Gemini version available ♊︎

Links 30/10/2021: End of Project Trident and GNU/Linux Easily Beats Vista 11

Posted in News Roundup at 5:29 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Audiocasts/Shows

    • Kernel Space

      • What 30 Years of Linux Taught the Software Industry [Ed: How to rewrite history and pretend GNU never existed and does not exist]

        Linux has become the largest collaborative development project in the history of computing over the last 30 years. Reflecting on what made this possible and how its open source philosophy finally imposed itself in the industry can offer software vendors valuable lessons from this amazing success story.
        The web may not have reached full adulthood yet, but it has already crafted its own mythology.
        August 25, 1991: Linus Torvalds, a 21-year-old university student from Finland, writes a post to a Usenet group: “Hello everybody out there using minix — I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386 (486) AT clones […]”. A few weeks later, the project, which will eventually be known as Linux, is published for the first time.

      • Graphics Stack

        • Mesa’s Radeon Vulkan Driver “RADV” Prepares Experimental Mesh Shaders – Phoronix

          Mesa’s Radeon Vulkan open-source driver “RADV” is preparing to introduce experimental support for mesh shaders.

          Patches on Friday were posted providing experimental support for mesh shaders as outlined via the NV_mesh_shader specification. Mesh shaders are working but task shaders are not yet implemented — though developers say that support should be coming soon. Mesh shaders provide a compute-like shader stage to replace the conventional vertex/geometry pipeline. More background information on mesh shaders can be found via this NVIDIA blog post back from when they introduced the capability with Turing GPUs.

    • Benchmarks

      • Linux runs better than Windows 11

        2022 could be the year of Linux on the Desktop

        With Windows 11 out as stable and the initial round of updates coming out, benchmarks are starting to compare the new OS with what is out there.

        According to Phoronix, Linux benchmarks against Windows 11 Intel Core i9 11900K Rocket Lake system look rather good.

        The Windows 11 performance was being compared to all of the latest prominent Linux distributions, including: Ubuntu 20.04.3 LTS, Ubuntu 21.10, Arch Linux (latest rolling), Fedora Workstation 35, Clear Linux 35150. All the testing was done on the same Intel Core i9 11900K test system at stock speeds (any frequency differences reported in the system table come down to how the information is exposed by the OS, i.e. base or turbo reporting) with 2 x 16GB DDR4-3200 memory, 2TB Corsair Force MP600 NVMe solid-state drive, and an AMD Radeon VII graphics card.

      • Linux Distros Beat Windows 11 in Phoronix Performance Testing – Slashdot

        Phoronix ran some fun performance tests this week. “Now that Windows 11 has been out as stable and the initial round of updates coming out, I’ve been running fresh Windows 11 vs. Linux benchmarks for seeing how Microsoft’s latest operating system release compares to the fresh batch of Linux distributions.”

    • Applications

      • Stargate Is The Newest Open-Source Digital Audio Workstation

        While Ardour is arguably the most well known open-source digital audio workstation (DAW) solution, there are also other offerings like Zrythm and others while now “Stargate” is the newest option available.

        Stargate is an open-source digital audio workstation with an aim to provide “everything you need to make music on a computer.” The free software project aims for a “unique and carefully curated experience”, function on older hardware while scaling to today’s modern multi-core systems, provide robust stability, and work across the vast open-source/Linux ecosystem.

      • Sebastian Pölsterl: scikit-survival 0.16 released

        I am proud to announce the release if version 0.16.0 of scikit-survival, The biggest improvement in this release is that you can now change the evaluation metric that is used in estimators’ score method. This is particular useful for hyper-parameter optimization using scikit-learn’s GridSearchCV. You can now use as_concordance_index_ipcw_scorer, as_cumulative_dynamic_auc_scorer, or as_integrated_brier_score_scorer to adjust the score method to your needs. The example below illustrates how to use these in practice.

      • OpenVDB 9.0 Released With NanoVDB GPU Support – Phoronix

        OpenVDB is the software open-sourced by DreamWorks Animations that is now part of the Academy Software Foundation as a sparse volume data structure and associating tooling with a particular focus on visual effects and animations for film production. OpenVDB 9.0 is out today as the latest major update to this library.

    • Instructionals/Technical

      • Ubuntu Server tips and tricks for installation and beyond

        Ubuntu Server is a GNU/Linux distribution developed by Canonical and offers economical technical scalability for your public or private data center. From deploying an OpenStack cloud to a 50,000-node render farm, Ubuntu Server can handle it all.

        TechRepublic contributor Jack Wallen said it best, “Ubuntu Server doesn’t just work well in the cloud, it rules the cloud. For small- to mid-size businesses looking for a cost-effective server solution, Ubuntu should be your first stop.”

      • How to install AppImages on Linux the easy way

        AppImages are helpful on Linux. With them, users are able to download Linux programs and run them without the need to install anything. However, AppImages don’t integrate within the Linux system like other programs.

        If you use a lot of AppImages on your Linux PC but don’t like to take the time to configure the AppImage manually, create a shortcut icon, and add it to the menu, you’ll love AppImageLauncher.

        What is AppImageLauncher? It’s an app that, once installed, can auto-detect when an AppImage is run on Linux, automatically create a shortcut, and add it to a folder on your computer. Here’s how to get it working on your Linux system.

      • How to Install and Configure Docker Compose on Ubuntu 20.04

        Docker Compose is a command-line tool for managing multiple Docker containers. It is a tool for building isolated containers through the YAML file to modify your application’s services.

        On the other hand, Ubuntu 20.04 feels more stable and easy to use, and as a result, users consider the operations running more smoothly, compared to some previous versions. Still, some users have issues while installing certain apps and software. Such is the case with Docker Compose.

        In the following tutorial, we will show you how to install Docker Compose on Ubuntu 20.04 server.

      • How to set up an Apache web server with Webmin on Ubuntu Server

        Apache is an excellent web server tool that works on Ubuntu. However, it’s not the easiest to set up. Thankfully, if you use Webmin on your Ubuntu Server system, you can set it up real easy right in the Webmin UI.

        This guide will show you how you can set up an Apache web server on Ubuntu Server with Webmin. We’ll also show you how you can manage it with the Webmin web UI interface.

      • How to Install Rocket.Chat Server for Team Communication | LinuxCloudVPS

        Communication is one of the most important pillars of every company. There are solutions for business needs or for corporate use, such as Rocket.Chat, Slack, Hangouts, Flock, as well as messengers for everyday communication, such as Skype, WhatsApp, Telegram, and others.

        Currently, Rocket.Chat is one of the most popular and widely used team communication apps available. How can you set things up and start using this tool for your team? In this article, we will deploy Rocket.Chat server in a Cloud PaaS environment. You’ll set up a custom domain, and we’ll secure our application with an SSL certificate.

      • How to run Mongodb with Docker and Docker-Compose – Citizix

        In this guide we are going to explore how to run Mongodb locally with docker and docker compose. This can be helpful if you want to run Mongodb locally without installing it in your server or if you want to run multiple versions of Mongodb seamlessly.

      • How To Install Mantis Bug Tracker on AlmaLinux 8 – idroot

        In this tutorial, we will show you how to install Mantis Bug Tracker on AlmaLinux 8. For those of you who didn’t know, Mantis Bug Tracker (MantisBT) is a free, open-source, and web-based bug tracking software written in PHP. It is simple, easy to use, user-friendly, and comes with a lot of tools that help you collaborate with teams to resolve bugs and issues quickly. It offers a rich set of features including, Notification via email, Role-based access control, Projects, sub-projects, and category support, Issue relationship graph, customizable dashboard, and many more.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MantisBT free web-based bug tracking system on AlmaLinux 8. You can follow the same instructions for CentOS and Rocky Linux.

      • How To Create and Manage Virtual Machines in KVM

        In Linux operating systems, there are many ways to create and manage virtual machines and hypervisors for running another operating system on your host computer. Using the KVM (Kernel-based Virtual machine) is one of the best ways for creating and managing virtual machines. Managing virtual machines are equally important as creating them on Linux. Because if you’re a professional Linux system admin or a person who needs to test and run applications on a different virtual machine, the chances are that you would mess with the hypervisor.

      • How to Install ImageMagick on Rocky Linux 8 – LinuxCapable

        ImageMagick is a free, open-source application installed as a binary distribution or as a source code. ImageMagick can convert, read, write and process raster images. ImageMagick is also available across all major platforms, including Android, BSD, Linux, Windows, Mac OSX, iOS, and many others.

        In the following tutorial, you will learn how to install ImageMagick on Rocky Linux 8 using the DNF or Source installation method.

      • How to Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Rocky Linux 8 – LinuxCapable

        WordPress is the most dominant content management system written in PHP, combined with MySQL or MariaDB database. You can create and maintain a site without any prior knowledge in web development or coding. The first version of WordPress was created in 2003 by Matt Mullenweg and Mike Little and is now used by 70% of the known web market, according to W3Tech. WordPress comes in two versions: the free open source WordPress.org and WordPress.com, a paid service that starts at $5 per month up to $59. Using this content management system is easy and often seen as a stepping stone for making a blog or similar featured site.

        In the following tutorial, you will learn how to install self-hosted WordPress using the latest Nginx, MariaDB, and PHP versions available.

      • How to set up a PostgreSQL database server with Webmin on Ubuntu Server

        PostgreSQL is a lightweight, advanced databasing tool for Linux and other platforms. It is well supported on Ubuntu, but setting one up and managing it through the terminal can be pretty annoying.

        There’s a better way you can set up a PostgreSQL database server on Ubuntu. How? With Webmin, the modern admin interface for Unix systems. Here’s how to use Webmin to create a PostgreSQL database on your Ubuntu system.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDE Connect Is Finally Coming to iPhone

          If you’re looking for an easy way to make your iPhone play nice with your KDE desktop, today is your lucky day, as KDE Connect is finally available as an iPhone app (click the article titled “KDE Connect iOS Enters Public TestFlight Testing!”), albeit in beta form.

          To take advantage of KDE Connect on iPhone, you’ll need to jump through a couple of hoops. First, you’ll need to go to this TestFlight link to get set up to test the beta of the KDE Connect app. Additionally, you’ll need to be on iOS 15 for the app to run, so you’ll need to make sure your iPhone is updated.

          Before downloading the app, you can also check out the source repository of KDE Connect iOS to make sure everything looks good.

    • Distributions

      • Project Trident: Project Trident Sunset

        It is with great sadness that we are announcing that Project Trident will be entering is “sunset” period starting Nov 1 of 2021 and will be closing up shop in March of 2022. The core team of the project has come to this decision together. With changes and events over the past two years in life, jobs, family, etc; our individual priorities have changed as well.

        We will keep the Project Trident package repository and websites up and running until the EOL date of March 1, 2022, but we strongly encourage users to begin looking for alternative desktop OS solutions over the coming new year holiday.

        Thank you all for your support and encouragement! The project had a good run and we thoroughly enjoyed getting to know many of you over the years.

      • Void-Linux-Powered Project Trident To Cease Operations

        Project Trident had been an operating system originally based on TrueOS/FreeBSD before shifting to Void Linux as its base and worked on various innovations like OpenZFS-based root installations but now the developers behind the ambitious advanced desktop OS project have decided to call it quits.

      • elementary OS 6 Updates for October, 2021

        New OS 6 updates just dropped! This month features a heavy round of creature comforts, healed paper cuts, and paid off technical debt. Plus, a big win for cross-desktop compatibility.

      • BSD

        • iXsystems’ TrueNAS SCALE Now Available on TrueNAS M-Series, R-Series, and Minis

          TrueNAS SCALE reached an important milestone today when TrueNAS SCALE 22.02-RC1 was released after 12 months of Alpha and Beta testing by over 4,000 TrueNAS Community members. This release includes scale-out file and object (S3) storage services as well as a wide range of containerized applications, supported on a Kubernetes platform. TrueNAS SCALE is now available for ordering and shipping on a wide range of TrueNAS platforms, including the TrueNAS M-Series, R-Series, and even Minis.

      • Gentoo Family

      • IBM/Red Hat/Fedora

        • A Proper Accounting Of The Power Business – IT Jungle [Ed: For over a decade this author has been paid by IBM to write these pro-IBM puff pieces]

          Big Blue might be preparing for the spinout of its Kyndryl managed services company, now slated for early November, and its new financial presentations, which we reviewed two weeks ago, but that task is not yet done and until it is we are still getting the same financial view of IBM in the third quarter of 2021 ended in June. It was not a particularly memorable quarter when it came to IBM Systems group.

        • 7 ways anyone can contribute to Open Practice Library [Ed: IBM/RedHat: help our openwashing nonsense by creating an account with Microsoft to participate in their attack on Software Freedom (GitHub is proprietary software)]

          The Open Practice Library is a community-driven collection of practices for teams to use in support of working together. A “practice” is a behavior or “trick” that teams use to improve how they achieve their goals. Sometimes those goals are technical, like programming and IT, but all teams can use help defining their practices. Whether you’re a teacher, event planner, salesperson, or artist, the process is important. When you’re a team, getting on the same page is vital, and that’s what the Open Practice Library can help you do.

      • OpenEmbedded/EasyOS

        • libcamera compiled in OpenEmbedded

          It is annoying: the latest version of libcamera requires ‘meson’ 0.55.0 to compile, whereas OE Dunfell release only has 0.53.0 [...] It’s annoying because one of the reasons developers are moving away from autools to build systems like meson, is because of version breakage.

        • LibreOffice fr de fully translated

          Users of EasyOS 3.0 and 3.1 reported that Libreoffice was not fully translated for the French and German builds.

          I found the problem. When compiled in OpenEmbedded, the translation tarball was not being included when compiling. Fixed.

          Note, I have done a complete OE recompile, this time with ‘pulseaudio’ and ‘jack’ packages. I did this once before, somewhat half-heartedly, then went back to a pure alsa system.

      • Canonical/Ubuntu Family

        • Ubuntu 21.10 released

          Adding Wayland support for NVIDIA drivers is a big improvement, as is the addition of PipeWire. There’s also a big regression in that Ubuntu has moved its Firefox package from deb to a Snap package, something I’d sure manually fix if I were an Ubuntu user.

        • Ubuntu 22.04 – Release Schedule & Features

          Ubuntu 22.04 codename is Jammy Jellyfish. Which is the next LTS (Long Term Support) release of the Ubuntu versions. The development has been started for and the release date for Ubuntu 22.04 is set to April 21, 2022.

          Anyone can download the Ubuntu 22.04 daily build ISO image from its official download page.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Mastodon VS Twitter

        Our approach, for now I think about 2 years, has been to treat Mastodon as the key target network because of all its advantages. It’s FOSS, it’s part of ActivityPub… For those who are not familiar with it, ActivityPub is a decentralized social networking protocol (and an official W3C recommended standard), using a server/client structure communicating through a documented API interface, encouraging decentralization. It does what it claims, and there is anyway an audience on this side of the world too, especially when it comes to Linux users and gamers.

        Then again, there is no reason for us not to send the same content (or at least most of it) to Twitter as well. We can expand our reach to where our readers are. We certainly cannot expect everyone to be on Mastodon (or even know about it!), while we certainly always encourage people to move to more decentralized platforms when possible.

      • Events

      • Web Browsers

        • Mozilla

          • Firefox Browser Is Tooting Its Horn as a Fast Company ‘Brand That Matters’

            Fast Company has put the open source browser Firefox alongside iconic brands such as McDonalds, Ford, Cosmopolitan Magazine, and IBM as a “brand that matters,” and mama Mozilla couldn’t be prouder.

            The monthly print and digital business magazine recently published Brands That Matter, a list of nearly 100 brands it says “have had an undeniable impact on business and culture, far beyond the products they sell.” In addition to Firefox and IBM, tech centered brands making the list include Adobe, Playstation, PayPal, Xbox, and LinkedIn. Other than Mozilla’s browser, no exclusively open source brands are included.

          • Mozilla GFX: Switching the Linux graphics stack from GLX to EGL

            In the upcoming Firefox 94 release we will enable the EGL backend for a big group of our Linux users. This will increase WebGL performance, reduce resource consumption and make our life as developers easier going forward.

          • TenFourFox Development: The current status of DIY TenFourFox

            Due to family and work issues my time has been curtailed for all kinds of things, but at this point, at least, there’s something for you to work with: as promised, the TenFourFox source code has been updated to use 91ESR for the certificate and security base and the roots pulled up accordingly. I’ve also got a few security updates loaded and backported a performance tweak intended for Monterey systems but also yields a small boost on any version of Mac OS X. The browser will now be forever “45.41.6″ (ESR32 SPR6) with the perpetual name “Rolling Release.” This version number will not be revved again without good reason.

            So now it’s time for you to make your first build (and, if you feel adventurous, find a problem and try to fix it, but let’s take baby steps). Officially, we have documentation for that already using MacPorts. A semi-frozen build of MacPorts what I use on my G5: I have three trees, one being the main testing debug tree which pulls from Github, and then two local subtrees that pull from the local debug tree (created with git clone –shared so that they are about 25% the size) which I use to make rolling G5-optimized (for my Quad) and 7450-optimized (for my iMac and iBook) builds. I do my work in the debug tree and make sure everything functions properly, then check it in and git pull and gmake -f client.mk build in the optimized subtrees to roll up the changes. When the subtrees are happy too, I’ll git push from the main debug tree into Github. I consider this as officially supported a solution as presently exists under the circumstances. The Quad runs TenFourFox directly from the G5 subtree now.

      • Productivity Software/LibreOffice/Calligra

        • LibreOffice 7.3 Alpha 1 Tagged With More Open-Source Office Suite Improvements

          LibreOffice 7.3 Alpha 1 was tagged on Friday in the first step towards this next open-source office suite update due out early next year.

          Like usual, the next LibreOffice release should happen in February. LibreOffice 7.3 is working up many more changes as it continues to prove to be a very capable alternative to Microsoft Office. Some of the changes that have accumulated so far for LibreOffice 7.3 include…

      • CMS

        • People of WordPress: Ronald Gijsel

          For WordPress contributor Ronald Gijsel, open source is a lifeline and a perfect place for people with creative minds. It led him on a transformational journey from chef to WordPress e-commerce specialist. Originally from the Netherlands, where he trained in hospitality, he was to find a restorative and energizing power within the WordPress local and global community.

          Ten years ago, life took a sad turn for Ronald and his wife Nihan when their baby daughter passed away only a few days after she was born. At that time, Ronald was a restaurant owner in the UK, working hard in a challenging economic environment. Discovering open source was in many ways his lifeline and helped him and his wife through their considerable heartache. Through this community, a journey to understand the opportunities of the web and new career paths began.

      • FSF

        • GNU Projects

          • Best Photo Editing Software – Subscription-free! [Ed: GIMP is mentioned last here]

            With features such as Layers, Masks, retouching tools and advanced brushes, the ‘GNU Image Manipulation Program’ can be used for all kinds of amazing edits and effects, and all for nothing. But Gimp is not just a free Photoshop alternative, it also represents the work of a wide community of generous coders and developers, who’ve honed it over the years from its beginnings as a simplistic image editor into the slick package available today, one that can hold its own against any of the other choices mentioned here.

            It’s not the easiest image editor to grasp, but the same could be said of Photoshop and Affinity Photo. What’s more, there’s a vast array of presets, helpful tutorials and plug-ins out there that will help you get up and running. Feature-rich, customisable and completely free, Gimp is unique.

        • Licensing/Legal

          • Trump’s Truth Social Platform Accused of Violating AGPL

            Recently, accusations appeared in the press that the “Truth Social” platform are violating the terms of the Affero GPL (AGPL), which applies to the Mastodon software used to run the platform. Truth Social is run by the The Trump Media and Technology Group, which recently announced a SPAC.

            AGPL is a network copyleft license that requires sharing of source code, where the licensed software allows users to interact with it via a network, and the code has been modified from its upstream source.

            On October 21, 2021, Mastadon’s head developer, Eugen Rochko, stated that the software used to run Truth Social is “absolutely is based on Mastodon.” The Verge later reported that “Mastodon has sent former President Donald Trump’s company a formal notification” of breach. Tech Crunch also reported that Mastodon had issued a “30-day ultimatum.”

      • Programming/Development

        • The Eclipse Foundation Partners with China’s OpenAtom on a New Operating System

          The Eclipse Foundation today announced the launch of a top-level project to develop a new open-source, vendor-neutral OS designed to provide an alternative to existing IoT and edge operating systems.

          Called Oniro, the new OS is an implementation of OpenHarmony, a distributed multi-kernel operating system developed by OpenAtom, China’s first open-source foundation. The purpose of Oniro is to provide the same operating system across a much wider range of devices, Mike Milinkovich, the executive director of the Eclipse Foundation, told me, such as a tiny leak sensor in a home and a Raspberry Pi.

        • Dirk Eddelbuettel: RcppQuantuccia 0.1.0 on CRAN: Full QuantLib Business Calendar Support

          Another new release of RcppQuantuccia arrived on CRAN today, just a week after the previous release which brought full calendaring support. RcppQuantuccia started from the Quantuccia header-only subset / variant of QuantLib which it brings it to R.

          As of this release, the QuantLib code is only minimally modified. In other words we no longer follow the Quantuccia route of ‘header-izing’ the file but include both cpp and hpp directly. The minimal changes, documented in a diff file in the repo, consists chiefly of removing includes for headers we do not use (given the pure calendaring focus) and accomodating CRAN Policies (by eschewing #pragma directives). We do follow Quantuccia by not having any external linking requirement: the R package only depends on Rcpp (for the glue) and BH for the Boost headers (and system-level Boost headers can be used as drop-in).

        • Codasip Founder Karel Masařík Elected to RISC-V Technical Steering Committee

          Codasip, the leading supplier of customizable RISC-V processor IP, today announced that Dr Karel Masařík, company founder responsible for the development of Codasip’s core technology, has been elected to the RISC-V Technical Steering Committee (TSC) by RISC-V International Strategic members.

        • Codasip Boosts Studio Processor Design Tools with AXI Automation

          Codasip, the leading supplier of customizable RISC-V processor IP, today announced further enhancements to its Studio processor design toolset. New features in Studio 9.1 include an expanded bus support with full AXI for high-performance designs, as well as improved support for LLVM and improved code density.

          Studio is at the heart of Codasip’s offering to simplify the task of customizing designs, enabling companies of all sizes to differentiate their products at the core. Studio has been the market leader in democratizing processor design since it was launched in 2014. Simplifying processor customization, Studio walks designers through the steps necessary to create their ideal custom RISC-V processor from a Codasip embedded or application core design – ensuring the design achieves predictable results and the highest performance.

    • Standards/Consortia

  • Leftovers

    • Science

    • Hardware

      • Modified Toggle Switches Grace Hyper-Detailed Cockpit Simulator Panels | Hackaday

        In the world of the cockpit simulator hobby, no detail is too small to obsess over. Getting the look and feel of each and every cockpit control just right is important, and often means shelling out for cockpit-accurate parts. But not always, as these DIY magnetically captured toggle switches show.

        Chances are good you’ve seen [The Warthog Project]’s fantastically detailed A-10 Thunderbolt II cockpit simulator before; we’ve featured it recently, and videos from the ongoing build pop up regularly in our feeds. The sim addresses the tiniest of details, including the use of special toggle switches that lock into place automatically using electromagnets. They’re commercially available, but only for those with very deep pockets — depending on the supplier, up to several thousand dollars per unit!

      • Cheap Caliper Hack Keeps ‘Em Running Longer | Hackaday

        Many a hacker is a fan of the cheapest calipers on the market. Manufactured in China and priced low enough that they’re virtually disposable, they get a lot of jobs done in the world where clinical accuracy isn’t required. However, their batteries often die when left in a drawer for a long time. [Ben] was sick of that, and got to hacking.

        The result was a quick-and-dirty mod that allows the calipers to be powered by a AAA battery. The average AAA cell has 5-10 times the capacity of the typical LR44 coin cells used in these devices.

    • Integrity/Availability

      • Let’s Encrypt explains last month’s outages caused by certificate expiration

        Dozens of websites and services reported issues late last month thanks to the expiration of a root certificate provided by Let’s Encrypt, one of the largest providers of HTTPS certificates.

      • Proprietary

        • Security

          • Local root vulnerability in PHP-FPM – itsfoss.net

            A critical vulnerability CVE-2021-21703 has been identified in PHP-FPM, the FastCGI process manager included in the main PHP distribution since branch 5.3 , which allows an unprivileged hosting user to execute code as root. The problem manifests itself on servers that use PHP-FPM, usually used in conjunction with Nginx, to organize the launch of PHP scripts. The researchers who identified the problem were able to prepare a working prototype of the exploit.

            The vulnerability is caused by storing pointers to a shared memory area (scoreboard) used to communicate between the child and parent PHP-FPM process. The main PHP-FPM process that coordinates the work is started as root and spawns several child processes that run under an unprivileged user (usually www-data or nobody) and are directly involved in executing PHP scripts. The essence of the problem is that a child process controlled by the user can access the shared memory of the controlling process and change the pointers used in the main process (pointers to the nested structure fpm_scoreboard_proc_s are stored in the scoreboard structure).

          • Intel develops HTTPA to complement HTTPS [Ed: Intel makes back doors for the NSA, so you know this is just crock, like putting all the certificates in one places that's connected to NSA-connected tech firms]

            Intel engineers have proposed a new protocol, HTTPA (HTTPS Attestable), extending HTTPS with additional guarantees of the security of the calculations performed. HTTPA helps ensure the integrity of the user’s request is processed on the server and make sure that the web-service is trustworthy and works in TEE -okruzhenii (Trusted Execution Environment) server code was not changed as a result of hacking or sabotage administrator.

          • How to Fix the Blue Screen of Death – Invidious [Ed: "Delete Windows" is an easy fix]
          • Microsoft: Windows KB5006674, KB5006670 updates break printing
          • Privacy/Surveillance

    • Finance

      • The Global Public Private Partnership with lain Davis

        Iain Davis of In This Together joins Whitney for an important conversation on the network of institutions, corporations and governments that are at the center of global decision-making. This global public-private partnership already exerts considerable control over our lives and our society and is quickly moving to control even more.

      • Impact of Covid-19 on Job Automation [Ed: IBM bigwig on using COVID-19 as pretext of firing loads of workers]

        “Why are there still so many jobs?,” asked MIT economist David Autor in a 2015 article on the history of workplace automation. Given that technologies have been automating human work for the past couple of centuries,“should we not be somewhat surprised that technological change hasn’t already wiped out employment for the vast majority of workers?”

        As Autor explained in the article, the answer is based on an economic reality that’s frequently overlooked. “Automation does indeed substitute for labor – as it is typically intended to do. However, automation also complements labor, raises output in ways that lead to higher demand for labor, and interacts with adjustments in labor supply. … journalists and even expert commentators tend to overstate the extent of machine substitution for human labor and ignore the strong complementarities between automation and labor that increase productivity, raise earnings, and augment demand for labor.”

        Professor Autor was co-chair of MIT’s Work of the Future Task Force, which was launched in the spring of 2018 to better understand the impact AI and automation on jobs. The Task Force released an interim report in September of 2019. Its overriding conclusion was that the likelihood that AI and automation would wipe out major workforce sectors in the near future was exaggerated.

    • AstroTurf/Lobbying/Politics

      • ALEC Leader Indicted for Campaign Finance Conspiracy – EXPOSEDbyCMD

        On Oct. 25, the U.S. Department of Justice (DOJ) indicted Tennessee state Sen. Brian Kelsey, a state chair with the American Legislative Exchange Council, alleging that he broke multiple federal campaign finance laws.

        The alleged scheme involved illegal contributions to his 2016 congressional campaign passed through a state-level PAC and used by a political nonprofit to boost his election effort.

        The American Legislative Exchange Council (ALEC) is a pay-to-play operation where legislators and corporate lobbyists meet behind closed doors to write model legislation that a radical right-wing, pro-corporate and pro-Republican agenda on everything from voter suppression and climate denial to crushing unions and undermining public education.

    • Civil Rights/Policing

      • Algorithmic (in)justice in education: Why tech companies should require a license to operate in children’s education | Media@LSE [Ed: Richard Stallman notes: “The article argues that these companies should need to have licenses to operate. I am not against that, but I would go further. I say that the data acquired in a school about any student must not leave the school’s control: whatever computers it gets onto must belong to the school and run free software. That way the school district and/or parents can control what it does with those data.”]

        Algorithmic (in)justice in education: Why tech companies should require a license to operate in children’s education

      • How enlightened was the European Enlightenment? A CRT Lens Lesson

        The Alabama State Board of Education banned the teaching of Critical Race Theory in the state’s public schools. The resolution was so broad and censoring, it forbids teachers from presenting to students actions prohibited by law as “legitimate options for consideration,” that it would in effect outlaw teaching about the Boston Tea Party, the American Revolution, abolitionist opposition to slavery, the Underground Railroad, labor strikes, anti-war protests, and much of the Civil Rights movement. This directive is from a state that still has statues of Confederate President Jefferson Davis and James Marion Sims, a discredited gynecologist who experimented on enslaved African women without the benefit of anesthesia or antiseptics, in front of the State Capitol building.

        According to the King Center, Reverend Martin Luther King Jr. was arrested and went to jail twenty-nine times. That’s it. No more Dr. King in the Alabama curriculum! Donald Trump was impeached by the United States House of Representatives TWICE. If only we could remove him from the Alabama curriculum and the American political scene.

        In an earlier post, I discussed Looking at History Through a Critical Race Theory Lens. This lesson on the European Enlightenment for the high school World History curriculum is part of a series of posts that explore what a critical perspective looks like in a social studies classroom. A Critical Race Theory lens is part of that critical perspective. My commitment as a teacher is to “Teach the Truth” by engaging students in an examination of uncomfortable questions, whatever Alabama says about the past.

    • Monopolies

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. 3.5 Years Later Gemini Protocol and Geminispace Are Still 100% Community-Controlled

    Community-centric alternatives to the World Wide Web have gained traction; one of them, Gemini Protocol, continues to grow in 2023 and we're pleased to report progress and expansion

  2. Windows Falls to 16% Market Share in India (It was 97% in 2009), Microsoft Layoffs Reach India Too

    This month’s picture from the world’s most populous nation does not look good for Microsoft (it looks good for GNU/Linux); anonymous rumour mills online say that Microsoft isn’t moving to India but is actually firing staff based in India, so it’s a case of shrinking, not offshoring. When even low-paid (much lower salaries) staff is discarded it means things are very gloomy.

  3. Links 22/03/2023: GNOME 44 “Kuala Lumpur”

    Links for the day

  4. Microsoft Has Also Infiltrated the OSI's Board of Directors After Rigged Elections

    Weeks ago we warned that this would happen and for the third or fourth time in 2 years the OSI’s election process broke down; today the Open Source Initiative (OSI) writes: “The polls just closed, the results are in. Congratulations to the returning directors Aeva Black…” (Microsoft employee)

  5. Links 22/03/2023: Official Thunderbird Podcast Starts

    Links for the day

  6. IRC Proceedings: Tuesday, March 21, 2023

    IRC logs for Tuesday, March 21, 2023

  7. Many More Microsoft Layoffs Later Today

    Yesterday we shared rumours about Microsoft layoffs being planned for later today (there were 3 waves of layoffs so far this year). There are several more people here who say the same. How much noise will Microsoft make in the “media” in order to distract? Will the chaffbot "ChatGPT" help create enough chaff?

  8. Links 21/03/2023: JDK 20 and GNOME 43.5

    Links for the day

  9. Germany's Lobbyists-Infested Government Sponsors the War on Ukraine via the European Patent Office (EPO)

    The chief UPC ‘judge’ is basically seeking to break the law (and violate constitutions, conventions etc.) to start a kangaroo court while dodging real courts, just like Vladimir Putin does

  10. [Meme] The Meme That Team UPC (the Collusion to Break the European Laws, for Profit) Threats to Sue Us For

    António Campinos and Team UPC are intimidating people who simply point out that the Unified Patent Court (UPC) is illegal and Klaus Grabinksi, shown above, strives to head a de facto kangaroo court in violation of constitutions and conventions (the UK does not and cannot ratify; Ireland hasn’t even held a referendum on the matter)

  11. Microsoft is Sacking People Every Month This Year, Even Managers (While Sponsored Media Produces Endless Chatbot Chaff)

    Lots of Microsoft layoffs lately and so-called ‘journalists’ aren’t reporting these; they’re too busy running sponsored puff pieces for Microsoft, usually fluff along the “hey hi” (AI) theme

  12. 3 Months Late Sirius 'Open Source' Finally Deletes Us From the Fraudulent 'Meet the Team' Page (But Still Lists Many People Who Left Years Ago!)

    Amid fraud investigations the management of Sirius ‘Open Source’ finally removed our names from its “Meet the Team” page (months late); but it left in the page about half a dozen people who left the company years ago, so it’s just lying to its clients about the current situation

  13. Amid Fraud at Sirius 'Open Source' CEO Deletes His Recent (This Month) Past With the Company

    Not only did the Sirius ‘Open Source’ CEO purge all mentions of Sirius from his Microsoft LinkedIn account; he’s racing against the clock as crimes quickly become a legal liability

  14. Web Survey Shows Microsoft Falling Below 15% Market Share in Africa, Only One Minuscule African Nation Has Windows Majority

    A Web survey that measured Microsoft Windows at 97% in Africa (back in 2010) says that Windows has become rather small and insignificant; the Microsoft-sponsored mainstream media seems to be ignoring this completely, quite likely by intention...

  15. Rumours of More Microsoft Layoffs Tomorrow (Including Managers!), Probably Azure Again (Many Azure Layoffs Every Year Since 2020)

    Amazon is laying off AWS staff and Microsoft has been laying off Azure staff for 3 years already, including this year, so it seems like the “clown computing” bubble is finally bursting

  16. [Meme] EPO's Management Brainstorm

    The story behind a misleading slogan told above

  17. The Photo Ops Festival of the Funky President António Campinos and Revolt From the Patent Examiners Whom He Perpetually Oppresses

    European Patents are being granted for no reason other than application and renewal fees, awarding European monopolies to companies that aren't even European (only about a third are actually European); staff of the EPO is fed up as it regards or views all this as an extreme departure from the EPO's mission (and it's also outright illegal)

  18. Links 21/03/2023: Trisquel GNU/Linux 11.0 LTS

    Links for the day

  19. Back Doors Proponent Microsoft Infiltrates Panels That Write the Security Regulations, Press Fails to Point Out the Obvious

    Cult tactics and classic entryism serve Microsoft again, stacking the panels and basically writing policy (CISA). As an associate explained it, citing this new example, Stanford “neglects to point out the obvious fact that Microsoft is writing its own regulations.”

  20. IRC Proceedings: Monday, March 20, 2023

    IRC logs for Monday, March 20, 2023

  21. Links 20/03/2023: Curl 8.0.0/1 and CloudStack LTS

    Links for the day

  22. Standard Life (Phoenix Group Holdings): Three Weeks to Merely Start Investigating Pension Fraud (and Only After Repeated Reminders From the Fraud's Victims)

    As the phonecall above hopefully shows (or further elucidates), Standard Life leaves customers in a Kafkaesque situation, bouncing them from one person to another person without actually progressing on a fraud investigation

  23. Standard Life Paper Mills in Edinburgh

    Standard Life is issuing official-looking financial papers for companies that then use that paperwork to embezzle staff

  24. Pension Fraud Investigation Not a High Priority in Standard Life (Phoenix Group Holdings)

    The 'Open Source' company where I worked for nearly 12 years embezzled its staff; despite knowing that employees were subjected to fraud in Standard Life's name, it doesn't seem like Standard Life has bothered to investigate (it has been a fortnight already; no progress is reported by management at Standard Life)

  25. Links 20/03/2023: Tails 5.11 and EasyOS 5.1.1

    Links for the day

  26. Links 20/03/2023: Amazon Linux 2023 and Linux Kernel 6.3 RC3

    Links for the day

  27. IRC Proceedings: Sunday, March 19, 2023

    IRC logs for Sunday, March 19, 2023

  28. An Update on Sirius 'Open Source' Pensiongate: It's Looking Worse Than Ever

    It's starting to look more and more like pension providers in the UK, including some very major and large ones, are aiding criminals who steal money from their workers under the guise of "pensions"

  29. Services and Users TRApped in Telescreen-Running Apps

    TRApp, term that lends its name to this article, is short for "Telescreen-Running App". It sounds just like "trap". Any similarity is not purely coincidental.

  30. Links 19/03/2023: Release of Libreboot 20230319 and NATO Expanding

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts