10.05.21

Gemini version available ♊︎

Links 5/10/2021: Firefox 93.0 and EasyOS 3.0, AlmaLinux Openwashing

Posted in News Roundup at 6:55 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Audiocasts/Shows

    • Kernel Space

      • Linux 5.16 KVM To Land RISC-V Hypervisor Support – Phoronix

        Coming with the Linux 5.16 kernel cycle will be support for RISC-V virtualization with the Kernel-based Virtual Machine (KVM).

        The RISC-V ISA recently settled on its hypervisor extension and its spec is now considered frozen. The hypervisor extension to the RISC-V instruction set is outlined here. Given that it’s taken a while to freeze, there isn’t yet any performant RISC-V processors out there actually implementing the complete extension and so for now and during development it’s been a function of running it on simulators.

      • Paul E. Mc Kenney: Will Your Rust Code Survive the Attack of the Zombie Pointers?

        Some of the previous posts in this series have been said to be quite difficult, so I figured I owed you all an easy one. And the zombie-pointer problem really does have a trivial solution, at least in the context of the Linux kernel. In other environments, all bets are off.

      • Paul E. Mc Kenney: How Much of the Kernel Can Rust Own?

        Rust concurrency makes heavy use of ownership and borrowing. The purpose of this post is not to give an exposition of Rust’s capabilities and limitations in this area, but rather to give a series of examples of ownership in the Linux kernel.

        The first example involves Linux-kernel per-CPU variables. In some cases, such variables are protected by per-CPU locks, for example, a number of fields in the per-CPU rcu_data structure are used by the kernel threads that manage grace periods for offloaded callbacks, and these fields are protected by the ->nocb_gp_lock field in the same instance of that same structure. In other cases, access to a given per-CPU variable is permitted only by the corresponding CPU, and even then only if that CPU has disabled preemption. For example, the per-CPU rcu_data structure’s ->ticks_this_gp field may be updated only from the corresponding CPU, and only when preemption is disabled. In the particular case, preemption is disabled as a side-effect of having disabled interrupts.

        The second example builds on the first. In kernels built with CONFIG_RCU_NOCB_CPU=n, the per-CPU rcu_data structure’s ->cblist field may be updated from the corresponding CPU, and only when preemption is disabled. However, it is also allowed from some other CPU when the corresponding CPU has been taken offline, but only from within that other CPU that is orchestrating the offlining of the corresponding CPU.

        (What about kernels built with CONFIG_RCU_NOCB_CPU=y? They must also acquire a ->nocb_lock that is also contained within the per-CPU rcu_data structure.)

      • Updated Zstd Planned For Linux 5.16 With Better Performance – Phoronix

        As reported on last week, an updated Zstd implementation for the Linux kernel is being re-attempted by Zstd developer Nick Terrell at Facebook. Today he sent out the latest Zstd kernel patches to provide a much newer version of the code compared to what is currently mainlined and will provide much better performance and numerous fixes.

        The Zstd code currently within the Linux kernel is out-of-date and it’s taken an unfortunate amount of time to get it updated. Fortunately, the new code is introducing a new kernels-style wrapper API around Zstd that should allow for these code updates to be performed smoother and more easily moving forward. In fact, the Zstd kernel code is working towards being automatically generated/derived from the upstream Zstd sources.

      • Graphics Stack

        • RadeonSI Lands Another Big Overhead Optimization – “Substantially” Helps In Some Cases – Phoronix

          Merged to Mesa 21.3-devel this weekend was a rework to the display list interface for the Gallium3D code and Mesa state tracker and wired up for the RadeonSI Gallium3D driver. This latest driver overhead reduction is another sizable win for AMD’s open-source OpenGL driver on Linux.

          While these days most Linux games exclusively target the Vulkan API and efforts around Valve’s Steam Play are focused on mapping Direct3D to Vulkan, OpenGL still has a large presence particularly for workstation software. Over the past year we’ve seen AMD’s driver engineers continue to focus on many RadeonSI optimizations to benefit workstation workloads, in particular using SPECViewPerf as the baseline and often focusing on Siemens NX (Snx).

        • Vulkan 1.2.195 Introduced With Three New Extensions

          Vulkan 1.2.195 is out today as the latest weekly update to this high performance, industry standard API for graphics and compute.

          With Vulkan 1.2.195 there is the usual assortment of documentation clarifications/corrections plus this time around are three new extensions. The new extensions in Vulkan 1.2.195 include:

    • Applications

      • September GNU Spotlight with Mike Gerwitz: 15 new GNU releases!

        anastasis-0.1.0
        bison-3.8.2
        Coreutils-9.0
        gama-2.15
        gdb-11.1
        gdbm-1.21
        gnun-1.1
        gzip-1.11
        inetutils-2.2
        mediagoblin-0.12.0
        parallel-20210922
        taler-exchange-0.8.5
        unifont-14.0.01
        wget-1.21.2
        wget2-2.0.0

      • Tools to explore BGP

        Yesterday there was a big Facebook outage caused by BGP. I’ve been vaguely interested in learning more about BGP for a long time, so I was reading a couple of articles.

        I got frustrated because none of the articles showed me how I could actually look up information related to BGP on my computer, so I wrote a tweet asking for tools.

        I got a bunch of useful replies as always, so this blog post shows some tools you can use to look up BGP information. There might be an above average number of things wrong in this post because I don’t understand BGP that well.

      • KShutdown 5.90 Allows to Auto Restart from Linux into Another OS | UbuntuHandbook

        The graphical auto shutdown app KShutdown released version 5.90 with feature to reboot from Linux into another OS automatically.

        KShutdown is a free open-source app that provides a simple Qt based user interface. It allows users to automatically shutdown, restart, hibernate, sleep, log-out, or run a command on certain time, after a period of time, on user inactivity or other event.

        The app is getting more and more powerful. The latest 5.90, beta for next 6.0 release, introduced experimental multi-booting support. User can now automatically reboot from Linux into another OS, such as Windows, from Grub menu entries.

    • Instructionals/Technical

    • Games

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • GNOME 42 to Introduce a System-wide Dark Style Preference, Thanks to elementary OS

          There’s still time for GNOME 42, but it looks like it will implement a system-wide dark mode preference similar to elementary OS 6.

          If you have been reading our coverages, you must have noticed mentioning it as one of the best elementary OS 6 features.

          And for all the right reasons. Unlike a GTK theme change, elementary OS 6 approached the dark style preference as an opt-in preference that application developers can detect and choose to respect.

    • Distributions

      • The 4 Best Linux Distros for Helping You Stay Anonymous

        In this article, we’ll look at four Linux distros that help to keep you anonymous on the Web. The Linux operating system offers a lot of privacy options, and it’s arguably the best OS to use if online security and privacy is important to you.

      • elementary OS 6 Updates for September, 2021

        We’re back with your monthly report on updates to elementary OS 6! It was another incredibly eventful month as we continued fixing reported issues and focused in especially on improvements to AppCenter and Online Accounts apps like Mail. But before we get to all the goodies, we’re proud to report that OS 6 has been downloaded from our website over 137,000 times—and as always, that’s not including downloads from third parties or direct downloads via torrent that bypass our download page.

      • Qubes OS Intro on the Librem 14

        With Qubes OS now fully supported on the Librem 14 and Librem Mini, we thought it was time for a rundown of how containerization in Qubes OS makes it perhaps the most secure software design to date. Your data can be kept safe and locked away from most dangers by being in a separate VM. This video will show you how Qubes OS can bring extra security to your Librem 14 or Mini.

        [...]

        Want to learn more? Check out what Kyle Rankin has to say on the subject or dig into the docs. Want Qubes OS? Select it at checkout when you buy a Librem 14, Mini or download the Librem 14 OEM installer here.

      • New Releases

        • MX Linux 21 Release Candidate Readied for Public Testing with Xfce, KDE Plasma, and Fluxbox Flavors

          Coming exactly one month after the second beta release, MX Linux 21 Release Candidate is here with some small changes, numerous bug fixes and updated translations, as well as updated components and latest security patches from the Debian GNU/Linux 11 “Bullseye” software repositories.

          MX Linux 21 Release Candidate adds “thick” variants of the xfwm4 mx-comfort themes in the Xfce flagship edition, and adds new mx-comfort color schemes as part of the MX global themes to the KDE Plasma edition, which also received various improvements to the default settings.

        • EasyOS 3.0 released

          Significant structural changes, hence the version bump. Don’t want this to be announced on Distrowatch, as there could be issues. Hope to fix them, if any, for version 3.1. Also want to do a new desktop theme for 3.1.

        • EasyOS Dunfell-series 3.0

          EasyOS was created in 2017, derived from Quirky Linux, which in turn was derived from Puppy Linux in 2013. Easy is built in woofQ, which takes as input binary packages from any distribution, and uses them on top of the unique EasyOS infrastructure.
          Throughout 2020, the official release for x86_64 PCs was the Buster-series, built with Debian 10.x Buster DEBs.
          EasyOS has also been built with packages compiled from source, using a fork of OpenEmbedded (OE). Currently, the Dunfell release of OE has been used, to compile two sets of binary packages, for x86_64 and aarch64.
          The latter have been used to build EasyOS for the Raspberry Pi4, and first official release, 2.6.1, was in January 2021.
          The page that you are reading now has the release notes for EasyOS Dunfell-series on x86_64 PCs, also debuting in 2021.
          To try and keep things simple, all three, the Dunfell-series on Pi4 and the Dunfell-series and Buster-series on the PC, all are (approximately) sync’ed at the same version number.
          However, there are differences in the maturity of each. In the case of the Pi4, the hardware still has some issues. For Dunfell-series on the PC, as the packages are all compiled from source, they are not as tested as those in the Buster-series.
          The version number is for EasyOS itself, the infrastructure, support-glue, system scripts and system management and configuration applications.
          The latest version is becoming mature, though is an experimental distribution and some parts are under development and are still considered as beta-quality. However, you will find this distro to be a very pleasant surprise, or so we hope.

      • BSD

        • LLVM 13.0.0 released

          Version 13.0.0 of the LLVM compiler suite is out. There is a long list of changes, as always; see the numerous sets of release notes below for details.

        • LLVM 13.0.0 released
          LLVM 13.0.0 is now available! Download it now, or read the release notes:
          
          https://releases.llvm.org/13.0.0/docs/ReleaseNotes.html
          
          
          https://releases.llvm.org/13.0.0/tools/clang/docs/Release...
          
          
          https://releases.llvm.org/13.0.0/tools/clang/tools/extra/...
          
          
          https://releases.llvm.org/13.0.0/tools/flang/docs/Release...
          
          
          https://releases.llvm.org/13.0.0/tools/lld/docs/ReleaseNo...
          
          
          https://releases.llvm.org/13.0.0/tools/polly/docs/Release...
          
          
          https://releases.llvm.org/13.0.0/projects/libcxx/docs/Rel...
          
          Binaries and sources for 13.0.0 can be found on GitHub:
          
          https://github.com/llvm/llvm-project/releases/tag/llvmorg...
          
          LLVM 13.0.0 would not be possible without the help of our volunteer
          release team! Thanks to all the release testers:
          
          Michał Górny, Bernhard Rosenkraenzer, Hans Wennborg, Albion Fung,
          Brian Cain, Dimitry Andric, Tobias Hieta, Diana Picus, Sylvestre Ledru
          
          Also, a big thanks to everyone else who helped identify critical bugs,
          track down bug-fixes, and resolve merge conflicts.
          
          If you have questions or comments about this release, please contact
          the LLVMdev mailing list!
          
          -Tom
          
          
      • PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

      • IBM/Red Hat/Fedora

        • 4 steps to make DevSecOps adoption a team effort

          Perhaps your organization is already experimenting with DevOps tools or considering how to move towards DevOps. Maybe you’re still relying on ad hoc processes. Then suddenly your C-suite or auditors raise the need to standardize on a secure and agile development process. Enter DevSecOps.

          To mitigate the challenges that come with DevSecOps adoption, you’ll need to make it a team effort. Here’s what you need to do.

        • 4 new videos about working and leading openly

          Last month, Open Organization community members took to the airwaves (or maybe the fiber optics?) to discuss some of the ways open principles are changing how we work, manage, and lead. Here’s what we shared on OpenOrgTV.

        • Designing efficient file operations at cloud scale

          Accessing and operating on data is one of the most time-consuming aspects of computing. Developers can improve efficiency by looking for ways to avoid the overhead required by standard file operations. To illustrate the possibilities, I will report on a couple of interesting cases where I designed cloud-scale services that dynamically construct files for users to consume.

          The first application was an incremental backup and restore application, and the second was part of a new OpenShift installation service that creates personalized ISO files of Red Hat Enterprise Linux CoreOS (RHEL CoreOS). Both applications went through similar iterations, starting with a naive implementation and gradually improving its efficiency. I will focus on the ISO design first and briefly discuss the backup and restore application at the end.

        • Printf-style debugging using GDB, Part 1 | Red Hat Developer

          Programmers often debug software by adding print statements to source code. Knowing that a certain point in the program has been reached can be immensely helpful. It’s also useful to print values of variables at various points during program execution. An obvious drawback of this technique is the need to change source code, both to add the print statements and later to remove or disable them after the bug has been fixed. Adding new code can potentially introduce new bugs, and if you’ve added many print statements, you might forget to remove some of them when cleaning up after debugging.

          You can use the popular GNU Project Debugger (GDB) to perform the same style of debugging for various programming languages, especially C and C++, without changing source files. This article is the first of a series describing how to use GDB to add print statements to your C and C++ code. We’ll start with some basics and move through more advanced ways to call program-defined functions that display data.

        • Taking action against climate change – Developers drive worldwide Call for Code movement [Ed: IBM is greenwashing again because it has a very negative image]

          The climate crisis has become one of the most pressing issues of our time, so critical the United Nations’ Secretary-General labeled it as “code red for humanity” in response to a recent report by the Intergovernmental Panel on Climate Change. With the report predicting dramatically rising temperatures and sea levels, and more frequent drought and fire weather over the next 20 years, change and collaboration are needed to make both an immediate and lasting difference.

          Because of this urgency and consistent with IBM’s long commitment to environmental leadership, this year’s Call for Code Global Challenge invited the world’s software developers and innovators to come together to combat climate change with open source-powered technology. In particular, participants were asked to address the UN Sustainable Development Goals 2 (Zero Hunger), 6 (Clean Water and Sanitation), and 12 (Responsible Consumption and Production), and through them help to halt and reverse the impact of climate change.

          After months of work by teams around the world and much deliberation by our distinguished judges, we’re excited to announce the regional finalists for the global competition. Our judges have identified the top solutions from Asia Pacific; Europe; Greater China; India; Latin America; the Middle East and Africa; and, North America. Congratulations to these teams, and thank you all for your time, dedication, and ingenuity!

        • Get podman up and running on Windows using Linux [Ed: IBM is so desperate to spread its vendor lock-in that it is shilling Microsoft's attack on GNU/Linux, WSL/2. This isn't helping at all; well, it helps Microsoft and IBM.]
        • Hybrid work: 9 ways to encourage healthy team conflict | The Enterprisers Project

          That’s as true in working situations as it is in our personal lives. When you’re talking about relationships within a hybrid work team, with some employees working remotely and others in the office, maintaining good relations can be even trickier.

          “When everyone isn’t in the same room, or office for that matter, it can be easier for communication to break down,” says Dr. Sunni Lampasso, executive coach and founder of Shaping Success. “Hence, having a mixture of in-office and remote workers can create increased miscommunication and conflict avoidance opportunities.”

        • 5 must-read Harvard Business Review articles | The Enterprisers Project

          Each month, through our partnership with Harvard Business Review, we refresh our resource library with five new HBR articles we believe CIOs and IT leaders will value highly. Check out the curated pieces below, available to readers through the end of the month.

        • Using RHEL System Roles to automate the implementation of RHEL Session Recording

          It can be a challenging and time-consuming process to determine the root cause of a security incident. Because of this, Red Hat introduced the ability to record terminal sessions in Red Hat Enterprise Linux (RHEL) 8.

          This functionality, called session recordings, allows you to audit what users have done from the terminal. Recordings can be easily viewed from the command line or from the web console, and not only can you increase their playback speed, but also search for keywords and jump easily to relevant portions of the recording.

          The session recording functionality is provided by the tlog package.

          If you would like to implement session recording across your environment, you can either implement it manually or use the tlog RHEL System Role to automate its installation and configuration across your RHEL environment.

        • In community we trust: Open source software and supply chain security

          In the United States and around the globe, businesses and organizations have experienced a number of high-profile and costly security attacks over the past few years. And the sobering truth is, the attacks are not going to stop.

          According to Forrester’s report–”The State of Application Security 2021″–30% of external breaches were caused by software vulnerabilities. But as SolarWinds showed, not only are your internal operations disrupted by a breach, but your customers’ lives can be severely disrupted as a result. Even entire supply chains.

          Which is why our collective work on security is so important right now.

        • Red Hat’s Dr. Mark Little elected as a Fellow of the Royal Academy of Engineering

          We are pleased to announce that Red Hat’s head of Application Services engineering, Mark Little, Ph.D., has been named a Fellow of the Royal Academy of Engineering, the U.K.’s national academy of engineering.

          Fellowship with the Academy is an honor given to individuals in the U.K. whose work has helped to advance and enrich the field of engineering through research, policy formation, education and entrepreneurship. According to the Academy, these individuals serve as innovation leaders and inspiring role models with remarkable achievements in business or academia.

          Mark has earned the respect of colleagues throughout the technology industry, not only as a brilliant technologist, but also as a visionary leader. Over the course of his career, he has received 100 patents, published 60 papers, and co-authored four books. As vice president of Engineering at Red Hat, he has been involved in numerous initiatives, driving the technology strategy for a broad portfolio of software tools used by enterprise organizations to create, integrate and automate critical business applications.

      • Canonical/Ubuntu Family

        • Ubuntu Fridge | Ubuntu Weekly Newsletter Issue 703

          Welcome to the Ubuntu Weekly Newsletter, Issue 703 for the week of September 26 – October 2, 2021.

        • Mir 2.5 Released With Wayland Extension Updates For Better Handling On-Screen Keyboards – Phoronix

          Canonical continues advancing their Wayland-based Mir stack for embedded and IoT use-cases. Out today is Mir 2.5 with the latest features as they work to provide better support for on-screen keyboards.

          Mir 2.5 adds support for the zwp_virtual_keyboard_v1 to allow more Wayland on-screen keyboards to work with Mir. The Squeekboard keyboard is also benefiting from this release with zwp_text_input_v3 and zwp_input_method_v2 also now supported. With these additions more on-screen keyboards should work with Mir.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Securing Connections: Disabling 3DES in Firefox 93

            As part of our continuing work to ensure that Firefox provides secure and private network connections, it periodically becomes necessary to disable configurations or even entire protocols that were once thought to be secure, but no longer provide adequate protection. For example, last year, early versions of the Transport Layer Security (TLS) protocol were disabled by default.

            One of the options that goes into configuring TLS is the choice of which encryption algorithms to enable. That is, which methods are available to use to encrypt and decrypt data when communicating with a web server?

          • Mozilla Security Blog: Firefox 93 protects against Insecure Downloads

            Downloading files on your device still exposes a major security risk and can ultimately lead to an entire system compromise by an attacker. Especially because the security risks are not apparent. To better protect you from the dangers of insecure, or even undesired downloads, we integrated the following two security enhancements which will increase security when you download files on your computer.

          • The Mozilla Blog: News from Firefox Focus and Firefox on Mobile

            One of our promises this year was to deliver ways that can help you navigate the web easily and get you quickly where you need to go. We took a giant step in that direction earlier this year when we shared a new Firefox experience. We were on a mission to save you time and streamline your everyday use of the browser. This month, we continue to deliver on that mission with new features in our Firefox on mobile products. For our Firefox Focus mobile users, we have a fresh redesign plus new features including shortcuts to get you faster to the things you want to get to. This Cybersecurity Awareness month, you can manage your passwords and take them wherever you go whenever you use your Firefox on Android mobile app.

          • 93.0 Firefox Release
          • Firefox 93.0

            Firefox 93.0 has been released. With this version Firefox supports the new AVIF image format, which is based on the modern and royalty free AV1 video codec. The PDF viewer supports filling more forms, such as XFA-based forms used by multiple governments and banks. Downloads that rely on insecure connections are blocked, protecting against potentially malicious or unsafe downloads. Details on these features and more can be found in the release notes.

          • Firefox 93 features an improved SmartBlock and new Referrer Tracking Protections

            We are happy to announce that the Firefox 93 release brings two exciting privacy improvements for users of Strict Tracking Protection and Private Browsing. With a more comprehensive SmartBlock 3.0, we combine a great browsing experience with strong tracker blocking. In addition, our new and enhanced referrer tracking protection prevents sites from colluding to share sensitive user data via HTTP referrers.

          • Tab Unloading in Firefox 93 – Mozilla Hacks – the Web developer blog

            Starting with Firefox 93, Firefox will monitor available system memory and, should it ever become so critically low that a crash is imminent, Firefox will respond by unloading memory-heavy but not actively used tabs. This feature is currently enabled on Windows and will be deployed later for macOS and Linux as well. When a tab is unloaded, the tab remains in the tab bar and will be automatically reloaded when it is next selected. The tab’s scroll position and form data are restored just like when the browser is restarted with the restore previous windows browser option.

            On Windows, out-of-memory (OOM) situations are responsible for a significant number of the browser and content process crashes reported by our users. Unloading tabs allows Firefox to save memory leading to fewer crashes and avoids the associated interruption in using the browser.

            We believe this may especially benefit people who are doing heavy browsing work with many tabs on resource-constrained machines. Or perhaps those users simply trying to play a memory-intensive game or using a website that goes a little crazy. And of course, there are the tab hoarders, (no judgement here). Firefox is now better at surviving these situations.

            We have experimented with tab unloading on Windows in the past, but a problem we could not get past was that finding a balance between decreasing the browser’s memory usage and annoying the user because there’s a slight delay as the tab gets reloaded, is a rather difficult exercise, and we never got satisfactory results.

          • Firefox 93.0 Released! Adds AVIF Support & Blocks Insecure Downloads | UbuntuHandbook

            Mozilla Firefox 93.0 was officially released today. The release features AVIF image support and further security improvements.

            The AV1 image format (AVIF) is an image file format for storing images or image sequences compressed with AV1 in the HEIF file format. It offers significant file size reduction compare to JPEG, PNG and WebP. Google Chrome added it support since version 85. By releasing v93.0, Firefox now has AVIF image support.

            Some PDF files have interactive fields to fill in data. Since Firefox 83, the built-in PDF viewer supports filling fields such as text, check boxes, and radio buttons. In the new release, it adds more forms (XFA-based forms, used by multiple governments and banks) support.

      • CMS

        • The Month in WordPress: September 2021

          That was Josepha Haden on the “A Sneak Peek at WordPress 5.9” episode of the WP Briefing Podcast, talking about what goes into a WordPress release like version 5.9. Read on to find out more about updates on the latest release and the latest WordPress news from September 2021.

      • FSFE

        • Google, FSFE & Child labor

          FSFE, one of Google’s mouthpieces in the free software world, has announced a dubious competition called Youth Hacking 4 Freedom.

          The target audience is between 14 and 18 years of age. Participants compete by working for free. There are numerous cases where people completed work for Google Summer of Code and they were not paid yet the rules for YH4F are even worse and the victims are younger. Google Code-In was a similar program targetting teenagers between 13 and 17 years. Google gave the child laborers t-shirts and certificates in lieu of payment. It looks like ethical concerns may have been a factor in Google’s decision to mothball the Google Code-In last year. Yet a program that is even more demanding has appeared in a Google proxy organization, the FSFE.

          A recent news story gives various examples of Google trying to obfuscate controversial employment practices. Child labor crosses a red line.

      • FSF

        • Life’s better together when you avoid Windows 11

          October 5 marks the official release of Windows 11, a new version of the operating system that doesn’t do anything at all to counteract Windows’ long history of depriving users of freedom and digital autonomy. While we might have been encouraged by Microsoft’s vague, aspirational slogans about community and togetherness, Windows 11 takes important steps in the wrong direction when it comes to user freedom.

          Microsoft claims that “life’s better together” in their advertising for this latest Windows version, but when it comes to technology, there is no surer way of keeping users divided and powerless than nonfree software. Developing nonfree software is an inherently antisocial act, for it is intentionally choosing to create an unjust power structure, in which a developer knowingly keeps users powerless and dependent by withholding information. Increasingly, this involves not only withholding the source code itself, but even basic information on how the software works: what it’s really doing, what it’s collecting, and how often it’s snitching on users. “Snitching” may sound dramatic, but Windows 11 will now require a Microsoft account to be connected to every user account, granting them the ability to correlate user behavior with one’s personal identity. Even those who think they have nothing to hide should be wary of sharing potentially all of their computing activity with any company, much less one with a track record of abuse like Microsoft.

      • Programming/Development

        • Can Cross-Platform Development Prepare You for the Next Chip Shortage?

          Most car manufacturers across the globe are suffering from the chipset shortage. Manufacturers in other industries are slowing down their production for the same reason. Except a few. How are they doing it? How can other companies do the same?

          Some car manufacturers – or OEMs (Original Equipment Manufacturers) – have chosen to build their own chips. Some of them work with their governments to create a local chipset industry. But there is one strategy that could be the most effective: Flexible Chip Sourcing.

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

          • RHEL Clones

            • CentOS Kmods SIG Working On exFAT, WireGuard Additions

              Created this year has been the CentOS Kmods special interest group for dealing with deprecated device support and out-of-tree modules. This Kmods SIG has begun crafting their initial set of extra kernel modules for use on CentOS.

              The CentOS Kmods SIG published their quarterly report today about their activities maintaining and packaging extra kernel modules for CentOS Stream.

            • What AlmaLinux Foundation Membership Means for You

              Hello Community. Today we announced that membership in the AlmaLinux Foundation is now open to everyone (It’s 100% Free). First of all, many are probably asking what is this? Second, who cares? I wanted to take a few brief moments to share some insight, some feelings and hopefully explain why this is so important.

              When CentOS was initially founded by Lance Davis in 2004 no one really knew how fundamentally important it would grow to become in the Linux ecosystem–as a concept, as a distribution and really as a lynchpin of the modern internet. The concept of a community-driven OS, which drew upon an enterprise grade base made freely and widely available was a real novelty. As far as the technical aspect, the “entOS” part of CentOS, it has been resoundingly successful.

              However, the “C” part of CentOS, Community, got lost somewhere along the way. If the plan was to ensure that it would always be in the hands of the community, the contributors and the people, to own and to control, CentOS never really managed to fulfill that ultimate purpose of community ownership.

              CentOS has never been an organization with its own standing, it was always a loose collective of people. Throughout its history (which is a topic for another time) it has been wheeled and dealed, held hostage, transferred, fought about, bought and sold from one party to the next, ultimately landing at Red Hat. They own the Intellectual Property behind CentOS and are free and able to take it in whatever direction they want, as we have seen.

            • AlmaLinux Foundation opens membership

              The AlmaLinux Foundation has opened membership to everyone.

            • CentOS Replacement AlmaLinux Becomes a Membership-Centered Project

              Today, the AlmaLinux Foundation announced a membership program as a step to assure that the Linux distribution will be a community owned and governed project that’s not subject to the whims of a single corporate sponsor.

              This was a promise that Igor Seletskiy, CloudLinux’s founder and CEO, made when he announced that his company would spend up to $1 million yearly to start and fund a new Linux distribution to replace CentOS Linux, after Red Hat announced that it was in the process of removing support for CentOS as a freely available downstream replacement for it’s flagship product, Red Hat Enterprise Linux.

        • Security

          • Google Launched a Secure Open Source (SOS) Program for Developers [Ed: PR stunt from company that undermines security and privacy because that's just its business model]

            Google starts the Secure Open Source (SOS) Rewards pilot program run by the Linux Foundation with initial sponsorship of $1 million.

            Google has announced that it’s sponsoring a new open source security program hosted by the Linux Foundation. The Secure Open Source (SOS) Rewards pilot program provides financial incentives for developers working on security around critical open source projects.

          • New Program Rewards Developers for Securing Open Source Software

            Google is making a $1 million investment in the Secure Open Source (SOS) Rewards pilot program, according to a recent announcement.

            The SOS program “financially rewards developers for enhancing the security of critical open source projects that we all depend on” and is run by the Linux Foundation with sponsorship from the Google Open Source Security Team.

          • WordPress, Linux Users in Danger of New Malware: Major Warning Signs of Capoae Attack [Ed: What does this have to do with Linux???]

            A new malware has been spotted attacking Linux systems and WordPress installations. The malware called Capoae is rapidly growing as a favorite tool among hackers and threat actors because of its cross-platform capabilities, easy installation and fast infection rate.

          • ROS CVE alert; ensuring security for robotics

            Open Robotics has registered a CVE that affects ROS Kinetic, Melodic and Noetic. CVE stands for Common Vulnerabilities and Exposures, and it’s an international system that provides a method for publicly sharing information on cybersecurity vulnerabilities and exposures. This specific CVE affects ROS users.

            “An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.”

            Open Robotics has already built and tested the security patch and has made the fix available to the community (e.g. Melodic update). So if you haven’t upgraded your ROS stack, please do so.

          • OpenLogic by Perforce Announces New Download Hub for Enterprise Linux [Ed: Microsoft-connected proxy]
          • A Closer Look at NSA/CISA Kubernetes Hardening Guidance [Ed: NSA involvement in Kubernetes does not make Kubernetes seem any more secure; quite the contrary and the companies involved here got exposed working for NSA (in Snowden leaks)]

            USA’s National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released, “Kubernetes Hardening Guidance” on August 3rd, 2021. The guidance details threats to Kubernetes environments and provides secure configuration guidance to minimize risk.

            The following sections of this blog correlate to the sections in the NSA/CISA guidance. Any missing sections are skipped because of limited opportunities to add anything new to the existing content.

            Note: This blog post is not a substitute for reading the guide. Reading the published guidance is recommended before proceeding as the following content is complementary.

          • Be Cyber Smart During Cybersecurity Awareness Month [Ed: They put back doors in things and then they cheer for "Cybersecurity Awareness Month"]

            CISA and the National Cybersecurity Alliance (NCSA) remind users to continue to “Do Your Part. #BeCyberSmart.” during October—2021’s Cybersecurity Awareness Month!

          • Wladimir Palant: Abusing Keepa Price Tracker to track users on Amazon pages

            As we’ve seen before, shopping assistants usually aren’t a good choice of browser add-on if you value either your privacy or security. This impression is further reinforced by Keepa, the Amazon Price Tracker. The good news here: the scope of this extension is limited to Amazon properties. But that’s all the good news there are. I’ve already written about excessive data collection practices in this extension. I also reported two security vulnerabilities to the vendor.

            Today we’ll look at a persistent Cross-Site Scripting (XSS) vulnerability in the Keepa Box. This one allowed any attackers to track you across Amazon web properties. The second vulnerability exposed Keepa’s scraping functionality to third parties and could result in data leaks.

          • Privacy/Surveillance

            • Big ID, bad idea: busting ID myths that are endangering human rights – Access Now

              Big ID programs — frequently involving biometric data collection — are being rolled out across the globe. Similar to Big Tech, Big ID refers to the market of actors selling and profiting from digital identification systems and infrastructure. They regularly aim to replace or complement government identification systems with digital ones, often endangering the human rights of those the people they’re supposed to benefit. Access Now’s new report, Busting the dangerous myths of Big ID programs: cautionary lessons from India, turns a human rights lens on these new systems, unpacking real-life case studies from India to distinguish fact from fiction. Read the full report, and the report snapshot.

              “India’s Big ID program, Aadhaar, was a bad idea that had a disastrous impact on peoples’ human rights. We must not let this be replicated around the globe,” Ria Singh Sawhney, Asia Pacific Policy Fellow at Access Now. “If we don’t seriously reevaluate Big IDs, and debunk the myths used to sell them, we are entering a dystopian future where biometric surveillance is normalized, the indignity of arbitrary exclusions are justified, and peoples’ data is no longer considered their own.”

              [...]

              India’s experience with Aadhaar underlines the dangers of these programs, and neighboring Afghanistan is showcasing how truly perilous a centralized biometric database can be. Big ID myths must be debunked before these programs spread further.

    • AstroTurf/Lobbying/Politics

      • Yanis Varoufakis: Angela Merkel Was Bad for Europe and the World

        Angela Merkel’s tenure will be remembered as Germany’s, and Europe’s, cruelest paradox. On the one hand, she dominated the continent’s politics like no other peacetime leader — and is leaving the German chancellery considerably more powerful than she had found it. But the way she built up this power condemned Germany to secular decline and the European Union to stagnation.

    • Civil Rights/Policing

      • [Older] The New Puritans

        Social codes are changing, in many ways for the better. But for those whose behavior doesn’t adapt fast enough to the new norms, judgment can be swift—and merciless.

        [...]

        The interaction between the angry mob and the illiberal bureaucracy engenders a thirst for blood, for sacrifices to be offered to the pious and unforgiving gods of outrage.

    • Monopolies

      • Patents

        • New PatentlyO L.J. Article: The AIA at Ten – How Much Do the Pre-AIA Prior Art Rules Still Matter? [Ed: Patent maximalists hate patent quality with a passion, so of course they're still protesting AIA and PTAB (which came with it); the litigation 'industry' should have exactly zero influence in policy surrounding patents if the patent system exists for science]

          As the America Invents Act (AIA) turns 10, patent students across the country may be asking: if the law is already a decade old, why am I spending so much time learning pre-AIA law? Though patents filed before the transition date will remain in force up through March 2033, a good 10+ years away, teachers may also be wondering which regime to emphasize and for how long the pre-AIA rules will still be considered fundamental rather than footnote material. We address these questions empirically by analyzing the effective dates of patents and patent applications currently being litigated or pursued. Our analysis resoundingly confirms that both regimes matter and that the pre-AIA prior art regime appears likely to continue to be relevant for much of the next decade. But how much it matters depends: as the graphs below show, patent lawsuits overwhelmingly continue to feature pre-AIA patents. We estimate that ~90% of patent litigations initiated in 2020 included a patent with an effective filing date before the AIA transition date of March 16, 2013. But the inverse is true of patents currently being prosecuted: ~94+ of applications currently pending before the USPTO, we estimate, are governed by the AIA. In the accompanying PatentlyO Bar Journal article, The AIA at Ten – How Much Does the Pre-AIA Prior Art Regime Still Matter?, 2021 Patently-O Patent Law Journal 35, we explain our methods, sources, and approach and how pre- and post-AIA law are likely to both remain important for some time but that the distinction doesn’t necessarily matter in the vast majority of cases.

        • Court Of Appeal Upholds Validity Of Pharmaceutical Patent Claims With Functional Limitations: FibroGen Inc v Akebia Therapeutics Inc [2021] EWCA Civ 1279 [Ed: Nowadays you don't often hear about patents being UPHELD in courts because patent quality decreased a lot]

          The UK Court of Appeal has reviewed the law on insufficiency and its application to claims with both structural and functional limitations. In doing so the court has explained how the concepts of plausibility and undue burden should be applied when assessing the sufficiency of claims of this type, in particular to the requirement that it must be possible to perform the invention across the breadth of the claim.

      • Trademarks

        • FRANCE.COM: Trademark Transferred to French Government without Recourse in US Courts

          When you visit the website france.com, you’ll be quickly redirected to the French government’s explore-France travel site: france.fr. But, the US-company France.com, Inc. believes that the country stole the .com site. The case is now pending before the Supreme Court on petition for writ of certiorari is France.com v. The French Republic, Docket No. 21-448 (Supreme Court 2021).

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Links 3/12/2021: GNU Poke 1.4 and KDDockWidgets 1.5.0

    Links for the day



  2. IRC Proceedings: Thursday, December 02, 2021

    IRC logs for Thursday, December 02, 2021



  3. Links 3/12/2021: Nitrux 1.7.1 and Xen 4.16 Released

    Links for the day



  4. Links 2/12/2021: OpenSUSE Leap 15.4 Alpha, Qt Creator 6

    Links for the day



  5. The EPO's “Gender Awareness Report”

    There’s a new document with remarks by the EPO’s staff representatives and it concerns opportunities for women at the EPO — a longstanding issue



  6. IRC Proceedings: Wednesday, December 01, 2021

    IRC logs for Wednesday, December 01, 2021



  7. EPO Staff Committee Compares the Tactics of António Campinos to Benoît Battistelli's

    The Central Staff Committee (CSC) of the EPO talks about EPO President António Campinos, arguing that “he seems to subscribe to the Manichean view, introduced by Mr Battistelli…”



  8. Prof. Thomas Jaeger in GRUR: Unified Patent Court (UPC) “Incompatible With EU Law“

    The truth remains unquestionable and the law remains unchanged; Team UPC is living in another universe, unable to accept that what it is scheming will inevitably face high-level legal challenges (shall that become necessary) and it will lose because the facts are all still the same



  9. Links 1/12/2021: LibrePlanet CFS Extended to December 15th and DB Comparer for PostgreSQL Reaches 5.0

    Links for the day



  10. EPO Cannot and Will Not Self-Regulate

    The term financialisation helps describe some of the activities of the EPO in recent years; see Wikipedia on financialisation below



  11. [Meme] Germany's Licence to Break the Law

    Remember that the young Campinos asked dad for his immunity after he had gotten drunk and crashed the car; maybe the EPO should stop giving diplomatic immunity to people, seeing what criminals (e.g. Benoît Battistelli) this attracts; the German government is destroying its image (and the EU’s) by fostering such corruption, wrongly believing that it’s worth it because of Eurozone domination for patents/litigation



  12. EPO Dislikes Science and Scientists

    The EPO's management has become like a corrupt political party with blind faith in money and monopolies (or monopoly money); it has lost sight of its original goals and at this moment it serves to exacerbate an awful pandemic, as the video above explains



  13. Links 1/12/2021: LibreOffice 7.3 Beta, Krita 5.0, Julia 1.7

    Links for the day



  14. Links 1/12/2021: NixOS 21.11 Released

    Links for the day



  15. IRC Proceedings: Tuesday, November 30, 2021

    IRC logs for Tuesday, November 30, 2021



  16. Links 1/12/2021: Tux Paint 0.9.27 and WordPress 5.9 Beta

    Links for the day



  17. [Meme] EPO Administrative Council Believing EPO-Bribed 'Media' (IAM Still Shilling and Lying for Cash)

    IAM continues to do what brings money from EPO management and Team UPC, never mind if it is being disputed by the patent examiners themselves



  18. The EPO's Mythical “Gap” Has Been Found and It's Bonuses for People Who Use Pure Fiction to Steal From Patent Examiners

    The phony president who has the audacity to claim there's a budget gap is issuing millions of euros for his enablers to enjoy; weeks ahead of the next meeting of national delegates the Central Staff Committee (CSC) tells them: "Events show that the delegations’ concerns about functional allowances have materialised. The lack of transparency and inflation of the budget envelope gives rise to the suspicion that high management is pursuing a policy of self-service at the expense of EPO staff, which is difficult to reconcile with the Office’s claimed cost-saving policy, and to the detriment of the whole Organisation."



  19. Video: Making the Internet a Better Place for People, Not Megacorporations

    Following that earlier list of suggested improvements for a freedom-respecting Internet, here's a video and outline



  20. Links 30/11/2021: KDE Plasma 5.23.4, 4MLinux 38.0, Long GitHub Downtime, and Microsoft's CEO Selling Away Shares

    Links for the day



  21. A Concise Manifesto For Freedom-Respecting Internet

    An informal list of considerations to make when reshaping the Internet to better serve people, not a few corporations that are mostly military contractors subsidised by the American taxpayers



  22. Freenode.net Becomes a 'Reddit Clone' and Freenode IRC is Back to Old Configurations After Flushing Down Decades' Worth of User/Channel Data and Locking/Shutting Out Longtime Users

    Freenode is having another go; after “chits” and “jobs” (among many other ideas) have clearly failed, and following the change of daemon (resulting in massive loss of data and even security issues associated with impersonation) as well as pointless rebrand as “Joseon”, the domain Freenode.net becomes something completely different and the IRC network reopens to all



  23. Jack Dorsey's Decision is a Wake-up Call: Social Control Media is Just a Toxic Bubble

    The state of the World Wide Web (reliability, preservation, accessibility, compatibility etc.) was worsened a lot more than a decade ago; with social control media that’s nowadays just a pile of JavaScript programs we’re basically seeing the Web gradually turning into another Adobe Flash (but this time they tell us it’s a “standard”), exacerbating an already-oversized ‘bubble economy’ where companies operate at a loss while claiming to be worth hundreds of billions (USD) and generally serve imperialistic objectives by means of manipulation like surveillance, selective curation, and censorship



  24. IRC Proceedings: Monday, November 29, 2021

    IRC logs for Monday, November 29, 2021



  25. Links 29/11/2021: NuTyX 21.10.5 and CrossOver 21.1.0

    Links for the day



  26. This Apt Has Super Dumbass Powers. Linus Sebastian and Pop_OS!

    Guest post by Ryan, reprinted with permission



  27. [Meme] Trying to Appease Provocateurs and Borderline Trolls

    GNU/Linux isn’t just a clone of Microsoft Windows and it oughtn’t be a clone of Microsoft Windows, either; some people set themselves up for failure, maybe by intention



  28. Centralised Git Hosting Has a Business Model Which is Hostile Towards Developers' Interests (in Microsoft's Case, It's an Attack on Reciprocal Licensing and Persistent Manipulation)

    Spying, censoring, and abusing projects/developers/users are among the perks Microsoft found in GitHub; the E.E.E.-styled takeover is being misused for perception manipulation and even racism, so projects really need to take control of their hosting (outsourcing is risky and very expensive in the long run)



  29. Links 29/11/2021: FWUPD's 'Best Known Configuration' and Glimpse at OpenZFS 3.0

    Links for the day



  30. President Biden Wants to Put Microsofter in Charge of the Patent Office, Soon to Penalise Patent Applicants Who Don't Use Microsoft's Proprietary Formats

    The tradition of GAFAM or GIAFAM inside the USPTO carries on (e.g. Kappos and Lee; Kappos lobbies for Microsoft and IBM, whereas Lee now works for Amazon/Bezos after a career at Google); it's hard to believe anymore that the USPTO exists to serve innovators rather than aggressive monopolists, shielding their territory by patent threats (lawsuits or worse aggression) and cross-licensing that's akin to a cartel


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts