Bonum Certa Men Certa

Links 23/12/2021: SuperTux 0.6.3, Pardus 21.1, and AWS 'Clown Computing' Downtime (Again)



  • GNU/Linux

    • A non-technical Linux user’s tale

      As I mentioned in many posts, my goal for this website is to bring the world of Linux closer to the ordinary computer user, who focuses on productive tasks, creative hobbies, administration or a study. I want to free Linux from the misconception of being too technical, too complicated, too user-unfriendly, and only for techies, system administrators and programmers, because that is an incorrect image that misrepresents what Linux really has to offer. I think together we can help others see that Linux is actually a great friendly platform by sharing our experiences from that real user point of view. So I am proud that today’s article is not from my hand, but splendidly written by Paul Surman, one of the readers of this website who is very enthusiastic about what Linux and open source has to offer. Paul takes us into his real user experiences with Linux from, among other things, his work as a poet. Paul takes us along on his personal journey through his Linux world, the rationale behind his choices and above all the pleasure Linux gives him on a daily basis. Enjoy his story.

    • Desktop/Laptop

      • 4 Best Linux Distros for Music Production to use in 2022 - Linux Shout

        Linux is always viewed as a developer-centric platform due to its immense advantageous features for development. Still, many people don’t know that it is a great operating system when it comes to exploring your creativity. If you are a music producer and want to use Linux, you are in the right place. In this article, we will explain everything about the best Linux distros for music production.

        Why Do We Choose Linux Distros?

        Linux distro is considered a good choice for any user because it offers many more benefits, DAW (Digital Audio Workstation), manipulation tools, countless image editors, etc. Users can use these distros in detail by crossing their creative limits while sitting comfortably.

    • Server

      • AWS power failure in US-EAST-1 region killed some hardware and instances

        A small group of sysadmins have a disaster recovery job on their hands, on top of Log4J fun, thanks to a power outage at Amazon Web Services’ USE1-AZ4 Availability Zone in the US-EAST-1 Region.

        The lack of fun kicked off at 04:35AM Pacific Time (PST – aka 12:35PM UTC) on December 22nd, when AWS noticed launch failures and networking issues for some instances in its Elastic Compute Cloud IaaS service.

        26 minutes later the cloud colossus ‘fessed up to a power outage and recommended moving workloads to other parts of its cloud that were still receiving electricity.

        Power was restored at 05:39AM PST and AWS reported slow recovery of services, however a 6:51AM update admitted that ongoing networking issues were hampering efforts at full restoration.

        At the time of writing, AWS has still not fully restored networking.

    • Audiocasts/Shows

      • Say No to Node | Coder Radio 445

        We're both impressed by Rails 7 and how an old foe got us down again.

      • FLOSS Weekly 661: Open Source for Observability - Computer Security, VIZIO Lawsuit

        Is it a coincidence that observability is both an essential feature of open source and also a scourge of our wantonly spied lives online? Can we use the former to solve the latter? That and many other questions are discussed during FLOSS Weekly. Join Doc Searls as he is joined by co-hosts Jonathan Bennett and Simon Phipps for a year-end look at the crazy state of our connected world and discussing other topics such as the VIZIO class-action lawsuit & the Linux Tech Tips Linux challenge.

    • Kernel Space

      • Intel's IWD Wireless Daemon Preparing WiFi DPP Support (Wi-Fi Easy Connect) - Phoronix

        Intel's open-source IWD modern wireless daemon that works with the likes of NetworkManager, systemd-networkd, and their own ConnMan has been preparing support for WiFi Device Provisioning Protocol (DPP).

        The WiFi standard's Device Provisioning Protocol is a modern replacement to WPS (WiFi Protected Setup). DPP is more secure than WPS for pairing WiFi devices and also is designed to work better for current IoT device pairing.

      • Linux 5.17 Will Have An Important Intel P-State Update For Alder Lake Mobile CPUs - Phoronix

        Linux 5.17 will have a seemingly important fix for upcoming Intel Alder Lake mobile processors. Without this change/fix, you might not see the advertised one-core turbo frequencies being met for your processor depending upon the system and whether tuning your EPP.

        A change to the Intel P-State CPU frequency scaling driver is now queued up as part of the power management code destined for Linux 5.17. "There is an expectation from users that they can get frequency specified by cpufreq/cpuinfo_max_freq when conditions permit. But with AlderLake mobile it may not be possible," begins the patch with this Alder Lake mobile fix.

      • A growth year for upstream kernel contributions

        With over 350 patches authored and nearly 200 reviewed and tested in multiple subsystems, 2021 was a great year for Linux kernel development at Collabora. In addition to the work some of us do as maintainers, reviewing and accepting patches in subsystem trees, we also contributed significantly to KernelCI, the community-led project which powers kernelci.org with automated testing for the upstream Linux kernel. Since January the team has grown with 10 new amazing joiners already contributing and making a difference. Here is a look at some of our achievements during the year.

      • Digging into the community's lore with lei

        Email is often seen as a technology with a dim future; it is slow, easily faked, and buried in spam. Kids These Days want nothing to do with it, and email has lost its charm with many others as well. But many development projects are still dependent on it, and even non-developers still cope with large volumes of mail. While development forges show one possible path away from email, they are not the only one. What if new structures could be built on top of email to address some of its worst problems while keeping the good parts that many projects depend on? The "lei" system recently launched by Konstantin Ryabitsev is a hint of how such a future might look. One of the initial motivations for creating LWN, back in 1997, was to spare readers from the impossible task of keeping up with the linux-kernel mailing list. After all, that list was receiving an astounding 100 messages every day, and no rational human being would try to read such a thing. Some 24 years later, that situation has changed: linux-kernel now runs over 1,000 messages per day, and there are dozens of other busy, kernel-oriented mailing lists as well. It is easy to miss important messages while trying to follow that kind of traffic — and few developers even try.

        While much of the traffic that appears on any mailing list is quickly forgettable, some of it has lasting value; that means that good archives are needed. For most of the kernel project's history, those archives did not exist. There were indeed archives for most lists, but they were scattered, of mixed reliability, difficult to search, and usually incomplete. It is only a few years ago that Ryabitsev put together lore.kernel.org to serve as a better solution to this problem. By using a search-friendly archiving system (public-inbox), building complete archives from pieces obtained from numerous sources, and archiving most kernel-oriented lists, Ryabitsev was able to create a resource that quickly became indispensable within the community.

        Lei (which stands for "local email interface") comes out of the public-inbox community. It works nicely with lore, to the point that Ryabitsev refers to the whole system as "lore+lei". The idea behind this combination is to create a new way of dealing with email that allows developers to see interesting messages without having to subscribe to an entire list.

        Public-inbox is built on some interesting ideas, including the use of Git to store the archive itself. The real key to its usefulness, though, is the use of Xapian to implement a fast, focused search capability. The "fast" part allows for nearly instantaneous searches within the millions of messages in the email archive; this query, for example, shows immediately that the term "dromedary" has been used exactly 30 times in all of the lists archived on lore.

    • Instructionals/Technical

      • How to upgrade to Blender 3 on Linux

        Blender 3.0 is here! With it, 3.0 comes many excellent new features and performance improvements. If you’re an avid user of Blender, you’ll want to get this latest upgrade. Here’s how you can upgrade Blender to 3.0.

      • Install Chamilo LMS on Ubuntu 20.04 - Unixcop the Unix / Linux the admins deams

        Hello, friends. In this post, we will talk about how to install Chamilo LMS on Ubuntu 20.04. Let’s go for it.

      • How to install Jellyfin Media Player on Linux

        The Jellyfin Media Player is a tool users can install on Linux to view content hosted on their Jellyfin Media Server. This program is supported on Ubuntu, Debian, Arch Linux, OpenSUSE, and Flatpak. Here’s how to get it working on your system.

      • How to Manage User Passwords on Linux Machines - JumpCloud

        Using a password with an associated user account is the primary method of authentication in Linux and most UNIX systems. It’s one of the few authentication methods supported by the SSH protocol besides public key authentication, which requires admins to create a key pair (public and private key) to authenticate a user with a remote system.

        However, unlike public key authentication, passwords are prone to breaches such as brute force attacks that can be executed using automated scripts. Passwords can also be forgotten which means that users get locked out of the system. Weak and easily guessable passwords such as “Password123” can also present a security risk, and are often a consequence of password fatigue.

        Password management is, therefore, one of the top-of-mind tasks that any system administrator should carry out. This tutorial sheds light on some of the ways you can manage passwords on a Linux system.

      • Implement governance on your Kubernetes cluster

        When you work with Kubernetes, it slowly becomes your production temple. You invest time and resources into developing and nurturing it, and you naturally begin looking for ways to control the Kubernetes end user in your organization. What can it do? What resources can it create? Can it label two deployments in a specific way? Which best practices should we follow?

        Meet OPA Gatekeeper. This article will show you how to use it to create and enforce policies and governance for your Kubernetes clusters so the resources you apply comply with that policy.

        [...]

        OPA is like a super engine. You can write all your policies in it, then execute it with each input to check whether it violates any policies and, if so, in what way.

      • How to install Audacity 3.1.2 on a Chromebook

        Today we are looking at how to install Audacity 3.1.2 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • Linux Shutdown Command [with Examples]

        Need to know how to shutdown your Linux system safely using command line or how to schedule shutdown at specific time? Here’s the answer!

        The shutdown command in Linux brings the system down in a secure way. This involves cutting the power to the main components of the system using a controlled process.

        The shutdown command allows you to shutdown the system immediately, or schedule a shutdown using 24 hour format. When the shutdown is initiated, all logged-in users and processes are notified that the system is going down by the signal SIGTERM. In addition to, no further logins are allowed.

      • Upgrade Linux Kernel of CentOS 8 - Unixcop the Unix / Linux the admins deams

        Kernel is the most important component of any Linux OS. A linux kernel works as an interpreter or mediator between computer hardware and software processes.

      • Understand Access Control Lists for CentOS 8 - Unixcop the Unix / Linux the admins deams

        Access Control Lists (ACL) provides flexible permission mechanism for file system. ACL assists with file permission, it allows to give permissions for any user or group to any directory or file.

        Using ACL you can also give required access to a user which is not a member of a group. Basically we can ACL to make a flexible permission mechanism in linux.

      • How to install Gimp 3 Beta on Elementary OS 6.0 - Invidious

        In this video, we are looking at how to install Gimp 3 Beta on Elementary OS 6.0.

      • Apply a command on files with different names Using mkdir
      • Share a file quickly using a python web server Using cd
      • Find failures with journalctl Using sort, uniq
      • Monitor memory without top or htop Using watch
      • Display disk partition sizes
      • How to set up dual monitors on your desktop PC - Android Authority

        When you connect a second monitor to your Ubuntu Linux computer, your system should pick it up on its own.

    • Games

      • Linux Has Grown Into A Viable PC Gaming Platform And The Steam Stats Prove It | HotHardware

        When was the last time you tried using Linux as a desktop OS? Sure, some high-profile YouTubers have been having a lot of trouble recently, but they're trying to make a point out of love. For enthusiasts, the transition from Windows is surprisingly smooth these days, and on the vast majority of consumer PC hardware, Linux pretty much "just works."

        That even includes PC gaming, thanks to the efforts of hundreds of contributors to open-source software. At the forefront of this movement is Valve and its Proton translation layer, itself built on the backs of numerous open-source projects including Wine and dxvk. The project maintains a site called ProtonDB that is a compatibility database of (primarily Windows) PC games indicating how seamlessly the game works on Proton.

        Going over ProtonDB, a surprising 74 of the top 100 most-played games on Steam are in "Gold" or "Platinum" status. The former indicates that the game works flawlessly with minor tweaks, and the latter means the game should work "out of the box" with no modifications. A further 10 games are in "Silver" status, which implies that the game is playable with minor issues. Just four games are in "Bronze" status indicating more major issues, while twelve of the top 100 games are in "Borked" status, meaning they don't work at all.

      • SuperTux | SuperTux 0.6.3

        The SuperTux team is excited to announce the release of SuperTux 0.6.3 after approximately 1.5 years of development. This release introduces many new features; perhaps the most new features in a long time!

      • SuperTux 0.6.3 Brings In-Game Improvements, WebAssembly Support

        Well known open-source video game SuperTux that is inspired by Super Mario Bros is out with its first release in one and a half years for the Tux-themed platform game.

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • GNOME's Wayland Session Shows Potential For Better Battery Life Than With X.Org - Phoronix

          While not talked about as much as raw performance and other factors, but in the recent testing of the Lenovo ThinkPad T14s Gen2 laptop with AMD Ryzen 7 PRO 5850U, it was observed that the GNOME Wayland session by default on Ubuntu 21.10 is delivering better battery life / lower power consumption than using the GNOME X.Org session.

          For those curious about Wayland vs. X.Org for mobile computing, the GNOME Wayland session is reliably having around up to a ~3 Watt power saving on battery with Radeon graphics at least compared to the traditional X.Org session with all of that crusty code running.

    • Distributions

      • Linux for the Paranoid Does the Work for You

        The distribution is based on Ubuntu, so all the familiar tools are there. There are also a few security and privacy tools included like KeePass, Tox, OnionShare, i2p, and more. The desktop shows a summary of secure network information

        Do you need Kodachi? Probably not, if you are a Linux guru. Plus, most people aren’t doing anything that’s that interesting. But if you want to protect your privacy or you are up to something, give Kodachi a try. Then again, if you are that paranoid, maybe that’s just what THEY want you to do. Make your own decisions. You can also check out the video review from [eBuzz Central] below.

      • New Releases

      • Gentoo Family

        • OSS News: Learn More Linux, More Zen for ML, Desktop Linux New and Old

          The Gentoo-based Calculate Linux distribution — made in Russia — on Dec. 8 was updated to version 22; a major release that brings several new features and updated components. It is an impressively different Linux operating system.

          This is a distribution designed with home and SMB users in mind. Calculate is particularly appealing to small businesses that want a rock-solid system with the flexibility to meet a variety of needs. It is optimized for rapid deployment in corporate environments.

          Calculate is old-computer friendly. It lets users optimize systems to match their hardware to best fit their needs and can be an inviting computing option for consumers with Linux know-how.

          Calculate is not difficult to use. Though it is a bit different under the hood, especially in how its package management system works.

          Calculate Linux 22 offers a switch to PipeWire as the default sound server instead of PulseAudio. It also offers a former default option of ALSA (Advanced Linux Sound Architecture).

          This latest version installs the system once and lets you update when needed. You can even update from a new image system while still running the current one. This is a great option to ward off upgrade surprises.

      • SUSE/OpenSUSE

        • openSUSE Board Election 2021 happening right now

          The election was announced on the project mailing list on the 1st of November 2021. The current Election Committee is composed of Ariez Vachha, Mohammad Edwin Zakaria and myself.

          This election is required to fill two seats on the openSUSE Board, as the term for Simon Lees and Vinzenz Vietzke are coming to an end.

