07.20.21

Gemini version available ♊︎

Links 21/7/2021: WordPress 5.8, Wine 6.13, and VirtualBox 6.1.24

Posted in News Roundup at 6:20 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Microsoft has its own Linux distribution. [Ed: They are missing the point of it and overlooking the fact that Microsoft continues to attack Linux from a number of fronts]

        The days when Microsoft CEO, the shy and retiring Steve Ballmer, called Linux cancer on the software industry, are really dead and buried – Vole now has its own Linux distribution which it is even telling people about.

    • Audiocasts/Shows

      • The Killer Feature Of Tiling Window Managers Isn’t Tiling

        I often get people telling me that they don’t see the point of using a tiling window manager. I think part of the problem is the name “tiling window manager”.

      • Using Linux at work – KDE Edition

        This is an update on the Linux at work series I started a while ago! At the time, I was using elementary OS on a Huawei matebook 13, to work as a Product Owner. Since then, remote work became a lot more prevalent, and I also changed distros, and laptops, so let’s see how I’m making Linux and KDE work as my primary OS, on my laptop, and desktop!

    • Kernel Space

      • Linux 5.12 Kernel Reaches End of Life, Upgrade to Linux Kernel 5.13 Now

        Released about three months ago, Linux kernel 5.12 introduced lots of goodies, including support for Playstation 5 DualSense and Nintendo 64 game controllers, eMMC inline encryption support, support for the Lenovo IdeaPad platform profile and the Lenovo ThinkPad X1 Tablet Gen 2, as well as a new memory-debugging tool called KFENCE.

        It also introduced initial support for zoned block devices to the Btrfs file system, LTO in Clang support, AMDGPU Freesync HDMI support, and many other cool features, but it’s now marked as EOL (End of Life) on the kernel.org website, which means that it will no longer receive support upstream and that you must upgrade to a newer or LTS kernel as soon as possible.

      • Linux 5.13.4
        I'm announcing the release of the 5.13.4 kernel.
        
        All users of the 5.13 kernel series must upgrade.
        
        The updated 5.13.y git tree can be found at:
        	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.13.y
        and can be browsed at the normal kernel.org git web browser:
        
        https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
        
        thanks,
        
        greg k-h
        
      • Linux 5.12.19
      • Linux 5.10.52
      • Linux 5.4.134
      • Linux 4.19.198
      • Linux 4.14.240
      • Linux 4.9.276
      • Linux 4.4.276
      • Graphics Stack

        • AMD Posts Linux Graphics Driver Patches For “Cyan Skillfish”

          AMD posted a new patch series bringing up a new graphics processor, Cyan Skillfish.

          As usual, this is a Linux-focused codename for a yet-to-be-launched product with their naming convention of an X11 color name paired with a fish species.

          While yet to be launched, Cyan Skillfish isn’t as exciting as some of the recent RDNA2 or CDNA GPUs. Cyan Skillfish is the support for a Navi (1x) graphics processor in a forthcoming APU.

        • Reverse-engineering the Mali G78

          After a month of reverse-engineering, we’re excited to release documentation on the Valhall instruction set, available as a PDF. The findings are summarized in an XML architecture description for machine consumption. In tandem with the documentation, we’ve developed a Valhall assembler and disassembler as a reverse-engineering aid.

          Valhall is the fourth Arm® Mali™ architecture and the fifth Mali instruction set. It is implemented in the Arm® Mali™-G78, the most recently released Mali hardware, and Valhall will continue to be implemented in Mali products yet to come.

        • Arm Mali “Valhall” Reverse-Engineering Started

          The Panfrost open-source Linux graphics driver stack has matured nicely for Arm Mali Midgard and Bifrost generations but for the past two years now there has been Valhall as the latest-generation Arm Mali microarchitecture. There is now work underway on reverse-engineering Valhall for ultimately wiring up with open-source graphics driver support.

          Panfrost lead developer Alyssa Rosenzweig commented today that reverse-engineering work has begun for Valhall with a focus on the Mali G78 in particular. This reverse engineering has been going on for just about one month but there is already some instruction set documentation made as well as an XML-based representation.

        • NVIDIA Brings Its RTX Tech To Linux On Arm

          When NVIDIA sets out to acquire a company, it doesn’t seem to waste any time to start producing custom product with the new IP access. After the company announced its plans to acquire Arm last fall, the company announced a full-fledged Arm-based supercomputer called Grace this past spring. Arm in the enterprise seemed likely, but did you expect to see the label “RTX” tied in with it, as well?

          At the ongoing Game Developers Conference, NVIDIA announced that it’s bringing RTX to Arm on Linux, which should result in a number of different types of devices adopting it. With the help of two tech demos, the company utilized MediaTek’s Kompanio 120 (eight-core with 1-3-4 config) and gave it a GeForce RTX 3060 to work with. With one demo, the fast-paced Wolfenstein: Youngblood was shown-off, utilizing both ray tracing and DLSS. You can check it running in real-time in the video below:

    • Applications

      • HandBrake 1.4.0

        HandBrake is an open-source, GPL-licensed, multiplatform, multithreaded video transcoder, available for MacOS X, Linux and Windows. Handbrake can process most common multimedia files and any DVD or BluRay sources that do not contain any kind of copy protection.

      • VirtualBox 6.1.24 Released with Support for Linux 5.13 and Ubuntu Specific Kernels

        VirtualBox 6.1.24 comes almost three months after version 6.1.22 to introduce support for the latest and greatest Linux 5.13 kernel series, for both hosts and guests. As you can imagine, this means that you can now run GNU/Linux distributions powered by Linux kernel 5.13 on virtual machines or install VirtualBox on a distro running Linux 5.13.

        For the first time, VirtualBox introduces support for kernels that are specific to a certain GNU/Linux distribution. In this release, there’s support for Ubuntu specific kernels, as well as kernels that are specific to the SUSE Linux Enterprise Server and Desktop (SLES/SLED) 15 SP3 (Service Pack 3) operating systems.

      • The best email client for Linux, Windows and macOS isn’t Outlook

        I rely on email. In fact, it’s my primary method of communication with the outside world. While most people are busy on Slack and other chat platforms, I still prefer email. Why? For one thing, I retain a digital trail of my communication. I can search through email threads to follow conversations with a single person (or multiple persons) with ease. Another reason is that I’ve been using email since the late ’90s, so it’s a very comfortable and familiar format.

        Does that mean I ignore chat and other types of communication platforms? Not at all. But for my primary method of communication with clients, editors and publishers, it’s email all the way. It’s easy, fast and always there. I don’t have to worry about whether or not a recipient is online; they’ll get the communication one way or another.

        But there is a slight problem. Which email client to use? There are quite a large number of apps available on every platform, and not every app is available for every operating system. You have Apple Mail for macOS, Outlook for Windows and macOS, Evolution for Linux, and a host of other possibilities. And for the longest time, everyone just assumed Microsoft Outlook was the single best email client on the planet.

        For anyone who’s had to troubleshoot Outlook problems, you know just how bad that client can get when it’s in a fussy mood. I’ve experienced Outlook problems so bad, the only way to solve the problem was a complete reinstall of the OS. Granted, that situation was not normal, but it is very indicative of what can go wrong with that particular email client. And although Apple Mail is a very good email application, its macOS-only limitation is problematic. I will go so far as to say if Apple Mail was available for Linux, macOS and Windows, it would probably wind up at the very top of this list.

    • Instructionals/Technical

      • How to Create Rust Virtual Environment Using Conda on Linux

        Conda is an open-source package management system and environment management system for installing multiple versions of software packages and their dependencies. It is mainly developed for Python and not tied to any specific programming language. Conda allows you to install many programming languages in multiple different environments.

        In this post, we will show you how to create Rust virtual environments using Conda in Linux.

      • How to Install the Latest HPLIP Driver in Ubuntu 20.04 [Fix Dependency Issue] | UbuntuHandbook

        Need the most recent HPLIP to get your HP printer or scanner working in Ubuntu? Here’s how to install guide as well as workaround to fix the python-pyqt5 dependency issue.

        HPLIP is an open-source Linux drivers for HP’s inkjet and laser printers. The project is initiated and led by HP Inc. While the package in Ubuntu repositories is always old, you can install the official binary to get new devices support.

        However, the most recent releases refuse to install in my Ubuntu 20.04 due to python-pyqt5 dependency issue. If you’re facing with the similar issue, then this tutorial may help!

      • Linux Essentials – Automatically mounting storage volumes with /etc/fstab

        In a previous video we went over the basics of storage, and in this episode of Linux Essentials, I’ll show you how to automatically mount storage volumes when you boot your server.

      • Automatically bring up a SocketCAN interface on boot

        Working with Controller Area Network (CAN) on your Linux PC? Through the SocketCAN kernel modules, Linux supports CAN quite well. It can be a bit tricky though, to get your USB-to-CAN adapter configured and up-and-running. This tutorial not only explains how to bring up your SocketCAN network interface, it also shows you how to configure your Linux system to automatically bring up your SocketCAN network interface, each time you plug it in or boot up your Linux system.

      • How to Build a Package from Source in Linux – Make Tech Easier

        Besides its open-source nature, customizability is one of the other reasons many users love Linux: you can modify and configure almost every file to meet your specific needs and style. This includes the ability to rebuild a package from source.

        The ability to rebuild a package from the source can be beneficial to any Linux power user because it allows you to change packages, enable or disable a feature, or even apply custom modifications.

    • Wine or Emulation

      • Wine 6.13
        The Wine development release 6.13 is now available.
        
        What's new in this release (see below for details):
          - Proper scrollbar theming.
          - More work towards WinSock PE conversion.
          - Preparation work for the GDI syscall interface.
          - Some progress on the IPHLPAPI PE conversion.
          - Various bug fixes.
        
        The source is available from the following locations:
        
        https://dl.winehq.org/wine/source/6.x/wine-6.13.tar.xz
        
        
        http://mirrors.ibiblio.org/wine/source/6.x/wine-6.13.tar.xz
        
        Binary packages for various distributions will be available from:
        
        https://www.winehq.org/download
        
        You will find documentation on https://www.winehq.org/documentation
        
        You can also get the current source directly from the git
        repository. Check https://www.winehq.org/git for details.
        
        Wine is available thanks to the work of many people. See the file
        AUTHORS in the distribution for the complete list.
        
      • Wine 6.13 Released With Proper Scrollbar Theming, More PE Conversion

        The Wine project usually puts out new open-source development releases reliably every other week, but as is sometimes the case during the summer months, last Friday’s was missed due to summer holidays. That update — Wine 6.13 — has now shipped today.

        Alexandre Julliard just issued the belated Wine 6.13 release. Among the changes this time around are now having proper scrollbar theming for Windows applications running in Wine, preparation work for the GDI system call interface, and more PE conversion work. There still is work going on the WinSock portable executable conversion and now on the IPHLPAPI PE conversion too.

    • Games

      • Ubisoft are keeping an eye on the Steam Deck, will release on it if it’s big enough

        Today during the Ubisoft conference call where they discussed first-quarter 2021-2022 sales, Steam Deck got mentioned.

        It’s an interesting one, since Ubisoft has pretty much left Steam behind in favour of other stores like the Epic Games Store. The Epic store doesn’t support Linux, and Epic currently have no intention to do so. So unless people are expected to manually load up Windows to replace SteamOS, companies like Ubisoft would need to bring their games back to Steam to give users a good experience.

        During the conference call that we listened to today, a question was asked about the Steam Deck from one investor.

      • Space station building and management sim Starmancer confirmed for GOG

        The release of the fantastic space station building and management game Starmancer is getting ever closer, and now a GOG released has been confirmed today. It’s been a while since the Kickstarter in 2018, which showed a hugely promising idea.

        Starmancer follows long after some sort of catastrophe on Earth with the remains of humanity having their brains uploaded into special memory banks. You’re responsible for building up a sustainable station to enable supporting human life, which you end up growing in special pods to have a consciousness downloaded into.

        “Starmancer offers gameplay with consequences, a living sandbox environment, crafting, and managing the daily lives of colonists. Create a utopian society where everyone is well fed, happy, and safe. Or go rogue and figure out how many times a colonist can eat wheat before they go crazy. The choice is yours!”

      • DXVK-NVAPI 0.4 Released For Improving NVIDIA Integration Atop DXVK

        DXVK-NVAPI 0.4 is out today for improving the implementation of this NVIDIA driver public API interface (NVAPI) within DXVK for running Windows Direct3D games on Linux. DXVK-NVAPI 0.4 updates against the latest public NVAPI header files, now makes use of the NVIDIA Management Library (NVML) for querying various attributes on Linux, changes around log level options, and adds an optional test suite for helping to verify the NVAPI support.

      • The Nvidia Arm race has just put Microsoft, AMD, and Intel on notice

        Nvidia is paving the way for entirely GeForce-powered notebooks, potentially shoving Microsoft, Intel, and AMD aside in its quest for high-performance gaming laptops. The green team has now proven the power of both ray tracing and DLSS running in a Linux distro, on ARM-based silicon, with RTX graphics cards plumbed into them.

        And that should scare the crap out of everyone involved in the traditional Microsoft/x86 PC gaming monopoly.

        So yeah, it sure looks like GDC 2021 is kicking off with a bang, as Nvidia has today shown Wolfenstein: Youngblood running with ray traced reflections enabled, and DLSS in operation, on a system using an eight-core MediaTek CPU and an Nvidia RTX 3060 GPU.

      • Nvidia’s ARM-Powered Linux RTX Demo Is a Warning Shot to x86, Microsoft
      • The Steam Deck Might Not Play All Games in Your Library

        As of now, the Steam Deck might play all of the games in the Steam Library, though the developers at Valve are working hard to make everything work.

        The Steam Deck is a portable gaming console. Its biggest selling point is its hardware specs capable of running even the most demanding PC games. So, if you’re the type of person who wants to play games on the go, this thing is ideal for you.

        That said, while there are many games to choose from, you might not get them running on this device.

      • Steam Deck SSD Replacement Possible on All Models

        Valve’s upcoming handheld Steam Deck will allow its users to replace and upgrade its internal SSD with their own, although the company strongly recommends against it.

        The news was first brought to light by Valve’s head Game Newell himself by responding to a redditor’s inquiry about the system’s SSD. The Steam Deck’s website was later updated (spotted via VGC) to state that all models “use socketed 2230 m.2 modules (not intended for end-user replacement).”

      • Gadgets Weekly: Valve Steam Deck, Asus Chromebooks and more

        Out of the blue, Valve Corp on Thursday unveiled the company’s first-ever hand-held gaming console Steam Deck, which competes directly with the popular Nintendo Switch series.

        The new Steam Deck sports wide 7.0-inch HD+ (1,280x800p) LCD panel with a 16:10 aspect ratio. It supports up to 60Hz display refresh rate, and offers close to 400 nits of peak brightness.

        Yes, the screen is touch-sensitive and also comes with an ambient light sensor, stereo speakers and a dual microphone array.

        Inside, it houses AMD’s custom APU, optimized for handheld gaming. The APU’s power ranges from 4W to 15W, which promises to deliver more than enough performance to run the latest AAA games very efficiently.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

      • GNOME Desktop/GTK

        • How Calls became a part of GNOME

          Since Purism’s philosophy and GNOME’s principles are closely aligned it is not far fetched to call them a match made in heaven.

          As you probably know the software stack in use on the Librem 5 is built upon GNOME technologies and has been designed by parts the GNOME Design Team.

          This is why we’re happy to officially announce that Calls will become a part of the GNOME project. Having a dialer application available shows that mobile is an important use case for GNOME.
          Furthermore this shows that we take upstreaming our development efforts and making them available to the wider community very seriously.

          The old repository has been archived and the new repository where development takes place can be found here while the packaging for PureOS can be found here.

          By moving to GNOME infrastructure we hope to generate more community interest around Calls.

    • Distributions

      • IBM/Red Hat/Fedora

      • Debian Family

        • Debian GNU/Linux 10 “Buster” Users Get New Linux Kernel Security Update, 4 Flaws Patched

          The new Linux kernel security update comes about three months after the previous kernel update and it’s here to address a total of four security vulnerabilities discovered by various security researchers in the upstream Linux 4.19 kernel series used by the Debian GNU/Linux 10 “Buster” operating system.

          The four security flaws patched in this kernel update are CVE-2020-36311, a vulnerability discovered in the KVM subsystem for AMD CPUs that could allow an attacker to cause a denial of service (soft lockup) by triggering the destruction of a large Secure Encrypted Virtualization (SEV) virtual machine.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Firefox May Have Lost Up to 12% Of Its Users So Far In 2021

            Firefox is the default web browser installed on most Linux distributions. It is a well-known browser by Mozilla that respects user privacy by design, and currently remains the only major web browser pushing for open web standards and community interest rather than giant corporations like Google, Microsoft or Apple.

            The existence of Firefox is important for the open source community. Both to prevent the monopoly of these corporations on the web and also to ensure a free and open source web browser (and engine!) remains accessible for end-users.

            However, Firefox has been recently struggling on many different fronts and on a number of issues and topics. We have covered a story in October, 2020 where Mozilla’s CEO was found to be getting a large $2.4M annual salary, while 25% of Mozilla’s workforce was let go because of financial issues at Mozilla. And yet, Mozilla is promoting initiatives to fight political ads, misinformation and “promote diversity” rather than fixing its own problems.

          • Spring Cleaning MDN: Part 1 [Ed: Mozilla is dead. And it is outsourcing to Microsoft proprietary software now.. Stick a form it it. Mozilla is a walking dead.]

            Most notably MDN now manages its content from a repository on GitHub. Prior to this, the content was stored in a database and edited by logging in to the site and modifying content via an in-page (WYSIWYG) editor, aka ‘The Wiki’. Since the big move, we have determined that MDN accounts are no longer functional for our users. If you want to edit or contribute content, you need to sign in to GitHub, not MDN.

      • SaaS/Back End/Databases

        • SQLite Extraction of Oracle Tables Tools, Methods and Pitfalls

          The SQLite database is a wildly successful and ubiquitous software package that is mostly unknown to the larger IT community. Designed and coded by Dr. Richard Hipp, the third major revision of SQLite serves many users in market segments with critical requirements for software quality, which SQLite has met with compliance to the DO-178B avionics standard. In addition to a strong presence in aerospace and automotive, most major operating system vendors (including Oracle, Microsoft, Apple, Google, and RedHat) include SQLite as a core OS component.

          There are a few eccentricities that may trip up users from other RDBMS environments. SQLite is known as a “flexibly-typed” database, unlike Oracle which rigidly enforces columnar datatypes; character values can be inserted into SQLite columns that are declared integer without error (although check constraints can strengthen SQLite type rigidity, if desired). While many concurrent processes are allowed to read from a SQLite database, only one process is allowed write privilege at any time (applications requiring concurrent writers should tread carefully with SQLite). There is no network interface, and all connections are made through a filesystem; SQLite does not implement a client-server model. There is no “point in time recovery,” and backup operations are basically an Oracle 7-style ALTER DATAFILE BEGIN BACKUP that makes a transaction-consistent copy of the whole database. GRANT and REVOKE are not implemented in SQLite, which uses filesystem permissions for all access control. There are no background processes, and newly-connecting clients may find themselves delayed and responsible for transaction recovery, statistics collection, or other administrative functions that are quietly performed in the background in this “zero-administration database.” Some history and architecture of SQLite can be found in audio and video records of Dr. Hipp’s discussions.

          Despite these eccentricities, SQLite is likely a superior format for data exchange as opposed to CSV, XML, or even JSON, as indexes can be included, enabling recipients to perform high-speed queries in SQL92 without any preprocessing, licensing, or activation. SQLite’s conservative coding style and commentary is intended to benefit “future programmers who are not yet born,” and the on-disk database format has further been defined as a long-term storage standard by the Library of the U.S. Congress.

      • CMS

        • WordPress 5.8 Tatum

          Introducing 5.8 “Tatum”, our latest and greatest release now available for download or update in your dashboard. Named in honor of Art Tatum, the legendary Jazz pianist. His formidable technique and willingness to push boundaries inspired musicians and changed what people thought could be done.

          So fire up your music service of choice and enjoy Tatum’s famous recordings of ‘Tea for Two’, ‘Tiger Rag’, ‘Begin the Beguine’, and ‘Night and Day’ as you read about what the latest WordPress version brings to you.

      • FSF

        • Freedom moving forward: An overview of the FSF’s history

          Our thirty-fifth birthday as an organization has given us the opportunity to think about the Free Software Foundation’s (FSF) development over the years. More than thirty-five years of history is hard to bring together in a few sentences, so much so that even staff at the FSF sometimes have to do serious research into the exact dates that milestones occurred. This being the case, we realized it was high time to create an overview listing key points in the history of the FSF and GNU.

          Today we launched the FSF history timeline page which shows a clear overview of milestones for the organization, like when the GPLv3 was published, or when the first LibrePlanet conference took place.

        • Licensing/Legal

          • Our lawsuit against ChessBase

            The Stockfish project strongly believes in free and open-source software and data. Collaboration is what made this engine the strongest chess engine in the world. We license our software using the GNU General Public License, Version 3 (GPL) with the intent to guarantee all chess enthusiasts the freedom to use, share and change all versions of the program.

            Unfortunately, not everybody shares this vision of openness. We have come to realize that ChessBase concealed from their customers Stockfish as the true origin of key parts of their products (see also earlier blog posts by us and the joint Lichess, Leela Chess Zero, and Stockfish teams). Indeed, few customers know they obtained a modified version of Stockfish when they paid for Fat Fritz 2 or Houdini 6 – both Stockfish derivatives – and they thus have good reason to be upset. ChessBase repeatedly violated central obligations of the GPL, which ensures that the user of the software is informed of their rights. These rights are explicit in the license and include access to the corresponding sources, and the right to reproduce, modify and distribute GPLed programs royalty-free.

          • Stockfish sues ChessBase

            The Stockfish project, which distributes a chess engine under GPLv3, has announced the filing of a GPL-enforcement lawsuit against ChessBase, which has been (and evidently still is) distributing proprietary versions of the Stockfish code.

          • Are you compliant with open-source license obligations?

            A short answer is no. Your piece of software will not be open-source if it doesn’t have an open-source license. Under copyright law, such software is copyrighted by default, with all the restrictions that this implies.

            If you want anyone to use your code freely, you should ensure certain liberties commonly called “the four freedoms“. They say that OS software may be used, studied, modified, and distributed freely, as long as the license is respected.

            For the first three, there are no conditions of any kind; you are free to use, study, and modify the code for any purpose. If you move beyond that and decide to distribute your modified version (or the original), this is when open-source license compliance starts.

            Missing license texts are the number one cause of license infringement cases, which, as we’ve seen above, can lead to the loss of ownership rights and enforcement actions such as an interim injunction.

      • Programming/Development

        • Python

          • The data worker’s guide to psiphiorrhea

            A dataset I recently audited had a record for a marine specimen observed at latitude 6.47457312, longitude -52.5741239, depth 103.8799973 metres. I’ve changed the coordinates (but not their number of decimal places) to protect the data owner’s privacy.

            While those coordinates aren’t as impressive as the
            -33.8903169365705 151.198409720645
            I blogged about in 2019 for a huge building in Sydney, Australia, they still specify the specimen’s underwater location ±0.55 millimetres in latitude. And the depth measurement is ±0.00005 millimetres.

            I suspect that the marine recorder might be afflicted with psiphiorrhea. I concocted this word (pronounced siff-ee-oh-REE-uh) from Greek roots meaning “digit or numeral” and “flux”. In the same way that someone who talks far too much is exhibiting logorrhea, or excessive word-iness, someone who uses far too many digits in their numbers is exhibiting psiphiorrhea, or excessive digit-iness.

  • Leftovers

    • Science

      • Not only is Hubble back online after outage, it’s already taking photos of the cosmos • The Register

        The Hubble Space Telescope is back in action doing what it does best – capturing stunning images of the universe – after more than 50 NASA engineers worked hundreds of hours to get the instrument working again.

        After activating redundant components within the orbiting observatory on Friday to clear a hardware glitch, the telescope has been able to use its sensors again. NASA released two photos of oddball galaxies Hubble snapped over the weekend: one depicting two galaxies intersecting each other, and the other showing a large spiral galaxy with three arms.

    • Integrity/Availability

      • Proprietary

        • China says Microsoft hacking accusations fabricated by US and allies [Ed: Well, it is the fault of Microsoft that holes exist]
        • US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach
        • Security

          • Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)

            A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been unearthed by researchers.

          • New Linux kernel bug lets you get root on most modern distros
          • Nasty Linux systemd security bug revealed

            Qualsys has found an ugly Linux systemd security hole that can enable any unprivileged user to crash a Linux system. The patch is available, and you should deploy it as soon as possible.

          • How IBM i Fits Into a Zero-Trust Security Framework [Ed: Authored by IBM shill funded by IBM]

            One of the hot new trends in cybersecurity these days is the zero-trust security model. Instead of implicitly trusting network traffic behind the firewall, zero-trust demands that traffic have explicit permission to be there. But how does that model work with the strange beast known as IBM i? IT Jungle recently sat down with PJ Kirner, the CTO and co-founder of zero-trust software provider Illumio, to find out.

            Illumio is an eight-year-old venture-backed startup based in Sunnyvale, California, that is working in the field of zero-trust security. It develops an offering, called Illumio Core, that allows companies to begin implementing the zero-trust security model in their own data centers.

            It’s a fairly radical shift in philosophy, Kirner says. “There’s a mentality change from ‘I trust everything’ to . . . ‘I need a policy enforcement point of some sort everywhere, not just in the one place at the boundary of two things,’” he says.

            When fully built out, an IT estate with an active zero-trust security model will resemble a party where only invited guests are allowed in. Building from a whitelist, or “allow list,” is starkly different than starting with a blacklist, or an “exclude list,” Kirner says. “If you start by saying just these two things are not allowed to talk, well, that’s a whole bunch of implicit trust around everything else,” he says.

            Illumio, which recently added support for IBM i systems, begins every zero-trust security engagement by making a map of network traffic behind the firewall. Illumio develops software that does this mapping, which can be quite illuminating in its own right.

          • New Windows 10 vulnerability allows anyone to get admin privileges
          • The virus rears its ugly head….

            There is a virus going around. We thought we were winning the battle against it, but powerful forces and events have allowed it to raise its ugly head and cause unforeseen additional hardship.
            People thought that it was not so bad, they did not listen to reason and take the precautionary measures necessary to protect themselves. In letting down their guard they were unprepared and unprotected.
            After months of machines being turned off, software licenses (with their expiration dates never “dormant”) are up for renewal.
            Many companies, educational institutions and public buildings (like libraries) are turning on their Wintel PCs for the first time in over a year and finding that they need to renew their licenses, not only for what is called an operating system on their computer, but also for many of the closed source, proprietary add-on software packages that owners purchased in a wild attempt to make their hardware somewhat useful.

            [...]

            This variant is called “Windows 11”, and the creator of it seems to be unable to tell you how much havoc it will create for you. Does it run on your otherwise great hardware? You have a decent processor, a lot of RAM, and you bought it just two or three years ago….but it might not run Windows 11.

          • UK.gov’s Huawei watchdog says firm made ‘no overall improvement’ on firmware security but won’t say why

            Huawei has made “no overall improvement” in software engineering processes for its UK telecoms equipment’s firmware, its GCHQ overseers have warned.

            The Huawei Cyber Security Evaluation Cell (HCSEC) oversight board’s annual report for 2020 was noticeably less critical than in previous years – but still says Huawei is dragging its feet in key areas.

          • Northern Train’s ticketing system out to lunch as ransomware attack shuts down servers

            Publicly owned rail operator Northern Trains has an excuse somewhat more technical than “leaves on the line” for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count.

            “Last week we experienced technical difficulties with our self-service ticket machines, which meant all have had to be taken offline,” a spokesperson for Northern Trains confirmed to the The Register.

          • Fortinet’s security appliances hit by remote code execution vulnerability

            Security appliance slinger Fortinet has warned of a critical vulnerability in its products that can be exploited to allow unauthenticated attackers full control over the target system – providing a particular daemon is enabled.

            The vulnerability, discovered by Orange Group security researcher Cyrille Chatras and sent to Fortinet privately for responsible disclosure, lies in the FortiManager and FortiAnalyzer software running atop selected models in the company’s FortiGate security appliance family. Should a particular daemon be enabled, the company admitted, a remote attacker can gain full control.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • Romanian Linux Cryptojacking Cybercriminals Spotted [Ed: This is classic FUD as it's not a Linux issue but a weak password issue]

              Since at least 2020, an active threat organization based in Romania has been running a cryptojacking operation against Linux-based machines using the Golang-based SSH brute force, according to The Hacker News. The campaign’s objective is to infect Linux systems with Monero mining applications.

          • Privacy/Surveillance

            • India IT minister denies illegal use of NSO Pegasus spyware

              Indian IT Minister Ashwini Vaishnaw has denied the nation illegally used the NSO Group’s Pegasus spyware, but hasn’t denied that India used it.

              The existence of Pegasus is not news. But over the weekend, Amnesty International, French outfit Forbidden Stories and a dozen publications around the world alleged the software has been widely misused to target media, dissidents, and other individuals, and that NSO Group’s assertions its products are only used in the cause of national security are insincere at best.

    • Environment

      • Wildlife/Nature

        • Thousands of penguins crowding near Ukrainian polar station

          Ukrainian polar explorers recorded large waddles of penguins near the Antarctic station “Academician Vernadsky”.
          “This July, our polar explorers recorded extremely large winter waddles of penguins: hundreds and thousands of individuals have a rest on different islands within a radius of 20 km from the station, and hundreds of penguins that eat can be observed in the water at the same time. These are mostly sub-Antarctic penguins (Gentoo) or Adélie penguins,” the National Antarctic Scientific Center of Ukraine posted on Facebook.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Tux Machines is 17.5 Years Old Today

    Tux Machines -- our 'sister site' for GNU/Linux news -- started in 2004. We're soon entering 2022.



  2. Approaching 100

    We'll soon have 100 files in Git; if that matters at all...



  3. Improving Gemini by Posting IRC Logs (and Scrollback) as GemText

    Our adoption of Gemini and of GemText increases; with nearly 100,000 page requests in the first 3 days of Decembe (over gemini://) it’s clear that the growing potential of the protocol is realised, hence the rapid growth too; Gemini is great for self-hosting, which is in turn essential when publishing suppressed and controversial information (subject to censorship through blackmail and other ‘creative’ means)



  4. Links 4/12/2021: IPFire 2.27 Core Update 162 and Genode OS Framework 21.11

    Links for the day



  5. Links 4/12/2021: Gedit Plans and More

    Links for the day



  6. Links 4/12/2021: Turnip Becomes Vulkan 1.1 Conformant

    Links for the day



  7. IRC Proceedings: Friday, December 03, 2021

    IRC logs for Friday, December 03, 2021



  8. Links 4/12/2021: EndeavourOS Atlantis, Krita 5.0.0 Beta 5, Istio 1.11.5, and Wine 6.23; International Day Against DRM (IDAD) on December 10th

    Links for the day



  9. Another Gemini Milestone: 1,500 Active Capsules

    This page from Balázs Botond plots a graph, based on these statistics that now (as of minutes ago) say: “We successfully connected recently to 1500 of them.” Less than a fortnight ago more than 1,800 capsules overall were registered by Lupa, almost quadrupling in a single year



  10. [Meme] António Campinos and Socialist Posturing

    Staff of the EPO isn’t as gullible as António Campinos needs it to be



  11. António Campinos as EPO President is Considered Worse Than Benoît Battistelli (in Some Regards) After 3.5 Years in Europe's Second-Largest Institution

    The EPO's demise at the hands of people who don't understand patents and don't care what the EPO exists for is a real crisis which European media is unwilling to even speak about; today we share some internal publications and comment on them



  12. Media Coverage for Sale

    Today we're highlighting a couple of new examples (there are many other examples which can be found any day of the year) demonstrating that the World Wide Web is like a corporate spamfarm in "news" clothing



  13. Links 3/12/2021: GNU Poke 1.4 and KDDockWidgets 1.5.0

    Links for the day



  14. IRC Proceedings: Thursday, December 02, 2021

    IRC logs for Thursday, December 02, 2021



  15. Links 3/12/2021: Nitrux 1.7.1 and Xen 4.16 Released

    Links for the day



  16. Links 2/12/2021: OpenSUSE Leap 15.4 Alpha, Qt Creator 6

    Links for the day



  17. The EPO's “Gender Awareness Report”

    There’s a new document with remarks by the EPO’s staff representatives and it concerns opportunities for women at the EPO — a longstanding issue



  18. IRC Proceedings: Wednesday, December 01, 2021

    IRC logs for Wednesday, December 01, 2021



  19. EPO Staff Committee Compares the Tactics of António Campinos to Benoît Battistelli's

    The Central Staff Committee (CSC) of the EPO talks about EPO President António Campinos, arguing that “he seems to subscribe to the Manichean view, introduced by Mr Battistelli…”



  20. Prof. Thomas Jaeger in GRUR: Unified Patent Court (UPC) “Incompatible With EU Law“

    The truth remains unquestionable and the law remains unchanged; Team UPC is living in another universe, unable to accept that what it is scheming will inevitably face high-level legal challenges (shall that become necessary) and it will lose because the facts are all still the same



  21. Links 1/12/2021: LibrePlanet CFS Extended to December 15th and DB Comparer for PostgreSQL Reaches 5.0

    Links for the day



  22. EPO Cannot and Will Not Self-Regulate

    The term financialisation helps describe some of the activities of the EPO in recent years; see Wikipedia on financialisation below



  23. [Meme] Germany's Licence to Break the Law

    Remember that the young Campinos asked dad for his immunity after he had gotten drunk and crashed the car; maybe the EPO should stop giving diplomatic immunity to people, seeing what criminals (e.g. Benoît Battistelli) this attracts; the German government is destroying its image (and the EU’s) by fostering such corruption, wrongly believing that it’s worth it because of Eurozone domination for patents/litigation



  24. EPO Dislikes Science and Scientists

    The EPO's management has become like a corrupt political party with blind faith in money and monopolies (or monopoly money); it has lost sight of its original goals and at this moment it serves to exacerbate an awful pandemic, as the video above explains



  25. Links 1/12/2021: LibreOffice 7.3 Beta, Krita 5.0, Julia 1.7

    Links for the day



  26. Links 1/12/2021: NixOS 21.11 Released

    Links for the day



  27. IRC Proceedings: Tuesday, November 30, 2021

    IRC logs for Tuesday, November 30, 2021



  28. Links 1/12/2021: Tux Paint 0.9.27 and WordPress 5.9 Beta

    Links for the day



  29. [Meme] EPO Administrative Council Believing EPO-Bribed 'Media' (IAM Still Shilling and Lying for Cash)

    IAM continues to do what brings money from EPO management and Team UPC, never mind if it is being disputed by the patent examiners themselves



  30. The EPO's Mythical “Gap” Has Been Found and It's Bonuses for People Who Use Pure Fiction to Steal From Patent Examiners

    The phony president who has the audacity to claim there's a budget gap is issuing millions of euros for his enablers to enjoy; weeks ahead of the next meeting of national delegates the Central Staff Committee (CSC) tells them: "Events show that the delegations’ concerns about functional allowances have materialised. The lack of transparency and inflation of the budget envelope gives rise to the suspicion that high management is pursuing a policy of self-service at the expense of EPO staff, which is difficult to reconcile with the Office’s claimed cost-saving policy, and to the detriment of the whole Organisation."


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts