5.8 kernel.
All users of the 5.5 kernel series must upgrade.
The updated 5.5.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.5.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
A new, official systemd release has just been tagged. Please download the tarball here:
https://github.com/systemd/systemd/archive/v245.tar.gz
Changes since the previous release:
* A new tool "systemd-repart" has been added, that operates as an idempotent declarative repartitioner for GPT partition tables. Specifically, a set of partitions that must or may exist can be configured via drop-in files, and during every boot the partition table on disk is compared with these files, creating missing partitions or growing existing ones based on configurable relative and absolute size constraints. The tool is strictly incremental, i.e. does not delete, shrink or move partitions, but only adds and grows them. The primary use-case is OS images that ship in minimized form, that on first boot are grown to the size of the underlying block device or augmented with additional partitions. For example, the root partition could be extended to cover the whole disk, or a swap or /home partitions could be added on first boot. It can also be used for systems that use an A/B update scheme but ship images with just the A partition, with B added on first boot. The tool is primarily intended to be run in the initrd, shortly before transitioning into the host OS, but can also be run after the transition took place. It automatically discovers the disk backing the root file system, and should hence not require any additional configuration besides the partition definition drop-ins. If no configuration drop-ins are present, no action is taken.
* A new component "userdb" has been added, along with a small daemon "systemd-userdb.service" and a client tool "userdbctl". The framework allows defining rich user and group records in a JSON format, extending on the classic "struct passwd" and "struct group" structures. Various components in systemd have been updated to process records in this format, including systemd-logind and pam-systemd. The user records are intended to be extensible, and allow setting various resource management, security and runtime parameters that shall be applied to processes and sessions of the user as they log in. This facility is intended to allow associating such metadata directly with user/group records so that they can be produced, extended and consumed in unified form. We hope that eventually frameworks such as sssd will generate records this way, so that for the first time resource management and various other per-user settings can be configured in LDAP directories and then provided to systemd (specifically to systemd-logind and pam-system) to apply on login. For further details see:
https://systemd.io/USER_RECORD https://systemd.io/GROUP_RECORD https://systemd.io/USER_GROUP_API
* A small new service systemd-homed.service has been added, that may be used to securely manage home directories with built-in encryption. The complete user record data is unified with the home directory, thus making home directories naturally migratable. Its primary back-end is based on LUKS volumes, but fscrypt, plain directories, and other storage schemes are also supported. This solves a couple of problems we saw with traditional ways to manage home directories, in particular when it comes to encryption. For further discussion of this, see the video of Lennart's talk at AllSystemsGo! 2019:
https://media.ccc.de/v/ASG2019-164-reinventing-home-direc...
For further details about the format and expectations on home directories this new daemon makes, see:
https://systemd.io/HOME_DIRECTORY
* systemd-journald is now multi-instantiable. In addition to the main instance systemd-journald.service there's now a template unit systemd-journald@.service, with each instance defining a new named log 'namespace' (whose name is specified via the instance part of the unit name). A new unit file setting LogNamespace= has been added, taking such a namespace name, that assigns services to the specified log namespaces. As each log namespace is serviced by its own independent journal daemon, this functionality may be used to improve performance and increase isolation of applications, at the price of losing global message ordering. Each instance of journald has a separate set of configuration files, with possibly different disk usage limitations and other settings.
journalctl now takes a new option --namespace= to show logs from a specific log namespace. The sd-journal.h API gained sd_journal_open_namespace() for opening the log stream of a specific log namespace. systemd-journald also gained the ability to exit on idle, which is useful in the context of log namespaces, as this means log daemons for log namespaces can be activated automatically on demand and will stop automatically when no longer used, minimizing resource usage.
* When systemd-tmpfiles copies a file tree using the 'C' line type it will now label every copied file according to the SELinux database.
* When systemd/PID 1 detects it is used in the initrd it will now boot into initrd.target rather than default.target by default. This should make it simpler to build initrds with systemd as for many cases the only difference between a host OS image and an initrd image now is the presence of the /etc/initrd-release file.
* A new kernel command line option systemd.cpu_affinity= is now understood. It's equivalent to the CPUAffinity= option in /etc/systemd/system.conf and allows setting the CPU mask for PID 1 itself and the default for all other processes.
* When systemd/PID 1 is reloaded (with systemctl daemon-reload or equivalent), the SELinux database is now reloaded, ensuring that sockets and other file system objects are generated taking the new database into account.
* systemd/PID 1 accepts a new "systemd.show-status=error" setting, and "quiet" has been changed to imply that instead of "systemd.show-status=auto". In this mode, only messages about errors and significant delays in boot are shown on the console.
* The sd-event.h API gained native support for the new Linux "pidfd" concept. This permits watching processes using file descriptors instead of PID numbers, which fixes a number of races and makes process supervision more robust and efficient. All of systemd's components will now use pidfds if the kernel supports it for process watching, with the exception of PID 1 itself, unfortunately. We hope to move PID 1 to exclusively using pidfds too eventually, but this requires some more kernel work first. (Background: PID 1 watches processes using waitid() with the P_ALL flag, and that does not play together nicely with pidfds yet.)
* Closely related to this, the sd-event.h API gained two new calls sd_event_source_send_child_signal() (for sending a signal to a watched process) and sd_event_source_get_child_process_own() (for marking a process so that it is killed automatically whenever the event source watching it is freed).
* systemd-networkd gained support for configuring Token Bucket Filter (TBF) parameters in its qdisc configuration support. Similarly, support for Stochastic Fairness Queuing (SFQ), Controlled-Delay Active Queue Management (CoDel), and Fair Queue (FQ) has been added.
* systemd-networkd gained support for Intermediate Functional Block (IFB) network devices.
* systemd-networkd gained support for configuring multi-path IP routes, using the new MultiPathRoute= setting in the [Route] section.
* systemd-networkd's DHCPv4 client has been updated to support a new SendDecline= option. If enabled, duplicate address detection is done after a DHCP offer is received from the server. If a conflict is detected, the address is declined. The DHCPv4 client also gained support for a new RouteMTUBytes= setting that allows to configure the MTU size to be used for routes generated from DHCPv4 leases.
* The PrefixRoute= setting in systemd-networkd's [Address] section of .network files has been deprecated, and replaced by AddPrefixRoute=, with its sense inverted.
* The Gateway= setting of [Route] sections of .network files gained support for a special new value "_dhcp". If set, the configured static route uses the gateway host configured via DHCP.
* New User= and SuppressPrefixLength= settings have been implemented for the [RoutingPolicyRule] section of .network files to configure source routing based on UID ranges and prefix length, respectively.
* sd-bus gained a new API call sd_bus_message_sensitive() that marks a D-Bus message object as "sensitive". Those objects are erased from memory when they are freed. This concept is intended to be used for messages that contain security sensitive data. A new flag SD_BUS_VTABLE_SENSITIVE has been introduced as well to mark methods in sd-bus vtables, causing any incoming and outgoing messages of those methods to be implicitly marked as "sensitive".
* sd-bus gained a new API call sd_bus_message_dump() for dumping the contents of a message (or parts thereof) to standard output for debugging purposes.
* systemd-sysusers gained support for creating users with the primary group named differently than the user.
* systemd-resolved's DNS-over-TLS support gained SNI validation.
* systemd-growfs (i.e. the x-systemd.growfs mount option in /etc/fstab) gained support for growing XFS partitions. Previously it supported only ext4 and btrfs partitions.
* The support for /etc/crypttab gained a new x-initrd.attach option. If set, the specified encrypted volume is unlocked already in the initrd. This concept corresponds to the x-initrd.mount option in /etc/fstab.
* systemd-cryptsetup gained native support for unlocking encrypted volumes utilizing PKCS#11 smartcards, i.e. for example to bind encryption of volumes to YubiKeys. This is exposed in the new pkcs11-uri= option in /etc/crypttab.
* The /etc/fstab support in systemd now supports two new mount options x-systemd.{required,wanted}-by=, for explicitly configuring the units that the specified mount shall be pulled in by, in place of the usual local-fs.target/remote-fs.target.
* The https://systemd.io/ web site has been relaunched, directly populated with most of the documentation included in the systemd repository. systemd also acquired a new logo, thanks to Tobias Bernard.
* systemd-udevd gained support for managing "alternative" network interface names, as supported by new Linux kernels. For the first time this permits assigning multiple (and longer!) names to a network interface. systemd-udevd will now by default assign the names generated via all supported naming schemes to each interface. This may be further tweaked with .link files and the AlternativeName= and AlternativeNamesPolicy= settings. Other components of systemd have been updated to support the new alternative names wherever appropriate. For example, systemd-nspawn will now generate alternative interface names for the host-facing side of container veth links based on the full container name without truncation.
* systemd-nspawn interface naming logic has been updated in another way too: if the main interface name (i.e. as opposed to new-style "alternative" names) based on the container name is truncated, a simple hashing scheme is used to give different interface names to multiple containers whose names all begin with the same prefix. Since this changes the primary interface names pointing to containers if truncation happens, the old scheme may still be requested by selecting an older naming scheme, via the net.naming-scheme= kernel command line option.
* PrivateUsers= in service files now works in services run by the systemd --user per-user instance of the service manager.
* A new per-service sandboxing option ProtectClock= has been added that locks down write access to the system clock. It takes away device node access to /dev/rtc as well as the system calls that set the system clock and the CAP_SYS_TIME and CAP_WAKE_ALARM capabilities. Note that this option does not affect access to auxiliary services that allow changing the clock, for example access to systemd-timedated.
* The systemd-id128 tool gained a new "show" verb for listing or resolving a number of well-known UUIDs/128bit IDs, currently mostly GPT partition table types.
* The Discoverable Partitions Specification has been updated to support /var and /var/tmp partition discovery. Support for this has been added to systemd-gpt-auto-generator. For details see:
https://systemd.io/DISCOVERABLE_PARTITIONS
* "systemctl list-unit-files" has been updated to show a new column with the suggested enablement state based on the vendor preset files for the respective units.
* "systemctl" gained a new option "--with-dependencies". If specified commands such as "systemctl status" or "systemctl cat" will now show all specified units along with all units they depend on.
* networkctl gained support for showing per-interface logs in its "status" output.
* systemd-networkd-wait-online gained support for specifying the maximum operational state to wait for, and to wait for interfaces to disappear.
* The [Match] section of .link and .network files now supports a new option PermanentMACAddress= which may be used to check against the permanent MAC address of a network device even if a randomized MAC address is used.
* The [TrafficControlQueueingDiscipline] section in .network files has been renamed to [NetworkEmulator] with the "NetworkEmulator" prefix dropped from the individual setting names.
* Any .link and .network files that have an empty [Match] section (this also includes empty and commented-out files) will now be rejected. systemd-udev and systemd-networkd started warning about such files in version 243.
* systemd-logind will now validate access to the operation of changing the virtual terminal via a PolicyKit action. By default, only users with at least one session on a local VT are granted permission.
* When systemd sets up PAM sessions that invoked service processes shall run in, the pam_setcred() API is now invoked, thus permitting PAM modules to set additional credentials for the processes.
* portablectl attach/detach verbs now accept --now and --enable options to combine attachment with enablement and invocation, or detachment with stopping and disablement.
Contributions from: AJ Bagwell, Alin Popa, Andreas Rammhold, Anita Zhang, Ansgar Burchardt, Antonio Russo, Arian van Putten, Ashley Davis, Balint Reczey, Bart Willems, Bastien Nocera, Benjamin Dahlhoff, Charles (Chas) Williams, cheese1, Chris Down, Chris Murphy, Christian Ehrhardt, Christian Göttsche, cvoinf, Daan De Meyer, Daniele Medri, Daniel Rusek, Daniel Shahaf, Dann Frazier, Dan Streetman, Dariusz Gadomski, David Michael, Dimitri John Ledkov, Emmanuel Bourg, Evgeny Vereshchagin, ezst036, Felipe Sateler, Filipe Brandenburger, Florian Klink, Franck Bui, Fran Dieguez, Frantisek Sumsal, Greg "GothAck" Miell, Guilhem Lettron, Guillaume Douézan-Grard, Hans de Goede, HATAYAMA Daisuke, Iain Lane, James Buren, Jan Alexander Steffens (heftig), Jérémy Rosen, Jin Park, Jun'ichi Nomura, Kai Krakow, Kevin Kuehler, Kevin P. Fleming, Lennart Poettering, Leonid Bloch, Leonid Evdokimov, lothrond, Luca Boccassi, Lukas K, Lynn Kirby, Mario Limonciello, Mark Deneen, Matthew Leeds, Michael Biebl, Michal Koutný, Michal Sekletár, Mike Auty, Mike Gilbert, mtron, nabijaczleweli, Naïm Favier, Nate Jones, Norbert Lange, Oliver Giles, Paul Davey, Paul Menzel, Peter Hutterer, Piotr DrÃâ¦g, Rafa Couto, Raphael, rhn, Robert Scheck, Rocka, Romain Naour, Ryan Attard, Sascha Dewald, Shengjing Zhu, Slava Kardakov, Spencer Michaels, Sylvain Plantefeve, Stanislav AngeloviÃÂ, Susant Sahani, Thomas Haller, Thomas Schmitt, Timo Schlüßler, Timo Wilken, Tobias Bernard, Tobias Klauser, Tobias Stoeckmann, Topi Miettinen, tsia, WataruMatsuoka, Wieland Hoffmann, Wilhelm Schuster, Will Fleming, xduugu, Yong Cong Sin, Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew JÃâ¢drzejewski-Szmek, Zeyu DONG
– Warsaw, 2020-03-06
Systemd 245 is out. As usual, the list of new features is long; perhaps the one that has gained the most attention is systemd-homed...
There is also a new database for holding user and group data and a systemd-repart tool for the management of partitions on storage-devices at boot time.
The systemd 245 init system for Linux-based operating systems is now available for download and it’s a major release that adds new features and enhancements.
As you probably already heard, systemd 245 is the first version of the controversial init system to ship with systemd-homed.service, a new feature that enables secure management of /home directories with built-in encryption.
Not only this feature addresses some old issues with the traditional ways of managing home directories, but it also unifies the entire user record data with the home directory. This means that /home directories can now be easily migrated. systemd-homed supports both LUKS and fscrypt disk encryption standards.
Systemd 245 RC2 was released just earlier this week while now it has been succeeded by the stable release of systemd 245.
Most notable with systemd 245 is the introduction of systemd-homed that reimagines/modernizes Linux home directory handling with better password and encryption support, more self-containment / portability to allow more easily migratable home directories, and other features. It will be interesting to see the adoption of systemd-homed by Linux distributions moving forward.
Mesa's OpenGL threading "glthread" support has been around for a while but come Mesa 20.1 next quarter will be further improvements to this performance feature.
Well known AMD OpenGL open-source driver developer Marek Olšák has landed a large set of patches providing various improvements to the OpenGL threading implementation.
Mesa 20.0.1 is a bug fix release which fixes bugs found since the 20.0.0 release.
Mesa 20.0.1 implements the OpenGL 4.6 API, but the version reported by glGetString(GL_VERSION) or glGetIntegerv(GL_MAJOR_VERSION) / glGetIntegerv(GL_MINOR_VERSION) depends on the particular driver being used. Some drivers don't support all the features required in OpenGL 4.6. OpenGL 4.6 is only available if requested at context creation. Compatibility contexts may report a lower version depending on each driver.
Mesa 20.0.1 implements the Vulkan 1.1 API, but the version reported by the apiVersion property of the VkPhysicalDeviceProperties struct depends on the particular driver being used.
Following the release of Mesa 20.0 in mid-February, the first point release to this quarter's Mesa 3D feature series is now available.
Intel's Dylan Baker released Mesa 20.0.1 with representing the fixes that have accumulated since the 19 February debut of Mesa 20.0. For being the first point release, there is surprisingly not too many fixes. There are a number of core fixes, several Intel ANV and Iris driver fixes, a few ACO and LLVM fixes for Radeon, and other mostly mundane items.
Intel's performance-oriented Clear Linux distribution recently added support for using F2FS as the root file-system so we were curious to run some benchmarks on it for how it stacks up against EXT4.
In our many tests over the years of the F2FS file-system it generally has performed quite well on solid-state storage for which it's designed. While F2FS is seeing support from the likes of Google and Samsung in the Android space, on the Linux desktop there aren't many Linux distributions supporting the Flash-Friendly File-System as an install-time option for the root file-system.
I’ve read a couple of blogs write about how installing software on Linux can be sometimes painstaking and that surprises me. Because if there’s anything I am sure about it is the fact that Linux has always had a convenient way for managing software via the repository and users could either use the package manager or the command line. Nowadays the software center is a lot more modern.
I can’t deny though, there are times when you want an application and it is not in the software center or in the default repository and you’ll have to manually add a third-party repository.
If you would rather download new software like you would install a .exe file on Windows then the Linux equivalent formats are DEB and RPM and here are the top websites from which you can get apps in those formats listed in alphabetic order.
An electronic mailing list offers the ability to efficiently distribute information to many internet users. It is similar in some ways to a traditional mailing list.
Electronic mailing lists are normally automated using dedicated mailing software and a reflector address. Mailing lists are often used as a two-way method of discussion between interested parties, or a one-way dissemination of information where only selected individuals can make posts.
Mailing lists provide a popular method of information exchange for both Linux developers and users. For example, the Linux kernel mailing list gets a high volume of traffic, acting as a focal point for sharing patches, discussing implementation details, reporting bugs, and new features. Many prominent companies participate in these discussions including Intel, IBM, Oracle, and VMware.
There are quite a few color picker applications for Ubuntu Linux. Colorpicker is another one written with Electron, and works in Linux, Windows, and Mac OS.
Cyber Knights: Flashpoint from Trese Brothers, a tactical RPG set in the neon-soaked future of 2231 is now funded on Kickstarter and on the way to Linux.
Amnesia: Rebirth is the newly announced title from the horror masters at Frictional Games, after teasing it for a few months we finally know what it is.
Windows Games on Linux | WINE Versions Applications, Gaming, and all the different ways Linux deals with Windows Programs. Almost every Windows program uses WINE albeit in through a different program like Steam Proton, CrossOver, PlayOnLinux, and Lutris.
Today thanks to a game developer, I was made aware of Solarus. It's a cross-platform free and open source game engine, that's designed for people making 2D action-RPGs.
Sounds actually quite good too. Using an engine is programmed in C++, with the SDL library and an OpenGL back-end. The actual games made with it they call "quests" and you make them with Lua, so the game engine does the majority of the heavy lifting for developers—that's the aim at least.
Oxygen Not Included continues getting bigger, with the free Banhi's Automation Innovation Pack update out now. As the name of the pack suggests, it's focused on automation.
This new free pack includes new automation sensors: Counter Sensor, Timer Sensor, Wattage Sensor and Conveyor Rail Sensors. Also included is an Automation Ribbon, letting you sending up to 4 signals along a single tile. There's also new automation output buildings, updated artwork, a Solid Filter building for Conveyor Rails and more. Two really useful little robots got added in too with the Sweepy Bot and Sweepy Dock, they're not particularly smart but they can help with some of the more mundane tasks for your colonists—see the full list here.
Stadia is finally starting to fulfil some of the marketing Google had surrounding it before launch with new features rolling out to their Linux-powered game streaming service. Time for another Stadia round-up.
You've been able to streaming from Stadia in 4K since day-1 of the Founder/Premier edition launch, however that was only with the Chromecast Ultra. In a Chromium/Chrome browser, it was only a max of 1080p which has now changed. A post on Reddit mentioned a user had the option of 4K, and Google has now confirmed it's done rolling out in a comment.
This is another check off the list of features needed, although plenty are still missing. There's no wireless play from their Stadia Controller to the web, that's still marked as coming "soon".
Finally, Valve are looking to update their updates and news feed for the many tens of thousands of games on Steam with a brand new Steam Labs experiment.
Steam Labs is the special section of Steam, where Valve collaborate with the community and pull in outside developers to make new features. It's a great idea and we've already seen some cool stuff from it like the new filters in the Steam Search.
Dandara was quite a surprise, a metroidvania platformer with a gravity-defying movement mechanic that entirely changed you how play and it just got a big update with the Trials of Fear Edition.
[...]
On Steam, from over 200 user reviews it's managed to get a "Very Positive" rating so it's clear that people have enjoyed the game. I definitely did appreciate it attempting to do something different with the mix of metroidvania exploration and platforming, being able to leap around the screen quickly was seriously fun and it makes the combat feel thoroughly different too.
The last minor release of the 19.12 series is out with bug fixes and usability improvements. Next month we mark the one year anniversary of the refactored code base so stay tuned for many nifty features coming like pitch shifting, tagging and rating of clips in the project bin and the much anticipated preview scaling of monitors bringing a huge performance boost.
Zorin OS 15 is a Linux operating system worth paying attention to. But don’t take my word for it; ask one of the 900,000 predominantly Mac and Windows users who’ve apparently downloaded the Ubuntu-based distribution it in the last 9 months.
After some time of silent work (our previous blog post was published a month ago), the YaST Team is back with some news about the latest development sprint and some Hack Week experiments.
Tumbleweed – full steam ahead! There have been 6 snapshots in the last week, some with quite some changes. The snapshots were 0227, 0228, 0229, 0301, 0303 and 0304.
The health and wellbeing of our customers, partners, colleagues, and communities are of the utmost importance to SUSE. In light of the growing concern around COVID-19, and as a precautionary measure, we have decided to transform SUSECON 2020 into SUSECON Digital 2020, a virtual event.
The Manjaro ARM project has announced the fourth ALPHA release for the open-source Linux smartphone ‘PinePhone‘ as well as on the upcoming ‘PineTab’ tablet. So Manjaro Linux fans can now run the OS on the Linux based smartphone as well.
The Manjaro Linux ARM team has made significant progress so far. It recently announced a new development build of their Arch Linux-based distro for the PinePhone and PineTab devices.
The Yum successor DNF on Fedora and Red Hat Linux distributions (among other select RPM distributions) is soon embarking on its fifth major iteration.
Red Hat developers are starting work on DNF 5 as the next major version of this RPM package management solution. DNF 5 is being developed now in order to allow for API/ABI breakage, particularly with moving away from PackageKit and in its place developing a new DBus service to provide an interface to GUI-based package management applications.
Hello everyone, I'm pleased to announce start of DNF 5 development. We are planning to deliver a module stream or a COPR repo during Fedora 33 development for early adopters and tool developers and we're hoping in getting a stable version into Fedora 34.
More details follow.
We've managed to drop a lot of redundant code across the whole DNF stack in the past years, but we have reached a point when it's nearly impossible to consolidate the code any further without breaking the API/ABI. Especially with PackageKit being dead[1], we can't move with the old "libhif" API in libdnf, because making any bigger changes to PackageKit is clearly out of scope.
[1] https://blogs.gnome.org/hughsie/2019/02/14/packagekit-is-...
That's why we decided to start working on a new version of the DNF stack: DNF 5. And this is the plan:
Priorities ---------- 1. Consistency, documentation and user experience is the top priority. 2. Compatibility on the command line level. 3. Compatibility on the API level.
Maintenance ----------- The existing DNF 4 stack stays in the current Fedoras and Red Hat Enterprise Linux 8. We'll keep maintaining it in dnf-4-master branches on GitHub. PackageKit and rpm-ostree will stay on libdnf from the DNF 4 stack.
The existing Python API in DNF ------------------------------ The Python API in DNF stays. We'll do our best to keep it working. If there is an incompatible change, we'll communicate and document it properly.
The new API in libdnf --------------------- All business logic will move from DNF (Python) to libdnf (C++). This is the only way to ensure that package managers work identically across the whole distribution. We'll start with C++ API and auto-generated Python bindings via SWIG. We'll focus on the Python bindings which are required by DNF and we will do our best to provide bindings for Go, Perl5 and Ruby as well. C API will be created later when the C++ API is stable. At that moment rpm-ostree will be ported to the new C API.
hawkey ------ Hawkey Python API is going away and will be replaced with libdnf Python API.
DNF --- DNF stays as the primary command-line package manager. The overall functionality remains. We don't anticipate any negative impact of the API rewrite on the end-users. We have built an extensive test suite (over 1400 scenarios) that will help us to ensure that. The argument parser and outputs may slightly change in some cases to provide a more consistent user-experience. All such cases will be properly documented.
microdnf -------- Microdnf is becoming important because it's part of many containers due to its small footprint. We're getting feedback that users would appreciate something closer to DNF. We'll focus on implementing a subset of DNF's functionality and improving the user experience. 100% feature parity with DNF is currently out of scope.
DBus service ------------ DNF team has decided to create a new DBus service replacing PackageKit to provide an interface to GUI applications. It's probably going to take a while because we're planning to start from scratch.
Roadmap (tentative) ------------------- * Mar 2020 - making the bigger API changes, upstream code barely compiles * May 2020 - COPR repo with first development snapshots * Jun 2020 - F33 module available for early adopters and tool developers * Oct 2020 - DNF 5 landing in F34 Rawhide * Feb 2021 - DNF 5 replacing DNF 4 in stable Fedora
Multicloud computing has emerged as one of the hottest trends in enterprise technology over the past couple of years as companies increasingly adopt a range of public cloud platforms to host their workloads.
The trend is accelerating because cloud is winning in the marketplace. It no longer makes sense for a company to invest millions of dollars building data centers in a day and age when they can simply pay for what they use. The public cloud is slowly killing off on-premises workloads for a whole host of different reasons, and multicloud is just the next evolution of that trend.
Back in 2015 – following an executive bloodbath and shortly before it would be deemed the world’s most dangerous bank by the International Monetary Fund (IMF) – a small team of engineers in Deutsche Bank’s London office were tasked by their new management with transforming the bank into operating “everything-as-a-service.”
Now, three years on, those engineers have built Fabric, an internal platform-as-a-service (PaaS) that is already being used by thousands of Deutsche Bank employees to run thousands of applications, all with the aim of running 80 percent of workloads on Fabric by 2022. Built on top of Red Hat’s OpenShift PaaS, Fabric incorporates a slew of features specific to the highly regulated banking industry to accelerate application development and deployment.
The Oracle Linux and Virtualization team is pleased to announce the release of Gluster Storage Release 6 for Oracle Linux, bringing customers higher performance, new storage capabilities and improved management.
Gluster Storage is an open source, POSIX compatible file system capable of supporting thousands of clients while using commodity hardware. Gluster provides a scalable, distributed file system that aggregates disk storage resources from multiple servers into a single global namespace. Gluster provides built-in optimization for different workloads and can be accessed using an optimized Gluster FUSE client or standard protocols including SMB/CIFS. Gluster can be configured to enable both distribution and replication of content with quota support, snapshots, and bit-rot detection for self-healing.
Release Candidate versions are available in testing repository for Fedora and Enterprise Linux (RHEL / CentOS) to allow more people to test them. They are available as Software Collections, for a parallel installation, perfect solution for such tests, and also as base packages.
The push for diversity within tech is definitely needed, but there is one group left behind in most efforts: women in operations.
Now, operations tend to be the forgotten members of tech until something goes wrong. If they do their job correctly you'll never know they're even there as systems are deployed and remain online without any fanfare. When something breaks, they either take the heat, as it's their fault, or they're the heroes for saving the day and rarely anything in between.
Even the need for continuing education and networking for operators tends to be forgotten with most tech conferences being focused on development. There are exceptions such as DevOps Days, Operator Days, and even some operations tracks at some of the bigger conferences.
As the lack of diversity has become more of a focal point in tech, there has been an increase in the number of diversity-related groups. Grace Hopper is one of the largest tech conferences and is focused on women, but with little focus on operations. However, most of these groups are more developer-focused with little thought of increasing diversity on the operations side of the house.
In early 2017, I was mentally in a bad spot. It was the perfect storm of stress, the kind that no one asks for, but you deal with the hand you're dealt. Work was piling up to a point where I couldn't process all the things that were expected of me. I was training for spring half-marathons, which should have been stress relief, but I was putting too much pressure on myself to perform at a high level. And then on top of the everyday family obligations, a surgery in our household turned us into a one-car family and seriously added to the mounting pressure on me to provide and take care of the family.
Then I broke.
It wasn't one thing. It was the culmination of things. And it hit me from the blind side, unexpected. I never thought I would be a victim of burnout. I was aware of it and thoughtful about the community I was managing. But "not me," I thought to myself, "I've got this under control." I remember thinking that something was wrong; something was off. But I couldn't quite put my finger on the source.
[...]
I didn't have much of an appetite. I was tired all the time. I was sleeping in, and not because of jet lag. I was exercising but wasn't getting the endorphins I was used to. And I wasn't motivated to do the work that I normally love to do. I was very blah and meh about getting work done or hanging out with people I love. These are all signs of depression and burnout.
After the trip, I scheduled my annual physical and talked to my doctor about my situation, who recommended I see a psychologist. I sat on the couch and talked things out. I was diagnosed with severe anxiety, which was enough for me to know that I didn't want to know what true depression felt like.
In computer science education, approximately thirty percent of students are female. This drops to ten percent in the workforce. In free software organizations, the representation of women is far worse: a little bit over one percent of Debian Developers are female. With the recent concerns about Outreachy internships, harassment and abuse, there couldn't be a better time to consider some of the hard facts and recent scandals that keep things this way.
[...]
These appear to be legitimate concerns but they are dismissed as a smearing campaign. They person who added smearing campaign to the subject line is Ulrike Uhlig, a former recipient of Outreachy money herself. Why can't other volunteers ask questions about this money?
Up to 2017, the Google Summer of Code (GSoC) and Outreachy internships were paid at the same rate, $US5,500 per intern. Google cut the pay-out so that many students in developing countries get only half of the old rate. Outreachy payments are the same as before. This has created an arbitrage situation: as the work is done remotely, a talented male student may get more money if they help a female friend complete Outreachy. The male student usually completes all the work up to the mid-point payment. At this point, he can blackmail the woman: give me all of the mid-point payment or I don't help you finish the second half of Outreachy. Some women have approached mentors to ask for help in situations like this.
[...]
Yet Debian Developers who attended their events discovered irregularities. The number of women applying to outside events or participating in technical activities was far lower than the number of women who appeared at the original conference. After follow-up discussions with some women, a few patterns were discovered.
First of all, the salaries for young women in the region are incredibly low. A female student may only earn €10 per day in a part time job. When a tech conference receives thousands of euros from sponsors in rich countries, they can use €200 to pay twenty young women to show up. As a bonus, these volunteers are offered meals and other opportunities.
[...]
Free software organisations talk endlessly about community building. Yet some people take one look and call it by a different name: exploitation.
In one case identified on debian-project, a woman had volunteered for six years before being offered one of those insecure three-month Outreachy internships. If you divide the $5,500 Outreachy payment over six years, what is the real hourly rate this woman achieved?
Yet when the LibOCon organizers started to engage, they found exactly the same problems that Debian had ignored and it was clear to them that the problems were entirely local in the group. The Debian Developer who had witnessed problems before wasn't even there for LibOCon.
If you take the time to fiddle with Elive's design controls, you can finesse its desktop appearance and functionality like a painter creating a scene on a canvas. Do not get too involved with configuring all of the settings, though, or you will find yourself in a timeless void.
The default settings work fine. Take your time to get used to the default settings. Then investigate all that you can do to modify the appearance and functionality as you become more "enlightened."
If you have lots of time to devote to learning something new within something old, check out Enlightenment -- but do it through a distro built around it. Do not try to do your own Enlightenment integration by manually adding Enlightenment packages to your current Linux distro.
Baggen includes several self-help displays and clear documentation to teach you the basics, along with some advanced tips.
In February 2020, I have worked on the Debian LTS project only for 5.75 hours (of 20 hours planned). I gave back 12 hours to the pool and reduced my availability to 8 hours per month.
Unfortunately, last month I got too distracted by other interesting and challenging projects, and also by some intense personal topics.
Source files for the new wallpaper, including a pair of suitably versatile .svg mascot artwork files, are now available to download thanks to Ubuntu desktop lead Martin Wimpress.
The artwork drop gives FOSS-loving creatives the chance to ‘remix’ the Focal Fossa wallpaper into something that’s bold, distinctive and different, or simply a subtle riff on the original.
And, for those who wanted it, there’s a fossa-free version of the new background, giving you a plain canvas on which to work/stare...
In 2020 we are already seeing the world of robotics hit the ground running. So far this year new and exciting things have been cropping up in every industry. The mainstream media pick up ROS stories and big-name robotics companies are no longer just on the factory floors. Here we talk about MoveIt for ROS2, ROS best practices, a robotics competition, Boston Dynamics, Otto motors, and more. But there is certainly a lot of we have missed. If you’re working on any robotics projects that you’d like us to talk about, be sure to get in touch. Fire an email to robotics.community@canonical.com, we’d love to hear about it and share it with our audience. For now, though let’s look at the state of robotics in February.
Ubuntu 20.04: The latest version of Ubuntu is 20.04 and it is going to be released in April 2020. The team Canonical is the core developers of this Ubuntu 20.04 version. They mentioned that Ubuntu 20.04 will be the best release ever. Yeah, we know many new features are going to arrive with Ubuntu 20.04 which includes Finger Print Sensor Detection, Multiple Screen Options, Default Dark Theme and Changes in Home Icons and many more.
Now, one of the Ubuntu users found that Ubuntu 20.04 controls the application access! These features will let you control the applications to maintain your privacy and data security.
We’ve made a simpler way to image your microSD card with Raspbian, the official Raspberry Pi operating system, and other operating systems. Introducing our new imaging utility, Raspberry Pi Imager.
Most regular readers of this blog will probably find flashing operating system images to a MicroSD card to be child play. Just download the latest OS image, install balenaEtcher, select the image, the MicroSD card and you’re done.
But people who have never used such tools may find it a bit confusing, so the Raspberry Pi Foundation has developer and now released a tool – Raspberry Pi Imager – working on Windows, macOS, and Ubuntu that makes it even easier.
You’ll find the tool for your OS of choice on the Download page on Raspberry Pi website. I’ve given it a try in Ubuntu 18.04. Click on Operating System will bring you a list of the latest supported operating systems, an option to fully erase the MicroSD card, and another to install your own – already downloaded – custom image.
Gateworks’ compact “Newport GW6903” SBC runs Linux on a dual-core Marvell OcteonTX and offers USB 3.0 and GbE with PoE ports plus dual mini-PCIe slots and -40 to 85€°C support.
Gateworks has spun a variant of its GW6100 networking SBC that adds a second mini-PCIe slot, upgrades the USB port to 3.0, and expands the length of the board from 100mm to a 110 x 35 x 21mm footprint. Gateworks has a variety of similarly headless boards that run Linux on Marvell OcteonTX from its Cavium subsidiary. Most are larger, however, such as the 105 x 100mm, dual GbE port Newport GW6300.
Let me tell you about the foss-north 2020 community day. It has been an idea for many years, but it all started last year. The idea is that we welcome open source projects to a day of hacking, workshoping, teaching and fun the day before the conference.
Cloudflare recently embarked on an epic quest to choose a CPU for its next-generation server build, so we explore the importance of requests per watt, the benefits of full memory encryption, and why AMD won.
Plus Mozilla’s rollout of DNS over HTTPS has begun, a big milestone for Let’s Encrypt, and more.
With the release of Firefox 74, we are pleased to welcome the 29 developers who contributed their first code change to Firefox in this release, 27 of whom were brand new volunteers!
I don’t spend a lot of time in here patting myself on the back, but today you can indulge me.
In the last few weeks it was a ghost town, and that felt like a victory. From a few days after we’d switched it on to Monday, I could count the number of human users on any of our major channels on one hand. By the end, apart from one last hurrah the hour before shutdown, there was nobody there but bots talking to other bots. Everyone – the company, the community, everyone – had already voted with their feet.
About three weeks ago, after spending most of a month shaking out some bugs and getting comfortable in our new space we turned on federation, connecting Mozilla to the rest of the Matrix ecosystem. Last Monday we decommissioned IRC.Mozilla.org for good, closing the book on a 22-year-long chapter of Mozilla’s history as we started a new one in our new home on Matrix.
Over the past few months, we’ve raised concerns about the Internet Society’s plan to sell the non-profit Public Interest Registry (PIR) to Ethos Capital. Given the important role of dot org in providing a platform for free and open speech for non-profits around the world, we believe this deal deserves close scrutiny.
In our last post on this issue, we urged ICANN to take a closer look at the dot org sale. And we called on Ethos and the Internet Society to move beyond promises of accountability by posting a clear stewardship charter for public comment.
Mary remembers when cybercafés started trending in Nigeria. She had just finished high school and was awaiting her results for admission to university. She spent all of her time (10 hours a day) and all of her pocket money buying bulk time online at cafes. All the way through university that was true, until in 2008 she graduated with a degree in philosophy and bought her own computer and modem.
She started blogging in 2009. Initially, she tried out Blogger, Hubpages, and WordPress—but found WordPress too complicated.
We are happy to announce the release of Qt Creator 4.12 Beta!
Here are some excerpts from our change log: Language Server Protocol Client
If your server supports Markdown for hover information, we'll show these much more beautiful tool tips to you.
The document outline is available through the dropdown menu in the editor tool bar.
We also use a server's formatting capability now, if available. Projects
We added lots of options for when to build what, when to stop what, project wide environment settings, running targets directly from the target selector, and more.
We improved the UI responsiveness while parsing projects.
When using a profiler to look into your programs, sometimes it feels like looking behind the stage of magician and suddenly grasping the trick behind the magic… Quite recently, I had an application in front of me, which demanded surprisingly much CPU time. In a nutshell, this application has some heavy computational operations in its core and (primarily) produces a rectangular 2D output image, which is rendered by QPainter to display the results. This output is updated once every few milliseconds and is embedded inside a QtQuick window. The handover of the rendered QImage is done by a harmless looking Q_PROPERTY.
So, I wondered: How big can the impact of handing over a QImage to the QSG renderer be? In particular — as we all know — copying a big chunk of memory is a CPU expensive operation which should be avoided if possible. For getting proper profiling results, I created a simple test application. This application just creates a QtQuick scene with a QQuickPaintedItem derived render object, which updates its output every millisecond (thus renders whenever the render-loop iterates). I use a big output rectangle of 640Ãâ640, because I want to focus on the memory copying effect, which is more obvious with bigger outputs.
LLVM 10.0 was supposed to be released at the end of February but is running slightly behind schedule and now there is a third and unscheduled final release candidate.
LLVM 10.0-RC3 was unexpectedly released this week due to the time that has passed since RC2 in mid-February with there having been more commits than anticipated late in the cycle. LLVM 10.0-RC3 has just under one hundred commits/fixes since RC2, but nothing appears to be too dramatic.
Agile continues to take the world by the storm. The latest report from the Standish Group Chaos Study presents interesting findings: Projects based on agile principles have significantly higher success rates than traditional projects based on the waterfall methodology.
Git is a Linux command to help you manage versions of your work. It's been ported to BSD, macOS, Windows, and more. It serves as the basis for popular code-hosting services, including open source services like GitLab and NotABug, and even to popular proprietary services. In short, Git has taken software development (and a few other industries) by storm.
On this episode, we look at views, a major component within Django and a primary place where your code will run.
We have a new Early Access Program (EAP) version of PyCharm that can be now downloaded from our website.
In PyCharm 2020.1 EAP 6, we have been working out some of the kinks to make this release cleaner and more reliable for all our PyCharm users.
If you’re using Docker, the next natural step seems to be Kubernetes, aka K8s: that’s how you run things in production, right?
Well, maybe. Solutions designed for 500 software engineers working on the same application are quite different than solutions for 50 software engineers. And both will be different from solutions designed for a team of 5.
If you’re part of a small team, Kubernetes probably isn’t for you: it’s a lot of pain with very little benefits.
Let’s see why.
Is there nowhere to hide? Streamlined targeted advertising comes to television. The on-line world has seen ever more laser-like ad targeting of viewers, particularly on dominant platforms like Google and Facebook. The same practice has existed in the print world in a more limited way for even longer, where sophisticated regional printing centers swapped ads in national magazines based on zip codes or other data. But what about television?
Cable TV stations in the US have had similar capabilities, and that practice will now be streamlined and broadened by the release of a new targeted advertising specification from the HbbTV Association, a membership-based standards developer, “dedicated to providing open standards for the delivery of advanced interactive TV services through broadcast and broadband networks for connected TV sets and set-top boxes.” A simultaneously issued companion specification offers a standardised signalling mode for advertisement substitution in live TV broadcasts.
Defining terms: A new standard to facilitate AI in healthcare. Perhaps the first standards developed by humans were words – abstract sounds that primitive peoples agreed would signify specific objects or actions. We’ve been creating taxonomies, schemas and other standardized vocabularies ever since in order to ensure accuracy of understanding and facilitate the interoperable exchange and merging of data.
In the case of medicine and health care, the process has been ongoing for decades with mixed results, and with the advent of artificial intelligence – AI – that challenge takes on a new dimension, and has generated a new standard for the use of AI in healthcare. The goal is to assign definitions for sometimes vague or inconsistently used terms in order to increase data integrity and create more trusted AI solutions. The AI in Healthcare standard was developed by more than fifty major IT vendors, like Amazon and Microsoft, as well as startups and healthcare companies, all members of the Consumer Technology Association.
Job loss claims are misleading, and substantial boosts to job quality are often overlooked.
Today is a day dedicated to #DoctorsSpeakUp/#NursesSpeakUp/#PublicHealthSpeakUp/#ParentsSpeakUp on Twitter and other social media. What does that mean? It’s basically a plan to make March 5 a day for healthcare workers and those who care about public health to speak up for vaccines and out against antivaccine misinformation. So, as I mentioned yesterday, I figured I had to do a post about vaccines today. But what should I write about? What…should…I…write…about? Oh, thanks, Robert F. Kennedy, Jr. Through Twitter and your antivaccine propaganda organization Children’s Health Defense, I learned of this:
Washington Gov. Jay Inslee had originally planned to visit a community health center in Seattle this week to promote Cascade Care, the first statewide public insurance option in the United States. The health center, International Community Health Services, offers care in multiple languages and is treating more uninsured people than usual, thanks in part to the Trump administration’s attacks on immigrants and refugees. Cascade Care will provide more Washington residents with health coverage and allow the clinic to recoup revenue.
What Alex Azar appears to be saying is that a coronavirus vaccine, once it is developed, will be left to the private marketplace rather than to government procurement.
"We just don't have the capacity in the hospitals and health systems to deal with a massive influx of patients and keep them isolated."
"These are really dangerous lies."
The global march of the new virus triggered a vigorous appeal Thursday from the World Health Organization for governments to pull out “all the stops” to slow the epidemic, as it drained color from India’s spring festivities, closed Bethlehem’s Nativity Church€ and blocked Italians from visiting elderly relatives in nursing homes.
A microscopic virus has been unsettling global business as usual: killing people all over the world, hospitalizing countless others, and spreading a pandemic of fear. The Los Angeles Times reported March 1, 2020, the€ novel corona virus€ “sends shudders daily across the planet.”
Rospotrebnadzor, Russia’s consumer welfare agency, has registered a new case of COVID-19. The patient is an Italian citizen studying at Mechnikov Medical University in St. Petersburg, according to the locally based outlet Fontanka.
I grew up in Hong Kong and was 13 when SARS swept through the city, infecting about 1,750 people and killing nearly 300. As a teenager, the hardest part was being stuck at home and missing my friends. I only started to pay attention to the daily death toll after my parents decided that’s what would dictate when I could go back to school. But the experience shaped me. I picked up personal hygiene habits, like pressing elevator buttons with my knuckles. And I developed a deep respect for front-line medical workers, many of whom labored around the clock until they, too, succumbed.
That was only my first experience with an outbreak.
"We the People have driven coronavirus research and development—not pharma corporations."
An outbreak of coronavirus disease in a nursing home near Seattle is prompting urgent calls for precautionary tactics at America’s elder care facilities, where residents are at heightened risk of serious complications from the illness because of the dual threat of age and close living conditions.
On Wednesday, House lawmakers passed an $8.3 billion emergency spending package for combating coronavirus, as the death toll from coronavirus has reached 11 in the United States. California recorded its first coronavirus death yesterday. The virus has also spread to New York, where Governor Andrew Cuomo issued a directive requiring health insurers to waive cost sharing for coronavirus tests. We go to two ground zeroes of the COVID-19 outbreak — New York and Seattle — and host a roundtable on whether coronavirus presents a clear argument for healthcare for all. We are joined by Dr. Steffie Woolhandler, a primary care physician and the co-founder of Physicians for a National Health Program; New York state Senator Alessandra Biaggi, who represents parts of the Bronx and Westchester, where four people have been diagnosed with coronavirus; Elisabeth Benjamin, vice president of health initiatives at the Community Service Society of New York and co-founder of the Health Care for All New York campaign; and Kshama Sawant, socialist city councilmember in Seattle, where a ninth person has died from the virus.
Scrambling to keep the coronavirus at bay, officials ordered a cruise ship to hold off the California coast Thursday to await testing of those aboard, after a passenger on an earlier voyage died and at least one other became infected.
“My co-workers make impossible choices daily because a lot of us don’t have access to affordable health insurance,” Vladimir Clairjeune, a passenger service representative at JFK airport, said at a training session Wednesday, learning to deal with the coronavirus/COVID-19 epidemic. “[We] choose not to see a doctor for a health problem because it could be the difference between paying the rent, taking care of family or getting needed care.”
Though we don’t yet know the extent of its threat, a widespread coronavirus epidemic in the United States is increasingly possible. In addition to the downright scary health consequences, we think the virus will quickly do serious damage to the U.S. economy, reducing growth in at least the first half of this year, pushing up unemployment and possibly ending the historically long expansion. And we’re far from alone.
What if the Coronavirus reaches the besieged Gaza Strip?
The organizers of the St. Petersburg International Economic Forum have announced that the annual business conference will be cancelled, Interfax reported.
A new order signed by Moscow Mayor Sergey Sobyanin has placed the city under a state of heightened preparedness. The order covers both ambulatory and stationary health care services as well as city management and transport systems.
"We're spending twice as much per capita on healthcare as the people of any other country and yet 27 million are uninsured, 30,000 people die, half a million people go bankrupt every year because of medical-related debt, and we spend far and away the highest prices in the world for prescription drugs. You want to defend that system?" Sanders said. "Let's do it."
Warren has been and ever will be the kind of powerful, American woman I will look up to with wonder and gratitude.
"It's not about him. It's about us."
Sen. Bernie Sanders on Wednesday night said he would “love to debate Joe Biden on this issue” — the difference between a Medicare for All plan that dozens of studies show would cover all people for less overall cost and the for-profit status quo that leaves an estimated 28 million Americans uninsured and tens of millions more underinsured, vulnerable to bankruptcies, or lacking care due to financial reasons.
A couple of years ago, a Reuters investigation uncovered another revamp of immigration policies under President Trump. ICE has a Risk Classification Assessment Tool that decides whether or not arrested immigrants can be released on bail or their own recognizance. The algorithm had apparently undergone a radical transformation under the new administration, drastically decreasing the number of detainees who could be granted release. The software now recommends detention in almost every case, no matter what mitigating factors are fed to the assessment tool.
Live patching is a way of updating a running system without stopping it. It is best known as a technique for keeping Linux servers updated to the latest security levels without affecting downtime. This article provides some background to the technique and explains the advantages of using it.
What is Live Patching?
Live patching lets you keep Linux server kernels up-to-date with the latest security updates without the need to reboot. Although the practice is a decade old – once seen as a convenience tool easing the lives of system administrators – it is now coming to the attention of security managers and CISOs in the wake of the recent flurry of Linux-related kernel vulnerabilities.
Until the advent of live security updates, server managers had to choose between running their systems with known vulnerabilities, or taking their servers down to install security updates. System administrators now see Linux kernel live security updates are becoming an essential component of an enterprise’s cybersecurity toolkit, not merely a convenience for system maintainers.
Security updates have been issued by Arch Linux (chromium, opensc, opensmtpd, and weechat), Debian (jackson-databind and pdfresurrect), Fedora (sudo), openSUSE (openfortivpn and squid), Red Hat (virt:8.1 and virt-devel:8.1), Scientific Linux (http-parser and xerces-c), and SUSE (gd, kernel, postgresql10, and tomcat).
Researchers have uncovered a fun new vulnerability in Intel processors, and this one has a claim attached that it's not possible to fix it.Sound familiar? Yeah, there's been a lot of problems over at Intel in the last couple years. We reported on some back in January and it seems it's not getting any better.
This issue, found and reported by Positive Technologies, mentions CVE-2019-0090 which as the numbered year suggests was already announced last year. However, the plot thickens. If you have an Intel chipset and/or SoC older than the 10th Generation (so anything in the last few years), you will be affected by this.
In late January, we had an analysis of an absolutely dreadful bill proposed by Senators Lindsey Graham and Richard Blumenthal -- both with a long history of attacking the internet -- called the EARN IT Act. The crux of the bill was that, in the name of "protecting the children," the bill would drastically change Section 230 of the Communications Decency Act, making companies liable for "recklessly" failing to magically stop "child sexual abuse material" -- opening them up to civil lawsuits for any such failures. Even worse, it would enable the Attorney General -- who has made it quite clear that he hates encryption -- to effectively force companies to build in security-destroying backdoors.
A couple of years ago, Privacy News Online wrote about a new kind of surveillance, taking place in the workplace. The aim of these systems back then was to keep an eye on workers, and they were often designed to spot problems. But two years is a long time in today’s digital world, and things have moved on considerably. For example, in 2017 artificial intelligence (AI) was already applied to workplace monitoring, but largely to help analyse working patterns, and to flag up anomalies. Today’s AI is more capable, and much more interventionist. It is no longer content to sit back metaphorically and merely watch workers go about their business; now it is starting to control them actively. A report from Data & Society describes this as “algorithmic management“:
Labor co-chair Sharon Claydon said while her party wouldn't dissent from the recommendations more research was needed.
The committee recommended Australia's online safety watchdog develop a road map to verify people's ages online and said third parties should also be allowed to provide verification services.
Why now? What’s changed since 2016, when we had the great Apple vs. FBI showdown? According to Demers, two things: (1) the “techlash” by Congress and the public “in the wake of myriad privacy scandals” and the 2016 election; and (2) Australia’s 2018 passage of the Assistance and Access Act, which followed on the heels of similar legislation in the United Kingdom in 2016. Demers “hopes these laws will create a model for how lawmakers in the United States might limit encryption.”
These two factors lay out, straight from the horse’s mouth, what I’ve been saying for a while. It comes as something of a relief for a high-ranking DOJ official to finally acknowledge publicly the playbook I could see they were running to try to get Congress to finally ban strong encryption. That doesn’t mean I’m happy about it.
Though it seems wholly focused on reducing child exploitation, the EARN IT Act has definite implications for encryption. If it became law, companies might not be able to earn their liability exemption while offering end-to-end encrypted services. This would put them in the position of either having to accept liability or remove encryption protections altogether.
The chasm between illusion and reality in politics remains perennial. Wars seldom ended according to the script of peace agreements. The fall of Saigon in April 1975 ending the Vietnam War, with defeated Americans hastily retreating in helicopters from the rooftop of their embassy, was not anticipated in the Paris Peace Accords of January 1973 that were painstakingly negotiated by Henry Kissinger and North Vietnamese politburo member Le Duc Tho.
"This decision vindicates the rule of law and gives hope to the thousands of victims seeking accountability when domestic courts and authorities have failed them."
If fascism now comes wrapped in an American flag, it is accompanied and conjured by historical amnesia in Europe.
The landslide victory for hardliners in Iran’s recent parliamentary elections confirms that whoever occupies the White House next year won’t have an easy time dealing with Iran.
Reviled strongmen of one era are often the celebrated ones of others. Citizens otherwise tormented find that replacements are poor, in some cases even crueller, than the original artefact. Such strongmen also serve as ideal alibis for rehabilitation: Look at who we have come to bury!
The presidents of Russia and Turkey said they reached agreements on a cease-fire to take effect at midnight Thursday in northwestern Syria, where escalating fighting had threatened to put forces from the two countries into a direct military conflict.
Russian President Vladimir Putin and Turkish President Recep Tayyip Erdogan have come to a ceasefire agreement regarding the ongoing conflict in Idlib Province, Syria. The two heads of state conducted negotiations for more than six hours and announced the results in a press conference.
Suspect Gökmen T. wrote references to Islam, Sharia and Allah on the firearm used to commit a mass shooting in Utrecht in March last year, "reliable sources" told RTL Nieuws. Soon after the shooting on 24 Oktoberplein on March 18th, the Public Prosecution Service (OM) revealed that text was written on the weapon, but never said what it stated.
Hundreds of thousands of people have been forced out of their homes in Burkina Faso as Christian communities are targeted in a spiral of Islamist killings.
The surge of attacks has forced some families to flee and leave everything behind, and the violence is threatening to spread to other countries, said Jennifer Overton, West Africa regional director for Catholic Relief Services.
Boko Haram began stepping up its attacks on isolated Christian villages in Far North Cameroon in early 2019, in its effort to establish an Islamic caliphate stretching from its base in north-eastern Nigeria across northern Cameroon and other countries of West Africa. The rampaging jihadists have reduced scores of villages to smouldering ruins, looted homes, plundered food stores, stolen livestock and devastated crops. The Cameroonian military are struggling to combat them.
The UN estimates that more than 170,000 people, mostly Christians, have fled the violence. Many now “hide out” in the mountains and bush, or travel to a town for safety rather than risk a night in their own beds.
The case is among a series of class-action suits working their way through the courts. It is the suit that seeks monetary damages from Michigan’s government, which oversaw Flint’s finances and failed to ensure proper corrosion control chemicals were added to corrosive river water that caused lead to leach from aging pipes and into the municipal supply.
Supreme Court justices heard dueling attorney arguments in an appeal by the state, which wants the case tossed. A legal defense team in Michigan Attorney General Dana Nessel’s office contends plaintiffs are trying to establish a novel constitutional right and did not file their suit soon enough to meet a legal deadline.
It will likely be months before the court renders a decision.
Ever higher seas are already eroding shorelines and flooding coasts. Soon the waves could wash away half the world’s sandy beaches.
As Fastow explained, in finance, the difference between a loophole and fraud isn’t always easy to identify. And that may be something the U.S. fracking industry€ is working to its€ advantage.
Workers and unions have long led the way on action to tackle climate change, writes Giri Sivaraman.
Long-simmering tensions began to boil over at the end of 2019, after a BC court cleared the way for the pipeline construction and the Wet’suwet’en hereditary chiefs delivered an eviction notice to Coastal GasLink in response. The RCMP raided encampments that the Wet’suwet’en had set up on their land to block construction—and solidarity actions spread across the country. Over the past two months, Indigenous groups and their supporters have staged mass demonstrations, sit-ins, and blockades of major railway lines, ports, and city streets from BC to Nova Scotia. Other First Nations, including Mohawks in Ontario and Quebec and Gitxsan in northern BC, have mobilized to support the Wet’suwet’en, and Indigenous youth in particular have emerged at the forefront, demanding that Canada recognize and respect Indigenous rights. Instead of calling themselves “protesters,” many prefer what they see as a more accurate term: “land defenders.”
A new study published Wednesday adds to mounting€ evidence€ that the world’s tropical forests could soon stop serving their climate crisis-mitigating role of carbon sinks.
By the year 2000 there were only ninety-eight fish left, and the tribes decided to act. They captured the fish struggling below the dam and trucked them to Baker Lake for natural spawning. Once the fry grew to smolts ready for the sea, they trucked them back below the dam. When this did not save enough salmon, they started a hatchery. In 2016 there were 56,000 Baker Lake sockeye. The tribes estimate the fish will become an important income source when they get to 120,000.
"Trump staking his presidency on a good stock market was once just an annoying tic," said€ The Nation's Jeet Heer. "But now there's a situation that makes it actively harmful."
Hold on to your helmets! It’s true the White House is reporting that its proposed new Pentagon budget is only $740.5 billion, a relatively small increase from the previous year’s staggering number. In reality, however, when you also include war and security costs buried in the budgets of other agencies, the actual national security figure comes in at more than $1.2 trillion, as the Trump administration continues to give the Pentagon free reign over taxpayer dollars.
For years, the Coalition of Immokalee Workers has waged a campaign to convince Wendy’s to join the Fair Food Program, an internationally renowned human rights partnership that protects farmworkers from abuse and ensures better wages. Many big retail food companies, from Walmart and McDonald’s to Chipotle and Burger King, have joined the Fair Food Program — but not Wendy’s.
When it comes to helping low-income people find housing outside struggling neighborhoods, the federal government lets local housing authorities grade themselves on their success.
And despite data showing the poor have great difficulty finding housing in nicer neighborhoods, authorities say they’re doing amazingly well.
Each morning after working on my maiden novel from 5 am to 8:30 am I do what I always do: heat some filtered water in my electric kettle, carry it to the bedroom with an empty large cup, and watch the early morning news shows for a mental respite —€ MSNBC’s€ Morning Joe€ being my favorite.
Rudy’s coup at Foggy Bottom.
Imagine, just for the sake of argument, that the president of the United States was an arrogant, information-challenged, would-be autocrat with a soft spot for authoritarian leaders from China, Russia, and North Korea to Egypt (“my favorite dictator”), Saudi Arabia, and Turkey. And then, suppose that very president, while hollowing out the State Department and slamming its diplomats as “Deep State” troublemakers, were to name a voluble wheeler-dealer attorney as his unofficial, freelance White House go-between with shady characters worldwide. Imagine further that the president would do an end run around the professionals of the U.S. intelligence community — more Deep Staters, natch — and rely instead on conspiracy theories trundled back to Washington in that attorney’s briefcase.
What follows is an original report by Jaisal Noor of The Real News Network. Read a transcript of their conversation below or watch the video at the bottom of the post.
President Evo Morales won re-election in Bolivia’s presidential election last October 20, as pre-election polls predicted. He received 47% of the vote in an election with 88% turnout. He beat his nearest rival by just over 10 percentage points, which meant a second round was not required.
"I will not be running for president in 2020," Warren said, "but I guarantee I will stay in the fight for the hardworking folks across this country who have gotten the short end of the stick over and over. That's been the fight of my life and it will continue to be so."
How Warren answers that question might determine the 2020 Democratic presidential nomination. In the process, she will profoundly etch into history the reality of her political character.
The night before Super Tuesday, Elizabeth Warren spoke to several thousand people in a quadrangle at East Los Angeles College. Much of her talk recounted the heroic actions of oppressed Latina workers who led the Justice for Janitors organization. Standing in the crowd, I was impressed with Warren’s eloquence as she praised solidarity and labor unions as essential for improving the lives of working people.
My congratulations and gratitude for your extraordinary campaign – your bold and detailed policy proposals; your eloquent advocacy of them and of your vision for America; your thoughtfulness and courage in standing up for women, for people of color, for working Americans, the poor and the oppressed; your kindness and patience in dealing with everyone (including fans who wanted selfies); your tirelessness and your decency; and your devotion to this country.
Your campaign was a model of substance and tenacity. You made your points about America’s misallocation of power, and the need for structural change, powerfully but without rancor. In a better America and at a better time, you would have sailed to victory.
You have inspired – and continue to inspire – millions. Thank you for everything you’ve done, and will continue to do.
WASHINGTON — Elizabeth Warren, who electrified progressives with her “plan for everything” and strong message of economic populism, dropped out of the Democratic presidential race on Thursday. Her exit came days after the onetime front-runner couldn’t win a single Super Tuesday state, not even her own.
Sanders, for his part, said that "I know that she'll stay in this fight and we are grateful that she will."
We are not yet the nation we are struggling to become, but the Sanders campaign, however it fares in 2020, is helping to shape that future. It’s doing so one voter at a time, whether or not their vote is counted.
Long wait times plagued polling places in Texas throughout Super Tuesday, especially in districts with high numbers of Black and Latinx voters and college students. Many voters reported waiting in line for more than three hours to cast a ballot. At least 750 Texas polling sites have been shuttered since 2013, when the Supreme Court slashed federal oversight of Texas and other Southern states under the Voting Rights Act of 1965. There were long lines, too, in Los Angeles, where many polling places reported problems with a brand-new $300 million voting system. The Sanders campaign sued to keep polling places open an extra two hours, saying voters were denied their constitutional right. The county registrar denied that request. For more, we speak with Ari Berman, senior writer at Mother Jones magazine and author of Give Us the Ballot: The Modern Struggle for Voting Rights in America.
As much as I like Bernie Sanders and hope he prevails in the Democratic primary, I confess that there’s something gray and depressing about a crusty, seventy-something, New-Deal liberal representing the great electoral hope of the American left. There are, of course, a number of engaging young progressives in office now, but the fame and near-celebrity profiles of newcomers like Ilhan Omar, Rashida Tlaib, and Alexandria Ocasio-Cortez belie the still fundamentally local power bases of these congresswomen, none of whom has yet been tested even in a statewide election. Victories at the state and local levels have been far outpaced by gains by so-called moderates and centrists, and even these barely dent the thousands of seats and offices lost to radical conservatives during the desultory administration of Barack Obama.
Sanders probably has little, if any, influence with Gov. Ivey. But he does have the ability to bring national attention to an issue just by mentioning it.
Sen. Elizabeth Warren, D-Mass., suspended her presidential bid Thursday after failing to finish as one of the top two contenders in any state on Super Tuesday.
Fox News has an all-out frontal assault on Bernie Sanders’ purported “socialism.” It is a sad statement on the level of ignorance in this country that anyone could take seriously the charge that Sanders is a socialist. What Sanders is advocating is something approaching the social-welfare systems of other economically developed countries and that’s a far cry from the socialism Fox News is using as a boogeyman to frighten conservatives. The “socialism” Fox is decrying is the old-fashioned Stalinist-Maoist kind where all important industries are nationalized, most of the private property of the wealthy is seized by the state, and there are no such things as individual rights and freedoms because the very idea of “individuals” is considered capitalist propaganda.
Just a week after the 9th Circuit easily upheld the dismissal of Dennis Prager's silly lawsuit against Google for supposed anti-conservative bias, a district court has easily dismissed Rep. Tulsi Gabbard's quite similar lawsuit against Google for... anti-Tulsi bias or some such nonsense. As we pointed out when the lawsuit was first filed, the case stood no chance at all, and was using completely debunked and rejected legal theories.
It appears whatever modest amount of restraint that our President had regarding his early promise to "open up our libel laws" have gone away. As you may recall, during the campaign he made such a promise, perhaps not realizing that defamation laws are not under the purview of the federal government -- and any changes at the state level are limited by the 1st Amendment of the Constitution (not something he can write away with an executive order). Right before he was inaugurated, he seemed to back down a little on that promise -- telling the NY Times that someone had pointed out to him that with more open libel laws, he was more likely to get sued as well.
Russia’s Investigative Committee has ordered Meduza special correspondent Ivan Golunov to appear for a psychological examination, according to Golunov himself.
Under legislation proposed in Congress, the United States government would not be able to prosecute journalists like WikiLeaks founder Julian Assange who publish classified information.Democratic Senator Ron Wyden and Representative Ro Khanna introduced the Espionage Act Reform Act to reaffirm “First Amendment protections for journalists” and ensure “whistleblowers can effectively report waste, fraud, and abuse to Congress.” Wyden declared in a press statement, “The Espionage Act currently provides sweeping powers for a rogue attorney general like Bill Barr or unscrupulous president like Donald Trump to target journalists and whistleblowers who reveal information they’d rather keep secret. This bill ensures only personnel with security clearances can be prosecuted for improperly revealing classified information.”It would protect the rights of members of the press that “solicit, obtain, or publish government secrets” from prosecution. The legislation would also protect disclosures of classified information related to signals intelligence to any member of Congress.
The FBI's inability to rein in its agents is causing it more pain. The Inspector General's report released late last year showed agents performed some very selective editing of probable cause to unlawfully prolong the FBI's surveillance of former Trump adviser, Carter Page.
Only the strongest actions from Alumni are likely to prevent the carnage that the College is about to unleash on these workers, on the community so dependent upon it, and on itself.
"Not justice. Not closure. Not peace. Just more pain, more trauma, more death. Shameful."
In late 2019, the three largest private prison operators joined forces to establish a new group to push pro-industry talking points to the press and on social media: the Day 1 Alliance. Why is the private prison industry going on the offensive to improve its public image and secure positive earned media?
"Killing this African American man, whose case appears to have been strongly mishandled by the courts, could produce an irreversible injustice. Are you willing to allow a potentially innocent man to be executed?"
"Seems like such a nice place... When can the world move in?"
Donald Trump is back in the US from his trip to India. His visit overlapped with some of the time I spent in Delhi, and watching the saturation media-coverage of the visit was in turns painful (because of the grotesquerie on display) and an absolute hoot (again, because of the grotesquerie on display).
Elites have ruled over people and commanded the surplus produced by their labor for many millennia. It is this long history we have to contend with in today’s crisis of capitalism that has produced endless wars and environmental catastrophes as corporate billionaire rulers continue to promote business as usual while preparing to fight each other with armed forces and nuclear weapons. This has all been “normalized.” Concentrated elite power ends up massively distorting people’s understanding of the nature of big business rule. Their highly paid spokes people even shamelessly deploy concepts like “freedom” and “liberty” to rationalize the enslaving and killing of millions for profits in resource wars. But we also need to understand that despite this long reign of (t)error, human beings lived for most of their evolutionary history (a much longer period of time than that during which elites have ruled) in nomadic hunter-gatherer societies where life conditions produced a rough equality among the Paleolithic family groups. If there was anything that could be called freedom here, it was a consequence of a primitive subsistence level that demanded participation from all in obtaining the means of survival while providing minimal incentives for large-scale social conflicts. Cooperation was primary; it is what made human societies — not competition. These conditions also kept the human populations low and in balance with available resources, while as some anthropologists speculate (see Marshall Sahlins), providing significant amounts of free time for cultivating social ties.
For over three decades the pioneering Brazilian heavy metal band has never been afraid to address political issues.
One of Sepultura’s more political albums, “Chaos A.D.” (1993), features “Refuse/Resist,” a hard hitting anti-police anthem, and “Territory,” which references the conflict between Israel and Palestine.
The threats, the judge said, continued even after she arrived in the UK. Sheikh Mohammed used the state apparatus "to threaten, intimidate, mistreat and oppress with a total disregard for the rule of law," the judge said.
As part of the custody case, Andrew McFarlane, President of the Family Court division in England and Wales, made a series of “findings of fact” about allegations raised by Haya, 45, during hearings over the last nine months.
McFarlane said he accepted her claim that Mohammed arranged for his daughter Shamsa, then aged 18, to be kidnapped off the streets of Cambridge in central England in 2000, and had her flown back to Dubai.
He also ruled it was proved that the sheikh had arranged for Shamsa’s younger sister Latifa to be snatched from a boat in international waters off India by Indian forces in 2018 and returned to the emirate in what was her second failed escape attempt.
According to PHR’s report, based on in-depth psychological evaluations of 26 asylum seekers (nine children and 17 parents), the U.S. government’s forcible separation of asylum-seeking families constitutes cruel, inhuman, or degrading treatment and, in all cases PHR evaluated, meets criteria for torture.
The UN women's rights committee has urged Saudi Arabia to release human rights defender Loujain Al-Hathloul from prolonged pre-trial detention and ensure without further delay her right to a fair trial.
On 27 February 2018, Al-Hathloul attended a public meeting in Geneva to brief members of the Committee on the Elimination of Discrimination against Women (CEDAW) on the human rights situation of women in Saudi Arabia. Her briefing formed part of the Committee's review of Saudi Arabia's implementation of the Convention on the Elimination of Discrimination against Women.*
A few weeks later, on 15 May 2018, she was arrested in Saudi Arabia on national security grounds and has been in detention ever since. According to the charges, her arrest was partly based on her engagement with CEDAW.
The Jerusalem Post can report that last year Roth praised Iran’s Foreign Minister Mohammad Javad Zarif in a tweet, after he defended his regime’s execution of gays.
Roth wrote in July 2019: “In my recent dealings with him [Zarif], he: 1. Helped secure UN investigation of Myanmar for atrocities against Rohingya. 2. Vowed Iran wouldn’t join Syrian attacks on Idlib civilians.”
Human rights groups have accused Saudi Arabia's ruling royal family of condoning the torture of political opponents as part of a sustained crackdown on dissent in the past couple of years - something the regime has rejected.
This Chooseco and Netflix trademark dispute story gets more and more interesting. To catch you up, Netflix produced the Black Mirror iteration entitled Netflix which both was, and was marketed as, a "choose your own adventure" production, similar to the CYOA books from our youth. There was also some dialogue within the production itself that referenced "choose your own adventure." For this, Chooseco, which has a trademark on the phrase, sued Netflix. Netflix tried to get the case tossed on First Amendment grounds, failed, and has since counterclaimed to have Chooseco's trademark cancelled entirely.
In Munich this past weekend at the Security Conference the speaker of the US House of Representatives, Nancy Pelosi, nailed her anti-Chinese colours to the mast. Despite being a liberal on many issues and the leader of the fight to impeach President Donald Trump, she has joined forces with Trump in preaching that the West must not allow itself to be penetrated by Huawei’s 5G phone technology, (which is cheaper than any Western counterpart).
So we've noted for a while how while a lot of the anger against "big tech" is certainly justified, there's a sizeable segment of this growing DC chorus that's being quietly orchestrated by telecom giants. Companies like AT&T, Verizon, and Comcast just effectively convinced the FCC to self-immolate, dismantling huge swaths of its broadband consumer protection authority (what could go wrong?). At the same time, the DOJ and FCC have been rubber stamping every terrible telecom merger than comes down the pike. When it comes to telecom monopolies, you'll hear nary a peep from the Trump administration.
On March 6, 2020, Unified Patents added a new PATROLL contest with a $2,000 cash prize for prior art submissions for USRE45006. The '006 patent generally relates to "marketing and more particularly to a method and system for differentiated customer promotion." The patent is owned by Kioba Processing, LLC, an NPE. To protect innovation and deter future frivolous assertions, Unified is offering a $2,000 cash prize for the best prior art on this patent.
The rightsholder of the movie Hellboy wants the alleged operator of popular torrent site MKVCage to pay $270,000 in copyright infringement damages. The damages, which are calculated based on the film's purchase price, are part of a proposed default judgment the company submitted to a federal court in Hawaii. MKVCage, meanwhile, remains missing in action.
For several weeks, French Internet users have reported difficulty accessing dozens of unlicensed streaming and torrent sites. It now transpires that following legal action by several movie industry groups, a Paris court handed down a ruling ordering some of the country's top ISPs to prevent their customers from accessing around 36 platforms.
Unfortunately, given the current concerns around the global spread of COVID-19 (and in the wake of scores of major conferences being canceled around the world), we have made the difficult decision to cancel this year’s in-person Summit.