Google rolled out the new Terminal 2.0 for Crostini Linux back in late July and with it came some much-needed UI improvements to make the Chrome OS developer environment a little more user-friendly. With the update, users can now customize the terminal as well as open multiple terminal instances in a single window. Most of it is simply for show and has little to do with the functionality of the Terminal app but you can access and customize keyboard shortcuts to curate your personal workflow.
With Kubernetes 1.20, infrastructure teams who manage large scale Kubernetes clusters, are seeing the graduation of two exciting and long awaited features...
[...]
Many of the features related to fundamental device support (device discovery, plugin, and monitoring) are reaching a strong level of stability. Kubernetes users should see these features as stepping stones to enable more complex use cases (networking, scheduling, storage, etc.)!
One such example is Non Uniform Memory Access (NUMA) placement where, when selecting a device, an application typically wants to ensure that data transfer between CPU Memory and Device Memory is as fast as possible. In some cases, incorrect NUMA placement can nullify the benefit of offloading compute to an external device.
If these are topics of interest to you, consider joining the Kubernetes Node Special Insterest Group (SIG) for all topics related to the Kubernetes node, the COD (container orchestrated device) workgroup for topics related to runtimes, or the resource management forum for topics related to resource management!
In the previous post I went over the reasons for switching to my own hardware and what hardware I ended up selecting for the job.
Now it’s time to look at how I intend to achieve the high availability goals of this setup. Effectively limiting the number of single point of failure as much as possible.
[...]
On the compute side, I’m obviously going to be using LXD with the majority of services running in containers and with a few more running in virtual machines.
Stateless services that I want to always be running no matter what happens will be using anycast as shown above. This also applies to critical internal services as is the case above with my internal DNS resolvers (unbound).
Other services may still run two or more instances and be placed behind a load balancing proxy (HAProxy) to spread the load as needed and handle failures.
Lastly even services that will only be run by a single instance will still benefit from the highly available environment. All their data will be stored on Ceph, meaning that in the event of a server maintenance or failure, it’s a simple matter of running lxc move to relocate them to any of the others and bring them back online. When planned ahead of time, this is service downtime of less than 5s or so.
The pioneer of selling tiny bare-metal computers as a service expects more growth, fueled by the rise of Arm servers.
Today we are looking at LinuxMint 20.1 Beta, the XFCE Edtion It comes with Linux Kernel 5.8 (upgradeable to 5.8), XFCE 4.14, and uses about 600MB of ram when idling. Enjoy!
In this video, we are looking at Linux Mint 20.1 Beta XFCE Edition.
David A. Wheeler, Ph.D., a frequent guest of the show, is now the Director of Open Source Supply Chain Security at the Linux Foundation. Doc Searls and Simon Phipps talk to David about that and many related efforts he's involved with at the Linux Foundation, including the Open Source Security Foundation (OpenSSF), LF Energy, LF Public Health, and the CII Best Practices badge project. That's in addition to his work teaching development of secure open-source software, a study he co-authored with Harvard on OSS contributors, and both enduring and rapidly changing approaches to software development education in a time twisted by a global pandemic.
I'm taking a quick first look at a Linux distribution that I haven't tried before. That distribution is NuTyX. It's country of origin is Switzerland, and the distro is based on Linux From Scratch. It has its own package manager called "cards". It also uses BusyBox.
I don't know why this keeps being news, the Linux Foundation doesn't care about desktop linux this should be evident from who funds the organisation and who is on the board of directors but every year it comes out that the Linux Foundation has made their report on Mac OS surprising more people than it should
On December 8th, OpenSSL revealed vulnerability CVE-2020-1971, which can cause a denial of service attack on unpatched web servers. Although not a data-leakage bug, this vulnerability could bring down an application via a malicious certificate, so it's important to understand the basics of it and why patching it is important.
Josh and Kurt talk about vulnerability response. What is it, what does it mean, how does it work
selling stuff, linux phones, service now, network improvements, ps5
First up, in our Wanderings, Joe preps for 3D work and does some Audio editing, Tony gets older and has a new toy to play with, Bo has been educating himself, Moss destroys his wife’s computer by accident, and Josh was a little late.
Then in the news, We have the latest Mint newsletter, Cinnamon 4.8 arrives, Elementary OS goes Pi, and much more
In security, we shed some light on Oblivious DNS over HTTPS
Mike recalls how he accidentally converted his development shop into a Python house, and Chris experiments with his Minium Viable Robe.
The input subsystem changes for the Linux 5.11 kernel have now been submitted and merged. Along related lines, the HID subsystem changes were also submitted with notable updates as well.
On the input side with Linux 5.11 a new feature is the "inhibited" feature to temporarily disregard input from select devices. The use-case for this inhibited input device support is for devices like 2-in-1 laptops where the laptop may be folded underneath the device at times and during that period no input events should reach user-space as it would amount to accidental input. With today's devices there are also other similar setups where at times you may want to avoid any input events from a given device or to prevent it from potentially waking the system. This inhibited input support was spearheaded by Google's Chrome OS engineers.
The previously reported on work for frequency invariance calculations for AMD CPUs with a focus on the AMD EPYC 7002 series has been merged for Linux 5.11 as part of the "sched/core" material.
Following all of the Intel Linux kernel work in recent months around frequency invariance handling for more accurate load tracking and making more accurate frequency scaling decisions, the initial AMD implementation is here with Linux 5.11 as part of the core scheduler updates. In basic terms, the frequency invariance calculation is for addressing the issue of tasks appearing larger if the CPU is running slower so the frequency invariance takes into account the current frequency relative to the maximum possible frequency.
Ever since the stable-update process was created, there have been questions about which patches are suitable for inclusion in those updates; usually, these discussions are driven by people who think that the criteria should be more restrictive. A regression in the XFS filesystem that found its way into the 5.9.9 stable update briefly rekindled this discussion. In one sense, there was little new ground covered in this iteration, but there was an interesting point raised about the relationship between stable updates and the mainline kernel -rc releases. In the beginning, stable updates were restricted to critical fixes only, but the rules were relaxed over time. The patches merged for stable updates now are often automatically selected using a machine-learning system; others are picked because they look like they fix something somewhere. The result has been a massive increase in the number of patches going into the stable updates; the 5.9.x series has had over 1,900 patches applied through 5.9.11, while the delta between 4.9 and 4.9.246 is well over 18,000 patches.
Incorporating all those patches undoubtedly has the effect of increasing the number of useful fixes in the stable releases, which is a good thing. But it also increases the chances of merging bad patches that provide users with something other than the problem-free experience they were looking for.
For example, this XFS "fix" was posted to the linux-xfs list on November 9; it was reviewed, applied, and eventually pushed to the mainline four days later, where it appeared in the 5.10-rc4 release. On the 17th, Greg Kroah-Hartman included this patch in the 5.9.9 review cycle, along with 254 other fixes. No objections were raised, and the patch was part of the 5.9.9 release on the 19th, ten days after it was originally posted.
One of the kernel's primary jobs is to manage the memory installed in the system. Over the years, though, there have been various reasons for removing a portion of the system's memory from the kernel's view. One of the latest can be seen in a mechanism called DMEMFS, which is being proposed as a way to get around some inefficiency in how the kernel keeps track of RAM. In the early years, the motivation for hiding memory from the kernel was to avoid the problems caused by fragmentation. Allocating large contiguous areas tended to be nearly impossible after a system had been running for some time, creating problems for hardware that absolutely could not function without such areas. Once upon a time, an out-of-tree patch called "bigphysarea" was often used to reserve a range of memory for such allocations; since the kernel did not get its hands on this memory directly, it could not fragment it. LWN first captured a bigphysarea announcement in 1999, but the patch had been around for some time by then.
In the relatively recent past (2010), the contiguous memory allocator (CMA) patches provided a similar functionality using the same technique. Since then, though, the problem of allocating large contiguous areas has gotten much smaller. The kernel's own defragmentation mechanisms have improved considerably, and simply having more memory around also helps. CMA now relies on compaction and no longer uses a carved-out memory region.
DMEMFS has a different motivation. The kernel tracks memory via a data structure called the "memory map", which is essentially an array of page structures. A great deal of information is packed into this structure to tell the kernel how each page is used, track its position on various lists, connect it to its backing store, and more. Much effort has been expended over the years to keep struct page as small as possible, but it still occupies 64 bytes on 64-bit systems.
The news for processors and system-on-chip (SoC) products these days is all about 64-bit cores powering the latest computers and smartphones, so it's easy to be misled into thinking that all 32-bit technology is obsolete. That quickly leads to the idea of removing support for 32-bit hardware, which would clearly make life easier for kernel developers in a number of ways. At the same time, a majority of embedded systems shipped today do use 32-bit processors, so a valid question is if this will ever change, or if 32-bit will continue to be the best choice for devices that do not require significant resources.
To find an answer, it is worth taking a look at different types of systems supported in Linux today, how they have evolved over time with the introduction of 64-bit processors, why they remain popular, and what challenges these face today and in the future.
The introduction of 64-bit hardware increased the need to handle larger address spaces.
Hi list,
I'd like to announce mesa 20.3.1, which is now available for download. We've got lots of good stuff here; iris, panfrost, aco, radeonsi, nir, softpipe, zink, core gallium, st/mesa, turnip, android, meson, and plenty of radv fixes.
Cheers, Dylan
Mesa 20.3 shipped earlier this month while those waiting for the first point release to upgrade to this quarterly series can now safely make the shift as Mesa 20.3.1 was released today.
Mesa 20.3.1 was released today with a wide assortment of fixes throughout this collection of predominantly OpenGL and Vulkan drivers. The RADV Radeon Vulkan driver stands out with having a number of fixes -- there are some Next-Gen Geometry (NGG) fixes as well as for now marking GFX10.3 / RDNA2 as a non-conformant Vulkan implementation since it hasn't officially passed the Vulkan CTS yet. Plus there are other RADV fixes as well as for the ACO compiler back-end.
This is the journey of how zink-wip went from 0 fps in RPCS3 to a bit more than that. Quite a bit more, in fact, if you’re using RADV.
As all new app tests begin, this one started with firing up the app. Since there’s no homebrew games available (that I could find), I decided to pick something that I owned and was familiar with. Namely a demo of Bioshock.
In addition to the NVIDIA 460 series Linux beta driver being released this week, CUDA 11.2 has also made its debut for Windows and Linux.
In this tutorial, we will show you how to install Spotify on Linux Mint 20. For those of you who didn’t know, Spotify is a digital music streaming service that gives you instant access to millions of songs, from old classics to the latest hits. You can stream everything, upgrade and sync tracks and playlists offline, or purchase individual tracks to keep forever.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of Spotify music streaming on a Linux Mint 20 (Ulyana).
When spending most of your day around bash shell, it is not uncommon to waste time typing the same commands over and over again. This is pretty close to the definition of insanity.
Luckily, bash gives us several ways to avoid repetition and increase productivity.
Today, we will explore the tools we can leverage to optimize what I love to call “shell time”.
IPv6 (Internet Protocol Version 6) is an internet protocol that routes traffic and provides an identification and location system for computers on networks. It has long been touted that IPv6 will replace IPv4, but we are not there yet. Disabling IPv6 on your system is actually quite straightforward.
Nmap is a powerful network scanning tool for security audits and penetration testing. It is one of the essential tools used by network administrators to troubleshooting network connectivity issues and port scanning .
Nmap can also detect the Mac address, OS type , service version, and much more. This article explains the basics of how to use the nmap command to perform various network tasks.
Today we are looking at how to install Audacity 2.4.2 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
Recently, Linus Torvalds has released the long term supported version of Linux Kernel i.e 5.10. In this version, the set_fs () mechanism is set to be removed, however, not for all but at least on some CPU architectures will. The current Linux kernel 5.10 supports the ARM Memory Tagging Extensions (MTE).
The kernel also supports the start of RISC-V systems with EFI for the first time. AMD’s encryption for virtualization (SEV) now also supports the encryption of processor registers of guest systems.
There is an inefficient way to mount external storage (local or remote). An hard to die habit: fstab. Let’s try autofs.
Kali Linux which is one of the popular distros for hacking and penetration testing doesn’t come with office software out of the box. Thus, we can install LibreOffice on Kali using just one command on the terminal, if you want.
LibreOffice is another widely used free and open-source office after Apache OpenOffice. It is one of the best alternatives to the Microsoft office program in the free category. It comes with all modules we need to perform document-related tasks. From word processing to spreadsheets and the development of presentations, all areas are covered.
While reviewing the comments on the Ironic spec, for Secure RBAC. I had to ask myself if the “project” construct makes sense for Ironic. I still think it does, but I’ll write this down to see if I can clarify it for me, and maybe for you, too.
Baremetal servers change. The whole point of Ironic is to control the change of Baremetal servers from inanimate pieces of metal to “really useful engines.” This needs to happen in a controlled and unsurprising way.
Ironic the server does what it is told. If a new piece of metal starts sending out DHCP requests, Ironic is going to PXE boot it. This is the start of this new piece of metals journey of self discovery. At least as far as Ironic is concerned.
But really, someone had to rack and wire said piece of metal. Likely the person that did this is not the person that is going to run workloads on it in the end. They might not even work for the same company; they might be a delivery person from Dell or Supermicro. So, once they are done with it, they don’t own it any more.
When I tried running SweetHome3D, I got two different problems depending on which of the scripts I tried. I eventually was able to get ./SweetHome3D-Java3D-1_5_2 to run.
After releasing for itch.io first Pixross, the nonogram puzzle game from Kenney, has now hopped on over to Steam and it also had a sweet upgrade for both stores.
"Pixross is a picture logic puzzle game featuring 150+ unique puzzles, customization and extra challenges for each puzzle. Unlock new puzzle packs or customization options by completing puzzles!"
The GTK development team has just announced GTK 4.0; The latest stable version of the popular graphical user interfaces development toolkit. After 4 years of continuous work, the GTK 4.0 series brings tremendous changes over the GTK 3.X branch.
You can read more about these changes in details from the official GTK blog post, which we’ll not copy here since you’d need to see the detailed videos and screenshots by yourself.
However, there are some interesting remarks about GTK 4.0
GTK 4 has been a colossal, multi-year development endeavor that started in October 2016 and ended in December 2020. Now that the 4.0 release is finally out, it’s time to look back to the incredible amount of work done by hundreds of contributors over these four years.
Back in 2016 we were definitely a bit optimistic on the time table, and thought we would be able to release 4.0 in three years, by the end of 2019. The plan was to start by changing the rendering pipeline of GTK, by moving it to a retained graph of operations that could be submitted to the GPU, as opposed to the immediate mode rendering that we had since the very beginning of the toolkit, and which survived two major API cycles—first by abstracting Xlib drawing commands, and then by moving to Cairo operations. Of course, we also knew we wanted to improve other sub-systems, like input and the windowing system API, to move away from X11-isms and towards a design more in line with the requirements of Wayland (and other windowing systems). What we got, after all was said and done, is a deep redesign of the internals of the toolkit, as well as a different programming model that favors more delegation through ancillary objects, and fewer leaky abstractions and deep type hierarchies; additionally, we pared down the exposed internals, to ensure that the toolkit, and the applications using it, will be more maintainable in the future. The downside is that GTK is less of a “meta toolkit”, whose internal state can be poked at from the outside while expecting to work across multiple releases; that approach was, in the long term, unsustainable given the available resources, and left us unable to optimise or improve the internals of GTK, to the detriment of every user.
Fedora has long had Workstation and Server editions and, back in August, added an edition for Internet of Things (IoT) devices. Those editions target different use cases for the distribution, as does the CoreOS "spin" (or "emerging edition"), which targets cloud and Kubernetes deployments. A proposal to elevate Fedora CoreOS to a full edition as part of Fedora 34 was recently discussed on the Fedora devel mailing list. As part of that, what it means for a distribution to be part of Fedora was discussed as well.
I just moved all my web sites to a new server.
If you read this entry, this means DNS have done their work, and you are connected to this new server.
Sigil is a ePub editor for Linux and omes with powerful features like UTF-16, EPUB 2 spec, and limited EPUB 3 support. The complete control over directly editing EPUB syntax in Code View and Table of Contents generator with multi-level heading support and metadata editor.
In this post we'll look at why you should care about network hardware offloading. It is more than networking speeds and bottlenecks.
Great news: you’ve just written your first messaging application with IBM MQ. Your messaging application is well encapsulated, you’ve followed reactive principles, and you’re ready to deploy it to your cloud service. Your code is elegant – it takes a message from a queue, performs a task, and then moves on to the next one. Your application will doubtlessly be efficient and consume tiny amounts of compute resource in CPU and memory.
As your app runs natively in the cloud, you can expect container orchestration to provide a basic autoscaling mechanism for free. If the container starts to get busy, then Kubernetes will step in to provision more instances of the app. However, in this scenario, we have a different problem: While the system is busy and the app is working as hard as it can, the CPU and memory consumption is low so the autoscaler won’t detect that messages are backing up on a queue. In turn, this can result in a noticeable delay in response times as the increased load is not recognized or in the worst case a full queue that is no longer capable of receiving new messages.
We published the last UCS major release (UCS 4.0) in 2016. With UCS 5.0, we have now decided to go for an extensive update of the technical base and design of UCS. The first beta version of UCS 5.0, which has now been released, provides an initial preview of these updates. While testers are invited to try it, app vendors are offered a possibility to port and adapt their software. The beta version gives a glimpse of the new UI design and already provides some of the planned functions. However, this preview is not intended for productive use.
The latest release of Ubuntu Touch for smartphones and tablets is starting to roll out and for the most part this release focuses on stability, bug fixes, and adding support for more devices. But Ubuntu Touch OTA-15 also paves the way for the next few releases, which will bring much bigger changes.
Probably the most interesting things about Ubuntu Touch OTA-15 are that it brings improved support for the Volla Phone and other devices designed to ship with Android 9, and adds support for a few new devices including the Google Pixel 3a and F(x)tec Pro 1 and Pro 1 X.
[...]
According to the OTA-15 release notes, the latest stable channel build of Ubuntu Touch now supports smooth audio playback on the Volla Phone, allows pictures taken with the phone’s camera to be rotated correctly, and there are some cellular improvements as well. These changes should hopefully apply to other Android 9 devices as well.
The Linux Mint project has just released the beta for Linux Mint 20.1. The new beta is available in the Cinnamon, MATE, and Xfce flavours of Linux Mint and aside from desktop improvements, share the same set of new features.
Neowin has covered some of Linux Mint’s development updates in recent months and the work that went in then has landed in a more mature form in this beta. Highlights include a new Web Apps tool that lets you turn your favourite sites into web apps accessible from the app menu and IPTV program called Hypnotix has been created and items can be marked as favourites in the file manager on Cinnamon.
Another change in Linux Mint 20.1, which has been known for quite a while now, is the inclusion of Chromium in the repositories. Chromium had previously been removed from the Linux Mint repositories because the maintainers didn’t like that it had Snap dependencies. The Chromium that is now included is compiled directly by the Mint team and updates will be released in a timely manner.
Raspberry Pi computers have always been used in a huge variety of settings, since the combination of low cost, high performance, and ease of use make it an ideal device for almost any application. We’ve seen a large proportion of sales go into the industrial market – businesses using Raspberry Pi, rather than educational settings or individual consumers. Today we’re announcing new support for this group of customers: a dedicated area of our website for industry, and our Raspberry Pi Approved Design Partners programme, connecting businesses that want to integrate Raspberry Pi into their products with hand-picked design partners who can help.
The “VIA Mobile360 L900 In-Vehicle System” runs Linux on a Jetson TX2 and offers 2x SATA, 2x M.2, 2x USB, WiFi/BT, GPS, GbE, HDMI, CAN, and 9x FAKRA camera connectors.
VIA Technologies has launched another Mobile360 in-vehicle system for ADAS (Advanced Driver Assistance Systems). The rugged VIA Mobile360 L900 In-Vehicle System runs Linux 4.9 on Nvidia’s Jetson TX2 module.
The Mobile360 L900 follows VIA’s VIA Mobile360 M810, which offers Linux on a Snapdragon 820E. Other more specialized Mobile360 systems include the VIA Mobile360 D700 Drive Recorder, which runs Linux on a dual-core A53 Novatek NT96685T and the VIA Mobile360 Surround View Sample Kit, which mates Android with an unnamed octa-core SoC.
Approximately 18 months ago, Mark Howe embarked on a journey to build an animatronic launchpad and gantry for a LEGO Saturn V model rocket. After approximately 1,000 hours of CAD work, hundreds of hours of 3D printing, and a major redesign, he’s created a truly impressive setup that resembles one of NASA’s.
Howe’s rocket and structure stand several feet tall, with a crane, sway bar, crew walkway, gantry arms, and service arms that move out of the way using servos. Everything is controlled by Arduino Uno, along with an MP3 shield to play the Apollo 11 countdown audio.
Firefox 84 arrived on Tuesday with the WebRender feature enabled by default for some Linux systems using X11 and the GNOME desktop environment, as well as the ability to allocate shared memory on Linux systems for improved performance and increased compatibility with Docker.
Firefox 84 is also the last version of the popular web browser to support the Adobe Flash Player plugin, which will no longer be supported by Adobe after January 12th, 2021. Therefore, Firefox 85 will be the first release of Mozilla’s web browser to no longer support Adobe Flash Player, which will improve performance and security.
The 2020 MDN Web Developer Needs Assessment (DNA) report is now available! This post takes you through what we’ve accomplished in 2020 based on the findings in the inaugural report, key takeaways of the 2020 survey, and what our next steps are as a result.
[...]
We are aiming to follow up on key findings with further research in the next few months. This will involve picking some key areas to focus on, and then performing user interviews and further analysis to allow us to drill down into key areas of frustration to see what the way forward is to mitigating them.
Christian Grigis, Fynn Godau, Marcus Hoffmann and Marvin Wißfeld achieved what official bodies have been missing for months: They have made available the German "Corona Warn App" (CWA) for tracing Covid-19 risk contacts in a version that is completely free of dependencies on Google and is available in F-Droid, the Free Software app store.
Initial release of the CWA was in June and the FSFE's demand that any Corona tracking app must be used voluntarily and be Free Software has been followed. However, the implemented exchange of device keys via Bluetooth, on the basis of which the risk is calculated, is handled by an underlying interface called Exposure Notifications API, which was, significantly, developed by Apple and Google and was largely proprietary. One also had to use proprietary Google Play Services or the iTunes store to install it.
December 4th was the Free Software Foundation (FSF) and its Defective by Design (DBD) campaign's fourteenth International Day Against DRM (IDAD), and we couldn't have done it without your help. Given that we were unable to organize in person this year, the international response of people who digitally stood up against Digital Restrictions Management has been nothing short of inspiring. We were able to come together for a common goal and voice our opposition against DRM.
Being the International Day Against DRM, it wouldn't be complete without a bit of action. Thanks to the help of our supporters, we were able to send Netflix a strong message about its use of DRM. Given its tremendous resources and influence, Netflix has the opportunity to pave the way and be the first major and globally used DRM-free streaming service. As it currently stands, however, it falls into the trap of restricting what users can and cannot do with their media under the guise of "copyright infringement," something DRM does nothing to combat (and even if it did, would only do so at an unacceptable cost to your freedom). As December 4th also marked the start of Netflix's "StreamFest" promotion in some countries, we wanted to be there to tell it that no use of DRM is acceptable. Together, we were able to make our voices heard. And we're pretty sure they heard us, based on reports of them taking the main phone number we pointed the DRM Elimination crew to offline.
This time of year, a lot of people are thinking of buying gadgets and phones as gifts. But there are a lot of tech companies that have unethical practices, from terrible working conditions in their factories to spying on their users. Here are some buying guides to help you find gadgets that are fun – and not creepy.
The Free Software Foundation’s Ethical Tech Giving Guide is a fantastic resource from what’s probably the pickiest organization out there when it comes to tech. Not only do they highlight good devices, they also explain why and why you should, for instance, avoid the iPhone (their history of silencing political activists and spying on users).
The FSF also has a Guide to DRM-Free Living talks about books, video, audio, and software that respects your freedom by letting you make your own backups, move it to other devices, and continue to use your purchases even if you have no Internet or the company you bought them from goes bankrupt. This is a fantastic and HUGE resource; there are hundreds of organizations out there that provide content in a way that respects your rights — and many of them do it for free, legally, as well.
Typically you test your programs on glibc systems. Gnulib helps you to have the same program compile and work fine on other platforms, such as musl libc systems, macOS, FreeBSD, NetBSD, OpenBSD, AIX, Solaris, Cygwin, mingw, MSVC, Haiku, and even Minix and Android.
To do so, Gnulib implements many functions specified by POSIX or found in glibc if the platforms lacks them, and adds workarounds for bugs in the platform implementations. These substitutes are now (since 2019, actually) available also to C++ programs, if your program accesses these functions directly.
It was not easy… we’re so used to celebrate the GNU Health Conference (GHCon) and the International Workshop on eHealth in Emerging Economies (IWEEE) in a physical location, that changing to a virtual conference was challenging. At the end of the day, we are about Social Medicine, and social interaction is a key part of it.
The pandemic has changed many things, including the way we interact. So we decided to work on a Big Blue Button instance, and switch to virtual hugs for this year. Surprisingly, it work out very well. We had colleagues from Gabon, Brazil, Japan, Austria, United States, Argentina, Spain, Germany, Chile, Belgium, Jamaica, England, Greece and Switzerland. We didn’t have any serious issues with the connectivity, and all the live presentations went fine. Time zone difference among countries was a bit challenging, specially to our friends from Asia, but they made it!
The GNU Health project believes in coding standards, specially in those that can be widely used. In 2011, the United Nations University (UNU) adopted the GNU Health Hospital Management Information System (HMIS) component, in part because of its strong focus in social medicine and environmental health, but also because it complied with most of the World Health Organization standards.
Using WHO standards is key for global health. The GNU Health federation provides timely and accurate health information to citizens and health professionals globally. We are able to generate this large, distributed networks of information thanks to protocols and standards, that permit the aggregation of data from thousands and even millions of nodes.
Observables and Ngrx are complex. As with any technology, it is very very easy to forget what you are trying to accomplish as you wade through the details.
Start and end by thinking "What do I want to accomplish".
These tools are capable of taking a very complex problem and simplifying it. That has been my experience.
But they are also capable of taking a simple situation and making it very complicated.
Start with defining the State. It is the data the view needs to render over time. How would you think about this problem.
Where is the data coming from? Usually an api.
What does the data look like from the api? Usually not what you need for the view, so the observable chain or the reducer functions would take this maybe complex tree and transform it into what your view needs.
Just another day before Christmas and one more great Raku Advent Calendar article: Day 14: Writing Faster Raku code, Part I.
I’ve lived within a few minutes of a time zone border for most of my life. The way we distinguished time wasn’t with the official monickers of “Eastern” and “Central” time. No, we used the much more folksy (and yet, also much cooler) terms “fast time” and “slow time”. Knowing which zone you were talking about was extremely important as many people like my mother lived in one zone and worked in the other.
When I started looking at implementing internationalized DateTime formatters in Raku using data from the Common Linguistic Data Repository (or CLDR), I came to a fairly surprisingly realization: Raku doesn’t understand timezones! Sure, DateTime objects have the .timezone method, but it’s just an alias for .offset to figure out the offset from GMT.
Having lived in countries that did daylight savings time at different times of the year, having family in places in my own zone that don’t observe daylight savings time, and knowing that there are weird places with thirty- and even forty-five-minute offsets from GMT, I knew time zones could be complicated.
It is a bit of a long story how I got burned by bad perl internal politics.
For many years I wanted images in Pod. And many others wanted too. And of course, each time I raised this in lists and on facebook, an answer was, if you want it, go and write it yourself. I would tell that myself, the classic "patches are welcome". Until one day I said, well, now, why actually not, right? Especially that I do have experience in creating and actively using images in pod using various hacks, such as direct inclusion of html with images, and even writing a standalone POD viewer capable of showing said images.
However as I'm in software development in so many years, I know that just writing whatever image extension I feel like won't get accepted: people won't necessarily agree on the new sytnax, on the way it is implemented, or even on the very fact that the extenision is needed, at all. So I started by carefully asking around these questions everyone on all perl groups I could reach, and even opened a ticket on github to discuss whether image extension for pod is a good and desired thing to do, and what syntax it should have.
[...]
However the next step came to be not quite what I expected. Or even worse, it _was_ what I expected, but worked some months in advance to prevent just that. Namely, there started to appear feedbacks that said that they don't want YAML. Well, after having come that far, some would consider it a bit too late probably. But okay, let's find out what the problem is, and let's fix it, and let's move on. But... no. I asked several times what seems to be the problem, and the gist of it seems to be that they just don't want it, without explanation. Just that. Worse, as I understand, this is core people. And so it has halted.
Boy, this was a disappointment. Did I not ask everyone, everyone I could reach, do you have any objection? Do you mind this? Do you mind that? What is, in your optinion the syntax should be? And only after lots of efforts, it ended like this. I'm angry, I'm frustrated, I don't have any stamina left to ask around again, especially the other side doesn't seem to be interested in dialogue. And why should I, really? When I started with perl in 1997, and went on YAPC conferences, there were so many possibilities to expand the language, and Larry Wall was blessing all kinds of crazy extensions (remember rewrite of perl on C++? that was blessed too). It's a pity that a culture once blossoming turned into this. Probably it needs to die so everyone would understand what was lost. I don't know. And I don't care now.
I spent quite a lot of time trying to work out what this error message meant:
Error: Unterminated '#if/#ifdef/#ifndef' in Libpng.xs, line 1328 The first problem here is that line 1328 is the end of the file, so that wasn't a big help.
After spending a lot of time counting #if and #endif statements in the file over and over again, in the end I had the bright idea of looking at the actual XS output, and managed to find the problem.
Following a certain unethical logic, it makes sense for an attacker to hit the weakest the hardest. Why bother with a reasonably secure firewall if the system behind it is missing important patches? Why try targeting the skilled IT staff - which will ignore the attempt at best, if not blocking your infrastructure for the entire network - if their stressful HR colleagues click on every link and open every document they see? As important as an IPFire's configuration is, this post focuses on the systems behind such a firewall, considering important aspects in terms of both security and privacy.
[...]
It may sound like an eternal mantra, but running closed-source software is a bad thing. While this does not necessarily make open-source software intrinsically secure or better in any terms whatsoever, examining, auditing or customising is easier by an order of magnitude.
In case the vendor does not ship a security update or does not provide you with an easy solution to turn off unwanted features such as telemetry, then, at least in theory, you have the opportunity to fix that on your own. On the other hand, the vendor's conflict of interest is obvious: People do not pay for security fixes, and in order to make revenue, discontinuing support for older products and making users buy the new ones is a common strategy.
The privacy side does not look better: German Federal Office for Information Security has been conducting a study on important aspects of Windows 10 in terms of security and digital sovereignty for years - it's abbreviation SiSyPHuS ("Studie zu Systemintegrität, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10", en: "Study on System Integrity, Logging, Hardening and Security relevant Functionality in Windows 10") speaks for itself. Recently having issues with their OCSP server, Apple was found to transmit information of executed applications in clear text every time they are executed, effectively leaking the user's activities and identity (i.e. IP address) to themselves, their CDN (Akamai), and everyone in between.
In terms of privacy, running those operating systems is not just bad, it's not an option anymore.
However, running an open-source operating system does not solve the cross-contamination discussed earlier. Running and maintaining a set of VMs just for doing different things is a lot of work both for using and configuring or patching them.
In the authors opinion, Qubes OS aims to provide a useful and holistic solution to this problem. Trying to separate its users digital life according to his or her analogue one, it makes running and switching between multiple electronic lifes suitable for everyday use.
Needless to say, this does not come for free - Qubes OS more demanding hardware requirements than common operating systems - and requires some time and effort for setup or customisation, and splitting up data into different VMs. Ultimately, the author believes it is worth the effort for both security and privacy.
There can be no doubt that general-purpose computing has been a boon to the world. The ability to run different kinds of programs, from various sources, including bought from companies, written from scratch, and, well, built from source, is something that we take for granted on many—most—of the computing devices that we own. But that model seems to be increasingly disappearing in many kinds of devices, including personal computers, as a recent kerfluffle in the Apple world helps to demonstrate.
In mid-November, macOS users suddenly started having difficulty launching applications on their systems. It was taking minutes to launch applications and the timing seemed suspiciously aligned with the release of macOS "Big Sur" on the same day. It turned out that Apple's Online Certificate Status Protocol (OCSP) servers were overwhelmed or otherwise non-functional, which led to the problems.
OCSP is used as part of the process of verifying notarized applications on macOS; those applications are signed by the developer's key. Apple signs the developer's public key, which is contained in a certificate similar to those used by TLS, but the system needs to check to ensure that the key has not been revoked. This check is performed at installation time and then each time the application is run.
Normally, if the OCSP servers are not available, because they are down or the system is not connected to the internet, the connection will fail, which is treated as a "soft failure" so the certificate is considered valid. That way, the applications open immediately. During the outage, though, the servers were up but not responding correctly, so the applications would not launch until the connection timed out. That raised the visibility of the OCSP checking, which had already been going on in macOS for some time.
The failure led to a rather over-the-top blog post by Jeffrey Paul that pointed out some major privacy flaws with OCSP, especially in relation to the checking that macOS Gatekeeper does to ensure that applications have valid signatures before running them. Every time an internet-connected macOS system starts an application, an OCSP query with a whole treasure trove of private information is sent to Apple. Obviously, the servers know what date and time the request was made and the IP address from which it was made; the latter greatly narrows down the geographic location of the system in question. There is also a hash sent for the certificate being queried, which Paul inaccurately called the "application hash". All of that gives Apple a bunch of data that folks may not really want to provide to the company, but the OCSP queries are made over unencrypted HTTP. So anyone able to see the traffic (e.g. ISPs, government spy agencies, WiFi hotspot providers) also gets a look at which applications the user is running, when they are running them, and where.
Part of the problem is that it has been maddeningly difficult to define not what patent eligibility is (you cannot go wrong with "anything under the sun made by man") but rather what it is not. In the high technology class of inventions, this has come down to deciding without defining what an abstract idea is and when its abstractness prevents patent eligibility; see, e.g., "Stupid ۤ101 Tricks"). (The other, related type of ineligible subject matter are business method patents, the exclusion of which is almost categorical (see "Bilski v. Kappos, Alice Corp. Pty. Ltd. v. CLS Bank Int'l"; "CyberSource Corp. v. Retail Decisions, Inc."); this has the benefit is requiring little interpretation and hence maximal certainty regarding what is ineligible.)
But the ineligibility of the latest iGadget, while sometimes tragic, is not as existentially problematic as the havoc that these precedents have wreaked on life sciences patenting. For both diagnostic methods and to a slightly lesser extent natural products, the philosophically lost proscriptions by the Court, bolstered by plain illogic in district court (see "Ariosa Diagnostics, Inc. v. Sequenom, Inc.") and Federal Circuit (see "Federal Circuit Denies Rehearing en banc in Ariosa v. Sequenom") decisions, has rendered pursuit of patent protection for these inventions to be relegated to the ranks of the foolhardy. The effect on investment and hence progress and innovation has been as expected; perhaps the only silver lining from the SARS-Cov-2 epidemic has been that in the frantic and desperate struggle for both diagnostics and vaccines the usual market forces have been collapsed by government investment (which is not usually a recipe for economic success).
