Bonum Certa Men Certa

Links 26/12/2021: Enlightenment 0.25, Lumina 1.6.2, and New Sparky Releases



  • GNU/Linux

    • Kernel Space

      • The lost talks from Linus Torvalds at DECUS'94
      • FGKASLR Is An Exciting Linux Kernel Improvement To Look Forward To In 2022 - Phoronix

        It's been nearly two years in the making since Intel posted FGKASLR patches for improving Linux kernel security. While that work on Finer Grained / Function Granular KASLR stalled for a year, in recent months work on it was revived and in 2022 looks like this security is on a path for mainlining.

        FGKASLR is a step-up over the Kernel Address Space Layout Randomization widely used right now by the Linux kernel for thwarting attacks relying upon known positions of the kernel within memory. Rather than just randomizing the base address that can be figured out with enough guessing or leakage, FGKASLR will randomize the layout down to a code function level.

    • Benchmarks

      • Phoronix Test Suite 10.8 Released With Many Improvements For Open-Source Benchmarking - Phoronix

        Phoronix Test Suite 10.8 is out as the latest quarterly feature update to our open-source, automated and cross-platform benchmarking software.

        Phoronix Test Suite 10.8 unifies its environment variable option handling to now easily expose all these options from within the Phoromatic Server web interface for more robust testing. Phoronix Test Suite 10.8 also improves its test installation and test run-time error detection, also for more robust reporting within Phoromatic. Plus there are numerous other fixes and improvements to the Phoromatic component for automated benchmark test orchestration within labs. Phoronix Test Suite 10.8 also has macOS 12 support improvements, PHP 8.1 fixes, detection for new/upcoming processors, and more.

    • Applications

      • The 9 Best Distraction-Free Writing Apps for Linux to Help You Focus

        Writing is a creative effort. Whether you are writing for your blog or working on documentation for a project, it demands focus in terms of brainstorming and thought organization.

        You can find plenty of text editors for Linux that offer excellent features for writing. A category among these apps specializes in providing you with an environment that boosts concentration.

        So, if you are looking for a minimal text editor that eliminates interruptions and distractions to increase your writing productivity, here are some quality apps for your Linux device.

      • Darktable 3.8.0 Released with New Shortcut System, New Modules, HEIF/HEIC Support

        Darktable, free opensource photography application and raw developer, released new major version 3.8.0 few days ago. Here’s what’s new and PPA for Ubuntu users.

        Darktable 3.8.0 reworked the keyboard shortcut system. User may now control the app via other devices, such as MIDI devices and game controllers. And, standard keyboard/mouse shortcuts can now make use of mouse movements.

        The release comes with new diffuse or sharpen module, allows to simulate or to revert diffusion processes to reconstruct images from lens blur, hazing, sensor low-pass filter, or noise. And, new scene-referred blurs module, to synthesize motion and lens blurs in a parametric and physically-accurate way.

    • Instructionals/Technical

      • How To Create a Large 1GB or 10GB File in Linux System

        Since Linux has been used widely for all data communication, networking, and data analysis, the demand for generating live data, static data, and dynamic data is also high. Analysts need to generate different types of data on both large and small scales to demonstrate a process. System admins also often need to generate files Larger than 10GB to check the stability of the system, hardware, and the OS itself. However, in Linux, you can create large files to meet all the demands of data with less effort and less time.

      • How to install CuteFishOS

        Often server administrators need to Create large file to demo something. In Linux you can Create large file with quick terminal commands.

      • How to install and create a bootable USB with Ventoy in Linux

        Ventoy is an incredible tool that allows users to load ISO files up without flashing them with tools like Etcher. However, Ventoy isn’t exactly easy to set up. That’s where we come in. Follow along with this guide as we show you how to set up and use Ventoy on Linux.

      • How To Install Discourse on Ubuntu 20.04 LTS - idroot

        In this tutorial, we will show you how to install Discourse on Ubuntu 20.04 LTS. For those of you who didn’t know, Discourse is an open-source platform used for discussions forum, chat rooms, or as a mailing list management software. It is a modern forum solution that powers discussions on thousands of sites to drive user engagement. A discourse was written in Ruby on Rails as a backend language, Ember.js as a frontend, and uses PostgreSQL for data storage.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Discourse on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

      • How to install Node.js 17 on Ubuntu 20.04 – NextGenTips

        Node.js is an open-source cross-platform, backend javascript runtime environment that runs on the V8 engine and executes javascript code outside of a web browser.

        A Node.js app runs in a single process, without creating a new thread for every request. It provides a set of asynchronous I/O primitives in its standard library that prevent javascript code from blocking and generally, libraries from node.js are written using non-blocking paradigms, making blocking behavior the exceptions rather than the norm.

        When Node.js performs an I/O operation, like reading from the network, accessing a database or the filesystem, instead of blocking the thread and wasting CPU cycles waiting, Node.js will resume the operations when the response comes back. This allows Node.js to handle thousands of concurrent connections with a single server without introducing the burden of managing thread concurrency, which could be a significant source of bugs.

        nvm is used to run node.js packages. It allows you to easily switch node.js versions and install new versions to try and easily roll back if something went wrong.

      • find packages installed from e.g. sid which are newer than those available from e.g. testing when sid is no longer present as a source repo
    • Desktop Environments/WMs

      • Lumina 1.6.2 released. :: Lumina Desktop Environment

        The next update to the Lumina Desktop is out!

      • Lumina 1.6.2 Released For This BSD Licensed Qt-Powered Desktop

        Lumina is the desktop project originally started by PC-BSD/TrueOS developers as a BSD-focused desktop environment built atop Qt. When TrueOS stopped focusing on being a great desktop BSD, Lumina development stalled. But for Linux and BSD users fond of this lightweight Qt desktop, Lumina Desktop development restarted a few months ago.

        Lumina Desktop 1.6.1 was released in October as the first update since January 2020 and under new developers/maintainers. Now in closing out the year there is Lumina Desktop 1.6.2.

      • Enlightenment 0.25 Desktop Environment Released with Flat Look to Match New Flat Theme

        Enlightenment 0.25 is here more than one and a half years after Enlightenment 0.24 to introduce a flat look to match the new flat theme, new gesture recognition bindings for touchpads, fingerprint support in desklock via the libFprint library and a new tool to configure fingerprints, a new binding action that lets users switch profiles, as well as palette editor and selector tool to help you set up custom colors.

        Also new in the Enlightenment 0.25 release is a Procstats module capable of displaying memory and CPU usage in the titlebar, new “grow window in direction” actions that you can bind, new settings for setting up animation multiplier to speed up or down the transitions, a recent files menu to access recently opened files, and a new Screen Setup menu entry in the Quick Settings menu.

    • Distributions

      • New Releases

      • IBM/Red Hat/Fedora

        • IBM quiet about flagship database Db2, despite nice upgrades ● The Register

          It's the time of year when one might wonder what happened to that avuncular family figure whose existence was so reliably dull they passed into history almost forgotten - a little like Db2, IBM's flagship relational database that has faded from users' collective memory.

          Big Blue's system of choice for its mainframes and big Unix/Linux boxes is still very much alive and kicking and has even delivered a smattering of news in recent weeks, with a high profile attendee at the early December International Db2 Users Group European Conference telling us that select users were told of the new "Db2u", a set of containers for Db2 aimed at users exploring or working with the database in the cloud.

      • Debian Family

        • Sparky 2021.12 Special Editions – SparkyLinux

          There are new iso images of Sparky 2021.12 Special Editions: GameOver, Multimedia & Rescue ready to go.

          No big changes, all packages have been updated as of December 24, 2021 so the new images work on Linux kernel 5.15.5, and follow changes of the latest edition of Sparky 2021.12.

          No reinstallation is required if you have Sparky rolling installed, simply keep it up to date.

    • Devices/Embedded

      • BIOS Flashing Journey Writeup Puts Tutorials To Shame | Hackaday

        A couple of weeks ago, [Doug Brown] bought a Ryzen motherboard, advertised as “non-working” and discounted accordingly. He noticed that the seller didn’t test it with any CPUs old enough to be supported by the board’s stock BIOS revision, and decided to take a gamble with upgrading it.

        Not having a supported CPU in hand either, he decided to go the “external programmer” route, which succeeded and gave this board a new life. This is not why we’re writing this up, however. The reason this article caught our eye is because [Doug]’s research leaves no stone unturned, and it’s all there to learn from. Whether through careful observation or thorough research, this article covers all the important points and more, serving as an example to follow for anyone looking to program their BIOS.

      • Raspberry Pi: A cheat sheet - TechRepublic

        The Raspberry Pi's success defied expectations. Conceived as an affordable computer for getting kids to learn how to code, its creators thought they'd sell 1,000 – they've now sold more than 40 million.

      • Mico Is A USB Microphone Based On A Pi Pico | Hackaday

        When [Mahesh Venkitachalam] was experimenting with machine learning for audio applications on a Raspberry Pi, he found himself looking for a simple USB microphone. A cheap one was easy to find, but the sound quality and directionality left much to be desired. A large, studio-quality mic would be overkill, so [Mahesh] decided to simply build exactly what was needed: a compact, yet high-quality USB microphone that he called Mico.

        The sensing device is a MEMS microphone that outputs a pulse density modulated (PDM) signal. There are chips available to directly interface such a microphone to a USB port, but [Mahesh] found them difficult to work with and therefore settled on something he knew already: the Raspberry Pi Pico platform. Luckily, someone had already figured out how to read out a microphone and present a USB device to a PC, so all that was needed was to put all the bits together into a convenient form factor.

      • Open Hardware/Modding

        • Online retailers delaying sales of Raspberry Pi 4 ● The Register

          Online retailers may not be able to send you a specific Raspberry Pi 4B model even for next year's Christmas.

          Mouser is providing an estimated ship date for a Raspberry Pi 4B model with 4GB RAM of January 25, 2023. Digi-Key is also indicating that it will ship the same model now only in 2023.

          Raspberry Pis are great stocking suffers for my tech-crazy family, but this year turned out to be a challenge. Raspberry Pi for the first time increased the prices of its boards in October due to the higher cost of shortage-constrained components.

          We have reached out to the board biz for comment, and will update the story when we hear back.

          The inability to fulfill orders led Raspberry Pi to cap production of single-computer boards to seven million units in 2021.

    • Free, Libre, and Open Source Software

      • 9 open source alternatives to try in 2022 | Opensource.com

        2021 was another year spent largely online, but that's nothing new for the open source world. The ability to work from anywhere is in our DNA, preceding the pandemic that ushered remote work into the mainstream.

        Still, all that time in front of screens this year made our community consider open source alternatives. Regardless of the tool type you need, many of the most popular vendors are not your only option.

        If you're burned out on Zoom, want a CRM that's not Salesforce, or would like an analytics tool that Google doesn't own, read on. We've got the most popular articles on open source alternatives that readers loved in 2021.

      • Web Browsers

        • Fighting for Web 3.0: Digital wallet wars are the new browser wars

          Slowly but surely, however, Microsoft leveraged its monopoly position in the OS space to push its closed-source alternative: Internet Explorer (IE). It was able to outcompete Netscape and become the default choice for users simply by packaging the browser with Windows.

      • SaaS/Back End/Databases

        • PostgreSQL vs MySQL: Compare Database Management Systems

          MySQL and PostgreSQL are the top two open-source relational database management systems (RDBMS), long proven to be highly reliable and scalable. In this article, we explore PostgreSQL vs MySQL, and the differences between them.

        • Database Management Service Uncomplicated: MongoDB V/s MySQL

          Data is everything. Right from identifying patterns to categorizing/ grouping certain entities, data, or, more specifically, relevant data, is pivotal for the success of any business. For example, a customer’s demographic data allows you to fine-tune your marketing strategy, while page analytics grants insight into a website page visitor’s online behavior. However, unless the data is collected, stored, and managed in the correct way, you run into the risk of having data duplication, incomplete or partial data being presented, or data corruption from overwriting.

          Hence it is crucial to have the correct database management service (DBMS) in place when building an application. Understanding what a DBMS is, exploring the different DBMS variants available, and the different use cases of each DBMS will help you choose the right one for your project.

      • Programming/Development

        • LiVES compiled in OpenEmbedded
        • OBS-Studio compiled in OpenEmbedded

          OBS was compiled in a running EasyOS and included in 3.1.17, see blog post...

        • 5 ways to automate security testing in DevSecOps

          The key to both DevOps and DevSecOps is automation. It ensures build and release processes are repeatable, which is important when release velocity is too high for manual steps to occur between release phases or at set times.

          Automation ensures required steps are completed each time code is pushed and removes human memory from the equation so key tasks, such as regression testing, get done. Automation also helps strengthen security by serving as policy enforcement to prevent direct developer access to production and thereby serving as the enforcement point for segregation of duties.

        • These Vancouver high school students noticed a gap in coding education. So, they filled it

          Without having basic coding knowledge, Ma said, it's impossible for youth to know whether or not they want to pursue computer science in post-secondary.

          "The main goal is to kind of combat vast educational disparities within the B.C. schooling system," he said, adding that coding skills are becoming increasingly important.

        • Java

          • Apache's new security update for HTTP Server fixes two flaws

            The foundation has released version 2.4.52 of the Apache HTTP Server (web server) that addresses two flaws tracked as CVE-2021-44790 and CVE-2021-44224, which have respective CVSS severity scores of 9.8 (critical) and 8.2 (high) out of a possible 10. A score of 9.8 is very bad, and in recent weeks has only been topped by the Log4j vulnerability known as Log4Shell, which had a severity score of 10 out of 10.

          • Major security flaw leaves companies vulnerable to ransomware
          • Real-Time Protection of Log4j with AppTrana – Through its Risk-Based Approach

            With the discovery of Log4j vulnerability on December 9th (Also known as Log4shell), the cybersecurity world has gone on a tailspin. It is one of the most potent vulnerabilities identified in recent times. It is estimated that millions of systems were left exposed, resulting in large attempts by hackers to exploit the vulnerability. It is estimated more than a million attacks have been launched since the vulnerability was identified.

          • China regulator suspends cyber security deal with Alibaba Cloud

            Chinese regulators on Wednesday suspended an information-sharing partnership with Alibaba Cloud Computing, a subsidiary of e-commerce conglomerate Alibaba Group (9988.HK), over accusations it failed to promptly report and address a cybersecurity vulnerability, according to state-backed media reports.

            Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China's telecommunications regulator, according to 21st Century Business Herald, citing a recent notice by the Ministry of Industry and Information Technology (MIIT).

          • Alibaba Employee First Spotted Log4j Software Flaw but Now the Company Is in Hot Water With Beijing

            China’s technology ministry suspended work with Alibaba Cloud over what it called untimely reporting to authorities of the flaw affecting users world-wide

          • Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability

            The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j. The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws.

            The attack took place last week, as reported by Flemish-language TV news station VRT, which said "some of the ministry's activities were paralysed for several days."

            Belgian MoD spokesman Olivier Severin said in a prepared statement seen by The Register: "Defence discovered an attack on its computer network with internet access on Thursday. Quarantine measures were quickly taken to isolate the affected parts. The priority is to keep the defence network operational."

          • Log4Shell — Preparing for What Comes Next

            We’re now at about the two week point after news of the vulnerability in the Apache Foundation’s Log4j logging tool for Java, dubbed Log4Shell, splashed into the headlines.

            For a catch up on what this story is all about and a guide for how to kickstart your mitigation efforts, check out our post from 12 December before continuing to read.

          • Bad things come in threes: Apache reveals another Log4J bug

            The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j.

            CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j.

            That’s the third new version of the tool in the last ten days.

            In case you haven’t been paying attention, version 2.15.0 was created to fix CVE-2021-44228, the critical-rated and trivial-to-exploit remote code execution flaw present in many versions up to 2.14.0.

          • ‘Perfect storm’: Inside the race to fix a potentially disastrous software flaw

            At 2:51 p.m. on Nov. 24, members of an open-source software project received an alarming email. The contents threatened to undermine years of programming by a small group of volunteers and unleash massive cyberattacks across the globe.

            “I want to report a security bug,” wrote Chen Zhaojun, an employee on Alibaba Group’s cloud-security team, adding, “the vulnerability has a major impact.”

            The message went on to describe how a hacker could take advantage of Log4j, a widely used software tool, to achieve what’s known as remote code execution, a hackers’ dream because they can remotely take over a computer.

            The message ultimately set off a global race to update critical computer systems, with senior U.S. cybersecurity officials describing the discovery as a “significant threat.” Left unfixed, the software could give attackers unfettered access to untold millions of computer systems.

          • Azul introduces remote compilation for Java ● The Register

            Azul, a provider of OpenJDK (Java runtime) builds, has introduced a "Cloud Native Compiler" which offers remote compilation of Java to native code, claiming it can reduce compute resources by up to 50 per cent.

            When a Java application runs, a JIT (Just-in-time) compiler, usually the OpenJDK JIT called HotSpot, compiles the Java bytecode to native machine code to optimise performance. It is a highly optimised process – but Azul reckons it can improve it further by removing that responsibility from the VM or container where the application is running.

  • Leftovers

    • New six-screen visual installation draws on some of the oldest footage of Japan

      Free to access at BFI Southbank until 9 January, Tokinokawa is a new six-screen installation conceived by UK media artists The Light Surgeons. It draws upon and recontextualises the BFI’s Japan on Film collection, which includes some of the earliest surviving moving images of Japan, preserved by the BFI National Archive and dating back to 1901.

      The installation at BFI Southbank mixes our newly restored films with contemporary recordings gathered in Japan in 2020 by London-based filmmaker Christopher Thomas Allen, along with newly composed music by Japanese percussionist and composer Midori Takada and immersive sound design by audiovisual artist Tim Cowie. The soundtrack has been spatialised across a speaker array supplied by Yamaha, with an infographic visual created using machine learning software tools to ‘read’ the archive films.

    • Seoul Introduces Self-Driving Taxis

      Last year the Seoul city government passed an ordinance enabling the commercial operation of autonomous passenger-carrying vehicles. A six square kilometer region in the Seoul neighborhood of Sangam, near the 2002 World Cup Stadium, was designated as a pilot program test bed. This area encompasses 24 streets totaling 31.3 km. Two companies were selected, and the pilot program launched a few weeks ago. Currently there are three vehicles and passengers can ride for free during this introductory phase. Three more taxis and a bus will be added within this year, with plans for 50 in this region by 2026. For the time being, these cars require a standby driver who takes control in an emergency and in school zones. Check out the short news report (in English) below the break.

    • Cast Your Own Holiday Chocolate Bunny, Or Rather Mouse | Hackaday

      The art of forming and using a mold is, well, an art. The already tricky process would be made even harder by using a fickle material, like chocolate. This is exactly where [Alexandre Chappel] found himself as he tried to cast his own chocolate figurines.

    • 25 Years Ago, Apple Acquired NeXT and Brought Back Steve Jobs

      This week marks the 25th anniversary of Apple announcing that it had agreed to acquire NeXT for $400 million. The stunning move brought Steve Jobs back to Apple over a decade after he left the company following an internal power struggle.

    • LittleBITS: Inadvertent Mail Deletion, TidBITS Security Vulnerability, and iOS Update Error 1100 - TidBITS

      Over in TidBITS Talk, user Tall Trees has contributed another entry in the “I Didn’t Know That!” category. It turns out that in Apple’s Mail app on the Mac, pressing Control-H deletes a message, which could be surprising or even problematic. Jeffrey Jones suggested that the reason was probably related to the fact that Control-H generates the standard ASCII control character for Backspace, which generally maps to the key labeled Delete on modern keyboards. Although David C. pointed out that such ASCII control characters should work only in apps running in an ASCII-like terminal session, Apple’s developers must have explicitly decided to code that keyboard mapping for Mail as well.

    • Science

      • Iodine in desert dust destroys ozone

        When winds loft fine desert dust high into the atmosphere, iodine in that dust can trigger chemical reactions that destroy some air pollution, but also let greenhouse gases stick around longer. The finding may force researchers to re-evaluate how particles from land can impact the chemistry of the atmosphere.

      • circRNA N6-methyladenosine methylation in preeclampsia and the potential role of N6-methyladenosine-modified circPAPPA2 in trophoblast invasion

        Here, we performed N6-methyladenosine (m6A) RNA sequencing to determine the circRNA m6A methylation changes in the placentas during the pathogenesis of preeclampsia (PE). We verified the expression of the circRNA circPAPPA2 using quantitative reverse transcription-PCR. An invasion assay was carried out to identify the role of circPAPPA2 in the development of PE. Mechanistically, we investigated the cause of the altered m6A modification of circPAPPA2 through overexpression and knockdown cell experiments, RNA immunoprecipitation, fluorescence in situ hybridization and RNA stability experiments. We found that increases in m6A-modified circRNAs are prevalent in PE placentas and that the main changes in methylation occur in the 3’UTR and near the start codon, implicating the involvement of these changes in PE development. We also found that the levels of circPAPPA2 are decreased but that m6A modification is augmented. Furthermore, we discovered that methyltransferase‑like 14 (METTL14) increases the level of circPAPPA2 m6A methylation and that insulin-like growth factor 2 mRNA-binding protein 3 (IGF2BP3) maintains circPAPPA2 stability. Decreases in IGF2BP3 levels lead to declines in circPAPPA2 levels. In summary, we provide a new vision and strategy for the study of PE pathology and report that placental circRNA m6A modification appears to be an important regulatory mechanism.

      • No more annual flu shot? New target for universal influenza vaccine

        Scientists at Scripps Research, University of Chicago and Icahn School of Medicine at Mount Sinai have identified a new Achilles' heel of influenza virus, making progress in the quest for a universal flu vaccine. Antibodies against a long-ignored section of the virus, which the team dubbed the anchor, have the potential to recognize a broad variety of flu strains, even as the virus mutates from year to year, they reported Dec. 23, 2021 in the journal Nature.

      • 3D Printing Gets Tiny | Hackaday

        Using a process akin to electroplating, researchers at the University of Oldenburg have 3D printed structures at the 25 nanometer scale. A human hair, of course, is thousands of time thicker than that. The working medium was a copper salt and a very tiny nozzle. How tiny? As small as 1.6 nanometers. That’s big enough for two copper ions at once.

        Tiny nozzles are prone to every 3D printer’s bane: clogged nozzles. To mitigate this, the team built a closed-loop control that measured electrical current between the work area and inside the nozzle. You can read the full paper online.

    • Education

      • The Students Returned, but the Fallout From a Long Disruption Remained - The New York Times

        Three hours into a recent Monday morning, blood had already been spilled in a hallway at Liberty High School. With his walkie-talkie in hand, the principal, Harrison Bailey III, called on the custodial staff to clean up the remnants of a brawl while hurrying to the cafeteria in hopes of staving off another.

        This is how Dr. Bailey has spent many of his hours since the school welcomed back its 2,800 students for in-person learning in August: dashing around the 400,000-square-foot building, outrunning bells and crowds of students, and hoping that his towering presence will serve as an inspiration to pull up masks and a deterrent to other, less obvious burdens that his students have had to contend with since returning.

        Like schools across the country, Liberty has seen the damaging effects of a two-year pandemic that abruptly ejected millions of students from classrooms and isolated them from their peers as they weathered a historic convergence of academic, health and societal crises. Teenagers arguably bore the social and emotional brunt of school disruptions.

    • Hardware

      • Blender? No, Grinder | Hackaday

        [Leandro Felipe] is no stranger to the dirty hack, and this video of his conversion of a blender into a handheld rotary grinding tool is no exception. (Embedded below.) But the end result is something pretty useful — a lighter and more maneuverable rotary grinder that’s got a lot more grunt to boot.

        (The video is in Portuguese, but the captions work pretty well, once you get over the fact that the robots translate “grinding tool” as “rectifier” a lot of the time. And anyway, you’re here for the hacks.)

        The highlights are a handmade coupling that mates the blender motor with the flexible shaft and chuck, purchased separately. And the flattened-out PVC pipe used as a mounting bracket. And him using the motor itself against a file to “lathe” down the drive shaft. And…

      • DIY High Flow 3D Printing | Hackaday

        Sometimes we’re impressed by the sheer audacity of a project. [Stefan] rarely disappoints in that area, and his latest video shows him making an adapter to convert a normal 3D printed nozzle into a high-flow nozzle, similar to one you’d find on a Volcano. We say similar because [Stefan] took the trouble to drill three holes in the adapter to increase the melting surface area. The audacious part is that he doesn’t really have the machine shop to drill three tiny precision holes in close proximity — and he shows us the pictures to prove that he didn’t get it right the first (or fifth) time. But he did stick with it and got good results.

        Why do such a thing? He wanted to mount the high-efficiency nozzles he’s been experimenting with on the Volcano extruder. The commercial one, in particular, doesn’t come in the extended size. To simplify things, he started with a long brass insert. The conical hex cut offers a natural center point if you are satisfied with a single hole through the center of the adapter. The hex cutout allows you to use a key to install or remove the spacer easily.

      • Mini Linear Actuators From DVD Drive Parts | Hackaday

        For many years now a source for some of the smallest and cheapest home made CNC mechanisms has been the seemingly never-ending supply of surplus CD and DVD-ROM drives. The linear actuator that moves the laser may not be the longest or the strongest, but it’s free, and we’ve seen plenty of little X-Y tables using CD drives. It’s these mechanisms that [Nemo404] has taken a little further, freeing the lead screw and motor from the drive chassis and placing them in a 3D-printed enclosure for a complete linear actuator that can be used in other projects. (Video, embedded below.)

      • Realtime Shadows On N64 Hardware | Hackaday

        Although the Nintendo 64 console has in the minds of many been relegated to the era of ‘firmly obsolete graphics’, since its graphic processor’s (GPU’s) lineage traces directly to the best which SGI had to offer in the 1990s, it too supports a range of modern features, including dynamic shadows. In a simple demo, [lambertjamesd] demonstrates how this feature is used.

        As can be seen in the demonstration video (linked after the break), this demo features a single dynamic light, which casts a shadow below the central object in the scene, with a monkey object floating around that casts its own shadow (rendered into an auxiliary frame buffer). This auxiliary buffer is then blended into the main buffer, as explained by [ItzWarty] over at /r/programming on Reddit.

    • Health/Nutrition/Agriculture

      • For some Greenlanders, eating sugar is healthy

        A genetic variation among some Greenlanders makes sugar healthy -- significantly more than for most people. According to a new study, gut bacteria and a unique diet that has nourished Greenlanders for millennia have provided them with a genetic variation that offers an incredible advantage.

      • COVID-19: Google employees flouting vaccination rules to eventually be fired | Companies – Gulf News

        Alphabet Inc’s Google told its employees they would lose pay and eventually be fired if they do not follow its COVID-19 vaccination rules, CNBC on Tuesday, citing internal documents.

        A memo circulated by Google’s leadership said employees had until Dec. 3 to declare their vaccination status and upload documentation showing proof, or to apply for a medical or religious exemption, according to the report.

        After that date, Google said it would start contacting employees who had not uploaded their status or were unvaccinated and those whose exemption requests were not approved, CNBC reported.

      • Omicron vs Delta variants, transmissibility vs severity: What we know and don't know

        The world is facing a huge spike in COVID-19 cases, especially where Omicron is detected. The latest known SARS-COV-2 mutation — labelled a “variant of concern” less than a month ago (November 26, 2021) after cases were first detected in southern Africa — is now confirmed in more than 77 countries. It's likely to have reached more countries than is currently known, say experts.

      • We’re Locked Down Again in the Netherlands. Here’s a Warning.

        Since 5 a.m. on Sunday, bars, restaurants, museums, schools, clothing stores, gift shops and anything resembling fun have been closed across the Netherlands. We’ve become the first European country to go back to lockdown life amid Omicron (until at least early January): It was “unavoidable,” said Prime Minister Mark Rutte. So here we are, looking over the borders enviously at holiday sales and seasonal celebrations in Belgian Antwerp. Once more, it doesn’t look a lot like Christmas.

      • Omicron in GCC: Gulf nations on alert as COVID-19 variant spreads worldwide

        Cairo: Having seen significant declines in COVID-19 incidences in recent month, Arab Gulf countries have doubled down on their efforts to protect public health amid a global scare over the new highly transmissible Omicron variant. These countries have updated their travel policies to curtail the COVID-19 spread and urged people to receive the booster shots to enhance their immunity.

    • Integrity/Availability

      • 35,000 people try to log on to Singapore immigration website ● The Register

        A website operated by Singapore’s border control agency, Immigration and Checkpoints Authority (ICA), fell over for five hours almost as soon as registrations for overseas travel were offered to expats who had been stuck in the city-state for over 18 months.

        Singapore currently operates "vaccinated travel lanes" (VTLs) that let citizens and permanent residents travel to certain destinations. But residents on other visas must apply to use VTLS. Around 27 per cent of Singapore's population use those visas, many of them citizens of neighboring Indonesia or Malaysia who come to the island nation to work for short periods of time.

      • Proprietary

        • Apple fixes macOS security flaw behind Gatekeeper bypass

          Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems.

        • After deadly 737 Max crashes, damning whistleblower report reveals sidelined engineers, scarcity of expertise, more

          An Aviation Whistleblower report issued Tuesday by a US Senate committee cites numerous oversight gaps within the government and the aviation industry.

          The report [PDF] was produced at the behest of the Senate Committee on Commerce, Science, and Transportation in response to two Boeing 737 MAX crashes in 2018 and 2019 that killed 346 people. It is based on testimony from seven industry whistleblowers from Boeing, GE, and the Federal Aviation Administration (FAA).

          Boeing designed the 737 Max to compete against the Airbus A320neo. In order to achieve comparable fuel efficiency, Boeing basically put new engines on the existing 737 air frame, which allowed the passenger jet to avoid going through a new regulatory approval process.

        • Bluetooth reboot of pre-school play phone has privacy flaw ● The Register

          A Bluetooth phone designed to evoke the carefree days of early childhood has been found to instead threaten the very adult prospect of being surveilled in your home.

          The phone is the Fisher Price Chatter Special Edition, a device that adds Bluetooth and a speaker to the smiling, brightly coloured, wheeled, rotary dial phone on which it's previously been possible to make calls only by using one's imagination.

          The phone also bears the name “60G LTE” – which stands for “60 great years, Let’s Talk Everywhere” and an infomercial for the handset opens with “The past has finally arrived” before lampooning mobile phone ads quite nicely.

          The 2021 version of the device connects to a smartphone and can be used as a speaker phone, or to make calls. Even the rotary dialler works for outbound calls.

        • Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild

          Let's start with Microsoft, which put out a summary of its security updates here. All manner of products are affected, from the Windows kernel to PowerShell to Office to the beleaguered Print Spooler.

        • Of course a Bluetooth-using home COVID test was cracked to fake results ● The Register

          Security vendor F-Secure has faked a COVID test result on a Bluetooth-equipped home COVID Test. Thankfully the vendor’s since fixed the device.

          The firm tested the Ellume COVID-19 Home Test, a device selected specifically because it uses a “Bluetooth connected analyzer for use with an app on your phone.”

          As F-Secure probed the device and its companion app, its researchers spotted an un-exported activity called com.ellumehealth.homecovid.android/com.gsk.itreat.activities.BluetoothDebugActivity Users with root level access to an Android machine can launch that activity to “help interact with the analyzer over Bluetooth”, F-Secure found.

        • Police National Computer not pwned by Clop ransomware crims, insists Home Office

          The Clop ransomware gang pwned a managed service provider with access to the UK's Police National Computer, dumping data on its dark web leaks site – but officials deny that police data was compromised.

          Dacoll, a Scotland-based MSP, was attacked in October by the notorious criminal crew. Reports surfaced in the Mail on Sunday newspaper over the weekend that the criminals had published information from the Police National Computer on their leaks site.

        • The Week in Ransomware - December 24th 2021 - No rest for the weary [Ed: By Microsoft booster Lawrence Abrams]

          Network admins and security researchers are already reporting that BlackCat/ALPHV affiliates continue to attack the enterprise today as we move into the Christmas weekend, so it is vital to keep an eye on your networks and respond quickly to unusual behavior.

        • Pseudo-Open Source

          • Openwashing

            • Kasm Technologies Announces Partnership with VirtualGL Open-Source Project

              Kasm Technologies, the industry leader in streaming containerized cloud workloads to the web browser, today announced a partnership with the open-source project VirtualGL, to sponsor the addition of EGL front-end support to the VirtualGL product. The latest version of VirtualGL supports EGL backend, so with the addition of EGL front-end support, this collaboration allows for multi-tenant use of GPUs for modern applications that don't support the older GLX API.

        • Security

          • Privacy/Surveillance

            • Over 500 Aadhaar Activists, Organisations Slam EC's Proposal to Link Aadhaar with Voter ID | NewsClick

              Over 500 prominent individuals, including former civil servants, journalists, social activists, researchers and students, in a statement, have strongly opposed the Election Commission of India's (ECI) proposal to link voter ID cards )and the "EPIC" database) with Aadhaar, calling it a "dangerous idea which can fundamentally alter the structure of our democracy."

              Other signatories include "electoral reform group, Association for Democratic Reforms, civil rights groups from across the country such as the Peoples’ Union of Civil Liberties, MKSS, Adivasi Women’s Network, Chetna Andolan, and NAPM Jharkhand; and digital rights groups including Rethink Aadhaar, Article 21 Trust, the Internet Freedom Foundation, the Bachao Project, and the Free Software Movement of India."

              As per reports, the government is introducing certain major voting reforms based on the EC's recommendations. According to EC, the proposal to link Aadhaar with Voter IDs is aimed at weeding out duplications. The Elections Laws (Amendment Bill, 2021 that would link electoral rolls to Aadhaar numbers would be introduced in the Lok Sabha on Monday, December 20. The Bill would allow "electoral registration officers to ask for Aadhaar numbers of applicants wanting to register as voters to establish the identity of the applicant."

            • Digital COVID-19 vaccination card now available | News | Jamaica Gleaner

              After missing Monday's deadline for the rollout of digital COVID-19 certificates, the Ministry of Health and Wellness today officially launched Jamaica's digital vaccination card.

              With the introduction of the card, inoculated Jamaicans now have access to an internationally-accepted and convenient way of verifying their vaccination status.

              Across the world, countries have stipulated that visitors must show proof of COVID-19 vaccination as a requirement for entry.

    • AstroTurf/Lobbying/Politics

      • Democrats Say They Are Serious About State Elections. But Are They Too Late? - The New York Times

        Late on Nov. 8, 2016, the mood inside President Barack Obama’s West Wing turned grim. Hillary Clinton was coming up short. The realization was growing that Donald J. Trump would be elected president.

        Suddenly, David M. Simas, Mr. Obama’s political director, pumped his fist and called out, “Yes!”

        A cautious, cerebral lawyer, Mr. Simas was not known for attention-getting exultation. Asked why he was cheering, he deadpanned: “We just won a North Carolina Supreme Court seat.”

    • Censorship/Free Speech

      • China lists 100 topics citizens can't include in online vids ● The Register

        China's Netcasting Services Association has issued a list of 100 topics local netizens must not include in short videos posted online.

        The list, officially the "Online Short Video Content Review Standard Rules (2021)", includes predictable prohibitions on mocking China's leadership, or suggesting that history did not unfurl precisely as the Chinese Communist Party's textbooks describe.

        But the regs also add some new red lines – among them a ban on using clips from TV shows. Clips of shows not permitted to be shown in China are also forbidden.

        So is depiction of unconventional marriages. Sex is out, and so are fig leaves, or fig-leaf sized token garments that almost cover body parts likely to be depicted during sex.

    • Civil Rights/Policing

      • Microsoft, Apple suppliers exposed by anti-slavery law

        “It’s not if they’ve got slavery, it’s when they find it,” said Kitto, the Sydney-based director of Be Slavery Free, a nonprofit organization. “It’s that pervasive, almost every business has a risk of slavery in their supply chains.”

      • Sonai river: A victim of greed

        Sonai river, which flows through Madhabpur upazila in Habiganj, has almost turned into a canal due to illegal occupation and dumped trash. It now acts as a narrow drain carrying hazardous pollutants to the haor area.

    • Internet Policy/Net Neutrality

      • TikTok tops Google to win Cloudflare’s 2021 traffic ratings

        Cloudflare’s explanation for how Radar calculates site popularity says its assessment is “derived from aggregated data from the 1.1.1.1 Public DNS Resolver” and “a range of data that Cloudflare has about global Internet traffic patterns.”

        But just how Cloudflare decides its rankings unknown, while the fact that Radar launched in September 2020 means its assessments for that year were based on less data.

    • Monopolies

      • Nextcloud-led coalition complains to the EU about Microsoft stifling competition

        The cloud storage company, Nextcloud, is leading a coalition against Microsoft in the European Union over what it claims to be anti-competitive behaviour. To back up its claims, it has assembled a coalition of organisations who would also benefit from the action including Tutanota, OnlyOffice, Free Software Foundation Europe, The Document Foundation, European Digital SME Alliance, and many, many more.

        According to the coalition, Microsoft is more deeply integrating its 365 services into Windows, for example, OneDrive and Teams ship by default and pushes people to use them. The coalition believes that actions like this make it impossible for them and other smaller firms to compete so it wants the EU to do something about it. Over the years, Microsoft, Google, and Amazon have grown their European market share to 66% while local providers declined from 26% to 16%.

      • Patents

        • UK consultation on AI in copyright and patent legislation: Dennemeyer [Ed: Copyright and patent litigation firms have become infatuated with meaningless buzzwords that mislead public officials and let them get away with illegal things]

          As artificial intelligence (AI) continues to play an ever-greater role at the forefront of research and development, the legal systems protecting Intellectual Property (IP) are taking a serious look at how they can accommodate this burgeoning technology.

          On October 29, the UK government launched an open consultation to debate how the country's existing IP legislation should be adapted to address the ongoing development of AIs and their use in the inventive process. The consultation will last for 10 weeks, closing on January 7, 2022.

        • Software Patents

          • Dallas Invents: 127 Patents Granted for Week of Nov. 16 [Ed: Dallas Invents bogus courts that exist to serve patent trolls, serve software patents, and even appoint people who worked for patent trolls to actual judge positions in top courts]

            Dallas Invents is a weekly look at U.S. patents granted with a connection to the Dallas-Fort Worth-Arlington metro area. Listings include patents granted to local assignees and/or those with a North Texas inventor. Patent activity can be an indicator of future economic growth, as well as the development of emerging markets and talent attraction. By tracking both inventors and assignees in the region, we aim to provide a broader view of the region’s inventive activity. Listings are organized by Cooperative Patent Classification (CPC).

      • Trademarks

        • Under What Conditions Will The Sale And Transfer Of ".tr" Domain Names Be Possible With The Beginning Of The TRABIS Period? [Ed: At one point Turkey was disposing off these TLDs like water to raise money from a bubble]

          The enforcement of the Internet Domain Names Regulation ("Regulation"), published by the Information Technologies and Communications Authority ("ITCA") in 2010, which regulates the procedures and principles regarding ".tr" domain names, was delayed until the ".tr Network Information System" ("TRABIS") becomes operational. In accordance with the recent announcement, the Nic.tr platform, where the procedures for the allocation of ".tr" domain names have been carried out since 1991 in Turkey, will be shut down and TRABIS will start operating. The Regulation, which will come into force at the beginning of the TRABIS period, clearly stipulates that ".tr" domain names may be subject to the transactions for sale and transfer, which has not been regulated before. You may read our legal alert on Nic.tr's aforementioned announcement here.



Recent Techrights' Posts

Technology: rights or responsibilities? - Part VIII
By Dr. Andy Farnell
GNU/Linux Reaches All-Time High in Europe (at 6%)
many in Europe chose to explore something else, something freedom-respecting
Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 24, 2024
IRC logs for Sunday, November 24, 2024
Gemini Links 25/11/2024: Purity and Cory Doctorow's Ulysses Pact, Smolnet Portal and SGI
Links for the day
Patents Against Energy Sources That Reduce Pollution
this EV space (not just charging) is a patent mine field and it has long been that way
DARPA’s Information Innovation Office, Howard Shrobe, Values Compartmentalisation But Loses the Opportunity to Promote GNU/Linux and BSDs
All in all, he misses an opportunity
Wayland is an Alternative to X
the alternative to X (as in Twitter) isn't social control media but something like IRC
BetaNews, Desperate for Clicks, is Pushing Donald Trump Spam Created by LLMs (Slop)
Big clap to Brian Fagioli for stuffing a "tech" site with Trump spam (not the first time he uses LLMs to do this)
[Meme] Social Control Media Bliss
"My tree is bigger than yours"
Links 24/11/2024: More IMF Bailouts and Net Client Freedom
Links for the day
Gemini Links 24/11/2024: Being a Student and Digital Downsizing
Links for the day
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day