Bonum Certa Men Certa

Links 12/12/2020: EasyOS 2.5.3, KDevelop 5.6.1, Wine 6.0 RC2



  • GNU/Linux

    • Server

      • SUSE + Nutanix = HCI Heaven

        Finally, Nutanix and SUSE are both leaders in their field. Nutanix’s HCI platform is recognized by analysts as an industry leader. SUSE is the world’s first provider of an Enterprise Linux distribution and we enable you to accelerate your IT transformation by providing the widest hypervisor support available, including AHV, KVM, Xen, VMWare and IBM z/VM.

      • Kubernetes: What You Need To Know

        Kubernetes is a system that helps with the deployment, scaling and management of containerized applications. Engineers at Google built it to handle the explosive workloads of the company’s massive digital platforms. Then in 2014, the company made Kubernetes available as open source, which significantly expanded the usage.

        [...]

        In fact, Kubernetes changes the traditional paradigm of application development. “The phrase ‘cattle vs. pets’ is often used to describe the way that using a container orchestration platform like Kubernetes changes the way that software teams think about and deal with the servers powering their applications,” said Phil Dougherty, who is the Senior Product Manager for the DigitalOcean App Platform for Kubernetes and Containers. “Teams no longer need to think about individual servers as having specific jobs, and instead can let Kubernetes decide which server in the fleet is the best location to place the workload. If a server fails, Kubernetes will automatically move the applications to a different, healthy server.”

      • Using ThinkPad T410 as a server

        I've been using a QNAP NAS for a couple of years. For an appliance, it did a decent job. But after a long while, I realized that I actually don't want an appliance: I want a proper Linux server. My immediate thought was to set up a Raspberry Pi-based server. Then I remembered that I still have a ThinkPad T410 stashed in a storage box.

      • Containerized OpenStack Clouds? Sure says Mirantis

        Running a cloud from containers? It may sound like your putting the container cart before the cloud horse, but there are times it makes sense. For example, you can use the OpenStack cloud running on containers being orchestrated by Kubernetes to host both legacy and modern apps, such as Network Functions Virtualization (NFV). The trick is to get this to work without pulling your hair out.

    • Audiocasts/Shows

      • My Thoughts on the CentOS news, and why WE need to change our Mindset

        The recent news about CentOS was quite a shock to many, and in this completely unscripted video I give you my thoughts. We need to change our mindset when it comes to our own usage of Linux, and the recent news that IBM revealed is very evident of that.

      • Reality 2.0 Episode 51: Poop in the Desert

        Doc Searls and Katherine Druckman have a fun chat with Petros Koutoupis about open source in space, digital detox, World War 2 cryptography, and poop in the desert.

      • Do We REALLY Need This Many Linux Distros? - YouTube

        Welcome back to my chat with Thomas of Ubuntu-based gaming distro Drauger OS! In this video I toss a tough question at him about the ever-increasing number of Linux distributions, and we talk a bit more about Windows and Linux gaming.

      • Linus Torvalds Wanted An M1 Mac Running Linux [Ed: No, this is a typically misleading headline; he just wanted Linux support for that hardware]

        The M1 Mac is a really interesting device if you care about ARM and none other than Linus Torvalds the creator of Linux was considering purchasing that is if he could get Linus running on it without much hassle.

    • Kernel Space

      • Challenges in protecting virtual machines from untrusted entities

        As an ever-growing number of workloads are being moved to the cloud, CPU vendors have begun to roll out purpose-built hardware features to isolate virtual machines (VMs) from potentially hostile parties. These processor features, and their extensions, enable the notion of "secure VMs" (or "confidential VMs") — where a VM's "sensitive state" needs to be protected from untrusted entities. Drawing from his experience contributing to the secure VM implementation for the s390 architecture, Janosch Frank described the challenges involved in a talk at the 2020 (virtual) KVM Forum. Though the implementations across CPU vendors may vary, there are many shared problems, which opens up possibilities for collaboration.

        Secure Encrypted Virtualization (SEV) from AMD (more information is available in the slides [PDF] from a talk at last year's KVM Forum and LWN's brief recap of it), Trust Domain Extensions (TDX) by Intel, and IBM's Secure Execution for s390 (last year's KVM Forum talk [YouTube] about it) and Power are some of the hardware technologies that aim to protect virtual machines from potential malicious entities. Other architectures, such as Arm, are expected to follow suit.

        The sensitive state of a secure VM should not be accessible from the hypervisor, instead a "trusted entity" — a combination of software, CPU firmware, and hardware — manages it. But this raises a question: What counts as "sensitive state"? The lion's share comprises the guest's memory contents, which can contain disk encryption keys and other sensitive data. In addition, guest CPU registers can hold sensitive cryptographic key fragments. The execution path of the VM is another; a rogue hypervisor can potentially change the execution flow of a VM — e.g. it can inject an exception into the guest, which is highly undesirable. Therefore, effective "VM controls" that decide which instructions to execute, and how they're executed, must be protected. Furthermore, a hostile hypervisor, even if it can't extract any information from its guests, can still mount a denial-of-service (DoS) attack on them.

        Then there is "data at rest" (i.e. guest data stored on disk), which is often not protected by the trusted entity; it is the VM's responsibility to protect it with common techniques such as disk encryption. Successfully protecting VMs and their data allows users to deploy sensitive workloads in public clouds.

      • Scheduling for asymmetric Arm systems

        The Arm processor architecture has pushed the boundaries in a number of ways, some of which have required significant kernel changes in response. For example, the big.LITTLE architecture placed fast (but power-hungry) and slower (but more power-efficient) CPUs in the same system-on-chip (SoC); significant scheduler changes were needed for Linux to be able to properly distribute tasks on such systems. For all their quirkiness, big.LITTLE systems still feature CPUs that are in some sense identical: they can all run any task in the system. What is the scheduler to do, though, if confronted with a system where that is no longer true? Multiprocessor support on Linux was born in the era of symmetric multiprocessing — systems where all CPUs are, to a first approximation, identical. Any CPU can run any task with essentially the same performance; the scheduler's main concern on SMP systems is keeping all of the CPUs busy. While cache effects and NUMA locality discourage moving tasks between CPUs, the specific CPU chosen for any given task is usually a matter of indifference otherwise.

        Big.LITTLE changed that assumption by bundling together CPUs with different performance characteristics; as a result, the specific CPU chosen for each task became more important. Putting tasks on the wrong CPU can result in poor performance or excessive power consumption, so it is unsurprising that a lot of work has gone into the problem of optimally distributing workloads on big.LITTLE systems. When the scheduler gets it wrong, though, performance will suffer, but things will still work.

        Future Arm designs, though, include systems where some CPUs can run both 64-bit and 32-bit tasks, while others are limited to 64-bit tasks only. The advantage of such a design will be reduced chip area devoted to 32-bit support which, on many systems, may never actually be used at all; meanwhile, the ability to run the occasional 32-bit program still exists. The cost, though, is the creation of a system where some CPUs cannot run some tasks at all. The result of an incorrect scheduling choice is no longer a matter of performance; it could be catastrophic for the workload involved.

      • epoll_pwait2(), close_range(), and encoded I/O

        The kernel's "epoll" subsystem provides a high-performance mechanism for a process to wait on events from a large number of open file descriptors. Using it involves creating an epoll file descriptor with epoll_create(), adding file descriptors of interest with epoll_ctl(), then finally waiting on events with epoll_wait() or epoll_pwait(). When waiting, the caller can specify a timeout as an integer number of milliseconds.

        The epoll mechanism was added during the 2.5 development series, and became available in the 2.6 release at the end of 2003. Nearly 20 years ago, when this work was being done, a millisecond timeout seemed like enough resolution; the kernel couldn't reliably do shorter timeouts in any case. In 2020, though, one millisecond can be an eternity; there are users who would benefit from much shorter timeouts than that. Thus, it seems it is time for another update to the epoll API.

        Willem de Bruijn duly showed up with a patch set adding nanosecond timeout support to epoll_wait(), but it took a bit of a roundabout path. Since there is no "flags" argument to epoll_wait(), there is no way to ask for high-resolution timeouts directly. So the patch set instead added a new flag (EPOLL_NSTIMEO) to epoll_create() (actually, to epoll_create1(), which was added in 2.6.27 since epoll_create() also lacks a "flags" argument). If an epoll file descriptor was created with that flag set, then the timeout value for epoll_wait() would be interpreted as being in nanoseconds rather than milliseconds.

      • ID mapping for mounted filesystems

        Almost every filesystem (excepting relics like VFAT) implements the concept of the owner and group of each file; the higher levels of the operating system then use that information to control access to those files. For decades, it has usually sufficed to track a single owner and group for each file, but there is an increasing number of use cases wanting to make that ownership relative to the environment any given process is running in. Developers have been working for a few years to find solutions to this problem; the latest attempt is the ID-mapped mounts patch set from Christian Brauner.

        In truth, the ID-mapping problem is not exactly new. User and group IDs for files only make sense across a management domain if there is a single authority controlling the assignment of those IDs. Since that is often not the case, network filesystems like NFS have had the ability to remap IDs for many years. The growth of virtualization and container technologies has brought the problem closer to home; there can be multiple management domains running on a single machine. The NFS ID-remapping mechanism is of little use if NFS itself is not being used.

      • Intel Adding Interface To Pass Workload Hints To The Linux Kernel For Thermal/Power Purposes - Phoronix

        Intel's INT340X thermal code that is used by the likes of the Intel Thermal Daemon "Thermald" for thermal/power management with their modern SoCs will now be able to accept workload hints for making more informed thermal decisions.

        With Linux 5.11 the INT340X kernel code is set to see a mailbox driver introduced for handling of workload hints. The intent is to give an indication to the hardware/firmware about what's being run in order to better manage the system power and thermal conditions.

      • Some Of The Features You Can Expect To See With Linux 5.11: Lots From AMD, Intel - Phoronix

        The Linux 5.10 kernel is expected to be released this Sunday that will in turn start the Linux 5.11 merge window. Based on the material queued so far into the various "-next" branches, here is a look at what should be on the table for this next major kernel release and come February will be the first major kernel release of 2021.

      • PowerPC 40x Support Slated For Removal From The Linux Kernel - Phoronix

        Following the original, first-generation PowerPC CPU support being removed in the Linux 5.10 kernel, the original PowerPC 400 series is also looking like it will now be removed as well from the kernel.

        Patches were sent out for PowerPC 40x platform removal from the mainline kernel. This is for the early PowerPC 40x series parts but doesn't go as far as removing the newer but still old PowerPC 440 series. The PowerPC 40x platforms of Acadia, Kilauea, Klondike, Makalu, OBS600, and Walnut are all set for removal as part of this clearing of the 40x-specific code.

      • OpenZFS Now Supports Reacting To CPU/Memory Hot-Plugging - Phoronix

        Following the recent OpenZFS 2.0 release, a new feature that has landed in the latest OpenZFS development code is the ability to respond to CPU and memory hot-plugging.

      • Graphics Stack

        • Classic OSMesa Retires In Mesa 21.0 As The Worst Of The Software Rendering Paths - Phoronix

          While working on some core Mesa cleaning/improvements, Eric Anholt has retired the classic OSMesa support in next quarter's Mesa 21.0.

          Those wanting Mesa software rendering in 2020 and beyond should really be using LLVMpipe or otherwise Softpipe should LLVM not be available for your software/hardware platform. LLVMpipe offers much better performance not to mention OpenGL 4.6 and is actually maintained. With classic OSMesa code just rotting and being of minimal use these days for off-screen rendering, the classic code has been gutted.

    • Applications

      • Gromit-MPX – desktop annotation tool

        You’ve migrated over from Windows or Mac OS X to the wonderful world of Linux. You’ve selected a Linux distro (after a spot of fruitful distro hopping), chosen a desktop environment, and studied the basic Linux commands. Or you’ve been using Linux for decades, know the operating system like the back of your hand. Whatever your level of experience, you want some really useful free utilities. Software that enriches your workflow, offers new opportunities, and allows you to tap into new innovations.

        We’re always on the look out for small, interesting programs that make tasks easier.

        Gromit-MPX (GRaphics Over Miscellaneous Things) is a utility to make annotations on the desktop. It’s a multi-pointer port of the original Gromit annotation tool, and uses the Multi-Pointer X.org feature.

        Gromit-MPX is free and open source software.

      • XFE – A Lightweight Windows File Explorer Like File Manager for X

        XFE (X File Explorer) is a lightweight Windows File Explorer or Commander like file manager for Unix / Linux X.

        It’s small memory footprint, very fast, and only requires the FOX library to be fully functional, and aims to light desktop users.

      • PAPPL v1.0.0

        The first stable release of PAPPL is now available for download. PAPPL is a simple C-based framework/library for developing CUPS Printer Applications, which are the recommended replacement for printer drivers.

      • CUPS' Founder Releases PAPPL 1.0 As Modern Printer Application Framework

        Just one week shy of one year since CUPS founder Michael Sweet left Apple, which in turn seemingly led to the downfall of CUPS, PAPPL 1.0 has been released as his modern alternative printer application framework.

      • Mutt releases version 2.0

        The venerable email client Mutt has just reached version 2.0. Mutt is different from the type of client that has come to dominate the email landscape—for one thing, it has no graphical interface. It has a long history that is worth a bit of a look, as are its feature set and extensive customizability. Version 2.0 brings several enhancements to Mutt's interface, configurability, and convenience, as well. In this article, readers who are unfamiliar with Mutt will learn about a different way to deal with the daily chore of wrangling their inboxes, while Mutt experts may discover some new sides to an old friend.

        [...]

        Mutt has two main advantages: efficiency and configurability. It appeals to those who spend hours tuning their .vimrc files (mea maxima culpa) and who demand that their programs start up and respond instantly.

        Mutt is extremely configurable in the way that it presents information and in its command interface. In order to take advantage of this, the user must become familiar with the basics of Mutt's pattern language, which is set of codes that refer to properties of messages. All the details about this are in Mutt's exhaustive manual; in this article I'll provide some examples, to give a bit of flavor of what it is like to work with Mutt.

        There are two main places where Mutt presents information: the index is the list of messages, and the pager shows the contents of a message. Upon startup, the user sees the index; when a message is selected for viewing, the window is split: a small portion on top to see the index entry of the message with some context, and a larger portion with the email.

        The following screen shot shows Mutt with one message selected for viewing. The colors of each email header, as well as each level of quoting, can be specified in the startup file. The screen shot shows the command reminder on the top line, with the index pane beneath it. This has the "cursor", indicated by black text on a cyan background, on message four, which is the message displayed in the large pane at the bottom.

      • Cockpit 234 and Cockpit-Podman 26

        Cockpit is the modern Linux admin interface. We release regularly.

        Here are the release notes from Cockpit version 234 and Cockpit-Podman 26.

        [...]

        Cloning copies a virtual machine into a new VM, duplicating configuration and storage. After cloning, the original VM and its clone are nearly identical, with the exception of the few configuration changes that need to differ.

        Virtual machine cloning is often used for preparing an optimal virtual machine and then quickly spinning up several similar VMs without having to step through an installation process.

    • Instructionals/Technical

      • How To Install and Use ProtonVPN on Desktop Linux - LinuxBabe

        ProtonVPN is a VPN service provider based in Switzerland. In this article, I’m going to show you how to use ProtonVPN on desktop Linux, including Debian, Ubuntu, Linux Mint, Elementary OS, Fedora, CentOS, Arch Linux, and OpenSUSE.

      • 2 Ways to Install MariaDB on CentOS 7

        MariaDB is a popular open-source SQL database management system that is a fork and drop-in replacement for MySQL. Since the acquisition of MySQL by Oracle, MariaDB has become the database system of choice by the open-source community. MariaDB provides improved performance with faster replication speeds, tighter security measures, and additional storage engines to mention a few benefits.

        In this guide, you will learn how to install MariaDB on CentOS 7.

        There are two ways of installing the MariaDB server. You can install the default version that is available on CentOS 7 repositories or install the latest version by manually adding the MariaDB repository.

      • Let’s Encrypt on my Raspberry Pi

        At home though what I want is to generate certs for each of my machines. The certbot client has plugins for Apache and Nginx but I can’t use them coz my home machines don’t have any public IP. I suppose I could just generate the certs on one machine and copy them around etc. but I want to keep things simple and automatic. In my case the solution would be to use one of their DNS plugins. They support the following: [...]

      • SSH Remote Network Access

        In a recent technical meeting, someone asked about some SSH ProxyJump documentation I’d posted. I promised to follow up with a full configuration for using ProxyJump with a remote network, so here goes nothing.

      • Install MariaDB on FreeBSD – Linux Hint

        MariaDB is a free and open-source derivative of the MySQL database management system. It was developed due to reservations of the MySQL userbase when it was being acquired by Oracle back in 2009. For this reason, it’s quite compatible with MySQL and has only recently deviated a bit with the introduction of source engines, MyRocks, Aria, and Columnstore, to name a few.

        This is a quick tutorial on installing MariaDB 10.3 Database Server on a FreeBSD 12 system. By following the instructions here, you’ll be able to set up the database on your own FreeBSD server.

      • What is the Difference Between “Git Reset” and “Git Reset –Hard”? – Linux Hint

        Git is known to be the most popular version control system. The concept of version control becomes significant whenever we talk about teamwork and collaboration. For example, if multiple employees are working on a single project, then data consistency is a major issue that must be addressed. You cannot simply assume that a change made by one of the employees will automatically be notified to all other employees working on that project. Rather, there should be a proper mechanism through which data consistency can be ensured.

        Now, if we talk about version control software or system, then as the name implies, its main job is to keep track of your version history. It means that all the changes made to any particular file will be considered as separate versions of that file. A version control software or system will essentially allow you to revert to an older version at any time you want as per your needs. Apart from this, a version control system like Git also ensures that the changes committed to any file have equal visibility to all the users who have access to that file so that they might not accidentally start working on an older version or a copy of that file.

      • How to Use Acme.sh to Provision LetsEncrypt SSL Certificates - Petri

        LetsEncrypt has changed the face of SSL certification issuance. Making it easy for website developers to freely and easily issue an SSL certificate, LetsEncrypt has opened the floodgate to properly securing every website. A service is often only as good as its tools and an open-source project that has gained traction is the Acme.sh shell utility.

        There are three functional steps in retrieving an SSL certificate from LetsEncrypt, requesting the certificate, verifying that the requestor is authorized, and issuing the certificate. Acme.sh makes all three of these steps easy, offering flexibility in what type of certificates are requested and how they are verified.

      • Riseup a free opensource & easy to use VPN

        The program is RiseUp, as the program provides a good and safe service and relies on donations as funding for the project. The program is available (Linux/Android/Windows and Mac) on almost all platforms. In this tutorial, we will talk about how to install it on Linux and Android. Now I leave you with the installation process.

      • Building a openSUSE MicroOS RPi Network Monitor

        How to use combustion to reproducibly configure MicroOS - openSUSE MicroOS is one of openSUSE’s most exciting projects, and for me has replaced openSUSE Leap as my go-to server operating system of choice. I currently have 3 MicroOS installations, all running as podman with openSUSE containers.

    • Wine or Emulation

      • Wine 6.0-rc2 Announcement
        The Wine development release 6.0-rc2 is now available.
        
        

        What's new in this release (see below for details): - Bug fixes only, we are in code freeze.

        The source is available from the following locations:

        https://dl.winehq.org/wine/source/6.0/wine-6.0-rc2.tar.xz http://mirrors.ibiblio.org/wine/source/6.0/wine-6.0-rc2.tar.xz

        Binary packages for various distributions will be available from:

        https://www.winehq.org/download

        You will find documentation on https://www.winehq.org/documentation

        You can also get the current source directly from the git repository. Check https://www.winehq.org/git for details.

        Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list.
      • Wine 6.0-RC2 Released With 40 More Bugs Fixed - Phoronix

        Following last week's Wine 6.0-RC1 release that marked the feature freeze and start of the release process for the annual stable Wine release, Wine 6.0-RC2 is out today with the latest assortment of fixes.

        Wine 6.0 is expected to debut in January as the annual feature release following the Wine 5.x development builds over the past year. But until then these weekly release candidates will continue.

    • Games

      • Godot Engine receiving support funded by Facebook Reality Labs

        It is with great excitement that we announce that the Godot Engine project is receiving support funded by a grant from Facebook Reality Labs to further the development of Virtual Reality (VR) features within Godot.

        Godot is a not-for-profit free and open source game engine which aims at empowering all users in their 2D and 3D game development projects. This grant will enable us to accelerate our efforts in providing first-class support for VR technologies. This includes cross-platform OpenXR support, an extended input action system for VR, Vulkan rendering and optimizations on mobile, and more!

        We designed a work package for VR and mobile rendering which we are now able to fund thanks to this generous grant. Like all Godot donations and corporate sponsoring, this grant is administered by our legal and fiscal sponsor Software Freedom Conservancy, a not-for-profit charity that promotes software freedom.

      • Godot Engine - Dev snapshot: Godot 3.2.4 beta 4

        While development keeps going at full speed towards Godot 4.0 (see recent devblogs on GDScript typed instructions, Complex Text Layout, Tiles editor, documentation, and 2D rendering improvements!), a lot of work is also being done on the 3.2 branch for the upcoming Godot 3.2.4.

        This new beta 4 adds a new round of bugfixes and enhancements over the previous dev snapshots, as well as some nice new features.

      • New Gang Beasts Update; Adds Aquarium Stage and Engine Upgrade

        What is perhaps one of the funniest games of all time has got an update for us. I had reviewed Gang Beasts a little over four years ago, and to this day, the game is still getting updated, and I still get a good chuckle out of it.

        This update packs quite a punch in terms of new content and bug fixes, and it’s free. Most notably, a new stage has been added; an aquarium that has a deadly octopus residing in the pool in the center:

        [...]

        Be careful once those tentacles come out! They’ll pull your character right into the watery depths below if it gets too close.

        [...]

        As for Linux, this version now requires a 64-bit operating system; as of Unity 2019, 32-bit distros are no longer supported.

      • Improving your CyberPunk 2077 Experience on Nvidia - Boiling Steam

        Since CyberPunk 2077 launched, Linux users have had quite a few issues with the game, and more often so for Nvidia users while we are waiting for driver updates and other fixes in the Proton suite.

        [...]

        By the way, if you are from the future, note that the above will probably be outdated by late December 2020 or later. But if you can’t wait to play Cyberpunk 2077 on Nvidia these may be your best options for now.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDevelop 5.6.1 released

          About three months after the release of KDevelop 5.6.0, we provide a first bugfix and stabilisation release for the 5.6 series today: KDevelop 5.6.1

        • Compositing Scheduling in KWin: Past, Present, and Future

          Currently, compositing infrastructure in KWin is heavily influenced by the X11 requirements, e.g. there is only one compositing clock, compositing is throttled to the lowest refresh rate, etc. Besides that, incorrect assumptions were made about the behavior of glXSwapBuffers() and eglSwapBuffers(), unfortunately, which result in frame drops and other related issues. With the ongoing Wayland improvements, we hope to fix the aforementioned issues.

        • KDE Plasma's KWin Working On Per-Screen Refresh Rates, Compositing From Multiple Threads - Phoronix

          KDE Plasma users will hopefully be seeing the KWin Wayland compositor perform better and more reliably in 2021.

          As KWin becomes more focused as a Wayland compositor rather than imposing the current limitations found with X11, the KDE Plasma desktop experience should improve nicely. KDE developer Vlad Zahorodnii penned a post today outlining some of the KWin improvements being pursued particularly around compositing scheduling.

    • Distributions

      • Puppy Linux

        • EasyOS version 2.5.3 released
        • Easy Buster version 2.5.3

          EasyOS versions 1.x are the "Pyro" series, the latest is 1.3. Easy Pyro is built with packages compiled from source using 'oe-qky-src', a fork of OpenEmbedded. Consequently, the builds are small and streamlined and integrated. The Pyro series may have future releases, but it is considered to be in maintenance status. The "Buster" series start from version 2.0, and are intended to be where most of the action is, ongoing. Version 2.0 was really a beta-quality build, to allow the testers to report back. The first official release was 2.1. The main feature of Easy Buster is that it is built from Debian 10 Buster DEBs, using WoofQ (a fork of Woof2: Woof-CE is another fork, used to build Puppy Linux). The advantage of Buster over Pyro is access to the large Debian package repositories. That is a big plus.

        • EasyPup is deprecated

          I am seriously considering discontinuing development of EasyPup. I know, I have said that before, but then gone and done some more work on it.

        • Put disabled HDD into deep-sleep mode

          For EasyOS "Copy session to RAM & disable drives" mode, forum member 'MochiMoppel' has suggested that "hdparm -Y " be applied to the "disabled" drives. See forum thread:

        • Tweaks for "save" icon in lockdown modes

          EasyOS has two lockdown modes. There is "Copy session to RAM" and "Copy session to RAM & disable drives". Both have a "save" icon on the desktop, so the user can at any time choose to save the session to the boot media. One problem was that when boot in lockdown mode, the 'init' script in the initrd edits /root/Choices/ROX-Filer/PuppyPin, replacing the "update" icon with a "save" icon.

      • New Releases

      • IBM/Red Hat/Fedora

        • CentOS killed by IBM – a chance to go new ways?

          But this post is not about BSD, because there simply are cases where you want (or need) a Linux system. And when it comes to stability, CentOS was simply a very good choice that’s very hard to replace with something else. Fortunately Rocky Linux was announced (https://rockylinux.org) – an effort by the original founder of CentOS who wants to basically repeat what he once did. I wish the project good luck. However I’d also like to take the chance as an admin and hobby distro tinkerer to discuss what CentOS actually stood for and if we could even accomplish something better! Heresy? Not so much. There’s always room for improvement. Let’s at least talk about it.

        • On the whole CentOS thing

          Well, I guess we know what's up with that now. The latest news this week is that CentOS 8 is having the rug pulled out from under it. Instead of having a final EOL of 2029, it now hits the wall in *six months* and will be completely dead in twelve. By the end of 2021, it will be all over.

          What's coming is something using the same name to push a different kind of product - one I'm not looking to run. I want boring. I *like* boring. I want a machine that just sits there and occasionally drops in a new patch and never picks up any new features. This is a good thing to me.

        • Red Hat and GitHub Collaborate to Expand the Developer Experience on Red Hat OpenShift with GitHub Actions [Ed: Ted Hat is working to help Microsoft's proprietary software monopoly]
        • 10 reasons to run SAP S/4HANA on Red Hat Enterprise Linux [Ed: “SPONSOR: RED HAT”; so IDG became a spammy dumping ground, though it used to be a network of sites with actual journalism]
        • Red Hat Enterprise Linux 7 to 8 In-Place Upgrade Using Leapp
        • 7 best practice tips for managing remote teams | Enable Sysadmin

          Managing a remote team is both challenging and rewarding. Glean best remote team management practices from someone who does it.

        • CIOs strive to build on IT’s business cred for 2021

          During the coronavirus pandemic, CIOs gained political capital by fortifying business operations and digitizing services in accordance with social distancing decrees. From accelerated migrations to new collaboration tools to implementing contactless services, IT leaders reprioritized roadmaps to empower employees and serve customers.

      • Debian Family

        • Dirk Eddelbuettel: RcppSpdlog 0.0.4: New upstream

          Not quite two months after the last release, we are happy to announce version 0.0.4 of RcppSpdlog. It contains release 1.8.2 of spdlog made today, along with version 7.1.3 of fmt.

        • Evgeni Golov: systemd + SELinux = Fire



          Okay, getting a title that will ensure clicks for this post was easy. Now comes the hatd part: content!

          When you deploy The Foreman, you want a secure setup by default. That's why we ship (and enable) a SELinux policy which allows you to run the involved daemons in confined mode.

          We have recently switched our default Ruby application server from Passenger (running via mod_passenger inside Apache httpd) to Puma (running standalone and Apache just being a reverse proxy). While doing so, we initially deployed Puma listening on localhost:3000 and while localhost is pretty safe, a local user could still turn out evil and talk directly to Puma, pretending to be authenticated by Apache (think Kerberos or X.509 cert auth).

          Obviously, this is not optimal, so the next task was to switch Puma to listen on an UNIX socket and only allow Apache to talk to said socket.

          This doesn't sound overly complicated, and indeed it wasn't. The most time/thought was spent on doing that in a way that doesn't break existing setups and still allows binding to a TCP socket for setups where users explicitly want that.

          We also made a change to the SELinux policy to properly label the newly created socket and allow httpd to access it.

          The whole change was carefully tested on CentOS 7 and worked like a charm. So we merged it, and it broke. Only on CentOS 8, but broken is broken, right?

          This is the start of my Thanksgiving story "learn how to debug SELinux issues" ;)

          From the logs of our integration test I knew the issue was Apache not being able to talk to that new socket (we archive sos reports as part of the tests, and those clearly had it in the auditd logs). But I also knew we did prepare our policy for that change, so either our preparation was not sufficient or the policy wasn't properly loaded.

          The same sos report also contained the output of semanage fcontext --list which stated that all regular files called /run/foreman.sock would get the foreman_var_run_t type assigned. Wait a moment, all regular files?! A socket is not a regular file! Let's quickly make that truly all files. That clearly changed the semanage fcontext --list output, but the socket was still created as var_run_t?!

        • Markus Koschany: My Free Software Activities in November 2020

          Welcome to gambaru.de. Here is my monthly report (+ the first week in December) that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

    • Devices/Embedded

      • Gemini Lake based Hackboard 2 starts at $99 with Ubuntu

        A “Hackboard 2” SBC has launched on Crowd Supply with Ubuntu ($99) or Win 10 Pro ($140) running on a dual-core Gemini Lake CPU with 4GB DDR4, 64GB eMMC, 3x USB, HDMI, 40-pin RPi GPIO, and 2x M.2 for NVM and 4G/5G.

        The Hackboard 2 is billed by Austin, Texas based startup Hackboard as “a powerful and affordable Windows 10 Pro SBC” and “one of the lowest-priced Intel-powered and Windows-based single-board computers ever.” Yet, unlike most PCs and mini-PCs, you are not paying a Windows tax for the pleasure of erasing Windows to load Linux. The Intel Gemini Lake based Hackboard 2 is available with Ubuntu for $99 or Win 10 Pro for $140.

      • Convergent App Development

        The Librem 5 while docked is just as versatile to write code on as our laptop. Build apps once, and run them on any screen size on a variety of hardware.

      • Ollie USB board exposes isolated UART, CAN, USB, RS485 & RS232 interfaces (crowdfunding)

        Just like months, we wrote about Tigard open-source USB FT2232H board for hardware hacking with easy access to OpenOCD, JTAG, Cortex, flashrom interfaces used to debug/flash boards, extra I/Os with UART, SPI, and I2C, as well as a header to connect a logic analyzer and observe signals.

        If the board does not exactly match your requirements, Ollie USB board might, also it may not serve exactly the same purpose(s). The board acts as a USB bridge to isolated UART (x2), CAN, USB, RS485, and RS232 interfaces.

      • Jetson Mate Cluster box takes four Jetson Nano/Xavier NX modules

        While we’ve seen plenty of cluster boards based on Raspberry Pi SBC or Compute Modules, I had never seen clusters of Jetson modules. Those already exist, and PicoCluster has a few, but what made me write this post today is Seeed Studio’s Jetson Mate cluster box equipped with a carrier board taking up to four NVIDIA Jetson Nano or Xavier NX modules, an enclosure covered with a largish cooling fan with RGB LED for good effect…

      • Raspberry Pi CM3 "Industrial IoT" baseboard features PoE, 4G LTE modem, and isolated I/Os

        The Raspberry Pi Computer Module 4 (CM4) may have been introduced in October, but that does not mean people have stopped all development on Raspberry Pi CM3/CM3+ hardware, and Waveshare has just launched a carrier board for the module with PoE support and a 4G LTE modem namely Simcom SIM7600G-H module with 3G and 2G fallback.

        The board also offers Ethernet and WiFi connectivity, HDMI and MIPI CSI/DSI video interfaces, multiple USB ports, as well as isolated CAN bus, RS485, RS232, and other I/Os for industrial applications.

      • Open Hardware/Modding

        • What’s the Value of Hackable Hardware, Anyway? €« bunnie's blog

          There is plenty of skepticism around the value of hackable products. Significantly, hackability is different from openness: cars are closed-source, yet support vibrant modding communities; gcc is one of the “real OG”s of open source, but few users find it easy to extend or enhance. Is it better to have a garden planted by the most knowledgeable botanists and maintained by experienced gardeners, or an open plot of land maintained by whoever has the interest and time?

        • What’s the Value of Hackable Hardware, Anyway?

          As long as humans choose to embrace diversity, I think hackability will have value. A notional “perfect” product implies there’s such a thing as a “perfect” user. However, in reality, even the simple conundrum of left- or right-handedness challenges the existence of a singular “perfect” product for all of humanity. Fortunately, accommodating the wonderfully diverse, quirky, and interesting range of humanity implicates just a few simple engineering principles, such as embracing screws over adhesives, openness, and modularity. That we can’t hack our products isn’t a limitation of physics and engineering. Precursor demonstrates one can build something simultaneously secure and hackable, while being compact and pocketable. This suggests the relative lack of hackable products on the market isn’t a fundamental limitation. Maybe we just need a little more imagination, maybe we need to be a little more open-minded about aesthetics, and maybe companies need to be willing to take brave steps toward openness and inclusivity.

          For Apple, true “courage to move on and do something new that betters all of us” was to remove the headphone jack, which resulted in locking users deeper into a walled-garden ecosystem. For hackers like myself, our “courage” is facing blunt criticisms for making “ugly” products with screws in order to facilitate mods, such as braille keyboards, in order to expand the definition of “all of us” beyond a set of privileged, “perfect” users.

          I hope this braille keyboard is just the first example of many mods for Precursor that adapt the product for unique end-users, bucking the trend of gaslighting users to mold their behavior and preferences to fit the product. If you’ve got an itch to develop your own yet-to-be-seen feature in a mobile device, please visit our crowdfunding campaign page to learn more about Precursor. We’re close to being funded, but we’ve only got a week left in the campaign. None of this becomes a reality without hitting our crowdfunding goal on December 15th – if you like what you see, please consider helping us to bring Precursor to life!

        • Arduino Blog €» This 12X scale model Arduino runs on an actual Arduino

          When you need a way to fit a microcontroller into a small space, the Arduino Nano is a great choice. If you need significant IO, the Mega is a go-to option. But if you need something physically very large, with the power and look of an Uno, the “Arduino Giga” by Zach Hipps of byte sized may fulfill your requirements nicely.

          Hipps’ device scales up the Arduino Uno 12 times, including 3D-printed models of connectors and other onboard components. Lettering is engraved with a CNC router, and after a bit of paint work, the finished product could be mistaken for the real thing (if you didn’t know the scale, of course).

        • Arduino Blog €» arduino-cli 0.14.0 is out and ready for the public!

          It’s been a while, so this time around you’re in for a treat. Don’t forget to go through the list of breaking changes and the new upgrade guide, this might save you some headaches.

        • Linker shrinks RISC-V application size

          The Segger Linker has been developed from the ground up to create executables for embedded systems, shrinking the size of RISC-V applications by up to 15 percent, shortens link time, delivers a detailed map file and provides more flexibility. The RISC-V Summit has highlighted the growth of the ecosystem for the open instruction set acrchitecture.

          The latest addition to Embedded Studio for RISC-V from Swedish tool vendor Segger is a custom Linker in addition to the GNU linker. This is based on the same code as the Segger Linker for ARM, adding integrated integrity check generation with a number of algorithms (CRCs and hashes), the ability to automatically place code and data in non-contiguous regions, and the ability to prioritize data into fast memories.

    • Free, Libre, and Open Source Software

      • Free Software

        • Public code for publicly financed international development cooperation

          International development cooperation is increasingly digitised. Free Software thus is becoming a fundamental technology to reach the United Nation's Sustainable Development Goals. Together with experts in the field, the FSFE summarises these interrelations in an article and demands publicly funded software to be published as Free Software.

          Inherent attributes of Free Software and its communities include equal access to the sources, an international culture of sharing and developing software together for the benefit of everyone. While many of us find these freedoms to be universally acceptable, we see that this is not the case once we look in the world of proprietary software. Unfortunately, the same is to be said for the distribution of natural resources around the globe.

          In 2015 the United Nations General Assembly set the Sustainable Development Goals, aiming at "a better and sustainable future for all" by trying to reduce inequalities and offer equal access to the most basic resources of our societies like food, health and education. International development cooperation strives to achieve the UN sustainability goals by improving global conditions and the empowering of local partners. In some extend similar as to software freedom, existing dependencies should be reduced and new dependencies avoided at all costs.

          [...]

          The article is part of our series about the basics of Free Software. It delivers background on the ongoing process of digitisation in international development cooperation, its effects and the status quo.

        • FSFE Local Group Zurich receives DINAcon Award

          In 2019, the FSFE's local group Zurich has launched the "Learn like the pros" campaign. Goal of the campaign is to present solutions for the use of Free Software in education. Recently, the campaign was awarded the DINACon Award. On this behalf we interviewed the coordinators Ralf Hersel and Gian-Maria Daffré.

          Unfortunately, non-Free Software is still increasingly used in the educational environment. Proprietary software however does not offer students and teachers the opportunity to study and adapt the functionality and principles of the software in use. In order to promote the digital maturity and sovereignty of the students as well as the teaching staff, Free Software should be consistently used in education instead. In order to get one step closer to this goal, the FSFE local group Zurich has picked up the topic with its own campaign called "Lernen wie die Profis" (German for "Learning like the pros"). The content of the campaign includes arguments and background information about the use of Free Software in the educational environment - combined with concrete solution and software proposals.

          Recently the campaign won the DINAcon Special Award 2020. This is an award for the campaign, but also for the local engagement and commitment of the FSFE local group Zurich. We took this award as an opportunity to introduce the campaign through an interview with the local Zurich coordinators Ralf Hersel and Gian-Maria Daffré ('Giammi').

          [...]

          On the news portal GNU/Linux.ch, which is maintained by Ralf and Lioh, there were many helpful discussions and ideas on this topic. Besides the many positive experiences we can also draw a worrying conclusion from the FSFE campaign work. The metaphor of the few and tired Free Software developers, also applies to this project work.

          Background: The FSFE local group Zurich exists since 2010. Current coordinators are Ralf Hersel with Gian-Maria Daffré as vice-coordinator. Prior to the "Learn like the pros" campaign presented in this article, the group has already launched the campaign Freedomvote. The group meets every second Thursday of the month. Usually at the digital agency Liip in Zurich, currently online via Big Blue Button. If you feel like joining the group now, just drop by.

        • Free Software Switch Poster

          Continuing the LibreOffice Shortcuts, Use Open Document, and LibreOffice Switch, here is one more colorful educational poster to promote Free Software and switch from nonfree software at the same time. This poster introduces not only LibreOffice alone, but also GIMP as a replacement alternative to Photoshop, as example, among other examples. You can freely take this poster, edit and translate to your own language, and share with your people in your country. For example, you can use this as a wall poster in your school or pick one to put on your personal website. As always, this poster is also available as png and svg. With this, I wish you can proudly invite people to adopt Free Software.

      • Web Browsers

        • Mozilla

          • Performance Sheriff Newsletter (November 2020) – Mozilla Performance

            In November there were 324 alerts generated, resulting in 54 regression bugs being filed on average 6.8 days after the regressing change landed.

            Welcome to the November 2020 edition of the performance sheriffing newsletter. Here you’ll find the usual summary of our sheriffing efficiency metrics, followed by a dive into some of our other metrics. If you’re interested (and if you have access) you can view the full dashboard.

            [...]

            Having so many performance testing frameworks makes it challenging for Firefox engineers to know which they should use to write a test, and which they should run when testing performance of their patches. Whilst all of these frameworks are written in Python and produce similar looking output, they have different requirements and very different command line syntax. In 2020 we have started to address this issue by introducing yet another test framework!

            Don’t panic though, because the intention behind mozperftest is to eventually replace all of our other test frameworks. We already have several tests running, and we are actively encouraging all new performance tests to be written using mozperftest instead of any of the legacy frameworks listed above. If you’d like to find out more you can read the documentation, and if you have any questions you can reach out to the team in #generic-perf-tests on Matrix.

          • TenFourFox Development: Unexpected FPR30 changes because 2020

            If you've read this blog for any length of time, you know how much I like to be punctual with releases to parallel mainstream Firefox. However, there have been no reported problems from the beta and there are no major security issues that must be patched immediately, so there's a simple workaround: on Monday night Pacific time the beta will simply become the release. If you're already using the beta, then just keep on using it. Since I was already intending to do a security-only release after FPR30 and I wasn't planning to issue a beta for it anyway, anything left over from FPR30 will get rolled into FPR30 SPR1 and this will give me enough cushion to get the G5 back in working order (or at least dust off the spare) for that release on or about January 26. I'm sure all of you will get over it by then. :)

          • Differences in cookie length (size?) restrictions

            I was digging through some of the old http-state tests (which got ported into web-platform-tests, and which I’m rewriting to be more modern and, mostly work?) and noticed an interesting difference between Chrome and Firefox in disabled-chromium0020-test (no idea why it’s called disabled and not, in fact, disabled).

          • How anti-fingerprinting extensions tend to make fingerprinting easier | Almost Secure

            Do you have a privacy protection extension installed in your browser? There are so many around, and every security vendor is promoting their own. Typically, these will provide a feature called “anti-fingerprinting” or “fingerprint protection” which is supposed to make you less identifiable on the web. What you won’t notice: this feature is almost universally flawed, potentially allowing even better fingerprinting.

            [...]

            Let’s say that all the technical issues are solved. The mechanism for installing fake values works flawlessly. This still leaves a question: how does one choose the “right” fake value?

            How about choosing a random value? My display resolution is 1661×3351, now fingerprint that! As funny as this is, fingerprinting doesn’t rely on data that makes sense. All it needs is data that is stable and sufficiently unique. And that display resolution is certainly extremely unique. Now one could come up with schemes to change this value regularly, but fact is: making users stand out isn’t the right way.

            What you’d rather want is finding the largest group out there and joining it. My display resolution is 1920×1080 – just the common Full HD, nothing to see here! Want to know my available display space? I have my Windows taskbar at the bottom, just like everyone else. No, I didn’t resize it either. I’m just your average Joe.

            The only trouble with this approach: the values have to be re-evaluated regularly. Two decades ago, 1024×768 was the most common display resolution and a good choice for anti-fingerprinting. Today, someone claiming to have this screen size would certainly stick out. Similarly, in my website logs visitors claiming to use Firefox 48 are noticeable: it might have been a common browser version some years ago, but today it’s usually bots merely pretending to be website visitors.

      • Productivity Software/LibreOffice/Calligra

        • Better PDF signature verification in Draw

          Draw now has much better support for detecting unsigned incremental updates between signatures at the end of PDF documents. We now also make sure that incremental updates introduced for adding signatures really just add annotations and don’t change the actual content.

        • LibreOffice Template Contest – Win awesome prizes!

          LibreOffice comes with various templates, and extras are available on our dedicated extensions and templates website. But even more are always welcome! Today, Swiss company Adfinis, a contributor to LibreOffice and member of The Document Foundation’s Advisory Board, is starting a contest to get shiny new templates for LibreOffice.

          So, what does this entail? Well, until January 31, you can create templates for Impress, Writer and Calc, and submit them in the contest. There are some rules and requirements, but if you abide by them, your template(s) will be rated by a jury and the winners will be announced at FOSDEM.

        • Get cool LibreOffice merchandise – T-shirts, hoodies, mugs and more

          Show your love for LibreOffice with some snazzy merchandise! You can get T-shirts, hoodies, bags, mugs, baseball caps and more from online shops. And even better: some of the proceeds from sales go to The Document Foundation, the non-profit entity behind LibreOffice. This helps us to grow our community, organise events, share knowledge and keep making LibreOffice even better.

      • FSF

        • In-depth free software news: Read the fall Bulletin online — Free Software Foundation

          For 35 years, the Free Software Foundation (FSF) has attempted to provide you with the best information about threats to computing freedom, highlight the efforts of activists worldwide, and connect more people to the struggle. One resource we produce to this end is the biannual Free Software Foundation Bulletin, which is printed as well as presented online – if you’ve received yours in the mail, we encourage you to post a picture on social media with #fsfbulletin!

        • The problems with Apple aren't just outages, they are injustices

          This November, both everyday users and privacy advocates found new reasons to be concerned about Apple. After an update to the latest version of their operating system, users found that they were unable to launch applications that were not written by Apple itself. This problem was caused by an Apple server outage. But why did the unavailabilty of a remote server prevent a user from launching a program on their own computer?

          It turns out that each time a program is opened on macOS, it phones home via the Online Certificate Status Protocol (OCSP) to see if that application is "okay" to launch: it asks the corporation permission each time a new application is encountered, sending potentially identifying information along with that request. While this function only made news because of the recent server outage caused by the release of the newest version of macOS, Big Sur, research indicates that the report-back has existed in the operating system since September 2018, with the release of macOS Mojave. This is a classic case of proprietary software serving as an instrument of unjust power.

          Although Apple does not directly receive the name of the application, but rather information on who developed it, most developers have only a very limited number of apps on the App Store, making it easy for Apple to infer. More disturbing yet is the other identifying information that is sent along with the request, which includes the user's approximate location and the current date and time.

          Because macOS is so restricted, it leaves everyone, including free software developers, powerless to help users prevent their application use from being reported back to Apple. Due to the way the system is engineered, free software firewalls like LuLu are unable to block the information from being sent to Apple domains. Furthermore, the information is sent unencrypted over the network, potentially allowing a snoop to see which applications a user was trying to launch on their own computer. The request also bypasses any VPN, letting Apple know their approximate location even if the user has taken steps to stay anonymous.

      • Programming/Development

        • Building REST APIs with Laravel Orion - Laravel News

          Have you noticed, that when building an API, you often keep writing the same code over and over again? You create a controller for [name your entity here] with methods for listing, creating, showing, updating, and deleting that [entity]. Then you create another controller, and it happens again, and again. Then you need to write some custom methods (endpoints) just to support updating a relation or a field on the pivot table? Sounds familiar, isn’t it?

          Over the past year I was working on a Laravel package that does exactly that – abstracts these patterns, so you could focus on what really matters – building your application. Laravel Orion allows you to build fully-featured REST APIs in a matter of minutes by providing common endpoints for CRUD operations, working with soft deletable models, and performing a comprehensive search. It works hand in hand with Laravel solutions like Requests for handling validation, Policies for handling authorization, and Resources for transforming responses.

        • Learn Julia by coding a game | Opensource.com

          These concepts are the basis of most programming languages. Once you understand them, you can start figuring the rest out.

          Programming languages usually share some similarities. Once you know one programming language, you can learn the basics of another by recognizing its differences.

        • Perl/Raku

        • Python

          • Python structural pattern matching morphs again [LWN.net]

            way to specify multiply branched conditionals in the Python language—akin to the C switch statement—has been a longtime feature request. Over the years, various proposals have been mooted, but none has ever crossed the finish line and made it into the language. A highly ambitious proposal that would solve the multi-branch-conditional problem (and quite a bit more) has been discussed—dissected, perhaps—in the Python community over the last six months or so. We have covered some of the discussion in August and September, but the ground has shifted once again so it is time to see where things stand.

            It seems quite possible that this could be the last major change that is made to the language—if it is made at all. As with many mature projects, there is a good deal of conservatism that tends to rear its head when big changes are proposed for Python. But this proposal has the backing of project founder (and former benevolent dictator for life) Guido van Rossum and has attracted support from other core developers—as well as opposition from within that group. It may also depend on one's definition of major, of course, but large syntactic and semantic language changes are definitely finding major headwinds in the Python community these days.

        • Rust

          • Advent of Rust 8: Please Make Your Error More Error-y | The Mad Scientist Review



            It’s Day 8 of the no-longer-so-stream-of-consciousness-log of teaching myself the Rust programming language by solving the programming puzzles at Advent of Code 2020.

            Today I start off by refactoring my boilerplate code some more. I got loads of friendly advice from Federico Mena Quintero including how to configure Cargo so that the main.rs doesn’t have to be in a subdirectory, some reading material on error handling which I am working my way through, and a talk which I watched last night while washing the dishes, on Rust programs as a dialogue between the programmer and the compiler. A dialogue between the programmer and the compiler is certainly what some of these puzzles have been!

          • Advent of Rust 9: Find That Number, (F)or Else | The Mad Scientist Review

            Welcome again to the not-so-stream-of-consciousness log, where the puns in the titles get worse every day. Today’s topic is the same as every day’s topic: me teaching myself the Rust programming language by doing programming puzzles from Advent of Code 2020.

          • Advent of Rust 10: When All You Have is Itertools, Every Problem Looks like an Iter | The Mad Scientist Review

            Welcome back to episode 10 of the previously-stream-of-consciousness-now-abbreviated log of me trying to teach myself the Rust programming language, stumbling my way through the puzzles from Advent of Code 2020.

            I have noticed that by now doing a puzzle each day and writing about it is somewhat tiring. I’ve found myself eager to solve the puzzle in the quickest way possible rather than to use each day’s puzzle as an excuse to learn a new language feature in Rust. But on the other hand I think that’s OK! Despite that, I am still enjoying it and looking forward each day to seeing what the new puzzle is.

            It’s just fine to want to solve puzzles in a hacky way; once the puzzle is solved, it’s done!

          • Rotating the compiler team leads

            Since we created the Rust teams, I have been serving as lead of two teams: the compiler team and the language design team (I’ve also been a member of the core team, which has no lead). For those less familiar with Rust’s governance, the compiler team is focused on the maintenance and implementation of the compiler itself (and, more recently, the standard library). The language design team is focused on the design aspects. Over that time, all the Rust teams have grown and evolved, with the compiler team in particular being home to a number of really strong members.

            Last October, I announced that pnkfelix was joining me as compiler team co-lead. Today, I am stepping back from my role as compiler team co-lead altogether. After taking nominations from the compiler team, pnkfelix and I are proud to announce that wesleywiser will replace me as compiler team co-lead. If you don’t know Wesley, there’ll be an announcement on Inside Rust where you can learn a bit more about what he has done, but let me just say I am pleased as punch that he agreed to serve as co-lead. He’s going to do a great job.

        • Java

  • Leftovers

    • This Is Our Home Too
    • Science

      • Two pictures of quantum computation

        Interpretations of quantum mechanics are boring. Boring! Maybe the universe has a strict partition between quantum and non-quantum. Maybe there are a bunch of parallel universes with limited crosstalk. Or maybe it’s whatever the Bohmian mechanics people are talking about. Shut up and calculate, I think. I don’t say this out of some disdain for idle philosophizing or to put on airs of a salt-of-the-earth laborer in the equation mines. It’s just there are so, so many interesting things you can learn about in quantum theory without ever going near the interpretation question. Yet it’s many peoples' first & last stop. Rise above!

        This one is about quantum interference. A humble phenomenon, usually first encountered in high school physics when learning about whether light is a particle or a wave. Maybe your physics teacher took your class down to the dark, empty, disused school basement and fired a laser through a grating. You saw an interference pattern on the wall that kinda resembled what you saw, with water, in the ripple tank back upstairs. And that was that.

      • Everything You Need to Make Beer, Wine, Cider, and Mead

        Sanitation is perhaps the most important part of any fermentation process. You want to make sure everything that touches your liquid pre- and post-ferment has been fully sterilized with a no-rinse sanitizer (see the section on Star San below). This keeps poor-tasting yeasts and other contaminants out, and ensures shelf stability.

      • Electromagnetic Space Launch €« etbe - Russell Coker

        An accelerator of 14G for 10 seconds (well below the level that’s unsafe) gives a speed of mach 4 and an acceleration distance of just under 7km. Launching a 100 metric ton spacecraft in that way would require 14MW at the end of the launch path plus some extra for the weight of the part that contains magnets which would be retrieved by parachute. 14MW is a small fraction of the power used by a train or tram network and brown-outs of the transit network is something that they deal with so such a launch could be powered by diverting power from a transit network. The Rocky Mountains in the US peak at 4.4KM above sea level, so a magnetic launch that starts 2.6KM below sea level and extends the height of the Rocky Mountains would do.

        A speed of mach 4 vertically would get a height of 96Km if we disregard drag, that’s almost 1/4 of the orbital altitude of the ISS. This seems like a more practical way to launch humans into space than a space elevator.

    • Health/Nutrition

      • 'Seems Like a Good Policy!' CBO Shows Medicare for All Could Cover Everyone for $650 Billion Less Per Year

        The analysis shows that administrative costs under a single-payer healthcare system "will be lower than what even the most rabid Medicare for All supporters have traditionally claimed."

      • Republican Madness

        Remember: Trump lost the election in part because he ignored the pandemic.

        These are caustic times, and not only because of the superspreading COVID and an economy sinking because of it. It’s also what lies beneath, like a circling shark: the repeated onslaught of lies by Trump and his far-right Republican allies that the president won the election.

      • Nineteen Tragic Facts About COVID-19

        50 million. 50 million people are now facing hunger at least once a month, including 1 in 4 children. The rate of adults who sometimes or often do not have enough to eat is double in Black and Latino homes, according to the Associated Press.

        30 million. 30 million people are facing eviction as of December 31, 2020 when the current Centers for Disease Control moratorium on evictions ends. There has been a 70% increase in the number of people paying their rent by credit card.

      • The Sociopathy Contagion

        I mention this because it seems to be one bookend of the American experience, by that I mean the European invader chapter, from which my people came. They often fled terrible situations, but took the toxicity of those places they fled and planted it in the fertile American soil. For years upon years the “lucky” accident that they landed on a gorgeous land conveniently depopulated was propelled as evidence of the superiority of the winner take all system. But reality shows itself, sometimes hundreds of years later. We are in the era of unvarnished truth emerging.

        The covid failure on the part of the United States is shaping up to be the end of any rational narrative that America is unique in the world (other than in a negative sense by virtue of the virus numbers). It’s only possible for so long to go along with gaslighting and magical thinking before the reality of the situation takes hold. Covid-19 plunges forward, unconcerned with the inane murmuring of personal freedom, hoaxes–really anything else that makes the owner of said irrational thoughts feel better and more in control of their world. The part of the brain crying out “it’s a hoax” is the same spot that for millennia, people have used to do the mental gymnastics they needed to feel safe. Whether it’s saying a black man should have “done what the police told him” or a raped woman was drunk and inappropriately dressed—it’s just a cowardly way to feel you won’t end up in a victim situation—a way to separate yourself. Those others did wrong, the virus is fake—and now I am going to get very irate about something incredibly minimal, but my pain is orders of magnitude more important than that of others. It’s fragile egos that explode rather than reflect.

      • Wall Street is Now Betting on the Future of water Supplies

        Wall Street is about to launch futures contracts tied to the price of water for the first time in US history, as Business Insider reports.

        As water becomes scarce due to climate change, investors are planning to effectively bet on the availability of water in California. The contract laid out by CME Group, a global markets company, is linked to the state’s $1.1 billion local water market.

      • US Sets a Grim New Record: Over 3,000 COVID Deaths in One Day

        According to figures published by the Johns Hopkins University tracker, 3,124 Covid-19 deaths recorded in the United States on Wednesday, plus an additional 221,276 new cases confirmed. It is the first time since the pandemic began that the US has recorded more than 3,000 deaths in a single day.

      • Open source release of NZ COVID Tracer

        The app has been released under the AGPL license. Works derived from it must also be released under the same license.

        We intend to release other system components over time to continue building trust in the integrity of the NZ COVID Tracer app.a

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

          • Openwashing

            • Expanding Fuchsia's open source model

              Starting today, we are expanding Fuchsia's open source model to make it easier for the public to engage with the project. We have created new public mailing lists for project discussions, added a governance model to clarify how strategic decisions are made, and opened up the issue tracker for public contributors to see what’s being worked on. As an open source effort, we welcome high-quality, well-tested contributions from all. There is now a process to become a member to submit patches, or a committer with full write access.

              In addition, we are also publishing a technical roadmap for Fuchsia to provide better insights for project direction and priorities. Some of the highlights of the roadmap are working on a driver framework for updating the kernel independently of the drivers, improving file systems for performance, and expanding the input pipeline for accessibility.

            • LwM2M v1.2 M2M & IoT device management protocol adds support for HTTP and MQTT, LwM2M gateways

              Lightweight M2M (LwM2M) is a REST-based protocol from the Open Mobile Alliance (OMA) for M2M & IoT device management that defines the application layer communication protocol between an LwM2M server and an LwM2M client running on an IoT/embedded device.

              While LwM2M v1.0 was published in early 2017, we first covered the new protocol a year earlier as Imagination Technologies released the source code for the LwM2M stack running on MIPS Creator Ci40 development board. Since then we’ve mostly seen the LwM2M protocol supported in cellular LTE IoT modules including Quectel BC66 and u-Blox Sara-R410M, as well as the now-defunct Samsung Artik WiFi IoT modules.

            • Finding Critical Open Source Projects

              Open source software (OSS) has long suffered from a "tragedy of the commons" problem. Most organizations, large and small, make use of open source software every day to build modern products, but many OSS projects are struggling for the time, resources and attention they need. This is a resource allocation problem and Google, as part of Open Source Security Foundation (OpenSSF), can help solve it together. We need ways to connect critical open source projects we all rely on, with organizations that can provide them with adequate support.

            • Google Comes Up With A Metric For Gauging Critical Open-Source Projects - Phoronix

              Google as part of their involvement in the Open-Source Security Foundation (OpenSSF) has devised the "Criticality Score" as a means of judging crucial open-source projects.

              In order for being able to determine projects in need of support for funding or development assistance, Google with the other OpenSSF parties came up with the "Criticality Score" as a 0 to 1 metric for indicating a project's criticalness.

          • Privatisation/Privateering

            • Linux Foundation

              • EdgeX Foundry, the Leading IoT Open Source Framework, Simplifies Deployment with the Latest Hanoi Release, New Use Cases and Ecosystem Resources

                EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for IoT edge computing independent of connectivity protocol, hardware, operating system, applications or cloud, today announced the “Hanoi” release that makes IoT deployment easier and the launch of new ecosystem resources.

                “EdgeX Foundry fosters an ecosystem of interoperable components from a variety of vendors to create a much-needed IoT framework for edge solutions,” said Arpit Joshipura, general manager, Networking, Automation, Edge and IoT, the Linux Foundation. “With the support of LF Edge members and EdgeX contributors from across the globe, we are paving the way to enable and support a more robust solution at the IoT, Enterprise, Cloud and Telco edge.”

        • Security

          • PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers

            “The attack starts with a password brute-force on the MySQL service. Once successful, the attacker runs a sequence of queries in the database, gathering data on existing tables and users,” said Ophir Harpaz and Omri Marom, researchers with Guardicore Labs, in a Thursday post. “By the end of execution, the victim’s data is gone – it’s archived in a zipped file which is sent to the attackers’ servers and then deleted from the database.”

          • Introducing software fuzzing – part of AI and ML in DevOps - JAXenter

            This isn’t just about having to reboot your phone when an app freezes. While that’s certainly a software quality issue that causes you a minor annoyance, it doesn’t impact your safety (unless you happen to be driving and if so – shame on you!) or access to services. As our technology inevitably fades into the background, the software reacting to us will be our literal backdrop, the infrastructure that moves us around, helps us communicate, and lets us work and collaborate.

            If we are living in a software world, and we want to live in a high-quality world, then we need high-quality software testing. We need that testing to stand up to the future, and that means greatly increasing the velocity of our testing frameworks. Although we can get far with human-driven testing, and augment that with things like static code analysis, at scale it becomes more and more difficult to eliminate tester bias from the pool of test cases.

            Thinking about the true purpose of software testing, what are we trying to achieve? At the most granular level, we are trying to take the software down as many code execution paths as possible, and we are monitoring the behavior of the application to see how it behaves along those paths. Do we get the output we are expecting? Does the application crash? Can we manipulate the application to show us data that we shouldn’t be able to see?

          • Episode 237 – Door 12: Video game hacking – Open Source Security

            Josh and Kurt talk about video game hacking. The speedrunners are doing the best security research today

          • Reproducible Builds (diffoscope): diffoscope 163 released

            The diffoscope maintainers are pleased to announce the release of diffoscope version 163.

          • Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

            On December 8, the cybercriminal gang responsible for deploying the Conti ransomware strain (also known as “Ryuk“) published more than 10 gigabytes of data that it claimed to have removed from TSYS’s networks.

          • Finnish Data Theft and Extortion

            The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they started extorting money from the patients: [...]

          • Misery of Ransomware Hits Hospitals the Hardest

            In September, employees at Universal Health Services (UHS), a Fortune-500 owner of a nationwide network of hospitals, reported widespread outages that resulted in delayed lab results, a fallback to pen and paper, and patients being diverted to other hospitals. The culprit turned out to be the Ryuk ransomware, which locked up hospital systems for days.

          • Privacy/Surveillance

            • When it Comes to Facebook, the Need for Action Has Been Obvious for a Long Time

              It was 1998 when Microsoft finally landed in the cross hairs of the federal government, when the Justice Department and 20 state attorneys general alleged in an antitrust lawsuit that the software giant had abused its market power to crush competition. It was the last time the government took meaningful action against the unfettered rise of a tech behemoth.

            • “Schrems II” reaches US Legislator: US Senate Hearing on EU-US data transfers today

              Max Schrems, honorary chairman of noyb and plaintiff in the underlying case before the CJEU C‑311/18 - Schrems II: “I very much welcome that the US Senate is now considering the problems we face, given the excessive US surveillance of its international customers. The problems we face can only be overcome if there are legislative changes on the US side.”

              Unfortunately, the hearing will only feature US lawyers, but no European expert. Next to representatives of the US Federal Trade Commission (FTC) and the US Department of Commerce (DoC) the Senate will hear from Facebook’s main witness in the Irish procedure (Peter Swire), a representative of the Software Industry (Victoria Espinel) and the main witness of the Irish Data Protection Commission (Neil Richards). Facebook and the Irish Data Protection Commission have lost the case before the European Court of Justice.

            • EUROPOL and Counterterrorism: Commission Calls for Biometric Mass Surveillance and Attacks Encryption

              Today, the European Commission presented new proposals for the reform of Europol and a strategy to combat terrorism. Europol has just been reprimanded by the European Data Protection Supervisor (EDPS). Now it is to be allowed to collect large amounts of data on non-suspects such as cell-mast data. In addition, the EU Commission’s counter-terrorism strategy advocates, among other things, facial surveillance in public places.

            • How the Attention Economy Hurts You via Social Media Sites like Facebook

              There is a whole science to manipulating our attention. And because there is a lot of money to be made by doing this well, it means we all encounter attempts to manipulate what we pay attention to each day. What is this, and how is it harmful? This post will be the first on a series on the topic.

              [...]

              What does it mean to society at large — and to you personally — that large companies make a lot of money by maximizing fear and controversy?

              The most obvious way is it leads to less common ground. If the posts and reactions that show common ground are never seen because they don’t drive engagement, it poisons the well; left and right hate each other with ever more vigor — a profitable outcome to Facebook, but a poisonous one to all of us.

              I have had several friendships lost because I — a liberal in agreement with these friends on political matters — still talk to Trump voters. On the other side, we’ve seen people storm the Michigan statehouse with weapons. How did that level of disagreement — and even fear behind it — get so firmly embedded in our society? Surely the fact that social media shows us things designed to stimulate fear and anger must play a role.

              What does it do to our ability to have empathy for, and understand, others? The Facebook groups I’ve been in for like-minded people have largely been flooded with memes calling the President “rump” and other things clearly designed to make people angry or fearful. It’s a worthless experience, and not just that, but it’s a harmful experience.

              When our major media — TV and social networks — all are optimizing for fear, anger, and controvesry, we have a society beholden to fear, anger, and controvesy.

              In my next installment, I’m going to talk about what to do about this, including the decentralized social networks of the Fediverse that are specifically designed to put you back in charge of your attention.

            • PrivChat with Tor: 2020-12-11 Tor advancing human rights

              Tomorrow, on 11th December, 2020 at 18:00UTC, Tor will host the third edition of the PrivChat event, to discuss with some real life Tor users and talk about how Tor helps them to defend human rights.

    • Defence/Aggression

      • US COVID Deaths Top American World War II Casualties
      • A Very Trumpian Christmas Surprise? Signs Point to a Possible US Attack on Iran

        On November 12, President Trump reportedly asked his top national security advisers to prepare plans for attacking nuclear processing facilities in Iran after Tehran announced its intent to accelerate its uranium enrichment activities—a step taken in response to Trump’s withdrawal from the 2015 nuclear deal and his imposition of crushing economic sanctions. According to White House sources, Trump was talked out of launching an attack on that date by some of his top advisers, including Vice President Mike Pence and Secretary of State Mike Pompeo, who claimed it would ignite an eruption of violence all across the Middle East.

      • Imperfect Releases: Andrew Hastie, War Crimes Reports and Australia in Afghanistan

        Of interest is where the report goes from here. A fair guess is that it will not venture too far into waters of reform. Hastie, for one, would have preferred it never to have been published, or at least not released in the “imperfect” way it was. He takes particular issue with the connected work of consultant Samantha Crompvoets, a sociologist commissioned by the Special Operations Commander of Australia (SOCAUST) to conduct a “cultural review” of the Special Operations Command in mid-2015.

        In many ways, the work of Crompvoets, which is drawn upon and referenced heavily by the Brereton Inquiry itself, is more significant. It is less tightly hemmed by qualifications and speaks to the broader tactics and methods of Australia’s Special Forces. In her January 2016 report, she refers to body count competitions and the use of the Joint Priority Effects List (JPEL). Euphemised for battle, the JPEL effectively constituted a “sanctioned kill list” with numbers that were massaged.

      • The New Humanitarian | Honduran storm survivors form US-bound migrant caravan

        For many Hondurans already suffering widespread poverty, government corruption, and one of the highest rates of violence in the world outside a warzone, back-to-back hurricanes in November, which razed paths of destruction and displaced hundreds of thousands from their homes, were the final straw.

        Hundreds began trickling out of the northern city of San Pedro Sula on foot on 9 December – the first US-bound caravan since early October, and potentially the start of a new wave of Central American migrants that would test Joe Biden’s commitment to moving on from the anti-migration policies of the Trump era.

      • Abolish the Death Penalty

        Lame duck President Donald Trump is rushing through five federal death-penalty executions before he leaves office. Trump’s killing spree breaks a 130-year-old tradition of not executing prisoners during a presidential transition.

        In 2019, Trump began resuming executions in federal death penalty cases, which had not been carried out since 2003. With these last five executions, Trump’s federal executions will total 13 since July, the most federal executions in any year since 1896.

        Two of the five remaining executions were already carried through on December 10 and 11. Of the five slated for death, three are mentally disabled and four are black men, which fits with the longstanding pattern of who is most likely to be executed by the state. 170 people originally sentenced to the death penalty have been exonerated of their accused crimes since 1973.

    • Environment

      • UK Dark Sky Reserve Success for National Parks

        The Yorkshire Dales and North York Moors National Parks have been designated International Dark Sky Reserves, joining an exclusive global family of Dark Sky Places.

        The Yorkshire Dales and North York Moors are home to some of the darkest skies in the country, with large areas of unpolluted night sky where it’s possible to see thousands of stars, the Milky Way, meteors, and even the Northern Lights.

        As part of a coordinated approach by the two National Parks, the International Dark-Sky Association (IDA), has granted Reserve status to both areas, which combined cover over 3500 km2 of northern England. This is by far the biggest such announcement in the UK and represents one of the largest areas in Europe to be simultaneously designated.

        Both National Parks have worked hard over several years to achieve this award, gaining support from councils, parishes, landowners, businesses, and renowned astronomical experts.

      • Energy

        • Marin, Finnish groups welcome EU climate agreement

          The EU wants to reach “net zero” emissions by 2050, a deadline that scientists say the world must meet to avert the most catastrophic impacts of climate change. Finland, meanwhile, aims to be carbon-neutral by 2035.

        • Electric Utilities Are Slow to Address the Climate Crisis, Reports Indicate

          This is according to two reports released last week on electric utilities and climate. One assessment by fossil fuel watchdog group, the Energy and Policy Institute (EPI), finds that many electric utilities are on a slow track to decarbonizing the electricity sector over the next decade and are still prioritizing fossil fuels over renewable energy. Another report published jointly by the Environmental Defense Fund and the Sabin Center for Climate Change Law at Columbia University argues that electric utilities have a legal obligation to be planning for climate-related risks but finds that few utilities are doing this high-quality€ planning.

    • Finance

      • To the Barricades: The Red House and the Future of Eviction Defense

        Either way, the stories you’ll hear will focus on violence.€  If you look into it a little, you’ll realize that what the stories are really focusing on are destruction of property — particularly the windows of police cars smashed by well-aimed rocks — and the number of times over the past few months of the eviction defense encampment on the front yard of the Red House that the police have been called because of “disturbances.”€  81 times, according to police records, the police emphasize in the report they issued after they entered the house and arrested occupants in a pre-dawn raid on December 8th.

        I can only imagine what some of those disturbances might have been caused by.€  The house is just at the end of the commercial section of Mississippi Avenue, where what remains of one of Portland’s two historically Black neighborhoods stands, with its uncomfortable mix of wine-sipping gentrifiers living alongside a perennially struggling and shrinking Black working class, along with increasing numbers of people living in tents that line the highway which cuts through the neighborhood — the highway that was originally routed through that neighborhood in order to destroy it, as was done to so many other Black neighborhoods across the US when the highways were being built.

      • Beating Up on Finance
      • Don't Withhold Hazard Pay

        This past spring, large retail chains like Walmart, Kroger, and Amazon introduced hazard pay under a variety of names (“Hero Pay,” “Appreciation Pay”), paying single bonuses or supplementing workers’ hourly wages by up to $2 per hour. Then, over the summer, they quietly ended the practice.

        There’s a triple injustice in these developments. Prior to the pandemic, millions of workers had been denied a living wage that could sustain a family. People employed as home health aides, nursing assistants, cashiers and retail salespersons, janitors and cleaners, security guards, and laborers had been making, on average, hourly wages below $15 an hour. According to a Brookings Institution analysis, almost half the 50 million people who work in frontline essential jobs fall into this category.

    • AstroTurf/Lobbying/Politics

      • Every Republican in Congress May Have to Vote on Trump’s Coup

        That won’t happen, if only because the Democratic-controlled House isn’t going to support Brooks’s effort to overturn the election. But it would force each and every Republican member of Congress to go on record supporting or opposing Trump’s coup, in the ultimate loyalty test just before the 45th president leaves office, shrieking and whining the whole way. They all know Trump’s refusal to accept defeat is childish and dangerous, but will they have the courage to deny him one final gesture of fealty? I wouldn’t be so sure about it. But if they do succumb in large numbers to this last temptation, their party will for years bear the stain of so outrageous and authoritarian a measure, as bright and red as the biblical Mark of the Beast.

      • Republicans want more than a coup: Trump's loyalty test exposes their hatred for democracy

        In doing so, these Republicans have outed themselves as opponents of democracy. There is no other way to read this, and no wiggle room to pretend otherwise. This isn't about "voter fraud" or any of the other bad-faith gambits that Trump and his supporters are throwing out as distractions. It's about throwing out entire state elections because they favored a Democrat.

        And while Republicans in the Senate have not formally signed onto this assault on the concept of democracy, many have done so informally.

      • A Guide to Giving: Worst Year Ever Edition

        Was 2020 the worst year you can remember or what? Well, cheer up. Think how much worse you’d feel if Joe Biden had lost. Let’s not let Covid, homeschooling by Zoom, Republicans, Amy Coney Barrett, and the weird death-throe flailings of Donald Trump (firing squads—really?) keep us from spreading joy and justice to good people who are trying to light a candle in this naughty world.

      • The Electoral College Invites Fraud

        It does so because, instead of looking toward the candidates’ overall vote totals nationwide, it aggregates 51 smaller elections. As a result, fraud can determine the outcome if the election is close in just one or more states – even if one candidate wins decisively nationwide.

        Just look at the Trump-Biden election. Biden defeated Trump by more than 6 million votes – far beyond the margin of realistic fraud. But in several battleground states, totaling enough electoral votes to change the outcome, the margin is sufficiently close that Trump has managed to convince millions of people he was robbed.

      • Personnel as Policy: What Biden’s Picks So Far Tell Us

        “The grown-ups are back in charge,” announced a relieved Financial Times editorial board, hailing the early cabinet appointments of President-elect Joe Biden. So far, his picks have all been known quantities: experienced, smart, and competent—no small relief after the madcap chaos of the Trump years. However, they will inherit cascading calamities that require new thinking and dramatic change. And their experience in office is a testament to the failure and follies of the so-called best and brightest.

      • No Time to Waste on Whining, Absent Politicians

        In the meantime, the individual responsible for dealing with the nation’s many and varied crises is busy whining about the election he lost, still claiming he won, and evincing not a shred of concern for the health and well-being of 330 million Americans. Put bluntly, there’s no more time to waste on whining and absent politicians.

        The numbers are so shocking it’s difficult to put them in perspective: 217,664 new cases of COVID infection a day, heading towards a stunning 3,000 daily deaths —€ the equivalent of one 9/11 attack every day or 10 fully-loaded passenger jets crashing and killing everyone on board 24-7. Hospitals are running out of beds while doctors and nurses are exhausted from the nonstop tragedy and endless number of cruel deaths.

    • Freedom of Information/Freedom of the Press

      • Dissenter Weekly: COVID-19 Data Whistleblower Targeted In Raid—Plus, Assange Update

        On this edition of the “Dissenter Weekly,” host and Shadowproof editor Kevin Gosztola comments on the raid that Florida state agents conducted against COVID-19 data whistleblower Rebekah Jones.

        Later in the show, Gosztola highlights an anti-money laundering law with major whistleblower-killing loopholes. He also provides updates on NSA whistleblower Reality Winner and WikiLeaks founder Julian Assange.

      • Julian Assange: Covid Risks and Campaigns for Pardon

        Before the January 4 ruling of District Judge Vanessa Baraitser in the extradition case of Julian Assange, the WikiLeaks publisher will continue to endure the ordeal of cold prison facilities while being menaced by a COVID-19 outbreak. From November 18, Assange, along with inmates in House Block 1 at Belmarsh prison in south-east London, were placed in lockdown conditions. The measure was imposed after three COVID-19 cases were discovered.

        The response was even more draconian than usual. Exercise was halted; showers prohibited. Meals were to be provided directly to the prisoner’s cell. Prison officials described the approach as a safety precaution. “We’ve introduced further safety measures following a number of positive cases,” stated a Prison Service spokesperson.

      • UN torture envoy calls for immediate release of Julian Assange on 10th anniversary of arrest: ‘He’s not a criminal and poses no threat to anyone’

        The rights of Wikileaks’ founder Julian Assange have been “severely violated” for more than a decade, according to the UN’s top envoy on torture, and the British government should release him from detention immediately.

        Nils Melzer, the UN Special Rapporteur on torture, said Mr Assange had been convicted of no crime, and yet as he awaited for a court to decide whether to extradite him to the US to face espionage charges, he was at threat of contracting Covid-19.

        Mr Melzer repeated his assertion Mr Assange’s treatment amounted to torture, and called for the British authorities to either release him or put him under guarded house arrest.

      • Independent UN expert calls for Julian Assange’s release, cites prison’s COVID outbreak

        “Mr. Assange is not a criminal convict and poses no threat to anyone, so his prolonged solitary confinement in a high security prison is neither necessary nor proportionate and clearly lacks any legal basis”, said Nils Melzer, UN Special Rapporteur on torture.

        The WikiLeaks founder has been detained since 2010 after his site published classified diplomatic information. A decision on extradition to the US is expected early in the new year.

      • China Authorities Detain Bloomberg News Beijing Staff Member

        Chinese authorities have detained Haze Fan, who works for the Bloomberg News bureau in Beijing, on suspicion of endangering national security.

        Fan was last in contact with one of her editors around 11:30 a.m. local time on Monday. Shortly after, she was seen being escorted from her apartment building by plain clothes security officials.

      • Elderly Iranian Journalist Begins Prison Term Over Protest Coverage

        The Committee to Protect Journalists (CPJ) is urging Iran to cease jailing members of the press for their work after a 72-year-old journalist began a three-year prison sentence over his coverage of protests last year.

      • CPJ calls on North Carolina county to grant court access, drop charges against journalist

        Visiting district court Judge Fred Wilkins has twice refused to allow the media to be present for Alamance County court hearings over which he presided, according to the Alamance News.

        According to an Alamance County administrative order from October 12, witnesses and observers are allowed to be present at trials, and, in cases where social distancing to prevent virus transmission is not possible, the court should offer video or a livestream of the proceedings.

        Separately, the county district attorney charged Murawski, a reporter for the Alamance News, with resisting a public officer following his October 31 arrest while reporting on a social justice demonstration in Graham, North Carolina. This class 2 misdemeanor carries a maximum penalty of 60 days in jail and a fine up to $1,000, according to North Carolina law.

    • Civil Rights/Policing

      • Human Rights Day
      • We Want a More Democratic University—Until Then, We Won’t Pay

        In an unprecedented mass action organized by the Columbia-Barnard Young Democratic Socialists of America, more than 2,500 students across Columbia institutions have committed to withholding their tuition if Columbia continues to ignore our demands, which advocate that students should be included in decisions over the university’s allocation of resources—not just as an educational institution, but as an employer and an international investor.

      • The Vanishing Queer Underground of Los Angeles

        Before the Covid-19 pandemic forced it to be temporarily shuttered, La Plaza was one of the oldest running gay bars in Los Angeles. A fixture in the city for over four decades and serving a mainly Latino clientele, the club was a favorite of the late queer theorist José Esteban Muñoz, who described it in his book Cruising Utopia as having a “kind of gay Mexican cowhands feel.” When he visited, Muñoz took in the spirited, folksy drag shows that were staged at the bar. The Spanish-speaking performers, running through lip-synched routines of Latin anthems and English-language pop songs, helped transform the dingy space. Their songs and the bar conjured stories of “migratory crossings, both legal and illegal,” where the sea of bodies onstage and in the audience, so often in the process of flux, finally seemed on the cusp of belonging.

    • Internet Policy/Net Neutrality

      • Deep Dive Shows FCC's Covid Response Was Largely Theatrical Nonsense

        Back in March, the Trump FCC put on a big show about a new "Keep America Connected Pledge" to help broadband users during COVID. In it, the FCC proudly proclaimed that it had gotten hundreds of ISPs to suspend usage caps and late fees, and agree to not disconnect users who couldn't pay for essential broadband service during a pandemic. The problem: the 60 day pledge was entirely voluntary, temporary, and because the FCC just got done obliterating its consumer protection authority over ISPs at lobbyist behest (as part of its net neutrality repeal), was impossible to actually enforce. It was regulatory theater.

      • Stupid Cable TV Retrans Feuds And Blackouts Make Their Way To Streaming TV

        For the last decade or so, U.S. cable TV customers have been plagued by a steady parade of content blackouts as cable providers and broadcasters bicker over new programming contracts. For the end user, so-called "retransmission feuds" usually go something like this: a broadcaster demands a cable company pay significantly more money to carry the same content. The pay TV provider balks, and one side or the other blacks out the aforementioned content. Consumers spend a few months paying for content they can't access, while the two sides bitch at each other and try to leverage consumer anger against the other guy.

    • Monopolies

      • Facebook sued by the US FTC, might be forced to sell Instagram and WhatsApp

        The antitrust lawsuits say Facebook “used its monopoly power to snuff out competition at the expense of everyday users”. Letitia James, the New York Attorney-General, said “it is critically important to block this predatory acquisition of companies” and that confidence in the market should be restored.

        In order for Facebook to break its monopoly, it might have to part ways with its two most prized possessions - photo-oriented social media platform Instagram and messaging service WhatsApp. The former was purchased in 2012 for $1 billion, while the latter followed suit in 2014 for the mindblowing-at-the-time price of $19 billion.

      • Copyrights

        • Movie Pirate Has US$15m in Crypto Seized By New Zealand Authorities

          Following an investigation that began in 2016 at the behest of US authorities, New Zealand's High Court has now ordered the seizure of cash and more than US$21m in cryptocurrencies from a man who helped to develop a movie piracy site. The funds were restrained back in 2019 and in the meantime have gained significant value.

        • New U.S. Streaming Piracy Bill Focuses on Commercial Services

          Senator Thom Tillis has announced a new bill that will criminalize streaming piracy. Unlike similar legislation that was proposed in the past, the new ‘‘Protecting Lawful Streaming Act of 2020’’ specifically focuses on commercial pirate platforms. While this is less broad than the SOPA and PIPA plans, critique remains, especially because the amendment will be added to the Government's must-pass spending bill.

        • Disney plans to match Netflix in its spending on streaming

          In a presentation to investors on December 10th Disney dispelled those doubts once and for all. It announced a content binge designed to put it on a par with Netflix—and to shift the company’s focus sharply towards streaming. This was just what the presentation’s audience of market analysts wanted to see. Disney’s share price leapt by almost 14% the next day, reaching an all-time high and adding $38bn to the company’s stockmarket value (see chart).



Recent Techrights' Posts

More Information About Public Talks That Richard Stallman Gave This Week in Europe
Two talks in Switzerland
SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
More people realise that social control media may in fact be a passing fad
 
Links 29/03/2024: Fentanylware (TikTok) Fines and UK High Court Makes It Seem OK to Assassinate People Wrongly (Falsely) Associated With "Russia"
Links for the day
Garden Season Starts Today
Outdoor time, officially...
Engadget is Still a Spamfarm, It's Just an Amazon Catalogue (SPAM/SEO), a Sea of Junk Disguised as "Articles" With Few 'Fillers' (Real Articles) in Between
Engadget writes for bots now, not for humans
Richard Stallman's Talks in Switzerland This Week
We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 28, 2024
IRC logs for Thursday, March 28, 2024
[Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
Seems more like union-busting (divide and rule)
Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
Total Cost of Ownership (TCO) is vast
Giving back to the community
Reprinted with permission from Daniel Pocock
Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries