09.08.21

Gemini version available ♊︎

Links 9/9/2021: GNOME 41 RC and GStreamer 1.18.5

Posted in News Roundup at 7:24 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • In Search of Linux Laptops? Check these 6 Places to Get Your Laptop in 2021

        Are you in search of Linux laptops? This article takes you through 6 different places that offer the best Linux laptops. So get prepared to choose your Linux laptop in 2021.

        [...]

        Slimbook is well known for its thin, rigid, and light durable laptops starting at a reasonable price of €930 (approx $1,075). These come with a nice screen, solid battery life, powerful CPU, and very good speakers.

        This brand is from Spain. Slimbook came ahead of its competitors launching the first KDE laptops.

        Slimbook brings laptops with a good variety of popular Linux distros, such as KDE Neon, Ubuntu, Ubuntu MATE, Linux Mint, Kubuntu. Additionally, their laptops have two Spanish Linux distros – Max and Lliurex. You can choose Windows OS as well with their laptops, but for that, additional costs are there.

        Slimbook offers desktop systems too. So, if you ever need desktops, check it here.

    • Server

    • Audiocasts/Shows

      • FLOSS Weekly 646: Atomic Jar and Testcontainers – Richard North

        Richard North was the dog that caught the bus when all of a sudden his open source project, Testcontainers, took off, and now has more than a million monthly downloads and developers using it at Netflix, Uber, Spotify, Google and other settings large and small. Doc Searls and Dan Lynch talk with Richard about how he caught the bus he ended up driving, how he set up Testcontainers.org, stood up Atomicjar.com as a running business backed by smart capital, and put learnings to use through a six-year journey that includes a worldwide pandemic that is changing development for everyone.

      • mintcast 369 – Cache Flushing

        1:49 The News
        27:48 Security Update
        32:18 Bi-Weekly Wanderings
        1:01:28 Announcements & Outro

        First up in the news Linux Mint is ready for the facelift, Snaps get an upgrade, Kernel 5.14 is out, and 5.15 is looking good, and Ubuntu gets a release date

        In security cache flushing and Bluetooth flaws

        Then in our Wanderings Joe pines a phone with plasma, Tony walks 500 miles, and I search for a keyboard

      • Steamy PostgreSQL Shower | Coder Radio 430

        We are coming in hot, literally. It’s a day of spicy takes.

    • Kernel Space

      • AMD Has An Important Suspend/Resume Fix With Linux 5.15 – Phoronix

        Since last year AMD has been working to get its s2idle / suspend-to-idle S0ix sleep state code in order for supporting this lowest power platform idle state on newer AMD laptops and there has also been other AMD suspend/resume improvements in recent times. Now with the Linux 5.15 kernel cycle is an important fix for the AMD s2idle code.

        Stemming from a user reporting incorrect resume from suspend with an HP ENVY X360, Linux 5.15 has a fix for it and other laptops facing a similar problem. The original issue was resuming from suspend would yield the power LED not working, some keys like brightness controls not working, and the cooling fan not spinning up even under load. Yeah, that’s quite a poor Linux laptop experience.

      • Amazon’s DAMON Merged Into Linux 5.15 For Data Access Monitoring Framework – Phoronix

        he DAMON kernel functionality developed by Amazon engineers has successfully landed in the Linux 5.15 tree.

        As part of the 147 patches herded into the kernel today by Andrew Morton, the most notable addition is the merging of the DAMON functionality.

      • Linux kernel 5.15: NTFS support gets a significant boost – TechRepublic

        The Linux kernel has included NTFS support for some time. However, up until now, working with NTFS filesystems on Linux has been a bit of a headache. One of the biggest issues with NTFS support in the Linux kernel to date has been fully functioning read/write support. The old captive NTFS driver hasn’t been maintained for quite a while, and the NTFS-3G driver from Tuxera is far too slow for acceptable use (especially for enterprise use cases). So, a new driver has been needed for some time.

    • Benchmarks

      • Ubuntu 21.10 Delivering Some Performance Gains On The Intel Core i9 11900K – Phoronix

        For those wondering how the upcoming Ubuntu 21.10 release is looking for Intel “Rocket Lake” owners, here are some Ubuntu 21.04 versus 21.10 development benchmarks across dozens of different tests.

        With last month running some early Ubuntu 21.10 benchmarks on AMD Ryzen 9 5950X, the focus this time around with the latest Ubuntu 21.10 development build as of testing was for any performance changes on the Intel Core i9 11900K front.

    • Applications

      • Apps for daily needs part 5: video editors

        Video editing has become a popular activity. People need video editors for various reasons, such as work, education, or just a hobby. There are also now many platforms for sharing video on the internet. Almost all social media and chat messengers provide features for sharing videos. This article will introduce some of the open source video editors that you can use on Fedora Linux. You may need to install the software mentioned. If you are unfamiliar with how to add software packages in Fedora Linux, see my earlier article Things to do after installing Fedora 34 Workstation. Here is a list of a few apps for daily needs in the video editors category.

      • GStreamer 1.18.5 stable bug fix release

        The GStreamer team is pleased to announce another bug fix release in the stable 1.18 release series of your favourite cross-platform multimedia framework!

        This release only contains bugfixes and important security fixes, and it should be safe to update from 1.18.x.

    • Instructionals/Technical

      • Linux ls Command List and Sort Files by Size

        A directory in a Linux system can hold from a few files to hundreds and thousands of files.

        You may need to sort the files by size, either in ascending or descending order. The reason for sorting files by size may vary. We may want to locate the largest to smallest files or vice versa.

        You can easily sort files using the ls command.

        In this tutorial, we’ll cover the various ways of sorting files by size using the ls command.

        In our examples we’ll sort files in the /var/cache/apt/archives directory.

      • Share files with your client using ProjectSend

        ProjectSend is an open-source self-host file sharing platform for companies, teams and communities.

        It is an ideal solution if you want to share files with your clients. Let’s say you are a designer who shares dozens of files with his clients every day, with ProjectSend you can do this effortlessly and without a hassle.

      • Discover your cluster logfiles – A journey into the past. | SUSE Communities

        Log files are very useful when it comes to situations where the root cause of an event has to be investigated. But analyzing logs does not only mean looking for errors in the system. There are also a lot of other informations in most of the log files. The pacemaker log file is a perfect example. Beside warnings and errors it includes also all cluster changes. The trick is to know which keywords you have to search for.

      • Set the order of task execution in Ansible with these two keywords | Enable Sysadmin

        Regular readers of Enable Sysadmin know that most of us are big fans of Ansible. We particularly like using Ansible roles to design reusable code effectively. A playbook follows a specific execution order when it runs, and there are several ways to control the order in which your tasks run. In this article, I’ll look at two particularly useful Ansible features, pre_tasks and post_tasks. I’ll walk you through some real (and simple) examples of how these features can add additional flexibility to your playbooks by executing tasks at different points during a playbook run.

      • Debug a web page error from the command line | Opensource.com

        Sometimes when managing a website, things can get messed up. You might remove some stale content and replace it with a redirect to other pages. Later, after making other changes, you find some web pages become entirely inaccessible. You might see an error in your browser that “The page isn’t redirecting properly” with a suggestion to check your cookies.

      • Try Fusion-360 by installing on Ubuntu 20.04 LTS Linux using Wine

        “Fusion 360” is a CAD / CAM program from Autodesk, which is known for 3D modeling software. Although it is a paid graphic design software, students and schoolchildren can download the professional program for Windows and Mac free of charge. With this professional tool, you can design mechanical components and master a wide variety of tasks in product design. You can render your drafts, create animations, and – thanks to cloud support – helps to work in collaboration.

      • How to install Clone Hero on a Chromebook

        Today we are looking at how to install Clone Hero on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

        If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

      • How to list all installed packages on OpenSUSE/SUSE Linux – nixCraft

        So you want to see a list of all packages installed on your SUSE Linux or OpenSUSE Linux system? Try these simple tips for listing all packages.

        We can easily search for packages matching any given search text/words under OpenSUSE or SUSE Enterprise Linux using the zypper command.

      • How To Find OpenSuse / SUSE Linux Version Using CLI – nixCraft

        How do I find out my Suse Linux / OpenSuse Linux / Suse Enterprise Linux server/desktop version using the command line options? What is the command to find out OpenSUSE Linux version?

        This page explains how to find SUSE or OpenSUSE Linux version using the cat command and other commands.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

      • GNOME Desktop/GTK

        • GNOME 41 Release Candidate Arrives With Many Improvements

          Ahead of the official GNOME 41 release later this month, the release candidate is now available to facilitate more testing.

          The GNOME 41 release candidate “41.rc” packages are now available for testing and GNOME developers have also put together a new “GNOME OS” release using these bleeding-edge packages to help in testing and for developers wanting to port extensions and other work around GNOME 41.

        • GNOME 41.RC is now available!

          Hi,

          GNOME 41.rc is now available. Remember this is the
          end of this development cycle; enjoy it as fast as you can, the final
          release is scheduled for this coming week!

          The corresponding flatpak runtimes have been published to Flathub.
          If you’d like to target the GNOME 41 platform, you can test your
          application against the 41beta branch of the Flathub Beta
          repository.

          An installer image (built from scratch using freedesktop-sdk 21.08 as a
          base) is also available for testing and porting extensions:

          https://os.gnome.org/download/41.rc/gnome_os_installer_41.rc.iso

          This is meant to be installed in a virtual machine with EFI support
          (such as the GNOME Boxes version available on Flathub). You can also
          try to install it on bare metal but be warned that hardware support is
          very limited (join #gnome-os channel at irc.gnome.org if you are interested).

          We remind you we are string frozen, no string changes may be made
          without confirmation from the l10n team (gnome-i18n@) and notification
          to both the release team and the GNOME Documentation Project
          (gnome-doc-list@).

          Hard code freeze is also in place, no source code changes can be made
          without approval from the release-team. Translation and documentation
          can continue.

          If you want to compile GNOME 41.rc, you can use the official
          BuildStream project snapshot. Thanks to BuildStream’s build
          sandbox, it should build reliably for you regardless of the
          dependencies on your host system:

          https://download.gnome.org/teams/releng/41.rc/gnome-41.rc.tar.xz

          The list of updated modules and changes is available here:

          https://download.gnome.org/core/41/41.rc/NEWS

          The source packages are available here:

          https://download.gnome.org/core/41/41.rc/sources/

    • Distributions

      • New Releases

        • Whonix 16 available, an anonymous Linux OS

          The release of the Whonix 16 distribution kit , aimed at providing guaranteed anonymity, security and protection of private information, took place. Whonix boot images are built to run under the control of the KVM hypervisor . Builds for VirtualBox and for use on the Qubes operating system are delayed (while Whonix 16 test builds continue to ship). The developments of the project are distributed under the GPLv3 license.

          The distribution is based on Debian GNU / Linux and uses Tor to ensure anonymity. A feature of Whonix is ​​the division of the distribution into two separately installed components – Whonix-Gateway with an implementation of a network gateway for anonymous communications and Whonix-Workstation with a desktop. Both components ship inside a single boot image. Access to the network from the Whonix-Workstation environment is made only through the Whonix-Gateway, which isolates the work environment from direct interaction with the outside world and allows only fictitious network addresses to be used. This approach protects the user from leaking the real IP address in the event of a hacked web browser or even exploiting a vulnerability that gives an attacker root access to the system.

          [...]

          If desired, the user can use only Whonix-Gateway and connect through it their usual systems, including Windows, which makes it possible to provide anonymous logoff for workstations already in use.

        • Kali Linux 2019.4 Release (Xfce, Gnome, GTK3, Kali-Undercover, Kali-Docs, KeX, PowerShell & Public Packaging)

          We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.

          [...]

          There are a ton of updates to go over for this release, but the most in your face item that everyone is going to notice first are the changes to the desktop environment and theme. So let’s cover that first.

      • IBM/Red Hat/Fedora

      • Debian Family

      • Canonical/Ubuntu Family

        • Canonical announces new Anbox Cloud Appliance on AWS Marketplace – TechRepublic

          Canonical, the publisher of the open source Ubuntu operating system, announced Wednesday the availability of the Anbox Cloud Appliance in AWS Marketplace. The appliance allows Android developers to go from prototype to production.

          The Anbox Cloud Appliance is a scaled down version of Canonical’s Anbox Cloud, which developers use for rapid prototyping and gives them access to a more extensive set of instance types, including support for Arm CPUs and NVIDIA GPUs than the appliance does.

    • Devices/Embedded

      • Tiny Gemini Lake mini-PC supports Linux

        XDO Tech has Kickstarter’ed a tiny, $149-and-up “Pantera PicoPC” mini-PC that runs Linux or Win 10/11 on a quad-core Gemini Lake CPU and offers up to 8GB LPDDR4, an SSD, 802.11ax/BT, HDMI, 3x USB 3.0, USB 2.0, and Type-C power with an optional battery.

        XDO Tech has gone to Kickstarter to successfully launch a fan-cooled, 69 x 69 x 53mm mini-PC equipped with a Gemini Lake Refresh — Intel’s Atom-class follow-on to Apollo Lake. The Pantera PicoPC starts at $149 for a Super Early Bird model with 4GB LPDDR4 and 64GB eMMC. There is also a $179 Super Early Bird with 8GB RAM and a 256GB M.2 SSD. Other 8GB RAM packages supply 512GB ($212) and 1TB ($250) SSDs. The campaign runs through Oct. 3 and shipments are expected in November.

      • Onyx Boox Note 3 Is A Powerful Android Ebook Reader

        Ebook readers have been on a steady rise in recent years, with people moving away from traditional book reading into the digitalized experience for many reasons: Saving budget & space, getting more comfort while reading for long hours and also unlocking access to better features than the normal reading process (E.g note taking, sharing, highlighting, PDF files access anywhere… etc).

        Amazon’s Kindle is the most famous e-reader by far, however, it is not alone. There have been many new competitors in the market with much better features for avid readers who would like to fully unlock the potential of their ebook reading experience.

        Today we’ll talk about the Onyx Boox Note 3 e-reader, which is powered by Android, as a possible e-reader that you can buy if you are from this niche. Although a bit far from our typical publishing line in FOSS Post, a small change in the mood is never harmful (Let alone that it is powered by Linux, so not that far actually).

      • Open Hardware/Modding

        • Custom Joystick Build Guide Should Point You In The Right Direction | Hackaday

          Over the last two years, [benkster] has been perfecting their ideal flight controller. Like many people, they started out with a keyboard and mouse and eventually moved on to a joystick. While a HOTAS (hands on throttle-and-stick — e.g. a yoke controller with inputs right there on the sides) might have been the next logical step, those things cost too much. Naturally, the answer is to build one, ideally for less money. Hey, it could happen.

        • Arduino Powered Heat Pump Controller Helps Warm Your Toes | Hackaday

          Heat pump heating technology is starting to pop up more and more lately, as the technology becomes cheaper and public awareness and acceptance improves. Touted as a greener residential heating system, they are rapidly gaining popularity, at least in part due to various government green policies and tax breaks.

          [Gonzho] has been busy the last few years working on his own Arduino Powered Open Source heat pump controller, and the project logs show some nice details of what it takes to start experimenting with heat pumps in general, if that’s your game. Or you could use this to give an old system a new lease of life with an Arduino brain transplant.

        • 25-key ESP32 Touch Matrix makes good use of ESP32’s touch sensor interface

          Besides the addition of Bluetooth, there are many differences between ESP8266 and ESP32 and one of the lesser-known interfaces may be ESP32’s touch sensor interface.

          India-based Electro Point’s ESP32 Touch Matrix makes good use of the touch sensor interface with 25 touch pads arranged in a 5×5 matrix creating a wireless keypad that could connect over WiFi or Bluetooth to a host.

      • Mobile Systems/Mobile Applications

        • Pining For A De-Googled Smartphone

          Last summer in the first swings of the global pandemic, sitting at home finally able to tackle some of my electronics projects now that I wasn’t wasting three hours a day commuting to a cubicle farm, I found myself ordering a new smartphone. Not the latest Samsung or Apple offering with their boring, predictable UIs, though. This was the Linux-only PinePhone, which lacks the standard Android interface plastered over an otherwise deeply hidden Linux kernel.

          As a bit of a digital privacy nut, the lack of Google software on this phone seemed intriguing as well, and although there were plenty of warnings that this was a phone still in its development stages it seemed like I might be able to overcome any obstacles and actually use the device for daily use. What followed, though, was a challenging year of poking, prodding, and tinkering before it got to the point where it can finally replace an average Android smartphone and its Google-based spyware with something that suits my privacy-centered requirements, even if I do admittedly have to sacrifice some functionality.

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Hacks.Mozilla.Org: Time for a review of Firefox 92

            Release time comes around so quickly! This month we have quite a few CSS updates, along with the new Object.hasOwn() static method for JavaScript.

          • Will Kahn-Greene: Mozilla: 10 years

            It’s been a long while since I wrote Mozilla: 1 year review. I hit my 10-year “Moziversary” as an employee on September 6th. I was hired in a “doubling” period of Mozilla, so there are a fair number of people who are hitting 10 year anniversaries right now. It’s interesting to see that even though we’re all at the same company, we had different journeys here.

            I started out as a Software Engineer or something like that. Then I was promoted to Senior Software Engineer and then Staff Software Engineer. Then last week, I was promoted to Senior Staff Software Engineer. My role at work over time has changed significantly. It was a weird path to get to where I am now, but that’s probably a topic for another post.

      • Programming/Development

        • Dirk Eddelbuettel: RcppSimdJson 0.1.6 on CRAN: New Upstream 1.0.0 !!

          The RcppSimdJson team is happy to share that a new version 0.1.6 arrived on CRAN earlier today. Its release coincides with release 1.0.0 of simdjson itself, which is included in this release too!

          RcppSimdJson wraps the fantastic and genuinely impressive simdjson library by Daniel Lemire and collaborators. Via very clever algorithmic engineering to obtain largely branch-free code, coupled with modern C++ and newer compiler instructions, it results in parsing gigabytes of JSON parsed per second which is quite mindboggling. The best-case performance is ‘faster than CPU speed’ as use of parallel SIMD instructions and careful branch avoidance can lead to less than one cpu cycle per byte parsed; see the video of the talk by Daniel Lemire at QCon (also voted best talk).

        • DevRel for Beginners: What to Know and How to Get Started

          Like many DevRel professionals, Ravi Lachhman began his tech career as a software engineer. He embraced an iterative, trial-and-error approach to development. He also found that he learned best by teaching others.

          “On projects, I would always elect to write documentation and convert to Agile, happy to give presentations and sprint demos,” Lachhman told The New Stack.

          That led to solutions architect and sales engineer positions, which eventually opened the door to his first evangelist role three years ago, a common job title in the DevRel field. Today, Lachhman manages a team of DevRels at Harness, a software-delivery platform company. (He’s hiring, by the way.)

        • The Dark Side Of Package Repositories: Ownership Drama And Malware

          At their core, package repositories sound like a dream: with a simple command one gains access to countless pieces of software, libraries and more to make using an operating system or developing software a snap. Yet the rather obvious flip side to this is that someone has to maintain all of these packages, and those who make use of the repository have to put their faith in that whatever their package manager fetches from the repository is what they intended to obtain.

          How ownership of a package in such a repository is managed depends on the specific software repository, with the especially well-known JavaScript repository NPM having suffered regular PR disasters on account of it playing things loose and fast with package ownership. Quite recently an auto-transfer of ownership feature of NPM was quietly taken out back and erased after Andrew Sampson had a run-in with it painfully backfiring.

          In short, who can tell when a package is truly ‘abandoned’, guarantee that a package is free from malware, and how does one begin to provide insurance against a package being pulled and half the internet collapsing along with it?

        • Commercial LTS Qt 5.15.6 Released

          We have released Qt 5.15.6 LTS for commercial license holders today. As a patch release, Qt 5.15.6 does not add any new functionality but provides bug fixes and other improvements.

        • Rust

          • Rustacean Principles

            As the web site says, Rust is a language empowering everyone to build reliable and efficient software. I think it’s precisely this feeling of empowerment that people love about Rust. As wycats put it recently to me, Rust makes it “feel like things are possible that otherwise feel out of reach”. But what exactly makes Rust feel that way? If we can describe it, then we can use that description to help us improve Rust, and to guide us as we design extensions to Rust.

            Besides the language itself, Rust is also an open-source community, one that prides itself on our ability to do collaborative design. But what do we do which makes us able to work well together? If we can describe that, then we can use those descriptions to help ourselves improve, and to instruct new people on how to better work within the community.

          • Ian Jackson: Wanted: Rust sync web framework

            Please recommend me a high-level Rust server-side web framework which is sync and does not plan to move to an async api.

        • Java

          • Build a Random Password Generator in Java

            Today, we will make a random password generator that makes passwords with random numbers and letters!

            In order to do this we are going to use ASCII. ASCII is a language in which every possible character is represented by a number. This standard ensures that computers can communicate to each other about characters properly.

            This is a more challenging project for beginners, but you certainly have the ability to do it as long as you are familiar with Java concepts such as conditionals, loops, functions, and random numbers.

            Watch the tutorial video to see how we code this game step-by-step and continue reading this post for more details.

  • Leftovers

    • Venice prepares to charge tourists, require booking

      From a control room inside the police headquarters in Venice, Big Brother is watching you.

      To combat tourist overcrowding, officials are tracking every person who sets foot in the lagoon city.

      Using 468 CCTV cameras, optical sensors and a mobile phone-tracing system, they can tell residents from visitors, Italians from foreigners, where people are coming from, where they are heading and how fast they are moving.

    • Hardware

    • Health/Nutrition

      • Vietnamese man jailed for 5 years for spreading coronavirus

        Vietnam jailed a man on Monday for five years for breaking strict COVID-19 quarantine rules and spreading the virus to others, state media reported.

        Le Van Tri, 28, was convicted of “spreading dangerous infectious diseases” at a one-day trial at the People’s Court of the southern province of Ca Mau, the state-run Vietnam News Agency (VNA) reported.

    • Integrity/Availability

      • Proprietary

        • TrueConf Introduces Linux-Based Video Collaboration Platform

          TrueConf, an award-winning video conferencing developer, announces the official release of TrueConf Server for Linux. This all-in-one UC platform will enable organizations with Linux-based infrastructure to deploy highly secure video conferencing networks using the ecosystem of TrueConf software and hardware solutions.

          The Linux version of TrueConf Server ensures the same security, quality, and feature set as its counterpart for Windows. With this cross-platform software solution, users can run unlimited UltraHD events with up to 1,000 participants at a time, from any location and device.

        • Pseudo-Open Source

          • Openwashing

            • Facebook Opens Up CacheLib As Their New Caching Engine – Phoronix

              Facebook last week formally announced CacheLib as their new open-source caching engine designed for web scale services and to make for effective non-volatile memory caching to offset the increasing costs of DRAM.

            • Not All Of The IBM POWER10 Firmware Is Currently Open-Source

              Power E1080 server as their first in a new family of servers based on the IBM POWER10 processor. Sadly though not all of the POWER10 firmware is open-source.

              While POWER9 was big for open-source fans with the formation of the OpenPOWER Foundation and Raptor Computing Systems designing POWER9-based systems that are fully open-source down to schematics and the motherboard firmware, the same can’t be currently said about POWER10.

              Raptor Computing Systems previously hinted that it might not be all rosy for POWER10 when it comes to open-source and at least for the initial rollout, it does appear to be that way.

        • Security

          • HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack

            A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks.

          • Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack | eSecurityPlanet

            A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security controls and gain unauthorized access to sensitive data.

            Researchers with JFrog Security uncovered the vulnerability, CVE-2021-40346, during their regular searches for new and previously unknown vulnerabilities in popular open-source projects. HAProxy fits into that category.

          • Outdated Linux Versions, Misconfigurations Triggering Cloud Attacks: Report [Ed: This is not about Linux but software that runs on it; it's like blaming Photoshop holes on "Windows"]

            The “Linux Threat Report 2021 1H” from Trend Micro found that Linux cloud operating systems are heavily targeted for cyberattacks, with nearly 13 million detections in the first half of this year. As organizations expand their footprint in the cloud, correspondingly, they are exposed to the pervasive threats that exist in the Linux landscape.

            This latest threat report, released Aug. 23, provides an in-depth look at the Linux threat landscape. It discusses several pressing security issues that affect Linux running in the cloud.

          • Security Risks of Relying on a Single Smartphone

            Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse.

          • ClamAV 0.104.0 introduces LTS program – itsfoss.net

            The developers have announced the project’s blog a new Long Term Support (LTS) program on as part of an update of their End-of-Life (EOL) policy. The LTS program begins retrospectively with the last major version, ClamAV 0.103. The new LTS policy extends the lifespan from 0.103 to September 2023. LTS editions are supported for a minimum of three years.

            Each LTS version is supported with critical patch versions and access to signature updates for the duration of the three-year support period. A new LTS feature release is presented approximately every two years. Non-LTS releases are supported with critical patch versions for at least four months from the original release date of the next feature release or until the release of the next feature release. For detailed information on the Long Term Support Program, see the LTS Announcement blog post and the LTS Policy in the online documentation.

          • Best File and Disk Encryption Tools For Linux

            Most of us are familiar with Microsoft Windows or macOS – these OSes dominate the personal computing space. But the OS that is taking over the world isn’t owned by Microsoft, Apple, or any tech company for that matter. In fact, the most popular OS in the world today isn’t owned by anyone. It’s the completely open-source Linux operating system.

            [...]

            GnuPG, also known as GPG, is a unique hybrid encryption tool that not only employs conventional symmetric-key cryptography but also uses public-key cryptography. This two-prong approach to encryption helps speed up the encryption process without compromising OS security.

            GnuPG is popular among journalists who use the tool to encrypt important documents and protect the identities of their sources.

          • Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

            Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

          • Zoho Releases Security Update for ADSelfService Plus | CISA

            Zoho has released a security update on a vulnerability (CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps. Additionally, CISA strongly urges organizations ensure ADSelfService Plus is not directly accessible from the internet.

          • Privacy/Surveillance

            • This Contact Tracing Has A Major Exploit – Invidious

              I’ve uncovered a massive exploit in the contact tracing system used in South Australia and so far the SA Health has done absolutely nothing to fix it, I told them I’d publish this if it didn’t get fixed so here we go.

    • Civil Rights/Policing

      • U.S. condemns Russia’s detention of Crimean Tatar leader, 45 others

        The United States on Sunday strongly condemned what it said was Russia’s detention at the weekend of the deputy leader of the main representative body of Crimean Tatars and at least 45 other members of the ethnic group.

        A State Department statement said Nariman Dzhelyalov, deputy chairman of the Crimean Tatars’ Mejlis, was detained on Saturday by Russian occupation authorities in Crimea. It said at least 45 other Crimean Tatars had also been detained.

      • Bolsonaro’s Pro-Coup September 7 Rally Is Brazil’s January 6

        With his reelection prospects dimming, Bolsonaro’s supporters are ramping up their version of the pro-Trump rally that led to the Capitol riot.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. IRC Proceedings: Monday, January 24, 2022

    IRC logs for Monday, January 24, 2022



  2. Links 25/1/2022: GPL Settlement With Patrick McHardy, Godot 4.0 Alpha 1, and DXVK 1.9.4 Released

    Links for the day



  3. Proprietary Software is Pollution

    "My daughter asked me about why are we throwing away some bits of technology," Dr. Andy Farnell says. "This is my attempt to put into words for "ordinary" people what I tried to explain to a 6 year old."



  4. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation

    Defamation of one’s victims might be another offence to add to the long list of offences committed by Microsoft’s Chief Architect of GitHub Copilot, Balabhadra (Alex) Graveley; attempting to discredit the police report is a new low and can get Mr. Graveley even deeper in trouble (Microsoft protecting him only makes matters worse)



  5. [Meme] Alexander Ramsay and Team UPC Inciting Politicians to Break the Law and Violate Constitutions, Based on Misinformation, Fake News, and Deliberate Lies Wrapped up as 'Studies'

    The EPO‘s law-breaking leadership (Benoît Battistelli, António Campinos and their corrupt cronies), helped by liars who don't enjoy diplomatic immunity, are cooperating to undermine courts across the EU, in effect replacing them with EPO puppets who are patent maximalists (Europe’s equivalents of James Rodney Gilstrap and Alan D Albright, a Donald Trump appointee, in the Eastern and Western Districts of Texas, respectively)



  6. Has the Administrative Council Belatedly Realised What Its Job in the European Patent Organisation Really Is?

    The "Mafia" which took over the EPO (the EPO's own workers call it "Mafia") isn't getting its way with a proposal, so it's preventing the states from even voting on it!



  7. [Meme] Team UPC is Celebrating a Pyrrhic Victory

    Pyrrhic victory best describes what's happening at the moment (it’s a lobbying tactic, faking/staging things to help false prophecies be fulfilled, based on hopes and wishes alone), for faking something without bothering to explain the legal basis is going to lead to further escalations and complaints (already impending)



  8. Links 24/1/2022: Scribus 1.5.8 and LXLE Reviewed

    Links for the day



  9. IRC Proceedings: Sunday, January 23, 2022

    IRC logs for Sunday, January 23, 2022



  10. [Meme] Team UPC Congratulating Itself

    The barrage of fake news and misinformation about the UPC deliberately leaves out all the obvious and very important facts; even the EPO‘s António Campinos and Breton (Benoît Battistelli‘s buddy) participated in the lying



  11. Links 24/1/2022: pgBadger 11.7 Released, Catch-up With Patents

    Links for the day



  12. The Demonisation and Stereotyping of Coders Not Working for Big Corporations (or 'The System')

    The war on encrypted communication (or secure communications) carries on despite a lack of evidence that encryption stands in the way of crime investigations (most criminals use none of it)



  13. On the 'Peak Hacker' Series

    Hacker culture, unlike Ludditism, is ultimately a movement for justice, for equality, and for human rights through personal and collective emancipation; Dr. Farnell has done a good job explaining where we stand and his splendid series has come to a close



  14. Links 23/1/2022: First RC of Linux 5.17 and Sway 1.7 Released

    Links for the day



  15. Peak Code — Part III: After Code

    "Surveillance perimeters, smart TVs (Telescreens built to Orwell's original blueprint) watched over our living rooms. Mandatory smart everything kept us 'trustless'. Safe search, safe thoughts. We withdrew. Inside, we went quietly mad."



  16. IRC Proceedings: Saturday, January 22, 2022

    IRC logs for Saturday, January 22, 2022



  17. Links 23/1/2022: MongoDB 5.2, BuddyPress 10.0.0, and GNU Parallel 20220122

    Links for the day



  18. A Parade of Fake News About the UPC Does Not Change the General Consensus or the Simple Facts

    European Patents (EPs) from the EPO are granted in violation of the EPC; Courts are now targeted by António Campinos and the minions he associates with (mostly parasitic litigation firms and monopolists), for they want puppets for “judges” and for invalid patents to be magically rendered “valid” and “enforceable”



  19. Welcome to 2022: Intentional Lies Are 'Benefits' and 'Alternative Facts'

    A crooks-run EPO, together with the patent litigation cabal that we’ve dubbed ‘Team UPC’ (it has nothing to do with science or with innovation), is spreading tons of misinformation; the lies are designed to make the law-breaking seem OK, knowing that Benoît Battistelli and António Campinos are practically above the law, so perjury as well as gross violations of the EPC and constitutions won’t scare them (prosecution as deterrence just isn’t there, which is another inherent problem with the UPC)



  20. From Software Eating the World to the Pentagon Eating All the Software

    “Software is eating the world,” according to Marc Andreessen (co-founder of Netscape), but the Empire Strikes Back (not the movie, the actual empire) by hijacking all code by proxy, via Microsoft, just as it grabbed a lot of the world’s communications via Skype, bypassing the world's many national telecoms; coders need to fight back rather than participate in racist (imperial) shams such as GitHub



  21. Links 22/1/2022: Skrooge 2.27.0 and Ray-Tracing Stuff

    Links for the day



  22. IRC Proceedings: Friday, January 21, 2022

    IRC logs for Friday, January 21, 2022



  23. Peak Code — Part II: Lost Source

    "Debian and Mozilla played along. They were made “Yeoman Freeholders” in return for rewriting their charters to “work closely with the new Ministry in the interests of all stakeholders” – or some-such vacuous spout… because no one remembers… after that it started."



  24. Links 22/1/2022: Ubuntu MATE 21.10 for GPD Pocket 3, MINISFORUM Preloads GNU/Linux

    Links for the day



  25. Computer Users Should be Operators, But Instead They're Being Operated by Vendors and Governments

    Computers have been turned into hostile black boxes (unlike Blackbox) that distrust the person who purchased them; moreover, from a legislative point of view, encryption (i.e. computer security) is perceived and treated by governments like a threat instead of something imperative — a necessity for society’s empowerment (privacy is about control and people in positions of unjust power want total and complete control)



  26. Peak Code — Part I: Before the Wars

    Article/series by Dr. Andy Farnell: "in the period between 1960 and 2060 people had mistaken what they called "The Internet" for a communications system, when it had in fact been an Ideal and a Battleground all along - the site of the 100 years info-war."



  27. Links 21/1/2022: RISC-V Development Board and Rust 1.58.1

    Links for the day



  28. IRC Proceedings: Thursday, January 20, 2022

    IRC logs for Thursday, January 20, 2022



  29. Gemini Lets You Control the Presentation Layer to Suit Your Own Needs

    In Gemini (or the Web as seen through Gemini clients such as Kristall) the user comes first; it's not sites/capsules that tell the user how pages are presented/rendered, as they decide only on structural/semantic aspects



  30. The Future of Techrights

    Futures are difficult to predict, but our general vision for the years ahead revolves around more community involvement and less (none or decreased) reliance on third parties, especially monopolistic corporations, mostly because they oppress the population via the network and via electronic devices


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts