Bonum Certa Men Certa

Links 21/7/2021: WordPress 5.8, Wine 6.13, and VirtualBox 6.1.24



  • GNU/Linux

    • Desktop/Laptop

      • Microsoft has its own Linux distribution. [Ed: They are missing the point of it and overlooking the fact that Microsoft continues to attack Linux from a number of fronts]

        The days when Microsoft CEO, the shy and retiring Steve Ballmer, called Linux cancer on the software industry, are really dead and buried – Vole now has its own Linux distribution which it is even telling people about.

    • Audiocasts/Shows

      • The Killer Feature Of Tiling Window Managers Isn't Tiling

        I often get people telling me that they don't see the point of using a tiling window manager. I think part of the problem is the name "tiling window manager".

      • Using Linux at work - KDE Edition

        This is an update on the Linux at work series I started a while ago! At the time, I was using elementary OS on a Huawei matebook 13, to work as a Product Owner. Since then, remote work became a lot more prevalent, and I also changed distros, and laptops, so let's see how I'm making Linux and KDE work as my primary OS, on my laptop, and desktop!

    • Kernel Space

      • Linux 5.12 Kernel Reaches End of Life, Upgrade to Linux Kernel 5.13 Now

        Released about three months ago, Linux kernel 5.12 introduced lots of goodies, including support for Playstation 5 DualSense and Nintendo 64 game controllers, eMMC inline encryption support, support for the Lenovo IdeaPad platform profile and the Lenovo ThinkPad X1 Tablet Gen 2, as well as a new memory-debugging tool called KFENCE.

        It also introduced initial support for zoned block devices to the Btrfs file system, LTO in Clang support, AMDGPU Freesync HDMI support, and many other cool features, but it’s now marked as EOL (End of Life) on the kernel.org website, which means that it will no longer receive support upstream and that you must upgrade to a newer or LTS kernel as soon as possible.

      • Linux 5.13.4
        I'm announcing the release of the 5.13.4 kernel.
        
        

        All users of the 5.13 kernel series must upgrade.

        The updated 5.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

        thanks,

        greg k-h
      • Linux 5.12.19
      • Linux 5.10.52
      • Linux 5.4.134
      • Linux 4.19.198
      • Linux 4.14.240
      • Linux 4.9.276
      • Linux 4.4.276
      • Graphics Stack

        • AMD Posts Linux Graphics Driver Patches For "Cyan Skillfish"

          AMD posted a new patch series bringing up a new graphics processor, Cyan Skillfish.

          As usual, this is a Linux-focused codename for a yet-to-be-launched product with their naming convention of an X11 color name paired with a fish species.

          While yet to be launched, Cyan Skillfish isn't as exciting as some of the recent RDNA2 or CDNA GPUs. Cyan Skillfish is the support for a Navi (1x) graphics processor in a forthcoming APU.

        • Reverse-engineering the Mali G78

          After a month of reverse-engineering, we’re excited to release documentation on the Valhall instruction set, available as a PDF. The findings are summarized in an XML architecture description for machine consumption. In tandem with the documentation, we’ve developed a Valhall assembler and disassembler as a reverse-engineering aid.

          Valhall is the fourth Arm€® Mali™ architecture and the fifth Mali instruction set. It is implemented in the Arm€® Mali™-G78, the most recently released Mali hardware, and Valhall will continue to be implemented in Mali products yet to come.

        • Arm Mali "Valhall" Reverse-Engineering Started

          The Panfrost open-source Linux graphics driver stack has matured nicely for Arm Mali Midgard and Bifrost generations but for the past two years now there has been Valhall as the latest-generation Arm Mali microarchitecture. There is now work underway on reverse-engineering Valhall for ultimately wiring up with open-source graphics driver support.

          Panfrost lead developer Alyssa Rosenzweig commented today that reverse-engineering work has begun for Valhall with a focus on the Mali G78 in particular. This reverse engineering has been going on for just about one month but there is already some instruction set documentation made as well as an XML-based representation.

        • NVIDIA Brings Its RTX Tech To Linux On Arm

          When NVIDIA sets out to acquire a company, it doesn’t seem to waste any time to start producing custom product with the new IP access. After the company announced its plans to acquire Arm last fall, the company announced a full-fledged Arm-based supercomputer called Grace this past spring. Arm in the enterprise seemed likely, but did you expect to see the label “RTX” tied in with it, as well?

          At the ongoing Game Developers Conference, NVIDIA announced that it’s bringing RTX to Arm on Linux, which should result in a number of different types of devices adopting it. With the help of two tech demos, the company utilized MediaTek’s Kompanio 120 (eight-core with 1-3-4 config) and gave it a GeForce RTX 3060 to work with. With one demo, the fast-paced Wolfenstein: Youngblood was shown-off, utilizing both ray tracing and DLSS. You can check it running in real-time in the video below:

    • Applications

      • HandBrake 1.4.0

        HandBrake is an open-source, GPL-licensed, multiplatform, multithreaded video transcoder, available for MacOS X, Linux and Windows. Handbrake can process most common multimedia files and any DVD or BluRay sources that do not contain any kind of copy protection.

      • VirtualBox 6.1.24 Released with Support for Linux 5.13 and Ubuntu Specific Kernels

        VirtualBox 6.1.24 comes almost three months after version 6.1.22 to introduce support for the latest and greatest Linux 5.13 kernel series, for both hosts and guests. As you can imagine, this means that you can now run GNU/Linux distributions powered by Linux kernel 5.13 on virtual machines or install VirtualBox on a distro running Linux 5.13.

        For the first time, VirtualBox introduces support for kernels that are specific to a certain GNU/Linux distribution. In this release, there’s support for Ubuntu specific kernels, as well as kernels that are specific to the SUSE Linux Enterprise Server and Desktop (SLES/SLED) 15 SP3 (Service Pack 3) operating systems.

      • The best email client for Linux, Windows and macOS isn't Outlook

        I rely on email. In fact, it's my primary method of communication with the outside world. While most people are busy on Slack and other chat platforms, I still prefer email. Why? For one thing, I retain a digital trail of my communication. I can search through email threads to follow conversations with a single person (or multiple persons) with ease. Another reason is that I've been using email since the late '90s, so it's a very comfortable and familiar format.

        Does that mean I ignore chat and other types of communication platforms? Not at all. But for my primary method of communication with clients, editors and publishers, it's email all the way. It's easy, fast and always there. I don't have to worry about whether or not a recipient is online; they'll get the communication one way or another.

        But there is a slight problem. Which email client to use? There are quite a large number of apps available on every platform, and not every app is available for every operating system. You have Apple Mail for macOS, Outlook for Windows and macOS, Evolution for Linux, and a host of other possibilities. And for the longest time, everyone just assumed Microsoft Outlook was the single best email client on the planet.

        For anyone who's had to troubleshoot Outlook problems, you know just how bad that client can get when it's in a fussy mood. I've experienced Outlook problems so bad, the only way to solve the problem was a complete reinstall of the OS. Granted, that situation was not normal, but it is very indicative of what can go wrong with that particular email client. And although Apple Mail is a very good email application, its macOS-only limitation is problematic. I will go so far as to say if Apple Mail was available for Linux, macOS and Windows, it would probably wind up at the very top of this list.

    • Instructionals/Technical

      • How to Create Rust Virtual Environment Using Conda on Linux

        Conda is an open-source package management system and environment management system for installing multiple versions of software packages and their dependencies. It is mainly developed for Python and not tied to any specific programming language. Conda allows you to install many programming languages in multiple different environments.

        In this post, we will show you how to create Rust virtual environments using Conda in Linux.

      • How to Install the Latest HPLIP Driver in Ubuntu 20.04 [Fix Dependency Issue] | UbuntuHandbook



        Need the most recent HPLIP to get your HP printer or scanner working in Ubuntu? Here’s how to install guide as well as workaround to fix the python-pyqt5 dependency issue.

        HPLIP is an open-source Linux drivers for HP’s inkjet and laser printers. The project is initiated and led by HP Inc. While the package in Ubuntu repositories is always old, you can install the official binary to get new devices support.

        However, the most recent releases refuse to install in my Ubuntu 20.04 due to python-pyqt5 dependency issue. If you’re facing with the similar issue, then this tutorial may help!

      • Linux Essentials - Automatically mounting storage volumes with /etc/fstab

        In a previous video we went over the basics of storage, and in this episode of Linux Essentials, I'll show you how to automatically mount storage volumes when you boot your server.

      • Automatically bring up a SocketCAN interface on boot

        Working with Controller Area Network (CAN) on your Linux PC? Through the SocketCAN kernel modules, Linux supports CAN quite well. It can be a bit tricky though, to get your USB-to-CAN adapter configured and up-and-running. This tutorial not only explains how to bring up your SocketCAN network interface, it also shows you how to configure your Linux system to automatically bring up your SocketCAN network interface, each time you plug it in or boot up your Linux system.

      • How to Build a Package from Source in Linux - Make Tech Easier

        Besides its open-source nature, customizability is one of the other reasons many users love Linux: you can modify and configure almost every file to meet your specific needs and style. This includes the ability to rebuild a package from source.

        The ability to rebuild a package from the source can be beneficial to any Linux power user because it allows you to change packages, enable or disable a feature, or even apply custom modifications.

    • Wine or Emulation

      • Wine 6.13
        The Wine development release 6.13 is now available.
        
        

        What's new in this release (see below for details): - Proper scrollbar theming. - More work towards WinSock PE conversion. - Preparation work for the GDI syscall interface. - Some progress on the IPHLPAPI PE conversion. - Various bug fixes.

        The source is available from the following locations:

        https://dl.winehq.org/wine/source/6.x/wine-6.13.tar.xz http://mirrors.ibiblio.org/wine/source/6.x/wine-6.13.tar.xz

        Binary packages for various distributions will be available from:

        https://www.winehq.org/download

        You will find documentation on https://www.winehq.org/documentation

        You can also get the current source directly from the git repository. Check https://www.winehq.org/git for details.

        Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list.
      • Wine 6.13 Released With Proper Scrollbar Theming, More PE Conversion

        The Wine project usually puts out new open-source development releases reliably every other week, but as is sometimes the case during the summer months, last Friday's was missed due to summer holidays. That update -- Wine 6.13 -- has now shipped today.

        Alexandre Julliard just issued the belated Wine 6.13 release. Among the changes this time around are now having proper scrollbar theming for Windows applications running in Wine, preparation work for the GDI system call interface, and more PE conversion work. There still is work going on the WinSock portable executable conversion and now on the IPHLPAPI PE conversion too.

    • Games

      • Ubisoft are keeping an eye on the Steam Deck, will release on it if it's big enough

        Today during the Ubisoft conference call where they discussed first-quarter 2021-2022 sales, Steam Deck got mentioned.

        It's an interesting one, since Ubisoft has pretty much left Steam behind in favour of other stores like the Epic Games Store. The Epic store doesn't support Linux, and Epic currently have no intention to do so. So unless people are expected to manually load up Windows to replace SteamOS, companies like Ubisoft would need to bring their games back to Steam to give users a good experience.

        During the conference call that we listened to today, a question was asked about the Steam Deck from one investor.

      • Space station building and management sim Starmancer confirmed for GOG

        The release of the fantastic space station building and management game Starmancer is getting ever closer, and now a GOG released has been confirmed today. It's been a while since the Kickstarter in 2018, which showed a hugely promising idea.

        Starmancer follows long after some sort of catastrophe on Earth with the remains of humanity having their brains uploaded into special memory banks. You're responsible for building up a sustainable station to enable supporting human life, which you end up growing in special pods to have a consciousness downloaded into.

        "Starmancer offers gameplay with consequences, a living sandbox environment, crafting, and managing the daily lives of colonists. Create a utopian society where everyone is well fed, happy, and safe. Or go rogue and figure out how many times a colonist can eat wheat before they go crazy. The choice is yours!"

      • DXVK-NVAPI 0.4 Released For Improving NVIDIA Integration Atop DXVK

        DXVK-NVAPI 0.4 is out today for improving the implementation of this NVIDIA driver public API interface (NVAPI) within DXVK for running Windows Direct3D games on Linux. DXVK-NVAPI 0.4 updates against the latest public NVAPI header files, now makes use of the NVIDIA Management Library (NVML) for querying various attributes on Linux, changes around log level options, and adds an optional test suite for helping to verify the NVAPI support.

      • The Nvidia Arm race has just put Microsoft, AMD, and Intel on notice

        Nvidia is paving the way for entirely GeForce-powered notebooks, potentially shoving Microsoft, Intel, and AMD aside in its quest for high-performance gaming laptops. The green team has now proven the power of both ray tracing and DLSS running in a Linux distro, on ARM-based silicon, with RTX graphics cards plumbed into them.

        And that should scare the crap out of everyone involved in the traditional Microsoft/x86 PC gaming monopoly.

        So yeah, it sure looks like GDC 2021 is kicking off with a bang, as Nvidia has today shown Wolfenstein: Youngblood running with ray traced reflections enabled, and DLSS in operation, on a system using an eight-core MediaTek CPU and an Nvidia RTX 3060 GPU.

      • Nvidia's ARM-Powered Linux RTX Demo Is a Warning Shot to x86, Microsoft
      • The Steam Deck Might Not Play All Games in Your Library

        As of now, the Steam Deck might play all of the games in the Steam Library, though the developers at Valve are working hard to make everything work.

        The Steam Deck is a portable gaming console. Its biggest selling point is its hardware specs capable of running even the most demanding PC games. So, if you’re the type of person who wants to play games on the go, this thing is ideal for you.

        That said, while there are many games to choose from, you might not get them running on this device.

      • Steam Deck SSD Replacement Possible on All Models

        Valve's upcoming handheld Steam Deck will allow its users to replace and upgrade its internal SSD with their own, although the company strongly recommends against it.

        The news was first brought to light by Valve's head Game Newell himself by responding to a redditor's inquiry about the system's SSD. The Steam Deck's website was later updated (spotted via VGC) to state that all models "use socketed 2230 m.2 modules (not intended for end-user replacement)."

      • Gadgets Weekly: Valve Steam Deck, Asus Chromebooks and more

        Out of the blue, Valve Corp on Thursday unveiled the company's first-ever hand-held gaming console Steam Deck, which competes directly with the popular Nintendo Switch series.

        The new Steam Deck sports wide 7.0-inch HD+ (1,280x800p) LCD panel with a 16:10 aspect ratio. It supports up to 60Hz display refresh rate, and offers close to 400 nits of peak brightness.

        Yes, the screen is touch-sensitive and also comes with an ambient light sensor, stereo speakers and a dual microphone array.

        Inside, it houses AMD's custom APU, optimized for handheld gaming. The APU's power ranges from 4W to 15W, which promises to deliver more than enough performance to run the latest AAA games very efficiently.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

      • GNOME Desktop/GTK

        • How Calls became a part of GNOME

          Since Purism’s philosophy and GNOME’s principles are closely aligned it is not far fetched to call them a match made in heaven.

          As you probably know the software stack in use on the Librem 5 is built upon GNOME technologies and has been designed by parts the GNOME Design Team.

          This is why we’re happy to officially announce that Calls will become a part of the GNOME project. Having a dialer application available shows that mobile is an important use case for GNOME. Furthermore this shows that we take upstreaming our development efforts and making them available to the wider community very seriously.

          The old repository has been archived and the new repository where development takes place can be found here while the packaging for PureOS can be found here.

          By moving to GNOME infrastructure we hope to generate more community interest around Calls.

    • Distributions

      • IBM/Red Hat/Fedora

      • Debian Family

        • Debian GNU/Linux 10 “Buster” Users Get New Linux Kernel Security Update, 4 Flaws Patched

          The new Linux kernel security update comes about three months after the previous kernel update and it’s here to address a total of four security vulnerabilities discovered by various security researchers in the upstream Linux 4.19 kernel series used by the Debian GNU/Linux 10 “Buster” operating system.

          The four security flaws patched in this kernel update are CVE-2020-36311, a vulnerability discovered in the KVM subsystem for AMD CPUs that could allow an attacker to cause a denial of service (soft lockup) by triggering the destruction of a large Secure Encrypted Virtualization (SEV) virtual machine.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Firefox May Have Lost Up to 12% Of Its Users So Far In 2021

            Firefox is the default web browser installed on most Linux distributions. It is a well-known browser by Mozilla that respects user privacy by design, and currently remains the only major web browser pushing for open web standards and community interest rather than giant corporations like Google, Microsoft or Apple.

            The existence of Firefox is important for the open source community. Both to prevent the monopoly of these corporations on the web and also to ensure a free and open source web browser (and engine!) remains accessible for end-users.

            However, Firefox has been recently struggling on many different fronts and on a number of issues and topics. We have covered a story in October, 2020 where Mozilla’s CEO was found to be getting a large $2.4M annual salary, while 25% of Mozilla’s workforce was let go because of financial issues at Mozilla. And yet, Mozilla is promoting initiatives to fight political ads, misinformation and “promote diversity” rather than fixing its own problems.

          • Spring Cleaning MDN: Part 1 [Ed: Mozilla is dead. And it is outsourcing to Microsoft proprietary software now.. Stick a form it it. Mozilla is a walking dead.]

            Most notably MDN now manages its content from a repository on GitHub. Prior to this, the content was stored in a database and edited by logging in to the site and modifying content via an in-page (WYSIWYG) editor, aka ‘The Wiki’. Since the big move, we have determined that MDN accounts are no longer functional for our users. If you want to edit or contribute content, you need to sign in to GitHub, not MDN.

      • SaaS/Back End/Databases

        • SQLite Extraction of Oracle Tables Tools, Methods and Pitfalls

          The SQLite database is a wildly successful and ubiquitous software package that is mostly unknown to the larger IT community. Designed and coded by Dr. Richard Hipp, the third major revision of SQLite serves many users in market segments with critical requirements for software quality, which SQLite has met with compliance to the DO-178B avionics standard. In addition to a strong presence in aerospace and automotive, most major operating system vendors (including Oracle, Microsoft, Apple, Google, and RedHat) include SQLite as a core OS component.

          There are a few eccentricities that may trip up users from other RDBMS environments. SQLite is known as a “flexibly-typed” database, unlike Oracle which rigidly enforces columnar datatypes; character values can be inserted into SQLite columns that are declared integer without error (although check constraints can strengthen SQLite type rigidity, if desired). While many concurrent processes are allowed to read from a SQLite database, only one process is allowed write privilege at any time (applications requiring concurrent writers should tread carefully with SQLite). There is no network interface, and all connections are made through a filesystem; SQLite does not implement a client-server model. There is no “point in time recovery,” and backup operations are basically an Oracle 7-style ALTER DATAFILE BEGIN BACKUP that makes a transaction-consistent copy of the whole database. GRANT and REVOKE are not implemented in SQLite, which uses filesystem permissions for all access control. There are no background processes, and newly-connecting clients may find themselves delayed and responsible for transaction recovery, statistics collection, or other administrative functions that are quietly performed in the background in this “zero-administration database.” Some history and architecture of SQLite can be found in audio and video records of Dr. Hipp's discussions.

          Despite these eccentricities, SQLite is likely a superior format for data exchange as opposed to CSV, XML, or even JSON, as indexes can be included, enabling recipients to perform high-speed queries in SQL92 without any preprocessing, licensing, or activation. SQLite’s conservative coding style and commentary is intended to benefit “future programmers who are not yet born,” and the on-disk database format has further been defined as a long-term storage standard by the Library of the U.S. Congress.

      • CMS

        • WordPress 5.8 Tatum

          Introducing 5.8 “Tatum”, our latest and greatest release now available for download or update in your dashboard. Named in honor of Art Tatum, the legendary Jazz pianist. His formidable technique and willingness to push boundaries inspired musicians and changed what people thought could be done.

          So fire up your music service of choice and enjoy Tatum’s famous recordings of ‘Tea for Two’, ‘Tiger Rag’, ‘Begin the Beguine’, and ‘Night and Day’ as you read about what the latest WordPress version brings to you.

      • FSF

        • Freedom moving forward: An overview of the FSF's history

          Our thirty-fifth birthday as an organization has given us the opportunity to think about the Free Software Foundation's (FSF) development over the years. More than thirty-five years of history is hard to bring together in a few sentences, so much so that even staff at the FSF sometimes have to do serious research into the exact dates that milestones occurred. This being the case, we realized it was high time to create an overview listing key points in the history of the FSF and GNU.

          Today we launched the FSF history timeline page which shows a clear overview of milestones for the organization, like when the GPLv3 was published, or when the first LibrePlanet conference took place.

        • Licensing/Legal

          • Our lawsuit against ChessBase

            The Stockfish project strongly believes in free and open-source software and data. Collaboration is what made this engine the strongest chess engine in the world. We license our software using the GNU General Public License, Version 3 (GPL) with the intent to guarantee all chess enthusiasts the freedom to use, share and change all versions of the program.

            Unfortunately, not everybody shares this vision of openness. We have come to realize that ChessBase concealed from their customers Stockfish as the true origin of key parts of their products (see also earlier blog posts by us and the joint Lichess, Leela Chess Zero, and Stockfish teams). Indeed, few customers know they obtained a modified version of Stockfish when they paid for Fat Fritz 2 or Houdini 6 - both Stockfish derivatives - and they thus have good reason to be upset. ChessBase repeatedly violated central obligations of the GPL, which ensures that the user of the software is informed of their rights. These rights are explicit in the license and include access to the corresponding sources, and the right to reproduce, modify and distribute GPLed programs royalty-free.

          • Stockfish sues ChessBase

            The Stockfish project, which distributes a chess engine under GPLv3, has announced the filing of a GPL-enforcement lawsuit against ChessBase, which has been (and evidently still is) distributing proprietary versions of the Stockfish code.

          • Are you compliant with open-source license obligations?

            A short answer is no. Your piece of software will not be open-source if it doesn’t have an open-source license. Under copyright law, such software is copyrighted by default, with all the restrictions that this implies.

            If you want anyone to use your code freely, you should ensure certain liberties commonly called “the four freedoms“. They say that OS software may be used, studied, modified, and distributed freely, as long as the license is respected.

            For the first three, there are no conditions of any kind; you are free to use, study, and modify the code for any purpose. If you move beyond that and decide to distribute your modified version (or the original), this is when open-source license compliance starts.

            Missing license texts are the number one cause of license infringement cases, which, as we’ve seen above, can lead to the loss of ownership rights and enforcement actions such as an interim injunction.

      • Programming/Development

        • Python

          • The data worker's guide to psiphiorrhea

            A dataset I recently audited had a record for a marine specimen observed at latitude 6.47457312, longitude -52.5741239, depth 103.8799973 metres. I've changed the coordinates (but not their number of decimal places) to protect the data owner's privacy.

            While those coordinates aren't as impressive as the -33.8903169365705 151.198409720645 I blogged about in 2019 for a huge building in Sydney, Australia, they still specify the specimen's underwater location €±0.55 millimetres in latitude. And the depth measurement is €±0.00005 millimetres.

            I suspect that the marine recorder might be afflicted with psiphiorrhea. I concocted this word (pronounced siff-ee-oh-REE-uh) from Greek roots meaning "digit or numeral" and "flux". In the same way that someone who talks far too much is exhibiting logorrhea, or excessive word-iness, someone who uses far too many digits in their numbers is exhibiting psiphiorrhea, or excessive digit-iness.

  • Leftovers

    • Science

      • Not only is Hubble back online after outage, it's already taking photos of the cosmos ● The Register

        The Hubble Space Telescope is back in action doing what it does best – capturing stunning images of the universe – after more than 50 NASA engineers worked hundreds of hours to get the instrument working again.

        After activating redundant components within the orbiting observatory on Friday to clear a hardware glitch, the telescope has been able to use its sensors again. NASA released two photos of oddball galaxies Hubble snapped over the weekend: one depicting two galaxies intersecting each other, and the other showing a large spiral galaxy with three arms.

    • Integrity/Availability

      • Proprietary

        • China says Microsoft hacking accusations fabricated by US and allies [Ed: Well, it is the fault of Microsoft that holes exist]
        • US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach
        • Security

          • Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)

            A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been unearthed by researchers.

          • New Linux kernel bug lets you get root on most modern distros
          • Nasty Linux systemd security bug revealed

            Qualsys has found an ugly Linux systemd security hole that can enable any unprivileged user to crash a Linux system. The patch is available, and you should deploy it as soon as possible.

          • How IBM i Fits Into a Zero-Trust Security Framework [Ed: Authored by IBM shill funded by IBM]

            One of the hot new trends in cybersecurity these days is the zero-trust security model. Instead of implicitly trusting network traffic behind the firewall, zero-trust demands that traffic have explicit permission to be there. But how does that model work with the strange beast known as IBM i? IT Jungle recently sat down with PJ Kirner, the CTO and co-founder of zero-trust software provider Illumio, to find out.

            Illumio is an eight-year-old venture-backed startup based in Sunnyvale, California, that is working in the field of zero-trust security. It develops an offering, called Illumio Core, that allows companies to begin implementing the zero-trust security model in their own data centers.

            It’s a fairly radical shift in philosophy, Kirner says. “There’s a mentality change from ‘I trust everything’ to . . . ‘I need a policy enforcement point of some sort everywhere, not just in the one place at the boundary of two things,'” he says.

            When fully built out, an IT estate with an active zero-trust security model will resemble a party where only invited guests are allowed in. Building from a whitelist, or “allow list,” is starkly different than starting with a blacklist, or an “exclude list,” Kirner says. “If you start by saying just these two things are not allowed to talk, well, that’s a whole bunch of implicit trust around everything else,” he says.

            Illumio, which recently added support for IBM i systems, begins every zero-trust security engagement by making a map of network traffic behind the firewall. Illumio develops software that does this mapping, which can be quite illuminating in its own right.

          • New Windows 10 vulnerability allows anyone to get admin privileges
          • The virus rears its ugly head....

            There is a virus going around. We thought we were winning the battle against it, but powerful forces and events have allowed it to raise its ugly head and cause unforeseen additional hardship. People thought that it was not so bad, they did not listen to reason and take the precautionary measures necessary to protect themselves. In letting down their guard they were unprepared and unprotected. After months of machines being turned off, software licenses (with their expiration dates never “dormant”) are up for renewal. Many companies, educational institutions and public buildings (like libraries) are turning on their Wintel PCs for the first time in over a year and finding that they need to renew their licenses, not only for what is called an operating system on their computer, but also for many of the closed source, proprietary add-on software packages that owners purchased in a wild attempt to make their hardware somewhat useful.

            [...]

            This variant is called “Windows 11”, and the creator of it seems to be unable to tell you how much havoc it will create for you. Does it run on your otherwise great hardware? You have a decent processor, a lot of RAM, and you bought it just two or three years ago….but it might not run Windows 11.

          • UK.gov's Huawei watchdog says firm made 'no overall improvement' on firmware security but won't say why

            Huawei has made "no overall improvement" in software engineering processes for its UK telecoms equipment's firmware, its GCHQ overseers have warned.

            The Huawei Cyber Security Evaluation Cell (HCSEC) oversight board's annual report for 2020 was noticeably less critical than in previous years – but still says Huawei is dragging its feet in key areas.

          • Northern Train's ticketing system out to lunch as ransomware attack shuts down servers

            Publicly owned rail operator Northern Trains has an excuse somewhat more technical than "leaves on the line" for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count.

            "Last week we experienced technical difficulties with our self-service ticket machines, which meant all have had to be taken offline," a spokesperson for Northern Trains confirmed to the The Register.

          • Fortinet's security appliances hit by remote code execution vulnerability

            Security appliance slinger Fortinet has warned of a critical vulnerability in its products that can be exploited to allow unauthenticated attackers full control over the target system - providing a particular daemon is enabled.

            The vulnerability, discovered by Orange Group security researcher Cyrille Chatras and sent to Fortinet privately for responsible disclosure, lies in the FortiManager and FortiAnalyzer software running atop selected models in the company's FortiGate security appliance family. Should a particular daemon be enabled, the company admitted, a remote attacker can gain full control.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • Romanian Linux Cryptojacking Cybercriminals Spotted [Ed: This is classic FUD as it's not a Linux issue but a weak password issue]

              Since at least 2020, an active threat organization based in Romania has been running a cryptojacking operation against Linux-based machines using the Golang-based SSH brute force, according to The Hacker News. The campaign's objective is to infect Linux systems with Monero mining applications.

          • Privacy/Surveillance

            • India IT minister denies illegal use of NSO Pegasus spyware

              Indian IT Minister Ashwini Vaishnaw has denied the nation illegally used the NSO Group's Pegasus spyware, but hasn't denied that India used it.

              The existence of Pegasus is not news. But over the weekend, Amnesty International, French outfit Forbidden Stories and a dozen publications around the world alleged the software has been widely misused to target media, dissidents, and other individuals, and that NSO Group's assertions its products are only used in the cause of national security are insincere at best.

    • Environment

      • Wildlife/Nature

        • Thousands of penguins crowding near Ukrainian polar station

          Ukrainian polar explorers recorded large waddles of penguins near the Antarctic station "Academician Vernadsky". "This July, our polar explorers recorded extremely large winter waddles of penguins: hundreds and thousands of individuals have a rest on different islands within a radius of 20 km from the station, and hundreds of penguins that eat can be observed in the water at the same time. These are mostly sub-Antarctic penguins (Gentoo) or Adélie penguins," the National Antarctic Scientific Center of Ukraine posted on Facebook.



Recent Techrights' Posts

Further Media Cut-downs
media reporting about the media being cut
Gemini Links 09/09/2025: Moon Eclipse and ROOPHLOCH Reports
Links for the day
Official SUSE Blog Still Uses LLM Slop (Bots) to Make Fake Articles (Marketing)
The company is all about sound bites
Companies Realise That Slop Doesn't Work as Advertised, Accordingly Dump It
"Hype dims as a country-wide survey of US corporations shows a sudden drop-off in AI use among firms with more than 250 employees."
Microsoft-Funded Lawsuits Against Critics of UEFI 'Secure Boot'
Remember that no company (or law firm) ever survives collaborations with Microsoft
It's Only the Second Week of September and Already Two Waves of Layoffs at Microsoft, Slopfarms and Microsoft-Funded Sites Spin It as "AI Investments" Rather Than Commercial Failure
A very large third one expected next week
 
statCounter Sees GNU/Linux Exceeding 10% in Bulgaria This Month
What can Microsoft still do to stop GNU/Linux?
Dark Patterns
Microsoft saying "security" is like a Convicted Felon in the White House saying "law and order".
It's Almost Fall (Autumn)
To "Facebook prison" you are bound
Bruce Schneier About "Secure Boot"
Bruce Schneier isn't a fan of "Secure Boot"
Links 09/09/2025: Microsoft Mass Layoffs Again and "RTO" (Timed Like It Serves as a Distraction From the Mass Layoffs)
Links for the day
RMS Told Microsoft to Stop 'Secure Boot' (He Even Went There to Say That), But They Didn't Listen
Dr. Stallman (RMS) assumed that speaking to sociopaths would work
What Richard Stallman Told Me About 'Secure' Boot in 2012
"if the user doesn't control the keys, then it's a kind of shackle"
Those Who Helped Microsoft Weaponise "Secure Boot" Against GNU/Linux and BSDs Are Fleeing
Microsofters doing what they do best: they evade accountability
Simple is Better, Simplicity is Power
That is "the advantage of having commodity GNU/Linux systems," an associate notes
Much Ado About Nonsense
Microsoft Lunduke is still all dramatisation and sensationalism
Current Events in France
It needs to dump Microsoft and other GAFAM (US) giants, move to Free software
Links 09/09/2025: US-Korea Tensions and Meta Whistleblowers
Links for the day
Links 09/09/2025: “Torrents of Hate” and Political Crisis in France
Links for the day
Gemini Links 09/09/2025: "Dedigitizing" and Forgejo on FreeBSD
Links for the day
Google News (Not Just Google Search) Lets Itself by Gamed by One Slopfarm - to the Point Almost Half of "Linux" News is Bot-Produced Plagiarism (LLM Slop With Slop Images)
That says a lot about what Google thinks of quality, even in Google News
Bill Gates-Funded Media Inadvertently Refutes the Microsoft Lie That in 2025 Microsoft Had Just Two Waves of Layoffs
There were about 12 rounds of layoffs so far in 2025
From theregister.co.uk to theregister.com (US) to The Register MS (Run by Microsoft Operatives) and theregister.ai
The best way to break this racket (or cycle of hype and harm) is to break the chains of funding
Open Source Initiative (OSI) Culture of Censorship Necessitates More Speech
The OSI bans dissent or people who merely point out that the OSI is abusive
How to Reach Us Discreetly (Other Than Encrypted E-mail)
We're still managing to maintain a 100% source protection record. We soon turn 19.
LLMs Are Vastly Worse Than a Waste of Energy and the Externalities Are Huge
Worse than just higher power bills for everybody
LLMs Versus Search (Not Replacing Search But Engaging in DDoS Attacks Against Web Sites That Permit Searching)
The state of the Web isn't just bad; it's utterly terrible
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 08, 2025
IRC logs for Monday, September 08, 2025
The UEFI 9/11 - Part IX - Shunning Old Computers (in 2023 the Certificate Was Updated/Overridden, Underlying Aim May Be Herding/Forcing People to Get TPM and Other 'Novel' Restrictions)
the "upgrade treadmill"
Rumour: Second Wave of Microsoft Mass Layoffs in September to Commence Third Week of September
That basically answers questions like, "Any specific date or time of the month?"
If Your Machine Still Has "Secure Boot" Enabled, Then Microsoft Has a de Facto Kill Switch (Even If Your Machine Doesn't Have Windows and Never Had Windows)
It is not incorrect to call UEFI 'secure boot' a "kill switch"
Gemini Links 08/09/2025: Reality, ROOPHLOCH 2025, and Writing Another Gemini Client
Links for the day
Updating Firmware is Not the Solution But Only Additional Risk, Disable "Secure Boot" Today
firmware blobs are buggy, secret, impossible to audit, and barely tested
Microsoft Tim's DevClass (Part of The Register MS/Situation Publishing) is Full of Slop
Looking at many sites that are full of slop images is becoming an eye sore and hallmark of text too likely generated by LLMs or 'assisted' (tainted) by them
Microsoft Trying to Fake Demand for Slop. At What Cost?
That's a giant demotion and broken promises
Reddit is Corporate Propaganda
To make matters worse, Reddit ousted many original moderators
Jeff Geerling Shocked to Discover Many Metrics in YouTube Are Fake (His Audience Turns Out to be Much Smaller)
Maybe self-host all videos, don't rely on Google's "FOMO" cheating (addiction based on false assumptions)
Sunlight is the Best Disinfectant and Kryptonite/Garlic to Vampires
Transparency (sometimes described by words like "Sunlight" or "Truth") is paramount
The Register MS Uses Slop in Articles About Slop
we are fairly certain it's slop or CG based on other people's work
Visiting a Web Page or a Public URL Should be Safe, Predictable, and Benign
It's probably too late to "fix" the Web
The Register MS (Situation Publishing) is Paid to Spread Mindless Hype for the "Hey Hi" Ponzi Scheme and That's a Serious Problem
"Sponsored by Zoom."
Links 08/09/2025: Burger King Cracked, Cox v. Sony Analysed
Links for the day
Gemini Links 08/09/2025: Socialist Computer Museum and GAFAM/ByteDance/TikTok-Dominated Net
Links for the day
Links 08/09/2025: Tim Crook Disappoints Apple Faithfuls and Zuckerberg Lies (Financial Fraud) for Cheeto King
Links for the day
EPO Workers Point Out that the EPO is Destroying the Planet Under the Guise of "Hey Hi" (It Also Grants Many Invalid Patents Illegally
On 12 March and 16 June 2025, staff representation met with the administration in the Local Occupational Health, Safety and Ergonomics Committee (LOHSEC) in Munich
Turn Off Microsoft's Restricted Boot ("Secure Boot")
We're still running a series on this issue
Social Control Media Sites Have Become Bot Farms (Not Limited to LLMs and Automation)
linkedin.com was nothing but trouble and losses for Microsoft
Deep in Debt With the Magnitude of Losses Quickly Growing, Microsoft "Open" "Hey Hi" Now Uses Broadcom for Vapourware, Pretending It'll Do OK Next Year
At some stage it'll collapse
You Can Tell Microsoft is in Trouble When Its Own Fans and Staff Blast it
"Microsoft sinks billions into chasing artificial intelligence fads to hype up its share price."
Multiple Undersea Cable Cuts and We're Still OK
Microsoft customers experience problems
Lawyers Who Think They Are Online Assassins Don't Deserve a Licence to Operate
they've become a laughing stock in their "sector"
Microsoft Windows Fell to 3.9% "Market Share" in Bahamas
Based on statCounter
How the European Union (EU) Fell Out of Love With Free/Libre Software
Lots of bribery
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 07, 2025
IRC logs for Sunday, September 07, 2025
Gemini Links 07/09/2025: Scanner, Slop, and Chadobear
Links for the day
The UEFI 9/11 is 3 Days Away
Nobody denies that bad things will happen
Google Versus Journalism
Google played a big role in the demise of news sites
Gemini Links 07/09/2025: Advertising, Decentralized Archival, and Outsourcing to Bezos
Links for the day
Certificate Authority Let's Encrypt Has Almost Gone Down to Zero, Nearly Totally Extinct in Geminispace, the Few Capsules Still Using It Are Spam/Dead/Stagnant
This represents another decrease for Let's Encrypt; the last decrease was last week
Not Much Left in News Cycles
To be very clear, this does not describe "Linux" anything; it's true in just about every facet of news, except the paid-for fake "journalism" about "hey hi" (sites getting paid explicitly to maintain or rekindle hype)
Trying to Silence Techrights Was a Huge Mistake
Peter Thiel attacked a publisher for asserting, correctly, that he was gay. Now everyone knows it.
Throwing Away "Old" Computers (Mozilla and Other Climate Deniers)
Mozilla is not leftist
The UEFI 9/11 - Part VIII - Denial of Service and Selling Us WSL (Windows) Instead of "Risky" (Prone by Breakage by Microsoft) GNU/Linux
Restricted Boot (so-called 'SecureBoot') does not improve security. It is nothing but trouble. It's meant to trouble non-Windows users. In dual-boot setups, SecureBoot is a recipe for disaster because Microsoft keeps erasing or tampering with the boot sector, to paraphrase an associate
Slop is Extremely Rare in Geminispace, Slop Images Are Unheard Of (Despite Images Being Supported)
As long as Geminispace grows in terms of domains it's safe to predict the protocol will still be used in 2029 and hence Geminispace will turn 10
Links 07/09/2025: Robodebt Class Action, Fines, and Copyright Settlement
Links for the day
Links 07/09/2025: Yle Impersonated in Social Control Media, Boat-Attacking Orcas, Midjourney Sued Again
Links for the day
Slopwatch: LinuxSecurity, Linux Journal, and the Serial Slopper
Google won't tackle the issue because Google participates not only in relaying slop but also in generating lots of it
Links 07/09/2025: Google Fines in EU and "Your Internet Access Is at Risk"
Links for the day
Gemini Links 07/09/2025: Little Brother and Corporate Theatre
Links for the day
Links 07/09/2025: More Harms of Slop and Anthropic's Nightmare Scenario (Huge Legal Liabilities for Slop)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 06, 2025
IRC logs for Saturday, September 06, 2025