Bonum Certa Men Certa

Links 5/10/2021: Firefox 93.0 and EasyOS 3.0, AlmaLinux Openwashing



  • GNU/Linux

    • Audiocasts/Shows

    • Kernel Space

      • Linux 5.16 KVM To Land RISC-V Hypervisor Support - Phoronix

        Coming with the Linux 5.16 kernel cycle will be support for RISC-V virtualization with the Kernel-based Virtual Machine (KVM).

        The RISC-V ISA recently settled on its hypervisor extension and its spec is now considered frozen. The hypervisor extension to the RISC-V instruction set is outlined here. Given that it's taken a while to freeze, there isn't yet any performant RISC-V processors out there actually implementing the complete extension and so for now and during development it's been a function of running it on simulators.

      • Paul E. Mc Kenney: Will Your Rust Code Survive the Attack of the Zombie Pointers?

        Some of the previous posts in this series have been said to be quite difficult, so I figured I owed you all an easy one. And the zombie-pointer problem really does have a trivial solution, at least in the context of the Linux kernel. In other environments, all bets are off.

      • Paul E. Mc Kenney: How Much of the Kernel Can Rust Own?

        Rust concurrency makes heavy use of ownership and borrowing. The purpose of this post is not to give an exposition of Rust's capabilities and limitations in this area, but rather to give a series of examples of ownership in the Linux kernel.

        The first example involves Linux-kernel per-CPU variables. In some cases, such variables are protected by per-CPU locks, for example, a number of fields in the per-CPU rcu_data structure are used by the kernel threads that manage grace periods for offloaded callbacks, and these fields are protected by the ->nocb_gp_lock field in the same instance of that same structure. In other cases, access to a given per-CPU variable is permitted only by the corresponding CPU, and even then only if that CPU has disabled preemption. For example, the per-CPU rcu_data structure's ->ticks_this_gp field may be updated only from the corresponding CPU, and only when preemption is disabled. In the particular case, preemption is disabled as a side-effect of having disabled interrupts.

        The second example builds on the first. In kernels built with CONFIG_RCU_NOCB_CPU=n, the per-CPU rcu_data structure's ->cblist field may be updated from the corresponding CPU, and only when preemption is disabled. However, it is also allowed from some other CPU when the corresponding CPU has been taken offline, but only from within that other CPU that is orchestrating the offlining of the corresponding CPU.

        (What about kernels built with CONFIG_RCU_NOCB_CPU=y? They must also acquire a ->nocb_lock that is also contained within the per-CPU rcu_data structure.)

      • Updated Zstd Planned For Linux 5.16 With Better Performance - Phoronix

        As reported on last week, an updated Zstd implementation for the Linux kernel is being re-attempted by Zstd developer Nick Terrell at Facebook. Today he sent out the latest Zstd kernel patches to provide a much newer version of the code compared to what is currently mainlined and will provide much better performance and numerous fixes.

        The Zstd code currently within the Linux kernel is out-of-date and it's taken an unfortunate amount of time to get it updated. Fortunately, the new code is introducing a new kernels-style wrapper API around Zstd that should allow for these code updates to be performed smoother and more easily moving forward. In fact, the Zstd kernel code is working towards being automatically generated/derived from the upstream Zstd sources.

      • Graphics Stack

        • RadeonSI Lands Another Big Overhead Optimization - "Substantially" Helps In Some Cases - Phoronix

          Merged to Mesa 21.3-devel this weekend was a rework to the display list interface for the Gallium3D code and Mesa state tracker and wired up for the RadeonSI Gallium3D driver. This latest driver overhead reduction is another sizable win for AMD's open-source OpenGL driver on Linux.

          While these days most Linux games exclusively target the Vulkan API and efforts around Valve's Steam Play are focused on mapping Direct3D to Vulkan, OpenGL still has a large presence particularly for workstation software. Over the past year we've seen AMD's driver engineers continue to focus on many RadeonSI optimizations to benefit workstation workloads, in particular using SPECViewPerf as the baseline and often focusing on Siemens NX (Snx).

        • Vulkan 1.2.195 Introduced With Three New Extensions

          Vulkan 1.2.195 is out today as the latest weekly update to this high performance, industry standard API for graphics and compute.

          With Vulkan 1.2.195 there is the usual assortment of documentation clarifications/corrections plus this time around are three new extensions. The new extensions in Vulkan 1.2.195 include:

    • Applications

      • September GNU Spotlight with Mike Gerwitz: 15 new GNU releases!

        anastasis-0.1.0 bison-3.8.2 Coreutils-9.0 gama-2.15 gdb-11.1 gdbm-1.21 gnun-1.1 gzip-1.11 inetutils-2.2 mediagoblin-0.12.0 parallel-20210922 taler-exchange-0.8.5 unifont-14.0.01 wget-1.21.2 wget2-2.0.0

      • Tools to explore BGP

        Yesterday there was a big Facebook outage caused by BGP. I’ve been vaguely interested in learning more about BGP for a long time, so I was reading a couple of articles.

        I got frustrated because none of the articles showed me how I could actually look up information related to BGP on my computer, so I wrote a tweet asking for tools.

        I got a bunch of useful replies as always, so this blog post shows some tools you can use to look up BGP information. There might be an above average number of things wrong in this post because I don’t understand BGP that well.

      • KShutdown 5.90 Allows to Auto Restart from Linux into Another OS | UbuntuHandbook

        The graphical auto shutdown app KShutdown released version 5.90 with feature to reboot from Linux into another OS automatically.

        KShutdown is a free open-source app that provides a simple Qt based user interface. It allows users to automatically shutdown, restart, hibernate, sleep, log-out, or run a command on certain time, after a period of time, on user inactivity or other event.

        The app is getting more and more powerful. The latest 5.90, beta for next 6.0 release, introduced experimental multi-booting support. User can now automatically reboot from Linux into another OS, such as Windows, from Grub menu entries.

    • Instructionals/Technical

      • How to install elgg on CentOS 8 - Unixcop

        Elgg is an award-winning open source social networking engine that provides a robust framework on which to build all kinds of social environments, from a campus wide social network for your university, school or college or an internal collaborative platform for your organization through to a brand-building communications tool for your company and its clients.

      • Debian 11: Solved Apt insisting that I “must” have a web browser, de-bloating my Debian install in the process. Bonus: Debian GNOME Live Installer doesn’t install a print system, but I can fix it! – BaronHK's Rants

        So, a few days ago, I wrote that I was perplexed to find Apt screaming that I must have a web browser installed (even if it’s not the one I want), and today I think I figured out why.

        It turns out that Debian installs all the things when it comes to internationalization, non-English spell checking, non-English Firefox internationalization DEB packages, and LibreOffice help packs, and then you end up in dependency hell due to that sometimes.

      • 10 Ways to Use the top Command in Linux

        The top command in Linux gives useful statistics about system resources. We can use it to view CPU and memory usage alongside process information of running services. You can also find zombie processes using top. So, mastering the top command is a must for Linux admins.

        The following section provides a simple overview of the top command and shows how to use top in real-world scenarios.

      • How To Install Discord on Debian 11 - idroot

        In this tutorial, we will show you how to install Discord on Debian 11. For those of you who didn’t know, Discord is the easiest way to talk over voice, video, and text. It was originally intended for gamers but these days, it is considered a Slack alternative even for team and community communication. Discord runs natively on all major operating systems, including Windows, macOS, and Linux.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Discord on a Debian 11 (Bullseye).

      • Proxmox VE Full Course: Class 11 - Integrated Firewall - Invidious
      • How to do replacements based on multiple field values

        In a previous BASHing data post I explained how to normalise entries in a field based on the entry in another field. The same command-line method can be used to repair entries based on entries in several other fields in the same record. An example will make it a lot easier to see what this is all about and why this method is so useful.

      • Htop – An Interactive Linux System Monitor/Process Viewer

        In a Linux operating system environment, a process is defined as a program in execution or one that is already running. A program only becomes a process when it starts running/executing. This program execution trail that translates to a process is associated with inputs and outputs.

        Available system resources/services are often utilized by the processes as mandatory inputs to achieve a targeted system objective (output). A PID or Process ID uniquely identifies each process on your operating system.

      • Install Firefox Browser 93 In Ubuntu / LinuxMint / RockyLinux | Tips On UNIX

        This tutorial will be helpful for beginners to download and install Firefox browser 93 in Ubuntu 20.04, Ubuntu 18.04, Linux Mint 20.1, and RockyLinux.

        Mozilla Firefox is a free and open-source web browser developed by the Mozilla foundation and generally utilized by thousands and thousands of individuals in their daily actions.

      • Syslog-ng 3.34: MQTT destination with TLS and WebSocket support
      • Bash Indexed Array Explained With Examples - OSTechNix

        Arrays are a type of data structure that is used to store values of a certain type. You can also think array as a variable but a variable can only store one value where an array can store multiple values within it. The concept of the array is not only bound to bash. Any programming language you work with will have arrays in it but with implementation differences.

      • Netlify deploy RangeError: Maximum call stack size exceeded [How to Fix] - howtodojo

        This morning I was deploying one of the site on our network to Netlify using the usual command:

        netlify deploy --prod But after the CDN diffing files I got the following error message

        RangeError: Maximum call stack size exceeded

      • vmware esxi 6.7 and 7.0 within kvm-qemu – sb.v00 failed to decompress and admission check failed for memory resource – errors mean: need more RAM
      • File Searching on Ubuntu

        This simple tutorial explains how to search files and folders on Ubuntu. This uses Files, the default file manager on Ubuntu also known as Nautilus.

    • Games

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • GNOME 42 to Introduce a System-wide Dark Style Preference, Thanks to elementary OS

          There’s still time for GNOME 42, but it looks like it will implement a system-wide dark mode preference similar to elementary OS 6.

          If you have been reading our coverages, you must have noticed mentioning it as one of the best elementary OS 6 features.

          And for all the right reasons. Unlike a GTK theme change, elementary OS 6 approached the dark style preference as an opt-in preference that application developers can detect and choose to respect.

    • Distributions

      • The 4 Best Linux Distros for Helping You Stay Anonymous

        In this article, we’ll look at four Linux distros that help to keep you anonymous on the Web. The Linux operating system offers a lot of privacy options, and it’s arguably the best OS to use if online security and privacy is important to you.

      • elementary OS 6 Updates for September, 2021

        We’re back with your monthly report on updates to elementary OS 6! It was another incredibly eventful month as we continued fixing reported issues and focused in especially on improvements to AppCenter and Online Accounts apps like Mail. But before we get to all the goodies, we’re proud to report that OS 6 has been downloaded from our website over 137,000 times—and as always, that’s not including downloads from third parties or direct downloads via torrent that bypass our download page.

      • Qubes OS Intro on the Librem 14

        With Qubes OS now fully supported on the Librem 14 and Librem Mini, we thought it was time for a rundown of how containerization in Qubes OS makes it perhaps the most secure software design to date. Your data can be kept safe and locked away from most dangers by being in a separate VM. This video will show you how Qubes OS can bring extra security to your Librem 14 or Mini.

        [...]

        Want to learn more? Check out what Kyle Rankin has to say on the subject or dig into the docs. Want Qubes OS? Select it at checkout when you buy a Librem 14, Mini or download the Librem 14 OEM installer here.

      • New Releases

        • MX Linux 21 Release Candidate Readied for Public Testing with Xfce, KDE Plasma, and Fluxbox Flavors

          Coming exactly one month after the second beta release, MX Linux 21 Release Candidate is here with some small changes, numerous bug fixes and updated translations, as well as updated components and latest security patches from the Debian GNU/Linux 11 “Bullseye” software repositories.

          MX Linux 21 Release Candidate adds “thick” variants of the xfwm4 mx-comfort themes in the Xfce flagship edition, and adds new mx-comfort color schemes as part of the MX global themes to the KDE Plasma edition, which also received various improvements to the default settings.

        • EasyOS 3.0 released

          Significant structural changes, hence the version bump. Don't want this to be announced on Distrowatch, as there could be issues. Hope to fix them, if any, for version 3.1. Also want to do a new desktop theme for 3.1.

        • EasyOS Dunfell-series 3.0

          EasyOS was created in 2017, derived from Quirky Linux, which in turn was derived from Puppy Linux in 2013. Easy is built in woofQ, which takes as input binary packages from any distribution, and uses them on top of the unique EasyOS infrastructure. Throughout 2020, the official release for x86_64 PCs was the Buster-series, built with Debian 10.x Buster DEBs. EasyOS has also been built with packages compiled from source, using a fork of OpenEmbedded (OE). Currently, the Dunfell release of OE has been used, to compile two sets of binary packages, for x86_64 and aarch64. The latter have been used to build EasyOS for the Raspberry Pi4, and first official release, 2.6.1, was in January 2021. The page that you are reading now has the release notes for EasyOS Dunfell-series on x86_64 PCs, also debuting in 2021. To try and keep things simple, all three, the Dunfell-series on Pi4 and the Dunfell-series and Buster-series on the PC, all are (approximately) sync'ed at the same version number. However, there are differences in the maturity of each. In the case of the Pi4, the hardware still has some issues. For Dunfell-series on the PC, as the packages are all compiled from source, they are not as tested as those in the Buster-series. The version number is for EasyOS itself, the infrastructure, support-glue, system scripts and system management and configuration applications. The latest version is becoming mature, though is an experimental distribution and some parts are under development and are still considered as beta-quality. However, you will find this distro to be a very pleasant surprise, or so we hope.

      • BSD

        • LLVM 13.0.0 released

          Version 13.0.0 of the LLVM compiler suite is out. There is a long list of changes, as always; see the numerous sets of release notes below for details.

        • LLVM 13.0.0 released
          LLVM 13.0.0 is now available! Download it now, or read the release notes:
          
          

          https://releases.llvm.org/13.0.0/docs/ReleaseNotes.html https://releases.llvm.org/13.0.0/tools/clang/docs/Release... https://releases.llvm.org/13.0.0/tools/clang/tools/extra/... https://releases.llvm.org/13.0.0/tools/flang/docs/Release... https://releases.llvm.org/13.0.0/tools/lld/docs/ReleaseNo... https://releases.llvm.org/13.0.0/tools/polly/docs/Release... https://releases.llvm.org/13.0.0/projects/libcxx/docs/Rel...

          Binaries and sources for 13.0.0 can be found on GitHub: https://github.com/llvm/llvm-project/releases/tag/llvmorg...

          LLVM 13.0.0 would not be possible without the help of our volunteer release team! Thanks to all the release testers:

          MichaÅ‚ Górny, Bernhard Rosenkraenzer, Hans Wennborg, Albion Fung, Brian Cain, Dimitry Andric, Tobias Hieta, Diana Picus, Sylvestre Ledru

          Also, a big thanks to everyone else who helped identify critical bugs, track down bug-fixes, and resolve merge conflicts.

          If you have questions or comments about this release, please contact the LLVMdev mailing list!

          -Tom

      • PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

      • IBM/Red Hat/Fedora

        • 4 steps to make DevSecOps adoption a team effort

          Perhaps your organization is already experimenting with DevOps tools or considering how to move towards DevOps. Maybe you're still relying on ad hoc processes. Then suddenly your C-suite or auditors raise the need to standardize on a secure and agile development process. Enter DevSecOps.

          To mitigate the challenges that come with DevSecOps adoption, you'll need to make it a team effort. Here's what you need to do.

        • 4 new videos about working and leading openly

          Last month, Open Organization community members took to the airwaves (or maybe the fiber optics?) to discuss some of the ways open principles are changing how we work, manage, and lead. Here's what we shared on OpenOrgTV.

        • Designing efficient file operations at cloud scale

          Accessing and operating on data is one of the most time-consuming aspects of computing. Developers can improve efficiency by looking for ways to avoid the overhead required by standard file operations. To illustrate the possibilities, I will report on a couple of interesting cases where I designed cloud-scale services that dynamically construct files for users to consume.

          The first application was an incremental backup and restore application, and the second was part of a new OpenShift installation service that creates personalized ISO files of Red Hat Enterprise Linux CoreOS (RHEL CoreOS). Both applications went through similar iterations, starting with a naive implementation and gradually improving its efficiency. I will focus on the ISO design first and briefly discuss the backup and restore application at the end.

        • Printf-style debugging using GDB, Part 1 | Red Hat Developer

          Programmers often debug software by adding print statements to source code. Knowing that a certain point in the program has been reached can be immensely helpful. It's also useful to print values of variables at various points during program execution. An obvious drawback of this technique is the need to change source code, both to add the print statements and later to remove or disable them after the bug has been fixed. Adding new code can potentially introduce new bugs, and if you've added many print statements, you might forget to remove some of them when cleaning up after debugging.

          You can use the popular GNU Project Debugger (GDB) to perform the same style of debugging for various programming languages, especially C and C++, without changing source files. This article is the first of a series describing how to use GDB to add print statements to your C and C++ code. We'll start with some basics and move through more advanced ways to call program-defined functions that display data.

        • Taking action against climate change – Developers drive worldwide Call for Code movement [Ed: IBM is greenwashing again because it has a very negative image]

          The climate crisis has become one of the most pressing issues of our time, so critical the United Nations’ Secretary-General labeled it as “code red for humanity” in response to a recent report by the Intergovernmental Panel on Climate Change. With the report predicting dramatically rising temperatures and sea levels, and more frequent drought and fire weather over the next 20 years, change and collaboration are needed to make both an immediate and lasting difference.

          Because of this urgency and consistent with IBM’s long commitment to environmental leadership, this year’s Call for Code Global Challenge invited the world’s software developers and innovators to come together to combat climate change with open source-powered technology. In particular, participants were asked to address the UN Sustainable Development Goals 2 (Zero Hunger), 6 (Clean Water and Sanitation), and 12 (Responsible Consumption and Production), and through them help to halt and reverse the impact of climate change.

          After months of work by teams around the world and much deliberation by our distinguished judges, we’re excited to announce the regional finalists for the global competition. Our judges have identified the top solutions from Asia Pacific; Europe; Greater China; India; Latin America; the Middle East and Africa; and, North America. Congratulations to these teams, and thank you all for your time, dedication, and ingenuity!

        • Get podman up and running on Windows using Linux [Ed: IBM is so desperate to spread its vendor lock-in that it is shilling Microsoft's attack on GNU/Linux, WSL/2. This isn't helping at all; well, it helps Microsoft and IBM.]
        • Hybrid work: 9 ways to encourage healthy team conflict | The Enterprisers Project

          That’s as true in working situations as it is in our personal lives. When you’re talking about relationships within a hybrid work team, with some employees working remotely and others in the office, maintaining good relations can be even trickier.

          “When everyone isn’t in the same room, or office for that matter, it can be easier for communication to break down,” says Dr. Sunni Lampasso, executive coach and founder of Shaping Success. “Hence, having a mixture of in-office and remote workers can create increased miscommunication and conflict avoidance opportunities.”

        • 5 must-read Harvard Business Review articles | The Enterprisers Project

          Each month, through our partnership with Harvard Business Review, we refresh our resource library with five new HBR articles we believe CIOs and IT leaders will value highly. Check out the curated pieces below, available to readers through the end of the month.

        • Using RHEL System Roles to automate the implementation of RHEL Session Recording

          It can be a challenging and time-consuming process to determine the root cause of a security incident. Because of this, Red Hat introduced the ability to record terminal sessions in Red Hat Enterprise Linux (RHEL) 8.

          This functionality, called session recordings, allows you to audit what users have done from the terminal. Recordings can be easily viewed from the command line or from the web console, and not only can you increase their playback speed, but also search for keywords and jump easily to relevant portions of the recording.

          The session recording functionality is provided by the tlog package.

          If you would like to implement session recording across your environment, you can either implement it manually or use the tlog RHEL System Role to automate its installation and configuration across your RHEL environment.

        • In community we trust: Open source software and supply chain security

          In the United States and around the globe, businesses and organizations have experienced a number of high-profile and costly security attacks over the past few years. And the sobering truth is, the attacks are not going to stop.

          According to Forrester’s report--"The State of Application Security 2021"--30% of external breaches were caused by software vulnerabilities. But as SolarWinds showed, not only are your internal operations disrupted by a breach, but your customers’ lives can be severely disrupted as a result. Even entire supply chains.

          Which is why our collective work on security is so important right now.

        • Red Hat’s Dr. Mark Little elected as a Fellow of the Royal Academy of Engineering

          We are pleased to announce that Red Hat's head of Application Services engineering, Mark Little, Ph.D., has been named a Fellow of the Royal Academy of Engineering, the U.K.’s national academy of engineering.

          Fellowship with the Academy is an honor given to individuals in the U.K. whose work has helped to advance and enrich the field of engineering through research, policy formation, education and entrepreneurship. According to the Academy, these individuals serve as innovation leaders and inspiring role models with remarkable achievements in business or academia.

          Mark has earned the respect of colleagues throughout the technology industry, not only as a brilliant technologist, but also as a visionary leader. Over the course of his career, he has received 100 patents, published 60 papers, and co-authored four books. As vice president of Engineering at Red Hat, he has been involved in numerous initiatives, driving the technology strategy for a broad portfolio of software tools used by enterprise organizations to create, integrate and automate critical business applications.

      • Canonical/Ubuntu Family

        • Ubuntu Fridge | Ubuntu Weekly Newsletter Issue 703

          Welcome to the Ubuntu Weekly Newsletter, Issue 703 for the week of September 26 – October 2, 2021.

        • Mir 2.5 Released With Wayland Extension Updates For Better Handling On-Screen Keyboards - Phoronix

          Canonical continues advancing their Wayland-based Mir stack for embedded and IoT use-cases. Out today is Mir 2.5 with the latest features as they work to provide better support for on-screen keyboards.

          Mir 2.5 adds support for the zwp_virtual_keyboard_v1 to allow more Wayland on-screen keyboards to work with Mir. The Squeekboard keyboard is also benefiting from this release with zwp_text_input_v3 and zwp_input_method_v2 also now supported. With these additions more on-screen keyboards should work with Mir.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Securing Connections: Disabling 3DES in Firefox 93

            As part of our continuing work to ensure that Firefox provides secure and private network connections, it periodically becomes necessary to disable configurations or even entire protocols that were once thought to be secure, but no longer provide adequate protection. For example, last year, early versions of the Transport Layer Security (TLS) protocol were disabled by default.

            One of the options that goes into configuring TLS is the choice of which encryption algorithms to enable. That is, which methods are available to use to encrypt and decrypt data when communicating with a web server?

          • Mozilla Security Blog: Firefox 93 protects against Insecure Downloads

            Downloading files on your device still exposes a major security risk and can ultimately lead to an entire system compromise by an attacker. Especially because the security risks are not apparent. To better protect you from the dangers of insecure, or even undesired downloads, we integrated the following two security enhancements which will increase security when you download files on your computer.

          • The Mozilla Blog: News from Firefox Focus and Firefox on Mobile

            One of our promises this year was to deliver ways that can help you navigate the web easily and get you quickly where you need to go. We took a giant step in that direction earlier this year when we shared a new Firefox experience. We were on a mission to save you time and streamline your everyday use of the browser. This month, we continue to deliver on that mission with new features in our Firefox on mobile products. For our Firefox Focus mobile users, we have a fresh redesign plus new features including shortcuts to get you faster to the things you want to get to. This Cybersecurity Awareness month, you can manage your passwords and take them wherever you go whenever you use your Firefox on Android mobile app.

          • 93.0 Firefox Release
          • Firefox 93.0

            Firefox 93.0 has been released. With this version Firefox supports the new AVIF image format, which is based on the modern and royalty free AV1 video codec. The PDF viewer supports filling more forms, such as XFA-based forms used by multiple governments and banks. Downloads that rely on insecure connections are blocked, protecting against potentially malicious or unsafe downloads. Details on these features and more can be found in the release notes.

          • Firefox 93 features an improved SmartBlock and new Referrer Tracking Protections

            We are happy to announce that the Firefox 93 release brings two exciting privacy improvements for users of Strict Tracking Protection and Private Browsing. With a more comprehensive SmartBlock 3.0, we combine a great browsing experience with strong tracker blocking. In addition, our new and enhanced referrer tracking protection prevents sites from colluding to share sensitive user data via HTTP referrers.

          • Tab Unloading in Firefox 93 - Mozilla Hacks - the Web developer blog

            Starting with Firefox 93, Firefox will monitor available system memory and, should it ever become so critically low that a crash is imminent, Firefox will respond by unloading memory-heavy but not actively used tabs. This feature is currently enabled on Windows and will be deployed later for macOS and Linux as well. When a tab is unloaded, the tab remains in the tab bar and will be automatically reloaded when it is next selected. The tab’s scroll position and form data are restored just like when the browser is restarted with the restore previous windows browser option.

            On Windows, out-of-memory (OOM) situations are responsible for a significant number of the browser and content process crashes reported by our users. Unloading tabs allows Firefox to save memory leading to fewer crashes and avoids the associated interruption in using the browser.

            We believe this may especially benefit people who are doing heavy browsing work with many tabs on resource-constrained machines. Or perhaps those users simply trying to play a memory-intensive game or using a website that goes a little crazy. And of course, there are the tab hoarders, (no judgement here). Firefox is now better at surviving these situations.

            We have experimented with tab unloading on Windows in the past, but a problem we could not get past was that finding a balance between decreasing the browser’s memory usage and annoying the user because there’s a slight delay as the tab gets reloaded, is a rather difficult exercise, and we never got satisfactory results.

          • Firefox 93.0 Released! Adds AVIF Support & Blocks Insecure Downloads | UbuntuHandbook

            Mozilla Firefox 93.0 was officially released today. The release features AVIF image support and further security improvements.

            The AV1 image format (AVIF) is an image file format for storing images or image sequences compressed with AV1 in the HEIF file format. It offers significant file size reduction compare to JPEG, PNG and WebP. Google Chrome added it support since version 85. By releasing v93.0, Firefox now has AVIF image support.

            Some PDF files have interactive fields to fill in data. Since Firefox 83, the built-in PDF viewer supports filling fields such as text, check boxes, and radio buttons. In the new release, it adds more forms (XFA-based forms, used by multiple governments and banks) support.

      • CMS

        • The Month in WordPress: September 2021

          That was Josepha Haden on the “A Sneak Peek at WordPress 5.9” episode of the WP Briefing Podcast, talking about what goes into a WordPress release like version 5.9. Read on to find out more about updates on the latest release and the latest WordPress news from September 2021.

      • FSFE

        • Google, FSFE & Child labor

          FSFE, one of Google's mouthpieces in the free software world, has announced a dubious competition called Youth Hacking 4 Freedom.

          The target audience is between 14 and 18 years of age. Participants compete by working for free. There are numerous cases where people completed work for Google Summer of Code and they were not paid yet the rules for YH4F are even worse and the victims are younger. Google Code-In was a similar program targetting teenagers between 13 and 17 years. Google gave the child laborers t-shirts and certificates in lieu of payment. It looks like ethical concerns may have been a factor in Google's decision to mothball the Google Code-In last year. Yet a program that is even more demanding has appeared in a Google proxy organization, the FSFE.

          A recent news story gives various examples of Google trying to obfuscate controversial employment practices. Child labor crosses a red line.

      • FSF

        • Life's better together when you avoid Windows 11

          October 5 marks the official release of Windows 11, a new version of the operating system that doesn't do anything at all to counteract Windows' long history of depriving users of freedom and digital autonomy. While we might have been encouraged by Microsoft's vague, aspirational slogans about community and togetherness, Windows 11 takes important steps in the wrong direction when it comes to user freedom.

          Microsoft claims that "life's better together" in their advertising for this latest Windows version, but when it comes to technology, there is no surer way of keeping users divided and powerless than nonfree software. Developing nonfree software is an inherently antisocial act, for it is intentionally choosing to create an unjust power structure, in which a developer knowingly keeps users powerless and dependent by withholding information. Increasingly, this involves not only withholding the source code itself, but even basic information on how the software works: what it's really doing, what it's collecting, and how often it's snitching on users. "Snitching" may sound dramatic, but Windows 11 will now require a Microsoft account to be connected to every user account, granting them the ability to correlate user behavior with one's personal identity. Even those who think they have nothing to hide should be wary of sharing potentially all of their computing activity with any company, much less one with a track record of abuse like Microsoft.

      • Programming/Development

        • Can Cross-Platform Development Prepare You for the Next Chip Shortage?

          Most car manufacturers across the globe are suffering from the chipset shortage. Manufacturers in other industries are slowing down their production for the same reason. Except a few. How are they doing it? How can other companies do the same?

          Some car manufacturers – or OEMs (Original Equipment Manufacturers) – have chosen to build their own chips. Some of them work with their governments to create a local chipset industry. But there is one strategy that could be the most effective: Flexible Chip Sourcing.

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

          • RHEL Clones

            • CentOS Kmods SIG Working On exFAT, WireGuard Additions

              Created this year has been the CentOS Kmods special interest group for dealing with deprecated device support and out-of-tree modules. This Kmods SIG has begun crafting their initial set of extra kernel modules for use on CentOS.

              The CentOS Kmods SIG published their quarterly report today about their activities maintaining and packaging extra kernel modules for CentOS Stream.

            • What AlmaLinux Foundation Membership Means for You

              Hello Community. Today we announced that membership in the AlmaLinux Foundation is now open to everyone (It's 100% Free). First of all, many are probably asking what is this? Second, who cares? I wanted to take a few brief moments to share some insight, some feelings and hopefully explain why this is so important.

              When CentOS was initially founded by Lance Davis in 2004 no one really knew how fundamentally important it would grow to become in the Linux ecosystem--as a concept, as a distribution and really as a lynchpin of the modern internet. The concept of a community-driven OS, which drew upon an enterprise grade base made freely and widely available was a real novelty. As far as the technical aspect, the "entOS" part of CentOS, it has been resoundingly successful.

              However, the "C" part of CentOS, Community, got lost somewhere along the way. If the plan was to ensure that it would always be in the hands of the community, the contributors and the people, to own and to control, CentOS never really managed to fulfill that ultimate purpose of community ownership.

              CentOS has never been an organization with its own standing, it was always a loose collective of people. Throughout its history (which is a topic for another time) it has been wheeled and dealed, held hostage, transferred, fought about, bought and sold from one party to the next, ultimately landing at Red Hat. They own the Intellectual Property behind CentOS and are free and able to take it in whatever direction they want, as we have seen.

            • AlmaLinux Foundation opens membership

              The AlmaLinux Foundation has opened membership to everyone.

            • CentOS Replacement AlmaLinux Becomes a Membership-Centered Project
              Today, the AlmaLinux Foundation announced a membership program as a step to assure that the Linux distribution will be a community owned and governed project that’s not subject to the whims of a single corporate sponsor.

              This was a promise that Igor Seletskiy, CloudLinux’s founder and CEO, made when he announced that his company would spend up to $1 million yearly to start and fund a new Linux distribution to replace CentOS Linux, after Red Hat announced that it was in the process of removing support for CentOS as a freely available downstream replacement for it’s flagship product, Red Hat Enterprise Linux.

        • Security

          • Google Launched a Secure Open Source (SOS) Program for Developers [Ed: PR stunt from company that undermines security and privacy because that's just its business model]

            Google starts the Secure Open Source (SOS) Rewards pilot program run by the Linux Foundation with initial sponsorship of $1 million.

            Google has announced that it’s sponsoring a new open source security program hosted by the Linux Foundation. The Secure Open Source (SOS) Rewards pilot program provides financial incentives for developers working on security around critical open source projects.

          • New Program Rewards Developers for Securing Open Source Software

            Google is making a $1 million investment in the Secure Open Source (SOS) Rewards pilot program, according to a recent announcement.

            The SOS program “financially rewards developers for enhancing the security of critical open source projects that we all depend on” and is run by the Linux Foundation with sponsorship from the Google Open Source Security Team.

          • WordPress, Linux Users in Danger of New Malware: Major Warning Signs of Capoae Attack [Ed: What does this have to do with Linux???]

            A new malware has been spotted attacking Linux systems and WordPress installations. The malware called Capoae is rapidly growing as a favorite tool among hackers and threat actors because of its cross-platform capabilities, easy installation and fast infection rate.

          • ROS CVE alert; ensuring security for robotics

            Open Robotics has registered a CVE that affects ROS Kinetic, Melodic and Noetic. CVE stands for Common Vulnerabilities and Exposures, and it’s an international system that provides a method for publicly sharing information on cybersecurity vulnerabilities and exposures. This specific CVE affects ROS users.

            “An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.”

            Open Robotics has already built and tested the security patch and has made the fix available to the community (e.g. Melodic update). So if you haven’t upgraded your ROS stack, please do so.

          • OpenLogic by Perforce Announces New Download Hub for Enterprise Linux [Ed: Microsoft-connected proxy]
          • A Closer Look at NSA/CISA Kubernetes Hardening Guidance [Ed: NSA involvement in Kubernetes does not make Kubernetes seem any more secure; quite the contrary and the companies involved here got exposed working for NSA (in Snowden leaks)]

            USA's National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released, "Kubernetes Hardening Guidance" on August 3rd, 2021. The guidance details threats to Kubernetes environments and provides secure configuration guidance to minimize risk.

            The following sections of this blog correlate to the sections in the NSA/CISA guidance. Any missing sections are skipped because of limited opportunities to add anything new to the existing content.

            Note: This blog post is not a substitute for reading the guide. Reading the published guidance is recommended before proceeding as the following content is complementary.

          • Be Cyber Smart During Cybersecurity Awareness Month [Ed: They put back doors in things and then they cheer for "Cybersecurity Awareness Month"]

            CISA and the National Cybersecurity Alliance (NCSA) remind users to continue to “Do Your Part. #BeCyberSmart.” during October—2021’s Cybersecurity Awareness Month!

          • Wladimir Palant: Abusing Keepa Price Tracker to track users on Amazon pages

            As we’ve seen before, shopping assistants usually aren’t a good choice of browser add-on if you value either your privacy or security. This impression is further reinforced by Keepa, the Amazon Price Tracker. The good news here: the scope of this extension is limited to Amazon properties. But that’s all the good news there are. I’ve already written about excessive data collection practices in this extension. I also reported two security vulnerabilities to the vendor.

            Today we’ll look at a persistent Cross-Site Scripting (XSS) vulnerability in the Keepa Box. This one allowed any attackers to track you across Amazon web properties. The second vulnerability exposed Keepa’s scraping functionality to third parties and could result in data leaks.

          • Privacy/Surveillance

            • Big ID, bad idea: busting ID myths that are endangering human rights - Access Now

              Big ID programs — frequently involving biometric data collection — are being rolled out across the globe. Similar to Big Tech, Big ID refers to the market of actors selling and profiting from digital identification systems and infrastructure. They regularly aim to replace or complement government identification systems with digital ones, often endangering the human rights of those the people they’re supposed to benefit. Access Now’s new report, Busting the dangerous myths of Big ID programs: cautionary lessons from India, turns a human rights lens on these new systems, unpacking real-life case studies from India to distinguish fact from fiction. Read the full report, and the report snapshot.

              “India’s Big ID program, Aadhaar, was a bad idea that had a disastrous impact on peoples’ human rights. We must not let this be replicated around the globe,” Ria Singh Sawhney, Asia Pacific Policy Fellow at Access Now. “If we don’t seriously reevaluate Big IDs, and debunk the myths used to sell them, we are entering a dystopian future where biometric surveillance is normalized, the indignity of arbitrary exclusions are justified, and peoples’ data is no longer considered their own.”

              [...]

              India’s experience with Aadhaar underlines the dangers of these programs, and neighboring Afghanistan is showcasing how truly perilous a centralized biometric database can be. Big ID myths must be debunked before these programs spread further.

    • AstroTurf/Lobbying/Politics

      • Yanis Varoufakis: Angela Merkel Was Bad for Europe and the World

        Angela Merkel’s tenure will be remembered as Germany’s, and Europe’s, cruelest paradox. On the one hand, she dominated the continent’s politics like no other peacetime leader — and is leaving the German chancellery considerably more powerful than she had found it. But the way she built up this power condemned Germany to secular decline and the European Union to stagnation.

    • Civil Rights/Policing

      • [Older] The New Puritans

        Social codes are changing, in many ways for the better. But for those whose behavior doesn’t adapt fast enough to the new norms, judgment can be swift—and merciless.

        [...]

        The interaction between the angry mob and the illiberal bureaucracy engenders a thirst for blood, for sacrifices to be offered to the pious and unforgiving gods of outrage.

    • Monopolies

      • Patents

        • New PatentlyO L.J. Article: The AIA at Ten – How Much Do the Pre-AIA Prior Art Rules Still Matter? [Ed: Patent maximalists hate patent quality with a passion, so of course they're still protesting AIA and PTAB (which came with it); the litigation 'industry' should have exactly zero influence in policy surrounding patents if the patent system exists for science]

          As the America Invents Act (AIA) turns 10, patent students across the country may be asking: if the law is already a decade old, why am I spending so much time learning pre-AIA law? Though patents filed before the transition date will remain in force up through March 2033, a good 10+ years away, teachers may also be wondering which regime to emphasize and for how long the pre-AIA rules will still be considered fundamental rather than footnote material. We address these questions empirically by analyzing the effective dates of patents and patent applications currently being litigated or pursued. Our analysis resoundingly confirms that both regimes matter and that the pre-AIA prior art regime appears likely to continue to be relevant for much of the next decade. But how much it matters depends: as the graphs below show, patent lawsuits overwhelmingly continue to feature pre-AIA patents. We estimate that ~90% of patent litigations initiated in 2020 included a patent with an effective filing date before the AIA transition date of March 16, 2013. But the inverse is true of patents currently being prosecuted: ~94+ of applications currently pending before the USPTO, we estimate, are governed by the AIA. In the accompanying PatentlyO Bar Journal article, The AIA at Ten – How Much Does the Pre-AIA Prior Art Regime Still Matter?, 2021 Patently-O Patent Law Journal 35, we explain our methods, sources, and approach and how pre- and post-AIA law are likely to both remain important for some time but that the distinction doesn’t necessarily matter in the vast majority of cases.

        • Court Of Appeal Upholds Validity Of Pharmaceutical Patent Claims With Functional Limitations: FibroGen Inc v Akebia Therapeutics Inc [2021] EWCA Civ 1279 [Ed: Nowadays you don't often hear about patents being UPHELD in courts because patent quality decreased a lot]

          The UK Court of Appeal has reviewed the law on insufficiency and its application to claims with both structural and functional limitations. In doing so the court has explained how the concepts of plausibility and undue burden should be applied when assessing the sufficiency of claims of this type, in particular to the requirement that it must be possible to perform the invention across the breadth of the claim.

      • Trademarks

        • FRANCE.COM: Trademark Transferred to French Government without Recourse in US Courts

          When you visit the website france.com, you’ll be quickly redirected to the French government’s explore-France travel site: france.fr. But, the US-company France.com, Inc. believes that the country stole the .com site. The case is now pending before the Supreme Court on petition for writ of certiorari is France.com v. The French Republic, Docket No. 21-448 (Supreme Court 2021).



Recent Techrights' Posts

The Linux Foundation (Fronting for Microsoft and Bill Gates, Not Linux) Makes Cyberspace Less Secure
Security is not the goal
[Meme] The Most Important Things When Committing Crimes
pronouns
Materialistic Culture of Fake Possessions and Fake Popularity
Fake popularity is part of a "chicken and egg" thing
 
Links 28/11/2024: Pakistan Turmoil, TuxCare Changes, and More 'Open'AI Problems
Links for the day
Links 28/11/2024: Privacy, DNS, and Python
Links for the day
[Meme] When Social Control Media is Over
Any deathbed regrets?
Death of Human Interaction
How much are future generations being "damaged" by premature introduction of skinnerboxes and, perhaps more importantly, is there any "safe" age?
Dr. Andy Farnell: "Electronic Voting" is a Solution to a Problem That Doesn't Exist
The arguments are similar to ones that we've made for years
Deny the Shopping Holiday, Celebrate the Real Holiday
Buy Nothing Day
The EPO's General Consultative Committee (GCC) Meeting Last Month Sought to Remove Genders (But It's Nearly Impossible in French and German)
there are so many major problems at the EPO; this one seems like a minor distraction and perhaps one that suits corrupt management (misdirection of anger)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 27, 2024
IRC logs for Wednesday, November 27, 2024
Links 27/11/2024: “Writing Month”, "Cybertorture", and Qualcomm Trouble
Links for the day
Gemini Links 27/11/2024: How the Exoteric Relates to the Esoteric, a Look at BASIC
Links for the day
If the Reputation of the European Union for Rule of Law Has Diminished, Blame EPO and the German (Also the Dutch) Government for Facilitating It
We'll soon publish some new EPO material
[Meme] Same Thing, Different Job Title
"Server sysadmin; Clown computing consultant"
Imagine Patents on Musical Compositions and Cooking Recipes
The very existence of software patents must come to an end
"Latest Technology News" in BetaNews is Press Release SPAM (or LLM Slop, Marketing, Fake 'Review')
What they call "reviews" are just ads
[Meme] Kramer is Done
Devuan is turning 10
There Are More Devuan-Based Distros of GNU/Linux Each Year
"The Veteran Unix Admin collective salutes you"
Go Offline for a Bit
yup!
Windows Falls to All-Time Low (12%) in Gabon
Gabon's data from statCounter shows this
[Meme] When Words Come to Mean the Opposite
"Keep the 'dumb' stuff, be smart about it"
In Defence of Analog (Sometimes Digital and/or "Smart" is Objectively a Lot Worse)
This past weekend (2-3 days) I spent a few hours per day saving us 250 - 400 pounds in repair bills
It Takes Microsoft Over a Day to Restore 'Microsoft 365' (360, 5 Days of Downtime)
Microsoft/Windows TCO will always be huge
[Meme] In Some Countries, Android (Linux) is Already 'the Standard'
"Wait. Sorry, we don't do Windows here, we barely use laptops."
In Gambia, According to statCounter, Windows "Market Share" is Down to 3%
in some countries Windows is already down to 1%
In Defence of CDs...
Let's say that some environmentalists focus only on visible things like plastics
This Holiday Season Dump Companies That Offload Everything to Skinnerbox "Apps", Un-Encrypted E-mail, and 'Webapps' (Proprietary JS Applications in 'Web Site' Clothing)
bot disservice
The Web is Becoming Social Control Media Junk and Fake Text Crafted by Machines (Boosted by Social Control Media via Bots Which Game Visibility/Popularity)
The misinformation machines are being increasingly automated to promote dictators and bigots
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 26, 2024
IRC logs for Tuesday, November 26, 2024
When Social Control Media in the European Union is Controlled by BRICS
Who controls TikTok?
Links 27/11/2024: Zoom Waning (Stock Falls), More Microsoft Shutdowns, and European Commission Flags Bluesky for Breaches
Links for the day
Gemini Links 26/11/2024: Disease, Vibrations, and Grief
Links for the day
Links 26/11/2024: Microsoft 360 Users Report Outages, Attacks on Journalists Plentiful Worldwide
Links for the day
Same Month Judge Suggests Selling Chrome (Compelling Google to Give It Away) Chrome Surpasses Two-Thirds of "The Market", Based on Surveyor
tackling Google's browser monoculture is still a priority
[Meme] Trying to Terrorise Critics
How Microsofters roll...
Illegitimi Non Carborundum
If you try to suppress our publication, we'll not just bark back but also bite
Why This Site Became "Simple" a Year Ago
Light is good, heavy is bad
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, November 25, 2024
IRC logs for Monday, November 25, 2024
Links 26/11/2024: International Microsoft Outages, Microsoft Mass Layoffs Bigger Than Reported Last Friday
Links for the day, Deutsche Welle and CBC focus
Gemini Links 26/11/2024: Not Pagan, Emacs Wiki, and More
Links for the day