Bonum Certa Men Certa

Links 12/12/2021: Whisker Menu 2.7.1 and SeaBIOS 1.15 Released



  • GNU/Linux

    • Server

      • Kubernetes v1.23 Is Here. Are You Ready?

        Kubernetes’ final release for the year 2021 is ready: Version 1.23.

        The Christmas edition of Kubernetes comes with 45 new enhancements to make it more mature, secure and scalable. There are some critical changes grouped into the Kubernetes API, containers and infrastructure, storage, networking and security in this latest release.

      • What Is PostgreSQL? Open-Source Database System

        PostgreSQL is an open-source, object-relational database system that lets you store and scale complicated data workloads safely. In this article, we discuss PostgreSQL, its uses, and benefits.

      • 18 New Members Join Cloud Native Computing Foundation at KubeCon + CloudNativeCon + Open Source Summit China 2021 Virtual
      • AlmaLinux OS Foundation Welcomes Codenotary to Governing Board as First Platinum Member

        AlmaLinux OS Foundation, the nonprofit that stewards the community owned and governed open source CentOS alternative, today announced that Codenotary has joined its governance board as the first Platinum member.

        As a former CentOS user, Codenotary is investing in AlmaLinux to support its growth. The company brings easy-to-use trust and integrity into the software lifecycle using its own super fast, immutable, and cryptographically verifiable ledger database to underpin its notarization and verification product for creating Software Bill of Materials (SBOM). Codenotary also stewards immudb, its open source key value, SQL database with over 3,300 stars on GitHub.

      • AWS wobbles in US East region causing widespread outages

        Technical errors with the US-EAST-1 region of Amazon Web Services have caused widespread woes for customers, including difficulty accessing the management console and some other service problems.

      • What Does That Server Really Serve?

        Digital technology can give you freedom; it can also take your freedom away. The first threat to our control over our computing came from proprietary software: software that the users cannot control because the owner (a company such as Apple or Microsoft) controls it. The owners often take advantage of this unjust power by inserting malicious features such as spyware, back doors, and Digital Restrictions Management (DRM) (referred to as “Digital Rights Management” in their propaganda).

        Our solution to this problem is developing free software and rejecting proprietary software. Free software means that you, as a user, have four essential freedoms: (0) to run the program as you wish, (1) to study and change the source code so it does what you wish, (2) to redistribute exact copies, and (3) to redistribute copies of your modified versions.

        With free software, we, the users, take back control of our computing. Proprietary software still exists, but we can exclude it from our lives, and many of us have done so. However, we now face a new threat to our control over our computing: Software as a Service. For our freedom’s sake, we have to reject that too.

      • Develop a Daily Reporting System for Chaos Mesh to Improve System Resilience

        Chaos Mesh is a cloud native chaos engineering platform that orchestrates chaos experiments on Kubernetes environments. It allows you to test the resilience of your system by simulating problems such as network faults, file system faults, and Pod faults. After each chaos experiment, you can review the testing results by checking the logs.

        But this approach is neither direct nor efficient. Therefore, I decided to develop a daily reporting system that would automatically analyze logs and generate reports. This way, it’s easy to examine the logs and identify the issues.

    • Audiocasts/Shows

    • Kernel Space

      • x86 Straight-Line Speculation Mitigation On Track For Linux 5.17 - Phoronix

        The recent activity around x86 (x86_64 included) straight-line speculation mitigation handling is set to culminate with this security feature being set for mainline with the upcoming Linux 5.17 cycle.

        Recent weeks have seen x86 straight-line speculation mitigations underway by compiler developers and the Linux kernel folks. This is similar to the Arm straight-line speculation "SLS" vulnerability and mitigation of last year but now seeing similar activity on the x86/x86_64 front for Intel and AMD.

        The issue at hand is over processors speculatively executing instructions linearly in memory past an unconditional change in control flow. GCC 12 landed its compiler mitigation option and LLVM Clang is doing the same. The compilers are introducing a "-mharden-sls" option to add INT3 instructions after function returns and indirect branches to protect against possible straight-line speculation.

      • Linux boot times are about to get a whole lot faster on monster AMD EPYC and Intel Xeon rigs - Neowin

        A patch to improve the boot times on massively parallel Linux systems is currently being prepared and initial performance numbers are extremely impressive. The patch isn't exactly new though and has been in the making since at least February of this year.

        It will improve the effective utilization of many-core/thread server and workstation processor systems, like those based on AMD's EPYC / Ryzen Threadripper, and Intel's Xeon, while booting. On a 96-threaded Skylake system, the patch reduced the Bringup time (wake up time) for the cores from 500ms down to just 34ms, which is around a factor of 15.

    • Applications

      • 5 Best Free and Open Source Audio Samplers

        Linux is an attractive platform for professional audio production. It is an extremely stable operating system that has good support for audio hardware. Using a Linux machine as the focus of your recording setup opens a world of possibilities for an affordable price.

        Software that creates music can often be expensive. The heavyweight Cubase, Apple LogicPro, FL Studio, Adobe Audition, and Sony ACID Pro are all impressive software music production environments. Unfortunately, they cost hundreds of dollars and are released under a proprietary software license. Fortunately, there is a good range of open source software that lets you produce professional quality recordings.

      • Best Free and Open Source Alternatives to Corel WinDVD Pro

        Corel Corporation is a Canadian software company specializing in graphics processing. They are best known for developing CorelDRAW, a vector graphics editor. They are also notable for purchasing and developing AfterShot Pro, PaintShop Pro, Painter, Video Studio, MindManager, and WordPerfect.

        Corel has dabbled with Linux over the years. For example they produced Corel Linux, a Debian-based distribution which bundled Corel WordPerfect Office for Linux. While Corel effectively abandoned its Linux business in 2001 they are not completely Linux-phobic. For example, AfterShot Pro has an up to date Linux version albeit its proprietary software.

        This series looks at the best free and open source alternatives to products offered by Corel.

      • Open source digital painting with Krita

        Digital painting is an art form all its own. It obviously emulates the discipline it's named for, but painting in the physical world and a digital environment is unique. Krita is a digital paint application that's seen use at major film production houses, book publishers, and art studios. It specializes in materials emulation, allowing the artist to adjust and fine-tune their tools through a brush engine so that they can achieve exactly the look and drawing feel they need. Krita won't make you a great painter, but if you love to paint, Krita can help you make sure your artwork looks its best.

      • Blender 3.0 open source 3D modelling and animation software launches

        Blender 3.0 the highly anticipated next generation 3D modelling software is now available to download providing a free open source application for anyone to create both 2D and 3D content. The Blender Foundation has been working on the 3rd generation of Blender for some time and now the software cycles even faster than ever. The Cycles GPU kernels have been rewritten for better performance, rendering between 2x and 8x faster in real-world scenes and Blender 3.0 now features a more responsive viewport thanks to new display algorithms and scheduling systems.

      • Whisker Menu 2.7.1 released

        Fix not selecting second icon in search results (Issue #50) Fix incorrect selection when leaving treeview Fix skipping first treeview item Fix unnecessary button size changes Translation updates: Catalan, Greek

    • Instructionals/Technical

      • How to play Call of Duty: Black Ops III on Linux

        Call of Duty: Black Ops III is a military FPS game developed by Treyarch and published by Activision. It is the 12th game in the COD franchise. Here’s how you can play this game on Linux.

      • How to Install XanMod Kernel on Pop!_OS 20.04 - LinuxCapable

        XanMod is a free, open-source general-purpose Linux Kernel alternative to the stock kernel with Pop!_OS 20.04. It features custom settings and new features and is built to provide a responsive and smooth desktop experience, especially for new hardware.

        XanMod is popular amongst Linux Gaming, streaming, and ultra-low latency requirements and often boasts the latest Linux Kernels, having multiple branches to choose from the stable, edge, and development.

      • 2 ways to install Oracle Java 17 on Ubuntu 20.04 | 22.04 LTS - Linux Shout

        Oracle Java 17 is not available to install on Ubuntu 20.04 or 22.04 LTS using the default main repository of these Linux. Hence, here we will know the steps to set up the same using the command terminal.

      • How to Install deb File in Ubuntu [with Examples]

        There are several ways to install deb files in Ubuntu. Here I’ll show you the two easiest ways, closely following best practices.

        For Ubuntu users, software can come from many sources. There’s official repos, PPAs, Snap store, Flathub, and more. However, you won’t find every app you want in one of those.

        Sometimes, you may have to visit an website to download and install file with a .deb extension. So let’s first answer the question, what is a .deb file?

      • How to install Go 1.17 on Ubuntu 20.04 – NextGenTips

        In this tutorial, we are going to explore how to install Go 1.17 on Ubuntu 20.04.

        Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast.

        Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions.

        Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection.

      • How to Set Up a Local Kubernetes Instance With MicroK8s on Ubuntu

        DevOps has greatly changed the way software engineers and developers develop and deploy applications. One of the technologies at the heart of this revolution is Kubernetes.

        Let's explore how you can install a local instance of Kubernetes on Ubuntu using MicroK8s (MicroKates). With this setup in place, you can easily host container applications in a secure, reliable, and highly scalable manner.

      • What is TTY in Linux?

        You must have heard about the term “TTY” when it comes to Linux and UNIX. But, what is it?

        Is it useful to you as a desktop user? Do you need it? And, what can you do with it?

        In this article, let me mention everything essential to get you familiar with the term TTY in Linux.

        Do note that there’s no definitive answer to this, but it relates to how input/output devices interacted in the past. So, you will have to know a bit of history to get a clear picture.

    • Games

      • 17 of the Best Linux Games in 2021 - Make Tech Easier

        There have been many false dawns for Linux gaming, but in recent years things have been improving unabated. The launch of the Proton compatibility layer meant that thousands of DirectX-only games can now be translated to Vulkan and therefore work on Linux, while new Linux-compatible games continue to be released as well.

        If you want to play Windows-only games on Linux, see our guide on how to set up Proton and Steam Play. If, however, you just want to check out all the best native Linux games in 2021 you can play, then read on below.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDE developer urges KDE to embrace simplicity by default, without removing features – OSnews

          Nate Graham, KDE developer, is arguing that KDE needs simpler defaults – without losing the customisability that makes KDE, well, KDE. I think this is a good goal – especially since many distributions can opt for different defaults anyway. KDE is an amazing collection of software, but there’s no denying its plethora of options and customisation can also be intimidating and a little bit overwhelming, even for experienced users such as myself.

        • PCLinuxOS KDE Plasma Application Update

          The KDE Plasma Desktop application packages have been updated to 21.12.0. This is a service release update.

      • GNOME Desktop/GTK

        • Loop: A simple music application

          In the last year I've seen some really good musician that performs all the instruments in a song with just a loop machine, recording each instrument one by one in tracks and looping.

          I was thinking that it should be easy to have a desktop application that does exactly the same, just some tracks to record some sounds and the playback with a loop option, and that's what I created during this week.

    • Distributions

      • OpenEmbedded Dunfell 3.1.12 recompile

        I have synced my local OpenEmbedded with the latest release in the Dunfell series, now version 3.1.12 (only coincidentally similar to EasyOS versions).

      • BSD

        • iXsystems Reveals Five Storage Industry Predictions as 2022 Promises Record Breaking Demand for Enterprise Storage

          Xsystems, a global leader in Open Storage solutions, today announced five predictions expected to shape enterprise storage spending in 2022. The predictions come as new research from IDC shows enterprise spending on storage systems accelerated in 2021, with total storage capacity shipped rising 13.8% year over year to 88.7 exabytes.

          According to the 2021 Worldwide Quarterly Enterprise Storage Systems Tracker by International Data Corporation (IDC), “The global market revenue for enterprise external OEM storage systems grew 9.7% year over year to $6.9 billion during the second quarter of 2021 (2Q21). Total external OEM storage capacity shipped was up 27.9% year over year to 22.1 exabytes during the quarter.”

      • IBM/Red Hat/Fedora

        • State of Fedora Kinoite, December 2021 edition - Siosm’s blog

          This is the first post about the state of Fedora Kinoite since the release as part of Fedora 35. The goal is to have at least one post before or shortly after each release to help track the progress of Fedora Kinoite, the new features and the missing ones.

          For a live updating version of this, you can follow the list of known Kinoite bugs issue in the Fedora KDE SIG tracker or on the Kinoite Board.

          For a video version of this, see the Fedora Kinoite talk I made for the Fedora 35 release party (slides).

        • Development on Fedora Silverblue and Fedora Kinoite

          This is a guide covering how to work on applications on Fedora Silverblue and Fedora Kinoite. Depending on the case, it may be easier to work with Flatpak, with RPM packages or directly from the source repository thus I will cover all three options.

          Note that while this guide focuses on Fedora Silverblue and Fedora Kinoite, it also applies to all rpm-ostree based Fedora variants and in a lesser form to all distributions that feature Flatpak and toolbox.

          As always, make sure to backup your data before attempting system wide changes that could result in the loss of your personal cat picture collection.

          If you encounter issues with this guide, reach out to me in one of the following Matrix rooms: Flatpak, KDE Flatpaks, Fedora Silverblue, Fedora KDE.

          Try to avoid contacting me privately as there is a high chance that other people from those rooms will also be able to help you with your issue.

          If you want to work on building images of Fedora Silverblue, Fedora Kinoite or other desktop variants, you should follow the steps from the README in the workstation-ostree-config repo.

        • The Projects and People that Shaped Open Source in 2021 – The New Stack

          According to Red Hat’s 2021 State of Enterprise Open Source Report, 90% of IT leaders are using enterprise open source, and 79% expect their use of enterprise open source software for emerging technologies to increase over the next two years. With most businesses using some form of open source, there is still varying maturity along the spectrum from consuming to producing and embracing open source.

      • Debian Family

        • Volumio 3 launches later today…

          18 months. That’s the amount of time spent by Volumio’s software team in developing the latest version of its music playback platform: Volumio 3 (no space).

          What’s new? As well as offering functionality for Roon, Spotify Connect and Tidal Connect, Volumio 3 features a brand new UI called ‘Manifest’ and the much-requested multi-room (synchronized) playback when streaming UPnP-derived content. Like the previous generation, Volumio3 is built around a Linux operating system, this time tapping Debian Buster for its zippier performance.

          Under the hood, Volumio 3’s audio playback engine has also been reworked to feature what the Italian company calls an Advanced Audio Modular Processing Pipeline (AAMPP): approved third-party plugins can be inserted into the playback chain to perform digital signal processing on the music signal before it is handed off to the endpoint/s for playback.

        • Utkarsh Gupta: FOSS Activites in December 2021

          Here’s my (twenty-sixth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

      • Canonical/Ubuntu Family

        • The State of Robotics – November 2021

          Learning how to fly. Again. Because certain technologies and processes can always be optimized. Take laptops, for instance (I always wanted to become a laptop designer!). From foldable screens to computers that incorporate e-readers, we are always pushing for new designs that address ergonomic requirements but also improve the way we work.

          We are doing the same with drones. This month features innovations that dare to challenge the status quo of how we fly.

          The seat belt sign is on, and we’re cleared for takeoff. Let’s go!

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Libreboot/BIOS

        • [libreboot] Translations wanted

          The libreboot website is currently only available in English.

          I’ve recently added support for translations to the Untitled Static Site Generator, which the Libreboot website uses. Pages on libreboot.org are written in Markdown, and this software generates HTML pages.

          This very page that you are reading was created this way!

        • SeaBIOS 1.15 Released With Better NVMe & USB Device Support - Phoronix

          SeaBIOS 1.15 is the open-source project's first release in sixteen months. Highlights of SeaBIOS 1.15 include better support for USB devices with multiple interfaces, support for USB xHCI devices using direct MMIO access, NVMe support improvements, and increased "f-segment" RAM allocations for BIOS tables. Plus there is the usual assortment of bug fixes and code clean-ups that have come about over the past year.

      • Web Browsers

        • Mozilla

          • Firefox update brings a whole new sort of security sandbox

            Today’s a Firefox Tuesday, when the latest version of Mozilla’s browser comes out, complete with all the security updates that have been merged into the product since the previous release.

            We used to call them Fortytwosdays, because Mozilla followed a six-weekly coding cycle, instead of monthly like Microsoft, or quarterly like Oracle, and seven days multiplied by six weeks gave you the vital number 42.

          • Firefox Mozilla build

            There are two new applications available for Sparkers: Firefox Mozilla builds

          • Mozilla's revenue increased in 2020 to $496 million

            The Mozilla Foundation published the financial report for the year 2020 today, revealing that it earned $496 million in 2020. The Foundation earned $828 million in 2019, but $338 million came from a legal dispute with former search engine provider Yahoo.

            Revenue increased by about $6 million in 2020 as a consequence if you ignore the $338 million one-time payment.

          • Open source advent calendar: Tor and its ecosystem

            This is an advent calendar for techies. In the fully commercialized digital world, almost everything belongs to a large Internet corporation. Their software is neither open nor free. As an alternative, there is this small island of the open source world: software whose code is publicly visible and can be independently checked for possible security gaps and backdoors. Software that can be freely used, distributed and improved. Often the drive for work is simply the joy of providing something useful to society.

      • Programming/Development

        • The Eclipse Foundation Releases 2021 IoT & Edge Developer Survey Results

          The Eclipse Foundation, the world’s largest open source foundation focused on the Internet of Things (IoT), today announced results from its 2021 IoT & Edge Developer Survey. Administered by the Eclipse IoT Working Group, the Eclipse Edge Native Working Group, and the Eclipse Sparkplug Working Group, the survey provides essential insights into IoT and edge computing industry landscapes, the challenges developers are facing, and the opportunities for enterprise stakeholders in the IoT & edge open source ecosystem. Now in its seventh year, the survey is the IoT & edge industry’s leading technical survey.

          “The IoT and edge computing go hand-in-hand with each technology influencing the other,” said Mike Milinkovich, executive director of the Eclipse Foundation. “Once again, this survey provides significant insights into what developers are working on and what challenges they face as we move into 2022.”

        • Rust

          • Rust support
            Rust support
            
            

            This is the patch series (v2) to add support for Rust as a second language to the Linux kernel.

            If you are interested in following this effort, please join us in the mailing list at:

            rust-for-linux@vger.kernel.org

            and take a look at the project itself at:

            https://github.com/Rust-for-Linux

            As usual, special thanks go to ISRG (Internet Security Research Group) and Google for their financial support on this endeavor.

            Cheers, Miguel
          • The Linux Kernel's Second Language? Rust Gets Another Step Closer - Slashdot

            "In 2022 we will very likely see the experimental Rust programming language support within the Linux kernel mainlined," writes Phoronix, citing patches sent out Monday "introducing the initial support and infrastructure around handling of Rust within the kernel."

          • Patch suggests Rust may be the next frontier for Linux kernel

            The Linux kernel has maintained portability due to reliance on the C programming language, but serious adoption of Rust now threatens its dominance.

            Mozilla’s decade old technology has become a major force, offering the same level of flexibility afforded by classic compiled languages, while offering interoperability with C. Kernel developers have long discussed the possibility of bringing Rust to Linux, and the Linux kernel now includes a stable Rust compiler. This has led Kernel developer Miguel Ojeda to introduce a patch that would make Rust its second official language.

  • Leftovers

    • The Next Step

      Instead, I will help Autoliv Research’s ML/AI team to help them build awesome detection tools to help save more lives. This means working with a group of very smart people ranging from domain experts on things such as psychology, bio-mechanics, machine learning, embedded systems, mechatronics and more. I’m really really excited about this – so much fun to learn.

    • Hardware

      • Vacuum Forming With 3D Printer Filament | Hackaday

        Even if they don’t have one themselves, we’d wager the average Hackaday reader is at least vaguely aware of how a vacuum former works on a fundamental level. You heat up a plastic sheet until it’s soft, then use a vacuum pump to pull the ductile material down onto an object and hold it there while it cools off. It’s easy to build a vacuum forming rig yourself, but small commercial units are cheap enough that it might not be worth your time. If everything goes to plan, the technique is a quick and effective way of duplicating items around the home and shop.

        [...]

        But that’s not really the most interesting part. With printed sheets loaded into the vacuum former, you’ve got access to a much wider array of materials to work with. For example, [Nathan] shows off some very interesting flexible pieces he was able to produce using sheets of TPU. You can also experiment with different surface textures. These can not only be used to give your vacuum formed pieces a bit of interesting visual flair, but could actually have some practical applications. In the video we see how a printed mesh could be formed over a piece to create a conformal air vent or filter.

      • Snip Your Way To DIY PCB Castellations | Hackaday

        Castellated PCB edges are kind of magical. The plated semicircular features are a way to make a solid, low-profile connection from one board to another, and the way solder flows into them is deeply satisfying. But adding them to a PCB design isn’t always cheap. No worries there — you can make your own castellations with this quick and easy hack.

      • Has DIY Become Click And Buy? | Hackaday

        We are living in great times for DIY, although ironically some of that is because of all the steps that we don’t have to do ourselves. PCBs can be ordered out easily and inexpensively, and the mechanical parts of our projects can be ordered conveniently online, fabricated in quantity one for not much more than a song, or 3D printed at home when plastic will do. Is this really DIY if everything is being farmed out? Yes, no, and maybe.

        It all depends on where you think the real value of DIY lies. Is it in the idea, the concept, the design? Or in its realization, the manufacturing? I would claim that most of the value actually lies in the former, as much as I personally enjoy the many processes of physically constructing the individual parts of many projects.

        For instance, I designed and built a h

    • Health/Nutrition/Agriculture

      • Latinx with dementia and caregiving: A balancing act

        Dr Lynn Woods, Professor in the Department of Doctoral Programs, School of Nursing, Azusa Pacific University, discusses the challenges of dementia and caregiving within the Latino community

        Twenty-one percent of Latinos are caregivers to someone with dementia., generally a family member. They spend more time and experience increased burdens compare to their White or Asian-American counterparts. The stress that caregivers experience can, and frequently does, lead to negative emotional (depression) and physical (cardiovascular, hypertension) events. The increased stress associated with caring for someone with behavioural symptoms of dementia (BSD) elevates this risk further.

    • Integrity/Availability

      • Proprietary

        • Better.com’s morale and SPAC merger success in question after CEO’s unruly comments - Fortune
        • Tech Bro CEO lays off 900 people in Zoom call and makes himself the victim

          Managing a business during the plague years has been tough for many, but one plucky CEO has found a clever and efficient way to execute such an unpleasant task: fire 900 workers at once in a Zoom meeting.

          In an exercise completely devoid of sensitivity, Better.com CEO Vish Garg gathered around 900 of his staff onto a five-minute Zoom call during the month of Christmas to tell them their jobs were officially nonexistent.

          "If you are on this call, you are part of the unlucky group being laid off. Your employment here is terminated, effective immediately," the CEO said.

        • Better CEO is 'taking time off' after firing 900 staff on Zoom

          Better CEO Vishal Garg, best-known for firing 900 employees over one giant Zoom call, is taking time off work while the company hires a third-party to perform a “leadership and cultural assessment.”

          After video footage of the meeting was leaked, the Softbank-backed digital mortgage biz was suddenly thrust into the limelight. Garg was blasted for not only laying off nine per cent of staff in such an abrupt manner just weeks before Christmas, but for his stunning lack of empathy.

          "The last time I did it, I cried," he told stunned staffers. "This time I hope to be stronger."

          His previous treatment of employees was also dug up. He once called some staff “dumb dolphins” or “too damn slow” and “embarrassing.” He urged people to not take Indigenous Peoples' Day off because time should be spent working towards “capital, and therefore our freedom.”

        • Android Phones With Microsoft Teams Installed May Not Be Able to Call 911
        • Some Android phones can't call 911 thanks to a weird bug ● The Register

          Google confirmed there was, indeed, a software issue that affects devices running on Android 10 and above from reaching 911. It appears to only affect emergency calls; other phone numbers are fine. The glitch seems to stem from the Microsoft Teams app, according to a response posted on Reddit from an official Google account.

        • Microsoft signs settlement with US Justice Dept over 'immigration-related discrimination' claims

          Microsoft has settled with the US Justice Department over immigration-related discrimination claims.

          At the heart of the investigation were allegations that the Windows giant discriminated against non-US citizens based on their citizenship status as well as against lawful permanent residents.

        • Flash? Nu-uh. Windows 11 users complain of slow NVMe SSD performance [Ed: Microsoft Tim is discovering that Vista 11 is hype and bugs, little else]

          Users of Windows 11 are complaining about slow write speeds on NVMe SSD drives, a problem which persists even though it was acknowledged by a Microsoft engineer three months ago.

        • Security

          • Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit

            A critical vulnerability has been discovered in Apache Log4j 2, an open-source Java package used to enable logging in many popular applications, and it can be exploited to enable remote code execution on countless servers.

            The Apache Software Foundation (ASF) has identified the vulnerability as CVE-2021-44228; LunaSec has dubbed it Log4Shell. (And security researcher Kevin Beaumont was kind enough to create a logo for it, too.) ASF says Log4Shell receives the maximum severity rating, 10, on the Common Vulnerability Scoring System (CVSS) scale.

          • Apple iCloud, Twitter and Minecraft vulnerable to ‘ubiquitous’ zero-day exploit – TechCrunch

            A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day exploit affecting a popular Java logging library. The vulnerability, dubbed “Log4Shell” by researchers at LunaSec and credited to Chen Zhaojun of Alibaba, has been found in Apache Log4j, an open source logging utility that’s used in […]

          • Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely-used logging utility

            An unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool is being actively exploited, researchers have warned after it was used to execute code on Minecraft servers.

            Infosec firm Randori summarised the vuln in a blog post, saying: "Effectively, any scenario that allows a remote connection to supply arbitrary data that is written to log files by an application utilizing the Log4j library is susceptible to exploitation."

            Crafted proof-of-concept code snippets are already doing the rounds.

          • Global race to patch critical computer bug
          • Global tech experts race to fix ‘fully weaponised’ software flaw

            A software vulnerability exploited in the online game Minecraft is rapidly emerging as a major threat to internet-connected devices around the world.

          • Serious bug puts Apple iCloud, Twitter, Minecraft at hacking threat

            Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare and Minecraft, are vulnerable to a 'ubiquitous' zero-day exploit, cybersecurity researchers have warned, leaving IT security teams at several companies scrambling to patch the vulnerability called 'Log4Shell'.

          • ALPHV BlackCat - This year's most sophisticated ransomware [Ed: By Microsoft booster Lawrence Abrams]

            ALPHV BlackCat also uses the Windows Restart Manager API to close processes or shut down Windows services keeping a file open during encryption.

          • Irish Health Service ransomware attack happened after one staffer opened malware-ridden email [Ed: Irish Health Service victim of Microsoft; like so many hospitals]

            "The Malware infection was the result of the user of the Patient Zero Workstation clicking and opening a malicious Microsoft Excel file that was attached to a phishing email sent to the user on 16 March 2021."

          • Git cybersecurity startup GitGuardian raises $44M

            Git cybersecurity startup GitGuardian SAS has announced that it has raised $44 million in new funding to accelerate growth strategies, extend its secret detection solution to become a comprehensive code security platform, expand its go-to-market and increase its headcount.

          • FontOnLake a new malware that also affects Linux systems

            It’s called FontOnLake and, as they tell about Security Week , this new malware can attack Linux systems. A somewhat unprecedented issue for this malware is the fact that developers are constantly tweaking modules so that they evolve to infect as many systems as possible.

            The extensive PDF that ESET researchers published details the ways in which the malware works. Once the system is infected, in addition to collecting personal information, such as the history of commands, sshd credentials, it loads backdoors and rootkit modules, to make the system available to the attacker.

          • Spar shops across northern England shut after cyber attack hits payment processing abilities

            The British arm of Dutch supermarket chain Spar has shut hundreds of shops after suffering an "online attack," the company has confirmed to The Register.

            "This has not affected all SPAR stores across the North of England," a Spar spokesman told us, "but a number have been impacted over the past 24 hours and we are working to resolve this situation as quickly as possible."

            LancsLive, a local news website for Lancashire, reported that a "total and widespread IT outage" hit the chain at the weekend, along with "security breach" problems today.

            The publication reported that food distie James Hall & Co, which provides services to 600 Spar stores was also down - the company website is serving up only an Error 20 code, indicating a general network failure.

          • Privacy/Surveillance

            • Biden Acts on Surveillance, Florida Broadband Maps, Free State Wants Constitutional Spectrum

              The Biden administration announced on Thursday an initiative to prevent the use of technology for surveillance by authoritarian governments, the Wall Street Journal reports.

              The Chinese government is among many authoritarian governments that rely on imported technology to conduct state surveillance.

              U.S. technology has been used in China to surveil citizens, modernize its military and target Uyghurs in Xinjiang.

    • Finance

      • Ginther disbands Coleman's Department of Education, folding staff into mayor's office

        When former Mayor Michael B. Coleman's business-backed push to share Columbus City Schools property-tax revenue with charter schools was shot down by voters in 2013, he nonetheless moved forward with his promised new city Department of Education.

      • Some Texas religious leaders live in lavish, tax-free estates thanks to obscure law

        This fall, county officials mailed out property tax bills to the owners of a 10-bedroom, 10.5-bath Houston-area mansion, an 8,000-square-foot residence in a historic San Antonio neighborhood, an elegant Highland Park estate in Dallas and a house on more than an acre overlooking Corpus Christi Bay. The homes are worth millions of dollars. In each case, their 2021 tax bill was identical:

        Zero.

        Most people know that religious organizations pay no property taxes on their houses of worship. Lesser known is that many also get a valuable break on residences for their clergy as well.

        The word “parsonage,” as these residences are called, conjures images of humble, spartan rooms attached to drafty churches. A few still are.

        Yet in many places across Texas, parsonages are extravagant estates nestled in the state’s most exclusive enclaves. Like their wealthy neighbors, the clergy occupants enjoy spacious and well-appointed homes, immaculate grounds, tennis courts, swimming pools, decorative fountains and serene grottos.

      • Samsung shakeup overlooks one important component

        Samsung Electronics nicely rearranged some deck chairs, but unhelpfully left a big one in place. As part of a significant restructuring, the $435 billion company will combine https://news.samsung.com/global/samsung-electronics-announces-new-leadership-2 its mobile and consumer electronics units into one division overseen by rising star Han Jong-hee, who was also elevated to vice chairman and chief executive.

    • AstroTurf/Lobbying/Politics

    • Censorship/Free Speech

      • Facebook slapped with an eyepopping $150B lawsuit for spreading hate speech against Rohingya refugees

        Meta was sued on Tuesday for a whopping $150 billion in a class-action lawsuit for allegedly amplifying hate speech and aiding the Myanmar military in the genocide of the Rohingya people.

        The case, led by an anonymous Rohingya refugee living in the US, accuses the entity formerly known as Facebook of inciting hatred and inflicting real harm on the predominantly Muslim group for years. Not only did the social media platform ignore hate speech posts, it's alleged that the service's algorithms actively promoted anti-Rohingya propaganda as hundreds of thousands of people fled from Myanmar to escape persecution.

      • Peter Thiel's Free Speech for Race Science Crusade at Cambridge University Revealed – Byline Times [Ed: Riling up racists with pseudo-science of white supremacy]

        network of academics influencing Government policy on ‘free speech’ in universities is being steered by pro-Donald Trump lobbyists and donors linked to Republican billionaire venture capitalist Peter Thiel – the chairman and co-founder of CIA-backed data analytics giant Palantir Technologies, a special investigation by Byline Times can reveal.

        Sources at Cambridge University have confirmed to Byline Times that the network of conservative academics – many of whom ended up mobilising around Toby Young’s Free Speech Union (FSU) and writing for Claire Lehmann’s Quillette magazine – has been supported from its inception by Peter Thiel’s top chief of staff.

      • Why the Kremlin Blocking TOR Is a Big Deal

        Throughout 2021, Russia’s Internet censors mounted a systematic attack on technologies that could be used by the country’s users to bypass censorship.

        In the summer, Roskomnadzor blocked the first two VPNs, then the popular browser Opera killed support for its VPN. In September, eight more popular VPNs were blocked. And then Apple turned off its Private Relay service in Russia. Private Relay was designed to encrypt all the traffic leaving the user’s device so no one can intercept it. Apple has already been forced to turn it off in China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda and the Philippines, citing ‘regulatory requirements’ in those countries. Now it is Russia’s turn.

        TOR was Russia’s next natural target because the software allows users to access websites and pages blocked by the authorities. But the significance of this development is much bigger.

        Many technologies the users use today to avoid censorship were developed as commercial tools. VPNs, or virtual private networks, were developed when companies understood they needed a secure way to share data between different offices, and to allow employees to access sensitive files remotely and safely.

    • Freedom of Information/Freedom of the Press

      • Assange extradition case goes to UK Home Secretary as High Court rules he can be sent to US for trial

        Julian Assange will be sent stateside for trial on criminal charges after the US government won an appeal against an earlier court order that released him from the threat of extradition.

        The former WikiLeaks editor-in-chief lost the latest stage of his attempt to avoid being sent to the US after the Lord Chief Justice and Lord Justice Holroyde accepted US assurances that he would be treated humanely in their prisons.

        The High Court has quashed a previous court order "freeing" Assange*, meaning the case will now join the growing pile on Home Secretary Priti Patel's desk awaiting her decision on whether to extradite.

        After Judge Baraitser formally discharged Assange in January, the US filed an immediate appeal. Baraitser had thrown out all of Assange's arguments except one: that he would kill himself if sent abroad to stand trial.

      • TLAV: Maxwell Trial Facade, Assange Extradition & The “Vaccine Equity” Hypocrisy

        Whitney joined TLAV to discuss her perspectives on the recent UK ruling regarding Julian Assange’s potential extradition, the utter facade that is the Ghislaine Maxwell trial, and how the Omicron variant has exposed an inherent hypocrisy in the stance of those calling for “vaccine equity” while pretending to be anti-imperialists.

    • Civil Rights/Policing

      • Crime Prediction Software Promised to Be Free of Biases. New Data Shows It Perpetuates Them

        Between 2018 and 2021, more than one in 33 U.S. residents were potentially subject to police patrol decisions directed by crime prediction software called PredPol.

        The company that makes it sent more than 5.9 million of these crime predictions to law enforcement agencies across the country—from California to Florida, Texas to New Jersey—and we found those reports on an unsecured server.

        The Markup and Gizmodo analyzed them and found persistent patterns.

        Residents of neighborhoods where PredPol suggested few patrols tended to be Whiter and more middle- to upper-income. Many of these areas went years without a single crime prediction.

        By contrast, neighborhoods the software targeted for increased patrols were more likely to be home to Blacks, Latinos, and families that would qualify for the federal free and reduced lunch program.

        These communities weren’t just targeted more—in some cases they were targeted relentlessly. Crimes were predicted every day, sometimes multiple times a day, sometimes in multiple locations in the same neighborhood: thousands upon thousands of crime predictions over years. A few neighborhoods in our data were the subject of more than 11,000 predictions.

      • Set Them Free: A Manifesto Towards Moving Beyond Academic Imperialism

        When you love your country, you do things to keep them free from the new age of imperialism. Imperialism has come to the point that anyone who wishes to be promoted is requested to speak and write in a language which they don’t natively speak. All of this is in the name of international recognition. Various offers — be they — calls for a paper or a book, invitations to webinars on how to publish in high impact journals, bundled subscription for access to databases and paywalled journals, to editing services — are flowing to the email inbox of Indonesian academics practically daily. The senders are publishers, paid database indexing service, and also companies providing editing services. Not only individuals are targeted, but also institutions.

        Academics are now merely the object, not the subject, in the development of knowledge.

      • Saudi activist Loujain al-Hathloul files lawsuit claiming 3 former U.S. officials helped hack her iPhone before she was imprisoned, tortured - CBS News

        Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured.

        The nonprofit Electronic Frontier Foundation announced Thursday that it had filed a lawsuit in U.S. federal court on al-Hathloul's behalf against former U.S. officials Marc Baier, Ryan Adams and Daniel Gericke, as well as a cybersecurity company called DarkMatter that has contracted with the United Arab Emirates.

        In the lawsuit, al-Hathloul alleges that the trio oversaw a project for DarkMatter that hacked into her iPhone to track her location and steal information as part of broader surveillance efforts targeting dissidents within the UAE and its close ally Saudi Arabia. She said the hacking of her phone led to her "arbitrary arrest by the UAE's security services and rendition to Saudi Arabia, where she was detained, imprisoned, and tortured."

    • Internet Policy/Net Neutrality

      • FCC Commissioner Carr Details Steps Needed for 5G, Says Talk of 6G ‘Almost Too Early’ [Ed: Commissioner for buzzwords and faked hype to push monopolistic patent pools that have ramifications on safety and health?]

        Federal Communications Commissioner Brendan Carr says that proper planning on increased spectrum release and infrastructure reform is necessary for the FCC to ensure a smooth rollout of 5G technology.

      • Swiss propose boosting minimum internet speed

        From 2024, an internet connection with a download speed of 80 Mbit/s and upload speed of 8 Mbit/s will replace the current standard of 10 and 1 Mbit/s, it suggested when putting the proposal out for public comment which runs until March.

    • Monopolies

      • Nextcloud Asks EU to Stop Microsoft From Bundling OneDrive With Windows

        Nextcloud has asked the European Commission to stop Microsoft from pre-installing OneDrive and Teams on Windows to give competitive services a fair chance to appeal to PC users.

        "Microsoft is integrating 365 deeper and deeper in their service and software portfolio, including Windows," Nextcloud says on a web page dedicated to its antitrust complaint against Microsoft. "OneDrive is pushed wherever users deal with file storage and Teams is a default part of Windows 11. This makes it nearly impossible to compete with their SaaS services."

      • Amazon fined €1.13bn by Italy's antitrust authorities ● The Register

        Amazon was slapped with a whopping €1.13bn (€£963.7m or $1.3bn) fine by Italy’s antitrust regulator on Thursday for “abusing its dominant position” and handicapping sellers that aren’t using its logistics service.

        The ecommerce giant offers to pack, ship, and deliver goods sold by third-party vendors under its Fulfillment by Amazon (FBA) platform. Sellers only have to send their products to an Amazon warehouse, and its workers will handle everything else from there. Although the service is handy, it cuts into their profits.

      • Regulating Big Tech is not enough. We need platform socialism

        Facebook whistleblower, Frances Haugen described the company as “morally bankrupt” before a panel of the US Senate Commerce Committee on 5 October. From her position on the company’s civic misinformation team, she witnessed its leadership consistently resolve conflicts between the company’s profits and users’ safety in favour of the former. This was true across a range of issues from hate speech to teenage mental health, ethnic violence and differential treatment for VIP users.

        She has also called for greater government regulation and oversight but has dismissed claims that tougher action is needed against the tech giant. In Europe, greater oversight is fast approaching. The proposed Digital Services Act will change the rules for how digital platforms handle content that has been flagged as illegal and will regulate digital gatekeepers to prevent anti-competitive behaviour.

      • Patents

        • This invention could be relevant to metaverse CAD/CAM ● The Register

          Nvidia's CEO Jensen Huang continues inventing, as if his role in the rise of GPUs wasn't enough.

          A patent application published on December 2 credits Huang as one of the inventors of a system to open and share a file in the cloud without the need for a corresponding application on local devices.

          Instead, the opened file is encoded and presented through a video stream, with everything happening in the cloud. To be clear, the application is a continuation of filings and patents granted dating back to 2012 related to graphics processing in the cloud and network-attached GPUs. The new patent hasn't been granted yet.

        • Nurses from 28 countries file UN complaint alleging human rights violations by EU and four countries for ‘the loss of countless lives’ in the pandemic

          A coalition of nurses unions representing well over 2.5 million health care workers from 28 countries around the world, coordinated by Global Nurses United (GNU) and the Progressive International (PI), have filed a complaint with the United Nations alleging human rights violations by the European Union, the United Kingdom, Norway, Switzerland, and Singapore during the Covid-19 pandemic, whose end, they write “is nowhere in sight.”

          In their complaint addressed to Dr. Tlaleng Mofokeng, the UN’s Special Rapporteur on Physical and Mental Health, the nurses charge that “these countries have violated our rights and the rights of our patients — and caused the loss of countless lives” through “continued opposition to the TRIPS waiver ... resulting in the violation of human rights of peoples across the world.”

        • Software Patents

          • Clearview's dodgy selfie-scraping AI facial recognition technology set to be patented

            Clearview’s controversial facial recognition technology is getting closer to being patented by the US Patent and Trademark Office.

            The USPTO has given Clearview a “notice of allowance”, a sign that the startup’s patent application will be approved once it pays administrative costs, Politico reported. Clearview said it has scraped ten billion photos from public social media accounts. Although companies like Instagram and Twitter disapprove, Clearview has continued to download these images without permission.

      • Copyrights

        • Supreme Court Urged To Reverse Warhol Copyright Ruling - Law360

          A copyright battle over a decades-old series of Andy Warhol prints of music legend Prince has reached the steps of the U.S. Supreme Court, with Warhol's foundation arguing that the high court has "repeatedly made clear" that a work can be transformative when it conveys a different meaning from the preexisting work.



Recent Techrights' Posts

Early Retirement Age: Linus Torvalds Turns 55 Next Week
Now he's almost eligible for retirement in certain European countries
Gemini Links 22/12/2024: Solstice and IDEs
Links for the day
BetaNews: Microsoft Slop is Your "Latest Technology News"
Paid-for garbage disguised as "journalism"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 21, 2024
IRC logs for Saturday, December 21, 2024
Links 21/12/2024: EU on Solidarity with Ukraine, Focus on Illegal and Unconstitutional Patent Court in the EU (UPC)
Links for the day
[Meme] Microsofters at the End of David's Leash
Hand holding the leash. Whose?
Deciphering Matt's Take on WordPress, Which is Under Attack From Microsofters-Funded Aggravator
the money sponsoring the legal attacks on WordPress and on Matt is connected very closely to Microsoft
Gemini Links 21/12/2024: Projections, Dead Web ('Webapps' Replacing Pages), and Presentation of Pi-hole
Links for the day
American Samoa One of the Sovereign States Where Windows Has Fallen Below 1% (and Stays Below It)
the latest data plotted in LibreOffice
[Meme] Brian's Ravioli
An article per minute?
Links 21/12/2024: "Hey Hi" (AI) or LLM Bubble Criticised by Mainstream Media, Oligarchs Try to Control and Shut Down US Government
Links for the day
LLM Slop is Ruining the Media and Ruining the Web, Ignoring the Problem or the Principal Culprits (or the Slop Itself) Is Not Enough
We need to encourage calling out the culprits (till they stop this poor conduct or misconduct)
Christmas FUD From Microsoft, Smearing "SSH" When the Real Issue is Microsoft Windows
And since Microsoft's software contains back doors, only a fool would allow any part of SSH on Microsoft's environments, which should be presumed compromised
Paywalls, Bots, Spam, and Spyware is "Future of the Media" According to UK Press Gazette
"managers want more LLM slop"
Google Has Mass Layoffs (Again), But the Problem is Vastly Larger
started as a rumour about January 2025
On BetaNews Latest Technology News: "We are moderately confident this text was [LLM Chatbot] generated"
The future of newsrooms or another site circling down the drain with spam, slop, or both?
"The Real New Year" is Now
Happy solstice
Microsoft OSI Reads Techrights Closely
Microsoft OSI has also fraudulently attempted to censor Techrights several times over the years
"Warning About IBM's Labor Practices"
IBM is not growing and its revenue is just "borrowed" from companies it is buying; a lot of this revenue gets spent paying the interest on considerable debt
[Meme] The Easier Way to Make Money
With patents...
The Curse (to Microsoft) of the Faroe Islands
The common factor there seems to be Apple
Electronic Frontier Foundation Defends Companies That Attack Free Speech Online (Follow the Money)
One might joke that today's EFF has basically adopted the same stance as Donald Trump and has a "warm spot" for BRICS propaganda
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 20, 2024
IRC logs for Friday, December 20, 2024
Gemini Links 21/12/2024: Death of Mike Case, Slow and Sudden End of the Web
Links for the day
Links 20/12/2024: Security Patches, Openwashing by Open Source Initiative, Prison Sentence for Bitcoin Charlatan and Fraud
Links for the day
Another Terrible Month for Microsoft in Web Servers
Consistent downward curve
LLM Slop Disguised as Journalism: The Latest Threat to the Web
A lot of it is to do with proprietary GitHub, i.e. Microsoft
Gemini Links 20/12/2024: Regulation and Implementing Graphics
Links for the day
Links 20/12/2024: Windows Breaks Itself, Mass Layoffs Coming to Google Again (Big Wave)
Links for the day
Microsoft: "Upgrade" to Vista 11 Today, We'll Brick Your Audio and You Cannot Prevent This
Windows Update is obligatory, so...
The Unspeakable National Security Threat: Plasticwares as the New Industrial Standard
Made to last or made to be as cheap as possible? Meritocracy or industrial rat races are everywhere now.
Microsoft's All-Time Lows in Macao and Hong Kong
Microsoft is having a hard time in China, not only for political reasons
[Meme] "It Was Like a Nuclear Winter"
This won't happen again, will it?
If You Know That Hey Hi (AI) is Hype, Then Stop Participating in It
bogus narrative of "Hey Hi (AI) arms race" and "era/age of Hey Hi" and "Hey Hi Revolution"
Bangladesh (Population Close to 200 Million) Sees Highest GNU/Linux Adoption Levels Ever
Microsoft barely has a grip on this country. It used to.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 19, 2024
IRC logs for Thursday, December 19, 2024