      • Arch Family

        • Jesus would likely be a Linux user, so install Manjaro 21.2 'Qonos' to celebrate Christmas

          Christmas is just a few days away now, and I am definitely not in a great mood for the special holiday. Like many of you, I am depressed about this new Omicron variant of COVID-19 running rampant. Sadly, we all may have to lock ourselves down once again, staying in our homes while waving goodbye to visiting family and going to restaurants. This is not the Christmas I was envisioning just last week. Sigh.

          Thankfully, there is a way to celebrate the birth of Jesus Christ without leaving the house -- installing a Linux distribution! Look, I can't prove it, but I'd like to think Jesus would be a fan of both Linux and open source software. If he returned to Earth tomorrow, I think he would be more likely to use the Arch-based Manjaro than Windows 11. And so, if you are forced to stay indoors this Christmas weekend, I highly recommend trying out the all-new Manjaro 21.2 operating system.

          Code-named "Qonos," the distribution becomes available for download today. The distro can be had with your choice of three desktop environments -- GNOME (41.2), KDE Plasma (5.23), and Xfce (4.16). Manjaro 21.2 ships with Linux kernel 5.15 LTS by default, but 5.4 LTS and 5.10 LTS are available too. You can read more about the changes in version 21.2 here.

      • IBM/Red Hat/Fedora

        • Adding fs-verity support for Fedora 36?

          Fs-verity is a kernel feature that is supported by some filesystems; it provides a way to ensure that the contents of a file cannot change on disk. It revolves around a Merkle tree that is created for each file being protected; the tree contains hashes of each data block in the file. When a file is protected by fs-verity, it is marked as read-only and every read operation checks that the block read matches the value stored in the tree; the operation fails if there is no match. In addition, the tree itself can be cryptographically signed to ensure that nothing has been changed underneath the filesystem by, say, accessing the raw block device or image file.

          Fedora program manager Ben Cotton posted the Fedora change proposal to add fs-verity support on behalf of the feature owners: Davide Cavalca, Boris Burkov, Filipe Brandenburger, Michel Alexandre Salim, and Matthew Almond. There are several elements to the plan. To start with, the Koji build system needs to be able to create and sign the Merkle tree for each file that gets shipped in the RPM package. The tree itself is not added to the RPM package, just the signed top-level hash for each file.

          On the other end, an optional fs-verity RPM plugin would install the Fedora key and enable fs-verity for each file it installs. The filesystem would then recreate the Merkle tree, check it against the signature in the RPM metadata, and store the tree with the file. After that, each access to the file will be checked against the tree, which means that various kinds of operations (e.g. read(), mmap(), execve(), etc.) will only proceed if the data blocks on disk have not changed.

          The proposal mainly focuses on the build side of the equation: "Specifically, installing and enabling the fs-verity rpm plugin by default is explicitly considered out of scope here." The overhead of creating the Merkle tree at installation time did not "appear to meaningfully slow down package installs during empirical testing", but there is some (unspecified) cost of creating the tree for every Koji build, of course. The Merkle tree is only stored if the RPM fs-verity plugin is enabled and adds roughly 1/127th (0.8%) to the size of the installed file. All RPMs would get additional metadata, in the form of signatures, if the proposal is adopted, but even that is fairly negligible: "in the vast majority of cases we expect to see minimal to no size increase thanks to RPM header packing".

      • Canonical/Ubuntu Family

        • Ubuntu Blog: A look forward to storage in 2022

          More and more data is being created every day. It truly is non-stop. In 2021 alone, it was predicted that enterprise storage vendors would ship almost 150 Exabytes in capacity, and this number is only expected to increase again in 2022!

          We now see 20TB hard drives on the market to help with these needs, but we have to remain vigilant when building storage clusters, as the access speed of these drives hasn’t really changed at all over the last few years. In failure scenarios, where we have to recreate replicas or erasure-coded shards of data, it can take many many hours with drives of such high capacity.

          So the rule of thumb remains the same: a larger number of smaller drives leads to a more predictable system for any amount of capacity. Of course, you do have to remain pragmatic to balance capacity needs with the cost of increasing the number of spindles.

          [...]

          Open source storage solutions such as Ceph can readily help solve for the growth and scaling challenges seen across the industry.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Top 10 Stories About Compute Engines, Linux in 2021 | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

        Compute engines saw notable developments, particularly around Linux, in 2021. Review ITPro Today’s top 10 articles on the topic.

      • GoTestWAF: Open-source project for evaluating web application security solutions

        GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, etc. It was designed to evaluate web application security solutions, such as API security proxies, web application firewalls, IPS, API gateways, and others.

      • Apache Kafka Gains Adoption as Streaming Data Grows

        Apache Kafka is a distributed event-streaming platform that enables companies to monitor and manage real time data feeds. This open source software launched in 2011, following its initial development by LinkedIn, and evolved into a real-time event-streaming platform by 2015.

        Kafka is not the only event-streaming technology; it competes in the marketplace with Amazon Kinesis. But Kafka has gained solid marketshare, and is the basis for multiple implementations, including Red Hat AMQ Streams.

      • CodeSee: Why we support the OSI

        CodeSee offers a developer tool called Maps, built to help developers and teams visually understand codebases. Maps are auto-syncing code diagrams, with features designed to drive collaboration, improve code reviews, reduce onboarding friction, and more. In September 2021, CodeSee launched OSS Port—a space for open source project maintainers and contributors to connect and collaborate, with the ability to use CodeSee Maps to easily onboard new developers and guide code reviews. Maps is forever-free to use on open source projects.

      • Web Browsers

        • Mozilla

          • Need a Thunderbird Tray Icon on Ubuntu? Try BirdTray - OMG! Ubuntu!

            Thunderbird is Ubuntu’s default e-mail client but it’s not the most well integrated of tools — at least, not by default.

            For instance, some Linux apps (e.g., Telegram) show an unread count on the Ubuntu dock while the app is running. This makes it easy to see, for instance, how many unread messages you have. Thunderbird doesn’t do this.

            But this is open source software, so you’re not out of options.

            One way to keep tabs on new mail as it arrives in Thunderbird is to install the BirdTray tool. BirdTray is free, open source software that’s available to install straight from the Ubuntu repos (though it’s also available on Flathub, if you’d rather).

          • Will Kahn-Greene on Socorro Engineering: 2021 retrospective

            2020h1 was rough and 2020h2 was not to be outdone. 2021h1 was worse in a lot of ways, but I got really lucky and a bunch of things happened that made 2021h2 much better. I'll talk a bit more about that towards the end.

            But this post isn't about stymying the corrosion of multi-year burnout--it's a dizzying retrospective of Socorro engineering in 2021.

      • SaaS/Back End/Databases

        • PostgreSQL: Database Lab Engine 3.0: UI, persistent clones, PostgreSQL 14, more

          The Postgres.ai team is happy to announce the release of version 3.0 of Database Lab Engine (DLE), the most advanced open-source software ever released that empowers development, testing, and troubleshooting environments for fast-growing projects. The use of Database Lab Engine 3.0 provides a competitive advantage to companies via implementing the "Shift-left testing" approach in software development.

          Database Lab Engine is an open-source technology that enables thin cloning for PostgreSQL. Thin clones are exceptionally useful when you need to scale the development process. DLE can manage dozens of independent clones of your database on a single machine, so each engineer or automation process works with their very own database provisioned in seconds without extra costs.

      • Programming/Development

        • GNU Parallel - News: GNU Parallel 20211222 ('Støjberg') released [stable] h

          GNU Parallel 20211222 ('Støjberg') [stable] has been released. It is available for download at: lbry://@GnuParallel:4

          No new functionality was introduced so this is a good candidate for a stable release.

        • Stochastic bisection in Git [LWN.net]

          Regressions are no fun; among other things, finding the source of a regression among thousands of changes can be a needle-in-the-haystack sort of problem. The git bisect command can help; it is a (relatively) easy way to sift through large numbers of commits to find the one that introduces a regression. When it works well, it can quickly point out the change that causes a specific problem. Bisection is not a perfect tool, though; it can go badly wrong in situations where a bug cannot be reliably reproduced. In an attempt to make bisection more useful in such cases, Jan Kara is proposing to add "stochastic bisection" support to Git.

          Bisection looks for problem commits using a binary search. The developer identifies the latest known good commit with git bisect good and the earliest known commit showing the bug with git bisect bad. Git will then find a commit near the midpoint between the two, check out that commit, and wait for the developer to try to reproduce the bug. Another git bisect command is used to mark the commit as "good" or "bad", and the process repeats, dividing the range of commits in half each time, until only one commit remains. That commit must be the one that introduced the bug in question.

          This technique can be powerful. A bug introduced in a 12,000-commit kernel merge window can be narrowed to a single commit in 14 bisect cycles, which makes the process of finding the actual bug much easier. But it works less well when dealing with bugs that are difficult to reproduce and which, thus, may not manifest in any given testing cycle. A 14-step bisection is 14 opportunities for the developer to provide an incorrect result, and it only takes one such to throw the entire process off. It is not uncommon to see nonsensical bisection results posted to mailing lists; they are often caused by just this kind of problem.

        • Linux: Linker-Alternative Mold wants to be faster than GNU Gold and LLVM’s lld [Ed: Automated translation]

          lld developer Rui Ueyama has released Mold 1.0, a new linker alternative to GNUs Gold and LLVM’s lld. With version 1.0, a software project is generally considered stable and can be used without hesitation. Mold currently runs on Linux systems, support for macOS and Windows is planned.

          Faster thanks to faster algorithms

          LLVM is a compiler architecture that is used in Linux and FreeBSD, among others. LLVM lld is an alternative to the GNU tools ld and gold. Die Linker-Alternative Mold (English for “Schimmel”, der is recognizable in the logo) does not offer any new linker functions compared to lld or gold, but it should be noticeably faster.

        • Perl/Raku

        • Python

          • Wrangling the typing PEPs [LWN.net]

            When last we looked in on the great typing PEP debate for Python, back in August, two PEPs were still being discussed as alternatives for handling annotations in the language. The steering council was considering the issue after deferring on a decision for the Python 3.10 release, but the question has been deferred again for Python 3.11. More study is needed and the council is looking for help from the Python community to guide its decision. In the meantime, though, discussion about the deferral has led to the understanding that annotations are not a general-purpose feature, but are only meant for typing information. In addition, there is a growing realization that typing information is effectively becoming mandatory for Python libraries.

        • Java

          • Log4Shell enumeration, mitigation and attack detection tool

            This Endpoint Assessment Tool can enumerate potentially vulnerable systems, detect intrusion attempts, and inoculate Windows systems against Log4j attacks.

            On December 10, a serious zero-day vulnerability in the Apache Log4j logging framework was disclosed. The bug, which allows malicious actors to exploit vulnerable systems remotely, has been given the highest severity score, and governments globally have issued alerts.

            Datto packaged quality contributions from the security community into an MSP-friendly form and released two different versions of an Endpoint Assessment Tool to help MSPs detect and respond to potential exploitations.

            “From a community defense perspective, we want to make effective response tools broadly available to help every MSP in the channel to become more secure and to withstand cyber attacks. It is a chief priority at this time to encourage all MSPs to take advantage of the tools we’ve made available in Datto RMM and on GitHub to protect themselves and their clients. RMMs offer a key systems inventory and response capability that makes it easy to view, manage, and secure your endpoints during critical events,” said Ryan Weeks, Chief Information Security Officer at Datto.

  • Leftovers

    • Contrarian Argument: Let the Kids Have Their Screen Time

      Over the weekend, I finally watched a movie I was really curious to see, the HBO Max original 8-Bit Christmas. I mean, obviously, just looking at the thing, it was clear what it was going to be before you even watched it—a film that tapped at your latent nostalgia and tried to convince you that A Christmas Story needed to be updated for the Nintendo era. It is by no means going to sweep the Oscars. (Give Steve Zahn his due, Academy!) But at the same time, I appreciated what it was trying to do. I will say that a common thread of the film played out like this: parents were way too freaked out at the idea of kids being overly attached to technology, a common thread even today. And that made me think about something: Where’s the counter-narrative, the person going rah-rah, tech is awesome, you should let your kids embrace technology more? I can be that guy—and I shall. Today’s Tedium, just in time for the holiday season, argues in favor of tech-friendly toys.

      [...]

      Whether it’s “You’ll shoot your eye out,” or “you’ve been on your phone for too long,” there is a long tradition of adults jumping on the decision-making of children who are simply trying to engage with the things that interest them.

      And back in the day, before these wafers of Gorilla Glass and silicon danced through their heads, one of the things that interested kids deeply were the novel capabilities of mechanical toys, which often baked in inventive ways of using machinery to produce a clever result. (Think a jack-in-the-box, sort of the prototypical mechanical toy.)

      Now, I don’t know about you, but seeing a few gears team up to create a result that literally can play music or move around the house sounds like a deeply inspiring thing as a young child, and there were some folks in this category who felt the same. A 1929 story in Popular Mechanics by Arthur Abelli attempted to make the case that certain toys often played direct inspirations to how popular inventors of the time, such as Thomas Edison and the Wright brothers, eventually came about their inventions.

      Toy-maker Ferdinand Strauss, quoted in the piece, certainly emphasized that this was his goal.

    • Science

      • As Geeky as it gets – FloppyDrives make Music
      • Laser Sees Through Keyhole | Hackaday

        Those guys at Stanford must be watching a lot of James Bond movies. Their latest invention is a laser that can image an entire room through a keyhole. We imagine that will show up in a number of spy movies real soon now. You can see the code or watch the video below.

        The technique is called NLOS or non-line-of-sight imaging. Previous approaches require scanning a large area to find indirect light from hidden objects. This new approach uses a laser to find objects that are moving. The indirect data changes based on the movement and an algorithm can reverse the measurements to determine the characteristics of the object.

        If you are worried about the neighborhood peeping Tom, you can probably relax. The recovered images are amazing, but not particularly high-quality. Still, considering they were made indirectly, they are great, but you are not going to make out fine details.

        As you might expect, the work is computationally intensive. The GitHub repository has Python code as well as data you can use if you don’t want to build your own laser setup. You can use CUDA to speed up the computations if you have a GPU with enough memory.

    • Hardware

      • You Can 3D Print A Working Reciprocating Steam Engine | Hackaday

        3D prints aren’t typically known for their heat resistance. However, [Integza] noted that using the right techniques, it was possible to 3D print parts that could handle steam heat without failing. Thus, the natural progression from there was to build a piston-type steam engine.

      • Shake With Your New Robot Hand | Hackaday

        Korean researchers have created a very realistic and capable robot hand that looks very promising. It is strong (34N of grip strength) and reasonably lightweight (1.1 kg), too. There are several videos of the hand in action, of which you can see two of them below including one where the hand uses scissors to cut some paper. You can also read the full paper for details.

        Like many good projects, this one started with requirements. The team surveyed existing hands noting the positives and negatives of each design. They then listed the attributes they wanted in a new design.

        The 22 cm hand has 4 fingers, a thumb, and sensors on each fingertip. Overall, there are 20 joints resulting in 15 degrees of freedom so the hand is very dexterous. The construction looks taxing with eccentric motors, ball screws, and linkages. However, the hand is self-contained and ready to mount on any robot arm.

      • Frame Antenna Works The Low Bands | Hackaday

        The lower the frequency of radio transmission, the more antenna that will be needed in general. [OM0ET] wanted to work the 80M to 20M ham bands and decided to turn to a frame antenna. You can see the project in the video below.

        The antenna looks a lot like a magnetic loop antenna. The one in the video has seven loops forming a 520mm square. The loop is, of course, an inductor and by removing some insulation, the operator can clip a lead at different points to control the inductance. A variable capacitor resonates the antenna, so there is definitely tuning required.

      • Stencil Vacuum-Assist Helps Avoid The Heartbreak Of Smeared Solder Paste | Hackaday

        While using a stencil should make solder paste application onto PCBs a simple affair, there are a number of “gotchas” that make it more art than science. Luckily, there are tools you can build, like this 3D-printed vacuum-assist stencil jig, that take a little of the finesse out of the process.

        For those who haven’t had the pleasure, solder paste stencils are often used to make the job of applying just the right amount of solder paste onto the pads of a PCB, and only on the pads. The problem is that once the solder paste has been squeegeed through the holes in the stencil, it’s not easy to remove the stencil without smearing. [Marius Heier]’s stencil box is essentially a chamber that attaches to a shop vac, along with a two-piece perforated work surface. The center part of the top platform is fixed, while the outer section moves up and down on 3D-printed springs.

        In use, the PCB is placed on the center fixed platform, while the stencil sits atop it. Suction pulls the stencil firmly down onto the PCB and holds it there while the solder paste is applied. Releasing the suction causes the outer section of the platform to spring up vertically, resulting in nice, neat solder-covered pads. [Marius] demonstrates the box in the video below, and shows a number of adapters that would make it work with different sized PCBs.

    • Materials

      • Turbocharger Jet Engine Relies On Wood Pellet Ignition | Hackaday

        Turbochargers as used on cars bear some similarities with jet engines. Fundamentally, both contain a turbine that harvests energy from hot gas, using it to spin a compressor which sucks in fresh air for combustion. Thus, turning a turbocharger into a jet engine is entirely possible, and [HRom] decided to have a crack at it.

        The build starts with a turbo that appears to have been used on a diesel engine from the Volkswagen group. The first step was to cut the integral exhaust manifold off the turbo housing. A combustion chamber is then added which takes in fresh air from the compressor housing, and delivers hot combustion products to the turbine inlet. The homebrewed jet engine burns propane as fuel, introduced into the chamber via a nozzle.

        The initial test failed as combustion was occurring at the turbine exhaust rather than in the combustion chamber, likely due to the lack of a proper ignition source inside the combustion chamber. A redesign employed a bigger combustion chamber built out of a fire extinguisher, with smouldering wood pellets inserted inside to get the injected propane burning.

      • How To Forge A Skillet From Scratch | Hackaday

        Cookware isn’t something we typically build ourselves; you’d want a well-equipped metal shop to do the job and do it right. [Torbjörn Ã…hman] has just that, however, and set about forging a stout-looking skillet from scratch.

        The build starts with a round disc of steel serving as a blank for the project. The blank is spun up and the outer perimeter ground down thinner with an angle grinder in what looks like a moderately sketchy operation. A forge is then used to heat the blank so that it can be shaped into a pan using a hammer. Slowly, as the metal is beaten one way and then t’other, the skillet begins to form. A belt sander takes off high points on the outside, and a torch is then used to square up the base of the pan so it sits nicely. Finally a handle attached with some stout rivets, and the newly formed piece of cookware gets a seasoning with sunflower oil.

      • Tech In Plain Sight: Primitive Engineering Materials | Hackaday

        It isn’t an uncommon science fiction trope for our hero to be in a situation where there is no technology. Maybe she’s back in the past or on a faraway planet. The Professor from Gilligan’s Island comes to mind, too. I’d bet the average Hacakday reader could do pretty well in that kind of situation, but there’s one thing that’s often overlooked: materials. Sure, you can build a radio. But can you make wire? Or metal plates for a capacitor? Or a speaker? We tend to overlook how many abstractions we use when we build. Even turning trees into lumber isn’t a totally obvious process.

        People are by their very nature always looking for ways to use the things around them. Even 300,000 years ago, people would find rocks and use them as tools. It wasn’t long before they found that some rocks could shape other rocks to form useful shapes like axes. But the age of engineered materials is much younger. Whether clay, metal, glass, or more obviously plastics, these materials are significantly more useful than rocks tied to sticks, but making them in the first place is an engineering story all on its own.

    • Integrity/Availability

      • Proprietary

        • Security

          • Audio bugging with the Fisher Price Chatter Bluetooth Telephone | Pen Test Partners

            The Fisher Price Chatter Bluetooth Telephone is a reincarnation of a familiar kids toy. It acts as a Bluetooth headset, so the user can connect their smartphone to it and take calls using the kids phone handset. Cute!

            Unfortunately, little to no consideration has been given to privacy and security, resulting in it becoming an audio bug in some circumstances.

            [...]

            Fisher Price released their Bluetooth Chatter Telephone to much fanfare. I’ll be honest – I quite want one too! It brings back memories of my childhood.

            The phone is currently only available from Best Buy in the USA and promptly sold out. We had a chat with Zack Whittaker of Tech Crunch, a lovely Brit based in NYC, who ordered one on our behalf. About 6 weeks later the phone arrived with him, so we worked through a test plan together.

            In the meantime, we went hunting for the Bluetooth specs and instruction manuals.

            The FCC filings are here: https://fccid.io/PIYHGJ69-21A5T though most of the entries were at the time still confidential.

            Our work on My Friend Cayla some years ago showed a very similar issue. An attacker within Bluetooth range could simply connect a Bluetooth audio device (e.g. a smartphone) with no further security challenges and listen to the dolls microphone, or speak through its speaker to a child playing with the doll. This led to widespread concern from consumer protection groups such as ForbrukerrÃ¥det (the Norwegian Consumer Council) and product bans across multiple countries, led by Germany’s Federal Network Agency (Bundesnetzagentur).

          • Blocking straight-line speculation — eventually [LWN.net]

            On its face, this code is safe; it will only attempt to index into obj->array if the given offset is within bounds. A CPU running this code, though, may be unable to fetch obj->array_length from cache, meaning that it will have to wait for that value to come from memory. Rather than do nothing, the CPU can make a guess as to how the comparison will turn out and continue execution in a speculative mode; it may guess wrong and index obj->array with an out-of-bounds offset. Again, this shouldn't be a problem; once the array length shows up and it becomes clear that the branch was not correctly predicted, the speculative work will be thrown away.

            The problem, of course, is that this speculative execution can leave traces elsewhere in the system (most often the memory caches) that can be used to exfiltrate data that an attacker would otherwise be unable to access. In the worst cases, Spectre vulnerabilities can be used to attack the kernel or to carry out attacks between virtual machines running on the same physical host. They are a real threat, which is why numerous mitigations have been adopted to thwart these attacks despite a high performance cost.

            Straight-line speculation, which was initially disclosed in this white paper from Arm, differs in that it does not depend on erroneous branch prediction; indeed, no conditional branches are involved at all. Instead, it takes advantage of some strange behavior around unconditional control-flow changes. There are a lot of instructions that will result in a change to the program counter; on Arm, these include instructions that generate exceptions, but also unconditional direct branches and the RET instruction to return from a function call.

    • Civil Rights/Policing

      • What Is Doxxing?

        To dox someone means to release their personal or private information that may prove harmful or embarrassing. This can happen in the real world, but the internet has made it easier both to find and release this information to a wide audience. Doxxing may reveal someone's personal information like their home address or workplace, social security or phone number, private correspondence or pictures, criminal history, IP address, or other details. Some people fail to realize that information they share on social media or other sites may be “scraped” and used against them, potentially opening themselves up to unwelcome public disclosure, identity theft, cyberbullying, stalking, or threats to their personal safety.

        [...]

        Sometimes doxxing results from information that's available to anyone who knows where to look. This can include government records, real estate transactions, news articles, and personal data that people make public themselves on social media. If you operate a website, there may be a public record in the WHOIS database. Doxers can also find a range of personal information about you from “data brokers,” commercial operators who scour online and offline sources to create profiles, sometimes offering reverse mobile phone lookup information.



Recent Techrights' Posts

BetaNews is Run and Written by Bots That Make Clickbait
At least one author is doing this
Technology: rights or responsibilities? - Part VIII
By Dr. Andy Farnell
GNU/Linux Reaches All-Time High in Europe (at 6%)
many in Europe chose to explore something else, something freedom-respecting
Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
 
On Groupthink, Mindless 'Sheep', and Toxic Online Cults
This week, treat yourself to a life free of social control media
[Meme] Microsoft: Our "Hey Hi" Hype is Going So Well That We Have MASS Layoffs Every Month. Makes Sense?
Contradiction
Latest Mass Layoffs at Microsoft Are Confirmed, Bing and Vista 11 Losing Market Share
They tried to hide this. They misuse NDAs.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 24, 2024
IRC logs for Sunday, November 24, 2024
Gemini Links 25/11/2024: Purity and Cory Doctorow's Ulysses Pact, Smolnet Portal and SGI
Links for the day
Patents Against Energy Sources That Reduce Pollution
this EV space (not just charging) is a patent mine field and it has long been that way
DARPA’s Information Innovation Office, Howard Shrobe, Values Compartmentalisation But Loses the Opportunity to Promote GNU/Linux and BSDs
All in all, he misses an opportunity
Wayland is an Alternative to X
the alternative to X (as in Twitter) isn't social control media but something like IRC
BetaNews, Desperate for Clicks, is Pushing Donald Trump Spam Created by LLMs (Slop)
Big clap to Brian Fagioli for stuffing a "tech" site with Trump spam (not the first time he uses LLMs to do this)
[Meme] Social Control Media Bliss
"My tree is bigger than yours"
Links 24/11/2024: More IMF Bailouts and Net Client Freedom
Links for the day
Gemini Links 24/11/2024: Being a Student and Digital Downsizing
Links for the day
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day